manualshive.com logo in svg

Secure Computing sidewinder, Startup Manual

Introducing the Secure Computing Sidewinder, a cutting-edge security solution for your digital needs. Ensure seamless protection with our comprehensive Startup Manual, available for free download. Find the detailed manual to optimize your experience at manualshive.com, empowering you to harness the full potential of this remarkable product.

Share
Download
background image

Chapter 2: Planning Considerations

 

Preparing your Quick Start Wizard responses

10

What is your appliance’s fully qualified hostname?

Sidewinder appliance hostname: _________________________________

Enter the hostname by which the appliance will be known on the external burb 
(Internet). Determine a naming scheme for your appliances or select a name 
that fits with your existing scheme. For example, if you have more than one 
appliance, your naming scheme could be 

sidewinder_a.example.com

sidewinder_b.example.com

, and so on.

What are the IP addresses and netmasks of your external and 
internal interfaces?

External IP address/netmask or DHCP: ____________________________
Internal IP address/netmask: ____________________________________

Each network interface on an appliance must be given an IP address in a 
network, or subnet, different from the other network interfaces. IP addresses 
are added to the appliance’s routing table. An appliance uses its routing table 
to select a network interface for each packet according to the destination IP 
address, so the route to this address must map to only one network interface.

Each network interface corresponds to one burb. 

Burb

 is a term that refers to 

an interface and all the systems it connects. From a security perspective, a 
burb and the network it is attached to are a single entity covered by the same 
security policy. The initial appliance configuration has two burbs: an 

internal

 

burb and an 

external

 burb. You may assign additional burbs as needed, such 

as a DMZ burb and virtual burb, once your appliance is fully operational.

Your 

external

 

interface

 (external burb) is the network interface that handles 

your external network. This is often, but not always, your network’s connection 
to the Internet and the outside world. The external, or Internet, burb has unique 
properties that are important when managing mail, DNS, and routing and is 
usually your traffic’s most common termination point. Your security policy will 
generally have strong restrictions controlling how traffic arriving on this network 
interface is allowed to pass into your internal network. You may obtain an 
address for this interface by one of two ways:

Automatically assign an external address using a Dynamic Host 
Configuration Protocol (DHCP) server. 

Note:

If you select DHCP, your Admin Console must be in the internal burb.

Manually assign an IP address. (The netmask is automatically entered 
once you type in an IP address. If the supplied netmask is incorrect, change 
it before continuing.)

Your 

internal

 

interface

 (internal burb) is the NIC that handles your internal 

network. Users on the internal network are generally trusted, so your security 
policy will allow more traffic out through an appliance than is allowed in.

Summary of Contents for sidewinder

Page 1: ...onIM IronMail IronMail Edge SecureWire SnapGear Trusted Source Securing connections between people applications and networks and Access Begins with Identity are trademarks of Secure Computing Corporation All other trademarks tradenames service marks service names product names and images mentioned and or used herein belong to their respective owners 2007 Secure Computing Corporation All rights res...

Page 2: ......

Page 3: ...STARTUP GUIDE Sidewinder Network Gateway Security Version 7 0 ...

Page 4: ...ii ...

Page 5: ...e as indicated on your invoice and any updates or revisions of the Software Module that you may receive 1 4 Software shall mean collectively the Sidewinder Software and if purchased by you the Software Module s 2 GRANT OF LICENSE Secure Computing grants to you and you accept a a non exclusive and non transferable license to use the Sidewinder Software solely on and in conjunction with the Secure C...

Page 6: ...United States Department of State You have been advised that the Software is subject to the U S Export Administration Regulations You shall not export import or transfer Software contrary to U S or other applicable laws whether directly or indirectly and will not cause approve or otherwise facilitate others such as agents or any third parties in doing so You represent and agree that neither the Un...

Page 7: ...ll rights reserved This product incorporates compression code from the Info ZIP group There are no extra charges or costs due to the use of this code and the original compression sources are freely available from http www info zip org or ftp ftp info zip org on the Internet This product includes software developed at the Information Technology Division US Naval Research Laboratory Copyright 1995 U...

