Planet CS-2000 Uživatelský manuál Strana 1

CS-2000 UTM Content Security Gateway User’s Manual UTM Content Security Gateway CS-2000 User’s Manual

CS-2000 UTM Content Security Gateway User’s Manual - 4 -1.4 Specification Product UTM Content Security Gateway Model CS-2000 Hardware LAN 1 x 1

CS-2000 UTM Content Security Gateway User’s Manual - 94 - Step13. Right click on the Radius Æ Properties The network authentication service sett

CS-2000 UTM Content Security Gateway User’s Manual - 95 - Step14. Select Grant remote access permission, and Remove the original setting , then c

CS-2000 UTM Content Security Gateway User’s Manual - 96 - Step15. Add Service-Type. Add new RADIUS properties attribute Step16. Add Authenticate

CS-2000 UTM Content Security Gateway User’s Manual - 97 - Step17. Click Edit Profile, select Authentication, and check Unencrypted authenticatio

CS-2000 UTM Content Security Gateway User’s Manual - 98 - Step18. Add Auth User, click Start Æ Setting Æ Control PanelÆAdministrative Tools, selec

CS-2000 UTM Content Security Gateway User’s Manual - 99 - Step20. Complete the Windows 2003 RADIUS Server Settings. Step21. In Authenticatio

CS-2000 UTM Content Security Gateway User’s Manual - 100 - Step23. In Policy Æ Outgoing, apply the Authentication Group (RADIUS included) in Ste

CS-2000 UTM Content Security Gateway User’s Manual - 101 - Step24. When the users connect to the network via the browser, it will show the authe

CS-2000 UTM Content Security Gateway User’s Manual - 102 -5.5.3 Example 3 POP3 Server Authentication To plan the users connect to the WAN through

CS-2000 UTM Content Security Gateway User’s Manual - 103 - Step3. In Policy Æ Outgoing, apply Step2 (The authentication group) in to the policy.

CS-2000 UTM Content Security Gateway User’s Manual - 5 -User authentication Built-in user database with up to 500 entries Support local database,

CS-2000 UTM Content Security Gateway User’s Manual - 104 - Step4. When the users want to connect to the network via browser, it will show the aut

CS-2000 UTM Content Security Gateway User’s Manual - 105 -5.5.4 Example 4 LDAP Server Authentication To plan the users connect to the WAN through

CS-2000 UTM Content Security Gateway User’s Manual - 106 - Step4. In Server Role window, select Active Directory and click Next. The server role

CS-2000 UTM Content Security Gateway User’s Manual - 107 - Step6. In Active Directory Installation Wizard window, click Next. Active directory i

CS-2000 UTM Content Security Gateway User’s Manual - 108 - Step8. In Domain Controller Type window, select Domain controller for a new domain cli

CS-2000 UTM Content Security Gateway User’s Manual - 109 - Step10. In New Domain Name window, enter the Full DNS name for new domain, click Next.

CS-2000 UTM Content Security Gateway User’s Manual - 110 - Step12. In Database and Log Folders window, enter the routes of Database folder and Lo

CS-2000 UTM Content Security Gateway User’s Manual - 111 - Step14. In DNS Registration Diagnostics window, select I will correct the problem late

CS-2000 UTM Content Security Gateway User’s Manual - 112 - Step16. In Directory Services Restore Mode Administrator Password window, enter the Re

CS-2000 UTM Content Security Gateway User’s Manual - 113 - Step18. Complete the Active Directory installation wizard. Complete the active direct

CS-2000 UTM Content Security Gateway User’s Manual - 6 -Chapter 2: Installation 2.1 Installation Requirements Before installing CS-2000, make sure

CS-2000 UTM Content Security Gateway User’s Manual - 114 - Step20. In Active Directory Users and Computers window, right click on the Users, sele

CS-2000 UTM Content Security Gateway User’s Manual - 115 - Step22. In New Object –User window, enter the password, click Next. The new object –

CS-2000 UTM Content Security Gateway User’s Manual - 116 -Step24. In Authentication Æ LDAP , enter the following setting ： The LDAP server sett

CS-2000 UTM Content Security Gateway User’s Manual - 117 - Step26. In Policy Æ Outgoing, apply Step25. (The authentication group) in to the polic

CS-2000 UTM Content Security Gateway User’s Manual - 118 - Step27. When the users want to connect to the network, it will show the authentication

CS-2000 UTM Content Security Gateway User’s Manual - 119 -5.6 Content Blocking CCoonntteenntt BBlloocckkiinngg The content blocking included t

CS-2000 UTM Content Security Gateway User’s Manual - 120 -Content Blocking： URL String  The domain name restricted by the CS-2000 appliance whi

CS-2000 UTM Content Security Gateway User’s Manual - 121 -We set 4 application environments of Content Blocking. No. Range The Application E

CS-2000 UTM Content Security Gateway User’s Manual - 122 -Example 1. URL Only permit the LAN user to access the data in specific web site. ※ The w

CS-2000 UTM Content Security Gateway User’s Manual - 123 - Step1. In Content Blocking Æ URL , add the following setting ：  Click New Entry. 

CS-2000 UTM Content Security Gateway User’s Manual - 7 - 2.3 Login STEP 1: Connect both the Administrator’s PC and the LAN port of the Content Sec

CS-2000 UTM Content Security Gateway User’s Manual - 124 - Step2. In Policy Æ Outgoing, apply the Content Blocking setting in to the policy.

CS-2000 UTM Content Security Gateway User’s Manual - 125 -Example 2. Script To limit the LAN user to access the script data in the web site. Step

CS-2000 UTM Content Security Gateway User’s Manual - 126 - Step2. In Policy Æ Outgoing , apply the Script Content Blocking Setting in to policy ：

CS-2000 UTM Content Security Gateway User’s Manual - 127 -Example 3. Download Blocking To limit the LAN user to download the extension files, vide

CS-2000 UTM Content Security Gateway User’s Manual - 128 - Step2. In Policy Æ Outgoing, apply the Download Content Blocking settings in to the po

CS-2000 UTM Content Security Gateway User’s Manual - 129 -Example 4. Upload Blocking To limit the LAN user to upload the extension files on the in

CS-2000 UTM Content Security Gateway User’s Manual - 130 - Step2. In Policy Æ Outgoing, apply the Upload Content Blocking settings in to the poli

CS-2000 UTM Content Security Gateway User’s Manual - 131 -5.7 IM/P2P Blocking IIMM//PP22PP BBlloocckkiinngg MIS engineer can limit user to use

CS-2000 UTM Content Security Gateway User’s Manual - 132 -Setting IM/P2P Signature Definitions  System can update the IM / P2P signature defini

CS-2000 UTM Content Security Gateway User’s Manual - 133 -We set two examples: No. Range Environment Pages Example 1 IM Limit internal user tr

CS-2000 UTM Content Security Gateway User’s Manual - 8 -STEP 4: Now you can configure the CS-2000 by WEB UI. 2.4 Application PLANET UTM Cont

CS-2000 UTM Content Security Gateway User’s Manual - 134 -Example 1. IM Blocking Limit internal user transfer messages, files and media files by I

CS-2000 UTM Content Security Gateway User’s Manual - 135 - Step2. In Policy Æ Outgoing, add one policy applied to IM blocking setting. Set th

CS-2000 UTM Content Security Gateway User’s Manual - 136 -Example 2. P2P Blocking Limit internal user access internet resources by P2P software.

CS-2000 UTM Content Security Gateway User’s Manual - 137 - Step2. In Policy Æ Outgoing, add one policy applied to P2P blocking setting. Set the

CS-2000 UTM Content Security Gateway User’s Manual - 138 -5.8 Virtual Server VViirrttuuaall SSeerrvveerr When the MIS engineer apply the netwo

CS-2000 UTM Content Security Gateway User’s Manual - 139 -Virtual Server WAN IP  The external IP address (Real IP Address). Mapped To Virtua

CS-2000 UTM Content Security Gateway User’s Manual - 140 -We set 4 virtual server application environments. No . Range The Application Envi

CS-2000 UTM Content Security Gateway User’s Manual - 141 -Example 1 To make the single internal server which provides the services of FTP, web, ma

CS-2000 UTM Content Security Gateway User’s Manual - 142 - Step4. In Service Æ Group , to group the services（DNS , FTP , HTTP , POP3 , SMTP…）pro

CS-2000 UTM Content Security Gateway User’s Manual - 143 - Step7. Complete the IP mapped setting which provided the multiple services to external

CS-2000 UTM Content Security Gateway User’s Manual - 9 -Deployment The CS-2000 appliance deployment  The CS-2000 interface in details: LAN Po

CS-2000 UTM Content Security Gateway User’s Manual - 144 -Example 2 Use the virtual server instead of many of the internal server which only provi

CS-2000 UTM Content Security Gateway User’s Manual - 145 - Step3. In Policy Æ Incoming, add the new policy include Step 2(The virtual server sett

CS-2000 UTM Content Security Gateway User’s Manual - 146 -Example 3 The external users use the VoIP to communicate to the internal user.（VoIP serv

CS-2000 UTM Content Security Gateway User’s Manual - 147 - Step4. In Virtual Server Æ Server 1 , add the new following settings：  Virtual Serve

CS-2000 UTM Content Security Gateway User’s Manual - 148 - Step5. In Policy Æ Incoming, add the new policy included Step4. ( The virtual server s

CS-2000 UTM Content Security Gateway User’s Manual - 149 -Example 4 Use the virtual server instead of many of the internal server which provides t

CS-2000 UTM Content Security Gateway User’s Manual - 150 - Step4. In Virtual Server Æ Server 1 , add the new following settings：  Virtual Serve

CS-2000 UTM Content Security Gateway User’s Manual - 151 - Step5. In Policy Æ Incoming, add the new policy included Step4. ( The virtual server s

CS-2000 UTM Content Security Gateway User’s Manual - 152 -5.9 VPN VV PP NN The CS-2000 appliance provides the features of data encryption and

CS-2000 UTM Content Security Gateway User’s Manual - 153 -VPN RSA  The RSA is a kind of asymmetric cryptography. User has two keys, one is t

CS-2000 UTM Content Security Gateway User’s Manual - 10 -The CS-2000’s Web UI contains two panes. The right pane is an “operation window”. At the

CS-2000 UTM Content Security Gateway User’s Manual - 154 -DES  The data encryption standard for encrypting data and using a 56-byte key. 3D

CS-2000 UTM Content Security Gateway User’s Manual - 155 -5.9.1 VPN Wizard VPN Wizard  VPN Wizard will guide user to finish the VPN settings. 

