1 The Services Menu. 2 DHCP The DHCP (Dynamic Host Configuration Protocol) feature provides a fully- compliant DHCP server capable of serving any internal.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
SYSTEM ADMINISTRATION Chapter 19
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Firewall Configuration Strategies
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Domain Name Server © N. Ganesan, Ph.D.. Reference.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
Networking Components Chad Benedict – LTEC
1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Advanced Networking for DVRs
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
DWR-113 FAQ’s 3G WiFi Router.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.
Name Resolution Domain Name System.
Classroom User Training June 29, 2005 Presented by:
Computer Networking Part 1 CS 1 Rick Graziani Cabrillo College Fall 2005.
Home Networking. Objectives Understand the basics Network Addressing Learn the basic hardware needed to form a home network Learn basic Firewall functionality.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Copyright 2000 eMation SECURITY - Controlling Data Access with
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
XTM Networking Tips and Tricks Carlo Alvarez Technical Trainer - APAC.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice SISP Training Documentation Template.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
1 The System Menu. 2 The System menu Dashboard Page displayed upon every login. It encompasses several boxes organised in two columns that provide a complete.
Firewall Security.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Security fundamentals Topic 10 Securing the network perimeter.
Information Security 493. Lab # 4 (Routing table & firewalls) Routing tables is an electronic table (file) or database type object that is stored in a.
NETGEAR CONFIDENTIAL FVS338 ProSafe VPN Firewall 50.
1 The Network Menu. 2 Static Routing The Static Routing functionality within GD eSeries allows users to easily configure static routes to networks not.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.
© Execview Ltd 2015: all rights reserved Execview Scorecard Training/Reference Guide 2013 Key functions guide for Scorecard administrators.
Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.
NT1210 Introduction to Networking
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Configuring DHCP Relay Configuration Example
CONNECTING TO THE INTERNET
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.
Introduction to Networking
IIS.
Access Control Lists CCNA 2 v3 – Module 11
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Aleph Beginning Circulation
AbbottLink™ - IP Address Overview
Firewall Installation
Presentation transcript:

1 The Services Menu

2 DHCP The DHCP (Dynamic Host Configuration Protocol) feature provides a fully- compliant DHCP server capable of serving any internal network including Green (LAN), Orange (DMZ), and Blue (WIFI), each with their own scope. It also provides the ability to provision fixed leases, allowing the assignment of a static IP address to any given MAC address. This can be useful when configuring a static IP on the client device itself is not desired or possible.

3 The Services Menu DHCP Interface

4 The Services Menu DHCP Fixed Lease Interface Mac Address: The client´s Mac Address IP Address: The IP address that will always be assigned to this client Description: Optional description Next Address: The address of the TFTP Server (Only for thin clients/network boot) Filename: The boot file name (Only for thin clients/network boot) Root Path: The path of the boot image file (Only for thin clients/network boot)

5 The Services Menu DNS Proxy Diagram

6 The Services Menu DNS Overview The GD eSeries appliance does not offer any standalone DNS server capability but can provide some basic DNS services to internal clients. Externally the GD eSeries can be setup as a standard static IP host with a static DNS name or, alternatively, as a Dynamic DNS (DDNS) client to provide name resolution on dynamic public IP addresses. The GD eSeries DNS system is composed of two parts: (1) the local DNS host file which provides hostname-to-IP mapping for the appliance and (2) the DNS proxy which can transparently intercept and provide additional resolution capabilities based on the local DNS settings. By using these, one can create local host resolution (i.e. A records) for any internal clients who use the GD eSeries.

7 The Services Menu DNS Proxy

8 The Services Menu DNS Routing

9 The Services Menu Why using DNS on GD eSeries By far the most popular use of simple DNS on the GD eSeries is to provide location resolution for “split DNS” capabilities to internal clients. This might be a situation where you have a DMZ with servers who use public IP addresses (which works fine externally), but you also wish to provide local resolution to internal clients using DNS hostnames. With GD eSeries you can create local (only) DNS resolutions for your servers to use for internal workstations while still maintaining your existing external DNS setup. This has the added security benefit of not creating messy NAT rules and keeping all internal traffic inside the firewall (no external traffic).

10 The Services Menu Split DNS Example

11 The Services Menu DNS Example

12 The Services Menu DNS Anti-spyware feature Did you know that not only does the DNS proxy help to improve internal DNS resolution with caching but also can enhance the network security provided through the DNS resolution by enabling the Anti-Spyware feature. This feature will automatically check every internal DNS request against a known list of malware domains and block access by not resolving the request.

13 The Services Menu DNS Anti-Spyware

14 The Services Menu NTP G D eSeries can be setup to synchronize with NTP servers to provide accurate network time. There is an option to specify custom NTP servers instead of the default ones used by GateDefender (x.pool.ntp.org). Also, GD eSeries will automatically serve any internal network as an NTP server, so you can point your internal clients to the GD eSeries to provide universal network time.

15 The Services Menu Intrusion Prevention System (IPS) The GD eSeries appliance provides a full featured Intrusion Prevention System (IPS) to monitor, prevent and control network-based threats. The major advantage of the IPS is that it can perform deep packet inspection to more accurately and consistently identify and block network traffic what other applications cannot. The Intrusion Prevention System is built on Snort. The GD eSeries platform has seamlessly integrated all of the power and functionality of Snort and made it easy to configure and manage regardless of network size and complexity. It operates transparently and in combination with all of the additional security functionality like firewall and the application proxies (web, , etc.).

