McAfee SG580 Specification

McAfee

®

UTM Firewall

Administration Guide

version 4.0.4

Issued August 2009 / McAfee UTM Firewall version 4.0.4

COPYRIGHT

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into

any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate

companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD,

INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE

EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY,

PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL

PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its

affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand

products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE

YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED

SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND

OTHER RELATED LICENSE GRANTOR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE

PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE

PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE).

IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF

APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions

Refer to the product Release Notes.

McAfee UTM Firewall 4.0.4 Administration Guide 3

Contents

About this Document 9

1 Introduction 11

UTM Firewall desktop appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Rear panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

UTM Firewall rack mount appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Front panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Rear panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

UTM Firewall PCI appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Bridged mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Physical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

UTM Firewall Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

UTM Firewall menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Interface icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Home icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Logout icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Backup and restore icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Online help icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Edit and delete icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Add above and below icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Tooltips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Help and Support menu option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Online Help page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Technical Support page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Technical Support Report page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

2 Getting Started 23

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Powering on the device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Connecting an administrative PC to the device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Setting password and LAN connection settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Configuring the UTM Firewall switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Selecting an initial firewall level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Confirming settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Setting up the PCs on your LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Automatic LAN configuration using the UTM Firewall DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Automatic LAN configuration using an existing DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Manual LAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Registering your UTM Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Using the My Secure Computing website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Creating an account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Adding your UTM Firewall appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Activating a feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Retrieving license information for add-on products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

3 Network Setup menu options 41

Network overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Quick Setup wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Network setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Multifunction vs. fixed-function ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

4 McAfee UTM Firewall 4.0.4 Administration Guide

Contents

Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Direct connection overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

Direct Connection Settings page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

Ethernet Configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Aliases tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Enabling IPv6 for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

ADSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Routed versus bridged DSL modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Accessing the ADSL connection methods page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Connecting with a cable modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Configuring a dialout connection on the COM port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Configuring dialout port settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Enabling dial on demand for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Configuring static IP addresses for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Configuring interface aliases for a connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Setting up dial-in access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Dial-in setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Connecting a dial-in client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Failover, load balancing, and high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Internet connection failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Editing failover connection parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Enabling load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Default high availability script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

Enabling high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Configuring high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

DMZ network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Configuring a DMZ connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80

Services on the DMZ network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81

Guest network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Configuring a guest connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Wireless security methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Configuring a wireless connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Bridging wireless and LAN connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Configuring Wireless MAC-based ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Configuring WDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

Configuring advanced wireless features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Adding a bridged interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Deleting a bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Bridging across a VPN connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Adding a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Port-Based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Enabling port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

Adding a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

GRE tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Troubleshooting GRE tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

3G USB Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . 106

Con

figuring 3G USB modem connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Configuring USB port settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Adding new 3G USB modem profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Creating a static route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Policy Routes page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Enabling route management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Manually configuring route management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Example: Configuring RIP Route Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Example: OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Example: BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

McAfee UTM Firewall 4.0.4 Administration Guide 5

Contents

DNS Proxy tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Dynamic DNS tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Static Hosts tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Enabling IPv6 at the appliance level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

DHCP Status page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

DHCP Addresses page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

DHCP Relay page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Configuring the Windows client for DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Verifying and troubleshooting DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132

Enabling the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

Creating a user account and network share in Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Allocating network storage for Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Configuring browsers to use the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Allocating local USB storage for Web caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Configuring Web Cache Peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138

Configuring ICAP client for Web Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

Configuring advanced settings for the Web cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Traffic Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Enabling QoS Autoshaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

About ToS packet priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Enabling the SIP proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

4 Firewall menu options 149

Controlling packet traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Firewall overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Service Groups page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Addresses page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Interfaces page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Packet filtering actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

Packet Filtering page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Incoming access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

About custom firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168

NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171

About port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

About masquerading and source NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

