and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/ja_JA/PDF/sct6rzja.pdf · SecureWay®...

SecureWay ® Boundary Server for Windows NT ®

and AIX

5b

P]8gs 2.0

GC88-8558-00

(Q865'GC31-8733-00)

IBM

*j$

\q"*hS\qG-R9k=Jr4HQKJk0K" 41Z<8NXU?B. C-v`Y r,:*I_/@5

$#

\qO"IBM SecureWay Boundary Server=JNP<8gs 2"jj<9 0"bG#U#1<7gs&lYk 0 K,Q5l^9#^?"~{GJIGCKGjNJ$Bj"3lJ_N9YFNjj<9Kb,Q5l^9#

\^Ke"kKD$F4U+d46[,"j^7?i

http://www.ibm.com/jp/manuals/main/mail.html

+i*wj/@5$##eN2MK5;F$?@-^9#

J*"|\ IBM /TN^Ke"kO$s?<MCHP3Gb4X~$?@1^9#\7/O

http://www.infocr.co.jp/ifc/books/

r4w/@5$#JURL O"Q9KJklg,"j^9K

!6!5' GC31–8733–00

IBM SecureWay® Boundary Server for Windows NT® and AIX

Up and Running

Version 2.0

!/!T' |\"$&S<&(`t0qR

!4!v' J7gJk&is2<8&5]<H

h1~ 1999.11

3N8qGO"?.@+N™W3"?.@+N™W9"?.Q47C/N™W3"?.Q47C/N™W5"*hS?.Q47C/N™W7rHQ7F$^9#3N(qN*)O"JbK|\,J(qHHQ@sryk7HQ7F$kbNG9#U)sHH7F5G#=9k3HOX_5lF$^9#

!!m* ?.@+N™W3"?.@+N™W9"?.Q47C/N™W3"?.Q47C/N™W5"?.Q47C/N™W7

© Copyright International Business Machines Corporation 1999. All rights reserved.

Translation: © Copyright IBM Japan 1999

\!

\qKD$F . . . . . . . . . . . . . . . . . . . . . . . . vii\qNP]IT. . . . . . . . . . . . . . . . . . . . . . . . vii>q 2000/P~ . . . . . . . . . . . . . . . . . . . . . . . vii5<S9*hS5]<H. . . . . . . . . . . . . . . . . . . . . vii\qN=. . . . . . . . . . . . . . . . . . . . . . . . . . vii=-,' . . . . . . . . . . . . . . . . . . . . . . . . . .viiiWeb ps . . . . . . . . . . . . . . . . . . . . . . . . .viii7!= . . . . . . . . . . . . . . . . . . . . . . . . . .viii

SecureWay Policy DirectorHN}g . . . . . . . . . . . . . . . . ixP)XjNz(= . . . . . . . . . . . . . . . . . . . . . . ixdj~_NVmC-s0 . . . . . . . . . . . . . . . . . . . . ixIBM SecureWay Firewall 4.1. . . . . . . . . . . . . . . . . . . ixSecureWayQN MIMEsweeper 2.0. . . . . . . . . . . . . . . . . xiSurfinGate 4.05. . . . . . . . . . . . . . . . . . . . . . . xii

h1O SecureWay Boundary Server N5W . . . . . . . . . . . . . . 15?*J SecureWay Boundary ServerNc . . . . . . . . . . . . . . . 2

h2O IBM N SecureWay Boundary Server NRp . . . . . . . . . . . 5SecureWay Boundary ServerHO?+ . . . . . . . . . . . . . . . . . 5SecureWay Boundary Server,J<,W+ . . . . . . . . . . . . . . . 5SecureWay Boundary Server,INh&K7F FirstSecureKH_~^lF$k+ . . 6SecureWay Boundary ServerN=.WGO?+ . . . . . . . . . . . . . . 6

IBM SecureWay Boundary ServerN5W . . . . . . . . . . . . . . . 6IBM SecureWay Policy DirectorN5W . . . . . . . . . . . . . . . 7IBM SecureWay FirewallN5W . . . . . . . . . . . . . . . . . 7MIMEsweeperN5W . . . . . . . . . . . . . . . . . . . . . 8SurfinGateN5W . . . . . . . . . . . . . . . . . . . . . . 9

h3O SecureWay Boundary Server r$s9H<k9k0K . . . . . . . 11`wrT&}! . . . . . . . . . . . . . . . . . . . . . . . . 11

SecureWay Policy DirectorHN}g . . . . . . . . . . . . . . . . 11SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . . 11SecureWay Boundary Server. . . . . . . . . . . . . . . . . . . 13SurfinGate. . . . . . . . . . . . . . . . . . . . . . . . . 14MIMEsweeper . . . . . . . . . . . . . . . . . . . . . . . 14

h4O IBM SecureWay Boundary Server (SBS) NWo . . . . . . . . . 17SecureWay Boundary ServerNO<I&'"Wo . . . . . . . . . . . . . 17SecureWay Boundary ServerN=UH&'"Wo . . . . . . . . . . . . . 18

h5O SecureWay Boundary Server N$s9H<k*hS=. . . . . . . 19SecureWay Boundary Server=.WGN$s9H<k . . . . . . . . . . . 19

SecureWay FirewallN$s9H<k . . . . . . . . . . . . . . . . 19

© Copyright IBM Corp. 1999 iii

SecureWay DirectoryN$s9H<k. . . . . . . . . . . . . . . . 19SecureWay Policy DirectorN$s9H<k . . . . . . . . . . . . . . 19SecureWay Boundary ServerN$s9H<k . . . . . . . . . . . . . 19SurfinGateN$s9H<k . . . . . . . . . . . . . . . . . . . 20MIMEsweeperN$s9H<k . . . . . . . . . . . . . . . . . . 20

SecureWay Boundary Server=.WGN=. . . . . . . . . . . . . . . 21SecureWay FirewallN=. . . . . . . . . . . . . . . . . . . . 21Policy DirectorN}gN?aN SecureWay FirewallN=. . . . . . . . . 23SurfinGateWi0$sGHQ9k?aN SecureWay FirewallN=. (Windows

NT N_) . . . . . . . . . . . . . . . . . . . . . . . . 24MAILsweeperrHQ9k?aN SecureWay FirewallN=. . . . . . . . . 25SecureWay Policy DirectorN=. . . . . . . . . . . . . . . . . . 25SecureWay DirectoryN=.. . . . . . . . . . . . . . . . . . . 26Policy DirectorN}gN?aN SecureWay Boundary ServerN=. . . . . . 26SurfinGateWi0$srHQD=K9k?aN SecureWay Boundary ServerN=. (Windows NTN_) . . . . . . . . . . . . . . . . . . . 27

SurfinGateN=. . . . . . . . . . . . . . . . . . . . . . . 27MIMEsweeperN=. . . . . . . . . . . . . . . . . . . . . . 29

dj~_NVmC-s0 . . . . . . . . . . . . . . . . . . . . . 30=.NF9H . . . . . . . . . . . . . . . . . . . . . . . . 32

h6O X"qA . . . . . . . . . . . . . . . . . . . . . . . 33IBM SecureWay FirstSecure. . . . . . . . . . . . . . . . . . . . 33IBM SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . 33MIMEsweeper . . . . . . . . . . . . . . . . . . . . . . . . 33

MAILsweeper . . . . . . . . . . . . . . . . . . . . . . . 33WEBsweeper. . . . . . . . . . . . . . . . . . . . . . . . 34WEBsweeper HTTPSWm-7< . . . . . . . . . . . . . . . . . 34

SurfinGate. . . . . . . . . . . . . . . . . . . . . . . . . . 34

U?A. HiVk7e<F#s0 . . . . . . . . . . . . . . . . . . 35IBM SecureWay FirewallN&LdjNrh . . . . . . . . . . . . . . 35P)XjNdj . . . . . . . . . . . . . . . . . . . . . . . 35DNS Nc2 . . . . . . . . . . . . . . . . . . . . . . . . 37

&LdjNrh - MIMEsweeper . . . . . . . . . . . . . . . . . . 38WEBsweeperH MAILsweeper,18^7sK"jn07F$kh&KO+(J$ . . . . . . . . . . . . . . . . . . . . . . . . . . 38

WEBsweeperNQU)<^s9,c<7F$k . . . . . . . . . . . . 38WEBsweeperNi$;s9Ndj . . . . . . . . . . . . . . . . . 38g-JU!$kN@&sm<IG WEBsweeperKdj,/89k . . . . . . 39

&LdjNrh - SurfinGate . . . . . . . . . . . . . . . . . . . 39Microsoft Internet Explorer,+/H SurfinConsole,~zrd_9k . . . . . 39SurfinGateWi0$sNQU)<^s9,c<9k . . . . . . . . . . . 39

U?B. C-v` . . . . . . . . . . . . . . . . . . . . . . . 41&8 . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

iv SecureWay® Boundary Server for Windows NT® and AIX: 5b

Ql8 . . . . . . . . . . . . . . . . . . . . . . . . . . 43

\! v

vi SecureWay® Boundary Server for Windows NT® and AIX: 5b

\qKD$F

\qO"Windows NT® G*hS AIX GN IBM SecureWay®Boundary ServerN$s9

H<k"=."HQ"*hSHiVk7e<F#s0rWh9k}!KD$Fb@7^

9#

SecureWay Boundary ServerN$s9H<kH=.rT&0K"U!$"&)<k"

VPN (>[d_V)"3sFsD&;-ejF#<"*hSMCHo</I}KD$F5

NJN1r}CF$k3H,EWG9#MCHo</KP~j9k"/;9r)f9k

U!$"&)<kN;CH"CWH=.rT&3HKJkNG"^:GiK"MCHo

</N`n}!r}r9k,W,"j^9#CK"IP "Il9"04$~>"*hS5

VMCH&^9/KD$FNp\r}r7F$k,W,"j^9#

\qNP]IT

\qO"IBM SecureWay Boundary SeverN$s9H<k"I}"*hSHQrT&"

MCHo</^?O79F`N;-ejF#<I}TrP]H7F$^9#

>q 2000 /P~

3liN=JO"2000/P~KJCF$^9#\=JHloKHQ5lk9YFN=J

(?H(P"O<I&'""=UH&'""*hSU!<`&'") ,"5NJ|UG<

?r\=JH57/r99klg"\=JO"X"qAK7?,CFHQ9lP"20 $

*H 21 $*bN|UG<?"*hS 20 $*H 21 $*VN|UG<?r57/h}

7"s!7"u.9k3H,G-^9#

5<S9*hS5]<H

IBM SecureWay FirstSecure*U!js0K^^lF$k9YFN=JKP9k5<S9

H5]<HKD$FO"IBM K*d$go;/@5$#3liN=JNfKO"IBM

J0N5]<Hr2H7F$kbN,"j^9#3liN=Jr"FirstSecure*U!j

s0NltH7Fh@9klg"5<S9H5]<HKD$F IBM K*d$go;/

@5$#

\qN=.

\qKO"J<NO,^^lF$^9#

v 1Z<8NXh1O SecureWay Boundary ServerN5WYGO"SecureWay Boundary

ServerH=N=.WGN5Wrb@7^9#

v 5Z<8NXh2O IBM N SecureWay Boundary ServerNRpYGO"SecureWay

Boundary Server,,WJ}3r(7^9#

© Copyright IBM Corp. 1999 vii

v 19Z<8NXh5O SecureWay Boundary ServerN$s9H<k*hS=.YGO"

Windows NT*hSAIX *Zl<F#s0&79F`GN SecureWay Boundary

ServerN$s9H<kH=.KD$Fb@7^9#

v 11Z<8NXh3O SecureWay Boundary Serverr$s9H<k9k0KYGO"

SecureWay Boundary ServerNWhN}!KD$Fb@7^9#

v 17Z<8NXh4O IBM SecureWay Boundary Server (SBS)NWoYKO"

SecureWay Boundary ServerNG.,Wror(7^9#

v 33Z<8NXh6O X"qAYGO">N SecureWay Boundary ServerNqA"*h

SX"=JNqAN2Hhrb@7^9#

=-,'

\qGO"J<N=-,'rHQ7^9#

=-,' U#

@z A'C/&\C/9"\?s"*hS3^sI

JINf<6<&$s?<U'<9WG#

bN9Z<9 SecureWay Boundary ServerKX89k=8*

hSG#l/Hj<NGU)kH#

-> aKe<+iNl"N*r`\r=(7^9#

?H(P"VFile -> RunWO"VFileWr/j

C/7F+i"VRunWr/jC/9kH$&

U#G9#

Web ps

SecureWay Boundary ServerNG7N97KD$FNpsO"J<N Web "Il9G~

jG-^9#

http://www.ibm.com/software/security/boundary/library

=N>N IBM SecureWay FirstSecure=JN97KD$FNpsO"J<N Web "I

l9G~jG-^9#

http://www.ibm.com/software/security/firstsecure/library

7!=

SecureWay Boundary ServerNP<8gs 2.0 KO"?/N77$!=,^^lF$^

9#bCHbEWJ7!=r"J<Ks2^9#

viii SecureWay® Boundary Server for Windows NT® and AIX: 5b

SecureWay Policy Director HN}g

SecureWay Policy DirectorO"U!$"&)<k, SecureWay Boundary ServerrHQ

D=K7F$lP"U!$"&)<k&Wm-7<&f<6<rI}9k3H,G-^

9#U!$"&)<k&Wm-7<&f<6<O"J<NU!$"&)<k&5<S9

GjA5l^9#

v Telnet

v FTP

v HTTP

v Socks

f<6<H=lKX"9k]j7<O"Lightweight Directory Access Protocol (LDAP)

