and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/ja_JA/PDF/sct6rzja.pdf · SecureWay®...
Transcript of and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/ja_JA/PDF/sct6rzja.pdf · SecureWay®...
SecureWay ® Boundary Server for Windows NT ®
and AIX
5b
P]8gs 2.0
GC88-8558-00
(Q865'GC31-8733-00)
IBM
SecureWay ® Boundary Server for Windows NT ®
and AIX
5b
P]8gs 2.0
GC88-8558-00
(Q865'GC31-8733-00)
IBM
*j$
\q"*hS\qG-R9k=Jr4HQKJk0K" 41Z<8NXU?B. C-v`Y r,:*I_/@5
$#
\qO"IBM SecureWay Boundary Server=JNP<8gs 2"jj<9 0"bG#U#1<7gs&lYk 0 K,Q5l^9#^?"~{GJIGCKGjNJ$Bj"3lJ_N9YFNjj<9Kb,Q5l^9#
\^Ke"kKD$F4U+d46[,"j^7?i
http://www.ibm.com/jp/manuals/main/mail.html
+i*wj/@5$##eN2MK5;F$?@-^9#
J*"|\ IBM /TN^Ke"kO$s?<MCHP3Gb4X~$?@1^9#\7/O
http://www.infocr.co.jp/ifc/books/
r4w/@5$#JURL O"Q9KJklg,"j^9K
!6!5' GC31–8733–00
IBM SecureWay® Boundary Server for Windows NT® and AIX
Up and Running
Version 2.0
!/!T' |\"$&S<&(`t0qR
!4!v' J7gJk&is2<8&5]<H
h1~ 1999.11
3N8qGO"?.@+N™W3"?.@+N™W9"?.Q47C/N™W3"?.Q47C/N™W5"*hS?.Q47C/N™W7rHQ7F$^9#3N(qN*)O"JbK|\,J(qHHQ@sryk7HQ7F$kbNG9#U)sHH7F5G#=9k3HOX_5lF$^9#
!!m* ?.@+N™W3"?.@+N™W9"?.Q47C/N™W3"?.Q47C/N™W5"?.Q47C/N™W7
© Copyright International Business Machines Corporation 1999. All rights reserved.
Translation: © Copyright IBM Japan 1999
\!
\qKD$F . . . . . . . . . . . . . . . . . . . . . . . . vii\qNP]IT. . . . . . . . . . . . . . . . . . . . . . . . vii>q 2000/P~ . . . . . . . . . . . . . . . . . . . . . . . vii5<S9*hS5]<H. . . . . . . . . . . . . . . . . . . . . vii\qN=. . . . . . . . . . . . . . . . . . . . . . . . . . vii=-,' . . . . . . . . . . . . . . . . . . . . . . . . . .viiiWeb ps . . . . . . . . . . . . . . . . . . . . . . . . .viii7!= . . . . . . . . . . . . . . . . . . . . . . . . . .viii
SecureWay Policy DirectorHN}g . . . . . . . . . . . . . . . . ixP)XjNz(= . . . . . . . . . . . . . . . . . . . . . . ixdj~_NVmC-s0 . . . . . . . . . . . . . . . . . . . . ixIBM SecureWay Firewall 4.1. . . . . . . . . . . . . . . . . . . ixSecureWayQN MIMEsweeper 2.0. . . . . . . . . . . . . . . . . xiSurfinGate 4.05. . . . . . . . . . . . . . . . . . . . . . . xii
h1O SecureWay Boundary Server N5W . . . . . . . . . . . . . . 15?*J SecureWay Boundary ServerNc . . . . . . . . . . . . . . . 2
h2O IBM N SecureWay Boundary Server NRp . . . . . . . . . . . 5SecureWay Boundary ServerHO?+ . . . . . . . . . . . . . . . . . 5SecureWay Boundary Server,J<,W+ . . . . . . . . . . . . . . . 5SecureWay Boundary Server,INh&K7F FirstSecureKH_~^lF$k+ . . 6SecureWay Boundary ServerN=.WGO?+ . . . . . . . . . . . . . . 6
IBM SecureWay Boundary ServerN5W . . . . . . . . . . . . . . . 6IBM SecureWay Policy DirectorN5W . . . . . . . . . . . . . . . 7IBM SecureWay FirewallN5W . . . . . . . . . . . . . . . . . 7MIMEsweeperN5W . . . . . . . . . . . . . . . . . . . . . 8SurfinGateN5W . . . . . . . . . . . . . . . . . . . . . . 9
h3O SecureWay Boundary Server r$s9H<k9k0K . . . . . . . 11`wrT&}! . . . . . . . . . . . . . . . . . . . . . . . . 11
SecureWay Policy DirectorHN}g . . . . . . . . . . . . . . . . 11SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . . 11SecureWay Boundary Server. . . . . . . . . . . . . . . . . . . 13SurfinGate. . . . . . . . . . . . . . . . . . . . . . . . . 14MIMEsweeper . . . . . . . . . . . . . . . . . . . . . . . 14
h4O IBM SecureWay Boundary Server (SBS) NWo . . . . . . . . . 17SecureWay Boundary ServerNO<I&'"Wo . . . . . . . . . . . . . 17SecureWay Boundary ServerN=UH&'"Wo . . . . . . . . . . . . . 18
h5O SecureWay Boundary Server N$s9H<k*hS=. . . . . . . 19SecureWay Boundary Server=.WGN$s9H<k . . . . . . . . . . . 19
SecureWay FirewallN$s9H<k . . . . . . . . . . . . . . . . 19
© Copyright IBM Corp. 1999 iii
SecureWay DirectoryN$s9H<k. . . . . . . . . . . . . . . . 19SecureWay Policy DirectorN$s9H<k . . . . . . . . . . . . . . 19SecureWay Boundary ServerN$s9H<k . . . . . . . . . . . . . 19SurfinGateN$s9H<k . . . . . . . . . . . . . . . . . . . 20MIMEsweeperN$s9H<k . . . . . . . . . . . . . . . . . . 20
SecureWay Boundary Server=.WGN=. . . . . . . . . . . . . . . 21SecureWay FirewallN=. . . . . . . . . . . . . . . . . . . . 21Policy DirectorN}gN?aN SecureWay FirewallN=. . . . . . . . . 23SurfinGateWi0$sGHQ9k?aN SecureWay FirewallN=. (Windows
NT N_) . . . . . . . . . . . . . . . . . . . . . . . . 24MAILsweeperrHQ9k?aN SecureWay FirewallN=. . . . . . . . . 25SecureWay Policy DirectorN=. . . . . . . . . . . . . . . . . . 25SecureWay DirectoryN=.. . . . . . . . . . . . . . . . . . . 26Policy DirectorN}gN?aN SecureWay Boundary ServerN=. . . . . . 26SurfinGateWi0$srHQD=K9k?aN SecureWay Boundary ServerN=. (Windows NTN_) . . . . . . . . . . . . . . . . . . . 27
SurfinGateN=. . . . . . . . . . . . . . . . . . . . . . . 27MIMEsweeperN=. . . . . . . . . . . . . . . . . . . . . . 29
dj~_NVmC-s0 . . . . . . . . . . . . . . . . . . . . . 30=.NF9H . . . . . . . . . . . . . . . . . . . . . . . . 32
h6O X"qA . . . . . . . . . . . . . . . . . . . . . . . 33IBM SecureWay FirstSecure. . . . . . . . . . . . . . . . . . . . 33IBM SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . 33MIMEsweeper . . . . . . . . . . . . . . . . . . . . . . . . 33
MAILsweeper . . . . . . . . . . . . . . . . . . . . . . . 33WEBsweeper. . . . . . . . . . . . . . . . . . . . . . . . 34WEBsweeper HTTPSWm-7< . . . . . . . . . . . . . . . . . 34
SurfinGate. . . . . . . . . . . . . . . . . . . . . . . . . . 34
U?A. HiVk7e<F#s0 . . . . . . . . . . . . . . . . . . 35IBM SecureWay FirewallN&LdjNrh . . . . . . . . . . . . . . 35P)XjNdj . . . . . . . . . . . . . . . . . . . . . . . 35DNS Nc2 . . . . . . . . . . . . . . . . . . . . . . . . 37
&LdjNrh - MIMEsweeper . . . . . . . . . . . . . . . . . . 38WEBsweeperH MAILsweeper,18^7sK"jn07F$kh&KO+(J$ . . . . . . . . . . . . . . . . . . . . . . . . . . 38
WEBsweeperNQU)<^s9,c<7F$k . . . . . . . . . . . . 38WEBsweeperNi$;s9Ndj . . . . . . . . . . . . . . . . . 38g-JU!$kN@&sm<IG WEBsweeperKdj,/89k . . . . . . 39
&LdjNrh - SurfinGate . . . . . . . . . . . . . . . . . . . 39Microsoft Internet Explorer,+/H SurfinConsole,~zrd_9k . . . . . 39SurfinGateWi0$sNQU)<^s9,c<9k . . . . . . . . . . . 39
U?B. C-v` . . . . . . . . . . . . . . . . . . . . . . . 41&8 . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
iv SecureWay® Boundary Server for Windows NT® and AIX: 5b
\qKD$F
\qO"Windows NT® G*hS AIX GN IBM SecureWay®Boundary ServerN$s9
H<k"=."HQ"*hSHiVk7e<F#s0rWh9k}!KD$Fb@7^
9#
SecureWay Boundary ServerN$s9H<kH=.rT&0K"U!$"&)<k"
VPN (>[d_V)"3sFsD&;-ejF#<"*hSMCHo</I}KD$F5
NJN1r}CF$k3H,EWG9#MCHo</KP~j9k"/;9r)f9k
U!$"&)<kN;CH"CWH=.rT&3HKJkNG"^:GiK"MCHo
</N`n}!r}r9k,W,"j^9#CK"IP "Il9"04$~>"*hS5
VMCH&^9/KD$FNp\r}r7F$k,W,"j^9#
\qNP]IT
\qO"IBM SecureWay Boundary SeverN$s9H<k"I}"*hSHQrT&"
MCHo</^?O79F`N;-ejF#<I}TrP]H7F$^9#
>q 2000 /P~
3liN=JO"2000/P~KJCF$^9#\=JHloKHQ5lk9YFN=J
(?H(P"O<I&'""=UH&'""*hSU!<`&'") ,"5NJ|UG<
?r\=JH57/r99klg"\=JO"X"qAK7?,CFHQ9lP"20 $
*H 21 $*bN|UG<?"*hS 20 $*H 21 $*VN|UG<?r57/h}
7"s!7"u.9k3H,G-^9#
5<S9*hS5]<H
IBM SecureWay FirstSecure*U!js0K^^lF$k9YFN=JKP9k5<S9
H5]<HKD$FO"IBM K*d$go;/@5$#3liN=JNfKO"IBM
J0N5]<Hr2H7F$kbN,"j^9#3liN=Jr"FirstSecure*U!j
s0NltH7Fh@9klg"5<S9H5]<HKD$F IBM K*d$go;/
@5$#
\qN=.
