Symantec SGM 1600 Installation guide

  • Hello! I am an AI chatbot trained to assist you with the Symantec SGM 1600 Installation guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Symantec™ Gateway Security 1600
Series v3.0
Installation Guide
Supported platforms:
1620, 1660
Symantec™ Gateway Security 1600 Series v.3.0
Installation Guide
Documentation version 1.0
January 26, 2006
Copyright © 2006 Symantec Corporation. All rights reserved.
Federal Acquisitions: Commercial Software - Government Users Subject to Standard License Terms
and Conditions.
Symantec, the Symantec Logo, Symantec Gateway Security are trademarks or registered trademarks
of Symantec Corporation in the United States and certain other countries. Additional company and
product names may be trademarks or registered trademarks of the individual companies and are
respectfully acknowledged.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be reproduced in
any form by any means without prior written authorization of Symantec Corporation and its licensors,
if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID.
Printed in the United States of America.
10987654321
Technical support
As part of Symantec Security Response, the Symantec global Technical Support group maintains
support centers throughout the world. The Technical Support group’s primary role is to respond to
specific questions on product feature/function, installation, and configuration, as well as to author
content for our Web-accessible Knowledge Base. The Technical Support group works collaboratively
with the other functional areas within Symantec to answer your questions in a timely fashion. For
example, the Technical Support group works with Product Engineering as well as Symantec Security
Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security
alerts.
Symantec technical support offerings include:
A range of support options that give you the flexibility to select the right amount of service for any
size organization
Telephone and Web support components that provide rapid response and up-to-the-minute
information
Upgrade insurance that delivers automatic software upgrade protection
Content Updates for virus definitions and security signatures that ensure the highest level of
protection
Global support from Symantec Security Response experts, which is available 24 hours a day, 7 days
a week worldwide in a variety of languages for those customers enrolled in the Platinum Support
program
Advanced features, such as the Symantec Alerting Service and Technical Account Manager role,
offer enhanced response and proactive security support
Please visit our Web site for current information on Support Programs. The specific features available
may vary based on the level of support purchased and the specific product that you are using.
Licensing and registration
This product requires a license file. The fastest and easiest way to register your service is to access the
Symantec licensing and registration site at https://licensing.symantec.com/licenseapp/jsp/
See the Symantec Gateway Security 1600 Series v3.0 Getting Started Guide.
Contacting Technical Support
Customers with a current maintenance agreement may contact the Technical Support group online at
www.symantec.com/techsupp and access the Get Enterprise Support link for information in North
American English. For support in other languages, select the language for the appropriate Global Site,
then select the continue link for enterprise.
Customers with Platinum support agreements may contact Platinum Technical Support by accessing
the Platinum Web site at https://www-secure.symantec.com/platinum.
When contacting the Technical Support group, have the following information available:
Product release level
Hardware information
Available memory, disk space, NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description
Error messages/log files
Troubleshooting performed prior to contacting Symantec
Recent software configuration changes and/or network changes
Contacting Customer Service
To contact Enterprise Customer Service online, go to www.symantec.com/techsupp and access the Get
Enterprise Support link for support in North American English. For support in other languages, select
the language for the appropriate Global Site, then select the continue link for enterprise.
