Administration Guide
Page 3
... Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access...
... Using the Help System 22 About the Default Settings 22 Basic Tasks 23 Changing the Default User Name and Password 23 Backing Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access...
Administration Guide
Page 6
... Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124 Configuring Content Filtering to Allow or Block Web Components 124 Configuring Approved URLs to Allow Access...
... Access, and Control Inbound Traffic 117 Configuring Attack Checks 118 Configuring MAC Filtering to Allow or Block Traffic 119 Configuring IP/MAC Binding 120 Port Triggering 121 Configuring a Port Triggering Rule to Direct Traffic to Specified Ports 122 Viewing the Port Triggering Status 122 Configuring Session Settings to Analyze Incoming Packets 123 Using Other Tools to Control Access to the Internet 124 Configuring Content Filtering to Allow or Block Web Components 124 Configuring Approved URLs to Allow Access...
Administration Guide
Page 7
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
... Port Forwarding SSL VPN Tunnel Client Configuration Viewing the SSL VPN Client Portal VeriSign™ Identity Protection configuration Configuring VeriSign Identity Protection Managing User Credentials for VeriSign Service Chapter 8: Administration Users Domains Groups Adding or Editing User Settings Adding or Editing User Login Policies Firmware and Configuration Upgrading Firmware and Working with Configuration Files Maintaining the USB Device Using the Secondary Firmware Diagnostics Measuring and Limiting Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging...
Administration Guide
Page 11
... web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for 5 seconds. • DIAG LED-(Orange) When lit, indicates the appliance is performing the power-on the rear panel. Yes (50) Includes 2 seats. Refer to 25 seats. With license, up to the following illustrations and descriptions. Cisco SA500 Series Security Appliances Administration Guide 11 Front Panel • RESET Button...
... web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for 5 seconds. • DIAG LED-(Orange) When lit, indicates the appliance is performing the power-on the rear panel. Yes (50) Includes 2 seats. Refer to 25 seats. With license, up to the following illustrations and descriptions. Cisco SA500 Series Security Appliances Administration Guide 11 Front Panel • RESET Button...
Administration Guide
Page 18
...-supported device, such as the UC500. If you change this setting in the LAN configuration, you are using the security appliance with the Configuration Utility 1 Connecting to the Configuration Utility STEP 1 Connect your computer to the Configuration Utility. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. The Getting Started (Basic) window...
...-supported device, such as the UC500. If you change this setting in the LAN configuration, you are using the security appliance with the Configuration Utility 1 Connecting to the Configuration Utility STEP 1 Connect your computer to the Configuration Utility. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. The Getting Started (Basic) window...
Administration Guide
Page 23
... can access the Configuration Utility by entering cisco for the username and cisco for the password. Basic Tasks We strongly recommend that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 STEP 3 Click the button in range. You can log on by using your security appliance. For more information about these settings, see Changing the Default User Name and Password, page 23. Changing the Default User...
... can access the Configuration Utility by entering cisco for the username and cisco for the password. Basic Tasks We strongly recommend that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 STEP 3 Click the button in range. You can log on by using your security appliance. For more information about these settings, see Changing the Default User Name and Password, page 23. Changing the Default User...
Administration Guide
Page 24
..., your configuration. Cisco SA500 Series Security Appliances Administration Guide 24 It can upgrade from 0 to a saved configuration. The default password for this account. • Check to Edit Password: Check this box to ensure that you should upgrade your settings. Later, if you make changes that the user can easily revert to 999. STEP 1 In the Upgrade Firmware section of the Getting Started (Basic) page, click the Install the updated firmware link. Getting...
..., your configuration. Cisco SA500 Series Security Appliances Administration Guide 24 It can upgrade from 0 to a saved configuration. The default password for this account. • Check to Edit Password: Check this box to ensure that you should upgrade your settings. Later, if you make changes that the user can easily revert to 999. STEP 1 In the Upgrade Firmware section of the Getting Started (Basic) page, click the Install the updated firmware link. Getting...
Administration Guide
Page 26
... Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance enables communication between the devices on the requirements of your ISP, as needed to set up your LAN configuration, you might not need to change any LAN devices. All devices have upgraded the firmware (see Upgrading the Firmware, page 24) and changed the default Administrator password (see Configuring...
... Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance enables communication between the devices on the requirements of your ISP, as needed to set up your LAN configuration, you might not need to change any LAN devices. All devices have upgraded the firmware (see Upgrading the Firmware, page 24) and changed the default Administrator password (see Configuring...
