Vital Security Web Appliance NG-8100 Vital Security Web Appliance NG-5100 Vital Security Web Appliance NG-1100 Vital Security Web Appliances NG-1100/NG-5100/NG-8100
Vital Security Web Appliances NG-1100/NG-5100/NG-8100 Installation and Setup Guide Copyright 1996-2006. Finjan Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662 and 6965968 and may be protected by other U.S. Patents, foreign patents, or pending applications. Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its subsidiaries. Sophos is a registered trademark of Sophos plc. McAfee is a registered trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab. SurfControl is a registered trademark of SurfControl plc. Secure Computing is a registered trademark of Secure Computing Corporation. Microsoft and Microsoft Office are registered trademarks of Microsoft Corporation. All other trademarks are the trademarks of their respective owners. Q1 2006. For additional information, please visit www.finjan.com or contact one of our regional offices: San Jose, USA Toll Free: 1 888 FINJAN 8 (1 888 346 5268) Tel: +1 408 452 9700 Email: salesna@finjan.com United Kingdom Tel: +44 (0) 1252 511 118 Email: salesuk@finjan.com New York, USA Toll Free: 1 888 FINJAN 8 (1 888 346 5268) Email: salesna@finjan.com Asia Pacific Tel: +972 (0)9 864 8209 Email: salesapac@finjan.com Germany Tel: +49 (0)89 673 5970 Email: salesce@finjan.com Israel Tel: +972 (0)9 864 8200 Email: salesis@finjan.com Catalog number: VSNG_ISG Email: support@finjan.com Internet: www.finjan.com
Contents Chapter 1: About this Manual... 1 Chapter 2: Finjan Overview... 3 Appliance Types... 4 Vital Security Appliance Series NG-8100... 4 Vital Security Appliance Series NG-1100/NG-5100... 5 Chapter 3: Getting Started... 7 Management Console System Requirements... 7 Operating Systems... 7 Software Requirements... 7 Connecting your Vital Security Appliance NG-1100/5100... 8 Configuration... 8 Connection Procedure... 8 Using the Initial Setup Wizard... 9 Configuring a Policy Server or All in One... 10 Configuring a Scanning Server... 17 Update Mechanism... 17 Installing Updates... 18 Defining System Device Roles via the Management Console... 19 Using the Vital Security Appliance 5100 as a Load Balancer... 22 Configuring Vital Security Appliance 5300 Load Balancer as the Default Appliance... 22 Vital Security Appliance 5300 Setup Procedure... 22 Defining your Vital Security Appliance 5300 Configuration Options... 23 Checking the Load Balancer Configuration... 29 Connecting your Vital Security Appliance NG-8100... 29 Initial Procedures for the Policy Server... 29 Initial Procedures for the Vital Security Scanning Server... 30 Routing Traffic through the Appliance... 33 Configuring Workstations for Routing Traffic through the Appliance... 33 Transparent Proxy... 33 Working with HTTP... 33 HTTP Proxies... 34 HTTP Authentication... 35 Working with ICAP... 35 Why work with ICAP?... 35 Vital Security as an ICAP Server... 36 REQMOD RESPMOD Deployment... 36 ICAP Clients... 37 Chapter 4: Configuring the ICAP Clients... 39 NetApp... 39 Blue Coat... 41 Appendix A Advanced Settings... 51 Configuring Advanced Settings... 51 iii
Appliance Roles... 53 Licensing... 53 Custom Commands... 53 Time Settings... 58 Network Settings... 60 Change Password... 66 Access Control List... 66 Restart Role... 66 Reboot/Shutdown Appliance... 66 Appendix B Restoring Factory Settings... 66 iv
Chapter 1: About this Manual Chapter 1: About this Manual Chapter Chapter 1 Chapter 2 Chapter 3 Chapter 4 Appendix A Appendix B Description About this Manual Overview - An introduction to Finjan's Vital Security Appliance platform, including a brief overview of the Vital Security Appliances NG-1100/NG-5100/NG-8100. Getting Started This section tells you everything you need to know about getting started and lists the necessary steps to be taken when installing and working with your appliance. This includes: System requirements (hardware and software) Information on supported protocols (HTTP and ICAP) Configuration of end-user machines Transparent proxy configuration Connecting describing the steps to be taken prior to accessing the web-based Management Console Configuring the ICAP Clients Discusses configuration of Network Appliance (NetApp) and Blue Coat Configuring Advanced Settings This Appendix describes how to use the Advanced Settings of the Setup Console to manage the functionality of the appliance Restore Factory Settings This Appendix details the restoring factory settings procedure. 1
