1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Gateway
  5. 5000 Series
  6. Installation manual

Symantec 5000 Series Installation Manual

Gateway security 5000 series v3.0.1
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Symantec™ Gateway Security 5000
Series v3.0.1

Installation Guide

Supported hardware platforms:
Symantec Gateway Security 5600 Series, Symantec Gateway Security 5400 Series,
and Symantec Clientless VPN Gateway 4400 Series

Advertisement

Table of Contents
loading

Related Manuals for Symantec 5000 Series

Summary of Contents for Symantec 5000 Series

  • Page 1: Installation Guide

    Symantec™ Gateway Security 5000 Series v3.0.1 Installation Guide Supported hardware platforms: Symantec Gateway Security 5600 Series, Symantec Gateway Security 5400 Series, and Symantec Clientless VPN Gateway 4400 Series...

  • Page 2: Technical Support

    Web-accessible Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering as well as Symantec Security Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security alerts.

  • Page 3: Contacting Technical Support

    Recent software configuration changes and/or network changes Customer Service To contact Enterprise Customer Service online, go to www.symantec.com/techsupp, select the appropriate Global Site for your country, then select the enterprise Continue link. Customer Service is available to assist with the following types of issues:...

  • Page 5: Table Of Contents

    Connecting the power cord to models 5640 and 5660 ................23 Connecting an Uninterruptible Power Supply (UPS) ...................23 Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM ...24 Chapter 2 Setting up the appliance and configuring the system Installing and setting up the appliance ........................27...
  • Page 6 Backing up Symantec Gateway Security 5000 Series v3.0 configurations ........45 Backing up Symantec Gateway Security 5000 Series v2.0.1 configurations ........46 Backing up Symantec Clientless VPN Gateway 4400 Series v5.0 configurations and data files ... 46 Manual backups ..............................47 Backing up cluster information ........................
  • Page 7 SYN flood protection settings ..........................64 Network interfaces ............................64 SRL ..................................64 Cron jobs ................................64 RemPass ................................64 Post-upgrade tasks for upgraded Symantec Clientless VPN Gateway 4400 Series v5.0 configurations ..64 Access control ..............................64 SecurID authentication .............................65 Windows NT Domain authentication ......................65 Logging ................................65 Service redirect IP address conflicts ......................65...
  • Page 8 Contents Taking a pro-active stance ........................81 Security policy worksheets ............................81 Defining your organization ..........................81 Collecting hardware information ........................83 Collecting your TCP/IP address ........................84 Defining your allowed TCP/IP services ......................85 Collecting email information for security gateway notifications .............. 86 Defining your Web services ..........................

  • Page 9: Installing The Appliance

    Model 5640 back panel features Model 5660 back panel features Connecting an Uninterruptible Power Supply (UPS) Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM About the Symantec Gateway Security 5000 Series The Symantec™...

  • Page 10: Hard Drives

    See the Getting Started Guide for more information on software features. Hard drives Symantec Gateway Security 5600 Series models with two hard drives installed run Redundant Array of Inexpensive Disks software (RAID). Table 1-1 describes the Symantec Gateway Security 5000 Series hard disk configurations.

  • Page 11: Installing The Symantec Gateway Security 5600 Series Appliance

    Installing the appliance Installing the Symantec Gateway Security 5600 Series appliance You can install the Symantec Gateway Security 5600 Series appliance as a free-standing unit, or as a rack-mounted unit using mounting brackets or slides. When preparing to install your appliance, refer...

  • Page 12: Installing A Slide Rack-Mounted Appliance

    Secure the mounting brackets to the equipment rack. Installing a slide rack-mounted appliance The Symantec Gateway Security 5600 Series has mounting holes on the chassis for use with rack mount slides. The Symantec Gateway Security 5600 Series model 5660 comes with a rack mount slide...

  • Page 13: Front Panel Layout

    The front panel looks the same on all models, except the model 5620 which has a narrower profile. The initial setup of the Symantec Gateway Security 5600 Series takes place at the appliance front panel, where you enter and modify parameters, such as system and network IP addresses.

