GTA GB-200 Manuel utilisateur
GB-200
Firewall
APPLIANCE
Product
Guide
powered by
GNAT Box
System Software
Copyright
© 1996-2004, Global Technology Associates, Incorporated (GTA). All rights reserved.
Except as permitted under copyright law, no part of this manual may be reproduced or distributed in any
form or by any means without the prior permission of Global Technology Associates, Incorporated.
GB-200 Product Guide (Updated July 2004) July 2003
iTechnical Support
GTA includes 30 days “up and running” installation support from the date of purchase. See
GTA’s website for more information. GTA’s direct customers in the USA should call or email
GTA using the telephone and email address below. International customers should contact a
local GTA authorized channel partner.
Disclaimer
Neither GTA, nor its distributors and dealers, make any warranties or representations, either
expressed or implied, as to the software and documentation, including without limitation, the
condition of software and implied warranties of its merchantability or fitness for a particular
purpose. GTA shall not be liable for any lost profits or for any direct, indirect, incidental,
consequential or other damages suffered by licensee or others resulting from the use of the
program or arising out of any breach of warranty. GTA further reserves the right to make
changes to the specifications of the program and contents of the manual without obligation to
notify any person or organization of such changes.
Mention of third-party products is for informational purposes only and constitutes neither an
endorsement nor a recommendation for their use. GTA assumes no responsibility with regard
to the performance or use of these products.
Every effort has been made to ensure that the information in this manual is accurate. GTA is
not responsible for printing or clerical errors.
Trademarks & Copyrights
GNAT Box and Surf Sentinel are registered trademarks of Global Technology Associates,
Incorporated. RoBoX, GB-Commander and GB-Ware are trademarks of Global Technology
Associates, Incorporated.
Microsoft, Internet Explorer and Windows are either trademarks or registered trademarks of
Microsoft Corporation in the United States and/or other countries. WELF and WebTrends
are trademarks of NetIQ. Sun, Sun Microsystems and Java are trademarks or registered
trademarks of Sun Microsystems, Inc. in the United States and other countries. The Java
product includes code licensed from RSA Security, Inc. Some portions licensed from IBM
are available at http://oss.software.ibm.com/icu4j/. SurfControl is a registered trademark of
SurfControl plc.
All other products are trademarks of their respective companies.
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109 • Orlando, FL 32817 USA
Tel: +1.407.380.0220 • Fax: +1.407.380.6080 • Web: http://www.gta.com • Email: [email protected]
Lead Development Team: Larry Baird, Richard Briley, Jim Silas, Brad Plank, Shaun Murphy.
Technical Consulting: David Brooks. Documentation: Courtney Schwartz.
Contents
1 INTRODUCTION 5
GNAT Box Basics …………………………………………………………………… 5
Requirements ……………………………………………………………………… 5
Registration …………………………………………………………………………… 6
Activation Codes ………………………………………………………………… 6
Support ………………………………………………………………………………… 6
Support Options ………………………………………………………………… 7
Upgrades…………………………………………………………………………… 7
About This Guide …………………………………………………………………… 7
Additional Documentation………………………………………………………… 8
About GB-200 ………………………………………………………………………… 9
Features …………………………………………………………………………… 9
Optional Features ……………………………………………………………… 9
Additional Software Products ………………………………………………… 9
Software Specications…………………………………………………………… 10
Hardware Design ………………………………………………………………… 10
Status Displays ………………………………………………………………… 10
Hardware Specications ……………………………………………………… 12
2 INSTALLATION 13
Preinstallation ………………………………………………………………………… 13
Utilities & Documentation ………………………………………………………… 13
Temporary Workstation Conguration ………………………………………… 13
LAN Using the Default IP Network …………………………………………… 14
Connect the GB-200 ………………………………………………………………… 14
3 SET UP DEFAULT CONFIGURATION 15
Basic Conguration using Web Interface ……………………………………… 15
Network Information ……………………………………………………………… 17
Re-congure Workstation ………………………………………………………… 18
Access the GB-200 ……………………………………………………………… 18
Basic Conguration using GBAdmin …………………………………………… 18
Network Information ……………………………………………………………… 19
Re-congure Workstation ………………………………………………………… 20
Access the GB-200 ……………………………………………………………… 20
4 TROUBLESHOOTING 21
Guidelines……………………………………………………………………………… 21
Troubleshooting Q & A ……………………………………………………………… 22
Introduction 5
FCC Compliance Information
Product Name: GB-200 Firewall Appliance
Model Number: GB-200
FCC RULES: TESTED TO COMPLY WITH FCC PART 15 CLASS A OPERAT-
ING ENVIRONMENT.
FCC COMPLIANCE STATEMENT:
This device complies with part 15 of the FCC Rules. Operation is subject to the
following two conditions: (1) This device may not cause harmful interference, and
(2) This device must accept any interference received, including interference that
may cause undesired operation.
