sbox manual

SofaWare S-boxTMInternet Security Appliance

Getting Started GuideVersion 3.0

Part No.: 700615 October 2002

COPYRIGHT & TRADEMARKS Copyright 2001 SofaWare, All Rights Reserved. No part of this document may be reproduced in any form or by any means without written permission from SofaWare. Information in this document is subject to change without notice and does not represent a commitment on part of SofaWare Technologies Ltd. SofaWare, SofaWare S-box, Safe@Home and Safe@Office are trademarks, service marks, or registered trademarks of SofaWare Technologies Ltd. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ Engine, Meta IP, MultiGate, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN, UAM, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice, and ConnectControl are trademarks, service marks, or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668 and 5,835,726 and may be protected by other U.S. Patents, foreign patents, or pending applications. SAFETY PRECAUTIONS Carefully read the Safety Instructions the Installation and Operating Procedures provided in this User's Guide before attempting to install or operate the SofaWare S-box. Failure to follow these instructions may result in damage to equipment and/or personal injuries. Before cleaning the S-box, unplug the power cord. Use only a soft cloth dampened with water for cleaning.

Any changes or modifications to this product not explicitly approved by the manufacturer could void any assurances of Safety or Performance and could result in violation of Part 15 of the FCC Rules. When installing the S-box, ensure that the vents are not blocked. Do not use the S-box outdoors. Do not expose the S-box to liquid or moisture. Do not expose the S-box to extreme high or low temperatures. Do not drop, throw, or bend the S-box since rough treatment could damage it. Do not use any accessories other than those approved by SofaWare. Failure to do so may result in loss of performance, damage to the product, fire, electric shock or injury, and will void the warranty. Do not disassemble or open the S-box. Failure to comply will void the warranty. Do not route the cables in a walkway or in a location that will crimp the cables. POWER ADAPTER The S-box should only be used with the power adapter provided. The power adapter should be plugged into a surge protected power source. In addition, be careful not to overload the wall outlets, extension cords, etc. used to power this unit. Connect the power adapter only to power sources as marked on the product. To reduce risk of damage to the electric cord, remove it from the outlet by holding the power adapter rather than the cord. SECURITY DISCLAIMER The S-box provides your home/office network with the highest level of security. However, no product can provide you with absolute protection against a determined effort to break into your system. We recommend using additional security measures to secure highly valuable or sensitive information.

2

SofaWare S-box Getting Started Guide

Table of Contents

Table of ContentsChapter 1 Introduction ...................................................................................................... 7 About Your SofaWare S-box.......................................................................... 7 SofaWare S-box Software .............................................................................. 7 SofaWare Safe@Home............................................................................... 8 SofaWare Safe@Home Pro ........................................................................ 8 SofaWare Safe@Office .............................................................................. 8 SofaWare Safe@Office Plus....................................................................... 8 About This Guide ........................................................................................... 9 SofaWare S-box Features and Compatibility ............................................... 10 Connectivity.............................................................................................. 10 Security..................................................................................................... 10 Management ............................................................................................. 10 Security Services ...................................................................................... 10 VPN .......................................................................................................... 11 Package Contents...................................................................................... 11 Network Requirements ............................................................................. 11 Getting to Know Your SofaWare S-box....................................................... 12 Rear Panel................................................................................................. 12 Front Panel................................................................................................ 13 Contacting Technical Support ...................................................................... 14 Chapter 2 Installing and Configuring the S-box............................................................ 15 Before You Install the S-box ........................................................................ 15 Windows 98/Millennium Operating Systems ........................................... 15 Windows 2000/XP Operating System ...................................................... 20 Installing TCP/IP Protocol........................................................................ 22 Mac OS ..................................................................................................... 24 Connecting Your S-box to the Network ....................................................... 25 Network Installation ..................................................................................... 26 Configuring Your S-box for Internet Connection......................................... 27 Setting Up Your Password........................................................................ 27 Using the Setup Wizard ............................................................................ 29 Using Advanced Setup ............................................................................. 35

Table of Contents

3

Table of Contents

Chapter 3 Getting Started ............................................................................................... 45 Logging on to the SofaWare Safe@ Portal .................................................. 45 Logging on with SofaWare Safe@Home or SofaWare Safe@Home Pro 45 Logging on with SofaWare Safe@Office................................................. 47 Accessing the SofaWare Safe@ Portal through HTTPS .............................. 48 Using the SofaWare Safe@ Portal ............................................................... 49 Navigation Bar ......................................................................................... 49 Main Frame .............................................................................................. 50 Status Bar ................................................................................................. 50 Logging off................................................................................................... 51 Chapter 4 Managing Your Network............................................................................... 53 Viewing Network Activity Information ....................................................... 53 Configuring Network Settings...................................................................... 54 Enabling/Disabling the DHCP Server ...................................................... 54 Changing IP Addresses ............................................................................ 55 Enabling/Disabling NAT.......................................................................... 57 Changing the Internet Connection Configuration......................................... 57 Using Quick Internet Connection/Disconnection......................................... 57 Configuring HTTPS ..................................................................................... 58 Static Routes................................................................................................. 59 Adding a Static Route............................................................................... 59 Viewing and Editing Static Routes........................................................... 61 Deleting a Static Route............................................................................. 62 Chapter 5 Viewing Reports ............................................................................................. 65 Viewing the Event Log................................................................................. 65 Viewing Connections ................................................................................... 67 Viewing Computers...................................................................................... 68 Chapter 6 Setting Your S-box Security Policy............................................................... 71 Setting the Firewall Security Level .............................................................. 71 Configuring Virtual Servers ......................................................................... 72 Creating Rules .............................................................................................. 74 Allow and Block Rules............................................................................. 74 Demilitarized Zone (DMZ) ...................................................................... 77

4


Table of Contents

Chapter 7 Using Subscription Services........................................................................... 79 Starting Your Subscription Services............................................................. 79 Viewing Services Information ...................................................................... 83 Canceling Subscription Services .................................................................. 83 Web Filtering................................................................................................ 84 Enabling/Disabling Web Filtering When Locally Managed..................... 84 Selecting Categories for Blocking ............................................................ 85 Temporary Disable for Web Filtering When Remotely Managed............ 85 Virus Scanning ............................................................................................. 87 Enabling/Disabling E-mail Anti Virus When Locally Managed .............. 87 Selecting Protocols for Scanning .............................................................. 88 Temporary Disable for E-mail Anti Virus When Remotely Managed ..... 89 Automatic and Manual Updates ................................................................... 91 Checking for Software Updates When Locally Managed......................... 91 Checking for Software Updates When Remotely Managed ..................... 92 Refreshing Your Service Center Connection................................................ 93 Configuring Your Account ........................................................................... 93 Chapter 8 Working With VPNs....................................................................................... 95 Adding and Editing VPN Sites using SofaWare Safe@Home Pro............... 96 Adding and Editing VPN Sites using SofaWare Safe@Office................... 102 Configuring a Remote Access VPN Site ................................................ 104 Configuring a Site to Site VPN Gateway................................................ 106 Completing Site Creation........................................................................ 108 Setting Up Your S-box as a VPN Server .................................................... 109 Deleting a VPN Site.................................................................................... 110 Enabling/Disabling a VPN Site .................................................................. 110 Installing a Certificate................................................................................. 111 Uninstalling a certificate......................................................................... 113 Logging on to a VPN Site........................................................................... 114 Logging on through the SofaWare Safe@ Portal ................................... 115 Logging on through the my.vpn page ..................................................... 117 Logging off a VPN Site .............................................................................. 118 Viewing VPN Tunnels................................................................................ 118