CS-2000 UTM Content Security Gateway User’s Manual - 156 - Select the VPN Trunk setting to apply to VPN policy VPN setup finished Complete t

CS-2000 UTM Content Security Gateway User’s Manual - 157 -The icons and terms in IPSec Autokey option i  Use the icon to display the VPN connec

CS-2000 UTM Content Security Gateway User’s Manual - 158 -The icons and terms in PPTP server option PPTP Server  Can enable or disable the funct

CS-2000 UTM Content Security Gateway User’s Manual - 159 -The icons and terms in PPTP Client option i  Use the Icon to display the VPN connect

CS-2000 UTM Content Security Gateway User’s Manual - 160 -The icons and terms in VPN Trunk option i  Use the icon to display the VPN trunk conn

CS-2000 UTM Content Security Gateway User’s Manual - 161 -We set 6 VPN application environments. No. Range The Application Environments Pages

CS-2000 UTM Content Security Gateway User’s Manual - 162 -5.9.2 Example 1 To access the static subnet resources via the IPSec VPN connection betwe

CS-2000 UTM Content Security Gateway User’s Manual - 163 - Step2. In IPSec Autokey Æ Name, enter VPN_A. In WAN Interface, select WAN 1, to build

CS-2000 UTM Content Security Gateway User’s Manual - 11 -Chapter 3: System 3.1 Administration Generally speaking, the system administration refer

CS-2000 UTM Content Security Gateway User’s Manual - 164 - Step5. In Encapsulation, select ISAKMP Algorithm, as both sides start to build the co

CS-2000 UTM Content Security Gateway User’s Manual - 165 - Step7. In Perfect Forward Secrecy（NO-PFS/ GROUP 1,2,5）, select GROUP 1. In ISAKMP Lif

CS-2000 UTM Content Security Gateway User’s Manual - 166 - Step9. In VPN Æ VPN Trunk , add the following settings：  In Name, enter the Trunk Nam

CS-2000 UTM Content Security Gateway User’s Manual - 167 - Step10. In Policy Æ Outgoing , add the following settings：  Authentication User, sel

CS-2000 UTM Content Security Gateway User’s Manual - 168 - Step11. In Policy Æ Incoming ：  Schedule, select Working_Time.  Qos, select QoS

CS-2000 UTM Content Security Gateway User’s Manual - 169 -The B Company‘s default gateway is the LAN IP 192.168.20.1 of the CS-2000. Step1. In

CS-2000 UTM Content Security Gateway User’s Manual - 170 - Step3. In IPSec Autokey, enter VPN_B in the VPN Name. In WAN interface, select WAN 1,

CS-2000 UTM Content Security Gateway User’s Manual - 171 - Step6. In Encapsulation, select ISAKMP Algorithm, and choose the needed algorithm as b

CS-2000 UTM Content Security Gateway User’s Manual - 172 - Step8. In Perfect Forward Secrecy （NO-PFS/ GROUP 1, 2, 5）, select GROUP 1. In ISAKMP

CS-2000 UTM Content Security Gateway User’s Manual - 173 - Step10. In VPN Æ VPN Trunk , add the following setting：  Name, enter the Trunk name

CS-2000 UTM Content Security Gateway User’s Manual - 12 -Administrator Administrator:  The title of chief administrator and sub administrator.

CS-2000 UTM Content Security Gateway User’s Manual - 174 - Step11. In Policy Æ Outgoing, add the following setting：  Authentication User, sele

CS-2000 UTM Content Security Gateway User’s Manual - 175 - Step12. In Policy Æ Incoming , add the following settings：  Schedule, select Working

CS-2000 UTM Content Security Gateway User’s Manual - 176 - Step13. Complete to set the IPSec VPN connection. The IPSec VPN deployment

CS-2000 UTM Content Security Gateway User’s Manual - 177 -5.9.3 Example 2 The way to set the CS-2000 appliance IPSec VPN connection in Windows 200

CS-2000 UTM Content Security Gateway User’s Manual - 178 - The A Company’s default gateway is the LAN IP 192.168.10.1 in the CS-2000. Add the foll

CS-2000 UTM Content Security Gateway User’s Manual - 179 - Step5. In Encapsulation Æ select ISAKMP Algorithm. Select the needed algorithm as bot

CS-2000 UTM Content Security Gateway User’s Manual - 180 - Step7. In Perfect Forward Secrecy（NO-PFS/ GROUP 1,2,5）, select GROUP 1. In ISAKMP Lif

CS-2000 UTM Content Security Gateway User’s Manual - 181 - Step9. In VPN Æ VPN Trunk , add the following settings：  Name, enter the Trunk Name.

CS-2000 UTM Content Security Gateway User’s Manual - 182 - Step10. In Policy Æ Outgoing , add the following settings：  Authentication User, sel

CS-2000 UTM Content Security Gateway User’s Manual - 183 - Step11. In Policy Æ Incoming , add the following settings：  Schedule, select Working

CS-2000 UTM Content Security Gateway User’s Manual - 13 -3.1.1 Admin Step 1. Click Admin Æ New Sub-Admin. Step 2. In Add New Sub Admin , add th

CS-2000 UTM Content Security Gateway User’s Manual - 184 -The B Company’s PC Real IP is 211.22.22.22, add the following settings: Step1. Click St

CS-2000 UTM Content Security Gateway User’s Manual - 185 - Step2. In Run Æ Open column, enter mmc. To startup the Windows 2000 IPSec VPN sett

CS-2000 UTM Content Security Gateway User’s Manual - 186 - Step4. In Add / Remove Snap-in, click Add. In Add Standalone Snap-ins, add IP Secu

CS-2000 UTM Content Security Gateway User’s Manual - 187 - Step5. Select Local Computer, click finish. Select the type of IP Security Policy Ma

CS-2000 UTM Content Security Gateway User’s Manual - 188 - Step6. Complete to set the IP Security Policy Management. Complete to set the IP Sec

CS-2000 UTM Content Security Gateway User’s Manual - 189 -Step8. Click Next. Open IP Security Policy Wizard Step9. Enter the VPN Name an

CS-2000 UTM Content Security Gateway User’s Manual - 190 - Step10. Disable to Activate the default response rule, and click Next. Disable to

CS-2000 UTM Content Security Gateway User’s Manual - 191 - Step12. In VPN_B Properties, do not select Use Add Wizard, and click Add. VPN_B

CS-2000 UTM Content Security Gateway User’s Manual - 192 - Step13. In New Rule Properties, Click Add. New Rule Properties

CS-2000 UTM Content Security Gateway User’s Manual - 193 - Step14. In IP Filter List, do not select Use Add Wizard. Modify the Name into VPN_B

CS-2000 UTM Content Security Gateway User’s Manual Copyright Copyright© 2009 by PLANET Technology Corp. All rights reserved. No part of this publicati

CS-2000 UTM Content Security Gateway User’s Manual - 14 -Changing the Main/Sub-Administrator’s Password Step 1. In Admin, select the admin to cha

CS-2000 UTM Content Security Gateway User’s Manual - 194 - Step15. In Filter Properties Æ Source address Æ A specific IP Address, enter B Compan

CS-2000 UTM Content Security Gateway User’s Manual - 195 - Step16. Complete the setting, and close the IP Filter List. Complete the IP Filte

CS-2000 UTM Content Security Gateway User’s Manual - 196 - Step17. In New Rule Properties Æ Filter Action Æ Require Security. Click Edit. F

CS-2000 UTM Content Security Gateway User’s Manual - 197 - Step18. In Require Security Properties, select Session Key Perfect Forward Secrecy.

CS-2000 UTM Content Security Gateway User’s Manual - 198 - Step19. Select Custom / None / 3DES / MD5 Security Method, click Edit. Edit the Secu

CS-2000 UTM Content Security Gateway User’s Manual - 199 - Step21. Select Data integrity and encryption, choose Integrity algorithm Æ MD5. Encr

CS-2000 UTM Content Security Gateway User’s Manual - 200 - Step23. In New Rule Properties Æ Tunnel Setting, select The tunnel endpoint is speci

CS-2000 UTM Content Security Gateway User’s Manual - 201 - Step25. Select Use this string to protect the key exchange (preshared key), enter the

CS-2000 UTM Content Security Gateway User’s Manual - 202 - Step27. Complete the VPN_B WAN TO LAN settings. Complete the VPN_B WAN TO LAN poli

CS-2000 UTM Content Security Gateway User’s Manual - 203 - Step29. In New Rule Properties, click Add. New Rule Properties Step30. In I

CS-2000 UTM Content Security Gateway User’s Manual - 15 -3.1.2 Permitted IPs Step 1. In Administration Æ Permitted IPs ÆNew Entry , add the sett

CS-2000 UTM Content Security Gateway User’s Manual - 204 - Step31. In Filter PropertiesÆ Source address, select A specific IP Subnet, enter A C

CS-2000 UTM Content Security Gateway User’s Manual - 205 - Step32. Complete the settings, close the IP Filter List. Complete the IP Filter Lis

CS-2000 UTM Content Security Gateway User’s Manual - 206 - Step33. In New Rule Properties Æ Filter Action, select Required Security, then click

CS-2000 UTM Content Security Gateway User’s Manual - 207 - Step34. In Require Security Properties, select Session key Perfect Froward Secrecy.

CS-2000 UTM Content Security Gateway User’s Manual - 208 - Step35. Select Custom / None / 3DES / MD5 Security Method. Click Edit. Set the S

CS-2000 UTM Content Security Gateway User’s Manual - 209 - Step36. Select Custom (for expert users), click Settings. Custom Security Method se

CS-2000 UTM Content Security Gateway User’s Manual - 210 - Step37. Select Data integrity and encryption (ESP). Integrity algorithm, select MD5.

CS-2000 UTM Content Security Gateway User’s Manual - 211 - Step38. In New Rule Properties Æ Connection Type, select All network connections. C

CS-2000 UTM Content Security Gateway User’s Manual - 212 - Step39. In New Rule Properties Æ Tunnel Setting, select The tunnel endpoint is specif

CS-2000 UTM Content Security Gateway User’s Manual - 213 - Step40. In New Rule Properties Æ Authentication Methods, click Edit. Authenticatio

CS-2000 UTM Content Security Gateway User’s Manual - 16 -3.1.3 Software Update Step1. In SystemÆAdministrationÆSoftware Update  In Version Numbe

CS-2000 UTM Content Security Gateway User’s Manual - 214 - Step41. Select Use this string to protect the key exchange (preshared key). Enter the

CS-2000 UTM Content Security Gateway User’s Manual - 215 - Step42. Click Apply and close the setting window. Complete the New Rule setting

CS-2000 UTM Content Security Gateway User’s Manual - 216 - Step43. Complete the VPN_B LAN TO WAN setting. Complete the VPN_B LAN TO WAN Rul

CS-2000 UTM Content Security Gateway User’s Manual - 217 - Step44. In VPN_B Properties Æ General, click Advanced. The VPN_B General setting

CS-2000 UTM Content Security Gateway User’s Manual - 218 - Step46. Click Move up or Move down to arrange IKE / 3DES / MD5 / to the Top, and click

CS-2000 UTM Content Security Gateway User’s Manual - 219 - Step48. Right click on VPN_B, select Assign. To assign the VPN_B Security Rules S

CS-2000 UTM Content Security Gateway User’s Manual - 220 - Step50. In Control Panel, double click Administrative Tools icon. Enter the Administ

CS-2000 UTM Content Security Gateway User’s Manual - 221 - Step52. In Services, right click on IPsec Policy Agent, select Restart. Restart IP

CS-2000 UTM Content Security Gateway User’s Manual - 222 - Step53. Complete all the settings. The CS-2000 and Windows 2000 IPSec VPN deploymen

CS-2000 UTM Content Security Gateway User’s Manual - 223 -5.9.4 Example 3 The way to set the IPSec VPN connection between two CS-2000 appliances.

