Intrusion Detection and Analysis for Active Response - Version 1.2. Installation Guide

Transcription

1 Intrusion Detection and Analysis for Active Response - Version 1.2 Installation Guide

2 Copyright Stonesoft Corp. Stonesoft Corp. All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from Stonesoft Corporation. Stonesoft Corporation Stonesoft Inc. Stonesoft Corporation Itälahdenkatu 22 A 1050 Crown Point Parkway, 90 Cecil Street, #13-01 FI Helsinki Suite Singapore Finland Atlanta, GA USA Trademarks and Patents The products described in this documentation are protected by one or more of U.S. Patents and European Patents: U.S. Patents no. 6,650,621 and 6,856,621, European patents no , , , and ; and may be protected by other US patents, foreign patents, or pending applications. Stonesoft, the Stonesoft logo, and StoneGate are trademarks or registered trademarks of Stonesoft Corporation in the United States and/or other countries. Multi-link technology, multi-link VPN, and the StoneGate clustering technology--as well as other technologies included in StoneGate--are protected by patents or pending patent applications in the U.S. and other countries. Sun, Sun Microsystems, the Sun Logo, Solaris, and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. Windows and Microsoft are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Linux is a registered trademark of Linus Torvalds. IBM, Redbooks, zseries and z/vm are trademarks or registered trademarks of the International Business Machines Corporation in the United States and/or other countries. All other trademarks or registered trademarks are property of their respective owners. Disclaimer Although every precaution has been taken to prepare these materials, Stonesoft assumes no responsibility for errors, omissions, or resulting damages from the use of the information contained herein. All IP addresses in these materials were chosen at random and are used for illustrative purposes only. They are not intended to represent the IP addresses of any specific individual or organization. THESE MATERIALS ARE PROVIDED "AS-IS." STONESOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO, THE INFORMATION CONTAINED HEREIN. IN ADDITION, STONESOFT MAKES NO EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT THE INFORMATION OR TECHNIQUES CONTAINED IN THESE MATERIALS. IN NO EVENT SHALL STONESOFT BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING FROM THE USE OF THESE MATERIALS, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. Revision: SGIIG_

3 Table of Contents GETTING STARTED CHAPTER 1 Using StoneGate IPS Documentation 9 Objectives and Audience 10 Overview of the StoneGate IPS Installation Guide 10 How to Use This Guide 10 Example Network Scenario 10 Typographical Conventions 11 StoneGate IPS Documentation Map 11 Guide Books 12 Support Documentation 12 Contact Information 13 Technical Support 13 Security Related Questions and Comments 13 Product Sales 14 Documentation Comments 14 CHAPTER 2 Quick Start Instructions 15 Requirements for the Installation 16 Quick Installation 17 CHAPTER 3 Planning StoneGate IPS Installation 23 Overview to the Installation Procedure 24 Important to Know Before Installation 24 System Components and Supported Platforms 25 StoneGate IPS System Components 25 Supported Platforms 25 Checking the File Integrity 25 Checking the Surrounding Network Environment 26 Switch SPAN Ports and Hubs 26 Network TAPs 27 System Installation 27 Example Network Scenario 28 StoneGate Management Center 29 Combined Sensor-Analyzer 29 Sensor Cluster 30 Single Sensor 30 Analyzer 31 INSTALLING THE MANAGE- MENT CENTER CHAPTER 4 Installing the Management Center 35 Installing the Management Center 36 Checking File Integrity 36 Installing the Management Center Components 36 Starting the Installation 36 Installing the Management Server 40 Installing the Log Server 42 Installing the Monitoring Server 46 Installing the GUI Client 47 Starting the StoneGate Management Center 49 Starting the Management Server 49 Starting the GUI Client 49 Installing StoneGate IPS Licenses 50 Starting the Log Server 51 Starting the Monitoring Server 51 StoneGate IPS Installation Guide 3

4 Non-graphical Installation 52 Uninstalling the Management Center 54 Uninstalling in Non-graphical Mode 55 CHAPTER 5 Defining Sensors and Analyzers 57 Element Configuration Overview 58 Importing Dynamic Updates 58 Defining an Analyzer 59 Defining the Network Interfaces 60 Defining a Sensor Cluster 62 Defining the Cluster Network Interfaces 63 Defining the Node Specific Properties 66 Adding a Node to the Cluster 67 Defining a Single Sensor 68 Defining the Network Interfaces 69 Defining a Combined Sensor-Analyzer 72 Defining the Network Interfaces 73 Configuring Routing 75 Saving the Initial Configuration 77 Configuring IP Addressing for NAT 79 Defining Locations 79 Sensor and Analyzer Contact Addresses 80 Management Server Contact Address 82 INSTALLING SENSORS AND ANALYZERS CHAPTER 6 Installing Sensors and Analyzers 87 Installing the Sensor or Analyzer Engine 88 Checking the File Integrity 88 Booting From the CD-ROM 88 Configuring the Sensor or Analyzer 90 Selecting the Configuration Method 90 Configuring the Operating System Settings 90 Configuring the Network Interfaces 93 Contacting the Management Server 94 Installing in Expert Mode 96 Checking the File Integrity 97 Booting From the CD-ROM 97 Partitioning the Hard Disk Manually 98 Allocating Partitions 99 CHAPTER 7 Installing Policies 103 Installing the System Policies 104 UPGRADING STONEGATE IPS CHAPTER 8 Upgrading And Updating 109 Getting Started with Upgrading StoneGate 110 Configuration Overview 110 Checking File Integrity 111 Upgrading or Generating Licenses 112 Generating a New License 112 Upgrading Licenses Under One Proof Code 113 Upgrading Licenses Under Multiple Proof Codes 114 Installing Licenses 115 Upgrading the Management Center 116 Upgrading the Log Database 118 Upgrading Engines Remotely 119 Upgrading Engines Locally 121 Upgrading StoneGate IPS 121 Installing IPS Dynamic Updates 122 4

5 APPENDICES APPENDIX A Command Line Tools 127 APPENDIX B StoneGate IPS Ports 135 Software and License Information 139 Index 153 StoneGate IPS Installation Guide 5

6 6

7 GETTING STARTED

8

9 CHAPTER 1 Using StoneGate IPS Documentation Welcome to Stonesoft Corporation s StoneGate IPS Intrusion Detection and Response System for Intelligent Analysis. This chapter describes how to use the StoneGate IPS Installation Guide and related documentation. It also provides directions for obtaining technical support and how to give feedback about the documentation. The chapter contains the following sections: Objectives and Audience, on page 10 Overview of the StoneGate IPS Installation Guide, on page 10 Typographical Conventions, on page 11 StoneGate IPS Documentation Map, on page 11 Contact Information, on page 13. StoneGate IPS Installation Guide 9

10 Chapter 1: Using StoneGate IPS Documentation Objectives and Audience This StoneGate IPS Installation Guide describes step by step how to complete installation of the StoneGate Management Center and the StoneGate IPS Sensors and Analyzers. This Guide is intended for technical people who administrate and implement StoneGate IPS installations. The tasks are illustrated by using an example network scenario. If you need a more comprehensive explanation on the functionality and operation of StoneGate IPS, please see the StoneGate IPS Administrator s Reference. For more information on other related StoneGate IPS documentation, see section StoneGate IPS Documentation Map, on page 11. Overview of the StoneGate IPS Installation Guide How to Use This Guide This guide is organized in chapters explaining the installation of the StoneGate IPS tasks in a step-by-step format. Each chapter focuses on one area of StoneGate IPS installation. The chapters are organized following the StoneGate IPS installation steps, as explained in Overview to the Installation Procedure, on page 24. For detailed information on managing StoneGate IPS, please refer to the StoneGate IPS Administrator s Guide. Example Network Scenario To illustrate the installation tasks, this Guide uses an example network scenario presented in section Example Network Scenario, on page 28. The network scenario is also presented in the front of the book, before the Table of Contents. 10

11 Typographical Conventions Typographical Conventions The following typographical conventions are used throughout this guide: TABLE 1.1 Typographical Conventions Formatting Normal text GUI elements References, terms Command line User input Command parameters This is normal text. Informative Uses Interface elements (buttons, menus, icons) and any other interaction with the user interface are in boldface. Cross-references and the described acronyms and terms are in italics. File names, directories, and text displayed on the screen are monospaced. User input on screen is monospaced bold-face. Command parameter names are in monospaced italics. In addition, we use the following icons to indicate important or additional information. Note Notes provide important information that may help you complete a task. Caution Cautions provide cautionary or critical information that you should take into account before performing an action or implementing a feature. Tip: Tips provide information that is not crucial, but may still be helpful. StoneGate IPS Documentation Map StoneGate IPS technical documentation is divided into two main categories: Guide Books and Support Documentation. We will next describe the different types of documents. StoneGate IPS Installation Guide 11

12 Chapter 1: Using StoneGate IPS Documentation Guide Books The StoneGate IPS Guide books are the primary resource of technical information. The Guide books provide comprehensive guidelines on using and configuring StoneGate IPS, as well as descriptions of its operation and features. To locate the StoneGate IPS Guide that provides the information you need, see Table 1.2. TABLE 1.2 Description of Guide Books Guide Administrator s Reference Installation Guide Administrator s Guide Online Help Description Describes comprehensively the operation and features of StoneGate IPS. Demonstrates the steps required for planning, installing, and upgrading a StoneGate IPS system. Describes how to configure and manage a StoneGate IPS system. Uses detailed step-by-step examples. Explains the management GUI client s buttons, fields, etc. (Accessible from the GUI client s Help menu and by using the Help button in the GUI windows.) The StoneGate IPS Guides are available as printed versions in the StoneGate IPS product kit. The PDF versions are available on the StoneGate IPS CD-ROM and Stonesoft s Web site at Support Documentation The StoneGate IPS support documentation provides additional and late-breaking technical information on StoneGate IPS and related issues. These documents are supportive information resources to be used in conjunction with the StoneGate IPS Guide books. 12

13 Contact Information The support documentation is further divided into several document types. To locate the support document that provides the information you need, see Table 1.3. TABLE 1.3 Description of Support Documentation Documentation Release Notes Technical Knowledge Base Technical Notes How-To Guidelines Description Describe the release specific information. Contains new features, fixes and enhancements, software version information, system requirements, and other StoneGate IPS version specific information. Answers simple recurrent topics concerning StoneGate IPS. Describe related technical information not necessarily limited to StoneGate IPS software. For example, related third-party products, technologies, and standards. Describe certain special cases of StoneGate IPS system configuration and possible related third-party products. The latest StoneGate IPS support documentation is available on the Stonesoft Web site at Contact Information For general information about StoneGate IPS and Stonesoft Corporation, please visit our Web site at Technical Support Stonesoft offers global technical support for Stonesoft s product families. For more information on the technical support services, please visit the Stonesoft s Web site at Security Related Questions and Comments You can send any questions or comments relating to StoneGate IPS and network security to [email protected]. A PGP key is available at ftp:// download.stonesoft.com/web/support/stonesoft%20security%20alert.asc. StoneGate IPS Installation Guide 13

14 Chapter 1: Using StoneGate IPS Documentation Product Sales For sales questions or other information or comments on the StoneGate IPS product, please send to Documentation Comments Your input is essential in order for the StoneGate IPS documentation to better server your needs. Let us know of any errors you find, as well as suggestions for future editions, comments, etc. by 14

15 CHAPTER 2 Quick Start Instructions These quick start instructions will guide you through setting up a basic StoneGate IPS system with a default configuration. For detailed instructions, please see the referred chapters. This chapter contains the following sections: Requirements for the Installation, on page 16 Quick Installation, on page 17. StoneGate IPS Installation Guide 15

16 Chapter 2: Quick Start Instructions Requirements for the Installation The prerequisites for this quick installation setup are described below. TABLE 2.1 Requirements for the Quick Installation Item Hardware: Management Center Hardware: Sensor Hardware: Analyzer Network: Ethernet cabling Network: traffic capturing Network: IP addressing Software: StoneGate IPS Software: latest update packages License: StoneGate IPS and Management Center Description Two machines with Windows, Linux, or Solaris installed for the Management Server and the Log Server. One NIC required on each machine. The GUI client can be installed on either or both of these machines. (Alternatively, all Management Center components can be installed on the same machine.) See the system requirements in the Release Notes at download/. One Intel compatible machine with at least two NICs. (At least three NICs are required if wire TAP is used.) The Sensor uses an integrated operating system. See the technical requirements at Technical_Requirements/. One Intel compatible machine with at least one NIC. The Analyzer uses an integrated operating system. (Alternatively, combined Sensor-Analyzer can run on the same machine.) See the technical requirements at Technical_Requirements/. Ethernet cabling is needed to network the StoneGate Management Center, the Sensor, and the Analyzer for intercommunications. One switch SPAN port (port mirroring), a wire TAP device, or a Hub is needed for capturing the traffic on the Sensor. All the machines require an IP address reachable from the connecting StoneGate IPS or Management Center machines. This may require routing if the machines are not in the same network. The StoneGate IPS and the Management Center software, documentation, and the Release Notes can be ordered on a CD-ROM or downloaded at The latest dynamic update packages for StoneGate IPS can be downloaded at The StoneGate IPS and Management Center evaluation licenses can be ordered from the Stonesoft License Center at 16

17 Quick Installation Quick Installation These instructions will guide you through setting up a basic StoneGate IPS system with a default configuration. For detailed instructions, please see the referred chapters. The installation proceeds as follows: 1. Set up the networking environment, on page Install the Management Server, on page Install the Log Server, on page Install the GUI client, on page Start up the Management Center, on page Load Dynamic Updates, on page Define the Analyzer element, on page Install the Analyzer, on page Define the Sensor element, on page Install the Sensor, on page Install Policies, on page Browse the logs, on page 22. Set up the networking environment (see Planning StoneGate IPS Installation, on page 23) 1. Select the IP addresses for the Management Server, Log Server, Analyzer and Sensor. 2. Configure the related network devices, including switches, routers, SPAN ports, wire TAPs. 3. Connect the StoneGate IPS machines to the network. Install the Management Server (see Installing the Management Center, on page 35) 1. Run setup.exe (on Windows) or setup.sh (on Linux/Unix) from the StoneGate Management Center CD-ROM. 2. Select the Custom installation type, and select Management Server and the GUI client to be installed on the Management Server machine. (You can also install the Log Server on the same machine if desired.) 3. Define the Management Center superuser account. 4. Define the IP address for the Management Server. StoneGate IPS Installation Guide 17

18 Chapter 2: Quick Start Instructions 5. Select Install as a service. 6. Complete the Management Server installation. Install the Log Server (see Installing the Management Center, on page 35) 1. Run setup.exe (on Windows) or setup.sh (on Linux/Unix) from the StoneGate Management Center CD-ROM. 2. Select the Custom installation type, and select Log Server from the list. 3. Define the IP address for the Log Server. 4. Define the Management Server s IP address. 5. Select Certify the Log Server during the installation. 6. Select Install as a service. 7. In Certificate Generation window, log in with the Superuser account to establish a connection to the Management Server. 8. Complete the Log Server installation. Install the GUI client (see Installing the Management Center, on page 35) 1. Run setup.exe or setup.sh from the StoneGate Management Center CD-ROM. 2. Select the Administration Client Only installation type. 3. Define the Management Server s IP address. 4. Complete the GUI client installation. Start up the Management Center (see Defining Sensors and Analyzers, on page 57) 1. Start the GUI client and log in with the Superuser account. 2. Import and activate the StoneGate IPS license from the.jar license file. 3. Start the Log Server service from the Windows Control Panel or by running the init script on Linux/Unix. Load Dynamic Updates 1. In the GUI client, select File System Tools Import Update Packages from the menu. 2. Import the latest.jar update package. 18

19 Quick Installation 3. Activate the update package right-clicking on the package and selecting Activate. 4. Optionally, you can enable automatic update checking in File System Tools Configure Updates. The Management Server checks then periodically Stonesoft s Web site and issues an alert when new updates are available. Define the Analyzer element (see Defining an Analyzer, on page 59) 1. In the GUI client, open a Configuration window by clicking the toolbar icon or selecting Configuration StoneGate Configuration from the menu. 2. Create a new Analyzer element from File New IPS Element. 3. Select the Log Server from the drop-down list. 4. Click Add Interface and define NIC ID 0 with the IP address for the Analyzer. Select all the following options for the interface: Control IP Address Primary Log/Analyzer connection source IP address. 5. Click OK to create the Analyzer element. 6. Create a Router element for the Analyzer s default gateway. 7. Select Configuration Routing/Antispoofing to open the Routing view. 8. Drag and drop the default gateway Router element on the Analyzer s directlyconnected network in the Routing view. 9. Drag an ddrop the Any Network element on the Analyzer s default gateway Router element. 10. In the StoneGate Administration Client, right-click on the Analyzer and select Save Initial Configuration and save it on a floppy disk. Write down the displayed one-time password for the Analyzer installation. Install the Analyzer (see Installing Sensors and Analyzers, on page 87) 1. Boot up the Analyzer machine from the StoneGate IPS engine CD-ROM. 2. Select Full Install. 3. Accept the automatic hard drive partitioning by typing YES. 4. When prompted, remove the CD-ROM and reboot the machine. 5. In the Configuration Wizard, insert the floppy disk with the initial configuration and select Import, or configure the engine manually by selecting Next. StoneGate IPS Installation Guide 19

20 Chapter 2: Quick Start Instructions 6. In OS Settings, define the keyboard layout, timezone, hostname and the root user password. 7. In network interfaces, click Add and select the driver for the NIC. 8. Select the NIC for management connections in the Mgmt column. (NIC ID must be the same that was defined in Define the Analyzer element.) 9. In Prepare for Management Contact, select Switch to initial configuration and define the IP address and default gateway for the Analyzer (if not automatically defined). 10. Select Contact Management Server, and type in the Management Server s IP address and the one-time password in the initial configuration (if not automatically defined). 11. Select Install Analyzer and complete the installation. 12. In the GUI client, click on the Analyzer and check that the Info view displays Connected indicating a successful initial configuration. Define the Sensor element (see Defining a Single Sensor, on page 68) 1. In the GUI client, open a Configuration window by selecting Configuration StoneGate Configuration from the menu. 2. Create a new Sensor element from File New IPS Element. 3. Select the Analyzer and the Log Server from the drop-down lists. 4. Click Add Interface and select Node Dedicated Interface for the NIC ID 0. Define the IP address for the Sensor. Select all the following options for the interface: Control IP Address Primary Log/Analyzer connection source IP address. 5. Click Add Interface and select Capture Interface for the NIC ID 1. Select Span Port mode for a switch or hub, or Wire Tap mode for a wire Tap device. If you are using wire Tap, define NIC ID 2 with identical settings for the other direction of the captured traffic. 6. For a Sensor Cluster, you need to define one more interface for the Heartbeat between the cluster nodes. 7. Click OK to create the Sensor element. 8. Create a Router element for the Sensor s default gateway. 20

