Page 9 /59
snengde_installation-product-SN-range v1.2 - Copyright Netasq 2015
PRESENTATION AND INSTALLATION GUIDE – SN RANGE
FOREWORD
Assumptions on physical security measures
NETASQ Firewall-VPN appliances are installed and stored in compliance with the state of the art
regarding sensitive security devices: secured access to the premises, Shielded cables with twisted
pairs, labeled cables, etc.
Assumptions on organizational security measures
The default password of the “admin” user (super administrator) must be changed the very first time
the product is used. The wizard will prompt the user to change his password during the initial
installation, in the
Administration of the appliance
window. In the web administration interface, this
password can be changed in the Administrator module (System menu), under the
Administrator
account
tab.
The definition of this password must observe the best practices described in the UserGuide, in the
chapter Welcome, under the section
User awareness
, sub-section
User password management
,
available at:
http://documentation.stormshield.eu/
A particular administrative role – that of the super-administrator – has the following characteristics:
-
Only the super-administrator is permitted to connect via the local console on NETASQ Firewall-
VPN appliances, and only when installing the Firewall or for maintenance operations, apart from
actual use of the equipment.
-
He is in charge of defining the profiles of other administrators,
-
All access to the premises where the appliances are stored has to be under his supervision,
regardless of whether the access is due to an intervention on the appliance or on other
equipment. He is responsible for all interventions carried out on appliances.
Assumptions on the IT security environment
NETASQ firewall-VPN appliances are installed in accordance with the current network interconnection
policy and are the only passageways between the different networks on which the control policy for
traffic has to be applied. They are scaled according to the capacities of the adjacent devices or these
devices restrict the number of packets per second, positioned slightly below the maximum treatment
capacities of each firewall-VPN appliance installed in the network architecture.
The type of firewall-VPN NETASQ appliance is selected according to packet treatment capacity
determined by the network architecture. Otherwise, adjacent appliances would impose a restriction
on the number of packets per second. This limit is set slightly below the maximum treatment capacity
of each NETASQ firewall-VPN appliance installed.