1. Manuals
  2. Brands
  3. Global Technology Associates Manuals
  4. Software
  5. GBWA200501-01
  6. Product manual

Global Technology Associates GBWA200501-01 Product Manual

Software firewall powered by gnat box system software
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
GB-Ware
S
OFTWARE
Firewall
powered by
GNAT Box
System Software
Product Guide
GBWA200501-01

Advertisement

Table of Contents
loading

Summary of Contents for Global Technology Associates GBWA200501-01

  • Page 1 GB-Ware OFTWARE Firewall powered by GNAT Box System Software Product Guide GBWA200501-01...
  • Page 2 Trademarks & Copyrights GNAT Box, GB-Commander and Surf Sentinel are registered trademarks of Global Technology Associates, Incorporated. RoBoX, GB-Ware and Firewall Control Center are trademarks of Global Technology Associates, Incorporated. Global Technology Associates and GTA are registered service marks of Global Technology Associates, Incorporated.

  • Page 3: Table Of Contents

    Table of Contents iii Contents 1 INTRODUCTION ....................1 About GTA Firewalls ..................1 About GB-Ware ....................1 Features ..................... 1 Additional Software Products ..............2 Optional Features ..................2 Additional Options for 10-User Version ........... 2 Software Specifications ................3 Hardware Specifications ................
  • Page 4 GB-Ware Firewall Product Guide Re-configuring Your Computer ..............28 Accessing the Firewall ................28 Configuration Using GBAdmin ..............29 Entering Your Network Information ............30 Re-configuring Your Computer ..............31 Accessing the Firewall ................31 Configuration Using the Serial Console ............31 Configuration Using the Video Console ............

  • Page 5: Introduction

    1 - Introduction 1 1 Introduction About GTA Firewalls Global Technology Associates, Inc. (GTA) has been designing and building Internet firewalls since 1994. In 1996, GTA developed the first truly affordable commercial-grade firewall, the GNAT Box . Since then, ICSA- ®...

  • Page 6: Additional Software Products

    GB-Ware Firewall Product Guide • Dynamic DNS • DNS proxy • Transparent and traditional web proxy with script blocking • DNS server (optional on 10 user version) • DHCP server • Web and GBAdmin user interfaces for remote management • SNMP (read-only) •...

  • Page 7: Software Specifications

    1 - Introduction 3 Software Specifications Specification GB-Ware 10 users GB-Ware unrestricted users Concurrent connec- 1,000 128,000 tions (standard) Concurrent out- Unrestricted bound users (stan- dard) Network interfaces (standard) User authentication Address objects Aliases Pass-through hosts Filters, outbound & remote access objects Traffic shaping objects...

  • Page 8: System Requirements

    GB-Ware Firewall Product Guide configuration with full network speeds on all interfaces. The best possible performance can be obtained by using a Pentium class or higher CPU with PCI network cards. Network performance bottlenecks usually occur at the connection to the Internet when using DSL or T1 class connectivity.

  • Page 9: Optional Components

    1 - Introduction 5 Optional Components • 1-18 additional network cards (if using the Multi-Interface Option) • Async modem (PPP connections or pager only) • ISDN TA with RS-232 interface (PPP connections only) • Cable modem • Serial ports for COM 1-4 (1645x/1655x UARTs only) Note GTA recommends installing only the GB-Ware required or GB-Ware optional components in the system.

  • Page 10: Support

    GB-Ware Firewall Product Guide Modem/ISDN TA Hardware GTA recommends configuring the modem or ISDN TA on another system before installing it on GB-Ware. Most modems allow the storage of a user configuration and the recall of this configuration using a specific command (e.g.

  • Page 11: Upgrades

    1 - Introduction 7 Other avenues for assistance are available through authorized GTA Channel Partners, the GNAT Box Mailing List, or the GTA web site (www.gta.com). Upgrades Once registered, you can view available upgrades in the GTA online support center section of the GTA web site (www.gta.com/support/center/login/). Click on the serial number of your registered product to see if an upgrade is available for that specific unit.

  • Page 12: Hardware Specifications

    GB-Ware Firewall Product Guide Additional Documentation For additional instructions on installation, registration and setup of a GTA product, see applicable Quick Guides, FAQs or technical papers. For optional features, see the appropriate feature guide. Documentation is included on installation CDs, and is available for download from the GTA web site.

  • Page 13: Installation

    2 – Installation 9 2 Installation Registration To get technical support and software updates, you must register your GTA firewall. 1) To register, go to www.gta.com. Click on and then the SUPPORT link to visit https://gta.com/support/center/login/. SUPPORT CENTER 2) If you do not have an online support account, click on the CREATE link and enter your information.

