BaseWall Dual WAN VPN Firewall VPN 2000 User Manual

BaseWall VPN 6000 user manualversion 33 (2005-11-11)

- BaseWall VPN 6000 user manual -The window “Internet Protocol (TCP/IP) Properties” should open.➔ Make sure settings in this window are as specified i

- BaseWall VPN 6000 user manual -➔ If the “IP Address” line does not list an address starting with 192.168.99,please try typing:ipconfig /renewThis sh

- BaseWall VPN 6000 user manual -➔ In the “Network Connections” window, double click the “Local AreaConnection” icon.The “Local Area Connection Proper

- BaseWall VPN 6000 user manual -The “Internet Protocol (TCP/IP) Properties window should open.➔ In the “Internet Protocol (TCP/IP) Properties” window

- BaseWall VPN 6000 user manual -This should force the PC or Notebook to request a new network address. If youstill fail to get an “IP Address” in the

- BaseWall VPN 6000 user manual -➔ Now select the “TCP/IP” tab.➔ Switch the “Configure” box to “Using DHCP”.➔ Verify that the “IP address”, “Subnet Ma

- BaseWall VPN 6000 user manual -1.5 Basic screen layoutOnce you have logged in to the firewall's management interface, you shouldsee the followi

- BaseWall VPN 6000 user manual -The configuration window has a different layout. The left bar now contains a listof wizards and there are now differe

- BaseWall VPN 6000 user manual -settings. However, for a first install, we do not consider this a problem.➔ Click “next”.1.6.1 Setting up your LAN co

- BaseWall VPN 6000 user manual -already have a local network, then this network address should have apredefined value (if uncertain, contact your net

Title: BaseWall VPN 6000 user manualRevision: 33 (05-11-11)All rights reserved. No part of this publication may be reproduced,stored in a retrieval sy

- BaseWall VPN 6000 user manual -1.6.2 Setting up your default Internet connectionThe next step in the wizard is to set up your WAN (Wide Area Network

- BaseWall VPN 6000 user manual -standard gateway address by your Internet service provider (ISP), pleasechoose “Static/NAT” instead. Be sure to have

- BaseWall VPN 6000 user manual -Setting up WAN1 using a PPTP or PPPoE connectionPPTP or PPPoE Internet connections are not identical, but since both

- BaseWall VPN 6000 user manual -1.6.4 Confirming and applying resultsAfter we have set up our LAN and our default and fall back Internetconnections,

- BaseWall VPN 6000 user manual -management interface after applying changes, we will need the firewall's newIP address. ➔ Make sure you have the

- BaseWall VPN 6000 user manual -1.7 Backup setsThe new settings you've just applied have been stored in the firewall as currentconfiguration, bu

- BaseWall VPN 6000 user manual -Whenever you contact support personnel about a problem with yourconfiguration, they may ask you to send a backup set

- BaseWall VPN 6000 user manual -1.10 Setting the firewall's time and dateThe configuration of your BaseWall VPN 6000 is not fully complete until

- BaseWall VPN 6000 user manual -1.11 (Optionally) disable the firewall's DHCP serverPer default, the BaseWall VPN 6000 is set to use a DHCP serv

- BaseWall VPN 6000 user manual -➔ Power down the firewall (using the power switch on the back of the device).➔ Power down your notebook or laptop.➔ D

- BaseWall VPN 6000 user manual -Table of Contents1 Installation...

- BaseWall VPN 6000 user manual -1.13 Errors and recoverySymptom: Check/Solution:I did not hear three beeps.Check power cable and insure wall socket h

- BaseWall VPN 6000 user manual -2 Wizard: Internet connectionsThe wizard “Internet connections” is intended to help you manage yourInternet connectio

- BaseWall VPN 6000 user manual -Different types of Internet connections will require different values to beentered in the next screen of the dialog.