CS-2000 UTM Content Security Gateway User’s Manual - 17 -3.2 Configure The so called configuration here is about the basic operating settings of

CS-2000 UTM Content Security Gateway User’s Manual - 224 - Step2 In IPSec Autokey, enter VPN_A in the VPN Name. In WAN interface, select WAN 1, w

CS-2000 UTM Content Security Gateway User’s Manual - 225 - Step5 In Encapsulation, select ISAKMP Algorithm, to select the needed algorithm. I

CS-2000 UTM Content Security Gateway User’s Manual - 226 - Step7 In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5）, select GROUP 1. In ISAKMP Lif

CS-2000 UTM Content Security Gateway User’s Manual - 227 - Step10 In VPN Æ VPN Trunk add the following settings：  Name, enter the Trunk name.

CS-2000 UTM Content Security Gateway User’s Manual - 228 - Step11 In Policy Æ Outgoing , add the following settings：  Authentication User, sele

CS-2000 UTM Content Security Gateway User’s Manual - 229 - Step12 In Policy Æ Incoming , add the following settings：  Schedule, select Working_

CS-2000 UTM Content Security Gateway User’s Manual - 230 -The B Company’s default gateway is the CS-2000’s LAN IP 192.168.20.1. Add the following

CS-2000 UTM Content Security Gateway User’s Manual - 231 - Step3 In To Destination, select Remote Gateway –Fixed IP or Domain Name, enter the Re

CS-2000 UTM Content Security Gateway User’s Manual - 232 - Step6 In IPSec Algorithm, select Data Encryption + Authentication or Authentication On

CS-2000 UTM Content Security Gateway User’s Manual - 233 - Step10 In VPN Æ TrunkÆ New Entry , add the following settings：  Name, enter the Trun

CS-2000 UTM Content Security Gateway User’s Manual - 18 - By enable LAN, WAN or DMZ Port to send and receive RIPv2 packets, the CS-2000 applianc

CS-2000 UTM Content Security Gateway User’s Manual - 234 - Step11 In Policy Æ Outgoing , add the following settings：  Authentication User, sele

CS-2000 UTM Content Security Gateway User’s Manual - 235 - Step12 In Policy Æ Incoming, add the following settings：  Schedule, select Working_T

CS-2000 UTM Content Security Gateway User’s Manual - 236 - Step13 Complete the IPSec VPN aggressive mode settings. The IPSec VPN aggressive mod

CS-2000 UTM Content Security Gateway User’s Manual - 237 -5.9.5 Example 4 The way to set the outbound load balance connection in IPSec VPN between

CS-2000 UTM Content Security Gateway User’s Manual - 238 - Step1 Enter the A Company’s default IP address 192.168.10.1. In VPN Æ IPSec Autokey, c

CS-2000 UTM Content Security Gateway User’s Manual - 239 - Step5 In Encapsulation, select ISAKMP algorithm, to select the needed algorithm. In

CS-2000 UTM Content Security Gateway User’s Manual - 240 - Step7 In Perfect Forward Secrecy ( NO-PFS/ GROUP 1, 2, 5）, select GROUP 1 . In ISKMP

CS-2000 UTM Content Security Gateway User’s Manual - 241 - Step10 Enter the A Company’s default IP address 192.168.10.1. In VPN Æ IPSec Autokey,

CS-2000 UTM Content Security Gateway User’s Manual - 242 - Step14 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In

CS-2000 UTM Content Security Gateway User’s Manual - 243 - Step16 In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5）, select GROUP 1. In ISAKMP Lif

CS-2000 UTM Content Security Gateway User’s Manual - 19 -line and the company is divided into R&D, Customer Service, Sales, Procurement, and A

CS-2000 UTM Content Security Gateway User’s Manual - 244 - Step19 In VPN Æ VPN Trunk , add the following settings：  Name, enter the Trunk Name.

CS-2000 UTM Content Security Gateway User’s Manual - 245 - Step20 In Policy Æ Outgoing , add the following settings：  Authentication User, sele

CS-2000 UTM Content Security Gateway User’s Manual - 246 - Step21 In Policy Æ Incoming , add the following settings：  Schedule, select Working

CS-2000 UTM Content Security Gateway User’s Manual - 247 - Step1 Enter the B Company‘s default IP address 192.168.20.1. In VPN Æ IPSec Autokey Æ

CS-2000 UTM Content Security Gateway User’s Manual - 248 - Step5 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In EN

CS-2000 UTM Content Security Gateway User’s Manual - 249 - Step7 In Perfect Forward Secrecy（NO-PFS/ GROUP 1,2,5）, select GROUP 1 . In ISAKMP Life

CS-2000 UTM Content Security Gateway User’s Manual - 250 - Step10 Enter the B Company‘s default IP address 192.168.20.1. In VPN Æ IPSec Autokey Æ

CS-2000 UTM Content Security Gateway User’s Manual - 251 - Step14 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In E

CS-2000 UTM Content Security Gateway User’s Manual - 252 - Step16 In Perfect Forward Secrecy（NO-PFS/ GROUP 1,2,5）, select GROUP 1 . In ISAKMP Lif

CS-2000 UTM Content Security Gateway User’s Manual - 253 - Step19 In VPN Æ VPN Trunk , add the following settings：  In Name, enter the trunk nam

CS-2000 UTM Content Security Gateway User’s Manual - 20 -Dynamic DNS Domain Name  The domain name that the MIS engineer applied from the DDNS

CS-2000 UTM Content Security Gateway User’s Manual - 254 - Step20 In Policy ÆOutgoing , add the following settings：  Authentication User, selec

CS-2000 UTM Content Security Gateway User’s Manual - 255 - Step21 In Policy Æ Incoming , add the following settings：  Schedule, select Working_

CS-2000 UTM Content Security Gateway User’s Manual - 256 - Step22 Complete the IPSec VPN GRE/IPSec settings. The IPSec VPN GRE/IPSec deployment

CS-2000 UTM Content Security Gateway User’s Manual - 257 -5.9.6 Example 5 The way to set the CS-2000 appliance PPTP VPN connection in Windows 2000

CS-2000 UTM Content Security Gateway User’s Manual - 258 -The A Company’s default gateway is the LAN IP 192.168.10.1 in CS-2000 , add the followin

CS-2000 UTM Content Security Gateway User’s Manual - 259 - Step2 In A Company’s CS-2000 , VPN Æ PPTP Server , add the following settings：  Click

CS-2000 UTM Content Security Gateway User’s Manual - 260 - Step3 In VPN Æ VPN Trunk , add the following settings：  Name, enter the trunk name.

CS-2000 UTM Content Security Gateway User’s Manual - 261 - Step4 In Policy Æ Outgoing , add the following settings：  Authentication User, selec

CS-2000 UTM Content Security Gateway User’s Manual - 262 - Step5 In Policy Æ Incoming , add the following settings：  Schedule, select Working_T

CS-2000 UTM Content Security Gateway User’s Manual - 263 -The B Company’s PC use the Real IP（211.22.22.22）. Add the following settings： Step1 Ri

CS-2000 UTM Content Security Gateway User’s Manual - 21 -3.2.1 Setting Exporting CS-2000 settings Step1. In SystemÆConfigureÆSetting ÆMulti Secur

CS-2000 UTM Content Security Gateway User’s Manual - 264 - Step3 In Location Information, enter the Country /Region, Area code and select the pho

CS-2000 UTM Content Security Gateway User’s Manual - 265 - Step5 In Network Connection Wizard, click Next. Network Connection Wizard Step6

CS-2000 UTM Content Security Gateway User’s Manual - 266 - Step7 In New Connection Wizard, enter the IP Address, and then click Next. Setup th

CS-2000 UTM Content Security Gateway User’s Manual - 267 - Step9 In New Connection Wizard, enter the Connection Name, click Finish. Complete the

CS-2000 UTM Content Security Gateway User’s Manual - 268 - Step10 In Connect Virtual Private Connection, add the following settings：  User Nam

CS-2000 UTM Content Security Gateway User’s Manual - 269 - Step11 Complete to setup the PPTP VPN connection. The PPTP VPN deployment

CS-2000 UTM Content Security Gateway User’s Manual - 270 -Chapter 6: Policy PPoolliiccyy The CS-2000 can detect every packet pass by the devices,

CS-2000 UTM Content Security Gateway User’s Manual - 271 -The CS-2000‘s VPN function use the trunk technology by policy management, in order to mo

CS-2000 UTM Content Security Gateway User’s Manual - 272 -Policy Comment  The description of policy. Source Address and Destination Addres

CS-2000 UTM Content Security Gateway User’s Manual - 273 -Icon Name Definition PERMIT ALL To permit the qualified packets can go through WAN1,

CS-2000 UTM Content Security Gateway User’s Manual - 22 -Importing CS-2000 settings Step1. In Setting window, click Browse near Import System Set

CS-2000 UTM Content Security Gateway User’s Manual - 274 -If the value of MAX. Concurrent Sessions per IP has over the value of MAX. Concurrent Se

CS-2000 UTM Content Security Gateway User’s Manual - 275 -We will setup 6 Policy Application Environments. No. Range The Application Environme

CS-2000 UTM Content Security Gateway User’s Manual - 276 -Example 1 To set the policy to monitor the internal user link to the network. (Use traff

CS-2000 UTM Content Security Gateway User’s Manual - 277 - Step2 In Policy Æ Outgoing, to complete the traffic log, statistics and quota per sess

CS-2000 UTM Content Security Gateway User’s Manual - 278 - Traffic Log Web UI

CS-2000 UTM Content Security Gateway User’s Manual - 279 - Step4 In Monitor Æ Statistics Æ Policy, it shows the traffic statistics through the po

CS-2000 UTM Content Security Gateway User’s Manual - 280 -Example 2 To deny the user to access the specific network resources.（For example, the st

CS-2000 UTM Content Security Gateway User’s Manual - 281 - Download blocking setting Upload blocking setting

CS-2000 UTM Content Security Gateway User’s Manual - 282 - Step2. In IM / P2P Blocking Æ New Entry, add IM / P2P blocking setting. Set IM / P2P

CS-2000 UTM Content Security Gateway User’s Manual - 283 - Step2 In AddressÆWAN and WAN Group , add the following settings： Set the WAN IP to b

CS-2000 UTM Content Security Gateway User’s Manual - 23 -Restoring Factory Settings and Format Hard Disk Step1. In Setting Æ Backup/Restore Confi

CS-2000 UTM Content Security Gateway User’s Manual - 284 - Step3 In Policy Æ Outgoing , add the following settings：  Click New Entry.  Destin

CS-2000 UTM Content Security Gateway User’s Manual - 285 - Step4 In Policy Æ Outgoing , add the following settings：  Click New Entry.  Select

CS-2000 UTM Content Security Gateway User’s Manual - 286 - Step5 Complete to set the policy to deny users access the network resources. Complet

CS-2000 UTM Content Security Gateway User’s Manual - 287 -Example 3 To permit the authenticated user can access the network resources on specific

CS-2000 UTM Content Security Gateway User’s Manual - 288 - Step3 In Policy Æ Outgoing , add the following setting：  Click New Entry.  Authent

CS-2000 UTM Content Security Gateway User’s Manual - 289 -Example 4 The external user use the remote control software to control the internal PCs.

