Unified Threat Management Advanced Firewall Operations Guide

Transcription

1 Unified Threat Management Advanced Firewall Operations Guide For future reference Advanced Firewall serial number: Date installed: Smoothwall contact:

2 Smoothwall Advanced Firewall, Operations Guide, March 2015 Smoothwall publishes this guide in its present form without any guarantees. This guide replaces any other guides delivered with earlier versions of Advanced Firewall. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Smoothwall. For more information, contact: Smoothwall Ltd. All rights reserved. Trademark notice Smoothwall and the Smoothwall logo are registered trademarks of Smoothwall Ltd. Linux is a registered trademark of Linus Torvalds. Snort is a registered trademark of Sourcefire INC. DansGuardian is a registered trademark of Daniel Barron. Microsoft, Internet Explorer, Window 95, Windows 98, Windows NT, Windows 2000 and Windows XP are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Netscape is a registered trademark of Netscape Communications Corporation in the United States and other countries. Apple and Mac are registered trademarks of Apple Computer Inc. Intel is a registered trademark of Intel Corporation. Core is a trademark of Intel Corporation. All other products, services, companies, events and publications mentioned in this document, associated documents and in Smoothwall software may be trademarks, registered trademarks or service marks of their respective owners in the UK, US and/or other countries. Acknowledgements Smoothwall acknowledges the work, effort and talent of the Smoothwall GPL development team: Lawrence Manning and Gordon Allan, William Anderson, Jan Erik Askildt, Daniel Barron, Emma Bickley, Imran Chaudhry, Alex Collins, Dan Cuthbert, Bob Dunlop, Moira Dunne, Nigel Fenton, Mathew Frank, Dan Goscomb, Pete Guyan, Nick Haddock, Alan Hourihane, Martin Houston, Steve Hughes, Eric S. Johansson, Stephen L. Jones, Toni Kuokkanen, Luc Larochelle, Osmar Lioi, Richard Morrell, Piere-Yves Paulus, John Payne, Martin Pot, Stanford T. Prescott, Ralf Quint, Guy Reynolds, Kieran Reynolds, Paul Richards, Chris Ross, Scott Sanders, Emil Schweickerdt, Paul Tansom, Darren Taylor, Hilton Travis, Jez Tucker, Bill Ward, Rebecca Ward, Lucien Wells, Adam Wilkinson, Simon Wood, Nick Woodruffe, Marc Wormgoor. Advanced Firewall contains graphics taken from the Open Icon Library project Address Web Telephone Fax Smoothwall Limited 1 John Charles Way Leeds. LS12 6QA United Kingdom info@smoothwall.net USA and Canada: United Kingdom: All other countries: USA and Canada: United Kingdom: All other countries:

3 Contents About This Guide... 1 Audience and Scope... 1 Organization and Use... 1 Conventions... 2 Related Documentation... 2 Chapter 1 Advanced Firewall Overview... 3 Overview of Advanced Firewall... 3 Annual Renewal... 4 Accessing Advanced Firewall... 4 Dashboard... 5 Logs and Reports... 6 Reports... 6 Alerts... 6 Realtime... 6 Logs... 7 Settings... 8 Networking... 8 Configuration... 8 Filtering... 9 Routing... 9 Outgoing... 9 Settings Services Authentication User Portal Proxies SNMP Message Censor Intrusion System DHCP System Maintenance iii

4 Contents Central Management Preferences Administration Hardware Diagnostics Certificates VPN Configuration Guidelines Specifying Networks, Hosts and Ports Using Comments Connecting via SSH Connecting Using a Client Secure Communication Unknown Entity Warning Inconsistent Site Address Chapter 2 Advanced Firewall Services Working with Portals Creating a Portal Configuring a Portal Editing Portals Deleting Portals Managing the Web Proxy Service Configuring and Enabling the Web Proxy Service About Web Proxy Methods Configuring End-user Browsers Instant Messenger Proxying Monitoring SSL-encrypted Chats SIP Proxying Types of SIP Proxy Choosing the Type of SIP Proxying Configuring SIP FTP Proxying Configuring non-transparent FTP Proxying Configuring Transparent FTP Proxying Reverse Proxy Service Configuring the Reverse Proxy Service SNMP Censoring Message Content Creating Custom Categories Setting Time Periods Creating Filters Creating and Applying Message Censor Policies Editing Polices Deleting Policies Managing the Intrusion System About the Default Policies Deploying Intrusion Detection Policies Deploying Intrusion Prevention Policies Creating Custom Policies iv Smoothwall Ltd

