- DL manuals
- Freedom9
- Firewall
- freeGuard 100
- Install Manual
Freedom9 freeGuard 100 Install Manual
Summary of freeGuard 100
Page 1
Freeguard 100 utm firewall install guide p/n: f0025000 rev. 1.2.
Page 2
Copyright and trademark information this document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated into another language without express prior to written consent of freedom9 inc. © copyright 2...
Page 3
I table of contents 1 introduction .................................................................................................................................. 1 1.1 s ecure installation , configuration , and management ............................................................. 1 1.1.1 w eb...
Page 4
Ii 5.1 p riorities of heartbeat device and monitor priorities .......................................................... 33 5.2 c onfiguring free g uard 100 s for ha operation .................................................................... 33 5.2.1 h igh availability configuration settings .......
Page 5
1 1 introduction freeguard 100 unified threat management (utm) firewalls improve network security, reduce network misuse and abuse, and help you use communication resources more efficiently without compromising the performance of your network. The freeguard 100 is a dedicated, easily managed securit...
Page 6
2 figure 1: web-based interface 1.1.2 command line interface you can access the freeguard 100 command line interface (cli) by connecting a management computer serial port to the freeguard 100 rs-232 serial console connector. You can also use telnet or a secure ssh connection to connect to the cli fr...
Page 7
3 execute restore config myfile.Bak indicates an ascii string that does not contain new-lines or carriage returns. Indicates an integer string that is a decimal (base 10) number. Indicates a hexadecimal string that uses the digits 0-9 and letters a-f. Indicates a dotted decimal ipv4 address. Indicat...
Page 8
4 1.3 freeguard 100 documentation information about the freeguard 100 is available from the following freeguard 100 user manual volumes: freeguard 100 quickstart guide provides the basic information required to connect and install a freeguard 100. Freeguard 100 installation guide provides detailed i...
Page 9
5 2 getting started this section describes unpacking, setting up, and powering on a freeguard 100. This section includes: • package contents • mounting • turning the freeguard 100 power on and off • connecting to the web-based manager • connecting to the command line interface (cli) • quick installa...
Page 10
6 2.2 mounting the freeguard 100 can be installed on any stable surface. Make sure that the unit has at least 1.5 in. (3.75 cm) of clearance on each side to allow for adequate airflow and cooling. Dimensions: • 8.63 x 6.13 x 1.38 in. (21.9 x 15.6 x 3.5 cm) weight: • 1.5 lb. (0.68 kg) power requireme...
Page 11
7 from the web-based manager, • go to system > maintenance > shut down, select “shut down” and click “apply”. From the cli, • enter: execute shutdown 4. Disconnect the power supply. 2.4 connecting to the web-based manager use the following procedure to connect to the web-based manager for the first ...
Page 12
8 figure 3: login page type “admin” in the name and password fields and click “login”. The register now window will be displayed. It is important to register the freeguard 100 so that freedom9 can contact the unit for firmware updates. You must register to receive updates to the freeguard 100 antivi...
Page 13
9 data bits: 8 parity: none stop bits: 1 flow control: none 6. Press “enter” to connect to the freeguard 100 cli. The following prompt will be displayed: freeguard 100 login: 7. Type “admin” and press “enter” twice. The following prompt will be displayed: welcome ! Type ? To list available commands....
Page 14
10 based manager appears. 4. Go to system > network > interface and click “edit” for the wan1 interface. 5. Select one of the following addressing modes: • manual: enter a static ip address and netmask, click “ok”, and go to step 6. • dhcp: to get an ip address from the isp select dhcp and go to ste...
Page 15
11 • factory default protection profiles 2.7.1 factory default dhcp server configuration using the factory default dhcp server settings you can quickly configure the internal network and the freeguard 100. Name internal_dhcp_server interface internal default gateway 192.168.1.1 ip range 192.168.1.11...
Page 16
12 2.7.3 factory default transparent mode network configuration in transparent mode, the freeguard 100 has the default network configuration listed in table 4. Administrator account user name: password: admin (none) management ip ip: netmask: 10.10.10.1 255.255.255.0 dns primary dns server: secondar...
Page 17
13 • configure web category filtering for http firewall policies • configure spam filtering for imap, pop3, and smtp firewall policies • enable the intrusion protection system (ips) for all services • enable content logging for http, ftp, imap, pop3, and smtp firewall policies using protection profi...
Page 18
14 flowing between its interfaces. Your configuration plan depends on the operating mode that you select. The freeguard 100 can be configured in one of two modes: nat/route mode (the default) or transparent mode. You can also configure the freeguard 100 and the network it protects using the default ...
Page 19
15 you typically use the freeguard 100 in transparent mode on a private network behind an existing firewall or behind a router. The freeguard 100 performs firewall functions, ipsec vpn, virus scanning, ips, web content filtering, and spam filtering. Figure 7: example transparent mode network configu...
Page 20
16 • choose either a manual (static) or a dynamic (dhcp or pppoe) address for the external interface • add a default route for the external interface • add the dns server ip addresses • add the dhcp server settings and ip addresses • add various internal server ip addresses including web, imap, pop3...
Page 21
17 3 nat/route mode installation this chapter describes how to install the freeguard 100 in nat/route mode. This chapter describes: • preparing to configure the freeguard 100 in nat/route mode • using the web-based manager • using the command line interface • using the setup wizard • connecting the ...