About one-to-one NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173

Port forwarding page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Source NAT page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

One-to-one NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Masquerading page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186

Universal Plug and Play Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

Configuring UPnP rules from Windows XP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

Supported Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Connection logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Preventing connection flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Configuring connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Disabling connection tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

About the Connection Tracking Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Viewing the connection tracking report in the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Downloading the connection tracking report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Example: Creating a connection tracking report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Benefits of using an IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Basic IDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Configuring basic IDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Selecting TCP dummy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

6 McAfee UTM Firewall 4.0.4 Administration Guide

Contents

Selecting UDP dummy services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Advanced Intrusion Detection and Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

About rule sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

Configuring Snort in IPS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Configuring Snort in IDS mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Logging to an analysis server (Snort IDS only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Setting up the analysis server for Snort IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Authorizations page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

User authentication for Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Configuring browsers to use the appliance Web proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

ACL tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

Web Lists tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Managing policy enforcement scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215

McAfee Web Protection Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216

McAfee Web Gateway web filtering service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Uploading a McAfee Web Gateway certificate and key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Copying and pasting a McAfee Web Gateway certificate and key . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Blocking categories for McAfee Web Gateway filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

Enabling antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

Manually downloading antivirus database files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Auxiliary storage for virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226

Virus scanning POP email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228

Virus scanning SMTP email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Virus scanning Web traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

Enabling FTP virus scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

Antispam (TrustedSource) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

About TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Enabling TrustedSource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234

5 VPN menu features 239

VPN overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

About PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

PPTP VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

PPTP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Enabling and configuring the PPTP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Adding a PPTP user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Setting up the remote PPTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245

Setting up a Windows XP PPTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245

L2TP VPN Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Configuring the L2TP VPN server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

L2TP IPSec Configuration page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Viewing the status of an L2TP IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Adding an L2TP user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256

Configuring the remote L2TP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256

L2TP VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

Browsing and name resolution using L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

IPSec VPN Setup page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Enabling IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Creating an IPSec tunnel with Quick Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

IPSec status details overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

IPSec Advanced Setup wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267

Keying modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Main keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Setting up a tunnel with RSA signatures authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Setting up a tunnel using x.509 certificates for authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Aggressive keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Manual keying mode for an IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Converting an IPSec tunnel configuration to the advanced format . . . . . . . . . . . . . . . . . . . . . . . . . 283

IPsec example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

McAfee UTM Firewall 4.0.4 Administration Guide 7

Contents

UTM Firewall appliance to UTM Firewall appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Setting up the branch office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Configuring headquarters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287

NAT traversal support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Dynamic DNS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Certificate management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .289

The OpenSSL application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Extracting a PKCS12 certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Creating a self-signed certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .290

Using certificates with Windows IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291

Adding a certificate for use with IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

IPSec failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Branch Office with a dynamic IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Branch Office with static IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

IPSec VPN offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Troubleshooting IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

IPSec tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

IPSec symptoms, causes, and solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

Port tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Configuring an HTTP tunnel client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312

Configuring an HTTP tunnel server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314

Configuring an SSL tunnel client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

Configuring an SSL tunnel server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316

Creating nested port tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318

6 System menu features 319

Status menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Reviewing the general system status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Reviewing the status of the unit’s connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Reviewing the status of the unit’s services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321

System Setup Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

Device tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

Date and Time tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Security Policy tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Memory Allocation tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328

Backup/Restore menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Local Backup/Erase page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Remote Backup/Restore page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330

Text save/restore tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Users menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Current User page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Users page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Groups page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .335

Domain page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .337

RADIUS page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

TACACS+ page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Password classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Service Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Management menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343

Web configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Certificates for HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Command Line access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

Enabling remote management by McAfee UTM Firewall Control Center . . . . . . . . . . . . . . . . . . . . . . 351

Control Center Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352

Enabling the SNMP agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353

Diagnostics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

System tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Viewing the Local System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355