21 Quick Installation 9. In the Routing view, drag and drop the default gateway Router element on the Sensor s directly-connected network. 10. Drag and drop the Any Network element on the Sensor s default gateway Router element. 11. In the StoneGate Administration Client, right-click the Sensor and select Save Initial Configuration and save it on a floppy disk. Write down the displayed onetime password for the Sensor installation. Install the Sensor (see Installing Sensors and Analyzers, on page 87) 1. Boot up the Sensor machine from the StoneGate IPS engine CD-ROM. 2. Select Full Install. 3. Accept the automatic hard drive partitioning by typing YES. 4. When prompted, remove the CD-ROM and reboot the machine. 5. In the Configuration Wizard, insert the floppy disk with the initial configuration and select Import, or configure the engine manually by selecting Next. 6. In OS Settings, define the keyboard layout, timezone, hostname and the root user password. 7. In network interfaces, click Add and select the driver for the NIC. 8. Select the NIC for management connections in the Mgmt column for the same NIC ID that was defined in the GUI. 9. In Prepare for Management Contact, select Switch to initial configuration and define the IP address and default gateway for the Sensor (if not automatically defined). 10. Select Contact Management Server, and type in the Management Server s IP address and the one-time password in the initial configuration (if not automatically defined). 11. Select Install Sensor and complete the installation. 12. In the GUI client, click on the Sensor and check that the Info view displays Connected indicating a successful initial configuration. Install Policies 1. Open the Analyzer policies by clicking on the Policies icon in the toolbar and selecting Analyzer Policy from the contextual menu that opens. StoneGate IPS Installation Guide 21

22 Chapter 2: Quick Start Instructions 2. Right-click on the default Analyzer policy and select Install. Install the policy on the Analyzer. 3. Right-click on the default Sensor policy and select Install. Install the policy on the Sensor. 4. In the GUI client, right-click the Sensor node and select Command Go Online to start the traffic inspection. Browse the logs 1. Open the Log Browser by selecting Monitoring Logs and Alerts IPS Current Logs. For detailed introduction to the StoneGate IPS features and their use, please refer to the StoneGate IPS Administrator s Guide and the Administrator s Reference. 22

23 CHAPTER 3 Planning StoneGate IPS Installation This chapter provides general information about the installation, hardware and software prerequisites, and other important information to take into account before the actual StoneGate IPS installation can be performed. This chapter includes the following sections: Overview to the Installation Procedure, on page 24 Important to Know Before Installation, on page 24 System Components and Supported Platforms, on page 25 Checking the Surrounding Network Environment, on page 26 System Installation, on page 27 StoneGate IPS Installation Guide 23

24 Chapter 3: Planning StoneGate IPS Installation Overview to the Installation Procedure This Guide provides step-by-step instructions on how to install the StoneGate Management Center, a Sensor, and an Analyzer. Installation is straight-forward, consisting of the following steps: 1. Plan the installation of the StoneGate IPS Sensors, Analyzers, and the Management Center as explained in this chapter. 2. Configure the physical network environment as explained in this chapter. 3. Check the integrity of the StoneGate IPS installation files using the file checksums. See Checking the File Integrity, on page Install and configure the Management Center and the GUI client. See Installing the Management Center, on page Define the Sensor and Analyzer elements and other necessary elements in the Management Center. See Defining Sensors and Analyzers, on page Generate the initial configuration for the Sensors and Analyzers. See Saving the Initial Configuration, on page Install and configure the Sensors and Analyzers. See Installing Sensors and Analyzers, on page Test that the installed system operates as planned. The installation and configuration procedure is explained in detail in the following chapters. Important to Know Before Installation Before you start the installation, you need to plan carefully the site that you are going to install. Check that your operating system and hardware are supported. Check the surrounding network components and their configuration. Please, see the StoneGate IPS Release Notes for further information. When planning StoneGate IPS installation, please see the StoneGate IPS Administrator s Reference for detailed information on the operation of StoneGate IPS. 24

25 System Components and Supported Platforms System Components and Supported Platforms StoneGate IPS System Components A StoneGate IPS system consists of the Management Center, one or more Sensors, and an Analyzer. The StoneGate Management Center consists of the following components: the Management Server one or more Log Servers one or more graphical user interface (GUI) clients. The StoneGate IPS Sensors and Analyzers can be distributed as follows: a combined Sensor-Analyzer with these two components on a single machine. a single node Sensor. a Sensor cluster which consists of 2 to 16 machines with Sensors called cluster nodes or nodes for short. an Analyzer which is required for the Sensors. Supported Platforms For detailed information on the supported platforms, please see the StoneGate IPS Hardware Requirements available at The Sensors and Analyzers have an integrated, hardened Linux operating system and therefore they require no separate operating system installation. The integrated operating system simplifies upgrading the Sensors and Analyzers significantly, as they can be upgraded as a whole without having to separately upgrade the operating system and the StoneGate IPS software. Checking the File Integrity Before installing StoneGate IPS, check the installation file integrity using the MD5 or SHA-1 file checksums. The checksums can be found on the StoneGate IPS installation CD-ROM and from the product-specific download page at the Stonesoft Web site at For more information on MD5 and SHA-1 algorithms, please see RFC1321 and RFC3174, respectively. The RFCs can be obtained from Windows does not have MD5 or SHA-1 checksum tools by default, but there are several third-party programs available. StoneGate IPS Installation Guide 25

26 Chapter 3: Planning StoneGate IPS Installation To check MD5 or SHA-1 file checksum 1. Obtain the checksum from Stonesoft Web site at download/. 2. Change to the directory that contains the file(s) to be checked. 3. Generate a checksum of the file using the command md5sum filename or sha1sum filename, where filename is the name of the installation file. ILLUSTRATION 3.1 Checking the File Checksums $ md5sum sg_engine_ iso 869aecd7dc39321aa2e0cfaf7fafdb8f sg_engine_ iso 4. Compare the displayed output to the checksum on the Web site. Caution Do not use files that have invalid checksums. Checking the Surrounding Network Environment StoneGate IPS can be connected to a switch SPAN port, a network TAP, or a hub to capture network traffic. The considerations for these connection methods are explained below. For more specific information on compatibility of different network devices and StoneGate IPS, please refer to the Stonesoft Web site at support/. Switch SPAN Ports and Hubs A Switched Port Analyzer (SPAN) port is used for capturing network traffic to a defined port on a switch. This is also known as port mirroring. The capturing is done passively, so it does not interfere with the traffic. With a hub, no special configuration such as a SPAN port is needed as all the traffic going through the hub is directed to all ports. A StoneGate IPS capturing interface can be connected directly to a SPAN port of a switch. Then, all the traffic to be monitored need to be copied to this SPAN port. The SPAN mode capturing interface is also used when connecting the capture interface to a hub, although using a hub might not be suitable because of network performance reasons. 26

27 System Installation Network TAPs A Test Access Port (TAP) is a passive device located at the network wire between network devices. The capturing is done passively, so it does not interfere with the traffic. With a network TAP, the two directions of the network traffic is divided to separate wires. For this reason, StoneGate IPS needs two capturing interfaces for a network TAP; one capture interface for each direction of the traffic. The two related capturing interfaces are handled in StoneGate IPS as one logical interface that combines the traffic of these two interfaces for inspection. System Installation The StoneGate IPS system consists of the Management Center, the Sensors, and the Analyzers. The StoneGate Management Center (SMC) components can be installed separately on different machines or on the same machine, depending on your requirements. The Management Center can manage one or more StoneGate IPS Sensors and Analyzers. The same SMC can also be used for managing StoneGate Firewall/VPN solutions. The StoneGate IPS Analyzer can be either installed on a separate machine, or combined with a Sensor on a single machine as a combined Sensor-Analyzer. The combined Sensor- Analyzer is mainly aimed for small environments, whereas the separate Analyzer machine should be used where higher performance is required. The three basic types of StoneGate IPS Sensor installations are as follows: Single Sensor installation. A single Sensor has only one node. It does not support load balancing or high availability. Instructions on defining a single Sensor element is covered in Defining a Single Sensor, on page 68. Sensor cluster installation. A StoneGate IPS Sensor cluster supports up to 16 nodes functioning as a single virtual entity. Each node of the cluster uses the same security policy configuration defined through the GUI client. A cluster can be configured for dynamic load balancing or as a hot standby solution. Instructions on defining a Sensor cluster element is covered in Defining a Sensor Cluster, on page 62. Combined Sensor-Analyzer installation. A combined Sensor-Analyzer is similar to Single Sensor but it also has the Analyzer on the same physical machine. This installation does not support load balancing or high availability. Instructions on defining a combined Sensor-Analyzer element is covered in Defining a Combined Sensor- Analyzer, on page 72. For more information, please see the StoneGate IPS Administrator s Reference and the StoneGate IPS Administrator s Guide. StoneGate IPS Installation Guide 27

28 Chapter 3: Planning StoneGate IPS Installation Example Network Scenario Three example Sensor installations are described in this Guide: a combined Sensor-Analyzer a single Sensor a Sensor cluster installation. The two different Analyzer installations are illustrated with a combined Sensor-Analyzer an Analyzer on a separate machine. The network scenario for these installations is based on the example network in Figure 3.1. The scenario illustration can also be found in the front of the book. Please, see the StoneGate IPS Administrator s Reference for more information on deploying the StoneGate IPS components. FIGURE 3.1 Example Network Scenario 28

29 System Installation StoneGate Management Center The SMC of the example scenario is described in Table 3.1. TABLE 3.1 SMC in the Example Scenario SMC Component Management Server HQ Log Server Branch Office Log Server GUI client Description The Management Server in the Headquarters Management Network with the IP address This Management Server manages all the StoneGate IPS Sensors, Analyzers, and Log Servers of the example network. This server is located in the Headquarters Management Network with the IP address This Log Server receives alerts and log data from the HQ Analyzer. This server is located in the Branch Office Intranet with the IP address This Log Server receives alerts and log data from the Branch Office Sensor-Analyzer. The GUI client can be at any location where it can connect to the Management Server and the Log Servers (for alert and log management). It is also possible to use multiple GUI clients in different locations. In this example, the GUI client is located in the Headquarters Management Network. Combined Sensor-Analyzer In the example scenario, the Branch Office Sensor-Analyzer in the Branch Office network is a combined Sensor-Analyzer. TABLE 3.2 Combined Sensor-Analyzer in the Example Scenario Network Interface Capture Interfaces NDIs Description The Branch Office Sensor-Analyzer has two Capture Interfaces that are connected to a network TAP in a Branch Office Intranet: one interface for each direction of the traffic. All the traffic in this network segment is forwarded to the network TAP for inspection The Branch Office Sensor-Analyzer has one NDI that is connected to the Branch Office Intranet using the IP address This NDI is used for: control connections from the Management Server sending log data and alerts to the Branch Office Log Server for TCP connection termination (by the Sensor) StoneGate IPS Installation Guide 29

30 Chapter 3: Planning StoneGate IPS Installation Sensor Cluster In the example scenario, HQ Sensor Cluster is a cluster located in the Headquarters network. The cluster consists of two Sensor nodes: Node 1 and Node 2. TABLE 3.3 Sensor Cluster in the Example Scenario Network Interface Capture Interfaces NDIs Heartbeat interfaces Description The HQ Sensor Cluster s Capture Interface on each node is connected to a SPAN port in the Headquarters Intranet switch. All the traffic in this network segment is forwarded to the SPAN ports for inspection. The NDI on each node is connected to the Headquarters Intranet with Node 1 s IP address and Node 2 s address This NDI is used for: control connections from the Management Server sending events to the HQ Analyzer for TCP connection termination. The nodes have heartbeat interfaces connected to the dedicated heartbeat network /24 as follows: Node 1 uses the IP address and Node 2 uses the IP address Single Sensor In the example scenario, the DMZ Sensor in the Headquarters DMZ network is a single Sensor. TABLE 3.4 Single Sensor in the Example Scenario Network Interface Capture Interfaces NDIs Description The DMZ Sensor s Capture Interface is connected to a SPAN port in the Headquarters DMZ Network. All the traffic in this network segment is forwarded to the SPAN port for inspection. The NDI is connected to the DMZ network using the IP address This NDI is used for: control connections from the Management Server sending event information to the HQ Analyzer for TCP connection termination. 30

31 System Installation Analyzer In the example scenario, the HQ Analyzer is located in the Headquarters Management network. TABLE 3.5 Analyzer in the Example Scenario NDIs Network Interface Description The HQ Analyzer s NDI is connected to the Headquarters Management Network using the IP address This NDI is used for: control connections from the Management Server receiving event information from the HQ Sensor Cluster and the DMZ Sensor sending log data and alerts to the HQ Log Server sending IP Blacklists to the defined firewalls. StoneGate IPS Installation Guide 31

32 Chapter 3: Planning StoneGate IPS Installation 32

33 INSTALLING THE MANAGEMENT CENTER

34

35 CHAPTER 4 Installing the Management Center This chapter instructs how to install the StoneGate Management Center components on the supported platforms. The following sections are included: Installing the Management Center, on page 36 Starting the StoneGate Management Center, on page 49 Non-graphical Installation, on page 52 Uninstalling the Management Center, on page 54. StoneGate IPS Installation Guide 35

36 Chapter 4: Installing the Management Center Installing the Management Center Before you begin installing, you need to log in to the system with correct administrative rights to be able to modify certain files. In Windows, you need to log in with administrator rights. In Linux and Solaris you have to log in as root to install the software. Note If the operating system is an international (non-english) version of Windows, there might be some complications with running the Management Center on this platform. Checking File Integrity Before installing StoneGate IPS, check the installation package integrity using the MD5 or SHA-1 file checksums as explained in Checking the File Integrity, on page 25. Installing the Management Center Components The Management Center installation proceeds as follows: 1. Install the operating system with the latest patches. 2. Install the Management Server. (You can also install the Log Server and GUI client on the same machine if desired.) 3. Install the Log Server(s). 4. Install the GUI client(s). 5. (Optional) Install the Monitoring Server. After installing the SMC components, proceed to Starting the StoneGate Management Center, on page 49. Starting the Installation The steps described here are the same for the installation of Management Server, Log Server, and the GUI client. Note The Management Center installation requires at least 350 MB of available disk space in the system s temporary directory for extracting the installation files. To start the Management Center installation 1. Insert the StoneGate IPS installation CD-ROM and run the setup executable: 36

37 Installing the Management Center In Windows, run CD-ROM\Windows\setup.bat. In Linux and Solaris Bourne-compatible shells (e.g., sh, ksh): 1.1 If the CD-ROM is not automatically mounted, mount the CD-ROM in Linux with mount /dev/cdrom /mnt/cdrom and in Solaris with mount /cdrom. 1.2 Change to the CD-ROM/Linux/ or CD-ROM/Solaris/ directory according to the platform used. 1.3 Run the command./setup.sh to start the installation. If you are using Linux or Solaris and want to use the graphical installation, make sure that X windowing system has been started before launching the StoneGate IPS setup. Alternatively, please see Non-graphical Installation, on page 52. In Linux and Solaris, the installation creates sgadmin user and group accounts. All the shell scripts are owned by sgadmin and can be executed either by root or sgadmin user. The shell scripts are executed with sgadmin privileges. After the installation, the sgadmin account is disabled. The sgadmin account is deleted at the uninstallation. 2. First, the Java Runtime Environment (JRE) is installed for StoneGate IPS. ILLUSTRATION 4.1 Accepting the License Agreement 3. Read carefully through the license agreement. To accept the license agreement, select the corresponding radio button and click Next. StoneGate IPS Installation Guide 37

38 Chapter 4: Installing the Management Center ILLUSTRATION 4.2 Defining the Destination Directory 4. Define the directory where the Management Center is installed and click Next. Note When installing the server as a service, define a directory path that does not contain spaces. TABLE 4.1 Management Server Default Installation Paths Platform Windows Linux Solaris Default directory C:\Stonesoft\StoneGate\ /usr/local/stonegate/ /opt/stonegate/ 38

39 Installing the Management Center ILLUSTRATION 4.3 Creating Shortcuts 5. In Windows, select the location for the shortcut icons and click Next. By default, the shortcut icons are located in Start Programs StoneGate. ILLUSTRATION 4.4 Choosing the Installation Type 6. Select the installation type as follows: Select Typical to install all Management Center components on the machine. Continue in Installing the Management Server, on page 40. If you want to install the Monitoring Server, you need to select the Custom installation mode. Select Administration Client Only to install just the GUI client. Continue in Installing the GUI Client, on page 47. Select Custom to decide which Management Center components to install on the machine. Continue to the step below. StoneGate IPS Installation Guide 39

40 Chapter 4: Installing the Management Center ILLUSTRATION 4.5 Selecting the System Components for Custom Installation 7. Illustration 4.5 is displayed for Custom installation. Select the Management Center components to be installed. The components can be on the same machine or on separate machines. To install the Management Server, proceed to Installing the Management Server, on page 40. To install the Log Server, proceed to Installing the Log Server, on page 42. To install the Monitoring Server, proceed to Installing the Monitoring Server, on page 46. To install the GUI client, proceed to Installing the GUI Client, on page 47. Installing the Management Server To install the Management Server 1. Click Next in the installation type selection. A screen like Illustration 4.6 is displayed. 40

41 Installing the Management Center ILLUSTRATION 4.6 Creating a Superuser Account 2. Create the default StoneGate Management Center Superuser account by defining a user name and password, then click Next to continue. Note The account specified here is the only account that can be used to log in to the Management Center after the installation has finished. More administrator accounts can be defined in the GUI as explained in the Administrator s Guide. ILLUSTRATION 4.7 Configuring the Management Server 3. Enter the IP address of the Management Server. This is the IP address used for communication with the other system components. 4. Enter the IP address of the Alert Server. This is the IP address of the Log Server you want to use for handling alerts. StoneGate IPS Installation Guide 41

42 Chapter 4: Installing the Management Center 5. Click Next to continue. 6. If you want to install the Management Server as a service, select the Install as a service checkbox. When the server is run as a service, it is started automatically and run in the background after the system s reboot. Otherwise, the server needs to be started manually after every reboot. 7. If you selected that the Log Server is also installed at the same time on the same machine, go to the configuration steps in Installing the Log Server, on page Otherwise, click Next and the Ready to Install window is displayed. 9. Click Install to start the installation. 10. To start the Management Server, please see Starting the StoneGate Management Center, on page 49. Installing the Log Server Before installing the Log Server, the Management Server needs to be installed. This is required for establishing a trust relationship between the Management and the Log Server during the Log Server installation by using certificates. If the Log Server is installed simultaneously on the same machine with the Management Server, the Log Server certificate is generated automatically. Note The screens may differ slightly when installing the Log Server simultaneously with the Management Server on the same machine. To install the Log Server 1. Click Next. The Configure Log Server window is displayed. 42

