Product Manual
Page 80
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 80 LAN-to-LAN VPN using IPSec Settings for Branch office 1.
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 80 LAN-to-LAN VPN using IPSec Settings for Branch office 1.
Product Manual
Page 81
Setup policies for the firewall to -LAN tunnel Remote Net: 192.168.1.0/24 Remote Gateway: 194.0.2.20 Enable Automatically add a route for the remote network Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Select Tunnel type: LAN-to restart
Setup policies for the firewall to -LAN tunnel Remote Net: 192.168.1.0/24 Remote Gateway: 194.0.2.20 Enable Automatically add a route for the remote network Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Select Tunnel type: LAN-to restart
Product Manual
Page 82
Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note! You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply 82
Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note! You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply 82
Product Manual
Page 83
Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all traffic between the two offices. Setup policies for the firewall to -LAN VPN solution section of this user guide. To get a more secure solution read the A more secure LAN-to restart This example will allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. 3.
Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all traffic between the two offices. Setup policies for the firewall to -LAN VPN solution section of this user guide. To get a more secure solution read the A more secure LAN-to restart This example will allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. 3.
Product Manual
Page 84
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
Product Manual
Page 86
Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 86 Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Under MPPE encryption 128 bit should be the only checked option. Leave Use IPSec encryption unchecked Click Apply 3. Click Activate and wait for the firewall to restart.
Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 86 Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Under MPPE encryption 128 bit should be the only checked option. Leave Use IPSec encryption unchecked Click Apply 3. Click Activate and wait for the firewall to restart.
Product Manual
Page 87
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
Product Manual
Page 88
Leave Use IPsec encryption unchecked Click Apply 3. Under MPPE encryption 128 bit should be the only checked option. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 88 Under authentication MSCHAPv2 should be the only checked option.
Leave Use IPsec encryption unchecked Click Apply 3. Under MPPE encryption 128 bit should be the only checked option. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 88 Under authentication MSCHAPv2 should be the only checked option.
Product Manual
Page 90
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Product Manual
Page 92
Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Under MPPE encryption only None should use a key that is hard to restart 92 You should be checked Check Use IPsec encryption Enter key 1234567890 (Note!
Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Under MPPE encryption only None should use a key that is hard to restart 92 You should be checked Check Use IPsec encryption Enter key 1234567890 (Note!
Product Manual
Page 93
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for Main office 1.
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for Main office 1.
Product Manual
Page 95
3. Set up authentication source, Firewall->Users: Select Local database Click Apply Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
3. Set up authentication source, Firewall->Users: Select Local database Click Apply Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
Product Manual
Page 97
Setup policies for Branch office 1. Select from LAN to access from the branch office. In this example we have a mail server, ftp server and a web server (... for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all traffic between the two private Networks. A more secure LAN-to-LAN VPN solution In order to establish a more secure LAN-to enable some common services allowed through the VPN tunnel. The following steps show how to -LAN VPN connection...
Setup policies for Branch office 1. Select from LAN to access from the branch office. In this example we have a mail server, ftp server and a web server (... for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all traffic between the two private Networks. A more secure LAN-to-LAN VPN solution In order to establish a more secure LAN-to enable some common services allowed through the VPN tunnel. The following steps show how to -LAN VPN connection...
Product Manual
Page 98
Setup the new rule: Name the new rule: allow_pop3 Select action: Allow Select service: pop3 Select schedule: Always We don't want any Intrusion detection for now, so leave this option unchecked. Click Apply 98 4.
Setup the new rule: Name the new rule: allow_pop3 Select action: Allow Select service: pop3 Select schedule: Always We don't want any Intrusion detection for now, so leave this option unchecked. Click Apply 98 4.
Product Manual
Page 100
Click Activate and wait for the firewall to create policies for the VPN interfaces. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2. Now it is possible to restart. 100 Select from toBranchOffice to LAN and click Show. 3. Create the same 4 policy rules that were created on the branch office firewall (allow_pop3, allow_imap, allow_ftp and allow_http). 4. Setup policies for Main office 1.
Click Activate and wait for the firewall to create policies for the VPN interfaces. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2. Now it is possible to restart. 100 Select from toBranchOffice to LAN and click Show. 3. Create the same 4 policy rules that were created on the branch office firewall (allow_pop3, allow_imap, allow_ftp and allow_http). 4. Setup policies for Main office 1.
Product Manual
Page 108
All settings needed for Main office 1. Select the Networking tab and change Type of VPN to the Main office. Settings for the XP client are now complete. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. Click OK.
All settings needed for Main office 1. Select the Networking tab and change Type of VPN to the Main office. Settings for the XP client are now complete. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. Click OK.
Product Manual
Page 109
Leave Use IPSec encryption unchecked Click Apply 3. Setup policies for the firewall to restart. Add a new user, Firewall->Users: Under Users in local database click Add new Name the new user HomeUser Enter ...password: 1234567890 Retype password: 1234567890 Leave static client IP empty (could also be set here the IP pool from the PPTP server settings are used). Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set...
Leave Use IPSec encryption unchecked Click Apply 3. Setup policies for the firewall to restart. Add a new user, Firewall->Users: Under Users in local database click Add new Name the new user HomeUser Enter ...password: 1234567890 Retype password: 1234567890 Leave static client IP empty (could also be set here the IP pool from the PPTP server settings are used). Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set...
Product Manual
Page 111
Settings for the client side. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above . The only changes to L2TP IPSec VPN. In step 13, change the Type of VPN to the PPTP guide are: 1.
Settings for the client side. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above . The only changes to L2TP IPSec VPN. In step 13, change the Type of VPN to the PPTP guide are: 1.
Product Manual
Page 113
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set ... Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2.
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set ... Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2.
Product Manual
Page 115
The policy setup is quite similar. In this example a mail server with IP 192.168.2.4 and a web server with IP 192.168.2.5 are using a port mapping. In this example we are connected to a web server on the firewall. To set up intrusion detection and prevention to the DMZ interface on the DMZ net, follow these steps: 1. Create a Port mapping for both policies and port mappings. Intrusion Detection and Prevention Intrusion detection and prevention can be enabled for the web server, Firewall->Port Mapping: Under Configured mappings, click Add new
The policy setup is quite similar. In this example a mail server with IP 192.168.2.4 and a web server with IP 192.168.2.5 are using a port mapping. In this example we are connected to a web server on the firewall. To set up intrusion detection and prevention to the DMZ interface on the DMZ net, follow these steps: 1. Create a Port mapping for both policies and port mappings. Intrusion Detection and Prevention Intrusion detection and prevention can be enabled for the web server, Firewall->Port Mapping: Under Configured mappings, click Add new