Planet SG-500 Instrukcja Użytkownika

SG-500 VPN Security G atew ay U ser＇s M anual VPN Security Gateway SG-500 User’s Manual

SG-500 VPN Security Gateway User’s Manual - 5 -2.2 Admin Define the required fields of Administrator Administrator Name:  The user name of Ad

SG-500 VPN Security Gateway User’s Manual - 95 -STEP 2﹒Add an Outgoing Policy and use in Content Blocking function. URL Blocking Policy Setting

SG-500 VPN Security Gateway User’s Manual - 96 -4.13 Script Restrict the Internal Users to access to Script file of Website STEP 1﹒Select the fo

SG-500 VPN Security Gateway User’s Manual - 97 -STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function. New Policy of Script Bloc

SG-500 VPN Security Gateway User’s Manual - 98 -4.14 P2P Restrict the Internal Users to access to the file on Internet by P2P STEP 1﹒Select the

SG-500 VPN Security Gateway User’s Manual - 99 -STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function. Add New Policy of P2P Blo

SG-500 VPN Security Gateway User’s Manual - 100 -4.15 IM Restrict the Internal Users to send message, files, video and audio by Instant Messaging

SG-500 VPN Security Gateway User’s Manual - 101 -STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function. Add New Policy of IM Blo

SG-500 VPN Security Gateway User’s Manual - 102 -4.16 Download Restrict the Internal Users to access to video, audio, and some specific sub-name

SG-500 VPN Security Gateway User’s Manual - 103 -STEP 2﹒Add a new Outgoing Policy and use in Content Blocking function. Add New Download Blockin

SG-500 VPN Security Gateway User’s Manual - 104 -4.17 Virtual Server The real IP address provided from ISP is always not enough for all the users

SG-500 VPN Security Gateway User’s Manual - 6 -Adding a new Sub Administrator STEP 1﹒In the Admin Web UI, click the New Sub Admin button to create

SG-500 VPN Security Gateway User’s Manual - 105 -In this section, we will have detailed introduction and instruction of Mapped IP and Server 1/2/3

SG-500 VPN Security Gateway User’s Manual - 106 -Define the required fields of Virtual Server WAN IP：  WAN IP Address (Real IP Address) Map to

SG-500 VPN Security Gateway User’s Manual - 107 -We set up four Virtual Server examples in this section: No. Suitable Situation Example Ex1 Mappe

SG-500 VPN Security Gateway User’s Manual - 108 -4.18 Example Make a single server that provides several services such as FTP, Web, and Mail, to

SG-500 VPN Security Gateway User’s Manual - 109 -STEP 4﹒Group the services (DNS, FTP, HTTP, POP3, SMTP…) that provided and used by server in Servi

SG-500 VPN Security Gateway User’s Manual - 110 -STEP 7﹒Complete the setting of providing several services by mapped IP. A Single Server that Pr

SG-500 VPN Security Gateway User’s Manual - 111 -Make several servers that provide a single service, to provide service through policy by Virtual

SG-500 VPN Security Gateway User’s Manual - 112 -STEP 2﹒Enter the following data in Server 1 of Virtual Server function:  Click the button next

SG-500 VPN Security Gateway User’s Manual - 113 -STEP 3﹒ Add a new policy in Incoming Policy, which includes the virtual server, set by STEP2.

SG-500 VPN Security Gateway User’s Manual - 114 -The external user use VoIP to connect with VoIP of LAN (VoIP Port: TCP 1720, TCP 153210-15333, UD

SG-500 VPN Security Gateway User’s Manual - 7 -Modify the Administrator’s Password STEP 1﹒In the Admin Web UI, locate the Administrator name you w

SG-500 VPN Security Gateway User’s Manual - 115 -STEP 4﹒Enter the following setting in Server1 of Virtual Server function:  Click the button nex

SG-500 VPN Security Gateway User’s Manual - 116 -STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP4. Complete

SG-500 VPN Security Gateway User’s Manual - 117 -STEP 7﹒Complete the setting of the external/internal user using specific service to communicate w

SG-500 VPN Security Gateway User’s Manual - 118 -Make several servers that provide several same services, to provide service through policy by Vir

SG-500 VPN Security Gateway User’s Manual - 119 -STEP 4﹒Enter the following data in Server1 of Virtual Server:  Click the button next to Virtual

SG-500 VPN Security Gateway User’s Manual - 120 -STEP 5﹒Add a new Incoming Policy, which includes the virtual server that set by STEP 3. Comple

SG-500 VPN Security Gateway User’s Manual - 121 -STEP 7﹒Complete the setting of providing several services by Virtual Server. Complete the Setti

SG-500 VPN Security Gateway User’s Manual - 122 -4.19 IPSec VPN The SG-500 adopts VPN to set up safe and private network service. And combine the

SG-500 VPN Security Gateway User’s Manual - 123 - One of the IPSec standards that provides for the confidentiality of data packets. DES (Data E

SG-500 VPN Security Gateway User’s Manual - 124 -Define the required fields of IPSec Function i:  To display the VPN connection status via icon。

SG-500 VPN Security Gateway User’s Manual - 8 -2.3 Permitted IPs STEP 1﹒Add the following setting in Permitted IPs of Administration:  Name: En

SG-500 VPN Security Gateway User’s Manual - 125 -We set up four IPSec VPN examples in this chapter: No. Range The Application Environments Examp

SG-500 VPN Security Gateway User’s Manual - 126 -Example.1 To access the static subnet resources via the IPSec VPN connection between two SG-500

SG-500 VPN Security Gateway User’s Manual - 127 -The Default Gateway of Company A is the SG-500 LAN IP 192.168.10.1. Follow the steps below: STEP

SG-500 VPN Security Gateway User’s Manual - 128 -STEP 3 . Select Remote Gateway-Fixed IP or Domain Name In To Destination list and enter the IP Ad

SG-500 VPN Security Gateway User’s Manual - 129 -STEP 6 . You can choose Data Encryption + Authentication or Authentication Only to communicate in

SG-500 VPN Security Gateway User’s Manual - 130 -STEP 9 . Enter the following setting in Tunnel of VPN function:  Enter a specific Tunnel Name.