Page 8: ...pport services Your Secure Computing reseller is the first line of support when you have questions about our products and services however if you require additional assistance contact us directly To contact Secure Computing Technical Support directly telephone 1 800 700 8328 or 1 651 628 1500 If you prefer send an e mail to support securecomputing com To inquire about obtaining a support contract ...

Page 9: ...r Quick Start Wizard responses 8 Preparing an integration schedule 13 CHAPTER 3 Setting Up the Management Tools 15 Verifying management system requirements 16 Installing the Management Tools 17 CHAPTER 4 Configuring your Sidewinder Appliance 19 Setting up the hardware 20 Running the Quick Start Wizard 20 CHAPTER 5 Managing your Sidewinder Appliance 25 Starting the Admin Console 26 Activating the l...

Page 10: ...tial configuration to removable media 37 Preparing the systems 37 Running the Quick Start Wizard 38 Powering on the Sidewinder appliance 40 APPENDIX B Tips and Troubleshooting 41 Troubleshooting technical difficulties and configuration issues 42 Troubleshooting newly installed or re imaged appliances 42 Troubleshooting connectivity and misconfiguration difficulties 43 Verifying interface informati...

Page 11: ...es the Sidewinder documentation in portable document format PDF When you install the Management Tools on a Microsoft Windows based system the documents are automatically loaded onto your hard drive Updated documents when necessary will automatically load when you upgrade your Sidewinder You can view the documents by selecting Start Programs Secure Computing Sidewinder 7 Admin Console Documentation...

Page 12: ...Console program provides detailed screen based online help as well as topic based online help Note If you use a browser with a pop up blocker turned on you must allow blocked content to view the Sidewinder appliance help Application notes Detailed instructions for setting up specific configurations such as setting up appliance to work with another vendor s product or environment Application notes ...

Page 13: ...1 1 CHAPTER In this chapter Shipment contents 2 Sidewinder environment 3 Selecting the best startup method 4 Checklist for success 5 Installation Overview ...

Page 14: ...ms are to be used during the startup process Sidewinder Startup Guide and the Quick Start fold out Hardware platform serial cable and power cord s Sidewinder Management Tools CD Activation Certificate Rack Mount Kit optional Installation Disk Imaging CD to be used only if system needs re imaging Activation Certificate other notices Startup Guide Sidewinder Administration Guide PDF on Management To...

Page 15: ...e Management Tools CD provides the programs needed to prepare the initial configuration the Quick Start Wizard and manage your appliances after installation the Admin Console The appliance also supports a local console using a serial connection or a standard VGA connection Figure 1 Basic Sidewinder appliance environment R R Management system on Windows PC Install the Management Tools to create an ...

Page 16: ...ick Start Wizard Figure 3 Direct connect with the Quick Start text mode program prompt For users who do not have a Windows system near their appliance connect a terminal or terminal emulator to the appliance using a serial cable or monitor and keyboard then use the text mode Quick Start program See Using a locally attached terminal on page 34 for more information Figure 4 Diskette or flash drive t...

Page 17: ...twork perimeter security and basic issues relevant to integrating a Sidewinder appliance into your existing network See the web based training for more details www securecomputing com training_sidewinder cfm Read the latest Release Notes for up to date information Release Notes are located here www securecomputing com goto updates Gather network information and answer the questions that relate to ...

Page 18: ... page 20 for more information Start the Quick Start Wizard See page 20 for more information After the Quick Start Wizard completes detach the serial cable Start managing your Sidewinder appliance Start the Admin Console from your Windows based management workstation and connect to your appliance See page 26 for details Check for recently released patches www securecomputing com goto updates Read t...

Page 19: ...7 2 CHAPTER In this chapter Learning about network perimeter security 8 Preparing your Quick Start Wizard responses 8 Preparing an integration schedule 13 Planning Considerations ...

Page 20: ...e access to the appliance Tip For information on training network services consultations and technical support options contact Secure Computing Customer Service at 1 888 683 3030 Preparing your Quick Start Wizard responses This section helps you define and organize the information you will need to initially configure your Sidewinder appliance using the Quick Start Wizard The Quick Start Wizard ask...

