Administration Guide
Page 3
... Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and ... & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide ...
... Up Your Configuration 24 Upgrading the Firmware 24 Common Configuration Scenarios 25 Basic Network Configuration with Internet Access 26 Cisco Smart Business Communications System Configuration 28 Firewall for Controlling Inbound and Outbound Traffic 29 DMZ for Public Websites and ... & Email Security 31 Site-to-Site Networking and Remote Access 31 Wireless Networking 35 Chapter 2: Networking 36 Configuring the WAN Connection 37 Viewing the WAN Status 39 Creating PPPoE Profiles 40 Configuring an IP Alias 41 Cisco SA500 Series Security Appliances Administration Guide ...
Administration Guide
Page 4
... 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
... 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 5
... 83 83 84 85 85 86 87 88 88 89 91 91 92 95 95 96 98 99 99 101 103 103 104 107 107 Cisco SA500 Series Security Appliances Administration Guide 5
... 83 83 84 85 85 86 87 88 88 89 91 91 92 95 95 96 98 99 99 101 103 103 104 107 107 Cisco SA500 Series Security Appliances Administration Guide 5
Administration Guide
Page 6
... 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client Configuring the User Database for the IPsec Remote Access VPN Advanced Configuration of IPsec VPN 136 136 137 139 142 144 Cisco SA500 Series Security Appliances Administration Guide...
... 6: Using Cisco ProtectLink Security Services 135 Chapter 7: Configuring VPN About VPN Configuring a Site-to-Site VPN Tunnel Configuring an IPsec VPN Tunnel for Remote Access with a VPN Client Configuring the User Database for the IPsec Remote Access VPN Advanced Configuration of IPsec VPN 136 136 137 139 142 144 Cisco SA500 Series Security Appliances Administration Guide...
Administration Guide
Page 7
... Configuring the IKE Policies for IPsec VPN Configuring the IPsec VPN Policies Configuring SSL VPN for Browser-Based Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
... Configuring the IKE Policies for IPsec VPN Configuring the IPsec VPN Policies Configuring SSL VPN for Browser-Based Remote Access Access Options for SSL VPN Security Tips for SSL VPN Elements of the SSL VPN Scenario Step 1: Customizing the Portal Layout Scenario Step 2: Adding the SSL VPN Users Creating the SSL... 156 157 159 160 163 163 165 168 169 169 170 171 171 172 173 173 175 176 176 178 180 180 182 184 185 Cisco SA500 Series Security Appliances Administration Guide 7
Administration Guide
Page 8
... Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197 197 199 199 200 200 201 202 202 202 204 204 205 207...
... Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197 197 199 199 200 200 201 202 202 202 204 204 205 207...
Administration Guide
Page 9
... Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide 9
... Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215 215 216 216 217 217 220 221 223 224 227 229 229 231 234 237 238 240 Cisco SA500 Series Security Appliances Administration Guide 9
Administration Guide
Page 10
Table 1 Comparison of the SA520, SA520W, and the SA540 are compared in the following table. 1 Getting Started This chapter describes the SA500 and provides scenarios to help you to begin configuring your security appliance to meet the needs of your business. • Feature ... • Common Configuration Scenarios Feature Overview The features of SA500 Series Security Appliance Models Feature Firewall Performance UTM VPN Performance Connections SA520 200 Mbps 200 Mbps 65 Mbps 15,000 Cisco SA500 Series Security Appliances Administration Guide SA520W 200 Mbps 200 Mbps 65 Mbps 15,000...
Table 1 Comparison of the SA520, SA520W, and the SA540 are compared in the following table. 1 Getting Started This chapter describes the SA500 and provides scenarios to help you to begin configuring your security appliance to meet the needs of your business. • Feature ... • Common Configuration Scenarios Feature Overview The features of SA500 Series Security Appliance Models Feature Firewall Performance UTM VPN Performance Connections SA520 200 Mbps 200 Mbps 65 Mbps 15,000 Cisco SA500 Series Security Appliances Administration Guide SA520W 200 Mbps 200 Mbps 65 Mbps 15,000...