- BaseWall VPN 6000 user manual -➔ Select your new connection's “Type of failover check”The best way to check if a certain Internet connection is

- BaseWall VPN 6000 user manual -(in the example screen below, we use PPTP. Please remember that thisprocedure also applies for PPPoE connections).➔ E

- BaseWall VPN 6000 user manual -3 Wizard: Local Area Networks (LAN)The basic configuration we have reached in the prior chapters of this manualallows

- BaseWall VPN 6000 user manual -You will also be asked to select the network port the Directly Connected Lanwill be connected to (FLEX2 in the exampl

- BaseWall VPN 6000 user manual -LAN.To add a “Segmented LAN behind gateway”, in the “Manage LAN segments”window(reached by clicking the “Local Area N

- BaseWall VPN 6000 user manual -To delete a LAN, click the “Remove” button left of the LAN's label in the“Manage LAN-segments” screen.3.3 Viewin

- BaseWall VPN 6000 user manual -4 Wizard: Port forwarders (PNAT)Most Internet connections will only allow one Internet address (IP address) tobe assi

- BaseWall VPN 6000 user manual -5.1 Manage the Intrusion Prevention System...425.2 Adding a host or netw

- BaseWall VPN 6000 user manual -4.1 Managing Port forwarding (PNAT)To set up port forwarding to a specific machine on your internal network:➔ Click o

- BaseWall VPN 6000 user manual -4.3 Editing a port forwardingTo edit an existing port forwarding:➔ Open the “Manage port forwardings” screen (as demo

- BaseWall VPN 6000 user manual -5 Wizard: IDS/IPS managementThe IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) aretwo compone

- BaseWall VPN 6000 user manual -5.2 Adding a host or network to the blacklistAdding a host or a network to the blacklist effectively prevents any acc

- BaseWall VPN 6000 user manual -5.3 Removing from blacklist or whitelistTo remove a host or network from the blacklist or whitelist:➔ Open the “Manag

- BaseWall VPN 6000 user manual -6 Wizard: VPN IPSec tunnels6.1 VPN IPSec tunnelsVPN (Virtual Private Network) IPSec (Internet Protocol Security) tunn

- BaseWall VPN 6000 user manual -➔ Choose the type of VPN IPSec tunnel you wish to configure. In this examplewe will connect to a “Remote network”.➔ C

- BaseWall VPN 6000 user manual -6.4 Adding a VPN IPSec tunnel to a single dynamic hostTo add a VPN IPSec tunnel to a remote network:➔ From the “List

- BaseWall VPN 6000 user manual -➔ Click the “Edit” button next to the line corresponding to the VPN IPSec tunnelyou wish to edit.➔ Depending on the t

- BaseWall VPN 6000 user manual -7 Wizard: Certificate management7.1 Adding Signed CertificateAdd a certificate for the authentification of the firewa

- BaseWall VPN 6000 user manual -15 Logs...

- BaseWall VPN 6000 user manual -8 Wizard: VPN PPTP/L2TP users8.1 VPN PPTP/L2TPBoth PPTP and L2TP allow connection to a corporate network by employer

- BaseWall VPN 6000 user manual -left-hand side of the screen in the “Configuration” context.The “Setup general VPN parameters” screen should appear.T

- BaseWall VPN 6000 user manual -8.4 Rights of PPTP/L2TP usersThe picture in the “Netview” tab is altered to show the new situation. There isnow a gro

- BaseWall VPN 6000 user manual -9 Wizard: DMZ setup9.1 DMZA DMZ network layout stands for a virtual Demilitarized Zone. It is used toconnect servers

- BaseWall VPN 6000 user manual -9.3 Managing DMZ-servers➔ Click the “Servers” link to access or add servers to a DMZ segment.➔ Click the “Add new” bu

- BaseWall VPN 6000 user manual -9.4 Netview picture of DMZ serversDMZ servers are directly visible from the Internet. There are 3 new policiescreated

- BaseWall VPN 6000 user manual -10 Wizard: Shaping/VoIP10.1 ShapingThe VPN 6000 can divide the Internet traffic in separate parts. For Voice over IPi