G<?Y<9K]I5l^9#

SecureWay DirectoryO"LDAP rs!7F"]I"97"!w"*hSr9QH7Ff

{_VljKG#l/Hj<psr]}7^9# SecureWay Policy DirectorO"LDAP

G<?Y<9bNU!$"&)<k&Wm-7<&f<6<rI}7^9#

P)XjNz(=

P)XjNz(=N?aK"Finjan SurfinGateWi0$srHQ7F"3sFsDNU

#k?<h}N?aNs~NMCHo</&HiU#C/r/J/7F$^9#

dj~_NVmC-s0

3^sI&i$sNWm0i`KhCF"U!$"&)<keK0*Vq]W,'rn

.7^9#dj~_NVmC-s0r"+0=9/jWHNfKH_~`3H,G-^

9#

IBM SecureWay Firewall 4.1IBM SecureWay Firewall for Windows NTO"J<NbNrs!7^9#

Remote Access Service

Windows NT Remote Access Service (RAS)O"2 O@VWmH3k (PPP)r

HQ7F"@$dkFSP7"ISDN"^?O X.25 ^Nrp7?MCHo</

\3rs!7^9# NDISWAN OMCHo<-s0&Ii$P<N 1 DG"

j"RAS NltH7Fs!5l"<tN PPPG<?r`wN$<5MCH

LAN G<?KQ97^9#

IBM SecureWay Firewall for AIX 4.1 N!=/=

IBM SecureWay Firewall for AIXO"J<NbNrs!7^9#

H% IPSec 5]<H

\qKD$F ix

IBM SecureWay Firewall 4.1KO"H%5l? IPSec5]<H,^^lF*

j"3lKO"77$XC@<r5]<H9kHjWk DES Ef=,^^l

F$^9#3lO^?"$/D+N IBM 5<P<Hk<?<Nj_`n-"

JiSK77$XC@<r5]<H9k?/N IBM J0N VPN =JNj_

`n-b5]<H7^9#

PN^kAWm;C5< (SMP)

U!$"&)<kNf<6<O"91<js0HQU)<^s9N~eN?a

K"RS/6000N^kAWm;C5<&U#<Ac<rhQ9k3H,G-^

9#

U#k?<N!=/=

U#k?<O"=.rT&3HKhCFhjI$QU)<^s9rs!9kh

&"!=/=5l^7?#[Jk?$WNU#k?<,'rI3K[V9k+

r*r9k3HKhCF"U!$"&)<kNQU)<^s9r409k3H

,G-^9#5iK"\3,HQ5l?st,m0K-?5l^9#

;CH"CW&&#6<I

IBM SecureWay FirewallNi|=.rgu9k&#6<IG9#3N;CH"

CW&&#6<IKhCF"7,Nf<6<O"IBM Firewall N$s9H<k

NeG"9_d+KU!$"&)<kNp\=.r)Ae2F"BT9k3H

,G-^9#

Network Security Auditor

Network Security Auditor (NSA)O"MCHo</&5<P<*hSU!$"

&)<kK";-ejF#<eNgYd=.(i<,J$+I&+r!:7^

9#3lO!=/=5lF"hjb.G"hj/OKJCF$^9#

I$DlNFql5]<H

Vi8kl"]kH,kl"Ql"Uis9l"$?j"l"|\l"Zq

l"fql (JNz)"9Z$sl"fql (KNz) KC(F"I$DlNF

ql5]<H,s!5lkh&KJj^7?#

Network Address TranslationNetwork Address Translation (NAT)O"?P 1 N"Il9&^CTs0r5]

<H9kh&H%5l^7?#3liN^CTs0O"#tNbtN$P?^

?OdQN"Il9+i"]<HVfrHQ7?P?Q_N5,N"Il9K

P7FT&bNG"G-N^CTs0rn.7^9#

AIX *hS Windows NT G5]<H5lk&L!=

Security Dynamics ACE/Server

Security Dynamics ACE/ServerO"'ZN 2 DNWGrs!7^9#3NU#

<Ac<O!=/=5lF"v/*JKu^?O-Ur}C?/~ND=-+

i"MCHo</HG<?&j=<9r]n7^9#

x SecureWay® Boundary Server for Windows NT® and AIX: 5b

Secure Mail Proxy N!=/=

IBM Firewall Secure Mail ProxyO"J<N77$!=,^^lkh&!=/

=5lF$^9#

v o+CF$k spam (BGa<k) /.5+iNaC;<8NVmC/= (|

0j9H) r^` spamI_"k4j:`"aC;<8NEv-!:H~z

-!: (u>7J$aC;<8rVmC/9k}!H7FNilF$k)"a

<k&aC;<8N8hNtN=.D=B&"aC;<8NGg5$:N=

.D=B&

v /OJ'Za+K:`N}gr^`>NI_5]<H

v SNMP HiCW&5]<H*hS MADMAN MIB N5]<H

v U!$"&)<kHI_NVNaC;<8rQ.\J/IW9k?aN!=

r^`aC;<8IW

Socks WmH3kNP<8gs 5 N!=/=

SocksWmH3kNP<8gs 5 O"f<6< ID HQ9o<IN'Z

(UNPW)"Acls8 / ~z'Z (CRAM)"*hS'ZWi0$sr^`h&

"CW0l<I5l^7?#

m0-?O"m0&aC;<8N/i9,1H"m0&lYkNXjKD$

F"f<6<,5iK)fG-kh&!=/=5lF$^9#

HTTP Wm-7<

IBM SecureWay FirewallO"IBM Web Traffic Express (WTE)=JKpE$

?"04uwN HTTP Wm-7<_jrs!7^9# HTTP Wm-7<O"

IBM Firewall rL7?Vi&6<Warz(*Kh}9kbNG"j"Web

NVi&:N?aN socks5<P<,TWKJj^9#f<6<O"btMC

Ho</N;-ejF#<r;J&3HJ/"$s?<MCHeNXxJps

K"/;99k3H,G-^9#?@7"Vi&6<O"HTTP Wm-7<r

HQ9kh&=.5lF$k,W,"j^9#

SecureWay QN MIMEsweeper 2.0MIMEsweeperO"MAILsweeper 4.1_2 "WEBsweeper 3.2_5"*hS WEBsweeper1.0_2 H$&"3 DNgWJ=.WGr}CF$^9#J<K=N!=/=Nltrs

2^9#

MAILsweeperMAILsweeper 4.1_2 for SMTPO"Content Technologies flagship MIMEsweeper=Jr

g}K"CW0l<I7?bNG9#J<N77$U#<Ac<rs!7^9#

v HQ7d9$,X=$N]j7<&"<-F/Ac<O",ZJH%lYk (D9N

f<6<^GNlYk) G]j7<r,Q9k@p-rw(F$^9#

v H&8`N0iU#+k&f<6<&$s?<U'<9 (GUI) O"=UH&'"=

."]j7<Nn."*hSI}r1c=7^9#

\qKD$F xi

v 77$ Split Delivery U#<Ac<O"P<8gs 4 N,X=$N]j7<_jN?

aN!=G9##tN8hr}DaC;<8Nlg"]j7<O"=l>lN8hK

,Q5l^9#vD5l?8hO=NaC;<8ru1hl^9,"vD5lF$J

$8hOq]5l^9#

v ^kA9lCINaC;<8h}O"9k<WCHr~e5;" 1 D^?O#tN

9lCIG(i<,/87?lgO"DjN9lCIrHQ7FaC;<8h}r3

TG-kh&K9k3HKhj"h}=Or/=7F$^9#

v >NYs@<N"sA&#k9=JHHbK"MAILsweeperO"aC;<8d:U*

GN&#k9N!PH|nrs!7^9#

v NEAR"AND"NOT"*hS OR 0rHQ7?bYJF-9H,OO"aC;<8N

=8^?O"<-F/Ac<KpE$?"qg*GzL*J7Jj*Nn.K-oa

Fg-J@p-rs!7^9#

v H%F:D<kKhj"G<?rIN ODBC `rNG<?Y<9Kbwk3H,G

-^9#

v Real-Time Black List (RBL)5<P<N5]<HO"8cs/ E a<krw.9k3

H,o+CF$k5$HNViC/&j9Hrn.7^9# MAILsweeperO"3N

j9HK\CF$k[9H+iN\3Nu1~lrq]9k3H,G-^9#

v 3sFsD&;-ejF#<O"ERa<kNHiU#C/KD$FN%O*Jl]

<H / 0iU / =rs!9k3HG"I}rFWK7^9#

v LDAP G#l/Hj<HN}g#

v Delivery Service Notification (DSN)O" SNMP H NT Alerter r5]<H9kh&K

Jj^7?#

WEBsweeper

v ICNQU)<^s9eN!=/=Khj"G<?h}.Y,~e7^9#

v HTTP *hS FTP NHiU#C/KP7F"&#k9&9-cJ<HloKn07

^9#

WEBsweeper HTTPS

v WEBsweeperO"77$ HTTPSWm-7<&=je<7gsrHQ7F"Web Y<

9N e-commerce"Wj1<7gsKP9k045]<Hrs!9kh&KJj^7

?#

SurfinGate 4.05SurfinGateN!=/=KO"J<NbN,"j^9#

JavaScript 3sFsD!:

SurfinGate 4.05O"djKJkD=-N"k JavaScript`nr57F"kHN

;-ejF#<&]j7<Kc?9k JavaScriptrd_7^9# SurfinGate

4.05 Khj"I}TO"JavaScript"Java"*hS ActiveX KP7F"

xii SecureWay® Boundary Server for Windows NT® and AIX: 5b

VisualBasic ScriptQN smartU#k?<h}H cookierHQ7F"f{+

i"]j7<r_j7F/)9k3H,G-^9#

EWJ$3r}DbNNQU)<^s9NFk

SurfinGate 4.05KO"[o0n (BT~(i<JI) *hSc2~N

SurfinGateNFO0r!P9k+0D<k,^^lF$^9#3lOp\*

K"EWJ$3r}D(j"KP9k;-ejF#<&U#<Ac<G9#

]j7<I}N}/

SurfinGateO"$rhN"WlCH&WmU!$kr"+0VmC-s0QN

G<?Y<9NfK~l^9#=lKhj"I}TO""WlCH / 3sHm

<kNj9HrT89k3H,G-^9#

FTP *hS SSL WmH3kN5]<H

SurfinGate 4.05O"bP$k&3<IKD$F"U!$k>wWmH3k

(FTP) AcMkrFk7F"$s?<MCH+i!jK~j~sG/k3<I

r+%j31^9# FTP KP9kFkKC(F"SurfinGateO" bP$k&

3<IKD$F"HTTP HiU#C/rFk7"HTTPSHiU#C/rICN

uVKO7^9#

U!$"&)<k HTTP Wm-7<HNWi0$s}g

SurfinGateO"Wm-7<&A'<sNfN 1 DNWm-7<H7F//+"

^?O Windows NTQNU!$"&)<keG Web Traffic ExpressNWi0

$srp7F/-^9#

\qKD$F xiii

xiv SecureWay® Boundary Server for Windows NT® and AIX: 5b

h1O SecureWay Boundary Server N5W

3NcO"MAILsweeper"WEBsweeper"Policy Director"*hS SurfinGateNF=.W

GrHQ9k 5 DNo</9F<7gsr^(7?bNG"j" Web HiU#C/N

FkHP)XjrT$"/i$"sHH5<P<NVGU!$"&)<krHQ7Fa

<kr>w7^9#3NcGO"5 DN*}*K,%5l?o</9F<7gsrHQ

7^9#

^ 1. IBM SecureWay Boundary ServerN=.c

© Copyright IBM Corp. 1999 1

5?*J SecureWay Boundary Server Nc

G.BN;CH"CWN?aKO"J<N^7srHQ9k3Hr*+a7^9#

= 1. Boundary Server=.WG=JNO<I&'"Wo

=J ^7s

IBM Firewall Windows NT^?O AIX

MAILsweeper Windows NT

WEBsweeper Windows NT

SurfinGate Windows NT

SecureWay Boundary ServerrUkKxQ7?$lgO" SecureWay Policy Director,

MCHo</bK8_9k,W,"j^9#3lKhCF"U!$"&)<k&Wm-

7<&f<6<O" SecureWay Directory (LDAP)K]I9k3H,D=KJj^9#

HTTP Nc (Windows NT U!$"&)<k): 5?*J7Jj*GO"$s?<MCHeN3sFsDKP9k HTTP WaO"/i$"sH&^7s+i/.5l^9#3

NWaO"^:GiK WEBsweeperK.l^9#"&HP&sI&Q9GO"1cK"

WaO WEBsweeperKhCFeT5lF"U!$"&)<k HTTP Wm-7<Kwi

l^9#

U!$"&)<k HTTP Wm-7<GO"f<6<,'Z5l^9#3l,;C7gs

rVi&:7F$k/i$"sH+iNGiNWaG"klgO"f<6< ID HQ9

o<IN~OK)oG-^9#f<6< ID O"Policy DirectorKhCFI}5lk

LDAP G<?Y<9NfG"/i$"sHN;-ejF#<&]j7<r!w9kNK

HQ5l^9#/i$"sHKP9k HTTP 'Z]j7<KhCF"*hS~O5l?

Q9o<IN!:kLKhCF"=NWa,q]5lk+"^?OhKJ`3H,v5

l^9#'Z`nN?aKO"5iK LDAP G<?Y<9+"^?O Security

Dynamics ACE5<P<K"/;99k3H,,WKJklg,"j^9#18Vi&

:N;C7gs+iNe3NWaGO"Vi&6<,f<6< ID HQ9o<Ir+0

*Ks!9k3HKJj^9#/i$"sHOf<6< ID HQ9o<IN~OK)o

G-^;s,"=l>lNWaO"GiNWaH18Wm;9G'Z5lk3HKJj

^9#

'Z,.y9kH"WaO"$s?<MCHeNWa5l?5<P<GeT7FTol

^9#

$s?<MCH&5<P<+i3sFsD,U!$"&)<k HTTP Wm-7<Ka5

lkH"=N3sFsDO SurfinGateWi0$sKhCF!:5l^9#f<6<KP

9k0k<WpsO"LDAP G<?Y<9+ih@5l"]j7<N=GN?aNY<

9K9k?aK"Wi0$sGHQD=KJj^9#3sFsDK SurfinGateKX89

kbN,~CF$J$lg"SurfinGateO"G.Nh}*<P<XCIG"Wi0$s

r.d+K=N^^La5;^9# JavaScriptK^^lF$k3sFsDO"Wi0$

sGU#k?<h}5l^9#3sFsDK Java^?O ActiveX ,^^lF$klg

2 SecureWay® Boundary Server for Windows NT® and AIX: 5b

O"U#k?<h}N?aK SurfinGate5<P<K>w5l"U#k?<h}5l?3

sFsD,U!$"&)<k HTTP Wm-7<Ka5l^9# SurfinGateWi0$s

Gh}5l?kLN3sFsDO" WEBsweeper5<P<KwjV5l^9#

3sFsD, WEBsweeper5<P<KaCF/kH"5<P<O"WEBsweeper]j7

<K7?,CFU#k?<h}rT$"=lr/i$"sHKa7^9#

HTTP Nc (AIX U!$"&)<k): AIX GO"HiU#C/N.lOp\*K18G

9,"SurfinGateWi0$sO AIX U!$"&)<kGOHQG-^;s#3N?

a"SurfinGate5<P<O"/i$"sH+iU!$"&)<kXNWm-7<&A'

<sNfN 1 DNWm-7<H7F;CH"CW5lk,W,"j^9#War"U!