Network Tests page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Detected USB Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361

Packet Capture page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361

Advanced menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

8 McAfee UTM Firewall 4.0.4 Administration Guide

Contents

Erasing configuration and rebooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365

Upgrading firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365

Configuration Files tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

ASystem Log 373

Access logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

Creating custom log rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374

Rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

Administrative access log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376

Boot log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

B Upgrading firmware 377

Firmware upgrade best practices and precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Restoring factory default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Upgrading firmware using Netflash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Troubleshooting Windows Netflash upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Recovering from a failed upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Recovery using Netflash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379

Recovery using a BOOTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .380

Recovery using the boot recovery image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381

C Null modem administration 383

Null modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Enabling null modem dial-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Enabling null modem dial out of the local PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

D CLI commands 385

Glossary 395

Index 401

McAfee UTM Firewall 4.0.4 Administration Guide 9

About this Document

This guide describes the features and capabilities of your McAfee UTM Firewall (formerly SnapGear

®

)

appliance. The document organization follows the menu layout of the UTM Firewall Management Console.

The appendixes contain additional maintenance and reference information.

This guide is intended for network and security administrators. It assumes familiarity with the internal

network of your organization, the Internet, HTTP (Hypertext Transfer Protocol), and FTP (File Transfer

Protocol).

You can find additional information at the following locations:

• Help – Help is built into the UTM Firewall Management Console. Click the Help icon in the upper right

corner of the Management Console screen.

• Support – Visit mysupport.mcafee.com to find product documentation, announcements, and support.

• Product updates – Visit my.securecomputing.com to download the latest McAfee UTM Firewall updates.

Refer to Table 1 for a list of the text conventions used.

Note: The IP addresses, screen captures, and graphics used within this document are for illustration purposes

only. They are not intended to represent a complete or appropriate configuration for your specific needs. Features

may be enabled in screen captures to make them clear; however, not all features are appropriate or desirable for

your setup.

Table 1 Conventions

Convention Description

Courier bold

Identifies commands and key words you type at a system prompt

Note: A backslash (\) signals a command that does not fit on the same line. Type the

command as shown, ignoring the backslash.

Courier italic

nnn.nnn.nnn.nnn

Indicates a placeholder for text you type

When enclosed in angle brackets (< >), identifies optional text

Indicates a placeholder for an IP address you type

Courier plain

Used to show text that appears on a computer screen

Plain text italics Identifies the names of files and directories

Used for emphasis (for example, when introducing a new term)

Plain text bold Identifies buttons, field names, and tabs that require user interaction

[ ] Signals conditional or optional text and instructions (for example, instructions that pertain only

to a specific configuration)

Caution: Signals be careful—in this situation, you might do something that could result in the loss of

data or an unpredictable outcome.

Note: Used for a helpful suggestion or a reference to material not covered elsewhere in the guide

Security Alert: Identifies information that is critical for maintaining product integrity or security

Tip: Indicates time-saving actions; may help you solve a problem

10 McAfee UTM Firewall 4.0.4 Administration Guide

McAfee UTM Firewall 4.0.4 Administration Guide 11

1

Introduction

Contents

UTM Firewall desktop appliances

UTM Firewall rack mount appliance

UTM Firewall PCI appliance

UTM Firewall Management Console

UTM Firewall menus

Interface icons

Help and Support menu option

UTM Firewall desktop appliances

The McAfee UTM Firewall desktop appliance range includes the following models:

Figure 1 UTM Firewall desktop appliance models

The UTM Firewall desktop appliance range provides Internet security and privacy of communications for

small and medium enterprises and branch offices. It simply and securely connects your office to the

Internet, and with its robust stateful firewall, shields your computers from external threats.

By default, all UTM Firewall appliances run a fully secured stateful firewall. This means from the PC

(Personal Computer) that the appliance is plugged into, most network resources are freely accessible.

