1. DL manuals
  2. M86 Security
  3. Gateway
  4. SWG
  5. Setup Manual

M86 Security SWG Setup Manual

Other manuals for SWG: User Manual
Manual is about: Secure Web Gateway

Summary of SWG

  • Page 1

    Swg setup guide secure web gateway ovf release 10.2.

  • Page 2: M86 S

    M86 s ecurity swg s etup g uide v . 10.2 2 m86 s ecurity : swg s etup g uide © 2012 m86 security all rights reserved. 8845 irvine center drive, irvine, ca 92618, usa version 10.2 published march 2012 for swg software release 10.2 this document may not, in whole or in part, be copied, photo- copied, ...

  • Page 3: Table of Contents

    T able of c ontents m86 s ecurity swg s etup g uide ovf v . 10.2 3 table of contents chapter 1: before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 chapter 2: installing the appliance . . . . . . . . . . . . . . . . . . . . . . 6 installing a physical swg appliance . . . . . . ....

  • Page 4

    T able of c ontents m86 s ecurity swg s etup g uide ovf v . 10.2 4 uptime........................................................................................ 28 vmstat ........................................................................................ 28 w .....................................

  • Page 5

    C hapter 1: b efore y ou b egin m86 s ecurity swg s etup g uide v . 10.2 5 chapter 1: before you begin this guide provides the instructions you need to install and setup your m86 security swg appliance. You should perform the following tasks in the order listed: 1. Install the appliance (see chapter...

  • Page 6

    I nstalling a p hysical swg a ppliance m86 s ecurity swg s etup g uide v . 10.2 6 chapter 2: installing the appliance this chapter contains the following instructions: y installing a physical swg appliance y deploying a virtual swg from an ovf file installing a physical swg appliance installation co...

  • Page 7: For An Swg 7000 Appliance

    C hapter 2: i nstalling the a ppliance m86 s ecurity swg s etup g uide v . 10.2 7 y dns name y default gateway connecting an appliance using an ethernet cable for swg 3000 and swg 5000 models 1. Plug in the power cable and switch the appliance on. 2. Connect a pc directly to the appliance’s ge0 port...

  • Page 8

    I nstalling a p hysical swg a ppliance m86 s ecurity swg s etup g uide v . 10.2 8 3. Connect your pc to one of the ports on the gigabit ethernet switch in i/o switch module bay 1 on the appliance using a ethernet cable. 4. Power up the blades as follows: figure 1: physical control panel for a blade ...

  • Page 9

    C hapter 2: i nstalling the a ppliance m86 s ecurity swg s etup g uide v . 10.2 9 connecting an appliance using a serial cable 1. Connect the pc to the appliance’s serial console, using the serial cable. 2. Using the hyper terminal application, enter the appropriate port settings: y bits per second ...

  • Page 10: Machine Attribute

    D eploying a v irtual swg f rom an ovf f ile m86 s ecurity swg s etup g uide v . 10.2 10 deploying a virtual swg from an ovf file this section explains how to deploy a virtual swg from an ovf file. Virtual swg appliances are certified to work with a vmware esxi version 4.1 server. 1. In the vsphere ...

  • Page 11: Details

    C hapter 3: s etting u p the a ppliance m86 s ecurity swg s etup g uide v . 10.2 11 chapter 3: setting up the appliance the setup procedure is the same for both physical and virtual swg appliances. You perform setup using a setup script that is run in the limited shell. This chapter contains the fol...

  • Page 12: Details

    P reparing v alues for the a ppliance s etup m86 s ecurity swg s etup g uide v . 10.2 12 2 decide what network interface should be used for the appliance. Network interfaces description ge0 (eth0): 1gb - auto- negotiation enabled - recommended! Allows communication at a speed of up to 1gb with auto-...

  • Page 13: Setting Up The Appliance

    C hapter 3: s etting u p the a ppliance m86 s ecurity swg s etup g uide v . 10.2 13 setting up the appliance perform the setup using the values you prepared. 1. Log in to the limited shell. The default user name and password for the shell (command line) is admin and finjan respectively: y for a phys...

  • Page 14: (Optional)

    L imited s hell c ommands — s ummary l ist m86 s ecurity swg s etup g uide v . 10.2 14 chapter 4: performing additional configuration (optional) you can optionally use the commands of the limited shell to manage the functionality of the appliance, and to monitor the appliance closely. Each appliance...

  • Page 15

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 15 check_connectivity m checks connectivity to the remote devices (for policy server or all-in-one appliances) config_ ... C network or service configuration. Double tab to view the config_networ...

  • Page 16

    L imited s hell c ommands — s ummary l ist m86 s ecurity swg s etup g uide v . 10.2 16 for more information on configuring the system, refer to limited shell configuration commands . For further in-depth analysis and diagnostics of the system, refer to limited shell monitoring commands . Reset_confi...

  • Page 17: Access_List

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 17 limited shell configuration commands limited shell configuration commands enable you to define the role the appliance takes, the security, access and time settings, and also carry out routine ...

  • Page 18: Config_ ...

    L imited s hell c onfiguration c ommands m86 s ecurity swg s etup g uide v . 10.2 18 config_ ... Enables network, service and policy server configuration. Press the tab button twice to display the config_network , config_time , config_hardware , config_upgrade , config_support , config_psweb , confi...

  • Page 19: Config_Time

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 19 to change the current gateway configuration, enter the ip address. Y dns: allows configuring the dns servers, which the appliance uses in order to resolve the hostnames to ip addresses. It is ...

  • Page 20: Config_Upgrade

    L imited s hell c onfiguration c ommands m86 s ecurity swg s etup g uide v . 10.2 20 config_upgrade after upgrading the policy server to a new version, running this command will upgrade the scanners. Config_support allows you to install support packages. Config_psweb allows you to change the policy ...

  • Page 21: Disable_Service_Ssh

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 21 disable_service_ssh disables the ssh network service. Enter the disable_service_ssh command. Enable_ ... Enables the network service. The enable command includes the enable_service_snmpd and e...

  • Page 22: Flush_Dnscache

    L imited s hell c onfiguration c ommands m86 s ecurity swg s etup g uide v . 10.2 22 flush_dnscache flushes the dns cache . Reset_config rebuilds the appliance configuration in extreme situations where the appliance, for whatever reason, was disconnected for a period of time. This action restarts th...

  • Page 23: Arp

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 23 limited shell monitoring commands arp address resolution protocol command — the standard method for finding a host's hardware address when only its network layer address is known. Enter the ar...

  • Page 24: Last

    L imited s hell m onitoring c ommands m86 s ecurity swg s etup g uide v . 10.2 24 detailed interface statistics statistical breakdowns y lan station monitor for example, select ip traffic monitor to display the ip traffic monitor details. Last displays a list of the previous administrators who logge...

  • Page 25: Save_Exclude_Logs

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 25 save_exclude_logs saves exclude logs in the exclude directory. Save_support_logs saves support logs in the support directory. Setup assists you in setting up the appliance for the first time. ...

  • Page 26: Show_Dbsize

    L imited s hell m onitoring c ommands m86 s ecurity swg s etup g uide v . 10.2 26 y show_service_snmpd: displays the service configuration status for snmpd. Y show_service_ssh: displays the service configuration status for ssh. Show_dbsize shows the file size of the data- bases connected with your a...

  • Page 27: Top

    C hapter 4: p erforming a dditional c onfiguration (o ptional ) m86 s ecurity swg s etup g uide v . 10.2 27 (i.E.Cyclic progression). Sftp, such as winscp, is required in order to download the files. Top displays all the running processes, and updates the display every few seconds, so that you can i...