Chapter 2: Finjan Overview Chapter 2: Finjan Overview Cyber-threats are fast increasing and pose a serious and growing problem for corporate networks, appearing in different forms and using a variety of tactics viruses, worms, Trojans, and more. New, ultra-fast viruses can infect your system within seconds, long before traditional signature-based solutions can protect you. While waiting for anti-virus companies to release a new virus signature, thousands of unprotected computers may have already been infected, leaving no alternative other than to shut down the corporate network. Finjan's proactive behavior-inspection technology at the gateway provides protection by examining active content behavior and identifying and blocking malicious mobile code (viruses, worms, Trojan horses and a myriad of ever-developing attack types). Finjan s unique and patented proactive behavior inspection technology offers instant protection against new virus, worm and malicious mobile code outbreaks without time-sensitive signature-file updates, thus closing the Window-of-Vulnerability and providing networks with true day-zero protection. Vital Security - Finjan s Integrated Security Platform - is a complete and integrated Secure Content Management solution in which individual best-ofbreed security applications work together in concert to respond proactively to the changing security threats of both today and tomorrow. This section contains a brief overview of the Web Appliances NG-1100/ NG-5100/NG-8100. NOTE: The Installation and Setup Guide is based on Software Version 8.3.0. 3
Installation and Setup Guide Appliance Types This manual deals with the following Vital Security Web Appliances: Vital Security Appliance Series NG-8100 This appliance is a specially configured chassis containing multiple hot swappable blades, with redundant power supplies, disks etc. The Vital Security Operating System (VSOS) is preinstalled and preconfigured. Figure 1: NG-8100 Appliance NOTE: This document deals with the basic setup of the NG-8100 Appliance. Please contact Finjan s Support, or IBM for information about more advanced setup of the Blade Center. 4
Chapter 2: Finjan Overview Vital Security Appliance Series NG-1100/NG-5100 This appliance is typically deployed to include multiple appliances, each running the Vital Security Operating System (VSOS). It can, however, also be deployed All-in-one, using a single appliance. The different services running on each appliance can be configured according to your organization's network requirements. Figure 2: NG-5100 Appliance 5
Chapter 3: Getting Started Chapter 3: Getting Started This section contains the following topics: Management Console System Requirements, page 7 Connecting your Vital Security Appliance NG-1100/5100, page 8 Update Mechanism, page 17 Defining System Device, page 19 Using the Vital Security Appliance 5100 as a Load Balancer, page 22 Connecting your Vital Security Appliance NG-8100, page 29 Routing Traffic through the Appliance, page 33 Working with HTTP, page 33 Working with ICAP, page 35 Management Console System Requirements Operating Systems The following operating systems are supported: Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows XP Professional Microsoft Windows 2003 Server Software Requirements The following software requirements are needed: Microsoft Internet Explorer 6.0 (or higher) for accessing the Management Console 7
Installation and Setup Guide Connecting your Vital Security Appliance NG-1100/5100 Configuration We recommend locating the Scanning Servers, accessed via the Load Balancer(s) in the DMZ. In this case, all network traffic between the Policy Server and Scanning Servers passes through the internal firewall. Connection Procedure This section contains the following topics: Accessing the Vital Security Setup Console, page 8 Using the Initial Setup Wizard, page 9 Accessing the Vital Security Setup Console The Vital Security Setup Console is a secure, Web-based interface that enables you to configure initial setup parameters associated with the box itself. The following initial procedure is the same for all the boxes irrespective of the intended network role (with the exception of the Load Balancer). To access the Vital Security Setup Console: 1. Plug in the power cable and switch the appliance on. 2. Connect a PC directly to the appliance s FE5 port (the left-most port) using a crossover cable, or, using a standard Ethernet cable, connect the appliance s FE5 port to a hub or switch that is on the same network segment as the PC. CAT5e cables (or better) are recommended. 3. The default IP of the FE5 interface is 10.0.5.1, and its default netmask is 255.255.255.0.Configure the TCP/IP settings of your PC so that it is on the same logical network subnet as the appliance s FE5 interface. For example, configure the IP on the PC as 10.0.5.101 and the PC s netmask as 255.255.255.0 WARNING: Do not set the PC s IP to 10.0.5.1, as this will result in an IP conflict with the appliance. 4. Open your browser and enter the following address: https://10.0.5.1:3012. A certificate warning pops up. 5. Click Yes to close the warning. The Vital Security Setup Console login window is displayed (Figure 3). 8
