Continuity Cloud Virtual Firewall Guide



Similar documents
Entry Voice Mail for HiPath Systems. User Manual for Your Telephone

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems Internet Calls... 3 Internet Telephony... 2

June Enprise Rent. Enprise Author: Document Version: Product: Product Version: SAP Version:

Caution laser! Avoid direct eye contact with the laser beam!

Moving Securely Around Space: The Case of ESA

Remember you can apply online. It s quick and easy. Go to Title. Forename(s) Surname. Sex. Male Date of birth D

uh6 efolder BDR Guide for Veeam Page 1 of 36

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Configuring Global Protect SSL VPN with a user-defined port

Maintain Your F5 Solution with Fast, Reliable Support

Cookie Policy- May 5, 2014

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Product Overview. Version 1-12/14

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

Thursday, March 18, :07 PM Page 1 of 16

REPORT' Meeting Date: April 19,201 2 Audit Committee

Who uses our services? We have a growing customer base. with institutions all around the globe.

Virtual Data Centre. User Guide

OfficeConnect Internet Firewall 25 Internet Firewall DMZ. QuickStart Guide (3C16770, 3C16771)

How to Guide: StorageCraft Cloud Services VPN

HRG Performance Series DVR DDNS Support Application Note (hrgddns)

Initial Access and Basic IPv4 Internet Configuration

Dell One Identity Cloud Access Manager How to Configure for High Availability

Architecture of the proposed standard

If you have questions or find errors in the guide, please, contact us under the following address:

How to Create a Basic VPN Connection in Panda GateDefender eseries

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Rural and Remote Broadband Access: Issues and Solutions in Australia

Dynamic DNS How-To Guide

Windows Server 2008 R2 Initial Configuration Tasks

VMware vcloud Air Networking Guide

Scenario: Remote-Access VPN Configuration

Quick Guide of HiDDNS Settings (with UPnP)

Swisscom Cloud Strategy & Services

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

1 You will need the following items to get started:

How to Configure an Initial Installation of the VMware ESXi Hypervisor

WorldExtend IronDoor 3.5 Publishing a Terminal Services Application

vcloud Director User's Guide

PFSENSE Load Balance with Fail Over From Version Beta3

TechNote. Configuring SonicOS for MS Windows Azure

Multi-Homing Security Gateway

Acronis Backup & Recovery 11.5 Quick Start Guide

NETASQ SSO Agent Installation and deployment

VPN Configuration Guide LANCOM

Virtual Appliance Setup Guide

Overview. Author: Seth Scardefield Updated 11/11/2013

Network Configuration Settings

Setting up Hyper-V for 2X VirtualDesktopServer Manual

SSL VPN Setup for Windows

Using Cisco UC320W with Windows Small Business Server

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

Virtual Owl. Guide for Windows. University Information Technology Services. Training, Outreach, Learning Technologies & Video Production

Teaching Computer Networking with the Help of Personal Computer Networks

SPECIAL VOWEL SOUNDS

Personal Identity Verification (PIV) Enablement Solutions

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Configure SPLM 2012 on Windows 7 Laptop

C H A P T E R 1 Writing Reports with SAS

Authentication Node Configuration. WatchGuard XTM

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

How To Configure SSL VPN in Cyberoam

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Interworks. Interworks Cloud Platform Installation Guide

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Quick Start Guide For Ipswitch Failover v9.0

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Configuring a single-tenant BIG-IP Virtual Edition in the Cloud

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

DDNS Management System User Manual V1.0

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

Hallpass Instructions for Connecting to Mac with a Mac

SSL-VPN 200 Getting Started Guide

WHITE PAPER Citrix Secure Gateway Startup Guide

Barracuda Message Archiver Vx Deployment. Whitepaper

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

How To Industrial Networking

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

USER CONFERENCE 2011 SAN FRANCISCO APRIL Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB

App Orchestration 2.5

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Connecting your Virtual Machine to the Internet. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs

Campus VPN. Version 1.0 September 22, 2008

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Designing a Secure DNS Architecture

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version /2004

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Contents. Presentation contents: Basic EDI dataflow in Russia. eaccounting for HR and Payroll. eaccounting in a Cloud

Transcription:

Cloud Virtual Firwall Guid uh6 Vrsion 1.0 Octobr 2015 Foldr BDR Guid for Vam Pag 1 of 36