However, any services that the PC provides, such as file shares or Web services such as IIS are not

accessible by other hosts on the internet without further configuration of the UTM Firewall appliance. This is

accomplished using packet filter rules. For details, refer to Packet filtering.

With the UTM Firewall appliance's masquerading firewall, hosts on your LAN (Local Area Network) can see

and access resources on the Internet, but all that outsiders see is the UTM Firewall appliance's external

address.

You can tailor your appliance to disallow access from your LAN to specific Internet sites or categories of

content, give priority to specific types of network traffic, and allow controlled access to your LAN from the

outside world. You can also choose to enable intrusion detection and prevention services on your UTM

Firewall appliance, to further bolster the security of your local network.

SG310 SG560 and SG560U

SG565 SG580

12 McAfee UTM Firewall 4.0.4 Administration Guide

Introduction

UTM Firewall desktop appliances

The SG560, SG560U, SG565, and SG580 can also connect to a DMZ (DeMilitarized Zone) network. A DMZ is

a separate local network typically used to host servers accessible to the outside world. It is separated both

physically and by the firewall, in order to shield your LAN from external traffic.

The UTM Firewall appliance allows you to establish a VPN (Virtual Private Network). A VPN enables remote

workers or branch offices to connect securely to your LAN over the public Internet. The UTM Firewall

appliance can also connect to external VPNs as a client. The SG560, SG560U, SG565, and SG580 use

onboard cryptographic acceleration to ensure excellent VPN throughput.

You can configure the appliance with multiple Internet connections. These auxiliary connections can be kept

on standby should the primary connection become unavailable, or maintained concurrently with the

primary connection for spreading network load.

The SG565 and SG580 incorporate a powerful Web proxy cache to improve Web page response time and

reduce link loads. It is designed to integrate seamlessly with upstream proxy caches provided by ISPs.

Front panel LEDs

The front and rear panels contain Light-emitting Diodes (LEDs) indicating status. LEDs and labels vary from

model to model. The labels for the front panel LEDs are detailed in the following tables.

Note: If H/B does not begin flashing shortly after power is supplied, refer to Recovering from a failed upgrade.

Table 1 SG310 LED descriptions

Label Activity Description

Power On (steady) Power is supplied to the UTM Firewall appliance.

TST Flashing Similar to H/B light on other models. The appliance is operating correctly.

On If this LED is on and not flashing, an operating error has occurred.

Off If the power is on and the H/B light is off, either the Halt Now option is activated

in preparation to power down safely, or an operating error has occurred.

LAN1, LAN2,

LAN3, LAN4

Flashing Indicates network traffic on the LAN network interfaces.

WAN Flashing Indicates network traffic on the Internet network interface.

Table 2 SG560, SG560U, and SG580 LED descriptions

Label Activity Description

Power On (steady) Power is supplied to the UTM Firewall appliance.

H/B (Heart

Beat)

Flashing steadily The appliance is operating correctly.

On If this LED is on and not flashing, an operating error has occurred.

Off If the power is on and the H/B light is off, either the Halt Now option is activated

in preparation to power down safely, or an operating error has occurred.

ETH A Flashing Indicates activity on the 4 port switch.

ETH B Flashing Indicates activity on Port B.

Serial Flashing Indicates the COM port is receiving and transmitting data.

HA On High Availability. The appliance has switched to a backup device.

Online On (steady) An Internet connection has been established.

VPN On Virtual private networking is active.

Table 3 SG565 LED descriptions

Label Activity Description

Power On (steady) Power is supplied to the UTM Firewall appliance.

McAfee UTM Firewall 4.0.4 Administration Guide 13

Introduction

UTM Firewall desktop appliances

Rear panel

The rear panel contains Ethernet and serial ports, the erase button, and power inlet. The serial port can be

connected to an analog/ISDN modem or terminal for serial console access.

Note: For instructions on serial console access, refer to Appendix C, Null modem administration.