\qKO"J<NO,^^lF$^9#
v 1Z<8NXh1O SecureWay Boundary ServerN5WYGO"SecureWay Boundary
ServerH=N=.WGN5Wrb@7^9#
v 5Z<8NXh2O IBM N SecureWay Boundary ServerNRpYGO"SecureWay
Boundary Server,,WJ}3r(7^9#
© Copyright IBM Corp. 1999 vii
v 19Z<8NXh5O SecureWay Boundary ServerN$s9H<k*hS=.YGO"
Windows NT*hSAIX *Zl<F#s0&79F`GN SecureWay Boundary
ServerN$s9H<kH=.KD$Fb@7^9#
v 11Z<8NXh3O SecureWay Boundary Serverr$s9H<k9k0KYGO"
SecureWay Boundary ServerNWhN}!KD$Fb@7^9#
v 17Z<8NXh4O IBM SecureWay Boundary Server (SBS)NWoYKO"
SecureWay Boundary ServerNG.,Wror(7^9#
v 33Z<8NXh6O X"qAYGO">N SecureWay Boundary ServerNqA"*h
SX"=JNqAN2Hhrb@7^9#
=-,'
\qGO"J<N=-,'rHQ7^9#
=-,' U#
@z A'C/&\C/9"\?s"*hS3^sI
JINf<6<&$s?<U'<9WG#
bN9Z<9 SecureWay Boundary ServerKX89k=8*
hSG#l/Hj<NGU)kH#
-> aKe<+iNl"N*r`\r=(7^9#
?H(P"VFile -> RunWO"VFileWr/j
C/7F+i"VRunWr/jC/9kH$&
U#G9#
Web ps
SecureWay Boundary ServerNG7N97KD$FNpsO"J<N Web "Il9G~
jG-^9#
http://www.ibm.com/software/security/boundary/library
=N>N IBM SecureWay FirstSecure=JN97KD$FNpsO"J<N Web "I
l9G~jG-^9#
http://www.ibm.com/software/security/firstsecure/library
7!=
SecureWay Boundary ServerNP<8gs 2.0 KO"?/N77$!=,^^lF$^
9#bCHbEWJ7!=r"J<Ks2^9#
viii SecureWay® Boundary Server for Windows NT® and AIX: 5b
SecureWay Policy Director HN}g
SecureWay Policy DirectorO"U!$"&)<k, SecureWay Boundary ServerrHQ
D=K7F$lP"U!$"&)<k&Wm-7<&f<6<rI}9k3H,G-^
9#U!$"&)<k&Wm-7<&f<6<O"J<NU!$"&)<k&5<S9
GjA5l^9#
v Telnet
v FTP
v HTTP
v Socks
f<6<H=lKX"9k]j7<O"Lightweight Directory Access Protocol (LDAP)
G<?Y<9K]I5l^9#
SecureWay DirectoryO"LDAP rs!7F"]I"97"!w"*hSr9QH7Ff
{_VljKG#l/Hj<psr]}7^9# SecureWay Policy DirectorO"LDAP
G<?Y<9bNU!$"&)<k&Wm-7<&f<6<rI}7^9#
P)XjNz(=
P)XjNz(=N?aK"Finjan SurfinGateWi0$srHQ7F"3sFsDNU
#k?<h}N?aNs~NMCHo</&HiU#C/r/J/7F$^9#
dj~_NVmC-s0
3^sI&i$sNWm0i`KhCF"U!$"&)<keK0*Vq]W,'rn
.7^9#dj~_NVmC-s0r"+0=9/jWHNfKH_~`3H,G-^
9#
IBM SecureWay Firewall 4.1IBM SecureWay Firewall for Windows NTO"J<NbNrs!7^9#
Remote Access Service
Windows NT Remote Access Service (RAS)O"2 O@VWmH3k (PPP)r
HQ7F"@$dkFSP7"ISDN"^?O X.25 ^Nrp7?MCHo</
\3rs!7^9# NDISWAN OMCHo<-s0&Ii$P<N 1 DG"
j"RAS NltH7Fs!5l"<tN PPPG<?r`wN$<5MCH
LAN G<?KQ97^9#
IBM SecureWay Firewall for AIX 4.1 N!=/=
IBM SecureWay Firewall for AIXO"J<NbNrs!7^9#
H% IPSec 5]<H
\qKD$F ix
IBM SecureWay Firewall 4.1KO"H%5l? IPSec5]<H,^^lF*
j"3lKO"77$XC@<r5]<H9kHjWk DES Ef=,^^l
F$^9#3lO^?"$/D+N IBM 5<P<Hk<?<Nj_`n-"
JiSK77$XC@<r5]<H9k?/N IBM J0N VPN =JNj_
`n-b5]<H7^9#
PN^kAWm;C5< (SMP)
U!$"&)<kNf<6<O"91<js0HQU)<^s9N~eN?a
K"RS/6000N^kAWm;C5<&U#<Ac<rhQ9k3H,G-^
9#
U#k?<N!=/=
U#k?<O"=.rT&3HKhCFhjI$QU)<^s9rs!9kh
&"!=/=5l^7?#[Jk?$WNU#k?<,'rI3K[V9k+
r*r9k3HKhCF"U!$"&)<kNQU)<^s9r409k3H
,G-^9#5iK"\3,HQ5l?st,m0K-?5l^9#
;CH"CW&<I
IBM SecureWay FirewallNi|=.rgu9k<IG9#3N;CH"
CW&<IKhCF"7,Nf<6<O"IBM Firewall N$s9H<k
NeG"9_d+KU!$"&)<kNp\=.r)Ae2F"BT9k3H
,G-^9#
Network Security Auditor
Network Security Auditor (NSA)O"MCHo</&5<P<*hSU!$"
&)<kK";-ejF#<eNgYd=.(i<,J$+I&+r!:7^
9#3lO!=/=5lF"hjb.G"hj/OKJCF$^9#
I$DlNFql5]<H
Vi8kl"]kH,kl"Ql"Uis9l"$?j"l"|\l"Zq
l"fql (JNz)"9Z$sl"fql (KNz) KC(F"I$DlNF
ql5]<H,s!5lkh&KJj^7?#
Network Address TranslationNetwork Address Translation (NAT)O"?P 1 N"Il9&^CTs0r5]
<H9kh&H%5l^7?#3liN^CTs0O"#tNbtN$P?^
?OdQN"Il9+i"]<HVfrHQ7?P?Q_N5,N"Il9K
P7FT&bNG"G-N^CTs0rn.7^9#
AIX *hS Windows NT G5]<H5lk&L!=
Security Dynamics ACE/Server
Security Dynamics ACE/ServerO"'ZN 2 DNWGrs!7^9#3NU#
<Ac<O!=/=5lF"v/*JKu^?O-Ur}C?/~ND=-+
i"MCHo</HG<?&j=<9r]n7^9#
x SecureWay® Boundary Server for Windows NT® and AIX: 5b
Secure Mail Proxy N!=/=
IBM Firewall Secure Mail ProxyO"J<N77$!=,^^lkh&!=/
=5lF$^9#
v o+CF$k spam (BGa<k) /.5+iNaC;<8NVmC/= (|
0j9H) r^` spamI_"k4j:`"aC;<8NEv-!:H~z
-!: (u>7J$aC;<8rVmC/9k}!H7FNilF$k)"a
<k&aC;<8N8hNtN=.D=B&"aC;<8NGg5$:N=
.D=B&
v /OJ'Za+K:`N}gr^`>NI_5]<H
v SNMP HiCW&5]<H*hS MADMAN MIB N5]<H
v U!$"&)<kHI_NVNaC;<8rQ.\J/IW9k?aN!=
r^`aC;<8IW
Socks WmH3kNP<8gs 5 N!=/=
SocksWmH3kNP<8gs 5 O"f<6< ID HQ9o<IN'Z
(UNPW)"Acls8 / ~z'Z (CRAM)"*hS'ZWi0$sr^`h&
"CW0l<I5l^7?#
m0-?O"m0&aC;<8N/i9,1H"m0&lYkNXjKD$
F"f<6<,5iK)fG-kh&!=/=5lF$^9#
HTTP Wm-7<
IBM SecureWay FirewallO"IBM Web Traffic Express (WTE)=JKpE$
?"04uwN HTTP Wm-7<_jrs!7^9# HTTP Wm-7<O"
IBM Firewall rL7?Vi&6<Warz(*Kh}9kbNG"j"Web
NVi&:N?aN socks5<P<,TWKJj^9#f<6<O"btMC
Ho</N;-ejF#<r;J&3HJ/"$s?<MCHeNXxJps
K"/;99k3H,G-^9#?@7"Vi&6<O"HTTP Wm-7<r
HQ9kh&=.5lF$k,W,"j^9#
SecureWay QN MIMEsweeper 2.0MIMEsweeperO"MAILsweeper 4.1_2 "WEBsweeper 3.2_5"*hS WEBsweeper1.0_2 H$&"3 DNgWJ=.WGr}CF$^9#J<K=N!=/=Nltrs
2^9#
MAILsweeperMAILsweeper 4.1_2 for SMTPO"Content Technologies flagship MIMEsweeper=Jr
g}K"CW0l<I7?bNG9#J<N77$U#<Ac<rs!7^9#
v HQ7d9$,X=$N]j7<&"<-F/Ac<O",ZJH%lYk (D9N
f<6<^GNlYk) G]j7<r,Q9k@p-rw(F$^9#
v H&8`N0iU#+k&f<6<&$s?<U'<9 (GUI) O"=UH&'"=
."]j7<Nn."*hSI}r1c=7^9#
\qKD$F xi
v 77$ Split Delivery U#<Ac<O"P<8gs 4 N,X=$N]j7<_jN?
aN!=G9##tN8hr}DaC;<8Nlg"]j7<O"=l>lN8hK
,Q5l^9#vD5l?8hO=NaC;<8ru1hl^9,"vD5lF$J
$8hOq]5l^9#
v ^kA9lCINaC;<8h}O"9k<WCHr~e5;" 1 D^?O#tN
9lCIG(i<,/87?lgO"DjN9lCIrHQ7FaC;<8h}r3
TG-kh&K9k3HKhj"h}=Or/=7F$^9#
v >NYs@<N"sA&#k9=JHHbK"MAILsweeperO"aC;<8d:U*
GN&#k9N!PH|nrs!7^9#
v NEAR"AND"NOT"*hS OR 0rHQ7?bYJF-9H,OO"aC;<8N
=8^?O"<-F/Ac<KpE$?"qg*GzL*J7Jj*Nn.K-oa
Fg-J@p-rs!7^9#
v H%F:D<kKhj"G<?rIN ODBC `rNG<?Y<9Kbwk3H,G
-^9#
v Real-Time Black List (RBL)5<P<N5]<HO"8cs/ E a<krw.9k3
H,o+CF$k5$HNViC/&j9Hrn.7^9# MAILsweeperO"3N
j9HK\CF$k[9H+iN\3Nu1~lrq]9k3H,G-^9#
v 3sFsD&;-ejF#<O"ERa<kNHiU#C/KD$FN%O*Jl]
<H / 0iU / =rs!9k3HG"I}rFWK7^9#
v LDAP G#l/Hj<HN}g#
v Delivery Service Notification (DSN)O" SNMP H NT Alerter r5]<H9kh&K
Jj^7?#
WEBsweeper
v ICNQU)<^s9eN!=/=Khj"G<?h}.Y,~e7^9#
v HTTP *hS FTP NHiU#C/KP7F"&#k9&9-cJ<HloKn07
^9#
WEBsweeper HTTPS
v WEBsweeperO"77$ HTTPSWm-7<&=je<7gsrHQ7F"Web Y<
9N e-commerce"Wj1<7gsKP9k045]<Hrs!9kh&KJj^7
?#
SurfinGate 4.05SurfinGateN!=/=KO"J<NbN,"j^9#
JavaScript 3sFsD!:
SurfinGate 4.05O"djKJkD=-N"k JavaScript`nr57F"kHN
;-ejF#<&]j7<Kc?9k JavaScriptrd_7^9# SurfinGate
4.05 Khj"I}TO"JavaScript"Java"*hS ActiveX KP7F"
xii SecureWay® Boundary Server for Windows NT® and AIX: 5b
VisualBasic ScriptQN smartU#k?<h}H cookierHQ7F"f{+
i"]j7<r_j7F/)9k3H,G-^9#
EWJ$3r}DbNNQU)<^s9NFk
SurfinGate 4.05KO"[o0n (BT~(i<JI) *hSc2~N
SurfinGateNFO0r!P9k+0D<k,^^lF$^9#3lOp\*
K"EWJ$3r}D(j"KP9k;-ejF#<&U#<Ac<G9#
]j7<I}N}/
SurfinGateO"$rhN"WlCH&WmU!$kr"+0VmC-s0QN
G<?Y<9NfK~l^9#=lKhj"I}TO""WlCH / 3sHm
<kNj9HrT89k3H,G-^9#
FTP *hS SSL WmH3kN5]<H
SurfinGate 4.05O"bP$k&3<IKD$F"U!$k>wWmH3k
(FTP) AcMkrFk7F"$s?<MCH+i!jK~j~sG/k3<I
r+%j31^9# FTP KP9kFkKC(F"SurfinGateO" bP$k&
3<IKD$F"HTTP HiU#C/rFk7"HTTPSHiU#C/rICN
uVKO7^9#
U!$"&)<k HTTP Wm-7<HNWi0$s}g
SurfinGateO"Wm-7<&A'<sNfN 1 DNWm-7<H7F//+"
^?O Windows NTQNU!$"&)<keG Web Traffic ExpressNWi0
$srp7F/-^9#
\qKD$F xiii
h1O SecureWay Boundary Server N5W
3NcO"MAILsweeper"WEBsweeper"Policy Director"*hS SurfinGateNF=.W
GrHQ9k 5 DNo</9F<7gsr^(7?bNG"j" Web HiU#C/N
FkHP)XjrT$"/i$"sHH5<P<NVGU!$"&)<krHQ7Fa
<kr>w7^9#3NcGO"5 DN*}*K,%5l?o</9F<7gsrHQ
7^9#
^ 1. IBM SecureWay Boundary ServerN=.c
© Copyright IBM Corp. 1999 1
5?*J SecureWay Boundary Server Nc
G.BN;CH"CWN?aKO"J<N^7srHQ9k3Hr*+a7^9#
= 1. Boundary Server=.WG=JNO<I&'"Wo
=J ^7s
IBM Firewall Windows NT^?O AIX
MAILsweeper Windows NT
WEBsweeper Windows NT
SurfinGate Windows NT
SecureWay Boundary ServerrUkKxQ7?$lgO" SecureWay Policy Director,
MCHo</bK8_9k,W,"j^9#3lKhCF"U!$"&)<k&Wm-
7<&f<6<O" SecureWay Directory (LDAP)K]I9k3H,D=KJj^9#
HTTP Nc (Windows NT U!$"&)<k): 5?*J7Jj*GO"$s?<MCHeN3sFsDKP9k HTTP WaO"/i$"sH&^7s+i/.5l^9#3
NWaO"^:GiK WEBsweeperK.l^9#"&HP&sI&Q9GO"1cK"
WaO WEBsweeperKhCFeT5lF"U!$"&)<k HTTP Wm-7<Kwi
l^9#
U!$"&)<k HTTP Wm-7<GO"f<6<,'Z5l^9#3l,;C7gs
rVi&:7F$k/i$"sH+iNGiNWaG"klgO"f<6< ID HQ9
o<IN~OK)oG-^9#f<6< ID O"Policy DirectorKhCFI}5lk
LDAP G<?Y<9NfG"/i$"sHN;-ejF#<&]j7<r!w9kNK
HQ5l^9#/i$"sHKP9k HTTP 'Z]j7<KhCF"*hS~O5l?
Q9o<IN!:kLKhCF"=NWa,q]5lk+"^?OhKJ`3H,v5
l^9#'Z`nN?aKO"5iK LDAP G<?Y<9+"^?O Security
Dynamics ACE5<P<K"/;99k3H,,WKJklg,"j^9#18Vi&
:N;C7gs+iNe3NWaGO"Vi&6<,f<6< ID HQ9o<Ir+0
*Ks!9k3HKJj^9#/i$"sHOf<6< ID HQ9o<IN~OK)o
G-^;s,"=l>lNWaO"GiNWaH18Wm;9G'Z5lk3HKJj
^9#
'Z,.y9kH"WaO"$s?<MCHeNWa5l?5<P<GeT7FTol
^9#
$s?<MCH&5<P<+i3sFsD,U!$"&)<k HTTP Wm-7<Ka5
lkH"=N3sFsDO SurfinGateWi0$sKhCF!:5l^9#f<6<KP
9k0k<WpsO"LDAP G<?Y<9+ih@5l"]j7<N=GN?aNY<
9K9k?aK"Wi0$sGHQD=KJj^9#3sFsDK SurfinGateKX89
kbN,~CF$J$lg"SurfinGateO"G.Nh}*<P<XCIG"Wi0$s
r.d+K=N^^La5;^9# JavaScriptK^^lF$k3sFsDO"Wi0$
sGU#k?<h}5l^9#3sFsDK Java^?O ActiveX ,^^lF$klg
2 SecureWay® Boundary Server for Windows NT® and AIX: 5b
O"U#k?<h}N?aK SurfinGate5<P<K>w5l"U#k?<h}5l?3
sFsD,U!$"&)<k HTTP Wm-7<Ka5l^9# SurfinGateWi0$s
Gh}5l?kLN3sFsDO" WEBsweeper5<P<KwjV5l^9#
3sFsD, WEBsweeper5<P<KaCF/kH"5<P<O"WEBsweeper]j7
<K7?,CFU#k?<h}rT$"=lr/i$"sHKa7^9#
HTTP Nc (AIX U!$"&)<k): AIX GO"HiU#C/N.lOp\*K18G
9,"SurfinGateWi0$sO AIX U!$"&)<kGOHQG-^;s#3N?
a"SurfinGate5<P<O"/i$"sH+iU!$"&)<kXNWm-7<&A'
<sNfN 1 DNWm-7<H7F;CH"CW5lk,W,"j^9#War"U!
