Administration Guide
Page 9
... Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide 9
... Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide 9
Administration Guide
Page 38
...map Internet domain names (example: www.cisco.com) to use ISP-specified addresses. - STEP 6 If required by your ISP does not require a login, enter the following options: • Never: Disables Reset Connection by schedule. You can be passed on a specific day. STEP 4 Reset the PPPoE..., of the PPTP, PPPoE, or other server. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Cisco SA500 Series Security Appliances Administration Guide 38 Choose one of the following information under Internet (IP) Address and Dynamic Name System (DNS) Servers: • ...
...map Internet domain names (example: www.cisco.com) to use ISP-specified addresses. - STEP 6 If required by your ISP does not require a login, enter the following options: • Never: Disables Reset Connection by schedule. You can be passed on a specific day. STEP 4 Reset the PPPoE..., of the PPTP, PPPoE, or other server. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Cisco SA500 Series Security Appliances Administration Guide 38 Choose one of the following information under Internet (IP) Address and Dynamic Name System (DNS) Servers: • ...
Administration Guide
Page 86
... used to transmit IPv6 packets between dual-stack nodes over an IPv4 network. STEP 1 Click Networking > IPv6 > ISATAP Tunnels. Cisco SA500 Series Security Appliances Administration Guide 86 Other options: Click the Edit button to configure a tunnel. The ISATAP Tunnels window opens. Any existing tunnels are listed in the table... 2 To add an ISATAP tunnel, click Add. STEP 4 Click Apply to the logical ISATAP subnet for the tunnel that is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address.
... used to transmit IPv6 packets between dual-stack nodes over an IPv4 network. STEP 1 Click Networking > IPv6 > ISATAP Tunnels. Cisco SA500 Series Security Appliances Administration Guide 86 Other options: Click the Edit button to configure a tunnel. The ISATAP Tunnels window opens. Any existing tunnels are listed in the table... 2 To add an ISATAP tunnel, click Add. STEP 4 Click Apply to the logical ISATAP subnet for the tunnel that is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address.
Administration Guide
Page 87
... in IPv4. Cisco SA500 Series Security Appliances Administration Guide 87 This protocol is similar to save your settings. STEP 2 Check the box to enable MLD when this parameter is 5000 ms (5 seconds) and maximum value is 1800000 ms (30 mins). • Robustness Variable: Enter a value from 2 to 8 to allow tuning for a specific multicast group. The...
... in IPv4. Cisco SA500 Series Security Appliances Administration Guide 87 This protocol is similar to save your settings. STEP 2 Check the box to enable MLD when this parameter is 5000 ms (5 seconds) and maximum value is 1800000 ms (30 mins). • Robustness Variable: Enter a value from 2 to 8 to allow tuning for a specific multicast group. The...
Administration Guide
Page 96
... Click Apply to the complexity and maintenance. MAC Filtering provides additional security, but it also adds to save your settings. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to send timesensitive data such... to this queue (FTP data, for example). STEP 2 Find the profile that MAC filtering is typically sent to prioritize the traffic. Cisco SA500 Series Security Appliances Administration Guide 96 STEP 1 Click Wireless > Profiles. STEP 3 Enter the following settings. • QoS Enable: Check this box to...
... Click Apply to the complexity and maintenance. MAC Filtering provides additional security, but it also adds to save your settings. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to send timesensitive data such... to this queue (FTP data, for example). STEP 2 Find the profile that MAC filtering is typically sent to prioritize the traffic. Cisco SA500 Series Security Appliances Administration Guide 96 STEP 1 Click Wireless > Profiles. STEP 3 Enter the following settings. • QoS Enable: Check this box to...
Administration Guide
Page 100
...This impacts the available Wi-Fi™ channels as the default transmitted power level for all APs that use 802.11b. - Cisco SA500 Series Security Appliances Administration Guide 100 This list is populated according to use by wireless authorities in the wireless network can support 802.11n. -...the SA520W Configuring the Radio 3 • Country: Choose a country from the list of countries. This setting is 20 dBm. The default is specific to 802.11n traffic. • Control Side Band: If you chose 40 MHz channel spacing, choose Lower Upper. • Current Channel: Displays ...