  • Page 14: Using The Lcd System Menu

    The front panel controls are the same on all models. The front panel controls perform dual functions. These functions depend upon whether the Symantec Gateway Security 5600 Series is in initial setup mode or if you are using the system menu to change setup information. The front panel controls...
  • Page 15 Launch the System Menu when the appliance is in monitoring mode. Also use this button to cancel the current option without completing it. On upgraded Symantec Gateway Security 5400 Series or Symantec Clientless VPN Gateway 4400 Series appliances use the S (Select) button.

  • Page 16: Using The System Menu

    Displays the appliance’s Symantec System ID. The Symantec System ID is required to obtain the appliance’s product license. Press the Enter button to return to the system menu once the Symantec System ID is displayed on the LCD screen. Press either the down button or the right button to move to the next menu item.

  • Page 17: Raid Status Messages

    LCD indicator (stopped). RAID status messages Symantec Gateway Security 5600 Series models with two hard drives installed run Redundant Array of Inexpensive Disks software (RAID). The LCD displays messages about the RAID status of the appliance’s hard drives. RAID software maintains mirrored images on both hard drives to provide uninterrupted operation in the event of disk failure on one of the hard drives.

  • Page 18: Symantec Gateway Security 5600 Series Back Panel Features

    The back panels of the model 5640 and 5660 are different from model 5620 due to the larger size of the appliance and additional Ethernet ports. All models of the Symantec Gateway Security 5600 Series appliances have ethernet ports which can connect to 10/100/1000Base-T network networks. Some of the Symantec Gateway Security 5600 Series Ethernet ports have higher transmission rates than the normal Ethernet ports.

  • Page 19: Connecting Model 5620 To The Network

    Ethernet network connection. Connecting model 5620 to the network The Symantec Gateway Security 5600 Series model 5620 back panel provides a total of six 10/100/ 1000 Base-T network connections. Your network connection requirements are based on your site’s network configuration.

  • Page 20: Turning On The Power For Model 5620

    Model 5640 back panel features This section describes the back panel features of the Symantec Gateway Security 5600 Series for appliance model 5640. The back panels of the model 5640 and 5660 are different from model 5620 due to the larger size of the appliance and additional, gigabit Ethernet ports.

  • Page 21: Model 5660 Back Panel Features

    Model 5660 back panel features This section describes the back panel features of the Symantec Gateway Security 5600 Series for appliance model 5660. The back panel of the model 5660 is different from model 5640 due to the additional slots for Small Formfactor Plugables (SFPs).
  • Page 22 Provides a connection for a terminal emulator to access the appliance’s Linux operating system locally. Only make changes using the serial console port when instructed by Symantec Technical Support. Making changes to the operating system is not supported. Attention indicator Lights solid red if the appliance needs attention.

  • Page 23: Connecting Models 5640 And 5660 To The Network

    The Symantec Gateway Security 5600 Series model 5640 offers eight gigabit Ethernet connections and model 5660 offers six along with four slots for SFPs. See the Symantec Gateway Security 5600 Series Connecting and Configuring for information about configuring the management interface from the appliance front panel LCD.

  • Page 24: Updating Or Restoring The Appliance Firmware With The Symantec Gateway Security 5000 Series Software And Restore Image Version 3.0.1 Cd-Rom

    Installing the appliance Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM The Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM...
  • Page 25 Installing the appliance Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM While pressing and holding down the Enter button on the front panel do the following: Press the power switch on the appliance to turn on the power.
  • Page 26 Installing the appliance Updating or restoring the appliance firmware with the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM...

  • Page 27: Setting Up The Appliance And Configuring The System

    Configuring the appliance with the System Setup Wizard Installing and setting up the appliance The following instructions describe how to install and set up the Symantec Gateway Security 5600 Series appliance for SGMI management from an internal or external network. You can only configure one interface for management from the front panel of the appliance.

  • Page 28: 5640 Back Panel Layout

    Setting up the appliance and configuring the system Installing and setting up the appliance Figure 2-1 5620 back panel layout Table 2-1 Model 5620 back panel description Elements Feature Description Power socket Connection for AC power cord. Master power Turns the appliance on or off. switch Network Accepts a 10/100/1000 Base-T network cable, that allows Ethernet network...
  • Page 29 Setting up the appliance and configuring the system Installing and setting up the appliance Table 2-2 Models 5640 and 5660 back panel description Elements Feature Description Power socket Connection for AC power cord. Network Accepts a 10/100/1000 Base-T network cable, that allows Ethernet interface network connection.
  • Page 30 Setting up the appliance and configuring the system Installing and setting up the appliance Press the Up or Down buttons to select a specific VLAN identification number between 1 - 4094. Press the Enter button. If you do not want to configure a VLAN, do the following: Press the Enter button.