$"&)<k HTTP Wm-7<K>\>w9kNGOJ/" SurfinGate5<P<K>
w9kh&"WEBsweeperr;CH"CW9k,W,"j^9#5iK SurfinGate5<
P<O"WarU!$"&)<k HTTP Wm-7<K>w9kh&K=.5lF$k,
W,"j^9# SurfinGate5<P<GO0k<Wps,HQG-J$?a"]j7<N
=GO"IP "Il9KpE$F7+T&3H,G-^;s#
a<kNc: MAILsweeperO"a<k&2<H&'$H7F;CH"CW5l^9#
MAILsweeper5<P<K~e7?a<kO"!Na<k&5<P<K>w5lk0K=
N3sFsDNU#k?<h},Tol^9#
;-e"&a<k&5<P<N=l>lO"/i$"sHNa<kWar MAILsweeper
5<P<K>w9kh&=.5lF$k,W,"j^9#e.9ka<kr
MAILsweeper5<P<K>w9k?aK"U!$"&)<kNa<kr9!=,=.5
lF$k,W,"j^9#
MAILsweeperO"$:lN0tIa$sK"Il9Xj5l?a<kb"U!$"&)
<kNa<kr9!=Kw.9kh&K=.5lF$k,W,"j^9# MAILsweeper
O"btIa$sK"Il9Xj5l?a<kr"57$;-e"&a<k&5<P<
Kw.9kh&K=.5lF$k,W,"j^9#
h1O SecureWay Boundary ServerN5W 3
h2O IBM N SecureWay Boundary Server NRp
3NOGO"SecureWay Boundary ServerN5Wrb@7^9,"J<Na,^^lF
$^9#
v XSecureWay Boundary ServerHO?+Y
v XSecureWay Boundary Server,J<,W+Y
v 6Z<8NXSecureWay Boundary Server,INh&K7F FirstSecureKH_~^l
F$k+Y
v 6Z<8NXSecureWay Boundary ServerN=.WGO?+Y
SecureWay Boundary Server HO?+
IBM SecureWay Boundary ServerO"iaF"04J-&;-ejF#<N=je<7
gsr 1 DK^Ha?bNG9# SecureWay Boundary ServerO"U!$"&)<k
]n">[d_V (VPN)"*hS3sFsD&;-ejF#<rs!7^9#
SecureWay Boundary ServerO";-ejF#<:H+iNF/Nm8<r 1 DK^H
aF" IBM N5]<HH=NXeK"k5<S9rloK7F"}g5l?=je<
7gsK7?bNG9#3N=je<7gsKO"J<NbN,^^lF$^9#
v IBM SecureWay Firewall 4.1 (Security Dynamic ACE/Serverr^`)
v Content TechnologiesN MIMEsweeper
– MAILsweeper 4.1_2
– WEBsweeper 3.2_5
– WEBsweeper HTTPS proxy 1.0_2
v Finjan N SurfinGate 4.05
– SurfinGate5<P<
– SurfinConsole
– SurfinGateG<?Y<9
– SurfinGate Plugin for WTE integration for Windows NT 1.0
SecureWay Boundary Server ,J<,W+
;-e"-&,I3KGb (;QtgHMvtgJINtgNV"\RMCHo</H
jb<H&*U#9NV"RbMCHo</H$s?<MCHNV"RbN Web "W
j1<7gsH\RNV"*hSRbMCHo</^?O"Wj1<7gsHS8M
9&Q<HJ<NVK) ,WG9#-&;-ejF#<O"HQ7F$kMCHo<
/""Wj1<7gs"*hSpsJIr]n9k@1GOJ/"=liN-zOOb
-2^9#-&;-ejF#<r,ZK9k?aKO"=NMCHo</r"/;9G
-kMHMCHo</KP~j9kpsN>}r)f9k,W,"j^9#
© Copyright IBM Corp. 1999 5
SecureWay Boundary Server ,INh&K7F FirstSecure KH_~^lF$k
+
IBM SecureWay FirstSecureO"1 DN}g=JNQC1<8G9#3lO"$s?<M
CHd=N>NMCHo</rp7?"MCHo<-s0N9YFNLN!)]nrg
u9k?aK"qg*JUl<`o</rs!7^9#3lO"b8e<kA0G"j
_`n,D=J*U!js0rHQ7F";-e" e-businessrT&?aK"=_Nj
qrbHKWhrn.7"j-TK++kgW39HrG.BK9k?aKr)A^
9#3lO"&#k9]n""/;9)f"HiU#C/&3sFsDN)f"Ef
="G#8?kZ@q"U!$"&)<k"D<k-CH"*hS3~5<S9rs!
7^9#
Boundary ServerO"FirstSecureK~CF$k=JQC1<8N 1 DG9#3lO$s
?<MCHKP7F-&rn.9kNG"3lrHQ7F"-2ND=-N"k&#k
9 (Uo9k&#k9&9-cs=JrHQ7F) VmC/7" JavaScript"Java"W
lCH"ActiveX 3sHm<k"*hS8cs/ E a<k (SPAM) 5(bVmC/9
k3H,G-^9# Boundary ServerrHQ7F"$s?<MCH+i+,NMCHo
</K~O7?$bNr5NK)f7^9# SecureWay Policy DirectorrHQ7F"U
!$"&)<k&Wm-7<&f<6<H"=liNf<6<N'Z]j7<rI}7
^9#
SecureWay Boundary Server N=.WGO?+
SecureWay Boundary ServerN 3 DN=.WGO"IBM Firewall"MIMEsweeper"*h
S SurfinGate+iJCF$^9# SecureWay Boundary ServerO" IBM SecureWay
Policy DirectorHN}grs!7^9#
IBM SecureWay Boundary Server N5W
IBM SecureWay Boundary ServerO"g,OH%KP7F"\R"5Wi$d<"*h
SQ<HJ<KP7F+,NkHrB4K+|9k3HG e-businessrhQ9k?aK
,WJ"]n""/;9)f"*hS3sFsD&;-ejF#<rs!7^9#3N
!=KO"J<NbN,"j^9#
v MCHo</KP9kU!$"&)<kKhk]n
v MCHo</N~#YrH%9k>[d_V (VPN)
v kHNG<?"$a<8"*hSA3H8:-r]n9k?aN"ERa<kH Web
HiU#C/N3sFsD&9-cJ<
SecureWay Boundary ServerO":H+iNGbNF/Nm8<r 1 DK^HaF"
IBM N5]<HH=NXeK"k5<S9rloK7F"}g5l?=je<7gsK
7?bNG9#3lO"AIX H Windows NTN*Zl<F#s0&79F`GHQD
=G9#
6 SecureWay® Boundary Server for Windows NT® and AIX: 5b
SecureWay Boundary Server N!=
SecureWay Boundary ServerO"MCHo</H79F`r#7F]n9k?aK"Q
1CHNU#k?<h}"Wm-7<"*hS Socks5<P<NF/Nm8<H"3s
FsD&;-ejF#<r,Q7F$^9#3liNF/Nm8<Khj"I}TO"
ING<?rMCHo</KP~j5;FO;k+r@(7FjA9k3H,G-^
9#3lO"V5<S9]jNOC-s0WrI_7"OC+<,MCHo</K~j
~_"!*U$K)BrC(kNrI_9kNKr)A^9# SecureWay Boundary
ServerO"VPN =je<7gsrs!7F"jb<H&5<P<HbG`NPs/r
$s?<MCH&Y<9N=je<7gsKV-9(k3H,G-^9#
Policy DirectorHloK[V5l?lg"SecureWay Boundary ServerO"f{N]j7
<&Y<9NEH_rHQ7F"f<6<N'Zrs!7^9#"sA&#k9&=U
H&'"r SecureWay Boundary ServerHloKHQ7F"5$HN&#k9]nrs
!9k3H,G-^9#
IBM SecureWay Policy Director N5W
Policy DirectorO"vDH;-ejF#<I}rs!9kH)?=je<7gsG"
j"O}*K,67?$sHiMCHH(/9HiMCHeK8_9kj=<9KD$
F"*<+i*<^GN!)]nrs!7^9#(/9HiMCHO""/;9)fH
;-ejF#<!=rHQ7F"$s?<MCHK\35l? 1 D^?O#tN$sH
iMCHNHQr"*r5l?C~TK)B9k>[d_V (VPN) G9# Policy
Director O"'Z"vD"G<?&;-ejF#<"*hSj=<9I}N5<S9r
s!7^9# Policy Directorr8`N$s?<MCH&Y<9&"Wj1<7gsHl
oKHQ9kH"!)]n5l"I}NT-O$?$sHiMCHH(/9HiMCH
r=[G-^9#
IBM SecureWay Policy Director N!=
SecureWay Boundary ServerHloKHQ7?lg"IBM SecureWay Policy Director
O"Wm-7<&f<6<&]j7<N]IljH"'Zpsrs!7^9#
IBM SecureWay Firewall N5WIBM SecureWay FirewallO"MCHo</&;-ejF#<&Wm0i`G9#U!$
"&)<kO"1 D^?O#tN!)]n5l?btNd_MCHo</H">NMC
Ho</^?O$s?<MCHHNVrWG9kbNG9#U!$"&)<kO";-
e"&MCHo</NfX"^?O0XNu>7J$+"^?O5vDNL.rI_7
^9#
IBM SecureWay Firewall N!=IBM SecureWay FirewallO"]n5l?MCHo</"$s?<MCH"*hS>NM
CHo</N;CHNVN"/;9r)B7^9#^?"J<N3HbT$^9#
v ~~K)f5l?O@KM,~kNr)B9k
v OC+<,>NIf_wKaE/NrI_9k
h2O IBM N SecureWay Boundary ServerNRp 7
v ~~K)f5l?O@+iM,PF$/Nr)B9k
v btU!$"&)<kG"btN!)psr5vDN>Hw+iV%9k
v MCHo</rP~j9k3H,G-kHiU#C/r)B9k
MIMEsweeper N5WMIMEsweeperO"ERa<k^?Oo<kI&o$I&&'V (WWW) P3NU!$
"&)<krL7FO5lkG<?r,O9k3HKhCF"3sFsD&;-ejF
#<rs!7^9#3sFsD&;-ejF#<KhCF"H%O"ERa<kdo<
kI&o$I&&'V (WWW) NHQKX"9kS8M9eNdj@rz(*KI}9
k3H,G-^9#3liNdj@O"MCHo</N]4-HS8M9N]4-K,
1k3H,G-^9#
MCHo</N]4-N?aNU#k?<h}KhCF"J<N3H,D=KJj^
9#
v e.*hS/.9kERa<kN&#k9r1L7F|n9k
v >^7/J$U!$k&?$WrU#k?<K]1k
v 5$:6aNU!$krI}9k
v a<kzFKhkOC-s0+iNUT (U/=&) ^?O5<S9Nc<+iMC
Ho</r]n9k
S8M9N]4-N?aNU#k?<h}KhCF"J<N3H,D=KJj^9#
v !)-N/2*hS&hzeNk)N3($rI_9k
v !*A3Nx+r)B9k
v >HwKhkERa<k*hSo<kI&o$I&&'V (WWW) NmQKhk;
:rc:9k
v mQ^?O(UN"kOC-s0KhkMCHo</&5<S9N;:rI0
MCHo</N]4-KP9k<RKO"G<?NKu^?OCn"ERa<kN.
p"*hS79F`&O<I&'"NKu,M(il^9,"3liN9YF,"MC
Ho</N@&s~VHJj"8:-Nc<r7-"=N/j<s"CWHs|N?a
Kb$39H,++k3HKJj^9#
7+7"S8M9N]4-KP9k<RO"!'KX9kDgJ39H"N*j-"N
o:"*hSkHN>=d.j-KP9k;}KhCF"bCHKu*JbNKJj@
^9#S8M9N]4-NdjO"hjz-N?DrT-M^i;kD=-b"j^
9#
MIMEsweeperO"ERa<kd$s?<MCHrH%GHQ9k3HKhCFs/5l
k"MCHo</HS8M9N]4-Ndj+iH%r]n9k?aN":H&Gbh
J*J=JG9#
8 SecureWay® Boundary Server for Windows NT® and AIX: 5b
MIMEsweeper N!=MIMEsweeperO"J<N3H,G-^9#
v /.5lka<kK!'*JGojq-rIC9k
v !)-N"k8q*hSG<?r]n9k
v ERa<k*hS Web Y<9Nf<6<NvDH)frT&
v 6b*JG<?rV%^?OVmC/9k
v 8cs/ERa<krVmC/9k
v :v9k3sFsDN:U**hS@&sm<Ir9-cs9k
v &#k9d-Ur}C?3<Ird_9k
v T,ZJ Web Z<8d5$HrVmC/9k
v sp"m0"*hS"<+$VrT&
SurfinGate N5W
SurfinGate 4.05O"&hzK$s?<MCH"(/9HiMCH"^?O$sHiMC
HrHQ7F$kS8M9N?aN"bP$k&3<IN;-ejF#<&D<kG
9# JavaScriptK^^lF$kbP$k&3<IN3sFsD!:rL7F"
SurfinGateO":H9Q$"G<?N~6s"*hSpsNo|JIr^`"(UN"
k;}^?OU^*GJ$;}+i3sTe<?<&MCHo</r]n9kNrgu
7^9# SurfinGateN3sFsD!:Wm;9O"2<H&'$&lYkG
Java"JavaScript"*hS ActiveX NbP$k&3<INbFr!:7F"EWJj=<
9+is61kh&K7"3<IKG-N ID H"WlCH&;-ejF#<&WmU
!$k (ASP) rdjvFF";-ejF#<N/2ND=-,"k3HrLN7^9#
SurfinGateO"?o7$HWolk3<Ir"MCHo</K~k0K1L7^9#
SurfinGate 4.05KO"J<N 4 DN=.WG,^^lF$^9#
v SurfinGate5<P<
v SurfinConsole
v SurfinGateG<?Y<9
v SurfinGate Plugin for WTE integration for Windows NT
SurfinGate ServerO"HTTP Wm-7<&5<P<H7F/-^9# SurfinGateO"U
!$"&)<k HTTP Wm-7<*hS WEBsweeperWm-7<HloNWm-7
<&A'<sNltH7F[V9k3H,G-^9# Windows NTNlg"U!$"
&)<k HTTP Wm-7<NWi0$sNeXH7FHQG-^9#Wi0$sH7F
HQ5l?lg"SurfinGateO"WarTCF$kWm-7<&f<6<KD$FN0
k<Wpsr~j7^9# SurfinGateNU#k?<h}N]j7<O"3N0k<Wp
sKpE$?bNK9k3H,G-^9#3N"<-F/Ac<KhCF"bP$k&
3<INHiU#C/rd_5;"OC-s0,/89k0K!:9k3H,G-^
9#3N=.WGO"kH;-ejF#<&]j7<K>C?]nrs!7^9#
h2O IBM N SecureWay Boundary ServerNRp 9
SurfinConsoleO"bP$k&3<IKP9kf{NkH;-ejF#<&]j7<NI
}H_jrT&?aNH$d9$$s?<U'<9G9# SurfinConsoleO"MCHo
</eN#tN SurfinGate Serverr)f9k3H,G-"f<6<4H^?O0k<W
4HK""k$Ou1~lD=GJ$3<IHu1~lD=J3<IKD$FN+9?