...This impacts the available Wi-Fi™ channels as the default transmitted power level for all APs that use 802.11b. - Cisco SA500 Series Security Appliances Administration Guide 100 This list is populated according to use by wireless authorities in the wireless network can support 802.11n. -...the SA520W Configuring the Radio 3 • Country: Choose a country from the list of countries. This setting is 20 dBm. The default is specific to 802.11n traffic. • Control Side Band: If you chose 40 MHz channel spacing, choose Lower Upper. • Current Channel: Displays ...
Administration Guide
Page 106
... Choose the WAN interface from the Getting Started (Advanced) page, under Firewall and NAT Rules. This is the interface where you choose Specific Days, also check the days for this schedule. • Schedule Time of Day: From the drop-down menu. STEP 2 To... click Add. Cisco SA500 Series Security Appliances Administration Guide 106 Configuring IP Aliases for the schedule. Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall > Firewall > Schedules, or from the Interface drop-down list, choose All Day or Specific Times. To ...
... Choose the WAN interface from the Getting Started (Advanced) page, under Firewall and NAT Rules. This is the interface where you choose Specific Days, also check the days for this schedule. • Schedule Time of Day: From the drop-down menu. STEP 2 To... click Add. Cisco SA500 Series Security Appliances Administration Guide 106 Configuring IP Aliases for the schedule. Firewall Configuration Configuring Firewall Rules to Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall > Firewall > Schedules, or from the Interface drop-down list, choose All Day or Specific Times. To ...
Administration Guide
Page 121
... the specified incoming port to support the exchange of ports in the IP/MAC Binding table. Cisco SA500 Series Security Appliances Administration Guide 121 NOTE Port triggering is required for servers on a specific port or range of data. Firewall Configuration Port Triggering 4 STEP 3 If you can also specify a port triggering rule by defining the type...
... the specified incoming port to support the exchange of ports in the IP/MAC Binding table. Cisco SA500 Series Security Appliances Administration Guide 121 NOTE Port triggering is required for servers on a specific port or range of data. Firewall Configuration Port Triggering 4 STEP 3 If you can also specify a port triggering rule by defining the type...
Administration Guide
Page 125
...: Check this box to block Java applets that can be specified in web pages that is 80. For example, if connections to a specific IP address are blocked by a website. However, several websites use cookies to Java applets, ActiveX controls are used to store session information ...used by malicious websites to infect computers that are small programs embedded in a comma separated list. Enabling this box to block. Cisco SA500 Series Security Appliances Administration Guide 125 Cookies are installed on a website, but do not match the name of the domain of the page. Some...
...: Check this box to block Java applets that can be specified in web pages that is 80. For example, if connections to a specific IP address are blocked by a website. However, several websites use cookies to Java applets, ActiveX controls are used to store session information ...used by malicious websites to infect computers that are small programs embedded in a comma separated list. Enabling this box to block. Cisco SA500 Series Security Appliances Administration Guide 125 Cookies are installed on a website, but do not match the name of the domain of the page. Some...
Administration Guide
Page 143
...a propriety Cisco/Linksys client which the remote user will have access. The subnet should be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the Remote Peer Type, you can be used when additional client security is specific only to ... IP address: Enter the LAN IP subnet to add. STEP 5 Repeat as Greenbow. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 4 Click Apply to the list of IPsec VPN, page 144. • For Cisco QuickVPN, you need to which uses user authentication but the implementation is required with a VPN...
...a propriety Cisco/Linksys client which the remote user will have access. The subnet should be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the Remote Peer Type, you can be used when additional client security is specific only to ... IP address: Enter the LAN IP subnet to add. STEP 5 Repeat as Greenbow. Cisco SA500 Series Security Appliances Administration Guide 143 STEP 4 Click Apply to the list of IPsec VPN, page 144. • For Cisco QuickVPN, you need to which uses user authentication but the implementation is required with a VPN...