Customer Service is available to assist with the following types of issues:
Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information on product updates and upgrades
Information on upgrade insurance and maintenance contracts
Information on Symantec Value License Program
Advice on Symantec’s technical support options
Nontechnical presales questions
Missing or defective CD-ROMs or manuals
Contents
Chapter 1 Installing the appliance
About the Symantec Gateway Security 1600 Series v3.0 ......................................................................................7
Intended audience ...............................................................................................................................................7
Requirements for the installation .............................................................................................................................7
Installing the Symantec Gateway Security 1600 Series appliance ...................................................................... 8
Installing as a free-standing appliance ............................................................................................................ 8
Installing as a rack-mounted appliance ........................................................................................................... 8
Symantec Gateway Security 1600 Series hardware ...............................................................................................9
Front panel status indicators ............................................................................................................................. 9
Symantec Gateway Security 1600 Series back panel features ...................................................................10
Connecting an uninterruptible power supply .......................................................................................................11
Resetting the appliance to factory defaults ...........................................................................................................12
Restoring the appliance firmware with the Symantec Gateway Security OS Restore CD-ROM ...................13
Chapter 2 Developing a security plan
Defining your security policy ..................................................................................................................................15
Before writing your security plan ...................................................................................................................15
Becoming security conscious ...........................................................................................................................16
Educating users ..........................................................................................................................................................16
Involving the user community ........................................................................................................................16
Security policy worksheets ......................................................................................................................................17
Defining your organization ..............................................................................................................................17
Collecting hardware information ....................................................................................................................19
Collecting your TCP/IP address .......................................................................................................................20
Defining your allowed TCP/IP services ..........................................................................................................21
Collecting email information for security gateway notifications ..............................................................23
Defining your Web services .............................................................................................................................23
Defining your network architecture ...............................................................................................................25
6 Contents
Chapter
1
Installing the appliance
This chapter includes the following topics:
About the Symantec Gateway Security 1600 Series v3.0
Requirements for the installation
Installing the Symantec Gateway Security 1600 Series appliance
Symantec Gateway Security 1600 Series hardware
Connecting an uninterruptible power supply
Resetting the appliance to factory defaults
Restoring the appliance firmware with the Symantec Gateway Security OS Restore CD-ROM
About the Symantec Gateway Security 1600 Series v3.0
Symantec Gateway Security 1600 Series v3.0 is a comprehensive network security device that
integrates firewall, VPN, antivirus, antispyware, antispam, intrusion detection and prevention,
content filtering, and high availability/load balancing components into an appliance that protects
networks at the gateway to the Internet or subnets of larger WANs and LANs.
Intended audience
This manual is intended for system managers or system administrators responsible for installing and
administering Symantec Gateway Security 1600 Series appliances.
Warning: This is an electrically powered device. You must adhere to warnings and cautions when
installing or working with the Symantec Gateway Security 1600 Series appliance. Read the installation
instructions and heed all warnings before connecting the appliance to its power source.
See the Symantec Gateway Security 1600 Series Getting Started Guide for all warning information about
the Symantec Gateway Security 1600 Series appliances.
Requirements for the installation
Before you install and activate your Symantec Gateway Security 1600 Series appliance, you should
review your security plan.
See “Developing a security plan” on page 17.
8 Installing the appliance
Installing the Symantec Gateway Security 1600 Series appliance
You can install the Symantec Gateway Security 1600 Series appliance on a flat surface or in a rack.
When preparing to install your appliance, refer to the following guidelines:
Prepare a smooth and level surface
Place the appliance on a smooth and level surface, such as the top of a computer table or in a rack.
Make sure that the area is clear of dust and debris.
Provide adequate ventilation
The installation site must meet minimum environmental specifications. Ensure that there is
adequate space around the appliance to allow air circulation for cooling.
Caution: Never place objects on top of the appliance.
Ensure use of a proper power source
Install the appliance near a power source that provides adequate power and is located so that the
power cord is not strained, stretched, or in danger of becoming unplugged.
Caution: Do not use an extension cord to supply power to this unit.
Locate the appliance and cables away from high-traffic areas
Install the appliance in an area that is out of the way of foot traffic.
Allow access to this area only by authorized security personnel
Installing the Symantec Gateway Security 1600 Series
appliance
You can install the Symantec Gateway Security 1600 Series v 3.0 appliance as a free-standing appliance
or in a rack.
Installing as a free-standing appliance
The Symantec Gateway Security 1600 Series v3.0 can be installed as a free-standing appliance on a flat
surface, such as a desktop or shelf. Install the Symantec Gateway Security 1600 Series v3.0 appliance at
a location that meets the pre-installation requirements.
See “Requirements for the installation” on page 7.
When installing as a free-standing appliance, you must attach rubber feet to the bottom of the
appliance.
