SofaWare Technologies SBXW-166LHGE-4 Wireless Broadband Router User Manual Internet Security Appliance

SofaWare Technologies Ltd. Wireless Broadband Router Internet Security Appliance

UserManual.wiki >

SofaWare Technologies >

SBXW-166LHGE-4 User Manual >

Users Manual Part 1

Contents

1. DoC Revised
2. Users Manual Part 1
3. Users Manual Part 2

Users Manual Part 1

Check Point Safe@Office Internet Security Appliance User Guide Version 4.6 Part No: 700797, June 2004

Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures: - Reorient or relocate the receiving antenna. - Increase the separation between the equipment and receiver. - Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. - Consult the dealer or an experienced radio/TV technician for help. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. IMPORTANT NOTE: FCC Radiation Exposure Statement: This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20cm between the radiator & your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

Contents Contents i Contents Chapter 1: Introduction...................................................................................1 About Your Check Point Safe@Office Appliance .........................................1 Safe@Office Products ....................................................................................2 Safe@Office 105 ........................................................................................2 Safe@Office 110 ........................................................................................2 Safe@Office 225 ........................................................................................3 Safe@Office 225U .....................................................................................3 Safe@Office 300 ........................................................................................4 Safe@Office 300W ....................................................................................4 Safe@Office Features and Compatibility.......................................................4 Connectivity................................................................................................4 Firewall.......................................................................................................6 VPN............................................................................................................8 Management ...............................................................................................9 Optional Security Services .......................................................................10 Package Contents......................................................................................11 Network Requirements.............................................................................13 Getting to Know Your Safe@Office 100 Series...........................................14 Rear Panel.................................................................................................14 Front Panel................................................................................................15 Getting to Know Your Safe@Office 200 Series...........................................17 Rear Panel.................................................................................................17 Front Panel................................................................................................19 Getting to Know Your Safe@Office 300 Series Appliance .........................20

Contents ii Check Point Safe@Office User Guide Rear Panel.................................................................................................20 Front Panel................................................................................................22 About This Guide .........................................................................................24 Contacting Technical Support ......................................................................24 Chapter 2: Installing and Setting up the Safe@Office Appliance..............25 Before You Install the Safe@Office Appliance............................................25 Windows 2000/XP....................................................................................26 Windows 98/Millennium..........................................................................31 Mac OS.....................................................................................................37 Wall Mounting the Appliance.......................................................................38 Network Installation .....................................................................................40 Setting Up the Safe@Office Appliance........................................................41 Chapter 3: Getting Started ............................................................................45 Initial Login to the Safe@Office Portal........................................................45 Logging on to the Safe@Office Portal .........................................................47 Accessing the Safe@Office Portal Remotely ...............................................49 Using the Safe@Office Portal ......................................................................50 Main Menu ...............................................................................................52 Main Frame...............................................................................................53 Status Bar..................................................................................................53 Logging off...................................................................................................56 Chapter 4: Configuring the Internet Connection ........................................57 Overview ......................................................................................................57 Using the Internet Wizard.............................................................................58 Using a Direct LAN Connection ..............................................................60 Using a Cable Modem Connection...........................................................61

Contents Contents iii Using a PPTP or PPPoE Dialer Connection .............................................62 Using PPPoE.............................................................................................63 Using PPTP ..............................................................................................64 Using Internet Setup .....................................................................................66 Using a LAN Connection .........................................................................68 Using a Cable Modem Connection...........................................................70 Using a PPPoE Connection ......................................................................71 Using a PPTP Connection ........................................................................73 Using a Telstra (BPA) Connection...........................................................75 Using a Dialup Connection.......................................................................77 Using No Connection ...............................................................................79 Setting Up a Dialup Modem.........................................................................84 Cloning a MAC Address...............................................................................86 Viewing Internet Connection Information....................................................88 Enabling/Disabling the Internet Connection.................................................89 Using Quick Internet Connection/Disconnection .........................................90 Configuring a Backup Internet Connection ..................................................91 Setting Up a LAN or Broadband Backup Connection..............................91 Setting Up a Dialup Backup Connection..................................................92 Chapter 5: Managing Your Network............................................................93 Configuring Network Settings......................................................................93 Configuring a DHCP Server.....................................................................94 Changing IP Addresses...........................................................................100 Enabling/Disabling Hide NAT ...............................................................101 Configuring a DMZ Network.................................................................102 Configuring a WLAN Network..............................................................104

Contents iv Check Point Safe@Office User Guide Configuring High Availability....................................................................117 Using Traffic Shaper...................................................................................120 Adding and Editing a Class ....................................................................122 Deleting Classes .....................................................................................127 Restoring Traffic Shaper Defaults ..........................................................128 Using Network Objects...............................................................................129 Adding and Editing Network Objects.....................................................130 Viewing and Deleting Network Objects.................................................136 Using Static Routes.....................................................................................137 Adding a Static Route.............................................................................137 Viewing and Editing Static Routes.........................................................139 Deleting a Static Route...........................................................................140 Chapter 6: Viewing Reports ........................................................................141 Viewing the Event Log...............................................................................141 Viewing Computers....................................................................................144 Viewing Connections..................................................................................147 Chapter 7: Setting Your Security Policy ....................................................149 Setting the Firewall Security Level.............................................................149 Configuring Servers....................................................................................152 Using Rules.................................................................................................154 Adding and Editing Rules.......................................................................157 Deleting Rules ........................................................................................163 Defining an Exposed Host..........................................................................163 Chapter 8: Using Subscription Services .....................................................165 Connecting to a Service Center...................................................................165 Viewing Services Information....................................................................169

Contents Contents v Refreshing Your Service Center Connection..............................................171 Configuring Your Account.........................................................................171 Disconnecting from Your Service Center...................................................172 Web Filtering..............................................................................................172 Enabling/Disabling Web Filtering..........................................................173 Selecting Categories for Blocking..........................................................174 Temporarily Disabling Web Filtering.....................................................174 Virus Scanning............................................................................................175 Enabling/Disabling Email Antivirus.......................................................176 Selecting Protocols for Scanning............................................................177 Temporarily Disabling Email Antivirus .................................................177 Automatic and Manual Updates .................................................................179 Checking for Software Updates when Locally Managed .......................179 Checking for Software Updates When Remotely Managed ...................180 Chapter 9: Using SecureDesk......................................................................183 Installing McAfee VirusScan ASaP............................................................184 Updating McAfee VirusScan ASaP on All Computers ..............................186 Setting the SecureDesk Security Level.......................................................186 Checking Antivirus Compliancy ................................................................189 Overriding SecureDesk...............................................................................195 Viewing SecureDesk Reports .....................................................................196 Chapter 10: Working With VPNs...............................................................199 Overview ....................................................................................................199 Site-to-Site VPNs ...................................................................................201 Remote Access VPNs.............................................................................203 Setting Up Your Safe@Office Appliance as a Remote Access VPN Server204

Contents vi Check Point Safe@Office User Guide Adding and Editing VPN Sites using Safe@Office 110 and 225...............206 Configuring a Remote Access VPN Site ................................................208 Configuring a Site-to-Site VPN Gateway...............................................219 Creating a PPPoE Tunnel .......................................................................228 Deleting a VPN Site....................................................................................231 Enabling/Disabling a VPN Site ..................................................................232 Logging on to a VPN Site...........................................................................233 Logging on through the Safe@Office Portal..........................................233 Logging on through the my.vpn page.....................................................235 Logging off a VPN Site ..............................................................................236 Installing a Certificate.................................................................................237 Uninstalling a Certificate............................................................................240 Viewing VPN Tunnels................................................................................241 Chapter 11: Managing Users.......................................................................245 Changing Your Password ...........................................................................245 Using Safe@Office 105..........................................................................245 Using Safe@Office 110 and 225............................................................246 Adding Users..............................................................................................248 Viewing and Editing Users.........................................................................248 Deleting Users ............................................................................................251 Setting Up Remote VPN Access for Users.................................................252 Using RADIUS Authentication ..................................................................252 Chapter 12: Maintenance.............................................................................255 Viewing Firmware Status ...........................................................................255 Updating the Firmware...............................................................................257 Upgrading Your Software Product .............................................................258

Contents Contents vii Registering Your Safe@Office Appliance .................................................262 Configuring Syslog Logging ......................................................................263 Configuring HTTPS....................................................................................265 Setting the Time on the Appliance..............................................................267 Controlling the Appliance via the Command Line .....................................271 Using Diagnostic Tools ..............................................................................272 Backing Up the Safe@Office Appliance Configuration.............................274 Exporting the Safe@Office Appliance Configuration............................274 Importing the Safe@Office Appliance Configuration............................276 Resetting the Safe@Office Appliance to Defaults......................................277 Running Diagnostics...................................................................................279 Rebooting the Safe@Office Appliance.......................................................280 Chapter 13: Troubleshooting.......................................................................283 Connectivity................................................................................................283 Service Center and Upgrades......................................................................288 Other Problems...........................................................................................288 Chapter 14: Specifications ...........................................................................291 Technical Specifications.............................................................................291 CE Declaration of Conformity....................................................................295 Federal Communications Commission Radio Frequency Interference Statement ....................................................................................................297 Glossary of Terms.........................................................................................299 Index ..............................................................................................................307

About Your Check Point Safe@Office Appliance Chapter 1: Introduction 1 Chapter 1 This chapter introduces the Check Point Safe@Office appliance and this guide. Introduction This chapter includes the following topics: About Your Check Point Safe@Office Appliance .................................1 Safe@Office Products............................................................................2 Safe@Office Features and Compatibility...............................................4 Getting to Know Your Safe@Office 100 Series...................................14 Getting to Know Your Safe@Office 200 Series...................................17 Getting to Know Your Safe@Office 300 Series Appliance .................20 About This Guide .................................................................................24 Contacting Technical Support ..............................................................24 About Your Check Point Safe@Office Appliance The Check Point Safe@Office appliance is an advanced Internet security appliance that enables secure high-speed Internet access from the office. Developed and supported by SofaWare Technologies, an affiliate of Check Point Software Technologies, the worldwide leader in securing the Internet, the Safe@Office appliance incorporates the 100, 200, and 300 product families. The Safe@Office firewall, based on the world-leading Check Point Embedded NG Stateful Inspection technology, inspects and filters all incoming and outgoing traffic, blocking all unauthorized traffic. The Safe@Office appliance also allows sharing your Internet connection among several PCs or other network devices, enabling advanced office networking and saving the cost of purchasing static IP addresses. With the Safe@Office appliance, you can subscribe to additional security services available from select service providers, including firewall security

Safe@Office Products 2 Check Point Safe@Office User Guide updates, Web filtering, and dynamic DNS. Business users can use the Safe@Office appliance to securely connect to the office network. Safe@Office Products The Safe@Office appliance is available with the following hardware: • Safe@Office 100 series • Safe@Office 200 series • Safe@Office 300 series All three series provide a Web-based management interface, which enables you to manage and configure the Safe@Office appliance operation and options. However, the 200 series and 300 series provide higher firewall and VPN throughput and have a dedicated DMZ port and a serial port. The 300 series also provides two USB ports enabling printer server functionality, and the 300W functions as an access point for a wireless network. The 100 series includes models Safe@Office 105 and Safe@Office 110. The 200 series includes models Safe@Office 225 and Safe@Office 225U. The 300 series includes models Safe@Office 300 and Safe@Office 300W. Your 100 and 200 series Safe@Office appliance can be upgraded to a more advanced model within its hardware series, without replacing the hardware. Contact your reseller for more details. Safe@Office 105 Safe@Office 105 protects your home or small business network from hostile Internet activity. It can also act as a Remote Access VPN Server which allows a single user to securely access resources protected by the Safe@Office appliance from home or while traveling. It is intended for home or small business users and can be used by up to five computers. Safe@Office 110 In addition to all the benefits of Safe@Office 105, Safe@Office 110 provides expanded VPN functionality: it acts not only as a Remote Access VPN Server but as a Remote Access VPN Client, enabling employees working

Safe@Office Products Chapter 1: Introduction 3 from home to securely connect to the office network. Safe@Office 110 can also be configured as a Site-to-Site VPN Gateway, which allows permanent bi-directional connections between two gateways, such as two company offices. Safe@Office 110 is intended for small and medium businesses with one or more branch offices, and for their employees working from home. It can be used by up to ten computers. Safe@Office 225 Safe@Office 225 provides all the benefits of Safe@Office 110, along with support for High Availability and Traffic Shaper. High Availability enables you to install a second Safe@Office appliance on your network and configure that appliance as a backup to the first Safe@Office appliance, thereby ensuring that your network is consistently protected and connected to the Internet. Traffic Shaper allows you to control the flow of communication so that important traffic takes precedence over less important traffic; this enables your business to function with minimum disruption, even when the network is congested. Safe@Office 225 includes a hardware DMZ port and offers higher VPN and firewall performance than the 100 series. It also supports the use of a dialup modem. Like Safe@Office 110, Safe@Office 225 is intended for small to medium-sized businesses with extended networks. Safe@Office 225 supports 25 computers. Safe@Office 225U Safe@Office 225U provides the same functionality as Safe@Office 225 but supports an unlimited number of computers. All references to Safe@Office 225 in this guide are also relevant to Safe@Office 225U.