43 Installing the Management Center ILLUSTRATION 4.8 Configure Log Server 2. Define the IP address for the Log Server or select the address from the Existing IP addresses list. 3. Define the Management Server s IP address in its field. This IP address is used for contacting the Management Server from the Log Server during normal operation and when requesting the certificate for the Log Server. 4. Select the Certify the Log Server during the installation checkbox to request a certificate for the Log Server from the Management Server. (The Log Server certificate is generated automatically if installed at the same time with the Management Server.) If the Log Server certificate is not retrieved during the installation, the certificate has to be retrieved manually later on. To request a certificate for the Log Server manually after the installation, stop the Server and proceed as follows: In Windows, select Start Programs StoneGate Request Log Server Certificate. In Linux and Solaris, run the script <SGHOME>/bin/sgCertifyLogSrv.sh. In the opened authentication window, log in using a Superuser-level StoneGate administrator account, for example, the account created during Management Server installation. 5. Define a port number for the Log Server in its field. The default port used is If you want to use a different port number, please see the Administrator s Guide for instructions. 6. If you want the Log Server to be installed as a service, select the Install as a service checkbox. When the server is run as a service, it is started automatically StoneGate IPS Installation Guide 43

44 Chapter 4: Installing the Management Center and run in the background after the system s reboot. Otherwise, the server needs to be started manually after every reboot. Note When installing the Log Server as a service, use an installation directory path that does not contain spaces. 7. Click Next to continue. ILLUSTRATION 4.9 Defining the Directory for the Log Server Database 8. Specify a directory for the Log Server database. Click Next to continue. If the defined directory does not exist, you are prompted for accepting the directory to be created. ILLUSTRATION 4.10 Logging into the Management Server for the Certificate Generation 9. When the Log Server certificate is requested during the installation, you need to log in to the Management Server using a Superuser privileged account. (If the Log 44

45 Installing the Management Center Server is installed simultaneously with the Management Server, continue in Step 10.) 9.1 Type in the user name and the password. Click OK to continue. ILLUSTRATION 4.11 Checking the CA Certificate Fingerprint 9.2 Compare the presented certificate fingerprint of the Certificate Authority to the certificate s fingerprint on the Management Server. To check the certificate fingerprint of the Certificate Authority: In Windows, select Start Programs StoneGate Show Fingerprint on the Management Server. In Linux and Solaris, run the script <SGHOME>/bin/ sgshowfingerprint.sh on the Management Server. 9.3 Click Accept Certificate if the fingerprint is correct. ILLUSTRATION 4.12 Log Server Selection 9.4 To create a certificate for the Log Server: If the Log Server element is already defined on the Management Server, select Certify again an existing log server and select the Log Server from the list. StoneGate IPS Installation Guide 45

46 Chapter 4: Installing the Management Center If the Log Server element is not defined on the Management Server, select Create a new log server and type in a name for the Log Server element. 10. To start the Log Server, please see Starting the StoneGate Management Center, on page 49. Installing the Monitoring Server The Monitoring Server is an optional component of the Management Center. This feature is primarily meant for service provider environments, where customers want to view logs that concern their own traffic in the network managed by their service provider. You may still find it useful for providing only limited access for some of your internal administrators as well. To install the Monitoring Server ILLUSTRATION 4.13 Configuring the Monitoring Server 1. Type in the IP address of the Monitoring Server. The Monitoring Server s licence must be tied to this IP address. 2. Type in the IP address of the Management Server that controls this Monitoring Server. This IP address is used for contacting the Management Server from the Monitoring Server during normal operation and when requesting the Monitoring Server certificate. 3. (Optional) Deselect the Certify the Monitoring Server during the installation checkbox, if you want to certify for the Monitoring Server to the Management Server after the installation. (The certificate is generated automatically if the Monitoring Server is installed at the same time with the Management Server.) 46

47 Installing the Management Center Note If the Monitoring Server certificate is not retrieved during the installation, the certificate has to be retrieved manually before the server can be started. 4. If you want to install the Monitoring Server as a service, select the Install as a service checkbox. When the server is run as a service, it can be started automatically and run in the background after the system s reboot. Otherwise, the server needs to be started manually after every reboot. 5. Click Next to proceed to installation. Installing the GUI Client Multiple GUI clients can be installed for managing StoneGate products. The GUI client needs to be able to connect to the Management Server. Access to the Log Server is also needed for managing the logs and alerts. To install the Administration client 1. If necessary, click Next to continue to the Configure GUI Client window. ILLUSTRATION 4.14 Configure GUI client 2. Type in the IP address of the Management Server to which the GUI client is going to connect. Click Next to continue. StoneGate IPS Installation Guide 47

48 Chapter 4: Installing the Management Center ILLUSTRATION 4.15 Check the Installation Information 3. The installation summary window is displayed. Click Install to start the installation. ILLUSTRATION 4.16 Installation Completed 4. The installation has been finished successfully. Click Done to quit the installation. After installing the Management Center, start the Management Center components as described below. 48

49 Starting the StoneGate Management Center Starting the StoneGate Management Center When starting the StoneGate Management Center for the first time, the following steps need to be completed: 1. Start the Management Server as instructed in Starting the Management Server, on page Activate the StoneGate IPS licenses in the GUI client as instructed in Starting the GUI Client, on page 49 and Installing StoneGate IPS Licenses, on page Start the Log Server as instructed in Starting the Log Server, on page 51. After starting the Management Center components, proceed to Defining Sensors and Analyzers, on page 57. Starting the Management Server If the Management Server has been installed as a service, the server is started during the operating system boot process. In Windows, the StoneGate Management Server service can be started and stopped manually from Control Panel Administrative Tools Services in Windows. To start the Management Server manually In Windows, start the Management Server by selecting Start Programs StoneGate Management Server. In Linux and Solaris, start the Management Server by running the script <SGHOME>/bin/sgStartMgtSrv.sh. Starting the GUI Client For configuring StoneGate IPS, the GUI client is used for connecting to the Management Center. To start the GUI client 1. Start the GUI client: In Windows, select Start Programs StoneGate Administration Client. In Linux and Solaris, run the script <SGHOME>/bin/sgClient.sh. StoneGate IPS Installation Guide 49

50 Chapter 4: Installing the Management Center ILLUSTRATION 4.17 GUI Client Login 2. Log in using a Superuser level administrator account specified during the installation and connect to the Management Server s IP address. ILLUSTRATION 4.18 Checking the CA Certificate Fingerprint 3. During the first login, the Management Server is authenticated with a certificate. Compare the presented certificate fingerprint of the Certificate Authority to the certificate s fingerprint on the Management Server. To check the certificate fingerprint of the Certificate Authority: In Windows, select Start Programs StoneGate Show Fingerprint on the Management Server. In Linux and Solaris, run the script <SGHOME>/bin/sgShowFingerPrint.sh on the Management Server. 4. Click Accept Certificate if the fingerprint is correct. Installing StoneGate IPS Licenses To configure StoneGate IPS, the licenses need to be installed and activated. After receiving the license ID and the proof-of-license from your StoneGate reseller, the 50

51 Starting the StoneGate Management Center StoneGate IPS licenses can be obtained from Stonesoft Web site at Evaluation licenses can also be requested from this Web site. To install StoneGate IPS licenses 1. In the StoneGate Administration Client, import and install the licenses by selecting File Install Licenses from the menu. 2. Select one or more license (.jar) files, and click Install. 3. Open a Configuration window by clicking the toolbar icon or selecting Configuration StoneGate Configuration from the menu. 4. Expand the tree to Administration Licenses IPS and check that all licenses have been imported and that the displayed information is correct. Starting the Log Server If the Log Server was installed as a service, the server is started during the operating system boot process. In Windows, the StoneGate Log Server service can be started and stopped manually from Control Panel Administrative Tools Services. Note Running the Log Server requires a valid license. First, install the license as explained in Installing StoneGate IPS Licenses, on page 50. To start the Log Server manually In Windows, select Start Programs StoneGate Log Server. In Linux and Solaris, run the <SGHOME>/bin/sgStartLogSrv.sh script. Related Topics! Continue with StoneGate IPS configuration as explained in Defining Sensors and Analyzers, on page 57. Starting the Monitoring Server If the optional Monitoring Server component was installed as a service, the server is started during the operating system boot process. In Windows, the StoneGate Monitoring Server service can be started and stopped manually from Control Panel Administrative Tools Services. StoneGate IPS Installation Guide 51

52 Chapter 4: Installing the Management Center Note Running the Log Server requires a valid license. First, install the license as explained in Installing StoneGate IPS Licenses, on page 50. To start the Monitoring Server manually In Windows, select Start Programs StoneGate Monitoring Server. In Linux and Solaris, run the <SGHOME>/bin/sgStartMonitoringServer.sh script. Non-graphical Installation In Linux and Solaris, the Management Center can also be installed on the command line. Before installing the Management Center, check the installation package integrity using the MD5 or SHA-1 file checksums as explained in Checking the File Integrity, on page 25. To run the non-graphical installation 1. Open a Bourne-compatible shell (e.g., sh, ksh). 2. If the CD-ROM is not automatically mounted, mount the CD-ROM in Linux with mount /dev/cdrom /mnt/cdrom and in Solaris with mount /cdrom. 3. Change to the <CD-ROM>/StoneGate_SW_Installer/Linux/ directory in Linux or in Solaris to the <CD-ROM>/StoneGate_SW_Installer/Solaris/ directory. 4. Run the command./setup.sh -nodisplay to start the installation. In Linux and Solaris, the installation creates sgadmin user and group accounts. All the shell scripts are owned by sgadmin and can be executed either by root or sgadmin user. The shell scripts are executed with sgadmin privileges. After the installation, the sgadmin account is disabled. The sgadmin account is deleted after the uninstallation. ILLUSTRATION 4.19 Accepting the License Agreement DO YOU ACCEPT THE TERMS OF THE LICENSE AGREEMENT? (Y/N) 5. Read the licence agreement and accept it by typing Y and pressing Enter. 52

53 Non-graphical Installation ILLUSTRATION 4.20 Defining the Installation Directory Choose Install Directory Select a directory for installing StoneGate. This directory path name must not contain space character. Where would you like to install? Default Install Folder: /usr/local/stonegate ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 6. Type the full path for the installation directory or press ENTER to install to the default directory. ILLUSTRATION 4.21 Choosing the Link Location Choose Link Location Where would you like to create links? ->1 - Default:/StoneGate 2 - In your home folder 3 - Choose another location Don t create links ENTER THE NUMBER OF AN OPTION ABOVE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT: 7. Press ENTER to create the StoneGate links in the default directory or select one of the other options. StoneGate IPS Installation Guide 53

54 Chapter 4: Installing the Management Center ILLUSTRATION 4.22 Choosing the Installation Options Choose StoneGate Components Please choose the Install Set to be installed by this installer. ->1 - Typical 2- Administration Client Only 3- Customize... ENTER THE NUMBER FOR THE INSTALL SET, OR PRESS <ENTER> TO ACCEPT THE DEFAULT : 8. Select the StoneGate components you want to install. Press ENTER to install all Management Center components on the machine. Press 2 to install only the Administration Client. Press 3 to select which components to install. 9. The installation steps for the Management Center components are comparable to the graphical installation. For the instructions, proceed as follows: To install a Management Server, see Installing the Management Server, on page 40. To install a Log Server, see Installing the Log Server, on page 42. To install a Monitoring Server, see Installing the Monitoring Server, on page 46. To install a GUI client, see Installing the GUI Client, on page 47. Uninstalling the Management Center To uninstall the Management Center in Windows 1. Stop the Management Server, Log Server, and the GUI client on the machine before you start the uninstallation. 2. Go to Start Settings Control Panel Add/Remove Programs or alternatively run the <SGHOME>\uninstall\uninstall.exe program. 3. In the Add/Remove Programs window, Select StoneGate from the list of currently installed programs and click the Change/Remove button. 54

55 Uninstalling the Management Center ILLUSTRATION 4.23 Uninstalling the StoneGate IPS Components 4. Click Uninstall to remove the installed StoneGate Management Center components from the system. 5. The GUI client uses a.stonegate directory in the user s home directory (usually c:\documents and Settings\username on Windows). The directory contains the GUI client configuration files. These files are not automatically deleted but can be removed manually after the uninstallation. To uninstall the Management Center in Linux and Solaris 1. Stop the Management Center components on the machine before starting uninstallation. 2. Run the <SGHOME>/uninstall/uninstall.sh script. 3. The GUI client uses a.stonegate directory in the user s home directory (usually /home/username in Linux or Solaris). This directory contains the GUI client configuration files. These files are not automatically deleted but can be removed manually after the uninstallation. Uninstalling in Non-graphical Mode You can also uninstall the Management Center in a non-graphical mode in Linux and Solaris. To uninstall in non-graphical mode 1. In Linux and Solaris Bourne-compatible shells (e.g., sh, ksh), change to the <SGHOME>/uninstall/ directory. StoneGate IPS Installation Guide 55

56 Chapter 4: Installing the Management Center 2. Run the command./uninstall.sh -nodisplay. In Linux and Solaris, the sgadmin account is deleted during the uninstallation. 3. The GUI client uses a.stonegate directory in the user s home directory (in Linux and Solaris, usually /home/username). The directory contains the GUI client configuration files. These files are not automatically deleted but can be removed manually after the uninstallation. 56

57 CHAPTER 5 Defining Sensors and Analyzers This chapter explains how to define the Sensor and Analyzer elements in the StoneGate Management Center. This chapter includes the following sections: Element Configuration Overview, on page 58 Importing Dynamic Updates, on page 58 Defining an Analyzer, on page 59 Defining a Sensor Cluster, on page 62 Defining a Single Sensor, on page 68 Defining a Combined Sensor-Analyzer, on page 72 Configuring Routing, on page 75 Saving the Initial Configuration, on page 77 Configuring IP Addressing for NAT, on page 79. StoneGate IPS Installation Guide 57

58 Chapter 5: Defining Sensors and Analyzers Element Configuration Overview After the StoneGate Management Center (SMC) is installed and running, the StoneGate IPS Sensor and Analyzer elements can be defined in the SMC. The needed steps are as follows: 1. Activate the dynamic updates as explained in Importing Dynamic Updates, on page Define the Analyzer(s) as explained in Defining an Analyzer, on page 59. If you are installing a combined Sensor-Analyzer, see Defining a Combined Sensor- Analyzer, on page Define the Sensor(s) as explained in Defining a Sensor Cluster, on page 62. If you are installing a single Sensor, see Defining a Single Sensor, on page 68. If you are installing a combined Sensor-Analyzer, see Defining a Combined Sensor- Analyzer, on page Configure the routing for Sensors and Analyzers as explained in Configuring Routing, on page (Optional) If there is Network Address Translation (NAT) devices between the SMC and StoneGate IPS components, see Configuring IP Addressing for NAT, on page Save the defined configuration for use during Sensor and Analyzer installation as explained in Saving the Initial Configuration, on page 77. After defining the Sensors and Analyzers in the Management Center, proceed to Installing Sensors and Analyzers, on page 87. Importing Dynamic Updates The dynamic updates need to be imported in the GUI client before defining the Sensors and Analyzers. The dynamic update packages provide the latest fingerprints, new and updated inspection modules and system agents, system security policies, and the latest vulnerability and event situation information. You can download the latest update packages from the Stonesoft Web site at ipsupdate. 58

59 Defining an Analyzer Load Dynamic Updates 1. In the GUI client, select File System Tools Import Update Packages from the menu. 2. Import the latest.jar update package. ILLUSTRATION 5.1 Loading Dynamic Updates in Admin Tools 3. In a Configuration window, in the Administration Updates branch of the tree, right-click on the package and select Activate. 4. Optionally, you can enable automatic update checking in File System Tools Configure Updates. The Management Server then periodically checks Stonesoft s Web site and issues an alert when new updates are available. 5. Continue by defining the Analyzer and Sensor elements. Defining an Analyzer Before creating Sensor elements, an Analyzer element needs to be created. This section covers the basic configuration of an Analyzer element. For complete instructions on configuring Analyzer properties, please see the StoneGate IPS Administrator s Guide. Related Topics! To configure a combined Sensor-Analyzer, please see Defining a Combined Sensor-Analyzer, on page 72. StoneGate IPS Installation Guide 59

60 Chapter 5: Defining Sensors and Analyzers To define an Analyzer element 1. In the GUI client, open a Configuration window from Configuration StoneGate Configuration or by clicking its icon in the toolbar. 2. Select File New Network Element Analyzer in the menu. The Analyzer Properties dialog opens. ILLUSTRATION 5.2 Analyzer Properties 3. In the Name field, enter a unique name to identify the Analyzer. 4. In the Log Server field, select the Log Server for event logging from the Analyzer. 5. In the Log Server for Alerts field, select the Log Server used for alerting from the Analyzer. 6. Continue defining the network interfaces as explained below. Defining the Network Interfaces To define a network interface for an Analyzer 1. In the Analyzer Properties window, select the Single Node tab and click Add Interface. 60

61 Defining an Analyzer ILLUSTRATION 5.3 Network Interface Properties 2. Select Control IP Address to use the interface for the Management Server initiated control connections. Select Primary to define the primary control IP address. Only one IP address can be selected as primary for the control connections. You can also define Backup IP addresses used for control connections if the primary address is unavailable. There can be multiple backup control IP addresses defined for different interfaces. 3. Select Log/Analyzer communication source IP address to use the interface for communications with the Log Server. 4. Select the NIC ID from the drop-down menu. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Analyzer installation. 5. Enter the IP address for this interface. 6. Enter the appropriate Netmask. 7. A Contact Address needs to be defined only if there is a NAT device between the Management Server and the Analyzer or between the Sensors and the Analyzer. See Configuring IP Addressing for NAT, on page Click OK to save the interface configuration. 9. After configuring the network interfaces, write down the networks to which each NIC ID is connected. This information is needed during the Analyzer installation when mapping the actual physical network interfaces to NIC IDs. StoneGate IPS Installation Guide 61

62 Chapter 5: Defining Sensors and Analyzers 10. Click OK to apply the changes or continue with the Analyzer element configuration. Related Topics! Configuring Routing, on page 75! Configuring IP Addressing for NAT, on page 79! Saving the Initial Configuration, on page 77 For more detailed instructions on configuring the Analyzer, please see StoneGate IPS Administrator s Guide. Defining a Sensor Cluster This section covers the basic configuration of a Sensor cluster element. For complete instructions on configuring the Sensor cluster, please see StoneGate IPS Administrator s Guide. To define a Sensor Cluster 1. In the GUI client, open a Configuration window from Configuration StoneGate Configuration or by clicking its icon in the toolbar. 2. Select File New Network Element Sensor Cluster in the menu. The Sensor Cluster Properties dialog opens. 62