  • Page 31: Shutting Down The Appliance

    If you chose not to configure the SMTP, POP3, HTTP, and FTP traffic options, you must either use the Firewall Rule Wizard or configure them manually from the SGMI Policy > Rules tab. For detailed instructions about how to configure these policies, see the Symantec Gateway Security 5000 Administration Guide.
  • Page 32 For detailed instructions about using the System Setup Wizard after the initial setup see the Symantec Gateway Security 5000 Administration Guide. Note: If you cancel out of this wizard without completing it, your security gateway will not be ready to operate and you will have to run the System Setup Wizard again.
  • Page 33 Setting up the appliance and configuring the system Configuring the appliance with the System Setup Wizard In the License and Warranty Agreement window, read the agreement and then do one of the following: To accept the license and warranty agreement, and to proceed with the System Setup Wizard, click Accept.
  • Page 34 Setting up the appliance and configuring the system Configuring the appliance with the System Setup Wizard For instructions on how to permanently unlock the LCD panel, see the Symantec Gateway Security 5000 Series Administration Guide. 21 To change the administrator password, do the following:...
  • Page 35 Setting up the appliance and configuring the system Configuring the appliance with the System Setup Wizard DHCP Client check To enable DHCP on the outside interface, check DHCP Client. DHCP is only available when eth1 is configured as an outside interface.
  • Page 36 Setting up the appliance and configuring the system Configuring the appliance with the System Setup Wizard Text box Type the domain names of the email sources, separated by commas. Apply antivirus Check to scan SMTP mail for viruses. scanning Apply Antispam Check to filter SMTP mail for spam.

  • Page 37: Running Application Liveupdate During Initial Logon

    LiveUpdate. Once you have completed the Symantec Gateway Security 5600 Series System Setup Wizard the first time, you can access it again from the SGMI Tools menu option and edit any system information.
  • Page 38 Setting up the appliance and configuring the system Configuring the appliance with the System Setup Wizard In the Temporary Files Settings dialog box, click View Applications. In the Java Application Cache Viewer, on the User tab, highlight the application that is identified by the URL that you used to connect to the appliance.

  • Page 39: Upgrading Appliance Software And Migrating Configurations

    Symantec Gateway Security 5000 Series v2.0.1 or Symantec Gateway Security 5000 Series v3.0 appliances while on site, or to do so remotely. If you are on site, the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM lets you upgrade or update the security gateway using a computer connected directly to the appliance.

  • Page 40: Upgrade And Update Methods

    Symantec Gateway Security 5000 Series Software Update Version 3.0.1 CD_ROM You can use this media to upgrade from Symantec Gateway Security 5000 Series v2.0.1, or to update from Symantec Gateway Security 5000 Series v3.0. You can upgrade from Symantec Clientless VPN Gateway 4400 Series v5.0 to Symantec Gateway Security 5000 Series v3.0.1 using the Symantec...

  • Page 41: Upgrade And Update Requirements

    42. Requirements for the local upgrade and update If you plan to upgrade or update on site using the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM, the requirements for the computer running the OS restore program are as follows: An industry-standard computer with a BIOS that lets you boot from a IDE CD-ROM.

  • Page 42: Requirements For Remote Upgrade Or Update

    Refer to the Symantec Technical Support Web site to ensure that you have the latest downloads. Upgrade and update preparation How you plan for the upgrade or update to Symantec Gateway Security 5000 Series v3.0.1 depends on whether you plan to upgrade or update locally using the Symantec Gateway Security 5000 Series Software and Restore Image Version 3.0.1 CD-ROM, or if you want upgrade or update remotely using...

  • Page 43: Planning For Remote Upgrades Or Updates

    To remotely upgrade a security gateway currently running Symantec Gateway Security 5000 Series v2.0.1 to Symantec Gateway Security 5000 Series v3.0.1, you must be able to connect to the security gateway using SRL. To log on to the gateway using SRL, you must supply the shared secret configured...