SG-500 VPN Security Gateway User’s Manual - 131 -STEP 10 . Enter the following setting in Outgoing Policy:  Tunnel: Select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 132 -STEP 11 . Enter the following setting in Incoming Policy:  Tunnel: Select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 133 -The Default Gateway of Company B is the LAN IP of the SG-500 192.168.20.1. Follow the steps below

SG-500 VPN Security Gateway User’s Manual - 134 -STEP 15 . Select Remote Gateway-Fixed IP or Domain Name In To Destination list and enter the IP A

SG-500 VPN Security Gateway User’s Manual - 9 -2.4 Logout STEP 1﹒Click Logout in System to protect the system while Administrator is away. Conf

SG-500 VPN Security Gateway User’s Manual - 135 -STEP 18 . You can choose Data Encryption + Authentication or Authentication Only to communicate i

SG-500 VPN Security Gateway User’s Manual - 136 -STEP 21 . Enter the following setting in Tunnel of VPN function:  Enter a specific Tunnel Nam

SG-500 VPN Security Gateway User’s Manual - 137 -STEP 22 . Enter the following setting in Outgoing Policy:  Tunnel: Select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 138 -STEP 23 . Enter the following setting in Incoming Policy:  Tunnel: Select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 139 -Example.2 The way to set the SG-500 appliance IPSec VPN connection in Windows 2000. The Depl

SG-500 VPN Security Gateway User’s Manual - 140 -The A Company‘s default gateway is the LAN IP 192.168.10.1 in the SG-500. Add the following setti

SG-500 VPN Security Gateway User’s Manual - 141 -STEP 5 . In Encapsulation Æ select ISAKMP Algorithm. Select the needed algorithm as both sides st

SG-500 VPN Security Gateway User’s Manual - 142 -STEP 7 . In Perfect Forward Secrecy (NO-PFS/ GROUP 1, 2, 5), select GROUP 1. In ISAKMP Lifetime,

SG-500 VPN Security Gateway User’s Manual - 143 -STEP 9 . In VPN Æ Tunnel , add the following settings： Name, enter the Tunnel Name. From Sour

SG-500 VPN Security Gateway User’s Manual - 144 -STEP 10 . In Policy Æ Outgoing, add the following settings： Tunnel, select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 10 -2.5 Software Update STEP 1﹒Select Software Update in System, and follow the steps below:  To ob

SG-500 VPN Security Gateway User’s Manual - 145 -STEP 11 . In Policy Æ Incoming, add the following settings： Tunnel, select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 146 -The B Company’s real IP is 211.22.22.22, add the following settings： STEP 12 . Click Start Æ Run

SG-500 VPN Security Gateway User’s Manual - 147 -STEP 13 . In Run Æ Open column, enter mmc. To startup the Windows 2000 IPSec VPN setting STE

SG-500 VPN Security Gateway User’s Manual - 148 -STEP 15 . In Add / Remove Snap-in, click Add. In Add Standalone Snap-in, add IP Security Policy M

SG-500 VPN Security Gateway User’s Manual - 149 -STEP 16 . Select Local Computer, click Finish. Select the type of IP Security Policy Management

SG-500 VPN Security Gateway User’s Manual - 150 -STEP 17 . Complete to set the IP Security Policy Management. Complete to set the IP Security

SG-500 VPN Security Gateway User’s Manual - 151 -STEP 18 . Right click on the IP Security Policies on Local Machine, and select Create IP Security

SG-500 VPN Security Gateway User’s Manual - 152 -STEP 19 . Click Next. Open IP Security Policy Wizard

SG-500 VPN Security Gateway User’s Manual - 153 -STEP 20 . Enter the VPN Name and Description, and click Next. Set the VPN name and description

SG-500 VPN Security Gateway User’s Manual - 154 -STEP 21 . Disable to Activate the default response rule, and click Next. Disable to activate

SG-500 VPN Security Gateway User’s Manual - 11 -2.6 Configure The Configure is according to the basic setting of the SG-500. In this section the

SG-500 VPN Security Gateway User’s Manual - 155 -STEP 22 . In IP Security Policy Wizard, select Edit properties, click Finish. Complete the IP S

SG-500 VPN Security Gateway User’s Manual - 156 -STEP 23 . In VPN_B Properties, do not select Use Add Wizard, and click Add. VPN_B Properties

SG-500 VPN Security Gateway User’s Manual - 157 -STEP 24 . In New Rule Properties, Click Add. New Rule Properties

SG-500 VPN Security Gateway User’s Manual - 158 -STEP 25 . In IP Filter List, do not select Use Add Wizard. Modify the Name into VPN_B WAN TO LAN,

SG-500 VPN Security Gateway User’s Manual - 159 -STEP 26 . In Filter Properties Æ Source address Æ A specific IP Address, enter B Company’s WAN

SG-500 VPN Security Gateway User’s Manual - 160 -STEP 27 . Complete the setting, and close the IP Filter List. Complete the IP Filter List set

SG-500 VPN Security Gateway User’s Manual - 161 -STEP 28 . In New Rule Properties Æ Filter Action Æ Require Security. Click Edit. Filter Actio

SG-500 VPN Security Gateway User’s Manual - 162 -STEP 29 . In Require Security Properties, select Session Key Perfect Forward Secrecy. Select Se

SG-500 VPN Security Gateway User’s Manual - 163 -STEP 30 . Select Custom / None / 3DES / MD5 Security Method, click Edit. Edit the Security Me

SG-500 VPN Security Gateway User’s Manual - 164 -STEP 31 . Click Custom (for expert users), and click Settings. Custom Security Method

SG-500 VPN Security Gateway User’s Manual - 12 -2.7 Settings SG-500 Configuration:  The Administrator can import or export the system settings

SG-500 VPN Security Gateway User’s Manual - 165 -STEP 32 . Select Data intergrity and encryption, choose Intergrity algorithm Æ MD5. Encryption al

SG-500 VPN Security Gateway User’s Manual - 166 -STEP 33 . In New Rule Properties Æ Connection Type, select All network connections. Connectio

SG-500 VPN Security Gateway User’s Manual - 167 -STEP 34 . In New Rule Properties Æ Tunnel Setting, select The tunnel endpoint is specified by thi