Page 21: ...ices Table 1 Initial active policy Rule name Summary Internet Services This rule is enabled if you select Allow administrative and basic outbound Internet services during initial configuration The rule provides users access to the most commonly used Internet services using a pre configured Internet Services service group The Internet Services rule regulates access to the following services FTP HTT...

Page 22: ...ive a burb and the network it is attached to are a single entity covered by the same security policy The initial appliance configuration has two burbs an internal burb and an external burb You may assign additional burbs as needed such as a DMZ burb and virtual burb once your appliance is fully operational Your external interface external burb is the network interface that handles your external ne...

Page 23: ...ddress _____________________________________ Note If the appliance uses DHCP the routing information is configured automatically and will not be entered during the Quick Start Wizard Traffic between machines on different networks or subnets requires routing That is each computer must be told where to send traffic it cannot deliver directly This traffic is generally sent to a router that allows acc...

Page 24: ...ote administration route when running the Quick Start Wizard This route definition may be to a specific host or to an entire subnet Other routes can be added after the appliance is operational If you need a route to begin managing your appliance enter the remote computer s IP address or subnet Then enter the IP address of the gateway router to reach that IP address subnet What is your administrati...

Page 25: ...se the Admin Console to configure them after the initial configuration is complete Before you do this ensure you address the following issues Notify your ISP of the date that your network traffic will start flowing through the Sidewinder This task is necessary only if your company has an existing Internet presence The ISP must then change your mail exchanger MX and name server records to point to ...

Page 26: ... appliance and time to test critical features and services Note An experienced Sidewinder appliance installer requires approximately eight hours to complete the installation configuration and testing of a basic installation Adjust this amount accordingly based on your experience level and the complexity of your security policy and test plan Inform your users and help desk of when the network will ...

Page 27: ...15 3 CHAPTER In this chapter Verifying management system requirements 16 Installing the Management Tools 17 Setting Up the Management Tools ...

Page 28: ...meets or exceeds the requirements in Table 2 Table 2 Minimum requirements for running Management Tools software Component Requirement OS MS Windows 2000 Workstation 2000 Server or XP Pro CPU Intel 1 GHz minimum Memory 512 MB minimum Drives 300 MB of available disk space CD ROM drive Monitor 1024 x 768 or higher Network Interface Card Access to network hosting your appliance Serial Port 9 pin seria...

Page 29: ...you through installing the Management Tools on a Windows based system The Management Tools include production documentation and the following applications The Quick Start Wizard creates the initial configuration Figure 5 The Quick Start Wizard The Admin Console is used for all general management tasks Figure 6 The Admin Console ...

Page 30: ... then go to Install Setup exe 2 Follow the on screen instructions to complete the setup program Note Secure Computing recommends using the default settings If you insert the Management Tools CD into a system on which version 7 x programs are already installed you will be able to do the following Modify Add or remove individual components Admin Console documentation and Sidewinder Guided Tour Repai...

Page 31: ...19 4 CHAPTER In this chapter Setting up the hardware 20 Running the Quick Start Wizard 20 Configuring your Sidewinder Appliance ...

Page 32: ... s cabling information If you can t find your model check the Secure Computing web site for the latest Port Identification Guide http www securecomputing com goto manuals 4 Power on your Sidewinder appliance 5 Using the serial cable provided in your Sidewinder appliance shipment connect one end of the cable to the appliance and the other end to a Windows computer installed with the Management Tool...

Page 33: ...ration follow the on screen instructions 1 Enter your Sidewinder serial number 2 Enter your contact information 3 Enter your company information 4 Optional Enter any comments 5 Click Next 1 Select the appropriate option for your initial policy Allow administration services only allows only basic administrative services Allow administrative and basic outbound Internet services creates a policy that...

Page 34: ...ost is the only field available for entry in this window if the appliance is obtaining an IP address automatically 1 In the Primary field enter the IP address of the DNS resolver that will handle your appliance s DNS requests 2 Optional In the Secondary field enter the IP address of an alternate DNS resolver This resolver can be one of the following A different primary resolver in another burb one...