CS-2000 UTM Content Security Gateway User’s Manual - 290 - Step3 In Policy Æ Incoming , add the following settings：  Click New Entry.  Destin

CS-2000 UTM Content Security Gateway User’s Manual - 291 -Example 5 Sets a FTP server in the DMZ by NAT mode, and to limit the external user’s dow

CS-2000 UTM Content Security Gateway User’s Manual - 292 - Step3 In Qos , add the following settings： Set the QoS Step4 In Policy Æ WAN To D

CS-2000 UTM Content Security Gateway User’s Manual - 293 - Step5 Limit users access the DMZ server services and network resources. Complete t

CS-2000 UTM Content Security Gateway User’s Manual FCC Caution: To assure continued compliance (example-use only shielded interface cables when connec

CS-2000 UTM Content Security Gateway User’s Manual - 24 -System Name Setting and Email Setting Step1. Company Name: Enter the unit name which t

CS-2000 UTM Content Security Gateway User’s Manual - 294 -Example 6 Sets a mail server in the DMZ by TRANSARENT mode, and to permit the internal a

CS-2000 UTM Content Security Gateway User’s Manual - 295 - Step4 In Policy Æ WAN To DMZ , add the following settings：  Click New Entry.  Dest

CS-2000 UTM Content Security Gateway User’s Manual - 296 - Step6 In Policy Æ LAN To DMZ , add the following settings：  Click New Entry.  Dest

CS-2000 UTM Content Security Gateway User’s Manual - 297 - Step8 In Policy Æ DMZ To WAN , add the following settings：  Click New Entry.  Dest

CS-2000 UTM Content Security Gateway User’s Manual - 298 -Chapter 7: Mail Security 7.1 Configure CCoonnffiigguurree The so called mail configure

CS-2000 UTM Content Security Gateway User’s Manual - 299 -7.1.1 Setting Scanned Mail Setting  The MIS engineer can set the scanned spam and vir

CS-2000 UTM Content Security Gateway User’s Manual - 300 -Storage lifetime of spam / virus mails in the quarantine  The MIS engineer can assign

CS-2000 UTM Content Security Gateway User’s Manual - 301 - When received the notice mail, it shows the customized mail subject and notice conten

CS-2000 UTM Content Security Gateway User’s Manual - 302 - When the user received the unscanned mail, the system will add the message to the sub

CS-2000 UTM Content Security Gateway User’s Manual - 303 -7.1.2 Mail Relay Example 1 We use the CS-2000 to be the Gateway（To set the mail server i

CS-2000 UTM Content Security Gateway User’s Manual - 25 -Web Management (WAN Interface) The administrator can change the port number used by HTTP

CS-2000 UTM Content Security Gateway User’s Manual - 304 - In Mail Relay Æ Domain Name of internal Mail Server, to Enable LDAP and the CS-2000 can

CS-2000 UTM Content Security Gateway User’s Manual - 305 -Example 2 To put the CS-2000 between the Company’s original gateway and mail server. (To

CS-2000 UTM Content Security Gateway User’s Manual - 306 - Step1 In ConfigureÆ Mail Relay , add the first setting：  Select Domain Name of Intern

CS-2000 UTM Content Security Gateway User’s Manual - 307 -Example 3 The headquarter company use CS-2000 to be the gateway (To set the mail server

CS-2000 UTM Content Security Gateway User’s Manual - 308 - Step1 In Configure Æ Mail Relay , add the first setting：  Select Domain Name of Inter

CS-2000 UTM Content Security Gateway User’s Manual - 309 -7.1.3 Mail Account Use the CS-2000’s mail account, to allow or deny mails from the inter

CS-2000 UTM Content Security Gateway User’s Manual - 310 - Step2 In Configure Æ Mail Account , it shows the domain name of internal mail server：

CS-2000 UTM Content Security Gateway User’s Manual - 311 -After complete to set the Mail Relay settings, the MIS engineer can add the legal Mail a

CS-2000 UTM Content Security Gateway User’s Manual - 312 - Export the Address Book The Address Book Export Tool

CS-2000 UTM Content Security Gateway User’s Manual - 313 - Save exported files Select the fields MIS engineer wish to export

CS-2000 UTM Content Security Gateway User’s Manual - 26 -SIP protocol pass-through Select this option to the device’s SIP protocol pass-through.

CS-2000 UTM Content Security Gateway User’s Manual - 314 - Complete to export the adress book Import address book from client The MIS engi

CS-2000 UTM Content Security Gateway User’s Manual - 315 - Step3 In Mail Account , add new mail account：  Add new mail account, click New Entry

CS-2000 UTM Content Security Gateway User’s Manual - 316 - Step4 To set which recipient account is not allowed receiving mails in internal mail s

CS-2000 UTM Content Security Gateway User’s Manual - 317 - The CS-2000 will confirm if the recipient‘s mail account (receive mails sent from the e

CS-2000 UTM Content Security Gateway User’s Manual - 318 -7.1.4 Mail Notice Example 1 Use the CS-2000’s mail notice, to send the spam mail (virus)

CS-2000 UTM Content Security Gateway User’s Manual - 319 - Step2 In Configure Æ Mail Notice , it shows the domain name of internal mail server： 

CS-2000 UTM Content Security Gateway User’s Manual - 320 - Step3 In Configure Æ Mail Notice, add the following settings：  Select Enable Notice Æ

CS-2000 UTM Content Security Gateway User’s Manual - 321 -The CS-2000 will send the spam (virus) mail notice to the selected account, when CS-2000

CS-2000 UTM Content Security Gateway User’s Manual - 322 - Step4 When the recipient receive the Spam Mail Notice ( or Virus Mail Notice):  In In

CS-2000 UTM Content Security Gateway User’s Manual - 323 - Complete to retrieve the spam (virus) mail There are two ways to retrieve all the spam

CS-2000 UTM Content Security Gateway User’s Manual - 27 -3.2.2 Date/Time Step1. To select Enable synchronize with an Internet time Server. Step2.

CS-2000 UTM Content Security Gateway User’s Manual - 324 - Open the attachment in spam (virus) mail notice Confirm to open the attachment

CS-2000 UTM Content Security Gateway User’s Manual - 325 - To retrieve all the spam (virus) mails from the spam (virus) mail notice To retrieve

CS-2000 UTM Content Security Gateway User’s Manual - 326 -Example 2 Personal Rule Setting Step1. Click Spam (Virus) Mail Notice Æ Personal Rule.

CS-2000 UTM Content Security Gateway User’s Manual - 327 - Step2. In personal rule setting window, add the following settings：  Click Notice. 

CS-2000 UTM Content Security Gateway User’s Manual - 328 -In Personal RuleÆ Notice, disable the Enable Notice, and then user can not receive the m

CS-2000 UTM Content Security Gateway User’s Manual - 329 - Step1. Allow the user to customize the login password：  Enable the local database in

CS-2000 UTM Content Security Gateway User’s Manual - 330 - Type the password Log in the personal rule authentication window Complete to login

CS-2000 UTM Content Security Gateway User’s Manual - 331 -7.2 Anti-Spam AAnnttii--SSppaamm The CS-2000 can filter the mails in internal and exte

CS-2000 UTM Content Security Gateway User’s Manual - 332 -7.2.1 Setting Spam Setting  Can make the inbound and outbound mail inspection.  I

CS-2000 UTM Content Security Gateway User’s Manual - 333 -Action of Spam Mail  The CS-2000 can delete the inbound spam mail, select to deliver t

CS-2000 UTM Content Security Gateway User’s Manual - 28 -3.2.3 Multiple Subnet Internal users use the IP address to link the internet via the mult

CS-2000 UTM Content Security Gateway User’s Manual - 334 - The internal and external recipient will received the spam mail which has been added

CS-2000 UTM Content Security Gateway User’s Manual - 335 - The internal and external recipient received the non-spam mail which has been only ad

CS-2000 UTM Content Security Gateway User’s Manual - 336 -7.2.2 Personal Rule Personal Rule： Search  To search the recorded mails which filtered

CS-2000 UTM Content Security Gateway User’s Manual - 337 -7.2.3 Global Rule Global Rule： Rule Name  To customize the mail rule name. Comment

CS-2000 UTM Content Security Gateway User’s Manual - 338 -Item  To identify if the mail signature of Header, Body, and Attach File Name correspo

CS-2000 UTM Content Security Gateway User’s Manual - 339 -7.2.4 Whitelist Whitelist： Whitelist  To allow the specific mail account can freely s

CS-2000 UTM Content Security Gateway User’s Manual - 340 -7.2.6 Training Training： Training Database  The MIS engineer can export, import files

CS-2000 UTM Content Security Gateway User’s Manual - 341 -7.2.7 Spam Mail Spam Mail： Search  To search all the records correspond to the cond

CS-2000 UTM Content Security Gateway User’s Manual - 342 -In Spam Mail，the MIS engineer can select to display the searched inbound or outbound fil

CS-2000 UTM Content Security Gateway User’s Manual - 343 -7.2.8 The Advanced Description The so called mail server is the medium between the mail

CS-2000 UTM Content Security Gateway User’s Manual - 29 -Add a Multiple Subnet with Routing Mode: Step1. Click Configure Æ Multiple Subnet  Cli

CS-2000 UTM Content Security Gateway User’s Manual - 344 - Mail Transferring Process： The 3 elements of the e-mail send / retrieve：MUA, MTA, MDA.