SG-500 VPN Security Gateway User’s Manual - 168 -STEP 35 . In New Rule Properties Æ Authentication Methods, click Edit. Authentication Methods

SG-500 VPN Security Gateway User’s Manual - 169 -STEP 36 . Select Use this string to protect the key exchange (Preshared key), enter the Preshared

SG-500 VPN Security Gateway User’s Manual - 170 -STEP 37 . Click Apply Æ OK Æ Close. Complete the Authentication Methods setting

SG-500 VPN Security Gateway User’s Manual - 171 -STEP 38 . Complete the VPN_B WAN TO LAN settings. Complete the VPN_B WAN TO LAN policy settin

SG-500 VPN Security Gateway User’s Manual - 172 -STEP 39 . In VPN _B Properties, do not select Use Add Wizard. Click Add, to add the second IP sec

SG-500 VPN Security Gateway User’s Manual - 173 -STEP 40 . In New Rule Properties, click Add. New Rule Properties

SG-500 VPN Security Gateway User’s Manual - 174 -STEP 41 . In IP Filter List, do not select Use Add Wizard. Modify the Name into VPN_B LAN TO WAN,

SG-500 VPN Security Gateway User’s Manual - 13 -Dynamic Routing (RIPv2)  By enable LAN, WAN, or DMZ Port to send and receive RIPv2 packets, th

SG-500 VPN Security Gateway User’s Manual - 175 -STEP 42 . In Filter PropertiesÆ Source address, select A specific IP Subnet, enter A Company‘s LA

SG-500 VPN Security Gateway User’s Manual - 176 -STEP 43 . Complete the settings, close the IP Filter List. Complete the IP Filter List settin

SG-500 VPN Security Gateway User’s Manual - 177 -STEP 44 . In New Rule Properties Æ Filter Action, select Required Security, then click Edit. Fi

SG-500 VPN Security Gateway User’s Manual - 178 -STEP 45 . In Require Security Properties, select Session key Perfect Froward Secrecy. Select

SG-500 VPN Security Gateway User’s Manual - 179 -STEP 46 . Select Custom / None / 3DES / MD5 Security Method. Click Edit. Set the Security Metho

SG-500 VPN Security Gateway User’s Manual - 180 -STEP 47 . Select Custom (for expert users), click Settings. Custom Security Method settings

SG-500 VPN Security Gateway User’s Manual - 181 -STEP 48 . Select Data integrity and encryption (ESP). Integrity algorithm, select MD5. Encryption

SG-500 VPN Security Gateway User’s Manual - 182 -STEP 49 . In New Rule Properties Æ Connection Type, select All network connections. Connectio

SG-500 VPN Security Gateway User’s Manual - 183 -STEP 50 . In New Rule Properties Æ Tunnel Setting, select The tunnel endpoint is specified by thi

SG-500 VPN Security Gateway User’s Manual - 184 -STEP 51 . In New Rule Properties Æ Authentication Methods, click Edit. Authentication Methods

SG-500 VPN Security Gateway User’s Manual - 14 -Define the required fields of Multiple Subnet Forwarding Mode:  To display the mode that Mult

SG-500 VPN Security Gateway User’s Manual - 185 -STEP 52 . Select Use this string to protect the key exchange (Preshared key). Enter the Preshared

SG-500 VPN Security Gateway User’s Manual - 186 -STEP 53 . Click Apply and close the setting window. Complete the New Rule setting

SG-500 VPN Security Gateway User’s Manual - 187 -STEP 54 . Complete the VPN_B LAN TO WAN setting. Complete the VPN_B LAN TO WAN Rule setting

SG-500 VPN Security Gateway User’s Manual - 188 -STEP 55 . In VPN_B Properties Æ General, click Advanced. The VPN_B General setting

SG-500 VPN Security Gateway User’s Manual - 189 -STEP 56 . Select Master Key Perfect Forward Secrecy, click Methods. Key Exchange settings

SG-500 VPN Security Gateway User’s Manual - 190 -STEP 57 . Click Move up or Move down to arrange IKE / 3DES / MD5 / to the Top, and click OK.

SG-500 VPN Security Gateway User’s Manual - 191 -STEP 58 . Complete all the Windows 2000 VPN settings. Complete all the Windows 2000 IPSec VPN

SG-500 VPN Security Gateway User’s Manual - 192 -STEP 59 . Right click on VPN_B, select Assign. To assign the VPN_B Security Rules

SG-500 VPN Security Gateway User’s Manual - 193 -STEP 60 . We need to restart the IPsec Service. Click Start Æ Setting Æ Control Panel. Enter

SG-500 VPN Security Gateway User’s Manual - 194 -STEP 61 . In Control Panel, double click Administrative Tools icon. Enter the Administrative

SG-500 VPN Security Gateway User’s Manual Copyright Copyright© 2007 by PLANET Technology Corp. All rights reserved. No part of this publication may be

SG-500 VPN Security Gateway User’s Manual - 15 -NAT Mode:  It allows Internal Network to set multiple subnet address and connect with the Intern

SG-500 VPN Security Gateway User’s Manual - 195 -STEP 62 . In Administrative Tools, double click Services icon. Enter the Services

SG-500 VPN Security Gateway User’s Manual - 196 -STEP 63 . In Services, right click on IPsec Policy Agent, select Restart. Restart IPSec Polic

SG-500 VPN Security Gateway User’s Manual - 197 -Example.3 The way to set the IPSec VPN connection between two SG-500 appliances. (Aggressive mode

SG-500 VPN Security Gateway User’s Manual - 198 -The A Company‘s default gateway is the SG-500 LAN IP 192.168.10.1. Make the following settings:

SG-500 VPN Security Gateway User’s Manual - 199 -STEP 5 . In Encapsulation, select ISAKMP Algorithm, to select the needed algorithm.In ENC Algorit

SG-500 VPN Security Gateway User’s Manual - 200 -STEP 7 . In Perfect Forward Secrecy （NO-PFS/ GROUP 1, 2, 5）, select GROUP 1. In ISAKMP Lifetime,

