2. Computers & electronics
  3. Networking
  4. Routers
  5. McAfee
  6. SG310

McAfee SG310, SG560, SG560U, SG565, SG580, SG720 Specification

  • Hello! I am an AI chatbot trained to assist you with the McAfee SG310 Specification. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
McAfee
®
UTM Firewall
Administration Guide
version 4.0.4
Issued August 2009 / McAfee UTM Firewall version 4.0.4
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into
any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate
companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD,
INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY,
PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL
PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its
affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand
products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE
YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED
SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND
OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE
PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE
PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE).
IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
McAfee UTM Firewall 4.0.4 Administration Guide 3
Contents
About this Document 9
1 Introduction 11
UTM Firewall desktop appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Rear panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
UTM Firewall rack mount appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Front panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Rear panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
UTM Firewall PCI appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Bridged mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
UTM Firewall Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
UTM Firewall menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Interface icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Home icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Logout icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Backup and restore icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Online help icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Edit and delete icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Add above and below icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Tooltips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Help and Support menu option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Online Help page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Technical Support page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Technical Support Report page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
2 Getting Started 23
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Powering on the device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Connecting an administrative PC to the device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Setting password and LAN connection settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Configuring the UTM Firewall switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Selecting an initial firewall level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Confirming settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Setting up the PCs on your LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Automatic LAN configuration using the UTM Firewall DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Automatic LAN configuration using an existing DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Manual LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Registering your UTM Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Using the My Secure Computing website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Creating an account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Adding your UTM Firewall appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Activating a feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Retrieving license information for add-on products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
3 Network Setup menu options 41
Network overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Quick Setup wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Network setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Multifunction vs. fixed-function ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
4 McAfee UTM Firewall 4.0.4 Administration Guide
Contents
Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Direct connection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Direct Connection Settings page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Ethernet Configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Aliases tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Enabling IPv6 for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
ADSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Routed versus bridged DSL modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Accessing the ADSL connection methods page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Connecting with a cable modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Configuring a dialout connection on the COM port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Configuring dialout port settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Enabling dial on demand for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Configuring static IP addresses for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Configuring interface aliases for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Setting up dial-in access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Dial-in setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Connecting a dial-in client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Failover, load balancing, and high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Internet connection failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Editing failover connection parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Enabling load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Default high availability script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Enabling high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
Configuring high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78
DMZ network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Configuring a DMZ connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Services on the DMZ network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Guest network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Configuring a guest connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Wireless security methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Configuring a wireless connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Bridging wireless and LAN connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Configuring Wireless MAC-based ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Configuring WDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Configuring advanced wireless features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Adding a bridged interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Deleting a bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Bridging across a VPN connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Adding a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Enabling port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
Adding a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
GRE tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Troubleshooting GRE tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
3G USB Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 106
Con
figuring 3G USB modem connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Configuring USB port settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Adding new 3G USB modem profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Creating a static route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Policy Routes page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Enabling route management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Manually configuring route management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Example: Configuring RIP Route Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Example: OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Example: BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
McAfee UTM Firewall 4.0.4 Administration Guide 5
Contents
DNS Proxy tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Dynamic DNS tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Static Hosts tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Enabling IPv6 at the appliance level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
DHCP Status page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
DHCP Addresses page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
DHCP Relay page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Configuring the Windows client for DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Verifying and troubleshooting DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Enabling the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Creating a user account and network share in Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Allocating network storage for Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring browsers to use the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Allocating local USB storage for Web caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Configuring Web Cache Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Configuring ICAP client for Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Configuring advanced settings for the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Enabling QoS Autoshaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
About ToS packet priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Enabling the SIP proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
4 Firewall menu options 149
Controlling packet traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Firewall overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Service Groups page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Addresses page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Interfaces page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Packet filtering actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Packet Filtering page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Incoming access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
About custom firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
About port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
About masquerading and source NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
About one-to-one NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Port forwarding page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Source NAT page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
One-to-one NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Masquerading page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Universal Plug and Play Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Configuring UPnP rules from Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Connection logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Preventing connection flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Configuring connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Disabling connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
