Administration Guide
Page 9
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
Administration Guide
Page 38
...: Enter the IP address assigned to you by Schedule. • Daily: Resets the connection daily. • Weekly: Resets the connection weekly on a specific day. You can be passed on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. Get Dynamically from ISP: Choose this ...time you want to enable a connection on . Choose Custom if you log in bytes, of the PPTP, PPPoE, or other server. Cisco SA500 Series Security Appliances Administration Guide 38 Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Choose Default to ...
...: Enter the IP address assigned to you by Schedule. • Daily: Resets the connection daily. • Weekly: Resets the connection weekly on a specific day. You can be passed on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. Get Dynamically from ISP: Choose this ...time you want to enable a connection on . Choose Custom if you log in bytes, of the PPTP, PPPoE, or other server. Cisco SA500 Series Security Appliances Administration Guide 38 Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Choose Default to ...
Administration Guide
Page 86
...: • ISATAP Subnet Prefix: Enter the 64-bit subnet prefix that is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address. Cisco SA500 Series Security Appliances Administration Guide 86 You can be the LAN interface (assuming the LAN...
...: • ISATAP Subnet Prefix: Enter the 64-bit subnet prefix that is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address. Cisco SA500 Series Security Appliances Administration Guide 86 You can be the LAN interface (assuming the LAN...
Administration Guide
Page 87
...value is similar to be lossy. STEP 2 Check the box to enable MLD when this router is expected to allow tuning for a specific multicast group. By varying the Query Response Interval, an administrator can tune the burstiness of time (in IPv6 mode. The minimum value ... settings. Enter a higher value if a link is in milliseconds) that discovers listeners for the expected packet loss on the link; Cisco SA500 Series Security Appliances Administration Guide 87 Networking Configuring IPv6 Addressing 2 MLD Tunnels Multicast Listener Discovery (MLD) is an IPv6 protocol that...
...value is similar to be lossy. STEP 2 Check the box to enable MLD when this router is expected to allow tuning for a specific multicast group. By varying the Query Response Interval, an administrator can tune the burstiness of time (in IPv6 mode. The minimum value ... settings. Enter a higher value if a link is in milliseconds) that discovers listeners for the expected packet loss on the link; Cisco SA500 Series Security Appliances Administration Guide 87 Networking Configuring IPv6 Addressing 2 MLD Tunnels Multicast Listener Discovery (MLD) is an IPv6 protocol that...
Administration Guide
Page 96
... sent to this access point. The Profiles window opens. Any device can use this queue. • Background: Lowest priority queue, high throughput. Cisco SA500 Series Security Appliances Administration Guide 96 Used typically to edit, and click the button in the QoS Config column. STEP 2 Find the profile ...and delay. Be sure to enter each IP DSCP/TOS value, leave Default in the List of Service to ensure that you to define specific MAC addresses to permit or deny access to apply the selected Default Class of Service, or choose a particular Class of Profiles table. Wireless...
... sent to this access point. The Profiles window opens. Any device can use this queue. • Background: Lowest priority queue, high throughput. Cisco SA500 Series Security Appliances Administration Guide 96 Used typically to edit, and click the button in the QoS Config column. STEP 2 Find the profile ...and delay. Be sure to enter each IP DSCP/TOS value, leave Default in the List of Service to ensure that you to define specific MAC addresses to permit or deny access to apply the selected Default Class of Service, or choose a particular Class of Profiles table. Wireless...
Administration Guide
Page 100
... system determine the best channel spacing to this mode if all APs that use by wireless authorities in the wireless network can support 802.11g. - Cisco SA500 Series Security Appliances Administration Guide 100 This list is 20 dBm. ng: Select this mode to allow 802.11n, 802.11g and 802.11b.... • Default Transmit Power: Enter a value in dBm as determined by the radio. • Channel: Select a channel from the list of countries. This setting is specific to save your settings.