Safe@Office Features and Compatibility 4 Check Point Safe@Office User Guide Safe@Office 300 Safe@Office 300 provides all the benefits of Safe@Office 225, along with two USB ports for printer server functionality. Safe@Office 300 is intended for small to medium-sized businesses with extended networks. It can be used by up to 25 computers. Safe@Office 300W Safe@Office 300W provides the same functionality as Safe@Office 300, but can function as an access point for a wireless network. All references to Safe@Office 300 in this guide are also relevant to Safe@Office 300W. Safe@Office Features and Compatibility Connectivity Feature Safe@ Office 105Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300W Concurrent firewall connections 2,000 2,000 8,000 8,000 LAN Ports 4-ports 10/100 Mbps Fast Ethernet switch WAN Port 10/100 Mbps Fast Ethernet10/100 Mbps Fast Ethernet 10/100 Mbps Fast Ethernet 10/100 Mbps Fast Ethernet DMZ/WAN2 Port 10/100 Mbps Fast Ethernet 10/100 Mbps Fast Ethernet

Safe@Office Features and Compatibility Chapter 1: Introduction 5 Feature Safe@ Office 105Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300W WLAN Antennas 300W only USB Ports Serial Console Port Ethernet cable type recognition Users (nodes) 5 10 25 or Unlimited 25 or UnlimitedSupported Internet connection methods Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login DHCP Server DHCP relay MAC Cloning Backup Internet connection

Safe@Office Features and Compatibility 6 Check Point Safe@Office User Guide Feature Safe@ Office 105Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300W High Availability Traffic Shaper Static NAT Static Routes Firewall Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300W Firewall Type Check Point Firewall-1 Embedded NG Network Address Translation (NAT) INSPECT Policy Rules Unlimited Unlimited Unlimited Unlimited User-defined rules

Safe@Office Features and Compatibility Chapter 1: Introduction 7 Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300W Three levels preset security policies DoS Protection Anti-spoofing Attack Logging Voice over IP (H.323) Support Exposed Host DMZ Network Logical Physical Physical WLAN Network 300W only

Safe@Office Features and Compatibility 8 Check Point Safe@Office User Guide VPN Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225USafe@ Office 300/300WVPN Type Check Point VPN-1 Embedded NG IPSEC VPN mode Remote Access Server Remote Access Client Remote Access Server Site-to-Site Remote Access Client Remote Access ServerSite-to-Site Remote Access Client Remote Access ServerSite-to-Site IPSEC VPN pass-through Encryption AES/3DES/DES AES/3DES/ DES AES/3DES/ DES AES/3DES/ DES Authentication SHA1/MD5 SHA1/MD5 SHA1/MD5 SHA1/MD5 X.509 Digital Certificates RADIUS client Hardware Acceleration

Safe@Office Features and Compatibility Chapter 1: Introduction 9 Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225USafe@ Office 300/300WHardware Random Number Generator Management Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225USafe@ Office 300/300W Web Management HTTPS Access (local and remote) Multiple Administrators CLI Management Systems SofaWare SMP SofaWare SMP SofaWare SMP SofaWare SMP

Safe@Office Features and Compatibility 10 Check Point Safe@Office User Guide Optional Security Services Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300WFirewall security and software updates Web Filtering * Email Antivirus protection * Dynamic DNS Service * SecureDesk Antivirus Compliance Checking * VPN Management

Safe@Office Features and Compatibility Chapter 1: Introduction 11 Feature Safe@ Office 105 Safe@ Office 110 Safe@ Office 225/225U Safe@ Office 300/300WFirewall security and software updates Centralized Logging and Intrusion Detection * When managed by SofaWare Security Management Portal (SMP). Package Contents Item Safe@Office 105, 100, 225/225U Safe@Office 300 Safe@Office 300W Safe@Office Internet Security Appliance Power adapter CAT5 Straight-through Ethernet cable

Safe@Office Features and Compatibility 12 Check Point Safe@Office User Guide Item Safe@Office 105, 100, 225/225U Safe@Office 300 Safe@Office 300W USB cable Two antennas Two plastic conical anchors Two cross-head screws Getting Started Guide This Users Guide

Safe@Office Features and Compatibility Chapter 1: Introduction 13 Network Requirements • A broadband Internet connection via cable or DSL modem with Ethernet interface (RJ-45) • 10BaseT or 100BaseT Network Interface Card installed on each computer • TCP/IP network protocol installed on each computer • Internet Explorer 5.0 or higher, or Netscape Navigator 4.7 and higher • CAT 5 STP (Category 5 Shielded Twisted Pair) Straight Through Ethernet cable for each attached device Note: To cascade an additional hub or switch to the Safe@Office 100 appliance, you must use a crossed Ethernet cable instead. The Safe@Office 200 series automatically detects the cable type, so you can use either a straight-through or crossed cable. Note: For optimal results, it is highly recommended to use either Microsoft Internet Explorer 5.5 or higher, or Netscape Navigator 6.2 or higher. • When using Safe@Office 300W, a wireless card installed on each wireless client

Getting to Know Your Safe@Office 100 Series 14 Check Point Safe@Office User Guide Getting to Know Your Safe@Office 100 Series Rear Panel The following figure shows the Safe@Office 100 series appliance's rear panel. All physical connections (network and power) to the Safe@Office appliance are made via the rear panel of your Safe@Office appliance. Figure 1: Safe@Office Appliance 100 Rear Panel Items The following table lists the Safe@Office appliance's rear panel elements. Table 1: Safe@Office Appliance 100 Rear Panel Elements Label Description PWR A power jack used for supplying power to the unit. Connect the supplied power adapter to this jack.

Getting to Know Your Safe@Office 100 Series Chapter 1: Introduction 15 Label Description RESET A button used for rebooting the Safe@Office appliance or resetting the Safe@Office appliance to its factory defaults. You need to use a pointed object to press this button. • Short press. Reboots the Safe@Office appliance • Long press (7 seconds). Resets the Safe@Office appliance to its factory defaults, and resets your firmware to the version that shipped with the Safe@Office appliance. This results in the loss of all security services and passwords and reverting to the factory default firmware. You will have to re-configure your Safe@Office appliance. Do not reset the unit without consulting your system administrator. WAN Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or xDSL modem LAN 1-4 Local Area Network switch: Four Ethernet ports (RJ-45) used for connecting computers or other network devices Front Panel The Safe@Office 100 appliance includes several status LEDs that enable you to monitor the appliance’s operation. Figure 2: Safe@Office 100 Appliance Front Panel For an explanation of the Safe@Office 100 appliance’s status LEDs, see the table below.

Getting to Know Your Safe@Office 100 Series 16 Check Point Safe@Office User Guide Table 2: Safe@Office 100 Appliance Status LEDs LED State Explanation PWR/SEC Off Power off Flashing quickly (Green) System boot-up Flashing slowly (Green) Establishing Internet connection On (Green) Normal operation Flashing (Red) Hacker attack blocked On (Red) Error LAN 1-4/WAN LINK/ACT Off, 100 Off Link is down LINK/ACT On, 100 Off 10 Mbps link established for the corresponding port LINK/ACT On, 100 On 100 Mbps link established for the corresponding port LNK/ACT Flashing Data is being transmitted/received

Getting to Know Your Safe@Office 200 Series Chapter 1: Introduction 17 Getting to Know Your Safe@Office 200 Series Rear Panel The following figure shows the Safe@Office 200 series appliance's rear panel. All physical connections (network and power) to the Safe@Office appliance are made via the rear panel of your Safe@Office appliance. Figure 3: Safe@Office 200 Appliance Rear Panel Items The following table lists the Safe@Office 200 appliance's rear panel : Saf Appliance Rear Panel Elements elements. Table 3 e@Office 200Label Description PWR A power jack used for supplying power to the unit. Connect the supplied power adapter to this jack.

Getting to Know Your Safe@Office 200 Series 18 Check Point Safe@Office User Guide Label Description RESET A button used for rebooting the Safe@Office appliance or resetting the Safe@Office appliance to its factory defaults. You need to use a pointed object to press this button. • Short press. Reboots the Safe@Office appliance • Long press (7 seconds). Resets the Safe@Office appliance to its factory defaults, and resets your firmware to the version that shipped with the Safe@Office appliance. This results in the loss of all security services and passwords and reverting to the factory default firmware. You will have to re-configure your Safe@Office appliance. Do not reset the unit without consulting your system administrator. RS-232 A serial port WAN Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or xDSL modem, or for connecting a hub when setting up more than one Internet connection DMZ/WAN2 A dedicated Ethernet port (RJ-45) used for a DMZ computer, or for a hub when connecting a DMZ network LAN 1-4 Local Area Network switch: Four Ethernet ports (RJ-45) used for connecting computers or other network devices

Getting to Know Your Safe@Office 200 Series Chapter 1: Introduction 19 Front Panel The Safe@Office 200 appliances includes several status LEDs that enable you to monitor the appliance’s operation. Figure 4: Safe@Office 200 Appliance Front Panel For an explanation of the Safe@Office 200 appliance’s status LEDs, see the 4: Safe@ 200 Appliance Statue on table below. Table Office s LEDs LED Stat ExplanatiPWR/SEC Off Power off Flashing quickly (Green) System boot-up Establishing Flashing slowly (Green) Internet ed) r attack blocked MZ/WAN2 LINK/ACT Off, 100 Off Link is down connection On (Green) Normal operation Flashing (R Hacke LAN 1-4/WAN/ On (Red) Error D

Getting to Know Your Safe@Office 300 Series Appliance 20 Check Point Safe@Office User Guide LED State Explanation LINK/ACT On, 100 Off 10 Mbps link esfor the correspondinport tablished g LINK/ACT On, 100 On corresponding port LNK/ACT Flashing Data is being d Serial port in use 100 Mbps link established for the transmitted/receiveVPN Flashing (Green) VPN port in use Serial Flashing (Green) Getting to Know Your Safe@Office 300 SRAll physical connections (network and power) to the Safe@Office appliance The following table lists the Safe@Office 300 appliance's rear panel nts. eries Appliance ear Panel are made via the rear panel of your Safe@Office appliance. eleme

Getting to Know Your Safe@Office 300 Series Appliance Chapter 1: Introduction 21 Table 5: Safe@Office 300 Appliance Rear Panel Elements Label Description PWR A power jack used for supplying power to the unit. Connect the supplied power adapter to this jack. RESET A t or re t ults. You n• • ets your the version that shipped with the Safe@Office appliance. This results in the loss to the factory default firmware. You will have to re-configure your Safe@Office Do not reset the unit without consulting your system . COM1 onnecting a hub when setting up more than one Internet connection DMZ omputer, or for a hub when connecting a DMZ network Local Area Network switch: Four Ethernet ports (RJ-45) used for connecting computers or other network devices bu ton used for rebooting the Safe@Office appliancese ting the Safe@Office appliance to its factory defaeed to use a pointed object to press this button. Short press. Reboots the Safe@Office appliance Long press (7 seconds). Resets the Safe@Office appliance to its factory defaults, and resfirmware to of all security services and passwords and reverting appliance. administratorUSB A USB port A serial port WAN Wide Area Network: An Ethernet port (RJ-45) used for connecting your cable or xDSL modem, or for cA dedicated Ethernet port (RJ-45) used for a DMZ cLAN 1-4

Getting to Know Your Safe@Office 300 Series Appliance 22 Check Point Safe@Office User Guide Label Description AANTfice 300W only) NT 1/ Antenna connectors (Safe@Of 2 Fr the appliance’s operation. ront Panel The Safe@Office 300 appliances includes several status LEDs that enable you to monito Figure 5: Sa ffice 300 Appliance FrFor an explanation of the Safe@Office 300 appliance’s status LEDs, see the table below. Table 6: Safe@OED fe@O ont Panel ffice 300 Appliance Status LEDs L State Explanation PWR/SEC Off Power off Flashing quickly (Green) boot-up n) nternet connection On (Green) Normal operation On (Red) SystemFlashing slowly (Gree Establishing I Flashing (Red) Hacker attack blocked Error

Getting to Know Your Safe@Office 300 Series Appliance Chapter 1: Introduction 23 LED State Explanation LAN 1-4/WAN/ DMZ/WAN2 LINK/ACT Off, 100 Off Link is down LINK/ACT On, 100 Off stablished port LINK/ACT On, 100 On 100 Mbps link rt transmitted/received VPN Flashing (Green) VPN port in use Serial port in use U SB port in use W(300W only) use 10 Mbps link efor the corresponding established for thecorresponding po LNK/ACT Flashing Data is being Serial Flashing (Green) SB Flashing (Green) ULAN Flashing (Green) WLAN in

About This Guide 24 Check Point Safe@Office User Guide An tton names. bout This Guide To make finding information in this manual easier, some types of informatioare marked with special symbols or formatting. Boldface type is used for command and bu Note: Notes are denoted by indented text and preceded by the Note icon. Warning: Warnings are denoted by indented text and preceded bWarning icon. y the ts lar , that product is crossed out. For example, the product bar below nnot erform this task with Safe@Office 105. Each task is marked with a product bar indicating the Safe@Office producrequired to perform the task. If you cannot perform the task using a particuproductindicates a task that requires Safe@Office 110, 225, or 225U. You cap Contacting Technical Support If there is a problem with your Safe@Office appliance, surf to http://www.sofaware.com/support and fill out a technical support request form. You can also download the latest version of this guide from the site.