About the Connection Tracking Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Viewing the connection tracking report in the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Downloading the connection tracking report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Example: Creating a connection tracking report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Benefits of using an IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Basic IDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Configuring basic IDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Selecting TCP dummy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
6 McAfee UTM Firewall 4.0.4 Administration Guide
Contents
Selecting UDP dummy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Advanced Intrusion Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
About rule sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Configuring Snort in IPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Configuring Snort in IDS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Logging to an analysis server (Snort IDS only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Setting up the analysis server for Snort IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Authorizations page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
User authentication for Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Configuring browsers to use the appliance Web proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
ACL tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Web Lists tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Managing policy enforcement scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
McAfee Web Protection Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
McAfee Web Gateway web filtering service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Uploading a McAfee Web Gateway certificate and key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Copying and pasting a McAfee Web Gateway certificate and key . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Blocking categories for McAfee Web Gateway filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Enabling antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Manually downloading antivirus database files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Auxiliary storage for virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226
Virus scanning POP email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228
Virus scanning SMTP email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Virus scanning Web traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Enabling FTP virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Antispam (TrustedSource) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
About TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Enabling TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234
5 VPN menu features 239
VPN overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
About PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
PPTP VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
PPTP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Enabling and configuring the PPTP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Adding a PPTP user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Setting up the remote PPTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Setting up a Windows XP PPTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
L2TP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Configuring the L2TP VPN server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
L2TP IPSec Configuration page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Viewing the status of an L2TP IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Adding an L2TP user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Configuring the remote L2TP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
L2TP VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Browsing and name resolution using L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
IPSec VPN Setup page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Enabling IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Creating an IPSec tunnel with Quick Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
IPSec status details overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
IPSec Advanced Setup wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267
Keying modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Main keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Setting up a tunnel with RSA signatures authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Setting up a tunnel using x.509 certificates for authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Aggressive keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Manual keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Converting an IPSec tunnel configuration to the advanced format . . . . . . . . . . . . . . . . . . . . . . . . . 283
IPsec example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
McAfee UTM Firewall 4.0.4 Administration Guide 7
Contents
UTM Firewall appliance to UTM Firewall appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Setting up the branch office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Configuring headquarters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287
NAT traversal support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Dynamic DNS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Certificate management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289
The OpenSSL application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Extracting a PKCS12 certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Creating a self-signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290
Using certificates with Windows IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
Adding a certificate for use with IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
IPSec failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Branch Office with a dynamic IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Branch Office with static IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
IPSec VPN offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Troubleshooting IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
IPSec tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
IPSec symptoms, causes, and solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Port tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Configuring an HTTP tunnel client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Configuring an HTTP tunnel server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314
Configuring an SSL tunnel client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
Configuring an SSL tunnel server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316
Creating nested port tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
6 System menu features 319
Status menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Reviewing the general system status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Reviewing the status of the unit’s connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Reviewing the status of the unit’s services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321
System Setup Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Device tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Date and Time tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Security Policy tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Memory Allocation tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328
Backup/Restore menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Local Backup/Erase page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Remote Backup/Restore page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330
Text save/restore tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Users menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Current User page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Users page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Groups page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Domain page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337
RADIUS page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
TACACS+ page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Password classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Service Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Management menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
Web configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Certificates for HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Command Line access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Enabling remote management by McAfee UTM Firewall Control Center . . . . . . . . . . . . . . . . . . . . . . 351
Control Center Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
Enabling the SNMP agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353
Diagnostics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
System tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Viewing the Local System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355
Network Tests page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Detected USB Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
Packet Capture page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
Advanced menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
8 McAfee UTM Firewall 4.0.4 Administration Guide
Contents
Erasing configuration and rebooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Upgrading firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Configuration Files tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
ASystem Log 373
Access logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Creating custom log rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
Rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Administrative access log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376
Boot log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
B Upgrading firmware 377
Firmware upgrade best practices and precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Restoring factory default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Upgrading firmware using Netflash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Troubleshooting Windows Netflash upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Recovering from a failed upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Recovery using Netflash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Recovery using a BOOTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380
Recovery using the boot recovery image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381
C Null modem administration 383
Null modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Enabling null modem dial-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Enabling null modem dial out of the local PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
D CLI commands 385
Glossary 395
Index 401
McAfee UTM Firewall 4.0.4 Administration Guide 9
About this Document
This guide describes the features and capabilities of your McAfee UTM Firewall (formerly SnapGear
®
)
appliance. The document organization follows the menu layout of the UTM Firewall Management Console.
