1. Manuals
  2. Brands
  3. finjan Manuals
  4. Firewall
  5. Vital Security NG-1000
  6. Installation and setup manual

finjan Vital Security NG-1000 Installation And Setup Manual

Vital security appliance series
Hide thumbs
Table of Contents

Advertisement

Quick Links

Installation
and

Setup Guide

Vital Security
Appliance Series
NG-1000/NG-5000/NG-6000/NG-8000

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Vital Security NG-1000 and is the answer not in the manual?

Questions and answers

Related Manuals for finjan Vital Security NG-1000

Summary of Contents for finjan Vital Security NG-1000

  • Page 1: Setup Guide

    Installation Setup Guide Vital Security Appliance Series ™ NG-1000/NG-5000/NG-6000/NG-8000...
  • Page 2 © Copyright 1996 - 2007. Finjan Inc. and its affiliates and subsidiaries (“Finjan”). All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan.

  • Page 3: Table Of Contents

    2 Finjan Overview ........
  • Page 4 I n s t a l l a t i o n a n d S e t u p G u i d e 5 Advanced Settings ......... . .49 Introduction to Setup Console Advanced Settings .

  • Page 5: About This Manual

    Chapter Description Chapter 1 About this Manual Chapter 2 Overview - An introduction to Finjan's Vital Security Appliance platform, including a brief overview of the Vital Security Appliances NG-1000/NG-5000/NG- 6000/NG-8000. Chapter 3 Getting Started – This section tells you everything you...

  • Page 7: Finjan Overview

    Window-of-Vulnerability™ and providing networks with true day-zero protection. Vital Security - Finjan’s Integrated Security Platform - is a complete and integrated Secure Content Management solution in which individual best-of-breed security applications work together in concert to respond proactively to the changing security threats of both today and tomorrow.
  • Page 8 Gigabit Ethernet NIC NOTE: This document deals with the basic setup of the NG-8000 Appliance. Please contact Finjan’s Support, or IBM for information about more advanced setup of the Blade Center. 1.1.2 Vital Security Appliance Series NG-1000/NG-5000/NG-6000 This appliance is typically deployed to include multiple appliances, each running the Vital Security Operating System (VSOS).
  • Page 9 160GB SATA2 Pentium D 3.4 GHz dual core Flash Card 1024 MB Rack space (1U) 429 x 382 x 44 mm (WxDxH) 16.9 x 15.0 x 1.8 inches (WxDxH) Gigabit Ethernet NIC Built-in LCD display Chapter 2 - Finjan Overview...
  • Page 10 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 2-3: NG-1000 Superformance Appliance The following table contains the hardware specifications for the NG-1000 appliance. Component...
  • Page 11 2 x 72 GB SAS (RAID 1) Intel Xeon dual core x 2.0 GHz Rack space (2U) 445 x 698 x 86 mm (WxDxH) 17.5 x 27.5 x 3.4 inches (WxDxH) Gigabit Ethernet NIC Power Supply Redundant Chapter 2 - Finjan Overview...

  • Page 13: Getting Started

    H A P T E R ETTING TARTED This section contains the following topics: Management Console System Requirements Connecting your Vital Security Appliance (NG-1000/NG-5000/NG-6000) Update Mechanism Defining System Device Roles via the Management Console Connecting your Vital Security Appliance NG-8000 Routing Traffic through the Appliance...

  • Page 14: Connecting Your Vital Security Appliance (Ng-1000/Ng-5000/Ng-6000)

