Gebruiksaanwijzing /service van het product Safe@Office 1000N ADSL van de fabrikant Check Point
Ga naar pagina of 852
Check Po int S afe@ Offic e Intern et Secur ity Applian ce User Guide Version 8.2 Part No: 70 0797, Novemb er 2010.
COPYRI GHT & TRADEM ARKS Copyright © 2010 SofaWare, All Rights Reserved. No part of this document may be reproduced in any form or by any means witho ut written permission f rom SofaWare. Information in this docu ment is subject to change without notice and does not represe nt a commitment on part of SofaWare Tec h nologies Ltd.
modificat ions and/or tra nslated into a nother langua ge. (Hereinafter, translatio n is included witho ut limitation in the ter m " modific ation".) Each licensee is add ressed as "you" . Act iv it ies oth er than copying , distribution and modification are not covered by thi s License; they ar e outside its scope.
6. E ach tim e you redistribute th e Program (or any work based on th e Program), the r ecipient autom atically receives a li cense from the original licensor to copy, distribute or mod ify the Program subject to these ter m s and condit ions.
Do not expose the appliance to extreme high or low te mperatures. Do not disassemble or open the appliance. Failure to co mply wil l vo id the wa rr ant y.
.
Contents Contents i Contents About Thi s Guide ................................................................................................................................ . ix Introduct ion ........................................................
Contents ii Check Poi nt Safe@Office User Guide Wall Mounting the Safe@Office Appliance ................................................................................... 103 Securing the Safe@Office A pp liance ag ainst Theft .......................
C ontents Contents iii Using Bridg es ..................................................................................................................................... 259 Overvi e w ................................................................
Contents iv Check Poi nt Safe@Office User Guide Viewing Net work Statistics ............................................................................................................. 362 Viewing the Rou ting Tab le .................................
Contents Contents v Using Web Co ntent Filt ering ........................................................................................................... 565 Overvi e w ..............................................................................
Contents vi Check Point Safe@ Office User Guide Managing U sers ................................................................................................................................ . 677 Chan ging Yo ur Logi n Cred ent i als ..............
Contents Contents vii Using Diagno stic Too ls ................................................................................................................... 738 Backing Up and Restoring the Saf e@Office Appliance Configuration ..................
.
About Your Check Point Safe@Offic e Appliance Chapter 1 : About This Guide ix To make finding information in this g uide easier, some ty pes of information are m arked with s pec ial sy mb ols or fo rm atting . Boldface type is used for co mm and and button names.
About Your Check Point Safe@Office Appli ance x Check Poi nt Safe@Office User Guide All produc ts, with or without t he Pow er Pack, with ADSL o nly All produc ts, with or without t he Pow er Pack, wi.
About Your Check Point Safe@Office Appli ance Chapter 1 : Introduction 1 Chapter 1 This chap ter introd uces the Check Point Safe@O ffice a ppliance and this g uide. This ch apter in clud es the fo llow ing to pic s: About Y our Che ck Po int Sa fe@O ffic e Ap plia nce .
Safe@Office Product F amily 2 Check Poi nt Safe@Office User Guide The Safe@O ffice applian ce also allows sharing your Internet conn ection am ong several PCs or other network devices, enabling advanced office netwo rking and saving th e cost of purchasi ng static I P address es.
Safe@Office 1000N and 1000N ADSL Product Features Chapter 1 : Introduction 3 Safe@O ffic e 10 00N and 1 000N A DSL Product Featu res Table 1 : Safe@ Offic e 1000N and 1000 N ADSL F eatures Feature Saf.
Safe@Office 1000N and 1000N ADSL Product Features 4 Check Poi nt Safe@Office User Gui de DMZ/ W AN2 Port Ethernet / SFP, 10/1 00/1000 M bps Dialup Bac kup With external se rial / US B mode m Console Port (Serial) ExpressCard Port — Print Server — USB 2.
Safe@Office 1000N and 1000N ADSL Product Features Chapter 1 : Introduction 5 P2P File Shar ing Blocking / M onitorin g Port- based and Tag - based VLAN * Port- based Secur ity (802.
Safe@Office 1000N and 1000N A DSL P roduct Features 6 Check Poi nt Safe@Office User Guide IPSEC Featur es Hardw are - accelerated DES, 3DES, AES, MD5, SHA - 1, Har dware Random Num ber Generat or ( RN.
Safe@Office 1000N and 1000N ADSL Product Features Chapter 1 : Introduction 7 MAC Cloning Networ k Address Translati on (NAT) Rules Static Route s, Sourc e Routes, an d Servic e - Based Route s Etherne.
Safe@Office 1000NW and 1000NW ADSL Product Features 8 Check Poi nt Safe@Office User Guide Setting Rapid Deploy ment Hardware Sp ecification s Power 100/110/1 20/210/220/2 30VAC (Linear Pow er Adapt er.
S afe@Office 1000NW and 1000NW ADSL Product Features Chapter 1 : Introduction 9 Hardware F eatures 4- Port LAN Switch Ethernet, 10 /100/100 0 Mbps W AN P ort Ethernet 10/100/10 00 Mbps ADSL2+ ADSL Standa rds — ADSL2, ADS L2+, T. 1413 G.DM T (G.992.1) G.
Safe@Office 1000NW and 1000NW ADSL Product Features 10 Check Poi nt Safe@Office User Guide Intellige nce SmartDefense™ (IPS) Networ k Address Translati on (NAT) Four Preset S ecurity Policie s Anti- spoofing Voice over IP Support SIP, H.
Safe@Offi c e 1000N W and 1000NW ADSL Product Features Chapter 1 : Introduction 11 VPN Server with OfficeM ode and RADIUS Support Check Poin t VPN Client s, L2T P Site- to - Site VPN Gatew ay Route - .
Safe@Office 1000NW and 1000NW ADSL Product Features 12 Check Poi nt Safe@Office User Guide Dead Internet Connectio n Detecti on (DCD) WAN Load B alancin g Backup Int ernet Connectio n DHCP Server, Cli.
S afe@Office 1000NW and 1000NW ADSL Product Features Chapter 1 : Introduction 13 Dynamic R outing * Managemen t Central M anagement S MP Local M anagement HTTP / HTTPS / SSH / SNMP / Serial CLI Remote.
Safe@Office 500 and 500 ADSL Product Features 14 C heck Point S afe@Office User Guide Safe@O ffic e 50 0 and 500 A DSL Product F eatu res Table 3 : Safe@ Offic e 500 an d 500 ADSL Featur es Feature Sa.
Safe@Offic e 500 and 500 ADSL Product Features Chapter 1 : Introduction 15 Dialup Bac kup With ext ernal serial / USB mod em Console Port (Serial) Print Server — US B 2.
Safe@Off ice 500 and 500 ADSL Product Features 16 Check Poi nt Safe@Office User Guide Port- based and Tag - based VLAN * Port- based Secur ity (802.1x ) * EAP Authen ticator W eb Rule s Secure HotS po.
Safe@Offic e 500 and 500 ADSL Product Features Chapter 1 : Introduction 17 Networking Supported In ternet Con nection M ethods Static IP, DHCP, PPPoE, PPTP, Telstra, Cab le, Dial up Static IP, DHCP, P.
Safe@Office 500 and 500 ADSL Product Features 18 Check Poi nt Safe@Office User Guide Static Route s, Sourc e Routes, an d Servic e - Based Ro utes Ethernet C able Ty pe Recogniti on DiffServ Tagging *.
Safe@Offic e 500 W and 500 W ADSL Product Features Chapter 1 : Introduction 19 Hardware Sp ecification s Power 100/110/1 20/210/220/2 30VAC (Linear Pow er Adapt er) or 10 0~240VAC (Swit ched Power Adapt er) Mounting O ptions Desktop, Wall, or Ra ck Mounti ng** Warranty 1 Year H ar dware * Requires P ower P ack upg rade CPSB - 500- UPG - P PACK.
Safe@Office 500W and 500W ADSL Product Features 20 Check Poi nt Safe@Office User Guide W AN P ort Ethernet, 10 /100 M bps ADSL2+ ADSL Standa rds — ADSL2, ADS L2+, T.
Safe@Offic e 500 W and 500 W ADSL Product Features Chapter 1 : Introduction 21 Four Preset S ecurity Poli ci es Anti- spoofing Voice over IP Support SIP, H.323 Instant M essenger Blocking / M onitorin g P2P File Shar ing Blocking / M onitorin g Port- based and Tag - based VLAN * Port- based Secur ity (802.
Safe@Office 500W and 500W ADSL Product Features 22 Check Poi nt Safe@Office User Guide Route - based VPN Backup VPN Gatew ays Remote Access VPN Client SecuRemote / SecureCl ient / L2TP / Endpo int Con.
Safe@Offic e 500 W and 500 W ADSL Product Features Chapter 1 : Introduction 23 Connectio n DHCP Server, Cli ent, and Relay DNS Server MAC Cloning Networ k Address Translati on (NAT) Rules S tatic Rout.
Safe@Office 500W and 500W ADSL Product Features 24 Check Poi nt Safe@Office User Guide Loc al D iagn ostic s Tools Ping, WHOIS, Pac ket Sniffer, Status Monitor, Traffic Monitor, My Computers D isplay,.
Wireless Feat ures Chapter 1 : Introduction 25 Wirele ss F eature s Table 5 : Safe@ Offic e Wireles s Featu r es Feature Safe@Office 500W / Safe@Office 500W ADSL Safe@Office 1000NW / Safe@Office 1000W ADSL W ireles s Pr otoc ols 802.11b (1 1 Mbps), 80 2.
Optional S ecurity Services 26 Check Poi nt Safe@Office User Guide * Requires P ower P ack upg rade CPSB - 500- UPG - PPACK or CPSB -1000- UPG - PPACK, depending on series. ** Supe r G and XR m ode are on ly av ailable w ith select w ireless n etwork adapters.
Getting to Know Your Safe@Office 1000N Appliance Chapter 1 : Introduction 27 Getting to Know You r Safe@Office 1000N Appliance Packa ge Conte nts The Safe@ Office 1 000N pack age inclu des the followi.
Getting to Know Your Safe@Office 1000N Appliance 28 Check Poi nt Safe@Office User Guide Rear Pan el All physic al conn ection s (network and pow er) are m ade via the rear pane l of your Safe@Off ice appli ance. The follow ing tab le lists th e Safe@O ffice 1000 N appl iance' s rear panel e lements.
Getting to Know Your Safe@Office 1000N Appliance Chapter 1 : Introduction 29 Label Descri pti on RESET A button u sed for reb ooting th e Safe@Of fice appl iance or re setting t he Safe@Offic e applianc e to its factory de faults. You need to u se a poi nted object to press this b utton.
Getting to Know Your Safe@Office 1000N Appliance 30 Check Poi nt Safe@Office User Guide Table 7 : Safe@ Offic e 1000N Applian ce Status L EDs LED State Explanation Power Off Power of f On (Green) Norm.
Getting to Know Your Safe@Office 1000N ADSL Appliance Chapter 1 : Introduction 31 1000Mbps Off, LINK/ACT Flashing (G reen) 10 Mbps lin k establi shed for th e corresp onding port Data is be ing transm.
Getting to Know Your Safe@Office 1000N ADSL Appliance 32 Check Poi nt Safe@Office User Guide Getting to Know You r Safe@Office 1000N ADSL A pp liance Packa ge Conte nts The Safe@ Office 1 000N A DSL p.
Getting to Know Your Safe@Office 1000N ADSL Appliance Chapt er 1 : Introducti on 33 • If desired, you can co nnect your applian ce to an external broadb and Internet connection via a cab le or DSL m odem with an Etherne t interface (R J-45).
Getting to Know Your Safe@Office 1000N ADSL Appliance 34 Check Poi nt Safe@Office User Guide Label Descri pti on DSL An RJ - 11 ADSL port used for connecting the inte grated ADS L modem to an ADSL line. A sp lit ter wi th a m icr o - filter i s usually required w hen connec ting th is port to the phone jack.
Getting to Know Your Safe@Office 1000N ADSL Appliance Chapter 1 : Introduction 35 Side Pa nel The side panel in cludes a sl ot for inse rting an E xpress Card cel lular m odem. Front Pa nel The Safe@ Office 1 000N A DSL appl iance inclu des sev eral status L EDs tha t enable y ou to monitor the applianc e’s operation.
Getting to Know Your Safe@Office 1000N ADSL Appliance 36 Check Poi nt Safe@Office User Guide Flashing qu ickly (R ed) High temper ature or system fa ilure Flashing sl owly (Orange) Writing up date to .
Getting to Know Your Safe@Office 1000N ADSL Appliance Chapter 1 : Introduction 37 1000Mbps On (Green), LINK/ACT Flashing (G reen) 1000 Mbps l ink estab lished for the correspon ding port Data is be in.
Gettin g to Know Your Safe@Office 1000NW Appliance 38 Check Poi nt Safe@Office User Guide Getting to Know You r Safe@Office 1000NW A pp liance Packa ge Conte nts The Safe@ Office 1 000NW pack age incl.
Getting to Know Your Safe@Office 1000NW Appliance Chapter 1 : Introduction 39 Rear Pan el All physi cal conn ections (n etwork and p ower) ar e made v ia the rear p anel of y our Safe@Off ice appli ance. The fo llow ing ta ble lists the S afe@ Offic e 100 0NW a pplian ce's rea r panel el ements.
Getting to Know Your Safe@Office 1000NW Appliance 40 Check Poi nt Safe@Office User Guide Label Descri pti on Internet. Serial A serial (RS - 232) port u sed for connecting computers in orde r to access the Safe@Offic e CLI (Co mmand L ine Interfa ce), or for connecti ng an ex ternal dia lup modem.
Getting to Know Your Safe@Office 1000NW Appliance Chapt er 1 : Introducti on 41 Front Pa nel The Safe@ Office 1 000NW app liance in cludes sev eral sta tus LEDs that enab le you to monitor the applianc e’s operation. For an explanation of t h e S afe@Off ice 1000N W applian ce’s sta tus LEDs, see the table below.
Getting to Know Your Safe@Office 1000NW Appliance 42 Check Poi nt Safe@Office User Guide Flashing qu ickly (G reen) Sy stem boot in pr ogress Flashing sl owly (Green) Establishin g Internet connectio .
Getting to Know Your Safe@Office 1000NW Appliance Chapter 1 : Introduction 43 VPN Off No VPN tunn el establi shed On (Green) VPN idle / No activ ity Flashing ( Green) VPN activity RS232/Seri al Off No.
Getting to Know Your Safe@Office 1000NW ADSL Appliance 44 Check Poi nt Safe@Office User Guide Getting to Know Y our Safe@Office 1000NW ADSL A pp liance Packa ge Conte nts The Safe@ Office 1 000NW A DS.
Getting to Know Your Safe@Office 1000NW ADSL Appliance Chapter 1 : Introduction 45 • A spli tter w ith a mic ro - fil ter, insta lled on al l the jack s connec ted to the same phone line • If desired, you can co nnect your appl iance to an external b roadband Internet connection via a cab le or DSL m odem with an Etherne t interface (RJ- 45).
Getting to Know Your Safe@Office 1000NW ADSL Appliance 46 Check Poi nt Safe@Office User Guide Table 12 : Saf e@Of fice 10 00NW ADSL Applian ce Rear Pan el Elemen ts Label Descri pti on LAN 1 -4 Local .
Getting to Know Your Safe@Office 1000NW ADSL Appliance Chapter 1 : Introduction 47 Label Descri pti on firmware to t he vers ion that sh ipped w ith the Saf e@Of fice ap pliance. This result s in the loss of all se curity serv ices and p assw ords and reverting to the fa ctory defau lt firmw are.
Getting to Know Your Safe@Office 1000NW ADSL Appliance 48 Check Poi nt Safe@Office User Guide Front Pa nel The Safe@ Office 1 000NW A DSL appli ance inclu des s everal status L EDs th at enab le you to monitor the ap pli ance’s operation. For an expl anation of the S afe@Off ice 1000N W ADSL appliance’ s status LE Ds, see the table b elow .
Getting to Know Your Safe@Office 1000NW ADSL Appliance Chapter 1 : Introduction 49 GbE Status (LAN 1 - 4 / D MZ /W AN 2 ) 1000Mbps Off, LINK/ACT Off No Link 1000Mbps Off, LINK/ACT On (Gr een) 10 Mbps .
Getting to Know Your Safe@Office 1000NW ADSL Appliance 50 Check Poi nt Safe@Office User Guide VPN Off No VPN tunn el establi shed On (Green) VPN idle / No activ ity Flashing ( Green) VPN activi ty RS2.
Getting to Know Your Safe@Office 500 Appliance Chapter 1 : Introduction 51 Getting to Know You r Safe@Office 500 A pplia nce Packa ge Conte nts The Safe@Office 5 00 package includes the following: •.
Getting to Know Your Safe@Office 500 Appliance 52 Check Poi nt Safe@Offi ce User Guide The fo llow ing ta ble lists the S afe@ Offic e 500 applian ce' s rear panel e lements. Table 14 : Saf e@Of fice 50 0 Applianc e Rear Pan el Elemen ts Label Descri pti on PW R A power jac k used for s upplyin g power to th e unit.
Getting to Know Your Safe@Office 500 Appliance Chapter 1 : Introduction 53 Label Descri pti on W AN Wide Area N etwork: An Ethern et port (R J - 45) used f or conne cting your br oadband modem, a w ide area netw ork rout er, or a network le ading to t he Internet .
Getting to Know Your Safe@Office 500 ADSL Applianc e 54 Check Poi nt Safe@Office User Guide LED State Explanation Flashing ( Red) Hacker attack bl ocked, or er ror occurred duri ng rapid deploym ent p.
Getting to Know Your Safe@Office 500 ADSL Appliance Chapter 1 : Introduction 55 Getting to Know You r Safe@Office 500 A DSL A pp liance Packa ge Conte nts The Safe@ Office 5 00 ADSL p ackage incl udes.
Getting to Know Your Safe@Office 500 ADSL Appliance 56 Check Poi nt Safe@Office User Guide • If desired, you can co nnect your applian ce to an external broadb and Internet connection via a cab le or DSL m odem with an Etherne t interface (RJ- 45).
Getting to Know Your Safe@Office 500 ADSL Appliance C hapter 1 : Introduction 57 Label Descri pti on Serial An RJ - 45 serial (RS - 232) port used for connecting computer s in order to acces s the Safe@O ffice CLI (C omma nd Line Inter face), or for conn ecting a n external dialup mode m.
Getting to Know Your Safe@Office 500 ADSL Appliance 58 Check Poi nt Safe@Office User Guide Front Pa nel The Safe@ Office 5 00 ADSL ap pliance i ncludes sev eral statu s LEDs that enable you to monitor the applianc e’s operation. For an explanation of the Safe@Off ice 500 ADSL app liance’s status LEDs , see the following table.
Getting to Know Your Safe@Office 500 ADSL Appliance Chapter 1 : Introduction 59 LED State Explanation LINK/ACT On, 100 On 100 M bps link est ablished f or the correspon ding port LNK/ACT Flashing Data.
Getting to Know Your Safe@Office 500W Appliance 60 Check Poi nt Safe@Office User Guide Getting to Know You r Safe@Office 500W A ppliance Packa ge Conte nts The Safe@ Office 5 00W pa ckage includ es th.
Getting to Know Your Safe@Office 500W Appliance Chapter 1 : Introduction 61 Networ k Requi rements • 10BaseT or 100Base T Network Interface Card installed on e ach computer • CAT 5 STP (Categ ory 5 Shielded Twi sted Pair) Straig ht Through Ethernet cab le for each at tached d evice • An 802.
Getting to Know Your Safe@Office 500W Ap pliance 62 Check Poi nt Safe@Office User Guide Table 18 : Saf e@Of fice 50 0W Appliance Rear Panel Elem ents Label Descri pti on PW R A power jac k used for s upplyin g power to th e unit. Co nnect th e supplied p ower adapter to this jack .
Getting to Know Your Safe@Office 500W Appliance Chapter 1 : Introduction 63 Label Descri pti on LAN 1 -4 Local Area N etwork sw itch: Fo ur Ethernet p orts (RJ - 45) used for conne cting computers or other netw ork de vices. ANT 1 / ANT 2 Antenna c onnectors, u sed to c onnect th e supplied wireless a ntennas .
Getting to Know Your Safe@Office 500W Appliance 64 Check Poi nt Safe@Office User Guide LED State Explanation On (Red) Error Flashing ( Orange) Software updat e in pro gress LAN 1 - 4/ W AN/ D MZ /W AN.
Getting to Know Your Safe@Office 500W ADSL Appliance Chapter 1 : Introduction 65 Getting to Know You r Safe@Office 500W ADSL A pp liance Packa ge Conte nts The Safe@ Office 5 00W AD SL packag e includ.
Getting to Know Your Safe@Office 500W ADSL Appliance 66 Check Poi nt Safe@Office User Guide • If desired, you can co nnect your applian ce to an external broadb and Internet connection via a cab le or DSL m odem with an Etherne t interface (RJ- 45).
Getting to Know Your Sa fe@Office 500W ADSL Applianc e Chapter 1 : Introduction 67 Label Descri pti on Serial An RJ - 45 serial (RS - 232) port used for connecting computer s in order to acce ss the Safe@O ffice CLI (C omma nd Line Inter face), or for conn ecting a n external dialup mode m.
Getting to Know Your Safe@Office 500W ADSL Appliance 68 Check Poi nt Safe@Office User Guide Front Pa nel The Safe@ Office 5 00W AD SL applianc e includes severa l status LED s that en able y ou to mo nit or the appliance’s ope ration. For an expl anation of the S afe@Off ice 500W A DSL a ppliance’s status LE Ds, see the following table.
Getting to Know Your Safe@Office 500W ADSL Appliance Chapter 1 : Introduction 69 LED State Explanation LINK/ACT On, 100 On 100 M bps link est ablished f or t he correspon ding port LNK/ACT Flashing Da.
Contacti ng Technical Support 70 Check Poi nt Safe@Office User Guide Contacting Technical Support In case o f a problem with y our Safe@O ffice app liance, see http://www.sofawar e.com/support. You can also download the la te st v ersion of this guid e from the site.
Introduction to I nformation Security Chapter 2 : Safe@Office Securit y 71 Chapter 2 This chap ter explai ns the b asic secur ity concept s on wh ich Safe@O ffice secu rity is based. This ch apter in clud es the fo llow ing topics: Introduction to Informatio n Security .
Introduction to I nformation Security 72 Check Poi nt Safe@Office User Guide • Comm ercial compan ies sto re inform ation about their r evenues, bu siness an d marketing plans, curr ent and future prod uct lines, inform ation about competitors, and so on.
Introduction to I nformation Security Chapter 2 : Safe@Office Securit y 73 Infor mation Se curit y Challenge s The challenges of in formation security can b e divided into the fol lowing areas: • Co.
Introduction to I nformation Security 74 Che ck Poin t Safe@O ffice User Guide In order for a secu rity policy be effective, it must be accom panied by the follow ing measures: • Awareness - A security policy must be a ccompanied by step s taken to increa se the employ ees' awareness o f security issues.
Introduction to I nformation Security Chapter 2 : Safe@Office Securit y 75 • Applications are hos ted on a m ain computer rather than on pe rsonal workstations.
The Safe@Office Firewall 76 Check P oint Safe@ Offi ce User Guide • Large bus inesses have the f unds and ex pertise t o const antly enhan ce thei r security and are th erefore a difficult t arget for hackers. This m akes sm all business es a far m ore attrac tive targ et for netw ork att acks.
The Safe@Office Firewall Chapter 2 : Safe@Office Securit y 77 Secur ity Re quirements In order to mak e control decisions fo r new comm unication attempts, it is not suff icient for the firewall to exam ine packets in isolation .
The Safe@Office Firewall 78 Check Poi nt Safe@Office User Guide Packet f ilters have the follo wing ad vantages an d disad vantag es: Table 22 : Pa cket Fi lter A dv antages and Disadv antages Advan t.
The Safe@Office Firewall Chapter 2 : Safe@Office Securit y 79 Check Point St ateful I nspection Te chnology Invented by C heck Point, Stateful I nspection is the industry s tanda rd for netw ork security solutions.
The Safe@Office Firewall 80 Check Poi nt Safe@Office User Guide The Safe@Office firewall exam ines IP addresses, port num bers, and any othe r information required.
The Safe@Office Firewall Chapter 2 : Safe@Office Securit y 81 Step Channel Type Descri pti on Source TCP Source Port Destination TCP Destination Port 3 Data Client initiat es data connection to server.
The Safe@Office Firewall 82 Check Poi nt Safe@Office User Guide FTP client - server com mun ication. The fo llowing table exam ines how differen t firew all technolog ies hand le this ch alleng e: Tab.
The Safe@Office Firewall Chapter 2 : Safe@Office Securit y 83 Fire wall T echnology Action Stateful In spection F irewall A Stateful I nspecti on firew all ex amines the FTP appl ica tion - layer data in an FT P session. When the c lient init iates a c ommand sess ion, the firewall ex tracts t he port num ber from the requ est.
.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 85 Chapter 3 This chap ter descr ibes how to prope rly set up an d inst all your Saf e@Off ice applian ce in your networking env ironment. This ch apter in clud es the fo llow ing topics: Before Yo u Install the Safe @Office Applia nce .
Before You Install the S afe@Office Appl iance 86 Check Poi nt Safe@Office User Guide Windows Vi sta Checking the TCP /IP Installation 1. Click Start > Control Panel . Th e Control Panel window appea rs. 2. Under Network and Internet , cli ck View network status and tasks .
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 87 Th e Network Sharing Center scre en appea rs. 3. In the Tasks pan e, click Manage network connections .
Before You Install the S afe@Office Appl iance 88 Check Poi nt Safe@Office User Guide Th e Network Connections scree n appear s. 4. Double- click the Local Area Connection i con.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe @Of fice 89 Th e Local Area Connection Properties window opens. 6. Check if Internet Protoco l Version 4 (TCP/IPv4) appea rs in t he list box and if i t is properly configured w ith the Ethe rnet card installed on y our computer.
Before You Install the S afe@Office Appl iance 90 Check Poi nt Safe@Office User Guide Note: Normally, it is no t recommend ed to assi gn a static IP addres s to your P C but rather to ob tain an IP addres s automati cally.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 91 Th e Network and Dial - up Co nnections window appears. 3. Ri ght - click the icon and select Properties from the pop- up menu that opens. Th e Local Area Connection Properties window appears.