- BaseWall VPN 6000 user manual -10.4 The NetviewThe computers with VoIP bandwidth reserved for them get their own groupinside the “Netview”. Normally

- BaseWall VPN 6000 user manual -11 E-mailNormally the firewall is configured to accept all email send to one or more maildomains. This domain is the

- BaseWall VPN 6000 user manual -The following sources of system mail are handled by the firewall:● Postmaster: Basic mail-subsystem notifications. No

- BaseWall VPN 6000 user manual -1 Installation1.1 RequirementsTo insure a smooth installation of your BaseWall VPN 6000, we should makesure to have a

- BaseWall VPN 6000 user manual -11.4 White and blacklistsEnter an email address or an email domain name into the “Whitelist” field toguarantee the de

- BaseWall VPN 6000 user manual -When mailboxes are first created but didn't receive any mail yet the firewallwill show a message “No valid/Maild

- BaseWall VPN 6000 user manual -12 HTTP ProxyThe proxy settings are found in the “Proxy” tab in the “Configuration” part ofthe firewall. The proxy ca

- BaseWall VPN 6000 user manual -13 NetviewThe Netview is the central screen of the BaseWall VPN 6000. It shows all thenetworks and computers that the

- BaseWall VPN 6000 user manual -blank every port is allowed. Allowing ports in specific policies add to rights inmore general policies. So when a tun

- BaseWall VPN 6000 user manual -13.7 Road warrior(s) authenticationWhen clicking with the mouse on the Internet cloud the “Roadwarrior's Auth.”o

- BaseWall VPN 6000 user manual -14 IPSec configuration14.1 Identification optionsAfter running the IPSec wizard and after the apply of the configurat

- BaseWall VPN 6000 user manual -➔ Dead peer detection: when the tunnel is not connecting directly the deadpeer detection closes the tunnel and tries

- BaseWall VPN 6000 user manual -15 LogsSelect the logs tab to inspect the different logs of the system. Click on “reload”to get fresh data on the scr

- BaseWall VPN 6000 user manual -POP-server – show only the sending from internal defined pop boxes.➢ Intrusion DetectionShow the network security mes

- BaseWall VPN 6000 user manual -➔ Use an UTP RJ45 cross cable to connect the firewall's FLEX1 port (7) to anetwork connector on your PC or noteb

- BaseWall VPN 6000 user manual -16 StatisticsThis page shows an analysis of the logs on this machine. This contains totals and rules out the normal m

- BaseWall VPN 6000 user manual -17 Virusscanner statusThis is a tab that shows the status of the anti-virus software running on thefirewall. It is ve

- BaseWall VPN 6000 user manual -18 Low level device management18.1 Possible devicesTo enter device management activate advanced options in the “Confi

- BaseWall VPN 6000 user manual -18.3 Bandwidth limits on devicesThere are a list of bandwidth settings for each device.Upstream-bandwidthProvide the

- BaseWall VPN 6000 user manual -19 Low level route managementTo enter device management activate advanced options in the “Config” tab.Then click on t

- BaseWall VPN 6000 user manual -For both directions you'll have to specify a upper limit and a lower limit. Theupper limit prevents traffic to a

- BaseWall VPN 6000 user manual -20 Low level policy management20.1 PoliciesPolicies are the core of the network subsystem. Most advanced features are

- BaseWall VPN 6000 user manual -possibilities.20.3 Modify a policyTo modify a policy's routes, you can use the following procedure:➔ Select the

- BaseWall VPN 6000 user manual -20.7 SpecialsTo add more options to a policy you'll have to push the “Add specials” button.This will provide a p

- BaseWall VPN 6000 user manual -21 Mail handling policiesTo be able to see and change mail handling policies activate advanced optionsin the “Config”

- BaseWall VPN 6000 user manual -➔ In the “Control panel”, double click the “Network and Dial-up Connections”icon.The window “Network and Dial-up Conn

- BaseWall VPN 6000 user manual -➔ In the “Network and Dial-up Connections” window, double click the “LocalArea Connection” icon.The “Local Area Conne