`&j9HKhCF"kH4NGNbP$k&3<IKX9k,'r/)9k3H,G
-^9#
SurfinGateG<?Y<9O"f<6<H0k<WKX9kps*hS=liNP~9k
;-ejF#<&]j7<,~CF$k""WlCH&;-ejF#<&WmU!$k
(ASP) N\Yr]I7^9#3NG<?Y<9O"H_~_N"/;9&G<?Y<
9&(s8s^?O{8N OracleG<?Y<9rHQ9k3H,G-^9# SurfinGate
,9YFNbP$k&3<INbFrBTfK!:7F$kNG"3NG<?Y<9O
;-ejF#<N?aKO,W"j^;s,"g,ON`nGOQU)<^s9r~e
5;kNKr)A^9#
SurfinGate N!=
SurfinGateO"J<NbNrs!7^9#
v Java"WlCH"Active X 3sHm<k"JavaScriptQN2<H&'$&lYkN3
sFsD!:5<P<
v j"k?$`Fk"0*!:
v Web Y<9NbP$k&3<IKP9k;-ejF#<&]j7<N/)
v VbP$k&3<IW(?H(P"Java"WlCH"ActiveX 3sHm<k"
JavaScript, Visual Basic9/jWH"Wi0$s"cookie)N!:
SurfinGateO"Wm-7<&A'<sNfNWm-7<HloK//+"^?O
Windows NTQN Firewall eN WTE Wi0$srp7F/-^9#
10 SecureWay® Boundary Server for Windows NT® and AIX: 5b
h3O SecureWay Boundary Server r$s9H<k9k0K
\OGO"SecureWay Boundary ServerN$s9H<kN`wrT&}!KD$Fb@
7"J<Na,^^lF$^9#
v X`wrT&}!Y
v 13Z<8NXSecureWay Boundary ServerY
`wrT&}!
3NaGO"SecureWay Boundary ServerN=.WGr`w9k}!KD$Fb@7^
9#
SecureWay Policy Director HN}g
Windows NT^?O AIX GN IBM SecureWay Policy DirectorNp\*J;CH"C
WKD$FO"J<rT$^9#
1. *Zl<F#s0&79F`, Policy Directorr5]<H9kh&K57/=.5
lF$k3Hr!:9k#
2. IN5<P<=.WG,[VNWoKGbh/,g7F$k+"*hS3liN=.
WGrIN^7sK$s9H<k9k+rhj9k#
3. DCE $sUi9Hi/Ac<,8_7F$J$lgO"=lr$s9H<k7F"
=.9k#
4. SecureWay Directory (LDAP)r$s9H<k7F"=.9k#
5. /i$"sHZ@qN'ZrT&=jG"klgO" Certificate Authorization
Service (CAS)r=.9k#
6. NetSEAT/i$"sHr$s9H<k9k#
7. Policy Director5<P<=.WGr$s9H<k9k#
8. I}3s=<kr$s9H<k9k#
Policy DirectorKD$FN\YO"Policy Director 5b P<8gs 3.0 r2H7F/
@5$#
SecureWay FirewallWindows NT^?O AIX GN IBM Firewall Np\*J;CH"CWO"J<rT$
^9#
1. 17Z<8NXSecureWay Boundary ServerNO<I&'"WoYKj9H5lF$k
0sro,7CF$k+N'9k#
2. IBM Firewall N;CH"CWNWhr)Fk#0bCF"U!$"&)<kNIN
!=,,WG"INh&J}!GHQ7?$+rhaF*-^9#
© Copyright IBM Corp. 1999 11
3. IN$s?<U'<9,;-e"&MCHo</K\35lk+r Firewall KX(
9k#+,NU!$"&)<k,57/n09k?aKO";-e"&$s?<U'
<9Hs;-e"&$s?<U'<9,J1lPJj^;s#=./i$"sHNJ
S2<7gs&Dj<+i" VSystem AdministrationWU)k@<r+-"
VInterfaces Wr/jC/7F"+,NU!$"&)<keNMCHo</&$s?<U'<9Nj9Hr4Y^9#$s?<U'<9N;-ejF#<u7rQ99k
KO"1 DN$s?<U'<9r*r7F"Change r/jC/7^9#
m: $s?<MCHK\37h&H7F$klgO"$s?<MCH&5<S9&WmP$@< (ISP) K"m7F"Firewall s;-e"&$s?<U'<9N?aN
P?Q_ IP "Il9r~j7F/@5$#
4. VSystem AdministrationWU)k@<NfNVSecurity Policy W@$"m0r"/;97F"lL*J;-ejF#<&]j7<r;CH"CW9k#5?*J Firewall
=.GO"J<NH*jG9#
v DNS HqrvD9k
v s;-e"&$s?<U'<9XN1sL.aC;<8rq]9k
v s;-e"&"@W?<XN Socksrq]9k
5. Ia$s&M<`&5<S9Ha<k&5<S9r;CH"CW9k# DNS l>j
e<7gsrs!7J$H"z(*JL.OTol^;s#3liN!=O"=./
i$"sHNJS2<7gs&Dj<K"kVSystem AdministrationWU)k@<+
i"/;97^9#
6. =./i$"sHNJS2<7gs&Dj<NfNVNetwork Objects W!=rHQ7F"MCHo</NgWJWGrU!$"&)<kKjA9k#VNetwork
ObjectsWO"Firewall rp7?HiU#C/r)f7^9#J<NgWJWGrMC
Ho</&*V8'/HH7FjA7^9#
v Firewall N;-e"&$s?<U'<9
v Firewall Ns;-e"&$s?<U'<9
v ;-e"&MCHo</
v HQ7F$k;-e"&MCHo</eK"kF5VMCH
v HQ7F$k Security Dynamics5<P<*hS Windows NTNIa$s&5<
P<N?aN[9H&MCHo</&*V8'/H (:v9klg)
7. Firewall eN5<S9rHQD=K9k#3liO"(socks^?OWm-7<JI
N) a=CIG"j"=lKhCF";-e"&MCHo</bNf<6<Os;-
e"&MCHo</r"/;9G-^9#IN5<S9r3~9k+O"WhJ,G
TC?hjKhj^9#ltN\3=.GCjN?$WNHiU#C/r;CH"C
W9klgKO"3~5<S9,,WKJklg,"j^9#?H(P"+RN;-
e"&f<6<,"HTTP Wm-7<rQ$F"$s?<MCHeN&'Vr5<U
#s9kNrv9H9lP"I}TO" HTTP Wm-7<&G<bsrU!$"&
)<kK=.9k,W,"kP+jGJ/" HTTP HiU#C/rv9h&J\3
r_j9k3Hb,WKJj^9# Policy Directorr;CH"CW9klgKO"
11Z<8NXSecureWay Policy DirectorHN}gYr2H7F/@5$#
12 SecureWay® Boundary Server for Windows NT® and AIX: 5b
8. Windows NT N_: /=Wm;9, NETBIOS rHQTDK9k?a"'ZK
Windows NTIa$s&Q9o<IrHQ7?$lgO"'ZQNHi9FCI
Windows NTIa$sr!w9k!=ruw7?"Windows/i$"sH&3<I
r=.9k,W,"j^9#Hi9FCI Windows NT5<P<O"TCP/IP[9
H>H"Il9r}CF$k,W,"j"^?=N5<P<H Firewall HNVN
TCP/IP\3r}CF$k,W,"j^9#U!$"&)<kI}TO"Firewall H
Hi9FCI Windows NT5<P<NVK\3rn.7F"=N 2 DNVNHi
U#C/rD=K9k,W,"j^9#
9. MCHo</&"Il9Q9rHQ9k=jG"klg"^:GiK"ISP K"m7
F"?P 1 N"Il9Q9KHQ9kP?Q_ IP "Il9rh@9k#3N"I
l9O"9FCW 12Z<8N3 GWa7?"Il9KIC5lkbNG9#!K"
VAdd NAT ConfigurationWQMkG"=NP?Q_ IP "Il9rVMany-to-One IP
AddressWU#<kIKIC7^9#
e-N9FCWO"p\U!$"&)<k=.r)Ae2F"BT9kNKr)DO:
G9# IBM Firewall O"MCHo</N;-ejF#<rNBJbNK9kNrgu
9k?aK"79F`&m0JIN>N!=rs!7F$^9#
Firewall ,5o^?O[oN$:l+G7cCH@&s7?lgGb"=.G<?O"
O<I&G#9/K]I5l"jV<H~K+0*KFh0=5lkNG"FAru1
k3HO"j^;s#?@7"?H(P"/F#V FTP ;C7gsJI"ltN"/
F#V\3,fG5lkH"CjNU!$"&)<k&m0&aC;<8,/87^
9#
SecureWay Boundary ServerSecureWay Boundary Server<IrHQ7F"Policy DirectorH}g9k?aK"
f<6<NI}QN IBM SecureWay Policy DirectorrHQ9kh& Firewall r;CH
"CW9k3H,G-^9#$U*rG"3N<IOU!$"&)<k HTTP W
m-7<r=.7F"'Zpsr SurfinGateWi0$sKO7^9 (Windows NTN
_)#
Firewall QN IBM SecureWay Boundary Serverr=.9k?aK,WJpsO"J<N
H*jG9#
v Firewall ,HQ9k IBM SecureWay Directory5<P<N[9H>HIa$s#
v IBM SecureWay Directory5<P<,0h9k]<HNt#GU)kHN]<HtO
389 G9#
v IBM SecureWay Directory5<P<QN SecurityMasterQ9o<I#
v 3N Firewall KP9kWm-7<&f<6<rhL9k?aKHQ9kIa$s>#
3N>0rHQ9k9YFNU!$"&)<k,"18f<6<N;CHrI}7^
9#Lo"Firewall ^7sN04$~[9H>rHQ7^9#
v SecureWay DirectoryNfK]I5l?Wm-7<&f<6<r"/;99k?aKH
Q5lk Firewall I}T>#3N>0KO"SecureWay Policy DirectorGn.5l?
h3O SecureWay Boundary Serverr$s9H<k9k0K 13
9YFNWm-7<&f<6<rQ99k?aN"/;9",vD5l^9#
Firewall ^7sN04$~[9H>rHQ9k,W,"j^9#
v IBM SecureWay Directory,"G<?Y<9bN Firewall f<6<N!wr+O9k
k<HH7FHQ9k1L>#3lO"Policy Directorf<6<r]I9k?aK
SecureWay DirectorybKn.7?5U#C/9G"k,W,"j^9#
v IBM SecureWay Directory5<P<K\39kH-KHQ9k?aN"Firewall NI
}T ID N?aNQ9o<I#
Firewall H the SecureWay Directory5<P<HNVGHiU#C/,.lkh&K9k
?aK"\3rn.9k,W,"j^9#
17Z<8NXSecureWay Boundary ServerNO<I&'"WoYKj9H5lF$k0
sro,7CF$k+N'7F/@5$#
SurfinGateSurfinGaterHQ9k`wr9k?aKO"Windows NT Service Pack 5,$s9H<
k5lF$k,W,"j^9# 17Z<8NXSecureWay Boundary ServerNO<I&'
"WoYKj9H5lF$k0sro,7CF$k+N'7F/@5$#
SurfinGaterHQ9k`wN?aK"J<rBT7F/@5$#
v OracleG<?Y<9rHQ7F$klgO"=lr=.9k,W,"j^9#
v Windows NT FirewallrHQ7F$klgO"Wi0$s^?OWm-7<&b<I
rHQ9k+I&+hj9k,W,"j^9#
v WTE G SurfinGateWi0$srHQD=K9kKO" Firewall ^7sK SurfinGate
Wi0$sr$s9H<k7F" SecureWay Boundary Server<IrBT7^
9#
v SurfinGateWi0$s+i SurfinGate5<P<XNHiU#C/,.lkh&K9k
?aK"\3rn.9k,W,"j^9#
MIMEsweeperMIMEsweeperNHQN`wr9k?aKO"MCHo</rINh&K0n5;h&H
7F$k+r}r7F$k,W,"j^9# 17Z<8NXSecureWay Boundary Server
NO<I&'"WoYKj9H5lF$k0sro,7CF$k+N'7F/@5$#
MAILsweeperMIMEsweeperr=.9klgO"MAILsweeperH WEBsweeperrL9N^7sK~l
k,W,"j^9#
MAILsweeperr=.9k0K"J<NnHrBT7F/@5$#
14 SecureWay® Boundary Server for Windows NT® and AIX: 5b
::
v btGHQ9ka<k&Ia$sr=L9k# MAILsweeperH Firewall a<kr9
!=O"3liNFa<k&Ia$sNa<kru1~lkh&=.5lk,W,"
j^9#
v IN;-e"&a<k&5<P<,"FIa$sr5]<H9k+r=L9k#
MAILsweeperO"9YFNa<k&Ia$sK"Il9Xj5l?a<k,"57$
a<k&5<P<K>w5lkh&K=.5lF$k,W,"j^9#
v MAILsweeper5<P<N"Il9r=L9k#;-e"&a<k&5<P<N=l>
lO"bt/i$"sH+iu.7?a<kr MAILsweeper5<P<K>w9kh
&=.5lF$k,W,"j^9#
v Firewall N"Il9r=L9k# MAILsweeperO"0tIa$sK"Il9Xj5
l?a<kr Firewall a<kr9!=K>w9kh&=.5lF$k,W,"j^
9#
WEBsweeperWEBsweeperr=.9k0K"J<NnHrBT7F/@5$#
v WEBsweeper5<P<N"Il9r=L9k#3lO"MCHo</bNF/i$"
sH Web Vi&6<4HK,WG9#Vi&6<O"HTTP"FTP"*hS HTTPS
N?aNWm-7<H7F WEBsweeper5<P<rHQ9kh&=.5lF$k,
W,"j^9#
v +,NU!$"&)<kN;-e"&$s?<U'<9N"Il9r=L9k#
WEBsweeperO"Wm-7<War Firewall Kos9k HTTP Wm-7<K>w9
kh&=.5lF$k,W,"j^9#
v /i$"sH, Web 3sFsDNU#k?<h}r&sG-kh&K7?/J$l
gO"Firewall eN\3r;CH"CW7F"WEBsweeper+ SurfinGate5<P<"
"k$O=N>}KP9kWm-7<&"/;9r)B9kh&K9k,W,"j^
9#
h3O SecureWay Boundary Serverr$s9H<k9k0K 15
h4O IBM SecureWay Boundary Server (SBS) NWo
3NOGO"SecureWay Boundary ServerNG.,Wror(7^9#
SecureWay Boundary Server NO<I&'"Wo
Boundary Server=.WG=JNO<I&'"WorJ<N=K(7^9#
= 2. Boundary Server=.WG=JNO<I&'"Wo
Boundary
Server =.WG
^7s&?$W G#9/&
9Z<9
abj< =N>
Policy Director N/A 64 MB 16 MB N/A
IBM Firewallv Windows NT:
266 MHz Je
v AIX: 4.3.2 r5
]<H9k
RS/6000^7s
Windows NT: 200
MB
AIX: 200 MB
Windows NT: 64
MB
AIX: 128 MB
MCHo</&$
s?<U'<9&
+<I (NIC) 2
g
ACE/Serverv Windows NT:
166 MHz Je
(7s0k&W
m;C5<N
_)
v AIX: AIX 4.2
r5]<H9k
^7s
v 1 !5<P<&
=UH&'":
50 MB
v PC/"CW&
5<P<:
22MB
v i|f<6<&
G<?Y<9:
4 MB
v $s9H<k:
240 MB
G.: 32 MB B]N-1hWo
O"f<6<tK
hCFh^k#
MAILsweeper Windows NT: 400
MHz Wm;C5
<Je
1 GB 128 MB N/A
WEBsweeper Windows NT: 450
MHz Wm;C5
<Je
1 GB 128 MB N/A
gFLD-K*1
k WEBsweeper
79F`NWo
Windows NT: 450
MHz Wm;C5
<Je
3 GB 512 MB N/A
SurfinGate 4.05
5<P<
Windows NT: 233
MHz Wm;C5
<Je
20 MB 256 MB N/A
© Copyright IBM Corp. 1999 17
= 2. Boundary Server=.WG=JNO<I&'"Wo (3-)
SurfinGate 4.05
3s=<k
Windows NT: 233
MHz Wm;C5
<Je
15 MB 64 MB N/A
m: #t@lKD$FN\YO" IBM SecureWay Firewall for AIX^?O Windows
NT P<7gsN;CH"CWH$s9H<kKX9kqAr2H7F/@5$#
NetscapeVi&6<Nlg"138 MB NG#9/&9Z<9b,WG9#
SecureWay Boundary Server N=UH&'"Wo
Boundary Server=.WG=JN=UH&'"WorJ<N=K(7^9#
= 3. Boundary Server=.WG=JN=UH&'"Wo
=J Windows AIX =N>
Policy Director 5<
P<
Windows NTP<8g
s 4.0 (Service Pack 5
U-)
4.3.1 N/A
IBM Firewall Windows NTP<8g
s 4.0 (Service Pack 5
U-)
4.3.2 N/A
SecureWay
Boundary Server
IBM SecureWay
Firewall 4.1
IBM SecureWay
Firewall 4.1
N/A
MAILsweeper Windows NTP<8g
s 4.0 (Service Pack 5
U-); Internet Explorer
4.01 Je; Microsoft
Management Console
1.1; NTFSIi$V;
Windows Messaging
N/A HQ7?$"sA&#
k9&D<k
WEBsweeper Windows NTP<8g
s 4.0 (Service Pack 5
U-)
N/A HQ7?$"sA&#
k9&D<k
SurfinGate 5<P< Windows NTP<8g
s 4.0 (Service Pack 5
U-)
N/A N/A
SurfinGate 4.05 3s
=<k
Windows NTP<8g
s 4.0 (Service Pack 5
U-) ^?O Windows
95
N/A N/A
18 SecureWay® Boundary Server for Windows NT® and AIX: 5b
h5O SecureWay Boundary Server N$s9H<k*hS=.
