ebook img

Cisco ISA500 Series Security Appliances Administration Guide PDF

479 Pages·2013·4.28 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cisco ISA500 Series Security Appliances Administration Guide

ADMINISTRATION GUIDE Cisco Small Business ISA500 Series Integrated Security Appliances (ISA550, ISA550W, ISA570, ISA570W) Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Ciscotrademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco Systems, Inc. All rights reserved. 78-20776-03 Federal Communication Commission Interference Statement (For ISA570 and ISA570W) This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. (For ISA550 and ISA550W) This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures: • Reorient or relocate the receiving antenna. • Increase the separation between the equipment and receiver. • Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. • Consult the dealer or an experienced radio/TV technician for help. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. IMPORTANT NOTE: FCC Radiation Exposure Statement: (For ISA550W and ISA570W) This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator & your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. The availability of some specific channels and/or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user. Industry Canada statement: This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouillage reçu, y compris un brouillage susceptible de provoquer un fonctionnement indésirable. IMPORTANT NOTE: Canada Radiation Exposure Statement: (For ISA550W and ISA570W) This equipment complies with Canada radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator and your body. NOTE IMPORTANTE: (Pour l'utilisation de dispositifs mobiles) Déclaration d'exposition aux radiations: Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps. This device has been designed to operate with an antenna having a maximum gain of 1.8 dBi. Antenna having a higher gain is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms. Under Industry Canada regulations, this radio transmitter may only operate using an antenna of a type and maximum (or lesser) gain approved for the transmitter by Industry Canada. To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (e.i.r.p.) is not more than that necessary for successful communication. (Le manuel d'utilisation de dispositifs émetteurs équipés d'antennes amovibles doit contenir les informations suivantes dans un endroit bien en vue:) Ce dispositif a été conçu pour fonctionner avec une antenne ayant un gain maximal de 1.8 dBi. Une antenne à gain plus élevé est strictement interdite par les règlements d'Industrie Canada. L'impédance d'antenne requise est de 50 ohms. Conformément à la réglementation d'Industrie Canada, le présent émetteur radio peutfonctionner avec une antenne d'un type et d'un gain maximal (ou inférieur) approuvé pourl'émetteur par Industrie Canada. Dans le but de réduire les risques de brouillage radioélectriqueà l'intention des autres utilisateurs, il faut choisir le type d'antenne et son gain de sorte que lapuissance isotrope rayonnée équivalente (p.i.r.e.) ne dépasse pas l'intensité nécessaire àl'établissement d'une communication satisfaisante. UL/CB Rack Mount Instructions - The following or similar rack-mount instructions are included with the installation instructions: A) Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature (Tma) 40 degree C specified by the manufacturer. B) Reduced Air Flow - Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised. C) Mechanical Loading - Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading. D) Circuit Overloading - Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern. Contents Chapter 1: Getting Started 19 Introduction 20 Product Overview 21 Front Panel 21 Back Panel 23 Getting Started with the Configuration Utility 25 Logging in to the Configuration Utility 26 Navigating Through the Configuration Utility 27 Using the Help System 28 Configuration Utility Icons 28 Factory Default Settings 30 Default Settings of Key Features 30 Restoring the Factory Default Settings 31 Performing Basic Configuration Tasks 32 Changing the Default Administrator Password 32 Upgrading your Firmware After your First Login 33 Backing Up Your Configuration 34 Chapter 2: Configuration Wizards 35 Using the Setup Wizard for the Initial Configuration 36 Starting the Setup Wizard 37 Configuring Cisco.com Account Credentials 37 Enabling Firmware Upgrade 38 Validating Security License 39 Enabling Bonjour and CDP Discovery Protocols 39 Configuring Remote Administration 40 Configuring Physical Ports 41 Configuring the Primary WAN 42 Configuring the Secondary WAN 42 Configuring WAN Redundancy 42 Configuring Default LAN Settings 43 Configuring DMZ 44 Cisco ISA500 Series Integrated Security Appliances Administration Guide 6 Contents Configuring DMZ Services 45 Configuring Wireless Radio Settings 47 Configuring Intranet WLAN Access 48 Configure Security Services 49 Viewing Configuration Summary 50 Using the Dual