Table of Contents

5

Table of Contents

Chapter 9 Managing Users ............................................................................................ 121 Changing Your Password........................................................................... 121 Using SofaWare Safe@Home and SofaWare Safe@Home Pro ............ 121 Using SofaWare Safe@Office................................................................ 122 Adding Users.............................................................................................. 124 Viewing and Editing Users......................................................................... 124 Deleting Users ............................................................................................ 126 Setting Up Remote VPN Access for Users ................................................ 126 Chapter 10 Upgrading and Updating ............................................................................. 127 Upgrading Your Software Product............................................................. 127 Registering Your S-box.............................................................................. 131 Updating the Firmware Manually .............................................................. 132 Chapter 11 Troubleshooting............................................................................................ 135 Frequently Asked Questions ...................................................................... 135 Viewing Firmware Status........................................................................... 140 Resetting the S-box to factory defaults....................................................... 141 Rebooting the SofaWare S-box .................................................................. 142 Running Diagnostics .................................................................................. 143 Appendix Specifications ................................................................................................ 145 Technical Specifications............................................................................. 145 FCC ........................................................................................................ 145 CE Declaration of Conformity ............................................................... 145 Glossary Index .................................................................................................... 147 .................................................................................................... 155

6


About Your SofaWare S-box

Chapter 1

IntroductionAbout Your SofaWare S-boxThe SofaWare S-box is an advanced Internet security appliance, enabling secure high-speed Internet access from the home or office. The S-box incorporates the Safe@ product family from SofaWare Technologies, an affiliate of Check Point Software Technologies, the worldwide leader in securing the Internet. The Safe@ firewall, based on Check Points market-leading FireWall-1 Stateful Inspection technology, inspects and filters all incoming and outgoing traffic, blocking all unauthorized traffic. Unlike PC-based firewalls, the S-box is a hardware appliance, hence making installation easier, and providing protection for your entire network - not just a single computer. The S-box also allows sharing your Internet connection among several PCs or other network devices, enabling advanced home/office networking. With the SofaWare S-box, home users can subscribe to valuable subscription security services, such as firewall security updates, parental control and others. Business users can use the S-box to securely connect to the corporate network.

SofaWare S-box SoftwareThe SofaWare S-box is available with the following software configurations: SofaWare Safe@Home, SofaWare Safe@Home Pro, SofaWare Safe@Office and SofaWare Safe@Office Plus. All four provide a web-based management interface, which enables you to manage and configure the S-box operation and options. Your S-box can be upgraded to a more advanced product level, without replacing the hardware. Just contact your software provider.

Chapter 1: Introduction

7

SofaWare S-box Software

SofaWare Safe@HomeSafe@Home protects your home network from hostile Internet activity. It is intended for home users and can be used by up to five computers.

SofaWare Safe@Home ProIn addition to all the benefits of SofaWare Safe@Home, SofaWare Safe@Home Pro provides Virtual Private Networking (VPN) functionality. SofaWare Safe@Home Pro contains a VPN client, which enables employees working from home to securely connect to the corporate network. SofaWare Safe@Home Pro is intended for home users who are part of an extended enterprise network. It can be used by up to five computers.

SofaWare Safe@OfficeSofaWare Safe@Office provides all the benefits of SofaWare Safe@Home Pro, along with expanded VPN functionality: it acts not only as a VPN client, but as a VPN server which is installed office-side to protect the companys VPN and make it available to telecommuting employees. SofaWare Safe@Office can also be configured as a VPN gateway, which allows permanent bi-directional connections between two gateways, such as two company offices. SofaWare Safe@Office is intended both for companies with extended enterprise networks and for their employees working from home. It can be used by up to ten computers.

SofaWare Safe@Office PlusSofaWare Safe@Office Plus extends SofaWare Safe@Office to support up to 25 computers.

8


About This Guide

About This GuideTo make finding information in this manual easier, some types of information are marked with special symbols or formatting. Boldface type is used for command and button names.Note Notes are denoted by indented text and preceded by the Note icon.

Warning Warnings are denoted by indented text and preceded by the Warning icon.

Tasks that require SofaWare Safe@Home are marked with the Safe@Home icon.

Tasks that require SofaWare Safe@Home Pro are marked with the Safe@Home Pro icon.

Tasks that require SofaWare Safe@Office or SofaWare Safe@Office Plus are marked with the Safe@Office icon.


9

SofaWare S-box Features and Compatibility

SofaWare S-box Features and CompatibilityThe S-box provides the following features:

Connectivity 4-port 10/100 Mbit/s Ethernet switch Internet connection sharing (NAT - Network Address Translation) PPPoE/PPTP support DHCP server and client

Security Advanced Stateful Inspection Firewall security. Protection from Denial of Service (DoS) attacks Anti-spoofing protection Intrusion logging Updateable and customizable security policy

Management Local Web-based interface Remote management by Service Center or corporate Remote firmware updates Remote management via HTTPS Remote management by Service Center or corporate, using the SofaWare Security Management Platform (SMP)

Security Services1 Automatic Firewall security updates Content filtering E-mail anti-virus protection Centralized logging and intrusion detection VPN management

1

Depends on availability of service in your area SofaWare S-box Getting Started Guide

10

SofaWare S-box Features and Compatibility

VPN IPSEC VPN Remote Access Server (SofaWare Safe@Office only) IPSEC VPN Site-To-Site Gateway (SofaWare Safe@Office only) IPSEC VPN Remote Access Client (SofaWare Safe@Home Pro and SofaWare Safe@Office only) Certificates authentication support (SofaWare Safe@Office only)

Package Contents SofaWare S-box Internet Security Appliance CAT5 Straight-through Ethernet Cable Power Adapter Quick Start Guide This Getting Started Guide

Network Requirements A broadband Internet connection via cable or DSL modem with Ethernet interface (RJ-45) 10BaseT or 100BaseT Network Interface Card installed on each computer TCP/IP network protocol installed on each computer CAT5 STP (Category 5 Shielded Twisted Pair) Ethernet cable for each computer Internet Explorer 5.0 or higher, or Netscape Navigator 4.7 and higherNote - For optimal results, it is highly recommended to use either Microsoft Internet Explorer 5.5 or higher, or Netscape Navigator 6.2 or higher.


11

Getting to Know Your SofaWare S-box

Getting to Know Your SofaWare S-boxRear PanelFigure 1 shows the S-boxs rear panel. All physical connections (network and power) to the S-box are made via the rear panel of your S-box.

Figure 1 S-box Rear Panel Items

The following lists the SofaWare S-boxs rear panel items. Label Description A power jack used for supplying power to the unit. PWR Connect the power adapter to this jack. RESET A button used for rebooting the S-box or resetting the S-box to its factory defaults. A sharp object is needed for pressing this button. Short press reboots the S-box Long press (7 seconds) resets the S-box to its factory defaults. This will result in loss of all security services and passwords and you will have to re-configure your S-box. DO NOT RESET THE UNIT WITHOUT CONSULTING YOUR S-BOX PROVIDER. WAN LAN 1-4 Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or xDSL modem. Local Area Network: Four Ethernet ports (RJ-45) used for connecting computers or other network devices.

12


Getting to Know Your SofaWare S-box

Front PanelThe SofaWare S-box includes 11 status LEDs. You can monitor the S-boxs operation by viewing these LEDs during operation. Figure 2 shows the S-box status LEDs.

Figure 2 S-box Front Panel

LED PWR/SEC

Description Off Flashing quickly (Green) Flashing slowly (Green) On (Green) Flashing (Red) On (Red) Power off System boot-up Establishing Internet connection Normal Operation Hacker attack blocked Error Link is down. 10Mbps link established for the corresponding port. 100Mbps link established for the corresponding port. Data is being transmitted/received

LAN 1-4/ WAN

LINK/ACT Off, 100 Off LINK/ACT On, 100 Off

LINK/ACT On, 100 On

LINK/ACT Flashing


13

Contacting Technical Support

Contacting Technical SupportIf there is a problem with your S-box, surf to http://www.sofaware.com/support and fill out a technical support request form. You can also download the latest version of this guide from the site.