63 Defining a Sensor Cluster ILLUSTRATION 5.4 Sensor Cluster Properties 3. In the Name field, enter a unique name to identify the Sensor cluster. 4. In the Analyzer field, select the Analyzer where the Sensor sends the data on detected events. 5. In Log Server for Recordings, select the Log Server where the traffic recordings will be stored. 6. Continue with the network interface configuration as explained below. Defining the Cluster Network Interfaces To define an NDI for a Sensor cluster 1. In the Cluster tab, click Add Interface. StoneGate IPS Installation Guide 63

64 Chapter 5: Defining Sensors and Analyzers ILLUSTRATION 5.5 Cluster-Level Properties of a Node Dedicated Interface 2. For the Type, select Node Dedicated Interface. 3. For the NDI Mode, there are three optional settings. To use the NDI for heartbeat, select Heartbeat and then select Primary. You can also define backup heartbeat interface by selecting Backup. The backup heartbeat is used if the primary heartbeat connection is unavailable. Note Heartbeat and state synchronization (which takes place on the same interface) are time-critical communications, and network latency from other traffic may interfere with them. Therefore, it is recommended that the heartbeat network is dedicated only for this purpose. 4. Select Control IP Address to use the interface for Management Server initiated control connections. Define the primary control IP address by selecting Primary. Only one interface can be selected as primary for the control connections. You can define multiple backup interfaces for control connections by selecting Backup. This interface is used if the primary interface is unavailable. 5. Select Log/Analyzer communication source IP address to use the interface for communications with the Analyzer. 6. Select the NIC ID for the NDI. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor installation. 7. Click OK to accept the interface settings. 8. Continue defining the Capture Interfaces as explained below. 64

65 Defining a Sensor Cluster To define Capture Interfaces for a Sensor cluster 1. In the Sensor Cluster Properties window, select the Cluster tab and click Add Interface. ILLUSTRATION 5.6 Capture Interface Properties 2. For the Type, select Capture Interface. 3. Select the Capture Interface Mode according to your network environment as follows (see Checking the Surrounding Network Environment, on page 26): 3.1 For Capture Interface mode, select either SPAN port or Wire TAP, according to the corresponding network connection of the interface. Note For Wire TAP mode, two Capture Interfaces need to be defined for the same Logical Interface: one Capture Interface for each direction of the traffic. 3.2 Select default_eth for the Logical Interface. (If default_eth is not available, ensure that you have imported the updated packages as explained in Importing Dynamic Updates, on page 58.) 3.3 Optionally, define which Reset Interface this capture interface uses for TCP connection termination, if any. 4. Select the NIC ID for the Capture Interface. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor installation. The IP address, Netmask, and MAC address for an NDI are defined on the node specific properties of each node as described below. StoneGate IPS Installation Guide 65

66 Chapter 5: Defining Sensors and Analyzers Defining the Node Specific Properties After defining your network interfaces at the cluster level, continue the Sensor cluster configuration by defining the node specific properties. By default, the Cluster Properties window displays two nodes in the Nodes tab. In case you have more than two nodes in your cluster, you need to add more nodes to the cluster properties as described Adding a Node to the Cluster, on page 67. To define an NDI for a node 1. In the Sensor Cluster Properties window, select the Nodes tab. ILLUSTRATION 5.7 Sensor Cluster Node Properties 2. On the Nodes list, click on the row of the node to be configured. 3. Click on the cell in the Name column to define a name for the node. 4. After selecting the node from the Nodes list, double-click on the line of the interface to be configured in the lower Interfaces list. 66

67 Defining a Sensor Cluster ILLUSTRATION 5.8 Node Dedicated Interface Properties 5. In the Interface Properties window, define the IP Address for the interface. 6. Define the corresponding Netmask for the interface. 7. A Contact Address needs to be defined only if there is a NAT device between the Management Server and the Sensor. See Configuring IP Addressing for NAT, on page Complete the above steps for all NDIs in each of the nodes. 9. After configuring the network interfaces, write down the networks to which each NIC ID is connected. This information is needed during the Sensor installation when mapping the actual physical network interfaces to NIC IDs. 10. Click OK to validate the cluster s interface configuration. 11. Continue in Configuring Routing, on page 75. Related Topics! Configuring Routing, on page 75! Configuring IP Addressing for NAT, on page 79! Saving the Initial Configuration, on page 77 For more detailed instructions on configuring a Sensor cluster, please see the StoneGate IPS Administrator s Guide. Adding a Node to the Cluster By default, the Cluster Properties window displays two nodes in the Nodes tab. In case you have more than two nodes in your cluster, you need to add more nodes to the cluster StoneGate IPS Installation Guide 67

68 Chapter 5: Defining Sensors and Analyzers properties as described below. StoneGate IPS supports up to 16 nodes in one Sensor cluster. After adding the required nodes, you can define the node specific properties as described in Defining the Node Specific Properties, on page 66. To add a node to the cluster 1. In the Sensor Cluster Properties window, select the Nodes tab. 2. To add a node to the cluster, click Add Node. 3. Define a name for the node by clicking on the cell in the Name column. 4. Define the node specific properties as described in Defining the Node Specific Properties, on page 66. Defining a Single Sensor This section covers the basic configuration of the Single Sensor element. A single Sensor does not have the load balancing and high availability features of a Sensor cluster. For detailed instructions on configuring the single Sensor, please see the StoneGate IPS Administrator s Guide. To define a single Sensor 1. In the GUI client, open a Configuration window from Configuration StoneGate Configuration or by clicking its icon in the toolbar. 2. Select File New Network Element Single Sensor in the menu. The Sensor Cluster Properties dialog opens. The Single Sensor Properties dialog opens. 68

69 Defining a Single Sensor ILLUSTRATION 5.9 Single Sensor Properties 3. In the Name field, enter a unique name to identify the Sensor. 4. In the Analyzer field, select the Analyzer where the Sensor sends the data on detected events. 5. In Log Server for Recordings, select the Log Server where the traffic recordings will be stored. 6. Continue defining the network interfaces as explained below. Defining the Network Interfaces To define an NDI for a single Sensor 1. In the Single Sensor Properties window, select the Single Node tab and click Add Interface. StoneGate IPS Installation Guide 69

70 Chapter 5: Defining Sensors and Analyzers ILLUSTRATION 5.10 Network Interface Properties 2. In the Type drop-down menu, select Node Dedicated Interface. 3. To use the interface for Management Server initiated control connections, select Control IP Address. Select Primary to define the primary control IP address. Only one IP address can be selected as primary for the control connections. You can define multiple backup interfaces for control connections by selecting Backup. This interface is used if the primary interface is unavailable. 4. Select Log/Analyzer communication source IP address to use the interface for communications with the Analyzer. 5. Select the NIC ID from the drop-down menu. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor installation. 6. Enter the unicast IP address for this interface. 7. Enter the appropriate Netmask. 8. A Contact Address needs to be defined only if there is a NAT device between the Management Server and the Sensor. See Configuring IP Addressing for NAT, on page After configuring the network interfaces, write down the networks to which each NIC ID is connected. This information is needed during the Sensor installation when mapping the actual physical network interfaces to NIC IDs. 10. Click OK apply the changes. 11. Continue defining the Capture Interfaces as explained below. To define Capture Interfaces for a single Sensor 1. In the Single Sensor Properties window, select the Single Node tab and click Add Interface. 70

71 Defining a Single Sensor ILLUSTRATION 5.11 Capture Interface Properties 2. For the Type, select Capture Interface. 3. Select the Capture Interface Mode according to your network environment as follows (see Checking the Surrounding Network Environment, on page 26): 3.1 For Capture Interface mode, select either SPAN port or Wire TAP, according to the corresponding network connection of the interface. Note For Wire TAP mode, two Capture Interfaces need to be defined for the same Logical Interface: one Capture Interface for each direction of the traffic. 3.2 Select default_eth for the Logical Interface. (If default_eth is not available, ensure that you have imported the updated packages as explained in Importing Dynamic Updates, on page 58.) 3.3 Optionally, define which Reset Interface this capture interface uses for TCP connection termination, if any. 4. Select the NIC ID for the Capture Interface. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor installation. 5. Continue in Configuring Routing, on page 75. Related Topics! Configuring Routing, on page 75! Configuring IP Addressing for NAT, on page 79! Saving the Initial Configuration, on page 77 StoneGate IPS Installation Guide 71

72 Chapter 5: Defining Sensors and Analyzers For more detailed instructions on configuring a Sensor cluster, please see the StoneGate IPS Administrator s Guide. Defining a Combined Sensor-Analyzer A combined Sensor-Analyzer is a special case of StoneGate IPS installation for small network environments, where the Sensor and Analyzer are located on the same machine. This section covers the basic configuration of the element. For complete instructions on configuring the combined Sensor-Analyzer, please see the StoneGate IPS Administrator s Guide. To define a combined Sensor-Analyzer 1. In the GUI client, open a Configuration window from Configuration StoneGate Configuration or by clicking its icon in the toolbar. 2. Select File New Network Element Combined Sensor-Analyzer in the menu. The Combined Sensor-Analyzer Properties dialog opens. ILLUSTRATION 5.12 Combined Sensor-Analyzer Properties 3. In the Name field, enter a unique name to identify the Sensor-Analyzer. 4. In the Log Server field, select the Log Server where the events will be logged. 72

73 Defining a Combined Sensor-Analyzer 5. In Log Server for Recordings, select the Log Server where the traffic recordings will be stored. 6. Continue defining network interfaces as explained below. Defining the Network Interfaces To define an NDI for a combined Sensor-Analyzer 1. In the Single Sensor Properties window, select the Single Node tab and click Add Interface. ILLUSTRATION 5.13 Network Interface Properties 2. In the Type drop-down menu, select Node Dedicated Interface. 3. To use the interface for the Management Server initiated control connections, select Control IP Address. To define the primary control IP address, select Primary. Only one IP address can be selected as primary for the control connections. To define the IP address used for control connections if the primary address is unavailable, select Backup. There can be multiple backup control IP addresses defined for different interfaces. 4. To use the interface for communication with the Log Server, select Log/Analyzer communication source IP address. 5. Select the NIC ID from the drop-down menu. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor-Analyzer installation. 6. Enter the unicast IP address for this interface. StoneGate IPS Installation Guide 73

74 Chapter 5: Defining Sensors and Analyzers 7. Enter the appropriate Netmask. 8. A Contact Address needs to be defined only if there is a NAT device between the Management Server and the Sensor-Analyzer. See Configuring IP Addressing for NAT, on page Click OK apply the changes. 10. Continue defining the Capture Interfaces as explained below. To define Capture Interfaces for a combined Sensor-Analyzer 1. In the Combined Sensor-Analyzer Properties window, select the Single Node tab and click Add Interface. ILLUSTRATION 5.14 Capture Interface Properties 2. For the Type, select Capture Interface. 3. Select the Capture Interface Mode according to your network environment (see Checking the Surrounding Network Environment, on page 26) as follows: 3.1 For Capture Interface mode, select either SPAN port or Wire TAP, according to the corresponding network connection of the interface. Note For Wire TAP mode, two Capture Interfaces need to be defined for the same Logical Interface: one Capture Interface for each direction of the traffic. 3.2 Select default_eth for the Logical Interface. (If default_eth is not available, ensure that you have imported the updated packages as explained in Importing Dynamic Updates, on page 58.) 3.3 Optionally, define which Reset Interface this capture uses for TCP connection termination, if any. 74

75 Configuring Routing 4. Select the NIC ID for the Capture Interface. The NIC ID is used for mapping physical interfaces to the StoneGate IPS interfaces during the Sensor-Analyzer installation. After configuring the network interfaces, write down the networks to which each NIC ID is connected. This information is needed during the combined Sensor-Analyzer installation when mapping the actual physical network interfaces to NIC IDs of StoneGate IPS. Related Topics! Configuring Routing, on page 75! Configuring IP Addressing for NAT, on page 79! Saving the Initial Configuration, on page 77 For more detailed instructions on configuring a combined Sensor-Analyzer, please see the StoneGate IPS Administrator s Guide. Configuring Routing In order to configure routing for Sensors and Analyzers, you must first define Router elements. A Router element represents a gateway used for routing. Routing for StoneGate IPS Sensors and Analyzers is defined in the Routing view as in Illustration ILLUSTRATION 5.15 Routing View StoneGate IPS Installation Guide 75

76 Chapter 5: Defining Sensors and Analyzers As an example in Illustration 5.15, the HQ DMZ default GW element (IP address ) is used as the default gateway for the HQ DMZ Sensor by using the Any Network element. For more information about routing, please see the StoneGate IPS Administrator s Reference. To define a route for Sensor or Analyzer 1. Create a Router element for the gateway: 1.1 Select File New Network Element Router in the menu. The Router Properties dialog opens. ILLUSTRATION 5.16 Router Element Properties 1.2 Enter a unique name to identify the router. 1.3 Enter the router s IP address used as the next hop address for routing in the Sensor or Analyzer (e.g., ). 1.4 Click OK. 2. Define a route for the Sensor or Analyzer: 2.1 Select Configuration Routing/Antispoofing in the menu. The Routing view opens. 76

77 Saving the Initial Configuration ILLUSTRATION 5.17 Defining Routing 2.2 In the Routing view, select the router that will act as the gateway (e.g., HQ DMZ gateway ). 2.3 Drag the Router to the correct network connection of a Sensor or Analyzer in the Routing view (e.g., HQ DMZ Sensor/Interface0/ ). 2.4 Navigate to Network Elements Network in the left panel. The Any Network element appears. 2.5 Drag the Any Network element onto the Router element in the Routing view (e.g., Any Network element on the HQ DMZ Sensor/Interface0/ /HQ DMZ router) to define the default route. 2.6 Continue in Saving the Initial Configuration, on page 77. The routing configuration changes are taken into use with the other configuration information when uploading the policy on the Sensor or Analyzer. Saving the Initial Configuration After defining the Sensor and Analyzer element properties, the configuration information is saved to be used when installing the Sensor and Analyzer machines. The Management Center creates the required configuration files that are needed during the machine installation. One-time passwords are also generated which are used during the StoneGate IPS Installation Guide 77

78 Chapter 5: Defining Sensors and Analyzers engine installation to establish a trust relationship between the engine and the Management Server. To save the initial configuration 1. In the Administration Client, right-click on the Sensor or Analyzer element you just defined, and select Save Initial Configuration from the contextual menu that opens. ILLUSTRATION 5.18 Saving the Initial Configuration 2. Select a directory where you want to save the configuration files. Often it is easiest to save the configuration on a floppy. ILLUSTRATION 5.19 Generated Initial Configuration 3. The generated configuration file names and one-time passwords are displayed. Click OK to close the dialog box. The Sensors and Analyzers can also be configured manually during the installation without the initial configuration files. In this case, the one-time passwords and the Management Server certificate fingerprint must be written down as they are needed during the installation. 78

79 Configuring IP Addressing for NAT Caution As the initial configuration files include the one-time password for establishing trust relationship between the Management Server and the engine, these files must be handled securely. You are now ready to install the StoneGate IPS engine(s). Proceed to Installing Sensors and Analyzers, on page 87. Configuring IP Addressing for NAT The StoneGate IPS components need to know the IP addresses of the other components for communication purposes. If there is Network Address Translation (NAT) between the communicating components, then the NATed IP addresses need to be defined. These NATed contact addresses are then contacted to reach the targeted component. Note A contact address needs to be defined only if there is a NAT device between the communicating StoneGate components. For example, the Sensor needs to know the Analyzer s IP address to send event information on the inspected network traffic. If the Analyzer is reachable by its real IP address defined in the Analyzer element, then no contact address needs to be defined. But if the is NAT between the Sensor and the Analyzer, then the NATed address needs to be configured. This NATed address is defined for the Analyzer s corresponding network interface as a contact address for this Sensor. Communications between the StoneGate components are explained in the StoneGate IPS Administrator s Reference. Defining Locations StoneGate uses the Location element to determine which IP address needs to be used when system components connect to each other when there is address translation (NAT) between the components. You create the Locations and add elements in the Locations based on how your network is set up (the equipment need not be in the same site, you only need to consider where NAT is performed). After you have the Location elements set up, you open the properties of the each element as necessary, and define there the Contact Addresses for the element from each Location s viewpoint. All Management components in the other Locations then use the StoneGate IPS Installation Guide 79

80 Chapter 5: Defining Sensors and Analyzers addresses defined for their Location for contact. You can easily add more elements to the Locations at any point without having to define more contact addresses. To create a new Location 1. In a Configuration window, right-click the Administration title in the left panel and select New Location from the contextual menu that opens. The Location properties dialog opens. 2. Give a descriptive name for the Location and, if you wish, an additional comment describing it. 3. Add the elements belonging to this Location by selecting them in the left panel of the dialog and then clicking Add. To display different types of elements, click the leftmost icon under the Resources title and select a type from the list that opens. Repeat steps above to add other Locations as necessary. Sensor and Analyzer Contact Addresses A contact address is needed only if there is a NAT device between the SMC, Sensors and Analyzers, so that they cannot connect directly to the IP address defined for the interface. An interface with contact addresses is indicated with an asterisk (*) in the element s network interface address. To define a contact address for a Sensor or an Analyzer 1. Open the properties of the Sensor or Analyzer element for which you want to define the contact addresses. 80

81 Configuring IP Addressing for NAT ILLUSTRATION 5.20 Element Properties 2. In the Sensor or Analyzer Properties window, select the network interface and click Edit Interface to define a contact address for it. ILLUSTRATION 5.21 Network Interface Properties 3. In the Contact Addresses box, click Edit. StoneGate IPS Installation Guide 81

82 Chapter 5: Defining Sensors and Analyzers ILLUSTRATION 5.22 Sensor or Analyzer Contact Addresses (Optional) Define address to use for Locations not added below Table of Locations Select Location and click Add to create entry in table below Enter the IP address components at this Location use 4. (Optional) Enter a contact IP address in the Default field. This address is used whenever there is no other Contact Address in this element s properties for some Location. Elements that belong to the same Location element always use the primary IP address (defined in the main Properties window of the element) when contacting each other. All elements not specifically put in a certain Location are treated as if they belonged to the same Location. 5. If a Location needs a specific contact address, select a Location in the Loacations drop-down list and click Add. The Location appears in the table below. 6. Click the Contact Address column for the Location you added and enter the IP address that components belonging to the particular Location element should contact to reach this element you are editing. For example, if the Sensor-Analyzer ( ) in the network scenario is NATed as when connecting from the headquarters, the Management Server needs to connect to the NATed contact address as in Illustration Repeat Step 5 and Step 6 to add additional contact addresses for other Locations. 8. Click OK to accept the contact addresses and click OK to accept the interface properties. Management Server Contact Address In the Management Center, the Local Management Server element is provided for defining contact addresses to the Management Server. The Log Server elements can be modified in other ways as well. A contact address is needed during the Sensor s (or Analyzer s) 82

