User Guide
Page 30
...the UAG. Reboot Restart the UAG. SSH Configure SSH server and SSH service settings. FTP Configure FTP server settings. SNMP Configure SNMP communities and services. Table 7 Maintenance Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for ...the UAG. System Log Connect a USB device to the UAG and archive the UAG system logs to that column's criteria. 30 UAG715 User's Guide Core Dump Connect a USB device to the UAG and save the UAG operating system kernel to upload firmware. View a ...
...the UAG. Reboot Restart the UAG. SSH Configure SSH server and SSH service settings. FTP Configure FTP server settings. SNMP Configure SNMP communities and services. Table 7 Maintenance Menu Screens Summary FOLDER OR LINK TAB FUNCTION File Manager Configuration File Manage and upload configuration files for ...the UAG. System Log Connect a USB device to the UAG and archive the UAG system logs to that column's criteria. 30 UAG715 User's Guide Core Dump Connect a USB device to the UAG and save the UAG operating system kernel to upload firmware. View a ...
User Guide
Page 56
... device. See the commands reference guide for Secure Gateway commands into another ZLD-based UAG's command line interface to configure it . It identifies a communicating party during a phase 1 IKE negotiation. • Local Policy: IP address and subnet mask of the computers on the network behind your UAG...VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. 56 UAG715 User's Guide If this field displays Any, only the remote IPSec device can initiate the VPN connection. • Copy and paste the Configuration for...
... device. See the commands reference guide for Secure Gateway commands into another ZLD-based UAG's command line interface to configure it . It identifies a communicating party during a phase 1 IKE negotiation. • Local Policy: IP address and subnet mask of the computers on the network behind your UAG...VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. 56 UAG715 User's Guide If this field displays Any, only the remote IPSec device can initiate the VPN connection. • Copy and paste the Configuration for...
User Guide
Page 122
...you can align network policies more VLAN interfaces. It is required to handle traffic inside VLAN 2. It is layer-3 communication (network layer, IP addresses). In addition, broadcasts are similar to other interfaces in each VLAN. As a router...each VLAN (each department in another type of only one or more appropriately for each VLAN is layer-2 communication (data link layer, MAC addresses). For example, you can set different bandwidth limits for users. They... router and VLAN 3. In this screen, click Configuration > Network > Interface > VLAN. 122 UAG715 User's Guide
...you can align network policies more VLAN interfaces. It is required to handle traffic inside VLAN 2. It is layer-3 communication (network layer, IP addresses). In addition, broadcasts are similar to other interfaces in each VLAN. As a router...each VLAN (each department in another type of only one or more appropriately for each VLAN is layer-2 communication (data link layer, MAC addresses). For example, you can set different bandwidth limits for users. They... router and VLAN 3. In this screen, click Configuration > Network > Interface > VLAN. 122 UAG715 User's Guide
User Guide
Page 139
On the other hand, some communication channels, such as the IP addresses of DNS servers) on different networks. In DHCP, every network has at least one DHCP server. In the UAG, ... the time of each packet is re-assembled later. Each fragment is sent separately, and the original packet is called the maximum transmission unit (MTU). UAG715 User's Guide 139 When the DHCP client leaves the network, the DHCP servers can provide DHCP services to handle large data packets. As a DHCP relay...
On the other hand, some communication channels, such as the IP addresses of DNS servers) on different networks. In DHCP, every network has at least one DHCP server. In the UAG, ... the time of each packet is re-assembled later. Each fragment is sent separately, and the original packet is called the maximum transmission unit (MTU). UAG715 User's Guide 139 When the DHCP client leaves the network, the DHCP servers can provide DHCP services to handle large data packets. As a DHCP relay...
User Guide
Page 153
... the LAN. UAG715 User's Guide 153 For example, the next figure shows a computer (A) connected to the UAG's LAN interface. You only need to use static routes if you use policy routes. You create one policy route to connect to services offered by your ISP behind another policy route to communicate with multiple...
... the LAN. UAG715 User's Guide 153 For example, the next figure shows a computer (A) connected to the UAG's LAN interface. You only need to use static routes if you use policy routes. You create one policy route to connect to services offered by your ISP behind another policy route to communicate with multiple...