The appendixes contain additional maintenance and reference information.
This guide is intended for network and security administrators. It assumes familiarity with the internal
network of your organization, the Internet, HTTP (Hypertext Transfer Protocol), and FTP (File Transfer
Protocol).
You can find additional information at the following locations:
• Help – Help is built into the UTM Firewall Management Console. Click the Help icon in the upper right
corner of the Management Console screen.
• Support – Visit mysupport.mcafee.com to find product documentation, announcements, and support.
• Product updates – Visit my.securecomputing.com to download the latest McAfee UTM Firewall updates.
Refer to Table 1 for a list of the text conventions used.
Note: The IP addresses, screen captures, and graphics used within this document are for illustration purposes
only. They are not intended to represent a complete or appropriate configuration for your specific needs. Features
may be enabled in screen captures to make them clear; however, not all features are appropriate or desirable for
your setup.
Table 1 Conventions
Convention Description
Courier bold
Identifies commands and key words you type at a system prompt
Note: A backslash (\) signals a command that does not fit on the same line. Type the
command as shown, ignoring the backslash.
Courier italic
<Courier italic>
nnn.nnn.nnn.nnn
Indicates a placeholder for text you type
When enclosed in angle brackets (< >), identifies optional text
Indicates a placeholder for an IP address you type
Courier plain
Used to show text that appears on a computer screen
Plain text italics Identifies the names of files and directories
Used for emphasis (for example, when introducing a new term)
Plain text bold Identifies buttons, field names, and tabs that require user interaction
[ ] Signals conditional or optional text and instructions (for example, instructions that pertain only
to a specific configuration)
Caution: Signals be careful—in this situation, you might do something that could result in the loss of
data or an unpredictable outcome.
Note: Used for a helpful suggestion or a reference to material not covered elsewhere in the guide
Security Alert: Identifies information that is critical for maintaining product integrity or security
Tip: Indicates time-saving actions; may help you solve a problem
10 McAfee UTM Firewall 4.0.4 Administration Guide
McAfee UTM Firewall 4.0.4 Administration Guide 11
1
Introduction
Contents
UTM Firewall desktop appliances
UTM Firewall rack mount appliance
UTM Firewall PCI appliance
UTM Firewall Management Console
UTM Firewall menus
Interface icons
Help and Support menu option
UTM Firewall desktop appliances
The McAfee UTM Firewall desktop appliance range includes the following models:
Figure 1 UTM Firewall desktop appliance models
The UTM Firewall desktop appliance range provides Internet security and privacy of communications for
small and medium enterprises and branch offices. It simply and securely connects your office to the
Internet, and with its robust stateful firewall, shields your computers from external threats.
By default, all UTM Firewall appliances run a fully secured stateful firewall. This means from the PC
(Personal Computer) that the appliance is plugged into, most network resources are freely accessible.
However, any services that the PC provides, such as file shares or Web services such as IIS are not
accessible by other hosts on the internet without further configuration of the UTM Firewall appliance. This is
accomplished using packet filter rules. For details, refer to Packet filtering.