83 Configuring IP Addressing for NAT initial contact to the Management Server only if there is a NAT device between the Sensor (Analyzer) and the Management Server. The Management Server contact address is saved in the initial configuration files (see Saving the Initial Configuration, on page 77). A contact address is needed for the Log Server if there is a NAT device between the Log Server and other components, so that the Log Server s IP address cannot be connected directly. To define the Management and Log Server contact addresses 1. Right-click Local Management Server under the Servers branch and select Properties. The Management Server Properties dialog opens. ILLUSTRATION 5.23 Management Server Properties 2. Click the Edit button in the Contact Addresses section on the right. The Contact Addresses dialog opens. StoneGate IPS Installation Guide 83

84 Chapter 5: Defining Sensors and Analyzers ILLUSTRATION 5.24 Assigning Contact Addresses (Optional) Define address to use for Locations not added below Table of Locations Select Location and click Add to create entry in table below Enter the IP address components at this Location use 3. (Optional) Enter a contact IP address in the Default field. This address is used whenever there is no other Contact Address in this Management Server s properties for some Location. Elements that belong to the same Location element always use the primary IP address (defined in the main Properties window of the element) when contacting each other. All elements not specifically put in a certain Location are treated as if they belonged to the same Location. 4. If a Location needs a specific contact address, select a Location in the Loacations drop-down list and click Add. The Location appears in the table below. 5. Click the Contact Address column for the Location you added and enter the IP address that components belonging to the particular Location element should contact to reach this element you are editing. 6. Add further Contact Addresses for other Locations as necessary. 7. Click OK to confirm the contact addresses, and again click OK validate the changes for the element. 8. If necessary, repeat the above steps for the Log Server. 84

85 INSTALLING SENSORS AND ANALYZERS

86

87 CHAPTER 6 Installing Sensors and Analyzers This chapter describes how to install StoneGate IPS Sensors and Analyzers on any standard Intel or Intel compatible platform. This chapter includes the following sections: Installing the Sensor or Analyzer Engine, on page 88 Configuring the Sensor or Analyzer, on page 90 Installing in Expert Mode, on page 96. StoneGate IPS Installation Guide 87

88 Chapter 6: Installing Sensors and Analyzers Installing the Sensor or Analyzer Engine After installing the Management Center and creating the initial configuration, the Sensor and Analyzer engines can be installed. The installation steps for Sensor, Analyzer, and combined Sensor-Analyzer are similar, as the node type is only selected at the end of the installation. The StoneGate IPS engine installation proceeds as follows: 1. Install the hardware and connect the network cables. 2. Install the StoneGate IPS engine by booting from the the CD-ROM. 3. Configure the general operating system settings. 4. Configure the network interfaces. 5. Select the engine mode (Sensor, Analyzer, Combined) and contact the Management Server. After installing the Sensor and Analyzer engines, proceed to Installing Policies, on page 103. Note The machines running the Sensors or Analyzers are dedicated for the IPS functionality, so they should not run any other software. Note Check that the Automatic Power Management (APM) and Advanced Configuration and Power Interface (ACPI) settings are disabled in BIOS. Otherwise, the engine may not start after installation or may shut down unexpectedly. The following step-by-step instructions provide an example of a typical Sensor or Analyzer installation. The screens appearing during the installation may differ slightly during your installation depending on your system configuration. Checking the File Integrity Before installing StoneGate IPS, check the installation package integrity using the MD5 or SHA-1 file checksums as explained in Checking the File Integrity, on page 25. Booting From the CD-ROM To install StoneGate IPS engine from a CD-ROM 1. To begin, insert the StoneGate IPS installation CD-ROM into the drive and reboot the machine from the CD-ROM. Accept the license agreement to continue. 88

89 Installing the Sensor or Analyzer Engine ILLUSTRATION 6.1 Selecting the Install Mode 2. After accepting the license agreement, you will be prompted to choose between two types of installations: Full Install and Full Install in expert mode. Choose 1 for the normal full install mode. Installing StoneGate IPS in expert mode is explained in Installing in Expert Mode, on page 96. ILLUSTRATION 6.2 Automatic Partitioning 3. To accept automatic hard disk partitioning, type YES. For modifying the hard disk partitioning manually, please see Installing in Expert Mode, on page 96. Caution Partitioning deletes all the existing data on the hard disk. ILLUSTRATION 6.3 Installation Finished 4. The automatic installation process is started. When the installation is finished, you will be prompted to remove the installation CD-ROM. Press ENTER to reboot the machine and proceed to Configuring the Sensor or Analyzer, on page 90. StoneGate IPS Installation Guide 89

90 Chapter 6: Installing Sensors and Analyzers Configuring the Sensor or Analyzer After the installation, the machine is rebooted and the StoneGate IPS configuration wizard is displayed. During this initial configuration, the operating system settings, network interfaces, and the Management Server connection are defined. Selecting the Configuration Method To configure the installed Sensor or Analyzer 1. After the installation, the machine is rebooted and the StoneGate IPS configuration wizard is displayed. ILLUSTRATION 6.4 Importing the Configuration from a Disk 2. The initial configuration can be imported from a floppy disk. Otherwise, the configuration needs to be entered manually. To import the configuration from a floppy: 2.1 Insert the configuration floppy disk which was created on the Management Server in Saving the Initial Configuration, on page Select Import. 2.3 Browse the floppy for the configuration file directory. 3. Select Next and press ENTER to continue. Configuring the Operating System Settings To configure the operating system settings 1. After selecting the installation method, the Configure OS Settings window is displayed. 90

91 Configuring the Sensor or Analyzer ILLUSTRATION 6.5 Configuring the Operating System Settings 2. Configure the keyboard layout by highlighting the Keyboard layout field using the arrow keys. Press ENTER to continue. ILLUSTRATION 6.6 Selecting the Keyboard Layout 3. Highlight the appropriate layout and press ENTER. 4. In the Configure OS Settings window, highlight the Local timezone line and press ENTER. StoneGate IPS Installation Guide 91

92 Chapter 6: Installing Sensors and Analyzers ILLUSTRATION 6.7 Selecting the Timezone 5. Select the timezone and press ENTER. ILLUSTRATION 6.8 Defining the Host Name and the Root User Password 6. Type a host name for the engine in the Host name field. 7. In the Password field, enter a password for the root user and re-enter the password for confirmation in the second field. 8. You will then need to decide whether to enable the SSH daemon for SSH connections to the engine. By default this feature is disabled. To enable SSH daemon, highlight the line and press SPACEBAR to select it. An asterisk (*) appears to indicate that the SSH daemon is enabled. 9. Select Next and press ENTER to continue. 92

93 Configuring the Sensor or Analyzer Configuring the Network Interfaces To configure the network interfaces 1. The Configure Network Interfaces window is displayed. ILLUSTRATION 6.9 Configure the Network Interfaces 2. To add a network interface, highlight Add and press ENTER. ILLUSTRATION 6.10 Add a Device Driver 3. Select a driver for the network interface by highlighting the driver and pressing ENTER. ILLUSTRATION 6.11 Assigning Network Interfaces StoneGate IPS Installation Guide 93

94 Chapter 6: Installing Sensors and Analyzers 4. The interfaces that use the selected driver are displayed. Define NIC IDs to the network interfaces by typing the NIC ID number in the field on front of each network interface. (The NIC IDs were defined in the Sensor or Analyzer element in Defining Sensors and Analyzers, on page 57.) Tip: The Sniff option can be used for troubleshooting the network interfaces. Select Sniff on an interface to run network sniffer on that interface. Press ENTER to exit the sniffer. 5. To define more network interfaces, select Add again. 6. To define the Management interface, highlight the interface s Mgmt column and press SPACEBAR to select it. An asterisk (*) appears to indicate the management interface. 7. Highlight Next and press ENTER to continue. Contacting the Management Server To contact the Management Server 1. Next, the Prepare for Management Contact window opens. If the initial configuration was imported using a floppy disk, most of this information is already defined. Note The IP addresses and gateways defined here are used only during the intial Management Server contact. The actual operative configuration defined in the Management Center is installed automatically during the policy installation. ILLUSTRATION 6.12 Preparing for the Management Contact 2. Select the Switch to initial configuration checkbox to activate an initial configuration. If you run the sg-reconfigure command later, you can choose to: switch to an initial configuration by selecting the checkbox. use the current configuration by unselecting the checkbox. In this case, the currently active policy will remain active. All other changes (host name, time zone, 94

95 Configuring the Sensor or Analyzer SSH daemon, NIC mapping, management contact, etc.) will take effect after clicking Finish. 3. Define the IP address used for the management connections to this machine. The IP address must be the same as specified control IP address in the Sensor (or Analyzer) element on the Management Server. 4. Next, define the netmask for the IP address used for the management connections to this machine (e.g., ). 5. Define the address of the default gateway needed for this machine to contact the Management Server. If the Management Server are on the same network, you can leave this line empty. ILLUSTRATION 6.13 Management Server Contact Information 6. Highlight Contact Management Server and press SPACEBAR to enable the initial connection to the Management Server. During this contact, the trust relationship is established between this machine and the Management Server. An asterisk (*) indicates that the option is active. If the configuration was imported from a floppy disk created in Saving the Initial Configuration, on page 77, the Management Server contact information is automatically filled in. 6.1 In the IP address field, enter the Management Server s IP address. (If the Management Server is behind a NAT, define the NATed address to be contacted.) 6.2 In the One-time password field, enter the password for contacting the Management Server. The password is engine-specific and can be used only for one initial connection to the Management Server. 6.3 Optionally, enter the Management Server certificate s fingerprint for verification. ILLUSTRATION 6.14 StoneGate IPS Engine Type StoneGate IPS Installation Guide 95

96 Chapter 6: Installing Sensors and Analyzers 7. Select the StoneGate IPS engine type by highlighting the correct line and pressing SPACEBAR. An asterisk (*) indicates the selected engine type. 8. To complete the configuration, highlight Finish and press ENTER. 9. If the initial Management Server contact was selected, the engine tries to connect to the Management Server. If the initial management contact fails for some reason, the configuration can be started again with the sg-reconfigure command. Note If the engine cannot communicate with the Management Server and you receive a connection refused error message, ensure that the one-time password is correct and the Management Server IP address is reachable from this machine. 10. After a successful Management Server contact, the engine installation is complete and ready for policy upload from the Management Server. This is displayed in the GUI; the node s status has changed from Unknown to Policy Not Installed, and the connection state is Connected indicating that the Management Server is able to connect to this engine. Related Topics! After installing the Sensor and Analyzer engines, proceed to Installing Policies, on page 103. Installing in Expert Mode Installation of the StoneGate IPS Sensor or Analyzer in expert mode is essentially the same as the normal full install described in Installing the Sensor or Analyzer Engine, on page 88. The difference is that in expert mode, the administrator makes the partitions on the hard disk manually rather than having it done automatically by the installation. If you are unfamiliar with partitioning hard disks in Linux, it is recommended that you use the normal installation process as outlined in Installing the Sensor or Analyzer Engine, on page 88. Note The machines running the Sensors and Analyzers are dedicated for the IPS functionality. Therefore, these machines should not run any other software. 96

97 Installing in Expert Mode Note Check that the Automatic Power Management (APM) and Advanced Configuration and Power Interface (ACPI) settings are disabled in BIOS. Otherwise, the engine may not start after installation or may shut down unexpectedly. The following step-by-step instructions provide an example of a typical engine installation on an unpartitioned hard disk. The screens appearing during the installation differ slightly depending on your system configuration. Checking the File Integrity Before installing StoneGate IPS, check the installation package integrity using the MD5 or SHA-1 file checksums as explained in Checking the File Integrity, on page 25. Booting From the CD-ROM To install StoneGate IPS Sensor or Analyzer from a CD-ROM 1. To begin, insert the StoneGate IPS engine installation CD-ROM into the drive and reboot the machine from the CD-ROM. Accept the license agreement to continue. ILLUSTRATION 6.15 Selecting the Install Mode 2. After accepting the license agreement, choose 2 for Full install in expert mode and press ENTER. 3. For partitioning the hard disk, proceed to Partitioning the Hard Disk Manually, on page 98. StoneGate IPS Installation Guide 97

98 Chapter 6: Installing Sensors and Analyzers Partitioning the Hard Disk Manually Typically, you need five partitions for the StoneGate IPS Sensor or Analyzer as explained in Table 6.1. TABLE 6.1 StoneGate IPS Partitions Partition Recommended size Description Engine root A 200 MB The bootable root partition for the StoneGate IPS engine. Engine root B Swap Data 200 MB Twice the physical memory 500 MB or more Alternative root partition for the StoneGate IPS engine. Used for the engine upgrade. Swap partition for the StoneGate IPS engine. Used for the boot configuration files and the root user s home directory. Spool Rest of free disk space Used for spooling The partitions are allocated in two phases. First, disk partitions are created and second, the partitions are allocated for their use purposes. Caution Partitioning deletes all the existing data on the hard disk. To partition the hard disk 1. If you are asked whether you want to create an empty partition table, type y to continue. ILLUSTRATION 6.16 Starting Partitioning 2. Press ENTER to continue. 98

99 Installing in Expert Mode ILLUSTRATION 6.17 Defining the Partition Table 3. Create the partitions for the engine as follows: 3.1 For engine root A: 200 MB, bootable, Primary, Linux partition 3.2 For engine root B: 200 MB, Primary, Linux partition 3.3 For swap: twice the size of physical memory, Logical, Linux swap partition. To change the partition type to Linux swap, select Type and enter 82 as the file system type. 3.4 For data: 500 MB or more, Logical, Linux partition 3.5 For spool: allocate rest of the free disk space, Logical, Linux partition. 4. Check that the partition table information is correct. 5. Select Write to commit the changes and confirm by typing yes. 6. Select Quit and press ENTER. Allocating Partitions After partitioning the hard disk, the partitions are allocated for the StoneGate IPS engine. StoneGate IPS Installation Guide 99

100 Chapter 6: Installing Sensors and Analyzers To allocate the partitions ILLUSTRATION 6.18 Checking the Partition Table 1. Check that the partition table is correct. Type YES to continue. ILLUSTRATION 6.19 Allocating Partitions 2. Using the partition numbers of the partition table (see Illustration 6.18), assign the partitions for the engine, for example: 2.1 For the engine root A partition, type For the engine root B partition, type For the swap partition, type For the data partition, type For the spool partition, type

101 Installing in Expert Mode ILLUSTRATION 6.20 Accepting the Partition Allocation 3. Check the partition allocation and type YES to continue. ILLUSTRATION 6.21 Installation Finished 4. The StoneGate IPS engine installation process is started. When installation is complete, remove the CD-ROM from the machine and press ENTER to reboot. 5. Continue the configuration as described in Configuring the Sensor or Analyzer, on page 90. StoneGate IPS Installation Guide 101

102 Chapter 6: Installing Sensors and Analyzers 102

103 CHAPTER 7 Installing Policies This chapter describes policy installation on StoneGate IPS Sensors and Analyzers. This chapter includes the following sections: Installing the System Policies, on page 104. StoneGate IPS Installation Guide 103

104 Chapter 7: Installing Policies Installing the System Policies Starting with the predefined Sensor and Analyzer system policies is very straightforward: just install the system policies on the engines. It is often easiest to start with a system policy and later fine-tune the system as needed. The system policies and the needed inspection agents, fingerprints etc. were imported to the SMC as explained in Importing Dynamic Updates, on page 58. To install a system policy 1. Open the Sensor policies by clicking on the Policies icon in the toolbar and selecting Sensor Policy from the contextual menu that opens. 2. Right-click on the policy to be installed in the tree view and select Install. ILLUSTRATION 7.1 Select the Engine for Installing a Policy 3. Select the engine from the presented list and click OK to install the policy. The install progress window is displayed. 104

105 Installing the System Policies ILLUSTRATION 7.2 Sensor Policy Installation Status 4. Repeat the steps to install the system policies on all Sensors and Analyzers. 5. Switch to a Monitoring window. ILLUSTRATION 7.3 Commanding Sensor Onlinel 6. Right-click on the Sensors one by one and select Commands Go Online. The Sensor starts inspecting the network traffic. 7. You can inspect the generated logs and alerts by selecting Montitoring Logs and Alerts IPS Current Logs or IPS Stored Logs. StoneGate IPS Installation Guide 105

106 Chapter 7: Installing Policies ILLUSTRATION 7.4 Browsing the IPS Event Logs Your StoneGate IPS system is now fully operational. For more information on managing and customizing the system, please refer to the StoneGate IPS Administrator s Guide and StoneGate IPS Administrator s Reference. 106

107 UPGRADING STONEGATE IPS

108

109 CHAPTER 8 Upgrading And Updating When there is a new version of the StoneGate Management Center or the Sensor and Analyzer engine software, you should upgrade as soon as possible. You can download the new version and generate licenses for it if needed at the Stonesoft website as further explained. Additionally, StoneGate IPS is frequently updated to detect new attacks and vulnerabilities with new Dynamic Update packages that you can quickly import and activate. On occasion, you may need to upgrade first before you can use a certain dynamic update package. The following sections are included: Getting Started with Upgrading StoneGate, on page 110 Upgrading or Generating Licenses, on page 112 Upgrading the Management Center, on page 116 Upgrading Engines Remotely, on page 119 Upgrading Engines Locally, on page 121 Installing IPS Dynamic Updates, on page 122 StoneGate IPS Installation Guide 109

110 Chapter 8: Upgrading And Updating Getting Started with Upgrading StoneGate You can upgrade Management Center components as well as the Sensors and Analyzers without uninstalling the previous version. The Sensors and Analyzers may be upgraded manually or remotely. During a Sensor cluster upgrade, it is possible to have the upgraded nodes online and operational side by side with the older version nodes. This way, you can also change the hardware of the nodes one by one while the other nodes handle the traffic. Caution If you are upgrading from Management Server version or older: first upgrade to 2.0.8, start the Management Server, shut it down, and only then upgrade to the most recent version. Proceed to the Configuration Overview to begin with the configuration. Configuration Overview The upgrade procedure is the same for StoneGate Firewall/VPN and IPS systems: 1. Check the latest known issues list on the Stonesoft Web site for the version you are about to install at Known_Issues/. 2. Obtain the installation files at and check the installation file integrity (see Checking File Integrity, on page 111). 3. Burn the ISO image file you downloaded onto a CD-ROM using your CDburning software (this CD-ROM is later referred to as the StoneGate installation CD-ROM). 4. Read the release notes for the new version you are about to install. They can be found at the Stonesoft website (at StoneGate/Release_Information/). 5. Check the latest known issues list on the Stonesoft Web site for the version you are about to install at Known_Issues/. 6. Update the licenses (if necessary; see Upgrading or Generating Licenses, on page 112). 7. Upgrade the Management Server, the Log Servers, Monitoring Servers (if any), and the GUI clients (see Upgrading the Management Center, on page 116). The operation of StoneGate Sensors and Analyzers is not interrupted even if the Management Center is offline. 110

