Stormshield SN series Manuals

Manuals and User Guides for Stormshield SN series. We have 2 Stormshield SN series manuals available for free PDF download: Configuration Manual, Product Presentation And Installation

Stormshield SN series Configuration Manual (448 pages)

Brand: Stormshield | Category: Firewall | Size: 8.62 MB

Table of Contents
2
Welcome
11
- Recommendations on the Operating Environment
  11
  - Introduction
    11
  - Security Watch
    12
  - Physical Security Measures
    12
  - Organizational Security Measures
    12
  - Human Media
    13
  - IT Security Environment
    13
- User Awareness
  15
  - Administrator Management
    15
  - User Password Management
    16
  - Work Environment
    17
  - User Access Management
    17
Default Options" Tab
19
- SSL VPN Portal
  19
- Ipsec
  19
- Ssl Vpn
  19
- Sponsorship
  20
- Detailed Access" Tab
  20
- Possible Operations
  20
- Configuration Table
  20
- PPTP" Tab
  22
Access Privileges
19
Active Update
23
- Automatic Updates
  23
- Advanced Configuration
  23
  - Update Servers
    23
  - Update Servers of the Stormshield Network URL Database
    23
Audit Logs
24
- Collaborative Security
  24
- Storage Device: SD Card
  24
- Logs
  25
  - Possible Operations
    25
  - Interactions
    27
  - Views
    28
  - Logs
    29
Administrators" Tab
31
- Possible Operations
  31
  - Table of Privileges
    32
  - Administrator Account" Tab
    34
Administrators
31
General" Tab
36
Antispam
36
Antivirus
40
- Antivirus Engine
  40
- Parameters
  40
  - Analysis of Clamav Files
    40
  - Analysis of Kaspersky Files
    40
Applications and Protections
41
- View by Inspection Profile
  41
  - Selecting the Configuration Profile
    41
  - The Various Columns
    43
- View by Context
  44
Available Methods" Tab
46
- Authentication Methods
  46
- Authentication Policy" Tab
  53
- Actions on the Rules of the Authentication Policy
  53
- New Rule
  54
- Captive Portal" Tab
  55
  - Captive Portal
    55
  - SSL Server
    56
  - Conditions of Use for Internet Access
    56
  - Advanced Properties
    56
  - Internal Interfaces" and "External Interfaces" Tabs
    57
  - User Passwords
    57
  - Authentication Periods Allowed
    57
  - Advanced Properties
    57
- Transparent or Explicit HTTP Proxy and Multi-User Objects
  59
  - Multi-User Objects
    59
  - Transparent Proxy (Implicit)
    59
  - Explicit Proxy
    60
Authentication
46
Block Messages
61
- Antivirus Tab
  61
  - POP3 Protocol
    61
  - SMTP Protocol
    61
  - FTP Protocol
    61
  - HTTP Block Page" Tab
    61
  - Block Page Tabs
    62
  - Editing Block Pages
    62
Certificates and Pki
64
- Possible Operations
  64
- Search Bar
  64
- Filter
  64
- Add
  65
- Delete
  65
- Action
  65
- Download
  66
- Check Usage
  66
- Adding Authorities and Certificates
  67
Cli Console
75
- List of Commands
  75
- Data Entry Zone
  75
- General Configuration" Tab
  77
  - General Configuration
    77
  - Cryptographic Settings
    77
  - Password Policy
    78
  - Date/Time Settings
    78
  - Hardware
    79
  - Advanced Properties
    80
  - Firewall Administration" Tab
    81
  - Access to the Firewall's Administration Interface
    81
  - Access to Firewall Administration Pages81
    81
  - Remote SSH Access
    82
  - Network Settings" Tab
    82
  - Ipv6 Support
    82
  - Proxy Server
    82
  - DNS Resolution
    83
Configuration of Monitoring
84
- Interval between Refreshments
  84
- Configuration of Interfaces and Qos Queues to be Monitored
  84
  - Interface Configuration" Tab
    84
  - Qos Configuration" Tab
    84
Dashboard
85
- The Module Configuration Menu
  85
  - My Favorites
    85
- The Dynamic Area: Widgets
