manualshive.com logo in svg

Mako 7550-E, Product Handbook, Page: 36 / 70

Share
Download
Mako 7550-E Product Handbook Download Page 36

Once your Mako to Mako VPN is in place, with Mako VPN Firewall controls you can control 

the flow of traffic from one securely connected remote network to another.

Considerations

If you plan to change the default security setting of your firewall there are some things it is 

useful to be clear about in preparation for the changes:

Whether you are changing Inbound or Outbound firewall rules.

Associated with this is whether you are Denying or Allowing access.

The Service you wish to change access permissions for.  A Service, such as email or 

web browsing, is defined as a specific Protocol, such as SMTP for email, or HTTP for 

unsecured web browsing.  Each Protocol is uniquely distinguished on the Internet by 

assigning it a Port number.  (e.g. SMTP is Port 25, HTTP is Port 80.)  Port numbers in 

the range 0 to 1024 are assigned under international standard, while those above 

1024 (up to 65,535) can be assigned by the Protocol publisher and are known as 

‘ephemeral’ ports.

The IP address(es) of the Internet hosts.  In some cases you may wish to change 

access for all Internet based hosts rather than specifying individual hosts.

The IP address(es) of the local PCs.  Where particular local machines are to have 

their Internet access re-defined, it is necessary to ensure that each ones IP address 

is constant, or static.  Please refer to the DHCP section for details of this procedure.  

This is not necessary when you are changing access for all PCs on your local 

network.

NB: Changes made can take up to two minutes to apply to your Mako.  If you want a change 

to apply immediately, click on the Perform Refresh button at the bottom of the Firewall pages.

Mako Networks Mako 7550-E Product Handbook v.1.1

Page 36

Summary of Contents for 7550-E

Page 1: ...Mako Networks Mako 7550 E Product Handbook v 1 1 Mako Networks Mako 7550 E Product Handbook v 1 1 Page 1...

Page 2: ...out prior written permission from Mako Networks Limited This document should be read in conjunction with the Mako Networks Limited Terms and Conditions available from the Mako Networks website http ww...

Page 3: ...nce Information 26 Configure 27 Configure Internet 27 Configure Network 31 Configure Firewall 35 Configure VPN 46 Configure Services 55 Configure Location 58 Configure Access 59 Management Home 60 Man...

Page 4: ...f the product outside the Operating Specifications of the product d Limitation of Remedy In the event a MAKO NETWORKS LTD product fails to perform as warranted MAKO NETWORKS LTD sole and exclusive lia...

Page 5: ...pe of firewall provides true enterprise level protection Working with the Mako Networks Central Management System you have full control over all traffic entering and leaving your networks Four Network...

Page 6: ...te automatically The Mako Networks Central Management System looks after all software updates security patches and system updates for you You can be assured that your Mako 7550 E will continue to be c...

Page 7: ...t WAN Port 2 Power Socket 3 Power Switch Mako 7550 E Front Panel KEY 1 LCD Screen 2 LCD Keypad 3 Diagnostic Port authorised use only 4 USB Ports 5 LAN 1 Port 6 LAN 2 Port 7 LAN 3 Port 8 LAN 4 Port Con...

Page 8: ...ders have a variety of procedures for approving customer premises equipment for connection to their network The connection interface in the Mako has been developed to connect to the majority of networ...

Page 9: ...ing a web browser on one of your office computers and accessing two or three web sites For example a news web site e g www cnn com or a search engine e g www google com If you are having difficulties...

Page 10: ...PN Remote Access Considerations The Mako Networks web site has been tested against several versions of the popular browser software products It is likely that different browser products versions and s...

Page 11: ...ome Screen This document will cover Adding a New User in the Management section For now click on View my Makos or click on the Selection menu to go to the Selection screen Alternatively you can click...

Page 12: ...l be shown as in the example depicted above for the Head Office Mako First select which of your devices you wish to work with Click on the radio button next to the device you wish to choose in the cen...

Page 13: ...ick Information Snapshot There is an information I symbol near the top right of the page which gives you a snapshot of information about your selected Mako Information Quick Selection buttons Selectio...

Page 14: ...o able to check on the status of your Mako appliance Mako Usage This section allows you to obtain a selection of reports from the chosen device The options available are shown in the example screen be...

Page 15: ...hree horizontal threshold limit lines can be displayed The first shows the Traffic Warning Threshold value where you and your reseller will be emailed on the limit being reached A second line shows th...

Page 16: ...t Billing Cycle PC Usage The PC Usage Reports focus on the composition of your traffic volume The entry screen to this section is shown below Reports PC Usage Mako Networks Mako 7550 E Product Handboo...