3NOGO"Windows NT*hS AIX GN SecureWay Boundary ServerN=.H$s
9H<kN}!KD$Fb@7^9#
v XSecureWay Boundary Server=.WGN$s9H<kY
v 21Z<8NXSecureWay Boundary Server=.WGN=.Y
v 30Z<8NXdj~_NVmC-s0Y
SecureWay Boundary Server =.WGN$s9H<k
3NaO"Windows NT*hS AIX GN IBM SecureWay Firewall"SurfinGate"*h
S MIMEsweeperr$s9H<k9kNKr)A^9#
SecureWay Firewall N$s9H<kIBM SecureWay Firewall for Windows NT and AIXNp\=.KD$FN\YO"11Z
<8NX`wrT&}!Yr2H7F/@5$#=3GO";-e"&$s?<U'<
9NjA}!";-ejF#<&]j7<Nhj}!"*hSMCHo</&*V8'
/HNjA}!KD$Fb@7F$^9# SecureWay FirewallKD$FN\YO"IBM
SecureWay Firewall for AIX;CH"CW*hS$s9H<kNjz- *hS IBM
SecureWay Firewall for Windows NT;CH"CW*hS$s9H<kNjz- r2H
7F/@5$#
SecureWay Directory N$s9H<k
SecureWay Boundary ServerN LDAP !=rHQ7F$klgO"IBM SecureWay
Policy Director 5b P<8gs 3.0 r2H7F/@5$#
SecureWay Directory5<P<O"Firewall N;-e"&5$I+"^?O Firewall N
;-e"spuOS (DMZ) bK8_7J1lPJj^;s#
SecureWay Policy Director N$s9H<k
SecureWay Boundary ServerN LDAP !=rHQ7F$klgO"SecureWay Policy
Director r$s9H<k9k,W,"j^9 (IBM SecureWay Policy Director5b P<
8gs 3.0 r2H)#
SecureWay Boundary Server N$s9H<k
SecureWay Boundary Serverr Windows NTK$s9H<k9kKO"J<rT$^
9#
v SecureWay Firewall for Windows NTr$s9H<k9k
v SecureWay Boundary Server CD+i setup.exerBT9k
© Copyright IBM Corp. 1999 19
v @lr*r7FVOKWr/jC/9k
v InstallShield,"SecureWay Boundary ServerrI3X$s9H<k7?$+rRMF
-^9# Windows NTNGU)kH&G#l/Hj<O C:¥Program Files¥IBM¥SBS
G9#
v jV<H9k
SecureWay Boundary Serverr AIX K$s9H<k9kKO"J<rT$^9#
v SecureWay Firewall for AIXr$s9H<k9k
v CD r^~7F"SMITTY rHQ7F$s9H<k9k
v VSoftware Installation and MaintenanceWr*r9k
v VInstall and Update SoftwareWr*r9k
v VLatest Available SoftwareW+iVInstall and UpdateWr*r9k
v INPUT GP$9rRMF-?lg"*r`\rj9H7F"CD-ROM Ii$Vr*
r9k
v $s9H<k9k SOFTWAREN*r`\rj9H7F"sbsr*r9k
v VEnterWr!7F"=UH&'"r$s9H<k9k
v jV<H9k
SurfinGate N$s9H<k
SurfinGateKO"SurfinGate5<P<H SurfinGate3s=<kN 2 DN=.WG,"
j^9# SurfinGateN$:l+N=.WGr$s9H<k9kKO" SurfinGate CD
N ¥docs¥install.pdf K~CF$k$s9H<k&,$Ir2H7F/@5$#
SurfinGate Wi0$s
IBM SecureWay Firewall For Windows NTK SurfinGateWi0$sr$s9H<k9
kKO" SurfinGate CDN ¥docs G#l/Hj<K~CF$k$s9H<k&,$I
r2H7F/@5$#
MIMEsweeper N$s9H<kMIMEsweeperKO"MAILsweeper"WEBsweeper"*hS WEBsweeper HTTPSH$&
3 DN=.WG,"j^9#
MAILsweeper 4.1O"NTFS hhK$s9H<k5lk,W,"j^9#
MAILsweeper N$s9H<kMAILsweeperr$s9H<k9kKO"MIMEsweeper CDN
¥install¥MSW4_0_2¥docs¥qsg.pdf K"k"Getting Started Guider2H7F/@5$#
MAILsweeperO"WEBsweeper HTTPWm-7<H18^7sKO$s9H<k7J$
G/@5$#
20 SecureWay® Boundary Server for Windows NT® and AIX: 5b
:
MAILsweeperO"WEBsweeper HTTPSWm-7<H18^7sKO$s9H<k7J
$G/@5$#
Windows NT CD+i MAPI32.dll r$s9H<k7?eG" MIMEsweeper CD+i
Microsoft Management Console 1.1r$s9H<k9kH"57$P<8gsN
MAPI32.dll ,"Microsoft Management ConsoleHloK$s9H<k5l?lP<8g
sNbNGeq-5lF7^$^9# Microsoft Management Consoler$s9H<k7
?e"MAPI32.dll NP<8gs 4.0 ^?O=lJe,$s9H<k5lF$k3Hr
N'7F/@5$# dll O"Lo Windows Messaging=.WGNfK"j^9#
WEBsweeper N$s9H<kWEBsweeperr$s9H<k9kKO"MIMEsweeper CDN
¥install¥WSW3_2_5¥docs¥manual.pdf K"k Administrator’s Guider2H7F/@5
$#
WEBsweeperO"MAILsweeperH18^7sKO$s9H<k7J$G/@5$#
WEBsweeper HTTPS N$s9H<k
WEBsweeper HTTPSr$s9H<k9kKO"MIMEsweeper CDN
¥install¥WSWHTTPS1_0_2¥readme.txt K"k Readmer2H7F/@5$#
WEBsweeper HTTPSWm-7<O"MAILsweeperH18^7sKO$s9H<k7J
$G/@5$#
SecureWay Boundary Server =.WGN=.
SecureWay Firewall N=.IBM Firewall Np\*J;CH"CWO"J<rT$^9#
1. IBM Firewall N;CH"CWNWhr)Fk#0bCF"Firewall NIN!=,,W
G"INh&J}!GHQ7?$+rhaF*-^9#
2. IN$s?<U'<9,;-e"&MCHo</K\35lk+r Firewall KX(
9k#+,NU!$"&)<k,57/n09k?aKO";-e"&$s?<U'
<9Hs;-e"&$s?<U'<9,J1lPJj^;s#=./i$"sHNJ
S2<7gs&Dj<+i" VSystem AdministrationWU)k@<r+-"
VInterfaces Wr/jC/7F"+,NU!$"&)<keNMCHo</&$s?<U'<9Nj9Hr4Y^9#$s?<U'<9N;-ejF#<u7rQ99k
KO"1 DN$s?<U'<9r*r7F"VChangeWr/jC/7^9#
3. VSystem AdministrationWU)k@<NfNVSecurity Policy W@$"m0r"/;97F"lL*J;-ejF#<&]j7<r;CH"CW9k#5?*J Firewall
=.O"J<NH*jG9#
v DNS HqrvD9k
h5O SecureWay Boundary ServerN$s9H<k*hS=. 21
:
v s;-e"&$s?<U'<9XN1sL.aC;<8rq]9k
v s;-e"&"@W?<XN Socksrq]9k
4. Ia$s&M<`&5<S9Ha<k&5<S9r;CH"CW9k# DNS l>j
e<7gsrs!7J$H"z(*JL.OTol^;s#3liN!=O"=./
i$"sHNJS2<7gs&Dj<K"kVSystem AdministrationWU)k@<+
i"/;97^9#
5. =./i$"sHNJS2<7gs&Dj<NfNVNetwork Objects W!=rHQ7F"MCHo</NgWJWGr Firewall KjA9k#VNetwork ObjectsW
O"Firewall rp7?HiU#C/r)f7^9#J<NgWJWGrMCHo<
/&*V8'/HH7FjA7^9#
v Firewall N;-e"&$s?<U'<9
v Firewall Ns;-e"&$s?<U'<9
v ;-e"&MCHo</
v HQ7F$k;-e"&MCHo</eK"kF5VMCH
v HQ7F$k Security Dynamics5<P<*hS Windows NTNIa$s&5<
P<N?aN[9H&MCHo</&*V8'/H (:v9klg)