  86
  - Network
    87
  - Alarms
    87
  - Resources
    88
  - License
    88
  - Hardware
    88
  - Properties
    89
  - New Applications
    90
  - Services
    90
  - Active Update
    90
  - Interfaces
    90
  - High Availability
    90
  - Stormshield Management Center
    90
  - Sandboxing
    91
  - Sns-En-User_Configuration_Manual-V3 - Copyright © Stormshield
    91
Dhcp
92
- General
  92
- DHCP Server" Service
  92
  - Default Settings
    92
  - Address Range
    92
  - Reservation
    93
  - Advanced Properties
    94
  - DHCP Relay" Service
    95
  - Parameters
    95
  - Listening Interfaces on the DHCP Relay Service
    95
Directories Configuration
97
- Main Window
  97
  - Add a Directory" Button
    97
  - Action" List
    97
- Creating an Internal LDAP
  97
- Connecting to an External LDAP Directory
  99
- Connecting to a Posixaccount External LDAP Directory
  103
- Connecting to a Microsoft Active Directory
  106
Dns Cache Proxy
110
- Enable DNS Cache
  110
  - List of Clients Allowed to Used the DNS Cache
    110
  - Advanced Properties
    110
Dynamic Dns
112
- List of Dynamic DNS Profiles
  112
- Configuring a Profile
  112
  - DNS Resolution
    112
  - Dynamic DNS Service Provider
    112
  - Advanced Properties
    113
Configuration" Tab
114
- Enable E-Mail Notifications
  114
- SMTP Server
  114
- E-Mail Sending Frequency (in Minutes)
  114
- Intrusion Prevention Alarms
  115
- System Events
  115
- Recipients" Tab
  116
- Creating a Group
  116
- Deleting a Group
  116
- Check Use
  116
- Templates" Tab
  117
- Editing the Template (HTML)
  117
- Vulnerability Manager
  117
- Certificate Request
  117
- User Enrollment
  117
- List of Variables
  118
- Example of a Report Received by E-Mail Regarding Alarms
  118
E-Mail Alerts
114
Enrolment
119
- The Enrolment Table
  119
  - Possible Operations
    119
  - User Enrolment and Certificate Requests
    119
  - Advanced Properties
    120
Filtering and Nat
121
- Evaluation of Filtering and the Impact of NAT
  121
  - Fast-Path" Mode
    121
- Policies
  121
  - Selecting the Filter Policy
    122
  - Possible Operations
    123
  - Selecting Multiple Objects
    123
  - Drag & Drop
    123
  - Filtering" Tab
    123
  - Actions on Filter Policy Rules
    124
  - Filter Table
    126
  - NAT" Tab
    138
  - Actions on NAT Policy Rules
    138
  - NAT Table
    140
High Availability
147
Configuration" Tab
153
- General
  153
- Alarms
  153
- Antivirus
  153
- Sandboxing
  153
- Hosts" Tab
  154
  - Included List
    154
  - Advanced Properties
    154
Host Reputation
153
Identification Portal
155
- Connection
  155
  - Presentation
    155
- Logging off
  156
Implicit Rules
158
- Implicit Filter Rules
  158
  - Rule Table
    158
  - Advanced Properties
    159
Inspection Profiles
160
- Security Inspection
  160
  - Global Configuration for each Profile
    160
  - Configuring Profiles
    161
Encryption Policy - Tunnels" Tab
162
- Site to Site (Gateway-Gateway)
  163
- Anonymous - Mobile Users
  166
- Peers" Tab
  169
- List of Peers
  170
- Peer Information
  170
- Identification" Tab
  175
- Approved Certificate Authorities
  175
- Mobile Tunnels: Pre-Shared Keys
  176
- Encryption Profiles" Tab
  176
- Default Encryption Profiles
  176
Ipsec Vpn
162
Interfaces
180
- Operating Mode between Interfaces
  180
  - Advanced Mode
    180
- Bridge Mode or Transparent Mode
  180
- Hybrid Mode
  181
- Link Aggregation (LACP) - SN510, SN710, SN910, SN2000, SN3000, SN6000 and NG Models
  181
- Conclusion
  181
Presentation of the Configuration Screen
181
- Directory of Interfaces
  182
- Toolbar
  183
Creating a Bridge
183
- Identifying the Bridge
  183