SG-500 VPN Security Gateway User’s Manual - 201 -STEP 10 . In VPN Æ Tunnel add the following settings： Name, enter the Tunnel name. From Sourc

SG-500 VPN Security Gateway User’s Manual - 202 -STEP 11 . In Policy Æ Outgoing , add the following settings： Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 203 -STEP 12 . In Policy Æ Incoming , add the following settings： Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 204 -The B Company‘s default gateway is the SG-500’s LAN IP 192.168.20.1. Add the following settings：

SG-500 VPN Security Gateway User’s Manual - 16 -Define the required fields of DHCP Subnet:  The domain name of LAN Netmask:  The LAN Netma

SG-500 VPN Security Gateway User’s Manual - 205 -STEP 16 . In Authentication Method, select Preshare, enter the Preshared Key. (The maximum Presha

SG-500 VPN Security Gateway User’s Manual - 206 -STEP 19 . In Perfect Forward Secrecy（NO-PFS/ GROUP 1,2,5）, select GROUP 1. In ISAKMP Lifetime, en

SG-500 VPN Security Gateway User’s Manual - 207 -STEP 22 . In VPN Æ TunnelÆ New Entry, add the following settings： Name, enter the Tunnel Name.

SG-500 VPN Security Gateway User’s Manual - 208 -STEP 23 . In Policy Æ Outgoing , add the following settings： Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 209 -STEP 24 . In Policy Æ Incoming, add the following settings： Tunnel, select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 210 -Example.4 The way to set the IPSec VPN connection between two SG-500 appliances. (The GRE packets

SG-500 VPN Security Gateway User’s Manual - 211 -The A Company’s default gateway is the LAN IP 192.168.10.1 in SG-500. STEP 1 . Enter the A Com

SG-500 VPN Security Gateway User’s Manual - 212 - The IPSec Encapsulation setting STEP 6 . In IPSec Algorithm, select Data Encryption + Authentic

SG-500 VPN Security Gateway User’s Manual - 213 -STEP 7 . In Perfect Forward Secrecy (NO-PFS/ GROUP 1, 2, 5), select GROUP 1. In ISKMP Lifetime, e

SG-500 VPN Security Gateway User’s Manual - 214 -STEP 10 . In VPN Æ Tunnel , add the following settings：  Name, enter the Tunnel Name.  Fr

SG-500 VPN Security Gateway User’s Manual - 17 -System Settings- Exporting STEP 1﹒In System Setting Web UI, click on button next to Export System

SG-500 VPN Security Gateway User’s Manual - 215 -STEP 11 . In Policy Æ Outgoing, add the following settings：  Tunnel, select IPSec_VPN_Tunnel. 

SG-500 VPN Security Gateway User’s Manual - 216 -STEP 12 . In Policy Æ Incoming , add the following settings：  Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 217 -The B Company‘s default gateway is the LAN IP 192.168.20.1 of SG-500. Add the following settings：

SG-500 VPN Security Gateway User’s Manual - 218 -STEP 16 . In Authentication Method, select Preshare, enter the Preshared Key. (The maximum Presha

SG-500 VPN Security Gateway User’s Manual - 219 -STEP 19 . In Perfect Forward Secrecy (NO-PFS/ GROUP 1, 2, 5), select GROUP 1. In ISAKMP Lifetime,

SG-500 VPN Security Gateway User’s Manual - 220 -STEP 22 . In VPN Æ Tunnel , add the following settings：  In Name, enter the Tunnel name.  Fr

SG-500 VPN Security Gateway User’s Manual - 221 -STEP 23 . In Policy ÆOutgoing , add the following settings：  Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 222 -STEP 24 . In Policy Æ Incoming, add the following settings：  Tunnel, select IPSec_VPN_Tunnel.

SG-500 VPN Security Gateway User’s Manual - 223 -Chapter 5 Policy Every packet has to be detected if it corresponds with Policy or not when it p

SG-500 VPN Security Gateway User’s Manual - 224 -(4) LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system ma

SG-500 VPN Security Gateway User’s Manual - 18 -System Settings- Importing STEP 1﹒In System Setting Web UI, click on the Browse button next to Imp

SG-500 VPN Security Gateway User’s Manual - 225 -5.1 Policy Define the required fields of Policy Source and Destination:  Source IP and Destin

SG-500 VPN Security Gateway User’s Manual - 226 -Option:  To display if every function of Policy is enabled or not. If the function is enabled

SG-500 VPN Security Gateway User’s Manual - 227 - MAX. Concurrent Sessions:  Set the concurrent sessions that permitted by policy. And if the se

SG-500 VPN Security Gateway User’s Manual - 228 -We set up six Policy examples in this section: No. Suitable Situation Example Ex1 Outgoing Set u

SG-500 VPN Security Gateway User’s Manual - 229 -5.2 Example Set up the policy that can monitor the internal users. (Take Logging, Statistics, an

SG-500 VPN Security Gateway User’s Manual - 230 -STEP 2﹒Complete the setting of Logging, Statistics, and Alarm Threshold in Outgoing Policy. Com

SG-500 VPN Security Gateway User’s Manual - 231 -STEP 4﹒To display the traffic record that through Policy to access to Internet in Policy Statisti

SG-500 VPN Security Gateway User’s Manual - 232 -Forbid the users to access to specific network. (Take specific WAN IP and Content Blocking for ex

SG-500 VPN Security Gateway User’s Manual - 233 - Download Blocking Setting 1. URL Blocking can restrict the Internal Users only can access to so

SG-500 VPN Security Gateway User’s Manual - 234 -STEP 2﹒Enter as following in WA N and WAN Group of Address function. Setting the WAN IP that go

SG-500 VPN Security Gateway User’s Manual - 19 -Restoring Factory Default Settings STEP 1﹒Select Reset Factory Settings in SG-500 Configuration We

SG-500 VPN Security Gateway User’s Manual - 235 -STEP 3﹒Enter the following setting in Outgoing Policy:  Click New Entry  Destination Address:

SG-500 VPN Security Gateway User’s Manual - 236 -STEP 4﹒Enter the following setting in Outgoing Policy:  Click New Entry  Select Content Block