6. Firewall eN5<S9rHQD=K9k#3liO"(socks^?OWm-7<JI
N) a=CIG"j"=lKhCF";-e"&MCHo</bNf<6<Os;-
e"&MCHo</r"/;9G-^9#IN5<S9r3~9k+O"WhJ,G
TC?hjKhj^9#ltN\3=.GCjN?$WNHiU#C/r;CH"C
W9klgKO"3~5<S9,,WKJklg,"j^9#?H(P"+RN;-
e"&f<6<,"HTTP Wm-7<rQ$F"$s?<MCHeN&'Vr5<U
#s9kNrv9H9lP"I}TO" HTTP Wm-7<&G<bsrU!$"&
)<kK=.9k,W,"kP+jGJ/" HTTP HiU#C/rv9h&J\3
r_j9k3Hb,WKJj^9#
7. Firewall f<6<r;CH"CW9k#"&HP&sIN Web "/;9Nh&J!
=N'Z"^?O Firewall I}TN'Z,,WJlg"=liNf<6<r
Firewall KjA9k,W,"j^9# LDAP bNWm-7<&f<6<r]I9k
?aK SecureWay Policy DirectorrHQ7F$klgO"3N~@GOWm-7
<&f<6<rn.7J$G/@5$# Policy DirectorN=.~K"Policy Director
3s=<krHQ7F Firewall Wm-7<&f<6<rn.7F/@5$#
e-N9FCWO"p\ Firewall =.r)Ae2F"BT9kNKr)DO:G9#
IBM Firewall O"MCHo</N;-ejF#<rNBJbNK9kNrgu9k?a
K"79F`&m0JIN>N!=rs!7F$^9#
Firewall ,5o^?O[oN$:l+G7cCH@&s7?lgGb"=.G<?O"
O<I&G#9/K]I5l"jV<H~K+0*KFh0=5lkNG"FAru1
k3HO"j^;s#?@7"?H(P"/F#V FTP ;C7gsJI"ltN"/
F#V\3,fG5lkH"CjNU!$"&)<k&m0&aC;<8,/87^
9#
22 SecureWay® Boundary Server for Windows NT® and AIX: 5b
Policy Director N}gN?aN SecureWay Firewall N=.Policy DirectorHN}grxQ9k?aKO"Firewall O"SecureWay Boundary Server
<IHloK IBM SecureWay Policy DirectorrHQ9kh&K=.5lF$k
,W,"j^9# IBM SecureWay Policy Director,HQ5lJ$lg"Wm-7<&
f<6<O"Firewall 0iU#+k&f<6<&$s?<U'<9 (GUI) KhCFN_
jA5l^9#=Nh&Jf<6<O"SecureWay Policy DirectorGOI}G-^;
s#
SecureWay Firewall, SecureWay DirectoryHPCrT(kh&K9kKO"\3rn
.9k,W,"j^9# SecureWay DirectoryO"Firewall N;-e"&5$I (;-
e" DMZ ^?O;-e"&MCHo</N$:l+) K"k,W,"j^9#
\3r;CH"CW9k}!KD$FN\YO"IBM SecureWay Firewall for Windows
NT HQTNjz- *hS IBM SecureWay Firewall for AIXHQTNjz- r2H7
F/@5$#\3r;CH"CW9k?aNpsO"J<NH*jG9#
WaNlg"J<O""&HP&sIN,'r;CH"CW9k?aK,WJ`\G
9#
v w.5O Firewall N;-e"&"@W?<&"Il9KJk#
v 8hO SecureWay Directory"Il9KJk#
v w.5]<HO 1023hjg-/Jk#
v 8h]<HO 389 Ky7/Jk#
v $s?<U'<9O!)]n5lk#
v P)XjOm<+kKJk#
v }~O"&HP&sIKJk#
~zNlg"J<O"$sP&sIN,'r;CH"CW9k?aK,WJ`\G9#
v w.5O SecureWay Directory"Il9KJk#
v 8hO Firewall N;-e"&"@W?<&"Il9KJk#
v w.5]<HO 389 Ky7/Jk#
v 8h]<HO 1023hjg-/Jk#
v $s?<U'<9O!)]n5lk#
v P)XjOm<+kKJk#
v }~O$sP&sIKJk#
J<K\3Ncr(7^9#
# Service : ldap# Description:
permit 9.67.130.153 255.255.255.255 9.67.141.85255.255.255.255 tcp gt 1023 eq 389 secure both
h5O SecureWay Boundary ServerN$s9H<k*hS=. 23
outbound l=y f=y t=0 e=none a=none
permit 9.67.141.85 255.255.255.255 9.67.130.153255.255.255.255 tcp/ack eq 389 gt 1023 secure localinbound l=y f=y t=0 e=none a=none
SecureWay Boundary Server;CH"CW&<IrBT7^9#U!$"&)<
k, Policy DirectorHloKn0G-kh&K9k?aN*W7gsr*r7F/@5
$#\7/O"26Z<8NXPolicy DirectorN}gN?aN SecureWay Boundary Server
N=.Yr2H7F/@5$#
SurfinGate Wi0$sGHQ9k?aN SecureWay Firewall N=. (WindowsNT N_)
SecureWay Firewall, SurfinGate5<P<HPCrT(kh&K9kKO"\3rn.
9k,W,"j^9# SurfinGate5<P<O"Firewall N;-e"&5$IK"k,W
,"j^9#
\3r;CH"CW9k}!KD$FN\YO"IBM SecureWay Firewall User’s Guide
for Windows NTr2H7F/@5$#\3r;CH"CW9k?aNpsO"J<N
H*jG9#
WaNlg"J<O""&HP&sIN,'r;CH"CW9k?aK,WJ`\G
9#
v w.5O Firewall N;-e"&"@W?<&"Il9KJk#
v 8hO SurfinGate5<P<N"Il9KJk#
v w.5]<HO 1023hjg-/Jk#
v 8h]<HO 3141Ky7/Jk#
v $s?<U'<9O!)]n5lk#
v P)XjOm<+kKJk#
v }~O"&HP&sIKJk#
WaNlg"J<O"$sP&sIN,'r;CH"CW9k?aK,WJ`\G9#
v w.5O SurfinGate5<P<N"Il9KJk#
v 8hO Firewall N;-e"&"@W?<&"Il9KJk#
v w.5]<HO 3141Ky7/Jk#
v 8h]<HO 1023hjg-/Jk#
v $s?<U'<9O!)]n5lk#
v P)XjOm<+kKJk#
v }~O$sP&sIKJk#
J<K"3Nh&J\3Ncr(7^9#
24 SecureWay® Boundary Server for Windows NT® and AIX: 5b
# Service : SurfinGate Plugin Communication# Description:
permit 9.67.143.113 255.255.255.255 9.67.143.115 255.255.255.255 tcp gt 1023 eq 3141secure local outbound l=y f=ypermit 9.67.143.115 255.255.255.255 9.67.143.113 255.255.255.255 tcp eq 3141 gt 1023secure local inbound l=y f=y
m: \3O18s~eK"k,W,"j^9#
9-cs5lkG<?rHQD=K9k?aKO"SurfinGate5<P<r=.9k,W
b"j^9# SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?
VN<NVPlugin Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?
VNVNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HV
fr~O9k,Wb"j^9#
MAILsweeper rHQ9k?aN SecureWay Firewall N=.SecureWay FirewallKjA5l? Mail ExchangerO"B]N;-e"&a<k&5<
P<GOJ/"MAILsweeper^7sr]$sH7F$k,W,"j^9#
MAILsweeper+NO"a<kr;-e"&a<k&5<P<K[#7^9#
SecureWay Policy Director N=.
SecureWay Directory,9GK$s9H<k5lF$k3HrN'7F/@5$#
SecureWay Directory,$s9H<k5lF$k^7sN"Il9"SecureWay Directory
,0h7F$k]<H" SecureWay Directory5<P<eNI}T ID"*hSI}TQ
9o<IrNk,W,"j^9#
SecureWay Directory LDAP/i$"sHO"SecureWay Policy DirectorH18^7sK
$s9H<k7F/@5$#(SecureWay DirectoryH SecureWay Policy DirectorQK1
8^7srHQ7F$klg"3N/i$"sH,9GK$s9H<kQ_G"klg
,"j^9#)
Policy DirectorWm-7<&f<6<r5]<H9k?aK" SecureWay DirectoryN
LDAP 9-<^rQ99k,W,"j^9#3N9-<^NICO"Policy DirectorK
hCFs!5lk 2 DNU!$kK]I5l^9# Policy Director CDN /schema G
#l/Hj<K"k" secschema.def *hS puschema.def H$&U!$k,,WKJ
j^9#
SecureWay Directory5<P<eN LDAP 9-<^rQ99kKO" Policy Director^
7sG"J<N3^sIrBT7F/@5$#
ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f secschema.def
ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f puschema.def
33G"!NH*jG9#
v <LDAPHOST> O SecureWay Directory 5<P<N>0G9
h5O SecureWay Boundary ServerN$s9H<k*hS=. 25
v <LDAPPORT> O5<P<,0h7F$k]<HG9
v <LDAPADMINUSER> OI}T ID G9
v <LDAPADMINPWD> OI}TQ9o<IG9
Wm-7<&f<6<r5]<H9kh& LDAP 9-<^rQ97?lg"Wm-7
<&f<6<, Policy Director3s=<kr`nG-kh&K9k,W,"j^9#3
lrT&?aKO"¥Program Files¥IBM¥IVConsole G#l/Hj<K"k
console.properties U!$kNfN Proxyusers TaskViewH$&T,3asHKJCF
$kNr"3asHGJ$h&KQ99k,W,"j^9#
SecureWay Directory N=.
SecureWay DirectoryK5U#C/9rjA9k,W,"j^9,"3lO"Policy
Director f<6<,]I5lkk<HH7FHQ5l^9# LDAP K5U#C/9rI
C9kKO"IBM SecureWay Directory Administrator’s Guider2H7F/@5$#?H
(P"5?*J5U#C/9O"J<Nh&KJj^9#
o=yourcompany,c=yourcountry
Policy Directorf<6<r]I9k?aN5U#C/9rIC7?lg"=N5U#C
/9r"/;9)fj9H (ACL) K57/;CH9k,W,"j^9# Policy Director
;-ejF#<&0k<WQN77$5U#C/9KP7F"4"/;9"rs!9k
,W,"j^9# Policy Director;-ejF#<&0k<WKP9k1L> (DN) O"
J<NH*jG9#
cn=securitygroup,secauthority=default
Policy Director N}gN?aN SecureWay Boundary Server N=.
<IrHQ7F SecureWay Boundary5<P<N=.rT&3H,G-^9#3
N<IO"Boundary Server*hS Policy DirectorbG">N=JHloKn0
9k Firewall r;CH"CW9kNK,WJ9FCWr,$I7F$-^9#eK3/
QMk,"LDAP5<P<KX9kAdr7F-^9#,WJpsr9YF~O9k
H"<IO"Policy Director,f<6<*hS0k<WN]j7<QH7FHQ
7F$kNH18 LDAP G<?Y<9rHQ7F"Firewall r;CH"CW7^9#3
N<IO"SurfinGateWi0$sK'ZpsrO9?aK"U!$"&)<k
HTTP Wm-7<N=.H=.r|rT&3HbG-^9 (Windows NT FirewallN
_)#
IBM SecureWay Boundary Serverr=.9kKO"SecureWay Boundary Server
<IrBT7^9# AIX GO3^sI sbswizard rBT7" Windows NTGO"
V9?<H -> Wm0i` -> SecureWay Boundary Server Wr*r7^9#3lKhCF"SBS<I,)Ae2il^9#
1. VSet up Firewall to share an LDAP database with Policy Director WN*W
7gsr*r7^9#
26 SecureWay® Boundary Server for Windows NT® and AIX: 5b
2. =(5lkAdK"13Z<8NXSecureWay Boundary ServerYNpsrHQ7F~
z7^9#
SurfinGate Wi0$srHQD=K9k?aN SecureWay Boundary Server N=
. (Windows NT N_)V9?<H -> Wm0i` -> SecureWay Boundary Server Wr*r7^9#3lKhCF"SBS<I,)Ae2il^9#
1. VConfigure the Firewall HTTP Proxy to pass authentication information tothe SurfinGate plugin WN*W7gsr*r7^9#
2. @$"m0r*;7^9#
SurfinGate N=.
Windows NTGO"J<N 2 D}0G"SurfinGater=.9k3H,G-^9#
v A'<sKJC?Wm-7<H7F
v U!$"&)<k HTTP Wm-7<NWi0$sH7F
AIX GO"SurfinGater=.9k}0OJ<N 1 DG9#
v A'<sKJC?Wm-7<H7F
A'<sKJC?Wm-7<H7FN SurfinGate N=.
/i$"sH Web Vi&6<O"HTTP"FTP"*hS HTTPSN?aNWm-7<H
7F SurfinGaterHQ9kh&K=.5lF$k,W,"j^9# SurfinGate,0h
7F$k]<HVfr,:Xj7F/@5$ (GU)kHO 8080)#
SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?VN<N
VProxy Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?VN
VNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HVfr
^ 2. SurfinGateN=.
h5O SecureWay Boundary ServerN$s9H<k*hS=. 27
~O9k,Wb"j^9#"k$O"ICNWm-7<,9GKjAQ_G"klg
O"!NWm-7<H7F"=liNWm-7<r]$sH9k3H,G-^9#
U!$"&)<k HTTP Wm-7<N?aNWi0$sH7FNSurfinGate N=.
/i$"sH Web Vi&6<O"HTTP"FTP"*hS HTTPSN?aNWm-7<H
7FU!$"&)<k HTTP Wm-7<rHQ9kh&K=.5lF$k,W,"j^
9#U!$"&)<k HTTP Wm-7<,0h7F$k]<HVfr,:Xj7F/@
5$ (GU)kHO 8080)#
SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?VN<N
VPlugin Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?VN
VNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HVfr
~O9k,Wb"j^9#
m: 3N!=O"SecureWay Firewall for Windows NTGN_HQD=G9#
^ 3. SurfinGateN=.
28 SecureWay® Boundary Server for Windows NT® and AIX: 5b
MIMEsweeper N=.
MAILsweeper N=.
D-,1cG"klgO"MAILsweeperO"$s9H<kfKRMilkAdKhCF
=.9k,W,"j^9#ICN=.rT&KO"SMTP 3s=<kG"V9?<H ->Wm0i` -> MAILsweeper for SMTP -> MAILsweeper Wr*r7^9#\YKD$FO"MAILsweeper Getting Started Guider2H7F/@5$#
WEBsweeper N=.
=.rT&KO"3sHm<k QMkG"WEBsweeper"WlCHr*r7^9#\Y
KD$FO"MIMEsweeper CDK"k WEBsweeper Administrator’s Guider2H7F/
@5$#
WEBsweeper HTTPS N=.
=.rT&KO"3sHm<k QMkG"WEBsweeper HTTPS"WlCHr*r7^
9#\YKD$FO" WEBsweeper Administrator’s Guider2H7F/@5$#
^ 4. MAILsweeperN=.
^ 5. WEBsweeperN=.
h5O SecureWay Boundary ServerN$s9H<k*hS=. 29
dj~_NVmC-s0
CjN IP "Il9rVmC/9k3H,G-kU#k?<rn.9k?aKO"3^
sI&i$s&f<F#jF#<rHQ7^9#VmC/9k"Il9O"3sFsD
!:NkL"0*K=L9k3H,G-^9#3N?aN3^sIO"J<NH*jG
9#
v fwadd_deny
v fwdelete_dynamic
fwadd_denyWm0i`,Qia<?<J7G/05l?lg",WJQia<?<NU)
<^CHrWa9kWmsWH,=(5l^9#
Qia<?<O"J<NH*jG9#
U#k?< IDWindows NT Firewall Nlg: ]irT.9k?aK"1 DN ID
,U#k?<KdjvFil^9# ID O 1 +iO^CF:gKdj
vFil^9#!KHQD=J ID Vfhjbg-J ID ,!k5l
kH"djvFilk ID O"Wm0i`K!k5l? ID VfGO
J/"!KHQD=J ID VfKJj^9#?H(P"ID 1 G?i
+N,',8_7F$F"ID 3 G 1 HNU#k?<,'rn.7h
&H9kH"eojK ID 2 ,djvFil^9#18 ID VfK#
tN,'rdjvFk3H,G-^9#,', delete_dynamicWm0
i`rHQ7Fo|5lkH-KO"=liN,'O ID KhCF2
H5lkNG"ID 4HK,'rn.9kH-K"18 ID r&Q7
F$klgKO"=lir 1 DN0k<WH7Fo|9kbNH7F
Wh9kh&K7F/@5$#
,',9GKIC5lF$kH-KO"HQ5l? ID Vf,=(5
l^9#
U#k?< IDAIX Firewall Nlg: ID OVfGdjvFk3H,G-^9# ?H
(P"U#k?< ID K ID 12 rXj9kH" ID=12 ,djvFi
l^9# AIX GO"U#k?<K18 ID VfrdjvFk3HO
G-^;s#FU#k?<O"H+N ID r}A^9#
w.5 IP "Il9Q1CH,~CF/kw.5KHQ9k IP "Il9O".t@U-
10 J=- (?H(P"255.255.255.255)GXj7^9#
w.5 IP ^9/3NU#<kIOw.5 IP "Il9HloKHQ5l".t@U-
10 J=-G~O5l^9#?H(P"~O5l?w.5 IP "Il9
, 10.5.8.0G"j"w.5 IP ^9/, 255.255.255.0G"klg"
10.5.8.1+i 10.5.8.255^GN9YFNQ1CH,P]KJj^9#
30 SecureWay® Boundary Server for Windows NT® and AIX: 5b
8h IP "Il9Q1CHN8hKHQ9k IP "Il9O".t@U- 10 J=-
(?H(P"255.255.255.255)GXj7^9#
8h IP ^9/3NU#<kIO8h IP "Il9HloKHQ5l".t@U- 10
J=-G~O5l^9#?H(P"~O5l?8h IP "Il9,
10.5.8.0G"j"8h IP ^9/, 255.255.255.0G"kH"10.5.8.1
+i 10.5.8.255^GN9YFNQ1CH,P]KJj^9#
"@W?<
"@W?<XjO"J<NH*jG9#
S ;-e"&"@W?<H7FXj5l?lg
N s;-e"&"@W?<H7FXj5l?lg
B 9YFN"@W?< (;-e"Hs;-e"N>}) Nlg
Xj5l??$W,gW9k 1 D^?O#tN"@W?<+i/.5
l?Q1CHO",'KlW7^9#
-zOO
U!$"&)<krp7FQ1CH,#G9k-zOOO3NQia
<?<rHQ7FXj5l"3lKO"J<N$:l+NM,D=G
9#
L m<+k&Q1CHNlg
R P)Xj5l?Q1CHNlg
B m<+k&Q1CHHP)Xj5l?Q1CHN>}Nlg
}~ HiU#C/,"$sP&sI""&HP&sI"^?O>}~NI
AiK.lk+rXj7^9#
I $sP&sI&HiU#C/Nlg
O "&HP&sI&HiU#C/Nlg
B $sP&sIH"&HP&sIN>}NHiU#C/Nlg
m0-?