With the UTM Firewall appliance's masquerading firewall, hosts on your LAN (Local Area Network) can see
and access resources on the Internet, but all that outsiders see is the UTM Firewall appliance's external
address.
You can tailor your appliance to disallow access from your LAN to specific Internet sites or categories of
content, give priority to specific types of network traffic, and allow controlled access to your LAN from the
outside world. You can also choose to enable intrusion detection and prevention services on your UTM
Firewall appliance, to further bolster the security of your local network.
SG310 SG560 and SG560U
SG565 SG580
12 McAfee UTM Firewall 4.0.4 Administration Guide
Introduction
UTM Firewall desktop appliances
The SG560, SG560U, SG565, and SG580 can also connect to a DMZ (DeMilitarized Zone) network. A DMZ is
a separate local network typically used to host servers accessible to the outside world. It is separated both
physically and by the firewall, in order to shield your LAN from external traffic.
The UTM Firewall appliance allows you to establish a VPN (Virtual Private Network). A VPN enables remote
workers or branch offices to connect securely to your LAN over the public Internet. The UTM Firewall
appliance can also connect to external VPNs as a client. The SG560, SG560U, SG565, and SG580 use
onboard cryptographic acceleration to ensure excellent VPN throughput.
You can configure the appliance with multiple Internet connections. These auxiliary connections can be kept
on standby should the primary connection become unavailable, or maintained concurrently with the
primary connection for spreading network load.
The SG565 and SG580 incorporate a powerful Web proxy cache to improve Web page response time and
reduce link loads. It is designed to integrate seamlessly with upstream proxy caches provided by ISPs.
Front panel LEDs
The front and rear panels contain Light-emitting Diodes (LEDs) indicating status. LEDs and labels vary from
model to model. The labels for the front panel LEDs are detailed in the following tables.
Note: If H/B does not begin flashing shortly after power is supplied, refer to Recovering from a failed upgrade.
Table 1 SG310 LED descriptions
Label Activity Description
Power On (steady) Power is supplied to the UTM Firewall appliance.
TST Flashing Similar to H/B light on other models. The appliance is operating correctly.
On If this LED is on and not flashing, an operating error has occurred.
Off If the power is on and the H/B light is off, either the Halt Now option is activated
in preparation to power down safely, or an operating error has occurred.
LAN1, LAN2,
LAN3, LAN4
Flashing Indicates network traffic on the LAN network interfaces.
WAN Flashing Indicates network traffic on the Internet network interface.
Table 2 SG560, SG560U, and SG580 LED descriptions
Label Activity Description
Power On (steady) Power is supplied to the UTM Firewall appliance.
H/B (Heart
Beat)
Flashing steadily The appliance is operating correctly.
On If this LED is on and not flashing, an operating error has occurred.
Off If the power is on and the H/B light is off, either the Halt Now option is activated
in preparation to power down safely, or an operating error has occurred.
ETH A Flashing Indicates activity on the 4 port switch.
ETH B Flashing Indicates activity on Port B.
Serial Flashing Indicates the COM port is receiving and transmitting data.
HA On High Availability. The appliance has switched to a backup device.
Online On (steady) An Internet connection has been established.
VPN On Virtual private networking is active.
Table 3 SG565 LED descriptions
Label Activity Description
Power On (steady) Power is supplied to the UTM Firewall appliance.
McAfee UTM Firewall 4.0.4 Administration Guide 13
Introduction
UTM Firewall desktop appliances
Rear panel
The rear panel contains Ethernet and serial ports, the erase button, and power inlet. The serial port can be
connected to an analog/ISDN modem or terminal for serial console access.
Note: For instructions on serial console access, refer to Appendix C, Null modem administration.
If network status LEDs are present for the ports (not present on the SG310 model), the lower or left LED
indicates the link condition, where a cable is connected correctly to another device. The upper or right LED
indicates network activity.