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 25 Chapter 2 This chapter describes how to properly set up and install your Safe@Office appliance in your networking environment. Installing and Setting up the Safe@Office Appliance This chapter includes the following topics: Before You Install the Safe@Office Appliance ...................................25 Wall Mounting the Appliance ..............................................................38 Network Installation .............................................................................40 Setting Up the Safe@Office Appliance................................................41 Before You Install the Safe@Office Appliance Prior to connecting and setting up your Safe@Office appliance for operation, you must do the following: • Check if TCP/IP Protocol is installed on your computer. • Check your computer’s TCP/IP settings to make sure it obtains its IP address automatically. Refer to the relevant section in this guide in accordance with the operating system that runs on your computer. The sections below will guide you through the TCP/IP setup and installation process.

Before You Install the Safe@Office Appliance 26 Check Point Safe@Office User Guide Windows 2000/XP Note: While Windows XP has an "Internet Connection Firewall" option, it is recommended to disable it if you are using a Safe@Office appliance, since the Safe@Office appliance offers better protection. If you want to subscribe to SecureDesk, you must disable the Windows XP firewall before you install the antivirus software. For information on SecureDesk, see Using SecureDesk on page 183. Checking the TCP/IP Installation 1. Click Start > Settings > Control Panel. The Control Panel window appears. 2. Double-click the Network and Dial-up Connections icon.

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 27 The Network and Dial-up Connections window appears. 3. Right-click the icon and select Properties from the pop-up menu that opens.

Before You Install the Safe@Office Appliance 28 Check Point Safe@Office User Guide The Local Area Connection Properties window appears. 4. n the components list an properly configured with the Ethernet card, installed on mponents list, . In the above window, check if TCP/IP appears id if it is your computer. If TCP/IP does not appear in the Coyou must install it as described in the next section

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 29 Installing TCP/IP Protocol 1. In the Local Area Connection Properties window click Install…. The Select Network Component Type window appears. 2. Choose Protocol and click Add. The Select Network Protocol window appears. 3. CTCP/IP protocol is installed on your computer. hoose Internet Protocol (TCP/IP) and click OK.

Before You Install the Safe@Office Appliance 30 Check Point Safe@Office User Guide s window double-click the ect it and click window opens. TCP/IP Settings 1. In the Local Area Connection PropertieInternet Protocol (TCP/IP) component, or selProperties. The Internet Protocol (TCP/IP) Properties 2. Click the Obtain an IP address automatically radio button. Note: Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically. If for some reason you need to assign a static IP address, select Specify an IP address, type in an IP address in the range of 192.168.10.129-254, enter 255.255.255.0 in the Subnet Mask field, and click OK to save the new settings. (Note that 192.168.10 is the default value, and it may vary if you changed it in the My Network page.) 3. Click the Obtain DNS server address automatically radio button.

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 31 4. gs. Your computer is now ready to access your Safe@Office appliance. Windows 98/Millennium Checking the TCP/IP Installation 1. Click Start > Settings > Control Panel. The Control Panel window appears. Click OK to save the new settin 2. Double-click the icon.

Before You Install the Safe@Office Appliance 32 Check Point Safe@Office User Guide The Network window appears. 3. In the Network window, check if TCP/IP appears in the network components list and if it is already configured with the Ethernet ur computer. Installingcard, installed on yo TCP/IP Protocol Note: If TCP/IP is already installed and configured on your computer skip this section and move directly to TCP/IP Settings. 1. In the Network window, click Add.

$Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 33 The Select Network Component Type window appears. 2. Choose Protocol and click Add. The Select Network Protocol window appears. 3. In he Manufacturers list choose Microsoft, and in the Network Protocols list choose TCP/IP. 4. Click OK. If Windows asks for original Windows installation files, provide the installation CD and relevant path when required (e.g. D:\win98) 5. Restart your computer if prompted. t$

Before You Install the Safe@Office Appliance 34 Check Point Safe@Office User Guide TCP/IP Settings Note: If you are connecting your Safe@Office appliance to an existing LAN, consult your network manager for the correct configurations. 1. In the Network window, double-click the TCP/IP service for the Ethernet card, which has been installed on your computer (e.g. ). The TCP/IP Properties window opens. 2. Click the Gateway tab, and remove any installed gateways.

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 35 DNS Configuration tab, and click the Disable DNS radio 3. Click the button.

Before You Install the Safe@Office Appliance 36 Check Point Safe@Office User Guide 4. Click the IP Address tab, and click the Obtain an IP address automatically radio button. Note: Normally, it is not recommended to assign a static IP address to your PC but rather to obtain an IP address automatically. If for some reason you need to assign a static IP address, select Specify an IP address, type in an IP address in the range of 192.168.10.129-254, enter 255.255.255.0 in the Subnet Mask field, and click OK to save the new settings. (Note that 192.168.10 is the default value, and it may vary if you changed it in the My Network page.) 5. Click Yes when prompted for “Do you want to restart your computer?”. Your computer restarts, and the new settings to take effect. Your computer is now ready to access your Safe@Office appliance.

Before You Install the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 37 MUse the following procedure for setting up the TCP/IP Protocol. 1. Choose Apple Menus -> Control Panels -> TCP/IP. The TCP/IP window appears. ac OS 2. Click the Connect via drop-down list and select Ethernet. 3. Click the Configure drop-down list and select Using DHCP Server. 4. Close the window and save the setup.

Wall Mounting the Appliance 38 Check Point Safe@Office User Guide Waffice 300 series appliance on the wall. the wall 1. nce. rientation. ht. ll Mounting the Appliance If desired, you can mount your Safe@OTo mount the Safe@Office appliance on Decide where you want to mount your Safe@Office applia2. Decide on the mounting oYou can mount the appliance on the wall facing up, down, left, or rigNote: Facing downwards is not recommended, as dust might accumulate in unused ports.

Wall Mounting the Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 39 3. Mark two drill holes on the wall, in accordance with the following sketch: 4. Drill two 3.5 mm diameter holes, approximately 25 mm deep. 5. Insert the two plastic conical anchors you received with your Safe@Office appliance into the holes. 6. Insert the two screws you received with your Safe@Office appliance into the plastic conical anchors, and turn them until they protrude approximately 5 mm from the wall. 7. Align the holes on the Safe@Office appliance's underside with the screws on the wall, then push the appliance in and down.

Network Installation 40 Check Point Safe@Office User Guide Your Safe@Office appliance is all mounted. You can now connect it to your Network Installation 1. Verify that you have the correct cable type. For informa 13. 2. Connect the LAN cable: • Connect one end of the Ethernet cable to one of the LAN ports at the back of the unit. • Con devices. 3. Conne• Connect one end of the Ethernet cable to the WAN port at the back of the unit. • Connect the other end of the cable to a Cable Modem, xDSL modem or office net4. Conne WR, at the back of the Safe@Office appliance. Plug in the AC power adapter to the wall electrical outlet. wcomputer. See Network Installation on page 40. tion, see Network Requirements on pagenect the other end to PCs, hubs, or other network ct the WAN cable: work. ct the power adapter to the power socket, labeled P Warning: The Safe@Office applia ce AC adapter is compatible with eithe y that the wall ur power supply. Failure to observe this warning may result in injuries or damage to equipment. nr 100, 120 or 230 VAC input power. Please verifoutlet voltage is compatible with the voltage specified on yo

Setting Up the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 41 Figure 6: Typical Connection Diagram 5. In Safe@Office appliance 300W, prepare the Safe@Office appliance for a wireless connection: a. Connect the antennas that came with your Safe@Office appliance to the ANT1 and ANT2 antenna connectors in the appliance's rear panel. b. Bend the antennas at the hinges, so that they point upwards. Setting Up the Safe@Office Appliance After you have installed the Safe@Office appliance, you must set it up using the steps shown below. When setting up your Safe@Office appliance for the first time after installation, these steps follow each other automatically. After you have logged on and set up your password, the Safe@Office Setup Wizard automatically opens and displays the dialog boxes for configuring your Internet connection. After you have configured your Internet connection, the Setup Wizard automatically displays the dialog boxes for registering your Safe@Office appliance. If desired, you can exit the Setup Wizard and perform each of these steps separately.

Setting Up the Safe@Office Appliance 42 Check Point Safe@Office User Guide Logging on to the Safe@Office Portal and setting up your password Initial Login to the Safe@Office Portal on page 45 Configuring an Internet connection Using the Internet Wizard on page 58 Setting the Time on your Safe@Office appliance (200 series only) Setting the Time on the Appliance on page 267 Installing the Product Key Upgrading Your Software Product on page 258 Registering your Safe@Office Appliance Registering Your Safe@Office Appliance on page 262 Setting up subscription services Connecting to a Service Center on page 165

Setting Up the Safe@Office Appliance Chapter 2: Installing and Setting up the Safe@Office Appliance 43 You can access the Setup Wizard at any time after initial setup, using the proTo access the Setup Wizard cedure below. 1. Click Setup in the main menu, and click the Firmware tab. The Firmware page appears. 2. Click Safe@Office Setup Wizard. d. 3. The Safe@Office Setup Wizard opens with the Welcome page displaye

Initial Login to the Safe@Office Portal Chapter 3: Getting Started 45 ChThis ch er to get started Initial Login to the Safe@Office Portal................................................45 Logging on to the Safe@Office Portal .................................................47 Accessing the Safe@Office Portal Rem tely.......................................49 Using the Safe@Office Portal ..............................................................50 ..................................................56 Initial Login to the Safe@Office Portal apter 3 apter contains all the information you need in ordusing your Safe@Office appliance. This chapter includes the following topics: o Logging off......................................... The he Safe@Office Portal, you must set up your pasTo log on to the Safe@Office Portal for the first time 1. Browse to http://my.firewall. Getting Startedfirst time you log on to tsword.

Initial Login to the Safe@Office Portal 46 Check Point Safe@Office User Guide The initial login page appears. 2. Type a password both in the Password and the Confirm Password fields. Note: The password must be five to 25 characters (letters or numbers). Note: You can change your password at any time. For further information, see Changing Your Password on page 245. 3. Click OThe Safe@Office Setup Wizard opens, with the Welcome screen displayed. K.

Logging on to the Safe@Office Portal Chapter 3: Getting Started 47 part of the Setup Wizard, and it takes you through basic Internet connection setup, step by step. For ernet rd, the Setup Wizard For more information, page 41. wo Internet ncel Logging on to the Safe@Office Portal 4. Configure your Internet connection using one of the following ways: • Internet Wizard The Internet Wizard is the first information on using the Internet Wizard, see Using the IntWizard on page 58. After you have completed the Internet Wizacontinues to guide you through appliance setup. see Setting Up the Safe@Office Appliance on• Internet Setup Internet Setup offers advanced setup options. For example, if you are using Safe@Office 110 or 225, you can configure tconnections using Internet Setup. To use Internet Setup, click Caand refer to Using Internet Setup on page 66. To log on to the Safe@Office Portal 1. llowing: ://my.firewall. hrough HTTPS (locally or remotely), follow the the Safe@Office Portal Remotely on page Do one of the fo• Browse to httpOr • To log on tprocedure Accessing49.

Logging on to the Safe@Office Portal 48 Check Point Safe@Office User Guide The login page appears. If you are usin ars without the Username 2. Type in your 3. Click OK. The Welcomeg Safe@Office 105, the page appefield. username and password. page appears.