5 Contents Uploading Custom Signatures Using BYOD with Advanced Firewall About the RADIUS requests Implementation Examples Configuring BYOD for Advanced Firewall Prerequisites Adding RADIUS Clients Blocking Access to the Wireless Network Adding External RADIUS Servers Using the Advanced Firewall Certificate Chapter 3 Producing Reports About Reports About Report Templates About Report Outputs Using Drill Down Reports Generating Reports Canceling a Report Regenerating and Saving Reports About the Summary Report Scheduling Reports Example Schedule Report Configuration Managing Scheduled Reports Creating Custom Report Templates Creating Basic Custom Reports About Advanced Custom Reports Managing Custom Reports Managing Reports and Report Folders Creating Folders Deleting Folders Deleting Reports Making Reports Available on User Portals Saving a Report Output to Other User Portals Removing Reports from a User Portal Chapter 4 Using Alerts, Information, and Logging About the Dashboard About Alerts Available Alerts Configuring Alert Settings Enabling Instantaneous Alerts Looking up Previous Alerts by Reference About Advanced Firewall s Realtime Viewer Realtime System Information Realtime Firewall Information Realtime IPsec Information Realtime Portal Information Realtime Instant Messaging Realtime Traffic Graphs About Advanced Firewall s Log Files v

6 Contents Viewing System Logs Exporting System Logs Firewall Logs IPSec Logs Logs IDS Logs IPS Logs IM Proxy Logs Web Proxy Logs Web Filter Logs Configuring Web Filter Logs Monitoring Log Activity in Realtime Searching for and Filtering Information Exporting Data Reverse Proxy Logs User Portal Logs Configuring Log Settings Configuring Other Log Settings Managing Log Retention Managing Automatic Deletion of Logs Configuring Report and Alert Output Settings About -to-SMS Output About Placeholder Tags Configuring to SMS Output Configuring Output to Generating a Test Alert Configuring Alert and Report Groups Creating Groups Editing a Group Deleting a Group Chapter 5 Managing Your Advanced Firewall Installing Updates Installing Updates Installing Updates on a Failover System Managing Modules Removing a Module Licenses Installing Licenses Archives About Archive Profiles Creating an Archive Downloading an Archive Restoring an Archive Deleting Archives Uploading an Archive Scheduling Scheduling Remote Archiving Editing Schedules Rebooting and Shutting Down vi Smoothwall Ltd

7 Contents Setting System Preferences Configuring the User Interface Setting Time Configuring Registration Options Changing the Hostname Configuring Administration and Access Settings Configuring Administration Access Options Configuring External Access Rules Administrative User Settings Managing Tenants Creating Tenants Editing a Tenant Deleting a Tenant Hardware Managing UPS Devices Managing Hardware Failover Prerequisites Configuring Hardware Failover Administering Failover Testing Failover Using Advanced Firewall s Diagnostic Tools Testing Advanced Firewall Functionality Exporting Advanced Firewall s Configuration Using IP Tools Using Whois Managing CA Certificates Reviewing CA Certificates Importing CA Certificates Exporting CA Certificates Deleting and Restoring Certificates Appendix A Available Reports All blocked activity for a specific user Amount of time a user spent browsing a URL Amount of time a user spent browsing sites in a category Amount of time an IP address spent browsing a URL Amount of time an IP address spent browsing sites in a category Application Bandwidth Statistics About the Generated Report Authentication Cache Bandwidth usage by a specific user Complete IP address audit trail Complete user audit trail Connection details and traffic statistics Control page template Daily category comparison Daily domain comparison Daily user comparison Disk information vii

8 Contents Estimated cost of Spam and Malware Executive summary of activity of a specific IP address Executive summary of activity of a specific user Executive summary of all group activity Firewall activity Incoming summary incl last 24 hours Interfaces and IP addresses Mailbox activity Malware Incl last 24 hours Outgoing summary incl last 24 hours Portal users logged in status Summary page template System information Time spent browsing for a specific user Time spent browsing sites in a specific category for a specific user Times of day a group browses a specific URL Times of day a user browses a specific URL Times of day a user browses and the categories browsed Times of day an IP address browses a specific URL Times of day an IP address browses and the categories browsed Times of day members of a group browses and the categories browsed Top blocked domains by hits Top blocked users by hits Top categories by hits and bandwidth Top categories by hits and bandwidth - with options Top client IPs by hits and bandwidth Top client IPs by hits and bandwidth - with options Top domains by hits and bandwidth Top domains by hits and bandwidth - with options Top search terms Top search terms and the searches they were used in for a specific user Top users by hits and bandwidth Top users by hits and bandwidth - with options Top users using banned search terms Updates VPN status and history Web filter statistics Appendix B Application Groups Standard Application Groups Deep Packet Inspection Application Groups Glossary Index viii Smoothwall Ltd