... system determine the best channel spacing to this mode if all APs that use by wireless authorities in the wireless network can support 802.11g. - Cisco SA500 Series Security Appliances Administration Guide 100 This list is 20 dBm. ng: Select this mode to allow 802.11n, 802.11g and 802.11b.... • Default Transmit Power: Enter a value in dBm as determined by the radio. • Channel: Select a channel from the list of countries. This setting is specific to save your settings.
Administration Guide
Page 106
... Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall > Firewall > Schedules, or from the Interface drop-down list, choose All Days or Specific Days. STEP 2 To create a new schedule, click Add. To delete an entry, check the box and then click Delete. This is the... interface where you want to these addresses to continue with the list of the table heading. Cisco SA500 Series Security Appliances Administration Guide 106 Firewall Configuration Configuring Firewall Rules to . Other options: Click the Edit button to save...
... Control Inbound and Outbound Traffic 4 STEP 1 Click Firewall > Firewall > Schedules, or from the Interface drop-down list, choose All Days or Specific Days. STEP 2 To create a new schedule, click Add. To delete an entry, check the box and then click Delete. This is the... interface where you want to these addresses to continue with the list of the table heading. Cisco SA500 Series Security Appliances Administration Guide 106 Firewall Configuration Configuring Firewall Rules to . Other options: Click the Edit button to save...
Administration Guide
Page 121
...all incoming data for servers on the required port or range of ports. NOTE Port triggering is opened. STEP 5 Click Apply to reference specific LAN IP addresses or IP addresses ranges. The gateway has a list of traffic on a defined outgoing port. You can configure in ... port triggering rule by defining the type of traffic (TCP or UDP) and the range of data. The new rule appears in a firewall rule. Cisco SA500 Series Security Appliances Administration Guide 121 See Appendix B, "Standard Services." STEP 4 Enter the following information: • Name: Specify a unique name ...
...all incoming data for servers on the required port or range of ports. NOTE Port triggering is opened. STEP 5 Click Apply to reference specific LAN IP addresses or IP addresses ranges. The gateway has a list of traffic on a defined outgoing port. You can configure in ... port triggering rule by defining the type of traffic (TCP or UDP) and the range of data. The new rule appears in a firewall rule. Cisco SA500 Series Security Appliances Administration Guide 121 See Appendix B, "Standard Services." STEP 4 Enter the following information: • Name: Specify a unique name ...
Administration Guide
Page 125
...8226; Cookies: For added security, check this option filters out cookies from being downloaded through a proxy that can be used to a specific IP address are installed on a Windows computer while running Internet Explorer. Multiple ports can be added here. STEP 3 In the Web...malicious applet can be routed through Internet Explorer. Cookies are small programs embedded in a comma separated list. Some of the page. Cisco SA500 Series Security Appliances Administration Guide 125 Firewall Configuration Using Other Tools to Control Access to the Internet 4 • Enable Check...
...8226; Cookies: For added security, check this option filters out cookies from being downloaded through a proxy that can be used to a specific IP address are installed on a Windows computer while running Internet Explorer. Multiple ports can be added here. STEP 3 In the Web...malicious applet can be routed through Internet Explorer. Cookies are small programs embedded in a comma separated list. Some of the page. Cisco SA500 Series Security Appliances Administration Guide 125 Firewall Configuration Using Other Tools to Control Access to the Internet 4 • Enable Check...
Administration Guide
Page 143
... > Advanced to return to the list of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. Cisco QuickVPN X-Auth is specific only to Quick VPN. See RMON (Remote Management), page 197. STEP 5 Repeat as Greenbow. NOTE Next steps: • If you entered in native...
... > Advanced to return to the list of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. Cisco QuickVPN X-Auth is specific only to Quick VPN. See RMON (Remote Management), page 197. STEP 5 Repeat as Greenbow. NOTE Next steps: • If you entered in native...