Administration Guide
Page 11
... 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Cisco SA500 Series Security Appliances Administration Guide 11 Yes (50) Includes 2 seats. When off, indicates the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, ..., up to 25 seats. Refer to use the security appliance, become familiar with the LEDs on the front panel and the ports on diagnostics. Getting Started Feature Overview 1 Feature LAN Ports Wireless (802.11n) IPsec (# seats) SSL (# seats) SA520 4 No SA520W 4 Yes SA540 8 No Yes ...
... 10 Mbps, Green = 100 Mbps, Orange = 1000 Mbps. Cisco SA500 Series Security Appliances Administration Guide 11 Yes (50) Includes 2 seats. When off, indicates the appliance has booted properly. • POWER LED-(Green) When lit, indicates the appliance is powered on. • DMZ LED-(Green) When lit, ..., up to 25 seats. Refer to use the security appliance, become familiar with the LEDs on the front panel and the ports on diagnostics. Getting Started Feature Overview 1 Feature LAN Ports Wireless (802.11n) IPsec (# seats) SSL (# seats) SA520 4 No SA520W 4 Yes SA540 8 No Yes ...
Administration Guide
Page 12
The SA520 and SA520W have 4 LAN ports. A DMZ (Demilitarized Zone or Demarcation Zone) can use a USB device to services such as a WAN, LAN, or DMZ port. The ... backup and restore operations. Rear Panel • POWER Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers and other network appliances to a USB device. Cisco SA500 Series Security Appliances Administration Guide 12 You can be configured to operate as web servers...
The SA520 and SA520W have 4 LAN ports. A DMZ (Demilitarized Zone or Demarcation Zone) can use a USB device to services such as a WAN, LAN, or DMZ port. The ... backup and restore operations. Rear Panel • POWER Switch-Turns the security appliance on or off. • POWER Connector-Connects the security appliance to power using the supplied power cable. • LAN Ports-Connect computers and other network appliances to a USB device. Cisco SA500 Series Security Appliances Administration Guide 12 You can be configured to operate as web servers...
Administration Guide
Page 13
... air flow around the device. • Mechanical Loading-Be sure that the security appliance is level and stable to the following topics: • Installation Options, page 13 • Hardware Installation, page 16 Installation Options You can place your security appliance. Cisco SA500 Series Security Appliances Administration Guide 13 Getting Started Installation 1 Installation This section guides you through the...
... air flow around the device. • Mechanical Loading-Be sure that the security appliance is level and stable to the following topics: • Installation Options, page 13 • Hardware Installation, page 16 Installation Options You can place your security appliance. Cisco SA500 Series Security Appliances Administration Guide 13 Getting Started Installation 1 Installation This section guides you through the...
Administration Guide
Page 14
Getting Started Installation 1 Wall Mounting STEP 1 Insert two 17 mm screws, with anchors, into the wall 15 cm apart (about 1/8 inch) of the head exposed. Cisco SA500 Series Security Appliances Administration Guide 14 Leave 3-4 mm (about 5.9 inches).
Getting Started Installation 1 Wall Mounting STEP 1 Insert two 17 mm screws, with anchors, into the wall 15 cm apart (about 1/8 inch) of the head exposed. Cisco SA500 Series Security Appliances Administration Guide 14 Leave 3-4 mm (about 5.9 inches).
Administration Guide
Page 15
Rack Mounting You can mount the security appliance in a rack. CAUTION Do not overload the power outlet or circuit when installing multiple devices in any standard size, 19-inch (about 48 cm) wide rack. Cisco SA500 Series Security Appliances Administration Guide 15 Each security appliance requires 1 rack unit (RU) of space, which is 1.75 inches (44.45 mm) high. ! Getting Started Installation 1 STEP 2 Position the unit so that the wall-mount slots are over the two screws. Slide the unit down until the screws fit snugly into the wall-mount slots.
Rack Mounting You can mount the security appliance in a rack. CAUTION Do not overload the power outlet or circuit when installing multiple devices in any standard size, 19-inch (about 48 cm) wide rack. Cisco SA500 Series Security Appliances Administration Guide 15 Each security appliance requires 1 rack unit (RU) of space, which is 1.75 inches (44.45 mm) high. ! Getting Started Installation 1 STEP 2 Position the unit so that the wall-mount slots are over the two screws. Slide the unit down until the screws fit snugly into the wall-mount slots.
