Clavister Eagle E7, Быстрый старт

Страница: 63 / 76

3.7. Going Further with cOS Core
After initial setup is complete, the administrator is ready to go further with configuring cOS Core
to suit the requirements of a particular networking scenario. The primary reference
documentation provided for this consists of:
• The cOS Core Administrators Guide
• The cOS Core CLI Reference Guide
• The cOS Core Log Reference Guide
The cOS Core Administrators Guide
This guide is a comprehensive description of all cOS Core features and includes a detailed table
of contents with a comprehensive index to quickly locate particular topics.
Examples of the setup for various scenarios are included but screenshots are kept to a minimum
since the user has a variety of management interfaces to choose from.
Basic cOS Core Objects and Rules
As a minimum, the new administrator should become familiar with the cOS Core Address Book for
defining IP address objects and with the cOS Core IP rule set for defining IP Rule objects which
allow or block different traffic and which can also used to set up NAT address translation.
IP rules identify the targeted traffic using combinations of the source/destination
interface/network combined with protocol type. By default, no IP rules are defined so all traffic is
dropped. At least one IP rule needs to be defined before traffic can traverse the Clavister Security
Gateway.
An alternative to IP Rule objects is to use IP Policy objects. These have essentially the same
function but simplify the setting up of address translation and the use of important functions
such as application control, virus scanning and web content filtering.
In addition to rules, Route objects need to be defined in a Routing Table so that traffic can be sent
on the correct interface to reach its final destination. Traffic will need both a relevant rule and
route to exist in order for it to traverse the security gateway.
ALGs
Once the address book and IP rules are understood, the various ALGs will probably be relevant
for managing higher level protocols such as HTTP. For example, for management of web
browsing, the HTTP ALG provides a number of important features such as content filtering. Using
IP Policy objects can remove the need to use ALGs as separate objects.
VPN Setup
A common requirement is to quickly setup VPN networks based on Clavister Security Gateways.
The
cOS Core Administrators Guide includes an extensive VPN section and as part of this, a VPN
Quick Start section which goes through a checklist of setup steps for nearly all types of VPN
scenarios.
Included with the quick start section is a checklist for troubleshooting and advice on how best to
deal with the networking complications that can arise with certificates.
Chapter 3: cOS Core Configuration
63