$"&)<k HTTP Wm-7<K>\>w9kNGOJ/" SurfinGate5<P<K>

w9kh&"WEBsweeperr;CH"CW9k,W,"j^9#5iK SurfinGate5<

P<O"WarU!$"&)<k HTTP Wm-7<K>w9kh&K=.5lF$k,

W,"j^9# SurfinGate5<P<GO0k<Wps,HQG-J$?a"]j7<N

=GO"IP "Il9KpE$F7+T&3H,G-^;s#

a<kNc: MAILsweeperO"a<k&2<H&'$H7F;CH"CW5l^9#

MAILsweeper5<P<K~e7?a<kO"!Na<k&5<P<K>w5lk0K=

N3sFsDNU#k?<h},Tol^9#

;-e"&a<k&5<P<N=l>lO"/i$"sHNa<kWar MAILsweeper

5<P<K>w9kh&=.5lF$k,W,"j^9#e.9ka<kr

MAILsweeper5<P<K>w9k?aK"U!$"&)<kNa<kr9!=,=.5

lF$k,W,"j^9#

MAILsweeperO"$:lN0tIa$sK"Il9Xj5l?a<kb"U!$"&)

<kNa<kr9!=Kw.9kh&K=.5lF$k,W,"j^9# MAILsweeper

O"btIa$sK"Il9Xj5l?a<kr"57$;-e"&a<k&5<P<

Kw.9kh&K=.5lF$k,W,"j^9#

h1O SecureWay Boundary ServerN5W 3

h2O IBM N SecureWay Boundary Server NRp

3NOGO"SecureWay Boundary ServerN5Wrb@7^9,"J<Na,^^lF

$^9#

v XSecureWay Boundary ServerHO?+Y

v XSecureWay Boundary Server,J<,W+Y

v 6Z<8NXSecureWay Boundary Server,INh&K7F FirstSecureKH_~^l

F$k+Y

v 6Z<8NXSecureWay Boundary ServerN=.WGO?+Y

SecureWay Boundary Server HO?+

IBM SecureWay Boundary ServerO"iaF"04J-&;-ejF#<N=je<7

gsr 1 DK^Ha?bNG9# SecureWay Boundary ServerO"U!$"&)<k

]n">[d_V (VPN)"*hS3sFsD&;-ejF#<rs!7^9#

SecureWay Boundary ServerO";-ejF#<:H+iNF/Nm8<r 1 DK^H

aF" IBM N5]<HH=NXeK"k5<S9rloK7F"}g5l?=je<

7gsK7?bNG9#3N=je<7gsKO"J<NbN,^^lF$^9#

v IBM SecureWay Firewall 4.1 (Security Dynamic ACE/Serverr^`)

v Content TechnologiesN MIMEsweeper

– MAILsweeper 4.1_2

– WEBsweeper 3.2_5

– WEBsweeper HTTPS proxy 1.0_2

v Finjan N SurfinGate 4.05

– SurfinGate5<P<

– SurfinConsole

– SurfinGateG<?Y<9

– SurfinGate Plugin for WTE integration for Windows NT 1.0

SecureWay Boundary Server ,J<,W+

;-e"-&,I3KGb (;QtgHMvtgJINtgNV"\RMCHo</H

jb<H&*U#9NV"RbMCHo</H$s?<MCHNV"RbN Web "W

j1<7gsH\RNV"*hSRbMCHo</^?O"Wj1<7gsHS8M

9&Q<HJ<NVK) ,WG9#-&;-ejF#<O"HQ7F$kMCHo<

/""Wj1<7gs"*hSpsJIr]n9k@1GOJ/"=liN-zOOb

-2^9#-&;-ejF#<r,ZK9k?aKO"=NMCHo</r"/;9G

-kMHMCHo</KP~j9kpsN>}r)f9k,W,"j^9#


SecureWay Boundary Server ,INh&K7F FirstSecure KH_~^lF$k

+

IBM SecureWay FirstSecureO"1 DN}g=JNQC1<8G9#3lO"$s?<M

CHd=N>NMCHo</rp7?"MCHo<-s0N9YFNLN!)]nrg

u9k?aK"qg*JUl<`o</rs!7^9#3lO"b8e<kA0G"j

_`n,D=J*U!js0rHQ7F";-e" e-businessrT&?aK"=_Nj

qrbHKWhrn.7"j-TK++kgW39HrG.BK9k?aKr)A^

9#3lO"&#k9]n""/;9)f"HiU#C/&3sFsDN)f"Ef

="G#8?kZ@q"U!$"&)<k"D<k-CH"*hS3~5<S9rs!

7^9#

Boundary ServerO"FirstSecureK~CF$k=JQC1<8N 1 DG9#3lO$s

?<MCHKP7F-&rn.9kNG"3lrHQ7F"-2ND=-N"k&#k

9 (Uo9k&#k9&9-cs=JrHQ7F) VmC/7" JavaScript"Java"W

lCH"ActiveX 3sHm<k"*hS8cs/ E a<k (SPAM) 5(bVmC/9

k3H,G-^9# Boundary ServerrHQ7F"$s?<MCH+i+,NMCHo

</K~O7?$bNr5NK)f7^9# SecureWay Policy DirectorrHQ7F"U

!$"&)<k&Wm-7<&f<6<H"=liNf<6<N'Z]j7<rI}7

^9#

SecureWay Boundary Server N=.WGO?+

SecureWay Boundary ServerN 3 DN=.WGO"IBM Firewall"MIMEsweeper"*h

S SurfinGate+iJCF$^9# SecureWay Boundary ServerO" IBM SecureWay

Policy DirectorHN}grs!7^9#

IBM SecureWay Boundary Server N5W

IBM SecureWay Boundary ServerO"g,OH%KP7F"\R"5Wi$d<"*h

SQ<HJ<KP7F+,NkHrB4K+|9k3HG e-businessrhQ9k?aK

,WJ"]n""/;9)f"*hS3sFsD&;-ejF#<rs!7^9#3N

!=KO"J<NbN,"j^9#

v MCHo</KP9kU!$"&)<kKhk]n

v MCHo</N~#YrH%9k>[d_V (VPN)

v kHNG<?"$a<8"*hSA3H8:-r]n9k?aN"ERa<kH Web

HiU#C/N3sFsD&9-cJ<

SecureWay Boundary ServerO":H+iNGbNF/Nm8<r 1 DK^HaF"

IBM N5]<HH=NXeK"k5<S9rloK7F"}g5l?=je<7gsK

7?bNG9#3lO"AIX H Windows NTN*Zl<F#s0&79F`GHQD

=G9#


SecureWay Boundary Server N!=

SecureWay Boundary ServerO"MCHo</H79F`r#7F]n9k?aK"Q

1CHNU#k?<h}"Wm-7<"*hS Socks5<P<NF/Nm8<H"3s

FsD&;-ejF#<r,Q7F$^9#3liNF/Nm8<Khj"I}TO"

ING<?rMCHo</KP~j5;FO;k+r@(7FjA9k3H,G-^

9#3lO"V5<S9]jNOC-s0WrI_7"OC+<,MCHo</K~j

~_"!*U$K)BrC(kNrI_9kNKr)A^9# SecureWay Boundary

ServerO"VPN =je<7gsrs!7F"jb<H&5<P<HbG`NPs/r

$s?<MCH&Y<9N=je<7gsKV-9(k3H,G-^9#

Policy DirectorHloK[V5l?lg"SecureWay Boundary ServerO"f{N]j7

<&Y<9NEH_rHQ7F"f<6<N'Zrs!7^9#"sA&#k9&=U

H&'"r SecureWay Boundary ServerHloKHQ7F"5$HN&#k9]nrs

!9k3H,G-^9#

IBM SecureWay Policy Director N5W

Policy DirectorO"vDH;-ejF#<I}rs!9kH)?=je<7gsG"

j"O}*K,67?$sHiMCHH(/9HiMCHeK8_9kj=<9KD$

F"*<+i*<^GN!)]nrs!7^9#(/9HiMCHO""/;9)fH

;-ejF#<!=rHQ7F"$s?<MCHK\35l? 1 D^?O#tN$sH

iMCHNHQr"*r5l?C~TK)B9k>[d_V (VPN) G9# Policy

Director O"'Z"vD"G<?&;-ejF#<"*hSj=<9I}N5<S9r

s!7^9# Policy Directorr8`N$s?<MCH&Y<9&"Wj1<7gsHl

oKHQ9kH"!)]n5l"I}NT-O$?$sHiMCHH(/9HiMCH

r=[G-^9#

IBM SecureWay Policy Director N!=

SecureWay Boundary ServerHloKHQ7?lg"IBM SecureWay Policy Director

O"Wm-7<&f<6<&]j7<N]IljH"'Zpsrs!7^9#

IBM SecureWay Firewall N5WIBM SecureWay FirewallO"MCHo</&;-ejF#<&Wm0i`G9#U!$

"&)<kO"1 D^?O#tN!)]n5l?btNd_MCHo</H">NMC

Ho</^?O$s?<MCHHNVrWG9kbNG9#U!$"&)<kO";-

e"&MCHo</NfX"^?O0XNu>7J$+"^?O5vDNL.rI_7

^9#

IBM SecureWay Firewall N!=IBM SecureWay FirewallO"]n5l?MCHo</"$s?<MCH"*hS>NM

CHo</N;CHNVN"/;9r)B7^9#^?"J<N3HbT$^9#

v ~~K)f5l?O@KM,~kNr)B9k

v OC+<,>NIf_wKaE/NrI_9k

h2O IBM N SecureWay Boundary ServerNRp 7

v ~~K)f5l?O@+iM,PF$/Nr)B9k

v btU!$"&)<kG"btN!)psr5vDN>Hw+iV%9k

v MCHo</rP~j9k3H,G-kHiU#C/r)B9k

MIMEsweeper N5WMIMEsweeperO"ERa<k^?Oo<kI&o$I&&'V (WWW) P3NU!$

"&)<krL7FO5lkG<?r,O9k3HKhCF"3sFsD&;-ejF

#<rs!7^9#3sFsD&;-ejF#<KhCF"H%O"ERa<kdo<

kI&o$I&&'V (WWW) NHQKX"9kS8M9eNdj@rz(*KI}9

k3H,G-^9#3liNdj@O"MCHo</N]4-HS8M9N]4-K,

1k3H,G-^9#

MCHo</N]4-N?aNU#k?<h}KhCF"J<N3H,D=KJj^

9#

v e.*hS/.9kERa<kN&#k9r1L7F|n9k

v >^7/J$U!$k&?$WrU#k?<K]1k

v 5$:6aNU!$krI}9k

v a<kzFKhkOC-s0+iNUT (U/=&) ^?O5<S9Nc<+iMC

Ho</r]n9k

S8M9N]4-N?aNU#k?<h}KhCF"J<N3H,D=KJj^9#

v !)-N/2*hS&hzeNk)N3($rI_9k

v !*A3Nx+r)B9k

v >HwKhkERa<k*hSo<kI&o$I&&'V (WWW) NmQKhk;

:rc:9k

v mQ^?O(UN"kOC-s0KhkMCHo</&5<S9N;:rI0

MCHo</N]4-KP9k<RKO"G<?NKu^?OCn"ERa<kN.

p"*hS79F`&O<I&'"NKu,M(il^9,"3liN9YF,"MC

Ho</N@&s~VHJj"8:-Nc<r7-"=N/j<s"CWHs|N?a

Kb$39H,++k3HKJj^9#

7+7"S8M9N]4-KP9k<RO"!'KX9kDgJ39H"N*j-"N

o:"*hSkHN>=d.j-KP9k;}KhCF"bCHKu*JbNKJj@

^9#S8M9N]4-NdjO"hjz-N?DrT-M^i;kD=-b"j^

9#

MIMEsweeperO"ERa<kd$s?<MCHrH%GHQ9k3HKhCFs/5l

k"MCHo</HS8M9N]4-Ndj+iH%r]n9k?aN":H&Gbh

J*J=JG9#


MIMEsweeper N!=MIMEsweeperO"J<N3H,G-^9#

v /.5lka<kK!'*JGojq-rIC9k

v !)-N"k8q*hSG<?r]n9k

v ERa<k*hS Web Y<9Nf<6<NvDH)frT&

v 6b*JG<?rV%^?OVmC/9k

v 8cs/ERa<krVmC/9k

v :v9k3sFsDN:U**hS@&sm<Ir9-cs9k

v &#k9d-Ur}C?3<Ird_9k

v T,ZJ Web Z<8d5$HrVmC/9k

v sp"m0"*hS"<+$VrT&

SurfinGate N5W

SurfinGate 4.05O"&hzK$s?<MCH"(/9HiMCH"^?O$sHiMC

HrHQ7F$kS8M9N?aN"bP$k&3<IN;-ejF#<&D<kG

9# JavaScriptK^^lF$kbP$k&3<IN3sFsD!:rL7F"

SurfinGateO":H9Q$"G<?N~6s"*hSpsNo|JIr^`"(UN"

k;}^?OU^*GJ$;}+i3sTe<?<&MCHo</r]n9kNrgu

7^9# SurfinGateN3sFsD!:Wm;9O"2<H&'$&lYkG

Java"JavaScript"*hS ActiveX NbP$k&3<INbFr!:7F"EWJj=<

9+is61kh&K7"3<IKG-N ID H"WlCH&;-ejF#<&WmU

!$k (ASP) rdjvFF";-ejF#<N/2ND=-,"k3HrLN7^9#

SurfinGateO"?o7$HWolk3<Ir"MCHo</K~k0K1L7^9#

SurfinGate 4.05KO"J<N 4 DN=.WG,^^lF$^9#

v SurfinGate5<P<

v SurfinConsole

v SurfinGateG<?Y<9

v SurfinGate Plugin for WTE integration for Windows NT

SurfinGate ServerO"HTTP Wm-7<&5<P<H7F/-^9# SurfinGateO"U

!$"&)<k HTTP Wm-7<*hS WEBsweeperWm-7<HloNWm-7

<&A'<sNltH7F[V9k3H,G-^9# Windows NTNlg"U!$"

&)<k HTTP Wm-7<NWi0$sNeXH7FHQG-^9#Wi0$sH7F

HQ5l?lg"SurfinGateO"WarTCF$kWm-7<&f<6<KD$FN0

k<Wpsr~j7^9# SurfinGateNU#k?<h}N]j7<O"3N0k<Wp

sKpE$?bNK9k3H,G-^9#3N"<-F/Ac<KhCF"bP$k&

3<INHiU#C/rd_5;"OC-s0,/89k0K!:9k3H,G-^

9#3N=.WGO"kH;-ejF#<&]j7<K>C?]nrs!7^9#

h2O IBM N SecureWay Boundary ServerNRp 9

SurfinConsoleO"bP$k&3<IKP9kf{NkH;-ejF#<&]j7<NI

}H_jrT&?aNH$d9$$s?<U'<9G9# SurfinConsoleO"MCHo

</eN#tN SurfinGate Serverr)f9k3H,G-"f<6<4H^?O0k<W

4HK""k$Ou1~lD=GJ$3<IHu1~lD=J3<IKD$FN+9?