WAN Wizard to Configure WAN Redundancy Settings 51 Starting the Dual WAN Wizard 51 Configuring a Configurable Port as a Secondary WAN Port 51 Configuring the Primary WAN 52 Configuring the Secondary WAN 52 Configuring WAN Redundancy 52 Configuring Network Failure Detection 53 Viewing Configuration Summary 54 Using the Remote Access VPN Wizard 54 Using the Remote Access VPN Wizard for IPsec Remote Access 54 Starting the Remote Access VPN Wizard 55 Configuring IPsec Remote Access Group Policy 55 Configuring WAN Settings 56 Configuring Operation Mode 56 Configuring Access Control Settings 57 Configuring DNS and WINS Settings 57 Configuring Backup Servers 58 Configuring Split Tunneling 58 Viewing Group Policy Summary 58 Configuring IPsec Remote Access User Groups 59 Viewing IPsec Remote Access Summary 59 Using Remote Access VPN Wizard for SSL Remote Access 60 Starting the Remote Access VPN Wizard with SSL Remote Access 60 Configuring SSL VPN Gateway 60 Configuring SSL VPN Group Policy 62 Configuring SSL VPN User Groups 65 Viewing SSL VPN Summary 66 Using the Site-to-Site VPN Wizard to Configure Site-to-Site VPN 66 Starting the Site-to-Site VPN Wizard 67 Configuring VPN Peer Settings 67 Configuring IKE Policies 68 Cisco ISA500 Series Integrated Security Appliances Administration Guide 7 Contents Configuring Transform Policies 69 Configuring Local and Remote Networks 70 Viewing Configuration Summary 70 Using the DMZ Wizard to Configure DMZ Settings 71 Starting the DMZ Wizard 71 Configuring DDNS Profiles 71 Configuring DMZ Network 72 Configuring DMZ Services 74 Viewing Configuration Summary 76 Using the Wireless Wizard (for ISA550W and ISA570W only) 76 Starting the Wireless Wizard 76 Configuring Wireless Radio Settings 76 Configuring Wireless Connectivity Types 77 Specify Wireless Connectivity Settings for All Enabled SSIDs 78 Viewing Configuration Summary 78 Configuring the SSID for Intranet WLAN Access 78 Configuring the SSID for Guest WLAN Access 80 Chapter 3: Status 84 Device Status Dashboard 84 Network Status 88 Status Summary 88 Traffic Statistics 91 Usage Reports 92 WAN Bandwidth Reports 94 ARP Table 95 DHCP Bindings 95 STP Status 96 CDP Neighbor 98 Wireless Status (for ISA550W and ISA570W only) 99 Wireless Status 99 Client Status 100 Cisco ISA500 Series Integrated Security Appliances Administration Guide 8 Contents NAT Status 100 VPN Status 101 IPsec VPN Status 101 SSL VPN Status 103 Active User Sessions 105 Security Services Reports 106 Web Security Report 106 Anti-Virus Report 107 Email Security Report 108 Network Reputation Report 109 IPS Report 110 Application Control Report 111 System Status 112 Processes 112 Resource Utilization 113 Chapter 4: Networking 115 Viewing Network Status 116 Configuring IPv4 or IPv6 Routing 116 Managing Ports 116 Viewing Status of Physical Interfaces 117 Configuring Physical Ports 118 Configuring Port Mirroring 119 Configuring Port-Based (802.1x) Access Control 120 Configuring the WAN 122 Configuring WAN Settings for Your Internet Connection 122 Configuring WAN Redundancy 130 Dual WAN Settings 130 Configuring Link Failover Detection 132 Load Balancing with Policy-Based Routing Configuration Example 133 Configuring Dynamic DNS 134 Measuring and Limiting Traffic with the Traffic Meter 135 Configuring a VLAN 137 Cisco ISA500 Series Integrated Security Appliances Administration Guide 9 Contents Configuring DMZ 141 Configuring Zones 146 Security Levels for Zones 146 Predefined Zones 147 Configuring Zones 147 Configuring DHCP Reserved IPs 149 Configuring Routing 149 Viewing the Routing Table 150 Configuring Routing Mode 150 Configuring Static Routing 151 Configuring Dynamic Routing - RIP 152 Configuring Policy-Based Routing 153 Configuring Quality of Service 155 General QoS Settings 155 Configuring WAN QoS 156 Managing WAN Bandwidth for Upstream Traffic 156 Configuring WAN Queue Settings 157 Configuring Traffic Selectors 158 Configuring WAN QoS Policy Profiles 160 Configuring WAN QoS Class Rules 160 Mapping WAN QoS Policy Profiles to WAN Interfaces 161 WAN QoS Configuration Example 162 Configure WAN QoS for Voice Traffic from LAN to WAN 164 Configuring WAN QoS for Voice Traffic from WAN to LAN 165 Configuring LAN QoS 166 Configuring LAN Queue Settings 167 Configuring LAN QoS Classification Methods 167 Mapping CoS to LAN Queue 168 Mapping DSCP to LAN Queue 168 Configuring Default CoS 169 Configuring Wireless QoS 169 Default Wireless QoS Settings 169 Configuring Wireless QoS Classification Methods 170 Mapping CoS to Wireless Queue 171 Mapping DSCP to Wireless Queue 171 Understanding DSCP Values 171 Cisco ISA500 Series Integrated Security Appliances Administration Guide 10

Description:
used in accordance with the instructions, may cause harmful interference to radio . 25. Logging in to the Configuration Utility. 26. Navigating Through the Configuration Utility. 27. Using the Help System .. 427. Configuring Device Properties. 428. Diagnostic Utilities. 428. Ping. 429 802.11b/g/
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.