14


Before You Install the S-box

Chapter 2

Installing and Configuring the S-boxThis chapter describes how to properly set up, install, and configure your S-box in your networking environment. The following topics are covered: Checking the computers TCP/IP Installation and Configuration Installing the TCP/IP protocol on your computer (if not installed) Configuring the TCP/IP settings for different platforms Network Installation Configuring your S-box for Internet connection

Before You Install the S-boxPrior to connecting and setting up your S-box for operation, you must do the following: Check if TCP/IP Protocol is installed on your computer. Check your computers TCP/IP settings to make sure it obtains its IP address automatically. Refer to the relevant section in this guide in accordance with the operating system that runs on your computer. The following sections will guide you through the TCP/IP setup and installation process.

Windows 98/Millennium Operating SystemsChecking the TCP/IP Installation1. Click Start > Settings > Control Panel. The Control Panel window appears.

Chapter 2: Installing and Configuring the S-box

15


icon. 2. Double-click on The Network window appears.

3. In the Network window, check if TCP/IP appears in the network components list and if it is already configured with the Ethernet card, installed on your computer.

16



Installing TCP/IP ProtocolNote - If TCP/IP is already installed and configured on your computer skip this section and move directly to TCP/IP Settings.

1. In the Network window, click Add. The Select Network Component Type window appears.

2. Choose Protocol and click Add. The Select Network Protocol window appears.

3. In the Manufacturers list choose Microsoft, and in the Network Protocols list choose TCP/IP. 4. Click OK. If Windows asks for original Windows installation files, provide the installation CD and relevant path when required (e.g. D:\win98) 5. Restart your computer if prompted.


17


TCP/IP SettingsNote - If you are connecting your S-box to an existing LAN, consult your network manager for the correct configurations.

1. In the Network window, double-click the TCP/IP service for the Ethernet card, which has been installed on your computer (e.g. The TCP/IP Properties window opens. ).

2. Click the Gateway tab, and remove any installed gateways. 3. Click the DNS Configuration tab, and click the Disable DNS radio button.

18



4. Click the IP Address tab, and click the Obtain an IP address automatically radio button.

Note - Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically. If for some reason you need to assign a static IP address, select Specify an IP address, type in an IP address in the range of 192.168.10.129-254, enter 255.255.255.0 in the Subnet Mask field, and click OK to save the new settings. (Note that 192.168.10 is the default value, and it may vary if you changed it in the My Network page.)


19


5. Click Yes when prompted for Do you want to restart your computer?. Your computer restarts, and the new settings to take effect. Your computer is now ready to access your S-box.

Windows 2000/XP Operating SystemNote While Windows XP has an "Internet Connection Firewall" option, it is recommended not to enable it if you are using an S-box, since the S-box offers better protection.

Checking the TCP/IP Installation1. Click Start > Settings > Control Panel. The Control Panel window appears.

2. Double-click on Network and Dial-up Connections icon. The Network and Dial-up Connections window appears.

20



3. Right-click the

icon and select Properties from the pop-up

menu that opens. The Local Area Connection Properties window appears.

4. In the above window, check if TCP/IP appears in the components list and if it is properly configured with the Ethernet card, installed on your computer. If TCP/IP does not appear in the Components list, you must install it as described in the next section.


21


Installing TCP/IP Protocol1. In the Local Area Connection Properties window click on the Install button. The Select Network Component Type window appears.

2. Choose Protocol and click Add. The Select Network Protocol window appears.

3. Choose Internet Protocol (TCP/IP) and click OK. TCP/IP protocol is installed on your computer.

22



TCP/IP Settings1. In the Local Area Connection Properties window double-click the Internet Protocol (TCP/IP) component, or select it and click Properties. The Internet Protocol (TCP/IP) Properties window opens.

2. Click the Obtain an IP address automatically radio button.Note - Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically. If for some reason you need to assign a static IP address, select Specify an IP address, type in an IP address in the range of 192.168.10.129-254, enter 255.255.255.0 in the Subnet Mask field, and click OK to save the new settings. (Note that 192.168.10 is the default value, and it may vary if you changed it in the My Network page.)

3. Click the Obtain DNS server address automatically radio button. 4. Click OK to save the new settings. Your computer is now ready to access your S-box.


23


Mac OSUse the following procedure for setting up the TCP/IP Protocol. 1. Choose Apple Menus -> Control Panels -> TCP/IP. The TCP/IP window appears.

2. Click the Connect via drop-down list and select Ethernet. 3. Click the Configure drop-down list and select Using DHCP Server. 4. Close the window and save the setup.

24


Connecting Your S-box to the Network

Connecting Your S-box to the NetworkLaptop Computer

PC

Hub

InternetxDSL or Cable Modem SofaWare S-box

PC

Macintosh

Wireless Bridge

Figure 1 SofaWare S-box Typical Topologies


25

Network Installation

Network Installation1. Verify that you have the correct cable type: ! For proper operation, the S-box requires STP CAT5 (Shielded Twisted Pair Category 5) Ethernet cables. Make sure that this specification is printed on your cables. 1. Connect the LAN cable: ! Connect one end of the Ethernet cable to one of the LAN ports at the back of the unit. ! Connect the other end to PCs, hubs or other network devices. 2. Connect the WAN cable: ! Connect one end of the Ethernet cable to the WAN port at the back of the unit. ! Connect the other end of the cable to a Cable Modem, xDSL modem or corporate network. 3. Connect the power adapter to the power socket, labeled PWR, at the back of the S-box. Plug in the AC power adapter to the wall electrical outlet.Warning - The S-box AC adapter is compatible with either 100, 120 or 230 VAC input power. Please verify that the wall outlet voltage is compatible with the voltage specified on your power supply. Failure to observe this warning may result in injuries or damage to equipment.

Figure 2 Typical Connection Diagram

26


Configuring Your S-box for Internet Connection

Configuring Your S-box for Internet ConnectionYou must configure your S-boxs Internet connection before you can access the Internet through the S-box. This is a two-step process: 1. Setting up your password 2. Configuring your Internet connection using either of the following setup tools: ! The Setup Wizard guides you through the configuration process step by step ! Advanced Setup offers advanced setup optionsNote - You have to configure your S-boxs Internet connection upon initial operation and after all reset to defaults operations.

Setting Up Your PasswordTo set up your password 1. Browse to http://my.firewall. The S-box initial login page appears.

2. Type a password both in the Password and the Confirm Password text boxes.


27


Note The password must be five to eleven characters (letters or numbers).

Note You can change your password at any time. For further information, see Changing Your Password , page 123.

3. Click OK. The SofaWare Setup Wizard opens, with the Welcome screen displayed.

4. Configure your S-boxs Internet connection by doing one of the following: ! To manually configure the connection settings, click Cancel to abort the Setup Wizard, and use Advanced Setup. For further information, see Using Advanced Setup, page 35. ! To have the Setup Wizard take you through the configuration process step by step, see Using the Setup Wizard, below.

28



Using the Setup WizardThe Setup Wizard allows you to configure your S-box for Internet connection quickly and easily through its user-friendly interface. It lets you to choose between the following three types of broadband connection methods: Local Area Network (LAN), Cable Modem, or xDSL Modem. If you prefer to use Advanced Setup, skip to Using Advanced Setup, page 35. To set up the Internet connection using the Setup Wizard 1. Click Next. The Internet Connection Method screen appears.

2. Select the Internet Connection method you wish to use for connecting to the Internet.Note If you selected DSL Modem, do not use your dial-up software to connect to the Internet.

3. Click Next.


29


Local Area Network (LAN) Settings No further settings are required for LAN connection. The Confirmation screen appears.

4. Click Next. The system attempts to connect to the Internet via the selected connection. The Connecting screen appears.

At the end of the connection process the Connected screen appears. Once connected, the wizard will prompt you to register your details (see To register your S-box now, page 132), install the product key (see To install a Product Key, page 129) and set up your subscription options (see Starting Your Subscription Services, page 79), which may vary from product to product. 5. Follow the instructions until the wizard is done, and then click Finish.

30



Cable Connection Settings If the Cable connection method is selected, the Host Name screen appears.