Page 35: ...ess of the gateway router leading to the Admin Console computer s host network 5 Click Next 1 In the Administrator username field type a user name for the primary administrator The user name should consist of 7 16 alphanumeric characters The first character must be a letter 2 In the Password field type a password for the primary administrator 3 Confirm the password 4 Click Next Read the summary of...

Page 36: ...ate and time If you would like to synchronize it with your Windows computer click Update with Desktop Time 2 Set the region country and time zone 3 Click OK Click OK If you would like to start an Admin Console session make sure your Windows computer is connected by the network to your appliance s internal interface The Admin Console cannot manage the appliance over a serial connection Click Finish...

Page 37: ...25 5 CHAPTER In this chapter Starting the Admin Console 26 Activating the license 27 Performing other post startup tasks 31 Managing your Sidewinder Appliance ...

Page 38: ...rovided in the Quick Start Wizard do the following to connect to your Sidewinder appliance 1 From a Windows desktop on your internal network select Start Programs Secure Computing Sidewinder 7 Admin Console Admin Console 2 Add an appliance to the Admin Console tree a From the File menu select New Firewall The Add Firewall window appears b Enter the appliance name and IP address then click Add 3 In...

Page 39: ...iance did not get licensed during initial configuration it will operate for seven days with a trial license These features are licensed during the trial period SecureOS Support VPN Failover Strong Cryptography To manually activate your license you can perform these procedures Licensing an isolated Sidewinder appliance on page 28 Licensing an internet connected Sidewinder appliance on page 30 Impor...

Page 40: ... select a firewall ID There will be one firewall ID listed for each NIC in the appliance Tip If your Admin Console computer does not have web access move to a computer that has web access Bring a copy of the serial number and firewall ID with you to the web accessible computer 7 Use a web browser to access the Sidewinder activation web page https www securecomputing com cgi bin sidewinder activati...

Page 41: ... key into the appliance Enter information in the following fields Source Select Local File File Click the Browse button and navigate to the activation key file 15 Click OK to approve the specified file The activation key is extracted from the file and written to the Activation Key field You license is now activated ...

Page 42: ... the requested address information Enter information on the Billing Address tab 5 Click the Firewall tab and do the following Serial Number field Verify that it shows the 16 digit serial number located on the Activation Certificate or on your hardware platform Firewall ID field Use the drop down list to select a firewall ID There will be one firewall ID listed for each NIC in the appliance Leave a...

Page 43: ...The appliance uses a set of rules to determine the proxies and servers that internal and external users will be allowed to use See the following chapters of the Sidewinder Administration Guide General Policy Configuration Services Application Defenses Content Inspection Network Objects and Time Periods Authentication Set up accounts for other administrators You may need more than one administratio...

Page 44: ...bound traffic and one for outbound traffic each with direction appropriate settings See the Electronic Mail chapter of the Sidewinder Administration Guide Set up an authentication server to validate remote users You may need to register the appliance with that server and perform some additional steps See the Authentication chapter of the Sidewinder Administration Guide Create a configuration backu...

Page 45: ...33 A APPENDIX In this appendix Using a locally attached terminal 34 Saving your initial configuration to removable media 37 Other Quick Start Methods ...

Page 46: ...ing the following 1 Use a diagram of your network to determine the proper placement of your Sidewinder appliance Your appliance must be able to reach the appropriate routers subnets and servers such as mail servers and name servers 2 Attach the power cord to the system and plug it into an electrical outlet Note If your appliance has redundant power supplies attach and plug in both power cords If o...

Page 47: ... the Device Manager of that computer 1 Click Start Settings Control Panel 2 Conditional If in the Category view click Performance and Maintenance 3 Double click System The System Properties window appears 4 Click the Hardware tab 5 Click the Device Manager button 6 Expand Ports COM LPT 7 Double click Communications Port COM1 8 Click the Port Settings tab 9 Select the appropriate port settings from...