  • Page 44: Licensing Your Symantec Gateway Security 5000 Series V3.0.1 Software

    Maintenance Agreement. For additional Symantec Gateway Security 5000 Series v3.0 licenses, or to replace any prior version licenses you own that are not covered by an active Maintenance Agreement, contact your local reseller.

  • Page 45: Backing Up Security Gateway Configurations And Data Files

    47. To back up configuration files from the SGMI In the Symantec Gateway Security 5000 Series v3.0 SGMI, on the File menu, click Backup. In the Backup dialog box, in the Password text box, type a backup/restore password. In the Verify password text box, retype the password, and then click OK.

  • Page 46: Backing Up Symantec Gateway Security 5000 Series V2.0.1 Configurations

    To back up Symantec Gateway Security 5000 Series v2.0.1 configurations, you use the Symantec Gateway Security 5000 Series v2.0.1 SGMI to save the configurations to a location off the security gateway, such as the hard drive of the computer you use to access the SGMI. After upgrading the security gateway, you can restore these configurations to the security gateway.

  • Page 47: Manual Backups

    Select the file. Click OK. If you are using the Symantec Clientless VPN Gateway 4400 Series v5.0 internal database (LDAP data file), you must back up and restore the LDAP data file separately. It is not considered part of your clientless VPN gateway configuration.
  • Page 48 /var/lib/sg/backup/zebra/zebra.conf /var/lib/sg/zebra/ospfd.conf /var/lib/sg/management/edit/zebra/ospfd.conf /var/lib/sg/backup/zebra/ospfd.conf /var/lib/sg/zebra/ripd.conf /var/lib/sg/management/edit/zebra/ripd.conf /var/lib/sg/backup/zebra/ripd.conf cman.ora Oracle connection manager FTP from security gateway configuration file. Used to /usr/raptor/oracle_netprxy/network/admin configure SQL traffic. Other Symantec Gateway Security 5000 Series v2.0.1 manually configured information is automatically backed up and restored.

  • Page 49: Backing Up Cluster Information

    Security gateways that are members of a cluster cannot be upgraded or updated to Symantec Gateway Security 5000 Series v3.0.1 while they are members of the cluster. You must remove the security gateway from the cluster before performing the upgrade or update. Before you remove the security gateway from the cluster, you must backup the cluster configuration information.

  • Page 50: Downloading The Upgrade Or Update Files To The Symantec Gateway Security 5000 Series V2.0.1 Or Symantec Gateway Security 5000 Series V3.0 Appliance

    To download the entire kit to the Symantec Gateway Security 5000 Series v2.0.1 or Symantec Gateway Security 5000 Series v3.0 appliance Log on to the Symantec Gateway Security v2.0.1 or Symantec Gateway Security 5000 Series v 3.0 appliance command-line interface as the root user.

  • Page 51: Running The Upgrade Or Update

    Once the kit is completely downloaded to the Symantec Gateway Security 5000 Series v2.0.1, or Symantec Gateway Security 5000 Series v3.0 appliance, you can run the utility. In this procedure, you select one configured interface on the Symantec Gateway Security 5000 Series v2.0.1 or Symantec Gateway Security 5000 Series v3.0 appliance to access the appliance after completing the upgrade or...

  • Page 52: Post-Upgrade Or Update Restoration

    14 When you are prompted to begin by the following message, type Y to began the upgrade, type N to stop. Ready to begin Symantec Gateway Security 5000 Series V 3.0 to V 3.0.1 Upgrade? [Y]es or [N]o: If you typed y, the upgrade or update begins. The appliance starts the process, and then reboots when it is finished.

  • Page 53: Factory Reset

    See“Running the System Setup Wizard” on page 31. Factory reset If you perform a factory reset of the appliance after the upgrade or update, it returns to Symantec Gateway Security 5000 Series v3.0.1. “Using the LCD system menu” on page 14.

  • Page 54: Restoring License Files

    14 When the reboot has completed, log on to the SGMI again. Restoring license files After you upgrade or update to Symantec Gateway Security 5000 Series v3.0.1, you must restore the license files. The license files must be present on your management computer.

