Page 161 / 224 Scroll up to view Page 156 - 160
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Preparing Your Network
D-11
December 2003, M-10041-01
If an IP address appears under Installed Gateways, write down the address. This is the ISP’s
gateway address. Select the address and then click Remove to remove the gateway address.
6.
Select the DNS Configuration tab.
If any DNS server addresses are shown, write down the addresses. If any information appears
in the Host or Domain information box, write it down. Click Disable DNS.
7.
Click OK to save your changes and close the TCP/IP Properties dialog box.
You are returned to the Network window.
8.
Click OK.
9.
Reboot your PC at the prompt. You may also be prompted to insert your Windows CD.
Obtaining ISP Configuration Information for Macintosh
Computers
As mentioned above, you may need to collect configuration information from your Macintosh so
that you can use this information when you configure the FVS328 Firewall. Following this
procedure is only necessary when your ISP does not dynamically supply the account information.
To get the information you need to configure the firewall for Internet access:
1.
From the Apple menu, select Control Panels, then TCP/IP.
The TCP/IP Control Panel opens, which displays a list of configuration settings. If the
“Configure” setting is “Using DHCP Server”, your account uses a dynamically-assigned IP
address. In this case, close the Control Panel and skip the rest of this section.
2.
If an IP address and subnet mask are shown, write down the information.
3.
If an IP address appears under Router address, write down the address. This is the ISP’s
gateway address.
4.
If any Name Server addresses are shown, write down the addresses. These are your ISP’s DNS
addresses.
5.
If any information appears in the Search domains information box, write it down.
6.
Change the “Configure” setting to “Using DHCP Server”.
7.
Close the TCP/IP Control Panel.
Page 162 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
D-12
Preparing Your Network
December 2003, M-10041-01
Restarting the Network
Once you have set up your computers to work with the firewall, you must reset the network for the
devices to be able to communicate correctly. Restart any computer that is connected to the firewall.
After configuring all of your computers for TCP/IP networking and restarting them, and
connecting them to the local network of your FVS328 Firewall, you are ready to access and
configure the firewall.
Page 163 / 224
Virtual Private Networking
E-1
December 2003, M-10041-01
Appendix E
Virtual Private Networking
There have been many improvements in the Internet including Quality of Service, network
performance, and inexpensive technologies, such as DSL. But one of the most important advances
has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of
the most complete, secure, and commercially available, standards-based protocols developed for
transporting data.
What is a VPN?
A VPN is a shared network where private data is segmented from other traffic so that only the
intended recipient has access. The term VPN was originally used to describe a secure connection
over the Internet. Today, however, VPN is also used to describe private networks, such as Frame
Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS).
A key aspect of data security is that the data flowing across the network is protected by encryption
technologies. Private networks lack data security, which allows data attackers to tap directly into
the network and read the data. IPSec-based VPNs use encryption to provide data security, which
increases the network’s resistance to data tampering or theft.
IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame
Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive.
VPNs are traditionally used for:
Intranets:
Intranets connect an organization’s locations. These locations range from the
headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity
is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS
accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting
home users is also very expensive compared to Internet-access technologies, such as DSL or
cable. Because of this, organizations are moving their networks to the Internet, which is
inexpensive, and using IPSec to create these networks.
Page 164 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
E-2
Virtual Private Networking
December 2003, M-10041-01
Remote Access:
Remote access enables telecommuters and mobile workers to access e-mail
and business applications. A dial-up connection to an organization’s modem pool is one
method of access for remote workers, but is expensive because the organization must pay the
associated long distance telephone and service costs. Remote access VPNs greatly reduce
expenses by enabling mobile workers to dial a local Internet connection and then set up a
secure IPSec-based VPN communications to their organization.
Extranets
: Extranets are secure connections between two or more organizations. Common
uses for extranets include supply-chain management, development partnerships, and
subscription services. These undertakings can be difficult using legacy network technologies
due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for
extranet connections. IPSec-capable devices can be quickly and inexpensively installed on
existing Internet connections.
What Is IPSec and How Does It Work?
IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data
authentication, integrity, and confidentiality as data is transferred between communication points
across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle
that is organized for transmission across a network, and includes a header and payload (the data in
the packet). IPSec emerged as a viable network security standard because enterprises wanted to
ensure that data could be securely transmitted over the Internet. IPSec protects against possible
security exposures by protecting data while in while in transit.
IPSec Security Features
IPSec is the most secure method commercially available for connecting network sites. IPSec was
designed to provide the following security features when transferring packets across networks:
Authentication:
Verifies that the packet received is actually from the claimed sender.
Integrity:
Ensures that the contents of the packet did not change in transit.
Confidentiality:
Conceals the message content through encryption.
IPSec Components
IPSec contains the following elements:
Page 165 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
E-3
December 2003, M-10041-01
Encapsulating Security Payload (ESP)
: Provides confidentiality, authentication, and
integrity.
Authentication Header (AH)
: Provides authentication and integrity.
Internet Key Exchange (IKE)
: Provides key management and Security Association (SA)
management.
Encapsulating Security Payload (ESP)
ESP provides authentication, integrity, and confidentiality, which protect against data tampering
and, most importantly, provide message content protection.
IPSec provides an open framework for implementing industry standard algorithms, such as SHA
and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet,
which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a
packet has been tampered with. Furthermore, packets that are not authenticated are discarded and
not delivered to the intended receiver.
ESP also provides all encryption services in IPSec. Encryption translates a readable message into
an unreadable format to hide the message content. The opposite process, called decryption,
translates the message content from an unreadable format to a readable message. Encryption/
decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has
an option to perform authentication, called ESP authentication. Using ESP authentication, ESP
provides authentication and integrity for the payload and not for the IP header.
Figure 9-4:
Original packet and packet with IPSec Encapsulated Security Payload

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top