Endian Firewall Administrators Guide
DiegoGagliardo
RaphaelLechner
MarcoSondermann
RaphaelVallazza
PeterWarasin
Copyright © 2002, 2003, 2004, 2005, 2006 Chris Clancey, Harry Goldschmitt, John Kastner, Eric Oberlander, Peter Walker, Marco Sondermann, Endian srl
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled Appendix A, GNU Free Documentation License.
2006-05-24
Revision History
Revision 1.1rc7
2005-10-09
DocBook Edition
Revision 2.0
2006-05-24
DocBook Edition
Abstract
A comprehensive documentation for the Administrator of an Endian Firewall™.
Table of Contents
- Preface
- 1. Introduction
- 2. System Web pages
- 3. Status Menu
- 4. Network Menu
- 5. Services Menu
- 6. Firewall Menu
- 7. Proxy
- 8. VPN Menu
- 9. Logs
- A. GNU Free Documentation License
List of Figures
- 2.1. System menu selected
- 2.2. Home
- 2.3. Displays the Endian Network Support status
- 2.4. Online status
- 2.5. Network wizard step 1: Choose type of RED interface
- 2.6. Network wizard showing Step2: Choose network zones
- 2.7. Network wizard showing Step 3: Network preferences
- 2.8. Network wizard showing Step 4: Internet Access Preferences for RED type NONE
- 2.9. Network wizard showing Step 4, with RED type ADSL, Substep 1: Selection of the modem
- 2.10. Network wizard showing Step 4 with RED type ADSL: Substep 2: Choose ADSL connection type
- 2.11. Network wizard showing step 4 with RED type ADSL: Substep 3: Supply connection information (PPPoE)
- 2.12. Network wizard showing step 4 with RED type ADSL: Substep 3: Supply connection information (RFC1483 static ip)
- 2.13. Network wizard showing step 4 with RED type ADSL: Substep 3: Supply connection information (RFC1483 DHCP)
- 2.14. Network wizard showing step 4 with RED type ISDN: Internet Access Preferences
- 2.15. Network wizard showing step 4 with RED type ETHERNET STATIC: Internet Access Preferences
- 2.16. Network wizard showing step 4 with RED type ETHERNET DHCP: Internet Access Preferences
- 2.17. Network wizard showing step 4 with RED type PPPoE: Internet Access Preferences
- 2.18. Network wizard showing step 5: configure DNS resolver
- 2.19. Network wizard showing step 6: Apply configuration
- 2.20. Unregistered ENdian Firewall
- 2.21. Registered Endian Firewall
- 2.22. Password changing dialogue
- 2.23. SSH access page
- 2.24. GUI settings
- 2.25. Backup to files
- 2.26. Reset to factory defaults
- 2.27. Shutdown / Reboot page
- 3.1. Status menu selected
- 3.2. Page which displays the actual running services
- 3.3. Page which displays the current memory usage
- 3.4. Page which displays the current disk usage
- 3.5. Page which displays uptime and current logged in users
- 3.6. Page which displays the current loaded kernel modules
- 3.7. Page which displays the kernel version
- 3.8. Displays interfaces
- 3.9. Displays current RED DHCP configuration
- 3.10. Displays current dynamic leases
- 3.11. Displays current routing table
- 3.12. Displays ARP table
- 3.13. Display of CPU graph
- 3.14. Display disk usage graph
- 3.15. Display memory usage graph
- 3.16. Display current swap usage
- 3.17. Displays traffic graph of the GREEN interface
- 3.18. Displays traffic graph of the RED interface
- 3.19. Displays current connections
- 3.20. Mail Queue
- 3.21. Displays iptables rules
- 4.1. Network menu selected
- 4.2. Current hosts
- 4.3. Add a new alias
- 5.1. Services menu selected
- 5.2. Shows DHCP adminstration page
- 5.3. Add a fixed lease
- 5.4. Shows the current fixed leases
- 5.5. Shows the current dynamic leases
- 5.6. Shows the dialogue which allows you to create a new DynDNS configuration
- 5.7. Shows current configured DynDNS configuration
- 5.8. Shows the Time server administrative web page
- 5.9. Shows traffic shaping settings
- 5.10. Shows Type of Service configuration
- 5.11. Intrusion Detection System adminstrative web page
- 5.12. Linesrv
- 5.13. XLC Line down
- 5.14. XLC initiate a Connection
- 5.15. XLC main connection initiated
- 5.16. XLC up manually
- 5.17. WLC disconnected
- 5.18. WLC line is up
- 5.19. WLC connection established
- 5.20. WLC up manually
- 6.1. Firewall menu selected
- 6.2. Diagram of flow control and its configuration possibilities
- 6.3. Adding a new poprtforwarding configuration
- 6.4. Adds an acl to a portforwarding rule
- 6.5. Currently configured portforwarding rules
- 6.6. Add a new external access rule
- 6.7. Displays currently configured rules
- 6.8. Adds a new pinhole rule
- 6.9. Lists all configured pinhole rules
- 6.10. Adds a new outgoing rule
- 6.11. Lists all current outgoing rules
- 6.12. Globally allow outgoing traffic
- 6.13. Globally deny outgoing traffic
- 7.1. Proxy menu selected
- 7.2. Displays HTTP advanced proxy settings
- 7.3. Displays HTTP advanced proxy upstream proxy configuration
- 7.4. Displays HTTP advanced proxy log settings
- 7.5. Displays HTTP advanced proxy cache management configuration
- 7.6. Displays HTTP advanced proxy network based access control
- 7.7. Displays HTTP advanced proxy time restrictions configuration