Physical specifications
The following are the local or wide area network link specifications:
• 10/100BaseT 4 port LAN switch (SG310)
• 10/100BaseT 4 port VLAN-capable switch (SG560, SG560U, SG565, SG580)
Note: Port A1 is set to LAN and cannot be changed.
• Serial (for dial-up/ISDN)
• Front panel serial status LEDs (for TX/RX)
• Online status LEDs (for Internet/VPN)
• Rear panel Ethernet link and activity status LEDs
The following are the environmental specifications:
• External power adaptor (voltage/current depends on individual model)
• Front panel operating status LEDs: Power, H/B
• Operating temperature between 0° C and 40° C
• Storage temperature between -20° C and 70° C
• Humidity between 0 to 95% (non-condensing)
H/B (Heart
Beat)
Flashing steadily The appliance is operating correctly.
On If this LED is on and not flashing, an operating error has occurred.
Off If the power is on and the H/B light is off, either the Halt Now option is activated
in preparation to power down safely, or an operating error has occurred.
ETH Flashing Indicates network traffic.
USB Flashing Indicates activity on an attached USB device.
WLAN Flashing Indicates network traffic on the Wireless network interface.
Serial Flashing Indicates the COM port is receiving and transmitting data.
Online On (steady) An Internet connection has been established.
VPN On Indicates Virtual Private Networking is active. If IPSec tunnels are configured,
the light illuminates when a valid IPSec tunnel is active. If there are no IPSec
tunnels configured, the LED illuminates for the PPTP VPN Server. For the VPN
LED, IPSec takes precedence over other VPN configurations. For further
information on VPN, see Chapter 5, VPN menu features.
Table 3 SG565 LED descriptions <Comment>(continued)
Label Activity Description
14 McAfee UTM Firewall 4.0.4 Administration Guide
Introduction
UTM Firewall rack mount appliance
UTM Firewall rack mount appliance
The SG720 is the flagship of the UTM Firewall appliances. It features multi-megabit throughput,
rack-optimized form factor, three fast Ethernet ports, and two gigabit ports. There are no switches on the
SG720; all ports are bona fide ports.
Figure 2 SG720
In addition to providing all of the features described in the desktop appliances models section, the SG720
model equips central sites to securely connect hundreds of mobile employees and branch offices.
Front panel LEDs
The front panel contains LEDs indicating status. On the front panel Ethernet ports, the orange LED on the
upper right indicates the link condition when a cable is connected correctly to another device. The flashing
green LED to the upper left indicates network activity. A description of the front panel LEDs are detailed in
the following table.
Note: If H/B does not begin flashing shortly after power is supplied, refer to Recovering from a failed upgrade.
Front panel
The front panel contains two 10/100/1000 GbE (Gigabit Ethernet) ports (A and B), three 10/100BaseT FE
(Fast Ethernet) ports (C, D, and E), a serial port that can be connected to an analog/ISDN modem or
terminal for serial console access, as well as operating status LEDs and the configuration erase button.
Note: For instructions on serial console access, refer to Appendix C, Null modem administration.
Rear panel
The rear panel contains a power switch and a power inlet for an IEC power cable.
Physical specifications
The following are the connectivity specifications:
• Two 10/100/1000 GbE ports (A and B)
Note: Port A is set to LAN and cannot be changed.
• Three 10/100BaseT FE ports (C, D, E)
• Serial port
Table 4 SG720 LED descriptions
Label Activity Description
Online On An Internet connection has been established.
Failover On The appliance has switched to the backup Internet connection.
PWR On Power is supplied to the UTM Firewall appliance.
H/B (Heart
Beat)
Flashing The appliance is operating correctly.
On If this LED is on and not flashing, an operating error has occurred.
Off If the power is on and the H/B light is off, either the Halt Now option is
activated in preparation to power down safely, or an operating error has
occurred.