4. If your ISP requires a specific hostname for authentication, enter it in the Host Name text box. The ISP will supply you with the proper hostname, if required. Most ISPs do not require a specific hostname. 5. If your ISP requires the MAC address, do either of the following: ! If you know the MAC address of your computer, enter it in the MAC cloning text box OR ! Click This Computer to automatically "clone" the MAC of your computer to the S-box. A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, you may leave this field blank. 6. Click Next. The Confirmation screen appears. 7. Click Next. The system attempts to connect to the Internet. At the end of the connection process the Connected screen appears. Chapter 2: Installing and Configuring the S-box 31


Once connected, the wizard will prompt you to register your details (see To register your S-box now, page 132), install the product key (see To install a Product Key, page 129), and set up your subscription options (see Starting Your Subscription Services, page 79), which may vary from product to product. 8. Follow the instructions until the wizard is done, and then click Finish.

DSL Connection Settings If DSL connection method is selected the following screen appears.

4. Select the connection method used by your DSL provider.Note - Most xDSL providers use PPPoE. If you are uncertain regarding which connection method to use contact your xDSL provider.

5. Click Next.

32



Using PPPoE If PPPoE connection method is selected the following screen appears.

6. In the User text box, type the user name you use to access the Internet. 7. In the Password and Confirm Password text boxes, type the password you use to access the Internet. 8. In the Service text box, type your service name if required by your ISP, otherwise leave this text box empty. 9. Click Next. The system attempts to connect to the Internet via the DSL connection. At the end of the connection process the Connected screen appears. Once connected, the wizard will prompt you to register your details (see To register your S-box now, page 132), install the product key (see To install a Product Key, page 129) and set up your subscription options (see Starting Your Subscription Services, page 79), which may vary from product to product. 10. Follow the instructions until the wizard is done, and then click Finish.


33


Using PPTP If PPTP connection method is selected the following screen appears.

6. In the User text box, type your user name. 7. In the Password and Confirm Password text boxes, type your password. 8. In the Service text box, type your service name. 9. In the Server IP text box, type the IP address of the DSL modem. 10. In the Client IP text box, type the IP address required for accessing the DSL modem. 11. In the Subnet Mask text box, type the Subnet Mask of the DSL modem. 12. Click Next. The system attempts to connect to the Internet via the DSL connection. At the end of the connection process the Connected screen appears. Once connected, the wizard will prompt you to register your details (see To register your S-box now, page 132), install the product key (see To install a Product Key, page 129) and set up your subscription options (see Starting Your Subscription Services, page 79), which may vary from product to product. 13. Follow the instructions until the wizard is done, and then click Finish.

34



Using Automatic DHCP If Automatic DHCP connection method is selected, no further settings are required. The Confirmation screen appears. 6. Click Next. The system attempts to connect to the Internet via the selected connection. The Connecting screen appears. At the end of the connection process the Connected screen appears. Once connected, the wizard will prompt you to register your details (see To register your S-box now, page 132), install the product key (see To install a Product Key, page 129) and set up your subscription options (see Starting Your Subscription Services, page 79), which may vary from product to product. 7. Follow the instructions until the wizard is done, and then click Finish.

Using Advanced SetupTo configure the Internet connection using Advanced Setup 1. Click Cancel. The Welcome page appears.

2. In the Navigation Bar, click on Setup. The Internet page appears. Chapter 2: Installing and Configuring the S-box 35


3. Click on Advanced Setup. The Advanced Setup page appears.

4. From the Connection Type drop-down list, select the Internet connection you are using/intend to use. The display changes according to the connection type you selected. The following steps should be performed in accordance with the connection type you have chosen. 36 SofaWare S-box Getting Started Guide


LAN Connection 5. If your ISP requires a specific hostname for authentication, enter it in the Host Name text box. The ISP will supply you with the proper hostname, if required. Most ISPs do not require a specific hostname. 6. If your ISP requires the MAC address, do either of the following: ! If you know the MAC address of your computer, enter it in the MAC cloning text box OR ! Click This Computer to automatically "clone" the MAC of your computer to the S-box. A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, you may leave this field blank. 7. If you do not want the S-box to obtain an IP address automatically using DHCP, do the following: a. Clear the Obtain IP address automatically (using DHCP) check box.

b. In the IP Address text box, type the static IP address of your S-box. c. From the Subnet Mask drop-down list, select the Subnet mask that applies to the IP address you have entered in the previous step. d. In the Default Gateway text box, type your the IP address of the default gateway of your ISP.


37


e. In the Preferred DNS Server text box, type the Primary DNS server IP address. f. In the Alternate DNS Server text box, type the Secondary DNS server IP address. 8. If you want the S-box to obtain an IP address automatically using DHCP, but not to automatically configure DNS servers, do the following: a. Clear the Obtain DNS Servers automatically check box.

b. In the Preferred DNS Server text box, type the Primary DNS server IP address. c. In the Alternate DNS Server text box, type the Secondary DNS server IP address. 9. Click Apply.

38



Cable Connection

10. If your ISP requires a specific hostname for authentication, enter it in the Host Name text box. The ISP will supply you with the proper hostname, if required. Most ISPs do not require a specific hostname. 11. If your ISP requires the MAC address, do either of the following: ! If you know the MAC address of your computer, enter it in the MAC cloning text box OR ! Click This Computer to automatically "clone" the MAC of your computer to the S-box. A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, you may leave this field blank. 12. If you are not using automatic configuration of DNS servers, do the following: a. Clear the Obtain DNS servers automatically check box.


39


b. In the Preferred DNS Server text box, type the Primary DNS server IP address. c. In the Alternate DNS Server text box, type the Secondary DNS server IP address. 13. Click Apply. xDSL PPPoE Connection

5. In the Username text box, type your user name. 6. Type your password both in the Password and in the Confirm Password text boxes. 7. In the Service text box, type the service name as given by your ISP.

40



Note - If your ISP has not provided you with a service name, leave this text box empty.

8. The MTU text box allows you to control the maximum transmission unit size. As a general recommendation you should leave this field empty. If however you wish to modify the default MTU, it is recommended that you consult with your ISP first and use MTU values between 1300 and 1500. 9. If your ISP requires the MAC address, do either of the following: ! If you know the MAC address of your computer, enter it in the MAC cloning text box OR ! Click This Computer to automatically "clone" the MAC of your computer to the S-box. A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, you may leave this field blank. 10. If you are not using automatic configuration of DNS servers, do the following: a. Clear the Obtain DNS servers automatically check box.

b. In the Preferred DNS Server text box, type the Primary DNS server IP address.


41


c. In the Alternate DNS Server text box, type the Secondary DNS server IP address. 11. Click Apply. xDSL PPTP Connection

5. In the Username text box, type your user name. 6. Type your password both in the Password and in the Confirm Password text boxes. 7. In the Service text box, type the service name as given by your ISP. 8. In the Server IP text box, type the IP address of the PPTP server as given by your ISP. 9. In the Client IP text box, type the IP address of the PPTP client as given by your ISP. 10. From the Subnet Mask drop-down list, select the PPTP client subnet as given by your ISP. 11. The MTU text box allows you to control the maximum transmission unit size. As a general recommendation you should leave this field empty. If however you wish to modify the default MTU, it is recommended that you consult with your ISP first and use MTU values between 1300 and 1500. 12. If your ISP requires the MAC address, do either of the following: ! If you know the MAC address of your computer, enter it in the MAC cloning text box OR 42 SofaWare S-box Getting Started Guide


Click This Computer to automatically "clone" the MAC of your computer to the S-box. A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, they will instruct you to enter the MAC address. Otherwise, you may leave this field blank. 13. If you are not using automatic configuration of DNS servers, do the following: a. Clear the Obtain DNS servers automatically check box.

!

b. In the Preferred DNS Server text box, type the Primary DNS server IP address. c. In the Alternate DNS Server text box, type the Secondary DNS server IP address. 14. Click Apply.


43


44


Logging on to the SofaWare Safe@ Portal

Chapter 3

Getting StartedThis chapter contains all the information you need in order to get started using your S-box.