If network status LEDs are present for the ports (not present on the SG310 model), the lower or left LED

indicates the link condition, where a cable is connected correctly to another device. The upper or right LED

indicates network activity.

Physical specifications

The following are the local or wide area network link specifications:

• 10/100BaseT 4 port LAN switch (SG310)

• 10/100BaseT 4 port VLAN-capable switch (SG560, SG560U, SG565, SG580)

Note: Port A1 is set to LAN and cannot be changed.

• Serial (for dial-up/ISDN)

• Front panel serial status LEDs (for TX/RX)

• Online status LEDs (for Internet/VPN)

• Rear panel Ethernet link and activity status LEDs

The following are the environmental specifications:

• External power adaptor (voltage/current depends on individual model)

• Front panel operating status LEDs: Power, H/B

• Operating temperature between 0° C and 40° C

• Storage temperature between -20° C and 70° C

• Humidity between 0 to 95% (non-condensing)

H/B (Heart

Beat)

Flashing steadily The appliance is operating correctly.

On If this LED is on and not flashing, an operating error has occurred.

Off If the power is on and the H/B light is off, either the Halt Now option is activated

in preparation to power down safely, or an operating error has occurred.

ETH Flashing Indicates network traffic.

USB Flashing Indicates activity on an attached USB device.

WLAN Flashing Indicates network traffic on the Wireless network interface.

Serial Flashing Indicates the COM port is receiving and transmitting data.

Online On (steady) An Internet connection has been established.

VPN On Indicates Virtual Private Networking is active. If IPSec tunnels are configured,

the light illuminates when a valid IPSec tunnel is active. If there are no IPSec

tunnels configured, the LED illuminates for the PPTP VPN Server. For the VPN

LED, IPSec takes precedence over other VPN configurations. For further

information on VPN, see Chapter 5, VPN menu features.

Table 3 SG565 LED descriptions <Comment>(continued)

Label Activity Description

14 McAfee UTM Firewall 4.0.4 Administration Guide

Introduction

UTM Firewall rack mount appliance

The SG720 is the flagship of the UTM Firewall appliances. It features multi-megabit throughput,

rack-optimized form factor, three fast Ethernet ports, and two gigabit ports. There are no switches on the

SG720; all ports are bona fide ports.

Figure 2 SG720

In addition to providing all of the features described in the desktop appliances models section, the SG720

model equips central sites to securely connect hundreds of mobile employees and branch offices.

Front panel LEDs

The front panel contains LEDs indicating status. On the front panel Ethernet ports, the orange LED on the

upper right indicates the link condition when a cable is connected correctly to another device. The flashing

green LED to the upper left indicates network activity. A description of the front panel LEDs are detailed in

the following table.

Note: If H/B does not begin flashing shortly after power is supplied, refer to Recovering from a failed upgrade.

Front panel

The front panel contains two 10/100/1000 GbE (Gigabit Ethernet) ports (A and B), three 10/100BaseT FE

(Fast Ethernet) ports (C, D, and E), a serial port that can be connected to an analog/ISDN modem or

terminal for serial console access, as well as operating status LEDs and the configuration erase button.

Note: For instructions on serial console access, refer to Appendix C, Null modem administration.

Rear panel

The rear panel contains a power switch and a power inlet for an IEC power cable.

Physical specifications

The following are the connectivity specifications:

• Two 10/100/1000 GbE ports (A and B)

Note: Port A is set to LAN and cannot be changed.

• Three 10/100BaseT FE ports (C, D, E)

• Serial port

Table 4 SG720 LED descriptions

Label Activity Description

Online On An Internet connection has been established.

Failover On The appliance has switched to the backup Internet connection.

PWR On Power is supplied to the UTM Firewall appliance.

H/B (Heart

Beat)

Flashing The appliance is operating correctly.

On If this LED is on and not flashing, an operating error has occurred.

Off If the power is on and the H/B light is off, either the Halt Now option is

activated in preparation to power down safely, or an operating error has

occurred.