9 About This Guide Smoothwall s Advanced Firewall is a licenced feature of your Smoothwall System. This manual provides guidance for configuring Advanced Firewall. Audience and Scope This guide is aimed at system administrators maintaining Advanced Firewall. This guide assumes the following prerequisite knowledge: An overall understanding of the functionality of the Smoothwall System An overall understanding of networking concepts Note: We strongly recommend that everyone working with Smoothwall products attend Smoothwall training. For information on our current training courses, contact your Smoothwall representative. Organization and Use This guide is made up of the following chapters and appendices: Chapter 1, Advanced Firewall Overview on page 3 Chapter 2, Advanced Firewall Services on page 21 Chapter 3, Producing Reports on page 67 Chapter 4, Using Alerts, Information, and Logging on page 81 Chapter 5, Managing Your Advanced Firewall on page 125 Appendix A:Available Reports on page 161 Appendix B:Application Groups on page 181 Glossary on page 189 1

10 About This Guide Index on page 199 Conventions The following typographical conventions are used in this guide: Item Convention Example Key product terms Initial Capitals Advanced Firewall Smoothwall System Menu flow, and screen objects Bold System > Maintenance > Shutdown Click Save Cross-references Blue text See Chapter 1, Introduction on page 1 References to other guides Italics Refer to the Advanced Firewall Administration Guide Filenames and paths Courier The portal.xml file Variables that users replace Courier Italics Links to external websites Blue text, underlined Refer to This guide is written in such a way as to be printed on both sides of the paper. Related Documentation The following guides provide additional information relating to Advanced Firewall: Advanced Firewall Installation Guide, which describes how to install Advanced Firewall Advanced Firewall Administration Guide, which describes how to configure Advanced Firewall Advanced Firewall Upgrade Guide, which describes how to upgrade Advanced Firewall Advanced Firewall User Portal Guide, which describes how to use the Advanced Firewall user portal contains the Smoothwall support portal, knowledge base and the latest product manuals. 2 Smoothwall Ltd

11 1 Advanced Firewall Overview This chapter introduces Advanced Firewall, including: Overview of Advanced Firewall on page 3 Annual Renewal on page 4 Accessing Advanced Firewall on page 4 Dashboard on page 5 Logs and Reports on page 6 Networking on page 8 Services on page 10 System on page 13 VPN on page 16 Configuration Guidelines on page 16 Connecting via SSH on page 18 Secure Communication on page 18 Overview of Advanced Firewall Advanced Firewall is the Unified Threat Management system for enterprise networks. Combining the functions of perimeter and internal firewalls, Advanced Firewall employs Microsoft Active Directory/LDAP user authentication for policy based access control to local network zones and Internet services. Secure wireless, secure remote access and site-to-site IPSec connectivity are provided by the integrated VPN gateway. 3

12 Advanced Firewall Overview Advanced Firewall provides: Perimeter firewall Multiple Internet connections with load sharing and automatic connection failover User authentication Policy-based access control and user authentication with support for Microsoft Active Directory, Novell edirectory and other LDAP authentication servers Load balancer The ideal solution for the efficient and resilient use of multiple Internet connections. Internal firewall Segregation of networks into physically separate zones with user-level access control of inter-zone traffic Security Anti-spam, anti-malware, mail relay and control. Note this is a separate module that you may not have installed. VPN Gateway Site-to-site, secure remote access and secure wireless connections. Annual Renewal To ensure that you have all the functionality documented in this guide, we recommend that you purchase annual renewal. For more information, contact your Smoothwall representative. Accessing Advanced Firewall To access Advanced Firewall, do the following: 1. In a web browser, enter the address of your Advanced Firewall, for example: Note: The example address above uses HTTPS to ensure secure communication with your Advanced Firewall. It is possible to use HTTP on port 81 if you are satisfied with less security. Note: The following sections assume that you have registered and configured Advanced Firewall as described in the Advanced Firewall Installation and Setup Guide. 2. Accept Advanced Firewall s certificate.the login screen is displayed. 4 Smoothwall Ltd

13 Advanced Firewall Overview 3. Enter the following information: Field Username Password Information Enter admin This is the default Advanced Firewall administrator account. Enter the password you specified for the admin account when installing Advanced Firewall. 4. Click Login. The Dashboard opens. The following describe Advanced Firewall s user interface. Dashboard The Dashboard is the default home page of your Advanced Firewall system. It displays the status of external interfaces, service information and customizable summary reports. 5

14 Advanced Firewall Overview Logs and Reports The Logs and reports section contains the following menu items and pages: Reports All report functionality, including customizing and scheduling, are found here: Pages Summary Reports Recent and saved Scheduled Custom Displays a number of generated reports. For more information, see About the Summary Report on page 70. Where you generate and organize reports. For more information, see Generating Reports on page 69. Lists recently-generated and previously saved reports. For more information, see Regenerating and Saving Reports on page 70. Sets which reports are automatically generated and delivered. For more information, see Scheduling Reports on page 71. Enables you to create and view custom reports. For more information, see Creating Custom Report Templates on page 73. Alerts You can enable alerts and monitors from here: Pages Alerts Alert settings Determine which alerts are sent to which groups of users and in what format. For more information, see About Alerts on page 82. Settings to enable the alert system and customize alerts with configurable thresholds and trigger criteria. For more information, see Configuring Alert Settings on page 86. Realtime You can watch Advanced Firewall s log files populate in realtime from here: Pages System Firewall IPSec A real time view of the system log with some filtering options. For more information, see Realtime System Information on page 92. A real time view of the firewall log with some filtering options. For more information, see Realtime Firewall Information on page 93. A real time view of the IPSec log with some filtering options. For more information, see Realtime IPsec Information on page Smoothwall Ltd