Logging on to the SofaWare Safe@ PortalLogin is performed differently depending on the S-box software configuration you are using.Note In order to log on through HTTPS, you must first access the S-box through HTTPS. For further information see Accessing the SofaWare Safe@ Portal through HTTPS, page 48.

Logging on with SofaWare Safe@Home or SofaWare Safe@Home Pro

This task can only be performed using SofaWare Safe@Home or SofaWare Safe@Home Pro.

To log on to the SofaWare S-box Portal 1. Do one of the following: ! Browse to http://my.firewall. Or ! To log on through HTTPS, follow the procedure Accessing the SofaWare Safe@ Portal through HTTPS, page 48. The S-box login page appears.

Chapter 3: Getting Started

45


2. Type in your password. 3. Click OK. The Welcome page appears.

46



Logging on with SofaWare Safe@OfficeThis task can only be performed using SofaWare Safe@Office.

To log on to the SofaWare S-box Portal 1. Do one of the following: ! Browse to http://my.firewall. Or ! To log on through HTTPS, follow the procedure Accessing the SofaWare Safe@ Portal through HTTPS, page 48. The S-box login page appears.

2. Type in your username and password. 3. Click OK. The Welcome page appears.


47

Accessing the SofaWare Safe@ Portal through HTTPS

Accessing the SofaWare Safe@ Portal through HTTPSYou can access the SofaWare Safe@ Portal through HTTPS either remotely (through the Internet) or from your internal network. HTTPS is a protocol for accessing a secure Web server. It is used to transfer confidential user information, since it encrypts data and utilizes a secure port.Note In order to access the SofaWare Safe@ Portal through the Internet, you must first configure HTTPS using the procedure Configuring HTTPS, page 58.

To access the SofaWare Safe@ Portal from your internal network Browse to https://my.firewall. (Note that the URL starts with https, not http.) The SofaWare Safe@ Portal appears. To access the SofaWare Safe@ Portal through the Internet Browse to https://:981. (Note that the URL starts with https, not http.) The following things happen in the order below: ! If this is your first attempt to access the SofaWare Safe@ Portal through HTTPS, the certificate in the S-box is not yet known to the browser, so the Security Alert dialog box appears. To avoid seeing this dialog box again, install the certificate of the destination S-box. If you are using Internet Explorer 5, do the following: 1) Click View Certificate. The Certificate dialog box appears, with the General tab displayed. 2) Click Install Certificate. The Certificate Import Wizard opens. 3) Click Next. 4) Click Next. 5) Click Finish. 6) Click Yes. 7) Click OK. The Security Alert dialog box reappears. 8) Click Yes. ! The SofaWare Safe@ Portal appears. 48 SofaWare S-box Getting Started Guide

Using the SofaWare Safe@ Portal

Using the SofaWare Safe@ PortalThe SofaWare Safe@ Portal is a web-based management interface, which enables you to manage and configure the S-box operation and options. The SofaWare Safe@ Portal consists of three major elements: The Navigation Bar used for navigating between the various menus and options (e.g. Reports, Security, Setup etc.) The Main Frame displays the relevant information and controls related to the selected topic. The Status Bar shows your Internet connection and managed services status as well as your current services plan.

Navigation Bar

Main Frame

Status Bar

Figure 3 SofaWare Safe@ Portal

Navigation BarThe Navigation Bar includes the following main menus: Welcome displays the welcome information Reports provides reporting capabilities in terms of event logging, established connections, and active computers Security provides controls and options for setting the security of any computer in the network Services allows you to control your subscription to SofaWare Managed Services Chapter 3: Getting Started 49

Using the SofaWare Safe@ Portal

Setup lets you manage and configure your Internet connections Password lets you set your password. This main menu only appears in Safe@Home and Safe@Home Pro. Users lets you manage S-box users. This main menu only appears in SofaWare Safe@Office. VPN lets you manage, configure, and log on to VPN sites. This main menu only appears in SofaWare Safe@Home Pro and SofaWare Safe@Office. Help provides context-sensitive on-line help Logout allows you to log off of the SofaWare Safe@ Portal

Main FrameThe Main Frame displays the relevant data and controls pertaining to the menu and tab you select. These elements sometimes differ depending on whether you are using SofaWare Safe@Home, SofaWare Safe@Home Pro, or SofaWare Safe@Office. The differences are described throughout this guide.

Status BarThe Status Bar, located at the bottom of each page, displays information regarding the following: Internet your Internet connection status which may be one of the following: ! Connected The S-box is connected to the Internet. ! Not Connected The Internet connection is down. ! Establishing Connection The S-box is connecting to the Internet. ! Contacting Gateway The S-box is trying to contact the Internet default gateway. Service Center your Service Center may offer various subscription services. These include the firewall service, and optional services such as parental control and e-mail virus scanning. The following lists the security services status: ! Not Subscribed You are not subscribed to security services. ! Connection Failed The Internet connection is down. ! Connecting The S-box is connecting to the Service Center.

50


Logging off

! Connected You are connected to the Service Center, and security services are active.

Logging offLogging off terminates your administration session. Any subsequent attempt to connect to the SofaWare Safe@ Portal will require re-entering of the administration password. To log off of the SofaWare Safe@ Portal If you are connected locally, in the Navigation Bar, click Logout. The Logout screen appears.

If you are connected through HTTPS, close the browser window.


51

Logging off

52


Viewing Network Activity Information

Chapter 4

Managing Your NetworkYou can manage and configure your network connection and settings, and view information on the connection in terms of status, connection duration, and activity.

Viewing Network Activity InformationYou can view information regarding your networks setup and activity. To view network activity information In the Navigation Bar click on Setup. The Internet page appears displaying a brief view of the network activity and status.

The following information is displayed: ! Connection provides information on the connection status and the connection duration, if it is active ! Activity details the amount of data packets sent and received in the active connection ! Internet provides information on the users IP and MAC addresses as well the connection mode used Chapter 4: Managing Your Network 53

Configuring Network Settings

Configuring Network SettingsWarning These are advanced settings. Do not change them unless it is necessary and you are qualified to do so.

Note If you change the network settings to incorrect values and are unable to correct the error, you can reset the S-box to its default settings. See Resetting the S-box to factory defaults, page 141.

Enabling/Disabling the DHCP ServerBy default, the S-box operates as a DHCP (Dynamic Host Configuration Protocol) server. This allows the S-box to automatically configure all the devices on your network with their network configuration details. If you have another DHCP server configured in your network, you must disable the S-box DHCP server. Otherwise, it is highly recommended to leave this setting enabled. To enable/disable the DHCP server 1. In the Navigation Bar, click on Setup. The Internet page appears. 2. In the Setup submenu, click on My Network. The My Network page appears.

54



When using Safe@Office, the My Network page appears as follows:

3. In the DHCP Server list, select Enabled or Disabled. 4. Click Apply. ! If you chose to disable the DHCP server, the DHCP server is disabled. ! If you chose to enable the DHCP server, it is enabled. 5. If you dont have another DHCP server in your network, and your computers were originally configured differently, do the following: ! Reconfigure all the devices on your network. ! Disable the Obtain IP address automatically (using DHCP) setting in the TCP/IP settings. For information on configuring TCP/IP, see TCP/IP Settings, page 18.

Changing IP AddressesIf desired, you can change your S-boxs internal IP address. Using Safe@Office, you can also change the entire range of IP addresses in your internal network. You may want to perform these tasks if, for example, you are adding the S-box to a large existing network and don't want to change that networks IP address range, or if you are using a DHCP server other than the S-box, that assigns addresses within a different range.

Chapter 4: Managing Your Network

55


Warning If you change the S-box internal IP address, you may have to manually change the network interface TCP/IP setting when using static IP, or renew the DHCP lease when using Dynamic IP. Otherwise, you may not have access to the SofaWare Safe@ Portal or to the Internet.

