Administration Guide
Page 3
... Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
... Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and Services 29 Configuring ProtectLink Web & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide 3
Administration Guide
Page 4
... Routing 69 Port Management 70 Configuring the Ports 70 Configuring SPAN (Port Mirroring) 71 QoS Bandwidth Profiles 72 Creating QoS Bandwidth Profiles for WAN Interfaces 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
... Routing 69 Port Management 70 Configuring the Ports 70 Configuring SPAN (Port Mirroring) 71 QoS Bandwidth Profiles 72 Creating QoS Bandwidth Profiles for WAN Interfaces 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 5
... Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91 92 95 95 96 98 99 99 101 103 103 104 107 107 Cisco SA500 Series Security Appliances Administration Guide 5
... Inbound and Outbound Traffic Preliminary Tasks for Firewall Rules Configuring the Default Outbound Policy Configuring a Firewall Rule for Outbound Traffic 77 78 78 80 82 83 83 84 85 85 86 87 88 88 89 91 91 92 95 95 96 98 99 99 101 103 103 104 107 107 Cisco SA500 Series Security Appliances Administration Guide 5
Administration Guide
Page 6
... 130 131 132 133 134 Chapter 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client Configuring the User Database for the IPsec Remote Access VPN Advanced Configuration of IPsec VPN 136 136 137 139 142 144 Cisco SA500 Series Security Appliances Administration Guide 6
... 130 131 132 133 134 Chapter 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client Configuring the User Database for the IPsec Remote Access VPN Advanced Configuration of IPsec VPN 136 136 137 139 142 144 Cisco SA500 Series Security Appliances Administration Guide 6
Administration Guide
Page 7
Contents Viewing the Basic Setting Defaults for IPsec VPN Configuring the IKE Policies for IPsec VPN Configuring the IPsec VPN Policies Configuring SSL VPN for Browser-Based Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout... Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging Options 144 144 148 154 155 155 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
Contents Viewing the Basic Setting Defaults for IPsec VPN Configuring the IKE Policies for IPsec VPN Configuring the IPsec VPN Policies Configuring SSL VPN for Browser-Based Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout... Traffic with the Traffic Meter Configuring the Time Settings Configuring the Logging Options 144 144 148 154 155 155 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
Administration Guide
Page 8
... Management) CDP SNMP Configuring SNMP Configuring SNMP System Info UPnP Bonjour Configuring Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187...
... Management) CDP SNMP Configuring SNMP Configuring SNMP System Info UPnP Bonjour Configuring Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187...
Administration Guide
Page 9
... Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide...
... Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide...
Administration Guide
Page 10
Table 1 Comparison of the SA520, SA520W, and the SA540 are compared in the following table. 1 Getting Started This chapter describes the SA500 and provides scenarios to help you to begin configuring your security appliance to meet the needs of your business. • ...8226; Basic Tasks • Common Configuration Scenarios Feature Overview The features of SA500 Series Security Appliance Models Feature Firewall Performance UTM VPN Performance Connections SA520 200 Mbps 200 Mbps 65 Mbps 15,000 Cisco SA500 Series Security Appliances Administration Guide SA520W 200 Mbps 200 Mbps 65 Mbps...
Table 1 Comparison of the SA520, SA520W, and the SA540 are compared in the following table. 1 Getting Started This chapter describes the SA500 and provides scenarios to help you to begin configuring your security appliance to meet the needs of your business. • ...8226; Basic Tasks • Common Configuration Scenarios Feature Overview The features of SA500 Series Security Appliance Models Feature Firewall Performance UTM VPN Performance Connections SA520 200 Mbps 200 Mbps 65 Mbps 15,000 Cisco SA500 Series Security Appliances Administration Guide SA520W 200 Mbps 200 Mbps 65 Mbps...
Administration Guide
Page 11
...appliance is configured as a Demilitarized Zone or Demarcation Zone, which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for the associated port. Refer to 25 seats. Front Panel • RESET Button-To reboot the security appliance...and descriptions. Cisco SA500 Series Security Appliances Administration Guide 11 Off = 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Getting Started Feature Overview 1 Feature LAN Ports Wireless (802.11n) IPsec (# seats) SSL (# seats) SA520 4 No SA520W...