See the Symantec Gateway Security 1600 Series v3.0 Getting Started Guide for instructions about
attaching the rubber feet.
Installing as a rack-mounted appliance
This section describes how to install the appliance in a standard 19-inch equipment rack.
Each security gateway is provided with two rack mounting brackets for mounting on the front of two-
post or four-post racks. Symantec Gateway Security 1600 Series v3.0 appliances cannot be mounted on
two-post center racks. Because rack hardware can differ between sites, rack-mounting screws are not
shipped with the security gateway. Before installing your appliance, obtain the proper screws for
mounting the appliance in your rack.
9Installing the appliance
Symantec Gateway Security 1600 Series hardware
The following rack-mounting procedure applies to all Symantec Gateway Security 1600 Series v3.0
appliances.
To install a rack-mounted appliance
1 Using the bracket screws supplied, connect the mounting brackets to the sides of the appliance.
2 Using the mounting screws provided with the rack, secure the mounting brackets to the equipment
rack.
Symantec Gateway Security 1600 Series hardware
The Symantec Gateway Security 1600 Series v3.0 consists of the models 1620 and 1660. Both models
run the same software and have the same front panel features.
Front panel status indicators
The front panel of the Symantec Gateway Security 1600 Series v3.0 contains status indicators to
provide a quick visual status of the appliance.
Figure 1-1 shows the front panel status indicators.
Figure 1-1 Front panel status indicators
Table 1-1 describes the front panel status indicators.
Table 1-1 Front panel status indicators
Label Feature Description
1 Power On to indicate the power is on.
2 Disk activity Flashes intermittently when there is activity on the hard disk drive.
3 Attention On when the appliance needs attention or is not passing traffic. Check log
messages for more information.
See the Symantec Gateway Security 1600 Series v3.0 Administration Guide for
more information on log messages.
Also on during the power on process.
4 Ready On when the security gateway is running.
5 Network activity Flashes intermittently when there is network traffic.
10 Installing the appliance
Symantec Gateway Security 1600 Series hardware
Table 1-2 describes the attention and ready status indicator states.
Symantec Gateway Security 1600 Series back panel features
This section describes the back panel features of the Symantec Gateway Security 1600 Series v3.0. All
models of the Symantec Gateway Security 1600 Series appliances have Ethernet ports which can
connect to 10/100/1000 Base-T networks. The back panels of the models 1660 and 1620 are different.
The model 1660 has two additional Ethernet ports.
Figure 1-2 describes the back panel features for the Symantec Gateway Security 1660 appliance.
Figure 1-2 Symantec Gateway Security 1660 appliance back panel
Table 1-2 Status indicator states
Attention Ready Description
on off Error during startup. Check log messages for more
information.
See the Symantec Gateway Security 1600 Series v3.0
Administration Guide for more information on log
messages.
off slow blink Normal startup in progress
slow blink slow blink Restoring appliance firmware
slow blink on The power button was pushed and the security gateway
is shutting down.
The reset button was pushed and the security gateway is
restarting.
off on Normal operation, the security gateway is running.
fast blink on There is a problem with the security gateway. The
problem could be over temperature, fan failure, or
another other issue. Check log messages for more
information.
See the Symantec Gateway Security 1600 Series v3.0
Administration Guide for more information on log
messages.
on on The security gateway started, but is not running. Before
the initial setup wizard is completed, the indicators are
in this configuration.
11Installing the appliance
Connecting an uninterruptible power supply
Table 1-3 describes the Symantec Gateway Security 1660 back panel features.
Connecting an uninterruptible power supply
In the event of a power failure, using an Uninterruptible Power Supply (UPS) provides power for an
additional period of time that allows you to control how the appliance is turned off. The appliance
communicates directly to the UPS unit through a USB port.
The recommended supplier for UPS units is American Power Conversion (www.apcc.com). The UPS
unit must support USB ports. Units that support serial ports only do not work with Symantec Gateway
Security 1600 Series appliances.
Table 1-3 Model 1660 back panel features
Location Feature Description
1 Reset button Restarts the security gateway. Also used during the restoring the appliance
firmware process.
