Documente Academic
Documente Profesional
Documente Cultură
ShareTech
UTM
User Manual
Version 2.2.0
192.168.1.1
Account / Password
admin / admin
Table of Contents
CONVENTIONS USED IN THIS BOOK .............................................................. 6
CHAPTER 0DESCRIPTION ........................................................................... 7
0-1 THE APPEARANCE OF THE MACHINE AND SPECIFICATION .................................................................. 8
0-2 FRONT PANEL ......................................................................................................................... 11
0-3 BASIC SYSTEM CONFIGURATION.................................................................................................. 13
0-4 STARTING MACHINE UP ............................................................................................................ 15
0-5 HOMEPAGE INFORMATION ........................................................................................................ 19
"Italic"
"Indicates user input examples."
This icon indicates a tip, or suggestion. I would like to tell users a special point on the Internet.
This icon indicates a limited or caution. Pay attention to these to avoid running into system.
This icon indicates an example. Give users examples and to show how to use.
Chapter 0Description
Chapter 0Description
In this chapter, it will not only tell you how to install and connect your network system but also
configure and monitor it. Many explanations in detail functions are shown as well as the examples of
the operation for interface. In the description chapter you can enable the following lists
0-1 The Appearance Of The Machine
0-2 Hardware Configuration
0-3 Basic System Configuration
0-4 Starting Machine Up
0-5 Homepage Information
Chapter 0Description
UR-935
Dimensions(wide*long*high) :430*255*44mm
4WAN/1LAN/1DMZ, 2G memory, 250GHDD
UR-500S
Dimensions(wide*long*high) :432*270*44mm
2WAN/1LAN/1DMZ, 1G memory
UR-938
Dimensions(wide*long*high) :430*255*44mm
4WAN/1LAN/1DMZ, 2G memory, 250GHDD
UR-500A
Dimensions(wide*long*high) :432*270*44mm
2WAN/1LAN/1DMZ, 2G memory, 160GHDD
UR-735A
Dimensions(wide*long*high) :440*320*44mm
4WAN/1LAN/1DMZ, 2G memory, 250GHDD
UR-910
Dimensions(wide*long*high) :432*270*44mm
2WAN/1LAN/1DMZ, 1G memory
AW-570
Dimensions(wide*long*high) :440*320*44mm
4WAN/1LAN/1DMZ, 2G memory, 250G HDD
Chapter 0Description
UR-915
Dimensions(wide*long*high) :432*270*44mm
2WAN/1LAN/1DMZ, 1G memory, 250GHDD
AW-580
Dimensions(wide*long*high) :440*320*44mm
4WAN/1LAN/1DMZ, 2G memory, 250GHDD
UR-918
Dimensions(wide*long*high) :432*270*44mm
2WAN/1LAN/1DMZ, 2G memory, 250G HDD
AW-590
Dimensions(wide*long*high) :440*320*44mm
4WAN/1LAN/1DMZ, 4GB memory, 250G HDD
AW-560
Dimensions(wide*long*high) :428*255*44
2WAN/1LAN/1DMZ, 1G memory, 160G HDD
UR-955
Dimensions(wide*long*high) :443*407*44
4WAN/1LAN/1DMZ, 2G memory, 500G HDD
UR-730A
Dimensions(wide*long*high) :428*255*44
2WAN/1LAN/1DMZ, 1G memory, 160G HDD
UR-958
Dimensions(wide*long*high) :443*407*44
4WAN/1LAN/1DMZ, 2G memory, 500G HDD
Chapter 0Description
UR-930
Dimensions(wide*long*high) :430*255*44mm
2WAN/1LAN/1DMZ, 2G memory, 250G HDD
UR-959
Dimensions(wide*long*high) :443*407*44
4WAN/1LAN/1DMZ, 4GB RAM, 500GB HDD
UR-760
Dimensions(wide*long*high) :438*457*44
4WAN/3LAN/1DMZ, 2GB RAM, 500GB HDD
10
Chapter 0Description
11
Chapter 0Description
HDD LEDGlitters when system is accessing data from the HDD.
Console PortA DB-9 console port to inspect internal network setting, and restore to its factory
default, if needed.
DMZ 1 PortDemilitarized zone is a physical subnetwork that contains and exposes an
organization's external-facing services to a larger and untrusted network. Even though servers
located in the DMZ allow external access, they still receive security protection from the
hardware.
LAN PortConnects to the Internet of the company
Gigabit LAN / WAN / DMZ connector
D2 : Link/Activity LED
Link
Green
Activity
Blinking
10 Mbps
Off
100 Mbps
Green
1000Mbps
Yellow
Chapter 0Description
Default Language
Default management interface language is English. Select Configuration > Language > Language.
Then, there are three languages, English, Traditional Chinese, and Simplified Chinese. Select one
language which belongs to you. Click on
. (Figure 0-3.2)
13
Chapter 0Description
14
Chapter 0Description
For your reference, you may configure your management address based on the available
subnet ranges below: 10.0.0.0 ~ 10.255.255.255,
172.16.0.0 ~ 172.31.255.255,
192.168.0.0 ~ 192.168.255.255
LAN
Select Network > Interface > LAN. (Figure 0-4.2)
NameEnter a name that you remember easily.
IP AddressEnter a new IP address. Default setting is 192.168.1.1
15
Chapter 0Description
2
Up Speed The Kbps is a unit of Speed. Define a suitable Max. Upstream bandwidth in order to
the device may use it as a basis for operating. If Up Speed of LAN interface is 100M, it can be
setup to 102400 Kbps. Therefore, 1Gbps will be setup to 1024000 Kbps.
MAC addressEnter a MAC address.
NetmaskEnter a new Netmask. Default setting is 255.255.255.0
Down Speed3The Kbps is a unit of Speed. Define a suitable Max. Downstream bandwidth in
order to the device may use it as a basis for operating. If Down Speed of LAN interface is 100M,
it can be setup to 102400 Kbps. Therefore, 1Gbps will be setup to 1024000 Kbps.
After click on
then login again.
, please enter a new IP Address that you have just made in web browser and
WAN_1
Select Network > Interface > WAN_1. (Figure 0-4.3)
Interface Name-eth1Enter any word for recognition.
IP AddressDepend on the Connection Method. DHCP and PPPoE mode do not need to set IP
address. Only Static mode needs to setup IP address.
Default GatewayDepend on the Connection Method. DHCP and PPPoE mode do not need to set
Default Gateway. Only Static mode needs to setup Default Gateway.
Up Speed (Max. 1000Mbps)The IT administrator must define a proper bandwidth for each of
them in order that the device may use it as a basis for operating. The Kbps is a unit of Speed. You
can click on Custom Define link to set your speed according to ISPs WAN Speed.
Speed and Duplex ModeUsually, it sets on Auto. You also can select other settings.
2
3
Chapter 0Description
Load BalancingIt offers four methods.
1. AutoDistributes the outward sessions by the usage status of each WAN port.
2.
By Source IPFor services that require using the same IP address throughout the process,
3.
4.
such as online game and banking, ShareTech UR helps user retain the same WAN port (i.e.
IP address) over which the session was created to avoid disconnection caused by the
variation of the users IP address.
ManualAccording administrator demand to share loading on the WAN.
By Destination IPOnce a session is created between the ShareTech UTM and a specific
host, then the following sessions linking to that host will be automatically distributed to the
same WAN port.
Connection MethodThere are three Connection methods.
1. StaticStatic IP address
2. DHCPUsing DHCP to get IP address from ISP
3. PPPoEPPPoE
NetmaskEnter a Netmask. Default setting is 255.255.255.0
MAC addressEnter a MAC Address.
Down SpeedThe IT administrator must define a proper bandwidth for each of them in order
that the device may use it as a basis for operating. The Kbps is a unit of Speed. You can click
on Custom Define link to set your speed according to ISPs WAN Speed.
Check MethodUsing DNS, ICMP or NONE to check whether WAN is on or off. Both DNS and
ICMP need to setup IP address for test.
1. DNSTests the validity of Internet connection by requesting the domain name.
2. ICMPUses ping command to test the validity of Internet connection.
3. NONELine is not detected; the connection status is always on line.
Management ServiceThere are three multiple-choice modes, PING, HTTP, and HTTPS. In
addition, you can click Log to see more detail recorder.
1.
2.
HTTPThe management interface is available for access via HTTP Protocol when ticked.
3.
HTTPSThe management interface is available for access via HTTPS Protocol when
ticked.
Firewall Protect ItemsThere are four multiple-choice, SYN, ICMP, UDP, and Port Scan. It
offers currently available protection. In addition, you can click on
recorder.
17
Chapter 0Description
DNS Server 1The IP address of the DNS server used for the bulk of DNS lookups. Default
setting is 168.95.1.1
HTTP PortHTTP port number for manage. Default setting is 80.
WAN Check TimeSystem administrators can enter the system every interval of time to do much
testing, unit calculated in seconds. Default setting is 3 second.
DNS Server 2The IP address of the backup DNS Server, used when the Primary DNS Server is
unreachable Default setting is 168.95.192.1
HTTPS PortHTTPS port number for manage. Default setting is 443.
Disconnect if idle for: The device may be configured to automatically disconnect when idle for a
period of time upon using PPPoE connection. The minute is a unit of time. Default setting is 60
minutes.
18
Chapter 0Description
MENU
On the other hand, from the left side of the screen, MENU, you can see different function lists depend
on the different models.
19
Chapter 0Description
Administrator Login
The administrator log in name, IP address and the meantime has how many people to log in, also how
long time can establish to renew automatically the home page news one time. But establishes the time
which automatically the system renews, every three second, five second, ten second, 20 second, 30
seconds renew one time automatically.
Interface
Equipment Interface details (Figure 0-5.3)
NameThe system catches network contact surface name.
Connect StatusWhether the network is unimpeded
1.
Connect up.
2.
It does not connect the Internet.
Line StatusWhether the judgment network does connect
1.
Connect up.
2.
20
Chapter 0Description
21
Chapter 1Configuration
Chapter 1Configuration
In this chapter, you will know how to configure your machine of Date, Time, Administrator, Backup,
Notification, and Language. In the Description chapter you can enable the following lists
1-1 Data & Time
1-2 Administration
1-3 System
1-4 Package
1-5 Language
1-6 Notification
1-7 Report
1-8 Backup & Mount
1-9 Signature Update
1-10 CMS
1-11 Ap Management
1-12 SSL Certificate
1-13 Data Items
22
Chapter 1Configuration
Select Configuration > Date & Time > Date & Times Setup. There are two parts you can use,
Timezone and time and Network Time Retrieval.
Method 1Synchronize to the local computer.
Time ZoneSelect your country time zone.
TimeSelect the local time.
DateSelect the local date.
Click on
.
Method 2The date and time settings can be configured by either synchronizing to an Internet
Network Time Server.
Select Enabled in Network Time Retrieval.
4
Chapter 1Configuration
Selected Time ServerSelect your country time server.
Click
. Click on
to check time log information, and it keeps within three days
log information.
Click on
.
Method 3This might be necessary if you are running a setup that does not allow ShareTech to reach
the internet.
Select Enabled in Network Time Retrieval.
User Defined Time ServerEnter a time server you know.
Click on
. Click on
to check time log information, and it keeps within three
days log information.
Click on
.
24
Chapter 1Configuration
1-2 Administration
This section mainly explains the authorization settings for accessing. It covers the subjects of
Administrator Setup, System Setup, Manage IP Address, Clear Data, and SMTP Server Setting. In this
section you can enable the following lists
25
Chapter 1Configuration
Select Configuration > Administration > System. This function shows view of the screen and
system default setting. (Figure 1-2.4)
Login TitleEnter a name, and then click on
. The name you enter will be showed when you
login. (Figure 1-2.5)
Menu Bar TitleEnter a name, and then click on
. The image will automatically appear in the upper left corner of the screen. (Figure 1-2.7)
Memory ReleaseHow often check memory when memory usage up to what you set %. System
will release memory if it has high memory. (Please see memory status in Homepage
Information.)
Protocol Pass-ThroughSystem supports H-323 and SIP.
Reset to Default SettingIf you need keep LAN, WAN and DMZ IP setting or you need to format
hard disk, please select what you need. If you do not select, it means that you just want to reset to
default setting.
Reboot systemClick on
for reboot system.
26
Chapter 1Configuration
27
Chapter 1Configuration
Select Configuration > Administration > Fsck Hard Disk. (Figure 1-2.6)
As implied by its name, fsck is used to check and optionally repair one or more Linux file systems.
This tool is important for maintaining data integrity, especially after an unforeseen reboot (crash,
power-outage). At some point your system unusual crash, improperly shut-down, or be struck by
lightning, we advise you must using fsck
in order to repair of your file system. Normally,
the fsck program will try to handle file systems on different physical disk drives in parallel to reduce
the total amount of time needed to check all of the file systems.
28
Chapter 1Configuration
Keep Content Record SetupSelect numbers. Otherwise, enter how many days you want to keep.
Click Change signatures if you modify numbers. (Figure 1-2.9)
Select Configuration > Administration > SMTP Server. (Figure 1-2.10) (Figure 1-2.11) (Figure 1-2.12)
29
Chapter 1Configuration
CustomizeDefault is Admin if you dont enable it.
Sender NameEnter email address
Mail Server IP AddressEnter SMTP server address or domain
AccountEnter account
PasswordEnter right password of account.
AuthenticationPlease select if your SMTP server of mail server has been enabled it.
TLSThe TLS protocol allows client-server applications to communicate across a network in a way
designed to prevent eavesDropping and tampering.
Delivery Domain NameIf Delivery Domain Name is the same with the domain of receiver, the
email will be sent from this SMTP setting; if not, the email will be sent from the first SMTP
setting.
30
Chapter 1Configuration
If users got email as blow, your setting is correct, or else, user has to check users SMTP server
setting again. (Figure 1-2.13) (Figure 1-2.14)
31
Chapter 1Configuration
1-3 System
In the System section you can enable the following lists
Select Configuration > System > System Backup, you will see two parts, System Backup and
System Recovery. (Figure 1-3.1)
System BackupClick on
, and then please wait a minute. You will see another window.
Click on
, and do not forget where you save file.
System RecoveryClick on
, and then select the file. After you select the file, do not
forget to click on
on the screen.
Select Configuration > System > Software Upgrade, you will see two parts, Software Upgrade and
Upgrade Record. (Figure 1-3.2)
Software UpgradeYou could know information about server model and current software
Version. Besides, ShareTech offer Software Upgrade file constantly on the ShareTech website.
Therefore, you could follow the link below to download the most new one on the Internet.
http://www.sharetech.com.tw/web_eng/contact-download.htm. After download it, click on
to find out the file where you have just download. Then, remember to click on
Upgrade RecordIt shows all of upgrade information you had even done before.