15 Advanced Firewall Overview Pages Portal IM proxy Traffic graphs Displays the log viewer running in real time mode. For more information, see Logs on page 104. Note that you may not see this option if Anti- Spam is not installed. For more information, refer to the Anti-Spam Installation and Administration Guide. A real time view of activity on user portals. For more information, see Realtime Portal Information on page 94. A real time view of recent instant messaging conversations. For more information, see Realtime Instant Messaging on page 95. Displays a real time bar graph of the bandwidth being used. For more information, see Realtime Traffic Graphs on page 96. Logs You can view and download Advanced Firewall s log files from here: Pages System Firewall IPSec IDS IPS IM proxy Web proxy Reverse proxy User portal Log settings Simple logging information for the internal system services. For more information, see Viewing System Logs on page 97. Displays all data packets that have been dropped or rejected by the firewall. For more information, see Firewall Logs on page 100. Displays diagnostic information for VPN tunnels. For more information, see IPSec Logs on page 102. Displays sender, recipient, subject and other message information. For more information, see Logs on page 104. Note that you may not see this option if Anti-Spam is not installed. For more information, refer to the Anti-Spam Installation and Administration Guide. Displays network traffic detected by the intrusion detection system (IDS). For more information, see IDS Logs on page 106. Displays network traffic detected by the intrusion detection system (IPS). For more information, see IPS Logs on page 107. Displays information about instant messaging conversations. For more information, see IM Proxy Logs on page 108. Displays detailed analysis of web proxy usage. For more information, see Web Proxy Logs on page 109. Displays information about reverse proxy usage. For more information, see Reverse Proxy Logs on page 111. Displays information about access by users to portals. For more information, see User Portal Logs on page 113. Settings to configure the logs you want to keep, an external syslog server, automated log deletion and rotation options. For more information, see Configuring Log Settings on page

16 Advanced Firewall Overview Settings You set global settings for reports, alerts, and log files from here: Pages Datastore settings Groups Output settings Contains settings to manage the storing of log files. For more information, see Managing Log Retention on page 117. Where you create groups of users which can be configured to receive automated alerts and reports. For more information, see Configuring Alert and Report Groups on page 122. Settings to configure the to SMS Gateway and SMTP settings used for delivery of alerts and reports. For more information, see Configuring Report and Alert Output Settings on page 118. Networking The Networking section contains the following sub-sections and pages: Configuration You configure all interfaces, whether they are NICs or software interfaces, here: Pages Interfaces DNS Link Load Balancing Source NAT & LLB policies Port forwards Configure and display information for your Advanced Firewall s interfaces, including VLANs and bridges. For more information, refer to the Advanced Firewall Administration Guide. Configure static DNS settings, and DNS proxy service settings. For more information, refer to the Advanced Firewall Administration Guide. Configure load balancing pools for network interfaces. For more information, refer to the Advanced Firewall Administration Guide. Configure any source NAT-ing, source mapping policies, and load balancing policies. For more information, refer to the Advanced Firewall Administration Guide. Configure any port forwarding policies to internal network services. For more information, refer to the Advanced Firewall Administration Guide. 8 Smoothwall Ltd

17 Advanced Firewall Overview Filtering You can setup filtering rules here for network traffic: Pages Zone bridging Group bridging IP block Ethernet bridging Used to define permissible communication between pairs of network zones. For more information, refer to the Advanced Firewall Administration Guide. Used to define the network zones that are accessible to authenticated groups of users. For more information, refer to the Advanced Firewall Administration Guide. Used to create rules that drop or reject traffic originating from or destined for single or multiple IP addresses. For more information, refer to the Advanced Firewall Administration Guide. Used to block peer to peer traffic across the bridge interface. For more information, refer to the Advanced Firewall Administration Guide. Routing You can configure routing rules here for network traffic: Pages Subnets RIP Used to generate additional routing information so that the system can route traffic to other subnets via a specified gateway. For more information, refer to the Advanced Firewall Administration Guide. Used to enable and configure the Routing Information Protocol (RIP) service on the system. For more information, refer to the Advanced Firewall Administration Guide. Outgoing You can configure rules for external bound network traffic here: Pages Policies Ports External services Used to assign outbound access controls to IP addresses and networks. For more information, refer to the Advanced Firewall Administration Guide. Used to define lists of outbound destination ports and services that should be blocked or allowed. For more information, refer to the Advanced Firewall Administration Guide. Used to define a list of external services that should always be accessible to internal network hosts. For more information, refer to the Advanced Firewall Administration Guide. 9