Administration Guide
Page 27
... use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices. If you want to allow access to your network from the Internet, or if you want to restrict some types of outbound traffic to provide backup connectivity or load balancing. If you are needed to -Site Networking and Remote Access, page 31. 7. Getting Started Common Configuration Scenarios 1 2. Review the LAN configuration...
... use your security appliance with your Cisco Smart Business Communications System (SBCS), install and configure your devices. If you want to allow access to your network from the Internet, or if you want to restrict some types of outbound traffic to provide backup connectivity or load balancing. If you are needed to -Site Networking and Remote Access, page 31. 7. Getting Started Common Configuration Scenarios 1 2. Review the LAN configuration...
Administration Guide
Page 43
... appliance are manually configuring the network settings of all of your PCs, disable DHCP and enter the appropriate settings. • Instead of using a DNS server, you can use the LAN Configuration page to change these and other devices on the WLAN or LAN network. However, you can use a Windows Internet Naming Service (WINS) server. Cisco SA500 Series Security Appliances Administration Guide 43 With DHCP enabled, the IP address of a DNS server but uses the NetBIOS...
... appliance are manually configuring the network settings of all of your PCs, disable DHCP and enter the appropriate settings. • Instead of using a DNS server, you can use the LAN Configuration page to change these and other devices on the WLAN or LAN network. However, you can use a Windows Internet Naming Service (WINS) server. Cisco SA500 Series Security Appliances Administration Guide 43 With DHCP enabled, the IP address of a DNS server but uses the NetBIOS...
Administration Guide
Page 46
... cannot access other VLANs, unless you enable inter VLAN routing. You can be treated like two separate networks. Cisco SA500 Series Security Appliances Administration Guide 46 The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to save your LAN connection, see Configuring the Optional Port as a LAN Port...
... cannot access other VLANs, unless you enable inter VLAN routing. You can be treated like two separate networks. Cisco SA500 Series Security Appliances Administration Guide 46 The LAN Status window opens. This page displays the following types of information: • MAC address of the LAN interface • IP address and subnet mask of the interface • DHCP server mode STEP 2 Click Apply to save your LAN connection, see Configuring the Optional Port as a LAN Port...
Administration Guide
Page 57
... link regains connectivity, all Internet traffic to use this feature when you can designate either the Dedicated WAN port or the Optional WAN port as a backup. Figure 1 shows an example of Dual WAN Ports configured with Load Balancing. Figure 2 shows an example of Dual WAN ports configured with your WAN connection, see the Internet Connection, page 217 in Appendix A, "Troubleshooting." To maintain better control of the same speed. Configuring Auto...
... link regains connectivity, all Internet traffic to use this feature when you can designate either the Dedicated WAN port or the Optional WAN port as a backup. Figure 1 shows an example of Dual WAN Ports configured with Load Balancing. Figure 2 shows an example of Dual WAN ports configured with your WAN connection, see the Internet Connection, page 217 in Appendix A, "Troubleshooting." To maintain better control of the same speed. Configuring Auto...
Administration Guide
Page 70
... the following topics. • Configuring the Ports, page 70 • Configuring SPAN (Port Mirroring), page 71 Configuring the Ports STEP 1 Click Networking > Port Management > Port Management. Port Management You can enable or disable ports, set the duplex mode and speed, and enable or disable port mirroring. By default all ports are enabled. RIP-2B broadcasts data in the entire subnet. - Not Valid Before: Start date of the First Key for RIP 2B/2M: Check this box to multicast addresses. Refer to the following information: •...
... the following topics. • Configuring the Ports, page 70 • Configuring SPAN (Port Mirroring), page 71 Configuring the Ports STEP 1 Click Networking > Port Management > Port Management. Port Management You can enable or disable ports, set the duplex mode and speed, and enable or disable port mirroring. By default all ports are enabled. RIP-2B broadcasts data in the entire subnet. - Not Valid Before: Start date of the First Key for RIP 2B/2M: Check this box to multicast addresses. Refer to the following information: •...
Administration Guide
Page 96
..." access, which means that MAC filtering is checked. • Default Class Of Service: Use this setting to specify the default Class of Service for example). MAC Filtering provides additional security, but it also adds to this queue. • Background: Lowest priority queue, high throughput. Cisco SA500 Series Security Appliances Administration Guide 96 STEP 3 Enter the following settings. • QoS Enable: Check this box to this queue (FTP data, for all traffic...