Cloud Virtual Firwall Guid CONTENTS INTRODUCTION... 3 ACCESSING THE VIRTUAL FIREWALL... 4 HYPER-V/VIRTUALBOX CONTINUITY CLOUD NODES... 4 VMWARE CONTINUITY CLOUD NODES... 4 CONFIGURING THE LAN INTERFACE... 5 DHCP SERVER CONFIGURATION... 6 FIREWALL RULES & NAT... 7 SET OUTBOUND TRAFFIC... 7 PORT FORWARDING... 8 OPENVPN... 10 NEW CERTIFICATE AUTHORITY... 11 NEW SERVER CERTIFICATE... 12 GENERAL SERVER INFORMATION... 13 SET UP REMOTE USER ACCOUNTS... 18 DOWNLOAD A FULLY-CONFIGURED OPEN VPN CLIENT SOFTWARE INSTALLER... 20 IPSEC VPN... 20 CONCLUSION... 21 2015 Foldr, Inc. All rights rsrvd. Pag 2

Cloud Virtual Firwall Guid INTRODUCTION Each Foldr Continuity Cloud nod is provisiond with a virtual firwall to handl Intrnt traffic for your rstord virtual machins and provid scur accss to your srvrs. In this guid, you will larn how to: accss your assignd pfsns virtual firwall configur th LAN intrfac of th firwall st up rquird accss ruls or NAT translations to support your rstord nvironmnt. Additional Assistanc At Foldr, w valu fdback from our customrs. Not only do w want to hlp you quickly rsolv your tchnical issus, w valu your input and build our products to incorporat your suggstions. To contact Foldr Tchnical Support, call 678-373-0109 or1-800-352-0248 Submit qustions to support@foldr.nt. For how-to articls and FAQ, s th pfsns documntation at: https://doc.pfsns.org/indx.php/main_pag Additional matrial is availabl in th Foldr Partnr Portal Th Foldr Support pag is at http://www.foldr.nt/support/ Copyright 2015 Foldr Inc. All rights rsrvd. All tradmarks ar th proprty of thir rspctiv ownrs. Foldr and th Foldr logo ar tradmarks of Foldr Inc. FOLDER MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT. 2015 Foldr, Inc. All rights rsrvd. Pag 3

Cloud Virtual Firwall Guid ACCESSING THE VIRTUAL FIREWALL Us th information providd by Foldr to gain accss to th pfsns virtual firwall running on your assignd Continuity Cloud (CC) Nod. Hypr-V/VirtualBox Continuity Cloud Nods 1. To accss th consol of your pfsns virtual firwall, first log in to your CC Nod, thn opn a wb browsr and go to th WAN Alias IP addrss of your virtual firwall. (It will look similar to th xampl shown blow.) https://10.x.x.x:37038 This is a locally accssibl privat IP addrss. Thr is also a shortcut on th dsktop of th CC Nod. 2. Nxt, ntr th crdntials you rcivd from Foldr for your virtual firwall and click Login. Plas not that th usrnam and password ar cas snsitiv. VMwar Continuity Cloud Nods 1. To accss th consol of your pfsns virtual firwall, opn a wb browsr and go to th link providd by Foldr. It will look similar to th link blow. This is a publicly accssibl IP addrss, so you can accss this URL from any computr with an intrnt connction. https://38.x.x.x:37038 2. Nxt, ntr th crdntials you rcivd from Foldr for your virtual firwall and click Login. Plas not that th usrnam and password ar cas snsitiv. 2015 Foldr, Inc. All rights rsrvd. Pag 4

Cloud Virtual Firwall Guid CONFIGURING THE LAN INTERFACE Configur th LAN intrfac of th pfsns virtual firwall with th propr IP addrss and subnt mask rquird for th virtual machins you ar rstoring. This IP addrss will srv as th dfault gatway for all virtual machins you rstor to th Continuity Cloud nod. 1. From th mnu, hovr ovr Intrfacs and thn slct LAN from th drop-down list: 2. In th Static IP configuration sction of th pag, ntr th IP addrss for th virtual firwall: IMPORTANT: Do not chck th block privat ntworks option. This would block traffic from th WAN-DMZ. This IP addrss will bcom th dfault gatway IP for virtual machins on your LAN. In th xampl shown abov, th VM usd to b on th ntwork 192.168.1.0/24 (ntmask 255.255.255.0) with th dfault gatway having an IP of 192.168.1.1. Mak sur that th Gatway is st to Non. Click Sav whn you r finishd. 3. At th top of th pag, click th Apply changs button: 2015 Foldr, Inc. All rights rsrvd. Pag 5