    I n s t a l l a t i o n a n d S e t u p G u i d e 2 Connecting your Vital Security Appliance (NG-1000/NG-5000/ NG-6000) 2.1 Installation For installation details, please refer to Appendix B- Installation CD 2.2 Configuration...
  • Page 15 GE1 GE0 Figure 3-1: NG-6000 Back Panel, Network Interfaces To access the Vital Security Setup Console in NG-1000: Plug in the power cable and switch the appliance on. Connect a PC directly to the appliance’s FE5 port (the left-most port) using a crossover cable, or, using a standard Ethernet cable, connect the appliance’s FE5...
  • Page 16 I n s t a l l a t i o n a n d S e t u p G u i d e Log in to the Vital Security Setup Console using admin as the user name and finjan as the password.
  • Page 17 I n s t a l l a t i o n a n d S e t u p G u i d e An initial setup Web interface working at https://NEW_IP:3012 (when the IP change takes place, you will be disconnected) The next sections detail separately configuration of a Policy Server or All in one, and a Scanning Server.
  • Page 18 I n s t a l l a t i o n a n d S e t u p G u i d e In this procedure, select either the Policy Server or All in One IMPORTANT: In order to change the device role from Scanning Server to Policy Server or All in one device, the administrator must first Restore Factory Settings.
  • Page 19 The Anti Spyware engine identifies spyware sites and block access to those sites If you selected a Subscription license, enter the license key that you received from either Finjan or your reseller, and then click Next. Chapter 3 - Getting Started...
  • Page 20 The License Details are displayed. Click Next. Figure 3-8: License Details The Network Interface Used by Policy/Scanning Server screen is displayed . If you are using an NG-1000 appliance, the Network Interface will look as below. Figure 3-9: Network Interface NG-1000 Chapter 3 - Getting Started...
  • Page 21 I n s t a l l a t i o n a n d S e t u p G u i d e Network Interface for NG-1000 Description SUPERFORMANCE Appliances FE0 (eth0): 100MB - Auto-negotiation Allows communication at a speed of up to 100MB Auto-Negotiation enabled.
  • Page 22 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-10: Network Interface (NG-5000/NG-6000) Network Interfaces for NG-5000 / Description NG-6000 Appliances GE0 (eth0): 1GB - Auto-negotiation Allows communication at a speed of up to 1GB Auto-Negotiation enabled - Recommended!
  • Page 23 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-11: Routing and Gateways Enter the Gateway IP address and static or local routes as required or leave as is to enable the default routing and gateway configuration, and then click Next.
  • Page 24 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-13: Time Settings Ensure that the correct settings have been selected, and then click Next. The Change Password screen is displayed.
  • Page 25 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-15: Apply Changes Click Apply in order to apply all of the changes that have been made. The Setup procedure is complete.
  • Page 26 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-17: Create Host Address Enter the IP Address and Hostname of the PC that will work with Vital Security and click Create.

  • Page 27: Update Mechanism

    Vulnerability protection typically arrives before viruses that exploit the vulnerability are released. Finjan Software is a market leader in malicious mobile code and the Malicious Code Research Center at Finjan employs dedicated experts who work around the clock to identify new Windows vulnerabilities and exploits, enabling real day-zero protection.
  • Page 28 Customers who are using the appliance in an isolated network that is not connected to the Internet, can download any updates from the Finjan update site. These updates can be manually downloaded and saved onto a removable media (e.g. CD) which should then be...

  • Page 29: Defining System Device Roles Via The Management Console

    Policy Server. From the Management Console, you can install the updates using the Import Local Updates option. This feature requires a special license. Please contact your Finjan representative for further details.
  • Page 30 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 3-20: Edit Device IP Dialog Box Enter the required IP address, and from the Device Roles list, select All in One. If you want to configure a Policy Server only, delete the existing device, and then click the Add Device icon.

  • Page 31: Connecting Your Vital Security Appliance Ng-8000

    When you have defined all devices in the system or made any changes, click Apply on the bottom right hand of the screen, and then click Commit Changes. After defining your devices, Finjan recommends that you change the default password. To change the default password: Select the Settings tab on the Main Navigation bar.

  • Page 32: Initial Procedures For The Vital Security Scanning Server

    The Vital Security Set-up Console is a Web-based interface that enables you to configure initial setup parameters associated with the box itself. Log in to the Vital Security Set-up Console using admin as the username and finjan as the password, and then click the Advanced Settings icon.