See “Restoring the appliance firmware with the Symantec Gateway Security
OS Restore CD-ROM” on page 13.
2 Master power
switch
Turns the appliance on or off.
3 Serial console port Provides a connection for local terminal emulator to access the appliances
serial console menu (an abbreviated command line menu) and the Linux
operating system. Primary configuration of the security gateway is through
the Java-based SGMI. Making changes to the operating system is not
supported.
See the Symantec Gateway Security 1600 Series v3.0 Administration Guide
for more information on the serial console menu.
4 USB ports Provides a modem connection for dialing pager phone numbers for
delivering notifications. Supports (but does not include) USB modems that
use standard AT command set for notifications. Complies with the USB CDC
ACM specification.
See the Symantec Gateway Security 1600 Series v3.0 Administration Guide
for more information.
Lets you connect an Uninterruptible Power Supply (UPS) to the USB port for
smart UPS support.
See “Connecting an uninterruptible power supply” on page 11.
Note: Either USB port can be used for either task.
5 eth0 Accepts a 10/100/1000 Base-T network cable that allows Ethernet network
connection. This port is outlined in green and is used as an inside interface
only.
6 eth1 Accepts a 10/100/1000 Base-T network cable that allows Ethernet network
connection. This port is outlined in red and is used as an outside interface
only.
7 eth2 Accepts a 10/100/1000 Base-T network cable that allows Ethernet network
connection.
8 eth3 Accepts a 10/100/1000 Base-T network cable that allows Ethernet network
connection. Available only on model 1660.
9 eth4 Accepts a 10/100/1000 Base-T network cable that allows Ethernet network
connection. Available only on model 1660.
10 Power socket Connection for AC power cord.
12 Installing the appliance
Resetting the appliance to factory defaults
To connect an uninterruptible power supply
1 Plug the UPS into a suitable power outlet.
2 Turn on the UPS.
3 Plug the Symantec Gateway Security 1600 Series power cord into the UPS power socket.
4 Connect the UPS USB cable to the UPS unit and the appliance.
After you have connected your UPS to the appliance, you can configure UPS support from the Security
Gateway Management Interface (SGMI).
See the Symantec Gateway Security 1600 Series v3.0 Administration Guide for more information
configuring UPS support.
Resetting the appliance to factory defaults
Use the reset button to reset the security gateway to its original factory default state. Any previously
installed license files will be maintained. After resetting the appliance to factory defaults, you must
perform the initial setup process again.
See the Symantec Gateway Security 1600 Series Getting Started Guide for more information.
You can also reset the appliance to factory defaults using the serial console menu. See the Symantec
Gateway Security 1600 Series Administration Guide for more information.
Caution: Any software patches, including LiveUpdates, that you may have applied are removed and
must be reapplied. All network information and configuration data is removed.
See the Symantec Gateway Security 1600 Series Administration Guide for more information about
backing up and restoring configurations.
To use the reset button to restore to factory defaults
1 Turn on and boot the appliance normally. Wait until the booting process has completed entirely.
2 On the back panel of the appliance, press the reset button in for at least 6 seconds.
After 5 seconds, on the front panel of the appliance, the attention indicator will start to blink.
3 Release the reset button for about 1-2 seconds.
The ready and attention indicators then start to slow blink alternately.
4 Press the reset button again for about 1-2 seconds, and then release.
The ready and attention indicators blink once as the restoration process starts. The process can
take about 10 to 15 minutes. All files and configurations will be reverted to factory default states
except any previously installed license files, which will be maintained.
When the ready indicator is on steadily, the appliance is restored.
13Installing the appliance
Restoring the appliance firmware with the Symantec Gateway Security OS Restore CD-ROM
Restoring the appliance firmware with the Symantec Gateway
Security OS Restore CD-ROM
The Symantec Gateway Security OS Restore CD-ROM contains a Symantec Gateway Security 1600
Series v3.0 restore program. The restore program returns the appliance to its original factory
condition. The difference between this restore procedure and the reset button procedure is that using
the OS Restore CD-ROM will also delete any license files previously installed. You boot the OS Restore
CD-ROM in a computer connected directly or by a network to the appliance.