`&j9HKhCF"kH4NGNbP$k&3<IKX9k,'r/)9k3H,G

-^9#

SurfinGateG<?Y<9O"f<6<H0k<WKX9kps*hS=liNP~9k

;-ejF#<&]j7<,~CF$k""WlCH&;-ejF#<&WmU!$k

(ASP) N\Yr]I7^9#3NG<?Y<9O"H_~_N"/;9&G<?Y<

9&(s8s^?O{8N OracleG<?Y<9rHQ9k3H,G-^9# SurfinGate

,9YFNbP$k&3<INbFrBTfK!:7F$kNG"3NG<?Y<9O

;-ejF#<N?aKO,W"j^;s,"g,ON`nGOQU)<^s9r~e

5;kNKr)A^9#

SurfinGate N!=

SurfinGateO"J<NbNrs!7^9#

v Java"WlCH"Active X 3sHm<k"JavaScriptQN2<H&'$&lYkN3

sFsD!:5<P<

v j"k?$`Fk"0*!:

v Web Y<9NbP$k&3<IKP9k;-ejF#<&]j7<N/)

v VbP$k&3<IW(?H(P"Java"WlCH"ActiveX 3sHm<k"

JavaScript, Visual Basic9/jWH"Wi0$s"cookie)N!:

SurfinGateO"Wm-7<&A'<sNfNWm-7<HloK//+"^?O

Windows NTQN Firewall eN WTE Wi0$srp7F/-^9#


h3O SecureWay Boundary Server r$s9H<k9k0K

\OGO"SecureWay Boundary ServerN$s9H<kN`wrT&}!KD$Fb@

7"J<Na,^^lF$^9#

v X`wrT&}!Y

v 13Z<8NXSecureWay Boundary ServerY

`wrT&}!

3NaGO"SecureWay Boundary ServerN=.WGr`w9k}!KD$Fb@7^

9#

SecureWay Policy Director HN}g

Windows NT^?O AIX GN IBM SecureWay Policy DirectorNp\*J;CH"C

WKD$FO"J<rT$^9#

1. *Zl<F#s0&79F`, Policy Directorr5]<H9kh&K57/=.5

lF$k3Hr!:9k#

2. IN5<P<=.WG,[VNWoKGbh/,g7F$k+"*hS3liN=.

WGrIN^7sK$s9H<k9k+rhj9k#

3. DCE $sUi9Hi/Ac<,8_7F$J$lgO"=lr$s9H<k7F"

=.9k#

4. SecureWay Directory (LDAP)r$s9H<k7F"=.9k#

5. /i$"sHZ@qN'ZrT&=jG"klgO" Certificate Authorization

Service (CAS)r=.9k#

6. NetSEAT/i$"sHr$s9H<k9k#

7. Policy Director5<P<=.WGr$s9H<k9k#

8. I}3s=<kr$s9H<k9k#

Policy DirectorKD$FN\YO"Policy Director 5b P<8gs 3.0 r2H7F/

@5$#

SecureWay FirewallWindows NT^?O AIX GN IBM Firewall Np\*J;CH"CWO"J<rT$

^9#

1. 17Z<8NXSecureWay Boundary ServerNO<I&'"WoYKj9H5lF$k

0sro,7CF$k+N'9k#

2. IBM Firewall N;CH"CWNWhr)Fk#0bCF"U!$"&)<kNIN

!=,,WG"INh&J}!GHQ7?$+rhaF*-^9#


3. IN$s?<U'<9,;-e"&MCHo</K\35lk+r Firewall KX(

9k#+,NU!$"&)<k,57/n09k?aKO";-e"&$s?<U'

<9Hs;-e"&$s?<U'<9,J1lPJj^;s#=./i$"sHNJ

S2<7gs&Dj<+i" VSystem AdministrationWU)k@<r+-"

VInterfaces Wr/jC/7F"+,NU!$"&)<keNMCHo</&$s?<U'<9Nj9Hr4Y^9#$s?<U'<9N;-ejF#<u7rQ99k

KO"1 DN$s?<U'<9r*r7F"Change r/jC/7^9#

m: $s?<MCHK\37h&H7F$klgO"$s?<MCH&5<S9&WmP$@< (ISP) K"m7F"Firewall s;-e"&$s?<U'<9N?aN

P?Q_ IP "Il9r~j7F/@5$#

4. VSystem AdministrationWU)k@<NfNVSecurity Policy W@$"m0r"/;97F"lL*J;-ejF#<&]j7<r;CH"CW9k#5?*J Firewall

=.GO"J<NH*jG9#

v DNS HqrvD9k

v s;-e"&$s?<U'<9XN1sL.aC;<8rq]9k

v s;-e"&"@W?<XN Socksrq]9k

5. Ia$s&M<`&5<S9Ha<k&5<S9r;CH"CW9k# DNS l>j

e<7gsrs!7J$H"z(*JL.OTol^;s#3liN!=O"=./

i$"sHNJS2<7gs&Dj<K"kVSystem AdministrationWU)k@<+

i"/;97^9#

6. =./i$"sHNJS2<7gs&Dj<NfNVNetwork Objects W!=rHQ7F"MCHo</NgWJWGrU!$"&)<kKjA9k#VNetwork

ObjectsWO"Firewall rp7?HiU#C/r)f7^9#J<NgWJWGrMC

Ho</&*V8'/HH7FjA7^9#

v Firewall N;-e"&$s?<U'<9

v Firewall Ns;-e"&$s?<U'<9

v ;-e"&MCHo</

v HQ7F$k;-e"&MCHo</eK"kF5VMCH

v HQ7F$k Security Dynamics5<P<*hS Windows NTNIa$s&5<

P<N?aN[9H&MCHo</&*V8'/H (:v9klg)

7. Firewall eN5<S9rHQD=K9k#3liO"(socks^?OWm-7<JI

N) a=CIG"j"=lKhCF";-e"&MCHo</bNf<6<Os;-

e"&MCHo</r"/;9G-^9#IN5<S9r3~9k+O"WhJ,G

TC?hjKhj^9#ltN\3=.GCjN?$WNHiU#C/r;CH"C

W9klgKO"3~5<S9,,WKJklg,"j^9#?H(P"+RN;-

e"&f<6<,"HTTP Wm-7<rQ$F"$s?<MCHeN&'Vr5<U

#s9kNrv9H9lP"I}TO" HTTP Wm-7<&G<bsrU!$"&

)<kK=.9k,W,"kP+jGJ/" HTTP HiU#C/rv9h&J\3

r_j9k3Hb,WKJj^9# Policy Directorr;CH"CW9klgKO"

11Z<8NXSecureWay Policy DirectorHN}gYr2H7F/@5$#


8. Windows NT N_: /=Wm;9, NETBIOS rHQTDK9k?a"'ZK

Windows NTIa$s&Q9o<IrHQ7?$lgO"'ZQNHi9FCI

Windows NTIa$sr!w9k!=ruw7?"Windows/i$"sH&3<I

r=.9k,W,"j^9#Hi9FCI Windows NT5<P<O"TCP/IP[9

H>H"Il9r}CF$k,W,"j"^?=N5<P<H Firewall HNVN

TCP/IP\3r}CF$k,W,"j^9#U!$"&)<kI}TO"Firewall H

Hi9FCI Windows NT5<P<NVK\3rn.7F"=N 2 DNVNHi

U#C/rD=K9k,W,"j^9#

9. MCHo</&"Il9Q9rHQ9k=jG"klg"^:GiK"ISP K"m7

F"?P 1 N"Il9Q9KHQ9kP?Q_ IP "Il9rh@9k#3N"I

l9O"9FCW 12Z<8N3 GWa7?"Il9KIC5lkbNG9#!K"

VAdd NAT ConfigurationWQMkG"=NP?Q_ IP "Il9rVMany-to-One IP

AddressWU#<kIKIC7^9#

e-N9FCWO"p\U!$"&)<k=.r)Ae2F"BT9kNKr)DO:

G9# IBM Firewall O"MCHo</N;-ejF#<rNBJbNK9kNrgu

9k?aK"79F`&m0JIN>N!=rs!7F$^9#

Firewall ,5o^?O[oN$:l+G7cCH@&s7?lgGb"=.G<?O"

O<I&G#9/K]I5l"jV<H~K+0*KFh0=5lkNG"FAru1

k3HO"j^;s#?@7"?H(P"/F#V FTP ;C7gsJI"ltN"/

F#V\3,fG5lkH"CjNU!$"&)<k&m0&aC;<8,/87^

9#

SecureWay Boundary ServerSecureWay Boundary Server&#6<IrHQ7F"Policy DirectorH}g9k?aK"

f<6<NI}QN IBM SecureWay Policy DirectorrHQ9kh& Firewall r;CH

"CW9k3H,G-^9#$U*rG"3N&#6<IOU!$"&)<k HTTP W

m-7<r=.7F"'Zpsr SurfinGateWi0$sKO7^9 (Windows NTN

_)#

Firewall QN IBM SecureWay Boundary Serverr=.9k?aK,WJpsO"J<N

H*jG9#

v Firewall ,HQ9k IBM SecureWay Directory5<P<N[9H>HIa$s#

v IBM SecureWay Directory5<P<,0h9k]<HNt#GU)kHN]<HtO

389 G9#

v IBM SecureWay Directory5<P<QN SecurityMasterQ9o<I#

v 3N Firewall KP9kWm-7<&f<6<rhL9k?aKHQ9kIa$s>#

3N>0rHQ9k9YFNU!$"&)<k,"18f<6<N;CHrI}7^

9#Lo"Firewall ^7sN04$~[9H>rHQ7^9#

v SecureWay DirectoryNfK]I5l?Wm-7<&f<6<r"/;99k?aKH

Q5lk Firewall I}T>#3N>0KO"SecureWay Policy DirectorGn.5l?

h3O SecureWay Boundary Serverr$s9H<k9k0K 13

9YFNWm-7<&f<6<rQ99k?aN"/;9",vD5l^9#

Firewall ^7sN04$~[9H>rHQ9k,W,"j^9#

v IBM SecureWay Directory,"G<?Y<9bN Firewall f<6<N!wr+O9k

k<HH7FHQ9k1L>#3lO"Policy Directorf<6<r]I9k?aK

SecureWay DirectorybKn.7?5U#C/9G"k,W,"j^9#

v IBM SecureWay Directory5<P<K\39kH-KHQ9k?aN"Firewall NI

}T ID N?aNQ9o<I#

Firewall H the SecureWay Directory5<P<HNVGHiU#C/,.lkh&K9k

?aK"\3rn.9k,W,"j^9#

17Z<8NXSecureWay Boundary ServerNO<I&'"WoYKj9H5lF$k0

sro,7CF$k+N'7F/@5$#

SurfinGateSurfinGaterHQ9k`wr9k?aKO"Windows NT Service Pack 5,$s9H<

k5lF$k,W,"j^9# 17Z<8NXSecureWay Boundary ServerNO<I&'

"WoYKj9H5lF$k0sro,7CF$k+N'7F/@5$#

SurfinGaterHQ9k`wN?aK"J<rBT7F/@5$#

v OracleG<?Y<9rHQ7F$klgO"=lr=.9k,W,"j^9#

v Windows NT FirewallrHQ7F$klgO"Wi0$s^?OWm-7<&b<I

rHQ9k+I&+hj9k,W,"j^9#

v WTE G SurfinGateWi0$srHQD=K9kKO" Firewall ^7sK SurfinGate

Wi0$sr$s9H<k7F" SecureWay Boundary Server&#6<IrBT7^

9#

v SurfinGateWi0$s+i SurfinGate5<P<XNHiU#C/,.lkh&K9k

?aK"\3rn.9k,W,"j^9#

MIMEsweeperMIMEsweeperNHQN`wr9k?aKO"MCHo</rINh&K0n5;h&H

7F$k+r}r7F$k,W,"j^9# 17Z<8NXSecureWay Boundary Server

NO<I&'"WoYKj9H5lF$k0sro,7CF$k+N'7F/@5$#

MAILsweeperMIMEsweeperr=.9klgO"MAILsweeperH WEBsweeperrL9N^7sK~l

k,W,"j^9#

MAILsweeperr=.9k0K"J<NnHrBT7F/@5$#


::

v btGHQ9ka<k&Ia$sr=L9k# MAILsweeperH Firewall a<kr9

!=O"3liNFa<k&Ia$sNa<kru1~lkh&=.5lk,W,"

j^9#

v IN;-e"&a<k&5<P<,"FIa$sr5]<H9k+r=L9k#

MAILsweeperO"9YFNa<k&Ia$sK"Il9Xj5l?a<k,"57$

a<k&5<P<K>w5lkh&K=.5lF$k,W,"j^9#

v MAILsweeper5<P<N"Il9r=L9k#;-e"&a<k&5<P<N=l>

lO"bt/i$"sH+iu.7?a<kr MAILsweeper5<P<K>w9kh

&=.5lF$k,W,"j^9#

v Firewall N"Il9r=L9k# MAILsweeperO"0tIa$sK"Il9Xj5

l?a<kr Firewall a<kr9!=K>w9kh&=.5lF$k,W,"j^

9#

WEBsweeperWEBsweeperr=.9k0K"J<NnHrBT7F/@5$#

v WEBsweeper5<P<N"Il9r=L9k#3lO"MCHo</bNF/i$"

sH Web Vi&6<4HK,WG9#Vi&6<O"HTTP"FTP"*hS HTTPS

N?aNWm-7<H7F WEBsweeper5<P<rHQ9kh&=.5lF$k,

W,"j^9#

v +,NU!$"&)<kN;-e"&$s?<U'<9N"Il9r=L9k#

WEBsweeperO"Wm-7<War Firewall Kos9k HTTP Wm-7<K>w9

kh&=.5lF$k,W,"j^9#

v /i$"sH, Web 3sFsDNU#k?<h}r&sG-kh&K7?/J$l

gO"Firewall eN\3r;CH"CW7F"WEBsweeper+ SurfinGate5<P<"