High Avail On High Availability. Indicates the appliance has switched to a backup

appliance.

McAfee UTM Firewall 4.0.4 Administration Guide 15

Introduction

UTM Firewall PCI appliance

• Online status LEDs (Online, Failover, High Availability)

• Ethernet link and activity status LEDs

The following are the environmental specifications:

• Front panel operating status LEDs: Power, H/B

• Operating temperature between 0° C and 40° C

• Storage temperature between -20° C and 70° C

• Humidity between 0 to 95% (non-condensing)

UTM Firewall PCI appliance

The UTM Firewall PCI appliance (SG640) is a hardware-based firewall and VPN server embedded in a

10/100 Ethernet PCI network interface card (NIC). It is installed into the host PC like a regular NIC,

providing a transparent firewall to shield the host PC from malicious Internet traffic, and VPN services to

allow secure remote access to the host PC.

Figure 3 UTM Firewall PCI appliance – SG640

Unlike other UTM Firewall desktop and rack mount appliances, a single UTM Firewall PCI appliance is not

intended as a means for your entire office LAN to be connected to, and shielded from the Internet.

Installing a UTM Firewall PCI appliance in each network-connected PC gives it its own independently

manageable, enterprise-grade VPN server and firewall, running in isolation from the host operating system.

This approach offers an increased measure of protection against internal threats, as well as conventional

Internet security concerns. You can update, configure and monitor the firewall and VPN connectivity of a

workstation or server from any Web browser. In the event of a breach, you have complete control over

access to the host PC independently of its operating system, even if the host PC has been subverted and is

denying normal administrator access.

All network filtering is handled entirely by the UTM Firewall appliance. This has the advantage over the

traditional approach of using a host-based personal software firewall and VPN service by not taxing the host

PC's resources.

Bridged mode

By default, the PCI appliance operates in bridged mode. This is distinctly different from the masquerading

behavior of UTM Firewall desktop and rack mount appliances.

In bridged mode, the PCI appliance uses two IP addresses. Note that these addresses are both in the same

subnet as the LAN, as no masquerading is being performed.

Note: It is possible to configure the UTM Firewall PCI appliance to run in masquerading mode. For more

information, refer to Masquerading page.

One IP address is used to manage the UTM Firewall appliance via the Management Console. The other is the

host PC's IP address, which is configurable through the host operating system, identically to a regular

Network Interface Card (NIC). This is the IP address that other PCs on the LAN see. It should be

dynamically (DHCP) or statically configured to use the same gateway and DNS settings as a regular PC on

the LAN.

16 McAfee UTM Firewall 4.0.4 Administration Guide

Introduction

UTM Firewall Management Console

LEDs

The rear panel contains LEDs indicating status. The two LEDs closest to the network port are network

activity (upper) and network link (lower). The two other LEDs are power (upper) and heart beat (lower).

Note: If the Heart Beat does not begin flashing shortly after power is supplied, refer to Recovering from a failed

upgrade.

Physical specifications

The following are the network link specifications:

• 10/100baseT Ethernet port

• Ethernet LEDs (link, activity)

The following are the environmental specifications:

• Status LEDs: Power, Heart Beat

• Operating temperature between 0° C and 40° C

• Storage temperature between -20° C and 70° C

• Humidity between 0 to 95% (non-condensing)

UTM Firewall Management Console

The features of your UTM Firewall appliance are configured and monitored using the UTM Firewall

Management Console. When you first browse to the Management Console, the Status page displays

(Figure 4). Here you can view the current system status of your UTM Firewall appliance. You can also view

the status of the UTM Firewall connections and the services that are running on it by selecting one of the

other two tabs that display on the Status page.

The menu displayed on the left side of every Management Console page is used to configure your UTM

Firewall appliance, or you can use the Quick Setup Wizard (see Chapter 2, Getting Started) and the guided

configurations. Once you have completed the initial configuration, you can continue the setup using the

Guided Configurations that are available from the lower pane of the page.