111 Getting Started with Upgrading StoneGate 8. Upgrade the Sensor and Analyzer engines one by one. Confirm that the upgraded engine operates normally before upgrading the next engine (see Upgrading Engines Remotely, on page 119 or Upgrading Engines Locally, on page 121). 9. If you have StoneGate IPS, you should also check if there are new Dynamic Update packages available and import and activate them (see Installing IPS Dynamic Updates, on page 122). StoneGate operates normally during the upgrade process, even if there are two versions of the different system components running at the same time. For full functionality, all the system components should be upgraded to the same version as soon as possible. When you have downloaded the necessary installation files, proceed to Checking File Integrity. Checking File Integrity Before installing StoneGate, check the installation file integrity using the MD5 or SHA-1 file checksums. The checksums are on the StoneGate installation CD-ROM and on the product-specific download pages at the Stonesoft Web site at For more information on MD5 and SHA-1, please see RFC1321 and RFC3174, respectively. The RFCs can be obtained from Windows does not have MD5 or SHA-1 checksum programs by default, but there are several third-party programs available. To check MD5 or SHA-1 file checksum 1. Obtain the checksum files from Stonesoft Web site at download/. 2. Change to the directory that contains the file(s) to be checked. 3. Generate a checksum of the file using the command md5sum filename or sha1sum filename, where filename is the name of the installation file. ILLUSTRATION 8.1 Checking the File Checksums $ md5sum sg_engine_ iso 869aecd7dc39321aa2e0cfaf7fafdb8f sg_engine_ iso 4. Compare the displayed output to the checksum on the Web site. StoneGate IPS Installation Guide 111

112 Chapter 8: Upgrading And Updating Caution Do not use files that have invalid checksums. After checking the file integrity, burn the ISO file on a CD-ROM using appropriate software and read the release-specific information on Stonesoft s web site. Create the installation CD-ROM, then proceed to Upgrading or Generating Licenses. If you are absolutely sure you do not need to upgrade your licenses, proceed to Upgrading the Management Center, on page 116. Upgrading or Generating Licenses When you installed StoneGate for the first time, you installed licenses that work with all versions of StoneGate up to that particular version. Usually, licenses need to be upgraded except for the patch releases. If you are simultaneously installing new StoneGate components that you have not previously licensed, or if you want to change the IP address for an IP address bound license, you do need to generate new licenses. If you do not need to upgrade licenses or create new ones, proceed to Upgrading the Management Center, on page 116. If you need new licenses: Proceed to Upgrading Licenses Under Multiple Proof Codes, on page 114 to upgrade one or more licenses at once. Proceed to Upgrading Licenses Under One Proof Code, on page 113 to upgrade the licenses one by one. Proceed to Generating a New License to generate a completely new license. Generating a New License You generate the licenses at the Stonesoft Web site based on your proof of license (POL, for software, included in the order confirmation message sent by Stonesoft) or proof of serial number (POS, for appliances, printed on a label attached to the appliance hardware). Evaluation licenses are also available at the Web site. Generated licenses are always for the newest software version you are entitled to, but you can use them with older versions as well. If you are licensing several components of the same type, remember to generate one license for each (it may be more convenient to use the multi-upgrade feature, see Upgrading Licenses Under Multiple Proof Codes, on page 114). 112

113 Upgrading or Generating Licenses There are two types of licenses that you can generate: IP-address-bound licenses: For all Management Center components and optionally engines with non-dynamic control IP addresses. If you want to change the IP address the license is bound to, you need to fill in a request at the licensing Web site. Management bound licenses: For firewall and IPS engines (bound to the proof of license of the Management Server). These licenses can be switched from one engine to another if you delete the previous element it was bound to or re-license it and refresh its policy. Note Management bound licenses can only be imported to Management Server version 3.0 or newer. If necessary, upgrade your Management Server before importing the engine licenses. To generate a new license 1. Take your Web browser to 2. Enter the required code (proof of license or proof of serial number) to the correct field and click Continue. The license page opens. 3. Click Register. The license generation page opens. 4. Read the directions on the page and fill in (at least) the required fields. 5. Enter the IP addresses of the Management Center components you want to license (if any). The license is bound to the IP address you give, and you will have to return to the licensing page if you need to change the IP address. 6. Enter the Management Server s proof of license code (or the engine s IP address) for the engines you want to license (if any). 7. Click Register License. The license file is sent to you in a moment, and also becomes downloadable in the License Center. Note Evaluation licenses orders or requests for an IP address change of an existing license may need manual processing. See the license page for current delivery times and details. Proceed to Installing Licenses. Upgrading Licenses Under One Proof Code A license file generated under one POL or POS code contains the license information for one or more components. You can also always use the multi-upgrade form to upgrade the licenses (see Upgrading Licenses Under Multiple Proof Codes, on page 114). StoneGate IPS Installation Guide 113

114 Chapter 8: Upgrading And Updating To generate a new license 1. Take your Web browser to 2. Enter the required code (proof of license or proof of serial number) to the correct field and click Continue. The license page opens. 3. Click Upgrade. The license upgrade page opens. 4. Follow the directions on the page that opens to upgrade the license. Repeat for other licenses. When done, proceed to Installing Licenses, on page 115. Upgrading Licenses Under Multiple Proof Codes If you have several existing licenses with different POL or POS codes that you need to upgrade, you can make the work easier by generating the new licenses all at once. With any version of the Management Center, you can copy-paste the POL or POS codes (from the Administration Client, , or elsewhere) directly in the field reserved for this in the Multi-upgrade form and generate the new licenses that way. Proceed to Installing Licenses, on page 115 after doing this. With Management Center version 3.2 or newer, you can generate a text file by exporting information on licenses from the Administration Client and import the text file to the licensing Web site as explained below. To upgrade multiple licenses 1. Expand the Administration tree and navigate to the type of Licenses you want to upgrade, or to All Licenses. 2. Ctrl-select or Shift-select the licenses you want to upgrade. ILLUSTRATION 8.2 Exporting License Information Select one or more licenses for elements of any type. Right-click to export 114

115 Upgrading or Generating Licenses 3. Right-click one of the selected items and select Export License Info from the contextual menu that opens. A file save dialog opens. 4. Select a location and type in a name for the file. The default file ending is.req, but you may change this to something else if required. 5. Click Save. The license information is exported to the file you specified and a message pops up. 6. (Optional) Click the link in the message to launch the Stonesoft License Web site s multi-upgrade form in the default Web browser on your system. 7. Upload the license file to the Stonesoft License Web site using the multi-upgrade form, and submit the form with the required details. The upgraded licenses are sent to you. Tip: You can view and download your current licenses at the license Web site (log in by entering the proof-of-license or proof-of-serial number code at the License Center main page). After receiving the new licenses, proceed to Installing Licenses. Installing Licenses After you have generated a license file (Generating a New License, on page 112), you import the license file into the Management Center. To install StoneGate licenses 1. Expand the Administration tree and navigate to Licenses. 2. If the IPS engine(s) you want to re-license have a management bound license, unbind the previous license by right-clicking on the license or the engine and selecting Unbind from the contextual menu that opens. 3. Import the licenses from a.jar license file by selecting File System Tools Install Licenses from the menu. 4. Select a license file and click Install. The licenses are imported and activated. ILLUSTRATION 8.3 Binding a Dynamic License StoneGate IPS Installation Guide 115

116 Chapter 8: Upgrading And Updating 5. You need to bind each license to a specific engine if your engine licenses are management bound (i.e., tied to the Management Server s proof of license). 5.1 Right-click the license and select Bind. The Select License Binding dialog opens. 5.2 Select the correct engine from the list and click Select to bind the license to this firewall. The license is now bound to the selected element. 5.3 If you made a mistake, unbind the license by right-clicking it and selecting Unbind. Caution When you upload a policy on the engine, the license is permanently bound to that engine. Such licenses cannot be re-bound to some other engine without re-licensing or deleting the engine element it is bound to in the GUI. When unbound, such a license is shown as Retained. 6. Check the displayed license information, and that all the components you meant to license have disappeared from the Unlicensed Components tree. 7. You can leave the old licenses as they are, but if you so wish, you can remove them by right-clicking them and selecting Delete from the contextual menu that opens. If you are upgrading your system, proceed to Upgrading the Management Center. Upgrading the Management Center This section provides an outline that should be sufficient in most cases. For more detailed instructions on how to upgrade the StoneGate Management Center, please refer to the Management Center installation instructions. There is no need to uninstall the previous version. The install shield will detect the components that need to be upgraded. When upgrading from version or older, the Management Center first needs to be upgraded to 2.0.8, started, then stopped before upgrading to a later version. For upgrading to 2.0.8, see the Installation Guide for version 2.0 at Caution Backup the Management Server before upgrading it. You are also prompted during the upgrade process for making an automatic backup of the Management Server data. Before you start the installation, stop the previously installed Management Center components running on the target machine. 116

117 Upgrading the Management Center To upgrade StoneGate Management Center components 1. Check that the StoneGate Management Server and Log Server processes or services have stopped and that the GUI client is not running on the machine 2. Insert the StoneGate installation CD-ROM and run the setup executable. The License Agreement is shown. 3. Read and accept the License Agreement to continue with the installation. ILLUSTRATION 8.4 Defining the Installation Directory 4. StoneGate automatically detects the previous installation directory. Click Next to accept this location. ILLUSTRATION 8.5 Selecting the Components for Upgrade 5. StoneGate displays the components that will be upgraded. Click Next to continue. StoneGate IPS Installation Guide 117

118 Chapter 8: Upgrading And Updating 6. When upgrading the Management Server, you are prompted for backing up the current Management Server data as a precaution. Select Yes to back up the Management Server data to the <SGHOME>/backups/ directory. Caution On a Windows system, make sure that you have closed the Windows Services window before you complete the next step. Otherwise, the services may not be installed correctly. 7. Check the pre-installation summary and click Install to continue. The upgrade begins. 8. When the upgrade is complete, click Done to close the window. You may have to reboot before you can start the upgraded components. If you upgraded from a version prior to 3.0, proceed to Upgrading the Log Database below. The Management Center upgrade is complete. If you are installing new engine versions as well, proceed to Upgrading Engines Remotely, on page 119 or Upgrading Engines Locally, on page 121. If you have StoneGate IPS, and you have the latest engine version, you should check for new Dynamic Updates and import and activate them as explained in Installing IPS Dynamic Updates, on page 122. Upgrading the Log Database The log storage scheme was changed in StoneGate Management Center version 3.0. This means that if you need to manage older log data (prior to version 3.0) with the new version of the Log Server, you need to convert the old logs to the new format. Do this by running the script sgconvertlogdatabase. Similarly, if you want to manage old log archives you also need to convert them. Do this by running the script sgconvertarchive. For more information about running these scripts, please see Command Line Tools, on page 127. Note If the upgraded Log Server is installed on a separate machine from the Management Server, the Log Server properties must be updated manually (e.g., SMTP server, SNMP server,...) If you are installing new engine versions as well, proceed to Upgrading Engines Remotely or Upgrading Engines Locally, on page

119 Upgrading Engines Remotely Upgrading Engines Remotely StoneGate supports the remote upgrade of Sensor and Analyzer engines from the Management Server. During a Sensor cluster upgrade process, it is possible to have the upgraded nodes online and operational side by side with the older version nodes. Before upgrading StoneGate, check the installation package integrity using the MD5 or SHA-1 file checksums as explained in the Checking File Integrity, on page 111. To upgrade a StoneGate engine remotely 1. Copy the sg_engine_version_platform.zip file from the CD-ROM to the directory <SGHOME>/data/engineimages/ on your Management Server. ILLUSTRATION 8.6 Commanding Node Offline for Upgrade 2. Select the component you want to upgrade in the left panel. The individual node(s) appear in the Info panel. 3. Right-click the engine node you wish to upgrade and select Commands Go Offline to command the engine node offline. StoneGate IPS Installation Guide 119

120 Chapter 8: Upgrading And Updating ILLUSTRATION 8.7 Starting Upgrade Process 4. Right-click the engine node you wish to upgrade and select Upgrade Software. The engine upgrade window opens, showing you a list of the engine images that are available for installation. 5. To avoid rebooting the node right after the new configuration is ready, deselect the Activate checkbox. The new configuration is loaded to the engine, but is not used. To activate the new configuration later, return to the same dialog and deselect Transfer. Caution Do not activate the new configuration simultaneously on all nodes of a cluster. Activate the new configuration one node at a time, and proceed to the next node only after the previous node is back online. 6. Choose the correct engine version and select Upgrade. The time it takes to upgrade your node varies depending on the performance of your machine and the network environment. ILLUSTRATION 8.8 Monitoring Upgrade Process 120

121 Upgrading Engines Locally The upgrade tab opens (possibly opening a new Configuration window) and informs you when the process is finished. If you chose to activate the new configuration, once the engine is successfully upgraded, the machine is automatically rebooted and the upgraded engine is brought up to offline state. Right-click the upgraded engine node and select Commands Go Online to command the engine node online. If you are upgrading a Sensor cluster, continue the upgrade on the next node when the upgraded node is operational. StoneGate operates normally with two different versions of the engines online during the upgrade. Proceed to check for new Dynamic Updates and import and activate them as explained in Installing IPS Dynamic Updates, on page 122. Upgrading Engines Locally In addition to upgrading the Sensor and Analyzer engines remotely from the Management Server, it is possible to upgrade the engines locally at the site as described in this section. During a Sensor cluster upgrade process, it is possible to have the upgraded nodes online and operational side by side with the older version nodes. Proceed to Upgrading StoneGate IPS. Upgrading StoneGate IPS Follow the procedure below to upgrade StoneGate engines to the latest version locally at the engine location. To upgrade the engine 1. Log in to the node as root. 2. Insert the StoneGate engine installation CD-ROM into the engine s drive. 3. There are two ways to upgrade the node: Normal upgrade: type the command sg-upgrade to start the upgrade process. Continue in Step 6. Upgrade with configuration options: reboot the node from the CD-ROM with command reboot. The upgrade uses the installation wizard. Continue in Step 4. StoneGate IPS Installation Guide 121

122 Chapter 8: Upgrading And Updating ILLUSTRATION 8.9 Upgrade Options 4. If the node is rebooted from the CD-ROM, choose one of these four options: Upgrade existing installation: choose this option to upgrade the previous installation to a new version. This option is recommended for most upgrades. Re-install using configuration from existing installation: choose this option to re-install the engine using the existing configuration files. Please, refer to the platform specific engine installation chapter for instructions. Full re-install: choose this option to reinstall the engine completely by removing the engine s current configuration. Please, refer to the platform specific engine installation chapter for instructions. Full re-install in expert mode: choose this option to reinstall the engine in expert mode by removing the engine s current configuration. Please, refer to the platform specific engine installation chapter for instructions. 5. Select 1 to upgrade the previous installation and press ENTER to continue. The upgrade process starts. 6. Right-click the upgraded engine node in the Administration Client and select Go Online to command the engine node online. The node can also be put online with command sg-cluster online on the node. 7. If you are upgrading a Sensor cluster, continue the upgrade on the next node when the upgraded node is operational. StoneGate operates normally with two different versions online during the upgrade. Check for new Dynamic Updates and import and activate them as explained in Installing IPS Dynamic Updates, on page 122. Installing IPS Dynamic Updates Dynamic updates for StoneGate IPS provide the latest inspection modules, agents, fingerprints, and system policies for up-to-date intrusion detection. The Management Server can be configured to check automatically for the available dynamic updates. You can also import the dynamic updates manually through the GUI client. 122

123 Installing IPS Dynamic Updates To activate automatic update package polling 1. In the GUI client, select File System Tools Configure Updates. ILLUSTRATION 8.10 Configuring the Automatic Dynamic Updates Checking 2. Define the update checking frequency and the URL of the update server. 3. If proxy is used, define the proxy IP address and port. An alert is sent when new update packages are available. You can download and activate them in the Configuration window in the Administration Updates folder. To import and activate an update package manually 1. Go to the Web location and download the new update packages. Note Ensure that the MD5 checksums for the original files verified by Stonesoft and the files that you have downloaded match. 2. In a Configuration window of the Administration Client, navigate to Administration Updates to view all the imported and activated update packages. 3. Right-click Updates and select Import Update Packages from the contextual menu that opens. A file browser dialog opens. 4. Browse to the location where you have saved the downloaded update packages. 5. Select the required update packages and click the Import button. The packages are imported in the Management System and they are shown as Imported. StoneGate IPS Installation Guide 123

124 Chapter 8: Upgrading And Updating 6. Select the modules that you want to activate. Right-click them and select Activate in the contextual menu. The selected packages are automatically updated in your system and shown as Active. Follow the directions below, if you want to see what is included in the packages before you activate them. To view the contents of an update package 1. In a Configuration window, navigate to Administration Updates to view all the imported and activated update packages. 2. Right-click an update package and select Show Contents. The contents of the package are displayed in a separate window. ILLUSTRATION 8.11 Update Package Contents After activating a dynamic update package, the updates can be taken immediately into use in the security policies and in the system configuration. The latest versions of the fingerprints and inspection agents are always used in the predefined system policies. For the custom agents you can select which parameters to update automatically. 124

125 APPENDICES

126

127 APPENDIX A Command Line Tools This appendix describes the command line tools for StoneGate Management Center and the engines. The following sections are included: Management Center Commands, on page 128 Engine Commands, on page 133. StoneGate IPS Installation Guide 127

128 Appendix A: Command Line Tools Management Center Commands The Management Server and the Log Server commands are found in the SGHOME/bin/ directory. In Windows, the command line tools are *.bat script files. In Linux and Unix, the files are *.sh scripts. Note Using the GUI client is the recommended configuration method, as most of the same tasks can be done through it. TABLE A.1 Management Center Command Line Tools Command sgarchiveexport [-v] [-c -x] [-o EXPORT_FILE] [-f FILTER -e EXPRESSION] [-l [FW IPS ALERT] ARCHIVES] sgbackuplogsrv Description Exports logs from the log archive files or directly as they are received by the Log Server. This command is available only on the Log Server. -v option displays verbose output on the command execution. -c option exports the data in comma-separated (CSV) format. -x option exports the data in XML format. -o EXPORT_FILE option defines the destination file where the logs will be exported. If the option is not used, the output is displayed on screen. -f FILTER option defines the filter file used for filtering the log data for exporting. Filters can be saved in the GUI client s Filter Expression Editor. -e EXPRESSION option defines the filtering expression used for filtering the log data for exporting. The filter expressions can be viewed in the GUI client s Filter Expression Editor. -l [FW IPS ALERT] option exports the firewall, IPS, or alert data directly from the Log Server instead of log archive files. ARCHIVES option is a list of the log archive files and/or the directories to be exported. Creates a backup of all Log Server configuration and log data. The backup file is stored in the SGHOME/backups/ directory. You can restore the entire backup (the log database and/or configuration files) using the sgrestorelogbackup command. You can restore just the log database using the sgrecoverlogdatabase command. 128