32
Chapter 1Configuration
Select Configuration > System > Schedule Backup. There are two methods. (Figure 1-3.3)
Method 1
StartingSelect Starting to turn machine on.
When to BackupSet information to When to Backup
Backup Reserved QuantitiesFill out number in the Field. The number should be a positive
number in Backup Reserved Quantities field.
Click on
Method 2
33
Chapter 1Configuration
34
Chapter 1Configuration
1-4 Package
You have free trial is for 15 days. If you want to purchase, please mail sales@sharetech.com.tw
Please tell us your RED code number in order to register it
Report
1. Optional Models: UR-500A, UR-720, UR-730, UR-730A, UR-735, UR-735A, UR-750,
UR-750A, AW-570, AW-580, UR-918, UR-930, UR-938+, UR-955
2. Enabled Models: UR-915+, AW-590, UR-958, UR-959, UR-760, UR-760F
Mail Audit
1. Optional Models: UR-720, UR-730, UR-730A, UR-735, UR-735A, UR-750, UR-750A,
AW-570, AW-580, UR-930, UR-938+, UR-955, UR-958
2. Enabled Model: AW-590, UR-959, UR-760, UR-760F
Kaspersky Engine
1. Optional Models: UR-720, UR-730, UR-730A, UR-735, UR-735A, UR-750, UR-750A,
AW-570, AW-580, AW-590, UR-930, UR-935, UR-938, UR-955, UR-958, UR-959, UR-760,
UR-760F
35
Chapter 1Configuration
1-5 Language
Select Configuration > Language > Language. It offers three languages that you could select,
English, Traditional Chinese, and Simplified Chinese. Select a language which belongs to you. (Figure
1-5.1)
36
Chapter 1Configuration
1-6 Notification
This function is in order to remind users if items are strange or happened. This advance notification
helps administrator plan for effective deployment of security problems, and includes information about
the number of security happened and information about any detection tools relevant to the updates. In
the Notification section you can enable the following lists
37
Chapter 1Configuration
Users should get email as below. (Figure 1-6.2) (Figure 1-6.3)
38
Chapter 1Configuration
Click on
39
Chapter 1Configuration
1-7 Report
Applicable products:AW-590, UR-958, UR-959, UR-760, and UR-760F.
It is an optional feature. Please mail help@sharetech.com.tw if you need. UR-500A(optional),
UR-918(optional), UR-930(optional), UR-735A(optional), AW-570(optional), AW-580(optional),
UR-750(optional), UR-750A(optional), and UR-955(optional)
It is hard to do UTM report because it is an all-in-one comprehensive gateway security machine. It is
not only doing basic firewall functions but also doing network security, content recorder, software
blockingand so on. If the report just shows a little bit, IT administrators do not have enough
information to know what internal doing and what happened on system. In addition, if it shows too
much information, it may too complex for IT administrator to find what they want immediately.
40
Chapter 1Configuration
Report ContentOptions explained: (Figure 1-7.2)
1. By default means the option follows Default Setting;
2. Otherwise, report displays the opion you selected;
3. If the ranking setting is blank, it will follow Default Setting as well.
41
Chapter 1Configuration
Select Configuration > Backup & Mount > Data Backup. (Figure 1-8.1)
Backup MethodSamba
IP addressEnter an IP address.
Folder NameEnter a Folder Name you like.
User has to create this Folder Name in C: if your OS is Windows.
UsernameEnter users computer name.
PasswordThe password for user own computer authentication.
Confirm PasswordThe confirmation of password.
Click
42
Chapter 1Configuration
Scheduled BackupSelect when does the system backup data?
Send Backup Result NotificationUser have to go to Configuration > Notification >
Notification to set your information first. Then, you will get mail after system backup
successfully. (Figure 1-8.3)
Click on
Backup ItemThere are five items, User Flow Log, Web Content, FTP Content, MSN Content,
and Mail Content.
43
Chapter 1Configuration
If you want to see previous contents, but you have ever reset machine to default setting or have ever Clear
Data, for these reasons, there are no data contents in this machine hardisk. Fortunately, you have ever use
Backup & Mount application to backup contents to another server or computer. Then, you can mount
these contents to search Content Record items.
First please click on
backup.(Figure 1-8.5)
Click on
(Figure 1-8.6)
44
Chapter 1Configuration
Select Configuration > Signature Update > Signature Update. (Figure 1-9.1)
Default is manual update.
Automatic Update
Please select check box, and then system automatically updates the signature version.
Manual Update
To manually update the signature version you can click
45
Chapter 1Configuration
1-10 CMS
CMS is Central Management System. This application allows you to view the each ShareTech UTM
equipment over the network and Internet, but also allows you to backup each configure setting or
update firmware from head office. For example, you can have 4 UTM in one building or different
places, and be able to view the each UTM interfaces from all of them on the same screen or monitor.
Client site
(Branch office) (Figure 1-10.2)
a. ModeClient
b. ServerEnter head office WAN IP 111.252.72.198 or domain
c. AliasEnter a name for recognition
d. Click
46
Chapter 1Configuration
47
Chapter 1Configuration
Click "Accept. " (Figure 1-10.5)
Connect succeed.
Connections fail.
48
Chapter 1Configuration
1-11 Ap Management
The rise in popularity of smartphones and tablets, combined with enterprise Bring Your Own Device
(BYOD) programs, has sent the demand for enterprise Wi-Fi connectivity in many organizations.
Wi-Fi becomes as popular and easy to access as cellular is now. You can connect your smartphone or
laptop wirelessly at public locations (airports, hotels, coffee shops) to the establish Internet service.
The ability to manage network infrastructure from the cloud is likely to be a key technology in
coming years. (Figure 1-11.1)
49
Chapter 1Configuration
HiGuard SOHO/HOME : (Figure 1-11.3) (Figure 1-11.4)
1. System > Overview
50
Chapter 1Configuration
AP-200 : (Figure 1-11.5)
Service > UTM Client: Enable it and enter UTM LAN IP
51
Chapter 1Configuration
Increasing adoption of Wi-Fi service fastens business Wi-Fi Deployment.
Although Wi-Fi and 3G can be considered complementary technologies, sometimes we
choose Wi-Fi service for either budget reasons (especially for multiple devices, can be
costly), or technological limitations. Small/medium-sized businesses can be satisfied with a
wireless router relying on ITs help, but for larger scale of enterprises, only an integrated
management platform can reach the goal of securely connecting all wireless networks.
Easy and efficient management over multi Aps
Centralized architectures have gained popularity recently. Without a single unified
controller, it is very difficult for administrators to configure, manage, and rapidly discover
which AP is the problematic one among other 20 APs, or even more. ShareTech provides a
total AP management solution- HiGuard HOME/SOHO (2 antenna wireless 802.11N/B/G
Router supports 2.4 GHz WLAN networks) which prevent from being attacked by malicious
softwares, together with a secure, steady, and instant wireless management platform, UR
series (UTM, including HiGuard PRO) that highly integrate wired and wireless connections.
ShareTech UTM, a unified platform, is not only a comprehensive firewall solution to the
wired enterprisesall frames from WLAN clients have to pass through the WLAN switches
to the enterprise network, but also substantially reduces the cost. It centralized wireless
network management, monitor flows of each AP, and conclude AP operation details.
ShareTech UTM, a wireless AP management platform
ShareTech UTM is a single unified controller that is responsible for configuration, control, and
management of several HiGuard HOME/SOHO (wireless routers) and AP-200. With these two
elements, enterprise can expand their Wi-Fi environment without worries. Each HiGuard wireless
router integrates flows to ShareTech UTM which independently manages as a separate network
entity on the network. (Figure 1-11.7)
52
Chapter 1Configuration
On ShareTech UTM AP management interface, administrators can easily monitor and manage
operation (functioning or malfunction), upload/download flow, and concurrent users on every
AP ShareTech wireless AP management platform provides complete and efficient Wi-Fi
network security to protect Wi-Fi users from being attacked. (Figure 1-11.8)
53
Chapter 1Configuration
54
Chapter 1Configuration
Noted: ShareTech doesnt suggest and guarantee any one of SSL Certification
organizations, the following are examples.
GeoTrust: https://www.geotrust.com/
Symantec: http://www.symantec.com/verisign/ssl-certificates?inid=us_ps_flyout_prdts_ssl
StartSSL PKI: http://www.startssl.com/
Select Configuration > SSL Proof.
1.
Please import three files (server.Key, server.crt, and intermediate certificate) which you apply
for your own SSL Certification from organizations. (Figure 1-12.3)
2. Sometimes, organizations will ask for server.cst and server.key. Therefore, please enter
information and download files. Offer these two files to SSL Certification organization. (Figure
1-12.4)
55
Chapter 1Configuration
56
Chapter 2Network
Chapter 2Network
In this chapter, the Administrator can set the office network. There are two sections, Interfaces and
Routing. The Administrator may configure the IP address of the LAN, the WAN, and the DMZ.
Besides, not only IPv4 address setting, but also IPv6 address settings.
2-1 Interface
2-2 Interface (IPv6)
2-3 Routing
2-4 802.1Q
57
Chapter 2Network
2-1 Interface
In the Interface section you can enable the following lists
58
Chapter 2Network
Whats BYPASS?
It is a fault-tolerance feature that protects your essential communications in the event of
power outage. WAN1 and LAN1 ports will be bridged together when the power runs out.
When used with Drop-in Mode, such failure would be completely transparent to the network.
Therefore, the network connectivity is fully protected.
Bypass will be useless if UTM is gateway because it is NAT mode.
Network > Interface> LAN, please choose BYPASS (Figure 2-1.3)
Here is an example the following. Simply, bypass is similar to bridge mode. Therefore, if
Internal UTM power down, OS crash, or broken, session /package (IP:192.168.188.X) will keep
going. (Figure 2-1.2)
Available bypass model(LAN, WAN1): UR-955, UR-958, UR-959, UR-760, UR-760F
Available bypass model(DMZ, WAN2): UR-930, UR-935, UR-938, UR-938+, UR-955, UR-958,
UR-959, UR-760, UR-760F
59
Chapter 2Network
Chapter 2Network
For example, a company, divided into R&D department, customer service department, sales
department, purchasing department and accounting department has a lease line with multiple
real IP addresses; 168.85.88.0/24. In order to facilitate the network management, the IT
administrator may designate a subnet to each department respectively. The subnet distribution
is as follows(Figure 2-1.6)
R&D Department
192.168.1.1/24 (Internal) > 168.85.88.253 (External)
Customer Service Department
192.168.2.1/24 (Internal) > 168.85.88.252 (External)
Sales Department
192.168.3.1/24 (Internal) > 168.85.88.251 (External)
Purchasing Department
192.168.4.1/24 (Internal) > 168.85.88.250 (External)
Accounting Department
192.168.5.1/24 (Internal) > 168.85.88.249 (External)
61
Chapter 2Network
The IT administrator must renew his / her own PCs IP address upon using a DHCP server. It
is to assure the access validity of the management interface after the change of LAN interface
IP address. To renew the IP address distributed by a DHCP server, you may simply follow
two steps
Step 1. Reboot computer.
Step 2. Enter "cmd" in the Run window, and enter "ipconfig /release," and then enter
"ipconfig /renew," the IP address is successfully retrieved.
There is another example to show whether should be bind or not. (Figure 2-1.7)
62
Chapter 2Network
Up Speed (Max. 1000Mbps)The IT administrator must define a proper bandwidth for each of
them in order that the device may use it as a basis for operating. The Kbps is a unit of Speed. You
can click on Custom Define link to set your speed according to ISPs WAN Speed.
Speed and Duplex ModeUsually, it sets on Auto. You also can select another setting.
Load BalancingIt offers four methods.
1. AutoDistributes the outward sessions by the usage status of each WAN port.
2. By Source IPFor services that require using the same IP address throughout the process,
such as online game and banking, ShareTech UR helps user retain the same WAN port (i.e.
IP address) over which the session was created to avoid disconnection caused by the
variation of the users IP address.
3. ManualAccording administrator demand to share loading on the WAN.
4. By Destination IPOnce a session is created between the ShareTech UTM and a specific
host, then the following sessions linking to that host will be automatically distributed to the
same WAN port.
Connection MethodThere are three Connection methods.
1. StaticStatic IP address
2. DHCPUsing DHCP to get IP address from ISP
3. PPPoEPPPoE
NetmaskEnter a Netmask. Default setting is 255.255.255.0
MAC addressEnter a MAC Address.
Down SpeedThe IT administrator must define a proper bandwidth for each of them in order
that the device may use it as a basis for operating. The Kbps is a unit of Speed. You can click
on Custom Define link to set your speed according to ISPs WAN Speed.
Check MethodUsing DNSICMP or NONE to check WAN is on or off. Both DNS and ICMP
need to setup IP address for test.
1. DNSTests the validity of Internet connection by requesting the domain name.
2. ICMPUses ping command to test the validity of Internet connection.
3. NONELine is not detected; the connection status is always on line.
Management ServiceThere are three multiple-choice modes, ping, HTTP, and HTTPS. In
addition, you can click on
to see more detail recorder.
1. PingThe network can be detected by Ping commands when ticked.
2. HTTPThe management interface is available for access via HTTP protocol when ticked.
3. HTTPSThe management interface is available for access via HTTPS protocol when
ticked.
63
Chapter 2Network
Firewall Protect ItemsThere are four multiple-choice, SYN, ICMP, UDP, and Port Scan. It
offers currently available protection. In addition, you can click on
to see more detail
recorder.
DNS Server 1The IP address of the DNS server used for the bulk of DNS lookups. Default
setting is 168.95.1.1
HTTP PortHTTP port number for manage. Default setting is 80.
WAN Check TimeSystem administrators can enter the system every interval of time to do much
testing, unit calculated in seconds. Default setting is 3 second.
DNS Server 2The IP address of the backup DNS server, used when the Primary DNS Server is
unreachable Default setting is 168.95.192.1
HTTPS PortHTTPS port number for manage. Default setting is 443.
Disconnect if idle forThe device may be configured to automatically disconnect when idle for a
period of time upon using PPPoE connection. The minute is a unit of time. Default setting is 60
minutes.
64
Chapter 2Network
WAN_2 Setup setting way is the same as WAN_1 Setup section. (Figure 2-1.9)
Configure the IP address and subnet mask of your demilitarized zone (DMZ) here. Select Network >
Interface > DMZ. (Figure 2-1.10)
NameEnter any word for recognition.
Interface Nameeth3
IP AddressEnter an IP address.
Up SpeedThe IT administrator must define a proper bandwidth for each of them in order that the
device may use it as a basis for operating. The Kbps is a unit of Speed.
MAC AddressEnter a MAC address.
Speed and Duplex ModeUsually, it sets on Auto. You also can select another setting.
EnableIt offers three modes.
3. NATIn this mode, the DMZ acts an independent subnet from the LAN, from which the IT
administrator may configure.