To change IP addresses 1. In the Navigation Bar, click on Setup. The Internet page appears. 2. In the Setup submenu, click on My Network. The My Network page appears. 3. To change the S-boxs internal IP address, enter the new IP address in the S-box LAN IP field. 4. To change the internal network range, enter new a new value in the LAN Subnet Mask field.Note The internal network range is defined both by the S-boxs internal IP address and by the subnet mask. For example, if the S-boxs internal IP address is 192.168.100.7, and you set the subnet mask to 255.255.255.0, the networks IP address range will be 192.168.100.1 192.168.100.254.

5. To reset the network to its default settings, click Default. The internal network range is 192.168.10.*, and DHCP and NAT are enabled. 6. Click Apply. A warning message appears. 7. Click OK. The S-box internal IP address and/or the internal network range are changed. 8. Do one of the following: ! If your computer is configured to obtain its IP address automatically (using DHCP), and the S-box DHCP server is enabled, restart your computer. Your computer obtains an IP address in the new range. ! Otherwise, manually reconfigure your computer to use the new address range using the TCP/IP settings. For instructions, see TCP/IP Settings, page 18.

56


Changing the Internet Connection Configuration

Enabling/Disabling NATNAT can be disabled only in SofaWare Safe@Office.

Network Address Translation (NAT) enables you to share a single IP address among several computers.Note If NAT is disabled, you must obtain a range of IP addresses. NAT is enabled by default.

To enable/disable NAT 1. In the Navigation Bar, click on Setup. The Internet page appears. 2. In the Setup submenu, click on My Network. The My Network page appears. 3. From the NAT list, select Enabled or Disabled. 4. Click Apply. ! If you chose to disable NAT, it is disabled. ! If you chose to enable NAT, it is enabled.

Changing the Internet Connection ConfigurationYou can reconfigure your S-boxs Internet connection at any time. For further information, see Configuring Your S-box for Internet Connection, page 27.

Using Quick Internet Connection/DisconnectionBy clicking the Connect or Disconnect button (depending on the connection status) on the Internet page, you can establish a quick Internet connection using the currently selected connection type. In the same manner, you can terminate the active connection.


57

Configuring HTTPS

Configuring HTTPSYou can enable S-box users to remotely access the SofaWare Safe@ Portal through the Internet. To do so, you must first configure HTTPS. To configure HTTPS 1. In the Navigation Bar, click on Setup. The Internet page appears. 2. In the Setup submenu, click on HTTPS. The HTTPS Configuration page appears.

3. Do one of the following: ! To disable remote HTTPS capability, select Disabled.Note You can use HTTPS to access the SofaWare Safe@ Portal from your internal network even if Remote HTTPS is disabled, by surfing to https://my.firewall.

! !

To allow access to the SofaWare Safe@ Portal from a particular range of IP addresses, select Allow from this IP address range only and enter the desired IP address range in the fields provided. To allow access to the SofaWare Safe@ Portal from any IP address, select Allow from any IP address.Warning If HTTPS is enabled, your S-box settings can be changed remotely, so make sure all S-box users passwords are unguessable.

58


Static Routes

4. Click Apply. The HTTPS configuration is saved. You can now access the SofaWare Safe@ Portal through the Internet, using the procedure Accessing the SofaWare Safe@ Portal through HTTPS, page 48.

Static RoutesStatic Routes are applicable only for SofaWare Safe@Office.

Note - It is generally not necessary to specify static routes. Only define static routes if it is required.

A static route is a setting that explicitly specifies the route for packets destined for a certain subnet. Packets with a destination that does not match any defined static route will be routed to the default gateway. All systems have a default gateway that cannot be deleted. To modify the default gateway, see LAN Connection, page 37. The Static Routes page lists all existing routes, including the default, and indicates whether each route is currently "Up", or reachable, or not.

Adding a Static RouteThis task can only be performed using SofaWare Safe@Office.

To add a static route 1. In the Navigation Bar click on Setup. The Setup page appears. 2. In the Setup submenu, click Static Routes. The Static Routes page appears, with a listing of existing static routes.


59

Static Routes

3. Click New Route. The Edit Route page appears.

4. Complete the fields using the information in Table 1, page 61. 5. Click Apply. The new static route is saved.

60


Static Routes

Table 1: Edit Route Page FieldsIn this field Do this Example

Destination Network Subnet Mask

Enter the network address of the destination network. Select the subnet mask from the drop-down list.

62.91.32.0

255.255.255.0

Gateway IP

Enter the IP address of the gateway (next hop router) to which to route the packets destined for this network.

212.150.10.1

Viewing and Editing Static RoutesThis task can only be performed using SofaWare Safe@Office.

To edit a static route 1. In the Navigation Bar click on Setup. The Setup page appears. 2. In the Setup submenu, click Static Routes. The Static Routes page appears, with a listing of existing static routes.


61

Static Routes

3. In the desired route row, click Edit. The Edit Route page appears displaying the destination network, subnet mask, and gateway IP of the selected route. 4. To edit the route details, do the following: a. Edit the fields using Table 1, page 61. b. Click Apply. The changes are saved. 5. To return to the Users page without making any changes, click Cancel.

Deleting a Static RouteThis task can only be performed using SofaWare Safe@Office.

Note The default route cannot be deleted.

62


Static Routes

To delete a static route 1. In the Navigation Bar, click Setup. The Setup page appears. 2. In the Setup submenu, click Static Routes. The Static Routes page appears, with a listing of existing static routes. 3. In the desired route row, click the Delete A confirmation message appears. 4. Click OK. The route is deleted. icon.


63

Static Routes

64


Viewing the Event Log

Chapter 5

Viewing ReportsThe SofaWare Safe@ Portal lets you view reports on the following: Network activity Currently active network connections Currently active computers

Viewing the Event LogYou can track network activity using the event log. The event log displays the last 100 events in three different categories as follows: Events highlighted in blue indicate changes in your setup that you have made yourself or as a result of a security update implemented by your Service Center. Events highlighted in red indicate connection attempts that were blocked by your firewall. Events highlighted in orange indicate attempts that were blocked by your custom security rules. The logs detail the date and the time the event occurred, and its type. If the event is a communication attempt that was rejected by the firewall, the event details will include the source and destination IP address, the destination port, and the protocol used (TCP, UDP, etc.) for the communication attempt.

Chapter 5: Viewing Reports

65

Viewing the Event Log

To view the event log In the Navigation Bar click on Reports. The Event Log page appears.

You can do any of the following: ! Click the Refresh button to refresh the display. ! Click the Clear button to clear all events. ! If an event is highlighted in red, indicating a blocked attack on your network, you can display the attackers details, by clicking on the IP address of the attacking machine. The S-box queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information. This information is useful in tracking down hackers.

66


Viewing Connections

Viewing ConnectionsThis option allows you to view the currently active connections between your network and the external world. The active connections are displayed as a list, specifying source IP address, destination IP address and port, and the protocol used (TCP, UDP, etc.). To view the active connections 1. In the Navigation Bar click on Reports. The Event Log page appears. 2. In the Reports submenu click on Active Connections. The Active Connections page appears.

You can do the following: ! Click the Refresh button to refresh the display. ! To view information on the destination machine, click on its IP address. The S-box queries the Internet WHOIS server, and a window displays the name of the entity to whom the IP address is registered and their contact information.


67

Viewing Computers

Viewing ComputersThis option allows you to view the currently active computers on your network. The active computers are graphically displayed, each with its name, IP address, and settings (DHCP, Static, etc.). You can also view node limit information. To view the active computers 1. In the Navigation Bar click on Reports. The Event Log page appears. 2. In the Reports submenu click on Active Computers. The Active Computers page appears.

If you are exceeding the maximum number of computers allowed by your license, a warning message appears, and the computers over the node limit are marked in red. These computers may not be able to access the Internet through the S-box.Note To increase the number of computer allowed by your license, you must upgrade your product. For further information, see Upgrading Your Software Product, page 127.

If desired, you can click the Refresh button to refresh the display.