Chapter 3: Getting Started Figure 3: Vital Security Setup Console Login 6. Log in to the Vital Security Setup Console using admin as the user name and finjan as the password. 7. Read and accept the End User License Agreement. The Setup Selection screen is displayed. Using the Initial Setup Wizard Figure 4: Setup Selection The Initial Setup Wizard guides you step by step through the initial configuration process. Use this Wizard to configure the following: An appliance with one active Ethernet interface with an IP that you have set (all other interfaces will be deactivated) Your selected network settings Default gateway, Hostname, and so on Time settings that you have manually configured Active appliance roles that work according to the Ethernet interface and IP that you have selected 9
Installation and Setup Guide If you have selected the management services to be part of the appliance (All-in-One or Policy Server) you will also have installed a license (either an evaluation license or a permanent license) A new password of your choice for the initial setup Web interface admin user (the password cannot be finjan or an empty string) An initial setup Web interface working at https://new_ip:3012 (when the IP change takes place, you will be disconnected) The next sections detail separately configuration of a Policy Server or All in one, and a Scanning Server. Configuring a Policy Server or All in One To configure a Policy Server or All in One 1. Click the Initial Setup Wizard icon as appears in (Figure 4) to begin the setup procedure, and in the Welcome screen, click Next. The Appliance Role screen is displayed (Figure 5). Figure 5: Appliance Role Policy Server 2. From the Select a Role drop-down list, select one of the following appliance roles, and then click Next: Vital Security Policy Server Selecting the Vital Security Policy Server provides only management and reporting services, and requires an additional appliance for scanning. Vital Security Scanning Server Select the Vital Security Scanning Server if you want to activate this appliance for scanning, while another appliance is providing the management and reporting services. All in One Selecting the All in One appliance provides management, reporting and scanning services. None Places the Appliance in standby mode. In this procedure, select either the Policy Server or All in One. 10
Chapter 3: Getting Started 3. The License Type screen is displayed if you have selected Policy Server or All-in-One server. The Licensing option is disabled for other roles. Click the required License Type option. Figure 6: License Type 4. If you selected an Evaluation license, select the required license and security engine options (Figure 7), and then click Next. (Go straight to step 6) Figure 7: Evaluation License Options The following table describes the Evaluation License Options: Field Name Anti-Virus URL Filtering Application-Level Behavior Blocking Vulnerability Anti-dote Anti-Spyware Description Anti-Virus third party scanning engine which scans for known viruses (McAfee, Sophos or Kaspersky depending on your license) Third party engine which provides categorization of Web sites (SecureComputing or Surf Control depending on your license) Finjan s unique content scanning engine based on Behavior Profiles (binary or script) Unique Finjan engine that scans content to identify known vulnerabilities The Anti Spyware engine identifies spyware sites and block access to those sites 5. If you selected a Subscription license, enter the license key that you received from either Finjan or your reseller, and then click Next. 11
Installation and Setup Guide Figure 8: Subscription License 6. The License Details are displayed (Figure 9). Click Next. Figure 9: License Details 7. The Network Interface Used by Policy/Scanning Server screen is displayed (Figure 10). Figure 10: Network Interface Used by Policy/Scanning Server 8. The Appliance uses a single interface. Finjan recommends using the eth0 Interface. Select the required network interface, as follows: 12
Chapter 3: Getting Started Network Interfaces for NG1100 Appliance: Network Interface FE0 (eth0): 100MB - Autonegotiation enabled - Recommended! FE1 (eth1): 100MB - Autonegotiation enabled FE2 (eth2): 100MB - Autonegotiation enabled FE3 (eth3): 100MB - Forced 100MB Full-Duplex FE4 (eth4): 100MB - Autonegotiation enabled Description Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Auto-negotiation enables simple, automatic connection of devices by taking control of the cable when a connection is established to a network device that supports a variety of modes from a variety of manufacturers. The device is able to automatically configure the highest performance mode of interoperation. Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Allows communication where a speed of up to 100MB is forced and full-duplex, meaning the transmission of data in two directions simultaneously. Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Network Interfaces for NG5100 Appliance: Network Interface GE0 (eth0): 1GB - Autonegotiation enabled - Recommended! GE1 (eth1): 1GB - Autonegotiation enabled FE2 (eth2): 100MB - Autonegotiation enabled FE3 (eth3): 100MB - Forced 100MB Full-Duplex FE4 (eth4): 100MB - Autonegotiation enabled Description Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Auto-negotiation enables simple, automatic connection of devices by taking control of the cable when a connection is established to a network device that supports a variety of modes from a variety of manufacturers. The device is able to automatically configure the highest performance mode of interoperation. Allows communication at a speed of up to 1GB with Auto-Negotiation enabled. Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. Allows communication where a speed of up to 100MB is forced and full-duplex, meaning the transmission of data in two directions simultaneously. Allows communication at a speed of up to 100MB with Auto-Negotiation enabled. 13
Installation and Setup Guide 9. Enter the IP address and netmask for the selected interface in the respective fields, and then click Next. The Routing and Gateway screen is displayed (Figure 11). Figure 11: Routing and Gateway 10. Enter the Gateway IP address and static or local routes as required or leave as is to enable the default routing and gateway configuration, and then click Next. The Domain Name Service screen is displayed (Figure 12). Figure 12: Domain Name Service 11. Either define the machine name by filling in the Hostname field or leave as is to keep the default settings, and then click Next. The Time Settings screen is displayed (Figure 13). 14
Chapter 3: Getting Started Figure 13: Time Settings 12. Ensure that the correct settings have been selected, and then click Next. The Change Password screen is displayed (Figure 14). Figure 14: Change Password 13. Enter and confirm your new password. Note that changing your password here does not affect the password in the Management Console. Click Next. The Apply Changes screen is displayed (Figure 15). Figure 15: Apply Changes 14. Click Apply in order to apply all of the changes that have been made. The Setup procedure is complete. Click Next to return to the main Setup Console menu. 15
Installation and Setup Guide Configuring the Computer s IP Address From the main Setup Console menu, you must then configure your computer s IP address and hostname in order for it to be recognized by the Appliance. To configure the computer s IP address: 1. Navigate to Advanced Settings Network Settings Host Addresses. The Host Addresses screen is displayed (Figure 16). Figure 16: Host Addresses 2. To add yours and other computers to the system, click Add a new host address. The Create Host Address screen is displayed (Figure 17). Figure 17: Create Host Address 3. Enter the IP Address and Hostname of the PC that will work with Vital Security and click Create. The PC is added to the list. Once the PC is recognized, the administrator will have faster performance speed using the Setup Console. For information on the Advanced Settings, please refer to Appendix A Advanced Settings. NOTE: If you cannot connect via the interface you have selected (with either the old or the new IP), temporarily reset FE5 to its default settings via the LCD panel (10.0.5.1, netmask 255.255.255.0) by navigating to the Reset FE5 IP option, pressing Enter, pressing Enter again, and then access the Setup Console at https://10.0.5.1:3012. 16
Chapter 3: Getting Started Configuring a Scanning Server To configure a Scanning Server 1. Click the Initial Setup Wizard icon as appears in (Figure 4) to begin the setup procedure, and in the Welcome screen, click Next. The Appliance Role screen is displayed (Figure 18). Figure 18: Appliance Role Scanning Server 2. Select Vital Security Scanning Server from the drop-down menu, and then click Next: This appliance is used for scanning, while another appliance is providing the management and reporting services 3. The Network Interface Used by Policy/Scanning Server screen is displayed (Figure 10). 4. Complete the procedure as detailed in (Step 7 onwards). 5. Configure your computers IP address as described in Configuring the Computer s IP Address Update Mechanism The Update feature periodically checks Finjan's Web site and automatically notifies the administrator about any available updates. There are three categories of updates: Behavior scanning logic and vulnerability data: These can be configured automatically. Vital Security security processors and behavior profiling data are updated automatically from the Finjan site as soon as new Windows vulnerabilities are discovered. Vulnerability protection typically arrives before viruses that exploit the vulnerability are released. Finjan Software is a market leader in malicious mobile code and the Malicious Code Research Center at Finjan employs dedicated experts who work around the clock to identify new Windows vulnerabilities and exploits, enabling real day-zero protection. 17