CS-2000 UTM Content Security Gateway User’s Manual - 345 -Mail transferring process (sends and retrieves) There are several steps of mail sending

CS-2000 UTM Content Security Gateway User’s Manual - 346 - The Protocol used in the mail send / retrieve process： 1. Send E-Mail：It means the pro

CS-2000 UTM Content Security Gateway User’s Manual - 347 -7.2.9 Anti-Spam Examples We set 5 anti-spam environments. No. The Application Envir

CS-2000 UTM Content Security Gateway User’s Manual - 348 -Example 1 To detect if the received mails are spam mails on mail server. Step1 To allo

CS-2000 UTM Content Security Gateway User’s Manual - 349 - Step4 In Anti-Spam Æ Setting , add the following settings： Set the anti-spam mail ac

CS-2000 UTM Content Security Gateway User’s Manual - 350 - The default setting of anti-spam When start the anti-spam action to the mails on re

CS-2000 UTM Content Security Gateway User’s Manual - 351 - Step5 When the internal user receive mails from the external mail account js1720@ms21.

CS-2000 UTM Content Security Gateway User’s Manual - 352 - Step7 Click Sender mail address of [email protected], it shows the Attached, Rece

CS-2000 UTM Content Security Gateway User’s Manual - 353 - Spam mail for training Retrieve the spam mail

CS-2000 UTM Content Security Gateway User’s Manual - 30 -Can enter the interface IP of WAN 1 ＆ WAN 2 by Assist. After completed the settings,

CS-2000 UTM Content Security Gateway User’s Manual - 354 -Example 2 Set the CS-2000 to be the gateway, and use the whitelist and blacklist to filt

CS-2000 UTM Content Security Gateway User’s Manual - 355 - Step5 In Policy Æ DMZ To WAN , add the following settings： Set the DMZ To WAN policy

CS-2000 UTM Content Security Gateway User’s Manual - 356 - Step7 In Anti-Spam Æ Setting, add the following. The action of anti-spam setting

CS-2000 UTM Content Security Gateway User’s Manual - 357 - Step8 In Anti-Spam Æ Whitelist , add the following settings：  Click New Entry.  W

CS-2000 UTM Content Security Gateway User’s Manual - 358 - Add whitelist setting 2 Add whitelist setting 3 Add whitelist setting 4 Comple

CS-2000 UTM Content Security Gateway User’s Manual - 359 - The MIS engineers can Import Whitelist From Client, in order to manage the related sett

CS-2000 UTM Content Security Gateway User’s Manual - 360 - Step9 In Anti-Spam Æ Blacklist , add the following settings：  Click New Entry.  B

CS-2000 UTM Content Security Gateway User’s Manual - 361 - Complete the blacklist setting The MIS engineers can Export Blacklist To Client, in o

CS-2000 UTM Content Security Gateway User’s Manual - 362 - Step10 When the external yahoo mail account send the mails to the recipient of jo

CS-2000 UTM Content Security Gateway User’s Manual - 363 - Step12 Click the sender mail address of [email protected] , it shows the informa

CS-2000 UTM Content Security Gateway User’s Manual - 31 -3.2.4 Route Table Make the Router which deploy in two different segments can link to the

CS-2000 UTM Content Security Gateway User’s Manual - 364 - The confirm training window The retrieve mail window When use the Training or Ret

CS-2000 UTM Content Security Gateway User’s Manual - 365 -Example 3 Set the CS-2000 between the company’s original gateway and mail server. Use th

CS-2000 UTM Content Security Gateway User’s Manual - 366 - Step4 In Policy Æ WAN To DMZ , add the following setting： Set the WAN To DMZ policy

CS-2000 UTM Content Security Gateway User’s Manual - 367 - Step7 In Anti-Spam Æ Setting , add the following settings： The action of anti-spam s

CS-2000 UTM Content Security Gateway User’s Manual - 368 - Step8 In Anti-Spam Æ Global Rule , add the following settings ：  Click New Entry. 

CS-2000 UTM Content Security Gateway User’s Manual - 369 - Complete the first global rule setting In Global Rule setting, when the MIS engineer

CS-2000 UTM Content Security Gateway User’s Manual - 370 - Step9 In Anti-Spam Æ Global Rule , add the following settings：  Click New Entry. 

CS-2000 UTM Content Security Gateway User’s Manual - 371 - The CS-2000’s Anti-Spam default rule priority are Whitelist of Personal Rule Æ Blacklis

CS-2000 UTM Content Security Gateway User’s Manual - 372 - Step10 When the external yahoo mail account send the mails to the recipient of josh@te

CS-2000 UTM Content Security Gateway User’s Manual - 373 - Step12 Click the Sender mail address of [email protected] , it shows the informa

CS-2000 UTM Content Security Gateway User’s Manual - 32 - Step1. In Configure Æ Route Table  Destination IP : Enter 192.168.10.1  Netma

CS-2000 UTM Content Security Gateway User’s Manual - 374 - The confirm training window The retrieve mail window When use the Training or Retri

CS-2000 UTM Content Security Gateway User’s Manual - 375 -Example 4 Use spam or non-spam mail training to improve the Bayesian filtering.（For exam

CS-2000 UTM Content Security Gateway User’s Manual - 376 - The create folder window

CS-2000 UTM Content Security Gateway User’s Manual - 377 - Step2 In Outlook Express Æ Inbox , move the spam mails to the spam mail folder：  In I

CS-2000 UTM Content Security Gateway User’s Manual - 378 - Step3 In Outlook Express Æ SpamMail folder, to compact the spam mail folder and import

CS-2000 UTM Content Security Gateway User’s Manual - 379 - Step4 In Outlook Express Æ SpamMail , copy the folder path and import it to CS-2000

CS-2000 UTM Content Security Gateway User’s Manual - 380 - Step5 In Anti-Spam Æ Training Æ Spam Mail for Training , enter the following settings：

CS-2000 UTM Content Security Gateway User’s Manual - 381 - Step6 In Outlook Express Æ SpamMail , delete all the spam mails , in order to easy com

CS-2000 UTM Content Security Gateway User’s Manual - 382 -To identify the mails to be the non-spam mails through training. Step1

CS-2000 UTM Content Security Gateway User’s Manual - 383 - Step2 In Outlook Express Æ Inbox , move the non- spam mails to the ham mail folder

CS-2000 UTM Content Security Gateway User’s Manual - 33 - Step3. In Configure Æ Route Table  Destination IP: Enter 10.10.10.0  Netmask: En

CS-2000 UTM Content Security Gateway User’s Manual - 384 - Step3 In Outlook Express Æ HamMail folder, to compact the ham mail folder and impo

CS-2000 UTM Content Security Gateway User’s Manual - 385 - Step4 In Outlook Express Æ HamMail , copy the folder path and import it to CS-2000’

CS-2000 UTM Content Security Gateway User’s Manual - 386 - Step5 In Anti-Spam Æ Training Æ Ham Mail for Training , enter the following settings：

CS-2000 UTM Content Security Gateway User’s Manual - 387 - Step6 In Outlook Express Æ HamMail, delete all the ham mails , in order to easy compac

CS-2000 UTM Content Security Gateway User’s Manual - 388 -Example 5 Use spam or non-spam mail account training to improve the Bayesian filtering.

CS-2000 UTM Content Security Gateway User’s Manual - 389 - The ham and spam mail account for training

CS-2000 UTM Content Security Gateway User’s Manual - 390 -To identify the mails to be spam mails through training Step5 In Outlook ExpressÆ Inbo

CS-2000 UTM Content Security Gateway User’s Manual - 391 - Forward the spam mails

CS-2000 UTM Content Security Gateway User’s Manual - 392 -To identify the mails to be ham mails through training Step6 In Outlook ExpressÆ Inbox

CS-2000 UTM Content Security Gateway User’s Manual - 393 - Forward the ham mails Step7 The CS-2000 will receive mails from the respond mail acco

CS-2000 UTM Content Security Gateway User’s Manual Table of Contents CHAPTER 1: INTRODUCTION ...

CS-2000 UTM Content Security Gateway User’s Manual - 34 - Step4. As completed all. The CS-2000 appliance can translate the virtual IP to real IP.

CS-2000 UTM Content Security Gateway User’s Manual - 394 -7.3 Anti-Virus AAnnttii--VViirruuss The CS-2000 can detect mails from the internal and

CS-2000 UTM Content Security Gateway User’s Manual - 395 -7.3.1 Setting Setting  To do the anti-virus inspection of the inbound and outbound ma

CS-2000 UTM Content Security Gateway User’s Manual - 396 -Action of Infected Mail  The MIS engineer can select to delete the virus mail, deliver

CS-2000 UTM Content Security Gateway User’s Manual - 397 - If the internal and external recipient received the infected mails, the CS-2000 would

CS-2000 UTM Content Security Gateway User’s Manual - 398 -7.3.2 Virus Mail Search  It can search the record stored in CS-2000 depends on Recipie

CS-2000 UTM Content Security Gateway User’s Manual - 399 - In Virus Mail, the MIS engineer can select to display the inbound or outbound scanned

CS-2000 UTM Content Security Gateway User’s Manual - 400 -7.3.3 Anti-Virus Examples We set 2 anti-virus environments. No. The Application Environ

CS-2000 UTM Content Security Gateway User’s Manual - 401 -Example 1 To detect the infected mails on mail server. Step1 To allow the LAN PC can r

CS-2000 UTM Content Security Gateway User’s Manual - 402 - Step4 In Anti-Virus Æ Setting , add the following settings： The setting of infected

CS-2000 UTM Content Security Gateway User’s Manual - 403 - The default setting of Anti-Virus is enabled .The MIS engineer only need to add the Mai

CS-2000 UTM Content Security Gateway User’s Manual - 35 -3.2.5 DHCP Step1. In Configure Æ DHCP , to select and set the following setting:  Do

CS-2000 UTM Content Security Gateway User’s Manual - 404 - Step5 When the internal user receive mails from the external mail account js1720@ms21.