SG-500 VPN Security Gateway User’s Manual - 237 -Only allow the users who pass Authentication to access to Internet in particular time STEP 1﹒Ent

SG-500 VPN Security Gateway User’s Manual - 238 -STEP 3﹒Enter the following setting in Outgoing Policy:  Click New Entry  Authentication User:

SG-500 VPN Security Gateway User’s Manual - 239 -The external user control the internal PC through remote control software (Take PC-Anywhere for e

SG-500 VPN Security Gateway User’s Manual - 240 -STEP 3﹒Enter the following in Incoming Policy:  Click New Entry  Destination Address: Select

SG-500 VPN Security Gateway User’s Manual - 241 -Set a FTP Server under DMZ NAT Mode and restrict the download bandwidth from external and MAX. Co

SG-500 VPN Security Gateway User’s Manual - 242 -STEP 4﹒Enter the following in WAN to DMZ Policy:  Click New Entry  Destination Address: Selec

SG-500 VPN Security Gateway User’s Manual - 243 -Set a Mail Server to allow the internal and external users to receive and send e-mail under DMZ T

SG-500 VPN Security Gateway User’s Manual - 244 -STEP 4﹒Enter the following setting in WAN to DMZ Policy:  Click New Entry  Destination Addres

SG-500 VPN Security Gateway User’s Manual - 20 - STEP 3﹒Sender Address: Enter the Sender Address. (Required by some ISPs.) STEP 4﹒SMTP Server IP:

SG-500 VPN Security Gateway User’s Manual - 245 -STEP 6﹒Add the following setting in LAN to DMZ Policy:  Click New Entry  Destination Address:

SG-500 VPN Security Gateway User’s Manual - 246 -STEP 8﹒Add the following setting in DMZ to WAN Policy:  Click New Entry  Source Address: Sele

SG-500 VPN Security Gateway User’s Manual - 247 -Chapter 6 Web VPN / SSL VPN As a result of the Internet universal application, the demand which

SG-500 VPN Security Gateway User’s Manual - 248 -Define the required fields of VPN: DES (Data Encryption Standard):  The Data Encryption Stan

SG-500 VPN Security Gateway User’s Manual - 249 -Define the required fields of Status: User Name:  Display authentication account which is used

SG-500 VPN Security Gateway User’s Manual - 250 -6.1 Settings Setting Web VPN / SSL VPN Connection between External Client and SG-500 STEP 1. E

SG-500 VPN Security Gateway User’s Manual - 251 -STEP 4. Enter the following setting in Setting of Web VPN / SSL VPN:  Click Modify.  Enable

SG-500 VPN Security Gateway User’s Manual - 252 - Complete Enable Web VPN

SG-500 VPN Security Gateway User’s Manual - 253 -STEP 5. Enter the following setting in Browser:  Address: Enter http://61.11.11.11/sslvpn or h

SG-500 VPN Security Gateway User’s Manual - 254 - Security Alert Window Warning – Security Window

SG-500 VPN Security Gateway User’s Manual - 21 -Reboot SG-500 STEP 1﹒Reboot SG-500：Click Reboot button next to Reboot SG-500 Appliance. STEP 2﹒A

SG-500 VPN Security Gateway User’s Manual - 255 - Warning – HTTPS Window Warning – Security Window

SG-500 VPN Security Gateway User’s Manual - 256 - Authentication Window SSL VPN Connecting

SG-500 VPN Security Gateway User’s Manual - 257 - Complete SSL VPN Connection

SG-500 VPN Security Gateway User’s Manual - 258 -STEP 6. Display the following connection message in SATUS of Web VPN / SSL VPN: SSL VPN Conne

SG-500 VPN Security Gateway User’s Manual - 259 - If client PC not install SUN JAVA Runtime Environment, when login SSL VPN connection Web UI, it

SG-500 VPN Security Gateway User’s Manual - 260 -Chapter 7 Anomaly Flow IP When the SG-500 received the intrusion packets from hackers, the inter

SG-500 VPN Security Gateway User’s Manual - 261 -7.1 Settings Sasser Block  Can block the external Sasser virus attack. MSBlaster Block  C

SG-500 VPN Security Gateway User’s Manual - 262 -Detect ICMP Flood  Can detect the data packes sent from hacker and use the Broadcast to send to

SG-500 VPN Security Gateway User’s Manual - 263 -Detect Ping of Death Attack  Can detect the status of PING data packets sent from the hackers,

SG-500 VPN Security Gateway User’s Manual - 264 - When the MIS engineer enable the Anomaly Flow function, the SG-500 will instantly show the mess

SG-500 VPN Security Gateway User’s Manual - 22 -2.8 Date/Time STEP 1﹒Select Enable synchronize with an Internet time Server. STEP 2﹒Click the do

SG-500 VPN Security Gateway User’s Manual - 265 -To alert and block the external or internal anomalous data packets Step1. In Anomaly IP Æ Set

SG-500 VPN Security Gateway User’s Manual - 266 - The setting of anomaly flow IP and Dos / Anti-Attack Can add Non-detected IP, and these IP w

SG-500 VPN Security Gateway User’s Manual - 267 -Step2. When the system detects the DDoS attack packets, it will show the message in Anomaly Flow

SG-500 VPN Security Gateway User’s Manual - 268 - Send the NetBIOS Alert Notification to the MIS engineer

SG-500 VPN Security Gateway User’s Manual - 269 - Step3. Enable the System Æ E-Mail alert notification, and then the SG-500 will send the mail no

SG-500 VPN Security Gateway User’s Manual - 270 - Step4. Enable the Anomaly Flow Æ Attack Event, then the SG-500 shows the attack information in

SG-500 VPN Security Gateway User’s Manual - 271 -Chapter 8 Monitor 8.1 LOG Log records all connections that pass through the SG-500’s control po

SG-500 VPN Security Gateway User’s Manual - 272 -We set up four LOG examples in the section: No. Suitable Situation Example Ex 1 Traffic Log To d

SG-500 VPN Security Gateway User’s Manual - 273 -8.2 Traffic Log To detect the information and Protocol port that users use to access to Internet

SG-500 VPN Security Gateway User’s Manual - 274 -STEP 3﹒Click Traffic Log. It will show up the packets records that pass this policy. Traffic Lo