  • Page 33: Routing Traffic Through The Appliance

    Log in to the Vital Security Set-up Console using admin as the user name and finjan as the password. NOTE: For information on setting up the NG-8000, please contact your Finjan represetative. 6 Routing Traffic through the Appliance You can use any of the following proxy setting alternatives, or configure proxy access to be transparent.

  • Page 34: Transparent Proxy

    I n s t a l l a t i o n a n d S e t u p G u i d e 6.2 Transparent Proxy Vital Security can be deployed as a transparent HTTP proxy, in conjunction with a third-party content switch or a layer-4 router in the network.

  • Page 35: Http Proxies

    I n s t a l l a t i o n a n d S e t u p G u i d e 7.1 HTTP Proxies Vital Security can communicate with any RFC-compliant Web proxy. 7.2 Working with Caching Proxies When a caching proxy is in use, Vital Security can be integrated either upstream or downstream from the cache proxy in the network.

  • Page 36: Http Authentication

    I n s t a l l a t i o n a n d S e t u p G u i d e 7.3 HTTP Authentication Authentication enables the following: Ensures that only requests from bona-fide users are handled/processed. Enables the allocation of different policies to different users and/or groups by matching authentication data to user identifiers in the system.

  • Page 37: Vital Security As An Icap Server

    I n s t a l l a t i o n a n d S e t u p G u i d e 8.2 Vital Security as an ICAP Server When deployed in the ICAP environment, the ICAP client typically provides user credentials and Vital Security does not have to authenticate users.

  • Page 38: Icap Clients

    If you are using ICAP, ensure that the NG Appliance Scanning Server appears on the Access List. 8.4 ICAP Clients There are a number of ICAP Clients that support Vital Security: Network Appliance NetCache Series Blue Coat Proxy SG Series Finjan Vital Security for SSL Chapter 3 - Getting Started...

  • Page 39: Configuring Icap Clients

    H A P T E R ICAP C ONFIGURING LIENTS This chapter describes the configuration of the following ICAP clients: Network Appliance NetCache Series (NetApp) Blue Coat 1 Network Appliance Netcache Series (NetApp) To configure NetApp via the NetApp web interface: Log in to the NetApp Web interface.
  • Page 40 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-1: ICAP Setup - General Open the Service Farms tab. Press the New Service Farm button to create a new ICAP Service. To configure an ICAP Service Farm: To set a REQMOD service, ensure that the following conditions are met: In the Vectoring Point field, select...
  • Page 41 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-2: New ICAP Service Farm Once the services have been configured in the Service Farms, Access Control List rules should be defined to include these services.

  • Page 42: Blue Coat

    With every ICAP settings change, NetApp sends an OPTIONS request to the relevant ICAP Service. Blue Coat Finjan is a certified Blue Coat partner. To configure Blue Coat via Vital Security: In the Vital Security Management Console, select Settings Devices.
  • Page 43 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-4: ICAP Protocol: Blue Coat Configuration In the Weights for ICAP Resource Allocation section, click Add. A drop-down menu is displayed.
  • Page 44 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-5: Blue Caot Main Screen Navigate to the Management Console. Figure 4-6: Blue Coat Management Console Chapter 4 - Configuring ICAP Clients...
  • Page 45 I n s t a l l a t i o n a n d S e t u p G u i d e NOTE: If, at any time during the session, the Java Plug-in Security Warning appears, select Grant this session to continue. To define REQMOD (Request Modification) Service.
  • Page 46 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-8: Edit ICAP Services Chapter 4 - Configuring ICAP Clients...
  • Page 47 I n s t a l l a t i o n a n d S e t u p G u i d e The following table describes the field data to be entered: Field Name Field Data to be entered ICAP Version Select 1.0 from the dropdown list Server Type...
  • Page 48 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-9: Visual Policy Manager Launch Click Launch and the Visual Policy Manager dialog box is displayed. Figure 4-10: Visual Policy Manager Dialog Box From the Main Menu Bar, select Policy Add Web Content Layer, and the Add...
  • Page 49 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-11: Add New Layer Dialog Box Add in the required name and click OK. The Visual Policy Manager is displayed with a new Web Access Layer.
  • Page 50 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-13: Set Action Object Scroll down and select ICAPRequestService1. Click Edit. The Edit ICAP Request Service Object window is displayed. Chapter 4 - Configuring ICAP Clients...
  • Page 51 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 4-14: Edit ICAP Request Service Object Select the Use ICAP Request Service checkbox. From the drop-down list, select the REQMOD you have defined, and click OK. Go back to the Set Action Object dialog box, and click OK.
  • Page 52 I n s t a l l a t i o n a n d S e t u p G u i d e In the Edit ICAP Response Service Object (Figure 4-14), select Use ICAP response service and from the drop-down list, select the RESPMOD service that you have defined, and then click OK.