4. OFFIt means Disable.
65
Chapter 2Network
5. Transparent BridgingA mode that allows a UTM (firewall, router, switch) to be inserted
into an existing network without the need for IP reconfiguration similar with the Transparent
Mode but providing more transparency(the firewall acts as a Layer 2 bridge) and versatile
functionality. An optional mode of L2 Bridge which prevents traffic that has entered an L2
bridge from being forwarded to a non-Bridge-Pair interface, ensuring that traffic which
enters an L2 Bridge exits the L2 Bridge rather than taking its most logically optimal path.
6. Transparent RoutingA mode that allows a UTM (firewall, router, switch) to be inserted into
an existing network without the need for IP reconfiguration by spanning a single IP subnet
across two or more interfaces.
NetmaskEnter a Netmask.
Down SpeedThe IT administrator must define a proper bandwidth for each of them in order that
the device may use it as a basis for operating. The Kbps is a unit of Speed.
MTUNearly all IP over Ethernet implementations use the Ethernet V2 frame format.
Table of MTUs of common media
Note: the MTUs in this section are given as the maximum size of IP packet that can be
transmitted without fragmentation - including IP headers but excluding headers from lower
levels in the protocol stack. The MTU must not be confused with the minimum datagram size
that all hosts must be prepared to accept, which has a value of 576 for IPv4 and of 1280 for
IPv6.
Media
Notes
At Least 68
At least 1280
66
Chapter 2Network
Ethernet v2
1500
1492
SNAP, PPPoE
Ethernet Jumbo Frames
1500-9000
WLAN (802.11)
7981
4464
FDDI
4352
Click on
Whats the difference between DMZ (Transparent Routing) and DMZ (Transparent Bridge)?
In the past, most of UTM supports NAT and Transparent mode usually in order to satisfy
customers with different network framework requirement. DMZ is an independent virtual
(internal) network within NAT mode. If some enterprise doesnt have enough public IP,
they would like to use Port Mapping or IP Mapping, and make DMZ Internal IP to be a
67
Chapter 2Network
WAN public IP in order to make Internet service work fine. On the other hand, transparent
mode means routing mode, so that DMZ should be Public (real) IP.
Fortunately, ShareTech research and development team creates and improves multi-features
constantly. After the firmware 7.1.3, ShareTech DMZ port supports three flexible modes:
NAT, Transparent Routing, and Transparent Bridge. We better know what the difference
between NAT and Transparent mode from the first paragraph is. Therefore, thats go on to
see whats the difference between Transparent Routing and Transparent Bridge
(a.) Transparent Routing(Figure 2-1.11)
When DMZ packets pass through ShareTech UTM, system follows routing table rule
and then deliver packets to their destination.
Corporation EnvironmentWhen enterprise has more than two WANs, and must do
load balance necessarily. System follows the WAN load balance rule and divide
packets which from DMZ among each WAN Port.
Chapter 2Network
When enterprise only has one WAN or only allow DMZ packets must go pass static
WAN.
69
Chapter 2Network
Transparent Bridge
Load Balance
YES
NO
Environment
Original MAC
70
Chapter 2Network
71
Chapter 2Network
72
Chapter 2Network
The current IETF recommendation is to use AAAA (Quad A) RR for forward mapping and PTR RRs
for reverse mapping when defining IPv6 networks. (Figure 2-2.5)
73
Chapter 2Network
2-3 Routing
Routing tables contain a list of IP addresses. Each IP address identifies a remote router (or other
network gateway) that the local router is configured to recognize. For each IP address, the routing table
additionally stores a network mask and other data that specifies the destination IP address ranges that
remote device will accept. In the Routing section you can enable the following lists
Static routing is simply the process of manually entering routes into a device's routing table via a
configuration file that is loaded when the routing device starts up. As an alternative, these routes can be
entered by a network administrator who configures the routes manually. Since these manually
configured routes don't change after they are configured (unless a human changes them) they are called
'static' routes.
Select Network > Routing > Routing Table. Click on
2-3.1)
For exempleA leased line connects Company As Router 1 (10.10.10.1) with Company Bs
Router 2 (10.10.10.2)
74
Chapter 2Network
Company AConnect WAN port 1 (61.11.11.11) to ATUR; Connect WAN port 2 (211.22.22.22)
to ATURLAN subnet ranges 192.168.1.1/24The LAN subnet that Router 1 (10.10.10.1,
RIPv2 supported) connected to ranges from 192.168.10.1/24.
Company BThe LAN subnet that Router 2 (10.10.10.2, RIPv2 supported) connected to ranges
from 192.168.20.1/24.
Setting Routing Table completed. The network subnets of 192.168.20.1/24 and 192.168.1.1/24
now not only communicate with each other, but as well use NAT mode to access the Internet. In
addition, select Mark tick box, and click on
modify contents, or
to cancel list. (Figure 2-3.2)
to
A router using dynamic routing will 'learn' the routes to all networks that are directly connected to the
device. Next, the router will learn routes from other routers that run the same routing protocol (RIP,
RIP2, etc.). Each router will then sort through its list of routes and select one or more 'best' routes for
each network destination the router knows or has learned.
Select Network > Routing > Dynamic routing. Select interface(s) and click on
75
..
(Figure 2-3.3)
Chapter 2Network
Viewing the Contents of Routing Tables, please select Tools > Connection Test > IP Route. (Figure
2-3.4)
On Windows and Unix/Linux computers, the netstat -r command also displays the contents of
the routing table configured on the local computer.
IPV6 Routing Table setting way is the same as Routing Table section. (Figure 2-3.5)
76
Chapter 2Network
2-4 802.1Q
IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network.
The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures
to be used by bridges and switches in handling such frames. The IEEE's 802.1Q standard was
developed to address the problem of how to break large networks into smaller parts so broadcast and
multicast traffic wouldn't grab more bandwidth than necessary. The standard also helps provide a
higher level of security between segments of internal networks.In this section you can enable the
following lists
EX : 10.10.10.1
NetmaskEnter Netmask
InterfaceSelect interface, LAN or DMZ.
EX : 255.255.255.0
VLAN IDIt is the identification of the VLAN, which is basically used by the standard 802.1Q.
Here I use ML-9324 switch for testing. (Figure 2-4.1)
77
Chapter 2Network
Check your switch setting. Lets create some VLANs. (Figure 2-4.2)
78
Chapter 2Network
Select Port 1 to Port7 of packets should be with Tagged 3.(Figure 2-4.4)
79
Chapter 2Network
Add "VLAN ID 3" now, otherwise, the port 6 cannot surf Internet. (Figure 2-4.6)
80
Chapter 3Policy
Chapter 3Policy
ShareTech UTM inspects each packet passing through the device to see if it meets the criteria of any
policy. Every packet is processed according to the designated policy; consequently any packets that do
not meet the criteria will not be permitted to pass. The items of a policy include Policy Name, Source
Address, Destination Address, Action, Protocol, Service Port or Group, Software Access Control, QoS,
Schedule, URL Policy, Internet Auth, Using Which WAN, Maximum Concurrent Sessions per IP
Address, Drop Skype, WEB/FTP Anti-virus, IDP, Packet tracing, Traffic Analysis, WEB Recorder,
IM Recorder, FTP Recorder, MSN Recorder, and Outgoing Mail. The IT administrator could
determine the outgoing and incoming service or application of which data packets should be blocked or
processed by configuring these items. On the other hand, IDP belongs to AW models.
3-1 LAN Policy
3-2 DMZ Policy
3-3 WAN Policy
81
Chapter 3Policy
Chapter 3Policy
Bulletin Board
WANIt determines over which WAN interfaces packets are permitted to pass through.
1. AllPackets are granted to pass through all interfaces once approved by the configured
policy.
2.
WAN 1Policy approved packets may access WAN 1.
3.
number of concurrent sessions of each IP address. If the amount of sessions exceeds the set value,
new sessions will not be created.
Skype ProhibitedIt can restrict the use of Skype protocol.
WEB/FTP Anti-virusIt filters viruses contained within files transferred over WEB, FTP
protocol.
IDPIt can identify intrusion packets and react to them in a timely manner.
BotnetIt can explicitly point out the real attack running hidden and suspense malicious
software spreading in the internal network.
Packet Tracing
Traffic Analysis
PauseTemporarily disable the policy.
StartStart the Policy.
DeleteDelete the Policy.
EditEdit the Policy.
Traffic AnalysisClick on this button, you can see the detail illustration of traffic analysis.
Packet tracingRecord Logs of packet transmissions managed by the policy. You can
click on Log button to see packet logs.
83
Chapter 4Objects
Chapter 4Objects
In the Objects chapter you can enable the following lists
4-1 Address Table
4-2 Services
4-3 Schedule
4-4 QoS
4-5 Application Control
4-6 URL Filter
4-7 Virtual Server
4-8 Firewall Protection
4-9 Authentication
4-10 Bulletin Board
4-11 WAN Group
84
Chapter 4Objects
Select Objects > Address Table > LAN IP Address. (Figure 4-1.1) (Figure 4-1.2)
Select IP ModeIt offers two modes.
1.
IPv4 Mode
2. IP v6 Mode
Computer Name, IP, and MAC AddressIt is recommended to configure some desirable address
names within Address first so that they are ready to use for the Source Address or Destination
Address setting of a policy. In addition, you may click on
to add to create an entry.
Click on
to create one LAN IP Address first.
Computer Name
Settings
1. Only set the IP address
2. Set IP and MAC address
Get static IP address from DHCP Server.
85
Chapter 4Objects
Setting LAN IP Address completed. In addition, select
create a new sub-content,
to modify contents, or
1.
Select From LAN AddressThe left user lists which you add in LAN IP Address. (Figure
4-1.4)
86
to
Chapter 4Objects
2.
Select From IP RangEnter the range IP addresses which you want to restrict to. (Figure 4-1.5)
3.
4.
Select From DHCP UsersIt shows range of DHCP users, and these will be restricted. If
you select IP-MAC Binding tick box, it will show list of IP MAC. (Figure 4-1.7)
5.
87
Chapter 4Objects
6.
Select MAC Address GroupPlease enter an MAC address or subnet. (Figure 4-1.9)
Setting LAN Group completed. In addition, select Mark tick box, and click on +Add button to
create a new sub-content, Edit to modify contents, or Del to cancel list. (Figure 4-1.10)
88
Chapter 4Objects
DMZ Group setting way is the same as LAN Group. When you want to use DMZ Group, just select
Policy > DMZ Policy> DMZ to WAN or DMZ to LAN. Click on
, and select Action to Drop,
and then select Source to which you have just set in 4-1 Address DMZ Group.
89
Chapter 4Objects
WAN Group setting way is the same as LAN Group. When you want to use WAN Group, just select
Policy > WAN Policy> WAN to LAN or WAN to DMZ. Click on
and then select Source to which you have just set in 4-1 Address.
Example application
Usually, most administrator use URL filter application to avoid internal users surfing Internet,
however, we may figure out it cannot block https. Therefore, ShareTech released FQDN
application within filter in order to block domain exactly. (Figure 4-1.13)
90
Chapter 4Objects
91
Chapter 4Objects
Select Policy > LAN Policy > LAN to WAN. Click on
(Figure 4-1.17)
92
Chapter 4Objects
Now, lets check domain ip. (Figure 4-1.18)
As we know, internal user cannot surf facebook even if it go through https . (Figure 4-1.19)
93
Chapter 4Objects
4-2 Services
TCP and UDP protocols support a variety of services, and each service consists of a TCP port or UDP
port number, such as TELNET (23), FTP (21), SMTP (25), POP3 (110), etc. This section has two types
of services, that is, Pre-defined service and Service group. Pre-defined service includes the most
common-used services using TCP or UDP protocol. It allows neither modification nor deletion while
Custom service allows modification on port numbers based on the situation.
When configuring Custom service, the port number setting for either client port or server
port falls between 0 and 65535. The IT administrator merely needs to determine the
necessary protocol and port number for each Internet service, and then the client will be able
to access different services.
In this section you can enable the following lists
Select Objects > Services > Basic Service. The symbol and its description used in Pre-defined
(Figure 4-2.1)
ProtocolThe protocol used for communication between two devices. TCP and UDP are the two
most frequently seen protocols among others.
1.
2.
Any Service.
Services using TCP protocol, Gepher, ICQ, Ident, LDAP, NTTP over SSL, PPTP,
SFTP, SSH, Terminal, WINFRAME, AFPoverTCP, FTP, H323 (NetMeeting), L2TP, MSN
Messenger, POP2, SMTP over SSL, Yahoo, AOL, Finger, HTTP, IMAP over SSL, LDAP
Admin, NNTP, POP3 over SSL, RLOGIN, SMTP, VNC, BGP, GNUTella, HTTPS, IMAP,
LDAP over SSL, POP3, Real Audio, Telnet, and WAIS.
3.
Services using UDP protocol, DNS, IKE, RIP, SYSLOG, UUCP, TFTP, NTP, and
SNMP.
PortThe port number of the client users PC which is used for connecting to the UTM device.
Range from 0 to 65535. Using default is recommended.
94
Chapter 4Objects
To facilitate policy management, the IT administrator may create a service group including a group of
necessary services.
For example, given that ten users from ten different IP addresses requesting
access to five types of services, namely HTTP, FTP, SMTP, POP3 and TELNET, it merely takes one
policy with a service group to satisfy the service request of 50 combinations (10 users times 5 services
equals to 50 service requests). Select Objects > Services > Service Group. This function regulates
the online usage of service.
Click on
to create a Service rule.
Service NameEnter some words for recognition.
Click on
After selected. If you made wrong selection, you want to remove one port. Please blank out the
port.(Figure 4-2.3)
95
Chapter 4Objects
to modify contents, or
to create
, and select Action to Drop, and then select Service Port or Group to test
Click on
service which you have just set in 4-2 Services. (Figure 4-2.5)
96
Chapter 4Objects
3.
97
Chapter 4Objects
4-3 Schedule
The IT Administrator to configure a schedule for policy to take effect and allow the policies to be used
at those designated times. And then the Administrator can set the start time and stop time or VPN
connection in Policy or in VPN. By using the Schedule function, the Administrator can save a lot of
management time and make the network system most effective. In this section you can enable the
following lists
The system administrator and IT administrator can use Schedule to set up the device to carry out the
connection of Policy or VPN during several different time divisions automatically. Select Objects >
Schedule > Schedule List.
Click on
to create a new Schedule rule first. (Figure 4-3.1)
Schedule NameEnter some words for recognition.
Setting your time schedule.
to modify contents, or
98
to create a
Chapter 4Objects
first.
you need on the right side. Here, we use LAN to WAN for sample. Click on
Select Action to Drop, and then select Schedule to for working time which you have just
set in 4-3 Schedule List. (Figure 4-3.3)
3.