Installation and Setup Guide Service Packs and new feature add-ons: Automatic downloading from the Finjan Web site can be enabled/disabled via the management console. You will be notified automatically when updates become available so that you can install them and keep your system up-to-date. Third-party security engines: Vital Security incorporates best-ofbreed third-party engines (anti-virus and URL categorization). These applications rely on frequent and regular updates, and these are downloaded and installed automatically by the auto-update feature. NOTE: Information regarding third-party security engines is not relevant for the following NG Appliances NG-1700/NG-5700/NG-8700 (the Anti-Spyware Appliance). Installing Updates Updates are performed via the Vital Security Management Console, which runs on the All-in-One appliance or Policy Server at the default HTTPS port (443). It is recommended to check for updates each time that you use the system, in the event that security and functional updates have been released either since the product was installed or since the last check was performed. If you are connecting your All-in-One appliance or Policy Server to the Internet via a proxy server, you must configure the proxy in the Next Proxy and Port fields on the Settings Updates Updates Configuration tab, and then click Apply and Commit Changes to ensure that the change takes effect. 1. Access the Management Console using the IP address you have defined, using the default user name (admin) and password (finjan). When accessing the Management Console, a certificate warning may be displayed. 2. Click Yes to continue. Configuring the Firewall for Automatic Updates In order to enable Automatic updates for the NG Appliance Series, the Firewall should be opened for the Policy Server, using the HTTPS (port 443) protocol in the outgoing direction. There are two destination URLs: https://updateng.finjan.com/remote_update https://mirror.updateng.finjan.com/remote_update All in one machine (web traffic ports) Only HTTP, FTP and HTTPS from LAN to WAN Policy Server in LAN Scanner in DMZ 18
Chapter 3: Getting Started Additional ports to open from LAN to DMZ Manager - transfer of policy updates, and other updates 5222 Vital Security Setup Console (Webmin) 3012 Additional Ports to Open from DMZ to LAN Log traffic (from server) 8000 If a log relay is activated, there is no need to open port 8000 to LAN Additional ports to open from LAN to DMZ Log traffic (Poll Server) 9000 Defining System Device Roles via the Management Console You can also define and edit system device roles via the Management Console. To edit system device roles: 1. Log in to the Management Console, open the Settings tab and select Devices. If you selected Vital Security Policy Server as your appliance role, you have an "all in one" preconfigured machine, with a device that is used in the following roles: Policy Server, Report Server, Log Server, Log Relay and Scanning Server: Figure 19: Network Roles Tree 2. If you want to configure an "all in one" device, change the IP address by selecting one of the IPs displayed in the Network Roles tree, and then click the Edit Device icon. The Edit Device dialog box is displayed. 19
Installation and Setup Guide Figure 20: Edit Device IP Dialog Box 3. Enter the required IP address, and from the Device Roles list, select All in One. 4. If you want to configure a Policy Server only, delete the existing device, and then click the Add Device icon displayed.. The Add Device dialog box is Figure 21: Add Device Dialog Box NOTE: If multiple servers are included on one device, they should be selected together in the Add Device dialog (using Control on your keyboard). You may not add a server to a device where the IP address has already been defined a prompt appears stating that the device has already been defined. 5. Click OK. The device that you have added now appears in the Network Roles tree. 6. Select the IP address of the device you have added. The device status is displayed. 7. Select the Activate checkbox. Figure 22: Activation Area 20
Chapter 3: Getting Started NOTE: If you have added a Logging Server, and you are using an All in One Device, all Log Processing options should be selected, as shown below. Figure 23: Log Properties Area 8. Under the Scanning Server device, change the Log Server Interface IP from 127.0.0.1 to the correct Log Server machine IP. Figure 24: Log Server Interface 9. When you have defined all devices in the system or made any changes, click Apply on the bottom right hand of the screen, and the click the Commit Changes icon located on the top right hand side of the screen. 21
