AhnLab TrusGuard Installation guide

2AhnLab TrusGuard Installation Guide

Preface

AhnLab TrusGuard ("TrusGuard") and all related documents are protected by the copyright law of

Republic of Korea. Unauthorized reproduction or distribution of the program and documents, or any

portion of them, without the prior written permission of AhnLab, Inc. may result in severe civil and

criminal penalties, and will be prosecuted to the maximum extent possible under the law. All product

names mentioned herein are the registered trademarks of their respective owners.

Indemnity

The manufacturer, importer and sales representative are not responsible for accidental damage,

including injury, or other losses caused by an improper use or manipulation of this product. All

specifications of the product are subject to change without prior notice to the individuals and/or

companies that purchase the product, and may be different from those described in this document.

Certificate of Broadcasting and Communications Equipment (Code A)

TrusGuard has been issued the Certificate of Broadcasting and Communications Equipment (Code A).

It can be used in all areas, with the exception of housing areas.

Device and Model Name: All models

Company Name: AhnLab, Inc.

Year of Manufacture: Label on device

Manufacturer/Country: AhnLab, Inc./Korea

Limited Warranty

AhnLab, Inc. warrants that for a period of 12 months from the original purchase of the Product, the

Hardware Device will be free from defects in materials and workmanship under normal and authorized

use, and the Software will substantially conform to its published specifications).

Table of Contents 3

Table of Contents

Preface ..........................................................................................................................................................................2

Chapter1 Before You Start ...................................................................................................5

Technical Support .....................................................................................................................................................6

About This Guide ......................................................................................................................................................7

Checklist .......................................................................................................................................................................8

Safety Precautions ....................................................................................................................................................9

Installation Environment ..................................................................................................................................... 11

Security Checklist ................................................................................................................................................... 13

Chapter2 AhnLab TrusGuard Overview...........................................................................15

Introduction ............................................................................................................................................................. 16

TrusGuard System Specifications ..................................................................................................................... 21

Compatibility ........................................................................................................................................................... 40

Chapter3 Installation...........................................................................................................41

Overview ................................................................................................................................................................... 42

Before Installation .................................................................................................................................................. 44

System Settings ...................................................................................................................................................... 46

Initial Login ............................................................................................................................................................... 47

License ....................................................................................................................................................................... 49

Update ....................................................................................................................................................................... 51

Network Interface .................................................................................................................................................. 54

Static IP Address Port .................................................................................................................................... 56

PPPoE Port – For IPv4 .................................................................................................................................... 58

DHCP/DHCPv6 Port ....................................................................................................................................... 61

Aggregation ..................................................................................................................................................... 62

Bridge .................................................................................................................................................................. 65

VLAN .................................................................................................................................................................... 68

Secondary Port ................................................................................................................................................ 69

HA Mode ............................................................................................................................................................ 71

Routing Setting ....................................................................................................................................................... 76

Gateway ............................................................................................................................................................. 76

Multi-Path Routing ......................................................................................................................................... 77

Security Settings ..................................................................................................................................................... 78

Change Administrator Account ................................................................................................................ 78

4 AhnLab TrusGuard Installation Guide

Register Administrative IP Address .......................................................................................................... 79

Connect to Log Server .......................................................................................................................................... 81

Local Server Settings ..................................................................................................................................... 84

Set Local TrusAnalyzer ................................................................................................................................. 85

Connect to Remote Log Server ................................................................................................................. 86

Other Settings ......................................................................................................................................................... 90

System Information ....................................................................................................................................... 90

Change Session Settings .............................................................................................................................. 92

Policy Settings ................................................................................................................................................. 93

Network Connection ............................................................................................................................................ 98

Rack-Mount ...................................................................................................................................................... 98

Connect Power and Start System ............................................................................................................. 99

After Installation ...................................................................................................................................................102

Installation Completed ......................................................................................................................................103

Chapter4 Client Program................................................................................................. 105

TrusGuard SSL VPN Client .................................................................................................................................106

Installation and Login .................................................................................................................................106

Manage Certificate .......................................................................................................................................111

SSL VPN Client Status Icon ........................................................................................................................113

Remove TrusGuard SSL VPN Client ........................................................................................................114

TrusGuard Auth ....................................................................................................................................................115

Chapter5 Remove Device ................................................................................................ 119

Remove Device .....................................................................................................................................................120

Chapter1

Before You Start

Technical Support /6

About This Guide /7

Checklist /8

Safety Precautions /9

Installation Environment /11

Security Checklist /13

1

6 AhnLab TrusGuard Installation Guide

Technical Support

AhnLab provides consulting services on the method to use products and various questions you might

have, such as program errors. These are provided by the AhnLab Technical Support Center and its

website. Please check the following prior to requesting consulting service to ensure fast and accurate

troubleshooting.

Check the Online Help or Administrator's Guide. The Online Help and Administrator's Guide

contain useful information on using AhnLab TrusGuard, which might help you solve your problem

before consulting with us.