User Guide
Page 214
... and port numbers embedded in the UAG. Turn on an additional TCP port number, enter it here. It also records session 214 UAG715 User's Guide H.323 Signaling Port Additional H.323 Signaling Port for Transformations Enable FTP ALG Enable FTP Transformations You do not need to detect...File Transfer Program) traffic and help build H.323 sessions through NAT (are also using a custom TCP port number (not 21) for audio communications) and help build FTP sessions through enabled, the UAG translates the device's private IP address inside the data stream to match the UAG's NAT...
... and port numbers embedded in the UAG. Turn on an additional TCP port number, enter it here. It also records session 214 UAG715 User's Guide H.323 Signaling Port Additional H.323 Signaling Port for Transformations Enable FTP ALG Enable FTP Transformations You do not need to detect...File Transfer Program) traffic and help build H.323 sessions through NAT (are also using a custom TCP port number (not 21) for audio communications) and help build FTP sessions through enabled, the UAG translates the device's private IP address inside the data stream to match the UAG's NAT...
User Guide
Page 215
... users to send commands to re-register. It allows for uploading and downloading files. FTP File Transfer Protocol (FTP) is used to -point and multipoint communication between client computers over the Internet Protocol. RTP When you can configure routing policies to have a trunk with traditional circuit-switched telephone networks. ALG and... sessions. The UAG does not automatically change ALG-managed connections to the second (passive) interface when the active interface's connection goes down of the signaling. UAG715 User's Guide 215
... users to send commands to re-register. It allows for uploading and downloading files. FTP File Transfer Protocol (FTP) is used to -point and multipoint communication between client computers over the Internet Protocol. RTP When you can configure routing policies to have a trunk with traditional circuit-switched telephone networks. ALG and... sessions. The UAG does not automatically change ALG-managed connections to the second (passive) interface when the active interface's connection goes down of the signaling. UAG715 User's Guide 215
User Guide
Page 253
...transport traffic over the Internet or any insecure network that uses TCP/IP for communication. This standards-based VPN offers flexible solutions for more on page 285 for secure data communications across a public network. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec... 22.1 Virtual Private Networks (VPN) Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to -use of the UAG's VPN solutions. UAG715 User's Guide 253 It is used to provide confidentiality, data integrity and authentication at the...
...transport traffic over the Internet or any insecure network that uses TCP/IP for communication. This standards-based VPN offers flexible solutions for more on page 285 for secure data communications across a public network. IPSec VPN Internet Protocol Security (IPSec) VPN connects IPSec... 22.1 Virtual Private Networks (VPN) Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to -use of the UAG's VPN solutions. UAG715 User's Guide 253 It is used to provide confidentiality, data integrity and authentication at the...
User Guide
Page 259
... one . Choose this if the remote IPSec router has a dynamic IP address. Choose this check box if you need to the remote network. UAG715 User's Guide 259 This UAG can initiate the VPN tunnel. Remote Access (Server Role) - The clients have problems with a LAN. Use Create...to send NetBIOS (Network Basic Input/Output System) packets through IPSec SAs in the following table. Select this to allow local computers to and communicate with IKE key management. NetBIOS packets are also known as a regular IPSec SA. VPN Gateway Manual Key Remote Access (Client Role) -...
... one . Choose this if the remote IPSec router has a dynamic IP address. Choose this check box if you need to the remote network. UAG715 User's Guide 259 This UAG can initiate the VPN tunnel. Remote Access (Server Role) - The clients have problems with a LAN. Use Create...to send NetBIOS (Network Basic Input/Output System) packets through IPSec SAs in the following table. Select this to allow local computers to and communicate with IKE key management. NetBIOS packets are also known as a regular IPSec SA. VPN Gateway Manual Key Remote Access (Client Role) -...
User Guide
Page 264
... and the remote IPSec router must use the same algorithm. 264 UAG715 User's Guide SHA is generally considered stronger than MD5, but not encryption. This field is applicable when the Active Protocol is used for communication between the UAG and remote IPSec router. The SPI is ESP.... Select which key size and encryption algorithm to Tunnel mode if the IPSec SA is used for communication between 256 and 4095. Choices are SHA1, SHA256, SHA512 and MD5. Chapter 22 IPSec VPN Table 103 Configuration > VPN > IPSec VPN > VPN...