99
Chapter 4Objects
100
Chapter 4Objects
4-4 QoS
By configuring the QoS, IT administrator can control the Outbound and Inbound
Upstream/Downstream Bandwidth. The administrator can configure the bandwidth according to the
WAN bandwidth. The QoS feature not only facilitates the bandwidth management but optimizes the
bandwidth utilization as well. The following two figures indicate the improvement of bandwidth
utilization as a result of enforcing QoS by showing before and after comparisons. In this section you
can enable the following lists
101
Chapter 4Objects
to modify contents, or
to create a new
first.
need on the right side. Here, we use LAN to WAN for sample. Click on
Select Action to ACCEPT, and then select QoS to QOSPolicy(Per Souce IP) which you
have just set in 4-4 QoS. (Figure 4-4.3)
102
Chapter 4Objects
3.
103
Chapter 4Objects
Select Objects > Application Control > Software Block. It offers five kinds of software blocking,
P2P Software, IM Software, WEB Application, Fun Software, and Other Application. In this section
you can enable the following lists
Click on
first.
CommentEnter any word for recognition.
Enable the recordIf you want to record the condition of software blocking, please select this.
P2P Software (Figure 4-5.1)
1.
104
Chapter 4Objects
2.
VOIP BlockingRegulates the use of h323, jabber, sip, skypetoskype, teamspeak, and
ventrilo
2.
3.
4.
ogg, pdf, perl, png, postscript, rar, rpm, rtf, tar, zip
WEB Upload BlockingRegulates file transfers for uexe, uflash, ugif, uhtml, ujpeg, ump3,
uogg, updf, uperl, upng, upostscript, urar, urpm, urtf, utar, and uzip.
105
Chapter 4Objects
and xboxlive.
Video BlockingRegulates the online usage of cradio, funshion, hinedo, kuaibo, ppstream,
and qqlive. Click on
, you will see that regulates the online usage of live365,
pplive, replaytv-ivs, and shoutcast.
106
Chapter 4Objects
Other Application (Figure 4-5.5)
1.
CommonRegulates the online usage of netpas, phproxy, rpd, and vnc. Click on
2.
you will see that regulates the online usage of ciscovpn, citrix, ncp, pcanywhere, radmin,
ssh, uucp, validcertssl.
Virus, Worms, Spyware BlockingPrevents the use of code_red, and nimda.
3.
Stock BlockingRegulates the online usage of cjis, dps, dzh, gtja, gzs, hexun, pobo,
qianlong, stockstar, westfutu, and whsp.
107
Chapter 4Objects
Setting Software Blocking List completed. In addition, select
to create a new sub-content,
to modify contents, or
first.
right side. Here, we use LAN to WAN for sample. Click on
Select Action to Drop, and then select Software Access Control to test blocking which
you have just set in 4-5 Application Control. (Figure 4-5.8)
108
Chapter 4Objects
3.
P2P Blocking
VOIP Blocking
WEB Download Blocking
WEB Mail Blocking
5.
6.
7.
8.
Stock Blocking
Virus, Worms, Spyware Blocking
Fun Blocking
Video Blocking
109
Chapter 4Objects
110
Chapter 4Objects
Select Objects > URL Filter > List Settings. Then, click on
NameEnter any words for recognition.
List ModeSelect for Blacklist or Whitelist.
4-6.1)
IP BlacklistEnter the complete IP address. It is restricted specific website whether user surf
Internet or not, however it depends on what you select on List Mode.
111
Chapter 4Objects
Setting URL List completed. In addition, select Mark tick box, and click on
new sub-content,
to modify contents, or
to cancel list. (Figure 4-6.2)
to create a
Select Objects > URL Filter > URL Settings. Then, click on
.
Group NameEnter any words for recognition. (Figure 4-6.3)
Create block warning messageUser can create block warning message their own if selected.
(Figure 4-6.4)
List SelectSelect one that you have ever added in List settings.
112
Chapter 4Objects
Setting URL List completed. In addition, select Mark tick box, and click on
new sub-content,
to modify contents, or
to cancel list. (Figure 4-6.5)
to create a
Chapter 4Objects
3.
Setting URL Policy completed. Afterward the users can browse the website except
"youtube," "google," and "yahoo" in domain name by the above policy. (Figure 4-6.7)
114
Chapter 4Objects
. (Figure 4-6.8)
115
Chapter 4Objects
Its function resembles Mapped IPs. But the virtual Server Maps one-to-many. That is, to map a Real IP
Address to LAN Private IP Address and provide the service item in Service. Select Objects > Virtual
button to create a new virtual server.
Server> Virtual Server. Click on
Click on
to select IP address. It offers two Assist Select. Here, we suggest useing static
IP. (Figure 4-7.1) (Figure4-7.2)
1. WAN 1 Interface
2. WAN 2 Interface
116
Chapter 4Objects
After selected Virtual WAN IP.
Click on
4-7.4)
(Figure 4-7.6)
117
Chapter 4Objects
There is an example, how to open mail server port in order to make outside person connect to.
Assume your Mail Server IP is 192.168.99.250. Please follow the previous steps, and then create
a WAN policy in Policy > WAN Policy > WAN to LAN. (Figure 4-7.8) (Figure 4-7.9)
118
Chapter 4Objects
Then, enter WAN IP and port number. For example, http://111.252.76.144:88 (Figure 4-7.10)
119
Chapter 4Objects
Otherwise, enter WAN IP and port number, https://111.252.76.144:888 (Figure 4-7.11)
Because of the intranet is transferring the private IP by NAT6 Mode, so, using NAT to map a wan Real
IP address to a LAN Private IP address. It is a one-to-one mapping. That is, to gain access to internal
servers with private IP addresses from an external network, mapping is required. Select Objects >
Virtual Server> Mapped IP. Click on
to create a new one.
Click on Assist button to select WAN IP address. It offers two Auxiliary Select. (Figure 4-7.12)
1. WAN 1 Interface selections.
2. WAN 2 Interface
Map to Virtual IP
Chapter 4Objects
Setting Mapped IP completed. In addition, click on
modify contents, or Del to cancel list. (Figure 4-7.13)
121
Chapter 4Objects
Firewall protection primarily uses packet filtering to detect and block intruders. Some also include
application filtering. In addition, these applications typically generate alerts and log intrusion attempts.
Default firewall Protection function is enabled. Select Objects > Firewall Protection > Firewall
Protection. (Figure 4-8.1)
SYN attack detectionSYN Flood is a popular attack way. DoS and DDoS are TCP protocol.
Hackers like using this method to make a counterfeit of connection, and the CPU and memory,
and so on resource is been consume.
ICMP attack detectionICMP is kind of a pack of TCP/IP; its important function is for transfer
simple signal on the Internet. There are two normal attack ways which hackers like to use, Ping
of Death and Smurf attack.
UDP attack detectionHackers use UDP Protocol to make a counterfeit of connection, and the
CPU and memory, and so on resource is been consume.
122
Chapter 4Objects
Select Objects > Firewall Protection > Attack Log. You can see all of attack detection records which
through UTM machine. (Figure 4-8.2)
123
Chapter 4Objects
4-9 Authentication
Internet Authentication serves as a gateway to filter out unauthorized users from accessing the Internet.
Configuring the Authentication provides an effective method of managing the networks use. Therefore,
IT administration can control the users connection authority by setting account and password to
identify the privilege, and then users have to pass the authentication to access to Internet. In this section,
it offers some authentication modes, Local Users, User Group, External Auth Settings which are
include AD7 and POP3, adding flexibility to your choice of authentication method. In addition, it also
offers Internet Auth Recorder and Auth Status. The IT administrator can use two methods to know the
authentication of LANs users what they have been done. In the Internet Auth section you can enable
the following lists
AD = Active Directory
124
Chapter 4Objects
0 means permanent blocking
Permanently block when login failed more than:
0 means no limit
Unblocked IP: here, will show up total blocked IP, and then you are able to see detailed on
status.
Account expiration notification:
0 represents the day
Delete expired account:
0 means no limit, that is never deleted
Select authentication modeClick on Edit button to enter mode. These modes are separated by
using comma.
1. LLocal
2. AAD
3. PPOP3
4. RRADIUS
Chapter 4Objects
Subject: Enter some words to be website subject.
Content: Enter some message which shown in the login screen. Leaving it blank will result in no
message be show.
Upload logoClick on
. This picture will show when users use Internet by through the
Internet authentication way. The Login screen shows before a user accesses a web site.
You are able to click Login Preview to see login screen which your settings. There is an example
figure as below. (Figure 4-9.3)
You are able to click Login Preview to see screen after user login successfully. There is an
example figure as below. (Figure 4-9.4)
126
Chapter 4Objects
Before start to set up "Apply Bulletin Layout" we should set up Bulletin Board first. (Figure 4-9.5)
You are able to click PC Version and Mobile Version to see login screen which your settings. There are
two examples as below. (Figure 4-9.7) (Figure 4-9.8)
127
Chapter 4Objects
Click on
first.
nameThe user name for authentication
User AccountThe account for authentication
PasswordThe password for authentication
Confirm PasswordThe confirmation of password
require users to log on when the next change passwordIf selected, the local authentication
accounts can be forced to change their passwords at their next login attempt.
user account expiration dateSets the period of validity for a user's account
128
Chapter 4Objects
Then, please see User Group part to see how to use Internet Authentication.
Select Objects > Authentication > POP3, RADIUS User. Please check your mail server Network
Setting first. (Figure 4-9.11)
129
Chapter 4Objects
Then, add a POP3 server info. (Figure 4-9.12)
Second, we suggest importing all of POP3 accounts, it will faster than enter each of accounts.
We use "sharetech01@randoll.com.tw" for testing here. (Figure 4-9.13)
Click
Create one account successfully. Also, you are able to import (Figure 4-9.16)
130
Chapter 4Objects
Then, please see User Group part to see how to use Internet Authentication.
On the other hand, If mail server is internal, and do not allow external personal yet. We advise
set up DNS first in UTM. Please refer 5-3 DNS Server chapter.
Lets set up DNS Server in Network Services > DNS Server > Domain Setting. (Figure 4-9.17)
Click
131
Chapter 4Objects
And then, please see User Group part to see how to use Internal Authentication.
Use custom settingsThe settings of When asked how long the idle re-registration, How
long after the user logs requested a re-registration, and Select Authentication Mode are
defined by yourself. (Figure 4-9.10)
132
Chapter 4Objects
Setting User Group with Local Users mode completed. In addition, click on
new sub-content, Edit to modify contents, or Del to cancel list. (Figure 4-9.12)
Figure 4-9. 23 Setting user group with Local Users mode completed
133
to create a
Chapter 4Objects
2.
to create a new
3. AD
AD accounts importClick on
to create a new
There is an example of how User Group is used with Local Users mode.
1. Select Objects > Policy > LAN Policy or DMZ Policy. Then, select the function you
need on the right side.
2.
Click on
, and select Action to ACCEPT, and then select Internet Auth to "team A"
which you have just set in 4-9 Authentication. (Figure 4-9.15)
134
Chapter 4Objects
3.
4.
Lets login.
135
Chapter 4Objects
There is an example of how User Group is used with POP3 mode.
1. 1 Select Objects > Policy > LAN Policy or DMZ Policy. Then, select the function you
need on the right side.
2.
3.
136
Chapter 4Objects
4.
Lets login.
This function is accords with the section of Auth Settings, Local Users, User Group, and Policy
Chapter. If the user has been Login, the records will be shown. (Figure 4-9.23)
It shows the users who is on the Internet at present. You can click on Kick link to kick out the user or
user group, and then you cannot use Internet. (Figure4-9.24) (Figure4-9.25)
137
Chapter 4Objects
138
Chapter 4Objects
(Figure4-10.1) (Figure4-10.2)
139
Chapter 4Objects
Click
(Figure4-10.4)
140
Chapter 4Objects
Click Layout to edit content of bulletin board. (Figure4-10.5)
Click
(Figure4-10.6)
Select Policy > LAN Policy (or DMZ Policy) > LAN to WAN or LAN to DMZ. Click on
to add new policy. (Figure4-10.7)
141
Chapter 4Objects
Then, internal users will see bulletin board when they use Web Browser. (Figure4-10.9)
142
Chapter 4Objects
After users read bulletin content and click on
(Figure4-10.10)
Select Objects > Bulletin Board > Has read the bulletin board. (Figure4-10.11)
Administrator sees which IP had read content of bulletin board. Internal user has to read again if Kick
out.
143
Chapter 4Objects
144
145
5-1 DHCP
The DHCP8service allows you to control the IP address configuration of all your network devices from
ShareTech UR Appliance in a centralized way. When a client (host or other device such as networked
printer, etc.) joins your network it will automatically get a valid IP address from a range of addresses
and other settings from the DHCP service. The client must be configured to use DHCP, this is
something called "automatic network configuration" and is often the default setting. You may choose to
provide this service to clients on your LAN only, or include devices on the DMZ or WAN zone. In this
section you can enable the following lists
Select Network Services > DHCP > LAN DHCP User List.
Start / End address of IP Range 1 and 2Specify the range of addresses to be handed out. These
addresses have to be within the subnet that has been assigned to the corresponding zone. (Figure
5-1.1)
Primary / Secondary DNSThis specifies the DNS to be used by your clients. Since ShareTech
UR Appliance contains a caching DNS server, the default value is the firewalls own IP address
in the respective zone.
Default lease time (mins)This defines the default /maximum time in minutes before the IP
assignment expires and the client is supposed to request a new lease from the DHCP server.
Default GatewayThe default gateway of the LAN
Domain nameThis is the default domain name that is passed to the clients. When the client
looks up a hostname, it will first try to resolve the requested name. If that is not possible, the
client will append this domain name preceded by a dot and try again.
Max lease time (mins)In order to avoid UR use the same IP, how long can we also establish the
same IP max lease time.
Select Network Services > DHCP > LAN HDCP Server. DMZ DHCP Server setting way is the
same as LAN DHCP Server. (Figure 5-1.2)
Select Network Services > DHCP > DHCP Static IP. In the section Address, if you have been
select Get static IP address from DHCP Server tick box, you will see DHCP Static IP list here. (Figure
5-1.3)
147
148
5-2 DDNS
DDNS9, it allows you to make your server available to the Internet even though it does not have a static
IP address. To use DDNS you must first register a sub-domain with a DDNS provider. Then whenever
your server connects to the Internet and is given an IP address by your ISP it must tell the DDNS server
this IP address. When a client machine wishes to connect to your server it will resolve the address by
asking the DDNS server, which will answer with the latest value. If this is up to date then the client will
be able to contact your server (assuming your firewall rules allow this). EFW makes the process of
keeping your DDNS address up to date easier by providing automatic updates for many of the DDNS
providers. In this section you can enable the following lists
Dynamic DNS providers a service that allows assigning a globally available domain name to IP
addresses. This works even with addresses that are changing dynamically such as those offered by
residential ADSL connections. For this to work, each time the IP address changes, the update must be
actively propagated to the Dynamic DNS provider. Select Network Services > DDNS > DDNS
Server. (Figure 5-2.1)
Click on
http://www.noip.com/support/knowledgebase/getting-started-with-no-ip-com/
HostnameThe hostname and domain as registered with your DDNS provider.
