UTM-1

Getting Started Guide

702365 January 21, 2007

 2003-2007 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: 2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications. For third party notices, see: THIRD PARTY TRADEMARKS AND COPYRIGHTS.

Contents
Chapter 1 Introduction
Welcome................................................................................... 7 UTM-1Overview ......................................................................... 9 Shipping Carton Contents ......................................................... 10 Terminology ............................................................................ 11

Chapter 2 Getting Started

Configuring UTM-1 .................................................................. 14 The Configuration Workflow ............................................. 14 Step 1: Installing UTM-1in the Rack ................................ 14 Step 2: Identifying the Default Management Interface........ 15 Step 3: Connecting the Cables and Power On .................... 15 Step 4: Advanced Initial Configuration.............................. 16 Step 5: Installing the SmartConsole GUI Clients ................ 22 Step 6: First Time Login to UTM-1 ................................... 22 Step 7: Configure and Install Security Policy ..................... 23 Create a New Policy Package ........................................... 23 Define a Host ................................................................. 23 Define a Network ............................................................ 24 Create the Rule Base....................................................... 25 Enable Anti Virus Scanning.............................................. 26 To Install a Policy Package .............................................. 26 Restoring Factory Defaults ........................................................ 28 Restoring Factory Defaults using the WebUI ...................... 28 Restoring Factory Defaults using the Hyperterminal Console 28 USB DiskOn Key............................................................. 30

Advanced Configuration ............................................................31 LED ........................................................................................32

Chapter 3 Registration and Support

Registration .............................................................................34 Support...................................................................................35 Where To From Here? ...............................................................36

Index ................................................................... 43

Chapter Introduction
In This Chapter
Welcome UTM-1Overview Shipping Carton Contents Terminology

1
page 7 page 9 page 10 page 11

Welcome
Thank you for choosing Check Points Internet Security Product Suite. We hope that you will be satisfied with this solution and our support services. Check Point products provide your business with the most up to date and secure solutions available today. Check Point also delivers worldwide technical services including educational, professional and support services through a network of Authorized Training Centers, Certified Support Partners and Check Point technical support personnel to ensure that you get the most out of your security investment. For additional information on the NGX Internet Security Product Suite and other security solutions, refer to: http://www.checkpoint.com or call Check Point at 1(800) 829-8391. For additional technical information, refer to: http://support.checkpoint.com.

Welcome Welcome to the Check Point family. We look forward to meeting all of your current and future network, application and management security needs.

UTM-1Overview

UTM-1Overview
Check Point UTM-1 delivers integrated unified threat management to protect your organization from today's emerging threats. Based on proven Check Point security technologies such as Stateful Inspection, Application Intelligence, and SMART (Security Management Architecture), UTM-1 provides simplified deployment and management while delivering uncompromising levels of security. This document provides: A brief overview of essential UTM-1 concepts and features. A step by step guide to getting UTM-1 up and running.

Chapter 1

Introduction

Shipping Carton Contents

Shipping Carton Contents

This section describes the contents of the shipping carton. Table 1-1 Item Appliance Rack Mounting Accessories Cables Contents of the Shipping Carton Description A single UTM-1. Hardware mounting kit. 1 Power cable 1 Network standard cable 1 Serial console cable

CD

Includes the following: SmartConsole Management Software Getting Started Guide User Guide VPN-1 NGX R62 documentation Used for restoring factory defaults. Certification data sheet and user license agreement.

USB DiskOn Key Certifications, Regulations and Documentation

10

Terminology

Terminology
The following UTM-1 terms are used throughout this chapter: Gateway: The VPN-1 engine that enforces the organizations security policy and acts as a security enforcement point. Security Policy: The policy created by the system administrator that regulates the flow of incoming and outgoing communication. SmartCenter Server: The server used by the system administrator to manage the security policy. The organizations databases and security policies are stored on the SmartCenter server and downloaded to the gateway. SmartConsole: GUI applications that are used to manage various aspects of security policy enforcement. For example, SmartView Tracker is a SmartConsole application that manages logs. SmartDashboard: A SmartConsole GUI application that is used by the system administrator to create and manage the security policy. Locally Managed Deployment: When all Check Point components responsible for both the management and enforcement of the security policy (the SmartCenter server and the gateway) are installed on the same machine. Centrally Managed Deployment: When the gateway and the SmartCenter server are installed on separate machines.