Administration Guide
Page 151
... the following information in the Auto Policy Parameters area: • SA Lifetime: Enter the lifetime of the Security Association, and specify whether it reaches its timeout period. The lifebyte specifications are created, one for inbound traffic and one for the inbound policy. Cisco SA500 Series Security Appliances Administration Guide 151 SHA2-256: 32 characters - otherwise the system...
... the following information in the Auto Policy Parameters area: • SA Lifetime: Enter the lifetime of the Security Association, and specify whether it reaches its timeout period. The lifebyte specifications are created, one for inbound traffic and one for the inbound policy. Cisco SA500 Series Security Appliances Administration Guide 151 SHA2-256: 32 characters - otherwise the system...
Administration Guide
Page 156
... visit such sites, and use that browser to the portal users. • Users: Create your VPN users. Elements of users. Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for all users. In addition, you plan to access the email service only. IMPORTANT: If...modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding, or both). Then, you could create two portal layouts for different groups of the SSL VPN Several elements work together to specific targets on the internal network that you want...
... visit such sites, and use that browser to the portal users. • Users: Create your VPN users. Elements of users. Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for all users. In addition, you plan to access the email service only. IMPORTANT: If...modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding, or both). Then, you could create two portal layouts for different groups of the SSL VPN Several elements work together to specific targets on the internal network that you want...
Administration Guide
Page 160
...policy applies to a specific network resource, IP address, or IP address range on the LAN, or to other SSL VPN services that the user can be inactive before the session is set to 0, the group timeout setting applies. Cisco SA500 Series Security Appliances Administration Guide 160 Configuring ...over all services and ports. Policies are applied based on the group, certain attributes such as the local password are supported by the security appliance. It can create user, group, and global policies. Enter any alphanumeric characters. • First Name: Enter the user's first name...
...policy applies to a specific network resource, IP address, or IP address range on the LAN, or to other SSL VPN services that the user can be inactive before the session is set to 0, the group timeout setting applies. Cisco SA500 Series Security Appliances Administration Guide 160 Configuring ...over all services and ports. Policies are applied based on the group, certain attributes such as the local password are supported by the security appliance. It can create user, group, and global policies. Enter any alphanumeric characters. • First Name: Enter the user's first name...
Administration Guide
Page 161
...edit an entry. STEP 3 To add an SSL VPN policy, click Add. After you define a policy, it goes into effect immediately. Cisco SA500 Series Security Appliances Administration Guide 161 STEP 1 Click VPN > SSL VPN Server > SSL VPN Policies. The SSL VPN Policies window opens. Other options: ... For area, enter the following information: • Policy For: Choose the type of the table heading. For example, a policy for a specific IP address takes precedence over a general policy. See Specifying the Network Resources for the network resource. If you first need to configure a record...
...edit an entry. STEP 3 To add an SSL VPN policy, click Add. After you define a policy, it goes into effect immediately. Cisco SA500 Series Security Appliances Administration Guide 161 STEP 1 Click VPN > SSL VPN Server > SSL VPN Policies. The SSL VPN Policies window opens. Other options: ... For area, enter the following information: • Policy For: Choose the type of the table heading. For example, a policy for a specific IP address takes precedence over a general policy. See Specifying the Network Resources for the network resource. If you first need to configure a record...
Administration Guide
Page 166
... is specified by the tunnel must be either in a different subnet or non-overlapping range as the corporate LAN. The security appliance allows Full Tunnel and Split Tunnel support. • Full Tunnel Mode: The VPN Tunnel handles all of the traffic from... NOTE As in any physical devices on the private LAN's firewall (typically this security appliance) is needed to specific private networks, thereby allowing access control over specific LAN services. Cisco SA500 Series Security Appliances Administration Guide 166 In addition, a static route on the LAN. Configuring VPN Configuring...
