Initial Configuration

Download Report

Transcript Initial Configuration

Implementation Training
1
Initial Configuration: Connecting the appliance

Power on the hardware appliance.

Plug cable into Green network port of the appliance.
The Green (LAN) interface for every hardware unit is always Ethernet port 1. You can
always use this port to initially access and configure the device via the web interface.
Default IP address of Green (LAN) interface is always 192.168.0.15. Make sure that
there is no other machine in the network using this same IP address already before
switching on the appliance, otherwise disconnect that machine from the network.
Connect a computer to the Green (LAN) interface via patch cable (for a switch
connection) or crossover cable (for a direct connect).
2
Initial Configuration: Access Gatedefender eSeries

Manually configure a local IP on your PC in the 192.168.0.x/24 range.

Access the web interface of GD eSeries on https://192.168.0.15:10443
(or http://192.168.0.15 which will redirect).
3
Initial Configuration: Initial Configuration

Use the initial configuration wizard to setup the essentials of the device

Set the Language & Timezone
4
Initial Configuration

Accept the License Agreement
5
Initial Configuration

Restore from Backup. This option allows you to restore a previous backup
configuration to the device. If you have one and want to use it, then select
Yes and choose the backup file (.tgz); otherwise, you can select No and click
the Forward button to continue.

Set Web / SSH Passwords. Using strong secure passwords is recommended
6
Initial Configuration
 GateDefender eSeries coloured network schema.
GREEN local network (LAN)
This is the safe area where your trusted
computers are located.
ORANGE network for servers connected to
the Internet (DMZ)
It is meant for the servers that have to
provide services on RED (Internet). This
way, even if the security of one of these
servers has been compromised, the GREEN
area will remain safe.
RED external network (WAN)
Usually this is the interface connected to
the Internet.
BLUE wireless network
This can be used for your wireless network
and is the default network for the Panda
Hotspot feature. This kind of network is
usually not as safe as a wired one.
7
Initial Configuration
 GateDefender eSeries Network configuration modes:
Router Mode
In Router mode you will be able to fully manage different network zones through
eSeries and implement routing between them.
Gateway Mode
In Gateway mode you will be able to intercept traffic between multiple physical
interfaces in the same network zone without the need of any routing mechanism.
8
Router Mode
9
Initial Configuration: Router Configuration Mode
 Choose the conection type of your primary WAN interface, in this
case Gateway
10
Initial Configuration: Router Configuration Mode
 Add Network Zones
The next option will allow you to select any additional network zone you
wish to have configured on your GD eSeries appliance. The available options will
depend on the total number of available Ethernet NIC's on the device. Your
options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both.
Click the Forward button to continue.
11
Initial Configuration: Router Configuration Mode
 Configure GREEN Zone IP address
It’s recommended to always use RFC 1918 Private IP address subnets when
configuring the internal network zones of the GD eSeries: Green, Orange, Blue.
Official RFC1918 Private LAN Address Networks:
10.0.0.0/8
(255.0.0.0)
172.16.0.0/12 (255.240.0.0)
192.168.0.0/16 (255.255.0.0)
12
Initial Configuration: Router Configuration Mode
 Configure the RED zone
Now you can configure the Red (WAN) interface according to your ISP
connection type (as selected during Step 1). The configuration is identical to the
previous step where you must configure the IP, subnet, and gateway (if
necessary), select the appropriate physical interface to use for the Red (WAN)
connection, and fill out any other ISP connection specific fields.
13
Initial Configuration: Router Configuration Mode
 Configure DNS
This option is only required if you are not using some form of DHCP for your
Red (WAN) connection. You should fill in your ISP-provided or preferred public
DNS servers in these fields. Click the Forward button to continue.
14
Initial Configuration: Router Configuration Mode
 Setup Email Information (Optional)
Here you can provide the administrator (recipient) email account along with
the GD eSeries (sender) address you want to use for notifications. Also you may
specify the address of an email smarthost if you require one. Click the Forward
button to continue.
15
Initial Configuration: Router Configuration Mode
 Apply Configuration
 The last step is to apply the configuration to the device.
 Keep in mind, the changes you made may take up to 20 seconds to
be fully applied to the device and for dependent services to be
restarted so this may impact any internal device(s) ability to access
the device or pass traffic through it. You must access the
administration interface of the GD eSeries device using the new IP
settings either manually or using the link provided in the Web UI.
16
Gateway Mode
17
Initial Configuration: Gateway Configuration Mode
 Choose the conection type of your primary WAN interface, in this
case “Gateway”
18
Initial Configuration: Gateway Configuration Mode
 Add Network Zones
The next option will allow you to select any additional network zone you
wish to have configured on your GD eSeries appliance. The available options will
depend on the total number of available Ethernet NIC's on the device. Your
options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both.
Click the Forward button to continue.
19
Initial Configuration: Gateway Configuration Mode
 Configure GREEN Zone with two interfaces
A network zone with multiple network interfaces will act as a “bridge” and
simulate the behavior of a switch.
20
Initial Configuration: Gateway Configuration Mode
 Configure the Internet Gateway as if you were configuring any
GREEN Zone client
This option will allow you to deploy the GD eSeries into a network using the
Green (LAN) interface as your primary network connection and using an existing
default gateway that lives within the Green network.
21
Initial Configuration: Gateway Configuration Mode
 Configure DNS
In this case you should fill in your primary and secondary DNS servers in
these fields.
22
Initial Configuration: Gateway Configuration Mode
 Setup Email Information (Optional)
Here you can provide the administrator (recipient) email account along with
the GD eSeries (sender) address you want to use for notifications. Also you may
specify the address of an email smarthost if you require one. Click the Forward
button to continue.
23
Initial Configuration: Gateway Configuration Mode
 Apply Configuration
 The last step is to apply the configuration to the device.
 Keep in mind, the changes you made may take up to 20 seconds to
be fully applied to the device and for dependent services to be
restarted so this may impact any internal device(s) ability to access
the device or pass traffic through it. You must access the
administration interface of the GD eSeries device using the new IP
settings either manually or using the link provided in the Web UI.
24
Console Access
25
Initial Configuration: Console Access
 To use the local console plug a monitor to the VGA port of the
appliance and a keyboard to USB port.





You can check the management URL and the Green (zone) IP address
You can choose Option #0 “Shell”
You can choose Option #1 “Reboot”
You can choose Option #2 “Change Root Password” from the menu.
You can choose Option #3 “Change Admin Password” from the
menu.
 If you forgot both Web and CLI/Console passwords you will need to
reset to factory defaults by choosing Option #4 “Restore Factory
Defaults” from the menu.
26
Panda Perimetral Management
Console registration
27
Initial Configuration: Panda Perimetral Management Console registration

Registering a device for the very first time is a two-step process:
(1) Create user account on Perimetral management console using provided
activation code.
(2) Register your GD eSeries device. Once this is done you can register all
subsequent devices using your existing Perimetral management console account
information.
28
Initial Configuration: Panda Perimetral Management Console registration

Enter the activation code created

Enter the following information
•
•
•
•
Company: INNET CustomerID
Login: INNET Login
Password: INNET Password
Account Description: Company Name
29
Initial Configuration: Register GateDefender eSeries device

Enter the following information:
– Account credentials previously created
–
Enter the activation code
–
Enter the additional relevant information
30