Chapter 1

Introduction

11

Terminology

12

Chapter Getting Started

In This Chapter:
Configuring UTM-1 Restoring Factory Defaults Advanced Configuration LED

2
page 14 page 28 page 31 page 32

This chapter contains information related to configuring UTM-1 using the First Time Wizard.

13

Configuring UTM-1

Configuring UTM-1
The Configuration Workflow
To configure UTM-1, follow a few simple steps: 1. 2. 3. 4. 5. 6. 7. Install UTM-1 onto the rack. Identify the default management interface. Connect the cables and power on. Advanced initial configuration. Install the SmartConsole GUI clients. Login to SmartDashboard and compare fingerprint. Configure and install security policy.

Step 1: Installing UTM-1in the Rack

Install the system in the rack with the network ports facing the front of the rack.

14

Configuring UTM-1 Figure 2-1 Installing UTM-1

Step 2: Identifying the Default Management Interface

Identify the default management interface marked as Internal. This interface is preconfigured with the IP address 192.168.1.1.

Step 3: Connecting the Cables and Power On

1. 2. Connect the power cable. Connect the standard cable to the internal port and to the PC.

Chapter 2

Getting Started

15

Configuring UTM-1 3. On the back panel, turn on the Power button to start the appliance.

Step 4: Advanced Initial Configuration

1. Connect to the administration interface by connecting from a machine on the same network subnet (e.g., with IP address 192.168.1.x and netmask 255.255.255.0) to the administration interface via the LAN cable. This can be changed later through the administration interface. To access the administration interface, initiate a connection from a browser to the default administration IP address: https://192.168.1.1:4434.

2.

Note - Pop-ups must always be allowed on https://<appliance_ip_address>. 3. The login page appears (Figure 2-2). Log in with the default system administrator login name/password: admin/admin, and click Login.

16

Configuring UTM-1 Figure 2-2 The Login page

4.

Change the administrator password, as prompted. The default password is provided to allow to you access to UTM-1. For security purposes, you must change it to a more secure password. In the Password recovery login token section, you can download a Login Token that can be used in the event a password is forgotten. It is highly recommended to save and store the password recovery login token file in a safe place.

5.

The First-Time Configuration Wizard begins to run. The Wizard presents a number of windows, in which you configure the Date and Time, Network Connections, Routing, DNS Servers, Host and Domain Name, and Deployment Type of UTM-1.

Note - The features configured in the wizard are accessible after completing the wizard via the WebUI menu. The WebUI menu can be accessed by navigating to https://<appliance_ip_address>:4434. Chapter 2 Getting Started 17

Configuring UTM-1 Click Next. 6. Configure date and time in the Appliance Date and Time Setup window. Click Apply. Click Next. 7.

Configure Network Connections in the Connections window.

Network Connections page

Network

Figure 2-3

You may modify the Internal IP address and connectivity will be preserved. A secondary interface is created automatically to preserve connectivity. This interface can be removed after the wizard is completed in the Network > Network Connections page. Click Next. 8. Configure Routing in the Routing Table window. Click Next. 9. Set the Host and Domain in the Host and Domain Name window The host name must start with a letter and cannot be named Com1, Com2....Com9.

18

Configuring UTM-1 Set the DNS servers in the DNS Servers window. Click Next. 10. Configure the Management type in the Management Type window. Figure 2-4 Management Type page

Locally Managed Deployment - A locally managed deployment is the simplest deployment, where the UTM-1 component is responsible for the management of the Security Policy (the SmartCenter Server and the Enforcement module) and is installed on the same machine. a. b. Select Locally Managed and click Next. Skip to step 11.

Centrally Managed Deployment - A centrally managed deployment is a more complex deployment where the Enforcement module and the SmartCenter server are deployed on different machines. Note - In all deployments, SmartConsole can be downloaded and installed on any machine, unless stated otherwise. a. Select Centrally Managed and click Next.

Chapter 2

Getting Started

19

Configuring UTM-1 b. c. d. Configure the Web/SSH and GUI Clients Configuration window as described in step 11. Click Next. Set the type of Gateway in the Gateway Type window. Configure the Secure Internal Communication window: enter a SIC Activation Key and remember it, as you will enter it again when configuring the gateway object via SmartDashboard. Continue to step 14.

e.