Accessing the Safe@Office Portal Remotely Chapter 3: Getting Started 49 Accessing the Safe@Office Portal Remotely You can access the Safe@Office Portal remotely (from the Internet) through HTTPS. HTTPS is a protocol for accessing a secure Web server. It is used to transfer confidential user information, since it encrypts data and utilizes a secure port. If desired, you can also use HTTPS to access the Safe@Office Portal from your internal network. do the following: Note: In order to access the Safe@Office Portal remotely, you must first Configure your password, using HTTP. See Initial Login to the Safe@Office Portal on page 45. Configure HTTPS. See Configuring HTTPS on page 265. Note: Your browser must support 128 bit cipher strength. To check your browser's cipher strength, open Internet Explorer and click Help > About Internet Explorer. To access the Safe@Office Portal from your internal network • Browse to https://my.firewall. (Note that the URL starts with “https”, not “http”.) The Safe@Office Portal appears. To access the Safe@Office Portal from the Internet • Browse to https://<firewall_IP_address>:981. (Note that the URL starts with “https”, not “http”.) The following things happen in the order below:

Using the Safe@Office Portal 50 Check Point Safe@Office User Guide mpt to access the Safe@Office Portal through Safe@Office appliance is not yet known to ears. To avoid seeing this dialog box again, install the certificate of the If you are using Internet Explorer 5, View Certificate dialog box appears, with the General tab displayed. lick Install The Certificate Import Wizard c. Click Next. d. Click Next. Finish. f. Click Yes. g. Click OK. The Securityh. Click Yes. The Safe g the SThe Safe@Office P ables you to manage and options. The Safe@Office Portal consists of three major elements. If this is your first atteHTTPS, the certificate in thethe browser, so the Security Alert dialog box appdestination Safe@Office appliance. do the following: a. ClickThe Certificate. b. C Certificate. opens. e. Click Alert dialog box reappears. @Office Portal appears. Usin afe@Office Portal ortal is a web-based management interface, which enconfigure the Safe@Office appliance operation and

Using the Safe@Office Portal Chapter 3: Getting Started 51 Table 7: Safe@Office Portal Elements Element Description Main menu Uas Reports, Security, and Setup). sed for navigating between the various topics (such Main frame Di mation and controls related to the selected topic. The main frame may also contain tabs thselected topic. Status bar Shstsplays inforat allow you to view different pages related to the ows your Internet connection and managed services atus. Figure 7: Safe@Office Portal

Using the Safe@Office Portal 52 Check Point Safe@Office User Guide Main Menu nu ng submenus. n Menu SubThis submenu… Does this… The main me includes the followiTable 8: Mai menus Welcome Displays the welcome information. Reports P vent l tive cSecurity P ecurity o e network. Services Network Setup for managing your Safe@Office appliance. Allows you to upgrade your product key and firmware and to configure HTTPS access to your Safe@Office appliance. Password Allows you to set your password. This submenu only appears in Safe@Office 105. rovides reporting capabilities in terms of eacogging, established connections, and omputers. rovides controls and options for setting the sf any computer in thAllows you to control your subscription to subscription services. Allows you to manage and configure your network settings and Internet connections. Provides a set of tools

Using the Safe@Office Portal Chapter 3: Getting Started 53 This submenu… Does this… Users Allows you to manage Safe@Office appliance users. This submenu only appears in Safe@Office 110 and225. VPN PN T 110 and 2Help PLogout A tal. Allows you to manage, configure, and log on to Vsites. his submenu only appears in Safe@Office25. rovides context-sensitive help. llows you to log off of the Safe@Office Por Main Frame The main frame displays the relevant data and controls pertaining to the menu and tab you select. These elements sometimes differ depending on what model you are using. The differences are described throughout this guide. Status Bar The status bar, located at the bottom of each page, displays the fields below. In the Safe@Office 200 series, the status bar also displays the date and time.

Using the Safe@Office Portal 54 Check Point Safe@Office User Guide Table 9: Status Bar Fields ys this… This field… DisplaInternet Your Internet connection status. on is ing Connection. The Safe@Office appliance is connecting to the Internet. appliance is trying to contact the Internet ay. ection has been manually disabled. ction. When both connections are configured, the Status bar displays both statuses. For example “Internet [Primary]: Connected”. For information on configuring a secondary Internet connection, see Configuring the Internet Connection on page 57. The connection status may be one of the following: • Connected. The Safe@Office appliance is connected to the Internet. • Not Connected. The Internet connectidown. • Establish• Contacting Gateway. The Safe@Office default gatew• Disabled. The Internet connNote: Using Safe@Office 110 and 225, you can configure both a primary and a secondary Internet conne

Using the Safe@Office Portal Chapter 3: Getting Started 55 This lays this… field… DispService Center DiYour Service Center may offer vaservices. These include the firewaus may be one of the Center, and security services are active. splays your subscription services status. rious subscription ll service and optional services such as Web Filtering and Email Antivirus. Your subscription services statfollowing: • Not Subscribed. You are not subscribed to security services. • Connection Failed. The Safe@Office appliance failed to connect to the Service Center. • Connecting. The Safe@Office appliance is connecting to the Service Center. • Connected. You are connected to the Service

Logging off 56 Check Point Safe@Office User Guide Logging off g off tLoggin erminates your administration session. Any subsequent attempt to conn tering of the adminiTo log off of If you are connected through HTTP, click Logout in the main menu. The Logout page appears. ect to the Safe@Office Portal will require re-enstration password. the Safe@Office Portal • Do one of the following: • • If you are connected through HTTPS, the Logout option does not appear in the main menu. Close the browser window.

Overview Chapter 4: Configuring the Internet Connection 57 Chapter 4 This chapter describes how to configure and work with an Safe@Office Internet connection. This chapter includes the following topics: Overview ..............................................................................................57 Using the Internet Wizard.....................................................................58 Using Internet Setup.............................................................................66 Setting Up a Dialup Modem.................................................................84 Cloning a MAC Address ......................................................................86 Viewing Internet Connection Informati n............................................88 ....................89 90 ternet Connection..........................................91 Overview You must configure your Internet connection before you can access the Internet through the Safe@Office appliance. You can configure your Internet connection using any of the following setup tools: • Setup Wizard. Guides you through the Safe@Office appliance setup step by step. The first part of the Setup Wizard is the Internet Wizard. For further information on the Setup Wizard, see Setting Up the Safe@Office Appliance on page 41. • Internet Wizard. Guides you through the Internet connection configuration process step by step. Configuring the Internet Connection o Enabling/Disabling the Internet Connection.....................Using Quick Internet Connection/Disconnection.................................Configuring a Backup In

Using the Internet Wizard 58 Check Point Safe@Office User Guide u are using • Enable Traffic Shaper for traffic flowing through the connection. For information on Traffic Shaper, see Using Traffic Shaper on page 120. • Configure a dialup Internet connection. Before configuring the connection, you must first set up the modem. For information, see Setting Up a Dialup Modem on page 84. Using the Internet Wizard • Internet Setup. Offers advanced setup options. If yoSafe@Office 110 or 225, you can configure two Internet connections. In Safe@Office 225, you can also do the following: The igure your Safe@Office appliance for Int hrough its user-friendly interface. It lets tion Direct LAN Connection Internet Wizard allows you to confernet connection quickly and easily t you to choose between the following three types of broadband connecmethods: • • Cable Modem • PPTP or PPPoE dialer you should skip to step 2 in the procedure below. set up the Internet cNote: The first time you log on to the Safe@Office Portal, the Internet Wizard starts automatically as part of the Setup Wizard. In this case, To onnection using the Internet Wizard 1. ternet tab. 2. Click Network in the main menu, and click the InThe Internet page appears Click Internet Wizard.

Using the Internet Wizard Chapter 4: Configuring the Internet Connection 59 The Internet Wizard opens with the Welcome page displayed. 3. Click Next. The Internet Connection Method dialog box appears. 4. Select the Internet connection method you want to use for connecting to the Internet. Note: If you selected PPTP or PPPoE dialer, do not use your dial-up software to connect to the Internet. 5. Click Next.

Using the Internet Wizard 60 Check Point Safe@Office User Guide Using aNo further ork) Confirmation screen appears. Direct LAN Connection settings are required for a direct LAN (Local Area Netwconnection. The 1. Click Next. The system attempts to connect to the Internet via the selected connection. The Connecting… screen appears. . At the end of the connection process the Connected screen appears2. Click Finish.

Using the Internet Wizard Chapter 4: Configuring the Internet Connection 61 nnection the Cabl nection method, the Identification dialog Using a Cable Modem CoIf you selected box appears. e Modem con 1. If your ISP requires a specific hostname for authentication, enter it in the Host Name field. The ISP will supply you with the proper hostname, if required. Most ISPs do not require a specific hostname. ork ur ISP restricts connections to specific, recognized ou to enter the MAC address. d blank. quires the MAC address, do either of the following: ly "clone" the MAC address of ce appliance. quires authentication using the MAC address of a different computer, enter the MAC address in the MAC cloning field. 3. Click Next. The Confirmation screen appears. 4. Click Next. 2. A MAC address is a 12-digit identifier assigned to every netwdevice. If yoMAC addresses, they will instruct yOtherwise, you may leave this fielIf your ISP re• Click This Comp to automaticalyour computer to the Safe@OffiuterOr • If the ISP re

Using the Internet Wizard 62 Check Point Safe@Office User Guide e Internet. ting… sc At the end of the connection process ed screenFinish. a PPTP o ler Connection e PPTP ection method, the DSL dialog bThe system attempts to connect to thThe Connecthe Connect reen appears. appears. 5. Click Using r PPPoE DiaIf you selected thConnection Type or PPPoE dialer connox appears. 1. Select the connection method used by your DSL provider. Note: Most xDSL providers use PPPoE. If you are uncertain regarding which connection method to use contact your xDSL provider. 2. Click Next.

Using the Internet Wizard Chapter 4: Configuring the Internet Connection 63 Using PPPoE ethod, the DSL Configuration dialog box appears. If you selected the PPPoE connection m 1. Complete the fields using the information in the table below. 2. Click Next. The Confirmation screen appears. 3. Click Next. The system attempts to connect to the Internet via the DSL connection. The Connecting… screen appears. 4. ish. TablInAt the end of the connection process the Connected screen appears. Click Fine 10: PPPoE Connection Fields this field… Do this… Usern name. ame Type your userPConfirm password Type your password. assword Type your password.

Using the Internet Wizard 64 Check Point Safe@Office User Guide In this field… Do this… S Type your service name. ft blank. ervice This field can be le Using PPTP If you selected the PPTP connection method, the DSL Configuration dialog box appears. 1. Complete the fields using the information in the table below. Click Next. 2. The Confirmation screen appears. 3. Click Next. The system attempts to connect to the Internet via the DSL connection. The Connecting… screen appears. At the end of the connection process the Connected screen appears. 4. Click Finish.

Using the Internet Wizard Chapter 4: Configuring the Internet Connection 65 TablIn this field… Do this… e 11: PPTP Connection Fields Username Type your user name. Password Type your password. Confirm password Type your password. Service Type your service name. Server IP Type the IP address of the PPTP modem. Internal IP Type the local IP address required for accessing the PPTP modem. Subnet Mask Type the subnet mask of the PPTP modem.

Using Internet Setup 66 Check Point Safe@Office User Guide Using Internet Setup Internet Setup allows you to manually configure your Internet connection. To configure the Internet connection using Internet Setup 1. Click Network in the main menu, and click the Internet tab. If you are using Safe@Office 105, the secondary connection does not appear. C address using the procedure Cloning a MAC Address on page 86. 3. Next to the Internet connection, click Edit. 2. If your ISP restricts connections to specific, recognized MAC addresses, clone a MA

Using Internet Setup Chapter 4: Configuring the Internet Connection 67 The Internet Setup page appears. 4. From the Connection Type drop-down list, select the Internet connection type you are using/intend to use. The di changes according to the connection type y selected. eps should be performed in accordance with the connection typ splayThe following stoue you have chosen.

Using Internet Setup 68 Check Point Safe@Office User Guide Using a LAN Connection Note: The QoS area only appears in the Safe@Office 200 series. 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.

Using Internet Setup Chapter 4: Configuring the Internet Connection 69 lected. New fields appear, depending on the check boxes you se 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take several seconds. ection is made, the Status Bar displays the Internet status Once the conn“Connected”.