0*U#k?<h0KP7F"m0-?r*sK9kKO Y rXj
7"m0-?r*UK9kKO N rXj7^9#
fwdelete_dynamic3NWm0i`,Qia<?<J7G/05l?lg"J<Nh&K"=_j
A5lF$k9YFN0*U#k?<,j9H5l^9#
>>>> Dynamic Rule Id = 1>>>>>>>> Jump = 0>>>>>>>> Filter Action = Deny
h5O SecureWay Boundary ServerN$s9H<k*hS=. 31
>>>>>>>> Source Address = 9.192.8.7>>>>>>>> Source Mask = 255.255.255.0>>>>>>>> Destination Address = 9.192.240.1>>>>>>>> Destination Mask = 255.255.255.0>>>>>>>> Protocol = Any>>>>>>>> Source Port = Any 0>>>>>>>> Destination Port = Any 0>>>>>>>> Adapter = Both (Secure and NonSecure)>>>>>>>> Scope = Both (Routed and Local)>>>>>>>> Direction = Both (Inbound and Outbound)>>>>>>>> Tunnel Id = 0>>>>>>>> Logging Enabled = Unavailable>>>>>>>> Fragments Allowed = No
m: fwdelete_dynamic 3^sIO"o|5lk,',"=[5l? ID r}CF$k+
I&+rGiK!:9kH-KHQ9k,W,"j^9#
Wm0i`,-zJU#k?< ID rHQ7F/05lkH"0*,',o|5l"o
|5l?,'Nt,V x Rules found with id: xWH$&AG=(5l^9#
EW: E#7FU#k?<rIC7h&H9kH"U#k?<,9GK8_7F$k3HrNi;F-^9#U#k?< ID rXj;:KU#k?<rIC7h&H9kH"Yp(i<ru1hj^9#
AIX Ndj~_VmC-s0GO"eLlYkN,';CHNfK,',"kH"eq
-5lkD=-,"j^9#dj~_VmC-s0,HQ5lklg"[HsIN,'
O"<LlYkN,';CHNfK~lF*/,W,"j^9#0*,'O"3liN
2 DN,';CHNfVKIC5l^9#eLlYkN,'NfKHiU#C/rvD
9kbN,"kH"0*,'rHQ7FHiU#C/r*UK9k3H,G-J/Jj
^9#
=.NF9H
0Kb@7?9YFN;CH"CWr*;7?e"=N;CH"CWrF9H9k,W
,"j^9# SecureWay Boundary ServerN=.rF9H9kKO"J<Nh&K7^
9#
1. Policy DirectorrHQ7F Firewall Proxyf<6<r;CH"CW7^9#;-e
" TelnetQN Firewall Q9o<IrHQ9kh&Kf<6<r;CH7"=Nf<
6<QNQ9o<Ir;CH7^9#
2. SecureWay Boundary Server<IrBT7F" Firewall H Directory (LDAP)
NVNjs/rN)7^9#
3. ;-e"&/i$"sH+iWm-7< Telnet;C7gsr+O7^9#
4. Policy DirectorGf<6<&;CH"CWr~O7^9#
5. Q9o<Ir~O9kh&WmsWH,P5l^9#
6. 3lG'Z5l^7?#
32 SecureWay® Boundary Server for Windows NT® and AIX: 5b
::::::
h6O X"qA
\OKj9H7F$kqArHQ9kH" IBM SecureWay Boundary ServerP<8gs
2.0 *hSX"=JN\Yr~jG-^9#
IBM SecureWay FirstSecure
IBM SecureWay FirstSecureWh*hS}gNjz- P<8gs 2.0 KO"FirstSecure
KX9kps,^^lF$^9#3NqAGO"FirstSecure*hS FirstSecurer=.
9k=JKD$Fb@7""ifk IBM SecureWay=JrHQ9kWhr)FkeG
rK)A^9#
IBM SecureWay Firewall
J<NqAKO"IBM SecureWay Firewall for Windows NTKX9kps,^^lF*
j"IBM SecureWay Firewall CDN x:¥books¥en_US G#l/Hj<K"j"PDF A0
H HTM A0GHQD=G9#
v IBM SecureWay Firewall for Windows NT;CH"CW*hS$s9H<kNjz-
v IBM SecureWay Firewall for Windows NTHQTNjz-
v IBM SecureWay Firewall for Windows NTrbq
v Guarding the Gates Using the IBM eNetwork Firewall for Windows NT 3.3(lCIV
C/)
J<NqAKO"IBM SecureWay Firewall for AIXKX9kps,^^lF*j"IBM
SecureWay Firewall CDN books/en_US G#l/Hj<K"j" PDF A0H HTM A
0GHQD=G9#
v IBM SecureWay Firewall for AIX;CH"CW*hS$s9H<kNjz-
v IBM SecureWay Firewall for AIXHQTNjz-
v IBM SecureWay Firewall for AIXrbq
v A Comprehensive Guide to Virtual Private Networks, Volume 1: IBM Firewall, Servers
and Client Solutions(lCIVC/)
MIMEsweeper
MAILsweeperJ<NqAKO"MAILsweeperKX9kps,^^lF*j" MIMEsweeper CDN
¥install N<K"PDF A0H HTM A0GHQD=G9#
v Getting Started GuideO ¥install¥MSW4_0_2¥Doc¥qsg.pdfK"j^9#
© Copyright IBM Corp. 1999 33
v ReadmeO ¥install¥MSW4_0_2¥README.htmK"j^9#
WEBsweeperJ<NqAKO"WEBsweeperKX9kps,^^lF*j" MIMEsweeper CDN
¥install N<K"PDF A0H HTM A0GHQD=G9#
v WEBsweeper Administrator’s GuideO ¥install¥WSW3_2_5¥Doc¥manual.pdfK"j^
9#
v Release NoteO ¥install¥WSW3_2_5¥Doc¥RELNOTES.htmK"j^9#
WEBsweeper HTTPS Wm-7<
J<NqAKO"WEBsweeper HTTPSWm-7<KX9kps,^^lF*j"
MIMEsweeper CDN ¥install N<K"TXT A0GHQD=G9#
v ReadmeO ¥install¥WSWHTTPS1_0_2¥readme.txtK"j^9#
SurfinGate
J<NqAKO"SurfinGateKX9kps,^^lF*j" SurfinGate CDN ¥docsN
<K"PDF A0GHQD=G9#
v SurfinGate Installation GuideO ¥Docs¥install.pdfK"j^9#
v SurfinGate User’s ManualO ¥Docs¥manual.pdfK"j^9#
v Release NoteO ¥Docs¥SFG 405 RelNotes.pdfK"j^9#
v SurfinGateWi0$sKX9kpsO"¥docsG#l/Hj<NfK"j^9#
34 SecureWay® Boundary Server for Windows NT® and AIX: 5b
U?A. HiVk7e<F#s0
33GO"SecureWay Boundary ServerKX"9kdjN!PHrhKr)Dpsr(
7^9#
IBM SecureWay Firewall N&LdjNrh
P)XjNdj
IBM Firewall O"VTest IP RoutingWH$&?$HkNVSecurity Policy W@$"m0&\C/9rs!7F*j"P)XjNdjNGPC0KXxG9#3NA'C/&
\C/9rHQD=K7F"+,N\3=.rh0=7F"VConnection Rules
LoggingWrHQD=K7F/@5$#!K"+,NU!$"&)<k&m0r4Y"U
!$"&)<krp7F.lk9YFNQ1CHKD$FN\Ypsr+F/@5$#
3liNF9HO"GiO IP "Il9rHQ7FT$"!K[9H>rHQ7FT$
^9#
U!$"&)<k+i[9HXN PING ,G-J$
djNb@
MCHo</&$s?<U'<9,57/=.5lF$^;s#
d)hV
*Zl<F#s0&79F`NqAr2H7F/@5$#
djNb@
s;-e"&MCHo</XN\3,57/=.5lF$^;s#
d)hV
$s?<MCH&5<S9&WmP$@<K"m7F"guraaF/@5
$#
djNb@
;-e"&MCHo</,k<?<NemK,%5lF$klg"U!$"&
)<kO=Nk<?<KP9kE*P)r}CF$k,W,"j^9#
netstat -rn rHQ7F"E*P)Xjr!:7^9#
netstat -rn
WmH3k&U!_j< 2 Nlg"POOJ<Nh&KJkO:G9#
© Copyright IBM Corp. 1999 35
nrr.nrr.nrr.nrr$s?<MCHKP9kk<?<r=7"3l,GU)kHP)KJ
j^9#GU)kHP)O"E*P) (Flag=UG)G9#
nnn.nnn.nnns;-e"&Ia$sr=7^9#3lO$s?<U'<9P)
(Flag=U) G9#
nnn.nnn.nnn.nnns;-e"&$s?<U'<9r=7^9#
sss.sss.sss;-e"&Ia$sr=7^9#3lO$s?<U'<9P)
(Flag=U) G9#
sss.sss.sss.sss;-e"&$s?<U'<9r=7^9#
ss1.ss1.ss1MCHo</N;-e"&5$IK"k5VIa$sr=7"
srr.srr.srr.srrO"=N5VIa$sXNk<?<r=7^9#3lO"
E*P) (Flag=UG)G9#
127.0.0.1k<WPC/^?Om<+k&[9HG9#3lO$s?<U'<9
P) (Flag=U) G9#
F$s?<U'<9KP9k$s?<U'<9P)r}CF$k,W,"j"
GU)kHP)O"U!$"&)<kNs;-e"&5$INk<?<r]$
sH7F$k,W,"j^9#
d)hV
k<?<KE*P)rIC7^9#k<?<I}TK"m7F/@5$#
route add 3^sIrHQ7F/@5$#
djNb@
3s?/Hrn_F$k;-e"&$s?<U'<9^?O[9HN5VMC
H&^9/,mjG"kD=-,"j^9#
d)hV
/i$"sHN=.f<F#jF#<rHQ7F"^9/N_jr{57^
9#
Destination Gateway Flags ....default nrr.nrr.nrr.nrr UGnnn.nnn.nnn nnn.nnn.nnn.nnn Usss.sss.sss sss.sss.sss.sss Uss1.ss1.ss1 srr.srr.srr.srr UG127 127.0.0.1 U
^ 6. netstat -rn+iNPOc.
36 SecureWay® Boundary Server for Windows NT® and AIX: 5b
;-e"&[9H+is;-e"&[9H (^?O=NU) XN PING,G-J$
djNb@
U!$"&)<kKY\9kFk<?<KO"U!$"&)<kr[(?8h
MCHo</KP9k2<H&'$H7F"U!$"&)<krXj9kE*
P),^^lF$k,W,"j^9#
d)hV
k<?<I}TK"m7F/@5$#
djNb@
;-e"&MCHo</,"RFC 1597KXj5l?lQ"Il9r^`"s
;-e"&MCHo</KP?5lF$J$+"P)XjD=GJ$"Il9
rHQ7F$klg"Q1CHOw.&Ka5l^;s#
d)hV
Windows NTNlgN_: P?Q_N"Il9r}D/i$"sHrHQ7^
9#U!$"&)<kN NAT U#<Ac<r TCP *hS UDP NHiU#
C/KHQG-^9,"NAT O"PING Nh&J ICMP Q1CHNfN"I
l9OQ97^;s#
d)hV
AIX NlgN_: P?Q_N"Il9r}D/i$"sHrHQ7^9#
DNS Nc2
m: DNS O"Windows NTNlgN_G9#
djNb@
Microsoft DNS Service ManagerrHQ7F Microsoft DNS Servicer=.7?