Caution: The OS restore operation results in the complete overwriting of your existing appliance
configuration. All configuration and license data is lost. You will need to reinstall your licenses.
For information on preserving your configuration settings, see the Symantec Gateway Security 1600
v3.0 Series Administration Guide.
Using the Symantec Gateway Security OS Restore CD-ROM that came with your security gateway,
place it in the computer that you would use in the event you needed to restore your firmware. Once the
Symantec Gateway Security OS Restore CD-ROM boots, it will tell you whether it found the appropriate
hardware to continue the process. If it cannot use your network card, locate another computer with a
different network interface type.
The requirements for the computer running the operating system restore program are as follows:
A computer with a BIOS that lets you boot from an IDE (ATAPI) CD-ROM.
Intel x86 based.
Bootable from a CD-ROM.
PII class processor with at least 64 MB of RAM
A single installed 10/100 or 10/100/1000 MB network interface card such as the following:
Intel PRO/100+ SGS Adapter (PILA8470B)
Linksys EtherFast 10/100 LAN Card (LNE100TX)
Netgear Fast Ethernet PCI Adapter (FA312TX)
3Com OfficeConnect Fast Ethernet NIC (3CSOHO100-TX)
3Com Fast EtherLink XL PCI NIC (3C905B-TX)
Ethernet cable to connect the appliance directly to the eth0 network interface on the computer or a
connection to a switch or hub to which the appliance is attached.
Restoring the appliance firmware requires that you turn on the appliance while the reset button is
depressed. To successfully restore the appliance firmware to its original factory condition, you must
allow this process to execute without interruption. This process can take approximately 15 minutes to
complete.
To restore the appliance firmware
1 Turn off the power to the appliance using the power switch.
2 Connect the computer used to restore the appliance to the eth0 network interface, on the back of
the appliance, using an Ethernet cable. You can also connect the computer using a switch or hub to
which the appliance is connected.
3 On the computer used to restore the appliance, do the following:
Set the computer to boot from the CD-ROM.
Insert the Symantec Gateway Security OS Restore CD-ROM into the CD-ROM drive.
Reboot the computer.
14 Installing the appliance
Restoring the appliance firmware with the Symantec Gateway Security OS Restore CD-ROM
4 When prompted to accept the Symantec Gateway Security Appliance License and Warranty
Agreement, press the space bar to read the entire agreement. Type Y to accept the agreement, and
then press Enter.
Do not follow the restore commands displayed. Proceed using the following steps in this procedure.
5 On the appliance, press and hold the reset button. With the reset button depressed, press and
release the power button to turn on the appliance.
When the attention indicator on the front panel starts flashing, do the following:
Release the reset button, and then wait 1-2 seconds before proceeding. After 1-2 seconds, the
ready indicator on the front panel begins to blink, indicating that the appliance is waiting for
a confirmation of the network boot command.
To confirm the network boot command, press and hold the reset button for 1-2 seconds, and
then release it. The network boot communication is attempted through the computer
connected to eth0.
If the network boot communication is successful, the restore process starts. This process can take
15-20 minutes. The appliance reboots automatically after the restore process is complete, and then
turns off.
6 Restart the computer used to do the restore and, during the initial boot process, remove the CD-
ROM from the drive. The CD-ROM is not ejected automatically during the restart.
7 Turn on the security gateway using the power switch, and then perform the initial setup process
again.
For information regarding initial setup, see the Symantec Gateway Security 1600 Series Getting
Started Guide.
Chapter
2
Developing a security plan
This chapter includes the following topics:
Defining your security policy
Educating users
Security policy worksheets
Defining your security policy
Ideally, your security policy should be captured in a document that describes your organization’s
network security needs and concerns. Creating this document is the first step in building an effective
overall network security system and should be done prior to installation.
Developing a security plan helps you collect the information needed to install and configure your
Symantec security gateway.
