Implementation Training
description
Transcript of Implementation Training
1
Implementation Training
2
Initial Configuration: Connecting the appliance
Power on the hardware appliance.
Plug cable into Green network port of the appliance.The Green (LAN) interface for every hardware unit is always Ethernet port 1. You
can always use this port to initially access and configure the device via the web interface.
Default IP address of Green (LAN) interface is always 192.168.0.15. Make sure that there is no other machine in the network using this same IP address already before switching on the appliance, otherwise disconnect that machine from the network.
Connect a computer to the Green (LAN) interface via patch cable (for a switch connection) or crossover cable (for a direct connect).
3
Initial Configuration: Access Gatedefender eSeries
Manually configure a local IP on your PC in the 192.168.0.x/24 range.
Access the web interface of GD eSeries on https://192.168.0.15:10443 (or http://192.168.0.15 which will redirect).
4
Initial Configuration: Initial Configuration
Use the initial configuration wizard to setup the essentials of the device
Set the Language & Timezone
5
Initial Configuration
Accept the License Agreement
6
Initial Configuration
Restore from Backup. This option allows you to restore a previous backup configuration to the device. If you have one and want to use it, then select Yes and choose the backup file (.tgz); otherwise, you can select No and click the Forward button to continue.
Set Web / SSH Passwords. Using strong secure passwords is recommended
7
Initial Configuration
GateDefender eSeries coloured network schema.
GREEN local network (LAN)This is the safe area where your trusted computers are located.
ORANGE network for servers connected to the Internet (DMZ) It is meant for the servers that have to provide services on RED (Internet). This way, even if the security of one of these servers has been compromised, the GREEN area will remain safe.
RED external network (WAN)Usually this is the interface connected to the Internet.
BLUE wireless networkThis can be used for your wireless networkand is the default network for the Panda Hotspot feature. This kind of network is usually not as safe as a wired one.
8
Initial Configuration
GateDefender eSeries Network configuration modes:
Router Mode
In Router mode you will be able to fully manage different network zones through eSeries and implement routing between them.
Gateway Mode
In Gateway mode you will be able to intercept traffic between multiple physical interfaces in the same network zone without the need of any routing mechanism.
9
Router Mode
10
Choose the conection type of your primary WAN interface, in this case Gateway
Initial Configuration: Router Configuration Mode
11
Add Network ZonesThe next option will allow you to select any additional network zone you
wish to have configured on your GD eSeries appliance. The available options will depend on the total number of available Ethernet NIC's on the device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.
Initial Configuration: Router Configuration Mode
12
Configure GREEN Zone IP addressIt’s recommended to always use RFC 1918 Private IP address subnets
when configuring the internal network zones of the GD eSeries: Green, Orange, Blue.
Official RFC1918 Private LAN Address Networks:
10.0.0.0/8 (255.0.0.0)172.16.0.0/12 (255.240.0.0)192.168.0.0/16 (255.255.0.0)
Initial Configuration: Router Configuration Mode
13
Configure the RED zoneNow you can configure the Red (WAN) interface according to your ISP
connection type (as selected during Step 1). The configuration is identical to the previous step where you must configure the IP, subnet, and gateway (if necessary), select the appropriate physical interface to use for the Red (WAN) connection, and fill out any other ISP connection specific fields.
Initial Configuration: Router Configuration Mode
14
Configure DNSThis option is only required if you are not using some form of DHCP for
your Red (WAN) connection. You should fill in your ISP-provided or preferred public DNS servers in these fields. Click the Forward button to continue.
Initial Configuration: Router Configuration Mode
15
Setup Email Information (Optional)Here you can provide the administrator (recipient) email account along
with the GD eSeries (sender) address you want to use for notifications. Also you may specify the address of an email smarthost if you require one. Click the Forward button to continue.
Initial Configuration: Router Configuration Mode
16
Apply Configuration The last step is to apply the configuration to the device.
Keep in mind, the changes you made may take up to 20 seconds to be fully applied to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it. You must access the administration interface of the GD eSeries device using the new IP settings either manually or using the link provided in the Web UI.
Initial Configuration: Router Configuration Mode
17
Gateway Mode
18
Choose the conection type of your primary WAN interface, in this case “Gateway”
Initial Configuration: Gateway Configuration Mode
19
Add Network ZonesThe next option will allow you to select any additional network zone you
wish to have configured on your GD eSeries appliance. The available options will depend on the total number of available Ethernet NIC's on the device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.
Initial Configuration: Gateway Configuration Mode
20
Configure GREEN Zone with two interfacesA network zone with multiple network interfaces will act as a “bridge”
and simulate the behavior of a switch.
Initial Configuration: Gateway Configuration Mode
21
Configure the Internet Gateway as if you were configuring any GREEN Zone client
This option will allow you to deploy the GD eSeries into a network using the Green (LAN) interface as your primary network connection and using an existing default gateway that lives within the Green network.
Initial Configuration: Gateway Configuration Mode
22
Configure DNSIn this case you should fill in your primary and secondary DNS servers in
these fields.
Initial Configuration: Gateway Configuration Mode
23
Setup Email Information (Optional)Here you can provide the administrator (recipient) email account along
with the GD eSeries (sender) address you want to use for notifications. Also you may specify the address of an email smarthost if you require one. Click the Forward button to continue.
Initial Configuration: Gateway Configuration Mode
24
Apply Configuration The last step is to apply the configuration to the device.
Keep in mind, the changes you made may take up to 20 seconds to be fully applied to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it. You must access the administration interface of the GD eSeries device using the new IP settings either manually or using the link provided in the Web UI.
Initial Configuration: Gateway Configuration Mode
25
Console Access
26
To use the local console plug a monitor to the VGA port of the appliance and a keyboard to USB port.
You can check the management URL and the Green (zone) IP address You can choose Option #0 “Shell” You can choose Option #1 “Reboot” You can choose Option #2 “Change Root Password” from the menu. You can choose Option #3 “Change Admin Password” from the
menu. If you forgot both Web and CLI/Console passwords you will need to
reset to factory defaults by choosing Option #4 “Restore Factory Defaults” from the menu.
Initial Configuration: Console Access
27
Panda Perimetral ManagementConsole registration
28
Initial Configuration: Panda Perimetral Management Console registration
Registering a device for the very first time is a two-step process: (1) Create user account on Perimetral management console using
provided activation code.(2) Register your GD eSeries device. Once this is done you can register all
subsequent devices using your existing Perimetral management console account information.
29
Initial Configuration: Panda Perimetral Management Console registration
Enter the activation code created
Enter the following information
• Company: INNET CustomerID• Login: INNET Login• Password: INNET Password• Account Description: Company Name
30
Initial Configuration: Register GateDefender eSeries device Enter the following information:
– Account credentials previously created– Enter the activation code– Enter the additional relevant information