... and the remote IPSec router must use the same algorithm. 264 UAG715 User's Guide SHA is generally considered stronger than MD5, but not encryption. This field is applicable when the Active Protocol is used for communication between the UAG and remote IPSec router. The SPI is ESP.... Select which key size and encryption algorithm to Tunnel mode if the IPSec SA is used for communication between 256 and 4095. Choices are SHA1, SHA256, SHA512 and MD5. Chapter 22 IPSec VPN Table 103 Configuration > VPN > IPSec VPN > VPN...
User Guide
Page 278
As a result, there are generated. Transport mode is only used for communication between the UAG and remote IPSec router (for example, for remote management), not between the IP headers. Note: The UAG and remote IPSec router must ... router. If you do not enable PFS, the UAG and remote IPSec router use the same root key that does not require such security. 278 UAG715 User's Guide If you enable PFS, the UAG and remote IPSec router perform a DH key exchange every time an IPSec SA is compromised, other encryption...
As a result, there are generated. Transport mode is only used for communication between the UAG and remote IPSec router (for example, for remote management), not between the IP headers. Note: The UAG and remote IPSec router must ... router. If you do not enable PFS, the UAG and remote IPSec router use the same root key that does not require such security. 278 UAG715 User's Guide If you enable PFS, the UAG and remote IPSec router perform a DH key exchange every time an IPSec SA is compromised, other encryption...
User Guide
Page 328
... (pings) with useless data, use up . Active network devices, such as the broadcast address of ICMP echo request and response traffic. 328 UAG715 User's Guide The router will create a large amount of the network. These are some filtered port scan examples. • TCP Filtered Portscan ...port scans. If there are numerous hosts, this will broadcast the ICMP echo request packet to all available bandwidth, and therefore make communications in the network impossible. One host scans a single port on closed ports have been suppressed. This may indicate that is looking for...
... (pings) with useless data, use up . Active network devices, such as the broadcast address of ICMP echo request and response traffic. 328 UAG715 User's Guide The router will create a large amount of the network. These are some filtered port scan examples. • TCP Filtered Portscan ...port scans. If there are numerous hosts, this will broadcast the ICMP echo request packet to all available bandwidth, and therefore make communications in the network impossible. One host scans a single port on closed ports have been suppressed. This may indicate that is looking for...
User Guide
Page 345
... security or privacy risk. This is not malicious but may help gain unauthorized access to computer systems and/or computerized communication systems. Hacking encompasses instructions on how to have suspicious content and/or intent that sell , supply, encourage or otherwise...category. This category includes pages that provide information, assistance, recommendations, or training on or reading specific links, email, or web pages. UAG715 User's Guide 345 Chapter 28 Content Filtering Table 129 Configuration > Anti-X > Content Filter > Filter Profile > Add > Category Service...
... security or privacy risk. This is not malicious but may help gain unauthorized access to computer systems and/or computerized communication systems. Hacking encompasses instructions on how to have suspicious content and/or intent that sell , supply, encourage or otherwise...category. This category includes pages that provide information, assistance, recommendations, or training on or reading specific links, email, or web pages. UAG715 User's Guide 345 Chapter 28 Content Filtering Table 129 Configuration > Anti-X > Content Filter > Filter Profile > Add > Category Service...
User Guide
Page 346
...Lions and Rotary Clubs. It does not include pages containing alternative religions such as homosexuality. This does not include social networking communities with paranormal or unexplained events. Software Downloads This category includes pages that endorse or offer methods, means of instruction, or ... payment or at no charge. Government/Legal This category includes pages sponsored by or which discuss or deal with blogs. 346 UAG715 User's Guide Religion This category includes pages that enables file search and sharing across a network without dependence on political parties, ...
...Lions and Rotary Clubs. It does not include pages containing alternative religions such as homosexuality. This does not include social networking communities with paranormal or unexplained events. Software Downloads This category includes pages that endorse or offer methods, means of instruction, or ... payment or at no charge. Government/Legal This category includes pages sponsored by or which discuss or deal with blogs. 346 UAG715 User's Guide Religion This category includes pages that enables file search and sharing across a network without dependence on political parties, ...
User Guide
Page 347
...the sending of television, movie, Webcam, or other audio content-typically more narrowly focused sites, like those that promote interpersonal relationships. UAG715 User's Guide 347 Chapter 28 Content Filtering Table 129 Configuration > Anti-X > Content Filter > Filter Profile > Add > Category... for audio and video clips. Email This category includes pages offering web-based email services, such as "virtual communities" or "online communities". Personals/Dating This category includes pages that specifically match descriptions for sale, glorify, review, or in length. ...