CS-2000 UTM Content Security Gateway User’s Manual - 405 - Step7 Click Sender mail address of [email protected] , it shows the Attached , Re

CS-2000 UTM Content Security Gateway User’s Manual - 406 -Example 2 Use CS-2000 to be the gateway, in order to detect the infected mails in intern

CS-2000 UTM Content Security Gateway User’s Manual - 407 - Step4 In Virtual Server Æ Server 1 , add the following setting： Virtual server setti

CS-2000 UTM Content Security Gateway User’s Manual - 408 - Step8 In Anti-Virus Æ Setting , add the following settings： The setting of anti-viru

CS-2000 UTM Content Security Gateway User’s Manual - 409 - Step9 When the external yahoo mail account send mails to the recipient of josh@test

CS-2000 UTM Content Security Gateway User’s Manual - 410 - Step11 Click the Sender mail address of [email protected] , it shows the informat

CS-2000 UTM Content Security Gateway User’s Manual - 411 -7.4 Mail Report MMaaiill RReeppoorrtt The CS-2000 can display the mail scanned record

CS-2000 UTM Content Security Gateway User’s Manual - 412 -7.4.1 Setting Periodic Report  It can send the period report to recipient according

CS-2000 UTM Content Security Gateway User’s Manual - 413 - To send the period report Receive the period report

CS-2000 UTM Content Security Gateway User’s Manual - 36 - DHCP setting When the LAN network adaptor set to Automatically Get DNS, the DNS Se

CS-2000 UTM Content Security Gateway User’s Manual - 414 - The first page in period report

CS-2000 UTM Content Security Gateway User’s Manual - 415 - The second page in period report The mail report will attached as PDF format to send t

CS-2000 UTM Content Security Gateway User’s Manual - 416 - The history report setting Received the history report

CS-2000 UTM Content Security Gateway User’s Manual - 417 - The first page in history report The mail report will attached as PDF format to send t

CS-2000 UTM Content Security Gateway User’s Manual - 418 -7.4.2 Statistics Step1 In Mail Report Æ Statistics, it shows the scanned mail statist

CS-2000 UTM Content Security Gateway User’s Manual - 419 - Step3 The mail scanned statistics.  Ordinate：The amount of scanned mails.  Horizon

CS-2000 UTM Content Security Gateway User’s Manual - 420 -7.4.3 Log Search  It can search all the records correspond to the condition in CS-200

CS-2000 UTM Content Security Gateway User’s Manual - 421 - To search the specific record In Statistics and Log, MIS engineer can select the inboun

CS-2000 UTM Content Security Gateway User’s Manual - 422 -Step1 In Mail Report Æ Log, it shows the mail scan status in CS-2000. The scanned mai

CS-2000 UTM Content Security Gateway User’s Manual - 423 -The Icon description in Log： 1.Attribute： Icon Description Allowed Spam Virus

CS-2000 UTM Content Security Gateway User’s Manual - 37 -3.2.6 DDNS Step1. In Configure Æ DDNS.  Click New Entry.  Service Provider: Select f

CS-2000 UTM Content Security Gateway User’s Manual - 424 -Chapter 8: IDP 8.1 Configure CCoonnffiigguurree The CS-2000 can detect the anomaly flo

CS-2000 UTM Content Security Gateway User’s Manual - 425 -Setting Setting  The CS-2000 can update signature definitions every 30 minutes or the

CS-2000 UTM Content Security Gateway User’s Manual - 426 -Set default action of all signatures  The internet attack risks included High, Medium

CS-2000 UTM Content Security Gateway User’s Manual - 427 - When the CS-2000 detected the attack types corresponded to the signature, then it will

CS-2000 UTM Content Security Gateway User’s Manual - 428 - Send the NetBIOS notification to MIS engineer The IDP Log The MIS engineer must en

CS-2000 UTM Content Security Gateway User’s Manual - 429 -8.2 Signature SSiiggnnaattuurree The CS-2000 can provide the correspond comparison rul

CS-2000 UTM Content Security Gateway User’s Manual - 430 -8.2.1 Anomaly Anomaly  It includes the syn flood, udp flood, icmp flood, syn fin, tcp

CS-2000 UTM Content Security Gateway User’s Manual - 431 -8.2.2 Pre-defined Pre-defined  It includes the Attack Responses, Backdoor, Bad Traffi

CS-2000 UTM Content Security Gateway User’s Manual - 432 - The pre-defined setting In Configure Æ Setting, the CS-2000 will access the default act

CS-2000 UTM Content Security Gateway User’s Manual - 433 -Name  The MIS engineer can define the signature name. Protocol  The detection and p

CS-2000 UTM Content Security Gateway User’s Manual - 38 - Icon Connotation Connection Succeeds Wrong Password Connecting Errors If the MIS en

CS-2000 UTM Content Security Gateway User’s Manual - 434 -Example 1 To detect the anomaly flow and packets with the custom and pre-defined setting

CS-2000 UTM Content Security Gateway User’s Manual - 435 - Step2 In Signature Æ Anomaly , add the following settings： The anomaly setting

CS-2000 UTM Content Security Gateway User’s Manual - 436 - Step3 In Signature Æ Custom , add the following setting：  Click New Entry.  Nam

CS-2000 UTM Content Security Gateway User’s Manual - 437 - Step4 In Policy Æ Outgoing , add the new policy and enable IDP： The IDP setting in p

CS-2000 UTM Content Security Gateway User’s Manual - 438 -8.3 IDP Report IIDDPP RReeppoorrtt The CS-2000 can display the IDP record by statisti

CS-2000 UTM Content Security Gateway User’s Manual - 439 -8.3.1 Setting Periodic Report  It can send the period report to recipient according t

CS-2000 UTM Content Security Gateway User’s Manual - 440 - The periodic report setting Receive the periodic report

CS-2000 UTM Content Security Gateway User’s Manual - 441 - The IDP report content

CS-2000 UTM Content Security Gateway User’s Manual - 442 - The history report setting Receive the history report

CS-2000 UTM Content Security Gateway User’s Manual - 443 - The history report content The IDP report will attached as PDF format to send to the re

CS-2000 UTM Content Security Gateway User’s Manual - 39 -3.2.7 Host Table Step1. In Configure Æ Host Table  Host Name enter the customaries dom

CS-2000 UTM Content Security Gateway User’s Manual - 444 -8.3.2 Statistics Step1 In IDP Report Æ Statistics, it shows the scanned mail statistic

CS-2000 UTM Content Security Gateway User’s Manual - 445 - The IDP statistics

CS-2000 UTM Content Security Gateway User’s Manual - 446 -8.3.3 Log Search  The CS-2000 can search the records correspond to the condition depe

CS-2000 UTM Content Security Gateway User’s Manual - 447 - To search the specific record

CS-2000 UTM Content Security Gateway User’s Manual - 448 -In Log Æ Search, click Time link, then it shows the Event Detail. The event detail

CS-2000 UTM Content Security Gateway User’s Manual - 449 -In Log, the CS-2000 can make the sorting by Time, Event, Signature Classification, Inter

CS-2000 UTM Content Security Gateway User’s Manual - 450 -Chapter 9: Anomaly Flow IP AAnnoommaallyy FFllooww IIPP When the CS-2000 received the

CS-2000 UTM Content Security Gateway User’s Manual - 451 -Example 1 The CS-2000 can make the alert and also prevent the DDoS attack packets from t

CS-2000 UTM Content Security Gateway User’s Manual - 452 - Step2. After complete the setting of anomaly flow IP, the system will show the alert m

CS-2000 UTM Content Security Gateway User’s Manual - 453 - Step3. If the MIS engineer enabled the e-mail alert notification in System Æ Configure

CS-2000 UTM Content Security Gateway User’s Manual - 40 -3.2.8 SNMP Step1. In Configure Æ SNMP Æ Enable SNMP Agent and enter the following settin

CS-2000 UTM Content Security Gateway User’s Manual - 454 - Step5. When internal PCs got virus-infected, the CS-2000 will show the alert message a

CS-2000 UTM Content Security Gateway User’s Manual - 455 -Chapter 10: Web VPN/SSL VPN WWeebb VVPPNN // SSSSLL VVPPNN Since the network secure

CS-2000 UTM Content Security Gateway User’s Manual - 456 -The VPN terms DES  The DES (Data Encryption Standard) is a kind of NIST W with 56 by

CS-2000 UTM Content Security Gateway User’s Manual - 457 -Status User Name  To display the authentication name used by client. Real IP  To d

CS-2000 UTM Content Security Gateway User’s Manual - 458 -Example 1 Set the Web / SSL VPN between CS-2000 and WAN Client Step1 In Interface Æ

CS-2000 UTM Content Security Gateway User’s Manual - 459 - Step4 In Web VPN / SSL VPN Æ Setting , add the following settings：  Click Modify.

CS-2000 UTM Content Security Gateway User’s Manual - 460 - Step5 Enter the following settings in client web browser：  In Address, enter http://2

CS-2000 UTM Content Security Gateway User’s Manual - 461 - The warning security window The warning security window

CS-2000 UTM Content Security Gateway User’s Manual - 462 - The warning security window The authentication window

CS-2000 UTM Content Security Gateway User’s Manual - 463 - The SSL VPN connection Complete the SSL VPN connection Step6 In Web VPN / SSL VPN Æ

CS-2000 UTM Content Security Gateway User’s Manual - 41 -Enable SNMP Trap Alert Notification Step1. In Configure Æ SNMP , select Enable SNMP Trap

CS-2000 UTM Content Security Gateway User’s Manual - 464 -When the client PC is not installed the SUN JAVA runtime environment software，it will au

CS-2000 UTM Content Security Gateway User’s Manual - 465 -Chapter 11: Advance 11.1 Inbound Balance IInnbboouunndd BBaallaannccee The CS-2000 pr

CS-2000 UTM Content Security Gateway User’s Manual - 466 -Inbound Balance Domain Name  It represents the name of DNS which the user applied it f

CS-2000 UTM Content Security Gateway User’s Manual - 467 -Select type：A, CNAME and MX. 1.A： To set the host name mapped to IP address. Example 1

CS-2000 UTM Content Security Gateway User’s Manual - 468 -3. MX The MX can precede the mail transfer by the DNS search. If user want to change

CS-2000 UTM Content Security Gateway User’s Manual - 469 - Name：It represents the host name in front of domain name. (User can define the nam

CS-2000 UTM Content Security Gateway User’s Manual - 470 -Balance Mode  Round-Robin：It use the round-robin mode depends on the weight and priori

CS-2000 UTM Content Security Gateway User’s Manual - 471 -Advanced Description The so called DNS mapped represents the domain is managed by which

CS-2000 UTM Content Security Gateway User’s Manual - 472 -Add the following settings of inbound load balance： Name Type Address Reverse Weight Pr

CS-2000 UTM Content Security Gateway User’s Manual - 473 -Set the following settings of InBound Load Balance： Name Type Address Weight Priority w

CS-2000 UTM Content Security Gateway User’s Manual - 42 -3.2.9 Language Step1. In Configure Æ Language to select the language, click OK. Langua

CS-2000 UTM Content Security Gateway User’s Manual - 474 -In Fig. 21-6 Users enter the www.test.net.tw depends on the following priority. The 1s

CS-2000 UTM Content Security Gateway User’s Manual - 475 -11.1.1 Inbound Load Balance Examples We set 4 inbound balance environments. No. Applica

CS-2000 UTM Content Security Gateway User’s Manual - 476 -Example 1 Set the web server settings in InBound Load BalanceÆ A Type Æ Backup. Backup：

CS-2000 UTM Content Security Gateway User’s Manual - 477 - Step4 Add the first record, Name, enter www. In Address, select WAN 1, click Assist, s