High Avail On High Availability. Indicates the appliance has switched to a backup
appliance.
McAfee UTM Firewall 4.0.4 Administration Guide 15
Introduction
UTM Firewall PCI appliance
• Online status LEDs (Online, Failover, High Availability)
• Ethernet link and activity status LEDs
The following are the environmental specifications:
• Front panel operating status LEDs: Power, H/B
• Operating temperature between 0° C and 40° C
• Storage temperature between -20° C and 70° C
• Humidity between 0 to 95% (non-condensing)
UTM Firewall PCI appliance
The UTM Firewall PCI appliance (SG640) is a hardware-based firewall and VPN server embedded in a
10/100 Ethernet PCI network interface card (NIC). It is installed into the host PC like a regular NIC,
providing a transparent firewall to shield the host PC from malicious Internet traffic, and VPN services to
allow secure remote access to the host PC.
Figure 3 UTM Firewall PCI appliance – SG640
Unlike other UTM Firewall desktop and rack mount appliances, a single UTM Firewall PCI appliance is not
intended as a means for your entire office LAN to be connected to, and shielded from the Internet.
Installing a UTM Firewall PCI appliance in each network-connected PC gives it its own independently
manageable, enterprise-grade VPN server and firewall, running in isolation from the host operating system.
This approach offers an increased measure of protection against internal threats, as well as conventional
Internet security concerns. You can update, configure and monitor the firewall and VPN connectivity of a
workstation or server from any Web browser. In the event of a breach, you have complete control over
access to the host PC independently of its operating system, even if the host PC has been subverted and is
denying normal administrator access.
All network filtering is handled entirely by the UTM Firewall appliance. This has the advantage over the
traditional approach of using a host-based personal software firewall and VPN service by not taxing the host
PC's resources.
Bridged mode
By default, the PCI appliance operates in bridged mode. This is distinctly different from the masquerading
behavior of UTM Firewall desktop and rack mount appliances.
In bridged mode, the PCI appliance uses two IP addresses. Note that these addresses are both in the same
subnet as the LAN, as no masquerading is being performed.
Note: It is possible to configure the UTM Firewall PCI appliance to run in masquerading mode. For more
information, refer to Masquerading page.
One IP address is used to manage the UTM Firewall appliance via the Management Console. The other is the
host PC's IP address, which is configurable through the host operating system, identically to a regular
Network Interface Card (NIC). This is the IP address that other PCs on the LAN see. It should be
dynamically (DHCP) or statically configured to use the same gateway and DNS settings as a regular PC on
the LAN.
16 McAfee UTM Firewall 4.0.4 Administration Guide
Introduction
UTM Firewall Management Console
LEDs
The rear panel contains LEDs indicating status. The two LEDs closest to the network port are network
activity (upper) and network link (lower). The two other LEDs are power (upper) and heart beat (lower).
Note: If the Heart Beat does not begin flashing shortly after power is supplied, refer to Recovering from a failed
upgrade.
Physical specifications
The following are the network link specifications:
• 10/100baseT Ethernet port
• Ethernet LEDs (link, activity)
The following are the environmental specifications:
• Status LEDs: Power, Heart Beat
• Operating temperature between 0° C and 40° C
• Storage temperature between -20° C and 70° C
• Humidity between 0 to 95% (non-condensing)
UTM Firewall Management Console
The features of your UTM Firewall appliance are configured and monitored using the UTM Firewall
Management Console. When you first browse to the Management Console, the Status page displays
(Figure 4). Here you can view the current system status of your UTM Firewall appliance. You can also view
the status of the UTM Firewall connections and the services that are running on it by selecting one of the
other two tabs that display on the Status page.
The menu displayed on the left side of every Management Console page is used to configure your UTM
Firewall appliance, or you can use the Quick Setup Wizard (see Chapter 2, Getting Started) and the guided
configurations. Once you have completed the initial configuration, you can continue the setup using the
Guided Configurations that are available from the lower pane of the page.