18 Advanced Firewall Overview Settings You set global settings for all networking aspects from here: Pages Port groups Address object manager Advanced Create and edit groups of ports for use throughout Advanced Firewall. For more information, refer to the Advanced Firewall Administration Guide. Create and edit IP address objects for use in networking configuration. For more information, refer to the Advanced Firewall Administration Guide. Used to configure advanced network and traffic auditing parameters. For more information, refer to the Advanced Firewall Administration Guide. Services The Services section contains the following sub-sections and pages: Authentication You configure user authentication policies here: Pages Settings Directories Groups Temporary bans User activity SSL login Kerberos keytabs BYOD Chromebook Used to set global login time settings. For more information, refer to the Advanced Firewall Administration Guide. Used to connect to directory servers in order to retrieve groups and apply network and web filtering permissions and verify the identity of users trying to access network or Internet resources. For more information, refer to the Advanced Firewall Administration Guide. Used to customize group names. For more information, refer to the Advanced Firewall Administration Guide. Enables you to manage temporarily banned user accounts. For more information, refer to the Advanced Firewall Administration Guide. Displays the login times, usernames, group membership and IP address details of recently authenticated users. For more information, refer to the Advanced Firewall Administration Guide. Used to customize the end-user SSL login page and configure SSL login redirection and exceptions. For more information, refer to the Advanced Firewall Administration Guide. This is where Kerberos keytabs are imported and managed. For more information, refer to the Advanced Firewall Administration Guide. Enables you to authenticate users with their own devices and allow them to connect to the network. For more information, see Using BYOD with Advanced Firewall on page 56. Used to configure Google credentials for Chromebook authentication. For more information, refer to the Advanced Firewall Administration Guide. 10 Smoothwall Ltd

19 Advanced Firewall Overview User Portal You configure and manage user portals here: Pages Portals Group access User access This page enables you to configure and manage user portals. For more information, see Working with Portals on page 21. This page enables you to assign groups of users to portals. For more information, see Creating a Portal on page 22. This page enables you to override group settings and assign a user directly to a portal. For more information, see Granting Individual User Access on page 26. Proxies You configure the proxy service for Advanced Firewall s individual modules, including: Pages Web proxy Instant messenger SIP FTP Reverse proxy Configure the web proxy service for internal interfaces. For more information, see Managing the Web Proxy Service on page 27. Configure the instant messenger proxy service. For more information, see Instant Messenger Proxying on page 33. Configure the SIP proxy service. For more information, see SIP Proxying on page 36. Configure the FTP proxy service. For more information, see FTP Proxying on page 38. Configure the reverse proxy service. For more information, see Reverse Proxy Service on page 42. SNMP You enable and configure the SNMP service here: Pages SNMP Used to activate Advanced Firewall s Simple Network Management Protocol (SNMP) agent. For more information, see SNMP on page

20 Advanced Firewall Overview Message Censor You can configure filtering policies for message content here: Pages Policies Filters Time Custom categories Enables you to create and manage filtering policies by assigning actions to matched content. For more information, see Creating and Applying Message Censor Policies on page 50. This is where you create and manage filters for matching particular types of message content. For more information, see Creating Filters on page 49. This is where you create and manage time periods for limiting the time of day during which filtering policies are enforced. For more information, see Setting Time Periods on page 48. Enables you to create and manage custom content categories for inclusion in filters. For more information, see Creating Custom Policies on page 54. Intrusion System You configure the Intrusion Detection System (IDS) here: Pages Signatures Policies IDS IPS Enables you to deploy customized and automatic rules in the intrusion detection and intrusion prevention systems. For more information, see Uploading Custom Signatures on page 55. Enables you to configure Advanced Firewall s intrusion detection and prevention rules for inclusion in IDS and IPS policies. For more information, see Creating Custom Policies on page 54. Used to enable and configure policies to monitor network activity using the Intrusion Detection System (IDS). For more information, see Deploying Intrusion Detection Policies on page 52. Used to enable and configure policies to monitor network activity using the Intrusion Prevention System (IDS). For more information, see Deploying Intrusion Prevention Policies on page 53. DHCP You can enable and configure DHCP services here: Pages Global DHCP server Used to enable the Dynamic Host Configuration Protocol (DHCP) service and set its mode of operation. For more information, refer to the Advanced Firewall Administration Guide. Used to configure automatic dynamic and static IP leasing to DHCP requests received from network hosts. For more information, refer to the Advanced Firewall Administration Guide. 12 Smoothwall Ltd