?a"DNS (i<&aC;<8ru1hj^7?#
d)hV
$s9H<kNb@KaCF"J<rTCF/@5$#
1. ¥winnt¥system32¥DNS G#l/Hj<4Nro|9k3HKhCF"
Microsoft DNSr|n9k
2. Microsoft DNSrF$s9H<k9k
3. jV<H9k
4. DNS hotfix rF$s9H<k9k
5. jV<H9k
U?A. HiVk7e<F#s0 37
&LdjNrh - MIMEsweeper
WEBsweeper H MAILsweeper ,18^7sK"jn07F$kh&KO+(J$
djNb@
18^7sG MAILsweeperH WEBsweeperNBTrn_F$kH-Ndj#
d)hV
MAILsweeperr 1 DN^7sN$s9H<k7"WEBsweeperrLN^7s
K$s9H<k7^9#
WEBsweeper NQU)<^s9,c<7F$k
djNb@
WEBsweeperrHQ7F$kH-N Web 3sFsDN@&sm<INYl,
~-G-kbNGO"j^;s#
d)hV
1. WEBsweeper Control Panel"WlCHrHQ7F"m0-?rHQTDK
9k#
2. HQD=JbCHbb.NO<I&'"K WEBsweeperr$s9H<k9
k#
WEBsweeper Ni$;s9Ndj
djNb@
WEBsweeperNJ0NP<8gs,$s9H<k5lF$?^7sK
WEBsweeper 3.2_5r$s9H<k7F$k~K"i$;s9&-<,P)9
klg,"j^9# WEBsweeper,+O9k~K"bt Windows(i<&a
C;<8: 2140,/89klgO"$YsH&Se<"<NfN"Wj1<7
gs&m0r!:7F/@5$# WEBsweeper+iNaC;<8O"
VPAKMSG error: Username conflicts with previously defined license section.W
G9#
d)hV
Windowsl89Hj<+iE$i$;s9&-<r|n7^9# regeditrm
<I7F"Q9X¥¥HKEY_LOCAL_MACHINE¥SOFTWARE¥Content
Technologies¥MIMEsweeper¥LicenseYN<r4YF/@5$#33K#tN-<
,+D+C?lgO"VIBM MIMEsweeper SystemWH$&iYk,U$F$
J$bNro|7^9#jV<H7F/@5$#
38 SecureWay® Boundary Server for Windows NT® and AIX: 5b
g-JU!$kN@&sm<IG WEBsweeper Kdj,/89k
djNb@
WEBsweeperO"U#k?<h}NVKU!$kr]I9k?a">[abj
<rH$T/7F7^C?D=-,"j^9#
d)hV
WEBsweeper5<P<N*}abj<NLr}d7^9#
&LdjNrh - SurfinGate
Microsoft Internet Explorer ,+/H SurfinConsole ,~zrd_9k
djNb@
Internet Explorer,+/H"SurfinConsole"Wj1<7gs,q/J6kq$
r9k+"^?O~zrd_7^9#3liN 2 DN"Wj1<7gsOP)
7"1~KOBTG-^;s#
d)hV
Internet ExplorerH SurfinConsoler1~Km<I7J$G/@5$#
SurfinGate Wi0$sNQU)<^s9,c<9k
djNb@
SurfinGateWi0$srHQ9kH"Web rp7?bP$k&3<IN@&s
m<I,-oaFY/Jj^9#
d)hV
VNext ProxyWU#<kI,"SurfinConsoleNVProxyW;/7gsNfN
SecureWayU!$"&)<k HTTP Wm-7<K_j5lF$k3HrN'
7F/@5$#
U?A. HiVk7e<F#s0 39
U?B. C-v`
\qK*$F"|\GO/=5lF$J$IBM=JJ!#*hSWm0i`K"Wm0
i_s0^?O5<S9KD$F@Z^?Ob@9klg,"j^9#7+7"3N3
HO"@R,3Nh&JIBM=J"Wm0i_s0^?O5<S9r"|\G/=9k
U^,"k3Hr,:7b(9bNGO"j^;s#\qG" IBMi$;s9&Wm0
i`^?O>NIBM=JK@Z7F$kt,,"CFb"3N3HOv:Wm0i`^
?O=JN_,HQD=G"k3HrU#9kbNGO"j^;s#3liNWm0i
`^?O=JKe(F"IBMNN*j-"r/29k3HNJ$!=*K1yJ>RN
Wm0i`"=J^?O5<S9rHQ9k3H,G-^9#?@7"IBMKhCF@
(*KXj5l?bNr|-"3liNWm0i`^?O=JKX"9kT/N>A*
hS!ZO*RMNU$GTCF$?@-^9#
IBM*hS>RO"\qGb@9kgjKX9kCv"JCvPjr^`K&8""^
?Oxn"rj-7F$klg,"j^9#\qO"3liNCv""&8""*hS
xn"KD$F"\qG@(5lF$klgr|-"B\""HQ"yrvz9k3H
rU#9kbNGO"j^;s#B\""HQ"yNvzKD$FO"<-N8hK"
qLKF4Hq/@5$#
)106-0032l~TAh;\Z3z\2-31
APvHj
IBM World Trade Asia Corporation
Intellectual Property Law & Licensing
\Wm0i`Ni$;s9]}TG"(i) H+Kn.7?Wm0i`H=N>NWm0i
`J\Wm0i`r^`KHNVGNpsr9"*hS (ii) r95l?psNj_x
QrD=K9k3Hr\*H7F"\Wm0i`KX9kpsr,WH9k}O"<-
K"m7F/@5$#
Site Counsel, IBM SWG
IBM Corporation
P.O. Box 12195
3039 Cornwallis
Research Triangle Park, NC 27709-2195
USA
\Wm0i`KX9ke-NpsO",ZJroN<GHQ9k3H,G-^9,"-
~Nlgb"j^9#
\qO"Wm@/7gsHQr\*H7?bNGOJ/"$+Jko`N]Zb^^l
F$^;s#3N?a"&Q*hSCjN\*XN,g-N]Zr^a"9YFN]Z
KP7"\qOX?7^;s#
© Copyright IBM Corp. 1999 41
\=JKO"CERN Khj+/"Nd5lk3sTe<?<&=UH&'",^^l^
9#=NHQ=(O"33K^^lk CERN 3sTe<?<&=UH&'"^?O=
Nltr^`lZN=JK*$F@Z5lkbNH7^9#
&8
J<NQlO"IBM CorporationNFq*hS=N>NqK*1k&8G9#
AIX
IBM
Microsoft *hS Windows NTO"Microsoft CorporationN&8^?OP?&8G9#
**SurfinGate O Finjan Software, Ltd.N&8G9#
**MIMEsweeper"**MAILsweeper"*hS **WEBsweeperO"Content Technologies,
Ltd. N&8G9#
2 DN"9?j9/ (**) G=(5l?>NqR>"=J>"5<S9>yO"=l>
lFRN&8^?OP?&8G9#
42 SecureWay® Boundary Server for Windows NT® and AIX: 5b
Ql8
C
/i$"sH (client). LN3sTe<?<&79F`^?OWm;9 (Lo5<P<HFPlk) N5
<S9rWa9k3sTe<?<&79F`^?OWm;9##tN/i$"sH,"1 DN&L5<P
<K&Q"/;9,G-k#
D
GU)kH (default). @(7F?bXj5lJ+C?lgK[j5lk"M"0-"^?O*W7g
s#
DMZ. spuOS (Demilitarized Zone)#0tNf<6<,"kHG<?r}D5<P<K>\"/;9
G-J$h&K9k?aNGP$9#
F
U!$"&)<k (Firewall). "k 1 DNMCHo</+i>NMCHo</XN\3N]n*hS)
frT&!=1L#U!$"&)<kO"u>7J$+^?O5vDNL.HiU#C/,]n5l?M
CHo</K~j~`NrI_7"*r5l?L.HiU#C/@1,]nMCHo</rPF$/h&
K9k#
U!$k>wWmH3k (FTP (File Transfer Protocol)). MCHo</&3sTe<?<VNU!$k
N>wKHQ5lk"Wj1<7gs&WmH3k#jb<H&[9H&79F`NU!$kr"/;9
G-kh&K9k?a" FTP O"f<6< ID H"lgKhCFOQ9o<Ir,WH9k#
G
2<H&'$ (gateway). 2 DN3sTe<?<&MCHo</r[Jk"<-F/Ac<Gj_\39
k!=1L#
I
$s?<MCH (Internet). $s?<MCHQNWmH3kNHrHQ9k"4$&K-,kj_\3M
CHo</N8gG"x0"/;9,v5lk#
ICMP. $s?<MCH)faC;<8&WmH3k (Internet Control Message Protocol)#$s?<MC
H&WmH3k (IP) l$d<NfG"(i<&aC;<8H)faC;<8rhj7&?aKHQ5lk
WmH3k#djl]<H*hSmC?G<?0i`N8h,"5NG<?0i`Nw.5Ka5lk#
$sHiMCH (intranet). $s?<MCH8`H"Wj1<7gs (Web Vi&6<JI) r"H%N
{8N3sTe<?<&MCHo</&$sUi9Hi/Ac<H}g9k"!)]n5l?d_V#
© Copyright IBM Corp. 1999 43
IP. $s?<MCH&WmH3k (Internet Protocol)#G<?rMCHo</^?Oj_\3MCHo</
rp7FP)Xj9k"3M/7gsl9?WmH3k# IP O"eLNWmH3kXH*}XNVNf
VXH7F//#
IP "Il9 (IP address). $s?<MCH&WmH3k&"Il9 (Internet Protocol address)#MCH
o</bN=l>lNGP$9^?Oo</9F<7gsNB]NljrXj9k"G-N 32 SCH&
"Il9#3lO^?"$s?<MCH&"Il9HbFPlk#
IPSEC. $s?<MCH&WmH3k&;-ejF#< (Internet Protocol Security)#MCHo</^?O
MCHo</L.NQ1CHh}XK*1k"+/fN;-ejF#<N,J#
L
k<WPC/&$s?<U'<9 (loopback interface). ps,1879F`bN(sF#F#<r"I
l9Xj7F$klgK"T,WJL.!=r&s9k$s?<U'<9#
N
NAT. MCHo</&"Il9Q9 (Network Address Translation)#U!$"&)<kK*$F";-e
" IP "Il9r0tNP?Q_"Il9KQ99k3H#3lKhCF0tMCHo</HNL.,D
=KJk,"U!$"&)<kbtGHQ5lk IP "Il9r^9/9k#
P
PICS. $s?<MCH&3sFsDN*rQWiCHU)<` (Platform for Internet Content Selection)#
PICSD=J/i$"sHKhj"f<6<O"Il@1N>A5<S9rHQ7?$+r=L7"=l
>lN>A5<S94HK"IN>A,u1~lD=G"IN>A,u1~lD=GJ$+r=L9k3
H,G-k#
ping. $s?<MCH)faC;<8&WmH3k (ICMP) N(3<WaQ1CHr[9H"2<H&'
$"^?Ok<?<K~zru1hk3Hr|T7Fw.9k3^sI#
]<H (port). j]=5l?L.uVr1L9kVf# Web 5<P<O"GU)kHGO"]<H 80
rHQ9k#
WmH3k (protocol). L.,TolklgK"L.79F`N!=1LN`nr)f9k,'N8g#
WmH3kKhj"1 P$H+i=l>lNSCH,w.5lkgxJI"c$lYkGN^7sj_V
N$s?<U'<9N\Yrhj9k3H,G-k#^?"U!$k>wJIN""Wj1<7gs&W
m0i`VGNb$lYkGNr9bhj9k3H,G-k#
S
5<P< (server). MCHo</rp7F>N3sTe<?<K&Q5<S9rs!9k3sTe<?<
G"j"?H(P"U!$k&5<P<"WjsH&5<P<"^?Oa<k&5<P<,"k#
44 SecureWay® Boundary Server for Windows NT® and AIX: 5b
5<P<&"Il9 (server address). MCHo</rp7F>N3sTe<?<K&Q5<S9rs
!9kF3sTe<?< (?H(P"U!$k&5<P<"WjsH&5<P<"^?Oa<k&5<P
<) KdjvFil?G-N3<I#8`N IP "Il9O"32 SCHN"Il9&U#<kIG"k#
5<P<&"Il9O".t@U- 10 JtN IP "Il9+^?O[9H>K9k3H,G-k#
5<S9 (service). 1 D^?O#tNN<IKhCFs!5lk!=G"?H(P"HTTP"FTP"
Telnet,"k#
7'k (shell). f<6<No</9F<7gs+i3^sI&i$sru1~lF"h}9k=UH&
'"# Korn 7'kO"HQD=J$/D+N UNIX 7'kN 1 DG"k#
SMTP. 7sWk&a<k>wWmH3k (Simple Mail Transfer Protocol)#$s?<MCHQNWmH3
kNHK*$F"$s?<MCHD-Nf<6<VGa<kr>w9k?aN"Wj1<7gs&WmH
3kN 1 D# SMTP O"a<kr9gx*hSaC;<8&U)<^CHrXj9k#3NWmH3k
O"<XNWmH3k,Aw)fWmH3k (TCP) G"k3Hr[j7F$k#
T
TCP. Aw)fWmH3k (Transmission Control Protocol)#$s?<MCHGHQ5lkL.WmH3
k# TCP O".j-N"k[9HVNpsr9rs!9k#3NWmH3kO"<XNWmH3kH7
F IP rHQ9k#
TCP/IP. Aw)fWmH3k / $s?<MCH&WmH3k (Transmission Control Protocol/Internet
Protocol)#=l>lNMCHo</KHQ5lF$kL.F/Nm8<KX8J/"MCHo</VGN
L.rD=K9kh&_W5l?WmH3kNH#
Telnet. <v(_el<7gs&WmH3kG"j"jb<H\35<S9N?aN TCP/IP"Wj1<
7gs&WmH3kN 1 D# TelnetKhj"5$HNf<6<O"=Nf<6<No</9F<7gs
,"?+b>\=Njb<H&[9HK\35lF$k+Nh&K"/;9G-k#
?$`"&H (timeout). `nN?aKdjvFilF$?~VVV,Pa7?3H#
U
UDP. f<6<&G<?0i`&WmH3k (User Datagram Protocol)#$s?<MCHQNWmH3k
NHK*$F".j-NJ$"3M/7gsl9?G<?0i`&5<S9rs!9kWmH3k#3l
Khj""k^7s^?OWm;9eN"Wj1<7gs&Wm0i`O"LN^7s^?OWm;9e
N"Wj1<7gs&Wm0i`KG<?0i`rw.9k3H,G-k# UDP O"G<?0i`rw
#9k?aK"$s?<MCH&WmH3k (IP) rHQ9k#
V
VPN. >[d_V (Virtual Private Network)# 2 DJeNMCHo</K\35lk"1 D^?O=lJ
eN;-e" IP HsMkP)+iJkMCHo</#
Ql8 45
W
Web. Wm0i`HU!$k,^^l"=liN?/O HTTP 5<P<eN>N8qXNjs/r^`
O$Q<F-9H8q,^^lF$k"HTTP 5<P<NMCHo</#o<kI&o$I&&'V
(WWW) HbFV#
WTE. Web Traffic Express (WTE)#bYKz(=5l?-cC7e}0rHQ7F"(sI&f<6<
N~z~Vrb.=9kNKr)Fk"-cC7s0&Wm-7<&5<P<N 1 D#@p-N"k
PICSU#k?<h}O" 1 DNf{_VljK"k Web Y<9NpsK"/;99kNr"MCHo
</I}T,)f9kNKr)D#
<I (wizard). CjN?9/KD$Ff<6<r,$I9k?aK"9FCWP$9FCWNX
(rHQ9k""Wj1<7gsbN@$"m0#
46 SecureWay® Boundary Server for Windows NT® and AIX: 5b