SG-500 VPN Security Gateway User’s Manual - 23 -2.9 Multiple Subnet Connect to the Internet through Multiple Subnet NAT or Routing Mode by the IP

SG-500 VPN Security Gateway User’s Manual - 275 -STEP 4﹒Click on a specific IP of Source IP or Destination IP, it will prompt out a Web UI about P

SG-500 VPN Security Gateway User’s Manual - 276 -STEP 5﹒ Click on Download Logs and select Save in File Download Web UI. And then choose the plac

SG-500 VPN Security Gateway User’s Manual - 277 -STEP 6﹒ Click Clear Logs and click OK on the confirm Web UI. The records will be deleted from the

SG-500 VPN Security Gateway User’s Manual - 278 -8.3 Event Log To record the detailed management events (such as Interface and event description

SG-500 VPN Security Gateway User’s Manual - 279 -STEP 2﹒Click on Download Logs and select Save in File Download Web UI. Then choose the place to s

SG-500 VPN Security Gateway User’s Manual - 280 -STEP 3﹒ Click Clear Logs and click OK on the confirm Web UI; the records will be deleted from the

SG-500 VPN Security Gateway User’s Manual - 281 -8.4 Connection Log To Detect Event Description of WAN Connection STEP 1﹒Click Connection in LOG

SG-500 VPN Security Gateway User’s Manual - 282 -STEP 2﹒Click on Download Logs and select Save in File Download Web UI. And then choose the place

SG-500 VPN Security Gateway User’s Manual - 283 -STEP 3﹒ Click Clear Logs and click OK on the confirm Web UI, the records will be deleted from the

SG-500 VPN Security Gateway User’s Manual - 284 -8.5 Log Backup To save or receive the records that sent by the SG-500 STEP 1﹒Enter Setting in S

SG-500 VPN Security Gateway User’s Manual - 24 -Adding Multiple Subnet Add the following settings in Multiple Subnet of System function:  Click

SG-500 VPN Security Gateway User’s Manual - 285 -STEP 3﹒Enter Log Backup in Log, enter the following settings in Syslog Settings:  Select Enable

SG-500 VPN Security Gateway User’s Manual - 286 -8.6 Accounting Report Administrator can use this Accounting Report to inquire the LAN IP users a

SG-500 VPN Security Gateway User’s Manual - 287 -Define the required fields of Accounting Report Accounting Report Setting:  By accounting repo

SG-500 VPN Security Gateway User’s Manual - 288 -Inbound Accounting Report It is the statistics of downstream / upstream for all kinds of comm

SG-500 VPN Security Gateway User’s Manual - 289 -8.7 Outbound STEP 1﹒Enter Outbound in Accounting Report and select Top Users to inquire the stat

SG-500 VPN Security Gateway User’s Manual - 290 - Outbound Source IP Statistics Report

SG-500 VPN Security Gateway User’s Manual - 291 -STEP 2﹒ Enter Outbound in Accounting Report and select Top Sites to inquire the statistics websi

SG-500 VPN Security Gateway User’s Manual - 292 - Outbound Destination IP Statistics Report

SG-500 VPN Security Gateway User’s Manual - 293 -STEP 3﹒Enter Outbound in Accounting Report and select Top Services to inquire the statistics webs

SG-500 VPN Security Gateway User’s Manual - 294 - Outbound Services Statistics Report According to the downstream / upstream report of the selec

SG-500 VPN Security Gateway User’s Manual FCC Caution: To assure continued compliance (example-use only shielded interface cables when connecting to

SG-500 VPN Security Gateway User’s Manual - 25 - WAN Interface can use Assist to enter the data. After setting, there will be two subnets in LA

SG-500 VPN Security Gateway User’s Manual - 295 -8.8 Inbound STEP 1﹒Enter Inbound in Accounting Report and select Top Users to inquire the statis

SG-500 VPN Security Gateway User’s Manual - 296 - Inbound Top Users Statistics Report

SG-500 VPN Security Gateway User’s Manual - 297 -Enter Inbound in Accounting Report and select Top Sites to inquire the statistics website of Send

SG-500 VPN Security Gateway User’s Manual - 298 - Inbound Destination IP Statistics Report

SG-500 VPN Security Gateway User’s Manual - 299 -STEP 2﹒Enter Inbound in Accounting Report and select Top Services to inquire the statistics websi

SG-500 VPN Security Gateway User’s Manual - 300 - According to the downstream / upstream report of the selected TOP numbering to draw the Protocol

SG-500 VPN Security Gateway User’s Manual - 301 -8.9 Statistics WAN Statistics: The statistics of Downstream / Upstream packets and Downstream/Up

SG-500 VPN Security Gateway User’s Manual - 302 -Define the required fields of Statistics: Statistics Chart:  Y-Coordinate：Network Traffic（Kbyt

SG-500 VPN Security Gateway User’s Manual - 303 -8.10 WAN STEP 1﹒Enter WAN in Statistics function, it will display all the statistics of Downstre

SG-500 VPN Security Gateway User’s Manual - 304 -STEP 2﹒Statistics Chart  Y-Coordinate：Network Traffic（Kbytes/Sec）  X-Coordinate：Time（Hour/Min

SG-500 VPN Security Gateway User’s Manual - 26 -WAN IP (10.10.10.1) connects to the Router of ISP (10.10.10.2) directly. The IP address provided b

SG-500 VPN Security Gateway User’s Manual - 305 -8.11 Policy STEP 1﹒If you had select Statistics in Policy, it will start to record the chart of

SG-500 VPN Security Gateway User’s Manual - 306 -STEP 3﹒Statistics Chart  Y-Coordinate：Network Traffic（Kbytes/Sec）  X-Coordinate：Time（Hour/Min

SG-500 VPN Security Gateway User’s Manual - 307 -8.12 Wake on LAN The MIS engineers can use the SG-500 appliance to start up the internal PCs (by

SG-500 VPN Security Gateway User’s Manual - 308 -Remote monitor the internal PC Step1. The internal PC to be remote monitored, and its MAC is 00

SG-500 VPN Security Gateway User’s Manual - 309 -8.13 Status The users can know the connection status in Status. For example: LAN IP, WAN IP, Sub