CS-2000 UTM Content Security Gateway User’s Manual - 478 - Step6 Complete the settings. Complete the settings Step7 In Virtual Server Æ Serve

CS-2000 UTM Content Security Gateway User’s Manual - 479 - Step9 In Policy Æ Incoming, add the following settings, and click OK. Add the firs

CS-2000 UTM Content Security Gateway User’s Manual - 480 - Step12 In PolicyÆ Outgoing, add the following setting, and click OK. Add the second

CS-2000 UTM Content Security Gateway User’s Manual - 481 -Example 2 Set the web server settings in InBound Load BalanceÆ A Type Æ Round-Robin. Ro

CS-2000 UTM Content Security Gateway User’s Manual - 482 - Step4 Add the first record, Name, enter www. In Address, select WAN 1, click Assist, s

CS-2000 UTM Content Security Gateway User’s Manual - 483 - Step7 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK

CS-2000 UTM Content Security Gateway User’s Manual - 43 -3.3 Logout STEP 1﹒Click Logout in System to protect the system while Administrator is a

CS-2000 UTM Content Security Gateway User’s Manual - 484 - Step9 Add the second record, Name, enter www. In Address, select WAN 2, click Assist,

CS-2000 UTM Content Security Gateway User’s Manual - 485 - Step11 In Virtual Server Æ Server 2Æ Click here to configure. Step12 In Add New Virt

CS-2000 UTM Content Security Gateway User’s Manual - 486 - Step14 Complete the settings. To deploy the web server Round-Robin environment  C

CS-2000 UTM Content Security Gateway User’s Manual - 487 - Name Type Address Weight Priority www.test.com A 61.11.11.11 1 1 www.test.com A 211.22

CS-2000 UTM Content Security Gateway User’s Manual - 488 -Example 3 Set the web server settings in InBound Load BalanceÆ CNAMEÆ Round-Robin . To d

CS-2000 UTM Content Security Gateway User’s Manual - 489 - Step4 Add the first record, Name, enter web. In Address, select WAN 1, click Assist, s

CS-2000 UTM Content Security Gateway User’s Manual - 490 - Step7 Add the second record, Name, enter web. In Address, select WAN 2, click Assist,

CS-2000 UTM Content Security Gateway User’s Manual - 491 - Step10 Alias Name, enter www. Real Name, enter web.test.com. CNAME（alias）setting Ste

CS-2000 UTM Content Security Gateway User’s Manual - 492 - Step13 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click O

CS-2000 UTM Content Security Gateway User’s Manual - 493 - Step15 In Virtual Server Æ Server 2Æ Click here to configure. Step16 In Add New Virt

CS-2000 UTM Content Security Gateway User’s Manual 5.2 SERVICE...

CS-2000 UTM Content Security Gateway User’s Manual - 44 -Chapter 4: Interface IInntteerrffaaccee In this section, the Administrator can set up th

CS-2000 UTM Content Security Gateway User’s Manual - 494 - Step18 Complete the setting. Use CNAME to deploy the web server environment  CS-2

CS-2000 UTM Content Security Gateway User’s Manual - 495 - Name Type Address Weight Priority web.test.com A 61.11.11.11 1 1 web.test.com A 211.2

CS-2000 UTM Content Security Gateway User’s Manual - 496 -Example 4 Set the mail server settings in InBound Load BalanceÆ Round-Robin. To deploy

CS-2000 UTM Content Security Gateway User’s Manual - 497 - Step4 Add the first record, Name, enter main. In Address, select WAN 1, click Assist,

CS-2000 UTM Content Security Gateway User’s Manual - 498 - Step7 Add the first record, Name, enter main. In Address, select WAN 2, click Assist,

CS-2000 UTM Content Security Gateway User’s Manual - 499 - Step9 In InBound Balance ConfigurationÆSelect typeÆMX (Mail exchanger). Step10 Name,

CS-2000 UTM Content Security Gateway User’s Manual - 500 - Step12 In Virtual Server Æ Server 1Æ Click here to configure. Step13 In Add New Virt

CS-2000 UTM Content Security Gateway User’s Manual - 501 - Step14 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click O

CS-2000 UTM Content Security Gateway User’s Manual - 502 - Step17 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click O

CS-2000 UTM Content Security Gateway User’s Manual - 503 - Step19 In PolicyÆ Incoming, add the following settings, and click OK. The third and

CS-2000 UTM Content Security Gateway User’s Manual - 45 -Connect Mode  The WAN network connection mode can be divided into :  PPPoE （ADSL use

CS-2000 UTM Content Security Gateway User’s Manual - 504 - Name Type Address Weight Priority main.test.com A 61.11.11.11 1 1 main.test.com A 21

CS-2000 UTM Content Security Gateway User’s Manual - 505 -11.2 High Availability HHiigghh AAvvaaiillaabbiilliittyy CS-2000 offers the high avai

CS-2000 UTM Content Security Gateway User’s Manual - 506 -High Availability IP Address (for Management) After enabled high availability function,

CS-2000 UTM Content Security Gateway User’s Manual - 507 -Example 1 To deploy a high availability environment： Step1 Set a CS-2000 master device

CS-2000 UTM Content Security Gateway User’s Manual - 508 - Step2 Set the high availability settings in master device：  Interface Æ LAN Æ IP add

CS-2000 UTM Content Security Gateway User’s Manual - 509 - Step3 To take the master device LAN port away from the LAN Switch port and connect the

CS-2000 UTM Content Security Gateway User’s Manual - 510 - Step4 Set the backup device settings in high availability mode.  Interface Æ LAN, to

CS-2000 UTM Content Security Gateway User’s Manual - 511 - The high availability deployment  CS-2000 interface ： WAN1 IP：61.11.11.11 WAN2 IP：

CS-2000 UTM Content Security Gateway User’s Manual - 512 - Step5 Synchronize configuration settings of master and backup immediately.  Enter th

CS-2000 UTM Content Security Gateway User’s Manual - 513 - Comments 1. After finished the deployment, the backup device offers the backup functio

CS-2000 UTM Content Security Gateway User’s Manual - 46 -4.1 LAN Modify the LAN Interface Address Step1. In Interface Æ LAN to enter the followi

CS-2000 UTM Content Security Gateway User’s Manual - 514 -Use restriction: 1. High Availability mode： a. Set the WAN Port to be Static IP or non

CS-2000 UTM Content Security Gateway User’s Manual - 515 -Chapter 12: Monitor MMoonniittoorr 12.1 Log Log, includes the information of traffic,

CS-2000 UTM Content Security Gateway User’s Manual - 516 -Setting Log Backup Setting  In System Æ Configure Æ Setting, enable E-mail Alert Notif

CS-2000 UTM Content Security Gateway User’s Manual - 517 -Traffic Search  MIS engineer can search the record depends on the keywords of Policy,

CS-2000 UTM Content Security Gateway User’s Manual - 518 - Search the specific record

CS-2000 UTM Content Security Gateway User’s Manual - 519 -Event Search  MIS engineer can search the record depends on the keywords of time and e

CS-2000 UTM Content Security Gateway User’s Manual - 520 -Connection Search  MIS engineer can search the record depends on the keywords of time

CS-2000 UTM Content Security Gateway User’s Manual - 521 -12.1.1 Log Examples We set 4 monitoring environments. No. Range The Application Envi

CS-2000 UTM Content Security Gateway User’s Manual - 522 -Example 1. Traffic View the user’s used Protocol and Port, to access the internal and ex

CS-2000 UTM Content Security Gateway User’s Manual - 523 - Step3 Monitor Æ Traffic, it shows the packets traffic through policy. The traffic log

CS-2000 UTM Content Security Gateway User’s Manual - 47 -4.2 WAN Set the WAN Interface Address Step1. Interface Æ WAN, click Modify of WAN 1. WA

CS-2000 UTM Content Security Gateway User’s Manual - 524 - Step4 Click Source IP or Destination IP, it shows the Protocol, Port and Traffic infor

CS-2000 UTM Content Security Gateway User’s Manual - 525 - Step5 Click Clear, it shows the confirm window, and then click OK. All the records wil

CS-2000 UTM Content Security Gateway User’s Manual - 526 -Example 2. Event View the status of the WAN interface and the MIS engineer action as his

CS-2000 UTM Content Security Gateway User’s Manual - 527 -Example 3. Connection View the external interface connection record as process the bandw

CS-2000 UTM Content Security Gateway User’s Manual - 528 - Step2 Click Clear, it shows the confirm window, and then click OK. All the records wil

CS-2000 UTM Content Security Gateway User’s Manual - 529 -Example 4. Log MIS engineer can receive and save the record results from the CS-2000. S

CS-2000 UTM Content Security Gateway User’s Manual - 530 -12.2 Accounting Report AAccccoouunnttiinngg RReeppoorrtt MIS engineer can use Accoun

CS-2000 UTM Content Security Gateway User’s Manual - 531 -Setting Setting  Enable the account report, to record the inbound and outbound informa

CS-2000 UTM Content Security Gateway User’s Manual - 532 -Inbound Accounting Report Account report can record any service downstream /upstream tr

CS-2000 UTM Content Security Gateway User’s Manual - 533 -Example 1. Outbound Step1 Accounting Report Æ Outbound , click User , it shows the acco

CS-2000 UTM Content Security Gateway User’s Manual - 48 - Step3. Choose the network connection.  PPPoE (ADSL User) 1. Select PPPoE (ADSL User)

CS-2000 UTM Content Security Gateway User’s Manual - 534 - Outbound user’s information

CS-2000 UTM Content Security Gateway User’s Manual - 535 - Step2 Accounting Report Æ Outbound , click Site , it shows the send/retrieve packet tra

CS-2000 UTM Content Security Gateway User’s Manual - 536 - Outbound site accounting report

CS-2000 UTM Content Security Gateway User’s Manual - 537 - Step3 Accounting Report Æ Outbound , click Service , it shows the statistics and distri

CS-2000 UTM Content Security Gateway User’s Manual - 538 -Example 2. Inbound Step1 Accounting Report Æ Inbound , click User , it shows the accoun

CS-2000 UTM Content Security Gateway User’s Manual - 539 - Inbound user accounting report

CS-2000 UTM Content Security Gateway User’s Manual - 540 - Inbound user’s information

CS-2000 UTM Content Security Gateway User’s Manual - 541 - Step2 Accounting Report Æ Inbound , click Site , it shows the send / retrieve packet tr

CS-2000 UTM Content Security Gateway User’s Manual - 542 - Step3 Accounting Report Æ Inbound , click Service , it shows the statistics and distrib

CS-2000 UTM Content Security Gateway User’s Manual - 543 -12.3 Statistics SSttaattiissttiiccss WAN statistics, it includes all the upstream / dow