Administration Guide
Page 16
... device to power. STEP 4 For network devices, connect an Ethernet network cable from the network device to one of the security appliance so that the four holes align to point upward. Cisco SA500 Series Security Appliances Administration Guide 16 Orient each antenna onto a threaded connector on the side of the supplied spacers on the back panel...
... device to power. STEP 4 For network devices, connect an Ethernet network cable from the network device to one of the security appliance so that the four holes align to point upward. Cisco SA500 Series Security Appliances Administration Guide 16 Orient each antenna onto a threaded connector on the side of the supplied spacers on the back panel...
Administration Guide
Page 17
... (such as Microsoft Internet Explorer or Mozilla Firefox). Each LED lights to provision the SA500 Series Security Appliances. You can access the security appliance by using a UC500, connect an Ethernet network cable from your administration PC or laptop. Congratulations! Cisco SA500 Series Security Appliances Administration Guide 17 Getting Started Getting Started with the Configuration Utility The Configuration Utility web...
... (such as Microsoft Internet Explorer or Mozilla Firefox). Each LED lights to provision the SA500 Series Security Appliances. You can access the security appliance by using a UC500, connect an Ethernet network cable from your administration PC or laptop. Congratulations! Cisco SA500 Series Security Appliances Administration Guide 17 Getting Started Getting Started with the Configuration Utility The Configuration Utility web...
Administration Guide
Page 18
.../go/configassist. On the Certificate page, click Install the Certificate. On the Certificate page, click Install the Certificate. Cisco SA500 Series Security Appliances Administration Guide 18 NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you change this setting in the Wizard to the Configuration Utility. STEP 2 Start a web...
.../go/configassist. On the Certificate page, click Install the Certificate. On the Certificate page, click Install the Certificate. Cisco SA500 Series Security Appliances Administration Guide 18 NOTE You can use the Cisco Configuration Assistant (CCA) t to launch the Configuration Utility if you change this setting in the Wizard to the Configuration Utility. STEP 2 Start a web...
Administration Guide
Page 19
... Started (Basic) page at any time, click the Getting Started button in , check the Don't show this on start-up box. Getting Started (Basic) Page Cisco SA500 Series Security Appliances Administration Guide 19
... Started (Basic) page at any time, click the Getting Started button in , check the Don't show this on start-up box. Getting Started (Basic) Page Cisco SA500 Series Security Appliances Administration Guide 19
Administration Guide
Page 20
Getting Started Getting Started with the Configuration Utility Getting Started (Advanced) Page 1 Cisco SA500 Series Security Appliances Administration Guide 20
Getting Started Getting Started with the Configuration Utility Getting Started (Advanced) Page 1 Cisco SA500 Series Security Appliances Administration Guide 20
Administration Guide
Page 21
... triangle next to the main branch title to another category. Provides easy navigation through the configurable device features.The main branches expand to open it. Cisco SA500 Series Security Appliances Administration Guide 21 Click a menu item to change to expand or contract its contents. Menu Bar and Navigation Pane Number 1 2 3 Component Menu Bar Navigation...
... triangle next to the main branch title to another category. Provides easy navigation through the configurable device features.The main branches expand to open it. Cisco SA500 Series Security Appliances Administration Guide 21 Click a menu item to change to expand or contract its contents. Menu Bar and Navigation Pane Number 1 2 3 Component Menu Bar Navigation...
Administration Guide
Page 22
...can change other WAN settings as needed . For more information, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 Getting Started About the Default Settings 1 Using the Help System The Configuration Utility includes detailed... with minimal changes needed . About the Default Settings The SA500 Series Security Appliances are described below. See Configuring IPv6 Addressing, page 77. • WAN Configuration: By default, the security appliance is preset to enter the account information. For more information, ...
...can change other WAN settings as needed . For more information, see Scenario 1: Basic Network Configuration with Cisco SA500 Series Security Appliances Administration Guide 22 Getting Started About the Default Settings 1 Using the Help System The Configuration Utility includes detailed... with minimal changes needed . About the Default Settings The SA500 Series Security Appliances are described below. See Configuring IPv6 Addressing, page 77. • WAN Configuration: By default, the security appliance is preset to enter the account information. For more information, ...