  • Page 14: Installing Gb-Ware On Pc Hardware

    GB-Ware Firewall Product Guide Installing GB-Ware on PC Hardware GB-Ware software must be installed on x86 (Intel-compatible) computer hardware before you can use your firewall. The GB-Ware installation CD will install the firewall software onto your computer hardware. Requirements GB-Ware can be installed either on a bootable Compact Flash disk or hard drive on the intended firewall, or installed onto a Compact Flash disk using a USB reader/writer on a proxy computer, and then later inserted into the intended firewall.

  • Page 15: Setup For Gb-Ware Installation

    2 – Installation 11 Setup for GB-Ware Installation The computer (either the intended firewall or an installation proxy computer) must be modified to boot using a CD-ROM drive. This enables the GNAT Box System Software installation CD to activate and install the GB-Ware firewall software when powering on the PC.
  • Page 16 GB-Ware Firewall Product Guide Caution Installing GB-Ware on a hard drive will erase its contents and replace them with GB-Ware. If you wish to keep the data on a hard drive, do not install GB-Ware on it; instead, install GB-Ware on a different hard drive.

  • Page 17: Selecting A Gb-Ware Runtime

    2 – Installation 13 GNAT Box System Software Licensing Agreement Selecting a GB-Ware Runtime The GNAT Box System Software Runtime Installer screen will appear. If you are upgrading, verify that your configuration has been backed up to another location. Any information currently on the disk will be over-written during the installation.

  • Page 18: Selecting An Installation Disk

    GB-Ware Firewall Product Guide The serial version of the GB-Ware runtime installs factory default settings; a serial or temporary peer Ethernet connection can be used to change these settings. If you prefer to perform initial firewall configuration over the web or with GBAdmin, choose this option. The selection list also includes the Erase Disk function.

  • Page 19: Installing The Runtime

    2 – Installation 15 Note USB pen drives may appear, but should not be selected for installation as they are not IDE-bootable devices. CD-ROM or DVD- ROM drives will not be displayed by the GB-Ware system installation process, as they are not writable discs. Other drives will not display.

  • Page 20: Completing Installation

    GB-Ware Firewall Product Guide Disk Re-formatting Warning It may take several minutes for the runtime to install. A pipe indicator (|) will be animated while the system installs. A message similar to the following will display when the system installation is complete: <runtime number>...
  • Page 21 2 – Installation 17 attach the hardware key block to a prospective GB-Ware firewall and boot the GB-Ware disk.
  • Page 22 GB-Ware Firewall Product Guide...

  • Page 23: Configuration

    3 – Configuration 19 3 Configuration The following sections describe how to change GB-Ware from the default configuration, in which all internal users are allowed outbound connections, but no unsolicited inbound connections are allowed. Use either the web user interface, GBAdmin, the video console, or the serial console to configure the GB-Ware firewall.

  • Page 24: Physically Connecting Your Gb-Ware Firewall

    GB-Ware Firewall Product Guide During installation, you chose the video or the serial console version of the GNAT Box runtime. These methods can be used during setup, or when you have direct physical access to the firewall, or as a failsafe if the network is down and you can no longer administer your firewall remotely.

  • Page 25: Requirements

    3 – Configuration 21 Requirements If using the web user interface, you will need: • 1 crossover Ethernet cable to connect with the computer directly, or 1 straight-through Ethernet cable to connect with the computer through a hub or switch •...
  • Page 26 GB-Ware Firewall Product Guide match the network address scheme. Then you may add the firewall to your network and connect remotely (by web or GBAdmin) through your normal network. 1) Use a crossover Ethernet cable to connect a computer to the fire- wall’s first network interface card.

  • Page 27: Making A Serial Connection

    3 – Configuration 23 Temporary Network Configuration for Connection with Firewall Defaults - Mac OS X 3) Reboot your computer if necessary to put your new network configu- ration into effect. Note Please refer to the GNAT Box System Software User’s Guide for specific information about editing network information.

  • Page 28: Configuring Your Firewall

    GB-Ware Firewall Product Guide Configuring Your Firewall You will need to configure your firewall to match your network scheme before installing it. Requirements If using a web browser, you will need: • an SSL-compatible, frames-enabled web browser • a temporary peer network connection between the firewall and a computer (first configuration only;...

  • Page 29: Configuration Using A Web Browser

    3 – Configuration 25 On Macintosh computers, GTA does not recommend using Microsoft Internet Explorer for Macintosh (Mac IE 5). OpenSSL encryption, used by the firewall, is known to be incompatible with Mac IE 5, and your browser will not allow you to continue past the security alert screen. If you must use Mac IE 5, install the firewall using a compatible browser, GBAdmin or the console and disable SSL before using Mac IE 5.