Using Internet Setup 70 Check Point Safe@Office User Guide ection Using a Cable Modem Conn 1. Complete the fields using the relevant information in Internet Setup Fields on page 79. New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take s. Once the connection is made, the Status Bar displays the Internet status “Connected”. several second

Using Internet Setup Chapter 4: Configuring the Internet Connection 71 Using a PPPoE Connection 1. Complete the fie ternet Setup Fields on page 79. lds using the relevant information in In

Using Internet Setup 72 Check Point Safe@Office User Guide New fields appear, depending on the check boxes you selected. 2. Click Apply. The Safe@Offic et, and the Status Bar displ y take several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”. e appliance attempts to connect to the Internays the Internet status “Connecting”. This ma

Using Internet Setup Chapter 4: Configuring the Internet Connection 73 Using a PPTP Connection lds using the relevant information in Internet 1. Complete the fie Setup Fields on page 79.

Using Internet Setup 74 Check Point Safe@Office User Guide New fields appear, depending on the check boxes you selected. 2. Click ApplyTh. e Safe@Office appliance attempts to connect to the Internet, and the Status Bar displays the Internet status “Connecting”. This may take econds.Once the connection is made, the Status Bar displays the Internet status “Connected”. several s

Using Internet Setup Chapter 4: Configuring the Internet Connection 75 Using a Telstra (BPA) Connection Use this Internet connection type only if you are subscribed to Telstra® net poration BigPond™ InterLimited. . Telstra BigPond is a trademark of Telstra Cor 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.

Using Internet Setup 76 Check Point Safe@Office User Guide New fields appear, depending on the check boxes you selected. e appliance attempts to connect to the Internet, aays the Internet status “Connecting”. This may ta2. Click Apply. The Safe@Offic nd the Status Bar displ ke several seconds. Once the connection is made, the Status Bar displays the Internet status “Connected”.

Using Internet Setup Chapter 4: Configuring the Internet Connection 77 Using a Dialup Connection To use this connection type, you must first set up the dialup modem. For rmation, see Seinfo tting Up a Dialup Modem on page 84. 1. Complete the fields using the relevant information in Internet Setup Fields on page 79.

Using Internet Setup 78 Check Point Safe@Office User Guide ing on the check boxes you selected. New fields appear, depend 2. Click . @Offic onnect to the Internet, and the Status Bar displays the Internet status “Connecting”. several seconds. Once the connectio tus “Connected”. ApplyThe Safe e appliance attempts to c This may take n is made, the Status Bar displays the Internet sta

Using Internet Setup Chapter 4: Configuring the Internet Connection 79 Using No Connection If you are using Safe@Office 110 or 225, and you do not have a secondary nInternet connectio , set the connection type to None. • Click Apply. Internet … Table 12: Setup Fields In this field Do this… Host Name Type the hostname for authentication. If your ISP has not provided you with a host name, leave this field blank. Most ISPs do not require a specific hostname. UPassword Type your password. Confirm p sword. Servi ervice name. you with a service field empty. Server IP If you selected PPTP, type the IP address of the ver as given by your ISP. n by Telstra. sername Type your user name. ass Type your pasword ce Type your sIf your ISP has not provided name, leave thisPPTP serIf you selected Telstra (BPA), type the IP address of the Telstra authentication server as give

Using Internet Setup 80 Check Point Safe@Office User Guide In this field… Do this… P If you selected Dialup, type the phone number that the modem should dial, as given by your ISP. hone Number Dial OConnect on demand Select this option if you do not want the dialup modem to be constantly connected to the Internet. The modem will dial a connection only under certain conditions. This option is useful when configuring a dialup backup connection. For information, see Setting Up a Dialup Backup Connection on page 92. When no other Internet connection is available Select this option to specify that the dialup modem should only dial a connection if no other connection exists, and the Safe@Office appliance is not acting as a Backup appliance. If another connection opens, or if the Safe@Office appliance becomes a Backup appliance, the dialup modem will disconnect. For information on configuring the appliance as a Backup or Master, see Configuring High Availability on page 117. n Demand

Using Internet Setup Chapter 4: Configuring the Internet Connection 81 In this field… Do this… On outgoing activity Select this option to specify that the dialup modem should only dial a connection if no other connection exists, and there is outgo g activity (that is, packets If another connection opens, or if the connection will disconnect. inneed to be transmitted to the Internet). times out, the dialup modemId e can remain idle. Once this period of time Nautomatically HCP) n if you do not want the Safe@Office appliance to obtain an IP address automatically omain ers ally fe@Office Obtain WINS Server automatically you want the Safe@Office btain an IP address automatically using DHCP, but not to automatically configure the address of your Safe@Office appliance. le timeout Type the amount of time (in minutes) that thconnectionhas elapsed, the dialup modem will disconnect. ame Servers Obtain IP address Clear this optio(using D using DHCP. Obtain DName ServautomaticClear this option if you want the Saappliance to obtain an IP address automatically using DHCP, but not to automatically configure DNS servers. Clear this option if appliance to oWINS server.IP Address Type the static IP

Using Internet Setup 82 Check Point Safe@Office User Guide In this field… Do this… Subnet Mask address of your Safe@Office appliance. Select the subnet mask that applies to the static IP Default Gateway efault gateway. S rver IP address. WINS Server IP address. Shape Upstream: Select this option to enable Traffic Shaper for ond) your Internet connection's maximum measured upstream speed in the field s recommended to try different rates in order to termine which one provides the best results. For information on using Traffic Shaper, see Using Traffic Shaper on page 120. Type the IP address of your ISP’s dPrimary DNSServer Type the Primary DNS server IP address. Secondary DNServer Type the Secondary DNS seType the WINS server QoS Link Rate outgoing traffic. Then type a rate (in kilobits/secslightly lower than provided. It ide

Using Internet Setup Chapter 4: Configuring the Internet Connection 83 In this field… Do this… ShapDRate option to enable Traffic Shaper for ts/second) slightly lower than your Internet connection's d nstream speed in the field different rates in order to w s. cannot control the number or he Internet; it can raffic by dropping received packets. This makes the shaping of inbound traffic less accurate than the shaping of outbound traffic. It is therefore recommended to n on using Traffic Shaper, see Using e Select this ownstream: Link incoming traffic. Then type a rate (in kilobimaximum measured owprovided. It is recommended to trydetermine hich one provides the best resultNote: Traffic Shaper type of packets it receives from tonly affect the rate of incoming tenable traffic shaping for incoming traffic only if necessary. For informatioTraffic Shaper on page 120. AE selected PPTP, type the IP address of the PPTP client as given by your ISP. If you selected PPPoE, this field is optional, and you do not have to fill it in unless your ISP has instructed you to do so. dvanced xternal IP If you

Setting Up a Dialup Modem 84 Check Point Safe@Office User Guide In this field… Do this… MTU This field allows you to control the maximum e default r transmission unit size. As a general recommendation you should leave this field empty. If however you wish to modify thMTU, it is recommended that you consult with youISP first and use MTU values between 1300 and 1500. Setting Up a Dialup Modem You can use a dialup modem as a primary or secondary Internet connection method. This is useful in locations where broadband Internet access is ally dis d when not in use. For information on setting up a dialup backup connection, see Setting Up a Dialup Backup Connection on page 92. dem to your Safe@Office For information on locating the serial port, see Rear Panel on page 17. 2. Click Networunavailable. When used as a backup Internet connection, the modem can be automaticconnecteTo set up a dialup modem 1. Connect a regular or ISDN dialup moappliance's serial port. k in the main menu, and click the Dialup tab.

Setting Up a Dialup Modem Chapter 4: Configuring the Internet Connection 85 The Dialup page appears. 3. Complete the fields using the information in the table below. 4. , click Test. the test succeeded. . Configure a Dialup Internet connection using the information in Using Internet Setup on page 66. Table 13: Dialup Fields In this field… Do this… Click Apply. 5. To check that that the values you entered are correctThe Dialup page displays a message indicating whether 6Modem Type Select the modem type. If you selected Custom, the Installation String field is enabled. Otherwise, it is filled in with the correct installation string for the modem type.

Cloning a MAC Address 86 Check Point Safe@Office User Guide In this field… Do this… Initialization String Type the installation string for the custom modem type. Is you selected a standard modem type, this field is read-only. Dial Mode Select the dial mode the modem uses. Port Speed Select the modem's port speed (in bits per second). Cloning a MAC Address A MAC address is a 12-digit identifier assigned to every network device. If your ISP restricts connections to specific, recognized MAC addresses, you must clone a MAC address. To clone a MAC address 1. Click Network in the main menu, and click the Internet tab. The Internet page appears. 2. In the Cloned MAC address field, click Edit.

Cloning a MAC Address Chapter 4: Configuring the Internet Connection 87 The MAC Cloning page appears. 3. Do one of the following: • Click This Computer to automatically "clone" the MAC address of • If thdiff s in the MAC cloning field. 4. Click A5. Click BThe Inte your computer’s MAC address displayed. your computer to the Safe@Office appliance. Or e ISP requires authentication using the MAC address of a erent computer, enter the MAC addrespply. ack. rnet page reappears with

Viewing Internet Connection Information 88 Check Point Safe@Office User Guide on Information Viewing Internet Connecti You can view information on your Internet connection(s) in terms of statusduration, and activity. , To view Inter1. Click NeThe InterFor an ex2. To refres resh. TFnet connection information twork in the main menu, and click the Internet tab. net page appears. planation of the fields on this page, see the table below. h the information on this page, click Refable 14: Internet Page Fields ield Description Status Indicates the connection’s status. Duration Indicates the connection duration, if active. The duration is given in the format hh:mm:ss, where: ss=seconds IP Address Your IP address. hh=hours mm=minutes

Enabling/Disabling the Internet Connection Chapter 4: Configuring the Internet Connection 89 Field Description Enabled Indicates whether or not onnection is enabled. Disabling the the cFor further information, see Enabling/Internet Connection on page 89 WANAddress ce appliance’s MAC address. Cloned MAC Address The cloned MAC address. For further information, see Cloning a MAC Address on page 86. Received Packets The number of data packets received in the active connection. Sent Packets The number of data packets sent in the active connection. MAC The Safe@Offi E nternet Conabling/Disabling the Innection You can temporarily disable an Internet connection. This is useful if, for exa n and do not want to leave your computer e Internet. If you are using Safe@Office 110 or 225 and have nnections, you can force the Safe@Office appliance to use a part ng the other connection. The Internet connection’s Enabled/Disabled status is persistent through Safe@Office appliance reboots. mple, you are going on vacatioconnected to thtwo Internet coicular connection, by disabli

Using Quick Internet Connection/Disconnection 90 Check Point Safe@Office User Guide 1. 2. tion, do one of the following: To enable/disable an Internet connection Click Network in the main menu, and click the Internet tab. The Internet page appears. Next to the Internet connec• To enable the connection, click . The button changes to and the connection is enabled. • To disable the connection, click . The button changes to and the connection is disabled. UCsing Quick Internet onnection/Disconnection By clicking the Connect or Disconnect button (depending on the connection sta establish a quick Internet connection usi tion type. In the same manner, you can Th /Not Connected status until the e Safe@Office appliance then n is enabled. For information on ena ling the Internet Connection on page 89. tus) on the Internet page, you canng the currently-selected connecterminate the active connection. e Internet connection retains its ConnectedSafe@Office appliance is rebooted. Thconnects to the Internet if the connectiobling an Internet connection, see Enabling/Disab

Configuring a Backup Internet Connection Chapter 4: Configuring the Internet Connection 91 Configuring a Backup Internet Connection You can configure both a primary and a secondary Internet connection. The secondary connection acts as a backup, so that if the primary connection fails, the Safe@Office appliance remains connected to the Internet. Note: You can configure different DNS servers for the primary and secondary connections. The Safe@Office appliance acts as a DNS relay and routes requests from computers within the network to the appropriate DNS server for the active Internet connection. Setting Up a LAN or Broadband Backup Connection To set up a LAN or broadband backup Internet connection 1. e WAN port on your appliance's rear Connect a hub or switch to thpanel. Note: Do not connect to the DMZ port. 2. Connect your two modems or routers to the hub/switch. 3. Configure two Internet connections. For instructions, see Using Internet Setup on page 66. Important: The two connections can be of different types. However, they cannot both be LAN DHCP connections.