...appliance is configured as a Demilitarized Zone or Demarcation Zone, which allows public services such as web servers, without exposing your LAN. • SPEED LED-(Green or Orange) Indicates the traffic rate for the associated port. Refer to 25 seats. Front Panel • RESET Button-To reboot the security appliance...and descriptions. Cisco SA500 Series Security Appliances Administration Guide 11 Off = 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Getting Started Feature Overview 1 Feature LAN Ports Wireless (802.11n) IPsec (# seats) SSL (# seats) SA520 4 No SA520W...
Administration Guide
Page 12
... without exposing your LAN. • WAN Port-Connects the security appliance to DSL, a cable modem, or another WAN connectivity device. • USB Port-Connects the security appliance to store configuration files for the antennas. When flashing, the port is active. • WLAN LED-(Green) When lit, indicates that a connection is enabled (SA520W). Cisco SA500 Series Security Appliances Administration Guide 12
... without exposing your LAN. • WAN Port-Connects the security appliance to DSL, a cable modem, or another WAN connectivity device. • USB Port-Connects the security appliance to store configuration files for the antennas. When flashing, the port is active. • WLAN LED-(Green) When lit, indicates that a connection is enabled (SA520W). Cisco SA500 Series Security Appliances Administration Guide 12
Administration Guide
Page 17
..., connect an Ethernet network cable from your administration PC or laptop. Each LED lights to provision the SA500 Series Security Appliances. Cisco SA500 Series Security Appliances Administration Guide 17 A sample configuration is complete. Getting Started Getting Started with the Configuration Utility The Configuration Utility web page is a web based device manager that is used to show an active connection. To use...
..., connect an Ethernet network cable from your administration PC or laptop. Each LED lights to provision the SA500 Series Security Appliances. Cisco SA500 Series Security Appliances Administration Guide 17 A sample configuration is complete. Getting Started Getting Started with the Configuration Utility The Configuration Utility web page is a web based device manager that is used to show an active connection. To use...
Administration Guide
Page 18
...can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you are using the security appliance with the Configuration Utility 1 Connecting to the Configuration Utility STEP 1 Connect your computer to the Configuration Utility. If you...cisco.com/go/configassist. Getting Started Getting Started with a CCA-supported device, such as the UC500. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. Cisco SA500 Series Security Appliances Administration Guide...
...can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you are using the security appliance with the Configuration Utility 1 Connecting to the Configuration Utility STEP 1 Connect your computer to the Configuration Utility. If you...cisco.com/go/configassist. Getting Started Getting Started with a CCA-supported device, such as the UC500. STEP 2 Start a web browser, and enter the following address: 192.168.75.1 This address is the factory default LAN address of the security appliance. Cisco SA500 Series Security Appliances Administration Guide...
Administration Guide
Page 19
... 1 Using the Getting Started Pages The Getting Started pages provide help with common configuration tasks. • Find a task that you want to complete. • To return to the Getting Started (Basic) page at any ..., and click the links to get started. Getting Started (Basic) Page Cisco SA500 Series Security Appliances Administration Guide 19 Proceed in order through the listed links. • For help with advanced configuration tasks, such as firewall/NAT configuration, optional WAN configuration, DMZ configuration, and VPN setup, click the Getting Started > Advanced link in , ...
... 1 Using the Getting Started Pages The Getting Started pages provide help with common configuration tasks. • Find a task that you want to complete. • To return to the Getting Started (Basic) page at any ..., and click the links to get started. Getting Started (Basic) Page Cisco SA500 Series Security Appliances Administration Guide 19 Proceed in order through the listed links. • For help with advanced configuration tasks, such as firewall/NAT configuration, optional WAN configuration, DMZ configuration, and VPN setup, click the Getting Started > Advanced link in , ...
Administration Guide
Page 20
Getting Started Getting Started with the Configuration Utility Getting Started (Advanced) Page 1 Cisco SA500 Series Security Appliances Administration Guide 20
Getting Started Getting Started with the Configuration Utility Getting Started (Advanced) Page 1 Cisco SA500 Series Security Appliances Administration Guide 20
Administration Guide
Page 21
... the main branch title to expand or contract its contents. Getting Started Getting Started with the Configuration Utility 1 Navigating Through the Configuration Utility Use the menu bar and the navigation pane to open it. Cisco SA500 Series Security Appliances Administration Guide 21 Menu Bar and Navigation Pane Number 1 2 3 Component Menu Bar Navigation Pane Main Content Description Contains...