- Address Range
  184
General" Tab
184
Modifying a Bridge
184
Advanced Properties" Tab
185
Bridge Members" Tab
187
Configuration of the Interface" Tab
187
Deleting a Bridge
187
Modifying an Ethernet Interface (in Bridge Mode)
187
Advanced Properties" Tab
189
Modifying an Ethernet Interface (Advanced Mode)
191
Creating a VLAN
191
Configuration of the Interface" Tab
194
Modifying a VLAN
194
Advanced Properties" Tab
195
Deleting a VLAN
197
Creating a Modem
197
- Step 1
  197
- Customized 3G/4G Modem Profile
  198
- Step 2
  199
Modifying a Modem
199
- Pppoe Modem
  199
- PPTP Modem
  200
- PPP Modem
  200
- 4G Modem
  201
Deleting a Modem
202
General Remarks on Configuring Modems
202
Creating a GRETAP Interface
202
Modifying a GRETAP Interface
202
Configuration of the Interface" Tab
203
Advanced Properties" Tab
204
Converting an Interface to Link Aggregation (LACP)
205
General" Tab
208
- Buttons
  208
- Dates
  208
- Important Information about the License
  208
- Installing from a File
  209
- Advanced Properties
  209
- License Details" Tab
  210
- Buttons
  210
- The Table
  210
Licence
208
Local Storage" Tab
213
- Configuration of the Space Reserved for Logs
  214
- Syslog" Tab
  215
- Table of Syslog Profiles
  215
- Configuring a Profile
  215
- IPFIX" Tab
  216
- Advanced Properties
  216
Logs - Syslog - Ipfix
213
Configuration" Tab
218
- System Disk
  218
- High Availability
  218
- System Report (Sysinfo)
  219
- Backup" Tab
  219
- Configuration Backup
  219
- Configuration Automatic Backup
  219
- Restore" Tab
  221
- Restore Configuration
  221
- Automatic Backup Restoration
  221
- System Update" Tab
  222
- Advanced Properties
  222
Maintenance
218
Monitoring
224
- The Table
  224
- System Monitoring
  224
- Interface Monitoring
  225
- Qos Monitoring
  226
- Host Monitoring
  227
- User Monitoring
  232
- Connection Monitoring
  236
- Route Monitoring
  238
Network Objects
239
- Possible Actions
  239
  - Filter
    240
- The Different Types of Objects
  240
  - Host
    240
  - Network
    241
  - IP Address Range
    241
  - Port - Port Range
    241
  - IP Protocol
    242
  - Group
    242
  - Port Group
    243
  - Router
    243
  - Geographic Group
    245
  - DNS Name (FQDN)
    245
  - Time Object
    246
Pptp Server
247
- General Configuration
  247
  - Parameters Sent to PPTP Clients
    247
- Advanced Configuration
  247
  - Traffic Encryption
    247
Preferences
248
- Logon Settings
  248
- Application Settings
  248
- Management Interface Behavior
  249
- External Links
  249
- Log Settings
  249
Protocols
250
- Search
  250
- List of Protocols
  250
- Profiles
  250
  - Selecting a Profile
    250
  - Buttons
    251
- Global Protocol Configuration
  251
  - Global Configuration of the TCP/UDP Protocol
    252
  - Global Configuration of the SSL Protocol
    252
- Http
  253
- IPS" Tab
  253
- Proxy" Tab
  256
- ICAP" Tab
  257
- Analyzing Files" Tab
  258
  - Sandboxing" Tab
    259
- Smtp
  260
- IPS" Tab
  260
- Proxy" Tab
  261
- SMTP Commands" Tab
  261
- Analyzing Files" Tab
  262
  - Sandboxing" Tab
    263
- Pop3
  263
- IPS - PROXY" Tab
  263
- POP3 Commands" Tab
  264
- Analyzing Files" Tab
  264
- Sns-En-User_Configuration_Manual-V3 - Copyright © Stormshield
  264
- Sandboxing" Tab
  265
IPS" Tab
265
Ftp
265
Proxy" Tab
266
Commands FTP" Tab
267
- FTP Users » Tab
  271
- Analyzing Files" Tab
  271
- Sandboxing" Tab
  271
IPS" Tab
272
Ssl
272
Proxy" Tab
273
Tcp-Udp
274
- Profiles Screen
  275
- IPS" Tab
  276
Icmp
276
Dns
276
- Profiles Screen
  276
Yahoo Messenger (YMSG)
277
- Profiles Screen
  277
Icq - Aol IM (Oscar)
278
- Profiles Screen
  278
Live Messenger (MSN)
278
Tftp
278
MS-RPC Protocol
279