Table 5 SG640 LED descriptions
Location Activity Descriptions
Top right (Power On Power is supplied to the appliance.
Bottom right
(Heart beat)
Flashing The appliance is operating correctly.
On If this LED is on and not flashing, an operating error has occurred.
Off If the power is on and the H/B light is off, either the Halt Now option is activated
in preparation to power down safely, or an operating error has occurred.
Top left (Network
activity)
Flashing Data is being transmitted or received.
Bottom left
(Network link)
On The appliance is attached to the network.
McAfee UTM Firewall 4.0.4 Administration Guide 17
Introduction
UTM Firewall menus
Figure 4 UTM Firewall Management Console - Status page
Note: Advanced users can customize the appearance of the console, and override the default HTML styles. To do
so, create the file localstyle.css in the /etc/config/ directory with the styles you prefer.
UTM Firewall menus
To navigate the UTM Firewall interface, click a menu option on the left-side of the screen. The available
menu options depend on the particular UTM Firewall appliance model and the firmware version currently
installed.
Your current menu selection is highlighted.
The UTM Firewall Management Console contains the following menus:
•Network Setup
•Firewall
•VPN
•System
The following tables provide brief descriptions of the tabs available under each menu option.
18 McAfee UTM Firewall 4.0.4 Administration Guide
Introduction
UTM Firewall menus
Table 6 Network Setup menu
Network Setup menu
options
Description
Quick Setup Opens the Quick Setup page for accessing the Quick Setup Wizard, the product
registration links, and the guided configurations.
Network Setup Opens the Connections, Failover & High Availability, Routes, DNS, and IPv6 tabs for
configuring network-specific settings of the appliance.
See:
• Network overview.
• Failover, load balancing, and high availability.
• Routes.
• DNS.
• IPv6.
DHCP Server Opens the DHCP Server Configuration page for handing out IP addresses. See DHCP
Server.
Web Cache Opens the Web Cache pages for caching pages on the UTM Firewall appliance. See Web
cache.
Note: Not applicable to the SG310 or SG560 models.
Traffic Shaping Opens the Traffic Shaping pages for enabling and configuring QoS (Quality of Service)
traffic. See Traffic Shaping.
SIP Opens the SIP (Session Initiation Protocol) Proxy page for enabling and configuration.
See SIP.
Note: Not applicable to the SG310 model.
Table 7 Firewall menu
Firewall menu options Description
Definitions Opens the definitions pages for Service Groups, Addresses, and Interfaces. See
Definitions.
Packet Filtering Opens the Packet Filtering, Incoming Access, Custom Firewall Rules, and Custom IPv6
Firewall Rules tabs. See Packet filtering.
NAT Opens NAT pages for Port Forwarding, Source NAT, 1 to 1 NAT, Masquerading, and UPnP
Gateway. See NAT.
Connection Tracking Opens the Connection Tracking page in which you can enable or disable specific options
for connection tracking. Connection tracking keeps a record of packets that have passed
through the appliance and how the packets are interrelated. See Connection tracking.
Intrusion Detection Opens the configuration pages for Intrusion Detection and Prevention. See Intrusion
Detection Systems.
Note: Snort IDS (Intrusion Detection System) and IPS (Intrusion Prevention
System) features are not applicable to the SG310 or SG560 models. Basic IDB
(Intrusion Detection and Blocking) is available on all UTM Firewall models.
Access Control Opens the Authorizations pages for Access Control, ACL, Web Lists, Policy, and Web
Filtering. See Access control.
Antivirus Opens the Antivirus page where you can configure antivirus for email, Web downloads,
and FTP. See Antivirus.
Note: Not applicable to the SG310 or SG560 models.
Antispam Opens the Antispam page for configuring reputation thresholds for SMTP mail. See
Antispam (TrustedSource).