"k$O=N>}KP9kWm-7<&"/;9r)B9kh&K9k,W,"j^

9#

h3O SecureWay Boundary Serverr$s9H<k9k0K 15

h4O IBM SecureWay Boundary Server (SBS) NWo

3NOGO"SecureWay Boundary ServerNG.,Wror(7^9#

SecureWay Boundary Server NO<I&'"Wo

Boundary Server=.WG=JNO<I&'"WorJ<N=K(7^9#

= 2. Boundary Server=.WG=JNO<I&'"Wo

Boundary

Server =.WG

^7s&?$W G#9/&

9Z<9

abj< =N>

Policy Director N/A 64 MB 16 MB N/A

IBM Firewallv Windows NT:

266 MHz Je

v AIX: 4.3.2 r5

]<H9k

RS/6000^7s

Windows NT: 200

MB

AIX: 200 MB

Windows NT: 64

MB

AIX: 128 MB

MCHo</&$

s?<U'<9&

+<I (NIC) 2

g

ACE/Serverv Windows NT:

166 MHz Je

(7s0k&W

m;C5<N

_)

v AIX: AIX 4.2

r5]<H9k

^7s

v 1 !5<P<&

=UH&'":

50 MB

v PC/"CW&

5<P<:

22MB

v i|f<6<&

G<?Y<9:

4 MB

v $s9H<k:

240 MB

G.: 32 MB B]N-1hWo

O"f<6<tK

hCFh^k#

MAILsweeper Windows NT: 400

MHz Wm;C5

<Je

1 GB 128 MB N/A

WEBsweeper Windows NT: 450

MHz Wm;C5

<Je

1 GB 128 MB N/A

gFLD-K*1

k WEBsweeper

79F`NWo

Windows NT: 450

MHz Wm;C5

<Je

3 GB 512 MB N/A

SurfinGate 4.05

5<P<

Windows NT: 233

MHz Wm;C5

<Je

20 MB 256 MB N/A


= 2. Boundary Server=.WG=JNO<I&'"Wo (3-)

SurfinGate 4.05

3s=<k

Windows NT: 233

MHz Wm;C5

<Je

15 MB 64 MB N/A

m: #t@lKD$FN\YO" IBM SecureWay Firewall for AIX^?O Windows

NT P<7gsN;CH"CWH$s9H<kKX9kqAr2H7F/@5$#

NetscapeVi&6<Nlg"138 MB NG#9/&9Z<9b,WG9#

SecureWay Boundary Server N=UH&'"Wo

Boundary Server=.WG=JN=UH&'"WorJ<N=K(7^9#

= 3. Boundary Server=.WG=JN=UH&'"Wo

=J Windows AIX =N>

Policy Director 5<

P<

Windows NTP<8g

s 4.0 (Service Pack 5

U-)

4.3.1 N/A

IBM Firewall Windows NTP<8g


U-)

4.3.2 N/A

SecureWay

Boundary Server

IBM SecureWay

Firewall 4.1

IBM SecureWay

Firewall 4.1

N/A

MAILsweeper Windows NTP<8g


U-); Internet Explorer

4.01 Je; Microsoft

Management Console

1.1; NTFSIi$V;

Windows Messaging

N/A HQ7?$"sA&#

k9&D<k

WEBsweeper Windows NTP<8g


U-)

N/A HQ7?$"sA&#

k9&D<k

SurfinGate 5<P< Windows NTP<8g


U-)

N/A N/A

SurfinGate 4.05 3s

=<k

Windows NTP<8g


U-) ^?O Windows

95

N/A N/A


h5O SecureWay Boundary Server N$s9H<k*hS=.

3NOGO"Windows NT*hS AIX GN SecureWay Boundary ServerN=.H$s

9H<kN}!KD$Fb@7^9#

v XSecureWay Boundary Server=.WGN$s9H<kY

v 21Z<8NXSecureWay Boundary Server=.WGN=.Y

v 30Z<8NXdj~_NVmC-s0Y

SecureWay Boundary Server =.WGN$s9H<k

3NaO"Windows NT*hS AIX GN IBM SecureWay Firewall"SurfinGate"*h

S MIMEsweeperr$s9H<k9kNKr)A^9#

SecureWay Firewall N$s9H<kIBM SecureWay Firewall for Windows NT and AIXNp\=.KD$FN\YO"11Z

<8NX`wrT&}!Yr2H7F/@5$#=3GO";-e"&$s?<U'<

9NjA}!";-ejF#<&]j7<Nhj}!"*hSMCHo</&*V8'

/HNjA}!KD$Fb@7F$^9# SecureWay FirewallKD$FN\YO"IBM

SecureWay Firewall for AIX;CH"CW*hS$s9H<kNjz- *hS IBM

SecureWay Firewall for Windows NT;CH"CW*hS$s9H<kNjz- r2H

7F/@5$#

SecureWay Directory N$s9H<k

SecureWay Boundary ServerN LDAP !=rHQ7F$klgO"IBM SecureWay

Policy Director 5b P<8gs 3.0 r2H7F/@5$#

SecureWay Directory5<P<O"Firewall N;-e"&5$I+"^?O Firewall N

;-e"spuOS (DMZ) bK8_7J1lPJj^;s#

SecureWay Policy Director N$s9H<k

SecureWay Boundary ServerN LDAP !=rHQ7F$klgO"SecureWay Policy

Director r$s9H<k9k,W,"j^9 (IBM SecureWay Policy Director5b P<

8gs 3.0 r2H)#

SecureWay Boundary Server N$s9H<k

SecureWay Boundary Serverr Windows NTK$s9H<k9kKO"J<rT$^

9#

v SecureWay Firewall for Windows NTr$s9H<k9k

v SecureWay Boundary Server CD+i setup.exerBT9k


v @lr*r7FVOKWr/jC/9k

v InstallShield,"SecureWay Boundary ServerrI3X$s9H<k7?$+rRMF

-^9# Windows NTNGU)kH&G#l/Hj<O C:¥Program Files¥IBM¥SBS

G9#

v jV<H9k

SecureWay Boundary Serverr AIX K$s9H<k9kKO"J<rT$^9#

v SecureWay Firewall for AIXr$s9H<k9k

v CD r^~7F"SMITTY rHQ7F$s9H<k9k

v VSoftware Installation and MaintenanceWr*r9k

v VInstall and Update SoftwareWr*r9k

v VLatest Available SoftwareW+iVInstall and UpdateWr*r9k

v INPUT GP$9rRMF-?lg"*r`\rj9H7F"CD-ROM Ii$Vr*

r9k

v $s9H<k9k SOFTWAREN*r`\rj9H7F"sbsr*r9k

v VEnterWr!7F"=UH&'"r$s9H<k9k

v jV<H9k

SurfinGate N$s9H<k

SurfinGateKO"SurfinGate5<P<H SurfinGate3s=<kN 2 DN=.WG,"

j^9# SurfinGateN$:l+N=.WGr$s9H<k9kKO" SurfinGate CD

N ¥docs¥install.pdf K~CF$k$s9H<k&,$Ir2H7F/@5$#

SurfinGate Wi0$s

IBM SecureWay Firewall For Windows NTK SurfinGateWi0$sr$s9H<k9

kKO" SurfinGate CDN ¥docs G#l/Hj<K~CF$k$s9H<k&,$I

r2H7F/@5$#

MIMEsweeper N$s9H<kMIMEsweeperKO"MAILsweeper"WEBsweeper"*hS WEBsweeper HTTPSH$&

3 DN=.WG,"j^9#

MAILsweeper 4.1O"NTFS hhK$s9H<k5lk,W,"j^9#

MAILsweeper N$s9H<kMAILsweeperr$s9H<k9kKO"MIMEsweeper CDN

¥install¥MSW4_0_2¥docs¥qsg.pdf K"k"Getting Started Guider2H7F/@5$#

MAILsweeperO"WEBsweeper HTTPWm-7<H18^7sKO$s9H<k7J$

G/@5$#


:

MAILsweeperO"WEBsweeper HTTPSWm-7<H18^7sKO$s9H<k7J

$G/@5$#

Windows NT CD+i MAPI32.dll r$s9H<k7?eG" MIMEsweeper CD+i

Microsoft Management Console 1.1r$s9H<k9kH"57$P<8gsN

MAPI32.dll ,"Microsoft Management ConsoleHloK$s9H<k5l?lP<8g

sNbNGeq-5lF7^$^9# Microsoft Management Consoler$s9H<k7

?e"MAPI32.dll NP<8gs 4.0 ^?O=lJe,$s9H<k5lF$k3Hr

N'7F/@5$# dll O"Lo Windows Messaging=.WGNfK"j^9#

WEBsweeper N$s9H<kWEBsweeperr$s9H<k9kKO"MIMEsweeper CDN

¥install¥WSW3_2_5¥docs¥manual.pdf K"k Administrator’s Guider2H7F/@5

$#

WEBsweeperO"MAILsweeperH18^7sKO$s9H<k7J$G/@5$#

WEBsweeper HTTPS N$s9H<k

WEBsweeper HTTPSr$s9H<k9kKO"MIMEsweeper CDN

¥install¥WSWHTTPS1_0_2¥readme.txt K"k Readmer2H7F/@5$#

WEBsweeper HTTPSWm-7<O"MAILsweeperH18^7sKO$s9H<k7J

$G/@5$#

SecureWay Boundary Server =.WGN=.

SecureWay Firewall N=.IBM Firewall Np\*J;CH"CWO"J<rT$^9#

1. IBM Firewall N;CH"CWNWhr)Fk#0bCF"Firewall NIN!=,,W

G"INh&J}!GHQ7?$+rhaF*-^9#

2. IN$s?<U'<9,;-e"&MCHo</K\35lk+r Firewall KX(

9k#+,NU!$"&)<k,57/n09k?aKO";-e"&$s?<U'

<9Hs;-e"&$s?<U'<9,J1lPJj^;s#=./i$"sHNJ

S2<7gs&Dj<+i" VSystem AdministrationWU)k@<r+-"

VInterfaces Wr/jC/7F"+,NU!$"&)<keNMCHo</&$s?<U'<9Nj9Hr4Y^9#$s?<U'<9N;-ejF#<u7rQ99k

KO"1 DN$s?<U'<9r*r7F"VChangeWr/jC/7^9#

3. VSystem AdministrationWU)k@<NfNVSecurity Policy W@$"m0r"/;97F"lL*J;-ejF#<&]j7<r;CH"CW9k#5?*J Firewall

=.O"J<NH*jG9#

v DNS HqrvD9k

h5O SecureWay Boundary ServerN$s9H<k*hS=. 21

:

v s;-e"&$s?<U'<9XN1sL.aC;<8rq]9k

v s;-e"&"@W?<XN Socksrq]9k

4. Ia$s&M<`&5<S9Ha<k&5<S9r;CH"CW9k# DNS l>j

e<7gsrs!7J$H"z(*JL.OTol^;s#3liN!=O"=./

i$"sHNJS2<7gs&Dj<K"kVSystem AdministrationWU)k@<+

i"/;97^9#

5. =./i$"sHNJS2<7gs&Dj<NfNVNetwork Objects W!=rHQ7F"MCHo</NgWJWGr Firewall KjA9k#VNetwork ObjectsW

O"Firewall rp7?HiU#C/r)f7^9#J<NgWJWGrMCHo<

/&*V8'/HH7FjA7^9#

v Firewall N;-e"&$s?<U'<9

v Firewall Ns;-e"&$s?<U'<9

v ;-e"&MCHo</

v HQ7F$k;-e"&MCHo</eK"kF5VMCH

v HQ7F$k Security Dynamics5<P<*hS Windows NTNIa$s&5<

P<N?aN[9H&MCHo</&*V8'/H (:v9klg)

6. Firewall eN5<S9rHQD=K9k#3liO"(socks^?OWm-7<JI

N) a=CIG"j"=lKhCF";-e"&MCHo</bNf<6<Os;-

e"&MCHo</r"/;9G-^9#IN5<S9r3~9k+O"WhJ,G

TC?hjKhj^9#ltN\3=.GCjN?$WNHiU#C/r;CH"C

W9klgKO"3~5<S9,,WKJklg,"j^9#?H(P"+RN;-

e"&f<6<,"HTTP Wm-7<rQ$F"$s?<MCHeN&'Vr5<U

#s9kNrv9H9lP"I}TO" HTTP Wm-7<&G<bsrU!$"&

)<kK=.9k,W,"kP+jGJ/" HTTP HiU#C/rv9h&J\3

r_j9k3Hb,WKJj^9#

7. Firewall f<6<r;CH"CW9k#"&HP&sIN Web "/;9Nh&J!

=N'Z"^?O Firewall I}TN'Z,,WJlg"=liNf<6<r

Firewall KjA9k,W,"j^9# LDAP bNWm-7<&f<6<r]I9k

?aK SecureWay Policy DirectorrHQ7F$klgO"3N~@GOWm-7

<&f<6<rn.7J$G/@5$# Policy DirectorN=.~K"Policy Director

3s=<krHQ7F Firewall Wm-7<&f<6<rn.7F/@5$#

e-N9FCWO"p\ Firewall =.r)Ae2F"BT9kNKr)DO:G9#

IBM Firewall O"MCHo</N;-ejF#<rNBJbNK9kNrgu9k?a

K"79F`&m0JIN>N!=rs!7F$^9#

Firewall ,5o^?O[oN$:l+G7cCH@&s7?lgGb"=.G<?O"

O<I&G#9/K]I5l"jV<H~K+0*KFh0=5lkNG"FAru1

k3HO"j^;s#?@7"?H(P"/F#V FTP ;C7gsJI"ltN"/

F#V\3,fG5lkH"CjNU!$"&)<k&m0&aC;<8,/87^

9#


Policy Director N}gN?aN SecureWay Firewall N=.Policy DirectorHN}grxQ9k?aKO"Firewall O"SecureWay Boundary Server