Page 17: ...eport a small pop up window will be displayed Enter the desired name in the box next to Machine Name and click on Update to save the name Where PCs have been assigned static IP addresses via the Mako...

Page 18: ...shown Clicking on edit will pop up the small window shown which allows the name to be updated Clicking on the device name itself produces a new report shown below This report breaks down the total tr...

Page 19: ...ic The reports incorporate hyperlinks to the Destination IP address a convenient way to check on the type of downloaded information by simply opening a window at the web site Detailed data on the amou...

Page 20: ...shown by each of the services available under Identification If you click on a service the pop up window shows the PCs which contributed to that service s traffic volume Remote Access Remote access r...

Page 21: ...an Usage Mako Guardian Usage is only visible if you subscribe to the Mako Guardian service The Mako Guardian Usage reports display traffic volume by website visited Mako Guardian Usage Screen By click...

Page 22: ...Allowed column shows if any aspects of the site were blocked for inappropriate content in this example no blocks have been made on any of the visible sites Mako Guardian Usage Report By clicking on o...

Page 23: ...S lets you analyse what type of traffic is being blocked from entering your network where is is coming from and how dangerous it is Blocked Intrusions for today This report shows how many drops the Fi...

Page 24: ...the day so far Below the pie chart the services are listed in order of most dropped to least Some of the services have a number of skull and crossbones icons indicating the Exploit Rating of the servi...

Page 25: ...his report shows where the intrusions that were blocked came from You can click on areas of most of the IDS report graphs and charts to drill down to find further information Mako Networks Mako 7550 E...

Page 26: ...way to access your Mako MailGuard console If you do not subscribe to this service then this tab will not appear on your screen Instructions on how to use the Mako MailGuard console appears in separat...

Page 27: ...ako device care should be taken to ensure that configuration changes do not compromise your office network security or its access to the Internet Configure Internet Internet This screen allows you to...

Page 28: ...e your ISP Connection Plan does not impose a traffic charging threshold Your Mako appliance automatically detects computers on your network that are infected with worms and stops them from accessing t...

Page 29: ...em from accessing the Internet You can set how aggressive this detection is from this page Similarly your Mako will detect unwanted portscan attempts and block the source IP Address for a ten minute p...

Page 30: ...more than one The information on this screen will be set by your reseller and in most cases will never need to be changed If your ISP does not provide you with multiple IP Addresses this screen will...

Page 31: ...ton should be clicked You can specify a pool of IP Addresses that will be issued by the Makos DHCP Server You have the option of specifying a WINS server if this is required You may also specify any i...

Page 32: ...IP address on your network You may also change the Subnet Mask address The configuration is the same as for LAN 1 with the exception of being able to turn off Network Address Translation NAT if you ha...

Page 33: ...s are known as NICs Each NIC has a unique permanent MAC address By associating the IP address with the MAC address we ensure that DHCP Leases for these machines are pre defined The Mako will always is...

Page 34: ...portant that any alteration of the information recorded on this screen is done with care as your communications with the Internet may be disabled if an error is made You may enter routes to other netw...

Page 35: ...software Outbound This relates to the firewall rules which permit communications to be initiated from computers in your office network to remote host systems on the Internet It is sensible to appreci...

Page 36: ...s Port 25 HTTP is Port 80 Port numbers in the range 0 to 1024 are assigned under international standard while those above 1024 up to 65 535 can be assigned by the Protocol publisher and are known as e...

Page 37: ...ough the firewall A Pinhole is an access path which is as restricted as possible In this case it specifies the mail server as the sole target and the email protocol as the sole communications protocol...

Page 38: ...h a space to enter reminder details about the rule pinhole Considerations The Internal IP Address has to be static that is not able to be re assigned by DHCP Please refer to the previous section for d...

Page 39: ...he Source or External IP address the Destination or Internal IP address the External Service and the Internal Service Thus it is possible to specify the Internet address of the machine which is initia...

Page 40: ...y specify a public IP address that the inbound pinhole refers to This is useful if you want to have multiple pinholes to the same port on different internal PCs You may specify to log debugging inform...

Page 41: ...through the firewall There is also the option of Denying all traffic not expressly allowed This is a convenient way to set up your rule structure as it means that once the box is checked only require...

Page 42: ...e review the discussion at the beginning of the Firewall section for background information on the issues involved Firewall Advanced Outbound The screen shows an example of rules set up to prevent unw...

Page 43: ...raffic between your four Mako 7550 protected networks It is not normally recommended to change from the default settings as you could reduce the security provided by separating the networks Firewall B...