  • Page 30: Entering Your Network Information

    GB-Ware Firewall Product Guide Entering the Default User ID and Password Caution GTA recommends changing the default user ID and password to prevent unauthorized access. Entering Your Network Information GB-Ware requires entry of the serial number and activation code. Click on Basic Configuration and expand the menu, then select Features.
  • Page 31 3 – Configuration 27 Caution Closing the browser without clicking will cause the entered SAVE data to be lost, and your firewall will remain in default configuration. You will need to re-connect to the firewall and re-enter the network information. 2) Once you have completed the network configuration, apply the changes by clicking .

  • Page 32: Re-Configuring Your Computer

    GB-Ware Firewall Product Guide Using CIDR-based or Slash (/) Notation CIDR (Classless Inter-Domain Routing) aggregates routes so that one IP address represents thousands served by a backbone provider. GNAT Box System Software uses CIDR-based notation as the default for subnet masks, instead of dotted decimal (e.g.

  • Page 33: Configuration Using Gbadmin

    3 – Configuration 29 Caution Failure to change the default password is a serious security weakness. GTA recommends changing the default user ID and password to prevent unauthorized access. Configuration Using GBAdmin If your computer’s operating system is Microsoft Windows, you can choose to configure your firewall by using the GBAdmin software you installed earlier instead of using the web interface.

  • Page 34: Entering Your Network Information

    GB-Ware Firewall Product Guide GBAdmin Network Information Window Entering Your Network Information GB-Ware requires entry of the serial number and activation code. Click on Basic Configuration and expand the menu, then select Features. Enter the serial number and activation code, then click the button then the button.

  • Page 35: Re-Configuring Your Computer

    3 – Configuration 31 Caution Closing GBAdmin without clicking will cause the entered data SAVE to be lost, and your firewall will remain in default configuration. You will need to re-connect to the firewall and re-enter the network information. 2) Once you have completed the Network Information form, apply the changes by clicking .

  • Page 36: Configuration Using The Video Console

    GB-Ware Firewall Product Guide 1) On your computer, open terminal emulator software such as Tera Term or Microsoft HyperTerminal and enter the following settings for a new connection: VT-100 MULATION Computer serial (COM) port connected to the firewall via a DB-9 cable 38400 None ARITY...

  • Page 37: Video Console Navigation

    3 – Configuration 33 2) If you specified the video console version during installation and your hardware was configured correctly, and the system did not encounter any problems, the Setup Wizard should now appear. Video Console Navigation There are three modes on the video console: log messages, the main inter- face and statistics.
  • Page 38 GB-Ware Firewall Product Guide Note If you cancel the Setup Wizard, go to Basic Configuration then Features to enter your serial number and activation code. Next, enter your initial configuration information in Basic Configuration then Network Information. Your firewall will not be functional until these steps are performed, either by hand or Setup Wizard.
  • Page 39 3 – Configuration 35 Run DHCP? 6c. IP Address You will reach this option if you rejected use of dynamic IP address services. Enter the static IP address and subnet mask of the exter- nal network interface. The IP address for the external network interface should be a valid ISP-registered IP address if you will be connecting your firewall to the Internet.
  • Page 40 GB-Ware Firewall Product Guide ment Numbers Authority (IANA) has specified network addresses in RFC 1918 that are designated exclusively for internal networks. IANA Private Network IP Address Rules Quantity of Addresses Network Class IP Address Range Available 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 -...

  • Page 41: Accessing Your Gta Firewall

    3 – Configuration 37 Accessing Your GTA Firewall After completing the initial configuration in the setup wizard, your GTA firewall should be active and functioning in default security mode (all internal users are allowed outgoing connections, and no unsolicited connec- tions are allowed in).
  • Page 42 GB-Ware Firewall Product Guide...

