Stonesoft StoneGate Security Solution Manuals

Manuals and User Guides for Stonesoft StoneGate Security Solution. We have 1 Stonesoft StoneGate Security Solution manual available for free PDF download: Reference Manual

Stonesoft StoneGate Reference Manual

Stonesoft StoneGate Reference Manual (345 pages)

Firewall/VPN

Brand: Stonesoft | Category: Software | Size: 2 MB

Table of Contents

Table of Contents
3
Table of Contents
7
Hapter
8
Table of Contents
9
Introduction
11
CHAPTER 1 Using Stonegate Documentation

13
- C Hapter
  13
- How to Use this Guide
  14
  - Typographical Conventions
    14
- Documentation Available
  15
  - Product Documentation
    15
  - Support Documentation
    15
  - System Requirements
    16
- Contact Information
  16
  - Licensing Issues
    16
  - Technical Support
    16
  - Your Comments
    16
  - Other Queries
    16
CHAPTER 2 Introduction to Firewalls

17
- Hapter
  17
  - The Role of the Firewall
    18
  - Firewall Technologies
    18
    
    Packet Filtering
    18
    
    Proxy Firewalls
    19
    
    Stateful Inspection
    19
    
    Stonegate Multi-Layer Inspection
    19
    
    C Hapter
    20
  - Additional Firewall Features
    21
    
    Authentication
    21
    
    Deep Packet Inspection and Unified Threat Management
    21
    
    Integration with External Content Inspection
    21
    
    Load Balancing and Traffic Management
    22
    
    Logging and Reporting
    22
    
    Network Address Translation (NAT)
    23
    
    Vpns
    23
  - Firewall Weaknesses
    23
    
    Complexity of Administration
    23
    
    Single Point of Failure
    24
    
    Worms, Viruses, and Targeted Attacks
    24
CHAPTER 3 Introduction to Stonegate 

25
- Firewall/Vpn
  25
CHAPTER 4 Stonegate Firewall/Vpn Deployment

33
- Deployment Overview
  34
  - Supported Platforms
    34
  - General Deployment Guidelines
    34
- Positioning Firewalls
  35
- Positioning Management Center Components
  38
- Interfaces and Routing
  39
CHAPTER 5 Single Firewall Configuration

41
CHAPTER 10 Inspection Rules

99
- Overview to Inspection Rules
  100
- Configuration of Inspection Rules
  101
- Using Inspection Rules
  106
  - Setting Default Options for Several Inspection Rules
    106
- Example of Inspection Rules
  107
  - Eliminating a False Positive
    107
  - C Hapter
    108
- Hapter
  109
- Network Address Translation (NAT) Rules
  109
  - Overview to NAT
    110
    
    Static Source Translation
    110
    
    Dynamic Source Translation
    111
    
    Destination Port Translation
    112
    
    Static Destination Translation
    112
  - Configuration of NAT
    113
    
    Configuration Workflow
    115
    
    Considerations for Designing NAT Rules
    115
    
    Default Elements
    115
    
    Task 1: Define Source, Destination, and Service
    115
    
    Task 2: Define Address Translation
    115
    
    Task 3: Define the Firewall(S) that Apply the Rule
    116
    
    Task 4: Check Other Configurations
    116
  - Using NAT and NAT Rules
    116
    
    NAT and System Communications
    116
    
    Example of a Situation Where a Contact Address Is Needed
    117
    
    Contact Addresses and Locations
    118
    
    Outbound Load Balancing NAT
    118
    
    Protocols and NAT
    119
    
    Proxy ARP and NAT
    119
  - Examples of NAT
    119
    
    Dynamic Source Address Translation
    119
    
    NAT with Hosts in the same Network
    120
    
    Static Address Translation
    120
- Hapter
  123
- Protocol Agents
  123
  - Overview to Protocol Agents
    124
    