  • Page 53: Advanced Settings

    H A P T E R DVANCED ETTINGS 1 Introduction to Setup Console Advanced Settings After using the Initial Setup Wizard to configure the appliance, the Advanced Settings can be used to improve and manage the functionality of the appliance. Each appliance will have different configuration needs.
  • Page 54 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-1: Advanced Settings The Advanced Settings screen contains the following options: Appliance Roles: Selecting this option opens a wizard which takes you through the steps for selecting a role and defining a Network Interface to be used as the primary server connection for the appliance.

  • Page 55: Appliance Role

    I n s t a l l a t i o n a n d S e t u p G u i d e Active/Standby Policy Server: This option allows you to switch from the current Active Policy Server to the Standby Policy Server. NOTE: Any configuration changes made to the appliance are valid only for that particular appliance, and not for any other appliance connected to the network.

  • Page 56: Custom Commands

    I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-3: License Type 2.3 Custom Commands Selecting Custom Commands displays the following screen: Figure 5-4: Custom Commands The following sections describe the options available within the Custom Commands screen.
  • Page 57 I n s t a l l a t i o n a n d S e t u p G u i d e 2.3.1 Change SNMP Monitoring Options This will enable an SNMP client to access network and resource utilization information via SNMP.
  • Page 58 I n s t a l l a t i o n a n d S e t u p G u i d e 2.3.2 Change Support Access Option This will allow privileged users, e.g. the Finjan Support Team, to access the appliance to provide support, or run checks or reports on the machine.
  • Page 59 I n s t a l l a t i o n a n d S e t u p G u i d e 2.3.3 Repair Configuration Repository This option checks if the configuration repository is corrupted. If corruption is detected, the repository is then repaired.
  • Page 60 I n s t a l l a t i o n a n d S e t u p G u i d e To change the SNMP Community String: In the SNMP Community String section, enter the new SNMP community string. NOTE: The appliance has a default password so that access to the SNMP protocol is automatically available.

  • Page 61: Time Settings

    I n s t a l l a t i o n a n d S e t u p G u i d e changed successfully. Access to the Management Console through your browser is now through the specified IP address and port: https://10.0.5.1:1234. In the Execute Command window, click Back to return to the Custom Commands window.
  • Page 62 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-14: System Time In the Time Zone section, set the Time Zone to your local time zone. You can set either the Hardware Time or System Time and match one to the other.

  • Page 63: Network Settings

    I n s t a l l a t i o n a n d S e t u p G u i d e Repeat steps 3-4 to set System Time and match the Hardware Time to the System Time, and then click Save.
  • Page 64 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-15: Advanced Network Settings The Advanced Network Settings options are as follows: The Network Interfaces option is used to enable the appliance to communicate with other computers on the network.