Page 48: ...ment appears 2 Answer each question as it appears using the information you gathered in Preparing your Quick Start Wizard responses on page 8 If you need more information about a question type and press Enter 3 While the appliance reboots disconnect the terminal cable Go to a Windows based computer installed with the Sidewinder Management Tools to begin managing your appliance Tip For more informa...

Page 49: ...exe 2 Follow the on screen instructions to complete the Setup program Secure Computing recommends using the default settings Appropriately place and cable your appliance by doing the following 1 Use a diagram of your network to determine the proper placement of your appliance Your appliance must be able to reach the appropriate routers subnets and servers such as mail servers and name servers 2 At...

Page 50: ...izard responses on page 8 2 Insert a diskette or USB flash drive into you Windows computer 3 From the Windows desktop select Start Programs Secure Computing Sidewinder 7 Admin Console Quick Start Wizard 4 Answer the Quick Start Wizard questions as appropriate for your site If you need more information about a window click the Help button 5 At the Summary window click Save Configuration Figure 9 Qu...

Page 51: ...figuration window You have the option to save the configuration to any location using any file name at this time However to transfer the configuration to the appliance without using the Quick Start Wizard via a serial cable you must name the configuration file qsw_datafile put the configuration on a diskette or flash drive save the file in the root directory of the diskette or flash drive 7 Click ...

Page 52: ...nformation from the Quick Start Wizard media When this process completes the system will initialize and try to access the Secure Computing activation server If your appliance did not get licensed during initial configuration the Sidewinder appliance will operate for seven days with a trial license These features are licensed during the trial period SecureOS Support VPN Failover Strong Cryptography...

Page 53: ...pliances 42 Troubleshooting connectivity and misconfiguration difficulties 43 Verifying interface information 44 Note These tips and processes are suggestions for resolving basic problems only and are not intended to replace qualified technical assistance Tips and Troubleshooting ...

Page 54: ...play messages on the console that can provide information about the system s state Table 6 Conditions when you would want to attach a console What is happening How to start troubleshooting Nothing happens when you turn on a new or newly re imaged system Appliance may be ready for its Quick Start information Configure the appliance using one of the three methods described in Selecting the best star...

Page 55: ...ave failed Check your network connectivity and check your Default Administration Route that you entered in the Quick Start Wizard The appliance s IP address is wrong on the appliance or in the Admin Console Double check the IP addresses you entered in the Quick Start Wizard Error message Activation key has expired Appliance license is not currently activated License appliance for it to begin passi...

Page 56: ...ormation is incorrect enter man cf_interface for information on correcting it 3 Enter ifconfig a to get the status of the network interfaces Check the following Both interfaces flags include UP and RUNNING Both interfaces speed values 10baseT 100baseTX or 1000baseT and media type values most likely autoselect are as expected Both interfaces show status active If the ifconfig output shows status no...

Page 57: ...orts a ping reply track the fault in the network that is not responding If neither ping command reports ping reply the internal and external cables may have been swapped when inserted into the appliance Physically swap the cables Note Physical aspects of your cables might require you to swap interface parameters instead of swapping cables You can swap parameters on the Admin Console at Network Int...

Page 58: ...Appendix B Tips and Troubleshooting Verifying interface information 46 ...

Page 59: ...ion services from a network server CGI common gateway interface Any server side code that accepts data from forms via HTTP The forms are generally on Web pages and submitted by end users daemon A software routine within UNIX that runs in the background performing system wide functions domain 1 Relative to networking the portion of an Internet address that denotes the name of a computer network For...

Page 60: ...nce The firewall ID is used when activating your Sidewinder appliance FreeBSD The operation system used as a base for developing SecureOS See also SecureOS gateway A network component used to connect two or more networks that may use dissimilar protocols and data transmission media High Availability HA A feature that allows a second Sidewinder to be configured either in a load sharing capacity or ...

Page 61: ...etwork wiring ethernet cable phone line etc operational kernel The Sidewinder SecureOS kernel that provides the normal operating state including Type Enforcement controls When this kernel is running the Sidewinder appliance can connect to both the Internet and the internal network and all configured services are operational ping A command that sends an ICMP message from one host to another host ov...