Netbios CIFS
280
- Profiles Screen
  280
Netbios SSN
280
EPMAP Protocol
280
IPS" Tab
281
Mgcp
281
- Profiles Screen
  281
Rtp
281
IPS" Tab
282
Rtcp
282
Rtsp
282
- RTSP Commands
  282
- Maximum Size of Elements (Bytes)
  282
- RTSP Session Settings
  283
- RTSP Features
  283
- Support
  283
Sip
283
- SIP Commands
  284
- Maximum Size of Elements (Bytes)
  284
- SIP Session Parameters
  284
- SIP Protocol Extensions
  284
  - Support
    285
- Modbus
  285
  - General Settings
    285
  - Modbus Settings
    285
  - Managing Modbus Function Codes
    286
  - Support
    286
  - S7 Settings
    286
  - Managing S7 Function Codes
    286
  - Support
    287
- Opc Ua
  287
  - OPC UA Parameters
    287
  - Managing OPC UA Services
    287
- Others
  288
QUALITY of SERVICE (Qos)
289
- Network Traffic
  289
- Bandwidth Reservation or Limitation (CBQ)
  289
- Queues
  289
  - Class-Based Queue (CBQ)
    290
  - Monitoring Queue
    291
  - Priority Queue
    292
  - Available Queues
    292
- Examples of Application and Usage Recommendations
  292
Reports
295
- Collaborative Security
  295
- Storage Device: SD Card
  295
- Activity Reports
  295
  - Possible Operations
    296
  - Interactions
    296
  - Reports
    298
Report Configuration
302
- General" Menu
  302
- Table of Reports and History Graphs
  302
  - List of Reports" Tab
    302
  - List of History Graphs" Tab
    303
Static Routes" Tab
304
- Button Bar
  304
- Presentation of the Table
  305
- Dynamic Routing" Tab
  305
- Advanced Properties
  305
- Sending the Configuration
  305
- Return Routes" Tab
  306
- Button Bar
  306
- Presentation of the Table
  306
Routing
304
Smtp Filtering
307
- Profiles
  307
  - Selecting a Profile
    307
  - Buttons
    307
- Rules
  307
General" Tab
310
- Configuration of MIB-II Information
  310
- Sending of SNMP Alerts (Traps)
  310
- Snmpv3" Tab
  311
- Connection to the SNMP Agent
  311
- Authentication
  311
- Encryption (Optional)
  311
- Sending of Snmpv3 Alerts (Traps)
  311
- Snmpv1 - Snmpv2C" Tab
  312
- Connection to the SNMP Agent
  312
- Sending of Snmpv2C Alerts (Traps)
  313
- Sending of Snmpv1 Alerts (Traps)
  313
- MIBS and Traps SNMP
  313
  - Stormshield Network SNMP Event and Alert (Traps) Format
    313
  - Management Information Bases (Mibs)
    315
Snmp Agent
310
Ssl Filtering
328
- Profiles
  328
  - Selecting a Profile
    328
  - Buttons
    328
- Rules
  329
  - Possible Operations
    329
  - The Table
    329
  - Errors Found in the SSL Filter Policy
    330
Ssl Vpn
331
- General Configuration
  331
- Advanced Properties
  332
General" Tab
334
- Advanced Properties
  335
- Web Servers" Tab
  335
- Adding a Web Server
  335
- Adding an OWA Web Server
  337
- Adding a Lotus Domino Web Server
  338
- Application Servers" Tab
  338
- Configuration with an Application Server
  338
- Configuration with a Citrix Server
  339
- Deleting a Server
  339
- User Profiles" Tab
  340
  - Operating Principle
    340
  - Configuring a Profile
    340
- SSL VPN Services on the Stormshield Network Web Portal
  341
  - Accessing Your Company's Web Sites Via an SSL Tunnel
    341
  - Accessing Your Company's Resources Via an SSL Tunnel
    341
SSL VPN Portal
334
Static Multicast Routing
342
- Actions on Multicast Routing Policy Rules
  342
- New Rule
  342
Stormshield Management Center
343
- Attaching the Firewall to SMC
  343
  - Buttons
    343
System Events
344
- Possible Operations
  344
  - Search
    344
  - Restore the Default Configuration
    344
- List of Events
  344
  - System Alarms List
    345
Configuration" Tab
348
- Temporary Accounts List" Tab
  348
  - The Table
    348
  - Possible Operations
    349
Temporary Accounts