- 7.8. Displays HTTP advanced proxy transfer limit configuration
- 7.9. Displays HTTP advanced proxy MIME type filter
- 7.10. Displays HTTP advanced proxy user agent filter
- 7.11. Displays HTTP advanced proxy authentication methods
- 7.12. Displays HTTP advanced proxy global authentication settings
- 7.13. Displays HTTP advanced proxy local user authentication
- 7.14. Displays HTTP advanced proxy local user authentication
- 7.15. Displays local user manager for the HTTP advanced proxy
- 7.16. Displays editing a user with local user manager of HTTP advanced proxy
- 7.17. Change it yourself page, allowing user to change their local HTTP proxy password
- 7.18. Displays LDAP authentication page of HTTP advanced proxy
- 7.19. Common LDAP settings of HTTP advanced proxy
- 7.20. Bind DN settings of LDAP authentication within HTTP advanced proxy
- 7.21. Groupbased access control of LDAP authentication within HTTP advanced proxy
- 7.22. HTTP advanced proxy authentication against Windows
- 7.23. Common domain settings of Windows authentication on HTTP advanced proxy
- 7.24. Authentication mode of windows authentication on HTTP advanced proxy
- 7.25. Userbased access restrictions on windows authentication of HTTP advanced proxy
- 7.26. Integrated windows authentication with HTTP advanced proxy
- 7.27. Explicit authentication with HTTP advanced proxy
- 7.28. Displays RADIUS authentication configuration of HTTP advanced proxy
- 7.29. Displays common RADIUS settings of HTTP advanced proxy authentication
- 7.30. Displays user baed access restrictions of HTTP advanced proxy
- 7.31. General contentfilter configuation
- 7.32. Selection of allowed phrases which pages may contain
- 7.33. Selection of categories of url lists which shoulr be blocked by the HTTP contentfilter
- 7.34. Custom Black and whitelists of HTTP contentfilter
- 7.35. HTTP Antivirus configuration page
- 7.36. HTTP proxy disabled
- 7.37. Figure which displays traffic with will not be directed through the HTTP proxy
- 7.38. HTTP proxy enabled
- 7.39. Figure which displays traffic with will not be directed through the HTTP proxy
- 7.40. Figure which displays traffic which will be redirected through the HTTP proxy.
- 7.41. HTTP proxy enabled as transparent proxy
- 7.42. Figure which display traffic which will be transparently redirected through the HTTP proxy.
- 7.43.
- 7.44.
- 7.45.
- 7.46.
- 7.47.
- 7.48.
- 7.49.
- 7.50.
- 7.51.
- 7.52.
- 7.53.
- 7.54.
- 7.55.
- 7.56.
- 7.57. Shows POP3 proxy global settings
- 7.58. Spamfilter configuration of POP3 proxy
- 7.59. SIP Proxy Settings
- 7.60. FTP proxy administration page
- 7.61. General Settings
- 7.62. SMTP Antivirus
- 7.63. SMTP Antispam
- 7.64. Greylisting
- 7.65. banned files
- 7.66. Real-time Black Lists
- 7.67. black/whitelists
- 7.68. Local Domains
- 7.69. Smarthost
- 7.70. IMAP Server for SMTP Authentication
- 7.71. Advanced Settings
- 8.1. VPN menu selected
- 8.2. Figure of a Net-to-net VPN
- 8.3. Figure of a Host-to-net VPN
- 8.4. Figure of a VPN used OpenVPN as mixed VPN constisting of roadwarrior and net-to-net in hub-and-spoke topology
- 8.5.
- 8.6.
- 8.7. VPN global settings
- 8.8. VPN connection status and control window: initial view
- 8.9. VPN certificate authorities window: initial view
- 8.10. VPN connection type selection
- 8.11. VPN Host-to-Net connection input
- 8.12. VPN Net-to-Net connection input
- 8.13. VPN authentication input
- 9.1. Logs menu selected
- 9.2. Generic navigation items
- 9.3. Configuration of log viewer
- 9.4. Configuration of log summaries
- 9.5. Configuration of remote logging
- 9.6. Configuration of firewall logging
- 9.7. Displays log summaries
- 9.8. Displays firewall log
- 9.9. Display of system logs
- 9.10. Displays clamav log viewer
List of Examples
- 5.1. Example of a custom confguration line
- 7.1. Add this MIME type if you want to block the download of PDF files:
- 7.2. Add these MIME types if you want to block the download of MPEG and QuickTime video files:
- 7.3. Windows Update To allow access to Windows Update without authentication add these domains to the list:
- 7.4. Base DN for Active Directory
- 7.5. Base DN for eDirectory
- 7.6. Base DN containing spaces
- 7.7. User based access control lists using integrated authentication
- 7.8. User based access control lists using explicit authentication
- 7.9. Example spam info headers
- 7.10. Example spam info headers
- 7.11. Allow or deny a complete domain
- 7.12. Allow or deny only the subdomains of a domain
- 7.13. Allow or deny single email addresses or user names.
- 7.14. Allow or deny a complete domain
- 7.15. Allow or deny only the subdomains of a domain
- 7.16. Allow or deny single email addresses or user names.
- 7.17. Allow or deny ip block.
- 8.1. An example command line to start openvpn on your roadwarrior
- 8.2. An example configuration file for openvpn on your roadwarrior
- 8.3. Example plain text certificate output.
- 8.4. Example content of an exported CA.
- 9.1. Log line of the OpenVPN server
- 9.2. Log line of an OpenVPN client