11. Configure the Web/SSH and GUI Clients Configuration window. Define which IP addresses will be allowed to connect using Web or SSH Clients. These clients will be able to manage the appliance using SmartConsole applications. Enter a comma-separated list of IP addresses from which you will manage UTM-1 using SmartConsole Applications. Type Any to manage UTM-1 from anywhere. These and other advanced configuration options are available via the WebUI menu. Click Next. 12. Configure the SmartCenter Administrators window: i. ii. Click Add and enter a SmartCenter Administrator username and password. Click Apply and click Next to proceed to the next step.

13. Configuring a security policy requires you to install SmartConsole applications. If you do not have any SmartConsole application package installed in your organization, click Start Download

20

Configuring UTM-1 If you do not already have SmartDashboard downloaded, click the Download Check Point SmartConsole applications package link to download and install SmartDashboard to configure a Security Policy. 14. The Summary screen appears. Figure 2-5 Summary page

Click Finish to complete the First-Time Configuration Wizard. The machine will automatically restart (this may take several minutes). Note - It is recommended to backup the system configuration for system recovery purposes. The backup menu can be accessed via the WebUI interface under the Appliance menu. For details, refer to the UTM-1 User Guide included on the CD.

Chapter 2

Getting Started

21

Configuring UTM-1

Step 5: Installing the SmartConsole GUI Clients

If SmartDashboard was downloaded during the First Time Configuration Wizard, skip to Step 6: First Time Login to UTM-1 on page 22. 1. 2. 3. The WebUI menu can be accessed by navigating to

https://<appliance_ip_address>:4434.
Login using the administrator username and password configured in step 5 on page 17. Download the SmartConsole Installation package Product Configuration > Download SmartConsole > Download.

Step 6: First Time Login to UTM-1

Login Process
Administrators connect to UTM-1 through SmartDashboard using a process that is common to all SmartConsole clients. In this process, the administrator and UTM-1 are authenticated, and a secure channel of communication is negotiated.

Authenticating and Fingerprint Comparison

1. 2. 3. Launch SmartDashboard. Enter the administrator username, password, and IP address of UTM-1. Manually authenticate UTM-1 with the Fingerprint presented. This step only takes place during first-time login, since when UTM-1 is authenticated, the Fingerprint is saved on the SmartConsole machine. The Fingerprint is compared with the UTM-1 fingerprint which is located in the WebUI in Product Configuration > Certificate Authority.

22

Configuring UTM-1

Step 7: Configure and Install Security Policy

The security policy is implemented by defining an ordered set of rules in the Security Rule Base. A well-defined security policy is essential in order for UTM-1 to be an effective security solution.

Create a New Policy Package

1. 2. 3. In SmartDashboard, click File > New. The Save window appears. Click Save and continue. The New Policy Package window appears. Enter a name for the new policy and select a policy type. Click OK.

Define a Host
The host defined in these steps will be used in the security policy. 1. 2. 3. Click Manage > Network Objects > New > Node > Host. The Host Node window appears. Enter a Name and IP Address (for example, 10.10.10.51). In the NAT page, select Add Automatic Address Translation rules.

Chapter 2

Getting Started

23

Configuring UTM-1 Figure 2-6 NAT page of Host Node

4. 5.

From the Translation Method drop down menu, select Hide, and the option Hide behind Gateway. Click OK.

Define a Network
The network defined in these steps will be used in the security policy. 1. 2. 3. 4. 5. Click Manage > Network Objects > New > Network. Enter the Name and Network Address (for example, 10.10.10.0) and Net Mask. On the NAT tab, select Add Automatic Address Translation rules. From the Translation Method drop down menu, select Hide, and the option Hide behind Gateway. Click OK.

24

Configuring UTM-1

Create the Rule Base

Define the rule base as shown in Table 2-1. To define a rule: 1. 2. 3. 4. 5. From the menu, select Rules > Add Rule and choose one of Bottom, Top, Below, Above. In the Source column, right click and select Add..., choose an object and click OK. In the Service column, right click, select Add..., choose a service and click OK. In the Action column, right click and select Accept. The last rule in the rule base should be drop. In the Track column, right click, select Add... and choose Log. Rule Base Destination Any Any Any Any Any Service http https dns ftp telnet Any Action Accept Accept Accept Accept Drop Track Log Log Log Log Log

Table 2-1 Source

Network Object Network Object Host Object Host Object Any

The last rule in the rule base, known as the Cleanup Rule, is to drop all traffic that is not permitted by the previous rules. There is an implied rule that does this, but the Cleanup Rule allows you to log any access attempts. To view all activity that is being logged, click Window > SmartView Tracker.

