20 Minutes and your own UTM is Ready

Continued from page: 1

Monday, May 14, 2007

This means you can activate the terminal display on the com port, which can be accessed through hyperterminal. This way you do not need a display card and get a true headless appliance. In case you are using a rack mountable appliance such as a cabinet for the UTM, this would be the ideal way to go. After you are done with all these, the installer will start installing packages. If you have installed it on the machine specs we suggested, then the installation should not take more than 10 mins. When all the packages are installed, the installer will ask you for the IP address of the Green (internal or private) network. Here assign any free IP address of your network.

Make sure that you provide it a static address and remember it else you will not be able to access the management interface of the device. After that, you will be presented with two more screens—one each for keyboard and time-zone selection. After you are done with the settings, move ahead where you have to set the hostname for the UTM device and then the domain name. Next, you will be asked to provide the password for the ‘root’ user. Key it in and proceed. On the next screen, it will again ask for a password. But this time it is the password for the ‘admin’ user by which you will be accessing the management console of the device. After this is done, reboot once and your UTM is ready for configuration.

Configuring the UTM
Endian’s web based interface can be accessed from https://<utm’s_ip_address>:10443. It will ask you to verify the SSL certificate of the site and when you do so, you will reach the first page of the Endian interface. Most of the configuration will take place from this site itself. So, let us take different configuration components one by one and elaborate them.

The Network setup
When you are running the UTM for the first time, you have to first configure the network and subnets for all the three networks (or two if you don’t have a DMZ). Here the three networks are Green (internal or private), Red (External or public) and Orange (DMZ). To start with the configuration, click on ‘Network Configuration’ on the left side of the first page. It will ask you for the type of the Red interface you have and how it will get an IP, that is, whether you have an ADSL Internet line or an Ethernet one. Further if it is Ethernet, will it get an IP from your ISP’s DHCP or you have to give it manually. Select the relevant value.

Configuring the proxy
Endian can be configured as a proxy service that will cache web pages to make your Internet browsing faster. To configure it, go to the Proxy Menu at the top of the page. Enable the proxy, which is essentially Squid, by selecting the ‘Enable on Green’ check box. If you want to make the proxy transparent, which means you don’t have to provide Proxy address and port in every machine, enable the ‘Transparent on Green’ checkbox. In the proxy field, provide the proxy port on which the proxy server will receive the client requests. By default, it is ‘8080’. If you also want to enable anti virus and content filtering over your proxy or web traffic, enable the ‘Content enabled’ and ‘Anti virus enabled’ options. These settings should take care of most of the settings for a standard proxy server. For fine-tuning, you can scroll down.

Content filtering
Endian uses dansguardian for content filtering. Unlike the original dansguardian application that provides text based configuration files, in Endian, everything is GUI based. Using it is pretty straightforward. First click on the ‘Content Filter’ link in the proxy page and you will be presented with a page with four sections.

The first asks you the score to use for blocking sites. By default, its value is 160, which is suitable for any adult. You can change the score depending upon your own requirement. Just remember that the larger the number, the more liberal is the blocking. The next section has 23 different categories of words. Select the categories that you want to block. Then scroll down to the next section to see another 11 categories. Select the ones you want to block the content of. In the last section, you can explicitly allow or deny any website.

Enabling spam filter
Endian lets you configure spam filter and anti virus on both your POP3 and SMTP mail. To do that, go to the ‘POP3’ and ‘SMTP’ links inside the proxy menu and enable both, the anti virus and the spam filter in it. You can then click on the ‘Spamfilter’, define the keywords you want to add, and tag incoming spam. By default, it is tagged as ‘****SPAM****’. You can add links to the black and white lists. The links can be in both username@xyz.com and *@xyz.com forms. You can configure other types of proxies in Endian too, such as SIP, FTP and DNS.

Enabling IDS
Endian uses Snort for intrusion detection. To activate it, go to Services>Intrusion Detection’ and enable snort for both Green and Red networks. The IDS logs can be seen at Logs>IDS Logs section. Here you can also select the type of license you want to use for snort signatures. There are three options to select from—the community, the registered users and the paid customers. The first two are free but you have to buy a license from Snort for the third one. ¨

Page(s)   1  2