  • Page 65: Network Interfaces

    I n s t a l l a t i o n a n d S e t u p G u i d e 2.5.1 Network Interfaces Clicking Network Interfaces in the Advance Network Settings screen, displays the Network Interface screen. In the Network Interfaces screen, the Interfaces Activated at Boot Time list displays the interfaces that are configured permanently on the system.
  • Page 66 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-17: Edit Bootup Interface Enter the IP address, or select From DHCP for it to be dynamically assigned, or if your system supports it, select From BOOTP.
  • Page 67 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-18: Edit Active Interface Configure the Active Interface parameters as follows: IP Address – A unique Internet Protocol address for the given Network Interface. MUST When you change the IP address here, you change it in the Management...
  • Page 68 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-19: Routing and Gateways To configure Routing and Gateways: In Default Router, select Gateway and enter the IP address in the Gateway field. In the Device field, select the required interface from the drop-down menu.
  • Page 69 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-20: DNS Client To configure a DNS Client: In the Hostname field, enter the name of the PC. In Resolution order, from the various options, select the required resolution order.

  • Page 70: Network Diagnostics

    I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-21: Host Addresses To add a Host address: Click on the Add a new host address. The Create Host Address window is displayed.
  • Page 71 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-23: Network Diagnostics The Network Diagnostic options are as follows: The Ping option is used to test whether a particular host is operating properly and is communicating on the network with the testing ged host.
  • Page 72 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-24: Ping In the Hostname field, enter the required hostname. Configure any other relevant parameters, and click Ping It! The Ping report is displayed.
  • Page 73 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-25: Ping Report 2.5.6.2 Traceroute To use Traceroute: In the Network Diagnostics screen, click Traceroute. The Traceroute screen is displayed.
  • Page 74 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-26: Traceroute In the Hostname field, enter the hostname. Configure any other required parameters, and click Trace It! The Traceroute report is displayed.
  • Page 75 I n s t a l l a t i o n a n d S e t u p G u i d e Configure any other required parameters. The Nameserver refers to the DNS Server IP address that you can enter in the text box displayed. If you select the radio button next to Default than whichever DNS servers are defined in the Advanced Settings Network Settings...
  • Page 76 I n s t a l l a t i o n a n d S e t u p G u i d e Figure 5-28: Netstat Chapter 5 - Advanced Settings...

  • Page 77: Change Password

    I n s t a l l a t i o n a n d S e t u p G u i d e 2.5.6.5 Tcpdump To use the Tcpdump option: In the Network Diagnostics screen, click Tcpdump. The Tcpdump screen is displayed.

  • Page 78: Restart Role

    I n s t a l l a t i o n a n d S e t u p G u i d e 2.7 Restart Role To restart the appliance role: In the Advanced Settings screen, click Restart Role to display the Restart Role window.

  • Page 79: Active/Standby Policy Server

    I n s t a l l a t i o n a n d S e t u p G u i d e Click Shutdown System to shut down the system. 2.9 Active/Standby Policy Server This screen displays the Policy Server’s status: Active or Standby. The High Availability feature containing the Active or Standby Policy Servers must be initially enabled from the Management Console in order for this screen to appear.

  • Page 81: A Limited Shell

    P P E N D I X IMITED HELL The Limited Shell feature enables monitoring and viewing the appliance’s configuration via a serial or SSH connection. Configuration changes cannot be made using this feature. An administrator can log in to the Limited Shell from a remote machine using an SSH client or by connecting to the appliance serial or vga port.
  • Page 82 I n s t a l l a t i o n a n d S e t u p G u i d e Command Description name2ip (name2ip name) Resolves hostname to ip netstat Displays network statistics Ping (ping IP/Hostname) Sends ICMP ECHO_REQUEST to network hosts sh_db_size...

  • Page 83: B Installation Cd

    Attach a CD drive, or a bootable USB flash device and USB-keyboard and VGA Monitor, to the appliance. When the Finjan screen appears, type yes to continue with the process. Let the installation run – it will take approximately 10 minutes. The Appliance LCD will indicate that the Vital Security has not been installed yet.
  • Page 84 To install this Release using the Installation CD on NG-8000: Attach a CD drive to the blade. When the Finjan screen appears, type yes to continue with the process. Choose the first scsi disk available. Let the installation run – it will take approximately 20 minutes.

This manual is also suitable for:

Vital security ng-5000Vital security ng-8000Vital security ng-6000

Table of Contents