Page 22
18 3.1.1 dhcp or pppoe configuration you can configure any freeguard 100 interface to acquire its ip address from a dhcp or pppoe server. Your isp may provide ip addresses using one of these protocols. To use the freeguard 100 dhcp server, you need to configure an ip address range and default route ...
Page 23
19 must connect through a web browser again using the new address. Browse to https:// followed by the new ip address of the interface. If the new ip address of the interface is on a different subnet, you may have to change the ip address of your computer to the same subnet. To configure dns server s...
Page 24
20 1. Log in to the cli. 2. Set the ip address and netmask of the internal interface to the internal ip address and netmask that you recorded in table 6. Enter: config system interface edit internal set mode static set ip end 3. Set the ip address and netmask of the wan1 interface to the ip address ...
Page 25
21 5. Confirm that the addresses are correct. Enter: get system interface the cli lists the ip address, netmask, and other settings for each of the freeguard 100 interfaces. To configure dns server settings: 1. Set the primary and secondary dns server ip addresses. Enter config system dns set primar...
Page 26
22 • set the antivirus protection to high, medium, or none table 8 lists the additional settings that you can configure with the setup wizard. Password prepare an administrator password. Internal interface use the information you gathered in table 6. External interface use the information you gather...
Page 27
23 3. Click the “next” button to step through the wizard pages. 4. Confirm the configuration settings, and then click “finish” and “close”. Note: if you use the setup wizard to configure internal server settings, the freeguard 100 adds port forwarding virtual ips and firewall policies for each serve...
Page 28
24 figure 9: freeguard 100 nat/route mode connections 3.6 configuring the networks if you are running the freeguard 100 in nat/route mode, your networks must be configured to route all internet traffic to the ip address of the freeguard 100 interface to which they are connected. • for the internal n...
Page 29
25 server. 1. Go to system > config > time. 2. Click “refresh” to display the current freeguard 100 system date and time. 3. Select a time zone from the list. 4. Optionally, click the “automatically adjust clock for daylight saving changes” check box. 5. Click “set time” and set the freeguard 100 sy...
Page 30
26 4 transparent mode installation this chapter describes how to install a freeguard 100 in transparent mode. This chapter describes: • preparing to configure transparent mode • using the web-based manager • using the command line interface • using the setup wizard • connecting the freeguard 100 to ...
Page 31
27 3. Select “transparent” in the operation mode list. 4. Click “ok”. To reconnect to the web-based manager, change the ip address of the management computer to 10.10.10.2. Connect to the internal or dmz interface and browse to https:// followed by the transparent mode management ip address. The def...
Page 32
28 end the freeguard 100 restarts. After a few seconds, the login prompt appears. 3. Type “admin” and press “enter”. The following prompt appears: welcome ! 4. Confirm that the freeguard 100 has switched to transparent mode. Enter: get system status the cli displays the status of the freeguard 100 i...
Page 33
29 edit 1 set dst 0.0.0.0 0.0.0.0 set gateway set device end 4.4 using the setup wizard from the web-based manager, you can use the setup wizard to begin the initial configuration of the freeguard 100. The first time you connect to the freeguard 100, it is configured to run in nat/route mode. To swi...
Page 34
30 • wan1 for connecting to the internet, • dmz and wan2 which can be connected to networks. To connect the freeguard 100 running in transparent mode: 1. Connect the internal interface connectors to pcs and other network devices in your internal network. The internal interface functions as a switch,...
Page 35
31 1. Go to system > config > time. 2. Click “refresh” to display the current freeguard 100 system date and time. 3. Select your time zone from the list. 4. Optionally, select “automatically adjust clock for daylight saving changes” check box. 5. Click “set time” and set the freeguard 100 system dat...
Page 36
32.
Page 37
33 5 high availability installation this chapter describes how to install two or more freeguard 100s in an ha cluster. Ha installation involves three basic steps: • configuring freeguard 100s for ha operation • connecting the cluster to your networks • installing and configuring the cluster 5.1 prio...
Page 38
34 group id. Group id mac address 0 1 2 … 63 00-09-0f-06-ff-00 00-09-0f-06-ff-01 00-09-0f-06- ff-02 ... 00-09-0f-06-ff-3f if you have more than one ha cluster on the same network, each cluster should have a different group id. If two clusters on the same network have same group id, the duplicate mac...
Page 39
35 weighted round robin weighted round robin load balancing. Similar to round robin, but weighted values are assigned to each of the units in a cluster based on their capacity and on how many connections they are currently processing. For example, the primary unit should have a lower weighted value ...
Page 40
36 6. If required, select override master. 7. Enter and confirm a password for the ha cluster. 8. If you are configuring active-active ha, select a schedule. 9. Click “apply”. The freeguard 100 negotiates to establish an ha cluster. When you select apply you may temporarily lose connectivity with th...
Page 42
38 • optionally connect the wan2 interface of each freeguard 100 to a switch or hub connected a second external network. Figure 11: ha network configuration 2. Power on all the freeguard 100s in the cluster. As the units start, they negotiate to choose the primary cluster unit and the subordinate un...
Page 43
39 cluster automatically synchronizes all configuration changes to the subordinate units in the cluster as the changes are made. The only configuration settings that are not synchronized are the ha configuration (except for the interface heartbeat device and monitoring configuration) and the freegua...