Installation Guide
Page 11
...200 1-5 Symantec Firewall/VPN 200R 1-5 Symantec Firewall/VPN international symbols 1-6 Management/Configuration interface 1-7 Installation Prerequisites 2-1 Network requirements 2-1 Cautions and warnings 2-2 Internet account information 2-3 Connecting the cables 2-3 To connect the cables 2-4 Configuring your computer 2-5 Configuration Management / Configuration interface 3-1 1 Stateful Inspection 1-1 Networking 1-2 Virtual Private Networking (VPN 1-2 High Availability / Load Balancing 1-2 Automatic Dial Up Back Up 1-2 IP Address Sharing 1-2 Logging - C O N T E N T S Product...
...200 1-5 Symantec Firewall/VPN 200R 1-5 Symantec Firewall/VPN international symbols 1-6 Management/Configuration interface 1-7 Installation Prerequisites 2-1 Network requirements 2-1 Cautions and warnings 2-2 Internet account information 2-3 Connecting the cables 2-3 To connect the cables 2-4 Configuring your computer 2-5 Configuration Management / Configuration interface 3-1 1 Stateful Inspection 1-1 Networking 1-2 Virtual Private Networking (VPN 1-2 High Availability / Load Balancing 1-2 Automatic Dial Up Back Up 1-2 IP Address Sharing 1-2 Logging - C O N T E N T S Product...
Installation Guide
Page 12
... on the local LAN 4-8 Host IP and Group 4-10 Access Filters 4-12 Security Groups 4-13 Special Applications 4-14 Virtual Servers 4-17 Types of Virtual Servers 4-17 Virtual Servers example - Contents To start the User interface 3-1 Basic configuration 3-2 Language Selection screen 3-2 Main Setup Screen 3-3 To configure using the Symantec Firewall/VPN 200 Main Setup screen 3-4 Required by Internet users 4-19 Custom Virtual Server 4-20 Existing Custom Virtual Servers 4-21 Exposed Host (DMZ 4-22 Expert Level 4-24 Expert Level Connection fields 4-26 Load Balance 4-26 SMTP Bind...
... on the local LAN 4-8 Host IP and Group 4-10 Access Filters 4-12 Security Groups 4-13 Special Applications 4-14 Virtual Servers 4-17 Types of Virtual Servers 4-17 Virtual Servers example - Contents To start the User interface 3-1 Basic configuration 3-2 Language Selection screen 3-2 Main Setup Screen 3-3 To configure using the Symantec Firewall/VPN 200 Main Setup screen 3-4 Required by Internet users 4-19 Custom Virtual Server 4-20 Existing Custom Virtual Servers 4-21 Exposed Host (DMZ 4-22 Expert Level 4-24 Expert Level Connection fields 4-26 Load Balance 4-26 SMTP Bind...
Installation Guide
Page 13
... 4-28 Configuring Virtual Private Networks (VPN) To configure a VPN using Static Key 5-3 To update a VPN configuration using Static Key 5-5 To delete a VPN configuration using Static Key 5-5 Static tunnel example 5-6 To configure a VPN with Dynamic Key 5-8 To update a VPN configuration using Dynamic Key 5-11 To delete a VPN configuration using Dynamic Key 5-11 Dynamic tunnel example 5-12 VPN Client Identity 5-14 Utilities Backup / Analog / ISDN 6-1 Serial configuration console 6-4 Manual reset 6-6 Configuration back up 6-7 View Log 6-8 Log Settings 6-8 Configuring the Symantec...
... 4-28 Configuring Virtual Private Networks (VPN) To configure a VPN using Static Key 5-3 To update a VPN configuration using Static Key 5-5 To delete a VPN configuration using Static Key 5-5 Static tunnel example 5-6 To configure a VPN with Dynamic Key 5-8 To update a VPN configuration using Dynamic Key 5-11 To delete a VPN configuration using Dynamic Key 5-11 Dynamic tunnel example 5-12 VPN Client Identity 5-14 Utilities Backup / Analog / ISDN 6-1 Serial configuration console 6-4 Manual reset 6-6 Configuration back up 6-7 View Log 6-8 Log Settings 6-8 Configuring the Symantec...
Installation Guide
Page 14
... Enterprise VPN Client with Symantec Firewall/VPN 200R . . . . 8-2 Configure Symantec Firewall/VPN 200R for a dynamic tunnel to Symantec Enterprise VPN Client 8-3 Configure Symantec Enterprise VPN Client for a Dynamic tunnel to Symantec Firewall/ VPN 200R 8-7 Trouble Shooting Problem 1: Can not connect to the Symantec Firewall/VPN to configure it 9-1 Problem 2: When I enter a URL or IP address I get a time out error 9-1 Problem 3: Some applications do not run properly when using the Firewall/VPN. . 9-2 Problem 4: PPPoE will not authenticate 9-2 Firmware Upgrades To upgrade firmware...