68


Viewing Computers

3. To view node limit information, do the following: a. Click Node Limit. The Node Limit window appears with installed software product and the number of nodes used.

b. Click Close to close the window.


69

Viewing Computers

70


Setting the Firewall Security Level

Chapter 6

Setting Your S-box Security PolicyThe SofaWare Safe@ Portal lets you control all security issues including: controlling the firewall security level, controlling incoming network traffic, allowing or blocking specific ports and IP addresses or even setting up your computer or one of your network computers as a Demilitarized Zone (DMZ) station. You can also subscribe to services such as Web Filtering and E-mail virus scanning. For information on these services and the subscription process, see Using Subscription Services, page 79.

Setting the Firewall Security LevelThe firewall security level can be controlled using a simple lever available on the Firewall page. This lever has three states: Low security enforces basic control on incoming connections, while permitting all outgoing connections Medium security enforces strict control on all incoming connections, while permitting safe outgoing connections High security enforces strict control on all incoming and outgoing connections Medium security is the default level and is recommended for most cases. Leave it unchanged unless you have a specific need for a higher/lower security level. To change the firewall security level 1. In the Navigation Bar click on Security. The Firewall page appears.

Chapter 6: Setting Your S-box Security Policy

71

Configuring Virtual Servers

2. Drag the security lever to the desired level. The S-box security level changes accordingly.

Configuring Virtual ServersNote - If you do not intend to host any public Internet servers (Web Server, Mail Server etc.) in your network, you can skip this section.

Using the SofaWare Safe@ Portal, you can selectively allow incoming network connections into your network. For example, you can set up your own Web server, Mail server or even an FTP server. To allow a service to be run on a host 1. In the Navigation Bar click on Security. The Firewall page appears. 2. Click on the Servers tab. The Virtual Servers page appears, displaying a list of services and a host IP address for each allowed service.

72


Configuring Virtual Servers

When using SofaWare Safe@Office, the page contains a VPN Only column:

3. In the Allow column, select the check box of the desired service or application. If you are using SofaWare Safe@Office, the appropriate check box in the VPN Only column is enabled.


73

Creating Rules

4. To allow only connections made through a VPN, select the VPN Only check box. 5. In the Host IP text box of the selected service or application type the IP address of the computer that will run the service (one of your network computers) or click the corresponding This Computer button to allow your computer to host the service. 6. Click Apply. A success message appears, and the selected computer is allowed to run the desired service or application. To stop a certain service from running on a specific host 1. In the Navigation Bar click on Security. The Firewall page appears. 2. Click on the Servers tab. The Virtual Servers page appears, displaying a list of services and a host IP address for each allowed service. 3. In the desired service or applications row, click Clear. The Host IP text box of the desired service is cleared. 4. Click Apply. The service or application for the specific host is not allowed.

Creating RulesThe SofaWare S-box checks the protocol used, the ports range and destination IP address when deciding whether to allow or block traffic. User defined rules have priority over the default rules. By default, in the "Medium" security level, the S-box blocks all connection attempts from the Internet (WAN) to the LAN, and allows all outgoing connection attempts from the LAN to the Internet (WAN).

Allow and Block RulesThe Allow/Block Rules provide you with greater flexibility in defining and customizing your security policy. You can allow additional inbound services not on the Virtual Servers list, or block outbound communications, for specific port ranges and protocols. If you wish to permit incoming access from the Internet to your internal network, for specific port ranges and protocols, you must create a new Allow rule. If you wish to block outgoing access from your internal network to the 74 SofaWare S-box Getting Started Guide

Creating Rules

Internet, for specific port ranges and protocols, you must create a new Block rule. To create a new rule 1. In the Navigation Bar click on Security. The Firewall page appears. 2. Click the Allow tab to create a new Allow rule or click the Block tab to create a new Block rule. Depending on the tab you chose, either the Allow Rules page appears...

...or the Block Rules page appears


75

Creating Rules

Note When using SofaWare Safe@Home or SofaWare Safe@Home Pro, the Allow Rules page does not contain a VPN Only column, and the Block Rules page does not contain an Also VPN column.

3. To specify the port range to which the rule applies, in the Ports column, type the start port number in the left text box, and the end port number in the right text box.Note If you do not enter a port range, the rule will apply to all ports. If you enter only one port number, the range will be open-ended.

4. From the Protocol drop-down list, select the protocol (TCP, UDP, or ANY) for which you wish to create a rule. 5. In the Internet IP text box, do one of the following: ! If you are creating an Allow rule, type the Internet IP address that should be allowed to access the defined ports of a specific computer inside your network. ! If you are creating a Block rule, type the Internet IP address whose defined ports should not be accessible from a specific computer inside your network.Note When in No-NAT mode, you can leave the Internet IP field empty. The rule will then apply to the entire Internet. When creating Allow rules in NAT mode, you must provide an IP address. This way the S-box knows to which computer to forward incoming connections. On the other hand, when defining Block rules in NAT mode, you can leave the Internet IP field empty, which will result in S-box blocking outgoing Internet connections of all computers in the local network on the specified ports.

6. In the Home IP text box, do one of the following: ! If you are creating an Allow rule, type the IP address of the computer inside your network, to which the specified Internet IP address should be allowed access. ! If you are creating a Block rule, type the IP address of the computer inside your network, for which access to the specified Internet IP address should be blocked. Alternatively, you can specify your computer, by clicking This Computer. 7. In the Allow Rules page, select the VPN Only check box to allow only connections made through a VPN.

76


Creating Rules

8. In the Block Rules page, select the Also VPN check box if you want the rule to apply not only to the Internet but to the VPN as well. 9. Click Add. The new rule is added to the list of rules. To delete an existing rule 1. In the Navigation Bar click on Security. The Firewall page appears. 2. Click the Allow tab to delete an Allow rule or click the Block tab to delete a Block rule. The Allow/Block Rules page appears. 3. Click the icon of the rule you wish to delete. A confirmation message appears. 4. Click OK. The rule is deleted.

Demilitarized Zone (DMZ)The SofaWare S-box allows you to define a DMZ, i.e. define a computer that is not protected by the firewall. This is useful for setting up a public server. It will allow unlimited incoming and outgoing connections between the Internet and that computer.Warning - Entering an IP address may make the designated computer vulnerable to hacker attacks. Defining a DMZ is not recommended unless you are fully aware of the security risks.

To define a computer as DMZ 1. In the Navigation Bar click on Security. The Firewall page appears. 2. Click the DMZ tab. The DMZ IP Address page appears.


77

Creating Rules

3. In the DMZ IP Address text box, type the IP address of the computer you wish to define as DMZ. Alternatively, you can click This Computer to define your computer as DMZ. 4. Click Apply. The selected computer is now defined as DMZ.

78


Starting Your Subscription Services

Chapter 7

Using Subscription ServicesSubscription services offer valuable features, such as automatic software and security policy updates, content filtering, e-mail virus scanning, and remote logging. Check with your S-box provider regarding availability of these services, or surf to www.sofaware.com/subscriptions to locate your nearest Service Center.

Starting Your Subscription ServicesThis option allows you to configure and start your services subscription, which can include policy and firmware updates, E-mail Anti Virus scanning, and Web Filtering. To start your subscription 1. In the Navigation Bar, click Services. The Account page appears.

2. In the Service Account area, click Connect.

Chapter 7: Using Subscription Services

79


The Setup Wizard opens, with the first Subscription Services dialog box displayed.

3. Make sure the I wish to connect to a Service Center check box is selected. 4. Do either of the following: ! To connect to the SofaWare Service Center, select usercenter.sofaware.com. ! To specify a Service Center, do the following: 1) Select Specified. 2) In the Specified text box, enter the desired Service Centers IP address, as given to you by the Service Center. 5. Click Next. The Connecting screen appears. The second Subscription Services dialog box appears.

80



6. Enter your gateway ID and registration key in the appropriate fields, as given to you by your service provider. 7. Click Next. The Connecting screen appears. The third Subscription Services dialog box appears with a list of services to which you are subscribed.