Configuring a Backup Internet Connection 92 Check Point Safe@Office User Guide Setting Up a Dialup Backup Connection If desired, you can use a dialup modem as the secondary Internet connection liance automatically dials the modem if the To rnet connection Modem on page 84. Internet connection. 3. a Dialup secondary Internet connection. For instructions, see Using Internet Setup on page 66. method. The Safe@Office appprimary In nnection fails. ternet co set up a dialup backup Inte1. Setup a dialup modem. For instructions, see Setting Up a Dialup2. Configure a LAN or broadband primaryFor instructions, see Using Internet Setup on page 66. Configure

Configuring Network Settings Chapter 5: Managing Your Network 93 Chapter 5 This chapter describes how to manage and configure your network connection and settings. This chapter includes the following topics: Configuring Network Settings..............................................................93 Configuring High Availability............................................................117 Using Traffic Shaper .............. ............................................................120 Using Network Objects ......................................................................129 .....................................................................137 Configuring Network Settings Using Static Routes ....... Warning: These are advanced settings.necessary and you are qualified to do so. Do not change them unless it is unable to correct the error, you can reset the Safe@Office appliits default settNote: If you change the network settings to incorrect values and are ance to ings. See Resetting the Safe@Office appliance to Defaults on page 277. Managing Your Network

Configuring Network Settings 94 Check Point Safe@Office User Guide Configuring a DHCP Server By default, the Safe@Office appliance operates as a DHCP (Dynamic Host Co g ppliance to auto heir network confignfi uration Protocol) server. This allows the Safe@Office amatically configure all the devices on your network with turation details. obtain an IP address automatically. If a computer is not coNote: The DHCP server only serves computers that are configured to nfigured to an IP IP network, and you want to u must disable the Safe@Office DHCP server, since you cannot have two DHCP servers or relays on the same network segment. f the on your network. obtain an IP address automatically, it is recommended to assign it address outside of the DHCP address range. If you do assign it anaddress within the DHCP address range, the DHCP server will not assign this IP address to another computer. If you already have a DHCP server in your internaluse it instead of the Safe@Office DHCP server, yoIf you want to use a DHCP server on the Internet or via a VPN, instead oSafe@Office DHCP server, you can configure DHCP relay. When in DHCP relay mode, the Safe@Office appliance relays information from the desired DHCP server to the devices Note: When using a Safe@Office 200 series appliance, you can configure a DHCP server for a DMZ network. Note: You can perform DHCP reservation using network objects. For information, see Using Network Objects on page 129.

Configuring Network Settings Chapter 5: Managing Your Network 95 ffice DHCP Server Enabling/Disabling the Safe@O To Office DHCP server ork in the main menu, and click the My Network tab. enable/disable the Safe@1. Click NetwThe My Network page appears. If you are using Safe@Office 105, the page appears without the DMZ area. 2. In the desired network's row, click Edit.

Configuring Network Settings 96 Check Point Safe@Office User Guide The Edit Network Settings page appears. 3. From the DHCP Server list, select Enabled or Disabled. 4. iwar5. CliA s6. If y(usi ), and either the Safe@Office DHCP server or another , your computer obtains an IP address in Configuring the DHCP Address Range Cl ck Apply. A ning message appears. ck OK. uccess message appears our computer is configured to obtain its IP address automatically ng DHCPDHCP server is enabled, restart your computer. If you enabled the DHCP serverthe DHCP address range. By d ly sets the DHCP add addresses that the IP addresses outside of the DHCP address d computers. efault, the Safe@Office DHCP server automaticalress range. The DHCP address range is the range of IP DHCP server can assign to network devices. range are reserved for statically addresse

Configuring Network Settings Chapter 5: Managing Your Network 97 To configure the DHCP address range 1. Cl ck Network in the main menu, and click the My Network tab. network's row, click Edit. e appears. HCP range manually: range check box. If desired, you can set the Safe@Office DHCP range manually. iThe My Network page appears. 2. In the desiredThe Edit Network Settings pag3. To set the Da. Clear the Automatic DHCPThe DHCP IP range fields appear. b. In the DHCP IP range fields, type the desired DHCP range. To allow the DH4. CP server to set the IP address range, select the 5. CAutomatic DHCP range check box. lick Apply. A warning message appears. 6. Click OK. A success message appears

Configuring Network Settings 98 Check Point Safe@Office User Guide 7. o obtain its IP address automatically e DHCP server or another puter. e new DHCP address range. If your computer is configured t(using DHCP), and either the Safe@OfficDHCP server is enabled, restart your comYour computer obtains an IP address in th

Configuring Network Settings Chapter 5: Managing Your Network 99 Configuring DHCP Relay To configure DHCP relay 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. 2. In the desired network's row, click Edit. The Edit Network Settings page appears. 3. In the DHCP Server list, select Relay. The Automatic DHCP range check box is disabled, and the Relay to IP field appears. 4. e IP address of the desired DHCP 5. iA w . 6. CliIn the Relay to IP field, type thserver. Cl ck Apply. arning message appearsck OK.

Configuring Network Settings 100 Check Point Safe@Office User Guide s7. If y onfigured to obtain its IP address automatically DH start your computer. hA uccess message appears our computer is c(using DHCP), and either the Safe@Office DHCP server or another CP server is enabled, reYour computer obtains an IP address in the DHCP address range. C anging IP Addresses If desired, you can change your Safe@Office appliance’s internal IP address. Using Safeaddresses if, for ex mpl g network an hange that network’s IP address range, or if you are using a DHCP server other than the Safe@Office appliance, that assigns addresses within a different range. To change IP addresses 1. Click Network in the main menu, and click the My Network tab. The My Network page appears. 2. In the LAN network's row, click Edit. The Edit Network Settings page appears. 3. To change the Safe@Office appliance’s internal IP address, enter the new IP address in the IP Address field. 4. To change the internal network range, enter a new value in the Subnet Mask field. @Office 110 or 225, you can also change the entire range of IP in your internal network. You may want to perform these tasks e, you are adding the Safe@Office appliance to a large existind don't want to ca

Configuring Network Settings Chapter 5: Managing Your Network 101 Note: The internal network ra applinge is defined both by the Safe@Office anc ddress and by the subnet mask. For exam192.168.network’ range will be 192.168.100.1 – 192.168.100.254. The defa5. Click Apply. g mes• The Safe@Office appliance's internal IP address and/or the l netwA success m7. Do one of the f• If your com to obtain its IP address automatically (using DHC abled, restart your computer. Your comput• Otherwise, manually reconfigure your computer to use the new address range using the TCP/IP settings. For information on configuring TCP/IP, see TCP/IP Settings on page 34, on page 30. Enabling/Disabling Hide NAT e’s internal IP aple, if the Safe@Office appliance’s internal IP address is 100.7, and you set the subnet mask to 255.255.255.0, the s IP addressult internal network range is 192.168.10.*. A warnin sage appears. 6. Click OK. interna• ork range are changed. essage appears. ollowing: puter is configuredP), and the Safe@Office DHCP server is ener obtains an IP address in the new range. Hide Network Address Translation (NAT) enables you to share a single public Internet IP address among several computers, by “hiding” the private IP addresses of the internal computers behind the Safe@Office appliance’s single Internet IP address.

Configuring Network Settings 102 Check Point Safe@Office User Guide Note: If Hide NAT is disabled, you must obtain a range of Internet IP addresses from your ISP. Hide NAT is enabled by default. Note: Static NAT n be used together. To enable/disable id1. Click Network in the The My Network p2. In the desired networThe Edit Network Set appears. 3. From the Hide N4. Click Apply. A warning message a5. Click OK. • If you chose e Hide NAT, it is disabled. • If you chose Configuring a DMZ Network and Hide NAT ca H e NAT main menu, and click the My Network tab. age appears. k's row, click Edit. tings page AT list, select Enabled or Disabled. ppears. to disabl to enable Hide NAT, it is enabled. In addition to the LAN network, you can define a second internal network called a DMZ (demilitarized zone) network, when using Safe@Office 110 and 225. Safe@Office 110 does not have a dedicated DMZ port, so the DMZ is a logical second network behind the Safe@Office appliance, and you must connect DMZ computers to LAN ports. Safe@Office 225 has a dedicated DMZ port to which you must connect all DMZ computers. By default, all traffic is allowed from the LAN network to the DMZ network, and no traffic is allowed from the DMZ network to the LAN and WLAN

Configuring Network Settings Chapter 5: Managing Your Network 103 networks. You can easily customize this behavior by creating firewall user rules. For further information, see Using Rules on page 154. mple, you ctwork and accounting departm able to connect to all company computers, while the rest of the e p ensitive information on the acc then create firewall rules that allow r’s computer) to connect t artment. For exaLAN ne ould assign your company’s accounting department to the the rest of the company to the DMZ network. The ent would bem loyees would not be able to access any sounting department computers. You could specific DMZ computers (such a manage to he LAN network and the accounting dep Note: If you are u 5, you can enable the DHCP server for the DMIf you are ot obtain IP c IP addres30. sing Safe@Office 22Z network. using Safe@Office 110, computers in the DMZ network cannaddresses using DHCP, and therefore must be assigned statis. For instructions, see TCP/IP Settings on page 34, on page Note: The default gateway for the DMZ computers should be specified as the Safe@Office DMZ IP address. To configure a DMZ network 1. Connect the DMZ computer(s) as follows: • If you are using Safe@Office 110, connect the DMZ computers to any of the appliance's LAN ports. • If you are using Safe@Office 225, connect the DMZ computer to the DMZ port. If you have more than one computer in the DMZ network, connect a hub or switch to the DMZ port, and connect the DMZ computers to the hub. 2. Click Network in the main menu, and click the My Network tab. The My Network page appears. 3. In the DMZ network's row, click Edit.

Configuring Network Settings 104 Check Point Safe@Office User Guide The Edit Network Settings page appears. 4. In the Mode drop-down list, select Enabled. fields are e5. If desired, enable dSee Enabling/Disabl6. If desired, configure erver. See Configuring 7. In the IP Address fiel k's default gateway. The nabled. or isable Hide NAT. ing Hide NAT on page 101. a DHCP sa DHCP Server on page 94. d, type the IP address of the DMZ networ Note: The DMZ 8. In the Subnet Mask fi e. 9. Click Apply. A warning message a10. Click OK. A success message a Configuring a WIn addition to the LAN a eless internal network called a WLAN fe@Office 300W. By default, all traffic is allowed from the LAN network to the WLAN network, and no traffic is allowed from the WLAN network to the LAN or DMZ networks. You can easily customize this behavior by creating firewall user rules. For further information, see Using Rules on page 154. By default, access from the WLAN network to Safe@Office Portal (my.firewall and my.vpn) is not allowed. You can enable access from the WLAN to the Safe@Office Portal in either of the following ways: network must not overlap the LAN network. eld, type the DMZ’s internal network rangppears. ppears. LAN Network nd DMZ networks, you can define a wir (wireless LAN) network, when using Sa

Configuring Network Settings Chapter 5: Managing Your Network 105 • In the Management page, select ANY in either the SSH or HTTPS drop-down list. • Create a custom f w rom the WLAN, or from aTo configure a WLAN1. Prepare the appliance d in Network Installation2. Click Network in the . The My Network page3. In the WLAN networThe Edit Network Setire all rule to allow the desired protocols fn IP address in the WLAN. network for a wireless connection as describe on page 40. main menu, and click the My Network tab appears. k's row, click Edit. tings page appears. 4. In the Mode drop-down list, select Enabled. The fields are e5. If desired, enab e Hide NAT. See Enabling/Disabling Hide NAT on page 101. nabled. le or disabl

Configuring Network Settings 106 Check Point Safe@Office User Guide 6. If desired, configure a DHCP server. See Configuring a DHCP Server on page 94. plete the fields using the information in the table below. 7. ComNew fields appear depending on the options you selected. 8. Click Apply. A warning message appears. 9. Click OK. A success message appears. 10. Prepare the wireless clients by doing one of the following:

Configuring Network Settings Chapter 5: Managing Your Network 107 • If you selected the 802.1X or WPA security mode, configure RADIUS servers. g R DIUS Authentication on page 252. • If you selected the WEP security mode, give the WEP key to the lieselec give the passphrase to the wireless i11. The wireless clients' ireless clients and connect thRefer to the wirel See Usin Awireless c• If you nts. ted the WPA-PSK security mode, cl ents. administrators should configure the wem to the WLAN. ess cards' documentation for details. Note: Some wire c" modes. These modes aChoose the "Infrless cards have "Infrastructure" and "Ad-hore also called "Access Point" and "Peer to Peer". astructure" or "Access Point" mode. Note: The must botpurchase ct technicalwireless cards' region and the Safe@Office appliance's region h match the region of the world where you are located. If you d your Safe@Office appliance in a different region, conta support.