Table 5 SG640 LED descriptions

Location Activity Descriptions

Top right (Power On Power is supplied to the appliance.

Bottom right

(Heart beat)

Flashing The appliance is operating correctly.

On If this LED is on and not flashing, an operating error has occurred.

Off If the power is on and the H/B light is off, either the Halt Now option is activated

in preparation to power down safely, or an operating error has occurred.

Top left (Network

activity)

Flashing Data is being transmitted or received.

Bottom left

(Network link)

On The appliance is attached to the network.

McAfee UTM Firewall 4.0.4 Administration Guide 17

Introduction

UTM Firewall menus

Figure 4 UTM Firewall Management Console - Status page

Note: Advanced users can customize the appearance of the console, and override the default HTML styles. To do

so, create the file localstyle.css in the /etc/config/ directory with the styles you prefer.

UTM Firewall menus

To navigate the UTM Firewall interface, click a menu option on the left-side of the screen. The available

menu options depend on the particular UTM Firewall appliance model and the firmware version currently

installed.

Your current menu selection is highlighted.

The UTM Firewall Management Console contains the following menus:

•Network Setup

•Firewall

•VPN

•System

The following tables provide brief descriptions of the tabs available under each menu option.

18 McAfee UTM Firewall 4.0.4 Administration Guide

Introduction

UTM Firewall menus

Table 6 Network Setup menu

Network Setup menu

options

Description

Quick Setup Opens the Quick Setup page for accessing the Quick Setup Wizard, the product

registration links, and the guided configurations.

Network Setup Opens the Connections, Failover & High Availability, Routes, DNS, and IPv6 tabs for

configuring network-specific settings of the appliance.

See:

• Network overview.

• Failover, load balancing, and high availability.

• Routes.

• DNS.

• IPv6.

DHCP Server Opens the DHCP Server Configuration page for handing out IP addresses. See DHCP

Server.

Web Cache Opens the Web Cache pages for caching pages on the UTM Firewall appliance. See Web

cache.

Note: Not applicable to the SG310 or SG560 models.

Traffic Shaping Opens the Traffic Shaping pages for enabling and configuring QoS (Quality of Service)

traffic. See Traffic Shaping.

SIP Opens the SIP (Session Initiation Protocol) Proxy page for enabling and configuration.

See SIP.

Note: Not applicable to the SG310 model.

Table 7 Firewall menu

Firewall menu options Description

Definitions Opens the definitions pages for Service Groups, Addresses, and Interfaces. See

Definitions.

Packet Filtering Opens the Packet Filtering, Incoming Access, Custom Firewall Rules, and Custom IPv6

Firewall Rules tabs. See Packet filtering.

NAT Opens NAT pages for Port Forwarding, Source NAT, 1 to 1 NAT, Masquerading, and UPnP

Gateway. See NAT.

Connection Tracking Opens the Connection Tracking page in which you can enable or disable specific options

for connection tracking. Connection tracking keeps a record of packets that have passed

through the appliance and how the packets are interrelated. See Connection tracking.

Intrusion Detection Opens the configuration pages for Intrusion Detection and Prevention. See Intrusion

Detection Systems.

Note: Snort IDS (Intrusion Detection System) and IPS (Intrusion Prevention

System) features are not applicable to the SG310 or SG560 models. Basic IDB

(Intrusion Detection and Blocking) is available on all UTM Firewall models.

Access Control Opens the Authorizations pages for Access Control, ACL, Web Lists, Policy, and Web

Filtering. See Access control.

Antivirus Opens the Antivirus page where you can configure antivirus for email, Web downloads,

and FTP. See Antivirus.

Note: Not applicable to the SG310 or SG560 models.

Antispam Opens the Antispam page for configuring reputation thresholds for SMTP mail. See

Antispam (TrustedSource).

Table 8 VPN menu

VPN menu options Description

PPTP Opens the page for configuring the appliance as a PPTP VPN client or server. See PPTP

VPN Client, and PPTP VPN Server.