  • Page 55: About Symantec Gateway Security 5000 Series V2.0.1 Upgrade Reports

    Support messages are only included in the detail upgrade report. Both reports are available in the Symantec Gateway Security 5000 Series v3.0.1 SGMI, and as an HTML file which you can retrieve from the appliance using FTP or SSH. You have access to these reports until the next upgrade, or until you do a factory reset or OS restore.

  • Page 56: Authentication Methods

    Authentication sequences are also replaced by authentication schemes in Symantec Gateway Security 5000 Series v3.0.1. An authentication sequence is a specific type of authentication method in Symantec Gateway Security 5000 Series v2.0.1. An authentication sequence combines any number of other authentication methods.

  • Page 57: Bellcore S/Key Authentication

    5000 Series v3.0.1 Administration Guide. Bellcore S/Key authentication S/Key authentication methods in Symantec Gateway Security 5000 Series v2.0.1 are replaced by new internal authentication in Symantec Gateway Security 5000 Series v3.0.1. The upgrade report states that users are migrated from Bellcore S/Key to the new internal authentication.

  • Page 58: Securid Authentication

    If you use SecurID authentication with Symantec Gateway Security 5000 Series v2.0.1, you must replace the SecurID node secret in Symantec Gateway Security 5000 Series v3.0.1. The first time the security gateway contacts the SecurID server, the server responds with a hashed client authentication file named SecurID.

  • Page 59: Content Security

    The second message is inserted into a file that replaces the one containing the virus. In Symantec Gateway Security 5000 Series v2.0.1, if you did not want to include either message, you could replace all text in the message field with space characters.

  • Page 60: Antivirus X-Virus Header

    After upgrading, verify that the new response actions are appropriate. Antispam mail sender (bad senders list) In Symantec Gateway Security 5000 Series v2.0.1, the mail sender line pattern matching configured in the SMTP proxy uses a regular expression. Symantec Gateway Security 5000 Series v3.0.1 uses wildcard expressions.
  • Page 61 Upgrading appliance software and migrating configurations Post-upgrade tasks for upgraded Symantec Gateway Security 5000 Series v2.0.1 configurations Table 3-4 Content filtering categories (Continued) Symantec Gateway Symantec Gateway Description Security 5000 Series Security 5000 Series v2.0.1 categories v3.0.1 categories Drugs Drugs/Non-medical Sites that provide information on growth, distribution, and advocacy of drugs for nonmedical use (typically mood-altering).

  • Page 62: Url Whitelist/Blacklist

    URL whitelist/blacklist In Symantec Gateway Security 5000 Series v2.0.1, you can configure the URL whitelist to act as a blacklist through an advanced option, httpd.urlblacklist. If you use this advanced option, upgrading sets the Allow/Deny URL list setting based on the option’s value:...

  • Page 63: Mime Types Whitelist/Blacklist

    Post-upgrade tasks for upgraded Symantec Gateway Security 5000 Series v2.0.1 configurations MIME types whitelist/blacklist In Symantec Gateway Security 5000 Series v2.0.1, you can configure the MIME types blacklist to act as a whitelist through an advanced option, httpd.mimeblacklist. If you use this advanced option, then upgrading sets the Allow/Deny MIME types list setting based on the option’s value:...

  • Page 64: Syn Flood Protection Settings

    For information about SSH, see the Symantec Gateway Security 5000 Series v3.0 Administration Guide. Cron jobs If you have set up cron jobs on Symantec Gateway Security 5000 Series v2.0.1 to automatically back up log files periodically, you must reconfigure these cron jobs manually after the upgrade is complete.

  • Page 65: Securid Authentication

    Active Directory. Logging To retain Symantec Clientless VPN Gateway 4400 Series v5.0 log files, you must back them up before you upgrade. The Symantec Gateway Security 5000 Series v3.0.1 log viewer does not show logs from previous product versions. To view Symantec Clientless VPN Gateway 4400 Series v5.0 log files, you must either maintain a Symantec Clientless VPN Gateway 4400 Series v5.0 appliance to use the log...