Configuring Network Settings 108 Check Point Safe@Office User Guide Table 15: WLAN Settings Fields In this field… Do this… IP Address s default ga wNote: netwoType the IP address of the WLAN network'te ay. The WLAN network must not overlap the LAN rk. Subnet Mask TypeWireless Settings Network Name (SSID) phanumeric characters long and is are located. Warni sult in the vi government regulations. the WLAN’s internal network range. Type the network name (SSID) that identifies your wireless network. It can be up to 32 alcase-sensitive.Country Select the country where young: Choosing an incorrect country may reolation of

Configuring Network Settings Chapter 5: Managing Your Network 109 In this field… Do this… Operation Mode nge and offers a rate of 11 Mbps (in theory). tes a wireless protocol (such as Turbo G), followed by the maximum s is dependent on the selected country. Select an operation mode: • 802.11b (11Mbps) - Operates in the 2.4 GHz ra• 802.11g (54 Mbps) - Operates in the 2.4 GHz range, and offers a rate of 54 Mbps (in theory). Compatible with 802.11b. • Turbo G (108 Mbps) - Operates in the 2.4 GHz range, and offers a rate of 54 Mbps (in theory). Compatible with 802.11b and 802.11g. Each operation mode indicabandwidth (such as 108 Mbps). The list of modeNote: The actual data transfer speed is usually significantly lower than the maximum bandwidth. Important: The client wireless cards must support the selected operation mode.

Configuring Network Settings 110 Check Point Safe@Office User Guide In this field… Do this… Channel Select the radio frequency to use for the wireless dependent on the selected country and connection: • Automatic - The Safe@Office appliance automatically selects a channel. This is the default. • A specific channel - The list of channels is operation mode. Note: If there is another wireless network in the vicinity, the two networks may interfere with one another. To avoid this problem, the networks should be assigned channels that are at least 25 MHz (5 channels) apart.

Configuring Network Settings Chapter 5: Managing Your Network 111 In this field… Do this… Security Select the security protocol to use: your network. This option is not recommended, due to known security flaws. this option, the WEP Keys and you must configure at ents must be configured with this key as well. cation, no encryption ess point in To use this security method, you must servers. See Using RADIUS Authentication. on page 252 • None - No security method is used. This option is not recommended, because it allows unauthorized users to access • WEP encryption - In the WEP (Wired Equivalent Privacy) encryption security method, wireless clients must use a pre-shared key to connect to your network. If you selectarea opens,least one WEP key. The wireless cli• 802.1X: RADIUS authenti- In the 802.1x security method, wireless clients (supplicants) attempting to connect to the acc(authenticator) must first be authenticated by RADIUS servers (authentication servers). All messages are passed EAP (Extensible Authentication Protocol). configure RADIUS

Configuring Network Settings 112 Check Point Safe@Office User Guide In this field… Do this… tion, encryption - Access) egrity Protocol) to enhance data , based on a central ust ing RADIUS Authentication. on page 252 authentication, require an authentication server. WPA-called rekeying. well. • WPA: RADIUS authenticaThe WPA (Wi-Fi Protected security method uses MIC (message integrity check) to ensure the integrity of messages, and TKIP (Temporal Key Intencryption. Furthermore, WPA includes 802.1x and EAP authenticationRADIUS authentication server. To use this security method, you mconfigure RADIUS servers. See Us• WPA-PSK: passwordencryption - The WPA-PSK security mode is a variation of WPA that does not PSK periodically changes and authenticates encryption keys. This is If you select this option, the Passphrase field appears. The wireless clients must be configured with this passphrase as Passphra rase for accessing the network. n 8 and 63 characters. It can pecial characters, and is case-sensitive. Show/Hide AClick to show/hide advanced WLAN settings. se Type the passphThis must be betweecontain spaces and sdvanced Settings The Advanced Security and Wireless Transmitter areas are displayed.

Configuring Network Settings Chapter 5: Managing Your Network 113 In this field… Do this… WEP Keys Kbu64F] key length is 32 characters. Kboey 1, 2, 3, 4 radio tton Click the radio button next to the desired WEP key. Bits:10x[0-9, A- Select the WEP key length from the drop-down list. The possible key lengths are: • 64 Bits - The key length is 10 characters. • 128 Bits - The key length is 26 characters. • 152 Bits - TheNote: Some wireless card vendors call these lengths40/104/128, respectively. ey 1, 2, 3, 4 text x Type the WEP key, or click Random to randomly generate a key matching the selected length. The key is composed of characters 0-9 and A-F, and is not case-sensitive.

Configuring Network Settings 114 Check Point Safe@Office User Guide In this field… Do this… Advanced Security HNide ameSpecify whether you want to hide your network's SSID, k. . Any device within within range can detect products, such as Microsoft Windows XP, and attempt to connect to your network. e discovered using ch as wireless sniffers. Therefore, it is not recommended to rely on this setting alone for security. the Network (SSID) by selecting one of the following: • Yes - Hide the SSID. Only devices to which your SSID is known can connect to your networ• No - Do not hide the SSIDyour network name using the wireless network discovery features of some This is the default. Note: Hiding the SSID does not provide strong security, because your SSID can still bspecialized test equipment su

Configuring Network Settings Chapter 5: Managing Your Network 115 In this field… Do this… MAC Address filtering Specify whether you want to enable MAC address filtering, by selecting one of the following: • Yes - Enable MAC address filtering. Only MAC addresses that you added as network objects can connect to your network. For information on network objects, see Using Network Objects on page 129. • No - Disable MAC address filtering. This is the default. Note: MAC address filtering does not provide strong security, therefore it is not recommended to rely on thissetting alone for security. WireleTransmission Rate Select the transmission rate: • Automatic - The Safe@Office appliance the default. • A specific rate Transmitter Power Select the transmitter power. Setting a higher transmitter power increases the access point's range. A lower power reduces interference with other access points in the vicinity. The default value is Full, providing a maximum range of 300m, under ideal outdoo conditions. It is not other access points in the vicinity. ss Transmitter automatically selects a rate. This isr necessary to change this value, unless there are

Configuring Network Settings 116 Check Point Safe@Office User Guide In this field… Do this… Fragmentation TType the smallest IP packet size (in bytes) that t the IP packet be split into smaller ference, set the threshold to a low value (around 1000), to ghput. et the threshold to a high value (around e overhead. lue is 2346. hreshold requires thafragments. If you are experiencing significant radio interreduce error penalty and increase overall throuOtherwise, s2000), to reducThe default vaRTS Threshold Type the smallest IP packet size for which a cliemust send an RTS (Request To Send)nt before sending d by collisions and failures. RTS ensures that nd the users are distant from one another, set the RTS threshold to a low value (around 500). Setting a value equal to the fragmentation threshold effectively disables RTS. The default value is 2346. the IP packet. If multiple wireless clients are in range of the accesspoint, but not in range of each other, they might sendata to the access point simultaneously, therecausing datathe channel is clear before the each packet is sent.If your network is congested, a

Configuring High Availability Chapter 5: Managing Your Network 117 Configuring High Availability You can install two Safe@Office appliances on your network, one acting as the “Master”, the de uted, and one acting as th ally and transparently ta t your network is consistent ed to the Internet. The Master and Bac have separate IP addresses within the local network. In addition ress, which is the default address is used by t eway, which sends periodic signals, or “heartbeats”, to the net rtbeat has stopped (indicat er of the virtual IP addre e Master gateway is running sumes its roles. Before configuring ust be met: • You must have t• The Safe@Offic ons and firewall rule• The Safe@Officaddresses, and t me subnet. For information on configuring LAN and DMZ addresses, see Configuring Network Settings on page 93. • The LAN ports of the two Safe@Office appliances must be connected via a hub or a switch. You can configure both the LAN network and the DMZ network for High Availability. fault gateway through which all network traffic is roe “Backup”. If the Master fails, the Backup automatickes over all the roles of the Master. This ensures thaly protected by a Safe@Office appliance and connectkup each , the Master and Backup share a single virtual IP addgateway address for the local network. The virtual IPhe Master gatwork. If the Backup gateway detects that the heaing that the Master gateway has failed), it takes ovss and all of the Master gateway’s roles. When thonce again, it reclaims the virtual IP address and reHigh Availability, the following requirements mwo identical Safe@Office appliances. e appliances must have identical firmware versis. e appliances must have different LAN and DMZ IP hey must be located on the sa

Configuring High Availability 118 Check Point Safe@Office User Guide The procedure below explains how to configure High Availability for the LAN network, but can be used to configure High Availability for the DMZ network as well. Note: You in both Safe@Office appliances. The Backup gate will start answering DHCP requests onl can enable the DHCP serverway’s DHCP server y if the Master gateway fails. Note: You can fo Office appliance. You may want to lity is working pro eeds repairs. To force a fail-ov t from the LAN network. To configure High Availability 1. In the Master Saa. Set the appliFor further i 0. b. Configure thrther i NetwoAvailability tarce a fail-over to the Backup Safe@ do this in order to verify that High Availabiperly, or if the Master Safe@Office appliance ner, switch off the primary box or disconnect ife@Office appliance, do the following: ance’s internal IP address. nformation, see Changing IP Addresses on page 10e LAN network range. For fuc. Clicknformation, see Changing IP Addresses on page 100. rk in the main menu, and click the High b.

Configuring High Availability Chapter 5: Managing Your Network 119 The High Availability page appears. d. In the LAN aselect Maste field, type the default gateway IP This can be any unused IP address in the LAN network, and must be the same for both gateways. 2. In the Backup appliance, do the following: ddress. 0. nge to the same range you d in the Master appliance. ation, see Changing IP Addresses on page 100. c. Click in the main menu, and click the High Availability tab. The High Availability page appears. rea, in the High Availability Mode drop-down list, r. e. In the Virtual Router IPaddress. f. Click Apply. A success message appears. a. Set the appliance’s internal IP aFor further information, see Changing IP Addresses on page 10The internal IP address must differ from the Master appliance’s internal IP address. b. Configure the LAN network raconfigureFor further informNetwork

Using Traffic Shaper 120 Check Point Safe@Office User Guide own list, e. In the Virtual Router IP field, type the default gateway IP address. dress you f. Click Apply. Using Td. In the LAN area, in the High Availability Mode drop-dselect Backup. This address must be identical to the Virtual Router IP adspecified when configuring the Master gateway. A success message appears. raffic Shaper er is a bandwTraffic Shap idth management solution that allows you to set bandwidth policies to control the flow of communication. Traffic Shaper dence over less important traffic, so n with minimum disruption, despite Tra y to access and analyze data on layers. This data is used to classify traffic in ality of Service (QoS) classes. Traffic Shaper div e classes according to weight. For Web traffic is deemed three times as important as FTP e services are assigned weights of 30 and 10 respectively. If the lines are congested, Traffic Shaper will maintain the ratio of bandwidth 1. dth, the leftover bandwidth is divided among the remaining classes, in accordance with their relative weights. In the example above, if only one Web and one FTP connection are activ they are competing, the Web connection will receive 75% (30/40) ) ction . ensures that important traffic takes precethat your business can continue to functionetwork congestion. ffic Shaper uses Stateful Inspection technologderived from all communicatiup to eight user-defined Quides available bandwidth among thexample, suppose traffic, and thesallocated to Web traffic and FTP traffic at 3:If a specific class is not using all of its bandwie andof the leftover bandwidth, and the FTP connection will receive 25% (10/40of the leftover bandwidth. If the Web connection closes, the FTP connewill receive 100% of the bandwidth

Using Traffic Shaper Chapter 5: Managing Your Network 121 lass's n nt of bandwidth that connections le a class has reached its banfurtyouspeto a g whether conconTraDifThtheir class. o use T1. EnableYSee Us2. Define Alterna3. c, and you Traffic Shaper allows you to give a class a bandwidth limit. A cba dwidth limit is the maximum amoube onging to that class may use together. Oncdwidth limit, connections belonging to that class will not be allocated her bandwidth, even if there is unused bandwidth available. For example, can limit all traffic used by Peer-To-Peer file-sharing applications to a cific rate, such as 512 kilobit per second. Traffic Shaper also allows you ssign a “Delay Sensitivity” value to a class, indicatinnections belonging to the class should be given precedence over nections belonging to other classes. ffic Shaper supports DiffServ (Differentiated Services) Packet Marking. fServ marks packets as belonging to a certain Quality of Service class. ese packets are then granted priority on the public network according to T raffic Shaper Traffic Shaper for the Internet connection. n enable Traffic Shaper for incoming or outgoing connections. ing Internet Setup on page 66. QoS classes that reflect your communication needs. tively, use the four built-in QoS classes. ou caSee Adding and Editing a Class on page 122. Use Allow rules to assign different types of connections to QoS classes. For example, if Traffic Shaper is enabled for outgoing trafficreate an Allow rule associating all outgoing VPN traffic with the Urgent QoS class, then Traffic Shaper will handle outgoing VPN traffic as specified in the bandwidth policy for the Urgent class. See Adding and Editing Rules on page 157. in the rule. Note: Traffic Shaper must be enabled for the direction of traffic specified

Using Traffic Shaper 122 Check Point Safe@Office User Guide ding and Editing a Class Note: If you do not assign a connection type to a class, Traffic Shaper automatically assigns the connection type to the built-in "Default" class. Ad s To add or edit a QoS clas1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click Add.