..." access, which means that MAC filtering is checked. • Default Class Of Service: Use this setting to specify the default Class of Service for example). MAC Filtering provides additional security, but it also adds to this queue. • Background: Lowest priority queue, high throughput. Cisco SA500 Series Security Appliances Administration Guide 96 STEP 3 Enter the following settings. • QoS Enable: Check this box to this queue (FTP data, for all traffic...
Administration Guide
Page 131
... status. NOTE The Cisco username and password details once applied are available. Cisco SA500 Series Security Appliances Administration Guide 131 The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. For example: Enabling IPS protection on the LAN zone enforces IPS on all other services on the router which use them. Enter your settings. Click Update Now to save your Cisco.com User Name and Password to authenticate to view the IPS log...
... status. NOTE The Cisco username and password details once applied are available. Cisco SA500 Series Security Appliances Administration Guide 131 The IPS Configuration window opens. • IPS Enable: By default, IPS is checked. For example: Enabling IPS protection on the LAN zone enforces IPS on all other services on the router which use them. Enter your settings. Click Update Now to save your Cisco.com User Name and Password to authenticate to view the IPS log...
Administration Guide
Page 140
... Started (Advanced) page, under Technical Documentation at : www.cisco.com/go /sa500resources. The name is required to be accessed by remote PCs that are running VPN client software. NOTE A 3-year Cisco Small Business Support Service Contract (CON-SBS-SVC2) is used for more information. The VPN Wizard window opens. Cisco SA500 Series Security Appliances Administration Guide 140 For detailed information about configuring an IPsec tunnel between an...
... Started (Advanced) page, under Technical Documentation at : www.cisco.com/go /sa500resources. The name is required to be accessed by remote PCs that are running VPN client software. NOTE A 3-year Cisco Small Business Support Service Contract (CON-SBS-SVC2) is used for more information. The VPN Wizard window opens. Cisco SA500 Series Security Appliances Administration Guide 140 For detailed information about configuring an IPsec tunnel between an...
Administration Guide
Page 143
... standard that you also must enable Remote Management. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 5 Repeat as Greenbow. See RMON (Remote Management), page 197. See Advanced Configuration of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for this box to allow the user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be selected...
... standard that you also must enable Remote Management. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 5 Repeat as Greenbow. See RMON (Remote Management), page 197. See Advanced Configuration of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for this box to allow the user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be selected...
Administration Guide
Page 163
... mail) Port Number 20 21 25 Cisco SA500 Series Security Appliances Administration Guide 163 The following information: • Resource Name: Enter a unique name to identify this resource. This shortcut saves time when creating similar policies for multiple remote SSL VPN users. Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN services to save your settings.
... mail) Port Number 20 21 25 Cisco SA500 Series Security Appliances Administration Guide 163 The following information: • Resource Name: Enter a unique name to identify this resource. This shortcut saves time when creating similar policies for multiple remote SSL VPN users. Configuring SSL VPN Port Forwarding Port Forwarding is different from split and full tunnel modes, which allow access only to a limited set of the supported SSL VPN services to save your settings.
Administration Guide
Page 176
... specific points when the flash is complete. To add an address, click Add, enter the type and the address, and then click Apply. - IMPORTANT! During a restore operation or firmware upgrade, do NOT try to save your saved settings from a backup file or revert to can use the Firmware & Configuration page to perform the following tasks: • Upgrade the firmware version and check for new availability. • Backup custom configuration settings for later restoration. • Restore your settings. Administration Firmware...
... specific points when the flash is complete. To add an address, click Add, enter the type and the address, and then click Apply. - IMPORTANT! During a restore operation or firmware upgrade, do NOT try to save your saved settings from a backup file or revert to can use the Firmware & Configuration page to perform the following tasks: • Upgrade the firmware version and check for new availability. • Backup custom configuration settings for later restoration. • Restore your settings. Administration Firmware...
Administration Guide
Page 221
... IP address for any hub ports that are connected to your workstation and firewall. STEP 4 Observe the display: • If the path is still not up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that sends an ICMP echo-request packet to the designated device. Cisco SA500 Series...
... IP address for any hub ports that are connected to your workstation and firewall. STEP 4 Observe the display: • If the path is still not up, test the network configuration: • Verify that the Ethernet card driver software and TCP/IP software are installed and configured on the PC. • Verify that sends an ICMP echo-request packet to the designated device. Cisco SA500 Series...