348
Url Filtering
351
- Profiles
  351
  - Selecting a Profile
    351
  - Buttons
    351
- Rules
  351
- Possible Operations
  352
  - The Table
    352
  - Errors Detected
    353
Users
354
- Possible Operations
  354
- Search Bar
  354
- Filter
  355
- Creating a Group
  355
- Creating a User
  355
- Delete
  356
- Check Usage
  356
- List of Users (CN)
  356
- Account" Tab
  357
- Certificate" Tab
  357
- Member of These Groups" Tab
  357
Virtual Interfaces
358
- Creating or Modifying an Ipsec Interface (VTI)
  358
- Creating or Modifying a GRE Interface
  359
  - Button Bar
    359
  - Presentation of the Table
    359
- Creating or Modifying a Loopback Interface360
  360
  - Button Bar
    360
  - Presentation of the Table
    360
Vulnerability Management
361
- General Configuration
  361
  - List of Monitored Network Objects
    362
- Advanced Configuration
  363
  - Exclusion List (Unmonitored Objects)
    363
URL" Tab
364
- URL Category Table
  364
- URL Table
  365
- Certificate Name (CN)" Tab
  366
- Groups of Categories" Tab
  366
- Table of Groups
  366
- URL Database" Tab
  367
Web Objects
364
Ipv6 Support
368
- Details of Supported Features
  368
  - System
    368
  - Network
    368
  - Objects
    369
  - Users
    369
  - Security Policy
    369
  - Monitoring
    369
  - Vpn
    369
  - Notifications
    370
- Unsupported Features
  370
- General Points
  370
- Ipv6 Support
  371
  - Details of Supported Features
    371
  - Unsupported Features
    372
  - General Points
    373
  - Network Settings Tab
    374
- Interfaces
  374
  - Modifying a Bridge
    374
  - Creating a Bridge
    376
  - Modifying an Ethernet Interface (in Bridge Mode)
    377
  - Modifying an Ethernet Interface (Advanced Mode)
    377
  - Creating a VLAN
    378
  - Modifying a VLAN
    378
- Virtual Interfaces
  379
- Ipsec Interfaces (VTI)" Tab
  379
- Loopback" Tab
  379
- Routing
  379
- Ipv6 Static Route" Tab
  379
- Ipv6 Dynamic Routing" Tab
  380
- Ipv6 Return Routes" Tab
  381
- Dhcp
  381
  - General
    381
  - DHCP Server" Service
    382
  - DHCP Relay" Service
    384
- Network Objects
  385
  - Possible Actions
    385
  - The Different Types of Objects
    386
- Filtering
  386
- Filtering" Tab
  386
HOW TO: Implementing a Filter Rule
388
- Requirements
  388
- Creating Network Objects
  388
- Selecting a Filter Policy
  389
- Adding a Filter Rule
  389
- Activating the Filter Policy
  391
- Testing the Filter / NAT Policy
  391
HOW TO: Setting up a NAT Rule
392
- Purpose
  392
- Creating Network Objects
  392
- Selecting a Filter Policy
  393
- Creating a Filter and NAT Rule
  393
- Activating the Filter Policy
  395
- Testing the Filter-NAT Policy
  395
HOW TO: Ipsec VPN - Authentication by Pre-Shared Key
397
- Implementation
  397
  - Configuring the Main Site
    397
  - Configuring the Remote Site
    400
- Checking the Tunnel Setup
  401
HOW TO: Ipsec VPN - Authentication by Certificate
404
- Implementation
  404
- Checking the Tunnel Setup
  413
  - Checking in Stormshield Network Realtime Monitor
    413
  - Incident Resolution - Common Errors
    413
HOW TO: Ipsec VPN - Hub and Spoke Configuration
415
Appendix A: Allowed Names
428
- Firewall Name
  428
- Login and Password
  428
- Comments (Prohibited Characters)
  428
- Interface Names
  428
- Objects
  428
- DNS (FQDN) Name Objects
  429
- Certificates
  429
- Users
  429
- Ipsec Vpn
  429
- Ssl Vpn
  429
- E-Mail Alerts
  429
Appendix B: Structure of an Objects Database in CSV Format
430
- Host
  430
- IP Address Range
  430
- DNS Name (FQDN)
  430
  - Network
    431
- Port
  431
- Port Range
  431
- Protocol
  432
- Service Group
  432
Glossary
433