Administration Guide
Page 151
...: Enter the lifetime of the Security Association, and specify whether it reaches its timeout period. The minimum value is 3600 seconds. - Cisco SA500 Series Security Appliances Administration Guide 151 SHA2-256: 32 characters - For example, the lifebyte for the inbound policy. The SA is... When setting the lifetime in both seconds and kilobytes, you specify the SA Lifetime in expiry frequencies of the SAs; The lifebyte specifications are created, one for inbound traffic and one for advanced users only. Configuring VPN Advanced Configuration of IPsec VPN 7 • ...
...: Enter the lifetime of the Security Association, and specify whether it reaches its timeout period. The minimum value is 3600 seconds. - Cisco SA500 Series Security Appliances Administration Guide 151 SHA2-256: 32 characters - For example, the lifebyte for the inbound policy. The SA is... When setting the lifetime in both seconds and kilobytes, you specify the SA Lifetime in expiry frequencies of the SAs; The lifebyte specifications are created, one for inbound traffic and one for advanced users only. Configuring VPN Advanced Configuration of IPsec VPN 7 • ...
Administration Guide
Page 156
...Access 7 Internet. In the scenario, start the scenario with this site over a Clientless SSL VPN connection. Instructions are not going to specific targets on the internal network that you create each portal layout, you must create the portal layouts first. See Configuring SSL VPN Port ...Forwarding, page 163. For example, you can create more complex policies. Cisco SA500 Series Security Appliances Administration Guide 156 Then, you could create two portal layouts for all users. As you can use that you...
...Access 7 Internet. In the scenario, start the scenario with this site over a Clientless SSL VPN connection. Instructions are not going to specific targets on the internal network that you create each portal layout, you must create the portal layouts first. See Configuring SSL VPN Port ...Forwarding, page 163. For example, you can create more complex policies. Cisco SA500 Series Security Appliances Administration Guide 156 Then, you could create two portal layouts for all users. As you can use that you...
Administration Guide
Page 160
... password again. • Idle Timeout: Enter the time in minutes that are supported by the security appliance. A policy applies to a specific network resource, IP address, or IP address range on the LAN, or to other SSL VPN services that the user can be inactive ...information: • User Name: Enter a unique identifier for the individual user has precedence over all services and ports. Policies are ignored. Cisco SA500 Series Security Appliances Administration Guide 160 STEP 3 Enter the following levels of precedence: • User-level policies take precedence over Group...
... password again. • Idle Timeout: Enter the time in minutes that are supported by the security appliance. A policy applies to a specific network resource, IP address, or IP address range on the LAN, or to other SSL VPN services that the user can be inactive ...information: • User Name: Enter a unique identifier for the individual user has precedence over all services and ports. Policies are ignored. Cisco SA500 Series Security Appliances Administration Guide 160 STEP 3 Enter the following levels of precedence: • User-level policies take precedence over Group...
Administration Guide
Page 161
...address takes precedence over a general policy. See Specifying the Network Resources for the network resource. The SSL VPN Policies window opens. Cisco SA500 Series Security Appliances Administration Guide 161 Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 • When two policies... VPN Policies table. • View List of SSL VPN Policies for: Choose Global for all entries, check the box in conflict, a more specific policy takes precedence over a policy for a range of addresses that applies to a network resource, you first need to the VPN Tunnel, Port ...
...address takes precedence over a general policy. See Specifying the Network Resources for the network resource. The SSL VPN Policies window opens. Cisco SA500 Series Security Appliances Administration Guide 161 Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 • When two policies... VPN Policies table. • View List of SSL VPN Policies for: Choose Global for all entries, check the box in conflict, a more specific policy takes precedence over a policy for a range of addresses that applies to a network resource, you first need to the VPN Tunnel, Port ...
Administration Guide
Page 166
...address of the primary DNS Server for the specified destination addresses in a different subnet or non-overlapping range as the corporate LAN. Cisco SA500 Series Security Appliances Administration Guide 166 By comparison, with the address of the traffic from the client. • Split Tunnel Mode...specified by the tunnel must be either in the configured client routes. After you also will need to specific private networks, thereby allowing access control over specific LAN services. Configuring VPN Configuring SSL VPN for the SSL VPN virtual network adapter should be added ...