    Connection Handling
    124
    
    Protocol Validation
    124
    
    NAT in Application Data
    125
  - Configuration of Protocol Agents
    125
    
    Configuration Workflow
    125
    
    Task 1: Create a Custom Service with a Protocol Agent
    125
    
    Task 2: Set Parameters for the Protocol Agent
    126
    
    Task 3: Insert the Service in Access Rules
    126
  - Using Protocol Agents
    126
    
    FTP Agent
    126
    
    H.323 Agent
    127
    
    HTTP Agents
    127
    
    HTTPS Agent
    127
    
    ICMP Agent
    128
    
    MSRPC Agent
    128
    
    Netbios Agent
    128
    
    Oracle Agent
    128
    
    Remote Shell (RSH) Agent
    128
    
    Services in Firewall Agent
    129
    
    SIP Agent
    129
    
    SMTP Agent
    129
    
    SSH Agent
    129
    
    Sunrpc Agent
    129
    
    TCP Proxy Agent
    130
    
    TFTP Agent
    130
  - Examples of Protocol Agent Use
    130
    
    Preventing Active Mode FTP
    130
    
    Logging Urls Accessed by Internal Users
    131
- Chapter
  133
- Hapter
  147
- HTTPS Inspection
  147
- Web Filtering
  153
- Hapter
  153
  - Overview to Web Filtering
    154
  - Configuration of Web Filtering
    154
    
    Configuration Workflow
    155
    
    Default Elements
    155
    
    Task 1: Prepare the Firewall
    155
    
    Task 2: Create User Response Messages
    155
    
    Task 3: Blacklist/Whitelist Individual Urls
    155
    
    Task 4: Configure Web Filtering Rules in the Policy
    155
  - Examples of Web Filtering
    156
    
    Allowing a Blocked URL
    156
CHAPTER 16 Virus Scanning

157
CHAPTER 18 Situations

169
- Overview to Situations
  170
- Configuration of Situations
  170
  - Situation Contexts
    171
    
    Anti-Virus Contexts
    171
    
    Protocol-Specific Contexts
    171
    
    System Contexts
    171
  - Default Elements
    172
  - Configuration Workflow
    172
    
    Task 1: Create a Situation Element
    172
    
    Task 2: Add a Context for the Situation
    172
    
    Task 3: Associate Tags And/Or Situation Types with the Situation
    173
    
    Task 4: Associate the Situation with a Vulnerability
    173
- Using Situations
  173
- Example of Custom Situations
  174
  - Detecting the Use of Forbidden Software
    174
CHAPTER 19 Blacklisting

175
- Overview to Blacklisting
  176
  - Risks of Blacklisting
    176
  - Whitelisting
    176
- Configuration of Blacklisting
  177
  - Configuration Workflow
    177
    
    Task 1: Define Blacklisting in Access Rules
    178
    
    Task 2: Define Analyzer-To-Firewall or Analyzer-To-Sensor Connections
    178
    
    Task 3: Define Inspection Rules in the IPS Policy
    178
- Using Blacklisting
  178
  - Automatic Blacklisting
    178
  - Monitoring Blacklisting
    179
- Examples of Blacklisting
  179
  - Blacklisting Traffic from a Specific IP Address Manually
    179
  - Automatic Blacklisting with IPS
    179
- Traffic Management
  181
CHAPTER 20 Outbound Traffic Management

183
- Overview to Outbound Traffic Management
  184
- Configuration of Multi-Link
  184
- Using Multi-Link
  187
- Examples of Multi-Link
  189
- Hapter
  191
- Inbound Traffic Management
  191
  - Overview to Server Pool Configuration
    192
  - Configuration of Server Pools
    192
    
    Default Elements
    193
    
    Multi-Link for Server Pools
    193
    
    Configuration Workflow
    194
    
    Task 1: Define Hosts
    194
    
    Task 2: Combine Hosts into a Server Pool Element
    194
    
    Task 3: Configure the External DNS Server
    194
    
    Task 4: Create an Inbound Load Balancing Rule
    194
    
    Task 5: Set up Server Pool Monitoring Agents
    194
  - Using Server Pools
    195
    