... the main branch title to expand or contract its contents. Getting Started Getting Started with the Configuration Utility 1 Navigating Through the Configuration Utility Use the menu bar and the navigation pane to open it. Cisco SA500 Series Security Appliances Administration Guide 21 Menu Bar and Navigation Pane Number 1 2 3 Component Menu Bar Navigation Pane Main Content Description Contains...
Administration Guide
Page 22
... information about the page that allow you can assign static IP addresses to connected devices rather than allowing the security appliance to customize all factory default settings, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 To view a Help page, click the Help link in IPv4 Only mode. You can change other WAN...
... information about the page that allow you can assign static IP addresses to connected devices rather than allowing the security appliance to customize all factory default settings, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 To view a Help page, click the Help link in IPv4 Only mode. You can change other WAN...
Administration Guide
Page 23
..., find the default Administrator account. The User Configuration window opens, displaying the default information. These settings make it is strongly recommended that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 The default setting requires logging in the ... Administrative Access: You can also change the default username and password. You can access the Configuration Utility by using your security appliance. STEP 1 In the User Administration section of inactivity. STEP 4 Enter the following basic tasks before you ...
..., find the default Administrator account. The User Configuration window opens, displaying the default information. These settings make it is strongly recommended that you complete the following information: Cisco SA500 Series Security Appliances Administration Guide 23 The default setting requires logging in the ... Administrative Access: You can also change the default username and password. You can access the Configuration Utility by using your security appliance. STEP 1 In the User Administration section of inactivity. STEP 4 Enter the following basic tasks before you ...
Administration Guide
Page 24
... up your network, or a USB key. Cisco SA500 Series Security Appliances Administration Guide 24 The User Type and Group cannot be inactive before the login expires. The default password for this account. • Check to Edit Password: Check this new security appliance is cisco. • New Password: Enter a password ...First Name: Enter the user's first name. • Last Name: Enter the user's last name. STEP 5 Click Apply to a saved configuration. STEP 3 In the Upgrade Firmware section of the Getting Started (Basic) page, click the link: Check for the user. Getting Started Basic...
... up your network, or a USB key. Cisco SA500 Series Security Appliances Administration Guide 24 The User Type and Group cannot be inactive before the login expires. The default password for this account. • Check to Edit Password: Check this new security appliance is cisco. • New Password: Enter a password ...First Name: Enter the user's first name. • Last Name: Enter the user's last name. STEP 5 Click Apply to a saved configuration. STEP 3 In the Upgrade Firmware section of the Getting Started (Basic) page, click the link: Check for the user. Getting Started Basic...
Administration Guide
Page 25
... 31 • Scenario 10: Wireless Networking, page 35 Cisco SA500 Series Security Appliances Administration Guide 25 NOTE Wait while the firmware is complete, the router automatically restarts. Do NOT shutdown the computer. When the upgrade is upgraded. 1. Common Configuration Scenarios The SA500 Series Security Appliances can be deployed to address the security concerns of the router is in progress, the...
... 31 • Scenario 10: Wireless Networking, page 35 Cisco SA500 Series Security Appliances Administration Guide 25 NOTE Wait while the firmware is complete, the router automatically restarts. Do NOT shutdown the computer. When the upgrade is upgraded. 1. Common Configuration Scenarios The SA500 Series Security Appliances can be deployed to address the security concerns of the router is in progress, the...
Administration Guide
Page 26
... the Default User Name and Password, page 23). Cisco SA500 Series Security Appliances Administration Guide 26 Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance enables communication between the devices on the private...
... the Default User Name and Password, page 23). Cisco SA500 Series Security Appliances Administration Guide 26 Getting Started Common Configuration Scenarios 1 Scenario 1: Basic Network Configuration with Internet Access 235234 Outside Network Private Network Laptop computer Internet Internet Access Device SA 500 Printer Personal computer In a basic deployment for a small business, the security appliance enables communication between the devices on the private...