&#6<IHloK IBM SecureWay Policy DirectorrHQ9kh&K=.5lF$k

,W,"j^9# IBM SecureWay Policy Director,HQ5lJ$lg"Wm-7<&

f<6<O"Firewall 0iU#+k&f<6<&$s?<U'<9 (GUI) KhCFN_

jA5l^9#=Nh&Jf<6<O"SecureWay Policy DirectorGOI}G-^;

s#

SecureWay Firewall, SecureWay DirectoryHPCrT(kh&K9kKO"\3rn

.9k,W,"j^9# SecureWay DirectoryO"Firewall N;-e"&5$I (;-

e" DMZ ^?O;-e"&MCHo</N$:l+) K"k,W,"j^9#

\3r;CH"CW9k}!KD$FN\YO"IBM SecureWay Firewall for Windows

NT HQTNjz- *hS IBM SecureWay Firewall for AIXHQTNjz- r2H7

F/@5$#\3r;CH"CW9k?aNpsO"J<NH*jG9#

WaNlg"J<O""&HP&sIN,'r;CH"CW9k?aK,WJ`\G

9#

v w.5O Firewall N;-e"&"@W?<&"Il9KJk#

v 8hO SecureWay Directory"Il9KJk#

v w.5]<HO 1023hjg-/Jk#

v 8h]<HO 389 Ky7/Jk#

v $s?<U'<9O!)]n5lk#

v P)XjOm<+kKJk#

v }~O"&HP&sIKJk#

~zNlg"J<O"$sP&sIN,'r;CH"CW9k?aK,WJ`\G9#

v w.5O SecureWay Directory"Il9KJk#

v 8hO Firewall N;-e"&"@W?<&"Il9KJk#

v w.5]<HO 389 Ky7/Jk#

v 8h]<HO 1023hjg-/Jk#

v $s?<U'<9O!)]n5lk#

v P)XjOm<+kKJk#

v }~O$sP&sIKJk#

J<K\3Ncr(7^9#

# Service : ldap# Description:

permit 9.67.130.153 255.255.255.255 9.67.141.85255.255.255.255 tcp gt 1023 eq 389 secure both


outbound l=y f=y t=0 e=none a=none

permit 9.67.141.85 255.255.255.255 9.67.130.153255.255.255.255 tcp/ack eq 389 gt 1023 secure localinbound l=y f=y t=0 e=none a=none

SecureWay Boundary Server;CH"CW&&#6<IrBT7^9#U!$"&)<

k, Policy DirectorHloKn0G-kh&K9k?aN*W7gsr*r7F/@5

$#\7/O"26Z<8NXPolicy DirectorN}gN?aN SecureWay Boundary Server

N=.Yr2H7F/@5$#

SurfinGate Wi0$sGHQ9k?aN SecureWay Firewall N=. (WindowsNT N_)

SecureWay Firewall, SurfinGate5<P<HPCrT(kh&K9kKO"\3rn.

9k,W,"j^9# SurfinGate5<P<O"Firewall N;-e"&5$IK"k,W

,"j^9#

\3r;CH"CW9k}!KD$FN\YO"IBM SecureWay Firewall User’s Guide

for Windows NTr2H7F/@5$#\3r;CH"CW9k?aNpsO"J<N

H*jG9#

WaNlg"J<O""&HP&sIN,'r;CH"CW9k?aK,WJ`\G

9#

v w.5O Firewall N;-e"&"@W?<&"Il9KJk#

v 8hO SurfinGate5<P<N"Il9KJk#

v w.5]<HO 1023hjg-/Jk#

v 8h]<HO 3141Ky7/Jk#

v $s?<U'<9O!)]n5lk#

v P)XjOm<+kKJk#

v }~O"&HP&sIKJk#

WaNlg"J<O"$sP&sIN,'r;CH"CW9k?aK,WJ`\G9#

v w.5O SurfinGate5<P<N"Il9KJk#

v 8hO Firewall N;-e"&"@W?<&"Il9KJk#

v w.5]<HO 3141Ky7/Jk#

v 8h]<HO 1023hjg-/Jk#

v $s?<U'<9O!)]n5lk#

v P)XjOm<+kKJk#

v }~O$sP&sIKJk#

J<K"3Nh&J\3Ncr(7^9#


# Service : SurfinGate Plugin Communication# Description:

permit 9.67.143.113 255.255.255.255 9.67.143.115 255.255.255.255 tcp gt 1023 eq 3141secure local outbound l=y f=ypermit 9.67.143.115 255.255.255.255 9.67.143.113 255.255.255.255 tcp eq 3141 gt 1023secure local inbound l=y f=y

m: \3O18s~eK"k,W,"j^9#

9-cs5lkG<?rHQD=K9k?aKO"SurfinGate5<P<r=.9k,W

b"j^9# SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?

VN<NVPlugin Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?

VNVNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HV

fr~O9k,Wb"j^9#

MAILsweeper rHQ9k?aN SecureWay Firewall N=.SecureWay FirewallKjA5l? Mail ExchangerO"B]N;-e"&a<k&5<

P<GOJ/"MAILsweeper^7sr]$sH7F$k,W,"j^9#

MAILsweeper+NO"a<kr;-e"&a<k&5<P<K[#7^9#

SecureWay Policy Director N=.

SecureWay Directory,9GK$s9H<k5lF$k3HrN'7F/@5$#

SecureWay Directory,$s9H<k5lF$k^7sN"Il9"SecureWay Directory

,0h7F$k]<H" SecureWay Directory5<P<eNI}T ID"*hSI}TQ

9o<IrNk,W,"j^9#

SecureWay Directory LDAP/i$"sHO"SecureWay Policy DirectorH18^7sK

$s9H<k7F/@5$#(SecureWay DirectoryH SecureWay Policy DirectorQK1

8^7srHQ7F$klg"3N/i$"sH,9GK$s9H<kQ_G"klg

,"j^9#)

Policy DirectorWm-7<&f<6<r5]<H9k?aK" SecureWay DirectoryN

LDAP 9-<^rQ99k,W,"j^9#3N9-<^NICO"Policy DirectorK

hCFs!5lk 2 DNU!$kK]I5l^9# Policy Director CDN /schema G

#l/Hj<K"k" secschema.def *hS puschema.def H$&U!$k,,WKJ

j^9#

SecureWay Directory5<P<eN LDAP 9-<^rQ99kKO" Policy Director^

7sG"J<N3^sIrBT7F/@5$#

ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f secschema.def

ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f puschema.def

33G"!NH*jG9#

v <LDAPHOST> O SecureWay Directory 5<P<N>0G9


v <LDAPPORT> O5<P<,0h7F$k]<HG9

v <LDAPADMINUSER> OI}T ID G9

v <LDAPADMINPWD> OI}TQ9o<IG9

Wm-7<&f<6<r5]<H9kh& LDAP 9-<^rQ97?lg"Wm-7

<&f<6<, Policy Director3s=<kr`nG-kh&K9k,W,"j^9#3

lrT&?aKO"¥Program Files¥IBM¥IVConsole G#l/Hj<K"k

console.properties U!$kNfN Proxyusers TaskViewH$&T,3asHKJCF

$kNr"3asHGJ$h&KQ99k,W,"j^9#

SecureWay Directory N=.

SecureWay DirectoryK5U#C/9rjA9k,W,"j^9,"3lO"Policy

Director f<6<,]I5lkk<HH7FHQ5l^9# LDAP K5U#C/9rI

C9kKO"IBM SecureWay Directory Administrator’s Guider2H7F/@5$#?H

(P"5?*J5U#C/9O"J<Nh&KJj^9#

o=yourcompany,c=yourcountry

Policy Directorf<6<r]I9k?aN5U#C/9rIC7?lg"=N5U#C

/9r"/;9)fj9H (ACL) K57/;CH9k,W,"j^9# Policy Director

;-ejF#<&0k<WQN77$5U#C/9KP7F"4"/;9"rs!9k

,W,"j^9# Policy Director;-ejF#<&0k<WKP9k1L> (DN) O"

J<NH*jG9#

cn=securitygroup,secauthority=default

Policy Director N}gN?aN SecureWay Boundary Server N=.

&#6<IrHQ7F SecureWay Boundary5<P<N=.rT&3H,G-^9#3

N&#6<IO"Boundary Server*hS Policy DirectorbG">N=JHloKn0

9k Firewall r;CH"CW9kNK,WJ9FCWr,$I7F$-^9#eK3/

QMk,"LDAP5<P<KX9kAdr7F-^9#,WJpsr9YF~O9k

H"&#6<IO"Policy Director,f<6<*hS0k<WN]j7<QH7FHQ

7F$kNH18 LDAP G<?Y<9rHQ7F"Firewall r;CH"CW7^9#3

N&#6<IO"SurfinGateWi0$sK'ZpsrO9?aK"U!$"&)<k

HTTP Wm-7<N=.H=.r|rT&3HbG-^9 (Windows NT FirewallN

_)#

IBM SecureWay Boundary Serverr=.9kKO"SecureWay Boundary Server&#6

<IrBT7^9# AIX GO3^sI sbswizard rBT7" Windows NTGO"

V9?<H -> Wm0i` -> SecureWay Boundary Server Wr*r7^9#3lKhCF"SBS&#6<I,)Ae2il^9#

1. VSet up Firewall to share an LDAP database with Policy Director WN*W

7gsr*r7^9#


2. =(5lkAdK"13Z<8NXSecureWay Boundary ServerYNpsrHQ7F~

z7^9#

SurfinGate Wi0$srHQD=K9k?aN SecureWay Boundary Server N=

. (Windows NT N_)V9?<H -> Wm0i` -> SecureWay Boundary Server Wr*r7^9#3lKhCF"SBS&#6<I,)Ae2il^9#

1. VConfigure the Firewall HTTP Proxy to pass authentication information tothe SurfinGate plugin WN*W7gsr*r7^9#

2. @$"m0r*;7^9#

SurfinGate N=.

Windows NTGO"J<N 2 D}0G"SurfinGater=.9k3H,G-^9#

v A'<sKJC?Wm-7<H7F

v U!$"&)<k HTTP Wm-7<NWi0$sH7F

AIX GO"SurfinGater=.9k}0OJ<N 1 DG9#

v A'<sKJC?Wm-7<H7F

A'<sKJC?Wm-7<H7FN SurfinGate N=.

/i$"sH Web Vi&6<O"HTTP"FTP"*hS HTTPSN?aNWm-7<H

7F SurfinGaterHQ9kh&K=.5lF$k,W,"j^9# SurfinGate,0h

7F$k]<HVfr,:Xj7F/@5$ (GU)kHO 8080)#

SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?VN<N

VProxy Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?VN

VNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HVfr

^ 2. SurfinGateN=.


~O9k,Wb"j^9#"k$O"ICNWm-7<,9GKjAQ_G"klg

O"!NWm-7<H7F"=liNWm-7<r]$sH9k3H,G-^9#

U!$"&)<k HTTP Wm-7<N?aNWi0$sH7FNSurfinGate N=.

/i$"sH Web Vi&6<O"HTTP"FTP"*hS HTTPSN?aNWm-7<H

7FU!$"&)<k HTTP Wm-7<rHQ9kh&K=.5lF$k,W,"j^

9#U!$"&)<k HTTP Wm-7<,0h7F$k]<HVfr,:Xj7F/@

5$ (GU)kHO 8080)#

SurfinConsole (SurfinGateNI}$s?<U'<9) GO"VGeneralW?VN<N

VPlugin Mode W*W7gsKA'C/rU1k,W,"j^9#VProxyW?VN

VNext ProxyWU#<kIK"Firewall N HTTP Wm-7<N"Il9H]<HVfr

~O9k,Wb"j^9#

m: 3N!=O"SecureWay Firewall for Windows NTGN_HQD=G9#

^ 3. SurfinGateN=.


MIMEsweeper N=.

MAILsweeper N=.

D-,1cG"klgO"MAILsweeperO"$s9H<kfKRMilkAdKhCF

=.9k,W,"j^9#ICN=.rT&KO"SMTP 3s=<kG"V9?<H ->Wm0i` -> MAILsweeper for SMTP -> MAILsweeper Wr*r7^9#\YKD$FO"MAILsweeper Getting Started Guider2H7F/@5$#

WEBsweeper N=.

=.rT&KO"3sHm<k QMkG"WEBsweeper"WlCHr*r7^9#\Y

KD$FO"MIMEsweeper CDK"k WEBsweeper Administrator’s Guider2H7F/

@5$#

WEBsweeper HTTPS N=.

=.rT&KO"3sHm<k QMkG"WEBsweeper HTTPS"WlCHr*r7^

9#\YKD$FO" WEBsweeper Administrator’s Guider2H7F/@5$#

^ 4. MAILsweeperN=.