  • Page 66: Network Interfaces

    Symantec Gateway Security 5000 Series v3.0.1 reserves some object names. If a Symantec Clientless VPN Gateway 4400 Series v5.0 object is named with a Symantec Gateway Security 5000 Series v3.0.1 reserved name, then SCVG_ is prepended to the name. For example, RADIUS is converted to SCVG_RADIUS.
  • Page 67 Upgrading appliance software and migrating configurations Post-upgrade tasks for upgraded Symantec Clientless VPN Gateway 4400 Series v5.0 configurations Table 3-5 Reserved object names (Continued) Object Reserved name auth server pamproxy (case-insensitive) auth server sequence (case-insensitive) auth sequence / scheme dynamic (case-insensitive)

  • Page 68: Migrating Configurations From Symantec Enterprise Firewall

    When you migrate a Symantec Enterprise Firewall v8.0 configuration to Symantec Gateway Security 5000 Series v3.0.1, after the migration you should make adjustments to your rules if you changed interface names or IP addresses.

  • Page 69: Backing Up Symantec Enterprise Firewall V8.0 Configurations

    To assign network interfaces Set up the new Symantec Gateway Security 5000 Series v3.0.1 appliance, and then run the System Setup Wizard. Do not select the restore option in the System Setup Wizard.
  • Page 70 Ensure the mapped interfaces are correct, so you can log on to your appliance with the SGMI after it reboots. To migrate Symantec Enterprise Firewall v8.0 configuration files In the Symantec Gateway Security 5000 Series v3.0.1 SGMI, on the File menu, click Restore. In the Restore Wizard panel, click Standalone gateway. Click Next.

  • Page 71: Obtaining And Installing Licenses

    Getting started with your 30-day grace period All features included with Symantec Gateway Security 5000 Series are enabled for a 30-day grace period to give you time to obtain and install the necessary license files. The 30-day grace period begins when you initially install and startup the appliance.

  • Page 72: Preparing To Obtain License Files

    Complete the license file organization worksheet Gather your serial number certificates The first step in the process is to gather all your serial number certificates. Symantec provides evidence of your purchase using a serial number certificate. Check with your sales representative to understand how your certificates are sent.

  • Page 73: Collect Product And Contact Information

    The license file will only activate the product’s features on the machine with the same Symantec System ID provided during registration. Note: The Symantec System ID is case sensitive. All letters in the Symantec System ID must be capitalized.

  • Page 74: Appliance Serial Number

    Preparing to obtain license files Obtaining the Symantec System ID You can obtain the Symantec System ID from the system menu on the LCD screen of the appliance or from the SGMI. To obtain the Symantec System ID from the appliance’s LCD On the front panel of the appliance, press the Enter button to select the LCD system menu.
  • Page 75 First contact name: Certificate number: Email: Appliance serial number: Phone: Symantec System ID number: FAX: Email licenses to: Second contact name: Your company name: Email: Phone: FAX: Symantec Gateway Security 5000 Series products Part code: Product description: License serial number:...

  • Page 76: Obtaining License Files

    When your license files are emailed to you, the subject line of the email shows the serial number used to request the license file. The message in the email shows the Symantec System ID of the appliance to which the license belongs. You should create a separate folder for each appliance, in an accessible location on your network, with the folder name based on the Symantec System ID of the appliance.

  • Page 77: Installing License Files

    If there were no errors found, click Next. If there were errors found, you must click Close. Please call Symantec Technical Support for assistance. On the Confirm License Installation panel, verify that all of the features and node limits you want are uploaded, and to install them on the appliance, click Next.

  • Page 78: Viewing Licensed Features

    Obtaining and installing licenses Viewing licensed features On the License Installation Complete panel, click Close. 10 Reboot the appliance for licenses to take affect. Viewing licensed features You can view the installed licensed features or the 30-day grace period status of your appliance using the SGMI System >...

  • Page 79: Appendix A Developing A Security Plan

    Networking and applications software Information in files and databases The firewall component of Symantec Gateway Security 5000 Series is the main tool for enforcing access security gateway access, allowing you to define a set of rules that allow or deny access to specific resources throughout your network.

  • Page 80: Becoming Security-Conscious

    Developing a security plan Educating users What external users will have access to your network? Where will they come from and where do you want to allow them to go? During what hours? For what period of time? Do you intend to implement a service network? Do you intend to implement a de-militarized zone (DMZ)? What types of services do you want to allow for external users and hosts? What type of authentication will you require for external users? (Strong authentication is...