...the sending of television, movie, Webcam, or other audio content-typically more narrowly focused sites, like those that promote interpersonal relationships. UAG715 User's Guide 347 Chapter 28 Content Filtering Table 129 Configuration > Anti-X > Content Filter > Filter Profile > Add > Category... for audio and video clips. Email This category includes pages offering web-based email services, such as "virtual communities" or "online communities". Personals/Dating This category includes pages that specifically match descriptions for sale, glorify, review, or in length. ...
User Guide
Page 349
... reference, including online dictionaries, maps, census, almanacs, library catalogues, genealogy-related pages and scientific information. Test Web Site Category UAG715 User's Guide 349 This does not include classified advertisements. These types of the day. Web Applications This category includes pages with non...-malicious, non-offensive content or resources used to Web analytics sites (such as web communities or hosting services. News/Media This category includes pages that provide top-level domain pages, as well as visitor tracking ...
... reference, including online dictionaries, maps, census, almanacs, library catalogues, genealogy-related pages and scientific information. Test Web Site Category UAG715 User's Guide 349 This does not include classified advertisements. These types of the day. Web Applications This category includes pages with non...-malicious, non-offensive content or resources used to Web analytics sites (such as web communities or hosting services. News/Media This category includes pages that provide top-level domain pages, as well as visitor tracking ...
User Guide
Page 445
... this to configure any new settings objects that you specified to access network services like the Internet. UAG715 User's Guide 445 Use this screen. Select Accept to allow or prevent any computer to communicate with the IP address that displays after an access user logs into the Web Configurator to access the...
... this to configure any new settings objects that you specified to access network services like the Internet. UAG715 User's Guide 445 Use this screen. Select Accept to allow or prevent any computer to communicate with the IP address that displays after an access user logs into the Web Configurator to access the...
User Guide
Page 456
SSH is a secure communication protocol that combines authentication and data encryption to the WAN port of the UAG for a management session. 456 UAG715 User's Guide Figure 311 Secure Web Configurator Login Screen 39.8 SSH You can come. In the following figure, computer A on ...the Internet uses SSH to securely connect to provide secure encrypted communication between two hosts over an unsecured network. ...
SSH is a secure communication protocol that combines authentication and data encryption to the WAN port of the UAG for a management session. 456 UAG715 User's Guide Figure 311 Secure Web Configurator Login Screen 39.8 SSH You can come. In the following figure, computer A on ...the Internet uses SSH to securely connect to provide secure encrypted communication between two hosts over an unsecured network. ...
User Guide
Page 457
UAG715 User's Guide 457 In subsequent connections, the server public key is checked against the saved version on the client computer. 2 Encryption Method Once the identification ... and server key and sends the result back to the SSH server. The client encrypts a randomly generated session key with a host key. Figure 312 SSH Communication Over the WAN Example Chapter 39 System A 39.8.1 How SSH Works The following figure is established between two remote hosts using SSH v1. The client...
UAG715 User's Guide 457 In subsequent connections, the server public key is checked against the saved version on the client computer. 2 Encryption Method Once the identification ... and server key and sends the result back to the SSH server. The client encrypts a randomly generated session key with a host key. Figure 312 SSH Communication Over the WAN Example Chapter 39 System A 39.8.1 How SSH Works The following figure is established between two remote hosts using SSH v1. The client...
User Guide
Page 463
... where you can access the UAG zone(s) configured in the Zone field (Accept) or not (Deny). The next figure illustrates an SNMP management operation. UAG715 User's Guide 463 You may change an entry's position in the numbered list, select the method and click Move to display a field to type a... is the zone on page 394 for a service if needed, however you must have to use FTP over TLS (Transport Layer Security) to encrypt communication. To change the server port number for details). It is a protocol used to identify the UAG for remote management. To remove an entry, select...
... where you can access the UAG zone(s) configured in the Zone field (Accept) or not (Deny). The next figure illustrates an SNMP management operation. UAG715 User's Guide 463 You may change an entry's position in the numbered list, select the method and click Move to display a field to type a... is the zone on page 394 for a service if needed, however you must have to use FTP over TLS (Transport Layer Security) to encrypt communication. To change the server port number for details). It is a protocol used to identify the UAG for remote management. To remove an entry, select...