Your security plan details the implementation of your security policy. Based on the security concerns
and trade-offs of your overall policy, your security plan should contain a set of tasks. One of these
tasks should consist of establishing procedures and rules for access to resources located on your
network.
These resources include:
Host computers and servers
Works tati ons
Connection devices (gateways, routers, bridges, and repeaters)
Terminal servers and remote access servers
Networking and applications software
Information in files and databases
The firewall component of Symantec Gateway Security 1600 Series v3.0 is the main tool for enforcing
access security gateway access, allowing you to define a set of rules that allow or deny access to
specific resources throughout your network.
Before writing your security plan
Before you begin writing rules to implement your plan, you need to answer the following questions:
How many points of entry exist on your network? A security gateway defends a single point of
entry. Every point of entry should be protected by a security gateway. A Virtual Private Network
(VPN) server also defends a single point of entry. You must decide what access the VPN server is
going to provide for resources that exist behind the firewall.
What types of services, such as Web or FTP, do you want to allow for internal users?
To what hosts, subnets, and users do you want to allow services?
16 Developing a security plan
Educating users
What external users will have access to your network? Where will they come from and where do
you want to allow them to go? During what hours? For what period of time?
Do you intend to implement a service network?
Do you intend to implement a de-militarized zone (DMZ)?
What types of services do you want to allow for external users and hosts?
What type of authentication will you require for external users? (Strong authentication is
recommended for any access from public networks.)
If you are implementing VPN tunnels between any internal and external hosts, what types of
traffic will be allowed over these tunnels?
Will you place your Web server inside or outside of your protected network, or on a service
network?
Becoming security conscious
Developing and implementing a security plan for the security gateway you are installing should be
only one part of your overall security policy. The security gateway offers the best protection against
uninvited entry into your network. However, the security gateway cannot guard against entry by
people who obtain valid authentication credentials, any more than a sophisticated lock can stop a thief
in possession of the right key.
Formulate goals
Take the time to formulate the specific goals of your security plan. Identify the resources you are
protecting and all possible threats. Protecting your resources from unauthorized external users may be
only one of your goals. You may also need to limit internal access to certain systems to specific users
and groups, within specific time periods. You will need to define these users and groups for the firewall
and how to configure special services to be passed through these systems.
Review issues
You should review your organization’s specific issues in detail before you begin configuring the
security gateway. Your network’s security depends on planning sound policies, implementing them
carefully, and confirming that they work as intended.
Educating users
Your overall site policy involves a numbers of tasks. Of these, user education is most important.
Publish your company’s security policy. Make sure your users are informed of the determination of
would-be invaders and the sophistication of available password guessing programs. Make sure they
understand how common security breaches are and how costly they can be. These facts alone dictate
that users should be encouraged to select passwords that are difficult to crack and to change passwords
regularly.
Involving the user community
When developing the details of your security plan, you should solicit the input of group managers or
leaders on what services they require, for what users, and so on. Explain to users the need for network
security to protect private information, intellectual property, and your business plans.
Notifying affected users
Before implementing policies, notify the user community of your proposed policies. Doing so in
advance can prevent unnecessary frustration on the part of your users.
17Developing a security plan
Security policy worksheets
For instance, if you plan to limit Web services to a single server during specific hours, let this be known
to the affected groups and users. If you plan to pass all email through a dedicated server, or if external
users will be disallowed from accessing certain systems by Telnet, consider passing these changes
along before implementation. Consulting users prior to implementation may save you the time needed
to fine-tune those policies later.
Taking a pro-active stance
Keep in mind that configuring a set of authorization rules on the security gateway is just one piece of
your overall security plan.
To be effective, this plan should also include the following:
Physical security of key systems (especially the security gateway)
Security risk training for users
Guidelines on passwords
Proprietary information policies
Network planning
Security policy worksheets
To aid you in the planning process, we have provided a set of policy planning worksheets. Use these
worksheets to help implement the specific tasks of your security plan and to assist you during the
installation process.