    Dynamic DNS (DDNS) Updates
    195
    
    Using Server Pool Monitoring Agents
    195
  - Examples of Server Pools
    197
    
    Load Balancing for Web Servers
    197
    
    Setting up Multi-Link and Dynamic DNS Updates
    198
- Hapter
  199
- Bandwidth Management and Traffic Prioritization
  199
- Virtual Private Networks
  211
CHAPTER 23 Overview to Vpns

213
- Introduction to Vpns
  214
- Ipsec Vpns
  215
  - Tunnels
    215
  - Security Associations (SA)
    215
  - Internet Key Exchange (IKE)
    215
  - Perfect Forward Secrecy (PFS)
    216
  - AH and ESP
    216
  - Authentication
    217
  - Tunnel and Transport Modes
    217
- VPN Topologies
  217
CHAPTER 24 VPN Configuration

221
- Overview to VPN Configuration
  222
- Configuration of Vpns
  222
  - Default Elements
    224
  - Configuration Workflow
    224
    
    Task 1: Define the Gateway Settings
    224
    
    Task 2: Define the Gateway Profile
    224
    
    Task 3: Define the Gateways
    225
    
    Task 4: Define the Sites
    225
    
    Task 5: Create Certificates
    226
    
    Task 6: Define the VPN Profile
    226
    
    Task 7: Define the VPN Element
    226
    
    Task 8: Modify the Firewall Policy
    227
    
    Task 9: Configure VPN Clients and External Gateway Devices
    228
- Using Vpns
  228
  - VPN Logging
    229
  - Using a Dynamic IP Address for a VPN End-Point
    229
  - Using a NAT Address for a VPN End-Point
    229
  - Supported Authentication and Encryption Methods
    230
    
    FIPS Mode
    230
    
    GOST-Compliant Systems
    230
    
    Message Digest Algorithms
    230
    
    Authentication Methods
    231
    
    Encryption Algorithms
    232
  - Using Pre-Shared Key Authentication
    233
  - Using Certificate Authentication
    233
    
    Internal VPN Certificate Authority
    234
    
    Validity of Certificates
    234
    
    External Certificate Authorities
    235
  - Configuring Vpns with External Gateway Devices
    235
  - Clustering and Vpns
    236
  - Multi-Link VPN
    237
- Examples of VPN Configurations
  238
- Appendices
  243
- Command Line Tools
  245
- Ppendix
  245
  - Management Center Commands
    246
  - Engine Commands
    254
  - Server Pool Monitoring Agent Commands
    259
- Default Communication Ports
  261
- Ppendix
  261
  - Management Center Ports
    262
  - Firewall/Vpn Engine Ports
    264
Appendix

269
- Pre-Defined User Aliases
  270
- System Aliases
  270
- Ppendix
  273
- Regular Expression Syntax
  273
  - Syntax for Stonegate Regular Expressions
    274
  - Special Character Sequences
    276
  - Pattern-Matching Modifiers
    277
  - Bit Variable Extensions
    278
  - Variable Expression Evaluation
    280
    
    Stream Operations
    282
    
    Other Expressions
    283
  - System Variables
    284
  - Independent Subexpressions
    285
  - Parallel Matching Groups
    286
- Schema Updates for External LDAP Servers
  287
APPENDIX Fsnmp Traps and Mibs

290
APPENDIX G Multicasting

301
- The General Features of Multicasting
  302
  - Multicasting Vs. Unicasting
    302
  - Multicasting Vs. Broadcasting
    302
- IP Multicasting Overview
  302
  - Multicasting Applications
    303
- Internet Group Management Protocol
  303
  - Membership Messages
    303
- Ethernet Multicasting
  304
- Multicasting and Stonegate
  304
  - Unicast MAC
    305
  - Multicast MAC
    306
  - Multicast MAC with IGMP
    307
- Glossary
  309
- Index
  339

Advertisement

Advertisement

Related Products

Stonesoft Categories

Firewall Network Hardware Server Security System

Storage

More Stonesoft Manuals