  • Page 81: Taking A Pro-Active Stance

    Developing a security plan Security policy worksheets For instance, if you plan to limit Web services to a single server during specific hours, let this be known to the affected groups and users. If you plan to pass all email through a dedicated server, or if external users will be disallowed from accessing certain systems by Telnet, consider passing these changes along before implementation.
  • Page 82 Developing a security plan Security policy worksheets Name of the primary administrator: ____________________________________ Table A-1 to list all persons involved in administering the system. Table A-1 Administrator names Name Email Phone Mobile phone ______________________ ______________________ ______________________ ______________________ ______________________ ______________________ ______________________ ______________________ ______________________ ______________________...

  • Page 83: Collecting Hardware Information

    Developing a security plan Security policy worksheets 15 Do you have other Symantec security gateways on your network now? _____ Yes _____ No 16 If Yes, what version? ________________________________ 17 Do you plan to combine security gateways in clusters for high availability and load balancing?

  • Page 84: Collecting Your Tcp/Ip Address

    Developing a security plan Security policy worksheets Will you be using Symantec Client VPN? _____ Yes _____ No Collecting your TCP/IP address It is important to think about the TCP/IP requirements for your site. This includes information about running Domain Name Services (DNS), types and names of domains on your network, and making a list of protocols used that need to pass through your security gateway.

  • Page 85: Defining Your Allowed Tcp/Ip Services

    Developing a security plan Security policy worksheets Do you use DHCP to dynamically obtain network addresses? _____ Yes _____ No 10 List the address ranges you currently use in your network. ____________________________________________________________ ____________________________________________________________ 11 List the protocols you use in your network. ____________________________________________________________ ____________________________________________________________ 12 Will you be using network news services (NNTP)?

  • Page 86: Collecting Email Information For Security Gateway Notifications

    Developing a security plan Security policy worksheets Table A-3 TCP/IP services (Continued) Group Authentication Access times ______________________ __ _ _ _________________ _______________________ _______________________ ______________________ _______________________ _______________________ _______________________ ______________________ _______________________ _______________________ _______________________ ______________________ _______________________ _______________________ _______________________ Telnet ______________________ _______________________ _______________________ _______________________ ______________________ _______________________ _______________________...

  • Page 87: Defining Your Web Services

    Developing a security plan Security policy worksheets If yes, list its name and IP address. _____ Mail relay host: ________________ _____ IP address: ______________________ List any mail programs that you use internal to your network (for example, Microsoft Outlook): ___________________________________________________________________ Defining your Web services Use the following section to define information about your Web services.

  • Page 88: Access Lists

    Developing a security plan Security policy worksheets Table A-4 Special services names (Continued) Service name Service port Service type Server name number (UDP/TCP) _______________________ _______________________ _______________________ _______________________ _______________________ _______________________ _______________________ _______________________ _______________________ _______________________ Access lists Table A-5 to list those entities and users to which you plan to write rules to allow access through the security gateway.

  • Page 89: Defining Your Network Architecture

    Developing a security plan Security policy worksheets Table A-6 User identification (Continued) User name Group name Client VPN Clientless VPN _______________________ _______________________ _____________ __________ _______________________ _______________________ _____________ __________ _______________________ _______________________ _____________ __________ Do you want the security gateway to keep a record of user passwords for protected resources (single sign-on)? _____ Yes _____ No...
  • Page 90 Developing a security plan Security policy worksheets If your network includes VLANs, use Table A-9 to list the IP addresses to which they are routed. Table A-9 Security gateway host internal and external IP addresses VLAN IP address ______________________ ______________________ ______________________ ______________________ ______________________...
  • Page 91 76 System Setup Wizard 32 removing 77, 78 configuration files uploading 77 backing up from Symantec Gateway Security v3.0 45 viewing 78 connecting license serial number model 5620 to network 19 obtaining 72 model 5620 uninteruptible power supply (UPS) 20...
  • Page 92 87 temp 14 traffic 14 transmit 14 Web activity 14 obtaining, license file 16 Symantec Clientless VPN Gateway v5.0, upgrading to Symantec of 84 Gateway Security v3.0.1 40 Symantec System ID 73 Syn flood protection 64 system information 16...

Table of Contents