Cloud Virtual Firwall Guid DHCP SERVER CONFIGURATION Nxt, nabl and configur th DHCP srvr or lav it disabld within your nvironmnt. 1. In th mnu at th top of th pag, choos Srvics, DHCP Srvr. 2. Click th LAN tab. If you nd a DHCP srvr on th LAN ntwork, nabl th DHCP srvr and ntr th rang of IPs you want th DHCP srvr to us in its pool. Not: Typically you can lav th DNS srvr IPs blank, and it will us Foldr s DNS infrastructur. If you do not want th firwall to act as a DHCP srvr, unchck th option. Eithr way, click th Sav button at th bottom of th pag. 3. Click th Apply changs button. 2015 Foldr, Inc. All rights rsrvd. Pag 6

Cloud Virtual Firwall Guid FIREWALL RULES & NAT Now, configur any rquird firwall ruls to allow xtrnal accss to srvics running on your rstord virtual machins. St outbound traffic 1. By dfault, all outbound traffic is allowd. If you want to disabl all outbound traffic as th dfault, brows to th Firwall mnu and thn Ruls. 2. Click th LAN tab. Find th rul from LAN nt to any dstination. Click th grn arrow on th lft to disabl th rul: 3. Thn click th Apply changs button. 2015 Foldr, Inc. All rights rsrvd. Pag 7

Cloud Virtual Firwall Guid Port forwarding Nxt, st up any ports that nd to b forwardd from your assignd public IPs to intrnal IPs. 1. Hovr ovr Firwall in th main mnu and slct NAT. 2. Click th + icon to add a nw rul undr th Port Forward tab: Normally, you should lav th Intrfac st to WAN and Protocol st to TCP. 3. For th Dstination, choos th propr IP addrss that corrsponds to your dsird public IP. Not that th WAN addrss ntry is your primary public IP. If you hav additional public IP addrsss assignd, thy will b prsnt at th bottom of th drop-down list. In this xampl, w ar slcting th third WAN IP: 162.247.XXX.XX 2015 Foldr, Inc. All rights rsrvd. Pag 8

Cloud Virtual Firwall Guid 4. From th Dstination port rang drop-down list, choos which protocol you want to forward, or you can manually ntr a rang of ports. In this xampl, w ar forwarding rmot dsktop: 5. For th Rdirct targt IP and Rdirct targt port, ntr th virtual LAN IP addrss of th srvr that should rciv th forwardd traffic. Th targt port should normally b th sam (in this xampl, rmot dsktop): 6. Typically, you should nabl th NAT rflction stting. This allows srvrs in your intrnal LAN to connct to forward ports using your assignd public IPs. (This is somtims calld NAT loopback.) Not that this may not work in all scnarios. 7. Th Filtr rul association stting dtrmins whthr to automatically add a rul to th Firwall ruls to allow th port-forwardd traffic. Slct Add associatd filtr rul. 8. Aftr you ar finishd configuring th port forward rul, click Sav. Thn click Apply Changs. Rpat this for all ports that you want to forward. Not: You can also stup 1:1 NAT if dsird. Normally you do not nd to customiz Outbound NAT. 2015 Foldr, Inc. All rights rsrvd. Pag 9

Cloud Virtual Firwall Guid OPENVPN Configur an OpnVPN Srvr to allow rmot usrs accss to rsourcs on th LAN sid of th virtual firwall. 1. To accss th OpnVPN configuration, go to th navigation bar and slct OpnVPN from th VPN drop-down mnu. 2. Any configurd OpnVPN srvrs will b displayd hr. If non ar prsnt (as in th scrnshot blow), click on th Add icon to th right and bgin configuring a nw srvr. 3. Th Srvr Stup Wizard will launch. Ensur Local Usr Accss is slctd in th dropdown mnu and click Nxt. 2015 Foldr, Inc. All rights rsrvd. Pag 10

Cloud Virtual Firwall Guid Nw crtificat authority Complt th form with your information for gnrating a nw crtificat authority. Ensur th Ky lngth is st to 4096 bit. All filds ar rquird. Aftr all of th filds ar complt, click Add nw CA. 2015 Foldr, Inc. All rights rsrvd. Pag 11

Cloud Virtual Firwall Guid Nw srvr crtificat Complt th form with your information for gnrating a nw srvr crtificat. Ensur th Ky lngth is st to 4096 bit. All filds ar rquird. Aftr all of th filds ar complt, click Crat nw Crtificat. 2015 Foldr, Inc. All rights rsrvd. Pag 12