Page 44: ...Intranet Advanced As with Outbound Security the Advanced screen permits more complex permissions to be set up Firewall Advanced Intranet Mako Networks Mako 7550 E Product Handbook v 1 1 Page 44...

Page 45: ...trol of the traffic uses a similar interface to inbound and outbound firewall controls First you must select your Mako to Mako VPN from the drop down list of Available VPNs Once you select which VPN y...

Page 46: ...the VPN link If either Mako is a 6086 or 7550 type Mako select which protected network you want to link 2 Now decide access rights over the VPN link You can choose between three visibility options Ei...

Page 47: ...used at each network The significant element is the highlighted 192 168 1 and 192 168 3 these must be different at the two ends of the VPN link Please contact your Reseller if you have any questions r...

Page 48: ...o will receive an email with a special key inviting them to accept your invitation and create a Mako to Mako VPN with your Mako If you like you can add comments that will be added to the email By defa...

Page 49: ...key and click continue If the Require Reconfirmation box was checked by the invitation initiator then the initiator will need to complete this process If the Require Reconfirmation box was unchecked t...

Page 50: ...lic IP Addresses in order that the VPN be kept alive for any length of time To configure the Mako to be able to connect to a third party device click on the Add Third Party Device sub menu Add Third P...

Page 51: ...nk Then click Add The Mako will then be awaiting the third party device to form the connection Third Party VPN Established You can modify any of the settings of an established Third Party VPN by click...

Page 52: ...eir network access enabled and disabled as appropriate For best security it is highly desirable that they are permitted access only while they need to use the office network at other times their acces...

Page 53: ...N Add User As each user is recorded click on Add to save the information Usernames will automatically have the vpn extension appended to identify then as a VPN user and not an administration user Once...

Page 54: ...TP access to one LAN You then must set a range of LAN IP Addresses that will be issued to PPTP VPN users when they connect to the Mako and have the option of issuing an internal DNS Server and WINS Se...

Page 55: ...cify minimum outbound bandwidth allocations QoS can be used to improve the quality of such services as Voice over IP traffic by ensuring there is always bandwidth reserved for it On the Internet QoS i...

Page 56: ...with no more than 2 other services to ensure the bandwidth for the bin is not shared between too many services All the services in a Bin share that Bins allocation of bandwidth The services are guara...

Page 57: ...unt with either of our two support Dynamic DNS providers they will give you a domain name The Mako will then update the provider with its current public IP address so the domain name references the co...

Page 58: ...s of your Mako device Mako Information This screen allows you to review or update information relating to the physical location of your Mako Location By clicking the edit button you can add additional...

Page 59: ...nfigure Access From this screen you can view which users have access to this Mako You can change access rights to Resticted Users Access Control Mako Networks Mako 7550 E Product Handbook v 1 1 Page 5...

Page 60: ...he top right of the screen under the Shark logo Company and User selection Management Company In this area you can administer your Company ies information Add User This button links you through to the...

Page 61: ...When creating or modifying Users you can grant permissions that are equal to or less than your own rights Search This is the default screen when you click on the User tab It lists all the Users for yo...

Page 62: ...ll be able to click on the Manage User submenu depending upon which browser you are using Manage User From the Manage User screen you can view the contact information for the User and edit it by click...

Page 63: ...Edit User Once you have edited the Users details click save and the main page will refresh to reflect your newly entered details Mako Networks Mako 7550 E Product Handbook v 1 1 Page 63...

Page 64: ...able him to configure Makos The Control over section allows you to either have contol over all of your Company s Makos or just a selected group From this screen you can also Email the User their passw...

Page 65: ...portant that you correctly enter the Users email address as the randomly generated password will be sent to that email address You can choose the type of user to create and whether you want to grant a...

Page 66: ...for your company and its IT Provider s Help Contacts Help Documentation This section contains downloadable PDF documentation on nearly every aspect of the Mako System as well as product literature Do...

Page 67: ...Help Known Issues This area contains known issues and ways to resolve them Known Issues Mako Networks Mako 7550 E Product Handbook v 1 1 Page 67...

Page 68: ...ovide your existing password Your Reseller will verify your customer identity Because this can take some time passwords will never be given out over the telephone it is at least inconvenient and at wo...

Page 69: ...ork to be assigned automatically on machine power up The IP address may change from one network session to the next DMZ A portion of a network enclosed within a Firewall System DNS Domain Name Service...

Page 70: ...e definition of the data structures which the applications exchange and the definition of the protocols by which the applications exchange data structures Standardised services include FTP Telnet HTTP...

Reviews:

No comments