  • Page 43: Troubleshooting

    4 – Troubleshooting 39 4 Troubleshooting Troubleshooting Basics GTA Support recommends the following guidelines as a starting point when troubleshooting network problems: • Start with the simplest case of locally attached hosts. • Use IP addresses, not names. Your problem could be DNS. •...
  • Page 44 GB-Ware Firewall Product Guide • Have you added a static route on the firewall to tell it which router is used to reach the Internet? Have you set the router’s default route to be the firewall? Have you set the default route for hosts on the problem network to be the router or firewall? •...
  • Page 45 4 – Troubleshooting 41 Note Distinguish between crossover cables and straight-through cables by comparing the connection ends. On a straight-through cable, the wire order matches; on a crossover cable, the first three of the four wires are in reverse order. 6a.
  • Page 46 GB-Ware Firewall Product Guide Installation of the USB Key Block 3. Enter the GB-Ware serial number and activation code in the Basic Configuration then Features section of the GB-Ware web interface or wizard. Note If the hardware key block is not recognized once you have booted the system, and the serial number and activation code are both entered correctly, make sure that your firewall’s USB port is active and functional according to your hardware’s BIOS.
  • Page 47 4 – Troubleshooting 43 11. The warning message “Initializing runtime slice 2 failed; No space left on device” is displayed. 1. The Compact Flash card is too small; GTA only supports GTA-certi- fied Compact Flash cards. 2. The Compact Flash card no longer functions correctly; contact GTA or a GTA Channel Partner for hardware warranty.
  • Page 48 GB-Ware Firewall Product Guide 13. How do I revert to my previous configuration after a version upgrade? The firewall’s Compact Flash or hard drive memory is in two sections (“slices”); one contains the current software version plus any saved configu- ration, the other contains the previous software version and configuration.
  • Page 49 4 – Troubleshooting 45 1. If you have more than one CD-ROM drive installed, either discon- nect the additional CD-ROM drives and retry, or verify that the installation CD-ROM drive is detected first in the boot sequence, before other CD-ROM drives in the IDE controller ports. 2.
  • Page 50 GB-Ware Firewall Product Guide...

  • Page 51: Appendix

    4 – Troubleshooting 47 Appendix Installing the Compact Flash Card If you are installing your GB-Ware firewall on a Compact Flash card, use these instructions to install the Compact Flash card for your firewall. The instructions assume that the Compact Flash IDE adapter is being installed in the intended firewall;...

  • Page 52: Assembling The Compact Flash Ide Adapter

    GB-Ware Firewall Product Guide Warning Improper grounding can damage your system or Compact Flash card, and may cause physical injury or death. Never service your GB-Ware system while it is plugged in or powered on! Assembling the Compact Flash IDE Adapter 1) Insert the four white nylon mounting posts into the mounting holes in the adapter board.

  • Page 53: Mounting The Compact Flash Card

    4 – Troubleshooting 49 (Refer to the motherboard’s user guide if you cannot locate the IDE controller ports.) Locating the Primary IDE Controller Port Mounting the Compact Flash Card Mount the adapter board securely inside the firewall’s case; find a place where the components fit easily and securely, and where the IDE cable can easily reach from the adapter board to the primary IDE controller port.

  • Page 54: Connecting The Ide Cable

    GB-Ware Firewall Product Guide Connecting the IDE Cable Insert one end of the IDE cable into the primary IDE controller port with the red-striped side of the cable lined up with pin #1 of the IDE controller port. Insert the other end of the IDE cable into the IDE port of the adapter board with the red-striped side of the IDE cable nearest to the 4-pin power port.

  • Page 55: Merging Configurations Using Gbadmin

    4 – Troubleshooting 51 Note Those upgrading from GNAT Box System Software version 2.x or lower should record all configuration data and use it as a guide to enter new configuration data manually. You may use the web interface to print the configuration or manually record it. 1) Once you have installed GB-Ware on a Compact Flash card or hard drive, power up the GB-Ware firewall.
  • Page 56 GB-Ware Firewall Product Guide 4) GBAdmin will connect to the GB-Ware firewall and prompt you for the user ID and password selected during installation; when suc- cessfully authenticated, GBAdmin will load the GB-Ware configura- tion. 5) Merge the old configuration with the GB-Ware firewall configuration. Click File then Merge.
  • Page 57 4 – Troubleshooting 53 Note If your NIC is not listed, it’s possible that you are upgrading from an older version in which that NIC was supported. Please contact support with any questions. If you are placing the configuration on new hardware with different NICs, you will need to select your cards.
  • Page 58 GB-Ware Firewall Product Guide...

  • Page 59: Index

    Index 55 Index default user ID 36. Desk Pro 45. dial-up connection 5. DSL 34. email address support ii. Symbols EPP 41. 4-pin power port 52. Factory settings 31. activation code 34, 41, 47. feet, adapter board 49. adapter board 49. filter, remote access 40.
  • Page 60 GB-Ware Firewall Product Guide log 43. Serial Console interface 20, 42, 47. Login 26. serial number 34, 41, 47. login 43. slice 44. lost 43. SPP 41. lost 43. straight-through cable 40. lower case 43. switch 40. mailing list 8. T-1, T-3 4.

This manual is also suitable for:

Gb-ware

Table of Contents