21 Advanced Firewall Overview Pages DHCP leases DHCP relay Custom options Used to view all current DHCP leases, including IP address, MAC address, hostname, lease start and end time, and the current lease state. For more information, refer to the Advanced Firewall Administration Guide. Used to configure the DHCP service to forward all DHCP requests to another DHCP server, and re-route DHCP responses back to the requesting host. For more information, refer to the Advanced Firewall Administration Guide. Used to create and edit custom DHCP options. For more information, refer to the Advanced Firewall Administration Guide. System The System section contains the following sub-sections and pages: Maintenance You use the following sections to manage and maintain various aspects of Advanced Firewall, including: Pages Updates Modules Licenses Archives Scheduler Shutdown Used to display and install available product updates, in addition to listing currently installed updates. For more information, see Installing Updates on page 126. Used to upload, view, check, install and remove Advanced Firewall modules. For more information, see Managing Modules on page 127. Used to display and update license information for the licensable components of the system. For more information, see Licenses on page 129. Used to create and restore archives of system configuration information. For more information, see Archives on page 130. Used to automatically discover new system updates, modules and licenses. It is also possible to schedule automatic downloads of system updates and create local and remote backup archives. For more information, see Scheduling on page 131. Used to shutdown or reboot the system. For more information, see Rebooting and Shutting Down on page 134. Central Management You can setup a centrally managed Advanced Firewall system here: Pages Overview This is where you monitor nodes and schedule updates in a Smoothwall system. For more information, refer to the Advanced Firewall Administration Guide. 13

22 Advanced Firewall Overview Pages Child nodes Local node settings This is where you add and configure nodes in a Smoothwall system. For more information, refer to the Advanced Firewall Administration Guide. This is where you configure a node to be a parent or child in a Smoothwall system and manage central management keys for use in the system. For more information, refer to the Advanced Firewall Administration Guide. Preferences You can customize your installation of Advanced Firewall here: Pages User interface Time Registration options Hostname Used to manage Advanced Firewall s dashboard settings. For more information, see Configuring the User Interface on page 135. Used to manage Advanced Firewall s time zone, date and time settings. For more information, see Setting Time on page 136. Used to configure a web proxy if your ISP requires you use one. Also, enables you configure sending extended registration information to Smoothwall. For more information, see Configuring Registration Options on page 137. Used to configure Advanced Firewall s hostname. For more information, see Changing the Hostname on page 138. Administration You can enable administration access to Advanced Firewall here: Pages Admin options External access Administrative users Tenants Used to enable secure access to Advanced Firewall using SSH, and to enable referral checking. For more information, see Configuring Administration Access Options on page 139. Used to create rules that determine which interfaces, services, networks and hosts can be used to administer Advanced Firewall. For more information, see Configuring External Access Rules on page 140. Used to manage user accounts and set or edit user passwords on the system. For more information, see Administrative User Settings on page 142. Used to manage tenants. For more information, refer to the Multi-Tenant Installation and Administration Guide. Note you may not see this option if you have not purchased a Multi-Tenant licence. 14 Smoothwall Ltd

23 Advanced Firewall Overview Hardware You can configure additional hardware aspects here: Pages UPS Failover Used to configure the system's behavior when it is using battery power from an Uninterruptible Power Supply (UPS) device. For more information, see Managing UPS Devices on page 145. Used to specify what Advanced Firewall should do in the event of a hardware failure. For more information, see Managing Hardware Failover on page 149. Console Configure the system console. For more information, see. Diagnostics You can perform diagnostics tests here: Pages Functionality tests Configuration report IP tools Whois Used to ensure that your current Advanced Firewall settings are not likely to cause problems. For more information, see Using Advanced Firewall s Diagnostic Tools on page 154. Used to create diagnostic files for support purposes. For more information, see Exporting Advanced Firewall s Configuration on page 156. Contains the ping and trace route IP tools. For more information, see Using IP Tools on page 156. Used to find and display ownership information for a specified IP address or domain name. For more information, see Using Whois on page 158. Certificates You can configure Advanced Firewall as a Certificate Authority: Page Certificate authorities Provides certification authority (CA) certificates and enables you to manage them for clients and gateways. For more information, see Managing CA Certificates on page

24 Advanced Firewall Overview VPN You can configure multiple VPN tunnels through Advanced Firewall here: Pages Control Certificate authorities Certificates Global IPSec subnets IPSec roadwarriors L2TP roadwarriors SSL roadwarriors Used to show the current status of the VPN system and enable you to stop and restart the service. For more information, refer to the Advanced Firewall Administration Guide. Used to create a local certificate authority (CA) for use in an X509 authenticated based VPN setup. It is also possible to import and export CA certificates on this page. For more information, refer to the Advanced Firewall Administration Guide. Used to create host certificates if a local CA has been created. This page also provides controls to import, export, view and delete host certificates. For more information, refer to the Advanced Firewall Administration Guide. Used to configure global settings for the VPN system. For more information, refer to the Advanced Firewall Administration Guide. Used to configure IPSec subnet VPN tunnels. For more information, refer to the Advanced Firewall Administration Guide. Used to configure IPSec road warrior VPN tunnels. For more information, refer to the Advanced Firewall Administration Guide. Used to create and manage L2TP road warrior VPN tunnels. For more information, refer to the Advanced Firewall Administration Guide. Enables you to configure and upload custom SSL VPN client scripts. For more information, refer to the Advanced Firewall Administration Guide. Configuration Guidelines This section provides guidance about how to enter suitable values for frequently required configuration settings. Specifying Networks, Hosts and Ports IP Address An IP address defines the network location of a single network host. The following format is used: Smoothwall Ltd