Chapter 2

Getting Started

25

Configuring UTM-1

Enable Anti Virus Scanning

When Anti Virus scanning is enabled, traffic for the selected protocols is trapped in the kernel and forwarded to the security server. The security server forwards the data stream to the Anti Virus engine. The data is allowed or blocked based on the response of the Anti Virus engine. Anti Virus scanning is applied only to accepted traffic, that has been allowed by the Security Policy. On the gateway, check Anti Virus in the Check Point Products section of the General Properties page. Figure 2-7 Check Point Products section

6.

Click OK.

Enabling the Anti Virus protection turns on SMTP, POP3, FTP, and HTTP inspection for incoming traffic to the DMZ and internal networks. For more information, see the Anti Virus Protection chapter in the UTM-1 User Guide.

To Install a Policy Package

To install a Policy Package: 1. 2. 3. Display the Policy package in the rule base. Click Policy > Install from the menu. Choose the installation components: a. Installation Targets the VPN-1 Modules on which the policy is installed.

26

Configuring UTM-1 By default, all internal Modules are available for selection. Alternatively, you defined specific Modules per Policy Package through the Select Installation Targets window (accessed by clicking Select Targets). b. For each installation target, choose the policy components (Advanced Security, QoS or Desktop Security) to be installed. The installation Mode what to do if the installation is not successful for all targets (so different targets enforce different policies): 4. Click OK. The Installation Process window is displayed, allowing you to monitor the progress of the verification, compilation and installation. If the verification is completed with no errors and the SmartCenter Server is able to connect to the module securely, the Policy installation succeeds. If there are verification or installation errors, the installation fails (in which case you can view the errors to find the source of the problem). If there are verification warnings, the installation succeeds with the exception of the component specified in the warning. Install on each Module independently, or Install on all Modules, or on none of the Modules

c.

Chapter 2

Getting Started

27

Restoring Factory Defaults

Restoring Factory Defaults

You may restore the factory defaults on the appliance in one of the following ways: Using the WebUI Using Hyperterminal USB DiskOn Key Warning - Restoring factory defaults will delete all information on the appliance including images, backup files, and logs.

Restoring Factory Defaults using the WebUI

1. 2. Click Appliance > Image Management > Restore to Factory Defaults. Click Apply.

Restoring Factory Defaults using the Hyperterminal Console

1. Using the supplied serial console cable to the RJ45 port, connect UTM-1 to a hyperterminal machine. In the Port Settings window, the setting for the Serial console is 9600 8N1 (9600 BPS, 8 bits, no parity, 1 stop bit). From the Flow control drop down menu, select Hardware. Configure the hyperterminal parameters. In Hyperterminal, click, Call > Call to connect to the appliance. Power on UTM-1.

2. 3. 4.

28

Restoring Factory Defaults 5. While booting up, the following text appears: Figure 2-8 Hyperterminal

When this text appears, there are approximately four seconds to hit any key in order to bring up the boot grub menu. Once the boot grub menu is displayed, there will be approximately ten seconds to hit any key or the machine will continue booting up.

Chapter 2

Getting Started

29

Restoring Factory Defaults Figure 2-9 Grub menu

6. 7.

Scroll down the grub menu to highlight Reset to factory defaults. Hit Enter.

USB DiskOn Key

1. 2. 3. Insert the provided USB DiskOn Key into the USB port. Reboot the appliance. While the factory defaults are being restored, the network port lights blink from left to right. When all the the network port lights are all blinking simultaneously, the factory defaults have been successfully restored. 4. 5. Remove the USB DiskOn Key from the USB port and the appliance will reboot automatically. Continue with Step 4: Advanced Initial Configuration on page 16.

30

Advanced Configuration

Advanced Configuration
Advanced configuration can be done using the sysconfig menu which can be accessed using the command line interface only. For example, configuring the appliance to be a DHCP server. CLI access can be obtained by console connection or through SSH access.

Chapter 2

Getting Started

31

LED

LED
The PWR/Status LED is located on the front of the appliance. When the LED is blinking, tha machine is booting and you cannot login. When the LED is steady, the machine is ready for login. Figure 2-10

32

Chapter Registration and Support

In This Chapter
Registration Support Where To From Here?

3
page 34 page 35 page 36

33

Registration

Registration
UTM-1 requires a specific license to operate. Obtain a license and register at: https://usercenter.checkpoint.com/usercenter/portal The serial number required to obtain a license is found on the Information > Appliance Status page of the WebUI.