16 The Services Menu Enabling IPS IPS is not active by default, so a grey switch next to the “Enable Intrusion Prevention System” label appears on the page, which can be clicked on to start the service. A message appears, informing that the service is being restarted and after a short interval, the box will contain configuration options. Automatically fetch SNORT Rules: Ticking this box will let the GateDefender automatically download the IPS rules. Choose update schedule: The frequency of download of the rules: A drop-down menu allows to choose one of the hourly, daily, weekly, or monthly options. This option appears only if the previous option has been activated. Custom SNORT Rules: A file containing custom Snort IPS rules that should be uploaded. Pick a file from the file selection window that opens upon clicking the “Browse“ button, and upload it by clicking on the “Upload custom rules” button.

17 The Services Menu IPS Configuration

18 The Services Menu IPS Editor At the top of the Editor page the rulesets that can be edited are shown. To choose more than one at a time, hold the CTRL key and click on the desired rulesets. After selecting and clicking on the Edit button, the list of the rules included in the selected ruleset(s) is shown. The list can be narrowed down by entering some terms in the text box next to the Search label. Like in the Rules page, the policy of every entry can be changed.

19 The Services Menu IPS and Firewall Configuration Turning on the IPS only implies that snort is running, but traffic is not yet necessarily filtered at that point. For IPS to filter packets, the “Allow with IPS” filter policy must be selected for the rules defined in the various Firewall configuration pages. It is also important to consider that while the IPS has its own web interface to manage logging/blocking of categories/individual rules and to set update frequencies, the actual implementation of the IPS is configured using the Firewall (specifically DNAT and Outgoing sections).

20 The Services Menu Quality Of Service (QoS) The GD eSeries appliance includes by default a full-featured Quality of Service (QoS) engine to provide adequate bandwidth management. Using this mechanism, administrators can define granular network policies to ensure the proper flow of network traffic and prevent any unnecessary network bottlenecks or bandwidth abuse. Similar to the IPS engine, the GD eSeries QoS System is tightly integrated with the firewall to provide a higher degree of user control over the appropriate network policies, as to properly manage network bandwidth in and out of the GD eSeries appliance.

21 The Services Menu When to use QoS? In general, QoS can provide some value under the following conditions: You have a small set of applications that are time-sensitive and cannot tolerate delays (e.g. VoIP, video). You have limited bandwidth capacity that cannot be upgraded or it is not cost effective to upgrade (dedicated circuits, satellite). Your network suffers from periods of moderate to heavy traffic loads, mostly due to non business-critical applications.

22 The Services Menu When NOT to use QoS? In general, QoS does not provide much value under the following conditions: You have a large number of applications that are time-sensitive and cannot tolerate delays. If the network is full of high priority traffic, then something has to be delayed in order for something else to get prioritized – QoS won’t work. You have cheap bandwidth capacity that can easily be upgraded. In almost all cases, adding bandwidth provides greater returns in terms of overall traffic quality (everything gets to it’s destination faster) and reduces the relative resource overhead required by QoS.

23 The Services Menu QoS Limitations: Destination QoS only works on traffic leaving YOUR device. Traffic through any HTTP, SMTP, POP3, or FTP proxy, cannot be filtered by source (only destination). This is due to how a proxy works which is a two-step process: A)The user makes a request that is sent to the proxy either transparently or non- transparently B) The proxy makes the request to the original destination on behalf of the user

24 The Services Menu QoS Architecture Devices: Network Zones (one or more physical interfaces) with defined upload/download bandwidth Classes: Definition of network priorities to be applied to various network traffic; each device has it’s own set of classes. Rules: Specific definition (using the firewall) of what type of traffic will be sent to any given class to assign network priority.

25 The Services Menu QoS Devices The Device tab is also the starting page for the QoS and it’s initially empty. Once populated, a table showing a list of all the Quality of Service devices appears, and for each device some parameters and the available actions are displayed. New QoS devices can be added by clicking on the “Create new item” link: Ta rget Device: The network interface that will be used by this devices. Choices are among the network interfaces or zones enabled on the system and can be selected from a drop-down menu. Downstream Bandwidth (kbit/s): The downstream speed of the interface. Upstream Bandwidth (kbit/s): The upstream speed of the interface. Enable: Enables the QoS (default) or not. The actions available on the devices are to edit, to enable/disable, or to remove a device and can be carried out by clicking on the corresponding icon.

26 The Services Menu QoS Classes This tab shows a list of all Quality of Service classes that have been created, if any. New items can be added by clicking on the “Create new item” link. Name: The name of the Quality of Service class. Device: The Quality of Service device for which the class was created. Reserved: The percentage of bandwidth that has been reserved for this class from the device’s overall available bandwith. Limit: The maximum percentage of bandwidth this class may use. Priority: The priority of the class.

27 The Services Menu QoS Rules The third tab displays a list of the already defined Quality of Service Rules and allows to specify which type of traffic should belong to each of the classes. To add a new Quality of Service rule click on the Add Quality of Service Rule link. Source: Choose the traffic source, either a Zone or interface, a network, an IP or MAC address. Depending on this choice, different values can be specified: A zone or interface from the available ones from those that will be displayed, or one or more IP addresses, networks, or MAC addresses. Destination Device/Traffic Class: Choose the device/class and then the destination IP addresses or networks. Service/Port, Protocol: The next two drop-down menus are used to define the service, protocol, and a destination port for the rule. There are some predefined combinations of Service/Protocol/Port available. TOS/DSCP: The type of TOS or DSCP value to match, if needed. Match Traffic: Choosing TOS or DSCP class in the previous drop-down menu allows to choose a suitable value for the traffic to match from another drop-down menu. Otherwise, the choice DSCP Value, allows entering a custom value that should match the rule. Comment: A comment to identify this rule. Enabled: Tick the checkbox to enable the rule.

28 The Services Menu QoS Rules If there is more than one service in a Quality of Service class, then all these services together will share the reserved bandwidth.