Stormshield SN series Product Presentation And Installation (66 pages)

Brand: Stormshield | Category: Firewall | Size: 3.26 MB

Table of Contents
2
Foreword

3
Introduction

6
Upon Receiving Your Firewall

8
- Integrity of the Product
  8
- Contents of the Packaging
  9
Safety Rules

11
- All Models Except Sni40
  11
- Sni40 Model
  13
Installation Precautions

15
Installation in a 19" Cabinet and Rack

19
Presentation of Sn Models

24
- SN160 and SN160W Models
  24
- SN210 and SN210W Models
  25
- SN310 Model
  27
- SN510 and SN710 Models
  28
- SN910 Model
  29
- SN2100 and SN3100 Models
  30
- SN6100 Model
  32
- Sni40 Model
  34
Network Connectors

35
Initial Connection to the Product

44
- Requirements
  44
- Connections
  45
- Configuration
  46
- Starting
  46
- Shutting down
  51
Updating the License

53
- Retrieving the License
  53
- Installing the License
  53
Documentation & Assistance

54
Appendix A: Resetting the Firewall

55
- All Models Except SN6100 and Sni40
  55
- SN6100 and Sni40 Models
  56
Appendix B: Log Storage

57
APPENDIX C: MANAGING Ssds

59
- Detecting Issues
  59
- Replacing an SSD
  59
- RAID Option (SN2100)
  60
- Big Data Option (SN2100, SN3100 and SN6100)
  60
Appendix D: Changing a Power Supply Module (Sn2100, Sn3100 and Sn6100)

61
- SN2100 and SN3100
  61
- Sn6100
  62
Appendix E: Configuration and Administration Via Ipmi (Sn6100)

64
- Sn6100
  64

Stormshield Categories

Firewall Network Hardware

More Stormshield Manuals

Stormshield SN series Manuals

Stormshield SN series Configuration Manual (448 pages)

Table of Contents

Stormshield SN series Product Presentation And Installation (66 pages)

Table of Contents

Foreword

Introduction

Upon Receiving Your Firewall

Safety Rules

Installation Precautions

Installation in a 19" Cabinet and Rack

Presentation of Sn Models

Network Connectors

Initial Connection to the Product

Updating the License

Documentation & Assistance

Appendix A: Resetting the Firewall

Appendix B: Log Storage

APPENDIX C: MANAGING Ssds

Appendix D: Changing a Power Supply Module (Sn2100, Sn3100 and Sn6100)

Appendix E: Configuration and Administration Via Ipmi (Sn6100)

Related Products

Stormshield Categories