34

Support

Support
See the Check Point Services web site http://www.checkpoint.com/techsupport/ or see the SecureKnowledge self-service database at https://secureknowledge.checkpoint.com/.

Chapter 3

Registration and Support

35

Where To From Here?

Where To From Here?

You have now learned the basics that you need to get started. The next step is to obtain more advanced knowledge of your Check Point software. See the Check Point UTM-1 User Guide on the CD, or at http://www.checkpoint.com/techsupport/downloads.jsp (username and password required). Check Point documentation elaborates on this information and is available in PDF format on the Check Point CD as well as on the Technical Support download site at: http://www.checkpoint.com/support/technical/documents. Be sure to also use our Online Help when you are working with the Check Point SmartConsole clients. For additional technical information about Check Point products, consult Check Points SecureKnowledge at: https://secureknowledge.checkpoint.com.

36

THIRD PARTY TRADEMARKS AND COPYRIGHTS

Entrust is a registered trademark of Entrust Technologies, Inc. in the United States and other countries. Entrusts logos and Entrust product and service names are also trademarks of Entrust Technologies, Inc. Entrust Technologies Limited is a wholly owned subsidiary of Entrust Technologies, Inc. FireWall-1 and SecuRemote incorporate certificate management technology from Entrust. Verisign is a trademark of Verisign Inc. The following statements refer to those portions of the software copyrighted by University of Michigan. Portions of the software copyright 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided as is without express or implied warranty. Copyright Sax Software (terminal emulation only). The following statements refer to those portions of the software copyrighted by Carnegie Mellon University. Copyright 1997 by Carnegie Mellon University. All Rights Reserved. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. The following statements refer to those portions of the software copyrighted by The Open Group. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The following statements refer to those portions of the software copyrighted by The OpenSSL Project. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The following statements refer to those portions of the software copyrighted by Eric Young. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright 1998 The Open Group.

177

The following statements refer to those portions of the software copyrighted by Jean-loup Gailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. The following statements refer to those portions of the software copyrighted by the Gnu Public License. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. The following statements refer to those portions of the software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 2001, 2002 Expat maintainers. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. GDChart is free for use in your applications and for chart generation. YOU MAY NOT re-distribute or represent the code as your own. Any re-distributions of the code MUST reference the author, and include any and all original documentation. Copyright. Bruce Verderaime. 1998, 1999, 2000, 2001. Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by Boutell.Com, Inc. Portions relating to GD2 format copyright 1999, 2000, 2001, 2002 Philip Warner. Portions relating to PNG copyright 1999, 2000, 2001, 2002 Greg Roelofs. Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 John Ellson (ellson@graphviz.org). Portions relating to gdft.c copyright 2001, 2002 John Ellson (ellson@graphviz.org). Portions relating to JPEG and to color quantization copyright 2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, Thomas G. Lane. This software is based in part on the work of the Independent JPEG Group. See the file README-JPEG.TXT for more information. Portions relating to WBMP copyright 2000, 2001, 2002 Maurice Szmurlo and Johan Van den Brande. Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application, provided that this notice is present in user-accessible supporting documentation. This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not to interfere with your productive use of gd. If you have questions, ask. "Derived works" includes all programs that utilize the library. Credit must be given in user-accessible documentation. This software is provided "AS IS." The copyright holders disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation. Although their code does not appear in gd 2.0.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software Corporation for their prior contributions. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 The curl license COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 - 2004, Daniel Stenberg, <daniel@haxx.se>.All rights reserved. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

178

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder. The PHP License, version 3.0 Copyright (c) 1999 - 2004 The PHP Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact group@php.net. 4. Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo" 5. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. Once covered code has been published under a particular version of the license, you may always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes PHP, freely available from <http://www.php.net/>". THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at group@php.net. For more information on the PHP Group and the PHP project, please see <http://www.php.net>. This product includes the Zend Engine, freely available at <http://www.zend.com>. This product includes software written by Tim Hudson (tjh@cryptsoft.com). Copyright (c) 2003, Itai Tzur <itzur@actcom.co.il> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Neither the name of Itai Tzur nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission.