CS-2000 UTM Content Security Gateway User’s Manual - 49 - Use PPPoE To Complete PPPoE connection setting If use the PPPoE, the MIS engineer

CS-2000 UTM Content Security Gateway User’s Manual - 544 -Statistics Statistics charts  Ordinate：Network stream.  Horizontal ordinate：Time（hour

CS-2000 UTM Content Security Gateway User’s Manual - 545 -Example 1. WAN Step1 Statistics Æ WAN, it shows all the downstream / upstream packets a

CS-2000 UTM Content Security Gateway User’s Manual - 546 - View the network flow

CS-2000 UTM Content Security Gateway User’s Manual - 547 -Example 2. Policy Step1 As enabled Policy Æ Statistics option, then the Policy statist

CS-2000 UTM Content Security Gateway User’s Manual - 548 - Step3 Network flow statistic charts.  Ordinate：Network flow.  Horizontal ordinate：Ti

CS-2000 UTM Content Security Gateway User’s Manual - 549 -12.4 Diagnostic DDiiaaggnnoossttiicc The MIS engineer can set the CS-2000 proactively

CS-2000 UTM Content Security Gateway User’s Manual - 550 -Example 1. Ping Step1. In Diagnostic Æ Ping, the MIS engineer can set the CS-2000 send

CS-2000 UTM Content Security Gateway User’s Manual - 551 - Ping results

CS-2000 UTM Content Security Gateway User’s Manual - 552 -If the MIS engineer select VPN of Interface, then he must enter the local CS-2000 LAN in

CS-2000 UTM Content Security Gateway User’s Manual - 553 -Example 2. Traceroute Step1. In Diagnostic Æ Traceroute, the MIS engineer can set the

CS-2000 UTM Content Security Gateway User’s Manual - 50 -  Dynamic IP Address ( cable modem user ) 1. Click Dynamic IP Address. 2. Click IP

CS-2000 UTM Content Security Gateway User’s Manual - 554 - Traceroute results

CS-2000 UTM Content Security Gateway User’s Manual - 555 -12.5 Wake on Lan WWaakkee oonn LLaann The MIS engineer can use the CS-2000 appliance

CS-2000 UTM Content Security Gateway User’s Manual - 556 -Example 1 Remote monitor the internal PC Step1. The internal PC to be remote monitored

CS-2000 UTM Content Security Gateway User’s Manual - 557 -12.6 Status SSttaattuuss MIS engineer can easily know the status of network connection

CS-2000 UTM Content Security Gateway User’s Manual - 558 -12.6.1 Interface Step1 Status Æ Interface, it shows all the interface information in C

CS-2000 UTM Content Security Gateway User’s Manual - 559 - The interface information

CS-2000 UTM Content Security Gateway User’s Manual - 560 -12.6.2 System Info Step1 Status Æ System Info, it shows the real system information. 

CS-2000 UTM Content Security Gateway User’s Manual - 561 - The system information

CS-2000 UTM Content Security Gateway User’s Manual - 562 -12.6.3 Authentication Step1 Status Æ Authentication, it shows the authentication infor

CS-2000 UTM Content Security Gateway User’s Manual - 563 -12.6.4 ARP Table Step1 Status Æ ARP Table, it shows the information of Net BIOS name,

CS-2000 UTM Content Security Gateway User’s Manual - 51 -  Static IP address（For Static or ADSL user） 1. Select Static IP Address. 2. Enter I

CS-2000 UTM Content Security Gateway User’s Manual - 564 -12.6.5 Sessions Info Step1 Status Æ Sessions Info, and click one of the source IP, the

CS-2000 UTM Content Security Gateway User’s Manual - 565 - Step2 Click Source IP or Destination IP, it shows the traffic statistics by user’s IP

CS-2000 UTM Content Security Gateway User’s Manual - 566 -Sessions Info Search  To search the record depends on the Policy, No, Source IP, Desti

CS-2000 UTM Content Security Gateway User’s Manual - 567 -12.6.6 DHCP Step1 Status Æ DHCP Clients, it shows the status of IP address distributed

CS-2000 UTM Content Security Gateway User’s Manual - 52 -4.3 DMZ Sets DMZ Interface (NAT Mode) Step1. In Interface Æ DMZ. Step2. In DMZ Interfa

CS-2000 UTM Content Security Gateway User’s Manual - 53 -Sets DMZ Interface (Transparent Mode) Step1. In Interface Æ DMZ. Step2. In DMZ Inter

CS-2000 UTM Content Security Gateway User’s Manual 7.3.3 Anti-Virus Examples...

CS-2000 UTM Content Security Gateway User’s Manual - 54 -Chapter 5: Policy Object 5.1 Address AAddddrreessss In this chapter, it includes the d

CS-2000 UTM Content Security Gateway User’s Manual - 55 -Definition Name  The MIS engineer can set the easy to identify name of IP address. I

CS-2000 UTM Content Security Gateway User’s Manual - 56 -We set two address application environments. No. Range The Application Environment Pag

CS-2000 UTM Content Security Gateway User’s Manual - 57 -Example 1 When use the DHCP, to distribute the static IP address to the specific user and

CS-2000 UTM Content Security Gateway User’s Manual - 58 - Step2. In Policy Æ Outgoing, add the new settings ： To limit the single user accessin

CS-2000 UTM Content Security Gateway User’s Manual - 59 -When the MIS engineer set the Address settings , he can click ，in order to let the CS-20

CS-2000 UTM Content Security Gateway User’s Manual - 60 -Example 2 To set the policy which allow part of users connect to the remote static IP add

CS-2000 UTM Content Security Gateway User’s Manual - 61 - Step2. In Address Æ LAN Group, to set the setting as following.  Click New Entry.  To

CS-2000 UTM Content Security Gateway User’s Manual - 62 - Step3. In Address Æ WAN , add the setting as following  Click New Entry  Enter the

CS-2000 UTM Content Security Gateway User’s Manual - 63 - Step4. To apply Step 1～3 to policy. Apply the address setting to policy Complete the

CS-2000 UTM Content Security Gateway User’s Manual - 1 -Chapter 1: Introduction The innovation of the Internet has created a tremendous worldwide

CS-2000 UTM Content Security Gateway User’s Manual - 64 -5.2 Service SSeerrvviiccee The TCP Protocol and UDP Protocol can provide different se

CS-2000 UTM Content Security Gateway User’s Manual - 65 -Service Pre-defined Icon The Definition Any service. TCP service , for example

CS-2000 UTM Content Security Gateway User’s Manual - 66 -We set two service application environments. No. Range The application environment

CS-2000 UTM Content Security Gateway User’s Manual - 67 -Example 1 To permit the WAN users communicate to LAN user via the network phone through p

CS-2000 UTM Content Security Gateway User’s Manual - 68 - Step2. In Service Æ Custom add the setting as following ：  Click New Entry.  Servi

CS-2000 UTM Content Security Gateway User’s Manual - 69 -Normally, the default client port number is range from 0 to 65535. It is recommended not

CS-2000 UTM Content Security Gateway User’s Manual - 70 - Step3. Apply the Service setting to Virtual Server. Apply the Server setting to Virtu

CS-2000 UTM Content Security Gateway User’s Manual - 71 -Example 2 To Group the Service, and limit the user can only access the Network resources

CS-2000 UTM Content Security Gateway User’s Manual - 72 - Step2. In Address Æ LAN Group, to set the LAN group which can only access the specific

CS-2000 UTM Content Security Gateway User’s Manual - 73 -5.3 Schedule SScchheedduullee In this chapter, the MIS engineer can define the networ

CS-2000 UTM Content Security Gateway User’s Manual - 2 - VPN Connectivity: The CS-2000 supports several VPN features -- IPSec VPN, SSL VPN and P

CS-2000 UTM Content Security Gateway User’s Manual - 74 -Example To set the valid time of LAN user can access the network data everyday through th

CS-2000 UTM Content Security Gateway User’s Manual - 75 -5.4 QoS QQooSS The CS-2000 appliance can manage the downstream and upstream bandwidth

CS-2000 UTM Content Security Gateway User’s Manual - 76 -QoS： WAN  Includes WAN 1 and WAN 2. Downstream Bandwidth  The maximum bandwidth

CS-2000 UTM Content Security Gateway User’s Manual - 77 -Example Sets the Policy of the Upstream Bandwidth and Downstream Bandwidth. Step1. In

CS-2000 UTM Content Security Gateway User’s Manual - 78 - Step2. In Policy Æ Outgoing , to apply the QoS Setting in Step 1 To select the QoS S

CS-2000 UTM Content Security Gateway User’s Manual - 79 -5.5 Authentication Authentication The CS-2000 appliance can manage the user’s connectio

CS-2000 UTM Content Security Gateway User’s Manual - 80 -Authentication： Authentication Management  It can provide the authentication port to

CS-2000 UTM Content Security Gateway User’s Manual - 81 -z To add the settings in the authentication management ： The authentication management

CS-2000 UTM Content Security Gateway User’s Manual - 82 -z After the authentication , it will redirect to the assigned web site ： Redirect to

CS-2000 UTM Content Security Gateway User’s Manual - 83 -Search Distinguished Name  The identify name of LDAP server. LDAP Filter  To assig

CS-2000 UTM Content Security Gateway User’s Manual - 3 -1.2 Package Contents The following items should be included:  CS-2000 x 1  Quick Insta

CS-2000 UTM Content Security Gateway User’s Manual - 84 -We set 4 authentication application environments. No. Range The Application Environme

CS-2000 UTM Content Security Gateway User’s Manual - 85 -5.5.1 Example 1 User & User Group Authentication To plan the LAN user connect to the

CS-2000 UTM Content Security Gateway User’s Manual - 86 - Step3. In Policy Æ Outgoing, add a new policy, and apply the Step 1, 2 into the new pol

CS-2000 UTM Content Security Gateway User’s Manual - 87 - Step4. When the LAN users want to connect to the network via browser, it will show the

CS-2000 UTM Content Security Gateway User’s Manual - 88 -5.5.2 Example 2 RADIUS Server Authentication To plan the user connect to the WAN through

CS-2000 UTM Content Security Gateway User’s Manual - 89 - Step3. Select Internet Authentication Service Add new network authentication service

CS-2000 UTM Content Security Gateway User’s Manual - 90 - Step5. Right click RADIUS Clients Æ New RADIUS Client Add new RADIUS client Step6.

CS-2000 UTM Content Security Gateway User’s Manual - 91 - Step7. Select RADISU Standard; enter the Shared secret and Confirm Shared secret. ( It

CS-2000 UTM Content Security Gateway User’s Manual - 92 -Step9. Select Use the wizard to set up a typical policy for a common scenario , and ente

CS-2000 UTM Content Security Gateway User’s Manual - 93 - Step11. Select User Add new remote access policy user and group Step12. Select MD5-