Installation and Setup Guide After defining your devices, Finjan recommends that you change the default password. To change the default password: 1. Select the Settings tab on the Main Navigation bar. 2. From the System tab, select the Password tab. The Change Password dialog box is displayed. 3. Enter your old and new passwords in the fields shown, and then click Apply. Using the Vital Security Appliance 5100 as a Load Balancer The Vital Security Appliance 5100 can be configured as a load balancer (Vital Security Appliance 5300) when more than one Vital Security Appliance 5100 is required. This section contains the following topics: Configuring Vital Security Appliance 5300 Load Balancer as the Default Appliance, page 22 Vital Security Appliance 5300 Setup Procedure, page 22 Defining your Vital Security Appliance 5300 Configuration Options, page 23 Configuring Vital Security Appliance 5300 Load Balancer as the Default Appliance To configure your Vital Security Appliance 5300 Load Balancer as the default appliance: 1. Using the Bootloader Advanced Options Utility, select either option 3 or option 4, as required. 2. From the options shown, select Option 8: Set the default boot to the load balancer. 3. Select the option to reboot the appliance with the newly configured default. Vital Security Appliance 5300 Setup Procedure The Vital Security Appliance 5300 load balancer is supplied with a default IP address 10.0.0.100 and is accessed remotely for initial setup by any PC in your network, in the same subnet. For remote access, the Vital Security Appliance 5300 uses a secure (HTTPS) web console. 22
Chapter 3: Getting Started To access the Vital Security Appliance 5300 remotely: 1. Connect a crossed-cable or Network cable to the active port, eth0. 2. Configure the network settings of your PC to match those of the appliance: IP address in the same subnet e.g. 10.0.0.101 Subnet mask 255.255.255.0 3. Open your Internet browser and type in https://10.0.0.100:8043. 4. Click Enter. Depending on your browser, a Security Alert may appear. Click Yes to continue. 5. A login screen appears. Enter the required User name (the default is admin) and password (the default is finjan), and then click OK. You can now remotely access the Vital Security Appliance 5300 via your browser. See Defining your Vital Security Appliance 5300 Configuration Options, for further information. Defining your Vital Security Appliance 5300 Configuration Options The Vital Security Appliance 5300 Web-based user interface (Figure 25) allows you to define load balancer configuration parameters, change your password and configure server information. 23
Installation and Setup Guide Figure 25: Load Balancer The Vital Security Appliance 5300 (Load Balancer) is accessed on your network via an IP address and subnet mask that should reflect your company's network settings. However, the communication between the Vital Security Appliance 5300 and Vital Security scanners is on an internal private network for which the appliance needs an additional internal IP address and subnet mask In spite of having two different IP addresses and subnet masks, there is only one Ethernet port (GEO) physically attached to the network. The following table describes the Load Balancer configuration: Load Balancer Configuration LAN IP/Mask Scanners Subnet IP/Mask Gateway Enter an IP address and subnet mask for the Vital Security Appliance 5300 in your company network. Enter an IP address and subnet mask for the private internal network connecting all appliances to be load balanced. This is the organization's Internet gateway. 24
Chapter 3: Getting Started HTTP/HTTPS Port FTP Port SSL Appliance Port (used by the Vital Security Appliance 5400) Current Password New Password Confirm Password Ports used for network traffic. Use these settings when you need to change your password. Active Servers Delete/Suspend Use these buttons to delete or suspend servers Add a Server New Server IP Server Type The new server IP address must be on the internal subnet mask. Select from the three server type options: Scanning Server Scanning Server + Database (an All in One Machine) - if this option is selected, the appliance receives less traffic so that performance remains optimized. SSL Appliance Adding Servers to the Load Balancer Servers can be added to the Load Balancer as traffic over the network increases, and there is a need to optimize performance by spreading the traffic load over more appliances. To add a server to the Load Balancer: 1. In the Add a Server section of the Load Balancer screen (Figure 25), enter the IP address of the server in the New Server IP field (Figure 26). Figure 26: Add a Server 2. In the Server Type field, select the server type from the drop-down menu (Figure 26), and click Add. The new server is added to the Active Server list (Figure 27). 25