Using Traffic Shaper Chapter 5: Managing Your Network 123 f 3: Quality of Service Parameters dialog box displayed. The Safe@Office QoS Class Editor wizard opens, with the Step 1 o 3. Complete the fields using the relevant information in the table l4. iTh Options dialog box appears. be ow. Cl ck Next. e Step 2 of 3: Advanced 5. Complete the fields using the relevant information in the table below. 6. Click Next.

Using Traffic Shaper 124 Check Point Safe@Office User Guide The Step 3 of 3: Save dialog box appears with a summary of the class. 7. Type a name for the class. connections, you can name the class "High Priority Web". ss appears in the Quality of Service Classes page. Table 16: QoS Class Fields In this field… Do this… For example, if you are creating a class for high priority Web 8. Click Finish. The new claRelative Weight Type a value indicating the class's importance relative to the other defined classes. For example, if you assign one class a weight of 100, and you assign another class a weight of 50, the first class will be allocated twice the amount of es are When you complete this field, the Guaranteed Rate field is filled in automatically. bandwidth as the second hen the lincongested. w

Using Traffic Shaper Chapter 5: Managing Your Network 125 In this field… Do this… Guar ndwidth that the class is guaranteed, out of the total amount of bandwidth. s guaranteed rate will nd the second class's guaranteed rate will accurately as for outgoing traffic. This is because enable traffic shaping for incoming traffic only if necessary. For information on enabling Traffic fic, see Using Internet Setup on page 66. anteed Rate The percentage of baFor example, if there are only two classes, and you assign one class a weight of 100 and the other class a weight of 50, the first class'be 66% abe 33%. This field is read-only and is shown for informational purposes. Note: Traffic Shaper may not enforce guaranteed rates and relative weights for incoming traffic asTraffic Shaper cannot control the number or type of packets it receives from the Internet; it can only affect the rate of incoming traffic by dropping received packets. It is therefore recommended to Shaper for incoming and outgoing traf

Using Traffic Shaper 126 Check Point Safe@Office User Guide Do In this field… this… Delay Sensitivity Selethe • Low (Bulk Traffic) - Traffic that is not • • highly sensitive to delay. For example, ick Traf ith a lower latency. That is, Traffic Shaper attempts to senbefoowct the degree of precedence to give this class in transmission queue: sensitive to long delays. For example, SMTP traffic (outgoing email). Medium (Normal Traffic) - Normal traffic High (Interactive Traffic) - Traffic that is IP telephony, videoconferencing, and interactive protocols that require quuser response, such as telnet. fic Shaper serves delay-sensitive traffic wd packets with a "High (Interactive Traffic)" level re packets with a "Medium (Normal Traffic)" or "L (Bulk Traffic)" level. Limit outgoing traffic rate to Sele to limit the rate of outgoing traffic belo ate (in k ovided. ximum rate (in k ) in the field provided. ct this optionnging to this class. Then type the maximum rilobits/second) in the field prLimit incoming traffic rate to Select this option to limit the rate of incoming traffic belonging to this class. Then type the mailobits/second

Using Traffic Shaper Chapter 5: Managing Your Network 127 In this field… Do this… DiffServ Code Point Sele this clasinte hen type the DSCP in the field provided. The marked packets will be given priority on the pubTo use this option, your ISP or private WAN must supvalu r ISP or private WAN administrator. ct this option to mark packets belonging tos with a DiffServ Code Point (DSCP), which is an ger between 0 and 63. Tlic network according to their DSCP. port DiffServ. You can obtain the correct DSCP e from you Deleting Classes You cannot delete a class that is currently used by a rule. You can determine whether a class is in use or not, by viewing the Rules page. To delete an existing QoS class 1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click the icon of the class you wish to delete. 3. Cli Th A confirmation message appears. ck OK. e class is deleted.

Using Traffic Shaper 128 Check Point Safe@Office User Guide Restoring Traffic Shaper Defaults The Safe@Office appliance provides four built-in QoS classes: If desired, you can reset the Traffic Shaper bandwidth policy to use these classes, and restore the classes to their default settings (shown above). Note: This will d If one of the additional classes is currently used by a rule, elete any additional classes u defined in lt class. you cannot reset Traffic Shaper to defaults. You can ine whether a class is in use or not, by viewing the ge. To restore Traffic Shaper defaults 1. Click Network in the main menu, and click the Traffic Shaper tab. The Quality of Service Classes page appears. 2. Click Restore Defaults. A confirmation message appears. 3. Click OK. yoTraffic Shaper and reset all rules to use the DefaudetermRules pa

Using Network Objects Chapter 5: Managing Your Network 129 Using Network Objects You can add individual computers or networks as network objects. This enables you to configure various settings for the computer or network represented by the network object. You can configure the following settings for a network object: • Static NAT (or One-to-One NAT) ranges omputer e network to have its own Internet IP address. For example, a Web server in your network, you can rnet IP address. rity rules. To allow incoming ned Static NAT, you must create an Allow rule. When specifying firewall rules for such hosts, use the host’s ddress, a ternet IP address to which the internal IP address is mapped. For further information, see Using Rules on page Static NAT allows the mapping of Internet IP addresses or addressto hosts inside the internal network. This is useful if you want a cin your privatif you have both a mail server andmap each one to a separate InteStatic NAT rules do not imply any secutraffic to a host for which you defiinternal IP a nd not the In154. Note: Static NAT and Hide NAT can be used together. Note: Safe@Of on Protocol). Whe a computer, th ppliance automatically replies to ARP queries with its ow y enabling communication. As a result, the Static NAT Internet IP addresses appear to external sources to be real computers connected to the WAN interface. fice appliance supports Proxy ARP (Address Resolutin an external source attempts to communicate with suche Safe@Office an MAC address, thereb

Using Network Objects 130 Check Point Safe@Office User Guide • network obj ess to a MAC address e Safe@ P server consistently assigns the same IP dress to a specific @Office DHCP r runs out of IP a down, then the DHCP server may reassign If you want to guara ains constant, you can re ress for use by the computer's MAC address only. This is called vation, and it is useful if you are nt If you are subscribed to SecureDesk, you can choose to disable SecureDesk for a specific computer or network. For example, you might want to disable SecureDesk for a printer with an IP address, or for a ing system that VirusScan does not support. rewall will her the l Assign the Normally, thect's IP addrOffice DHCadserve computer. However, if the Safeddresses and the computer is the IP address to a different computer. ntee that a particular computer's IP address remserve the IP addDHCP reserhosting a public Internet server on your network. • Exclude the network object from SecureDesk enforcemecomputer with an operatIf you disable SecureDesk for a computer or network, the fiallow access from that computer or network, regardless of whetinstalled antivirus software complies with the SecureDesk security leveconditions. Note: To disable SecureDesk f Off. For instructions on setting the security level, see Setting thSecureDesk Security Level on page 186. or all computers, set the security level to e 183. Adding and Editing Network Objects For information on SecureDesk, see Using SecureDesk on page You can add or edit network objects via: • The Network Objects page This page puters and networks. enables you to add both individual com

Using Network Objects Chapter 5: Managing Your Network 131 age network Objects page 1. nd click the Network Objects tab. rk Objects page appears with a list of network objects. • The Active Computers pThis page enables you to add only individual computers as objects. The computer's details are filled in automatically in the wizard.To add or edit a network object via the NetworkClick Network in the main menu, aThe Netwo 2. Do one of the following: • To add a network object, click New. • To edit an existing network object, click Edit next to the desired computer in the list.

Using Network Objects 132 Check Point Safe@Office User Guide The Safe@Office Network Object Wizard opens, with the Step 1: Network Object Type dialog box displayed. 3. Do one of the following: • To specify that the network object should represent a single computer or device, click Single Computer. • To specify that the network object should represent a network, click Network. 4. Click Next. The Step 2: Computer Details dialog box appears. If you chose Single Computer, the dialog box includes the Perform Static NAT option.

Using Network Objects Chapter 5: Managing Your Network 133 If you chose Network, the dialog box does not include this option. 5. Complete the fields using the information in the tables below. The Step 3: Save dialog box appears. 6. Click Next. network object in the field. 7. Type a name for the 8. Click Finish. it a netw e 1. Click Reports in the main menu, and click the Active Computers tab. To add or ed ork object via the Active Computers pag

Using Network Objects 134 Check Point Safe@Office User Guide The Active Computers page appears. If a computer has not yet been added as a network object, the Add button appears next to it. If a computer has already been added as a network object, the Edit button appears next to it. 2. Do one• To • To edit a network object, click Edit next to the desired computer. The Safe@Office Network Object Wizard opens, with the Step 2: Computer Details dialog box displayed. The computer's IP address and MAC address are automatically filled in. 3. Complete the fields using the information in the tables below. 4. Click Next. The Step 3: Save dialog box appears with the network object's name. If you are adding a new network object, this name is the computer's name. 5. To change the network object name, type the desired name in the field. 6. Click Finish. The new object appears in the Network Objects page. of the following: add a network object, click Add next to the desired computer.

Using Network Objects Chapter 5: Managing Your Network 135 T t Fields for a Single Computer In this field…able 17: Network Objec Do this… IP Address Type the IP address of the local computer, or click This Computer to specify your computer. Reserve this IP for use by the following MAC address Select this option to assign the network object's IP address to a MAC address. MAC Address Type the MAC address you want to assign to the network object's IP address, or click This Computer to specify your computer's MAC address. Perform Static NAT (NetwTranslation) Select this option to map the local computer's IP Internet IP address. field. Exter ss to which you want to Exclude from SecenforcemecureDesk for the k on page 183. ork Address address to anYou must then fill in the External IPnal IP Type the Internet IP addremap the local computer's IP address. this computer Select this option to disable SureDesk ent computer. For information on SecureDesk, see Using SecureDes

Using Network Objects 136 Check Point Safe@Office User Guide Table 18: Network Object Fields for a Network In this field… Do this… IP Range Type the range of local computer IP addresses in the network. P(NTr of the same size. en fill in the External IP Range field. External IP Ra e to which you etwork's IP address range. Exclufrom enforhe twork. SecureDesk on page 183. erform Static NAT etwork Address anslation) Select this option to map the network's IP address range to a range of Internet IP addresses You must thnge Type the Internet IP address rangwant to map the nde this network SecureDesk Select this option to disable SecureDesk for tnecement For information on SecureDesk, see Using Viewing and Deleting Network Objects To vie t 1. CliTh2. To llowing: a. w or delete a network objecck Network in the main menu, and click the Network Objects tab. e Network Objects page appears with a list of network objects. delete a network object, do the foIn the desired network object's row, click the Delete icon.

Using Static Routes Chapter 5: Managing Your Network 137 b. Using Static Routes A confirmation message appears. Click OK. The network object is deleted. A sdesanyTo Connection on page 68. Thind dtatic route is a setting that explicitly specifies the route for packets tined for a certain subnet. Packets with a destination that does not match defined static route will be routed to the default gateway. modify the default gateway, see Using a LANe Static Routes page lists all existing routes, including the default, and icates whether each route is currently "Up", or reachable, or not. ding a Static Route A To add a1. C k N the Routes tab. static route etwork in the main menu, and clicklic

Using Static Routes 138 Check Point Safe@Office User Guide The Static Routes page appears, with a listing of existing static routes. 2. Click New Route. The Edit Route page appears. 3. Complete the fields using the information in the table below. 4. Click Apply. The new static route is saved.

Using Static Routes Chapter 5: Managing Your Network 139 Table 1In this 9: Edit Route Page Fields field… Do this… Destination Network Type the network address of the destination network. Subnet Mask Select the subnet mask. Gateway IP Type the IP address of the gateway (next hop router) to which to route the packets destined for this network. Metric Type the static route's metric. The gateway sends a packet to the route that matches the packet's destination and has the lowest metric. Viewing and Editing Static Routes To edit a static route 1. Click Network in the main menu, and click the Routes tab. The Static Routes page appears, with a listing of existing static routes. 2. To edit the route details, do the following: a. In the desired route row, click Edit. The Edit Route page appears displaying the destination network, subnet mask, and gateway IP of the selected route. b. Edit the fields using Edit Route Page Fields on page 139.

Navigation menu