25 Advanced Firewall Overview IP Address Range An IP address range defines a sequential range of network hosts, from low to high. IP address ranges can span subnets. For example: Subnet Addresses A network or subnet range defines a range of IP addresses that belong to the same network. The format combines an arbitrary IP address and a network mask, and can be entered in two ways: / /24 Netmasks A netmask defines a network or subnet range when used in conjunction with an arbitrary IP address. Some pages allow a network mask to be entered separately for ease of use. Examples: Service and Ports A Service or Port identifies a particular communication port in numeric format. For ease of use, a number of well known services and ports are provided in Service drop-down lists. To use a custom port number, choose the User defined option from the drop-down list and enter the numeric port number into the adjacent User defined field. Examples: Port Range A 'Port range' can be entered into most User defined port fields, in order to describe a sequential range of communication ports from low to high. The following format is used: 137:139 Using Comments Almost every configurable aspect of Advanced Firewall can be assigned a descriptive text comment. This feature is provided so that administrators can record human-friendly notes against configuration settings they implement. Comments are entered in the Comment fields and displayed alongside saved configuration information. 17

26 Advanced Firewall Overview Connecting via SSH You can access Advanced Firewall via a console using the Secure Shell (SSH) protocol. Connecting Using a Client When SSH access is enabled, you can connect to Advanced Firewall via a secure shell application, such as PuTTY. To connect using an SSH client: 1. Check SSH access is enabled on Advanced Firewall. See Configuring Administration Access Options on page 139 for more information. 2. Start PuTTY or an equivalent client. 3. Enter the following information: Field Host Name (or IP address) Enter Advanced Firewall s host name or IP address. Port Enter 222 Protocol Select SSH. 4. Click Open. When prompted, enter root, and the password associated with it. You are given access to the Advanced Firewall command line. Secure Communication When you connect your web browser to Advanced Firewall s web-based interface on a HTTPS port for the first time, your browser will display a warning that Advanced Firewall s certificate is invalid. The reason given is usually that the certificate was signed by an unknown entity or because you are connecting to a site pretending to be another site. 18 Smoothwall Ltd

27 Advanced Firewall Overview Unknown Entity Warning This issue is one of identity. Usually, secure web sites on the Internet have a security certificate which is signed by a trusted third party. However, Advanced Firewall s certificate is a self-signed certificate. Note: The data traveling between your browser and Advanced Firewall is secure and encrypted. To remove this warning, your web browser needs to be told to trust certificates generated by Advanced Firewall. To do this, import the certificate into your web browser. The details of how this are done vary between browsers and operating systems. See your browser s documentation for information about how to import the certificate. Inconsistent Site Address Your browser will generate a warning if Advanced Firewall s certificate contains the accepted site name for the secure site in question and your browser is accessing the site via a different address. A certificate can only contain a single site name, and in Advanced Firewall s case, the hostname is used. If you try to access the site using its IP address, for example, the names will not match. To remove this warning, access Advanced Firewall using the hostname. If this is not possible, and you are accessing the site by some other name, then this warning will always be generated. In most cases, browsers have an option you can select to ignore this warning and which will ignore these security checks in the future. Neither of the above issues compromise the security of HTTPS access. They simply serve to illustrate that HTTPS is also about identity as well encryption. 19

28

29 2 Advanced Firewall Services This chapter describes additional features and services of Advanced Firewall, including: Working with Portals on page 21 Managing the Web Proxy Service on page 27 Instant Messenger Proxying on page 33 Monitoring SSL-encrypted Chats on page 36 SIP Proxying on page 36 FTP Proxying on page 38 Reverse Proxy Service on page 42 SNMP on page 45 Censoring Message Content on page 46 Managing the Intrusion System on page 52 Using BYOD with Advanced Firewall on page 56 For information about authentication services, refer to your Advanced Firewall Administration Guide. Working with Portals Advanced Firewall enables you to create portals, simplified versions of the Advanced Firewall user interface, to manage operations, including: Use the policy tester This is a simplified version of Advanced Firewall s policy tester. For more information, refer to the Advanced Firewall Administration Guide. Generate reports You can restrict the number of reports available. You can also save reports generated on the administration user interface to the user portal. 21

30 Advanced Firewall Services Manage web access You can block web access for groups of users, or from specified locations. Manage categories You can add or remove domains, and search terms from categories. For a detailed description about using a portal, refer to the Advanced Firewall User Portal Guide. Creating a Portal The following section explains how to create a portal and make it accessible to users in a specific group. To create a user portal, do the following: 1. Browse to Services > User portal > Portals. 2. From the Portals panel, click New. 3. Configure a name for the portal in the Name text box. 4. Click Save. Users access the portal from a web browser, using the URL: Firewall_IPAddress>/portal. where Advanced Firewall_IPAddress is the IP address assigned to Advanced Firewall. 22 Smoothwall Ltd

31 Advanced Firewall Services 5. Browse to Services > User portal > Groups access.. 6. Configure the following parameters: Group From the drop-down menu, select the user group that will use this portal. For more information about users and groups, refer to the Advanced Firewall Administration Guide. Portal From the drop-down menu, select the portal that this group can access. The next step is to configure the portal to enable authorized users to use it to download files, manage web access and display reports. Configuring a Portal Configuring a user portal involves the following: Enabling the Policy Tester on page 23 Making Reports Available on page 24 Managing Bandwidth Classes on page 24 Enabling Groups to Block Users Access on page 25 Managing Filter Lists on page 25 Making the SSL VPN Client Archive Available on page 26 Configuring a Welcome Message on page 26 The following sections explain how to configure a Advanced Firewall portal so that authorized users can view reports, enable the policy tester, block other users from accessing the web, download VPN client files and receive a custom welcome message. Enabling the Policy Tester The policy tester enables portal users to test if a URL is accessible to a user at a specific location and time. It also enables them to request that content reported by the tool as blocked be unblocked by Advanced Firewall s system administrator. To grant access to the policy tester, do the following: 1. Browse to Services > User portal > Portals. 2. Select the relevant portal from the drop down list, and click Select. 23

32 Advanced Firewall Services 3. Scroll down to the Policy tester panel, and configure the following: Enabled Select to enable or disable access to the policy tester from this portal. Allow block/unblock requests Select this to allow portal users to send an unblock request to the Advanced Firewall s system administrator. Administrator s address Enter the address to send the unblock request to. 4. Scroll down to the bottom of the page, and click Save. For more information about the policy tester, refer to the Advanced Firewall Administration Guide. Making Reports Available There are two methods available to make reports available to a user portal; you can either add a number of reports at the same time, or add them individually. The following procedure describes how to add a number of reports to a portal. For a detailed description of how to add individual reports to a portal, see Making Reports Available on User Portals on page 78. To make a number of reports available to the portal, do the following: 1. Browse to Services > User portal > Portals. 2. Select the relevant portal from the drop down list, and click Select. 3. Scroll down to the Portal published reports and templates panel, and configure the following: Reporting on portal Select to enable or disable access to reports from this portal Select templates Select those reports that can be run from this user portal. Note that by selecting a top-level folder, access is granted to all reports contained in that folder. 4. Scroll down to the bottom of the page, and click Save. Managing Bandwidth Classes Portal users can enable or disable Bandwidth classes as required. Note: Bandwidth is a licensed add-on module of Unified Threat Management, and may not be available through your administration interface. For more information about using the Bandwidth module, refer to your Smoothwall representative. To grant access to Bandwidth classes management, do the following: 1. Browse to Services > User portal > Portals. 2. Select the relevant portal from the drop down list, and click Select. 3. Scroll down to the Bandwidth management panel, and configure the following: Allow control of bandwidth classs Select to enable or disable Bandwidth class management from this user portal. 4. Scroll down to the bottom of the page, and click Save. For more information about the Bandwidth module of Unified Threat Management, refer to the Bandwidth Installation and Administration Guide. 24 Smoothwall Ltd

33 Advanced Firewall Services Enabling Groups to Block Users Access You can enable portal users in a specific group to block web access for all users in a specific group, or specific location. To grant access for web access management, do the following: 1. Browse to Services > User portal > Portals. 2. Select the relevant portal from the drop down list, and click Select. 3. Scroll down to the Portal permissions for web access management panel, and configure the following: Enabled Select to enable or disable web access management from this user portal. Allow control of groups Select to enable or disable blocking of web access for groups from this user portal. From the list of groups underneath, select the group, or groups, that the user is authorized to block. Use CTRL or SHIFT to select multiple groups. Allow control of locations Select to enable or disable blocking of web access for locations from this user portal. From the list of locations underneath, select the location, or locations, that the user is authorized to block. Use CTRL or SHIFT to select multiple locations. 4. Scroll down to the bottom of the page, and click Save. For more information about configuring groups and locations, refer to the Advanced Firewall Administration Guide. Managing Filter Lists Portal users can add or remove domains and search terms from web filter categories. To grant access to filter lists management, do the following: 1. Browse to Services > User portal > Portals. 2. Select the relevant portal from the drop down list, and click Select. 3. Scroll down to the Portal filter list management panel, and configure the following: Manage filter lists on portal Select to enable or disable filter lists management from this user portal. 4. Scroll down to the bottom of the page, and click Save. For more information about web filter categories, refer to the Advanced Firewall Administration Guide. 25