For instance,
Dynamic DNS
149
150
(Figure 5-3.1)
Setting domain completed. Then, setting detail information. Click on pencil signature to edit
contents. (Figure 5-3.2)
152
sharetech.com
sharetech.com
5
20
mail. sharetech.com
mail2. sharetech.com
The above would indicate that incoming mail to sharetech.com would be first offered to the mail
server at mail. sharetech.com and if that server does not respond immediately it would be offered
to the alternative server at mail2. sharetech.com. The 5 and 20 represent PREFERENCE
NUMBERS. These numbers have no meaning except that lower numbers have preference over
larger numbers in sending email traffic to a particular server. If you wish to disable one server so
the other takes all of the email traffic, you simply remove one of the MX Records and the
remaining MX Record will direct all email traffic to your remaining mail server.
CNAME11 RecordA CNAME record is an entry in your DNS zone file which aliases an FQDN
(fully qualified domain name) to another FQDN (such as www.yourdomain.com to
yourdomain.com). In other words, the CNAME record specifies another domain name to which
a visitor to the first domain would be directed.
Example of CNAME record
1.
Aliasforum.yourdomain.com Hostnamewww.yourforum.com
2.
This
would
cause
visitors
to
forum.yourdomain.com
to
be
redirected
to
www.yourforum.com.
NS RecordNS records are imperative to functioning DNS entries. They are very simple; they
merely state the authoritative name servers for the given domain. There must be at least two NS
records in every DNS entry.
The example of NS recordssharetech.com.tw IN NS web.sharetech.com.tw There also must be
an A record in your DNS for each machine you enter as A NAME server in your domain. If
Wyith Limited is doing primary and secondary names service, we will set up these records for
you automatically, with ns3.wyith.net and ns4.wyith.net as your two authoritative name servers.
11
Canonical Name
153
154
Select Network Services > WEB Services > WEB. In this section you can enable the following
lists (Figure 5-4.1)
Max. Concurrent SessionIt can limit the max. Concurrent session
The range is 0~400
Max. Scan File (KB)It can limit the max. Scan File, if the hypothesis is 0, it represents all files
scan.
The range is 1 ~ 1000
Virus Warning SetupClick on Preview link, another pop-up window will demonstrate the
warning subject.
Warning SubjectEnter some words to warn users.
Warning MessageEnter some messages to warn users.
155
Sometimes internal users complain they cannot surf some websites. In fact, its not WEB record bug,
some websites didnt follow standard http <head> contents. They might use rel="canonical" or others,
and it will affect WEB record if enabled.
For instance, enable WEB Record. (Figure 5-4.2) (Figure 5-4.3)
Figure 5-4. 3
User cannot surf some websites because its not standard http <head> contents. (Figure 5-4.4)
156
Therefore, select Network Services > WEB Services> Non-Standard HTTP Exclude(Figure 5-4.6)
157
158
Select Network Services > FTP Services > FTP. In this section you can enable the following lists
(Figure 5-5.1)
Max. size of scanned files (KB): The size of email will not be scanned by ClamAV.
Max. size of storage files (KB): It depend on of which size an email is not to be backup saved.
0 mean no limit
Listen Port: you can enter multiple listen ports, separating them with comma.
Range: 1~65535
Support active FTP connection mode: Depend on your FTP connection mode.
Virus Engine: ClamAV
Extension file whitelist: Clam AV does not scan types of files which you enter.
159
Select Network Services > MSN Services > MSN Setting. In this section you can enable the
following lists (Figure 5-6.1)
Maximum Concurrent ClientsThe maximum of connections
Send Message to UserIf you select this check box, the user who is using MSN Instant
Messenger will get some words to be reminded. The words are according to which you enter in
Message Sent to User.
Administrator E-mailManagers email
Administrator NameManagers name
Message For UserEnter some words to remind users that their messages will be recorded.
160
5-7 QQ Services
Suitable ModelUR-720, UR- 730, UR-730A, UR-735A, UR-735, UR-750, UR-750A,
UR-930, UR-935, UR-760, UR-760F
Please see logs at 10-5 QQ Record
Select Network Services > QQ Services > Common Setting. Please enable it if you want record
QQ message. (Figure 5-7.1)
161
162
164
165
b. Group Policy Object Editor : User Configuration > Software Setting > Software
installation right-click new package
c. Please chose the file which you have ever input in the samba(Figure 5-8.6)
(Cannot select file from local PC)
d. Choose "Advanced"
e. In the [Deployment] >choose [Assigned], [Install this application at logon], and [Do not
display this package in the Add/Remove Programs control panel] > OK(Figure 5-8.7)
166
User Configuration > Windows Settings > Security Settings > Software Restriction Policies and
right-click [New Software Restriction Policies] (Figure 5-8.8)
c. Choose "Apply"
d. Close "Group Policy Object Editor"
7. How to Update Policy
Please open a command prompt, enter "gpupdate /force"(Figure 5-8.10)
8. Internal computers should restart computer, otherwise, packet will not go through group
policy. After updating, the system will restart.
168
to change hours.
to perform update right now.
169
To set up such a HA configuration, first set up the firewall that is going to be the MasterAt this
point the Backup mode cannot be reached anymore via its old IP address (factory default or
previous LAN address)
1.
2.
3.
4.
5. Finally, click on
to activate the settings.
Setup the firewall that is going to be the backup: At this point an extra panel appears where the
Backup-specific settings can be configured.
1. Execute the setup wizard, including the network wizard, filling in all needed information. It
is not necessary to configure services etc, since this information will be synchronized from
the master. However, it is necessary to register the backup with ShareTech Network.
2. Select Network Services > High Availability > High Availability.
3. EnableSelect tick box to start function, and set mode to Backup.
4. Fill in the Manage IP management network address for the Backup.
5. Fill in the Remote IP (the Backup needs this to synchronize its configuration from the
Master).
6. Finally, click on
to activate the settings
In conclusion, the Backup mode cannot be reached anymore via its old IP address (factory
default or previous LAN address) since it is in standby mode. It is connected to the Master
mode only through the management network.
12
HA = High Availability
170
2.
171
4.
172
6.
173
HA Synchronizing(Figure 5-10.7)
8.
If Master broken, Backup will take over network, and becomes Master.(Figure 5-10.8)
174
175
176
5-11 SNMP
SNMP13 is an "Internet-standard protocol for managing devices on IP networks. Devices that typically
support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is
used mostly in network management systems to monitor network-attached devices for conditions that
warrant administrative attention.
SNMP agents expose management data on the managed systems as variables. The protocol also
permits active management tasks, such as modifying and applying a new configuration
through remote modification of these variables.
SNMPv3 primarily added security and remote configuration enhancements to SNMP
Here, IT administrator can use ShareTech SNMP client plus MRTG to see more network status.
(Figure 5-11.2) In this section you can enable the following lists
13
Figure 5-11. 2 Monitoring or managing a group of hosts or devices on a SNMP server such as switch CPU, printers
Network traffic, and UTM performance.
178
To enable UTM sends logs to the external syslog server. Please select Network Services > Remote
Syslog Server > Remote Connect Setup.(Figure 5-12.1) Click Enable and enter the syslog server
information.
Syslog is a service for remotely logging data. For example, it allows monitoring video less network
equipment. Here, I use Kiwi Syslog, please download the following link
http://www.kiwisyslog.com/downloads/registration.aspx?productType=ks&AppID=876&Campa
ignID=70150000000Es8J
179
180
Dont select Install Kiwi Syslog Web Access, and Next(Figure 5-12.6)
181
182
Figure 5-12. 21 Completing the Kiwi Syslog server 9.2.0 Setup Wizard
Please select Policy, and must select Packet Tracing.(Figure 5-12.11) (Figure 5-12.12)
183
Please click on
.(Figure
5-12.14)
184
Please select Log to file(Figure 5-12.16) and depend on how your setting.
185
Besides, users also can use mail Notification. Please select E-mail. (Figure 5-12.18)
186
187
188
As we saw the figure above, system should record "192.168.1.117" into log, so you can see logs
in Advanced Security > Anomaly IP Analysis > Anomaly Log.
You need to set SMTP now!!! Please select Configuration > Administration > SMTP
Server
You need to set Notification now!!! (Have to select " Anomaly IP (Outgoing/Incoming session,
flow up, flow down"). Please select Configuration > Notification > Notification
Insides to Outside Anomaly
1. Connection Session exceeds 100 and continues 120 seconds.(default)
2. Upload flow exceeds 512 Kbps and continues 120 seconds.(default)
3. Download flow exceeds 1024 Kbps and continues 120 seconds.(default)
Outside to Inside Anomaly
1. Connection Session exceeds 200 and continues 120 seconds.(default)
2. Upload flow exceeds 512 Kbps and continues 120 seconds.(default)
3. Download flow exceeds 1024 Kbps and continues 120 seconds.(default)
189
Lets see Status > Connection Status > Connect Track(Figure 6-1.4)
As we saw the figure above, "192.168.1.117" should be record, and then system will mail logs to
recipients. Then, user will receive notify logs such as below figure. (Figure 6-1.5) (Figure 6-1.6)
190
191
Lets see Status > Connection Status > Connect Track(Figure 6-1.8)
As we saw the figure above, "192.168.1.117" should be blocked, so user can see block lists in
Advanced Protection > Anomaly IP Analysis > Block List.
192
If administrator has some IP addresses which do not want to be restricted by this function such as
managers, and administrator can enter the IP ranges. After that those IPs you entered would not be
detected anomaly analysis. (Figure 6-1.9) (Figure 6-1.10)
Administrator has to set Advanced Protection > Anomaly IP Analysis > Log Anomaly first, and
then, you will see the following figures. (Figure 6-1.11) (Figure 6-1.12).
193
It is accord with Advanced Protection > Anomaly IP Analysis > Block List. If user have selected
"Block until administrator to unlock" in block setting, dont forget to click on
6-1.13)
194
6-2 Switch
The network switch plays an integral part in most modern Ethernet local area networks (LANs).
Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office
(SOHO) applications typically use a single switch, or an all-purpose converged device such as a
residential gateway to access small office/home broadband services such as DSL or cable internet. In
most of these cases, the end-user device contains a router and components that interface to the
particular physical broadband technology. User devices may also include a telephone interface for
VoIP.
Suitable switch
Co-defense
SNMP
Cisco3560e
Cisco3750
AG-2824T
H3C-S5100
ML-9324 (Layer 2)
H3C-S7506R
ML-9308 (Layer 2)
SGI-2404
3Com-4210
Juniper-ex2200
DGS-1210-28
ML-9528 (Layer 2)
Netgear-Gsm7224
L3 Switch - HP V1910-16G
HP V1910-24G switch
A network switch or switching hub is a computer networking device that connects network
segments.Select Advanced Protection > Switch > Switch Setup.
Click on
to create a new switch.
InterfaceChoose your switch at which UTM interface.
1. Lan
2. Dmz
Switch TypeChoose what kinds of function you need.
1. Co-defenseAs for now, ShareTech device supports two the following models.
a. ML-9528
195
SNMP Write CommunityEnter your write switch community. For ShareTech switch ML-9528
and ML-9324, default write community are private. Administrator could click on
to check connection. Your settings are correct after you see the following figure.
Web Management Enter switch web management port. Both ShareTech ML-9528 and
ML-9324 default port are 80.
Lets click on
196
After click on
, you
197
, you
If IT administrator doesnt know the switch IP or doesnt know how many switches under UTM,
to scan (search) switches. (Figure 6-2.4)
IT administrator can click on
198
199
, you
Select Advanced Protection > Switch > Switch Status. (Figure 6-2.8)
Up Link
Down Link
Dump switch
200
On
Down
201
4.
202
IP display(Figure 6-2.13)
When anomalous flow occurs, it will be blocked and the administrator will be notified and
assisted to this abnormal situation. Defects can be known on which computer and which switch
port at the earliest possible time which prevents business network from failure. You may
confuse what advantage it is and how to use it.
First, please select Advanced Protection > Anomaly IP Analysis > Block List (Figure 6-2.14)
203
We may figure out 192.168.1.11 is in 192.168.1.144 port6, and then administrator can decide to
block that switch port. (Select Close) Therefore, 192.168.1.11 cannot surf Internet even if IP
have been changed to another port. (Figure 6-2.16)
Block all port because ML-9324 and general
SNMP switch dont have IP/MAC biding function.
6.
204
7.
205
Third, you can select Co-defense with Botnet function right now. (Figure 6-2.22)
206
8.
ActionNotify Administrator
You need to select Notification items!! Please select Configuration > Notification >
Notification (Have to select "Botnet Attack Log")
Because ShareTech ML-9528 switch has IP/MAC binding function. It offers much safer and easier
network management systems to monitor network-attached devices for conditions that warrant
administrative attention. Please select Advanced Protection > Switch > Switch Status.
Therefore, administrator doesnt have to block all port if use ML-9528 IP/MAC binding or
MAC binding function. It depends on which bind mode you select. (Figure 6-2.25)
207
NotedInternal user wouldnt allow be surfed Internet if internal user change device IP,
MAC, or switch port!
208
ARP spoofing is a method of exploiting the interaction of IP and Ethernet protocols. ARP spoofing
may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic
altogether. In fact, the only possible defense is the use of static (non-changing) ARP entries. Since
static entries cannot be updated, spoofed ARP replies are ignored. To prevent spoofing, the ARP tables
would have to have a static entry for each machine on the network. The overhead in deploying these
tables, as well as keeping them up to date, is not practical for most LANs.
Lets test how it works. First of all, if there were internal users installing netcut software
purposely and tried to cut someone else network, it may affect some network couldnt surf
Internet. (Figure 6-3.1)
209
Please select Advanced Protection > Intranet protect > ARP Spoofing Log (Figure 6-3.3)
Administrator may know who has ever been ARP attacker.
Please select Advanced Protection > Intranet protect > ARP Lock (Figure 6-3.4)
Administrator decides whether to block it or not.
210
Please select Advanced Protection > Intranet protect > MAC address Collision Log
In order that avoid internal users changing their MAC. (Figure 6-3.6)
Refer the following figure, 192.168.189.142 changed its MAC address from 00:0c:29:26:1d to
00:0c:29:26:2d:1c.Then it will be detected same as MAC address of 192.168.188.142.