SG-500 VPN Security Gateway User’s Manual - 310 -8.14 Interface STEP 1﹒Enter Interface in Status function; it will list the setting for each Inte

SG-500 VPN Security Gateway User’s Manual - 311 - Interface Status

SG-500 VPN Security Gateway User’s Manual - 312 -8.15 Authentication STEP 1﹒ Enter Authentication in Status function. It will display the record

SG-500 VPN Security Gateway User’s Manual - 313 -8.16 ARP Table STEP 1﹒Enter ARP Table in Status function; it will display a table about IP Addr

SG-500 VPN Security Gateway User’s Manual - 314 -8.17 DHCP Clients STEP 1﹒ In DHCP Clients of Status function, it will display the table of DHCP

SG-500 VPN Security Gateway User’s Manual - 27 - Multiple Subnet Network  The SG-500’s Interface Status: WAN IP：10.10.10.1 LAN Port IP：192.168

SG-500 VPN Security Gateway User’s Manual - 28 -2.10 Route Table To connect two different subnet router with the SG-500 and makes them to connect

SG-500 VPN Security Gateway User’s Manual - 29 -STEP 1﹒Enter the following settings in Route Table in System function:  Destination IP: Enter 19

SG-500 VPN Security Gateway User’s Manual - 30 -STEP 3﹒Enter the following setting in Route Table in System function:  Destination IP: Enter 10.

SG-500 VPN Security Gateway User’s Manual - 31 -STEP 4﹒Adding successful. At this time the computer of 192.168.10.1/24, 192.168.20.1/24 and 192.16

SG-500 VPN Security Gateway User’s Manual - 32 -2.11 DHCP STEP 1﹒Select DHCP in System and enter the following settings:  Domain Name：Enter the

SG-500 VPN Security Gateway User’s Manual - 33 - DHCP Web UI When selecting Automatically Get DNS, the DNS Server will lock it as LAN Interface

SG-500 VPN Security Gateway User’s Manual - 34 -2.12 DDNS STEP 1﹒Select Dynamic DNS in System function. Click New Entry button  Service provide

SG-500 VPN Security Gateway User’s Manual Table of Contents CHAPTER 1: INTRODUCTION ...

SG-500 VPN Security Gateway User’s Manual - 35 - Chart Meaning Update successfully Incorrect username or password Connecting to server Unk

SG-500 VPN Security Gateway User’s Manual - 36 -2.13 Host Table STEP 1﹒ Select Host Table in Settings function and click on New Entry  Domain Na

SG-500 VPN Security Gateway User’s Manual - 37 -2.14 Language Select the Language version (English Version, Traditional Chinese Version, or Simp

SG-500 VPN Security Gateway User’s Manual - 38 -Chapter 3 Interface In this section, the Administrator can set up the IP addresses for the offic

SG-500 VPN Security Gateway User’s Manual - 39 -3.1 Interface Define the required fields of Interface LAN:  Using the LAN Interface, the Admi

SG-500 VPN Security Gateway User’s Manual - 40 -DMZ:  The Administrator uses the DMZ Interface to set up the DMZ network.  The DMZ includes

SG-500 VPN Security Gateway User’s Manual - 41 -We set up four Interface Address examples in this section: No. Suitable Situation Example Ex1 LAN

SG-500 VPN Security Gateway User’s Manual - 42 -3.2 LAN STEP 1﹒Select LAN in Interface and enter the following setting:  Enter the new IP Addre

SG-500 VPN Security Gateway User’s Manual - 43 -3.3 WAN STEP 1﹒Select WAN in Interface and click Modify STEP 2﹒Select the Connecting way:  PP

SG-500 VPN Security Gateway User’s Manual - 44 - Dynamic IP Address (Cable Modem User): 1. Select Dynamic IP Address (Cable Modem User) 2. Click

SG-500 VPN Security Gateway User’s Manual 4.8 EXAMPLE ...

SG-500 VPN Security Gateway User’s Manual - 45 - Static IP Address 1. Select Static IP Address 2. Enter IP Address, Netm

SG-500 VPN Security Gateway User’s Manual - 46 - PPTP (European User Only): 1. Select PPTP (European User Only) 2. Enter the name of applied acc

SG-500 VPN Security Gateway User’s Manual - 47 - Dynamic IP Address Connection If the connection is PPPoE, you can choose Service-On-Demand for

SG-500 VPN Security Gateway User’s Manual - 48 -3.4 DMZ Setting DMZ Interface Address (NAT Mode) STEP 1﹒Click DMZ Interface STEP 2﹒Select NAT Mo

SG-500 VPN Security Gateway User’s Manual - 49 -Setting DMZ Interface Address (Transparent Mode) STEP 1﹒Select DMZ Interface STEP 2﹒Select Transp

SG-500 VPN Security Gateway User’s Manual - 50 -Chapter 4 Policy Object 4.1 Address The SG-500 allows the Administrator to set Interface address

SG-500 VPN Security Gateway User’s Manual - 51 -Define the required fields of Address Name:  The System Administrator set up a name as IP Addr

SG-500 VPN Security Gateway User’s Manual - 52 -We set up two Address examples in this section: No Suitable Situation Example Ex1 LAN Under DHCP

SG-500 VPN Security Gateway User’s Manual - 53 -4.2 Example Under DHCP situation, assign the specific IP to static users and restrict them to acc

SG-500 VPN Security Gateway User’s Manual - 54 -STEP 2﹒Adding the following setting in Outgoing Policy: Add a Policy of Restricting the Specific

SG-500 VPN Security Gateway User’s Manual - 1 -Chapter 1: Introduction The innovation of the Internet has created a tremendous worldwide venue for

SG-500 VPN Security Gateway User’s Manual - 55 - When the System Administrator setting the Address Book, he/she can choose the way of clicking on

SG-500 VPN Security Gateway User’s Manual - 56 -Setup a policy that only allows partial users to connect with specific IP (External Specific IP)

SG-500 VPN Security Gateway User’s Manual - 57 -STEP 2﹒ Enter the following settings in LAN Group of Address:  Click New Entry  Enter the Nam