81


8. Click Next. The final Subscription Services dialog box appears with a success message.

9. Click Finish. The following things happen: ! If a new firmware was installed, the S-box is restarted. ! The services to which you are subscribed are now available on your S-box and listed as such on the Account page. See Viewing Services Information, page 83 for further information.

!

The Services submenu includes the services to which you are subscribed. SofaWare S-box Getting Started Guide

82

Viewing Services Information

Viewing Services InformationThe Account page Service Status area lists the services available in your service plan. The following information is displayed for each service: Name the services name Subscription the status of your subscription to the service (Subscribed or Not Subscribed) Status the status of the service: ! Connected You are connected to the service through the Service Center. ! N/A The service is not available. ! Mode the mode to which the service is set. The service mode is influenced by the S-box management (local or remote). For further information, see Web Filtering, page 84, Virus Scanning, page 87, and Automatic and Manual Updates, page 91.

Canceling Subscription ServicesIf desired, you can cancel your subscription to the services provided by your Service Center. To cancel your subscription 1. In the Navigation Bar, click Services. The Account page appears. 2. In the Service Account area, click Connect. The Setup Wizard opens, with the first Subscription Services dialog box displayed. 3. Clear the I wish to connect to a Service Center check box. 4. Click Next. The final Subscription Services dialog box appears with a success message. 5. Click Finish. The following things happen: ! You are disconnected from the Service Center. ! The services to which you were subscribed are no longer available on your S-box.


83

Web Filtering

Web FilteringWhen enabled, access to Web content is restricted according to the categories specified under Allow Categories. Adult users will be able to view Web pages with no restrictions, only after they have provided the administrator password via the Web Filtering pop-up window.

Enabling/Disabling Web Filtering When Locally ManagedTo enable/disable Web Filtering when locally managed 1. In the Navigation Bar click on Services. The Account page appears. 2. In the Services submenu, click Web Filtering. The Web Filtering page appears.

3. Drag the On/Off lever upwards or downwards. Web Filtering is enabled/disabled for all internal network computers.

84


Web Filtering

Selecting Categories for BlockingYou can define which types of web sites should be considered appropriate for your family or office members, by selecting the categories. Categories marked will remain visible, while categories marked with will be blocked with and will require the administrator password for viewing.Note If you are remotely managed, contact your Service Center to change these settings.

To allow/block a category 1. In the Allow Categories area, click 2. Click Apply.

or

next to the desired category.

Temporary Disable for Web Filtering When Remotely ManagedIf the S-box is remotely managed, this service can be remotely controlled by your Service Center. If desired, you can temporarily disable the Web Filtering service, temporarily disabling it. To temporarily disable Web Filtering when remotely managed 1. In the Navigation Bar click on Services. The Account page appears. 2. In the Services submenu, click Web Filtering. The Web Filtering page appears.Note The On/Off lever and Allow Categories area on this page are read-only. Contact your Service Center to change these settings.

If the service is enabled, the On/Off lever is set to On.


85

Web Filtering

4. Click Snooze. ! Web Filtering is temporarily disabled for all internal network computers. ! The Snooze button changes to Resume.

!

The Web Filtering Off popup window opens.

86


Virus Scanning

3. To re-enable the service, click Resume, either in the popup window, or on the Web Filtering page. ! The service is re-enabled for all internal network computers. ! The Resume button changes to Snooze. ! If the Web Filtering Off popup window was open, it closes.

Virus ScanningEnabling this option will result in automatic scanning of your e-mail for the detection and elimination of all known viruses and vandals.

Enabling/Disabling E-mail Anti Virus When Locally ManagedTo enable/disable E-mail Anti Virus when locally managed 1. In the Navigation Bar click on Services. The Account page appears. 2. In the Services submenu, click E-mail Anti Virus. The E-mail Anti Virus page appears.


87

Virus Scanning

3. Drag the On/Off lever upwards or downwards. E-mail Anti Virus is enabled/disabled for all internal network computers.

Selecting Protocols for ScanningIf you are locally managed, you can define which protocols should be scanned for viruses: E-mail retrieving (POP3) if enabled, all incoming e-mail in the POP3 protocol will be scanned E-mail sending (SMTP) if enabled, all outgoing e-mail will be scanned Protocols marked with will be scanned, while those marked with will not.Note If you are remotely managed, contact your Service Center to change these settings.

To enable virus scanning for a protocol 1. In the Protocols area, click or next to the desired protocol. 2. Click Apply.

88


Virus Scanning

Temporary Disable for E-mail Anti Virus When Remotely ManagedIf the S-box is remotely managed, this service can be remotely controlled by your Service Center. If you are having problems sending or receiving e-mail you can temporarily disable the E-mail Anti Virus service. To temporarily disable E-mail Anti Virus when remotely managed 1. In the Navigation Bar click on Services. The Account page appears. 2. In the Services submenu, click E-mail Anti Virus. The E-mail Anti Virus page appears.Note The On/Off lever and Protocols area on this page are read-only. Contact your Service Center to change these settings.

If the service is enabled, the On/Off lever is set to On.

3. Click Snooze. ! E-mail Anti Virus is temporarily disabled for all internal network computers. ! The Snooze button changes to Resume.


89

Virus Scanning

!

The E-mail Anti Virus Off popup window opens.

4. To re-enable the service, click Resume, either in the popup window, or on the E-mail Anti Virus page. ! The service is re-enabled for all internal network computers. ! The Resume button changes to Snooze. ! If the E-mail Anti Virus Off popup window was open, it closes.

90


Automatic and Manual Updates

Automatic and Manual UpdatesIf you are subscribed to Software Updates, you can check for new security and software updates.

Checking for Software Updates When Locally ManagedIf your S-box is locally managed, you can set it to automatically check for software updates, or you can set it so that software updates must be checked for manually. To configure software updates when locally managed 1. In the Navigation Bar, click Services. The Account page appears. 2. Click on the Software Updates tab. The Software Updates page appears.

3. To set the S-box to automatically check for and install new software updates, drag the Automatic/Manual lever upwards. The S-box checks for new updates and installs them according to its schedule.Note When the Software Updates service is set to Automatic, you can still manually check for updates. See step 5.


91

Automatic and Manual Updates

4. To set the S-box so that software updates must be checked for manually, drag the Automatic/Manual lever downwards. The S-box does not check for software updates automatically. 5. To manually check for software updates, click Update Now. The system checks for new updates and installs them.

Checking for Software Updates When Remotely ManagedIf your S-box is remotely managed, it automatically checks for software updates and installs them without user intervention. However, you can still check for updates manually, if needed. To manually check for security and software updates 1. In the Navigation Bar, click Services. The Account page appears. 2. Click on the Software Updates tab. The Software Updates page appears.

3. Click Update Now. The system checks for new updates and installs them.

92


Refreshing Your Service Center Connection

Refreshing Your Service Center ConnectionThis option reconnects you to your Service Center and refreshes your S-box services settings. To refresh your Service Center connection 1. In the Navigation Bar, click Services. The Account page appears. 2. In the Service Account area, click Refresh. The S-box reconnects to the Service Center. Your service settings are refreshed.

Configuring Your AccountThis option allows you to access your Service Center web site, which offers additional configuration options for your account. To configure your account 1. In the Navigation Bar, click Services. The Account page appears. 2. In the Service Account area, click Configure.Note If no additional settings are available from your Service Center, this button will not appear.

Your Service Center web site opens. 3. Follow the on-screen instructions.


93

Configuring Your Account

94


Adding and Editing VPN Sites using SofaWare Safe@Home Pro

Chapter 8

Working With VPNsA virtual private network (VPN) consists of at least one VPN server or gateway, and several VPN clients. A VPN server makes the corporate network remotely available to authorized users, such as employees working from home, who connect to the VPN server using VPN clients. A VPN gateway can be connected to another VPN gateway

sbox manual

Documents

sofaware safehome

sofaware safeofficethis

safehome pro

digit identifier

sofaware safehome

resolving

confirmation

sofaware safe