Please select Advanced Protection > Intranet protect > Mac Collision Lock
Administrator decides whether to block it or not. (Figure 6-3.7) (Figure 6-3.8)
211
Please select Advanced Protection > Intranet protect > Ip Collision Log (Figure 6-3.10)
In order that avoid internal users changing their IP if its not DHCP IP.
Please select Advanced Protection > Intranet protect > Ip Collision Lock (Figure 6-3.11)
Administrator decides whether to block it or not
212
213
214
Select Mail Security > Filter & Log > Filter & Log.
Incoming Mail Anti-Virus and Anti-Spam and Backup: For all of incoming mails which from
WAN to LAN or WAN to DMZ for starting filter mail of Anti-Virus, Audit, Anti-Spam, and
Mail Backup. (Figure 7-1.1)
Mail record will be backup into hard disk; administrator can download, re-send, add to system
White List, or read detail mail from the disk.
WAN to LAN_tcp SMTP port25 or WAN to DMZ_tcp SMTP port25
LAN and DMZ Outgoing Mail Anti-Virus and Audit and Anti-Spam and Backup: For all of
outgoing mails which from LAN to WAN or DMZ to WAN for starting filter mail of Anti-Virus,
Audit, Anti-Spam, and Mail Backup.
Mail record will be backup into hard disk; administrator can download or release mail from the
disk.
1. Outgoing Mail: LAN to WAN_tcp SMTP port25 or DMZ to WAN_tcp SMTP port25(Figure
7-1.2)
215
216
2. LAN, DMZ Outgoing Mail (Send): LAN to WAN_tcp SMTP port25 or DMZ to WAN_tcp
SMTP port25. Sender IP will be replaced UTM WAN IP, so outside receiver see UTM
WAN IP when get email. (Figure 7-1.7)
217
(Figure 7-1.9)
If select HTTP, please make sure your WAN Alive Detection has selected HTTP. If select
HTTPS, please make sure your WAN Alive Detection has selected HTTPS. (Figure 7-1.11)
218
Maybe there are Exchange Servers or mail servers in you internal network, and you want to make
mail routes of sending become faster. Valid Account Setting feature makes internal mail server or
Exchange Servers performance better than better.
Select Mail Security > Filter & Log > Valid Account Setting.
Valid Account Setting (Authentication)(Figure 7-1.14)
UTM, system will check internal mail server whether those mail account exist or not. It makes
mail server more safety and less spam mail because of UTM Filter valid account.
1. EnableEnable means Start this function; otherwise, Disabled means stop this function.
219
Account Enter
addresses,
line
set.
For
instance,
"sales@sharetech.com.tw"
5. ImportClick on
to import amount of account emails.
domains and accounts you enter will not be filtered. Those accounts are trusted forever, always
passed here.
1. EnableEnable means Start this function; otherwise, Disabled means stop this function.
2. Domain ListEnter domains, one line for each domain.
3. Mail AccountEnter e-mail addresses, one line for each mail account.
For instance,
"sales@sharetech.com.tw"
4. ImportClick on
to import amount of account emails.
220
221
For instance,
to bring in amount of
to see when you allow Invalid Mail Pass through. (Figure 7-1.20)
Graylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using
graylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is
legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the
email will be accepted.
Select Mail Security > Filter & Log > Graylist and IP Resolved. (Figure 7-1.21)
GraylistSelect "Eenable" to up this function, but otherwise, select Disabled means off.
1. WhiteList Sender IPEnter whitelist(trusted) IP addresses.
input IP address or a range will be graylisting, one line for each IP,
ex: 12.34.56.78
12.34.56.78/24
ImportClick on
to import amount of whitelist IPs. On the other hand, IT administrator
can click
to export txt.file
one line for each IP, and should be txt.file
222
Block Logclick on
( Note : The content will be automatically cleared if this record files is larger than 100K. )
Sometimes some accounts password is so easy to hack it, or employees company got virus. Then,
the hackers will use their computer to send spam email from background. IT administrator may find
out some situations happened such as there are many spam emails send from Internal IP or the
External IP.(Figure 7-1.23)
1. Rules: How long time (second) does system limits of letter number? And will block how
long time (second).
223
input IP address will unblock forever, one line for each IP,
ex: 10.0.0.1
192.168.0.0/16
7. Traffic Blocking LogIT administrator could click on
logs.
224
Transport Layer Security (TLS) is cryptographic protocols that provide communication security over
the Internet. TLS is usually implemented on top of any of the Transport Layer protocols, encapsulating
the application-specific protocols such as HTTP, FTP, SMTP.
A prominent use of TLS is for securing World Wide Web traffic carried by HTTP to form HTTPS.
Increasingly, the Simple Mail Transfer Protocol (SMTP) is also protected by TLS. These applications
use public key certificates to verify the identity of endpoints. (Figure 7-1.24)
8.
TLS IP or IP/Mask
Import Click on
to export txt.file
225
7-2 Anti-Virus
Applicable products: UR-500A, UR-915, UR-918, UR-930, UR-935, UR-938, UR-730A,
AW-560, AW-570, UR-735, UR-735A, AW-580, AW-590, UR-750, UR-750A, UR-760, and
UR-760F.
Due to scan anti-virus mails capabilities, ShareTech UTM guards against the extensive damage that
virus infections can inflict on your business. In this section, the feature accords with 7-1 Filter & Log
section. You should select Mail Security > Filter & Log > Filter & Log, and enable Anti-Virus. (Figure
7-2.1)
226
227
228
Select Mail Security > Anti-Virus > Anti-Virus Setting. (Figure 7-2.7)
Anti-VirusSet to Start, the function will work.
Virus EngineAvailable virus-scanning engines are ClamAV, the default and free of charge
virus-scanning engine.
Please refer 5-9 Virus Engine, select Network Services > Virus
Engine > ClamAV Engine.
Not Scan FileYou can enter what kind of file does not to scan; it can save much scan time.
229
Some infected emails will keep in Quarantine. (Only available when the Mail Anti-virus Setup is start,
and select Isolation virus Mail) Select Mail Security > Anti-Virus > Search Infected Mail. This page
shows the current Infected Mail Quarantine, so it is also possible to search the quarantine by setting
information. (Figure 7-2.8)
230
7-3 Anti-Spam
Applicable products: UR-500A, UR-915, UR-918, UR-930, UR-935, UR-938, UR-730A,
AW-560, AW-570, UR-735, UR-735A, AW-580, AW-590, UR-750, UR-750A, UR-760, and
UR-760F.
ShareTech spam filtering mechanism adopts state-of-the-art technology in UTM and Mail Server. In
order to fight against annoying spam, ShareTech offers 6 solutions: Fingerprinting, Bayesian Filtering,
ST-PIC multi-dimensional graphics pattern recognition, Auto learning, Personal Blacklist / Whitelist
and Spam characteristics filtering. ShareTech spam-filtering mechanism blocks 90% spam.
In this section, the feature accords with 7-1 Filter & Log. You should select Mail Security > Filter &
Log > Filter & Log, and enable Anti-Spam. (Figure 7-3.1)
231
232
Figure 7-3. 6 Spam Mail Filter Setup and Anti-Spam Engine Setup
Mail in Quarantined AreaKeep those mails which in quarantined how many days.
Figure 7-3. 7 Process of Spam Mail and Client Spam Mail Web Search
Internal users can login, search, and set their own personal spam settings if you enable "Allow Client
to Use Mail Searching Interface"
https://[Network interface IP address or domain]:[UTM WAN HTTPS Port] /spam.php
Figure 7-3. 9 Client Mail Searching Web Interface Login Server Setting
235
Select Mail Security > Anti-Spam > Spam Setting (Figure 7-3.11)
Setting Connection IP Domain and Connection Port
Set User Spam List Sending to Start. If you set to Stop, setting below would not work.
Setting when will send to internal users.
Administrator also can set who do not want to receive the list
Click on
To retrieve or resend emails classified as spam or virus emails, select Content Recorder >
Mail Recorder.
236
ShareTech anti-spam system offers Blacklist and Whitelist learning database. If user spam in your
inbox, they can blacklist the contacts IP address. If user notices that legitimate emails from specific
contacts are incorrectly marked spam, they can whitelist the contact's IP address as well. The
auto-learning system learns by scheduled time. This educates the system so that the next time the
anti-spam mechanism can distinguish spam from non-spam more correctly. (Figure 7-3.12)
Select Mail Security > Anti-Spam > Auto Learning.
Auto LearningUser select "Start" to start learning spam lists; on the other hand select "Stop"
to stop it.
Learning EveryHow often does spam lists to be learned? Select the time user want, and
click on
.
Blacklist LearningClick on
to bring
blacklist into the server. The system would learn these blacklist emails automatically. User
also can click on
to see learning status.
Maximum Upload Size : 64MB
237
to
bring whitelist into the server. The system would learn these whitelist emails automatically.
User also can click on
to see learning status.
Maximum Upload Size : 64MB
Clear Learning DatabaseUser can click on
Personal Black List Custom Approach (the function is limited to receipt of LAN, DMZ
Outgoing)There are two ways you can choose if the mail is from Blacklist.
1. Add words to subject and send to recipientIt is kind of a notification. You can add words to
mail subject, and then the mail would be send to recipient account. Add to Subject could be
[It is a spam] or some words which easy to remind recipient account.
2. DeleteIf users select "Delete," system will delete that email which was sent from Blacklist.
Then, the recipient (account) will not receive that mail.
WhitelistSpecifies permitted email addresses.
Note
238
Setting Personal B & W completed. If user has many dates you can import them by one step.
Click on
n to search where the file is, and then click on
to bring lists into
server. On the other hand, you also can click on
to export personal black and white lists
from the server. In addition, click on
contents, or Del to cancel list. (Figure 7-3.14)
Select Mail Security > Anti-Spam > System B & W. (Figure 7-3.15)
BlacklistUsed as a reference for classifying an email as a spam. On the other hand, you also can
click on
to export system blacklists from the server.
ImportBlicklistClick on
to find which file you want to import, and then click on
to bring blacklists into server.
System Blacklist Custom ApproachThere are two ways you can choose if the mail is from
Blacklists.
1. Add words to subject and send to recipientIt is kind of a notification. You can add words
to mail subject, and then the mail would be send to recipient account. Add to Subject could
be [Spam-Mail] or some words which easy to remind recipient account.
2. DeleteSelected this, recipient account will not receive that mail.
239
240
241
242
243
244
1. Priority: Rules rank from top priority to the next one. If rules are repeated, higher priority rule
will be applied.
2. Audit Name: A name for administrator to recognize audit & filter action
3. Comment: Detailed description about audit & filter
4. Status:
to begin filter rule setting, and enter info as below. (Figure 7-4.8)
Audit Rules
10. Match with: AND and OR are used as the filter condition here. (Figure 7-4.9)
1. All Condition (AND): the filter would work and follow the appointed processing if the
e-mail matched all fields.
2. Any Condition (OR): the filter would work and follow the appointed processing if the email
matched one of the fields.
More information about fields of the filter is shown as the following.
1. Rules with * can input special characters. Eg. ! means NOT and null means NONE.
2. The combination of fields can be separated by , which means OR.
245
11. Sender Including: Fill in senders e-mail address that needs to be filtered. You may check
domain accounts to make all accounts in the host filtered.
12. Receiver Including: Fill in receivers email address that needs to be filtered. You may check
domain accounts to make all accounts in the host filtered.
13. Source IP from: On the basis of doubtful e-mail host, fill in its IP address to allow all email
to match the filter condition. IPv4 and IPv6 are both supported.
For instance, [192.168.1] means IP address range from 192.168.1.0 to 192.168.1.25. [
192.168.2] means IP addresses are not included in range 192.168.2.0 to 192.168.2.255.
Mail Header Including: Fill in the mail header that needs to be filtered
Mail Subject Including: Fill in the subject that needs to be filtered
Eg. Quotation All mail subjects with quotation will match the filter condition.
Mail Content Including: Fill in the content that needs to be filtered. Mail content with set
texts will match the filter condition. However, only mail content will be filtered but
attachments. Attachments will be filtered according to its size and file name.
246
14. Spam Score: You may choose to increase/decrease spam score or ignore spam.
1. Increase/Decrease Spam Score: Bayesian database in mail server scores mail content. The
higher the score is, the higher possibility spam mail is. Besides, Bayesian database has
auto-learning mechanism that can be adjusted to suit different needs. Enterprises can set
up scoring to appointed text or subject.
2. Ignore Spam: You can enter certain accounts in Recipient that mail server will not apply
spam and virus filtering.
For instance, enter [sales@yourdomain.com] and choose ignore spam. Mail sent to the account
will all be received to the mailbox.
Abnormal Mail: There are four methods of processing abnormal mail, including send to
quarantine, delete, block senders IP address, and exception sender or IP address (Log but not
Block).
247
Select Mail Security > Mail Audit > Audit Advanced Setting. (Figure 7-4.11)
248
Select Mail Security > Mail Audit > Audit Quarantined. (Figure 7-4.12)
249
250
251
252
(Figure 7-5.8)
Incoming mail.
253
254
2.
(Figure 7-5.9)
256
(Figure 7-5.10)
257
which in Mail Record Search, you will see result here. (Figure 7-5.10)
258
259
260
261
Mail Security > SMTP Log > SMTP Log Search (Figure 7-6.6)
Mail Security > SMTP Log > SMTP Log Search (Figure 7-6.7)
262
15
On.
Off.
2.
LogClick on Log figure button.
1.
2.
Off
on
. In addition, click rectangular form if you want to see list class name.
( Figure 8-1. 2)
16
17
265
266
. (Figure 8-2.1)
After click on
, you will see logs search result as example below. (Figure 8-2.2)
267
268
IDP has signature to detect BotNet and points out problems within mail server, internal server, or
package from external IP. In the meanwhile, administrators thought appliances were infected and was
ready to delete virus and reboot the system; however, problems cannot be solved. Traditional network
security appliances were made under assumption that The internal network is safe. which now
becomes the chief defect.
Solution: ShareTech UTM integrated with BotNet together with in-built NAT; it can explicitly
point out the real attack running hidden and suspense malicious software spreading in the internal
network. (Figure 8-3.3)
269
270
Inline (Inline mode has to be used with policy ): Then, please also chose IDP & Botnet > Botnet
Setting > Botnet Filter Setting. (Figure 8-3.7) (Figure 8-3.8) (Figure 8-3.9)
271
Conclusion: The only way to find BotNet is to check deep layers packets; however, more checks
mean slower speed. To balance every appliance between speed and security has become an
important issue. ShareTech UTM BotNet operation mode (Sniffer and Inline) can filter pocket
with efficiency.
272
(Figure 8-4.2)
273
275
Users have to click on Modify the Server Setting link, to modify SSL VPN settings. In addition,
users must select Start because default setting is Stop. (Figure 9-1.1)
Note : System will cancel all certificates after modification (except service status). Please
Re-generate certificate and download again.