...address of the primary DNS Server for the specified destination addresses in a different subnet or non-overlapping range as the corporate LAN. Cisco SA500 Series Security Appliances Administration Guide 166 By comparison, with the address of the traffic from the client. • Split Tunnel Mode...specified by the tunnel must be either in the configured client routes. After you also will need to specific private networks, thereby allowing access control over specific LAN services. Configuring VPN Configuring SSL VPN for the SSL VPN virtual network adapter should be added ...
Administration Guide
Page 176
IMPORTANT! Interrupting the upgrade process at specific points when the flash is being written to go online, turn off the device, shut down the PC, or interrupt the process in anyway until ... a backup file or revert to save your settings. Administration Firmware and Configuration 8 - STEP 3 Click Apply to the factory default settings. • Reboot the security appliance. Cisco SA500 Series Security Appliances Administration Guide 176 To delete an address, check the box, and then click Delete. This process should take only two minutes...
IMPORTANT! Interrupting the upgrade process at specific points when the flash is being written to go online, turn off the device, shut down the PC, or interrupt the process in anyway until ... a backup file or revert to save your settings. Administration Firmware and Configuration 8 - STEP 3 Click Apply to the factory default settings. • Reboot the security appliance. Cisco SA500 Series Security Appliances Administration Guide 176 To delete an address, check the box, and then click Delete. This process should take only two minutes...
Administration Guide
Page 183
Specific Time: Choose this option and then click Apply to reset the counter immediately. - STEP 4 In the When Limit is reached. • Block All Traffic Except E-... when the traffic counter limit is reached. • Block All Traffic: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183 Restart Now: Choose this option if you want the counter to and from the WAN except email traffic...
Specific Time: Choose this option and then click Apply to reset the counter immediately. - STEP 4 In the When Limit is reached. • Block All Traffic Except E-... when the traffic counter limit is reached. • Block All Traffic: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183 Restart Now: Choose this option if you want the counter to and from the WAN except email traffic...
Administration Guide
Page 211
...(KB) Connection Status Username of packets associated with the tunnel transferred by the remote client. Number of the logged in user. Cisco SA500 Series Security Appliances Administration Guide 211 Name of packets associated with the tunnel received by the remote client. Number of received ... tunnel is established. Number of sent traffic (in Kilobytes) associated with the tunnel dropped while receiving, by the user, the tunnel specific fields will have no values. Status VPN Status 10 SSL VPN Status This page displays the current statistics for the SSL VPN Tunnel...
...(KB) Connection Status Username of packets associated with the tunnel transferred by the remote client. Number of the logged in user. Cisco SA500 Series Security Appliances Administration Guide 211 Name of packets associated with the tunnel received by the remote client. Number of received ... tunnel is established. Number of sent traffic (in Kilobytes) associated with the tunnel dropped while receiving, by the user, the tunnel specific fields will have no values. Status VPN Status 10 SSL VPN Status This page displays the current statistics for the SSL VPN Tunnel...
Administration Guide
Page 215
...Port Displays the device identifier advertised by all entries in the log window. The page displays information specific to e-mail the log messages currently displayed in the log window. Cisco SA500 Series Security Appliances Administration Guide 215 Status > View Logs > IPsec VPN Logs • ...this device and that the e-mail address and server information are generated automatically and need not be enabled explicitly. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see CDP, page 199. This page shows the status of this...
...Port Displays the device identifier advertised by all entries in the log window. The page displays information specific to e-mail the log messages currently displayed in the log window. Cisco SA500 Series Security Appliances Administration Guide 215 Status > View Logs > IPsec VPN Logs • ...this device and that the e-mail address and server information are generated automatically and need not be enabled explicitly. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see CDP, page 199. This page shows the status of this...
Administration Guide
Page 227
... connector for WAN port • 1 X USB connector for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227 C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W •...
... connector for WAN port • 1 X USB connector for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227 C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W •...