129 TABLE A.1 Management Center Command Line Tools (Continued) Command sgbackupmgtsrv sgcertifylogsrv sgcertifymgtsrv sgcertifymonitoringserver sgchangemgtiponlogsrv NEW_IP_ADDR sgchangemgtiponmgtsrv NEW_IP_ADDR sgclient Creates a backup of all Management Server configuration and database data. The backup file is stored in the SGHOME/backups/ directory. You can restore the entire backup (the Management Server database and/or configuration files) using the sgrestoremgtbackup command. You can restore just the Management Server database using the sgrecovermgtdatabase command. Certifies the Log Server on the Management Server. The certificate is required to allow secure communication between the Log Server and the Management Server. Recreates the Management Server s certificate. The Management Server certificate is required for secure communications between the StoneGate system components, as well as for the VPN connections that use the certificate authentication. Certifies the Monitoring Server on the Management Server. The certificate is required to allow secure communication between the Monitoring Server and the Management Server. Changes the Management Server s IP address on the Log Server. Use this command to configure a new Management Server s IP address on the Log Server. Restart the Log Server after this command. NEW_IP_ADDR is the new Management Server s IP address. Changes the Management Server s IP address. Use this command when you want to change the Management Server s IP address to reflect changes made in the operating system. Restart the Management Server after this command. NEW_IP_ADDR is the new Management Server s IP address Starts the StoneGate GUI client. Description StoneGate IPS Installation Guide 129

130 Appendix A: Command Line Tools TABLE A.1 Management Center Command Line Tools (Continued) sgconvertarchive [-v] [-delete] ARCHIVE_DIR ARCHIVES sgconvertlogdatabase [-v] [-delete] ARCHIVE_DIR [-resume] sgcreateadmin Command sgexport -file FILE -type TYPE [-rb RULEBASE] Description Converts archived logs from StoneGate 2.x format to StoneGate Management Center s archive file format. This command is available only on the Log Server. -v option displays verbose output on the command execution. -delete option removes the StoneGate 2.x archive files after conversion to free the disk space. The log entries are removed after the conversion process is completed. ARCHIVE_DIR is the number of the archive directory (0 31) where the converted logs will be located. By default, only archive directory 0 is defined. The archive directories can be defined in the SGHOME/data/ LogServerConfiguration.txt file: ARCHIVE_DIR_xx=PATH. ARCHIVES is a list of the archive files and/or the directories to be converted. Converts logs from StoneGate 2.x database to StoneGate Management Center s archive file format. This command is available only on the Log Server. The conversion process can be stopped at any time. The conversion will continue from the latest converted log entry when resuming the process. -v option displays verbose output on the command execution. -delete option removes the converted logs from the StoneGate 2.x database to free the disk space. The log entries are removed after the conversion process is completed. ARCHIVE_DIR is the number of the archive directory (0 31) where the converted logs will be located. By default, only archive directory 0 is defined. The archive directories can be defined in the SGHOME/data/ LogServerConfiguration.txt file: ARCHIVE_DIR_xx=PATH. -resume option continues a previously interrupted conversion from the latest converted log entry. Creates a superuser administrator account. The Management Server needs to be stopped before running this command. Exports StoneGate Management Server database elements to an XML file. This command can export network elements, service definitions, rule bases, and individual rules. Run the command without arguments to display the syntax. FILE is the file for the exported elements. TYPE is the element types to be exported: nw=network elements, sv=services, r=rules, al=alerts. RULEBASE (optional) specifies the name of the rulebase to be exported. 130

131 TABLE A.1 Management Center Command Line Tools (Continued) Command sgimport -file FILE sginfo sgrecoverlogdatabase sgrecovermgtdatabase sgrecreatelogdatabase sgrestorearchive ARCHIVE_DIR sgrestorecertificate Description Imports StoneGate Management Server database elements from an XML file. This command can import network elements, service definitions, rule bases, and individual rules. Run the command without arguments to display the syntax. FILE is the file from which the elements are imported. The file must be in the same directory with the StoneGate DTD files in SGHOME/data/. It can be defined whether the imported objects should overwrite the existing elements in the Management Server. By default, the existing elements are not overwritten. This is configured in the Management Server s SGHOME/ data/sgconfiguration.txt file as follows: To keep the existing objects (the default setting), set: SG_SKIP_DURING_IMPORT=true To overwrite the existing objects with the imported objects, set: SG_SKIP_DURING_IMPORT=false Creates a ZIP file that contains copies of configuration files and the system trace files containing logs on problem situations. The ZIP file is stored in the user s home directory. The file location is displayed on the last line of screen output. Provide the generated file to Stonesoft support for troubleshooting purposes. Restores a Log Server database from the most recent backup copy. Use this tool only if the Log Server database becomes corrupted. Restores the Management Server s database from the most recent backup copy in the SGHOME/backups/ directory. Use this tool only if the Management Server database becomes corrupted. Creates a new Log Server database. Use this tool only if the Log Server database becomes corrupted. Restores logs from archive files to the Log Server. This command is available only on the Log Server. ARCHIVE_DIR is the number of the archive directory (0 31) from where the logs will be restored. By default, only archive directory 0 is defined. The archive directories can be defined in the SGHOME/data/ LogServerConfiguration.txt file: ARCHIVE_DIR_xx=PATH. Restores the Certificate Authority (CA) or the Management Server certificate from a backup file in the SGHOME/backups/ directory. StoneGate IPS Installation Guide 131

132 Appendix A: Command Line Tools TABLE A.1 Management Center Command Line Tools (Continued) sgrestorelogbackup sgrestoremgtbackup sgshowfingerprint sgstartlogdatabase sgstartlogsrv sgstartmgtdatabase sgstartmgtsrv Command sgstartmonitoringserver sgstoplogdatabase sgstopmgtdatabase sgstopmonitoringserver sgstopremotemgtsrv [-host HOST] [-port PORTNUM] [-login LOGINNAME] [-pass PASSWORD] Restores the Log Server (logs and/or configuration files) from a backup file in the SGHOME/backups/ directory. Restores the Management Server (database and/or configuration files) from a backup file in the SGHOME/backups/ directory. Displays the CA certificate s fingerprint on the Management Server. Starts the Log Server s database. (The Log Server s database is started and stopped automatically when starting/stopping the Log Server service.) Starts the Log Server and its database. Starts the Management Server s database. (The Management Server s database is started and stopped automatically when starting/stopping the Management Server service.) Starts the Management Server and its database. Starts the Monitoring Server used by the Monitoring Client. Stops the Log Server s database. Description Stops the Management Server s database. (The Management Server s database is started and stopped automatically when starting/stopping the Management Server service.) Stops the Monitoring Server used by the Monitoring Client. Stops the local Management Server service when run without arguments. To stop a remote Management Server service, provide the arguments to connect to the Management Server. HOST is the Management Server s host name if not localhost. PORT is the Management Server s GUI client port number (by default, 8902) LOGINNAME is a StoneGate administrator account for the login. PASSWORD is the password for the administrator account. 132

133 Engine Commands StoneGate engine commands can be run from the engine s command line. TABLE A.2 StoneGate-specific Command Line Tools on Engines Command sg-bootconfig sg-cluster sg-contact-mgt sginfo sg-logger sg-reconfigure sg-toggle-active sg-upgrade sg-version Description Can be used to configure secondary or serial console for the engine. See the command help sg-bootconfig --help for more information. Displays status of each node. You can also use it to change the status of a node. Run the command without arguments to display the syntax. Connects to the Management Server to establish a trust relationship. Gathers system information you can send to Stonesoft support if you are having problems. Instructions for use are available from Stonesoft support and at the Stonesoft Web site. Can be used in scripts to create log messages. Used for reconfiguring the node manually. Switches the engine to previous configuration and back. This change takes effect when you reboot the engine. Upgrades the node from a CD-ROM. Alternatively, the node can be upgraded remotely using the GUI client or by rebooting from the installation CD-ROM. Displays the software version and build number on the node. StoneGate IPS Installation Guide 133

134 Appendix A: Command Line Tools The table below lists some general operating system commands that may be useful in running your StoneGate engines. Some commands can be stopped by pressing Ctrl+C. TABLE A.3 General Command Line Tools on Engines Command Description dmesg halt ip ping ps reboot scp sftp ssh tcpdump top traceroute vpninfo Shows system logs and other information. Use the -h option to see usage. Shuts down the system. Displays IP-address related information. Type the command without options to see usage. Example: type ip addr for basic information on all interfaces. Tool for sending ICMP echo packages to test connectivity. Type the command without options to see usage. Reports status of running processes. Reboots the system. Upon reboot, you enter a menu with startup options. For example, this menu allows you to return the engine to the previous configuration. Secure copy. Type the command without options to see usage. Secure FTP (for transferring files securely). Type the command without options to see usage. SSH client (for opening a terminal connection to other hosts). Type the command without options to see usage. Gives information on network traffic. Use the -h option to see usage. Displays the top CPU processes taking most processor time. Use the -h option to see usage. Traces the route packets take to the specified destination. Type the command without options to see usage. Outputs various VPN related information. Type the command without options to see usage. 134

135 APPENDIX B StoneGate IPS Ports StoneGate IPS uses SSL/TLS-secured TCP connections between the system components. The connections and the TCP ports used are illustrated below. ILLUSTRATION B.1 TCP Connections Between the StoneGate IPS Components In Illustration B.1, the listening TCP ports are indicated in the boxes next to each system component. The connections are established in the direction of the arrows. The dashed StoneGate IPS Installation Guide 135

136 Appendix B: StoneGate IPS Ports arrows indicate the one-time connections during the initial configuration of the system components when they establish a trust relationship with the Management Server. After a successful initial connection, all the communications between the components take place as indicated by the arrows with the solid lines. The following table lists the ports used in communication between the StoneGate IPS components. TABLE B.1 StoneGate IPS Ports Listening hosts Port/ Protocol Contacting hosts Service description Analyzer 514/udp syslog Syslog messages forwarded to Analyzer Analyzer 4950/tcp Management Server Remote upgrade from the Management Server Analyzer 18889/tcp Management Server Analyzer 18890/tcp Sensor, Analyzer Log Server 3020/tcp Analyzer, Sensor Control connections, status monitoring, and policy upload Event data sent from the Sensors or other Analyzers. Log and alert messages from Analyzers and recording file transfers from Sensors Log Server /tcp GUI, Monitoring Server GUI and Monitoring Server connections to the Log server. Log Server 8987, 8990, 8995/tcp Management Server Management Server connections to the Alert Server. Management Server 3021/tcp Sensor, Analyzer Initial contact from Sensor or Analyzer during installation Management Server 5936/tcp Log Server Initial contact from Log Server during installation Management Server /tcp GUI, Log Server GUI and Log Server connections to the Management Server Monitoring Server /tcp Monitoring Client Monitoring Client GUI connection to Monitoring Server. Sensor /udp 3002,3003, 3010/tcp Sensor Heartbeat and state synchronization between the cluster nodes. Sensor 4950/tcp Management Server Remote upgrade from the Management Server 136

137 TABLE B.1 StoneGate IPS Ports Listening hosts Port/ Protocol Contacting hosts Service description Sensor 18888/tcp Management Server Control connections, status monitoring, and policy upload StoneGate firewall 15000/tcp Management server, IPS Analyzer Blacklist entries sent to firewall StoneGate IPS Installation Guide 137

138 Appendix B: StoneGate IPS Ports 138

139 Software and License Information Licenses Stonesoft products are sold pursuant to their relevant End-User License Agreements. By installing or otherwise using Stonesoft products in any way, endusers agree to be bound by such agreement(s). Please see Stonesoft's Website, for further details. If Licensee is acquiring the Software, including accompanying documentation on behalf of the U.S. Government, the following provisions apply. If the Software is supplied to the Department of Defense ( DoD ), the Software is subject to Restricted Rights, as that term is defined in the DOD Supplement to the Federal Acquisition Regulations ( DFAR ) in paragraph (c) (1). If the Software is supplied to any unit or agency of the United States Government other than DOD, the Government s rights in the Software will be as defined in paragraph (c) (2) of the Federal Acquisition Regulations ( FAR ). Use, duplication, reproduction or disclosure by the Government is subject to such restrictions or successor provisions. Product Export Restrictions The products described in this document are subject to export control under the laws of Finland and the European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft software in any manner is restricted and requires a license by the relevant authorities. StoneGate IPS Installation Guide 139

140 Software and License Information Patent Notice Multi-Link, Multi-Link VPN, and the StoneGate clustering technology as well as other technologies included in StoneGate are protected by pending patent applications in the U.S. and other countries. End-User Licence Agreement Copyright (c) Stonesoft Corporation. All rights reserved. STONEGATE END USER LICENSE AGREEMENT This End User License Agreement (the Agreement ) is an agreement between the legal entity using the Stonesoft StoneGate Software and, if applicable, StoneGate Hardware on which such Software was installed, including all individuals using the Software on behalf of the legal entity ( Licensee ) and Stonesoft Corp., a corporation organized under the laws of Finland ( Stonesoft ) with its principal place of business at Itälahdenkatu 22 A, Helsinki FIN-00210, Finland. PLEASE READ CAREFULLY THE TERMS OF THIS AGREEMENT PRIOR TO FIRST USE OF YOUR STONEGATE APPLIANCE OR SOFTWARE. BY USING ANY PART OF THE STONESOFT PRODUCT OR COPYING THE STONESOFT SOFTWARE IN ANY WAY, YOU AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS YOU MAY NOT USE THE SOFTWARE. IN THIS CASE YOU ARE ENTITLED, PRIOR TO THE FIRST USE OF THE SOFTWARE, TO RETURN YOUR STONEGATE APPLIANCE OR SOFTWARE TO THE PLACE OF PURCHASE FOR A FULL REFUND. DEFINITIONS Appliance means the Hardware together with the installed Software. Channel Partner means distributors and resellers authorized by Stonesoft or its distributors to sell the StoneGate Product. Hardware means the Stonesoft StoneGate hardware on which the Software operates, which is delivered to Licensee with the Software pre-installed if Licensee has purchased a StoneGate Appliance. License File means the file, which enables the Product to operate. This file can be generated by Licensee from Stonesoft s Website at by using the Proof of License, which is provided to Licensee along with the Product. Product means the StoneGate product(s) delivered under this Agreement, consisting of the Software, any tools, documentation, or associated materials that may accompany such delivery and, if applicable, the Hardware. Proof of License means the code provided by Stonesoft to Licensee, along with the Product, for the License File creation. Software means the object code copy of the StoneGate Firewall and VPN software solution developed by Stonesoft and all third party software that Stonesoft may license from third parties and deliver to the Licensee as part of the Software, as well as all related manuals and other documentation and any future upgrades provided by Stonesoft or its Channel Partner under this Agreement or any related maintenance agreement. Specifically excluded from this definition, however, are all software components licensed under the terms of the GNU General Public License or the GNU Lesser General Public License, as published by the Free Software Foundation (for example, software components relating to the Linux operating system kernel). Such components are distributed to you solely under the terms of those respective licenses, copies of which you have received along with the Software. 1. GRANT OF LICENSE 1.1 Subject to the terms and conditions of this Agreement, and subject to the payment of the agreed purchase price of the Product, Licensee is granted a non-exclusive, non-transferable, nonassignable license for one (1) installation of the Software, and any upgrades thereto, only for the use and configuration specified in the License File. If Hardware is delivered, Licensee is entitled to use the Software only on the Hardware on which it was pre-installed and only in accordance with the relevant end user documentation provided by Stonesoft or its Channel Partner. 1.2 In the event of a warranty replacement, Licensee may use the License File on a replacement Product. In such case, the terms of this Agreement shall apply to the use of the Software on the replacement Product. 1.3 Licensee may use the Products only in its own internal business operations. Licensee will not (i) allow others or develop methods for others to use the Products, (ii) rent the Products, (iii) use the Products for providing services to third parties or (iv) make the Products available on a time-sharing basis without a prior written consent of Stonesoft. 1.4 Licensee may make a reasonable number of back-up copies of the Software and any future upgrades. Licensee will reproduce all confidentiality and proprietary notices on each of these copies. Licensee may not (or permit others to) otherwise copy, reproduce, transfer, assign, sub-license, distribute, translate, modify, adapt, decompile, decipher, disassemble or reverse engineer the Software except to the extent expressly authorized by law. 2. SOFTWARE MAINTENANCE AND SUPPORT 2.1 Stonesoft provides support and maintenance and future upgrades for the Software only under a separate Support and Maintenance Agreement for so long as these services are generally available. 3. INTELLECTUAL PROPERTY RIGHTS 3.1 Title to the Software and all patents, copyrights, trade secrets and other proprietary rights in or related thereto are and will remain the exclusive property of Stonesoft and its licensors and subcontractors, whether or not specifically recognized or perfected under the laws of the country where the Software is used or located. Licensee will not take any action that jeopardizes such proprietary rights or acquire any right in the Software, except the limited license specified in this Agreement. Stonesoft and its licensors will own all rights in any copy, translation, modification, adaptation or derivation of the Software, including any improvement or development thereof. 140