Service StatusSelect Start to on this function, on the other hand, Stop to off this function.
Note : It will take a few seconds to start, please be patient.
Local Interface
1.
2.
Default
Custom
3. WAN 1
4. WAN 2
Local PortDefault setting is 387.
Max concurrent connections(Range: 20~256).
Client IP RangeClient IP ranges need different with LAN, DMZ interface.
DNS Server 1The IP address of the DNS server used for the bulk of DNS lookups.
DNS Server 2The IP address of the backup DNS server, used when the Primary DNS Server is
unreachable
WINS Server 1Windows Internet Name Service (WINS) is Microsoft's implementation of
NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.
WINS Server 2All WINS clients should be configured to use a primary WINS server and a
different secondary WINS server. The secondary would normally be the hub server.
Certificate SettingsEnter your computer certificate information for SSL VPN users.
Do not forget to clink on
276
Please create an account in 4-9 Objects > Authentication > Local User. (Figure 9-1.2)
277
to create an new
Setting User Group with Local Users mode completed. In addition, click on
sub-content, Edit to modify contents, or Del to cancel list. (Figure 9-1.5)
to create a new
Figure 9-1. 5 Setting user group with Local Users mode completed
Then, go on SSL VPN > SSL VPN Setting > SSL Client List. Please click on
new certification SSL VPN Group. (Figure 9-1.6) (Figure 9-1.7)
278
to create a
Figure 9-1. 7 Setting SSL VPN Client with Authentication Local Users completed
279
Enter https://111.252.70.234:443/sslvpn.php in your browser, and then enter your user account and
user password. (Figure 9-1.10)
280
sslvpn_gui_V1.2_ting.zip
(Figure 9-1.12),
tap-win64.
Then, click on
281
Connection refused to record startSelect Start to on this function, on the other hand, select
Stop to off this function. In addition, you can click on
282
and
SSL VPN on internal control and external control through the SSL VPN connection points connected
to internal network, the Protocol, Service group port, QoS bandwidth and Schedule, Packet tracing,
and Traffic Analysis. Select SSL VPN > VPN Policy > VPN to Internal or Internal to VPN. Click
to create a new VPN policy. VPNs policy as follows, policies started from the priority1,
on
will be the implementation of eligible project. If you want to ban non-control information into the
internal network, will need to last a total of all the packets into the internal prohibited.
Policy NameEnter any word for recognition.
Source Address and DestinationSource Address (source network) and Destination Address (the
destination network) are for the observation points, connect one end of the active source
network address, be connected to one end of the network address for the purpose of, apart from
the policy choices, users can also directly enter the IP address and MAC address.
1. Source IP addressVPN_Any will representative of the external section of all VPN tunnels,
either with IPSec , PPTP set up Site to Site or the establishment of a single PPTP Server,
dial-up account, are in line with the conditions. The default IP address of the PPTP server
2.
communication services and even time. The default access control rule is when the VPN is
established, both materials are free to communicate with each other to exchange, unless
prohibited it from incoming VPN controls.
ActionIt offers two movements.
1. ACCEPT means any meet the Policy of the packet will be released.
2. Drop means discarded.
ProtocolThe protocol used for communication between two devices. TCP and UDP are the two
most frequently seen protocols among others.
283
284
17.
285
286
SSL VPN > SSL VPN Setting > SSL Client List
287
288
289
290
26.
291
28.
Other Information
Using a SSL VPN to connect your smartphone to your home or work network can expand
the usability of your phone and help you to be productive no matter where you are.
29. What is your internal IP?
292
Route Information
31. Setting
293
294
295
Then, click blue IP Address link to see what they had ever browsed. (Figure 10-1.2)
This function is easy for company to understand what website their employees ever browsed. (Figure
10-1.3)
296
After click on
, user will see a view as below. You can click blue IP Address link to see
what they had ever browsed. (Figure 10-1.4) (Figure 10-1.5)
297
If you want to record employees webmail, you have to select Network Services > WEB Services.
Then, select what kinds of Mailbox Lists you want to record on the below of screen. (Figure 10-1.6)
(Figure 10-1.7)
All
Yahoo
Mail163
Pchome
38. Hinet
39. Sohu
40. QQ
41. Mail21cn
Computer Name / IP AddressSelect computer name or IP address.
After click on Search button, you will see a view as below. You can click blue IP Address link to
see what mails they have in their webmail. (Figure 10-1.8)
298
299
300
(Figure 10-2.4
301
302
DownloadClick on
DownloadClick on
303
We can know which account used MSN, and to see what they talked about today.
StateIt shows the account status.
1.
off-line
2.
on-line
We can use this function to search which account had used MSN, and to see what they talked about.
(Figure 10-3.1)
304
ContentYou can click on Content button to know what they had talked each other. (Figure
10-3.3)
305
306
This function is convenient for company to get internal employees MSN account contact. (Figure
10-3.6)
Finally, click on Search button to see MSN account contract result. (Figure 10-3.7)
307
10-4 IM Record
This section is for UR-500A, UR-730, UR-730A, UR-735, UR-750, and UR-750A.
It shows records of IM18such as YAHOO, ICQ, IRC, Gadu, and Jabber except MSN Messenger. In
this section you can enable the following lists
(Figure 10-4.1)
YAHOO Recorder
ICQ Recorder
IRC Recorder
Gadu Recorder
5. Jabber Recorder
Computer NameSelect which computer name had used IM.
IP AddressSelect which internal IP addresses use IM.
18
IM = Instant Messenger
308
After you click on Search button which in IM Search, you will see IM record result here. (Figure 10-4.2)
Start Time and Chat TimeIt shows how long did the account spend.
Computer Name / IP AddressIt shows the computer name or IP address which had used IM.
IM TypeIt shows what kinds of IM type user used.
AccountIt shows that account belongs to IP Address.
ContentYou can click on Content button to know what they had talked each other. (Figure 10-4.3)
309
10-5 QQ Record
This section is for UR-730, UR-730A, UR-735, UR-735A, UR-750, UR-750A, AW-590, UR-955,
and UR-959.
Please read 5-7 QQ services, Network Services > QQ Services, set up settings and add into policy.
310
311
312
313
314
315
(Figure 10-7.7)
Incoming mail.
2.
3.
317
Functions are similar to 7-5 Mail Log. Select tick box to click one of three buttons. Click on
to download mails, or click on
receiver again. (Figure 10-7.8)
318
to send mail to
Then, set your WEB Anti-Virus settings on Network Services > WEB Services. (Figure 10-8.2)
319
(Figure 10-8.5)
320
Then, set your FTP Services on Network Services > FTP Services > FTP. (Figure 10-9.2)
321
(Figure 10-9.5)
322
Chapter 11VPN
Chapter 11VPN
To obtain a private and secure network link, the UR is capable of establishing VPN connections. When
used in combination with remote client authentication, it links the business remote sites and users,
conveniently providing the enterprise with an encrypted network communication method. By allowing
the enterprise to utilize the Internet as a means of transferring data across the network, it forms one of
the most effective and secures options for enterprises to adopt in comparison to other methods. In the
VPN chapter you can enable the following lists
VPN connections use either Point-to-Point Tunneling Protocol (PPTP) or Layer Two
Tunneling Protocol/Internet Protocol security (L2TP/IPSec) over an intermediate network,
such as the Internet. By using the Internet as a connection medium, VPN saves the cost of
long-distance phone service and hardware costs associated with using dial-up or leased line
connections. A VPN solution includes advanced security technologies such as data encryption,
authentication, authorization, and Network Access Quarantine Control.
11-1 IPSec Tunnel
11-2 PPTP Server
11-3 PPTP Client
11-4 VPN Policy
323
Chapter 11VPN
Remote SubnetThis is only available for net-to-net connections and specifies the remote subnet
in CIDR notation.
19
20
IPSec = IP Security
IKE = Internet Key Exchange
324
Chapter 11VPN
Connection TypeThere are two types.
1. Main
2. Aggressive
Preshare KeyEnter a pass phrase to be used to authenticate the other side of the tunnel.
ISAKMP21It provides the way to create the SA22 between two PCs. The SA can access the
encoding between two PCs, and the IT administrator can assign of which key size or Preshare
Key and algorithm to use. The SA comes in many connection ways.
1. AES23All using a 128-bit, 192-bit and 256-bit key. AES is a commonly seen and adopted
nowadays.
2. 3DES24Triple DES is a block cipher formed from the DES25 cipher by using it three times.
It can achieve an algorithm up to 168 bits.
3. SHA1The SHA1 is a revision of SHA26. It has improved the shortcomings of SHA. By
producing summary hash values, it can achieve an algorithm up to 160 bits.
4. MD527 AlgorithmMD5 processes a variable-length message into a fixedlength output of
128 bits.
5. DH GroupWhen the encryption technique is aes, it can be choice2, 5, 14, 15, 16, 17, 18, but
the encryption technique is 3des, only can choice 2, 5.
6. Auto Pairing
Local IDAn ID for the local host of the connection
Remote IDAn ID for the remote host of this connection
IKE SA LifetimeYou can specify how long IKE packets are valid.
IPSecIt offers aes, 3des, sha1, and md5.
1. AESAll using a 128-bit, 192-bit and 256-bit key. AES is a commonly seen and adopted
nowadays.
2. 3DESTriple DES is a block cipher formed from the DES cipher by using it three times. It
can achieve an algorithm up to 168 bits.
3. SHA1The SHA1 is a revision of SHA. It has improved the shortcomings of SHA. By
producing summary hash values, it can achieve an algorithm up to 160 bits.
4. MD5 AlgorithmMD5 processes a variable-length message into a fixedlength output of
128 bits.
21
22
23
24
25
26
27
Chapter 11VPN
5. Auto Pairing
Perfect Forward Secrecy(PFS)28Set Yes to start the function. DH Group, when the encryption
technique is aes, it can be choice2, 5, 14, 15, 16, 17, 18, but the encryption technique is 3des,
only can choice 2, 5.
IPSec SA LifetimeSet to 1~3 hours. Default setting is 3 hours.
Dead Peer DetectionWhen startin DPD function, when VPN detects opposite party reaction
time, hold stand for the system will retain IPSec SA, "Clear" stand for the tunnel will clean away
and waits for the new sessions, "Restart" will delete the IPSec SA and reset VPN tunnel.
Drop SMB ProtocolAfter the closure Network Neighborhood will be prevented.
There is an example of utilizes two UR devices. Assume that A Company 192.168.168.51
wants to create a VPN connection with B Company 192.168.99.21 in order to access files.
(Figure 11-1.1) (Figure 11-1.2)
For A companySelect VPN > IPSec Tunnel > Add VPN Tunnel. Its WAN IP is
211.20.227.193, and LAN subnet is 192.168.168.0/24. Default gateway for the A company
LAN IP 192.168.168.1.
Step 1. VPN Tunnel NameEnter "VPN_B" in the field.
Step 2. InterfaceSelect "WAN 1."(Suggest using static IP)
28
Chapter 11VPN
Step 3.
Step 4.
Step 5.
Step 6.
Step 7.
Step 8.
Step 9.
255.255.255.0 (/24)"
255.255.255.0 (/24)"
327
Chapter 11VPN
Setting IPSec Tunnel completed, and please notices the status. (Figure 11-1.3)
Chapter 11VPN
b.
4.
5.
329
Chapter 11VPN
Starting PPTP Server, Enable the far-end user to be possible to dial using PPTP meets the software with
UTM PPTP the server establishment encryption VPN connect. Select VPN > PPTP Server > PPTP
Server. (Figure 11-2.1)
EnabledSelect Enabled tick box to start VPN-PPTP function, but otherwise, it is disable if not
select.
Enable Compression & EncryptionSelect Enabled tick box to start compression and encryption,
but otherwise, it is disable if not select.
PPTP User Pass Through InternetSelect tick box to enable user who pass through Internet by
VPN-PPTP, but otherwise, it means that PPTP Server is disable.
Client IP Address RangeThe range of IP address for clients using PPTP connection
The first DNS ServerThe IP address of the DNS server used for the bulk of DNS lookups.
The second DNS ServerThe IP address of the backup DNS server, used when the Primary DNS
Server is unreachable
The first WINS ServerWhen the PPTP clients enter the PPTP Server, assigns for the far-end
client WINS Server address.
The second WINS ServerWhen the PPTP clients enter the PPTP Server, assigns for the far-end
client WINS Server address.
Click on
330
Chapter 11VPN
Select VPN > PPTP Server > Add Account. (Figure 11-2.2)
EnabledSelect Enabled to start this account.
AccountEnter an account.
PasswordEnter a password.
Client IP Address AssignIt offers three ways.
1. Use Allocation IP AddressThe UTM will distribute IP address to the VPN-PPTP users
automatically.
2. User Enter IP AddressThe VPN-PPTP users should use the IP address what you enter.
3. Enter IP Address and RangeThe VPN-PPTP users should use range of the IP address what
you enter.
331
Chapter 11VPN
How do users create VPN connection in their computer?
Step 1Create new connection(Figure 11-2.3)
332
Chapter 11VPN
Step 3Enter WAN IP address (Figure 11-2.5)
333
Chapter 11VPN
Step 5Users can check their status in their computer (Figure 11-2.7)
Step 6In addition, user can enter "ipconfig" in cmd (Figure 11-2.8)
Select VPN > PPTP Server > PPTP Account List. It means setting PPTP account completed.
(Figure 11-2.9)
It is connecting.
334
Chapter 11VPN
2.
Disconnected
to modify contents
2.
to delete PPTP account
LogClick on
, it shows the PPTP account connection logs.
335
Chapter 11VPN
Select VPN > PPTP Client > Add PPTP Client. (Figure 11-3.1)
NameThe description for PPTP Client
AccountIt displays the name of clients using PPTP to log in to PPTP server.
ServerEnter a server IP address.
Remote MaskThe Mask of PPTP Server
EnabledSelect it to start PPTP Client account.
PasswordIt displays the password of clients using PPTP to log in to PPTP server.
Remote SubnetPPTP Client enters the IP address of PPTP Server.
Select VPN > PPTP Client > PPTP Client List. It means setting PPTP Client completed. (Figure
11-3.2)
336
Chapter 11VPN
and
The control of the VPN in the past, most were carried out from the policies or is unable to monitor, but
ShareTech UTM for the VPN is direct control from the VPN.VPN on internal control and external
control through the VPN connection points connected to internal network, the Protocol, Service port,
QoS bandwidth and Schedule, Packet tracing, and Traffic Analysis. Select VPN > VPN Policy >
to create a new VPN policy. VPNs policy as
VPN to Internal or Internal to VPN. Click on
follows, policies started from the priority1, will be the implementation of eligible project. If you want
to ban non-control information into the internal network, will need to last a total of all the packets into
the internal prohibited.
Policy NameEnter any word for recognition.
