4.7. Going Further with cOS Core
After initial setup is complete, the administrator is ready to go further with configuring cOS Core
to suit the requirements of a particular networking scenario. All E20 resources can be
downloaded from the E20 product page which can be found at http://www.clavister.com/start.
The primary reference documentation consists of:
•
The cOS Core Administrators Guide
•
The cOS Core CLI Reference Guide
•
The cOS Core Log Reference Guide
•
The cOS Core Application Control Signatures
The cOS Core Administrators Guide
This guide is a comprehensive description of all cOS Core features and includes a detailed table
of contents with a comprehensive index to quickly locate particular topics.
Examples of the setup for various scenarios are included but screenshots are kept to a minimum
since the user has a variety of management interfaces to choose from.
Basic cOS Core Objects and Rules
As a minimum, the new administrator should become familiar with the cOS Core
Address Book
for
defining IP address objects and with the cOS Core
IP rule set
for defining
IP Rule
objects which
allow or block different traffic and which can also be used to set up NAT address translation.
IP rules identify the targeted traffic using combinations of the source/destination
interface/network combined with protocol type. By default, no IP rules are defined so all traffic is
dropped. At least one IP rule needs to be defined before traffic can traverse the Clavister Security
Gateway.
An alternative to
IP Rule
objects is to use
IP Policy
objects. These have essentially the same
function but simplify the setting up of address translation and the use of important functions
such as application control, virus scanning and web content filtering.
In addition to rules,
Route
objects need to be defined in a
Routing Table
so that traffic can be sent
on the correct interface to reach its final destination. Traffic will need both a relevant rule and
route to exist in order for it to traverse the security gateway.
ALGs
Once the address book and IP rules are understood, the various ALGs will probably be relevant
for managing higher level protocols such as HTTP. For example, for management of web
browsing, the HTTP ALG provides a number of important features such as content filtering. Using
IP Policy
objects can remove the need to use ALGs as separate objects.
VPN Setup
A common requirement is to quickly setup VPN networks based on Clavister Security Gateways.
The
cOS Core Administration Guide
includes an extensive VPN section and as part of this, a
VPN
Quick Start
section which goes through a checklist of setup steps for nearly all types of VPN
scenarios.
Chapter 4: cOS Core Configuration
65