Table 8 VPN menu
VPN menu options Description
PPTP Opens the page for configuring the appliance as a PPTP VPN client or server. See PPTP
VPN Client, and PPTP VPN Server.
L2TP Opens the page for configuring the appliance as an L2TP VPN client or server. See L2TP
VPN Client, and L2TP VPN Server.
McAfee UTM Firewall 4.0.4 Administration Guide 19
Introduction
Interface icons
Interface icons
The icons in the UTM Firewall Management Console provide navigation to Online Help pages, system status,
backup and restore pages, and editing pages for features.
Home icon
The home icon (Figure 5) is available from every page within the UTM Firewall Management Console.
Clicking the icon returns you to UTM Firewall home page where a high-level summary of the system’s status
is displayed.
Figure 5 Home icon
Logout icon
The logout icon (Figure 6) is available from every page within the UTM Firewall Management Console.
Clicking the icon logs you out and ends the current session.
Figure 6 Logout icon
IPSec Opens the pages for configuring IP Security (IPSec). See IPSec VPN.
Port Tunnels Opens the pages for configuring HTTP and SSL client and server port tunnels. See Port
tunnels.
Note: Not applicable to the SG310 model.
Table 9 System menu
System menu options Description
Status Opens high-level summaries of the general system, the unit’s connections, and the unit’s
services. See Status menu.
System Setup Opens the Device Settings, Security Policy, Memory Allocation and Date and Time
configuration pages. See System Setup Menu.
Backup/Restore Opens the Remote, Local, and Text options for Configuration Backup/Restore. See
Backup/Restore menu.
Users Opens the Administrative users pages where you can add or edit users and their
permissions. See Users menu.
Management Opens the Management page where you can configure how the UTM Firewall device is
managed, such as through CMS or SNMP. See Management menu.
Diagnostics Opens the Diagnostics page where you can view system information, system log
information, perform networks tests, view USB devices (SG565 only), and capture
network traffic. See Diagnostics menu.
Advanced Opens the advanced features for Reboot / Configuration such as Reboot, Flash Upgrade,
upload and edit Configuration Files, and direct edit of Device Configuration. See
Advanced menu.
Help and Support Opens the Technical Support page, where you can find additional sources of information
or report an issue if you have a support agreement. See Help and Support menu option.
Table 8 VPN menu <Comment>(continued)
VPN menu options Description
20 McAfee UTM Firewall 4.0.4 Administration Guide
Introduction
Interface icons
Backup and restore icon
The backup and restore icon (Figure 7) is available from every page within the UTM Firewall Management
Console. Clicking the icon opens the Remote Configuration Backup/Restore page. For information on
backup and restore, see Remote Backup/Restore page.
Figure 7 Backup/Restore icon
Online help icon
To access context-sensitive help for the page your are currently viewing, click the help icon (Figure 8). For
more information about the Help and Support menu option, see Help and Support menu option.
Figure 8 Help icon
Edit and delete icons
Many of the pages in the UTM Firewall Management Console have icons with which you can edit or delete its
associated definition. You can click the edit icon (Figure 9) associated with the item you want to edit.
Figure 9 Edit icon
You can click the delete icon (Figure 10) associated with the item you want to delete.
Figure 10 Delete icon
Add above and below icons
Certain pages within the Web console, see packet filtering and NAT rules for example, have icons you can
use to add and manipulate the ordered list of objects within the pages.
The controls you use to manipulate rules (and policy routes as well) are labelled in Figure 11.
Figure 11 Rule object controls
The add above or below icon has plus (+) signs next to the arrows, indicating you are adding an object. The
arrow pointing upward adds the object above the current row selection; the arrow pointing downward adds
the object below the current row.
Many of the pages in the console also have enable or disable checkboxes. The enable checkbox is the
leftmost checkbox.
Tooltips
Hover your pointer over a control to view its tooltip (Figure 12).
Enable/disable checkbox
Move rule up/down arrow
Add above/below arrows
/