Update the engine files and patch files to the latest version. Many of the problems can be resolved

by updating the engine and patch files to the latest version.

Update the firmware to the latest version.

Technical Support Center

Home page: http://www.ahnlab.com

E-mail: [email protected]

Address: AhnLab, Inc., 220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Korea

1

Chapter1 Before You Start 7

About This Guide

Purpose

Thank you for using AhnLab TrusGuard. This guide is to provide you with useful information to

successfully install, configure, and administer AhnLab TrusGuard.

Audience

This guide is mainly for administrators and engineers who understand TCP/IP and network protocol. It

also includes instructions on some basic features for the general user. The administrator must make

sure the general user uses TrusGuard SSL VPN Client and TrusGuard Auth securely.

Document Conventions

This guide includes the following document conventions.

Bold Type Button name, menu or field on a window, or typing for emphasis

Note Note to consider when using the program

Caution Caution to take when using the program

1

8 AhnLab TrusGuard Installation Guide

Checklist

Before using the product, check each item. If any of the items are missing or damaged, please contact

our Technical Support Center

Authenticity Check

Check that the product is authentic.

Check that AhnLab Software License is in a sealed package. If you purchase multiple products from

one site, you may be provided with one AhnLab Software License only.

Check that the CD is in a sealed package, and the security sticker is not damaged or missing

Check that the Warranty Seal is not damaged or missing. If damaged, AhnLab may provide only

limited warranty and/or repair services. The seal may not be attached the same as below.

Note

If you get your device repaired, we will attach a new Warranty Seal to your device.

Package Check

Check that the following items are included in your package.

Device

Installation Kit

1

Chapter1 Before You Start 9

Safety Precautions

Power

This safety guide applies to all products connected to a power outlet. The following safety precautions

should always be strictly practiced to reduce the risk of fire, electric shock and injury.

Only use use voltage in the range of 100 to 220 volts. 220V is recommended. The power must be

ground-fixable. There are two power input ports: one is the main power input and the other is for

backup. When one fails, the other will keep the system running.

Power supply

Only use the power supply unit and cable provided with the product.

Make sure the voltage (V) and frequency (Hz) of the device matches your local voltage. If you are

not sure, ask an engineer.

Do not use an inverter output as the power supply. Only receive power from an AC power source.

Do not overload the power outlet and cable, and make sure that there is enough current capacity

for the device.

Power cable

Do not step on the power cable.

Do not bend the power cable by force and do not put any heavy object on it.

Do not pull the power cable and do not tie it in knots.

Do not heat the power cable.

When unplugging the power cable, hold the plug not the cable.

Do not use a damaged power cable, plug or loose outlet.

Cable

UTP cable cannot run parallel to power cable

Running the UTP cable parallel to the power cable in the same direction, or grounding them together

will interfere with the magnetic field and cause noise in data communication. Keep both cables as far

as possible, and use a cover to shield the magnetic field in sections the two cables run parallel.

UTP cable for high-speed connection

CAT5e or higher must be used for high-speed network (1Gbps and higher). CAT6 and higher will

provide better stability in the speed.

1

10 AhnLab TrusGuard Installation Guide

Caution when using optical cable

Since optical cables are made of glass fiber, they may break if you bend them beyond their minimum

bend radius. Bending the cables too much will affect transmission speed.

Modification, Disassembly and Repair Prohibited

Your warranty is invalidated if you dissemble or modify the device, or remove the label. Your warranty

is invalidated if you dissemble or modify the device, or remove the Warranty Seal.

Precautions

Do not use the device near any heat source.

Only use parts that have been provided by AhnLab.

Keep the work environment clean.

Make sure that the device does not get wet. Do not expose the device to rain or moisture as it may

damage the device and also cause electric shock.

1

Chapter1 Before You Start 11

Installation Environment

Before installing the device, ensure your installation site meets all the following requirements.

Temperature

A wide change in temperature will shorten the lifespan of the device.

The optimal temperature range is 5 to 35 degrees Celcius.

Ensure there is adequate air flow to get hot air out.

Do not place device in direct sunlight.

Do not place device near a heater or heating vent.

Install device in a clean, dust free environment. If dust collects in the device, the machine could

overheat.

Condensation may occur if the device is moved directly from a cold to a warm environment. In this

case, allow an acclimatization time of at least two hours before installation. The device must be

completely dry. Otherwise there are hazards of electric shock.

Ventilation

The device must be installed in a location with good ventilation,

Provide adequate space in front of and behind the device to allow proper ventilation.

Allow a minimum clearance of 15 cm from the wall.

Use racks that provide ventilation.

Humidity

High humidity could cause short circuit and damage the device.

Use a dehumidifier in a highly humid environment.

Condensation may occur if the device is moved directly from a cold to a warm environment. In this

case, allow an acclimatization time of at least two hours before installation. The device must be

completely dry.

Pollution

The network ports and slots for network modules are sensitive to dust and oil.

Do not touch the network ports and slots in environment where the temperature and humidity is

high.

1

12 AhnLab TrusGuard Installation Guide

Vibration & Impact

This device comes with a hard disk.