... Enterprise VPN Client with Symantec Firewall/VPN 200R . . . . 8-2 Configure Symantec Firewall/VPN 200R for a dynamic tunnel to Symantec Enterprise VPN Client 8-3 Configure Symantec Enterprise VPN Client for a Dynamic tunnel to Symantec Firewall/ VPN 200R 8-7 Trouble Shooting Problem 1: Can not connect to the Symantec Firewall/VPN to configure it 9-1 Problem 2: When I enter a URL or IP address I get a time out error 9-1 Problem 3: Some applications do not run properly when using the Firewall/VPN. . 9-2 Problem 4: PPPoE will not authenticate 9-2 Firmware Upgrades To upgrade firmware...
Installation Guide
Page 15
... easily to access your servers while maintaining the security you to communicate securely using the Internet as the Symantec Enterprise Firewall or VelociRaptor. The Firewall feature makes your network "invisible" from the outside and it to network all unauthorized external requests for small or remote offices connected by businesses such as integrated high availability, automatic dial-up backup and virtual private networking (VPN). You can enable your...
... easily to access your servers while maintaining the security you to communicate securely using the Internet as the Symantec Enterprise Firewall or VelociRaptor. The Firewall feature makes your network "invisible" from the outside and it to network all unauthorized external requests for small or remote offices connected by businesses such as integrated high availability, automatic dial-up backup and virtual private networking (VPN). You can enable your...
Installation Guide
Page 16
... or ISP. Product Overview Networking The Symantec Firewall/VPN also enables a local area network (LAN). This combination ensures quick and easy network setup for auto dial-up connection to gateway tunnels (model 200R). Virtual Private Networking (VPN) The VPN feature of the Symantec Firewall/VPN models act as VPN gateways (VPN end points) for gateway to gateway VPN tunnels and remote client VPN to the internet, using different internet connection technology (for analog or ISDN connections as well as pre-configuring or resetting the unit via...
... or ISP. Product Overview Networking The Symantec Firewall/VPN also enables a local area network (LAN). This combination ensures quick and easy network setup for auto dial-up connection to gateway tunnels (model 200R). Virtual Private Networking (VPN) The VPN feature of the Symantec Firewall/VPN models act as VPN gateways (VPN end points) for gateway to gateway VPN tunnels and remote client VPN to the internet, using different internet connection technology (for analog or ISDN connections as well as pre-configuring or resetting the unit via...
Installation Guide
Page 25
... order to access the Web and e-mail when using the Symantec Firewall/VPN. just connecting the Symantec Firewall/VPN and rebooting your computer will need your IP Address, Network Mask, Gateway, and DNS Some ISPs (usually cable) have adopted this information from your e-mail servers and Web home page. See below for your ISP. Most large DSL ISPs have abbreviated names for instructions on...
... order to access the Web and e-mail when using the Symantec Firewall/VPN. just connecting the Symantec Firewall/VPN and rebooting your computer will need your IP Address, Network Mask, Gateway, and DNS Some ISPs (usually cable) have adopted this information from your e-mail servers and Web home page. See below for your ISP. Most large DSL ISPs have abbreviated names for instructions on...
Installation Guide
Page 32
... Setup screen is provided automatically by default and applies to you may need to access the Internet. The Main Menu as described in the PPPoE section. Then enter the Static IP information using PPPoE if you are correct. 3-4 You are likely to you have trouble, verify that your computer to update its IP information to change the Network Adapter (MAC) address. Enter the user...
... Setup screen is provided automatically by default and applies to you may need to access the Internet. The Main Menu as described in the PPPoE section. Then enter the Static IP information using PPPoE if you are correct. 3-4 You are likely to you have trouble, verify that your computer to update its IP information to change the Network Adapter (MAC) address. Enter the user...
Installation Guide
Page 46
... only for e-mail forwarding using your new domain and alternate domain names. Enter your account information. To configure Optional settings 1. Click on Backup MX. 3. Routing When there is your Basic Settings. Advanced Configuration 1. This is more than one router on a network, you manually updating your information unless your WAN Port from the WAN Port drop down list. 3. Click on the Firewall/ VPN, to tell it what...
... only for e-mail forwarding using your new domain and alternate domain names. Enter your account information. To configure Optional settings 1. Click on Backup MX. 3. Routing When there is your Basic Settings. Advanced Configuration 1. This is more than one router on a network, you manually updating your information unless your WAN Port from the WAN Port drop down list. 3. Click on the Firewall/ VPN, to tell it what...