Cloud Virtual Firwall Guid Gnral srvr information 1. St th Intrfac to WAN, Protocol to TCP, Local Port to 1194 and ntr a dscription for th OpnVPN srvr. 2. Configur th Cryptographic Sttings for th OpnVPN connctions as shown in th following scrnshot. Not: No TLS Shard Ky is rquird. 2015 Foldr, Inc. All rights rsrvd. Pag 13

Cloud Virtual Firwall Guid 3. For Tunnl Sttings, st th Tunnl Ntwork to th uniqu privat ntwork to b usd for communication btwn th rmot hosts and this OpnVPN srvr. St th Local Ntwork to th LAN subnt of your pfsns firwall. This is th ntwork that will b accssibl to your rmot hosts that connct to th Opn VPN srvr. Ensur that Concurrnt Connctions is st high nough to accommodat th numbr of xpctd rmot hosts. All rmaining filds should b lft at thir dfaults, as shown blow. 2015 Foldr, Inc. All rights rsrvd. Pag 14

Cloud Virtual Firwall Guid 4. For Clint Sttings, nabl Dynamic IP and Addrss Pool. St th DNS Dfault Domain to th domain nam you want appndd to th connction for rmot hosts. St th DNS Srvr 1 to th IP addrss of th rmot DNS srvr you want rmot hosts to us for nam rsolution. Enabl NtBIOS ovr TCP/IP to allow for propagation of NtBIOS traffic ovr th VPN connction. Aftr th abov filds ar configurd, click Nxt. 2015 Foldr, Inc. All rights rsrvd. Pag 15

Cloud Virtual Firwall Guid 5. On th Firwall Rul Configuration scrn, nabl both chckboxs to allow all traffic to b opn to and from rmot hosts connctd ovr th VPN connction. Thn click Nxt. Click Finish on th compltion scrn. 2015 Foldr, Inc. All rights rsrvd. Pag 16

Cloud Virtual Firwall Guid 6. Vrify th OpnVPN srvr has th Srvr mod st to Rmot Accss ( Usr Auth ) and Local Databas is slctd for Backnd authntication. 2015 Foldr, Inc. All rights rsrvd. Pag 17

Cloud Virtual Firwall Guid St up Rmot Usr Accounts 1. To stup usr accounts for rmot usrs, hovr ovr Systm in th navigation bar and slct Usr Managr. 2. On th Usrs tab, slct th add usr button in th bottom right cornr. 2015 Foldr, Inc. All rights rsrvd. Pag 18

Cloud Virtual Firwall Guid 3. St th Usrnam and Password for th nw usr. You can ntr a Full nam for your rfrnc, if ndd. Thn click Sav. Th nw usr account will now b listd on th Usrs tab of th Usr Managr. 2015 Foldr, Inc. All rights rsrvd. Pag 19

Cloud Virtual Firwall Guid Download a fully-configurd Opn VPN clint softwar installr 1. To download a fully configurd OpnVPN Clint softwar installr, brows to th OpnVPN Srvr managr and click th Clint Export tab. NOTE: This installr will fully install and configur th clint softwar to a rmot host. Usrs will only nd to ntr thir usrnam and password aftr installation. 2. Undr th Clint Install Packags sction, slct th appropriat x86 or x64 clint softwar installr that you want to distribut to your rmot usrs. IPSEC VPN If you want to ti your virtual LAN to your actual LAN through an IPSc sit-to-sit VPN tunnl, plas s th dtaild instructions at: http://doc.pfsns.org/indx.php/vpn_capability_ipsc 2015 Foldr, Inc. All rights rsrvd. Pag 20

Cloud Virtual Firwall Guid CONCLUSION Congratulations - You hav now compltd th Foldr Continuity Cloud Virtual Firwall stup. If you hav any problms during this procdur or notic rrors in th log fil, plas call Foldr Tchnical Support at 678-373-0109 or 1-800-352-0248 or submit qustions to support@foldr.nt. Additional Assistanc At Foldr, w valu fdback from our customrs. Not only do w want to hlp you quickly rsolv your tchnical issus, w valu your input and build our products to incorporat your suggstions. To contact Foldr Tchnical Support, call 678-373-0109 or1-800-352-0248 Submit qustions to support@foldr.nt. For how-to articls and FAQ, s th pfsns documntation at: https://doc.pfsns.org/indx.php/main_pag Additional matrial is availabl in th Foldr Partnr Portal Th Foldr Support pag is at http://www.foldr.nt/support/ Th Popl Bhind Your Cloud 2015 Foldr, Inc. All rights rsrvd. Pag 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information