L2TP Opens the page for configuring the appliance as an L2TP VPN client or server. See L2TP

VPN Client, and L2TP VPN Server.

McAfee UTM Firewall 4.0.4 Administration Guide 19

Introduction

Interface icons

The icons in the UTM Firewall Management Console provide navigation to Online Help pages, system status,

backup and restore pages, and editing pages for features.

Home icon

The home icon (Figure 5) is available from every page within the UTM Firewall Management Console.

Clicking the icon returns you to UTM Firewall home page where a high-level summary of the system’s status

is displayed.

Figure 5 Home icon

Logout icon

The logout icon (Figure 6) is available from every page within the UTM Firewall Management Console.

Clicking the icon logs you out and ends the current session.

Figure 6 Logout icon

IPSec Opens the pages for configuring IP Security (IPSec). See IPSec VPN.

Port Tunnels Opens the pages for configuring HTTP and SSL client and server port tunnels. See Port

tunnels.

Note: Not applicable to the SG310 model.

Table 9 System menu

System menu options Description

Status Opens high-level summaries of the general system, the unit’s connections, and the unit’s

services. See Status menu.

System Setup Opens the Device Settings, Security Policy, Memory Allocation and Date and Time

configuration pages. See System Setup Menu.

Backup/Restore Opens the Remote, Local, and Text options for Configuration Backup/Restore. See

Backup/Restore menu.

Users Opens the Administrative users pages where you can add or edit users and their

permissions. See Users menu.

Management Opens the Management page where you can configure how the UTM Firewall device is

managed, such as through CMS or SNMP. See Management menu.

Diagnostics Opens the Diagnostics page where you can view system information, system log

information, perform networks tests, view USB devices (SG565 only), and capture

network traffic. See Diagnostics menu.

Advanced Opens the advanced features for Reboot / Configuration such as Reboot, Flash Upgrade,

upload and edit Configuration Files, and direct edit of Device Configuration. See

Advanced menu.

Help and Support Opens the Technical Support page, where you can find additional sources of information

or report an issue if you have a support agreement. See Help and Support menu option.

Table 8 VPN menu <Comment>(continued)

VPN menu options Description

20 McAfee UTM Firewall 4.0.4 Administration Guide

Introduction

Interface icons

Backup and restore icon

The backup and restore icon (Figure 7) is available from every page within the UTM Firewall Management

Console. Clicking the icon opens the Remote Configuration Backup/Restore page. For information on

backup and restore, see Remote Backup/Restore page.

Figure 7 Backup/Restore icon

Online help icon

To access context-sensitive help for the page your are currently viewing, click the help icon (Figure 8). For

more information about the Help and Support menu option, see Help and Support menu option.

Figure 8 Help icon

Edit and delete icons

Many of the pages in the UTM Firewall Management Console have icons with which you can edit or delete its

associated definition. You can click the edit icon (Figure 9) associated with the item you want to edit.

Figure 9 Edit icon

You can click the delete icon (Figure 10) associated with the item you want to delete.

Figure 10 Delete icon

Add above and below icons

Certain pages within the Web console, see packet filtering and NAT rules for example, have icons you can

use to add and manipulate the ordered list of objects within the pages.

The controls you use to manipulate rules (and policy routes as well) are labelled in Figure 11.

Figure 11 Rule object controls

The add above or below icon has plus (+) signs next to the arrows, indicating you are adding an object. The

arrow pointing upward adds the object above the current row selection; the arrow pointing downward adds

the object below the current row.

Many of the pages in the console also have enable or disable checkboxes. The enable checkbox is the

leftmost checkbox.

Tooltips

Hover your pointer over a control to view its tooltip (Figure 12).

Enable/disable checkbox

Move rule up/down arrow

Add above/below arrows

Page is loading ...

McAfee SG580 Specification

This manual is also suitable for

McAfee SG580 Specification

Related papers

Other documents