INFORMATION FOR USER:
This device has been tested and found to comply with the limits of a Class A
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed
to provide reasonable protection against harmful interference. This equipment
generates, uses and can radiate radio frequency and, if not installed and used
in accordance with these instructions, may cause harmful interferences to radio
communications. However, there is no guarantee that interference will not occur
in a particular installation; if this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment
off and on, the user is encouraged to try to correct the interference by one or
more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment to an outlet on a circuit different from
that to which the receiver is connected.
4. Consult the dealer or an experienced radio/TV technician for
help.
CAUTION:
Changes or modications not expressly approved by the manufacturer respon-
sible for compliance could void the user’s authority to operate the equipment.
THIS PARTY RESPONSIBLE FOR PRODUCT COMPLIANCE:
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, FL 32817 USA
Tel: +1.407.380.0220
Introduction 5
1 Introduction
GNAT Box Basics
Global Technology Associates, Inc., has been designing and building
Internet rewalls since 1994. In 1996, GTA developed the rst truly
affordable commercial-grade rewall, the GNAT Box®. Since then, ICSA-
certied GNAT Box System Software has become the engine that drives all
GTA rewall systems.
Requirements
To connect the GB-200 Firewall Appliance, you will need:
• External power supply.
• Ethernet cables, one for each required network connection.
• A crossover cable to connect to a host or router, or a straight-
through cable to connect to a hub or switch.
An external power supply, a yellow crossover cable and a grey straight-
through cable, as well as a null modem cable for the Console interface, are
included with rewall appliances.
In addition, to use GNAT Box System Software, you will need:
• An understanding of TCP/IP networking.
• Network IP addresses for all network interfaces used.
• Netmasks for each attached network.
• Default route for External Network.
• Which services to allow inbound (if any).
• Which services to restrict outbound (if any).
GB-200 Firewall Appliance Product Guide6
Introduction 7
Registration
To register, go to www.gta.com. Click on Support and then the GTA
Support Center link. If you do not have an account, click New Account, and
enter the prole information. Once you have completed the form, click Add
to save the prole.Return to the login screen.
Enter your user ID and password. Click on the Support Center link, then
click on Product Registration in the Account Home screen for your support
information. Enter your serial number and activation (unlock) code, then
click Submit. Your new product will now appear in the View Registered
Products screen, accessible from the Account Home page.
In addition to qualifying you for installation support, your product regis-
tration will allow GTA to inform you about upgrades and special offers.
Note
If you cannot retrieve your registration code, or a code does not
appear under Registered Products, please email support with a brief
description of your problem in the body of the email. Include the
product serial number and your Support Center User ID in the
message subject.
Activation Codes
All commercial GTA Firewalls use activation codes to protect software. For
rewall appliances, the required code is pre-installed. Additional features
require separate feature activation codes. Serial numbers and activation
codes are printed on packaging and are also available under View Registered
Products on the GTA Support site, www.gta.com. GNAT Box System Soft-
ware can be copied for backup purposes.
Support
Installation ("up and running") support is available to registered users. If
you have registered your product and need installation assistance during the
rst 30 days, contact the GTA Support team by email at [email protected].
Include your product name, serial number, registration number, feature acti-
vation code numbers for your optional products, and a System or Hardware
Conguration Report, if possible.
Installation support covers only the aspects of conguration related to
installation and default setup of the rewall. For further assistance, contact
GTA Sales staff for information about support offerings.
GB-200 Firewall Appliance Product Guide6
Introduction 7
Support Options
If you need support after installation and conguration to defaults, a variety
of support contracts are available. Contact GTA Sales staff for more infor-
mation. Contracts range from support by the incident to full coverage for a
year.
Other avenues for assistance are available through the GNAT Box Mailing
List, on the GTA website, found at www.gta.com, or through an authorized
GTA Channel Partner.
Upgrades
Once registered, you can view available upgrades in the GTA Support
Center. If the Action eld in the Registered Products section indicates that
there is an upgrade for your product, click on the Free Upgrade link. When
you return to the Registered Product List, click the product’s serial number
and see the Product Details section to obtain the new activation code. The
section will also display previous activation codes. Upgrades are also avail-
able in Support Center Downloads. Only downloads for your version will
be shown.
Caution
Back up your conguration before upgrading!
About This Guide
This Product Guide shows how to set up and install the GB-200 and change
the factory settings to your network’s default conguration. The GNAT BOX
SYSTEM SOFTWARE USER'S GUIDE includes conguration functions, descrip-
tions of GBAdmin and the Web interface, administrative tools and GNAT
Box-specic terms.
A few conventions are used in this guide to help you recognize specic
elements of the text. If you are viewing this in a PDF, color variations are
also used to emphasize notes, warnings and new sections.
Documentation Conventions
SMALL CAPS FIELD NAMES IN BODY TEXT.
BOLD SMALL CAPS NAMES OF PUBLICATIONS.
Bold Italics Emphasis.
Courier Screen text.
Condensed Bold Menus, menu items, buttons.
GB-200 Firewall Appliance Product Guide8
Introduction 9
Additional Documentation
For instructions on installation, registration and setup of a GTA Firewall in
default conguration, see your GTA Firewall’s product guide; for optional
features, see the appropriate Feature Guide. User’s Guides, Product Guides
and Feature Guides are delivered with new GTA products; these manuals
and other documentation for registered products can also be found on the
GTA website, www.gta.com.
Documents on the website are either in plain text (*.txt) or Portable Docu-
ment Format (PDF) which requires Adobe Acrobat Reader version 5.0. A
free copy of the reader can be obtained at www.adobe.com. Documents
received from GTA Support may also be in email or Microsoft Word format
(*.doc).
Documentation Map
Products and Options
GNAT Box System Software ........GNAT Box System Software User‘s Guide
GTA Firewall Installation .........................................................Product Guides
Firewall Management ......................................GB-Commander User’s Guide
Reporting.................................................. GTA Reporting Suite User’s Guide
Content Filtering ......................Surf Sentinel Content Filtering Feature Guide
High Availability .......................................H2A High Availability Feature Guide
Virtual Private Networking ............................. GNAT Box VPN Feature Guide
VPN Examples ........................................ GNAT Box VPN to VPN Tech Docs
Utilities & Information
Logging Utilities ...... GNAT Box System Software User’s Guide & Addendum
Database Maintenance ..........GB-Commander, GTA Reporting Suite Guides
Troubleshooting ................................................ Product and Feature Guides
Ports & Services......................................................................... Product CDs
Drivers & NICs........................................................................... www.gta.com
Frequently Asked Questions ...................................... FAQs on www.gta.com
Web Interface, GBAdmin..............GNAT Box System Software User’s Guide
Console interface ..........................................Console Interface User’s Guide
GB-200 Firewall Appliance Product Guide8
Introduction 9
About GB-200
The GB-200 Firewall Appliance is a self-contained desktop unit with the
system software pre-installed. This guide describes and explains how to
install and initially congure the GB-200. For conguration options and
eld descriptions see the GNAT BOX SYSTEM SOFTWARE USER’S GUIDE.
Features
• 2,500 (10 user version) or 5,000 (25 user version) concurrent ses-
sions
• 10 or 25 concurrent outbound users (upgradeable to 50)
• DHCP Server
• Three 10/100 Ethernet ports
• ICSA-certied GNAT Box System Software
• IPSec VPN with 1 mobile user license standard on 25 user version
(optional on 10 user version)
• Local Content List (LCL) ltering
• PPP/PPPoE/PPTP
• Secure Email Proxy (SMTP)
• Secure remote management
• Stateful Packet Inspection
• Time-based lters
• Transparent NAT (Network Address Translation )
• DB-9 serial interface
• User authentication
Optional Features
• Surf Sentinel
• Support Contracts
• Additional VPN mobile user licenses
Additional Software Products
• GTA Reporting Suite
• GB-Commander
GB-200 Firewall Appliance Product Guide10
Introduction 11
Software Specications
• Address Objects 50
• Concurrent Connections 2,500 or 5,000
• Maximum Concurrent Mobile VPNs 10
• IP Aliases 5
• IP Pass Through Hosts 10
• PPPs 5
• Filters 75
• Protocols 255
• Security Associations 20
• Static Maps 25
• Static Routes 10
• Time Groups 75
• Tunnels 25
• URL Access Lists 10
• Local Content Lists 25
• User Authentication 50
• VPN Objects 5
Hardware Design
The GB-200 Firewall Appliance is a small desktop unit designed to mini-
mize heat generation without cooling fans. It has three high speed 10/100
Ethernet interfaces to ensure high performance and network design ex-
ibility, and one multifunction DB-9 serial interface to provide access for a
serial console or a dial-up modem/ISDN TA. Flash memory stores and runs
the pre-installed system software. Power is supplied by an external block
type transformer.
Caution
At least three (3) inches of clearance should be provided above the
system to allow efcient cooling. Inadequate clearance can cause
the system to overheat.
Status Displays
The GB-200 has three LED lights on the front panel, indicating power,
activity and operational/error. On the back panel, green and amber LEDs
found on either side of each of three RJ-45 network connectors, labeled 0, 1,
and 2, correspond to the network interfaces.
Warning
There are no user serviceable parts in the GB-200. Opening the unit
will void the warranty on the system.
Table des matières