Page 62: ... built upon FreeBSD and includes Type Enforcement security mechanisms server A computer system that provides services such as FTP to a network or a program running on a host that offers a service to other hosts on a network For example file servers provide access to files Computers that run server programs are often called servers SMTP simple mail transport protocol The TCP IP protocol that transf...

Page 63: ...d line 34 44 contact information Customer Service 8 Technical Support 8 CPU requirements 16 D data bits 35 date and time 24 default policy 9 21 default route 22 deleting management tools 18 DHCP 10 22 DNS hosted 13 31 resolver IP addresses 11 resolvers 22 rules 9 troubleshooting 43 documentation vii domain name 13 drive requirements 16 E e mail 32 43 errors 43 external interface 10 22 F failed to ...

Page 64: ... O OS requirements 16 P parity 35 password 23 patches 31 ping 9 44 45 planning information 8 plugging in your hardware 20 port settings 35 post installation tasks 31 Q Quick Start Wizard GUI and flash drive 37 40 GUI and serial cable 20 24 installation 18 possible methods 4 requirements 16 text mode and serial cable 34 36 R Real Media 9 reconfigure mail 43 registration IP address and domain name 1...

Page 65: ...5 text mode installation 4 34 36 time zone 24 training 8 U upgrades 31 USB 4 28 37 username 23 W Web sites activation 28 application notes vii free online training 8 knowledge base vii 43 Release Notes 5 Secure Computing vii upgrades 6 31 warranty information 2 Windows 2000 16 Windows 2000 Server 16 Windows XP 16 35 ...

Page 66: ...Index 54 ...

Page 67: ......

Page 68: ...onIM IronMail IronMail Edge SecureWire SnapGear Trusted Source Securing connections between people applications and networks and Access Begins with Identity are trademarks of Secure Computing Corporation All other trademarks tradenames service marks service names product names and images mentioned and or used herein belong to their respective owners 2007 Secure Computing Corporation All rights res...

Reviews:

No comments

Related manuals for sidewinder

Samsung AllShare Cast Dongle Quick Start Manual preview
AllShare Cast Dongle
Brand: Samsung Pages: 2
D-Link DSL-2750U Setup preview
DSL-2750U
Brand: D-Link Pages: 14
D-Link DVG-7022S Quick Installation Manual preview
DVG-7022S
Brand: D-Link Pages: 7
D-Link DIR-878 Quick Installation Manual preview
DIR-878
Brand: D-Link Pages: 41
D-Link DES-3526 - Switch - Stackable Manual preview
DES-3526 - Switch - Stackable
Brand: D-Link Pages: 258
Hal Communications RS2100 Instruction Manual preview
RS2100
Brand: Hal Communications Pages: 25
iDirect Evolution X3 Installation And Safety Manual preview
Evolution X3
Brand: iDirect Pages: 60
Accuphase AD-60 Instruction Manual preview
AD-60
Brand: Accuphase Pages: 2
ADTRAN ATLAS 550 Manual preview
ATLAS 550
Brand: ADTRAN Pages: 2
Acrosser Technology AMB-VDX3H1 Series Quick Start Manual preview
AMB-VDX3H1 Series
Brand: Acrosser Technology Pages: 4
Ubee DVW3201B User Manual preview
DVW3201B
Brand: Ubee Pages: 9
Lochinvar Armor 101 Series Instructions Manual preview
Armor 101 Series
Brand: Lochinvar Pages: 28
Lochinvar Armor 101 Series Service Manual preview
Armor 101 Series
Brand: Lochinvar Pages: 44
SMART MOD IIC Installation And Service Manual preview
MOD IIC
Brand: SMART Pages: 15
Amplifier Tech ATP6700 Owner'S Manual preview
ATP6700
Brand: Amplifier Tech Pages: 36
H3C S12500R-2L Installation, Quick Start preview
S12500R-2L
Brand: H3C Pages: 26
Patton electronics 1018RC User Manual preview
1018RC
Brand: Patton electronics Pages: 12
JETWAY LI1B Series User Manual preview
LI1B Series
Brand: JETWAY Pages: 55

Brands by name

Popular brands

Load more brands