Before You Install the S afe@Office Appl iance 92 Check Poi nt Safe@Office User Gui de 4. In the above w indow, check if TCP /IP appears in the com ponents list and if it is properly configured with the Ethernet card installed on y our computer.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 93 Installing TCP /IP Protocol 1. In the Local Area Connectio n Properties window click Install . Th e Select Network Compo nent Type window appears. 2. Select Protocol and click Add .
Before You Install the S afe@Office Appl iance 94 Check Poi nt Safe@Office User Guide TCP/IP Settings 1. In the Local Area Connectio n Properties window, double- click the Internet Protocol (TCP/IP) com ponent, or select it and c lick Pr operties . Th e Internet Protocol (TCP/IP) P roperties window opens.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 95 Mac O S Use the following procedure for setting up th e TCP/IP Proto col. 1. Choose Apple Menus - > Control Panels - > TCP/IP . Th e TCP/IP window appear s.
Before You Install the S afe@Office Appl iance 96 Check Poi nt Safe@Office User Guide Mac O S -X Use the following procedure for setting up th e TCP/IP Proto col. 1. Choose Apple - > Syste m Prefer ences . Th e System Pre ferences wi ndow appears. 2.
Before You Install the S afe@Office Appl iance Chapter 3 : Installi ng and Setting Up Safe@Office 97 Th e Network window app ears. 3. Click Configure .
Applianc e Installation 98 Check Poi nt Safe@Office User Guide TCP/IP config uration fields appear. 4. Click the C onfigure IPv4 drop -down list, and select Using DHCP .
Applianc e Installation Chapter 3 : Installi ng and Setting Up Safe@Office 99 A pp liance Installation Inst alling Non - AD SL Models To install the S afe@Office a ppliance 1. Verify that you hav e the co rrect cabl e type. For in form atio n, see Ne twork R equire ments on page 61 .
Applianc e Installation 100 Check Poi nt Safe@Office User Guide Inst alling ADSL Mode ls To install the S afe@Office a ppliance 1. Verify that you hav e the co rrect cabl e type. For in formation, see Ne twork Req uiremen ts on page 61 . 2. Connect th e LAN cab le: a.
Applianc e Installation Chapter 3 : Installi ng and Setting Up Safe@Office 101 4. To use the appliance wi th a non- ADSL connection, or with an ex isting ADSL modem, connect an Eth ernet cable: a. Connect one end of the Et hernet ca ble to the appliance' s DMZ/WAN2 port.
Applianc e Installation 102 Check Poi nt Safe@Office User Guide Casca ding Your Appl iance The Safe@ Office appliance protects a ll com puters and network dev ices that are co nnected to its LAN and DMZ ports. I f desired, y ou can incr ease the app liance' s port cap acity by cascading hubs or switches.
Wall Mounti ng the Safe@Off ice Appliance Chapter 3 : Installi ng and Setting Up Safe@Office 103 Connect ing the Appliance to Network Printer s In m odels with a print server, you can connect networ k printers. To connect net work printer s 1. Connect one end o f a USB cable to one o f the appliance' s USB ports.
Wall Mounti ng the Safe@Off ice Appliance 104 C heck Point S afe@Office User Guide 3. Mark two d rill hol es on the w all, in acco rdance wi th the fo llowing sketc h: 4. Drill two 3.5 mm diameter holes, approx imately 25 mm deep. 5. Insert two plastic co nical a nchors into the hole s.
Securing the Safe@Offic e Appliance against Theft Chapter 3 : Installi ng and Setting Up Safe@Office 105 Your Safe@Office appliance is wal l mounted. You ca n now connect it to your computer.
Securing the Safe@Offic e Appliance against Theft 106 Check Poi nt Safe@Office User Guide While thes e parts m ay d iffer between d evices, all loope d security cables inc lude a bolt with knobs, as s.
Setting Up the Safe@Offic e Applia nce Chapter 3 : Installi ng and Setting Up Safe@Office 107 5. Thr ea d the ant i -theft device's pin through the bo lt’s holes, and in sert the pin into the main body of the anti-theft dev ice, as described in the documentation that cam e wi th your device.
Setting Up the Safe@Offic e Appliance 108 Check Poi nt Safe@Office User Guide Logging in to the Safe@Off ice Portal and setting up your password Initial Login t o the Saf e@Office Por tal on page 111 .
Setting Up the Safe@Offic e Appliance Chapter 3 : Installi ng and Setting Up Safe@Office 109 You can a ccess the Se tup Wiz ard at any time after initia l setup, us ing the p rocedu re below. To access t he Setup Wiza rd 1. Click Setup in the m ain menu, and click the Firmware tab.
Setting Up the Safe@Offic e Appliance 110 Check Poi nt Safe@Office User Guide Th e Safe@Office Setup Wizard opens with the Welcom e page disp layed..
Initi al Login to the Safe@Office Portal Chapter 4 : Gettin g S tarte d 111 Chapter 4 This chapter contains a ll the information y ou need in order to get started using y our Safe@Off ice appli ance. Thi s c ha pter includes the following topics: Initial Login to the Sa fe@Of fice Po rtal .
Initi al Login to the Safe@Office Portal 112 Check Poi nt Sa fe@O ffice User Guide The initial login pag e appears. 2. Type a passw ord bo th in the P assword and the Confirm password fields. Note: The password must be f iv e to 25 charact ers (lett ers or numbers).
Initi al Login to the Safe@Office Portal Chapter 4 : Gettin g S tarte d 113 Th e Safe@Office Setup Wizard opens, w ith the Welcom e page disp layed. 4.
Logging in to the Safe@Office Portal 114 Check Poi nt Safe@Office User Guide Logging in to the Sa fe@Office Portal Note: By default, HTT P and HTT PS access to the Safe@Offi ce Porta l is not al lowed from the WLAN, unles s you do one of th e following: • Configur e a specif ic firew all rule to a llow ac cess from t he WL AN.
Logging in to the Safe@Office Portal Chapter 4 : Gettin g S tarte d 115 The login page appea rs. 2. Type your usernam e and password. 3. Click OK ..
Accessing the Safe@Office P ortal Re mot ely Using HTTPS 116 Check Poi nt Safe@Office User Guide Th e Welcome p age app ears. A ccessing the Saf e@Offi ce P ortal Remotely Usin g HTTPS You can a ccess the Sa fe@O ffice Porta l rem otely (fro m the In ternet) throug h HTTPS.
Accessing the Safe@Office P ortal Re mot ely Using HTTPS Chapter 4 : Gettin g S tarte d 117 Note: In order to acces s the Safe@ Office Port al remote ly usin g HTT PS, you must first do b oth of the f ollowing: • Configur e your p assw ord, using H TTP .
Using the Safe@Office Portal 118 Check Poi nt Safe@Office User Guide g. Click OK . Th e Security A lert dialog box reappears. h. Click Yes . Th e Safe @Off ice Portal appear s.
Using the Safe@Office Portal Chapter 4 : Gettin g S tarte d 119 Figure 26 : Safe@Office Portal.
Using the Safe@Office Portal 120 Check Poi nt Safe@Office User Guide Mai n Me nu The main m enu includes the following submenus. Table 27 : M ain Menu Submenus This submenu… Doe s thi s… W elcom e Displays ge neral w elcome info rmation.
Using the Safe@Office Portal Chapter 4 : Gettin g S tarte d 121 This submenu… Doe s thi s… Logout Allows y ou to log out of the Sa fe@Office Portal. Main Fra me The main fram e displays the relevant dat a and controls per taining to the menu and tab you select.
Using the Safe@Office Portal 122 Check Poi nt Safe@Office User Guide This field … Displays this… page 125 . Service Cen ter Displays y our subscri ption s ervices status. Your Ser vice Center m ay offer various su bscript ion serv ices. T hese include the firewall s ervice and optiona l serv ices such as Web Filter ing and Em ail Antiv irus.
Logging Out Chapter 4 : Gettin g S tarte d 123 Logging Out Logging out term inates your administrat ion session. Any subsequent attem pt to connect to the Sa fe@Of fice Po rtal w ill re quire re - entering of the administration password. To log out of the S afe@Office Por tal • Click Logout in the m ain menu.
.
Overvie w Chapter 5 : Configuring the Int ernet Connection 125 Ch apter 5 This chap ter descr ibes how to config ure and wo rk w ith a Safe@ Office I nternet con nection. Thi s c h apter inc lud es the fo llow ing topi cs: Overvi e w .................
Using the Internet Wizard 126 Check Poi nt Safe@Office User Guide You can config ure your Internet connec tion using any of the fo llowing setup tool s: • Setup Wizard . Guides you t hrough the Safe@O ffice appliance se tup step by step. The first part of the S etup Wiza rd is the Internet Wizard.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 127 Configur ing an E therne t - Base d Connect ion on Non - ADSL Models To configure an E thernet - Based connect ion 1. Click Network in the m ain menu, and click the Internet tab.
Using the Internet Wizard 128 Check Poi nt Safe@Office User Guide Th e Internet Connection Method dialog box appears. 4. Select the Internet connection m ethod you want to use for connecting to the Internet. If you are uncerta in regarding w hich connection method to use, co ntact your I SP.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 129 Using a PPPoE Connection If you selected the PP PoE (PPP ov er Ethernet) connection m ethod, the PPP Configuration dialog box appears. 1. Com plete th e fie lds u sing the in f orm ation in the follo wing table.
Using the Internet Wizard 130 Check Poi nt Safe@Office User Guide 3. Click Next . The system attem pts to con nect to the I nternet v ia the s pecified co nnecti on. Th e Connecting… scre en app ears. At the end of the connec tion process the Connected s creen ap pears.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 131 Using a PPTP Connection If you selected the PP TP connection m ethod, the PPP Configuration dialog box appears. 1. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
Using the Internet Wizard 132 Check Poi nt Safe@Office Us er Guide Table 30 : P PTP Connec tion Fields In this fie ld… Do thi s… Username Type your user na me. Password Type y our password. Confirm pa ssword Type y our password ag ain. Service Type y our service nam e.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 133 Using a Static IP Connec tion If you selected the Static I P connection method, the Sta tic IP Configuration dialog box appears. 1. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
Using the Internet Wizard 134 Check Poi nt Saf e@Offi ce User Guide Table 31 : P PPoE Conne ction Fields In this fiel d… Do thi s… IP Address Ty pe the static IP address of your Safe@ Office appliance . Subnet M ask Select the subnet mask that applies t o the stati c IP addre ss of your Safe@Offic e applianc e.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 135 Configur ing an E therne t - Base d Connect ion on ADSL Mod el s Note: In ADSL models, an Et hernet - ba sed conne ction is m ade on the D MZ/ WAN2 port. To configure an E thernet - based c onnection 1.
Using the Internet Wizard 136 Check Point Sa fe@O ffice User Guide Th e Internet Connection Method dialog box appears. 6. Select the Internet connection m ethod you want to use for connecting to the Internet. 7. Click Next . If you chose PPPoE, continue at Using a PPPoE Connection on page 129.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 137 Configur ing a Dir ect ADSL Con nec tion To configure a di rect ADSL connec tion 1. Click Net work in the main m enu, and click the Internet tab. Th e Internet page ap pears.
Using the Internet Wiza rd 138 Check Poi nt Safe@Office User Guide Th e ADSL Configuration Assistant ope ns. 2) I n the Country drop-down list, select y our country.
Using the Internet Wizard Chapter 5 : Configuring the Int ernet Connection 139 If you chose PPPoE o r PPPoA, continue at Using a PPPoE or PPPoA Connection on page 140. If you chose Static I P, continue at Using a Static IP Connection on page 133. If you chose DHCP , continue at Using a D HCP Connection on pag e 134.
Using the Int ernet W izard 140 Check Poi nt Safe@Office User Guide Using a PPPoE or PPPo A Connection If you selected the PP PoE (PPP ov er Ethernet) or PPPoA (PPP ov er ATM) conne ction method, the PPP Configurat ion dialog box appea rs. 1. Compl ete th e f ields u sing the in form ati on in th e fo llo wing table .
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 141 Table 33 : P PPoE Conne ction Fields In this fiel d… Do thi s… Username Type your user na me. Password Type y our password. Confirm pa ssword Type y our password ag ain. Using Internet Se tup Internet Setup allows y ou to m anually configure your I nternet connection.
Using I nternet Set up 142 Check Poi nt Safe@Office User Guide Th e Internet page a ppears. 2. Next to the desired I nternet connection, c lick Edit ..
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 143 Th e Internet Setup pag e appears. 3. Do one of the follow ing: • To c onfigure an ADSL connection u sing the internal A DSL m odem, continue at Configuring a Direct ADSL Connection on page 144.
Using I nternet Setup 144 Check Point Sa fe@O ffice User Guide Configur ing a Dir ect ADSL Con nec tion 1. In the Port drop- dow n list, select ADSL . 2. Do one of the follow ing: • To automatically fill in the suppor ted ADSL setting s for your I SP, do the following: 1) Click Search by countr y an d ISP .
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 145 Using a PPPo A (PPP over ATM) Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup 146 Check Poi nt Saf e@Offi ce User Guide New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@O ffice applian ce attempts to conne ct to the Internet , and the Status B ar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 147 Once the con nectio n is m ade, the Sta tus Bar d isplays t he I nternet statu s “Connect ed”. Using an Eo A (Ethernet o ver ATM) Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup 148 Check Poi nt Safe@Office Us er Guide New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@O ffice applian ce attempts to connect to the I nternet, and the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 149 Using a PPPoE (PPP over Etherne t) Connection 1. Co mp lete the f ields using th e relev ant inform atio n in Intern et Setup F ields on page 168.
Using I nternet Setup 150 Check Poi nt Safe@Office User Guide New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the S tatus B ar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 151 Once the con nectio n is m ade, the Sta tus Bar d isplays t he I nternet statu s “Connect ed”. Using an IPo A (IP over A TM) Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup 152 Check Poi nt Safe@Office User Guide New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 153 Configur ing an E therne t - Base d Connect ion 1. In the Port drop- down list, do one of the fol lowing: • To configure an Ethernet- based connection through the WAN por t, select WAN .
Using I nternet Setup 154 Check Poi nt Safe@Office User Guide Using a L A N Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on pa ge 168.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 155 New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 156 Check Poi nt Safe@Office User Guide Using a Cable Modem Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 157 New fi el ds appear, depen ding on the check boxes y ou selected. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 158 Check Poi nt Safe@Office User Guide Using a PPPoE Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 159 New fields appear, d epending on the check boxes you sele cted. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 160 Check Poi nt Safe@Office User Guide Using a PPTP Connection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 161 New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@O ffice ap pliance attem pts to connect to the Internet, and the S tatus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 162 Check Poi nt Safe@Office User Guide Once the con nectio n is m ade, the Sta tus Bar d isplays t he I nternet statu s “Connect ed”. Using an L2TP Conn ection 1. Com plete th e fie lds u sing the re lev ant in form ation in I nternet Se tup F ields on page 168.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 163 New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@O ffice applian ce attempts to connect to the I nterne t, and the Status Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 164 Check Poi nt Safe@Office User Guide Once the con nectio n is m ade, the Sta tus Bar d isplays t he I nternet statu s “Connect ed”. Using a Telstra (BP A ) Connection Use t his I nternet connection ty pe only if you are subs cribed to Telstra® B igPond™ Internet.
Using Internet Setup Chapter 5 : Configuring the Int ernet Connection 165 New fields appear, d epending on the check boxes you selected. 2. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 166 Check Poi nt Safe@Office User Guide Configur ing a Dia lup Connec tion Note: To use th is connect ion type, y ou must first set up the dialup or cellular mod em.
Using Internet Set up Chapter 5 : Configuring the Int ernet Connection 167 New fields appear, d epending on the check boxes you se le cted. 3. Click Apply . The Safe@ Office appliance attem pts to connect to the I nternet, an d the Sta tus Bar displays th e I nternet status “Establ ishing C onnection ”.
Using I nternet Setup 168 Check Poi nt Safe@Office User Guide Configur ing No Conne cti on 1. In the Port drop- dow n list, select None . The fields d isappea r.
Using I nternet Setup Chapt er 5 : Configuring the Int ernet Connection 169 In this fiel d… Do thi s… Service Ty pe your service name. If your ISP has not pr ovided y ou with a s ervice na me, leave this field empty.
Using I nternet Setup 170 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… When no higher priority conn ection is availab le Select thi s option to specify that the appliance should o.
Using I nternet Setup Chapter 5 : Config uring the Int ernet Connection 171 In this fiel d… Do thi s… IP Address Type t he static IP ad dress of y our Safe@O ffice app liance. Subnet M ask Select t he subnet mask that applies t o the stat ic IP addr ess of your Safe@Offic e applianc e.
Using I nternet Setup 172 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… page 293 . Shape Downstr eam: Link Rate Select thi s option to enable Tr affic S haper for incoming tr affic.
Using I nternet Setup Chapter 5 : Configuring the Int ernet Connection 173 In this fiel d… Do thi s… Not e: W hen conf iguring M AC cl oning for the secondar y Internet connection, the DM Z/ W AN2 por t must be c onfigured a s W AN2; otherwise this field i s disable d.
Using I nternet Setup 174 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Balancing on page 192 . High Availability The High Av ailability area on ly appears in Safe@O ffice <500 PP>.
Using I nternet Setup Chapter 5 : Configuring the Int ernet C onnection 175 In this fiel d… Do thi s… Connectio n Probing Method W hile t he Prob e Next Hop option che cks the avai lability of the.
Setting Up Modems 176 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… 1, 2, 3 If you chose the Ping Addresses connection probing met hod, t ype the IP addresses or DNS nam es of the de sired ser vers.
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 177 See Setting Up an E xpressC ard Cellular Modem on page 185. Sett ing Up an RS2 32 Modem Note: Your RS232 dialup modem and y our Safe@ Office ap pliance' s Serial por t must be configur ed for t he same sp eed.
Setting Up Modems 178 Check Poi nt Safe@Office User Guide 3. Next to Serial , click Edit . Th e Port Setup pag e appears. 4. In t he Assign to Network dro p - down list, select Dialup .
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 179 New fields appe ar. 5. Complete the fields u sing the information i n Dia lup F ields on page 180. 6. Click Apply . 7. To check that that the value s you entered are correct, cl ick Test .
Setting Up Modems 180 Check Poi nt Safe@Office User Guide Table 35 : R S232 Dialu p Field s In this fiel d… Do thi s… Modem T y pe Select the modem ty pe. You can sele ct one o f the pred efined m odem type s or Cust om . If yo u s elect ed Custom , th e Installation String field is enabled.
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 181 Sett ing Up a USB Mode m Warni ng: Before at taching a USB mod em, ensur e that the t otal pow er draw n by all connected U SB device s does not ex ceed 2.5 W per port ( 0.5A at 5V).
S etting Up Modems 182 Check Poi nt Safe@Office User Guide 3. Next to USB , click Edit . Th e USB D evices page ap pears. I f the Safe@ Office a ppliance d etected the m odem, the modem is listed on t he page. If the m odem is not listed, check tha t you connected th e modem correctly , then click Refresh to r efresh th e page.
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 183 Th e USB Modem Setup pag e appears . 5. Complete the fields u sing the information i n USB Dialu p Fie lds on page 184 . 6. Click A pply . 7. To check that that the value s you entered are correct, cl ick Test .
Setting Up Modems 184 Che ck Poin t Safe@O ffice User Guide Table 36 : USB Dialup Fields In this fiel d… Do thi s… Modem T ype Select the modem ty pe. You can sele ct one o f the pred efined m odem type s or Cust om . If yo u s elect ed Custom , th e Installation String field is enabled.
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 185 In this fiel d… Do thi s… PIN Type the P ersonal Iden tificat ion Number (PIN) code that y ou received with y our cellular S IM card, if r equired by your mod em. The PIN code is usual ly 4 digit s long.
Setting Up Modems 186 Check Poi nt Safe@Office Us er Guide Th e P orts page ap pears. 3. Next to ExC , click Edit . Th e USB D evices page ap pears. I f the Safe@ Office a ppliance d etected the m odem, the modem is listed on t he page.
Setting Up Modems Chapter 5 : Configuring the Int ernet Connection 187 The Cellular Modem Setup p age appea rs. 5. Complete the fields u sing the information i n USB Dialu p Fie lds on page 184 . 6. Click Apply . 7. To check that that the value s you entered are correct, cl ic k Test .
Viewing Internet Connection Information 188 Che ck Poin t Safe@O ffice User Guide Viewing Internet Connection Information You can view info rmation on your I nternet connection(s) in term s of status, durati on, and activ ity. To view Internet c onnection infor mation 1.
Viewing Internet Connection Information Chapter 5 : Configuring the Int ernet Connection 189 Table 37 : Internet Page Fields Fiel d Descri pti on Status Indicates th e conne ction’s st atus.
Enabling/Disabl ing the Internet Connection 190 Check Poi nt Safe@Office User Guide Enabling/Disabling the Internet Connect ion You can temporar ily disab le an Internet connection. This is useful if, for example, you are going on v acation and do not wan t to leave your com puter connected to the I nternet.
Configuring a Backup Internet Connection Chapter 5 : Configuring the In ternet Connection 191 Configuring a Backup Internet Connection You can config ure both a prim ary and a secondary I nternet connection.
Configuring WAN Load Balancing 192 Check Poi nt Safe@Office User Guide Configuring WA N Loa d Balancing If your network is prone to congestion, f or example in large offices which in clude m ultiple active cl ients and/o r servers , you can incre ase the am ount of availabl e bandwid th by config uring WAN lo ad bal ancing.
Configuring WAN Load Balanc ing Chapter 5 : Configuring the Int ernet Connection 193 ensure full utilizat ion of both I nternet connections, the ratio between the con nections' load balancing weights shou ld reflect the ra tio between the connecti ons' bandwidths.
.
Configuring Network Sett ings Chapter 6 : Managing Your Network 195 Chapter 6 This chap ter descr ibes how to man age and con figure y our network connection and settings. This ch apter in clud es the fo llow ing topics: Con figuri ng Ne twor k Sett in gs .
Configuring Network Sett ings 196 Check Poi nt Safe@Office User Guide Configur ing the LAN Networ k To configure the LA N network 1. Click Network in the m ain menu, and click the My Net work tab . Th e My Networ k page app ears. 2. Click Edit in the LAN netw ork’s row.
Configuring Network S ettings Chapter 6 : Managing Your Network 197 Th e Edit Network Settings p age for the LAN network app ears. 3. In the Mode drop - dow n list, select En abled . The fields a re enab led. 4. If desired, change y our Saf e@Office ap plianc e’s inte rnal I P address.
Configuring Network Sett ings 198 Check Poi nt Safe@Office User Guide Changing I P Addr esses If desired, y ou can ch ange y our Safe@O ffice app liance’s internal I P addre ss, or the en tire range of IP addresses in your interna l network. To ch ange IP addr esses 1.
Configuring Network Sett i ngs Chapter 6 : Managing Your Network 199 Your computer obtain s an IP address in the new range. • Otherwise, manually reconf igure your compute r to use the new address range using the TCP/I P settings. For inform ation on configuring TCP/IP, see TCP/IP Settings on page 94.
Configuring Network Sett ings 200 Check Poi nt Safe@Office User Guide Configur ing a DHCP Se rve r By defaul t, the Sa fe@Offic e appliance o perat es as a D HCP (Dy namic Hos t Conf igur at i on Protocol ) server.
Configuring Network Sett ings Cha pter 6 : Managing Your Network 201 Enabling/Dis abling the Safe @Office DH CP Server You can e nable an d disab le the S afe@ Offic e DHC P Se rver fo r inte rnal ne twork s. To en able/disable th e Safe@ Office DH CP serv er 1.
Configuring Network Sett ings 202 Check Poi nt Safe@Office User Guide Configuring the DHCP Address Range By defaul t, the Sa fe@Offic e DHCP serv er autom atically sets the DHC P addre ss rang e. The DHC P address range is the rang e of IP add resses t hat the DHC P server ca n assig n to network dev ices.
Configuring Network Sett ings Chapter 6 : Managing Your Network 203 Th e DHCP IP range fields a ppear. 2) I n the DHCP IP ra nge f ields, type the desired D HCP ran ge. 4. Click Apply . A warning messag e appear s. 5. Click OK . A success m essag e appears 6.
Configuring Network Sett ings 204 Check Poi nt Safe@Office User Guide Configuring DHCP Rel ay You can config ure DHCP relay for in ternal networks. Note: DHCP relay w ill not work if t he applia nce is lo cated behi nd a NAT dev ice. To configure DHC P relay 1.
Configuring Network Sett ings Chapter 6 : Managi ng Your Network 205 Th e Aut omatic DHCP range check box is d isabled, an d new fi elds appear . 4. In the Prim ary DHCP Server IP field, type the I P address of the p rimary D HCP server.
Configuring Network Sett ings 206 Check Poi nt Safe@Office User Guide Configuring DHCP Server Options If desired, you can co nfigure the following custom DHCP opti ons for an internal n et wor k: • .
Configuring Network Sett ings Chapter 6 : Managing You r Net wor k 207 Th e DHCP Server Options p age appea rs. 4. Com plete th e fie lds u sing the re lev ant in form ation in t he fo llow ing tab le.
Configuring Network Sett ings 208 Check Poi nt Safe@Office User Guide New fields appear, d epending on the check boxes you selected. 5. Click Apply . 6. If your com puter is configured to ob tain its IP address automatically (using DHCP), restart your c omputer.
Configuring Network Sett ings Chapter 6 : Managing Your Netw ork 209 Table 38 : DHC P Server Options Fields In this fiel d… Do thi s… Domain Nam e Ty pe a default do main suffix that sh ould be pa ssed to DHC P clients . The DHC P client w ill automati cally appe nd the doma in suffix for the resolving of non - ful ly qualifi ed names.
Configuring Network Sett ings 210 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Automati cally assign default g ateway Clear this option if you do no t w ant the DHCP serv er to pa ss the current gat eway IP address t o DHCP clients as the d efault g atew ay's IP address .
Configuring Network Sett ings Chapter 6 : Managing Your Network 211 In this fiel d… Do thi s… Nortel IP P hone To enable Nortel IP phones to receive their co nfigurat ion, type the phone's confi guration stri ng. Thomson IP Phone To enable Thomson I P phone s to rece ive their c onfigurat ion, ty pe the p hone's confi guration string.
Configuring Network Sett ings 212 Check Poi nt Safe@Office User Guide Th e Ports page ap pears. 3. Next to the DMZ/WAN2 por t, cli ck Edit ..
Configuring Network Sett ings Chapter 6 : Managing Your Network 213 Th e Port Setup pag e appears. 4. In the Assign to netw ork drop - down list, select DMZ . 5. Click Apply . A warning messag e appear s. 6. Click OK . 7. Click Network in the m ain menu, and click the My Net work tab .
Configuring Network Sett ings 214 Check Poi nt Safe@Office User Guide Note: The DMZ netw ork must not ov erlap other netw orks. 11. I n the Subnet Mask dr op -down list, select the DMZ ’s internal network range. 12. I f desired, enab le or disa ble Hide N AT.
Configuring Network Sett ings Chapter 6 : Managing Your Network 215 Note: OfficeMode requires either Check Point SecureC lient, an L2T P clien t, or an Endpoint Con nect clie nt to be installed on the VPN client s. It is not support ed by Check Poin t SecuRemot e.
Configuring Network Sett ings 216 Check Poi nt Safe@Office User Guide Configur ing VLA Ns Your Safe@Office appliance allows y ou to partition your ne twork into sev eral virtual LAN networks (VLANs ). A VLAN is a logical network be hind the Safe@Of fice appliance.
Configuring Network Sett ings Chapter 6 : Managing Your Network 217 The Safe@ Office appliance supports the follow ing VL AN typ es: • Tag - based In t a g -based V LAN y ou use one of the gateway ’s ports as a 802.1Q VLAN trunk , connecting the appl iance to a VLAN- aware sw itch.
Configuring Network Sett ings 218 Check Poi nt Safe@Office User Guide • Port - based Port - based VLA N allows assign ing the app liance' s LAN po rts to VLAN s, effec tively transform ing the app liance' s four - port switch into up to fou r firewa ll - isolated s ecurity zones.
Configuring Network Sett ings Chapter 6 : Managing Your Network 219 • Wireless Distribution System (WD S) links In w ireless Safe@ Office m odels, y ou can exte nd the p rimary WL AN's cov erage area, by creating a Wirele ss Dist ribution Sy stem (WDS).
Configuring Network Sett ings 220 Check Poi nt Safe@Office User Guide Adding and Editing Port - Based VLANs To add or edit a p ort - based VL A N 1. Click Network in the m ain menu, and click the My Net work tab . Th e My Networ k page app ears. 2. Do one of the follow ing: • To add a VLAN, click Add Network .
Configuring Network Sett ings Chapter 6 : Managing Your Network 221 5. In the Mode drop -down list, se lect En abled . The fields a re enab led. 6. In the IP Address field, ty pe the IP address o f the VLAN network 's default gateway . Note: The VLAN network mu st not over lap other networ ks.
Configuring Network Sett ings 222 Check Poi nt Safe@Office User Guide Adding and Editing Tag - Based VLANs To add or edit a ta g - base d VL AN 1. Click Network in the m ain menu, and click the My N etwo rk t ab. Th e My Networ k page app ears. 2. Do one of the follow ing: • To add a VLAN, click Add Network .
Configuring Network Sett ings Chapter 6 : Managing Your Network 223 A warning messag e appear s. 12. Clic k OK . A success m essag e appears. 13. Clic k Network in the m a in menu, and click the Ports tab . Th e Ports page ap pears. 14. I n the DMZ/W AN2 drop- down list, select VLAN Trunk .
Using the Internal DNS Server 224 Check Poi nt Safe@Office User Guide 5. Click OK . Th e VLA N is d elet ed. Using the Internal DNS Ser v er Th e Sa fe@Office appliance include s an intern al DNS s erver, whi ch can reso lve DN S names for ho sts de fined as network o bjects.
Using the Internal DNS Server Chapter 6 : Managing Your Network 225 Enabli ng the Int ernal DNS Serve r To en able the int ernal DN S server 1. Click Setup in the m ain menu, and click the DNS Server tab. Th e DNS S erver page app ears. 2. Select the Enable t he Interna l DNS Ser ver check box.
Using the Internal DNS Server 226 Check Poi nt Safe@Office User Guide Th e Domain Name Suffix f ield appea rs. 3. In the Domain Name Suffix field, ty pe the desired dom ain name suffix.
Using Network Objects Chapter 6 : Managing Your Network 227 Using Ne twork Objects You can add individu al com puters or networks as netw ork objects. This enab les you to configure various s ettings for the compute r or network represente d by the network object.
Using Network Objects 228 Check Poi nt Safe@Office User Guide DHC P reservat ion , and it i s useful if you are hosting a public I nternet server on your network. • Web Filtering enforcement You can specify w hether or not to enfor ce the Web Filt ering service and Web r ules for the netwo rk ob ject.
Using Network Objects Chapter 6 : Managing Your Network 229 Adding and Editing N etwor k Object s You can add or ed it network objects via: • Th e Network Objects page This page enables you t o add both indiv idual computers and netwo rks. • Th e My Computers page This pag e enables y ou to ad d only ind ividual com puters as n etwork objects.
Using Network Objects 230 Check Poi nt Sa fe@O ffice User Guide 2. Do one of the f ollow ing : • To add a network object, click New . • To edit an existing network object, click the Ed it icon next to the d esired computer in the lis t. Th e Safe@Office Network Object Wi zard opens, w ith the Step 1: Network Object Type dialog box display ed.
Using Network Objects Chapter 6 : Managing Your Network 231 Th e Step 2: Computer Detail s dialog box appea rs. If you chose Sin gle Computer , the dialog box includes the Reserve a fixe d IP addr ess for this computer option. If you chose Network , th e dialog box does not include this option.
Using Network Objects 232 Check Poi nt Safe@Office User Guide Th e Step 3: Save dialog box appears. 7. Type a nam e for the network object in the field. 8. Click Finish . To add or edit a n etwork object via the My Computers page 1. Click Reports in the main menu, and click the My Computers tab.
Using Network Objects Chapter 6 : Managing Your Network 233 Th e My Computers page appear s. If a com puter has n ot yet be en added as a network obje ct, the Add bu tton appears next to it. If a com puter has already been add ed as a network object, the Edit button appears next to it.
Using Network Objects 234 Check Poi nt Safe@Office User Guide The com puter's I P address and MAC ad dress are autom atically fi lled in. 5. Complete the fields u sing the information i n the tables below. 6. Click Next . Th e Step 3: Save dialog box appears with the netwo rk object's nam e.
Using Network Objects Chapter 6 : Managing Your Network 235 In this fiel d… Do thi s… Exclude thi s computer from 802.1x Port Sec urity Select thi s option to exclude t his com puter from 802.
Using Network Objects 236 Check Poi nt Safe@Office User Guide Table 40 : Netw ork Obje ct Fields for a Ne twork In this fiel d… Do thi s… I P Range Type t he range of loc al compu ter IP addre sses in th e networ k.
Configurin g Network Servic e Objects Chapter 6 : Managing Your Network 237 Viewi ng and Del eting Ne twork Obj ects To view or delete a network object 1. Click Network in the m ain menu, and click the Network Object s tab. Th e Network Objects page a ppears wi th a list o f network objects.
Configuring Network Servic e Objects 238 Check Poi nt Safe@Office User Guide Adding and Editing N etwor k Servic e Objec ts To ad d or edit a net work serv ice object 1. Click Network in the m ain menu, and click the Network Ser vices tab. Th e Network Ser vices pag e appea rs with a l ist of netwo rk serv ice object s.
Configuring Network Servic e Objects Chapter 6 : Managing Your Network 239 Th e Safe@Office Network S ervice Wizar d opens, with the S tep 1: Network S ervice Details dialog box displaye d. 3. Complete the fields u sing the information i n the table below.
Configuring Network Servic e Objects 240 Check Poi nt Safe@Office User Guide 6. Click Finish . Table 41 : N etwo rk Servic e Fields In this fiel d… Do thi s… Protocol Select the netw ork servic e's IP proto col. If you select Other , the Prot ocol N umber field app ears.
Using St atic Routes Chapter 6 : Managing Your Network 241 Using S tatic Routes A static rou te is a se tting th at explici tly speci fies the route to us e for pa ckets, acco rding to one of the fo l.
Using St atic Routes 242 Check Poi nt Safe@Office User Guide Th e Static Routes pag e lists all existing routes, includin g the def ault, and in dicates whether each rou te is curr ently "Up " (reachab le) or n ot. Adding and Editing St ati c Routes T o add a static r oute 1.
Using St atic Routes Chapt er 6 : Managing Your Network 243 Th e Static Route Wizard open s di spl ayi ng t he Step 1: Sour ce and Destination dia log box. 3. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le. 4. Click Next .
Using St atic Routes 244 Check Poi nt Safe@Office User Guide 6. Click Next . The new s tatic rou te is sav ed. Table 42 : Static Route Fields In this fiel d… Do thi s… Source Specify the source netw ork (sour ce r outing) . This can be either of the following: • ANY .
Using St atic Routes Chapter 6 : Managing Your Network 245 In this fiel d… Do thi s… Nex t Hop IP Specify t he nex t hop to which packets shoul d be sent. This c an be any of t he following: • Sp ecified IP . T raffic matchin g this st atic rou te's crite ria will be routed to a specific gatew ay .
Managing Ports 246 Check Poi nt Safe@Office User Guide Managing Ports The Safe@ Office appliance enables y ou to quick ly and eas ily assig n its por ts to di fferent uses, as shown in the following table. I f desired, you can also d isable ports. Table 43 : Ports and A ssignments You can a ssign this port.
Managing Ports Chapter 6 : Managing Your Network 247 You can a ssign this port... To t hese u ses.. . USB Printers USB - based modems The Safe@ Office appliance also allow s you to re strict each port to a specifi c link speed and duplex setting and to configure i ts security schem e.
Managing Ports 248 Check Poi nt Sa fe@O ffice User Guide Th e Ports page appear s. In non- A DSL mo dels, this pag e appears as follows:.
Managing Ports Chapter 6 : Managing Your Network 249 In AD SL models, th is page app ears as f ollows: The page display s the inform ation for each port, as described in the following tab le. 2. To refresh the disp lay, clic k Refr esh . Table 44 : Ports Fields This field … Displays… Assign To The port's curren t assignm ent.
Managing Ports 250 Check Poi nt Safe@Office User Guide This field … Displays… Status The port's curren t statu s. Ethernet por ts can have the fol lowing sta tuses: Status Descri pti on The detected lin k speed and du plex ( Full Duplex or Half Duplex ) The port i s in use.
Managing Ports Chapter 6 : Managing Your Network 251 This field … Displays… The ADS L port can have the follow ing statuse s: Status Descri pti on Sync OK The AD SL modem synchr oniz ed with the ADSL servic e provi der. No Sync The ADS L modem fail ed to sy nchronize w ith the ADSL service prov ider.
Managing Ports 252 Check Poi nt Safe@Office User Guide This field … Displays… The USB port can hav e the fol low ing statuses: Status Descri pti on Connec ted (num ber) USB devices (pri nters or modem) ar e connected to the USB ports. T he number of connected d evices ap pears in parenthes es.
Managing Ports Chapter 6 : Managing Your Network 253 This field … Displays… 802.1x The port' s security scheme. T his can be a ny of th e follow ing: Scheme Descri pti on N/A No security sch eme is def ined for the port. Unaut horized An 802.
Managing Ports 254 Check Poi nt Safe@Office User Guide Modify ing Port A ssignm ents You can assig n ports to different network s or purposes. Since modifying port assignm ents often requires add itional configurations, use the following table t o determine whic h procedure you shou ld use.
Managing Ports Chapter 6 : Managing Your Network 255 To assig n a port to ... See. .. An ExpressCard mode m Setting Up a n ExpressCard Cellular M odem on page 185 To modify a por t assignment 1. Click Network in the m ain menu, and click the Ports tab.
Managing Ports 256 C heck Point S afe@Office User Guide • To disa ble th e Se rial po rt, s elec t Disable d . 4. Click Apply . A warning messag e appear s.
Managing Ports Chapter 6 : Managing Your Network 257 Reset ting Port s to Defa ults You can reset the S afe@Offic e appliance' s por ts to the ir defaul t link conf iguration s ("Automatic Detection" ) and default assignm ents (shown in the f ollowing ta ble) .
Managing Ports 258 Check Poi nt Safe@Office User Guide Rese tting All Ports to Defaul ts To reset al l ports to defaults 1. Click Network in th e m ain m enu, and click the Ports tab. Th e Ports page ap pears. 2. Click Default . A confirm ation m essage appear s.
Overvie w Chapter 7 : Using Bridges 259 Chapter 7 This chap ter descr ibes how to connec t multip le netwo rk segm ents at the d ata - link lay er, using a bridge. Thi s chapter includes the following topics: Overvi e w ...............................
Overvie w 260 Check Poi nt Safe@Office User Guide If you enable the f irewall b etween br idged ne twork se gments, the g ateway operat es as a regular firewall be tween network seg ments, inspecti ng traffic and dropping or blocking unauthoriz ed or unsafe traffi c.
Overvie w Chapter 7 : Using Bridges 261 For example, if you a ssign the LAN and primary WLA N networks to a bridge an d disable the bridg e's internal firewall, the two network s will act as a si.
Overvie w 262 Check Poi nt Safe @Offi ce User Guide • Transparent roaming In a routed network, i f a host is phy sically m oved from one network area t o another, then the host m ust be config ured with a new IP addres s.
Overvie w Chapter 7 : Using Bridges 263 How Does Bridge Mode W ork? Bridges op erate at layer 2 of th e OSI model, the refore adding a bridg e to an ex isting network is com pletely transparent and doe s not require any changes to the network's st ruc tur e .
Overvie w 264 Check Poi nt Safe@Office User Guide Multip le Br idges and Spanning Tree Protocol When using m ultiple bridges, you can enable fault tole rance and optim al packet routing, by configuring Spanning Tree Protocol (STP - IEEE 802.
W ork fl ow Chapter 7 : Using Bridges 265 Workflow To use a bridge 1. Add a bridge. See Ad ding and Ed iting Bridges on page 266 . 2. Add the desired inte rnal network s to the bridge. See Adding In ternal Networks to Br idges on page 270 . 3. Add the desired I nternet connections to th e bridge.
Adding and Editing Bridges 266 Check Poi nt Safe@Office User Guide For inform ation on adding security rules, see Adding and E diting Rules on pa ge 40 4 . For inform ation on adding VStream A ntivirus rules, se e Adding and Editing V stream Antiv irus Rule s on pa ge 512.
Adding and Editing Bridges Chapter 7 : Using Bridges 267 Th e Bridge Configuration pag e appears. 3. Com plete the fi e lds us ing t he fo llow ing tab le.
Adding and Editing Bridges 268 Check Poi nt Safe@Office User Guide Table 47 : Bridge Configuration Field s In this fiel d… Do thi s… Networ k Name Type a name f or the br idge. Firewall Bet ween M embers Specify w hether the firewall should be enab led between networks o n this bridg e, by sel ecting o ne of the fol lowing: • Enabled.
Adding Internal Networks to Bridges Chapter 7 : Using Bridges 269 In this fiel d… Do thi s… Bridge Priority Select thi s bridge' s priority. The bridge' s priority is comb ined w ith a bridged ne twork' s MAC address to cr eate the bridge's ID.
Adding Internal Networks to Bridges 270 Check Poi nt Safe@Office User Guide A dd ing Int ernal Net w or ks to B rid ges Note: In order to add a V LAN of any type (por t - based, tag - based, VAP, or W DS link) to the brid ge, you mu st first create the d esired VLAN .
Adding Internal Networks to Bridges Chapter 7 : Using Bridges 271 New fields appe ar. 4. Com plete these fields as described b elow..
Adding Internal Networks to Bridges 272 Check Poi nt Safe@Office User Guide If the assigned br idge uses STP, addi tional fields appe ar. 5. Click Apply . A warning messag e appear s. 6. Click OK . A success m essag e appears. In the My Network page, the internal network appears indented und er the bridge.
Adding Internal Networks to Bridges Chapter 7 : Using Bridges 273 Table 48 : Bridged Network Fields In this fiel d… Do thi s… Ass ign to Bri dge Selec t the bri dge to w hich the netw ork shoul d be assigned. Bridge Anti - S poofing Select thi s option to enable anti - spoofi ng.
Adding I nternet Connections t o Bridges 274 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Spanning T ree Protoc ol - Por t Priority Select the port's pri ority. The port' s priority i s combin ed w ith the port's lo gical num ber to create the port's ID .
Adding I nternet Connections t o Bridges Chapter 7 : Using Bridges 275 This opti on is avai lable in ADSL m odels on ly. • To use the WAN port, sele ct WAN . This opti on is avai lable in n on - ADSL models only. • To use the DMZ /WAN 2 port, sel ect WAN2 .
Adding I nternet Connections t o Bridges 276 Check Poi nt Safe@Office User Guide 6. Com plete th e re st of the fi elds using th e relev ant infor ma tion in Internet Setup Field s on pa ge 168. New fields appear, d epending on the sele cted options, and whe ther the selected br idge uses STP.
Adding I nternet Connections t o Bridges Chapter 7 : Using Bridges 277 Table 49 : Bridged Connection Fields In this fiel d… Do thi s… Bridge M ode Select this optio n to co nfigure a B ridged PPPoA co nnect ion . The Br idge To field appe ars. This field i s relevant for Bri dged PPPoA connecti ons only .
Deleting Bri dges 278 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Spanning T ree Protoc ol - Por t Priority Select the por t's priority. The port' s priority i s combin ed w ith the port's lo gical num ber to create the port's ID .
Deleting Bri dges Chapter 7 : Using Bridges 279 2. Remove all I nternet connections from the bridge, by doing the followi ng for each connection: a. Click Network in the m ain m enu, and click the In tern et tab. Th e Internet page a ppears. b. Next to the desired Internet connection, click Edit .
.
Overvie w Chapter 8 : Configuring High Availability 281 Chapter 8 This chapter descr ibes how to configur e High Av ailability (HA) for two or m ore Safe@Off ice appli ances. This ch apter in clud es the fo llow ing topics: Overvi e w ................
Overvie w 282 Check Poi nt Safe@Office User Guide 4. When a g ateway tha t was o ffline com es back online, o r a gateway 's p riority changes, t he gateway sends a heartbea t notify ing the ot her gateway s in the cl uster . If the g ateway' s priority is now the h ighest, i t becom es the Activ e Gateway .
Overvie w Chapter 8 : Configuring High Availability 283 Note: To us e a W AN virt ual IP addre ss, the Internet connect ion metho d must be "Static IP".
Configuring High A vailability on a Gateway 284 Check Poi nt Safe@Office User Guide Configuring High Av ailability on a Gatew ay The following proc edure explains how to configure HA on a single gateway. Y ou m ust perform this procedu re on each Safe@O ffice appliance that y ou want to include in the HA cl uster .
Configuring High A vailability on a Gateway Chapter 8 : Configuring High Availability 285 The fields are enab led. 4. Next to each network for which you wan t to enable HA, select the HA c heck box. Th e Internet - Primary field represen ts the WAN interfac e, and the Internet - Secondary field represe nts the WAN2 interf ace.
Configuring High A vailability on a Gateway 286 Check Poi nt S afe@O ffice User Guide This can be any unuse d IP address in the ne twork, and m ust be the same for all gateway s.
Configuring High A vailability on a Gateway Chapter 8 : Configuring High Availability 287 Table 50 : H igh A vailabil ity Page Field s In this fiel d… Do thi s… Priority My Priority Type the gatew ay' s priority. This must b e an integer betw een 1 and 255.
Configuring High A vailability on a Gateway 288 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… When in passive state Disable VPN Select thi s option t o specif y that VP N connectiv ity shou ld be disa bled when the gat eway is a Passive G ateway .
Sample Im plementation on Two Gat eways Chapter 8 : Configuring High Availability 289 In this fiel d… Do thi s… Group ID If multiple HA clu sters ex ist on the same netw ork segment, t ype the ID number of the cluster to which the gatew ay shoul d belong.
Sample Im plementation on Two Gat eways 290 Check Poi nt Safe@Office User Guide The procedure below shows how to configure HA for both the LAN and DMZ networks. The synch ronizat ion inter face is the D MZ netwo rk, the LAN v irtual I P address is 192.
Sample Im plementation on Two Gat eways Chapter 8 : Configuring High Availability 291 Gateway A will reduce its priority by 30, if its secondary Internet connection g oes down. l. Click Apply . A success m essag e appears. 6. Do the following on Ga teway B : a.
Sample Im plementation on Two Gat eways 292 Check Poi nt Safe@Office User Guide.
Overvie w Chapter 9 : Using T raffic Shaper 2 93 Chapter 9 This chapter descr ibes how to use Traffic Shaper to contro l the flow of comm unication to and from y our network. This ch apter in clud es the fo llow ing topics: Overvi e w ................
Overvie w 294 Check Poi nt Safe@Office User Guide Each class has a bandw idth limit, wh ich is the maximum amount of bandwidth th at connectio ns belon ging to th at class m ay use tog ether.
Setting Up Traffic Shaper Chapter 9 : Using T raffic Shaper 295 Setting Up Traffic Shaper To set up Traffic Shaper 1. Enable Traffic Shape r for the Internet conn ection, using the procedure Usin g Internet S etup on pag e 141. You can enable Traffic Shaper for incom ing or outgoin g connections.
Predefined QoS Classes 296 Check Poi nt Safe@Office User Guide Shaper will handle ou tgoing VPN traffic as specified i n the bandwidth pol icy for the Urgent cl ass. See Adding and Ed iting Rules on pa ge 404. Note: Traffic Shaper must be enable d for the directi on of traff ic spec ified in the r ule.
Adding and Editing Classes Chapter 9 : Using T raffic Shaper 297 Class Weigh t Delay S ensitivity Useful for Urgent 15 High (Interactive Traffi c) Traffic th at is highly sensitiv e to del ay. For example, IP telephony , videoc onferencing, and interactive protocol s that re quire quick user response, such as tel net.
Adding and E di t ing C la ss es 298 Check Poi nt Safe@Office User Guide A dd ing and Editing Classes To add or edit a QoS class 1. Click Network in the m ain menu, and click the Traffic Shaper tab. Th e Quality of S ervice Cl asses pag e appears. 2. Clic k Add .
Adding and Editing Classes Chapter 9 : Using T raffic Shaper 299 Th e Safe@Office QoS Class E ditor wizard opens, with t he Step 1 of 3: Quality of Ser vice Parameter s dialog box displ ayed. 3. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le.
Adding and Editing Classes 300 C heck Point S afe@Office User Guide Note: Traffic Sha per may not enfor ce guarant eed rate s and r elative weigh ts for incoming tra ffic a s accurately as for out going tra ffic.
Adding and Editing Classes Chapter 9 : Using T raffic Shaper 301 Table 53 : Q oS Class F ields In this fiel d… Do thi s… Re lative Weight Type a v alue indicati ng the c lass's imp ortance rela tive to the other d efined classe s.
Viewing and Deleting Class es 302 Check Poi nt S afe@O ffice User Guide In this fiel d… Do thi s… Incoming Traffic: Limit rat e to Select thi s option to limit the r ate of incoming tr affic b elonging to this class. Then ty pe the max imum rate (i n kilobits/ second) in the fiel d provided.
Restoring Traff ic Shaper Defaults Chapter 9 : Using T raffic Shaper 303 Restoring Traffic Shaper Defaults If desired, you can r eset the Traffic Shap er bandwidth policy to use the four predefined classes, an d resto re these c lasses to their def ault set tings.
.
Overvie w Chapter 10 : Working with Wireless Networks 305 Chapter 10 This chapter des cribes ho w to con figure w ireless in ternal netw orks. This ch apter in clud es the fo llow ing topics: Overvi e w ................................................
Overvie w 306 Check Poi nt Safe@Office User Guide compatible stations. For more inform ation on the Super G m ode refer to: http://www.super- ag.com . Safe@Off ice wireless app liances t ransmit in 2.4GHz range, using dua l diversity antennas to increase the rang e.
Overvie w Chapter 10 : Working with Wireless Networks 307 Virt ual Acces s Points The Safe@ Office appliance enables y ou to pa rtition the primary WLAN int o virtua l access points (VA Ps). A VAP is a logical wir eless netw ork beh ind the Safe@ Offic e appli ance and is a type of VLAN ( see Configuring VLANs on page 216).
Overvie w 308 Check Poi nt Safe@Office User Guide different access poin t, you can bridg e the two network segments ov er WDS links. The network seg m ents will com municate wi th each o ther wire lessly v ia their ac cess po ints and act as a single netwo rk.
Overvie w Chapter 10 : Working with Wireless Networks 3 09 When used together w ith bridge m ode and Spanning Tr ee Protocol (S TP), you can use WDS links to create redundant topo logies, such as a loop or m esh of linked acc ess poin ts.
Overvie w 310 Check Poi nt Safe@Office User Guide Note: M esh topology is only suppor ted in Safe@ Office 500W. You can config ure up to sev en WDS links, in addition to the p rimary WLAN . For information on con figuring WDS link s, see Co nfi g uri ng W DS L in ks o n pa ge 338.
Overvie w Chapter 10 : Working with Wireless Networks 311 Networ k Count Li mitat io ns You can config ure a total of eight w ireless objects, inc luding any com bination of the following: • The pri.
Overvie w 312 Check Poi nt Sa fe@O ffice User Guide Security Protocol Descri pti on WEP encryption In the W EP ( Wired Equiv alent Privacy) encry ption se curity method, w ireless stations mu st use a pr e - share d key to co nnect to y our netw ork. This method is not re commended, du e to k nown security flaws in the W E P protocol.
Overvie w Chapter 10 : Working with Wireless Networks 313 Security Protocol Descri pti on recommende d for sit uations wher e you want to authent icate w ireless stat ions, and to en crypt the tr ansmitte d data. Note: To use this security method, y ou must fir st conf igure eit her a R ADIUS server th at support s 802.
Configuring W ireless Networks 314 Check Poi nt Safe@Office User Guide Note: For increased secur ity, it is recommende d to enab le the Saf e@Office i nternal VPN Serv er for users connecti ng from your internal networ ks, and to i ns tall SecuRemote /SecureCli ent/L2 TP/Endpoint C onnect o n each comput er in the w ireless network.
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 315 Th e Wireless Configuration Wizard opens, with the Wireless Configuration dialog box displayed . 5. Select the Enable wir eless n etworking check box to ena ble the pr imary WL AN.
Configuring W ireless Networks 316 Check Poi nt Saf e@Offi ce User Guide 8. Th e Wireless Se curity dialo g box appears. 9. Do one of the follow ing: • Click WPA - P ersonal to use the WPA - Personal secu rity mod e. WPA - Person al (also called WPA - PSK) uses a passph rase for au thentica tion.
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 317 10. Do one of t he following: • To bridge the LAN an d WLAN network s so that they appear as a single unified network, click Bridge Mode .
Configuring W ireless Networks 318 Check Poi nt Safe@Office User Guide Do the following: 1. In the text box, ty pe the passphrase for acc essing the network , or click Random to randomly generate a passphrase. This must be between 8 and 63 chara cters.
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 319 4. Th e Wireless Se curity Com plete dialog box a ppears. 5. Click Finish .
Configuring Wi reless Networks 320 Check Poi nt Safe@Office User Guide WEP If you chose WEP , the Wirel ess Configuration - WEP dialog box appears. Do the following: 1. Choose a WEP key length. The possib le key lengths ar e: • 64 Bits - The k ey length is 10 hexadec imal cha racters.
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 321 4. Click Next . Th e Wireless Se curity Com plete dialog box a ppears. 5. Click Finish . The wizard closes. 6. Prepare the wireles s station s. No Securit y Th e Wireless Se curity Com plete dialog box a ppears.
Configuring W ireless Networks 322 Check Poi nt Safe@Office User Guide Th e Edit Network Settings p age appea rs. The fields that app ear depend on the hardwa re type.
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 323 10. Com plete the fields using the in formation in Basi c Wirele ss Setting s Fields on page 324. 11. To config ure advanced setting s, click Show Advanced Settings and complete the fields using the information in Adv anc ed Wi rele ss Set ti ngs Fi eld s on p age 329.
Configuring W ireless Networks 324 Check Poi nt Safe@Office User Guide 13. Clic k OK . A success m essag e appears. Note: Some wireless card s have "Infr astruct ure" and "Ad - h oc" mod es. The se modes are also cal led "Ac cess Point " and "Peer to Peer ".
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 325 In this fiel d… Do thi s… • 802.11g Super (54/108 Mb ps). Operates in t he 2.4 GHz range, an d offer s a max imum theoreti cal r ate of 108 M bps. When using t his mode, 802.
Configuring W ireless Networks 326 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… • A specific chan nel. The li st of channel s is depe ndent on the selected c ountry and o peratio n mode. Note: If there is another w ireles s network in the vic inity, the tw o netw orks may interf ere with one another .
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 327 In this fiel d… Do thi s… Authentic ation Server Specify w hich authent ication s erver to u se, by sel ecting one of the following: • RADI US. A RADIUS server . • In ternal User Datab ase.
Configuring W ireless Networks 328 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… WEP Keys If yo u sel ect ed WEP encr yption , you must conf igure at l east on e WEP key . The w ireless station s must be configure d with the same key, as well.
Configuring W ireless Networks Chapter 10 : Working with W irele ss Networks 329 Table 56 : Advanced W irel ess Setting s F ield s In this fiel d… Do thi s… Advanced S ecurity Hide the Net work Name (SSID) Specify w hether y ou want to h ide your n etwork' s SSID, by s electing o ne of the follow ing: • Yes.
Configuring W ireless Networks 330 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Wireless Tran smitter Transmissi on Rate Select the transmis sion r at e: • Au tomatic . The S afe@Off ice applia nce automat ically sele ct s a rate.
Configuring W ireless Networks Chapter 10 : W orking with Wireless Networks 331 In this fiel d… Do thi s… Antenna Sel ection Multipath di stortion is caused by the ref lection of R adio Freq uency (RF) signals trav eling f rom the tr ansmitter to the re ceiver alo ng mor e than one path.
Configuring W ireless Networks 332 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… RTS T hreshold Type t he smallest IP packet s ize for w hich a sta tion must send an RT S (Request T o Send) befor e sen ding the IP pack et.
Configuring W ireless N et wor k s Chapter 10 : Working with Wireless Networks 333 In this fiel d… Do thi s… W DS Specify w hether to enab le WDS lin ks: • Disabl ed.
Configuring W ireless Networks 334 Check Poi nt Safe@Office User Guide To add or edit a VA P 1. Configure and enab le the prim ary WLAN. For inform ation on configuring the prim ary WLAN manually, see Manually Configu ring a W ireless Ne twork on pa ge 321.
Conf iguring W ireless Networks Chapter 10 : Working with Wireless Networks 335 Th e Edit Network Settings p age appea rs. 5. In the Networ k Name field, ty pe a name for the VAP.
Configuring W ireless Networks 336 Check Poi nt Safe@Office User Guide New fields appe ar. Th e f ields that appear depe nd on the hardware ty pe. 7. In the Mode drop - dow n list, select En abled . The fields a re enab led. 8. In the IP Address field, ty pe the IP address o f the VAP network' s default gateway .
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 337 See Configuring a DHCP Server on pa ge 200. 12. Com plete the fields using the in formation in Basi c Wirele ss Setting s Fields on page 324.
Configuring W ireless Networks 338 Check Poi nt Safe@Office User Guide Note: Some wireless card s have "Infr astruct ure" and "Ad - h oc" mod es. The se modes are also cal led "Ac cess Point " and "Peer to Peer ".
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 339 b) If using Safe@Office1 000 NW, enable WDS link s. For inform ation on configuring these setting s, see Ma nually Conf iguring a Wire less Network on page 321. 2. C lick Network in the m ain menu, and click the My Networ k tab .
Configuring W ireless Networks 340 Check Poi nt Safe@Office User Guide Note: This is the MAC address of the WLAN interfa ce, not the W AN MA C address. T o see your ac cess poin t's W LAN M AC address, click Reports in the main menu, and then click Wireless .
Configuring W ireless Networks Chapter 10 : Working with Wireless Networks 341 New fields appear. The fields that app ear depend on the hardwa re type . 12. Clic k Apply . Note: Both sides of the WDS link must use the sa me radio c hannel and secur ity se ttin gs.
Troubleshooti ng Wi reless Connectivity 342 Check Poi nt Safe@Offi ce User Guide Troubleshooting Wire less Connectivi ty I cannot connect to a wireless network from a wireless station. What should I do? • Check that the SSI D config ured on th e station m atches the Safe@O ffice appliance' s SSI D.
Troubleshooting W ireless Connectivit y Chapter 10 : Working with Wireless Networks 343 • Relocate the Safe@ Office ap pliance t o a place w ith bette r reception , and av oid obstructions, such a s walls and electrical eq uipment.
Troubleshoo ti ng Wi reless Connectivity 344 Check Poi nt Safe@Office User Guide paramete r in the w ireless netw ork' s advanced set tings to a lower v alue. This w ill cause stations t o use RTS for sm aller IP packets, thus d ecreas ing the lik eliness of collisi ons.
Viewing the Safe@Office Appliance Status Chapter 11 : Viewing Reports 345 Chapter 11 This chapter des cribes the Safe@ Office Por tal reports. This ch apter in clud es the fo llow ing topics: Viewing t he Safe@Office Appliance Status .................
Viewing the Safe@Offic e Appliance Status 346 Check Poi nt Safe@Office User Guide To view the Safe@Of fice appliance' s current statu s 1. Click Reports in the main menu, and click the Statu s tab. Th e Status Monitor pag e appears. The page display s the inform ation in the following table.
Viewing the Safe@Office Appliance Status Chapter 11 : Viewing Reports 347 Table 57 : Status Monitor Fields This field … Displays… Device Inform ation Informati on about the S afe@O ffice app liance. Product The license d softw are and the number of all owed node s.
Viewing the Safe@Offic e Appliance Status 348 Check Poi nt Safe@Office User Guide This field … Displays… Internet The Safe@O ffice appli ance's ov erall Intern et conn ection stat us. This ca n be any of t he follow ing: Icon Descri pti on OK.
Viewing the Safe@Office Appliance Status Chapter 11 : Viewing Repo rts 349 This field … Displays… Antivirus The Safe@Offic e applianc e's VS tream Antivir us statu s. This can be any of the following: Icon Descri pti on Antivirus en abled . VStream Anti virus is en abled.
Viewing the Safe@Offic e Appliance Status 350 Check Poi nt Safe@Office User Guide This field … Displays… HA The Safe@O ffice ap pliance's High Avail ability st atus. This can be any of the follow ing: Icon Descri pti on Passive . High Availabi lity is ena bled, and this appli ance is a Passive G ateway .
Viewing the Safe@Office Applia nc e S tat us Chapter 11 : Viewing Reports 351 This field … Displays… System M em The perce ntage of sy stem me mory in use, follow ed by the a mount in kilobytes.
Using the Traffic Monitor 352 Check Poi nt Safe@Office User Guide Using the Traffic Monitor Yo u can view incoming and outgoing traffic fo r selected network inter faces and QoS classes us ing the Traffic M onitor. Th is enables y ou to identify network t raffic tren ds and anom alies, and to f ine tune Traffic Sh aper QoS class as signm ents.
Using the Traffic Monitor Chapter 11 : Viewing Reports 353 Viewi ng Traff ic Report s To view a traffic r eport 1. Click Reports in the main menu, and cl ick the Traffic tab. Th e Traffic Monitor pag e appears. 2. In the Traffic Monitor Report drop- dow n list, sele ct the ne twork inte rface for which you want to v iew a report.
Using the Traffic Monitor 354 Check Poi nt Safe@Office User Guide 3. To refresh all traffic rep orts, click Refresh . 4. To clear all traffic repor ts, click Clear . Note: The firewall block s broadcast packets used during the nor mal operati on of y our network.
Using the Traffic Monitor Chapter 11 : Viewing Reports 355 Th e Traffic Monitor Settings pag e appears. 3. In the Sample monitoring data every field, typ e the in terv al ( in seco nds) at which the Sa fe@Of fice applia nce shou ld collec t traffic data.
Using the Traffic Monitor 356 Check Poi nt Safe@Office User Guide Export ing Gene ral Traf fic Repor ts You can export a gene ral traffic repo rt that includes inf ormation for all enabl ed networks and all def ined QoS classes to a *.csv (Comm a Separat ed Values) file.
Viewing Computers Chapter 11 : Viewing Reports 357 Viewing Compute rs This option allows y ou to view the curr ently active com puters on your network . The comp uters are grap hically displayed, ea ch with i ts nam e, I P address, and s ettings ( DH CP, Static, etc.
Viewing C omputers 358 Check Poi nt Safe@Office User Guide blocked f rom acces sing the I nternet throug h the Safe@ Office ap pliance, the reas on why it was blocked i s shown in red. If a network is bridg ed, the bridge' s na me appears in parent heses ne xt to the n etwork' s name.
Viewing Connections Chapter 11 : Viewing Reports 359 Th e Node Limit window ap pears with installed sof tware product and the n umber of nodes used. b. Click Close to close the w indow. Viewing Connec tions This option allows y ou to view current ly active connec tions between your ne tworks, as well as those from your networks to the I nternet.
Viewing Connections 360 Check Poi nt Safe@Office User Guide Th e Connections pag e appears. The page display s the inform ation in the following table.
Viewing Network Statist ics Chapter 11 : Viewing Reports 361 Table 59 : Connections Fields This field … Displays… Protocol The protocol used (TC P, UDP, and so on) Source IP The sour ce IP a ddre ss. Port The sour ce port Destination IP The destination IP address.
Viewing Network Statist ics 362 Check Poi nt Safe@Office User Guide Viewing Netw ork Statistics You can v iew stati stics for each of the Sa fe@Off ice appli ance 's Internet connections, internal network s and bridges, using the Ne twork Interface Mon itor.
Viewing Network Statist ics Chapter 11 : Viewing Reports 363 2. To refre s h th e di spl ay, cli ck Refresh . Table 60 : G eneral Net work Stat istics This field … Displays… Total Netw orks The total number of interna l netw orks. Total Sent The total number of s ent pack ets on al l networ k interfaces.
Viewing Network Statist ics 364 Check Poi nt Safe@Office User Guide The page display s statistics for the I nternet connection. The fo llowing exam ple s hows statistics for the pr imary Internet connec tion. For in form ation on th e fie ld s, see th e fo llow ing ta ble.
Vi ewing Network Statistics Chapter 11 : Viewing Reports 365 This field … Displays… Internet Mode The Internet conne ction meth od used Connected The connection duration, in the for mat hh:m m:ss, wher e: hh=hours mm=min utes ss=second s Remote IP Address The IP addre ss of t he PPP pe er.
Viewing Network Statist ics 366 Check Poi nt Safe@Office User Guide This field … Displays… RF statu s These fie lds only appe ar for ADSL con nections. Tx P o we r The local and remote transm ission pow er in dB SNR Margin The local and re mote Signal t o Noise Ration (SN R) margin in dB.
Viewing Network Statist ics Chapter 11 : Viewing Reports 367 This field … Displays… Errors The total number o f trans mitted and r eceived pac kets for w hich an er ror occurred Dropped The total .
Viewing Network Statist ics 368 Check Poi nt Safe@Office User Guide Viewi ng Wire d Network Statistics You can v iew stati stics for w ired netwo rk inter faces, includ ing the LA N, DMZ , OfficeMo de, tag - based VLANs, and port- based VLAN s . To view statistic s for a wired ne twork 1.
Viewing Network Statist ics Chapter 11 : Viewing Report s 369 Table 62 : W ired Network S tatistics This field … Displays… Type The networ k's type. Status The netw ork's current status ( Ena bled / Disabled ). IP Address The appli ance's curr ent IP a ddress on t he netw ork interfa ce.
Viewing Network Statist ics 370 Check Poi nt Safe@Office User Guide Viewi ng Wir eless Netwo rk St atist ics If the prim ary WLA N is en abled, y ou can view w ireles s statistic s for the p rimary WLAN and VAPs. To view statistic s for the prima ry WL A N and VAPs 1.
Viewing Network Statist ics Chapter 11 : Viewing Reports 371 Table 63 : W ireless Stat istics This field … Display s… Type The networ k's type, in th is cas e "Wirele ss" Status The.
Viewing Network Statist ics 372 Check Poi nt Safe@Office User Guide This field … Display s… Missing Fragm ents The total number o f packet s missed d uring tran smission an d recep tion that were .
Viewing Network Statist ics Chapter 11 : Viewing Reports 373 The page display s statistics for the b ridge. For inform ation on the fields, see the following table. 3. To view statistics fo r bridged network s, in the tree, expand t he bridge' s node.
Viewing the Routing Table 374 Check Poi nt Safe@Office User Guide This field … Displays… Errors The total number o f trans mitted and r eceived pac kets for w hich an er ror occurred Dropped The t.
Viewing the Routing Table Chapter 11 : Viewing Reports 375 Th e Routing Table pag e appears. The page display s the inform ation in the following table. 2. To resize a colum n, drag the relevant colum n divider rig ht or left. 3. To refresh the disp lay, clic k Refr esh .
V iewing Wireless Stat ion Statistics 376 Check Poi nt Safe@Office User Guide This field… Displays… Interface T he interface for which the r oute is con figured Origin The route' s type: • Connecte d Route . A route to a netw ork that is dire ctly conn ected to the Safe@ Off ice applia nce • Stati c Ro ute.
Viewing Wireless Stat ion Statistics Chapter 11 : Viewing Reports 377 Table 66 : W ireless Statio n Statistic s This field … Displays… Current Rat e The current rec eption and tr ansmi ssion rate .
.
Viewing the Event Log Chapter 12 : Viewing Logs 379 Chapter 12 This chapter des cribes the Safe@ Offic e appliance logs. This ch apter in clud es the fo llow ing topics: Vie wing t he Eve nt Lo g .......................................................
Viewing the Event Log 380 C heck Point S afe@Office User Guide To view the event lo g 1. Click Logs in the m ain menu, and click the Event Log tab. Th e Event Log pag e appear s. The log table con tains the columns described i n Event Log Columns on page 382 .
Viewing the Event Log Chapter 12 : Viewing Logs 381 5. To refresh the disp lay, clic k Refr esh . 6. To save the display ed event s to an *.x ls file: a. Click Save . A standard F ile Down load dialog box appe ars. b. Click Sa ve . Th e Save As d ialog box appears.
Viewing the Event Log 382 Check Poi nt Safe@Office User Guide If you are using I nternet Explorer, and thi s is the first tim e that you copy logs, a dialog b ox ask s you w hether y ou want to a llow the S afe@O ffice Porta l to acces s your clipboard.
Viewing the Security Log Chapter 12 : Viewing Logs 383 Table 68 : Event Log Color Coding An even t marke d in this colo r… Indica tes… Red An e rror mess age Orange A warning me ssage Blue An info.
Viewing the Securit y Log 384 Check Poi nt Safe@Office User Guide To view the secur ity log 1. Click Logs in the m ain menu, and click the Security Log tab. Th e Security Log pag e appears. The log table con tains the columns described i n Securi ty Log Columns on page 387 .
Viewing the Security Log Chapter 12 : Viewing Logs 385 4. To navigate the log table, do any of the fo llowing: • To scroll through th e display ed log page: Use the sc roll bars, or Click on a log m essage and then p ress the UP and D OWN arrows on y our keyboard.
Viewing the Securit y Log 386 Check Poi nt Safe@Office User Guide The selected logs are h ighlighted in yel low. b. Pre ss CTRL+C. If you are using I nternet Explorer, and thi s is the first tim e that you copy logs, a dialog box asks y ou whether y ou want to allow the Saf e@Office Portal to acces s your clipboard.
Viewing the Security Log Chapter 12 : Viewing Log s 387 Table 69 : Security Log Columns This colum n... Dis plays. .. No T he log message nu mber Date The date o n which the a ction o ccurred, in th e.
Viewing the Securit y Log 388 Check Poi nt Safe@Office User Guide This colum n... Dis plays. .. Service The protocol and destina tion p ort used f or the conne ction. Reason The reaso n the action was logged. Rule The number of t he firew all rule that w as ex ecuted.
Viewing the Security Log Chapter 12 : Viewing Logs 389 Action Icon Descri pti on Potential S pam Dete cted An email w as rejected as potential spam. Mail A llowed A non - spam e mail w as logged. Blocked by VStream Antivirus VStream A ntivirus b locked a connectio n.
.
The Safe@Office Firewall Securi ty Policy Chapter 13 : Setting Your Security Pol icy 391 Chapter 13 This chapter des cribes how to se t up your S afe@O ffice appl iance secu rity po licy. You can enhance y our security policy by subscribing to servic es such as Web Filt ering and Email Filtering.
The Safe@Office Firewall Securi ty Policy 392 Check Poi nt Safe@Office User Guide Secur ity Poli cy Implem enta tion The key to im plementing a network secur ity policy is to unde rstand that a firewa ll is sim ply a te chnic al to ol that reflects and enfo rces a netw ork secur ity po licy for acce ssing network resources.
Default Security P olicy Chapter 13 : Setting Your Se curity Policy 393 Default Security Poli cy The Safe@ Office d efault s ecurity pol icy includ es the f ollowing rules: • Access is block ed from the WAN (I nternet) to a ll internal n etwork s (LAN, DMZ, prim ary WLAN, VLANs, VAPs, a nd OfficeMode).
Setting the Firewall Securit y Level 394 Check Poi nt Safe@Office User Guide Setting the Firew all Security Lev el The firewa ll secur ity level can be con trolled us ing a si mple lev er availabl e on the Firewall page. Y ou can set the lever to th e follow ing state s.
Setting the Firewall Securit y Level Chapter 13 : Setting Your Security Pol icy 395 This level … Doe s thi s… Further Details Block All Bloc ks all access between networks. All inbound a nd outbo und traffi c is bloc ked betw een the intern al netw orks.
Setting the Firewall Securit y Level 396 Check Poi nt Safe@Office User Guide Th e Firewall pag e appear s. 2. Drag the s ecurity lever to t he desired l eve l.
Conf iguring Servers Chapter 13 : Setting Your Security Pol icy 397 Configuring Servers Note : If you do not inte nd to host any public I nternet servers in your netw ork (su ch as a Web Serv er, M ail Server, or an exposed host), y ou can ski p this sect ion.
Configuring Servers 398 Check Poi nt Safe@Office User Guide Th e Servers pag e appea rs, disp laying a l ist of serv ices and a ho st I P address for each allowed s ervice. 2. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
Conf iguring Servers Chapter 13 : Setting Y our Security P olicy 399 Table 73 : Se rvers Page Fi elds In this col umn… Do thi s… Allow Select the check box nex t to the public server you want to c onfigur e.
Using Rules 400 Check Poi nt Safe@Office User Guide Using Rule s The Safe@ Office appliance checks th e protocol used, t he ports rang e, and th e dest ination IP address, when dec iding whether to al low or block tr affic.
Using Rules Chapter 13 : Setting Your Security Pol icy 401 For example, if you wan t to block al l outgoing FTP traf fic, except traffic from a specific I P address, you can crea te a rule blocking all outgoing FTP traffic and mov e the rule down in the Rules tab le.
Using Rules 402 Check Poi nt Safe@Office User Guide Table 74 : F irewall Ru le T ypes Rule Descri pti on Allow a nd Forward This rule t ype enabl es you to d o the follow ing: • Permit incoming traf.
Using Rules Chapter 13 : Setting Your Security Pol icy 403 Rule Descri pti on Allow This rule type enabl es you to d o the foll owing: • Permit outgoing a ccess fro m your in ternal netw o rk to a speci fi c service on t he Intern et. Permit in coming acce ss from the I nternet to a speci fic servi ce in your internal n etwork.
Using Rules 404 Check Poi nt Safe@Offi ce User Guide Adding and Ed iting Firewall Ru les To add or edit a fi rewall rule 1. Click Security i n the main m enu, and click the Rules tab. Th e Rules pag e appea rs. 2. Do one of the follow ing: • To add a new rule, click Add Rule .
Using Rules Chapter 13 : Setting Your Security Pol icy 405 Th e Safe@Office Firewall Rule wizard op ens, with the Step 1: Rule Type di alo g box displayed . 3. Select the type of rule you w ant to crea te. 4. Click Next . Th e Step 2: Ser vice dialog box app ear s.
Using Rules 406 Check Poi nt Safe@Office User Guide 5. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le. 6. Click Next . Th e Step 3: Destination & S ource dialog box appea rs. 7. To configure adv anced settings, click Show Advanced Set tings .
Using Rules Chapter 13 : Setting Your Security Pol icy 407 8. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le. 9. Click Next . Th e Step 4: Rule Options di alog box appears. 10. Co mp lete the f ield s usin g t he relev ant inform atio n in the fo llow ing table.
Using Rules 408 Check Poi nt Safe@Office User Guide Th e St ep 5: Done dialog box appe ars. 12. I f desired, type a descriptio n of the rule in the field provided.
Using Rules Chapter 13 : Setting Your Security Pol icy 409 In this fiel d… Do thi s… Protocol Select t he protoco l for w hich the rul e sho uld apply (ESP, GR E, TCP, UDP, ICMP, IGMP, or OSPF). To specify that the rule sho uld apply for any protoc ol, select ANY .
Using Rules 410 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… To specify the Safe@O ffice IP addresses, select This Gateway . To specify any destin ation exc ept the Safe@ Office Portal IP addresses, select ANY .
Using Rules Chapter 13 : Setting Your Security Pol icy 411 In this fiel d… Do thi s… Log accepte d connection s / Log blocked connection s Select thi s option to log the sp ecified blo cked or allowed con nections. By default , accepted connectio ns are not log ged, an d blocke d connectio ns are logge d.
Using Rules 412 Check Poi nt Safe@Office User Guide Reorde ring Fir ewall Rules To reord er firew all rules 1. Cli c k Security in the m ain menu, and click the Rules ta b. Th e Rules page appears. 2. For each rule you wan t to m ove, click on the rule and drag it to the desired locati on in the ta ble .
Using Port - Based Security Chapter 13 : Setting Your Security Pol icy 413 Viewi ng and Del eting Fi rewal l Rules To view or delet e an exist ing firew all rule 1. Click Security in the m ain menu, and click the Ru les tab . Th e Rules pag e appears wi th a lis t of exist ing firewa ll rules.
Using Port - Based Security 41 4 Check Point S afe@Office User Guide network, all users who a uthenticate success fully on that port are ass igned to the DMZ network. When using a RADI US server for auth enticat ion, you can assign au thenti cated us ers to specific n etwork seg men ts, by configuring dynamic VLAN assignment on the R ADIUS server.
Using Port - Based Security Chapter 13 : Setting Your Security Pol icy 415 Configur ing Port - Based S ecuri ty To configure 80 2.1x port - based security for a port 1.
Using Port - Based Security 416 C heck Point S afe@Office User Guide Th e Ports page ap pears. 5. Next to the desired po rt, click E dit ..
Using Port - Based Security Chapter 13 : Setting Your Security Pol icy 417 Th e Port Setup pag e appears. 6. In the Port Security drop- down list, select 802.1 x . Th e Quarantine Network , Authentication Server , and Allow multiple hosts fields are enabled.
Using Port - Based Security 418 Che ck Poin t Safe@O ffice User Guide Table 76 : Po rt - Ba sed Secu rity Field s In this fiel d… Do thi s… Assign to net work S pecify how the Safe@Of fice appl iance shou ld handle u sers w ho authenti cate succes sfully, by selecting one of t he follow ing: • A networ k name.
Using Sec ure HotSpot Chapter 13 : Setting Your Security Pol icy 419 Resetti ng 802. 1x Lo c king When 802.1x port- based security is configured for a LAN port , the first host that attempts to connect to this por t is “lock ed” to the port. In order t o connect a different c omputer to the port, you m ust first reset 802.
Using Sec ure HotSpot 420 Check Poi nt Safe@Office Us er Guide On this page, users m ust read and accept the My HotS pot terms of use, and i f My HotSpot is con figu r ed to be passwo rd - protected, they m ust log in using their Safe@Off ice usernam e and passw ord.
Using Sec ure HotSpot Chapter 13 : Setting Your Security Pol icy 421 My HotSpot pag e. For information on exc luding network objects from HotSpo t enforcem ent, see Us ing Network O bjects on pa ge 227.
Using Sec ure HotSpot 422 Check Poi nt Safe@Office User Guide Enabli ng/Disa bling Sec ure HotSpot To enable/di sable Secure HotS pot 1. Click Security in the m ain menu, and click the HotSpot tab.
Using Sec ure HotSpot Chapter 13 : Setting Your Security Pol icy 423 3. Click Apply . Customi zing Se cure Hot Spot To customize Se cure HotSpot 1. Click Se curity in the m ain menu, and click the HotSpo t tab. Th e My HotSpot pag e appears. 2. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
Using NAT Rul es 424 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… My Hot Spot Term s Type t he terms to w hich the u ser must a gree befor e accessin g the Inter net.
Using NAT Rul es Chapter 13 : Setting Your Security Pol icy 425 Using N A T R ules Overvi ew In an I P network, each computer is assig ned a unique IP address that defines both the ho st and the network. A computer's IP address can be public and I nternet- routable, or private and non-routable.
Using NAT Rul es 426 Check Poi nt Safe@Office User Guide Supported NAT Rule T ypes The Safe@ Office appliance enables y ou to de fine the fo llowing ty pes of cus tom NAT rul es : • Static NAT (or One - to - One NAT) . Translation of an I P address range to another I P address rang e of the same size.
Using NAT Rul es Chapter 13 : Setting Your S ecurity Polic y 427 • Static NAT is conf igured for a network object (for info rmation, see Using Network Ob jects on pa ge 227 ) • NAT rules are rece ived from the Serv ice Center Implicitly defined NA T rules can only be edited or deleted indirectly.
Using NAT Rul es 428 Check Poi nt Safe@Office User Guide Th e Address Translation pa ge appear s. 2. Do one of the follow ing: • To add a new rule, click New .
Using NAT Rul es Chapter 13 : Setting Your Security Pol icy 429 Th e Address Tr anslation wi zard opens, with the S tep 1 of 3: Original Connection Details dialog box display ed. 3. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le.
Using NAT Rul es 430 Check Poi nt Safe@Office User Guide 6. Click Next . Th e Step 3 of 3: Save Addre ss Translation dialog box appears. 7. If desired, type a d escription of the rule in the field prov ided. 8. Click Finish . The new rule appear s in the Address Translation page.
Using NAT Rul es Chapter 13 : Setting Your Security Pol icy 431 Fiel d Descri pti on And the destination is Select the original de stinat ion of the co nnections y ou w ant to trans late. This list includes netw ork obj ects . To specify an IP addr ess, sele ct Specified IP and type the desi red IP address in t he tex t box.
Using NAT Rul es 432 Check Poi nt Safe@Office User Guide Fiel d Descri pti on Change the destination to Select the new destinat ion to which the original de stination s hould be translate d. This li st include s netw ork objects. To specify an IP addr ess, sele ct Specified IP and type the desi red IP address in t he field provided.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 433 b. Click OK . The rule is deleted. Using the EAP Authenticator Wi - Fi Protect ed Access E nterpr ise (WPA -Enterprise) a nd 802.1x are Netwo rk Access Control (NAC) pro tocols that can be used to authenticate users conn ecting to the Check Point Saf e@Office a pplian ce.
Using the EAP A uthenticat or 434 Check Poi nt Safe@Office User Guide Workf lows The Safe@ Office b uilt - in E AP authent icator can b e use d to authen ticate w ireless c lients o r wired clients conne cting to appliance po rts.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 435 See Adding and E d iting U sers on pag e 680. e. Provide each o f the users with the aut hentication crede ntials you configured for them. 2. Configure each wir eless cl ient as fo llows: a.
Using the EAP Authenticat or 436 Check Poi nt Safe@Office User Guide instructions on g enerating a self- signed certi ficate, se e Generating a Certifica te on page 660. A certific ate rece ived from the Service C enter. c. Export the Safe@ Office appliance' s CA cer tificate.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 437 • If t he Choose a Wireles s Networ k screen app ears, c lick Change Advanced Settings . • If you are already connected to a w i reless n etwork , click Properties . Th e Wireless Net work Conn ection Pr operties dialog box appears displaying th e General tab.
Usi ng t he EAP Au thenticat or 438 Check Poi nt Safe@Office User Guide 7. In the Network name (SSID) field, ty pe the Saf e@Office appliance w ireles s network name.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 439 Th e Protected EAP Properties dialog box appears. 14. Mak e sure that the Validate se rver certificate check box is s elected. 15. I n the Select Authe ntication Method drop- dow n list, sele ct Secured p asswor d (EAP - MSCHAP v2 ) .
Using the EAP Authenticator 440 Check Poi nt Safe@Office User Guide Configur ing Clie nts f or Server Authenti cation on W ired Connect ions To configure a Micro soft Windo ws client for ser ver authentica tion 1. In the START m enu, click C ontrol Panel .
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 441 Th e Protected EAP Properties dialog box appears. 9. Make sur e that the Va lidate server certif icate check box is select ed. 10. I n the Select Authentication Method drop- down list, se lect S ecured p assword (EAP - MSCHAP v2 ) .
Using the EAP Authenticator 442 Check Poi nt Safe@Office User Guide Inst alling t he S afe@O ffice App lian ce's C A Certi ficate on Clients To install the S afe@Office a ppliance's CA certificate on a Microsoft Win dows client 1.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 443 Th e File to Import dialog bo x appears. 3. Browse to the Safe@ Office ap pliance' s CA cert ificate ( *.p12 fil e). 4. Click Next . Th e Passwor d dialog box appears. Do not type a passw ord.
Using the EAP Authenticator 444 Check Poi nt Safe@Office User Guide Th e Certificate Store dialog box appears. 6. Click Automaticall y select t he certifica te store bas ed on the type of certifi cate . 7. Click Next . The Completing the Certific ate Import Wizard screen ap pears.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 445 If the Safe@ Offic e applian ce certifica te was s elf - signed, a w arning m essag e appears.
Using the EAP Authenticator 446 Check Poi nt Safe@Office User Guide d. Click C ertificates . Th e Certificat es dialog box appears. e. Click the Trusted Root Certification Authorities tab. Th e Trusted Root Certification Author itie s tab appear s. f.
Using the EAP Authenticat or Chapter 13 : Setting Your Security Pol icy 447 Th e Certificat e dialog box a ppears with additional information. Con necting Wire less Cli ents to th e Saf e@Offi ce Applia nce To connect a Microso ft Windows wirel ess client to the Safe@Office appl iance with WPA Ente rpris e authenticati on 1.
Using the EAP Authenticator 448 Check Poi nt Safe@Office User Guide Th e Enter Credentials dialo g box appears. 6. T ype th e Network Access u ser's u ser nam e and passwo rd in the fields provided. 7. Click OK . The wirel ess clien t attempt s to conne ct to the n etwork .
Overvie w Chapter 14 : Using Smart Defense 449 Chapter 14 This chap ter explai ns how t o use Che ck Point SmartDe fense Serv ices. This chapter inc ludes the f ollow ing topics: Overvi e w .............................................................
Configuring Sm artDefense 450 C heck Point S afe@Office User Guide Configuring SmartDefense You can config ure SmartDefense using the following t ools: • SmartDef ense Wizard . R esets al l SmartDef ense se ttings to their defau lts, and then creates a Sm artDe fense sec urity po licy accor ding to yo ur netw ork and s ecurity preference s.
Confi guring SmartDefense Chapter 14 : Using Smart Defense 451 Th e SmartDefense pag e appears. 2. Click SmartDef ense Wizard ..
Configuring Sm artDefense 452 Check Poi nt Safe@Office User Guide Th e SmartDe fense Wizard o pens, with the Step 1: Smart Defense Level dia log box displayed . 3. Drag the l ever to th e desire d level o f SmartDef ense en forcem ent. For information on the le ve ls, see the following table.
Confi guring SmartDefense Chapter 14 : Using Smart Defense 453 5. Select the check boxe s next to the types of public serve rs that are running on your netwo rk. 6. Click Next . Th e Step 3: Application Blo cking dialog box appears. 7. Select the check boxe s next to the types of applications y ou want to block from running on y our network.
Configuring Sm artDefense 454 Check Poi nt Safe@Office User Guide Th e Step 4: Confirmation dialog box appears. 9. Click Finish . Exis tin g Sm artDefen se sett ings are c leared, and the sec urity poli cy is app lied.
Confi guring SmartDefense Chapter 14 : Using Smart Defense 455 Table 79 : Sm artDefen se Secu rity Lev els This lev el… Doe s thi s… Minimal Disables all SmartD efense pro tection s, except th ose that c annot be disabled.
Configuring Sm artDefense 456 Check Poi nt Safe@Office User Guide Us ing t he Smar tDefe nse Tree For conven ience, Sm artDef ense is org anized as a tree, in which ea ch branc h represent s a category of settings. When a category is expanded, the settings i t contains appear as n odes.
Confi guring SmartDefense Chapter 14 : Using Smart Defense 457 To configure a S martDefense node 1. Click Security in the m ain menu, and click the SmartDefense tab. Th e SmartDefense pag e appears. The left pan e displ ays a tre e containing Sm artDefense categories .
SmartDef ense Categories 458 Check Poi nt Safe@Office User Guide a) Click Default . A confirm ation m essage appear s. b) Click OK . Th e fie lds ar e reset to their d efault v alues, and y our chan ges are sav ed.
SmartDef ense Categor ies Chapter 14 : Using Smart Defense 459 • Ping of Death on pag e 460 • Teardrop on page 459 Teardrop In a Teard rop attack , the att acker sen ds two I P fragm ents, the lat ter enti rely conta ined with in the f orm er. This cau ses som e comp uters to allocate too mu ch mem ory and crash .
SmartDef ense Categories 460 Check Poi nt Safe@Office User Guide Ping of Death In a P ing of Death a ttack, t he attack er sends a fragm ented PIN G request th at exceeds t he maxim um IP p acket size (6 4KB). Som e operating syst ems are unab le to hand le such requests and cra sh.
SmartDef ense Categories Chapter 14 : Using Smart Defens e 461 L AN D In a L AND attack , the attac ker sends a SYN pack e t, in which the s ource address and por t are the sam e as the de stinat ion (the v ictim comp uter). The vict im com puter then t ries to reply to itself and e ither reboots or crashes.
SmartDef ense Categories 462 Check Poi nt Safe@Office User Guide Non - TCP Flooding Advanced firewalls m aintain state inform ation about connection s in a State table. In Non- TC P Flo odi ng a tta cks , t he attacker sends high v olumes of non- TCP traffic.
SmartDef ense Categories Chapter 14 : Using Smart Defense 463 In this fiel d… Do thi s… Max. P ercent Non - TCP Traf fi c Type t he maximum per centage of state tab le capacity allow ed for non - TCP connection s.
SmartDef ense Categories 464 Check Poi nt Safe@Office User Guide Table 84 : Distributed Denial of Servic e Fields In this fiel d… Do thi s… Act ion Specify w hat action to take w hen a DDoS attack oc curs, by s electing one of the follow ing: • Block.
SmartDef ense Categories Chapter 14 : Using Smart Defense 465 Packet San ity Packet San ity perfo rms sev eral Layer 3 and Lay er 4 sanity check s. These inc lude v erifying packet size, UDP and TCP header leng ths, dropping I P options, and verify ing the TCP flags.
SmartDef ense Categories 466 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Disable re laxed UDP length verifica tion The UDP length verifi cation sanity chec k measures the UDP header lengt h and compare s it to t he UDP header length specified in the U DP header.
SmartDef ense Categories Chapter 14 : Using Smart Defense 467 Max P ing Size PING (ICMP echo re quest) is a program that use s IC MP protoco l to check whether a remote m achine is up. A requ est is sen t by the cl ie nt, and the serv er responds with a reply echoing the client' s data.
SmartDef ense Categories 468 C heck Point S afe@Office User Guide IP Fragme nts When an I P packet is too big to be transported by a netw ork link, it is split into s everal smaller I P packets an d tran smitted in f ragm ents.
SmartDef ense Categories Chapter 14 : Using Smart Defense 469 Table 87 : IP Fragments Field s In this fiel d… Do thi s… Forbid IP Fr agments Speci fy whet her all frag mented pa ckets should be droppe d, by sele cting one of the follow ing: • Tr u e .
SmartDef ense Categories 470 Check Poi nt Safe@Office User Gui de Network Quota An attack er may try to overload a serv er in you r netwo rk by establ ishing a v ery lar ge number of connections per second.
SmartDef ense Categories Chapter 14 : Using Smart Defense 471 In this fiel d… Do thi s… Ma x. Connectio ns/Second from Same S ource IP Type t he maximum nu mber of net work conne ctions all owed per se cond from the same sourc e IP addr ess. The defau lt value i s 100.
SmartDef ense Categories 472 Check Poi nt Safe@Office User Guide Table 89 : W elchia Fields In this fiel d… Do thi s… Act ion Specify w hat action to take w hen the W el chia wor m is detect ed, by s electing one of the follow ing: • Block. Block the atta ck.
SmartDef ense Categories Chapter 14 : Using Smart Defense 473 Table 90 : C isco I OS DO S In this fiel d… Do thi s… Act ion Specify w hat action to tak e when a C isco IOS DOS atta ck occurs, by selecti ng one of the follow ing: • Block. Block the atta ck.
SmartDef ense Categories 474 Check Poi nt Safe@Office User Guide Null Pay load Som e worms, such a s Sasse r, use I CMP echo req uest p ackets with nu ll pay load to de te ct potentially v ulnerable hosts. You can config ure how null payload ping packets shou ld be handled.
Sma r tDefense Categories Chapter 14 : Using Smart Defense 475 Checksum Ver ificat ion Sm artDefense ident ifies an y IP , TCP, or UDP p ackets with inco rrect che cksum s.
SmartDef ense Categories 476 Check Poi nt Safe@Office User Guide TCP This category allows you to config ure various protections re lated to the TCP p rotocol.
SmartDef ense Categories Chapter 14 : U sing Smart Defense 477 Table 93 : St rict TCP In this fiel d… Do thi s… Act ion Specify w hat action to take w hen an out - of - state T CP packet arriv es, by selecting o ne of the following: • Block. Block the packet s.
SmartDef ense Categories 478 Check Poi nt Safe@Office User Guide Table 94 : Sma ll PMT U Fields In this fiel d… Do thi s… Act ion Specify w hat action to take w hen a packet is small er than th e Mini mal MTU Size threshold, by selectin g one of th e follow ing: • Block.
SmartDef ense Categories Chapter 14 : Using Smart Defense 479 Sy nDefender In a S YN attack, the attacker se nds m any SYN packets with out finis hing the th ree - way handshak e. This causes the attack ed host to be unable t o accept n ew conn ections.
SmartDef ense Categories 480 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Log mode Spe cify upon whic h events l ogs shoul d be issued, by selecti ng one of the following: • None. Do not issue logs. • Lo g per attack. Issue logs for ea ch SYN att ack.
SmartDef ense Categories Chapter 14 : Using Smart Defense 481 Sequenc e Verif ier The Safe@ Office appliance examines e ach TCP p acket 's sequence nu mber a nd che cks whether it matches a TCP connection state.
SmartDef ense Categories 482 Check Poi nt Safe@Office User Guide Flags The URG flag is use d to indicate that ther e is urgent data in the TCP stream , and that the data should be de livered with high p riority.
SmartDef ense Categories Chapter 14 : Using Smart Defense 483 Port Sc an An attack er can pe rform a po rt scan to determ ine whet her ports a re open and vuln erable to an att ack . This is most com monly done by attempting to access a por t and waiting for a response.
SmartDef ens e Categories 484 Check Poi nt Safe@Office User Guide Table 98 : Port Scan Fields In this fiel d… Do thi s… Number of ports accessed SmartDef ense detect s ports s cans by meas uring the number of ports accessed over a period of tim e.
SmartDef ense Categories Chapter 14 : Using Smart Defense 485 In this fiel d… Do thi s… Trac k Specify w hether to issue logs for scans, by s electing on e of t he follow ing: • Log. Issue log s. T his is the default. • None. Do not is sue logs.
SmartDef ense Categories 486 Check Poi nt Saf e@Offi ce User Guide FTP Bounce When conne cting to an FTP serv er, the client sen ds a P ORT comm and specify ing the I P address and port to wh ich the F TP server should conne ct and send data.
SmartDef ense Categories Chapter 14 : Using Smart Defense 487 Block Known Ports You can choose to block the FTP serv er from connecting to well-know n ports. Note: Known ports are publ ished port s associate d with serv ices ( for ex ample, SM TP is port 25).
SmartDef ense Categories 488 Check Poi nt Safe@Office User Guide Block Por t Ov er flow FTP clients send POR T comm ands when connecting to the FTP sever.
SmartDef ense Categories Chapter 14 : Using Smart Defense 489 Blocked FTP Commands Some seldom- used FTP co mm ands may compromise FTP serv er securi ty and int egrity. You can specify w hich FTP comm ands should be allo wed to pass throug h the security server, and which sh ould be block ed.
SmartDef ense Categories 490 Check Poi nt Safe@Office User Guide To allow a specific FTP com mand 1. In the Blocked Commands box, se lect the desire d F TP command. 2. Click Accept . The FTP comm and appears in the Allowed Command s box. 3. Click Apply .
SmartDef ense Categories Chapter 14 : Using Smart Defense 491 Table 102 : H eader R ejecti on Fields In this fiel d… Do thi s… Act ion Speci fy w hat action to take when an H TTP header - based ex ploit is detected, by selecting one of t he follow ing: • Block.
SmartDef ense Categories 492 Check Poi nt Safe@Office User Guide Table 103 : W orm Catcher Fie lds In this fiel d… Do thi s… Act ion Speci fy w hat action to take when an H TTP - based worm attack is detected, by selecting one of t he follow ing: • Block.
SmartDef ense Categ ories Chapter 14 : Using Smart Defense 493 Table 104 : File Print and Sharing Fields In this fiel d… Do thi s… Act ion Speci fy w hat action to take when a C IFS worm attack is detected, by selecting o ne of the following: • Block.
SmartDef ense Categories 494 Check Poi nt Safe@Office User Guide IG MP This categ ory includ es the I GMP pro tocol. IGMP is used by hosts and routers to dy namically regi ster and discover m ulticast group mem bersh ip.
SmartDef ense Categories Chapter 14 : Using Smart Defe nse 495 In this fiel d… Do thi s… Specify w hether to a llow or bl ock IGM P packets t hat are sent to non - multicast addresses, by selec ting one of the fo ll owing: • Block. Block IGM P p acket s that ar e sent to no n - mult icas t addresses.
SmartDef ense Categories 496 Check Poi nt Safe@Office User Guide SIP The Sm artDefense SI P App lication Lev el Gatew ay (ALG ) processes the SI P protocol, allows f irewall and N AT tr aversal, and enables Traffic Shaper to operate o n SIP connections.
SmartDef ense Categories Chapter 14 : Using Smart Defense 497 H.323 H.323 telephony is used by various dev ices and applications, such as Microsoft Netm eeting. Sm artDefense allows y ou to choos e wheth er to disab le or en able the H.323 Applicat ion Lev el Gateway ( ALG), which a llows firewall and NA T traversal of H.
SmartDef ense Categories 498 Check Poi nt Safe@Office User Guide Peer - to - Peer Sm artDefense can b lock pe er - to - peer file - sharing traffic, by identifying the propri etary protocols and prev enting the initial connec tion to the peer- to - peer n etwo rks.
SmartDef ense Categories Chapter 14 : Using Smart Defense 499 Table 108 : P eer to Peer Field s In this fiel d… Do thi s… Act ion Speci fy w hat action to take when a connection is atte mpted, by selecting one of the follow ing: • Block. Block the connection .
SmartDef ense Categories 500 Check Poi nt Safe@Office User Guide Instan t M essagin g Traff ic Sm artDefense can b lock in stant m essaging ap plication s that u se VoI P protocols, by identify ing the m essaging application' s finger prints an d HTTP h eaders.
SmartDef ense Categories Chapter 14 : Using Smart Defense 501 Table 109 : In stant M essen gers Fields In this fiel d… Do thi s… Act ion Speci fy w hat action to take when a connection is atte mpted, by selecting one of the follow ing: • Block. Block the connection .
SmartDef ense Categories 50 2 Check Point S afe@Office User Guide Games This categ ory includ es XBox LIVE . XBox 360 requires g ateways hosting XB ox LIVE g ames to use the "Open NA T" method rath er than th e normal "Strict NA T" method.
Resetti ng SmartDefense to its Defaults Chapter 14 : Using Smart Defense 503 Resett ing Sm artDe fense t o it s Default s If desired, y ou can r eset the Sm artDefense secu rity p olicy to its de fau lt sett ings . For inform ation on the d efault v alue of each S martD efense se tting, see S martD efense Categories on pa ge 458.
.
Overvie w Chapter 15 : Using Ant ivirus and Antis pam Filtering 505 Chapter 15 This chapter explains how to use ant ivirus and antispam filtering. This ch apter in clud es the fo llow ing topics: Overvi e w ............................................
Overvie w 506 Check Poi nt Safe@Of fic e User Guide VStream Antivirus Email Anti virus Point of Enforc ement VStrea m Antivirus scans for viruses in the Safe@O ffice gateway itself. Email Antiv irus is centralized , redire ct ing traffic thr ough the S ervice C enter for scanning.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 507 Using V Stream A nti virus The Safe@ Office appliance includes VS tream Antiviru s, an em bedded st ream - based antiv.
Using VStream Antivirus 508 Check Poi nt Sa fe@O ffice User Guide If a virus if fo und in this protocol ... VStrea m An tiviru s do es this ... Th e protoc ol is det ected on this port.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 509 Enabli ng/Disa bling VStre am Ant ivirus To enable /disable VStream A ntivirus 1. Click Antivirus in the m ain menu, and click the Antivirus tab. Th e VStream Antivirus pag e appears.
Using VStream Antivirus 51 0 Check Point S afe@Office User Guide Viewi ng VStrea m Antivi rus Signa ture Data base Infor mation VStream Antivirus m aintai ns two data bases: a da ily da tabase an d a main da tabase. The daily datab ase is u pdated fr equently with the new est vi rus sign atures.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 511 Configur ing the VSt rea m Antivi rus Polic y VStream Antivirus i nclude s a flexibl e mechani sm that allows the us er to d efine exact ly which traffic shou ld be scanned, by specifying the protocol, ports , and source and destination I P addresses.
Using VStream A ntivirus 512 Check Poi nt Safe@Office User Guide Th e S afe@Off ice applian ce will p rocess ru le 1 firs t, passing o utgoing S MTP traf fic from the specified IP address, and only the n it will process r ule 2, scanning all ou tgoing SMTP traff ic.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 513 Th e Antivirus Policy pag e appears. 2. Do one of the follow ing: • To add a new rule, click Add Rule . • To edit an existing rule, cli ck next to the desired rul e.
Using VStream Antivirus 514 Check Poi nt Safe@Office User Guide Th e VStream P olicy Rule Wizard opens, w ith the Step 1: Rule Type dialog box displayed . 3. Select the type of rule you w ant to crea te. 4. Click Next . Th e Step 2: Ser vice dialog box appears.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 515 5. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le. 6. Cli c k Next . Th e Step 3: Destination & S ource dialog box appea rs. 7.
Using VStream Antivirus 516 Check Poi nt Safe@Office User Guide 8. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le. 9. Click Next . Th e Step 4: Done dial og box appears. 10. I f desired, type a descriptio n of the rule in the field provided.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 517 In this fiel d… Do thi s… Cus tom Se rvice Click this o ption to specify that the ru le should apply to a specific n on - standard serv ice. The Prot ocol and Port Ra nge fiel ds are en abled.
Using VStream Antivirus 518 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Dat a Di rect ion Select the dir ection of connecti ons to which t he rule should apply : • Download an d Uploa d data. The r ule appl ies to dow nloaded an d uploaded dat a.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 519 Enabling/Disabl ing VStream Antivirus Rules You can temporar ily disab le a VSt ream Antiv irus ru le . To enable/di sable a VStream Antivir us rule 1. Click Antivirus in the m ain menu, and click the Polic y tab .
Using VStream Antivirus 520 Check Poi nt Safe@Office User Guide Viewing and Deleting VS tream Antivirus Rules To view or delet e an exist ing VStr eam A ntiv irus rul e 1. Click Antivirus in the m ain menu, and click the Polic y tab . Th e Antivirus Policy pag e appears w ith a list o f exis ting VStream A ntivirus rul es.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 521 Th e Advanced Antivirus Set tings page appear s. 2. Com plete th e fie lds u sing the fo llow ing table. 3. Click Apply . 4. To restore the defau lt VStream Antivirus settings, do th e follow ing : a) Click Default .
Using VStream Antivirus 522 Check Poi nt Safe@Office User Guide Table 117 : Advanced A ntivirus Settings Fie lds In this fiel d… Do thi s… File Typ es Block potent ially unsafe file types in em ail mess ages Select thi s option to block al l emails containing potentially unsafe attachments.
Using VStream Antivirus Chapter 15 : Using Ant ivirus and Antis pam Filtering 523 In this fiel d… Do thi s… • W MA/ W MV/ASF • RealMedia file • JPEG - only the header is sca nned, and the r est of t he file is skippe d To view a list of saf e file type s, click S how nex t to thi s option.
Using VStream Antivirus 524 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… When arch ived file ex ceeds limit or ex traction f ails Specify how VStream An tiviru s should ha ndle files that ex ceed the Maximum n esting level or the Maximum compression ratio , and fil es for which scann ing fails.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 525 Updati ng VStre am Antiv irus When you a re subsc ribed to the VS tream A ntivirus upd ates se rvice, VSt ream Antivirus virus signatures are automatically updated, k eeping security up- to - date with no need for user inte rven tion.
Using VStream Antispam 526 Check Poi nt Safe@Office User Guide attacks on y our gat eway or mail serv er. If you do not have a mail serv er in your netw ork, there i s no need to enable the IP Reputation engine. ( If you do enable th is engine anyway , it will hav e no nega tive effects.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 527 IP Reputa tion Content Base d Antisp am and Block List Detection Meth od Examines th e sender' s IP addr ess Content Base d Antispam examine s the email's cont ent, and B lock List examines the email' s Sender f ield.
Using VStream Antispam 528 Check Poi nt Safe@Office User Guide How VStre am Anti spam Works VStream Antispam work s as follows: 1. A T CP c onne ct ion arri ves at t he S MT P port (T CP 2 5) or t he PO P3 p ort (TCP 110). 2. The connec tion is checked against the VS tream Antisp am policy, to determ ine whether it should be s canned.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filter ing 529 If the spam score exce eds t he configu red confid ence lev el, VStream Antispam determ ines that t he em ail is spam and handl es it as spe cified by the IP Reputation eng ine's settings.
Using VStream Antispam 530 Check Poi nt Safe@Office User Guide Header M arki ng VStream Antispam adds th e follow ing heade rs to each email that is scann ed by th e Content Based Antispam or Block List engine, but n ot blocked: • X- VStream - Spam - Level .
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 531 Enabli ng/Disa bling VStre am Ant ispam You must enable at lea st on e VStream An tispam en gine in orde r for VStr eam Antis pam to work. Once y ou have enabled the desired eng ines, you m ust configure them , using the relevant s ections in this gu ide.
Using VStream Antispam 532 Check Poi nt Safe@Office User Guide Table 119 : V Stream Anti spam Fields In this fiel d… Do thi s… Content B ased Antispam Specify t he Content Based Ant ispam engine' s mode, by drag ging the lev er to one of t he follow ing: • On .
Using VStream Antispam Chapter 15 : Using Ant ivirus and Ant is pam Filtering 533 In this fiel d… Do thi s… IP Reputat ion Checking Specify t he IP Reput ation engi ne's mode for SM TP connectio ns, by dragging t he lever to one of th e follow ing: • On .
Using VStream Antispam 534 Check Poi nt Safe@Office User Guide This field … Dis plays. .. Spam The number of SMT P and POP3 em ail messa ges that the Content B ased Antispam and Block Lis t engin es determine d to be spa m.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 535 Configur ing the Cont ent Ba sed Anti spam Engi ne You can config ure how VStream Antispam should handle spam and suspected spa m that is detected by the Con tent Based Antisp am eng ine.
Using VStream Antispam 536 Check Poi nt Safe@Office User Guide 4. Click Apply . Table 121 : Content Based A ntispam Settings Fi elds In this fiel d… Do thi s… Spam Configure how VStream Ant ispam should handle spam that i s detected using the C ontent Ba sed Antis pam engine.
Using VStream Antispam Chapter 15 : Using Ant iv irus and Antispam Filtering 537 In this fiel d… Do thi s… Trac k Specify whet her VStream Ant ispa m should l og spam, by s electi ng one of the follow ing: • Log . VS tream Antispam sho uld log spam.
Using VStream Antispam 538 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Money the Easy W ay". The defa ult val ue is [SUSPECTED SPAM] .
Using VStream Antispam Chapter 15 : Us in g Ant ivirus and Antispam Filtering 539 Configur ing the Bl ock Li st Engine You can c onfigure a list of email add resses and d omai n names tha t VStream Antispam should autom atically block, if the Block L ist engine is enabled.
Using VStream Antispam 540 Check Poi nt Safe@Office User Guide Th e Blocked Sen der List pa ge appear s. 3. Click Add . Th e Add Email to List dialo g box appears. 4. In the field prov ided, do one of the followi ng: • To block all em ail from a specifi c sender, type the s ender' s email addr ess.
Using VStream Antispam Chapter 1 5 : Using Anti virus and Antispam Filtering 541 5. Click OK . The sender appears in the Block Sender List tab le. Viewing a nd Deleting Bl ocked Sende rs To d elete a block ed sender 1. Click Antispam in the m ain menu, and click the Antispam tab.
Using VStream Antispam 542 Check Poi nt Safe@Office User Guide Th e Antispam Block List Settings pag e appear s. 3. Com plete th e fie lds u sing the in form atio n in th e fo llo win g table.
Using VStream Antispam Cha pter 15 : Using Ant ivirus and Antis pam Filtering 543 Table 122 : Antispa m Block List Settings Fi elds In this fiel d… Do thi s… Block Action Specify t he action VSt ream An tispam sho uld take up on recei ving an ema il from a bl ocked sender , by sel ecting on e of the f ollowing: • No n e .
Using VStream Antispam 544 Check Poi nt Safe@Office User Guide Configur ing the I P Reputa tion Engine You can config ure how VStream Antispam should handle spam and suspected spa m that is detected by the I P Reputation engine. For inform ation on enabling this engine, see Ena bling /Disa bl ing V Strea m Ant ispa m on page 531.
Using VStream Antis p am Chapter 15 : Using Ant ivirus and Antis pam Filtering 545 4. Click Apply . Table 123 : Antispa m IP Reputation Settings Fields In this fiel d… Do thi s… Spam Configure how VStream Ant ispam should handle spa m that i s detected using the IP Reputat ion engin e.
Using VStream Antispam 546 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Act ion Specify t he action VSt ream An tispam sho uld take up on dete cting pote ntial spam, by s electing o ne of the follow ing: • Rejec t . Block the email.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 547 Configur ing the VSt rea m Antispam Pol icy VStream Antispam include s a flexibl e mechani sm that allows the us er to .
Using VStream Antispam 548 Check Poi nt Safe@Office User Guide The Safe@ Office appliance will proces s rule 1 first, pa ssing outgo ing SMTP traffi c from the specified IP address, and only the n it will process r ule 2, scanning all ou tgoing SMTP traff ic.
Using VSt ream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 549 Th e Antispam Policy pag e appears. 2. Do one of the follow ing: • To add a new rule, click Add Rule .
Using VStream Antispam 550 Check Poi nt Safe@Office User Guide Th e VStream Antispam Policy Rule Wizard opens , with the Step 1: Rule Type dialog box displayed . 3. Select the type of rule you w ant to crea te. 4. Click Next . Th e Step 2: Destination & S ource dialog box appea rs.
U sing VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 551 6. Click Next . Th e Step 3: Done dial og b o x appears. 7. If desired, type a d escription of the rule in the field prov ided. 8. Click Finish . The new rule appear s in the Antispam Policy page.
Using VStream Antispam 552 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… The connect ion source is Se lect the so urce of t he conne ctions to w hich the ru le should apply. To specify an IP addr ess, sele ct Specified IP and type the desi red IP addr ess in the fie ld provide d.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 553 Enabling/Disabl ing VStream Antispam Rules You can temporar ily disab le a VSt ream Antis pam rule. To enable/d isable a VStre am Antispam rule 1. Click Antispam in the m ain menu, and click the Po lic y tab.
Using VStream Antispam 554 Check Poi nt Safe@Office User Guide Viewing and Deleting VS tream Antisp am Rules To view or delete an existing VStre am Antispam rule 1. Click Antispam in the m ain menu, and click the Po lic y tab. Th e Antispam Policy pag e appears w ith a list o f existi ng VStream A ntispam rul es.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 555 Th e Safe Sender List pag e appear s. 2. Click Add . Th e Add Email to List dialo g box appears. 3. In the field prov ided, do one of the followi ng: • To allow all em ail from a specifi c sender, type the s ender' s email addr ess.
Using VStream Antispam 556 Check Poi nt Safe@Office User Guide 4. Click OK . The sender appears in the Safe Send ers table. Viewing and Deleting S afe Sender s To view or delet e a safe s ender 1. Click Antispam in the m ain menu, and click the Safe Senders tab.
Using VStream Antispam Chapter 15 : Using Ant ivirus and Antis pam Filtering 557 Configur ing VStr eam Antispam Advanc ed Setti ngs To configure V Stream Antispam a dvanced settings 1. Click Antispam in the m ain menu, and click the Ad vance d tab. Th e Advanced Antispam Se ttings page appear s.
Using Centrali zed Email Filtering 558 Check Poi nt Safe@Office User Guide • To specify that VStream Antivirus should not log email sent by addre sses on the Safe S ender Li st, selec t None .
Using Centrali zed Email Filtering Chapter 15 : Using Ant ivirus and Antis pam Filtering 559 Enabli ng/Disa bling Emai l Filt ering To enab le/disable Email F iltering 1. Click Services in the main m enu, and click the Email F iltering tab. Th e Email Filter ing page app ears.
Using Centrali zed Email Filtering 560 Check Poi nt Safe @Offi ce User Guide Selectin g Protocols f or Scanning If you are locally m anaged, y ou can define which prot ocols should be scanned for viruses and spam : • Email retrieving (POP3). I f enabled, all incoming em ail in the POP3 proto col will be scanned.
Using Centrali zed Email Filtering Chapter 15 : Using Ant ivirus and Antis pam Filtering 561 2. Next to the Bypass scannin g if Service Cent er is unavai lable option, speci fy how the g ateway should.
Using Centrali zed Email Filtering 562 Check Poi nt Safe@Office User Guide • T he Snooze button changes to Resume . • T he Email Filtering Off popup w indow opens. 3. To re - enable Em ail Antiv irus and Em ail An tispam, click Resume , ei ther in the popup window, or on the Email Filtering page.
Using Centrali zed Email Filtering Chapter 15 : Using Ant ivirus and Antis pam Filtering 563.
.
Overvie w Chapter 16 : Using W eb Content Filtering 565 Chapter 16 This chapter explains how to use Web c ontent filtering. Thi s c ha pter inclu des th e follow ing topics : Overvi e w .................................................................
Overvie w 566 Check Poi nt Safe@Office User Guide Web Rules Web Filte ring Subscr iption a nd Connec tion Requirem ent Web rules are includ ed with th e Safe@Offic e applianc e and do not require a Servi ce Center subscriptio n or connection. The W eb Fi ltering serv ice is s ubscription - based and req uires a connecti on to the Service Cen ter.
Using W eb Rules Chapter 16 : Using W eb Content Filtering 567 Using Web Rules You can b lock or al low acc ess to sp ecific Web p ages, b y defining Web rule s. Note: W eb rules affect outg oing traff ic only an d cannot be used to allow or limit access fro m the Int ernet to internal Web servers .
Using W eb Rules 568 Check Poi nt Safe@Office User Guide The Safe@ Office appliance will proces s rule 1 first, all owing acces s to the d esired page, and only then it w ill process ru le 2, block ing acc ess to the rest of th e site.
Using W eb Rules Chapter 16 : Using W eb Content Filtering 569 Th e Web Rules page appe ars. 2. Do one of the follow ing: • To add a new rule, click Add Rule .
Using W eb Rules 570 Check Poi nt Safe@Office User Guide Th e Safe@ Office Web Rule Wizard opens, with the Step 1: Rule Type dialog box displayed . 3. Select the type of rule you w ant to crea te. 4. Click Next . Th e Step 2: Rule Location dialog box appears.
Using W eb Rules Chapter 16 : Using W eb Content Filtering 571 The exam ple below s hows a B lock rule. 5. To configure adv anced sett ing s, click Show Advanced Settings . New fields appe ar. 6. Com plete th e fie lds u sing the re lev ant in form ation in t he follo win g tab le.
Using W eb Rules 572 Check Poi nt Safe@Office User Guide Th e Step 3: Confirm Rule di alog box appears. 8. Click Finish . The new rule appear s in the Web Rules pag e. Table 128 : W eb Rules Fields In this fiel d… Do thi s… Block/Allow access to t he following UR L Type t he URL or IP a ddress to which the r ule shoul d apply.
Using W eb Rules Chapter 16 : Us ing W eb Content Filtering 573 In this fiel d… Do thi s… Log allow ed connection s / Log blocked connection s Selec t thi s option to log the sp ecified blo cked or allowed con nections. By default, allow ed Web pages are not logged, and blo cked Web pages are logged.
Using W eb Rules 574 Check Poi nt Safe@Office User Guide Viewi ng and Del eting W eb Rules To view or delete an existing Web rul e 1. Click Security in the m ain menu, and click the Web Rules tab. Th e Web Rules page appe ars with a list of ex isting We b rules.
Using W eb Fi ltering Chapter 16 : Using W eb Content Filtering 575 Using Web Filtering When the Web Filtering serv ice is enabled, access to Web content is res tricted acco rding to the categ ories spe cified in t he Allow Ca teg ori es area of the Web Filtering pa ge.
Using W eb Fi ltering 576 Check Poi nt Safe@Office User Guide Th e Web Filtering pag e appears. 2. Drag the On /Off lever u pwards o r downwards. Web Filter ing is enab led/di sabled.
Using W eb Fi ltering Chapter 16 : Using W eb Content Filtering 577 Sele cting Cate gories for Block ing You can define wh ich types of Web s ites should be con sidered appropria te for your family or office m em bers, by selec ting the ca tegories.
Using W eb Fi ltering 578 Check Poi nt Safe@Office User Guide 2. Next to the B ypass scanning if Service Cent er is unavai lable option, speci fy how the g ateway should ha ndle Web F iltering w hen t.
Using W eb Fi ltering Chapter 16 : Using W eb Content Filtering 579 • T he Snooze button changes to Resume . • T he Web Filtering Off popup w indow opens. 3. To re - enable the serv ice, click Resume , either in the po pup window, or on the Web Filtering page.
Using W eb Filtering 580 Check Poi nt Safe@Office User Guide • The service is re - enabled for all inter nal n etwork com puters. • If you clicked Resume in the Web Filtering pag e, the button c hanges to Snooze . • If you clicked Resume in the Web Filtering Off popup window, the popup window closes.
Using W eb Fi ltering Chapter 16 : Using W eb Content Filtering 581 Th e Web Filtering Automati c Snooze Settings page app ears. 3. Do one of the follow ing: • To enable Au tomatic Sn ooz e: 1) Select the Automatic Snooze check box. 2) In the fields provided, specify the hours between whi ch the Web Filtering service sh o uld be disabled.
Customi zing the Access Denied Page 582 Check Poi nt Safe@Office User Guide Reset ting We b Filteri ng Cate gories to Def aults If desired, y ou can r eset the Web Fil tering ca tegories t o their d efault se ttings. To restore We b Filtering defaults 1.
C ustom izing the Acc ess Denied Page Chapter 16 : Using W eb Content Filtering 583 Th e Customize Access Deni ed Page page ap pears. I n the fo llowing ex ample, th is page was access ed via the Web Rules p age. 3. In the text box, ty pe the messag e that s hould app ear when a u ser attem pts to access a b locked Web page.
.
Overvie w Chapter 17 : Updating t he Firmware 585 Chapter 17 This chap ter explai ns how t o update t he Safe@ Office a ppliance' s firm ware. This ch apter in clud es the fo llow ing topics: Overvi e w ...........................................
Using Sof tware Updates 586 Check Poi nt Sa fe@O ffice User Guide Using Software Updates Check ing for Software Upda tes when Re mote ly Manage d If you r Safe@Offic e applia nce is rem otely m anag ed, it automatical ly check s for softw are updates and instal ls them without user intervention.
Using Sof tware Updates Chapter 17 : Updating t he Firmware 587 The system checks fo r new updat es and installs them . Check ing for Software Upda tes when Loc all y Managed If you r Safe@Offic e app.
Updating the Firmware Manually 588 Check Poi nt Safe@Offi ce User Guide Note: W hen the So ftwar e Updates serv ice is se t to Auto matic, y ou can still manually check for up dates. 3. T o set the S afe@O ffice app liance so th at softwar e upda tes must b e check ed for manually, drag the Auto matic/Manual lever downwa rds.
Updating the Firmware Manually Chapter 17 : Updating t he Firmware 589 Th e Firmware Update pag e appears. 3. Click Browse . A browse window ap pears. 4. Select the imag e file and cli ck Open . Th e Firmware Update pag e reappea rs. The pa th to th e firmw are update im age file appears in the Br owse text box.
.
Connecting t o a Servic e Center Chapter 18 : Using Subscri ption Services 591 Chapter 18 This chap ter explai ns how t o connect y our Safe@ Offic e applia nce to a S ervice Ce nter and start subscription services. Note: Check with your res eller r egarding av ailability of sub scription s e rvices, or surf to www .
Connecting t o a Servic e Center 592 C heck Point S afe@Office User Guide Th e Account page a p pears. 2. In the Servi ce Account area, click C onnect .
Connecting t o a Servic e Center Chapter 18 : Using Subscri ption Services 593 Th e Safe@Office Services Wizard opens, with the Service Center dialog box d isplayed. 3. Make sur e the Connect to a Ser vice Center check box is sel ected. 4. Do one of the follow ing: • To connect t o the SofaW are Serv ice Cent er, choo se usercenter .
Connecting t o a Se rvic e Center 594 Check Poi nt Safe@Office User Guide • If the Service C enter r equires au thentica tion, the S ervice C enter Login dialo g box appears. Enter your gateway ID and registration k ey in the appropriate f ields, as given to you by your service provider, then click Next .
Connecting t o a Servic e Center Chapter 18 : Using Subscri ption Services 595 6. Click Next . Th e Done scree n appears w ith a suc cess m essage. 7. Click Finish . The following thing s happen: • If a new firm ware is av ailable, the Safe@O ffice ap pliance m ay start downloading it.
Co nnecting t o a Servic e Center 596 Check Poi nt Safe@Office User Guide • The services to which you are subscribed are now available on your S afe@Off ice appli ance and listed as su ch on the A ccount page. See View ing Services Informat ion on page 597 for further information.
Viewing Services I nformation Chapter 18 : Using Subscri ption Services 597 Viewing Ser v ice s Information Th e Account page disp lays the following in formation about your s ubscription. Table 129 : Account Pa ge Fields This field … Displays… Service Cen ter Name T he name of t he Servi ce Cent er to which y ou are co nnected ( if known) .
Refreshing Your Servic e Center Connection 598 Check Poi nt Safe@Office User Guide Refreshing Your Service Center Connection This opti on restar ts your S afe@Off ice app liance’s co nnection to the Se rvice Ce nter an d refreshes y our Safe@ Offic e applia nce’s serv ice sett ings.
Configuri ng Your Acc ount Chapter 18 : Using Subscri ption Services 599 Configuring Your Account This opti on allow s you to acces s your S ervice Cen ter' s Web site, whi ch may offer additional configuration options for your account . Contact your Serv ice Center for a user ID and password.
Disconnect ing from Your S ervice Center 600 Check Poi nt Safe@Office User Guide 4. Click Next . Th e Done scree n appears w ith a suc cess m essage. 5.
Overvie w Chapter 19 : Working W ith VP Ns 601 Chapter 19 This chap ter descr ibes how to use y our Safe@ Office ap pliance as a Rem ote Access VPN Cl ie nt, ser ver , or gateway . This ch apter in clud es the fo llow ing topics: Overvi e w ..........
Overvie w 602 Check P oint Safe@ Offi ce User Guide • SecuRemote In ternal VPN Server. SecuRem ote can also be use d from y our internal network s, allowing you to secure your w ired or wirel ess network with strong encryption an d authentication. • Endpoint Connect VPN Server.
Overvie w Chapter 19 : Working W ith VP Ns 603 Site - to - Site VPNs A Site - to - Site VPN consists of two or m ore Site- to- Site VPN Ga teways th at can comm unicate with each other i n a bi - directional relationship. The connected networks function as a sing le networ k.
Overvie w 604 Check Poi nt Safe@Office User Guide To creat e a Site - to - Site VPN with two VPN sites 1. On the first VPN site’s Safe@O ffice appliance, do the fol lowing: a. Defin e the second VPN s ite as a S ite - to - Site VPN Ga tew ay, u sing th e procedure Adding and Editing VPN Sites on page 621 .
Overvie w Chapter 19 : Working W i th VPN s 605 Remo te Access V PNs A Rem ote Access VPN con sists of one Rem ote Access VPN Serv er or Sit e - to - Site VPN Gateway , and one or more R emote Access VPN Cl ients.
Overvie w 606 Check Poi nt Safe@Office User Guide To creat e a Remot e Access V PN wit h tw o VPN sites 1. On the rem ote user VPN sit e's Safe@ Office app liance, add the of fice Rem ote Access VPN Serv er as a Rem ote Access VPN sit e. Se e Adding and Ed iting VPN Sites on page 621.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Working W ith VPNs 607 For inform ation on setting up your Saf e@Office appliance a s an internal VPN S erver, see Configu ring the Internal VPN Server on page 610.
Setting Up Your Safe@Office Appliance as a VPN Server 608 Check Poi nt Safe@Office User Guide Note: The use of all Rem ote VPN C lients is subj ect to Che ck Point ’s purchas ing terms and co ndition s. To set up your Safe @Office ap pliance as a V PN Serv er 1.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Working W ith VP Ns 609 See Sett ing Up Re mote VP N Access for U sers on pag e 687. Note: Disabling the VPN Server for a specif ic type of connecti on will c ause all ex isting VPN tunne ls of that ty pe to d isconnect.
Setting Up Your Safe@Office Appliance as a VPN Server 610 Check Poi nt Saf e@Offi ce User Guide 4. To allow au thentica ted user s connecting from the Intern et to bypass the def ault firewall po licy an d access y our int e rnal network wi thout restriction, selec t the Bypass default firewall policy check box.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Working W ith VP Ns 611 Configur ing the Endp oint Con nect VPN Serve r To configure the E ndpoint Connec t VPN Server 1.
Setting Up Your Safe@Office Appliance as a VPN Server 612 Check Poi nt Safe@Office User Guide Configur ing the L2 TP VPN Server To configure the L 2TP VPN Server 1. Click VPN in the main m enu, and click the VPN Server tab. Th e VPN Server page appea rs.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Wo rk ing W ith VPNs 613 Inst alling Se cuRemote If you configured th e SecuRem ote Internal VPN Server, you m ust install the SecuRemote/SecureC lient VPN Clien t on all internal network computers that should be allowed to remote ly access y our network via SecuRemote conne ctions.
Setting Up Your Safe@Office Appliance as a VPN Server 614 Check Poi nt Safe@Office User Guide 3. Follow the online instru ct ions to com ple te insta llat ion.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Working W ith VP Ns 615 Th e New Connection Wizard opens d isplaying the Welco me to the New Connection Wizard s cre en. 4. Click Next . Th e Network Connection Type dia log box appears.
Setting Up Your Safe@Office Appliance as a VPN Server 616 Check P oint Safe@ Offi ce User Guide 7. Th e Network Connection dialog box app ears. 8. Choose Virtual Private Netw ork connection . 9. Click Next . Th e Connection Name dialo g box appears. 10.
Setting Up Your Safe@Office Appliance as a VPN Server Chapter 19 : Working W ith VP Ns 617 Th e Public Network di alog box appears. 12. Choose Do not di al the initial connection . 13. Clic k Next . Th e VPN Se rver Selection d ialog box appears. 14. I n the field, type the Safe@ Offi ce applianc e's I P address.
Setting Up Your Safe@Office Appliance as a VPN Server 618 Check Poi nt Safe@Office User Guide Th e Completing the New Co nnection Wizard screen app ears. 15. Clic k Finish . 16. In the Network and Dial - up Connections window, right-click on the L2TP connection, and c lick Properties in the popup m enu.
Setting Up Your Safe@Office Appliance as a VPN Server Chapte r 19 : Working W ith V PNs 619 Th e Advanced S e curity Settings dialog box op ens. 19. I n the Data encryption drop- down list, se lect Optional encryption . 20. Choose Allo w these protocols .
Setting Up Your Safe@Office Appliance as a VPN Server 620 Check Poi nt Safe@Office User Guide 28. I n the Type of VPN drop-down list, s elect L2TP IPSec VPN .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 621 A dd ing and Editing VPN Sites To add or edit V PN sites 1. Click VPN in the m ai n menu, and c lick the VPN Sites tab. Th e VPN Sites page app ears with a list of VPN sites. 2. Do one of the follow ing: • To add a VPN site, click New Sit e .
Adding and E diting VPN S ites 622 Check Poi nt Safe@Office User Guide Th e Safe@Office VPN Site Wizard opens, wi th the Welcome to the VPN Site Wi zard dialog box display ed. 3. Do one of the follow ing: • Select Remote A ccess VPN to establi sh rem ote access f rom y our Remo te Access VPN Client to a Rem ote Access VPN Serv er.
Adding a nd Editi ng VPN Sites Chapter 19 : Working W ith VP Ns 623 Configur ing a Re mote Ac cess VPN Si te If you selected Remo te Access VP N , the VPN Gatew ay Address dialog box app ears. 1. Enter the I P address of the Remote A ccess VPN Se rver to wh ich you want to connect, as giv en to you by the netwo rk administrator.
Adding and E diting VPN S ites 624 Check Poi nt Safe@Office User Guide Th e VPN Network Configura tion dialog box appears. 4. Specify how y ou want to obtain the VPN network con figuration. Refer to VPN Network Configurat ion Fields on pag e 633. 5. Click Next .
Adding and Editing V PN Site s Chapter 19 : Working W ith VP Ns 625 • If you chose Specify Configur ation , a second VPN Network Configur ation dialog box appears. Complete the fields u sing the information i n VPN N etwork Configuration Fields on page 633 and cl i ck Next .
Adding and E diting VPN S ites 626 Check Poi nt Safe@Office User Guide In the Backup Gateway IP fi eld, type the nam e of the V PN site to use if the primary VPN site fa ils, and then click Next . • T he Authentication Method dialog box appe ars. 6.
Adding and Edi ting VPN Sit es Chap ter 19 : Working W ith VP Ns 627 Username and Pas sword Authentication Method If you selected User name and Pas sword , the VPN Login dialog box app ears. 1. Complete the fie lds using the information i n VPN Login Fields on page 635 .
Adding and E diting VPN S ites 628 Check Poi nt Safe@Office User Guide Do the following: 1) T o try to connect to the Rem ote Access VPN Serv er, select the Try to C onnect to the VPN Gateway check box.
Adding and Edi ting VPN Sit es Chapter 19 : Wo rk in g With VPNs 629 Th e VPN Si te Created sc reen appears. 5. Click Finish . Th e VPN Sites page reappe ars. I f you added a VPN si te, the new site app ears in th e VPN Sites list. I f y ou edite d a VP N si te, th e mo difica tio ns ar e ref lected in the VPN Sites list.
Adding and E diting VPN S ites 630 Check Poi nt Safe@Office User Guide Certifi cate A uthen ticatio n Method If you selected Certificate , the Connect dia log box appears. 1. To try to connect to the Rem ote Access VPN Server, selec t the Try to Connect to the VPN Gateway check box.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 6 31 Th e Site Name dialog box appears. 3. Enter a nam e fo r th e VP N site . You may choose any name.
Adding and E diting VPN S ites 632 Check Poi nt Safe@Office User Guide 5. Click Finish . Th e VPN Sites page reappe ars. I f you added a VPN si te, the new site app ears in th e VPN Sites list. I f yo u edite d a VPN si te, th e mo difica tio ns ar e re f lecte d in the VPN Sites list.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 633 Th e VPN Si te Created sc reen appears. 3. Click Finish . The VPN Sites page reappe ars. I f you added a VPN si te, the new site app ears in th e VPN Sites list. I f y ou edite d a VP N si te, th e mo difica tio ns ar e ref lected in the VPN Sites list.
Adding and E diting VPN S ites 634 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… Specify Configurati on Click this o ption to provide the netw ork config uration man ually . Route All T raffic Click this o ption to rout e all ne tw ork traffic thro ugh the VPN site.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 635 In this fiel d… Do thi s… Subnet mask Select the su bnet mask s for the de stinatio n networ k addresses . Note: Obtain the destinati on ne tworks and su bnet mask s from t he VPN site’s sy stem ad minis trator .
Adding and E diting VPN S ites 636 Check Poi nt Safe@Office User Guide In this fiel d… Do thi s… the appropr iate user name an d password hav e been entered. For further informati on on Automa tic and M anual Login, see, Logging i n to a VPN Site on page 655 .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 637 1. Complete the fields u sing the information i n VPN Gateway Addr ess Fiel ds on page 650. 2. Click Next . Th e VPN Network Configura tion dialog box appears. 3. Specify how y ou want to obtain the VPN network con figuration.
Adding and E diting VPN S ites 638 Check Poi nt Safe@Office User Guide • If you chose Specify Configur ation , a second VPN Network Configur ation dialog box appears. Complete the fields u sing the information i n VPN Networ k Co nfigu rati on Fie lds on page 633, and then c lick Next .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 639 In the Backup Gateway IP fi eld, type the nam e of the V PN site to use if the prim ary V PN site fail s, and then click Nex t . • If you chose Route Based VPN , the Rout e Based V PN dialog box app ears.
Adding and E diting VPN S ites 640 Check Poi nt Safe@Office User Guide 5. Complete the fields u sing the information i n Authen tication M ethods Fi elds on page 651.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 641 Shared Secret A uthentic ation Method If you selected Shar ed Secr et , the Authentication dialog box appears. If you chose Download Con figuration , the dialog box c ontains additional fie lds.
Adding and E diting VPN S ites 642 Check Poi nt Safe@Office User Guide Th e Security Methods dialo g box appears. 2. To configure advanced s ecurity settings, c lick Show Advanced Setting s . New fields appe ar. 3. Complete the fields u sing the information i n Securi ty Methods Fields on page 652 and click Next .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 643 Th e Connect dialog box appears. 4. To try t o connect to the Remo te Access VPN Se rver, s elect the Try to Conn ect to the VPN Gateway check box. This allows you to test the VPN connec tion.
Adding and Edi ting VPN Sit es 644 Check Poi nt Safe@Office User Guide • T he Site Name dialog box appear s. 6. Type a nam e for the VPN site. You may choose any name. 7. To keep the t u nnel to the V PN site a live even i f there is n o network traffic between the Safe@ Office a ppliance and the VPN site, select Keep this sit e alive .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 645 • If you selected K eep this sit e alive , and p reviously y ou chose Download Configuration , the "Keep Ali ve" Configuration dialog box appears.
Adding and E diting VPN Site s 646 Check Poi nt Safe@Office User Guide Certifi cate A uthen ticatio n Method If you selected Certificate , the following thing s happen: • If you chose Download Configur ation , t he Authentication dialog box appears.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 647 1. To confi gure adv anced sec urity set tings, cli ck Show Advanced Settings . New fields appe ar. 2. Complete the fields u sing the information i n Securi ty Methods Fields on page 652 and click Next .
Adding and E diting VPN S ites 64 8 Check Point S afe@Office User Guide 3. To try t o connect to the Re mote A ccess VPN Se rver, s elect the Try to Conn ect to the VPN Gateway check box.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 649 • If you selected K eep this sit e alive , and p reviously y ou chose Download Configuration , the "Keep Alive" Configuration d ialog box appears.
Adding and E diting VPN S ites 650 Check Poi nt Safe @Offi ce User Guide Table 133 : V PN Gat eway Addr ess Fields In this fi eld… Do thi s… Gatew ay Address Type t he IP address of the Sit e - to - Site VP N Gatew ay to which y ou want to connect, as given to y ou by th e networ k admini strator.
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 651 Table 135 : Authentic ation Methods Fiel ds In this fiel d… Do thi s… Shared Secre t S elect thi s option t o use a shared secre t for VPN authenti cation. A shared s ecret is a string use d to ident ify VPN sit es to each other.
Adding and E diting VPN S ites 652 Check Poi nt Safe@Office User Guide Table 137 : S ecurity Methods Fields In this fiel d… Do thi s… Phase 1 Security Methods Select the encryptio n and inte grity alg orithm t o use for IK E negotia tions: • Au tomatic .
Adding and Edi ting VPN Sit es Chapter 19 : Working W ith VP Ns 653 In this fiel d… Do thi s… Perfect For ward Secrecy Specify w hether to e nable Per f ect Forward Secrecy (PFS), by selecting one of the follow ing: • Enabled. PF S is enabl ed. T he Diffie - Hellman grou p field is enabled.
Viewing and Deleting VP N Sites 654 Check Poi nt Safe@Office User Gui de Viewing and Deleting VPN Sites To view or delet e a VPN s ite 1. Click VPN in the main m enu, and click the VPN Sites tab . Th e VPN Sites page app ears, w ith a list of all VPN si tes.
Logging in to a Remote Access VPN Site Chapter 19 : Working W ith VP Ns 655 Note: Disabling a VPN site eliminate s the tunne l and era ses the netw ork topo logy. a. Click the icon in the desi red VPN site’s row. A confirm ation m essage appear s. b.
Logging in to a Remote Access VPN Site 656 Che ck Poin t Safe@O ffice User Guide Logging i n throu gh the Sa fe@Off ice Porta l Note: You can o nly log in to sites th at are c onfigured for Manual L ogin. To manually log in to a VPN site through the Safe@Office Portal 1.
Logging in to a Remote Access VPN Site Chapter 19 : Working W ith VP Ns 657 Logging i n throu gh the my .vpn page To manually log in to a VPN site through the my.vpn page 1. Direct your Web b rowser to http://my .vpn Th e VPN Login screen appe ars. 2.
Logging Out of a Remote Ac cess VPN Site 658 Check Poi nt Safe@Office User Guide • Once the Sa fe@Office applianc e has f inished conn ectin g, the Status fie ld changes t o “Connect ed”. • T he VPN Login Status box rem ains open until you m anually log out of the VPN s ite.
Using Certificates Chapter 19 : Working W ith VP Ns 659 Safe@Off ice VPN S erver f or the fir st time, the entity should check that the VPN p eer's fingerprin t display ed in th e SecuRem ote/Secu reClien t VPN Cl ient is id entical to the fi nge rpr int re cei ved .
Using Certificat es 660 Check Poi nt Safe@Office Us er Guide Generatin g a Self - Sig ned C ertificat e To g enerate a self - signed certificat e 1. Click VPN in the main m enu, and click the Certificate tab. Th e Cert ificate page appea rs. 2. Click Install Certificate .
Using Certificates Chapter 19 : Working W ith VP Ns 661 Th e Safe@Office Certificate Wizar d opens, with the Certificate Wizard dialog box displayed . 3. Click Generate a s elf - signed security certificate for this gateway . Th e Create Sel f - Signed Certificate dialog b ox appears.
Using Certificat es 662 Check Poi nt Safe@Office User Guide The Safe@ Office appliance generates the certi ficate. This may take a few se conds. Th e Done dialog box appe ars, d isplaying the certi ficate' s details. 6. Click Finish . The Safe@ Office appliance installs the certif icate.
Using Certificates Chapter 19 : Working W ith VP Ns 663 • The starting an d end ing dates be tween wh ich the g ateway' s certificat e and th e CA's cer t ificate are valid.
Using Certificat es 664 Check Poi nt Safe@Office User Guide Table 138 : Ce rtific ate Fields In this fiel d… Do thi s… Country Select your country fr om the d rop - down li st. Organizatio n Name Type the name of y our org anization . Organizatio nal Unit Ty pe the name of yo ur divisio n.
Using Certificates Chapter 19 : Working W ith VP Ns 665 Th e Import Certificate dialo g box appears. 4. Click Browse to open a file browser from which to locate and se lect the file. The filenam e that y ou selec ted is disp layed. 5. Click Next . Th e Import - Certifica te Pass phrase dialog box a ppears.
Using Certificat es 666 Check Poi nt Safe@Office User Guide 6. Type the pa ss - p hrase you receiv ed from the netwo rk secur ity adm inistrator. 7. Click Next . Th e Done dialog box appe ars, d isplaying the certi ficate' s details. 8. Click Finish .
Using Certificates Chapter 19 : Working W ith VP Ns 667 Uninstalling a Certif icate If you uninstall the c ertifica te, no ce rtificate w ill exist on the S afe@Of fice appl iance, and you w ill not be ab le to conn ect to the VPN if a certifica te is requi red.
Using Certificat es 668 Check Poi nt Safe@Office User Guide Export ing Certifi cates The Safe@ Office appliance allows y ou to expor t the fo llowing certificat es: • The device cert ificate Exporting the dev ice certificate is use ful for backup purposes.
Using Certificates Chapter 19 : Working W ith VP Ns 669 The certificate is expor ted as a *.p12 f ile and saved to the spe cified directory . Note: This fil e contains the gatew ay' s private key, w hich is co nfidential an d must not be passed to unauth orized us ers.
Viewing VP N Tunnels 670 Check Poi nt Safe@Office User Guide Viewing VPN Tunnels You can view a list of currently estab lished VPN tunnels. VPN tunnels are create d and closed a s follows: • Remote .
V iewing VPN T unnels Chapter 19 : Working W ith VP Ns 671 Th e V PN Tunnels page ap pears with a table of o pen VPN tunnels. Th e VPN Tunnels page incl udes the inf orm ation described in the f ollowing table. 2. To resize a colum n, drag the relevant colum n divider rig ht or left.
Viewing VP N Tunnels 672 Check Poi nt Safe@Office User Guide This field … Displays… Des tina ti on The IP address or address r ange of t he entity t o which t he tunnel is connected. The entity 's type is indicated by an ic on. See VPN Tunnel Ic ons on pag e 672 .
Viewing IKE Traces for VPN Connecti ons Chapter 19 : Working W ith VP Ns 673 This icon… Repr esent s… A networ k for which an IKE Ph ase - 2 tunnel w as negot iated A Remote Access VPN Server A Si.
Viewing VP N Topology 674 Check Poi nt Safe@Office User Guide To view the IKE tr ace for a connectio n 1. Establish a VPN tunnel to the VPN site wi th which you are experi encing connection problem s. For inform ation on when and how VPN tunnels are established, see Vi ew in g VP N T unnels on page 670.
V iewing VPN T opology Chapter 19 : Working W ith VP Ns 675 Th e VPN Topology pag e appears di splay ing a tree o f VPN sites to which t he appl iance is connec ted. 3. To view to polo gy inform atio n for a VPN s ite, in the tre e, cl ick the VPN s ite' s name.
Viewing VP N Topology 676 Check Poi nt Safe@Office User Guide Table 141 : V PN Topology Page Fields This field … Displays… Split DNS The VPN site's split D NS mappings. When split D NS is conf igured f or a VPN s ite, cert ain domain suffix es are mapped to co rporate D NS ser vers.
Changing Your Login Credentials Chapt er 20 : Managing Users 677 Chapter 20 This chapter des cribes how to manag e Safe@O ffice ap pliance use rs. You can defi ne multiple users, set th eir passwords, and ass ign them v ari ous perm issions. This ch apter in clud es the fo llow ing topics: Chan ging Yo ur Logi n Cred ent ials .
Changing Your Login Credentials 678 Check Poi nt Safe@Office User Guide Th e Internal Users p age app ears. 2. In the row of your u sername, click E d it .
Changing Your Login Credentials Chapter 20 : M anaging Users 679 Th e Account Wizard opens display ing the Set User Details di alog box. 3. Edit the Us ername f ield. 4. Edit the Pa ssword and Conf irm password field s. Note: Use 5 to 25 charact ers (lett ers or numb ers) for t he new pas sword.
Adding and Editing Users 680 Check Poi nt Safe@Office User Guide Th e Set User P ermissi ons dialog box appears. 6. Click Finish . Your chan ges are sav ed.
Adding and Editing Users Chapter 20 : Managing Users 681 Th e Account Wizard opens display ing the Set User Details di alog box. 3. Complete the fields u sing the information i n Set User Details F ields on page 682. 4. Click Next . Th e Set User P ermission s dialog box appe ars.
Adding and Editing Users 682 Check Poi nt Safe@Office User Guide The option s that app ear on the pag e are depen dant on the softwa re and se rvices y ou are using . 5. Complete the fields u sing the information i n Set User Permission s Fields on page 683.
Adding and Editing Users Chapter 20 : Managing Users 683 Table 143 : S et User Perm issions Fi elds In thi s fi eld... Do thi s... Administr ator Level Select the us er’s level of acce ss to the Saf e@Office P ortal. The levels are: • No Access : The user cannot access th e Safe@O ffice Por tal.
Adding Quick Guest HotSpot Users 684 Check Poi nt Safe@Office User Guide Remote Des ktop Access Select thi s option to allow the user t o log in to t he my.fir ewall por tal, view the My Computers page, and remote ly acces s computer s' desktop s, using the Remote D esktop f eature.
Adding Quick Guest HotSpot Users Chapter 20 : Managing Users 685 A dd ing Quick Guest HotS pot Users The Safe@ Office appliance provides a shortcu t for qu ickly adding a g uest HotSpo t user. This is u seful in s ituations where y ou want to g rant te mpo rary network access to guests, for example in an I ntern et caf י .
Viewing and Deleting Users 686 Check Poi nt Safe@Office User Guide Th e Account Wizard opens display ing the Save Quic k Guest dialog box. 3. In the Expir es field, cl ick on the arrows t o specify the expi ration dat e and tim e. 4. To print the user de tails, cl ick Print .
Set ting Up Remote VPN Access f or Users Chapter 20 : Managing Users 687 a) In the desired u ser’s row , click . A confirm ation m essage appear s. b) Click OK . Th e user is d elet ed. 3. To delete all expi red users, do the following: a) Click Clear Expired .
Using RADIUS Authenticat ion 688 Check Poi nt Safe@Office User Guide Using R A DIUS Authentication You can u se Rem ote Aut henticat ion Dial- I n User Servi ce (RADI US) to auth entica te both Safe@Off ice appli ance use rs and Rem ote Access VPN Clients try ing to conn ect to the Safe@Off ice appli ance.
Using RADIUS Authentication Chapter 20 : Managing Users 689 to analyz e RADI US accounting data an d genera te perfo rmance repo rts for Se cure HotSpot usage. Note: You can c onfigure t he Safe@ Office app liance to send acco unting infor mation to the RADIU S server t hrough out the en tire sessi on.
Using RA DIUS Au thentication 690 Check Poi nt Safe@Office User Guide 2. Com plete th e fie lds u sing the fo llow ing table. 3. Click Apply . 4. To restore the defau lt RADIUS settings, do the follow ing: a) Click Default . A confirm ation m essage appear s.
Using RADIUS Authentication Chapter 20 : Managing Users 691 In this fiel d… Do thi s… Realm If your organizat ion uses RA DIUS r ealms, type the realm t o append to RADIUS requests.
Using RADIUS Authenticat ion 692 Check P oint Safe@ Offi ce User Guide In this fiel d… Do thi s… Administr ator Level Select the lev el of acc ess to th e Safe@Offi ce Portal to assig n to all users authent icated by the RA DIUS serv er. The levels are: • No Access : The user cannot access th e Safe@O ffice Por tal.
Using RADIUS Authentication Chapter 20 : Managing Users 693 In this fiel d… Do thi s… Remote Des ktop Access Select thi s option to allow all users auth enticated by the RAD IUS serv er to log in t o the my.f irewall por tal, v iew the Active Computer s page, and remotely ac cess co mputers' d esktops, u sing the Remo te Deskto p feature.
Configuring RADIUS Attributes 694 Check Poi nt Safe@Office Us er Guide Configuring R A DIUS A ttributes To configure a ti meout for Secure HotS pot sessions • Set the Se ssion - Timeout Attribute (attribute 27 ) to the num ber of seconds after which users should b e autom atically logged out from the hotspot.
Configuring RADI US Attributes Chapter 20 : Managing Users 695 Table 145 : V SA Sy ntax Permission Description Attrib ute Number Attribu te Format Attribute V alues No tes Admin Indicates th e administrat or’s level of ac cess to the Safe@O ffice Portal 1 Strin g none.
Configuring RADIUS Attributes 696 Check Poi nt Safe@Office User Guide Permission Description Attrib ute Number Attribu te Format Attribute V alues No tes VPN Indicates w hether the user can access the network fr om a Remote Acc ess VPN Clien t. 2 Strin g true.
Configuring RADI US Attributes Chapter 20 : Managing Users 697 Permission Description Attrib ute Number Attribu te Format Attribute V alues No tes RemoteDe sktop Indicates w hether the user can remotely ac cess computers' desktops, u sing the Remote Desktop fe ature.
.
Overvie w Chapter 21 : Us in g Rem ot e D esk top 699 Chapter 21 This chap ter descr ibes how to rem otely acce ss the desk top of ea ch of y our computers, using the Safe@O ffice appl iance' s Remote Desk top fea ture. This ch apter in clud es the fo llow ing topics: Overvi e w .
W ork fl ow 700 Check Poi nt Safe@Office User Guide Workflow To u se Remote Des ktop 1. Configure Rem ote Desktop. See Con figur ing R emo te D eskto p on pa ge 701. 2. Enable the Rem ot e Deskto p server on compute rs that authorized u sers sh ould be allowed to rem otely access.
C onfiguring Rem ote Desktop Chapter 21 : Us in g Rem ot e D esk top 701 Configuring Remote Desktop To configure Re mote Desktop 1. Click Setup in the m ain menu, and click the Remote D esktop tab. Th e Remote Desktop pag e appear s. 2. Do one of the follow ing: • To enable Rem ote Desk top, sel ect the A llow remote d esktop acces s check box.
Configuring Remot e Desktop 702 Check Poi nt Safe@Office User Guide New fields appear. • To disable Rem ote Desk top, cle ar the Allo w remote des ktop acces s check box. Fields d isappear. 3. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
C onfiguring Rem ote Desktop Chapter 21 : Us in g Rem ot e D esk top 703 Table 146 : Remote Desktop Options In this fiel d… Do thi s… Sharing Share loca l drives Select thi s option to allow the host co mputer to access har d drives o n the client c omputer.
Configuring the Host Comput er 704 Check Poi nt Safe@Office User Guide Configuring the Host Computer To enable remote users to conne ct to a c ompute r, you must enable the Rem ote Desktop server on that com puter.
Configuring the Host Comput er Chapter 21 : Us in g Rem ot e D esk top 705 Th e Remote tab appears. 5. Selec t the Allo w users to connect remotely to this comp uter check box. 6. Click Select Remot e Users . Th e Remote Desk top User s dialog box appear s.
Configuring the Host Comput er 706 Check Poi nt Safe@Office User Guide Th e Select User s dialog bo x appears. b. Type the desi red user' s user name in the text box. Th e Check Name s button is enabled. c. Click Check N ames . d. Click OK . Th e Remote Desk top User s dialog box reappe ars with the desired us er's usernam e.
Accessing a Remote Computer's Desktop Chapter 21 : Using Remote Des kt op 707 A ccessing a Remote Compu ter's Deskt op Note: The client computer must meet the fol lowing requir ements: • Microsoft In ternet Ex plorer 6.0 or later • A working In ternet c onnection To access a remot e comp uter's des ktop 1.
Accessing a Remote Computer's Desktop 708 Check Poi nt Safe@Office User Guide • T he Remote Desktop Connection Security Warning dialog box appears. 3. Select the desired conn ection options. The available options de pend on your Rem ote Desktop conf iguration.
Accessing a Remote Computer's Desktop Chapter 21 : Us in g Rem ot e D esk top 709 You can use the following k eyboard shortcuts during the Remote Desktop sess ion: Table 147 : Remote Desktop Keyb.
.
Overvie w Chapter 22 : Controlling t he Appliance via the Command Line 711 Chapter 22 This chapter descr ibes various ways of c ontrolling y our Safe@Office appliance t hrough the comm and line. This ch apter in clud es the fo llow ing topics: Overvi e w .
Using the Safe@Office Portal 712 Check Poi nt Safe@Office User Guide Using th e Saf e@Off ice Po rtal You can c ontrol your applian ce via the S afe@Of fice Porta l's com mand line interf ace. To control the ap pliance via the S afe@Office P ortal 1.
Using the Safe@Office Portal Chapter 22 : Controlling t he Appliance via the Command Line 713 Th e Command Line pag e appear s. 3. In the upper field, ty pe a comm and. You can view a list of supported com mands using the com mand help . For inform ation on all comm ands, refer to the Embedd ed NGX C LI Reference G uid e .
Using the Serial Console 714 Check Poi nt Safe@Office User Guide Using the Serial Console You can connect a cons ole to the Sa fe@Office applian ce, and use the console to control the applian ce via the comm an d line.
Using the Serial Console Chapter 22 : Controlling t he Appliance via the Command Line 715 Th e Ports page ap pears. 3. Next to the Serial port, c li ck Edit .
Using the Serial Console 716 Check Poi nt Safe@Office User G uide Th e Port Setup pag e appears. 4. In the Assign to drop- down list, select Console . 5. In the Port Speed drop- down list, select th e Serial po rt's spe ed (in bits pe r second). The Seria l port' s speed mus t match th at of the a ttached serial con sole.
Configuring SSH Chapter 22 : Controlling t he Appliance via the Command Line 717 Configuring SSH Safe@Off ice appli ance use rs can contr ol the app liance via the com mand line, usin g the SSH (Secu re Shel l) manag ement proto col. You can enable u sers to d o so v ia the I nternet, by config uring rem ote SSH access.
Configuring SSH 718 Check Poi nt Safe@Office User Guide If you selected Internal Networks + IP Range , add itional fields appear. 3. If you selected Internal Net works + IP Range , enter the desired IP address range in the fields provided. 4. Click Apply .
Configuring SSH Chapter 22 : Controlling t he Appliance via the Command Line 719 Table 1 48 : S SH Access Options Select this option… To allow access from … Internal Net works The internal n etwork on ly. This disabl es remote a ccess c apability.
Viewing Firmware Stat us 720 Check Poi nt Safe@Office Us er Guide Chapter 23 This chap ter descr ibes the t asks requ ired for m aintenan ce and diag nosis o f your Safe@Off ice appli ance. This ch apter in clud es the fo llow ing topics: Viewing Firm ware Stat us .
Viewing Firmware Stat us Chapter 23 : Maintenanc e 721 Th e Firmware pag e appears . Th e Firmware page dis plays the following information: Table 149 : F irmware Statu s Fields This field … Display.
Upgrading Your Software Product 722 Check Poi nt Safe@Office User Guide This field … Displays… For exam ple… Uptime T he time that elapsed from the moment t he unit w as turned on 01:21:15 Ha rd.
Upgrading Your Software Product Chapter 23 : Maintenanc e 723 Th e Safe@Office Licensing Wizar d opens, with the Install P r oduct Key dialog box displayed . 3. Click Enter a different Product K ey . 4. In the Product Key field, enter the new Product Key.
Configuring a Gateway Hostnam e 724 Check Poi nt Safe@Office User Guide 6. Click Finish . Configuring a Gateway H ostname You can d efine a gat eway hostnam e fo r the Safe@ Office app liance .
Configuring Syslog Loggi ng Chapter 23 : Maintenanc e 725 The Gateway Na me page ap pears. 3. In the Gateway Name field, ty pe the desired hostnam e. 4. To reset the gateway hostna me to the de fault v alue (th e applian ce's MA C add res s), cl ic k Default .
Configuring Syslog Loggi ng 726 Check Poi nt Safe@Office User Guide Configuring Syslog Logging You can c onfigure t he Safe @Office app liance to send ev ent logs to a Syslog server residing in your in ternal network or on the Internet. The log s detail the date and the time each even t occurred .
Configuring Syslog Loggi ng Chapter 23 : Maintenanc e 727 Th e Logging pag e appears. 2. Com plete th e fie lds u sing the in form atio n in th e fo llo wing table.
Configuring HTTPS 728 Check Poi nt Safe@Office User Guide Configuring HTTPS You can e nable Sa fe@Offi ce appliance users to access the Safe@O ffice Por tal fro m the Internet. To do so, you m ust first config ure HTTPS. Note: Configur ing HTT PS is equivalent to creat ing a sim ple Allow rule, w here the destination is This Gateway .
Configuring HTTPS Chapter 23 : Maintenanc e 729 2. Specify from wh ere HTTPS access to t he Safe@ Office Po rtal should b e granted. See Access O ption s on page 730 for information.
Configuring SNMP 730 Check Poi nt Safe@Office User Guide Table 151 : Access Options Select this option… To allow access fro m… Internal Net works The internal n etwork on ly. This disabl es remote a ccess c apability. T his is the default. Internal Net works + VPN The intern al netw ork and your VPN.
Configuring SNMP Chapter 23 : Maintenanc e 731 • IP - M IB All SNMP access is rea d- only. Note: Configuring SNM P is equiv alent to creat ing a simp le All ow rule, w here the destination is This Gateway .
Configuring SNMP 732 Check Poi nt Safe@Office User Guide 3. If you selected Internal Net works + IP Range , enter the desired I P address range in the fields provided.
Configuring SNMP Chapter 23 : Maintenanc e 733 If you selected th e Send SNMP Traps ch eck box, additio nal fields ap pear. 6. Click Apply . The SNMP conf iguration is saved. 7. Config ure the SN MP c lient s with the SNMP com mu nity str ing . Table 152 : Advanced SNMP Settings In thi s fi eld.
Setting the Time on the Appliance 734 Check Poi nt Safe@Office User Guide In thi s fi eld... Do thi s… SNMP Port T ype the port t o use for SNM P. The defau lt port i s 161. Send SNM P Traps S elect this o ption to ena ble sending SNM P traps. An SNM P trap i s a notification sent fro m one appl ication t o another.
Setting the Time on the Appliance Chapter 23 : Maintenanc e 735 Setting the Time on the A ppliance You set the tim e displ ayed in the S afe@ Off ice Po rtal d uring in itial a ppli ance setup . I f desired, you can ch ange the date and tim e using the procedure be low.
Setting the Time on the Appliance 736 Check Poi nt Safe@Office User Guide The following thing s happen in the orde r below: • If y ou selected Specify date and time , the Specify Date and Time dialog box appears. Set the date, tim e, and time z one in the fields provided, then click Next .
Setting the Time on the Appliance Chapter 23 : Maintenanc e 737 • T he Date and Time Updated screen a ppears. 5. Click Finish . Table 153 : S et T ime Wizard F ields Select this option … To do the following… Your comp uter 's clo ck Set the appliance time to y our computer ’s syste m time.
Using Diagnostic T ools 738 Check Poi nt Safe@Office User Guide Table 154 : T ime Se rvers Field s In this fiel d… Do thi s… Primary S erver Type the IP address of the Pri mary NT P server. Secondary Server Ty pe the IP addres s of the S econdary NTP serv er.
Us ing Diagnostic Tools Ch apter 23 : Maintenanc e 739 Use thi s tool… To do this… For inf ormation, s ee... Packet Sni ffer Capture netw ork traf fic. This informat ion is useful tro ubleshoot ing netw ork probl ems. Us ing Packet Sniffer on page 741 Using I P Tools To use an IP tool 1.