SG-500 VPN Security Gateway User’s Manual - 58 -STEP 3﹒Enter the following settings in WAN of Address function:  Click New Entry  Enter the fo

SG-500 VPN Security Gateway User’s Manual - 59 -STEP 4﹒To exercise STEP1~3 in Policy To Exercise Address Setting in Policy Complete the Policy

SG-500 VPN Security Gateway User’s Manual - 60 -4.3 Service TCP and UDP protocols support varieties of services, and each service consists of a T

SG-500 VPN Security Gateway User’s Manual - 61 -Define the required fields of Service Pre-defined Web UI’s Chart and Illustration: Chart Illust

SG-500 VPN Security Gateway User’s Manual - 62 -We set up two Service examples in this section: No Suitable Situation Example Ex1 Custom Allow ex

SG-500 VPN Security Gateway User’s Manual - 63 -4.4 Custom Allow external user to communicate with internal user by VoIP through policy. (VoIP Po

SG-500 VPN Security Gateway User’s Manual - 64 -STEP 2﹒Enter the following setting in Custom of Service function:  Click New Entry  Service Na

SG-500 VPN Security Gateway User’s Manual - 2 - 1.2 Package Contents The following items should be included: ♦ VPN Security Gateway ♦ Power Adap

SG-500 VPN Security Gateway User’s Manual - 65 - Under general circumstances, the range of port number of client is 0-65535. Change the client ra

SG-500 VPN Security Gateway User’s Manual - 66 -STEP 3﹒Compare Service to Virtual Server. Compare Service to Virtual Server STEP 4﹒Compare Virt

SG-500 VPN Security Gateway User’s Manual - 67 -4.5 Group Setting service group and restrict the specific users only can access to service resour

SG-500 VPN Security Gateway User’s Manual - 68 - Complete the setting of Adding Service Group If you want to remove the service you choose fr

SG-500 VPN Security Gateway User’s Manual - 69 -STEP 2﹒In LAN Group of Address function, setting an Address Group that can include the service of

SG-500 VPN Security Gateway User’s Manual - 70 -4.6 Schedule In this chapter, the SG-500 provides the Administrator to configure a schedule for p

SG-500 VPN Security Gateway User’s Manual - 71 -To configure the valid time periods for LAN users to access to Internet in a day STEP 1﹒Enter the

SG-500 VPN Security Gateway User’s Manual - 72 -STEP 2﹒Compare Schedule with Outgoing Policy Complete the Setting of Comparing Schedule with Pol

SG-500 VPN Security Gateway User’s Manual - 73 -4.7 QoS By configuring the QoS, you can control the OutBound and InBound Upstream/Downstream Band

SG-500 VPN Security Gateway User’s Manual - 74 - The Flow After Using QoS (Max. Bandwidth: 400Kbps, Guaranteed Bandwidth: 200Kbps)

SG-500 VPN Security Gateway User’s Manual - 3 -RESET Press this button to restore to factory default settings. WAN Connect to your xDSL/Cable mode

SG-500 VPN Security Gateway User’s Manual - 75 -Define the required fields of QoS Downstream Bandwidth:  To configure the Guaranteed Bandwidt

SG-500 VPN Security Gateway User’s Manual - 76 -We set up two QoS examples in this section: No Suitable Situation Example Ex1 QoS Setting a polic

SG-500 VPN Security Gateway User’s Manual - 77 -4.8 Example Setting a policy that can restrict the user’s downstream and upstream bandwidth STEP

SG-500 VPN Security Gateway User’s Manual - 78 -STEP 2﹒Use the QoS that set by STEP1 in Outgoing Policy. Setting the QoS in Policy Complete Po

SG-500 VPN Security Gateway User’s Manual - 79 -4.9 Authentication By configuring the Authentication, you can control the user’s connection autho

SG-500 VPN Security Gateway User’s Manual - 80 -Define the required fields of Authentication Authentication Management  Provide the Administrat

SG-500 VPN Security Gateway User’s Manual - 81 -z When the user connects to external network by Authentication, the following page will be displa

SG-500 VPN Security Gateway User’s Manual - 82 -z It will connect to the appointed website after passing Authentication. Connecting to the Appo

SG-500 VPN Security Gateway User’s Manual - 83 -Auth-User Name:  The user account for Authentication you want to set. Password:  The passwo

SG-500 VPN Security Gateway User’s Manual - 84 -We set up four Authentication examples in this section: No Suitable Situation Example Ex1 Auth U

SG-500 VPN Security Gateway User’s Manual - 4 -Chapter 2: System 2.1 Administration “System” is the managing of settings such as the privileges of

SG-500 VPN Security Gateway User’s Manual - 85 -4.10 Example Setting specific users to connect with external network, only those pass the authent

SG-500 VPN Security Gateway User’s Manual - 86 -STEP 2﹒Add Auth User Group Setting in Authentication function and enter the following settings: 

SG-500 VPN Security Gateway User’s Manual - 87 -STEP 3﹒Add a policy in Outgoing Policy and input the Address and Authentication of STEP 2. Auth-

SG-500 VPN Security Gateway User’s Manual - 88 -STEP 4﹒When user is going to access to Internet through browser, the authentication UI will appear

SG-500 VPN Security Gateway User’s Manual - 89 -4.11 Content Blocking Content Filtering includes「URL」,「Script」,「P2P」,「IM」,「Download」,「Upload」.

SG-500 VPN Security Gateway User’s Manual - 90 -Define the required fields of Content Blocking URL String:  The domain name that restricts to

SG-500 VPN Security Gateway User’s Manual - 91 -IM Blocking:  Prevent users to login MSN Messenger, Yahoo Messenger, ICQ, QQ, and Skype Audio

SG-500 VPN Security Gateway User’s Manual - 92 -We set up five Content Blocking examples in this section: No Suitable Situation Example Ex1 URL B

SG-500 VPN Security Gateway User’s Manual - 93 -4.12 URL Restrict the Internal Users only can access to some specific Web site ※URL Blocking: Sy

SG-500 VPN Security Gateway User’s Manual - 94 -STEP 1﹒Enter the following in URL of Content Filtering function:  Click New Entry  URL String: