Silicon Graphics Gauntlet Manuale di servizio

Gauntlet™for IRIX™

Administrator’s Guide

Document Number 007-2826-004

Gauntlet™ for IRIX™ Administrator’s Guide

Document Number 007-2826-004

CONTRIBUTORS

Written by John Raithel with updates by Pam Sogard

Production by Julie Sheikman

Engineering contributions by Ed Mascarenhas

St. Peter’s Basilica image courtesy of ENEL SpA and InfoByte SpA. Disk Thrower

image courtesy of Xavier Berenguer, Animatica.

The contents of this document may not be copied or duplicated in any form, in whole

or in part, without the prior written permission of Silicon Graphics, Inc.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure of the technical data contained in this document by

the Government is subject to restrictions as set forth in subdivision (c) (1) (ii) of the

Rights in Technical Data and Computer Software clause at DFARS 52.227-7013

and/or in similar or successor clauses in the FAR, or in the DOD or NASA FAR

Supplement. Unpublished rights reserved under the Copyright Laws of the United

States. Contractor/manufacturer is Silicon Graphics, Inc., 2011 N. Shoreline Blvd.,

Mountain View, CA 94043-1389.

Silicon Graphics and the Silicon Graphics logo are registered trademarks, and IRIX

and InPerson are trademarks, of Silicon Graphics, Inc. Gauntlet and the TIS logo are

trademarks of Trusted Information Systems, Inc. Netscape Navigator and Netscape

Proxy Server are trademarks of Netscape Communications Corporation. Macintosh

is a registered trademark of Apple Computer, Inc. Microsoft and Windows are either

registered trademarks or trademarks of Microsoft Corporation in the United States

and/or other countries. UNIX is a registered trademark in the United States and

other countries, licensed exclusively through X/Open Company, Ltd. NFS is a

registered trademark of Sun Microsystems, Inc.