Using Diagnostic T ools 740 Check Poi nt Safe@Office User Guide The IP Tools window op ens and displays a l ist o f route rs used to m ak e the connection. • If you selected WHOIS , the following things happ en: The Safe@ Office appliance queries the In ternet WHOI S server.
Us ing Diagnostic Tools Chapter 23 : Maintenanc e 741 Table 156 : I P Tools Fiel ds In this fiel d… Do thi s… Tool Select the de sired tool. Source Address Select the IP addre ss from w hich the pa ckets sh ould origina te. T his can be any of t he follow ing: • Au to .
Using Diagnostic T ools 742 Check Poi nt Safe@Office User Guide direction will be ind icated by i (input) or o (outp ut). To use Packet S niffer 1. Click Setup in the m ain menu, and click the Tools tab. Th e Tools p ag e appears. 2. Click Sniffer . Th e Packet Sniff er window opens.
Us ing Diagnostic Tools Chapter 23 : Maintenanc e 743 7. Browse to a destin ation dir ectory of y our choic e. 8. Type a nam e for the configuration file and click S ave . The *.cap file is cr eated and sav ed to the specifie d directo ry. 9. Click Cancel to close the Packet Sniffer window.
Using Diagnostic To ols 744 Check Poi nt Safe@Office User Guide Filte r Stri ng Syntax The follow ing rep resents a list of ba sic filter string el em ents: • and on page 744 • dst on p age 745 .
Us ing Diagnostic Tools Chapter 23 : Maintenanc e 745 E XAM PL E The fo llow ing f ilter s trin g s ave s p ackets tha t both o riginate fr om I P address is 192.168.10.1 and ar e destined for po rt 80: src 192.168.10.1 and dst port 80 dst P URPOSE Th e dst elem ent captures all pack ets with a specific destinati on.
Using Diagnostic T ools 746 Check Poi nt Safe@Office User Guide P ARAMETERS port Integer. T he port to w hich the packet is sent. E XAM PL E The fo llow ing f ilter s trin g s aves p acke ts tha t are.
Us ing Diagnostic Tools Chapter 23 : Maintenanc e 747 host P URPOSE Th e host elem ent capture s all incom ing an d outgoin g pack ets for a spec ific co mputer. S YNT AX host host P ARAMETERS host IP Address or String. The com puter to/fro m which t he packet is sent.
Using Diagnostic T ools 748 Check Poi nt Safe@Office User Guide or P URPOSE Th e or elem ent is used to alterna te betwe en str ing elem ents. The fil tered pack ets m ust match at least one of the fil ter string elements. S YNT AX element or e lement [ or element.
Us ing Di agnost ic Tools Chapter 23 : Maintenanc e 749 E XAM PL E The fo llow ing f ilter s tr ing saves all packet s that either origina ted from port 80, or are de sti ne d for por t 80 : port 80 src P URPOSE Th e src elem ent captures all pack ets with a specific source.
Using Diagnostic T ools 750 Check Poi nt Safe@Office User Guide P ARAMETERS port Integer. T he port fr om which t he packet i s sen t. E XAM PL E The fo llow ing f ilter s trin g s aves p acke ts tha t orig ina ted from po rt 80: src port 80 tcp P URPOSE Th e tcp elem ent captures all TCP packets.
Us ing Diagnostic Tools Chapter 23 : Maintenanc e 751 E XAMPLE 1 The fo llow ing f ilter s trin g c apture s al l TCP p ack ets: tcp E XAMPLE 2 The fo llow ing f ilter s trin g c apture s al l TCP p ack ets de stin ed fo r port 80: tcp dst port 80 udp P URPOSE Th e udp elem ent captures all UDP p ackets.
Backing Up and Restoring the Safe@Office Appliance Configurat ion 752 Check Poi nt Safe@Office User Guide E XAMPLE 1 The follow ing filt er string captures all UDP packets: udp E XA MPLE 2 The followi.
Backing Up and Restoring the Safe@Office Appli ance Configuration Chapter 23 : Maintenanc e 753 Back ing Up the Applianc e Configura tion Exporting the A ppliance Configuration to Your Computer To export the S afe@Office appl iance configurati on to your compu ter 1.
Backing Up and Restoring the Safe@Office Appli ance Configuration 754 Check Poi nt Safe@Office User Guide Backing Up the A pplianc e Configuration to a USB Flash Drive The USB flash driv e must have at leas t 64MB of free space . Note: Some USB flash driv es may not be support ed by the applianc e.
Backing Up and Restoring the Safe@Office Appli ance Configuration Chapter 23 : Maintenanc e 755 The Safe@ Office appliance creates th e folder <MACAd dress> on the USB flash drive, where <MACAddress> is the appl iance' s MAC addre ss, and wr ites the follow ing files to th is fol de r: • embeddedngx.
Backing Up and Restoring the Safe@Office Appliance Configurat ion 756 Check Poi nt Safe@Office User Guide Rest oring t he Applianc e Configur ation Importing the A ppliance Configuration from Your Computer To import the appl iance configur ation from y our computer 1.
Backing Up and Restoring the Safe@Office Appli ance Configuration Chapter 23 : Maintenanc e 757 4. Click Upload . A co nfirmation m essage ap pears. 5. Click OK . The Safe@ Office appliance settings a re im ported. Th e Import Settings page di splays the configuration file' s content and the result of implementing each c onfiguration comm and.
Backing Up and Restoring the Safe@Office Appliance Configurat i on 758 Check Poi nt Safe@Office User Guide Restoring the A ppliance Configuration from a USB Flash Dri ve To restore th e appliance configuration fr om a USB flash drive 1. Connect a USB flas h drive to one of your S afe@Office appl iance's USB ports.
Using Rapid Deployment Chapter 23 : Maintenanc e 759 Note: If the appliance's IP addr ess change d as a resu lt of the conf iguratio n import, your comput er may be d isconnect ed from t he netw ork; there fore you may not be able to see t he resu lts.
Using Rapid Deployment 760 Check Poi nt Safe@Office User Guide Prepa ring the USB Flash D rive for Ra pid Deploy ment Before perform ing a rapid deploym ent, you must load the USB f lash drive with the file s you want to insta ll on the appliance(s). To prepare th e USB flash drive 1.
Using Rapid Deployment Chapter 23 : Maintenanc e 761 Table 158 : R apid Dep loyment File Nam es This file. .. Shoul d be nam ed... The primary firmw are primary.firm / primary.img The backup f irmware secondary.firm / secondary.img The configur a tio n file embeddedngx.
Resetti ng the Safe@Office Appliance to Defaults 762 Check Poi nt Safe@Office User Guide • If t he deploy folder exist s, the app liance loa ds shar ed settin gs f rom it . The appliance t hen load s its pri vate setting s from the folde r named af ter its MAC address.
Resetti ng the Safe@Office Appliance to Defaults Chapter 23 : Maintenanc e 763 When res etting th e applian ce via the S afe@Off ice Por tal, you can ch oose to k eep the current firm ware or to revert to the firm ware versi on t hat shipp ed with t he Safe@ Office appliance.
Resetti ng the Safe@Office Appliance to Defaults 764 Check Poi nt Safe@Office User Guide • T he Please Wait sc reen app ears. • The Safe@O ffice appl iance retu rns to it s factory defaults. • The Safe@O ffice appl iance is res tarted. This may take a few m inutes.
Running Diagnos tics Chapter 23 : Maintenanc e 765 Running Diagnostics You can view techn ical information about y our Safe@Office appl iance’s hardw ar e, firmware, license, network status, and Service Center. This information is u seful for troubles hooting.
Rebooting the Safe@Offic e Appliance 766 Check Poi nt Safe@ Office User Guide Rebooting the Safe@Office Appliance If your Safe@Offic e appliance is no t functioning properly, re booting it m ay solve the problem. To reboot the Sa fe@ Offic e applian ce 1.
Overvie w Chapter 24 : Using Net work Printers 767 Chapter 24 This chap ter descr ibes how to set up and use n etwork p rinters. This ch apter in clud es the fo llow ing topics: Overvi e w ..............................................................
Setting Up Network Printers 768 Check Poi nt Safe@Office User Guide Setting Up Network Printers To set up a network pr inter 1. Connect the network printer to the S afe@Office applia nce. See Con nectin g th e App lia nce to N etwo rk P rinte rs on pa ge 103.
Setting Up Network Printers Chapter 24 : Using Net work Printers 769 Th e USB D evices page ap pears. I f the Safe@ Office a ppliance d etected the prin ter, the printer i s listed on the page. If the printer is no t listed, check tha t you connected the pr inter co rrectly , then click Refresh to r efresh th e page.
Setting Up Network Printers 770 Check Poi nt Safe@Office User Guide Th e Printer Setup pag e appears. 6. Write down the po rt number allocated to the printer. The port number appea rs in the Printer Serve r TCP Port field. You will ne ed thi s number later, when co nfiguring com puters to use the n etwork printer.
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 771 See Conf iguring Co mpute rs to Use Ne twork P rinters on page 771.
Configuring Comput ers to Use Netw ork Printers 772 C heck Point S afe@Office User Guide Th e Control Panel window opens. 3. Under Hardware and Sound , click Printer .
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 773 Th e Printers screen appear s. 4. Click Add a printer . Th e Add Printer wizard op ens displaying the Choose a local or network pr inter sc reen . 5. Click Add a local printer .
Configuring Comput ers to Use Netw ork Printers 774 Check Poi nt Safe@Office User Guide Th e Choose a printer port dialog box appears. 7. Click Create a new port . 8. In the Type of port drop -down list, select Standard TCP/IP Port . 9. Click Next . Th e Type a printer hostname or IP address dialog box appear s.
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 7 75 12. In t h e Port name field, t ype the port name. 13. Selec t the Query the printer and automatically select the driver to use ch eck box.
Configuring Comput ers to Use Netw ork Printers 776 Check Poi nt Safe@Office User Guide Th e Configure Standard TC P/IP Port Monitor dialog box opens. 3) In the Protocol area, m ake sure tha t Raw is selected. 4) In the Port Number field, type the pr inter's port num ber, as shown in the Print ers pa ge.
Configuring Comput ers to Use Netw ork Print ers Chapter 24 : Using Net work Printers 777 • If your printer does not app ear in the lists, insert the C D that came w ith your pr inte r in th e com puter' s C D -RO M drive, and click Have D isk .
Configuring Comput ers to Use Netw ork Printers 778 Check Poi nt Safe@Office User Guide Windows 2 000/ XP This procedure is re levant for compute rs with a Window s 2000/XP ope rat ing sy stem.
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 779 Th e Local or Network Printe r dialog box appears. 6. Click Local printer attached to this computer . Note: Do not select the Automatically detect and i nstall my P lug and Play printer check box.
Configuring Comput ers to Use Netw ork Prin ters 780 Check Poi nt Safe@Office User Guide Th e Add Standard TCP/IP P ort Wizard opens with the W elcome d ialog box display ed. 11. Clic k Next . Th e Add Port dialog box ap pears. 12. I n the Printer Name or IP Address fiel d, type th e Safe@ Office ap pliance' s LAN IP address, or "m y.
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 781 Th e Add Standard TCP/IP Printer Port Wizard opens, with the Additio nal Port Information Required dialog box displayed. 14. Clic k Custom . 15. Clic k Settings .
Configuring Comput ers to Use Netw ork Printers 782 Check Poi nt Safe@Office User Guide 19. Clic k Next . Th e Completing the Add Sta ndard TCP/IP Printer Port Wizard dialog box appears. 20. Clic k Finish . Th e Add Printer Wizard reap pears, wi th the Install Printe r Software dialog box displayed .
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work P rinters 783 The printer appears in the Print ers and Faxes w indow. 24. Ri ght - click the printer and click Properties in the po pup m enu. The printer's Pr operties dialog box opens.
Configuring Comput ers to Use Netw ork Printers 784 Check Poi nt Safe@Office User Guide MAC OS -X This proc edure is re levan t f or computers with the latest v ersion of the MAC OS- X operating sy stem. Note: This procedure may n ot apply t o earlier M AC O S - X versions.
Conf iguring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 785 Th e Print & Fax window ap pears. 5. In the Printing tab, click Set Up Printers .
Configuring Comput ers to Use Netw ork Printers 786 Check Poi nt Safe@Office User Guide New fields appe ar. 7. In the first drop- down list, sele ct IP Printing . 8. In t h e Printer Type drop-down list, sel ect Socket/HP Jet Direc t . 9. In the Printer Addr ess field, type the S afe@ Office app liance' s LAN I P address, or "m y.
Configuring Comput ers to Use Netw ork Printers Chapter 24 : Using Net work Printers 787 A list of m odels app ears. 12. I n the Model Name list, select the de sired mode l. 13. Clic k Add . The new p rinter app ears in the Printer List window. 14. I n the Printer List window, select the newly added printer, and click Make Default .
Viewing Network Printers 788 Check Poi nt Safe@Office User Guide Viewing Netw ork Printers To view network pri nters 1. Click Network in th e m ain m enu, and click the Ports tab . Th e Ports page ap pears. 2. Next to USB , click Edit . Th e USB D evices page ap pears, d isplaying a list of connected p rinte rs.
Changing Network Printer Ports Chapter 24 : Using Net work Printers 789 Changing Network Printer Por ts When you set up a new n etwork printer, the Safe@ Off ice applian ce autom atically assigns a port number to th e printer.
Resetti ng Network Printers 790 Check Poi nt Safe@Office User G uide Resetting Network Printers You can cause a network printer to restar t the current print job, by resetting the ne twork printer. You m ay want to do this if the p rint job has stalled.
Connectivit y Chapter 25 : Troubleshooti ng 791 Chapter 25 This chapter provide s solutions to comm on problem s you may encounter while us ing the Safe@Off ice appli ance. Note: For information on tr oubl eshooting w ireless connectivit y, see Troubleshooti ng Wireless C onnectivit y on page 342 .
Connectivit y 792 Check Poi nt Safe@Office User Guide • Check if you have de fined firewall rules wh ich block your I nternet connectivity . • Check w ith your I SP for po ssible serv ice outag e. • Check whether y ou are exceeding the m aximum num ber of computers allowed by your license, by v iewing the My Computers page.
Connectivit y Chapter 25 : Troubleshooti n g 793 I cannot access http://my.firewall or http://my.vpn. Wh at should I do? • Verify that the Saf e@Offic e applian ce is oper ating. • Check if the LED for the LAN port used by your compute r is green.
Connectivit y 794 Check Poi nt Safe@Office User Guide I am using the Safe@Office appliance behind another NAT device, and I am having problems with some applications. What should I do? By defaul t, the Sa fe@Offic e appliance p erform s Netw ork Address Transl ation (NA T).
Service Center and Upgrades Chapter 25 : Troubleshooti ng 795 I cannot connect to the LAN network from the DMZ or primary WLAN network. What s hould I do? By default, connec tions from the DMZ or primary WLAN network to the LAN network are blocked. To al low traffic from the D MZ or prim ary WLAN to the LAN, con figure appropri ate firew all rules.
Other Problems 796 Check Poi nt Safe@Office User Guide Other Proble ms I have forgotten my passwor d. What should I do? Reset your S afe@ Office ap pliance to factory defaults using the R eset bu tton as det ailed in Resettin g the Saf e@Office Appliance to Defaul ts on pa ge 762.
Technical S pecifications Chapter 26 : Specificati ons 797 Chapter 26 This ch apter in clud es the fo llow ing topics: Technical Specifications .......................................................................... 797 CE Dec larati on of Conf ormity .
Technical S pecifications 798 Check Poi nt S afe@O ffice User Guide Power A dapter Nomin al Output 12VDC @ 2 A 12VDC @ 2 A Max. Power Con s umpt ion 15W 20W (incl uding USB d evices) 15W 20W (incl udi.
Technical S pecifications Chapter 26 : Specificati ons 799 Non - ADSL Model At tributes Table 160 : S afe @Office Non - ADSL Model A ttributes Attribute Safe@Office 1000N SBXN - 100 - 1 Safe@Office 1000NW SBX NW - 100 -1 Physical Att ributes Dimen sions (width x height x depth) 20 x 3.
Technical S pecifications 800 Check Poi nt Safe@Office User Guide Humidity: Storage/Op eration 10 ~ 90% / 10 ~ 90% (non - cond ensed) 10 ~ 90% / 10 ~ 90% (non - cond ensed) Applicable S tandards Safet.
Technical S pecifications Chapter 26 : Specificati ons 801 Wireles s A ttrib utes Table 161 : S afe@Of fice Wireless Attributes Attribute Safe@Office 1000NW SBX NW - 1 00 -1 Safe@Office 1000NW ADSL SBXN WDE - 10 0 -2 Operation F requency 2.412 - 2. 484 M Hz Transmissi on Power Mode dBm mW 802.
Technical S pecifications 802 Check Poi nt Safe@Office User Guide Safe@O ffice 500 and 500W Table 162 : S afe@Offic e ADSL Models Attributes Attribute Safe@Off ice 500 ADSL SBXD -166LHGE -5 Safe@Office 500W ADSL SBXWD - 166LHGE -5 Physical Att ributes Dimen sions (width x height x depth) 200 x 33 x 122 mm (7.
Technical S pecifications Chapter 26 : Specificati ons 803 Temperatur e: Opera tion 0÷C ~ 40÷C 0÷C ~ 4 0÷C Humidity: Storage/Op eration 10 ~ 95% / 10 ~ 90% (non - cond ensed) 10 ~ 95% / 10 ~ 90% (.
Technical S pecifications 804 Check Poi nt Safe@Office User Guide 5V Power Adapter Unit Power A dapter Nomin al In put In: 100~24 0VAC @ 0.5A In: 100~240V AC @ 0.5A Power A dapter Nomin al Output 9VAC @ 1.5 A OR: 12VDC @ 1.5 A 12VDC @ 1.5 A Max. Power Consumpti on 4.
Technical S pecifications Chapter 26 : Specificat ions 805 RF N/A FCC15C,TELCO Table 164 : Table 165 : S afe@Of fice Non - ADSL Models A ttributes Attribute Safe@Office 500 SBX - 166LHGE -6 Safe@Office 500W SBXW -16 6LHGE-6 Physical Attrib utes Dimen sions (width x height x depth) 200 x 32 x 128 mm (7.
Technical S pecifications 806 Check Poi nt Safe@Office User Guide Temperatur e: Opera tion 0ºC ~ 40ºC 0ºC ~ 40ºC Humidity: Storage/Op eration 10% ~ 85% (non - cond ensed) 10% ~ 85% (non - cond ens.
CE Declaration of Conformity Chapter 26 : Specificati ons 807 DBPSK WPA Authe ntication Modes EAP- TLS, EAP - TTLS, PEAP (EAP - GTC), PEAP (EAP - MSCHAP V2) CE Declaration of Conformity CE Check Point is comm itted to protecting th e environm ent.
CE Declaration of Conformity 808 Check Poi nt Safe@Office User Guide Table 167 : S afe@O ffice CE Complianc e Standards Attribute 500 500 ADSL 500W ADSL 500W H/W Model SBX- 166LHGE -5 SBX- 166LHGE -5 .
CE Declaration of Conformity Chapter 26 : Specificati ons 809 Attribute 500 500 ADSL 500W ADSL 500W ETSI TS 101 388 V V ITU - T G.703 V V ITU - T G.704 V V RF: V EN 300 328 V EN 301 489 - 1 V EN 301 4.
CE Declaration of Conformity 810 Check Poi nt Safe@Office User Guide Attribute 1000N 1000NW 1000N ADS L 1000NW AD SL EN 61000 -3- 2 V V V V EN 61000 -3- 3 V V V V EN 55024 V V V V CISPR 22 V V V V Safety: EN 60950 V V V V IEC 60950 V V V V Telecom: TBR2 1 V V ITU - T G.
CE Declaration of Conformity Chapter 26 : Specificati ons 811 Attribute 1000N 1000NW 1000N ADS L 1000NW AD SL EN 300 328 V V EN 301 48 9- 1 V V EN 301 489 - 17 V V EN 50385 V V The "CE" m ar.
CE Declaration of Conformity 812 Check Poi nt Safe@Office User Guide This d evic e com plies with Part 15 of the FC C Ru les. Opera tion is sub jec t to th e follo win g two cond itions: (1) this dev .
CE Declaration of Conformity Chapter 26 : Specificati ons 813 Attribute 500 500 ADSL 500W ADSL 500W C22.2 No. 60950 V V V V K60950 V V V V Telecom: FCC Part 68 V V TIA - 968 -A- 1, 2 & 3 V V CS - 03 Part I & VIII Issue 8 V V RF: FCC Part 15, Subpart C V IEEE C95.
CE Declaration of Conformity 814 Check Poi nt Safe@Office User Guide Attribute 1000N 1000NW 1000N ADS L 1000NW AD SL EMC: FCC Part 15, Class B V V V V CISPR 22 V V V V ICES - 003 V V V V ANSI C63.
CE Declaration of Conformity Chapter 26 : Specificati ons 815 China China RoHS, RoHS & WEEE Declaration and Certification These system s have been verified t o comply w ith the China RoHS and EU RoHS & WEEE Directives throughout the design, development and supply chain definition.
CE Declaration of Conformit y 816 Check Poi nt Safe@Office User Guide • Tributyl tin (TBT) and triphenyl tin (TP T) compounds Additional Mater ials Inform ation • The cable s may use PVC as an ins.
CE Declaration of Conformity Chapter 26 : Specificati ons 817 AC Mains O O O O O O Accessories O O O O O O Cables O O O O O O Table 172 : Onboard Components - Lead (Pb) Co mpon ent Na me Part Hazardou.
CE Declaration of Conformity 818 C heck Point S afe@Office User Guide Cryst al Lead (P b) 11800 Lead in high melting temperatur e type solder s (i.e. lead - based alloys contai ning 85 % by w eight or more le ad). (2005/747/EC ) 1 CAPACITO R Lead (Pb) 6551 Lead in electroni c ceramic part s (e.
Glossary of Terms Glossary of Terms 819 A ADSL Modem A device connecting a c omputer to the Internet via an exis ting phone line. ADS L (Asy mm etric Dig ita l Subs crib er Line) modem s offer a high- speed 'alw ays -on' connection.
Glossary of Terms 820 Check Poi nt Safe@Office User Guide D DHCP Any machine require s a unique I P address to connec t to the I nternet using Internet Protocol. D yna m ic Host Configuration Protoc ol (DHCP) is a communications prot ocol that assigns Internet Proto col (IP ) addresses to computers on the ne twork.
Glossar y of Terms Glossary of Terms 821 HTTPS Hypertext Transf er Protoco l over Sec ure Socket Layer, or HTTP over SSL. A protocol for acces sing a s ecure Web server.
Glossary of Terms 822 Check Poi nt Safe@Office User Guide M MAC Addres s The MAC ( Media Ac cess C ontrol) address is a com puter's unique ha rdw are number. When conne cted to the Internet from your com puter, a mapping relates your I P address to your com puter's physical ( MAC) add ress on the LAN.
Glossary of Terms Glossary of Terms 823 PPTP The Point- to -Point Tunneling Protocol (PPTP) a llows ex tending a local network by establ ishing pri vate “ tunnels” ov er the Internet. This protocol it is also u sed by som e DSL provider s as an alt ernativ e for PPPoE .
Glossary of Terms 824 Check Poi nt Safe@Office User Guide At the ot her end (the client program in your computer), TCP reassembles the indiv idual p ack ets a nd wa its un til th ey have arriv ed to forw ar d them to you as a single file.
Index Index 825 8 802.1x conf iguring for a wi reless n etwork • 309 conf iguring for ports • 411 excl uding n etwork objects fro m • 225 A Access Denied page c usto mizi ng • 57 8 account con.
Index 826 Check Poi nt Safe@Office User Guide certificate expla ined • 654 exporti ng • 663 exporti ng CA • 664 exporti ng dev ice • 663 generating self - sign ed • 655 import ing • 659 in.
Index Index 827 Email Antispam • 556 Email Antivirus • 556 enabl ing/di sabling • 557 selec ting pr otocols f or • 558 snooz ing • 559 tempor arily disablin g • 559 EoA conf iguring a conn.
Index 828 Check Poi nt S afe@O ffice User Guide conf iguring • 279 expla ined • 279 Host Port Scan • 481 HTTPS conf iguring • 724 explained • 819 using • 116 hub • 99, 189, 279 , 789, 8 .
Index Index 829 conf iguring • 608 LAN cable • 99 conf iguring a conn ection • 123 conf iguring High Ava ilabil ity for • 279 expla ined • 819 ports • 99 LAND • 459 licenses upgr ading .
Index 830 Check Poi nt Safe@Office User Guide Network Interface Monitor viewi ng br idge statistics • 370 viewi ng ge neral networ k stati sti cs • 360 viewi ng I nterne t co nnect ion s tati stic.
Index Index 831 conf iguring • 303 defin ed • 822 printers chang ing port s • 787 conf iguring computer s to us e • 769 resetting • 788 setti ng up • 766 using • 765 viewi ng • 78 6 Q .
Index 832 Check Poi nt Safe@Office User Guide NAT • 423 VStream Antis pam • 545 VStream Antivirus • 509 Web • 563 S Safe Senders adding • 553 deleting • 554 Safe@Office <OLD500><O.
Index In dex 833 setti ng the time • 73 2 setti ng up • 107 stat us • 343 technical specifications • 795 Safe@Office appliance configuration backi ng up t o a USB fl ash drive • 751 exporti .
Index 834 Check Poi nt Safe@Office User Guide Service Center conn ecting t o • 587 discon necting from • 595 refre shing a conne ction to • 594 service routing expla ined • 239 services Email .
Index Index 835 expla ined • 587 starting • 587 viewi ng in for matio n • 59 3 Sweep Scan • 481 SynDe fend er • 477 Syslo g log ging conf iguring • 722 expla ined • 722 T Tag - based VLA.
Index 836 Check Poi nt Safe@Office User Guide conf iguring • 509 virtua l access point s (V APs) about • 214 add ing and edit ing • 331 deleting • 221 VL AN adding and edi ting • 217 conf ig.
Een belangrijk punt na aankoop van elk apparaat Check Point Safe@Office 1000N ADSL (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Check Point Safe@Office 1000N ADSL heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Check Point Safe@Office 1000N ADSL vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Check Point Safe@Office 1000N ADSL leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Check Point Safe@Office 1000N ADSL krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Check Point Safe@Office 1000N ADSL bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Check Point Safe@Office 1000N ADSL kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Check Point Safe@Office 1000N ADSL . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.