141 4. TERM AND TERMINATION 4.1 This Agreement is effective until terminated. Stonesoft may terminate this Agreement with immediate effect at any time upon Licensee s breach of any of the provisions hereof. Upon termination of this Agreement, Licensee agrees to cease all use of the Products and to return to Stonesoft or destroy each copy of the Software and all documentation and related materials in Licensee s possession, and so certify to Stonesoft. Except for the license granted herein and as expressly provided herein, the terms of this Agreement shall survive termination. 5. INDEMNIFICATION 5.1 If notified promptly in writing of any action (and provided that Stonesoft has been promptly notified of all prior claims relating to such action) brought against Licensee based on a claim that the unaltered Software (excluding third party products) supplied by Stonesoft to Licensee under this Agreement infringes a patent or copyright, Stonesoft shall defend such action at its expense and pay any costs or damages finally awarded in such action which are attributable to such claim, provided that Stonesoft shall have sole control of the defense of any such action and all negotiations for its settlement or compromise. 5.2 If a final injunction is obtained against Licensee s use of the Software by reason of infringement of a patent or copyright, or if in Stonesoft s opinion any of the Software supplied to Licensee hereunder is likely to become the subject of a successful claim of infringement of a patent or copyright, Stonesoft shall, at its option and expense, either procure for Licensee the right to continue using such Software or replace or modify the same so that it becomes non-infringing or, at Stonesoft s election, terminate this Agreement and provide Licensee a prorated refund (depreciated on a straight-line 3 year basis) for the Product and accept its return. 5.3 Notwithstanding the foregoing, Stonesoft shall not have any liability to Licensee under this Section if the infringement or claim is based upon (a) the use of the Software in combination with other equipment or software which is not furnished by Stonesoft (if such claim would have been avoided were it not for such combination), (b) Software which has been modified or altered by Licensee or (c) intellectual property rights owned Licensee or any of their respective affiliates. No cost or expenses shall be incurred for the account of Stonesoft without the prior written consent of Stonesoft. 5.4 THE FOREGOING STATES THE ENTIRE LIABILITY OF STONESOFT WITH RESPECT TO INFRINGEMENT OF PATENTS OR COPYRIGHTS BY THE SOFTWARE OR ANY PART THEREOF. 6. SOFTWARE WARRANTY AND WARRANTY DISCLAIMERS 6.1 Stonesoft warrants that, for the warranty period of ninety (90) days from the date Licensee receives the original License File, the Software will substantially conform to its specifications. 6.2 Stonesoft s and its Channel Partners entire liability and Licensee s exclusive remedy, with respect to the Software, shall be at Stonesoft s option to either, (i) replace the Software; (ii) correct the defect through updates and/or upgrades; or (iii) if prompt correction of the error or replacement of the Software is not reasonably feasible, refund to Licensee of the purchase price paid for the Product upon return of the Product to Stonesoft by Licensee, in which case the license for the Software shall terminate. 6.3 This limited warranty is void if the defect has resulted from accident, abuse, or misapplication or any other use not consistent with the terms and conditions of this Agreement. 6.4 The Products are not designed, manufactured or intended for use in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines, or any other application in which the failure of the Product could lead directly to death, personal injury, or severe physical or property damage or environmental damage (collectively, High Risk Activities ). Stonesoft and its Channel Partners expressly disclaim any express or implied warranty of fitness for High Risk Activities. 6.5 EXCEPT FOR THE LIMITED WARRANTIES SET FORTH IN THIS SECTION, THE SOFTWARE IS PROVIDED ON AN AS IS BASIS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. STONESOFT DOES NOT WARRANT THAT THE SOFTWARE WILL MEET THE LICENSEE S REQUIREMENTS OR THAT ITS OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, STONESOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Some jurisdictions do not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, so the above limitations may not apply to Licensee. 6.6 Warranties for any Hardware delivered to Licensee are found in the applicable Stonesoft Hardware Warranty delivered with such Hardware, if applicable. No warranty to any Stonesoft or other Hardware is provided under this Agreement. 7. LIMITATION OF LIABILITY 7.1 IN NO EVENT, WHETHER IN TORT, CONTRACT OR OTHERWISE, SHALL STONESOFT BE LIABLE TOWARDS LICENSEE OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, COSTS, LOSS OR EXPENSE, (INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOSS OR INTERRUPTION OF USE, LOSS OF DATA, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR TECHNOLOGY) ARISING OUT OF THE SUBJECT MATTER OF THIS AGREEMENT IRRESPECTIVE OF WHETHER STONESOFT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to Licensee. 7.2 UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT OR OTHERWISE, SHALL STONESOFT BE LIABLE FOR DAMAGES IN EXCESS OF THE PURCHASE PRICE OF THE RELEVANT PRODUCT. 8. CONFIDENTIALITY 8.1 Licensee acknowledges and agrees that the Products incorporates confidential and proprietary information developed or acquired by Stonesoft including but is not limited to technical or nontechnical data, formulas, patterns, compilations, devices, methods, techniques, drawings and processes related with the Software. 8.2 Licensee may use confidential information solely in accordance with this Agreement and will take all reasonable precautions necessary to safeguard the confidentiality of such information. Licensee will hold in confidence and not disclose, reproduce, distribute or transmit, directly or indirectly, in any form, by any means, or for any purpose the confidential information except to those of its employees, agents, consultants or subcontractors who require access for Licensee s authorized use of the Products in accordance with the terms of this Agreement. Licensee will not allow the removal or defacement of any confidentiality or proprietary notice placed on the Products or the related material. 8.3 Licensee shall not be restricted under this section 8 (Confidentiality) regarding information that Licensee affirmatively establishes that (i) has or becomes generally available to the public other than as a result of an act or omission of Licensee or any of its employees, agents, subcontractors or consultants (ii) was in the possession of Licensee before receiving the information or material related with the Products (iii) is independently developed by Licensee, or (iv) is required to be disclosed by law, court order or other legal process, provided that Licensee shall first provide Stonesoft with prompt notice thereof. 9. EXPORT CONTROLS 9.1 Licensee agrees that the Products will not be shipped, transferred, or exported into any country or used in any manner prohibited by any applicable law. StoneGate IPS Installation Guide 141

142 Software and License Information 9.2 Licensee is specifically advised and acknowledges that exports of the Products are subject to compliance with the export control regulations under the laws of Finland and/or the European Council (EC), as promulgated from time to time by the relevant authorities. The Products shall not be exported or re-exported, directly or indirectly, (i) without all export or re-export licenses and Finnish or other governmental approvals required by any applicable laws, or (ii) in violation of any applicable prohibition against the export or re-export of any part of the Products. 9.3 In addition, Licensee acknowledges and understands that upon entry into the United States, Stonesoft Products may become subject to U.S. export control laws and regulations. Licensee agrees to comply with all such applicable laws and regulations and acknowledges that it has the responsibility to obtain license to export, re-export, or import said products. 10. EQUITABLE RELIEF 10.1 Licensee acknowledges that (i) any use or threatened use of the Software in a manner inconsistent with this Agreement, or (ii) any other misuse of the confidential information of Stonesoft will cause immediate irreparable harm to Stonesoft for which there is no adequate remedy at law. Accordingly, Licensee agrees that Stonesoft shall be entitled to immediate and permanent injunctive relief from a court of competent jurisdiction in the event of any such breach or threatened breach by Licensee. The parties agree and stipulate that Stonesoft shall be entitled to such injunctive relief without posting a bond or other security; provided however that if the posting of a bond is a prerequisite to obtaining injunctive relief, then a bond in the amount of $1000 shall be sufficient. Nothing contained herein shall limit Stonesoft s right to any remedies at law, including the recovery of damages from Licensee for breach of this Agreement. 11. GOVERNMENT RESTRICTED RIGHTS 11.1 If Licensee is acquiring the Software, including accompanying documentation on behalf of the U.S. Government, Licensee will receive no greater than Restricted Rights (as defined in FAR , FAR (c)(1-2) or DFAR (c)(1)(ii), DFAR (c), DFAR or DFAR as applicable). Use, duplication, reproduction or disclosure by the Government is subject to such restrictions or successor provisions. 12. GENERAL 12.1 The terms of this Agreement may not be modified except by a written agreement issued by a duly authorized representative of Stonesoft Licensee agrees to comply with all applicable data protection and other local laws that apply to licensee s use of the Product, including but not limited to EU Directive 94/46/EC, and Licensee agrees to fully indemnify Stonesoft against any failure of Licensee to so comply with such local laws This Agreement is governed by the laws of Finland, without giving effect to the conflict of law principles thereof. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. All disputes arising under or relating to this Agreement shall be resolved exclusively in the appropriate Finnish court sitting in Helsinki, Finland This Agreement sets forth all rights for the Licensee of the Products and is the entire agreement between the parties. These terms supersede any other communications with respect to the license of the Software or use of the Products. No provision hereof shall be deemed waived unless such waiver shall be in writing and signed by Stonesoft or a duly authorized representative of Stonesoft. If any provision of these terms is held invalid, the remainder of these terms shall continue in full force and effect. End of Stonesoft EULA. Software Licensing Information The StoneGate software includes several open source or third-party software packages to support certain features. This section provides the appropriate software licensing information for those products. 142

143 GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. StoneGate IPS Installation Guide 143

144 Software and License Information It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program Gnomovision (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. 144

145 To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any applicationsupplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. StoneGate IPS Installation Guide 145

146 Software and License Information 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interfacecompatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. 146

147 If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OROTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFYAND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the library's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. <signature of Ty Coon>, 1 April 1990 Ty Coon, President of Vice That's all there is to it! OpenSSL Toolkit This software includes the OpenSSL toolkit. LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. OpenSSL License Copyright (c) The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. ( The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. StoneGate IPS Installation Guide 147

148 Software and License Information Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project. Redistributions of any form whatsoever must retain the following acknowledgment: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young, ([email protected]). This product includes software written by Tim Hudson ([email protected]). Original SSLeay License Copyright (C) Eric Young ([email protected]). All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscape s SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes cryptographic software written by Eric Young ([email protected]) The word cryptographic can be left out if the rouines from the library being used are not cryptographic related:-). If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: This product includes software written by Tim Hudson ([email protected]) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] OpenLDAP This software includes the OpenLDAP client developed by The OpenLDAPFoundation. Original version of the OpenLDAP client can be downloaded from This software includes the OpenLDAP server. The OpenLDAP Public License Version 2.7, 7 September 2001 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use the Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND CONTRIBUTORS AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. OpenLDAP is a trademark of the OpenLDAP Foundation. Copyright The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distributed verbatim copies of this document is granted. libradius1 This software includes the libradius1 package. Copyright (C) 1995,1996,1997,1998 Lars Fenneberg <[email protected]> Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copy ight and permission notice appear on all copies and supporting documentation, the name of Lars Fenneberg not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Lars Fenneberg. Lars Fenneberg makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty Copyright 1992 Livingston Enterprises, Inc. Livingston Enterprises, Inc Koll Center Parkway Pleasanton, CA Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Livingston Enterprises, Inc. not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Livingston Enterprises, Inc. Livingston Enterprises, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty [C] The Regents of the University of Michigan and Merit Network, Inc. 1992, 1993, 1994, 1995 All Rights Reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies of the software and derivative works or modified versions thereof, and that both the copyright notice and this permission and disclaimer notice appear in supporting documentation. THIS SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the University of Michigan and Merit Network, Inc. shall not be liable for any special, indirect, incidental or consequential damages with respect to any claim by Licensee or any third party arising from use of the software Copyright (C) , RSA Data Security, Inc. Created All rights reserved. 148

149 License to copy and use this software is granted provided that it is identified as the RSA Data Security, Inc. MD5 Message-Digest Algorithm in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. TACACS+ Client This software contains TACACS+ client. Copyright (c) by Cisco systems, Inc. Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies of the software and supporting documentation, the name of Cisco Systems, Inc. not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that modification, copying and distribution is by permission of Cisco Systems, Inc. Cisco Systems, Inc. makes no representations about the suitability of this software for any purpose. THIS SOFTWARE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm Copyright (C) , RSA Data Security, Inc. Created All rights reserved. License to copy and use this software is granted provided that it is identified as the RSA Data Security, Inc. MD5 Message-Digest Algorithm in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided as is without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. libwww This software contains libwww software. Copyright World Wide Web Consortium, (Massachusetts Institute of Technology, Institut National de Recherche en Informatique et en Automatique, Keio University). All Rights Reserved. This program is distributed under the W3C's Intellectual Property License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See W3C License for more details Copyright 1995 CERN. "This product includes computer software created and made available by CERN. This acknowledgment shall be mentioned in full in any product which includes the CERN computer software included herein or parts thereof." W3C SOFTWARE NOTICE AND LICENSE This work (and included software, documentation such as READMEs, or other related items) is being provided by the copyright holders under the following license. By obtaining, using and/or copying this work, you (the licensee) agree that you have read, understood, and will comply with the following terms and conditions. Permission to copy, modify, and distribute this software and its documentation, with or without modification, for any purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the software and documentation or portions thereof, including modifications: 1. The full text of this NOTICE in a location viewable to users of the redistributed or derivative work. 2. Any pre-existing intellectual property disclaimers, notices, or terms and conditions. If none exist, the W3C Software Short Notice should be included (hypertext is preferred, text is permitted) within the body of any redistributed or derivative code. 3. Notice of any changes or modifications to the files, including the date changes were made. (We recommend you provide URIs to the location from which the code is derived.) THIS SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE SOFTWARE OR DOCUMENTATION. The name and trademarks of copyright holders may NOT be used in advertising or publicity pertaining to the software without specific, written prior permission. Title to copyright in this software and any associated documentation will at all times remain with copyright holders. This formulation of W3C's notice and license became active on December This version removes the copyright ownership notice such that this license can be used with materials other than those owned by the W3C, reflects that ERCIM is now a host of the W3C, includes references to this specific dated version of the license, and removes the ambiguous grant of "use". Otherwise, this version is the same as the previous version and is written so as to preserve the Free Software Foundation's assessment of GPL compatibility and OSI's certification under the Open Source Definition. Please see our Copyright FAQ for common questions about using materials from our site, including specific terms and conditions for packages like libwww, Amaya, and Jigsaw. Other questions about this notice can be directed to [email protected]. Joseph Reagle <[email protected]> Last revised by Reagle $Date: 2003/01/16 15:01:10 $ Last revised by Reagle $Date: 2003/01/16 15:01:10 $ XML-RPC C Library License This software contains software covered by the XML-RPC C Library License. Copyright (C) 2001 by First Peer, Inc. All rights reserved. Copyright (C) 2001 by Eric Kidd. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Expat License This software contains software covered by the Expat License. Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: StoneGate IPS Installation Guide 149

150 Software and License Information The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ABYSS Web Server License This software contains software covered by the ABYSS Web Server License Copyright (C) 2000 by Moez Mahfoudh <[email protected]>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Python License This software contains software covered by the Python License. Copyright 1991, 1992, 1993, 1994 by Stichting Mathematisch Centrum, Amsterdam, The Netherlands. All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the names of Stichting Mathematisch Centrum or CWI or Corporation for National Research Initiatives or CNRI not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. While CWI is the initial source for this software, a modified version is made available by the Corporation for National Research Initiatives (CNRI) at the Internet address ftp://ftp.python.org. STICHTING MATHEMATISCH CENTRUM AND CNRI DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM OR CNRI BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. The Apache Software License, Version 1.1 This product includes software developed by the Apache Software Foundation ( Copyright (C) 1999 The Apache Software Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that thefollowing conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software developed by the Apache Software Foundation ( Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4. The names "log4j" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. 5. Products derived from this software may not be called Apache, nor may Apache appear in their name, without prior written permission of the Apache Software Foundation. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see < Bouncy Castle notice and license. Copyright (c) 2000 The Legion Of The Bouncy Castle ( Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software ), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Package: discover-data Debian package author: Branden Robinson The contents of this package that are not in the debian/ subdirectory are simple compilations of data and are therefore not copyrightable in the United States (c.f. _Feist Publications, Inc., v. Rural Telephone Service Company, Inc., 499 U.S. 340 (1991)_). _Feist_ holds that: Article I, s 8, cl. 8, of the Constitution mandates originality as a prerequisite for copyright protection. The constitutional requirement necessitates independent creation plus a modicum of creativity. Since facts do not owe their origin to an act of authorship, they are not original and, thus, are not copyrightable. Although a compilation of facts may possess the requisite originality because the author typically chooses which facts to include, in what order to place them, and how to arrange the data so that readers may use them effectively, copyright protection extends only to those components of the work that are original to the author, not to the facts themselves. This fact/expression dichotomy severely limits the scope of protection in fact-based works. Therefore, the hardware information lists that comprise the "meat" of this package enjoy no copyright protection and are thus in the public domain. Note, however, that a number of trademarks may be referenced in the hardware lists (names of vendors and products). Their usage does not imply a challenge to any such status, and all trademarks, service marks, etc. are the property of their respective owners. The remainder of this package is copyrighted and licensed as follows: Package infrastructure: Copyright 2001,2002 Progeny Linux Systems, Inc. Copyright 2002 Hewlett-Packard Company Written by Branden Robinson for Progeny Linux Systems, Inc. lst2xml conversion script: Copyright 2002 Progeny Linux Systems, Inc. Copyright 2002 Hewlett-Packard Company Written by Eric Gillespie, John R. Daily, and Josh Bressers for Progeny Linux Systems, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 150

151 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Copyright (c) 1999, 2004 Tanuki Software Permission is hereby granted, free of charge, to any person obtaining a copy of the Java Service Wrapper and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sub-license, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Portions of the Software have been derived from source code developed by Silver Egg Technology under the following license: Copyright (c) 2001 Silver Egg Technology Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sub-license, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. StoneGate IPS Installation Guide 151

152 Software and License Information 152

153 Index A Advanced Configuration and Power Interface (ACPI), 88, 97 Analyzer defining, 59 Automatic Power Management (APM), 88, 97 B BIOS settings, 88, 97 booting from CD-ROM, 88 C Capture Interface defining for combined Sensor-Analyzer, 74 defining for Sensor cluster, 65 defining for single Sensor, 70 certificate creating for Log Server, 44 Log Server, 43 checking CA fingerprint, 45, 50 checksum, 25, 111 cluster adding Sensor node, 68 commands, 127 command line, 127 engine, 133, 134 log server, 128 management server, 128 compatibility network device, 26 components system, 25 configuring engine, 90 contact address Analyzer, 61, 67, 70, 74 Management Server, 83 contacting Management Server, 94 D database path for Log Server, 44 driver for NIC, 93 Dynamic Updates, 58 F file integrity checking, 25 StoneGate IPS Installation Guide 153

154 Index file integrity, checking, 111 fingerprint, 132 checking, 45, 50 G GUI client login, 50 starting, 49 I initial configuration activating, 94 saving, 77 installation path for Management Center, 38 installation procedure, 24 installing engine, 88 engine in expert mode, 96 Management Center, 35 IP-address-bound licenses, 113 K Keyboard layout configuring, 91 L licenses, generating, installing, 50, IP address-bound, 113 management bound, 113 retained type, 116 upgrading, 112, locations, Log Server starting, 51 M management bound licenses, 113 Management Server starting, 49 Management Server element, 82 MD5 checksum, 25, 111 Monitoring Server starting, 51 monitoring server, 46 mounting CD-ROM, 37 N NAT (network address translation) locations, NDI defining for Analyzer, 60, 80 defining for Sensor Cluster, 63 defining for Sensor-Analyzer, 73 defining for single Sensor, 69 network interface defining for Analyzer, 60 defining for Sensor cluster, 63 defining for Sensor-Analyzer, 73 defining for single Sensor, 69 NIC driver configuring, 93 O one-time password, 77 P partitioning hard disk manually,

155 R password one-time, 77 path Management Center, 38 platforms supported, 25 port mirroring, 26 port number default for Log Server, 43 R restart engine configuration, 96 retained licenses, 116 routing configuring, 75 S Sensor (single) defining, 68 Sensor cluster defining, 62 Sensor-Analyzer (combined) defining, 72 servers monitoring server, 46 service Log Server, 43 Management Server, 42 sgadmin user account, 37 SHA-1 checksum, 25, 111 sniffing network traffic, 94 SPAN port, 26 SSH daemon enabling, disabling, 92 starting GUI client, 49 Log Server, 51 Management Server, 49 Monitoring Server, 51 superuser account creating, 41 T TAP, 27 timezone configuring, 91 typographical conventions, 11 U uninstalling Management Center, 54 update packages activating, 123 importing, 123 viewing the contents of, 124 upgrading engine manually, 121 upgrading management system, 116 W wire TAP, 27 StoneGate IPS Installation Guide 155

156 Index 156