Defining your organization
Begin by defining your organization. Here is where you explore your existing security policy, if any.
Note who will be assigned as administrators, the types of authentication you will use, and how your
administrators will be contacted.
To define your organization
1 Does your organization have a security policy?
If you checked No, refer to the first part of this chapter for information relating to the development
of a security policy.
2 Number of users behind your security gateway:
_____
3 Do you plan to establish special groups or users with different levels of access or control that other
groups and users will not have?
4 Do you plan to establish subnets, users by subnet, or users by authentication?
_____ Yes _____ No
_____ Yes _____ No
_____ Yes _____ No
18 Developing a security plan
Security policy worksheets
5 What are your network access points?
6 Name of the primary administrator:
7 Use Table 2-1 to list all persons involved in administering the system.
8 Are organization computer resources accessible by remote dial-in?
9 Are organization computer resources accessible by an internal network?
10 What communications servers (e-mail) are used? (such as SMTP or Microsoft Exchange)
11 What form of authentication will be used for remote access to company resources?
12 Will there be different authentication and group servers?
______________________________________________________________________
______________________________________________________________________
____________________________________
Table 2-1 Administrator names
Name Email Phone Pager
______________________ ______________________ ______________________ ______________________
______________________ ______________________ ______________________ ______________________
______________________ ______________________ ______________________ ______________________
______________________ ______________________ ______________________ ______________________
_____ Yes _____ No
_____ Yes _____ No
______________________________________________________________________
______________________________________________________________________
_____ User name/password _____ RADIUS Defender
_____ Entrust _____ RSA SecurID
_____ LDAP _____ Other
_____ RADIUS
_____ Yes _____ No
19Developing a security plan
Security policy worksheets
13 What kind of security certificate will you use?
14 What mechanism will be used for suspicious activity alerts?
15 Do you have other Symantec security gateways on your network now?
y
16 If yes, what version? ________________________________
17 Do you plan to combine security gateways for failover?
18 Do you have third-party (non-Symantec) firewalls on your network now?
19 If yes, which one and version? ________________________________
20 Have you created a network diagram? If so, please print and attach.
Collecting hardware information
Before you begin the installation process, you should collect some basic hardware information.
To collect hardware information
1 Record the number of host computers of each type that compose your network:
Before installation, ensure that the host network connections are configured and tested properly.
Verify that you can ping the network interfaces of the server from clients on the same network.
2 What kind of Internet access do you have? What speed?
3 Record the name of your Internet Service Provider (ISP):
______________________________
_____ Self-signed Secure Socket Layer (SSL) certificate generated by the security gateway
_____ SSL certificate purchased from a third-party certificate authority
_____ Blacklist _____ Email
_____ Pager _____ Client program
_____ SNMP V1 _____ SNMP V2
_____ Yes _____ No
_____ Yes _____ No
_____ Yes _____ No
_____ Yes _____ No
_____ UNIX _____ Windows
_____ Other (type) ______
______________________________________________________________________
20 Developing a security plan
Security policy worksheets
4 Does your site have, or plan to have, more than one Internet access point?
5 Are there any other Internet connections besides the security gateway (such as modems connected
to workstations)?
If yes, list.
6 Will you be using Symantec Client VPN?
Collecting your TCP/IP address
It is important to think about the TCP/IP requirements for your site. This includes information about
running Domain Name Services (DNS), types and names of domains on your network, and making a list
of protocols used that need to pass through your security gateway.
To collect your TCP/IP address information
1 How is your Domain Name Service (DNS) provided?
2 What type of domain structure is in use at your site?
3 What type of name service do you provide?
4 Do you have an internal name server?
5 Do you have WINS configured?
_____ Yes _____ No
_____ Yes _____ No
______________________________________________________________________
______________________________________________________________________
_____ Yes _____ No
_____ On your corporate network
_____ Through your Internet Service Provider (ISP)
_____ Single domain _____ Multiple domains
_____ Subdomains
_____ Primary name services _____ Secondary name services
_____ Internal/private
_____ Yes _____ No
_____ Yes _____ No
/