Hard disks are sensitive to impact. Install the device in a vibration-free place.

Power Supply

Some devices have two power input ports. One is the main power input and the other is for backup.

Use grounded electrical outlets to protect the device and yourself.

It is highly recommended to use a UPS (Uninterruptible Power Supply) with your device for

continuously operation.

If there are two power input ports in your device, plug the power cables into two different power

outlets.

1

Chapter1 Before You Start 13

Security Checklist

Before installing the device, make sure your security system meets the following security

requirements.

Physical Security

The device must be installed on a secure place that is accessible only by authorized administrators.

Security Policy

Keep the device secure by meeting the following security policies.

Unique Connection Point

If TrusGuard is installed and used on a network, the network must be divided into external and internal

ones. All communications between the two networks must be conducted via TrusGuard only.

Security Maintenance

If there is any change in the internal network environment as a result of changing the network

configuration or increasing/decreasing the host or service, you must immediately reflect the changes

and security policy in the current security policy of AhnLab TrusGuard, in order to keep the security

level the same as before.

Regular Security Policy Check

Set AhnLab TrusGuard to record logs, and check the security policy and system logs regularly.

Remote Connection Prohibited

Prohibit remote access to the system other than authorized hosts.

Use of Default Account Prohibited

After the initial log in with the default account, you must change the account information.

OS Reinforcement

Any unnecessary service is terminated while using TrusGuard, and the latest patch is applied, which

complements the OS vulnerabilities in order to secure the credibility and reliability of the OS.

Secured Operating System

An authorized administrator must apply security policies when an external user attempts to access

VPN for system security and safety. Users must be trained and be fully aware of the security policies.

1

14 AhnLab TrusGuard Installation Guide

Stability Maintenance

An administrator must effectively manage anti-virus and anti-spam functions. Also, he/she must

update signatures and patches to block security threats and to achieve the stable operation

environment.

Trusted Administrator

An administrator must have no malicious intent and be properly trained, and perform his/her duty in

accordance with the administrator guideline.

Trusted Timestamp

The device must have a trusted time stamp (provided by the NTP server) that conforms to RFC 1305.

Chapter2

AhnLab TrusGuard

Overview

Introduction /16

TrusGuard System Specifications /21

Compatibility /40

2

16 AhnLab TrusGuard Installation Guide

Introduction

AhnLab TrusGuard is Korea’s first integrated network security solution. It was first launched in 2007

and now has more than 5,000 users. It is built on an advanced platform known as the AhnLab

Technology for Enhanced Algorithm for Multi-core (A-TEAM). A-TEAM is a unique, next-generation

architecture that combines software-accelerated processing with an optimal multi-core distribution

processing technology. It also uses AhnLab Cloud Computing E-Security Service (ACCESS), a cloud-

based threat management system. AhnLab TrusGuard also provides stable and secure high-

performance VPN.

Advanced A-TEAM

Advanced A-TEAM architecture maximizes firewall performance. It employs a highly-innovative

processing algorithm to separate packets for general or accelerated processing. Packets are then

processed more efficiently in parallel via the multi-core distribution processing technology. The result

is an unbeatable combination of speed and capacity for exceptional performance in the face of high

network traffic volumes.

2

Chapter2 AhnLab TrusGuard Overview 17

Flexible & Secure VPN Network

AhnLab TrusGuard supports both IPSec VPN and SSL VPN, and interoperates with IPS to prevent

malware propagation via VPN tunnel.

2

18 AhnLab TrusGuard Installation Guide

Proactive & Comprehensive Defense

AhnLab TrusGuard provides strong ACCESS based integrated security. ACCESS proactively protects

systems from zero-day attacks and unknown attacks in real-time.

2

Chapter2 AhnLab TrusGuard Overview 19

Intrusion Prevention System

AhnLab TrusGuard has the more than 6,000 signatures that are up-to-date and accurate. ASEC (AhnLab

Security Emergency-response Center) analyzes/monitors the signatures 24/7/365, and updates them

two to three times a day.

Bot Prevention

AhnLab TrusGuard prevents bots and malware from entering the network and running. By controlling

access to bot/malware distributing sites and communication with the C&C server based on ACCESS, it

protects your system from advanced persistent threats.

2

20 AhnLab TrusGuard Installation Guide

Product and Services Integrated to Provide Robust Defense

AhnLab TrusGuard is integrated with AhnLab's services to provide accurate and prompt response

against unknown security threats. ASEC (AhnLab Security E-response Center) monitors security threats

all over the world 24/7/365 to prevent new security threats and minimize damages caused by these

threats. CERT (Computer Emergency Response Center) monitors customer’s networks 24/7/365 to get

information on attacks and threats in real-time, and deliver the information to ASEC. Signatures are

created based on the collected information and reflected on AhnLabTrusGuard without delay through

AST (AhnLab Security Tower) and CDN.

Page is loading ...

AhnLab TrusGuard Installation guide

AhnLab TrusGuard Installation guide

Other documents