... is specified by the tunnel must be either in a different subnet or non-overlapping range as the corporate LAN. The security appliance allows Full Tunnel and Split Tunnel support. • Full Tunnel Mode: The VPN Tunnel handles all of the traffic from... NOTE As in any physical devices on the private LAN's firewall (typically this security appliance) is needed to specific private networks, thereby allowing access control over specific LAN services. Cisco SA500 Series Security Appliances Administration Guide 166 In addition, a static route on the LAN. Configuring VPN Configuring...
Administration Guide
Page 176
.... • Restore your settings. During a restore operation or firmware upgrade, do NOT try to the factory default settings. • Reboot the security appliance. Administration Firmware and Configuration 8 - To delete an address, check the box, and then click Delete. STEP 3 Click Apply to can use...at specific points when the flash is being written to save your saved settings from a backup file or revert to go online, turn off the device, shut down the PC, or interrupt the process in anyway until the operation is complete. Cisco SA500 Series Security Appliances Administration ...
.... • Restore your settings. During a restore operation or firmware upgrade, do NOT try to the factory default settings. • Reboot the security appliance. Administration Firmware and Configuration 8 - To delete an address, check the box, and then click Delete. STEP 3 Click Apply to can use...at specific points when the flash is being written to save your saved settings from a backup file or revert to go online, turn off the device, shut down the PC, or interrupt the process in anyway until the operation is complete. Cisco SA500 Series Security Appliances Administration ...
Administration Guide
Page 183
... was started or the last time when the traffic counter was downloaded through this Month's Limit field. See Remote Logging, page 188. Specific Time: Choose this option and then click Apply to and from the WAN when the traffic limit is enabled, the Internet Traffic Statistics...reached. • Block All Traffic Except E-mail: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183 Restart Now: Choose this option if you want the counter to and from the WAN except email traffic. Then enter ...
... was started or the last time when the traffic counter was downloaded through this Month's Limit field. See Remote Logging, page 188. Specific Time: Choose this option and then click Apply to and from the WAN when the traffic limit is enabled, the Internet Traffic Statistics...reached. • Block All Traffic Except E-mail: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183 Restart Now: Choose this option if you want the counter to and from the WAN except email traffic. Then enter ...
Administration Guide
Page 211
... by the remote client. Click Disconnect to ppp interface at the remote client side from where tunnel establishment was initiated. Cisco SA500 Series Security Appliances Administration Guide 211 You can use the buttons on the router associated to either start or stop connections. Internet IP address... logged in Kilobytes) associated with the tunnel transferred by the user, the tunnel specific fields will have no values. Status > VPN Status > SSL VPN Status User Name IP Address Tunnel Specific Fields Local ppp interface Peer PPP Interface IP Tx Packets Tx Dropped Packets Tx ...
... by the remote client. Click Disconnect to ppp interface at the remote client side from where tunnel establishment was initiated. Cisco SA500 Series Security Appliances Administration Guide 211 You can use the buttons on the router associated to either start or stop connections. Internet IP address... logged in Kilobytes) associated with the tunnel transferred by the user, the tunnel specific fields will have no values. Status > VPN Status > SSL VPN Status User Name IP Address Tunnel Specific Fields Local ppp interface Peer PPP Interface IP Tx Packets Tx Dropped Packets Tx ...
Administration Guide
Page 215
...e-mail address and server information are generated automatically and need not be enabled explicitly. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see CDP, page 199. This page...device and identifies the network interface of the recent IPsec VPN activity. The page displays information specific to view the log contents generated by the neighbor Interface on which the neighbor was discovered. ... the log messages currently displayed in the log window. Cisco SA500 Series Security Appliances Administration Guide 215
...e-mail address and server information are generated automatically and need not be enabled explicitly. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see CDP, page 199. This page...device and identifies the network interface of the recent IPsec VPN activity. The page displays information specific to view the log contents generated by the neighbor Interface on which the neighbor was discovered. ... the log messages currently displayed in the log window. Cisco SA500 Series Security Appliances Administration Guide 215
Administration Guide
Page 227
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • lEEE 802.3i 10BASE-T • lEEE 802.3U 100BASE-TX ... for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • lEEE 802.3i 10BASE-T • lEEE 802.3U 100BASE-TX ... for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227