179

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Copyright 2003, 2004 NextHop Technologies, Inc. All rights reserved. Confidential Copyright Notice Except as stated herein, none of the material provided as a part of this document may be copied, reproduced, distrib-uted, republished, downloaded, displayed, posted or transmitted in any form or by any means, including, but not lim-ited to, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of NextHop Technologies, Inc. Permission is granted to display, copy, distribute and download the materials in this doc-ument for personal, non-commercial use only, provided you do not modify the materials and that you retain all copy-right and other proprietary notices contained in the materials unless otherwise stated. No material contained in this document may be "mirrored" on any server without written permission of NextHop. Any unauthorized use of any material contained in this document may violate copyright laws, trademark laws, the laws of privacy and publicity, and communications regulations and statutes. Permission terminates automatically if any of these terms or condi-tions are breached. Upon termination, any downloaded and printed materials must be immediately destroyed. Trademark Notice The trademarks, service marks, and logos (the "Trademarks") used and displayed in this document are registered and unregistered Trademarks of NextHop in the US and/or other countries. The names of actual companies and products mentioned herein may be Trademarks of their respective owners. Nothing in this document should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any Trademark displayed in the document. The owners aggressively enforce their intellectual property rights to the fullest extent of the law. The Trademarks may not be used in any way, including in advertising or publicity pertaining to distribution of, or access to, materials in this document, including use, without prior, written permission. Use of Trademarks as a "hot" link to any website is prohibited unless establishment of such a link is approved in advance in writing. Any questions concerning the use of these Trademarks should be referred to NextHop at U.S. +1 734 222 1600. U.S. Government Restricted Rights The material in document is provided with "RESTRICTED RIGHTS." Software and accompanying documentation are provided to the U.S. government ("Government") in a transaction subject to the Federal Acquisition Regulations with Restricted Rights. The Government's rights to use, modify, reproduce, release, perform, display or disclose are restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software and Noncommercial Computer Soft-ware Documentation clause at DFAR 252.227-7014 (Jun 1995), and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52.227-14, Alternative III (Jun 87) and paragraph (c)(2) of the Commer-cial Computer Software-Restricted Rights clause at FAR 52.227-19 (Jun 1987). Use of the material in this document by the Government constitutes acknowledgment of NextHop's proprietary rights in them, or that of the original creator. The Contractor/Licensor is NextHop located at 1911 Landings Drive, Mountain View, California 94043. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in applicable laws and regulations.

180

Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO THE APPLICABLE LAW, NEXTHOP DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. NEITHER NEXTHOP NOR ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THIS DOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THE USE, VALIDITY, ACCURACY, OR RELIABILITY OF, OR THE RESULTS OF THE USE OF, OR OTHERWISE RESPECTING, THE MATERIAL IN THIS DOCUMENT. Limitation of Liability UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, OR THE INABILITY TO USE, THE MATERIAL IN THIS DOCUMENT, EVEN IF NEXTHOP OR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA, YOU ASSUME ANY COSTS THEREOF. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU. Copyright ComponentOne, LLC 1991-2002. All Rights Reserved. BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")) Copyright 1997-2001, Theo de Raadt: the OpenBSD 2.9 Release PCRE LICENCE PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. Release 5 of PCRE is distributed under the terms of the "BSD" licence, as specified below. The documentation for PCRE, supplied in the "doc" directory, is distributed under the same terms as the software itself. Written by: Philip Hazel <ph10@cam.ac.uk> University of Cambridge Computing Service, Cambridge, England. Phone: +44 1223 334714. Copyright (c) 1997-2004 University of Cambridge All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Eventia Reporter includes software whose copyright is owned by, or licensed from, MySQL AB.

181

182

Index
A
Anti Virus 26

H
Host define 23 Host and Domain Name 18 Hyperterminal 28, 29

C
Centrally Managed Deployment 11, 19 Cleanup Rule 25

L
Locally Managed Deployment 11, 19 Logging on first time 22

D
Date and Time 18 DNS Server 19

M
Management Type 19

F
Fingerprint 22

N
Network define 24 Network Connections 18

G
gateway 11 Gateway Type 20

43

P
Password recovery login token 17

W
Web/SSH and GUI Clients 20

R
Registration 34 Restoring Factory Defaults 28 using hyperterminal 28 using WebUI 28 Routing Table 18 Rule Base 25

S
Secure Internal Communication (SIC) 20 SecureKnowledge 35 Security Policy 11 installation 23 Shipping Carton Contents 10 SmartCenter Administrators 20 SmartCenter Server 11 SmartConsole 11 SmartDashboard 11 Support 35

T
Terminology 11 Translation Method 24

44 Index