Installation Guide
Page 47
... not being used on the network, you may lose your connection to the unit and have previously made an entry to this screen and you want to update or delete it using Select Entry and then click Update Fields Below to access its settings. Use the static routing table only when needed. If you make incorrect entries, you must first select it , you are adding a new entry...
... not being used on the network, you may lose your connection to the unit and have previously made an entry to this screen and you want to update or delete it using Select Entry and then click Update Fields Below to access its settings. Use the static routing table only when needed. If you make incorrect entries, you must first select it , you are adding a new entry...
Installation Guide
Page 54
... section, check the items you wish to block. 5. Special Applications Certain applications with Security Groups using the Host IP & Group Screen. 2. Some popular titles are already predefined, but are disabled by the protocol you want to block. To find out what ports and protocols your application needs for operation, it's best to the selected group. This section defines the overall setting that applies to consult the application's support section...
... section, check the items you wish to block. 5. Special Applications Certain applications with Security Groups using the Host IP & Group Screen. 2. Some popular titles are already predefined, but are disabled by the protocol you want to block. To find out what ports and protocols your application needs for operation, it's best to the selected group. This section defines the overall setting that applies to consult the application's support section...
Installation Guide
Page 59
... WAN Port field displayed on your STATUS screen. It exposes all virtual servers on your network have different virtual servers directed to activate a pre-defined virtual server. To Internet users, all ports on page 4-20 ) may be helpful. You can try this feature to expose the host. 4-19 For security, you should always keep this example. This is available for this disabled until you are using different protocols or port numbers. Click Save. Virtual Servers 2.
... WAN Port field displayed on your STATUS screen. It exposes all virtual servers on your network have different virtual servers directed to activate a pre-defined virtual server. To Internet users, all ports on page 4-20 ) may be helpful. You can try this feature to expose the host. 4-19 For security, you should always keep this example. This is available for this disabled until you are using different protocols or port numbers. Click Save. Virtual Servers 2.
Installation Guide
Page 67
... user interface by checking the check box next to direct traffic over routed networks. Language You can cause collisions under heavy traffic loads. This makes your VPN client in the status log that is useful if you enable RIP2 functionality of the available languages for proper communication with NAT disabled. Log Level Choosing Debug will give more detailed information in Exposed Host (DMZ) mode if having problems accessing a server...
... user interface by checking the check box next to direct traffic over routed networks. Language You can cause collisions under heavy traffic loads. This makes your VPN client in the status log that is useful if you enable RIP2 functionality of the available languages for proper communication with NAT disabled. Log Level Choosing Debug will give more detailed information in Exposed Host (DMZ) mode if having problems accessing a server...
Installation Guide
Page 69
... sensitive data. clear text is based on the IPSec (IP Security) standards. In addition to safely connect over the Internet, thus eliminating costly leased lines. This model minimizes costs It also provides a brief overview of the Symantec Firewall/VPN User Interface. gateway-to -gateway tunnels protect entire subnets. Gateway-to -gateway, and clientto-gateway (200R only). Client Identity features of VPNs, encryption and authentication. The Symantec Firewall/VPN supports two types...
... sensitive data. clear text is based on the IPSec (IP Security) standards. In addition to safely connect over the Internet, thus eliminating costly leased lines. This model minimizes costs It also provides a brief overview of the Symantec Firewall/VPN User Interface. gateway-to -gateway tunnels protect entire subnets. Gateway-to -gateway, and clientto-gateway (200R only). Client Identity features of VPNs, encryption and authentication. The Symantec Firewall/VPN supports two types...
Installation Guide
Page 73
... VPN Static Key information and create your changes and update the VPN. Click Add to view information about that Security Association. 3. The format for each additional Destination Network. 15. If you have more than one Remote Network repeat the previous two steps for the Destination Network Mask field is a minimum of seven digits ( x.x.x.x) and a maximum of your Destination Network. 14. To configure a VPN using Static Key Set to Enable to delete the VPN...
... VPN Static Key information and create your changes and update the VPN. Click Add to view information about that Security Association. 3. The format for each additional Destination Network. 15. If you have more than one Remote Network repeat the previous two steps for the Destination Network Mask field is a minimum of seven digits ( x.x.x.x) and a maximum of your Destination Network. 14. To configure a VPN using Static Key Set to Enable to delete the VPN...
Installation Guide
Page 79
..., enter the IP address of your Destination Network. To update a VPN configuration using Dynamic Key 1. To delete a VPN configuration using Dynamic Key 1. From the Main Menu, select VPN - Click Add to save your VPN Dynamic Key information and create your changes and update the VPN. Click Update Fields Below. 4. Click the Global Tunnel Enable or Disable radio button. Dynamic Key. 2. Enter all outbound (Internet) traffic to pass through the VPN tunnel. To configure a VPN with Dynamic Key The Pre-Shared...