iii

Contents

List of Figures xvii

About This Guide xix

Audience xix

About This Guide xix

Conventions Used in This Guide xxii

Installation and System Requirements xxiii

Additional Resources xxiii

Books xxiii

Newsgroups xxiii

Mailing Lists xxiii

Frequently Asked Questions Lists xxiv

White Papers xxiv

How to Get Latest Security Patches xxv

PART I Understanding the Gauntlet Internet Firewall

1. Understanding the Gauntlet Firewall 3

Understanding Gauntlet Firewall Concepts 3

Design Philosophy 3

Security Perimeter 4

Trusted and Untrusted Networks 4

Policy 6

Transparency 6

Understanding Gauntlet Firewall Components 7

Hardware and Software 7

Contents

How a Firewall Works 10

Dual-Homed Bastion Host 12

Processing Packets and Requests 14

PART II Conﬁguring and Using Proxies

2. Managing SMTP Services 19

Understanding the Proxy 19

How It Works 20

Configuring the Firewall for SMTP 20

Planning 21

Configuring the Firewall 21

Configuring Network Services 22

Configuring the Proxy Rules 22

Advertising the Firewall as a Mail Exchanger 22

Configuring Your Internal Mail Hub 22

Verifying Your Setup 23

Using Mail 23

3. Managing POP3 Services 25

Understanding the Proxy 25

How the POP3 Proxy Works 26

Configuring the Firewall for POP3 26

Planning 27

Configuring Network Services 27

Configuring the Proxy Rules 27

Configuring Your Internal POP3 Mail Server 27

Setting APOP Passwords on the Firewall 28

Verifying Your Setup 28

Using POP3 to Exchange Mail 28

Contents

4. Managing Terminal Services 31

Understanding the Proxies 31

How the Proxies Work 32

Using the TELNET and Rlogin Proxies Without Network Access Control 33

Configuring the Firewall for Terminal Services 33

Planning 33

Configuring the Firewall 34

Configuring Network Services 34

Configuring the Proxy Rules 34

Creating Authentication User Entries 35

Verifying Your Setup 35

Using Terminal Services 35

TELNET, Rlogin, and TN3270 Without Authentication 35

TELNET and Rlogin With Authentication 36

TN3270 With Authentication 37

5. Managing FTP Services 39

Understanding the FTP Proxy 39

How the FTP Proxy Works 40

Configuring the Firewall for FTP Services 41

Planning 41

Configuring Network Services 41

Configuring the Proxy Rules 41

Creating Authentication User Entries 41

Verifying Your Setup 42

Using FTP Services 42

Using Authentication 42

Using Authentication With Some GUI FTP Tools 43

Running an Anonymous FTP Server 44

Contents

6. Managing Rsh Services 47

Understanding the Rsh Proxy 47

How It Works 48

Configuring the Firewall for Rsh Services 48

Planning 48

Configuring Network Services 48

Configuring the Proxy Rules 49

Verifying Your Setup 49

Using Rsh Services 49

Configuring the Remote Machine 49

7. Managing Gopher and WWW Services 51

Understanding the Proxy 51

How It Works 52

Authenticated HTTP 53

Gopher and FTP Services 54

SHTTP and SSL Services 54

Configuring the Firewall for WWW and Gopher Services 54

Planning 54

Configuring Network Services 55

Configuring the Proxy Rules 55

Creating User Authentication Entries 55

Verifying Your Setup 55

Using Web Services 55

Using Proxy-Aware Browsers 56

Using Non-Proxy-Aware Browsers 58

Using Gopher Services 59

Running a WWW Server 60

Contents

vii

8. Managing RealAudio Services 61

Understanding the RealAudio Proxy 61

How It Works 62

Configuring the Firewall to Use the RealAudio Proxy 62

Planning 63

Configuring Network Services 63

Configuring the Proxy Rules 63

Verifying Your Setup 63

Using the RealAudio Proxy 63

To configure the RealAudio player: 64

9. Managing MediaBase Services 65

Understanding the MediaBase Proxy 65

How It Works 66

Configuring the Firewall to Use the MediaBase Proxy 66

Planning 66

Configuring Network Services 67

Configuring the Proxy Rules 67

Verifying Your Setup 67

Using the MediaBase Proxy 67

10. Managing X Window Services 69

Understanding the X11 Proxy 69

How the X11 Proxy Works 70

Configuring the Firewall for X11 Services 71

Planning 71

Configuring Network Services 71

Configuring the Proxy Rules 71

Verifying Your Setup 71

Using X11 Services 72

viii

Contents

11. Managing LP Services 75

Understanding the lp Proxy 75

How the lp Proxy Works 76

Configuring the Firewall for lp Services 76

Planning 76

Configuring Network Services 77

Configuring the Proxy Rules 77

Configuring the Sending Machine 77

Configuring the Receiving Machine 77

Verifying Your Setup 78

Using lp Services 78

12. Managing Sybase Services 79

Understanding the Sybase Proxy 79

How It Works 80

Configuring the Firewall for Sybase Services 81

Planning 81

Configuring Network Services 81

Configuring the Proxy Rules 81

Configuring Sybase Clients 82

Verifying Your Setup 82

PART III Administering General

Gauntlet Firewall Services

13. Managing NNTP and General TCP Services 85

Understanding the Proxy 86

How It Works 87

Contents

Configuring the Firewall for NNTP 87

Planning 87

Configuring the Firewall 88

Configuring Network Services 88

Configuring the Proxy Rules 88

Informing Your News Feed 88

Configuring Your News Server 88

Verifying Your Setup 89

Using NNTP 89

Configuring the Firewall for Other Protocols 89

Planning 89

Configuring Network Services 90

Configuring the Proxy Rules 90

Configuring Your Service 91

Verifying Your Setup 91

Configuring Multiple Newsfeeds 91

Configuring Your NNTP Proxy for Reading News 92

14. Managing General TCP Services With Authentication 93

Understanding the Circuit Proxy 93

How It Works 94

Configuring the Firewall for Authenticated TCP Services 95

Planning 95

Configuring Network Services 96

Configuring the Proxy Rules 97

Verifying Your Setup 98

Using the Circuit Proxy 98

15. Managing Information Services on the Firewall 101

Understanding the Info Server 101

How It Works 102

HTTP and Gopher Server 102

FTP Server 102

How the Database Works 103

Contents

Configuring the Firewall 105

Planning 106

Configuring Network Services 106

Configuring the Proxy Rules 106

Verifying Your Setup 106

Using the Info Server 106

Planning 107

Creating Files 107

Placing Files on the Firewall 107

Adding Files to the Database 107

Creating FTP List Files 109

Creating Gopher Menu Files 109

Advertising Your Server 110

16. Using the Network Access Control Daemon 111

Understanding the Network Access Control Daemon 111

How It Works 112

Configuring the Network Access Control Daemon 112

Planning 113

Configuring Network Services 113

Configuring the Proxy Rules 113

Configuring Your Service 113

Verifying Your Setup 113

17. The Graphical Management Interface 115

First Time User Tips 116

Help Links 116

Hide and Unhide Buttons 116

Gauntlet Default Settings 117

When to Use Configure All 117

Using the Gauntlet Management Interface 117

Configuring Gauntlet Locally 118

Introductory Management Form 118

Indice

Manuali Firewall popolari di altre marche

Cisco

Cisco S190 Manuale utente

Fortinet

Fortinet FortiGate Voice Series Manuale utente

ADTRAN

ADTRAN NetVanta 2300 Manuale utente

SecureLogix

SecureLogix ETM System Manuale utente

NETGEAR

NETGEAR ProSafe FVX538 Manuale utente

Lanner

Lanner FW-8877 Manuale utente

Huawei

Huawei USG6000 Series Manuale di installazione e funzionamento

H3C

H3C SecPath F5000-AI-15 Manuale utente

Nexcom

Nexcom DNA 1150 Manuale utente

Fortinet

Fortinet FortiGate-60 series Manuale utente

Cisco

Cisco 3110 Manuale

Draytek

Draytek Vigor2860 Series Manuale utente

Lanner electronics

Lanner electronics FW-7650 Series Manuale utente

Swisscom

Swisscom Internet Backup Manuale utente

SonicWALL

SonicWALL NSa 5700 Manuale utente

DPtech

DPtech FW1000 SERIES Manuale utente

FEITIAN

FEITIAN MultiPass FIDO Manuale utente

EBLOCKER

EBLOCKER PRO Manuale utente