Source and DestinationSource Address (source network) and Destination Address (the
destination network) are for the observation points, connect one end of the active source network
address, be connected to one end of the network address for the purpose of, apart from the policy
choices, users can also directly enter the IP address and MAC address.
1. Source IP addressVPN_Any will representative of the external section of all VPN tunnels,
either with IPSec , PPTP set up Site to Site or the establishment of a single PPTP Server,
dial-up account, are in line with the conditions. The default IP address of the PPTP server
will also be included in the default source IP address.
2. The destination IP AddressInside_Any will representative of the external section of all VPN
tunnels, either with IPSec, PPTP set up Site to Site or the establishment of a single PPTP
Server, dial-up account, are in line with the conditions. The demand for network
administrators can allow or deny specific VPN access other end of the incoming IP address,
337
Chapter 11VPN
communication services and even time. The default access control rule is when the VPN is
established, both materials are free to communicate with each other to exchange, unless
prohibited it from incoming VPN controls.
ActionIt offers two movements.
1. ACCEPT means any meet the Policy of the packet will be released.
2. Drop means discarded.
ProtocolThe protocol used for communication between two devices. TCP and UDP are the two
most frequently seen protocols among others.
Service group Port or GroupWith service groups, the administrator in setting policy can
simplify many processes.
For example, there are ten different IP addresses on the server can
access five different services, such as HTTPFTPSMTPPOP3 and TELNET. If you do not use
the service group functions , need to develop a total of 10x5=50 policies, but use the service
group name applied to the service option on , you only need a policy can achieve the function of
50.
QoSSelect Objects > QoS. Then, the VPN policy set the maxi bandwidth and rate bandwidth
(Bandwidth is consistent with the policy of the user to share).
ScheduleSelect Objects > Schedule. Then, set your schedule time.
Packet tracingSelect Packet tracing tick box to start function, all records of a VPN tunnel
through which packets can view it.
Traffic AnalysisSelect Traffic Analysis tick box to start function.
338
Chapter 12Tools
Chapter 12Tools
In the Tools chapter you can enable the following lists
12-1 Connection Test
12-2 Packet Capture
339
Chapter 12Tools
It is an ICMP protocol. Most of people usually use ping to diagnostic Internet between self and other
people when Internet disconnected. Select Tools > Connection Test > Ping. Enter some information
. Then, you will see Ping Result. (Figure 12-1.1)
in the field, and click on
Target IP or DomainEnter the Target IP or Domain name in the field.
Package SizeIt configures the size of each packet. Default setting is 32 Bytes.
TimesIt configures the quantity of packets to send out. Default setting is 4.
Wait TimeIt specifies the duration to wait between successive pings. Default setting is 1 second.
Using Interface & IPSelect an interface. There are LAN, DMZ, WAN1, and WAN2.
Traceroute command can be used by the UTM to send out packets to a specific address to diagnose the
quality of the traversed network. Select Tools > Connection Test > Trace Route. Enter some
information in the field, and click on
. Then, you will see Traceroute Result. (Figure 12-1.2)
Target IP or DomainEnter the destination address for the packets.
Package SizeConfigure the size of each packet. Default setting is 40 Bytes.
340
Chapter 12Tools
Max. Next HopEnter the maximum number of hops. Default setting is 30 Nodes.
Wait TimeSpecify the duration to wait between successive pings. Default setting is 2 seconds.
Tracing MethodsThere are ICMP, UDP, and TCP.
Source InterfaceSelect the interface that the packets will originate from. There are LAN, DMZ,
WAN1, and WAN2.
Inquires the DNS detailed material, at present may inquire the datas of ANY, SOA, NS, A Record, MX,
CNAME, PTR, may user specific DNS server achievement inquires the basis. Select Tools >
Connection Test > DNS Query. Enter some information in the field, and click on
. Then,
you will see DNS Query Result. (Figure 12-1.3)
Using DNS ServerEnter a DNS server IP address or domain name in the field. (Max. 50
Characters)
Domain or IP to QueryEnter an IP address or domain name in the field. (Max. 50 Characters)
Query TypeSelect the interface from the list. There are ANY, SOA, NS Record, A Record, MX
Record, CHAME, and PTR.
341
Chapter 12Tools
To inquire the Port Scan detailed material , which at present can inquire the server to open to serve the
port, contains FTP, SSH, TELNET, SMTP, DNS, HTTP, POP3, SAMBA, IMAP, SNMP, PROXY,
MySQL, SMTPS, IMAPSetc. Select Tools > Connection Test > Port Scan. Enter domain or IP
address in the field, and click on
. Then, you will see Port Scan Result. (Figure 12-1.4) (Figure
342
Chapter 12Tools
343
Chapter 12Tools
IP Route shows router status in order to know router information; it also shows multiple subnet status.
(Figure 12-1.7)
It shows the present interface information within your UTM. (Figure 12-1.8) (Figure 12-1.9) (Figure 12-1.10)
(Figure 12-1.11)
344
Chapter 12Tools
Select Tools > Connection Test > Wake Up and please click on
Wake 192.168.1.117 up
345
Chapter 12Tools
Ping your IPv6 in order to check whether LAN/WAN/DMZ Alive Detection. (Figure 12-1.14)
Select Tools > Connection Test > IPv6, and enter your IPv6
42. Target IP: Enter IPv6 IP
This feature helps administrator check issue of Advanced Protection > Switch > Switch Setup
(Figure 12-1.15) and Advanced Protection > Switch > Switch Status (Figure 12-1.16)
346
Chapter 12Tools
For instance, select Tools > Connection Test > SNMP, and enter your switch IP, Read
permissions, and OID. It shows switch SNMP result. (Figure 12-1.17)
347
Chapter 12Tools
host 192.168.1.155
net 192.168.1.0/24
port 23
Listen port 23
348
Chapter 12Tools
Transfer Direction src, dst, src or dst, dst and src
C-like
Type
Description and Example
src 210.27.48.2
source
distance
&&
Logical AND
ip.src==192.168.1.111and tcp.glags.fin
not
Logical NOT
not llc
or
||
Logical OR
ip.src==192.168.1.111 or ip.src192.168.1.1
349
Chapter 12Tools
Ping is ICMP protocol. (Figure 12-2.2) (Figure 12-2.3)
Select Tool > Packet Capture > Completed List. (Figure 12-2.4)
Click
350
Chapter 12Tools
Please install Wireshark software (http://www.wireshark.org/), and open pcap file by Wireshark.
As you see the following figure, we may know 192.168.1.111 have been transfer ICMP packets to
192.168.1.161. They have had communication each other. (Figure 12-2.6)
What is Wireshark?
Wireshark is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.
Reference: Wireshark User's Guide (http://www.wireshark.org/docs/wsug_html_chunked/)
Here are some things Wireshark does not provide:
1. Wireshark isn't an intrusion detection system. It will not warn you when someone does
strange things on your network that he/she isn't allowed to do. However, if strange things
happen, Wireshark might help you figure out what is really going on.
2. Wireshark will not manipulate things on the network, it will only "measure" things from it.
Wireshark doesn't send packets on the network or do other active things (except for name
resolutions, but even that can be disabled).
351
Chapter 12Tools
There is another example to show how wireshark is used. Select Capture > Options(Figure
12-2.7)
352
Chapter 12Tools
Select FileZilla FTP server after you start collect packets by wireshark. (Figure 12-2.9)
Select "Stop the running live capture" after Disconnected FTP server(Figure 12-2.10)
353
Chapter 12Tools
Because of Wireshark collect wide range packets, and we just need FTP detailed packets
information. We have used FTP so that filter type is "FTP Protocol." Select Expression >
FTP(Figure 12-2.11)
354
Chapter 13Logs
Chapter 13Logs
In the Logs chapter you can enable the following lists:
13-1 System Operation
355
Chapter 13Logs
Select Logs > System Operation > Logs. It shows configurations which has been modified with
illustration, describe what kinds of action has been modified, describe which IP address has ever done
function path. (Figure13-1.1)
TimeIt shows event time.
AccountWhich account name has ever done event.
IP AddressIt shows IP address with Account.
Function PathTo record the superintendent events that management.
ActionThe superintendent carries out movementinclude login, add, edit, delete, search, refresh,
and so on.
DescriptionTo describe the event.
356
Chapter 13Logs
Select Logs > System Operation > Logs Search. (Figure13-1.2)
AccountAvailable account which administrator you had made before.
Computer NameAll of available computers which are ever through the UTM
IP AddressInternal IP addresses.
Login SettingRecording users login system logs.
ConfigurationIt lists out the working connections for the Data & Time, Administration, System,
and Language logs.
NetworkIt lists out the working connections for the Interface and Routing logs.
PolicyIt lists out the working connections for the LAN Policy, DMZ Policy, and WAN Policy
logs.
ObjectsIt lists out the working connections for the Address, Services, QoS, Schedule,
Application Software, URL, and Virtual Server logs.
Network ServicesIt lists out the working connections for the DHCP, DDNS, DNS, WEB/FTP,
MSN, Anti-Virus logs.
Mail ServiceIt lists out the working connections for the Filter & Log, Anti-virus, Anti-Spam,
and Mail logs.
Content RecorderIt lists out the working connections for the WEB, FTP, MSN, IM, and Mail
contents.
VPNIt lists out the working connections for the VPN Tunnel, PPTP Server, and PPTP Client
logs.
357
Chapter 13Logs
After click on
358
Chapter 14Status
Chapter 14Status
This function provides current information about the device and the network including addresses for
LAN / WAN, subnet masks, default gateways, DNS, etc. as well as current network connection status
and various other information. In the Status chapter you can enable the following lists
14-1 Performance
14-2 Connection Status
14-3 Flow Awalysis
359
Chapter 14Status
14-1 Performance
There are three parts, System Status, Interface Flow, and History Status. Performance section shows
the utilization of CPU Usage, Memory Usage, System Usage, Each interface's on downloads the
current capacity also to be possible to inquire the above information historical current capacity.
Generally speaking, system status shows graphs of resource usage. It shows last 12 hours machine
status. Select Status > Performance > System Status. There are three graphs, CPU Usage,
Memory Usage, and System Usage. In addition, select System Usage tick box, and click on
will get graphs of System Usage.
CPU UsageThe CPU utilization of the device(Figure 14-1.1)
Memory UsageThe Memory utilization of the device(Figure 14-1.1)
System UsageThe System utilization of the device(Figure 14-1.2)
360
. You
Chapter 14Status
Select Status > Performance> Interface Flow. It shows graphs of incoming and outing traffic
through that interface.
LANThe LAN Utilization of the device(Figure14-1.3)
WAN 1The WAN 1 Utilization of the device(Figure14-1.3)
WAN 2The WAN 2 Utilization of the device (Figure 14-1.4)
DMZThe DMZ Utilization of the device (Figure 14-1.4)
361
Chapter 14Status
Select Status > Performance > History Status. Set information, and click on
. Then, you
will see Search Result. It shows the history system condition. (Figure 14-1.5)
Search Object(s)There are CPU, System Load, RAM, LAN, DMZ, WAN 1, and WAN 2.
DateSelect date ranges.
362
Chapter 14Status
Select Status > Connection Status> Computer List. It shows the current connection status
information. (Figure 14-2.1)
OSUser has to select Client OS Detection, and click on
. It shows different OS system
what those computers used.
Computer NameThe computers network identification name.
IP AddressThe computers IP address
MAC AddressThe computers network adapter identification number
InterfaceYou could know where the connecter is from, LAN or BRI.
Status
1. On-line
2. Off-line
Last Update TimeWhen did users login
(year / month / day / hour / minute / seconds)
You can click on
to get the current connection status information.
363
Chapter 14Status
According to the network packet analysis and tracing. It analyzes each of users behavior on the
Internet. This function originates the end name to take the classification, demonstrated that record of
the present all user, contains the IP address, Session, Up speed bits, Down speed bits, and Log. Select
Status > Connection Status> Connect Track. It shows the upload and download flow status of the
computer all users at present. (Figure 14-2.2)
Computer NameThe computers network identification name.
IP AddressIt shows the computer IP Address.
SessionIt shows the current number of sessions connected to the computer.
Up Speed bitsIt shows the upstream bandwidth for the computer. Eight bits is a unit of a
bytes/Second. 1024 bytes = 1 KB.
Down Speed bitsIt shows the downstream bandwidth for the computer. Eight bits is a unit of a
bytes/Second. 1024 bytes = 1 KB.
Click on
, it shows more detail information. (Figure 14-2.3)
Destination IP searchType the specific IP address you want to search.
PortIt shows the packets go through source port to destination port.
Up PacketsIt shows the upload flows at present.
Down PacketsIt shows the download flows at present.
UP bpsThe accumulation of upload flow. Eight bits is a unit of a bytes/Second. 1024 bytes = 1
KB.
Down bpsThe accumulation of download flow. Eight bits is a unit of a bytes/Second. 1024
bytes = 1 KB.
364
Chapter 14Status
365
Chapter 14Status
Select Status > Flow Analysis > Top N Flow. (Figure 14-3.1)
Flow DirectionThere are two selections. Default setting is OutBound.
1. OutBound
2. InBound
Top N FlowSelect how many lists would be shown. Default setting is 10.
Computer NameThe computers network identification name
IP AddressIt shows the computer IP Address.
MAC AddressThe computers network adapter identification number
Up Flow (Kbytes)The accumulation of up flow.
1 bytes = 8 bits kilobytes. 1 kilobytes = 1024 bytes.
Down Flow (Kbytes)The accumulation of down flow.
1 bytes = 8 bits kilobytes. 1 kilobytes = 1024 bytes.
366
Chapter 14Status
If you want to know which service port is the IP address connecting to, select the rectangular
form. You will see a figure as below. (Figure 14-3.2)
Click on
367
Chapter 14Status
Select Status > Flow Analysis > Top N Port Flow. (Figure 14-3.4)
Flow DirectionThere are two selections. Default setting is OutBound.
1. OutBound
2. InBound
Top N FlowSelect how many lists would be shown. Default setting is 10.
Click on
, you will see result below.
Destination PortIt shows what specific port is IP used.
Up Flow (Kbytes)The accumulation of up flow.
1 bytes = 8 bits kilobytes. 1 kilobytes = 1024 bytes.
Down Flow (Kbytes)The accumulation of down flow.
1 bytes = 8 bits kilobytes. 1 kilobytes = 1024 bytes.
Select Status > Flow Analysis > Top N Search. (Figure 14-3.5)
DateSelect date range.
Flow DirectionThere are two selections. Default setting is OutBound.
1. OutBound
2. InBound
ConnectionSelect the computer IP Address.
Top Flow SearchSelect how many lists would be shown. Default setting is 10.
Click on
368
Chapter 14Status
If you want to know which service is the IP address connects to, select the rectangular from. You
will see a figure as below.
369