..., enter the IP address of your Destination Network. To update a VPN configuration using Dynamic Key 1. To delete a VPN configuration using Dynamic Key 1. From the Main Menu, select VPN - Click Add to save your VPN Dynamic Key information and create your changes and update the VPN. Click Update Fields Below. 4. Click the Global Tunnel Enable or Disable radio button. Dynamic Key. 2. Enter all outbound (Internet) traffic to pass through the VPN tunnel. To configure a VPN with Dynamic Key The Pre-Shared...
Installation Guide
Page 82
It also defines Pre-Shared keys. 5-14 Configuring Virtual Private Networks (VPN) VPN Dynamic Key screen fields Global Tunnel Remote Subnet 1 IP Remote Subnet 1 Mask Symantec FW/VPN 100 settings disable 192.168.0.0 255.255.255.0 Symantec FW/VPN 200 settings disable 192.168.100.0 255.255.255.0 VPN Client Identity Figure 5-6: VPN Client Identity screen The VPN Client Identity screen identifies and enables VPN Client users.
It also defines Pre-Shared keys. 5-14 Configuring Virtual Private Networks (VPN) VPN Dynamic Key screen fields Global Tunnel Remote Subnet 1 IP Remote Subnet 1 Mask Symantec FW/VPN 100 settings disable 192.168.0.0 255.255.255.0 Symantec FW/VPN 200 settings disable 192.168.100.0 255.255.255.0 VPN Client Identity Figure 5-6: VPN Client Identity screen The VPN Client Identity screen identifies and enables VPN Client users.
Installation Guide
Page 87
... to dial if the first are predefined. Not used by pinging manually first. When enabled, the Symantec Firewall/VPN connects automatically when broadband disconnects. 2. a. c. If your connection type. 3. To configure Backup/Analog /ISDN 1. Under Connection, in the Internet Access fields, check the Normal or ISDN or Analog Only (no Broadband) check boxes to identify your modem isn't listed, you'll need to determine whether that...
... to dial if the first are predefined. Not used by pinging manually first. When enabled, the Symantec Firewall/VPN connects automatically when broadband disconnects. 2. a. c. If your connection type. 3. To configure Backup/Analog /ISDN 1. Under Connection, in the Internet Access fields, check the Normal or ISDN or Analog Only (no Broadband) check boxes to identify your modem isn't listed, you'll need to determine whether that...
Installation Guide
Page 114
...; User name and Password need to upgrade your firmware. When the Exposed Host feature is being used an IP range that your computer's IP settings are some known issues. • Please remember to click Save after entering all your options in Installation. • If the Symantec Firewall/VPN is configured correctly, check your computer to be setup properly or you have a problem you are using their application...
...; User name and Password need to upgrade your firmware. When the Exposed Host feature is being used an IP range that your computer's IP settings are some known issues. • Please remember to click Save after entering all your options in Installation. • If the Symantec Firewall/VPN is configured correctly, check your computer to be setup properly or you have a problem you are using their application...
Installation Guide
Page 120
... 5-10 Pre-Shared key 5-14 R Remote Access 4-28 remote client 1-2 Remote Management 1-3 remote management 4-28 Reset 1-7 RIP V2 4-27 RIP2 4-7 routing 4-6 routing table 4-8 S SA Life 5-10 Security gateway adding 8-7 downloading from 8-3 Security Group 4-14 Serial Configuration Console 6-4 Serial Port 1-7 Service and Support 3-vi 2 SEVPN 7-1 SMTP Bind 4-26 SNMP 1-3 SNMP Trap Receiver 4-28 Special Applications 4-14 Stateful Inspection 1-1 Static IP 6-3 Static IP and DNS 3-7 Static IP Internet Account 2-3 Status Screen 3-9 Symantec Enterprise VPN Server 7-1 T TCP/IP Network Protocol 2-2 Technical...
... 5-10 Pre-Shared key 5-14 R Remote Access 4-28 remote client 1-2 Remote Management 1-3 remote management 4-28 Reset 1-7 RIP V2 4-27 RIP2 4-7 routing 4-6 routing table 4-8 S SA Life 5-10 Security gateway adding 8-7 downloading from 8-3 Security Group 4-14 Serial Configuration Console 6-4 Serial Port 1-7 Service and Support 3-vi 2 SEVPN 7-1 SMTP Bind 4-26 SNMP 1-3 SNMP Trap Receiver 4-28 Special Applications 4-14 Stateful Inspection 1-1 Static IP 6-3 Static IP and DNS 3-7 Static IP Internet Account 2-3 Status Screen 3-9 Symantec Enterprise VPN Server 7-1 T TCP/IP Network Protocol 2-2 Technical...