^ 5. WEBsweeperN=.


dj~_NVmC-s0

CjN IP "Il9rVmC/9k3H,G-kU#k?<rn.9k?aKO"3^

sI&i$s&f<F#jF#<rHQ7^9#VmC/9k"Il9O"3sFsD

!:NkL"0*K=L9k3H,G-^9#3N?aN3^sIO"J<NH*jG

9#

v fwadd_deny

v fwdelete_dynamic

fwadd_denyWm0i`,Qia<?<J7G/05l?lg",WJQia<?<NU)

<^CHrWa9kWmsWH,=(5l^9#

Qia<?<O"J<NH*jG9#

U#k?< IDWindows NT Firewall Nlg: ]irT.9k?aK"1 DN ID

,U#k?<KdjvFil^9# ID O 1 +iO^CF:gKdj

vFil^9#!KHQD=J ID Vfhjbg-J ID ,!k5l

kH"djvFilk ID O"Wm0i`K!k5l? ID VfGO

J/"!KHQD=J ID VfKJj^9#?H(P"ID 1 G?i

+N,',8_7F$F"ID 3 G 1 HNU#k?<,'rn.7h

&H9kH"eojK ID 2 ,djvFil^9#18 ID VfK#

tN,'rdjvFk3H,G-^9#,', delete_dynamicWm0

i`rHQ7Fo|5lkH-KO"=liN,'O ID KhCF2

H5lkNG"ID 4HK,'rn.9kH-K"18 ID r&Q7

F$klgKO"=lir 1 DN0k<WH7Fo|9kbNH7F

Wh9kh&K7F/@5$#

,',9GKIC5lF$kH-KO"HQ5l? ID Vf,=(5

l^9#

U#k?< IDAIX Firewall Nlg: ID OVfGdjvFk3H,G-^9# ?H

(P"U#k?< ID K ID 12 rXj9kH" ID=12 ,djvFi

l^9# AIX GO"U#k?<K18 ID VfrdjvFk3HO

G-^;s#FU#k?<O"H+N ID r}A^9#

w.5 IP "Il9Q1CH,~CF/kw.5KHQ9k IP "Il9O".t@U-

10 J=- (?H(P"255.255.255.255)GXj7^9#

w.5 IP ^9/3NU#<kIOw.5 IP "Il9HloKHQ5l".t@U-

10 J=-G~O5l^9#?H(P"~O5l?w.5 IP "Il9

, 10.5.8.0G"j"w.5 IP ^9/, 255.255.255.0G"klg"

10.5.8.1+i 10.5.8.255^GN9YFNQ1CH,P]KJj^9#


8h IP "Il9Q1CHN8hKHQ9k IP "Il9O".t@U- 10 J=-

(?H(P"255.255.255.255)GXj7^9#

8h IP ^9/3NU#<kIO8h IP "Il9HloKHQ5l".t@U- 10

J=-G~O5l^9#?H(P"~O5l?8h IP "Il9,

10.5.8.0G"j"8h IP ^9/, 255.255.255.0G"kH"10.5.8.1

+i 10.5.8.255^GN9YFNQ1CH,P]KJj^9#

"@W?<

"@W?<XjO"J<NH*jG9#

S ;-e"&"@W?<H7FXj5l?lg

N s;-e"&"@W?<H7FXj5l?lg

B 9YFN"@W?< (;-e"Hs;-e"N>}) Nlg

Xj5l??$W,gW9k 1 D^?O#tN"@W?<+i/.5

l?Q1CHO",'KlW7^9#

-zOO

U!$"&)<krp7FQ1CH,#G9k-zOOO3NQia

<?<rHQ7FXj5l"3lKO"J<N$:l+NM,D=G

9#

L m<+k&Q1CHNlg

R P)Xj5l?Q1CHNlg

B m<+k&Q1CHHP)Xj5l?Q1CHN>}Nlg

}~ HiU#C/,"$sP&sI""&HP&sI"^?O>}~NI

AiK.lk+rXj7^9#

I $sP&sI&HiU#C/Nlg

O "&HP&sI&HiU#C/Nlg

B $sP&sIH"&HP&sIN>}NHiU#C/Nlg

m0-?

0*U#k?<h0KP7F"m0-?r*sK9kKO Y rXj

7"m0-?r*UK9kKO N rXj7^9#

fwdelete_dynamic3NWm0i`,Qia<?<J7G/05l?lg"J<Nh&K"=_j

A5lF$k9YFN0*U#k?<,j9H5l^9#

>>>> Dynamic Rule Id = 1>>>>>>>> Jump = 0>>>>>>>> Filter Action = Deny


>>>>>>>> Source Address = 9.192.8.7>>>>>>>> Source Mask = 255.255.255.0>>>>>>>> Destination Address = 9.192.240.1>>>>>>>> Destination Mask = 255.255.255.0>>>>>>>> Protocol = Any>>>>>>>> Source Port = Any 0>>>>>>>> Destination Port = Any 0>>>>>>>> Adapter = Both (Secure and NonSecure)>>>>>>>> Scope = Both (Routed and Local)>>>>>>>> Direction = Both (Inbound and Outbound)>>>>>>>> Tunnel Id = 0>>>>>>>> Logging Enabled = Unavailable>>>>>>>> Fragments Allowed = No

m: fwdelete_dynamic 3^sIO"o|5lk,',"=[5l? ID r}CF$k+

I&+rGiK!:9kH-KHQ9k,W,"j^9#

Wm0i`,-zJU#k?< ID rHQ7F/05lkH"0*,',o|5l"o

|5l?,'Nt,V x Rules found with id: xWH$&AG=(5l^9#

EW: E#7FU#k?<rIC7h&H9kH"U#k?<,9GK8_7F$k3HrNi;F-^9#U#k?< ID rXj;:KU#k?<rIC7h&H9kH"Yp(i<ru1hj^9#

AIX Ndj~_VmC-s0GO"eLlYkN,';CHNfK,',"kH"eq

-5lkD=-,"j^9#dj~_VmC-s0,HQ5lklg"[HsIN,'

O"<LlYkN,';CHNfK~lF*/,W,"j^9#0*,'O"3liN

2 DN,';CHNfVKIC5l^9#eLlYkN,'NfKHiU#C/rvD

9kbN,"kH"0*,'rHQ7FHiU#C/r*UK9k3H,G-J/Jj

^9#

=.NF9H

0Kb@7?9YFN;CH"CWr*;7?e"=N;CH"CWrF9H9k,W

,"j^9# SecureWay Boundary ServerN=.rF9H9kKO"J<Nh&K7^

9#

1. Policy DirectorrHQ7F Firewall Proxyf<6<r;CH"CW7^9#;-e

" TelnetQN Firewall Q9o<IrHQ9kh&Kf<6<r;CH7"=Nf<

6<QNQ9o<Ir;CH7^9#

2. SecureWay Boundary Server&#6<IrBT7F" Firewall H Directory (LDAP)

NVNjs/rN)7^9#

3. ;-e"&/i$"sH+iWm-7< Telnet;C7gsr+O7^9#

4. Policy DirectorGf<6<&;CH"CWr~O7^9#

5. Q9o<Ir~O9kh&WmsWH,P5l^9#

6. 3lG'Z5l^7?#


::::::

h6O X"qA

\OKj9H7F$kqArHQ9kH" IBM SecureWay Boundary ServerP<8gs

2.0 *hSX"=JN\Yr~jG-^9#

IBM SecureWay FirstSecure

IBM SecureWay FirstSecureWh*hS}gNjz- P<8gs 2.0 KO"FirstSecure

KX9kps,^^lF$^9#3NqAGO"FirstSecure*hS FirstSecurer=.

9k=JKD$Fb@7""ifk IBM SecureWay=JrHQ9kWhr)FkeG

rK)A^9#

IBM SecureWay Firewall

J<NqAKO"IBM SecureWay Firewall for Windows NTKX9kps,^^lF*

j"IBM SecureWay Firewall CDN x:¥books¥en_US G#l/Hj<K"j"PDF A0

H HTM A0GHQD=G9#

v IBM SecureWay Firewall for Windows NT;CH"CW*hS$s9H<kNjz-

v IBM SecureWay Firewall for Windows NTHQTNjz-

v IBM SecureWay Firewall for Windows NTrbq

v Guarding the Gates Using the IBM eNetwork Firewall for Windows NT 3.3(lCIV

C/)

J<NqAKO"IBM SecureWay Firewall for AIXKX9kps,^^lF*j"IBM

SecureWay Firewall CDN books/en_US G#l/Hj<K"j" PDF A0H HTM A

0GHQD=G9#

v IBM SecureWay Firewall for AIX;CH"CW*hS$s9H<kNjz-

v IBM SecureWay Firewall for AIXHQTNjz-

v IBM SecureWay Firewall for AIXrbq

v A Comprehensive Guide to Virtual Private Networks, Volume 1: IBM Firewall, Servers

and Client Solutions(lCIVC/)

MIMEsweeper

MAILsweeperJ<NqAKO"MAILsweeperKX9kps,^^lF*j" MIMEsweeper CDN

¥install N<K"PDF A0H HTM A0GHQD=G9#

v Getting Started GuideO ¥install¥MSW4_0_2¥Doc¥qsg.pdfK"j^9#


v ReadmeO ¥install¥MSW4_0_2¥README.htmK"j^9#

WEBsweeperJ<NqAKO"WEBsweeperKX9kps,^^lF*j" MIMEsweeper CDN

¥install N<K"PDF A0H HTM A0GHQD=G9#

v WEBsweeper Administrator’s GuideO ¥install¥WSW3_2_5¥Doc¥manual.pdfK"j^

9#

v Release NoteO ¥install¥WSW3_2_5¥Doc¥RELNOTES.htmK"j^9#

WEBsweeper HTTPS Wm-7<

J<NqAKO"WEBsweeper HTTPSWm-7<KX9kps,^^lF*j"

MIMEsweeper CDN ¥install N<K"TXT A0GHQD=G9#

v ReadmeO ¥install¥WSWHTTPS1_0_2¥readme.txtK"j^9#

SurfinGate

J<NqAKO"SurfinGateKX9kps,^^lF*j" SurfinGate CDN ¥docsN

<K"PDF A0GHQD=G9#

v SurfinGate Installation GuideO ¥Docs¥install.pdfK"j^9#

v SurfinGate User’s ManualO ¥Docs¥manual.pdfK"j^9#

v Release NoteO ¥Docs¥SFG 405 RelNotes.pdfK"j^9#

v SurfinGateWi0$sKX9kpsO"¥docsG#l/Hj<NfK"j^9#


U?A. HiVk7e<F#s0

33GO"SecureWay Boundary ServerKX"9kdjN!PHrhKr)Dpsr(

7^9#

IBM SecureWay Firewall N&LdjNrh

P)XjNdj

IBM Firewall O"VTest IP RoutingWH$&?$HkNVSecurity Policy W@$"m0&\C/9rs!7F*j"P)XjNdjNGPC0KXxG9#3NA'C/&

\C/9rHQD=K7F"+,N\3=.rh0=7F"VConnection Rules

LoggingWrHQD=K7F/@5$#!K"+,NU!$"&)<k&m0r4Y"U

!$"&)<krp7F.lk9YFNQ1CHKD$FN\Ypsr+F/@5$#

3liNF9HO"GiO IP "Il9rHQ7FT$"!K[9H>rHQ7FT$

^9#

U!$"&)<k+i[9HXN PING ,G-J$

djNb@

MCHo</&$s?<U'<9,57/=.5lF$^;s#

d)hV

*Zl<F#s0&79F`NqAr2H7F/@5$#

djNb@

s;-e"&MCHo</XN\3,57/=.5lF$^;s#

d)hV

$s?<MCH&5<S9&WmP$@<K"m7F"guraaF/@5

$#

djNb@

;-e"&MCHo</,k<?<NemK,%5lF$klg"U!$"&

)<kO=Nk<?<KP9kE*P)r}CF$k,W,"j^9#

netstat -rn rHQ7F"E*P)Xjr!:7^9#

netstat -rn

WmH3k&U!_j< 2 Nlg"POOJ<Nh&KJkO:G9#


nrr.nrr.nrr.nrr$s?<MCHKP9kk<?<r=7"3l,GU)kHP)KJ

j^9#GU)kHP)O"E*P) (Flag=UG)G9#

nnn.nnn.nnns;-e"&Ia$sr=7^9#3lO$s?<U'<9P)

(Flag=U) G9#

nnn.nnn.nnn.nnns;-e"&$s?<U'<9r=7^9#

sss.sss.sss;-e"&Ia$sr=7^9#3lO$s?<U'<9P)

(Flag=U) G9#

sss.sss.sss.sss;-e"&$s?<U'<9r=7^9#

ss1.ss1.ss1MCHo</N;-e"&5$IK"k5VIa$sr=7"

srr.srr.srr.srrO"=N5VIa$sXNk<?<r=7^9#3lO"

E*P) (Flag=UG)G9#

127.0.0.1k<WPC/^?Om<+k&[9HG9#3lO$s?<U'<9

P) (Flag=U) G9#

F$s?<U'<9KP9k$s?<U'<9P)r}CF$k,W,"j"

GU)kHP)O"U!$"&)<kNs;-e"&5$INk<?<r]$

sH7F$k,W,"j^9#

d)hV

k<?<KE*P)rIC7^9#k<?<I}TK"m7F/@5$#

route add 3^sIrHQ7F/@5$#

djNb@

3s?/Hrn_F$k;-e"&$s?<U'<9^?O[9HN5VMC

H&^9/,mjG"kD=-,"j^9#

d)hV

/i$"sHN=.f<F#jF#<rHQ7F"^9/N_jr{57^

9#

Destination Gateway Flags ....default nrr.nrr.nrr.nrr UGnnn.nnn.nnn nnn.nnn.nnn.nnn Usss.sss.sss sss.sss.sss.sss Uss1.ss1.ss1 srr.srr.srr.srr UG127 127.0.0.1 U

^ 6. netstat -rn+iNPOc.


;-e"&[9H+is;-e"&[9H (^?O=NU) XN PING,G-J$

djNb@

U!$"&)<kKY\9kFk<?<KO"U!$"&)<kr[(?8h

MCHo</KP9k2<H&'$H7F"U!$"&)<krXj9kE*

P),^^lF$k,W,"j^9#

d)hV

k<?<I}TK"m7F/@5$#

djNb@

;-e"&MCHo</,"RFC 1597KXj5l?lQ"Il9r^`"s

;-e"&MCHo</KP?5lF$J$+"P)XjD=GJ$"Il9

rHQ7F$klg"Q1CHOw.&Ka5l^;s#

d)hV

Windows NTNlgN_: P?Q_N"Il9r}D/i$"sHrHQ7^

9#U!$"&)<kN NAT U#<Ac<r TCP *hS UDP NHiU#

C/KHQG-^9,"NAT O"PING Nh&J ICMP Q1CHNfN"I

l9OQ97^;s#

d)hV

AIX NlgN_: P?Q_N"Il9r}D/i$"sHrHQ7^9#

DNS Nc2

m: DNS O"Windows NTNlgN_G9#

djNb@

Microsoft DNS Service ManagerrHQ7F Microsoft DNS Servicer=.7?

?a"DNS (i<&aC;<8ru1hj^7?#

d)hV

$s9H<kNb@KaCF"J<rTCF/@5$#

1. ¥winnt¥system32¥DNS G#l/Hj<4Nro|9k3HKhCF"

Microsoft DNSr|n9k

2. Microsoft DNSrF$s9H<k9k

3. jV<H9k

4. DNS hotfix rF$s9H<k9k

5. jV<H9k

U?A. HiVk7e<F#s0 37

&LdjNrh - MIMEsweeper

WEBsweeper H MAILsweeper ,18^7sK"jn07F$kh&KO+(J$

djNb@

18^7sG MAILsweeperH WEBsweeperNBTrn_F$kH-Ndj#

d)hV

MAILsweeperr 1 DN^7sN$s9H<k7"WEBsweeperrLN^7s

K$s9H<k7^9#

WEBsweeper NQU)<^s9,c<7F$k

djNb@

WEBsweeperrHQ7F$kH-N Web 3sFsDN@&sm<INYl,

~-G-kbNGO"j^;s#

d)hV

1. WEBsweeper Control Panel"WlCHrHQ7F"m0-?rHQTDK

9k#

2. HQD=JbCHbb.NO<I&'"K WEBsweeperr$s9H<k9

k#

WEBsweeper Ni$;s9Ndj

djNb@

WEBsweeperNJ0NP<8gs,$s9H<k5lF$?^7sK

WEBsweeper 3.2_5r$s9H<k7F$k~K"i$;s9&-<,P)9

klg,"j^9# WEBsweeper,+O9k~K"bt Windows(i<&a

C;<8: 2140,/89klgO"$YsH&Se<"<NfN"Wj1<7

gs&m0r!:7F/@5$# WEBsweeper+iNaC;<8O"

VPAKMSG error: Username conflicts with previously defined license section.W

G9#

d)hV

Windowsl89Hj<+iE$i$;s9&-<r|n7^9# regeditrm

<I7F"Q9X¥¥HKEY_LOCAL_MACHINE¥SOFTWARE¥Content

Technologies¥MIMEsweeper¥LicenseYN<r4YF/@5$#33K#tN-<

,+D+C?lgO"VIBM MIMEsweeper SystemWH$&iYk,U$F$

J$bNro|7^9#jV<H7F/@5$#


g-JU!$kN@&sm<IG WEBsweeper Kdj,/89k

djNb@

WEBsweeperO"U#k?<h}NVKU!$kr]I9k?a">[abj

<rH$T/7F7^C?D=-,"j^9#

d)hV

WEBsweeper5<P<N*}abj<NLr}d7^9#

&LdjNrh - SurfinGate

Microsoft Internet Explorer ,+/H SurfinConsole ,~zrd_9k

djNb@

Internet Explorer,+/H"SurfinConsole"Wj1<7gs,q/J6kq$

r9k+"^?O~zrd_7^9#3liN 2 DN"Wj1<7gsOP)

7"1~KOBTG-^;s#

d)hV

Internet ExplorerH SurfinConsoler1~Km<I7J$G/@5$#

SurfinGate Wi0$sNQU)<^s9,c<9k

djNb@

SurfinGateWi0$srHQ9kH"Web rp7?bP$k&3<IN@&s

m<I,-oaFY/Jj^9#

d)hV

VNext ProxyWU#<kI,"SurfinConsoleNVProxyW;/7gsNfN

SecureWayU!$"&)<k HTTP Wm-7<K_j5lF$k3HrN'

7F/@5$#

U?A. HiVk7e<F#s0 39

U?B. C-v`

\qK*$F"|\GO/=5lF$J$IBM=JJ!#*hSWm0i`K"Wm0

i_s0^?O5<S9KD$F@Z^?Ob@9klg,"j^9#7+7"3N3

HO"@R,3Nh&JIBM=J"Wm0i_s0^?O5<S9r"|\G/=9k

U^,"k3Hr,:7b(9bNGO"j^;s#\qG" IBMi$;s9&Wm0

i`^?O>NIBM=JK@Z7F$kt,,"CFb"3N3HOv:Wm0i`^

?O=JN_,HQD=G"k3HrU#9kbNGO"j^;s#3liNWm0i

`^?O=JKe(F"IBMNN*j-"r/29k3HNJ$!=*K1yJ>RN

Wm0i`"=J^?O5<S9rHQ9k3H,G-^9#?@7"IBMKhCF@

(*KXj5l?bNr|-"3liNWm0i`^?O=JKX"9kT/N>A*

hS!ZO*RMNU$GTCF$?@-^9#

IBM*hS>RO"\qGb@9kgjKX9kCv"JCvPjr^`K&8""^

?Oxn"rj-7F$klg,"j^9#\qO"3liNCv""&8""*hS

xn"KD$F"\qG@(5lF$klgr|-"B\""HQ"yrvz9k3H

rU#9kbNGO"j^;s#B\""HQ"yNvzKD$FO"<-N8hK"

qLKF4Hq/@5$#

)106-0032l~TAh;\Z3z\2-31

APvHj

IBM World Trade Asia Corporation

Intellectual Property Law & Licensing

\Wm0i`Ni$;s9]}TG"(i) H+Kn.7?Wm0i`H=N>NWm0i

`J\Wm0i`r^`KHNVGNpsr9"*hS (ii) r95l?psNj_x

QrD=K9k3Hr\*H7F"\Wm0i`KX9kpsr,WH9k}O"<-

K"m7F/@5$#

Site Counsel, IBM SWG

IBM Corporation

P.O. Box 12195

3039 Cornwallis

Research Triangle Park, NC 27709-2195

USA

\Wm0i`KX9ke-NpsO",ZJroN<GHQ9k3H,G-^9,"-

~Nlgb"j^9#

\qO"Wm@/7gsHQr\*H7?bNGOJ/"$+Jko`N]Zb^^l

F$^;s#3N?a"&Q*hSCjN\*XN,g-N]Zr^a"9YFN]Z

KP7"\qOX?7^;s#


\=JKO"CERN Khj+/"Nd5lk3sTe<?<&=UH&'",^^l^

9#=NHQ=(O"33K^^lk CERN 3sTe<?<&=UH&'"^?O=

Nltr^`lZN=JK*$F@Z5lkbNH7^9#

&8

J<NQlO"IBM CorporationNFq*hS=N>NqK*1k&8G9#

AIX

IBM

Microsoft *hS Windows NTO"Microsoft CorporationN&8^?OP?&8G9#

**SurfinGate O Finjan Software, Ltd.N&8G9#

**MIMEsweeper"**MAILsweeper"*hS **WEBsweeperO"Content Technologies,

Ltd. N&8G9#

2 DN"9?j9/ (**) G=(5l?>NqR>"=J>"5<S9>yO"=l>

lFRN&8^?OP?&8G9#


Ql8

C

/i$"sH (client). LN3sTe<?<&79F`^?OWm;9 (Lo5<P<HFPlk) N5

<S9rWa9k3sTe<?<&79F`^?OWm;9##tN/i$"sH,"1 DN&L5<P

<K&Q"/;9,G-k#

D

GU)kH (default). @(7F?bXj5lJ+C?lgK[j5lk"M"0-"^?O*W7g

s#

DMZ. spuOS (Demilitarized Zone)#0tNf<6<,"kHG<?r}D5<P<K>\"/;9

G-J$h&K9k?aNGP$9#

F

U!$"&)<k (Firewall). "k 1 DNMCHo</+i>NMCHo</XN\3N]n*hS)

frT&!=1L#U!$"&)<kO"u>7J$+^?O5vDNL.HiU#C/,]n5l?M

CHo</K~j~`NrI_7"*r5l?L.HiU#C/@1,]nMCHo</rPF$/h&

K9k#

U!$k>wWmH3k (FTP (File Transfer Protocol)). MCHo</&3sTe<?<VNU!$k

N>wKHQ5lk"Wj1<7gs&WmH3k#jb<H&[9H&79F`NU!$kr"/;9

G-kh&K9k?a" FTP O"f<6< ID H"lgKhCFOQ9o<Ir,WH9k#

G

2<H&'$ (gateway). 2 DN3sTe<?<&MCHo</r[Jk"<-F/Ac<Gj_\39

k!=1L#

I

$s?<MCH (Internet). $s?<MCHQNWmH3kNHrHQ9k"4$&K-,kj_\3M

CHo</N8gG"x0"/;9,v5lk#

ICMP. $s?<MCH)faC;<8&WmH3k (Internet Control Message Protocol)#$s?<MC

H&WmH3k (IP) l$d<NfG"(i<&aC;<8H)faC;<8rhj7&?aKHQ5lk

WmH3k#djl]<H*hSmC?G<?0i`N8h,"5NG<?0i`Nw.5Ka5lk#

$sHiMCH (intranet). $s?<MCH8`H"Wj1<7gs (Web Vi&6<JI) r"H%N

{8N3sTe<?<&MCHo</&$sUi9Hi/Ac<H}g9k"!)]n5l?d_V#


IP. $s?<MCH&WmH3k (Internet Protocol)#G<?rMCHo</^?Oj_\3MCHo</

rp7FP)Xj9k"3M/7gsl9?WmH3k# IP O"eLNWmH3kXH*}XNVNf

VXH7F//#

IP "Il9 (IP address). $s?<MCH&WmH3k&"Il9 (Internet Protocol address)#MCH

o</bN=l>lNGP$9^?Oo</9F<7gsNB]NljrXj9k"G-N 32 SCH&

"Il9#3lO^?"$s?<MCH&"Il9HbFPlk#

IPSEC. $s?<MCH&WmH3k&;-ejF#< (Internet Protocol Security)#MCHo</^?O

MCHo</L.NQ1CHh}XK*1k"+/fN;-ejF#<N,J#

L

k<WPC/&$s?<U'<9 (loopback interface). ps,1879F`bN(sF#F#<r"I

l9Xj7F$klgK"T,WJL.!=r&s9k$s?<U'<9#

N

NAT. MCHo</&"Il9Q9 (Network Address Translation)#U!$"&)<kK*$F";-e

" IP "Il9r0tNP?Q_"Il9KQ99k3H#3lKhCF0tMCHo</HNL.,D

=KJk,"U!$"&)<kbtGHQ5lk IP "Il9r^9/9k#

P

PICS. $s?<MCH&3sFsDN*rQWiCHU)<` (Platform for Internet Content Selection)#

PICSD=J/i$"sHKhj"f<6<O"Il@1N>A5<S9rHQ7?$+r=L7"=l

>lN>A5<S94HK"IN>A,u1~lD=G"IN>A,u1~lD=GJ$+r=L9k3

H,G-k#

ping. $s?<MCH)faC;<8&WmH3k (ICMP) N(3<WaQ1CHr[9H"2<H&'

$"^?Ok<?<K~zru1hk3Hr|T7Fw.9k3^sI#

]<H (port). j]=5l?L.uVr1L9kVf# Web 5<P<O"GU)kHGO"]<H 80

rHQ9k#

WmH3k (protocol). L.,TolklgK"L.79F`N!=1LN`nr)f9k,'N8g#

WmH3kKhj"1 P$H+i=l>lNSCH,w.5lkgxJI"c$lYkGN^7sj_V

N$s?<U'<9N\Yrhj9k3H,G-k#^?"U!$k>wJIN""Wj1<7gs&W

m0i`VGNb$lYkGNr9bhj9k3H,G-k#

S

5<P< (server). MCHo</rp7F>N3sTe<?<K&Q5<S9rs!9k3sTe<?<

G"j"?H(P"U!$k&5<P<"WjsH&5<P<"^?Oa<k&5<P<,"k#


5<P<&"Il9 (server address). MCHo</rp7F>N3sTe<?<K&Q5<S9rs

!9kF3sTe<?< (?H(P"U!$k&5<P<"WjsH&5<P<"^?Oa<k&5<P

<) KdjvFil?G-N3<I#8`N IP "Il9O"32 SCHN"Il9&U#<kIG"k#

5<P<&"Il9O".t@U- 10 JtN IP "Il9+^?O[9H>K9k3H,G-k#

5<S9 (service). 1 D^?O#tNN<IKhCFs!5lk!=G"?H(P"HTTP"FTP"

Telnet,"k#

7'k (shell). f<6<No</9F<7gs+i3^sI&i$sru1~lF"h}9k=UH&

'"# Korn 7'kO"HQD=J$/D+N UNIX 7'kN 1 DG"k#

SMTP. 7sWk&a<k>wWmH3k (Simple Mail Transfer Protocol)#$s?<MCHQNWmH3

kNHK*$F"$s?<MCHD-Nf<6<VGa<kr>w9k?aN"Wj1<7gs&WmH

3kN 1 D# SMTP O"a<kr9gx*hSaC;<8&U)<^CHrXj9k#3NWmH3k

O"<XNWmH3k,Aw)fWmH3k (TCP) G"k3Hr[j7F$k#

T

TCP. Aw)fWmH3k (Transmission Control Protocol)#$s?<MCHGHQ5lkL.WmH3

k# TCP O".j-N"k[9HVNpsr9rs!9k#3NWmH3kO"<XNWmH3kH7

F IP rHQ9k#

TCP/IP. Aw)fWmH3k / $s?<MCH&WmH3k (Transmission Control Protocol/Internet

Protocol)#=l>lNMCHo</KHQ5lF$kL.F/Nm8<KX8J/"MCHo</VGN

L.rD=K9kh&_W5l?WmH3kNH#

Telnet. <v(_el<7gs&WmH3kG"j"jb<H\35<S9N?aN TCP/IP"Wj1<

7gs&WmH3kN 1 D# TelnetKhj"5$HNf<6<O"=Nf<6<No</9F<7gs

,"?+b>\=Njb<H&[9HK\35lF$k+Nh&K"/;9G-k#

?$`"&H (timeout). `nN?aKdjvFilF$?~VVV,Pa7?3H#

U

UDP. f<6<&G<?0i`&WmH3k (User Datagram Protocol)#$s?<MCHQNWmH3k

NHK*$F".j-NJ$"3M/7gsl9?G<?0i`&5<S9rs!9kWmH3k#3l

Khj""k^7s^?OWm;9eN"Wj1<7gs&Wm0i`O"LN^7s^?OWm;9e

N"Wj1<7gs&Wm0i`KG<?0i`rw.9k3H,G-k# UDP O"G<?0i`rw

#9k?aK"$s?<MCH&WmH3k (IP) rHQ9k#

V

VPN. >[d_V (Virtual Private Network)# 2 DJeNMCHo</K\35lk"1 D^?O=lJ

eN;-e" IP HsMkP)+iJkMCHo</#

Ql8 45

W

Web. Wm0i`HU!$k,^^l"=liN?/O HTTP 5<P<eN>N8qXNjs/r^`

O$Q<F-9H8q,^^lF$k"HTTP 5<P<NMCHo</#o<kI&o$I&&'V

(WWW) HbFV#

WTE. Web Traffic Express (WTE)#bYKz(=5l?-cC7e}0rHQ7F"(sI&f<6<

N~z~Vrb.=9kNKr)Fk"-cC7s0&Wm-7<&5<P<N 1 D#@p-N"k

PICSU#k?<h}O" 1 DNf{_VljK"k Web Y<9NpsK"/;99kNr"MCHo

</I}T,)f9kNKr)D#

&#6<I (wizard). CjN?9/KD$Ff<6<r,$I9k?aK"9FCWP$9FCWNX

(rHQ9k""Wj1<7gsbN@$"m0#


IBM

tJVf: CT6RZJA

Printed in Japan

GC88-8558-00

CT6RZJA

and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/ja_JA/PDF/sct6rzja.pdf · SecureWay®...

Documents

Transcript of and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/ja_JA/PDF/sct6rzja.pdf · SecureWay®...