Вы находитесь на странице: 1из 118

ST O N E G A T E I P S 5 .



, ,
, Stonesoft:
www.stonesoft.com/en/support/eula.html


StoneGate
. -
Stonesoft:
www.stonesoft.com/en/support/third_party_licenses.html


, ,
, . (),
" ",
(DOD Supplement to the Federal Acquisition Regulations -DFAR) 252.227-7013(c) (1).
, ,
52.227-19(c) (2)
(Federal Acquisition Regulations - FAR). , ,
.


, ,
1334/2000 22 2000 .,
( ). ,
Stonesoft .

,
, ,
, Stonesoft:
www.stonesoft.com/en/support/view_support_offering/terms/


- Stonesoft:
www.stonesoft.com/en/support/view_support_offering/return_material_authorization/


- Stonesoft:
www.stonesoft.com/en/support/view_support_offering/terms/


Stonesoft :
1065844, 1189410, 1231538, 1259028, 1271283, 1289183, 1289202, 1304849, 1313290, 1326393,
1379046, 1330095, 131711, 1317937,1443729 6,650,621; 6 856 621; 6,885,633; 6,912,200; 6,996,573;
7,099,284; 7,127,739; 7,130,266; 7,130,305; 7,146,421; 7,162,737; 7,234,166; 7,260,843; 7,280,540; 7,302,480; 7,386,525; 7,406,534;
7,461,401 , . Stonesoft,
Stonesoft StoneGate, Stonesoft Corporation.
.


" " Stonesoft
, , ,
. IP-, ,
.
2010 Stonesoft Corporation. . .

Revision: SGIIG_20101014

Locations . . . . . . . . . . . . . . . . 25

SMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

StoneGate 7

. . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .

8
8
9
9
9
10
10
10
10
10
10

IPS . . . . . 13
StoneGate IPS . . . . . . . . . . . . . .
. . . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . . . . .

(Capture). . . . . . . . . . . . . . . . . . . .
SPAN . . . . . . . . .
TAP . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
IPS . . . . . . . .

14
15
15
15
15
16

. . . . . 31

. . . . . . . . . . . . . . . . . . . . . . . . 32
. . . . . . . . . . . . . . . . . . 32

IPS . . . . . . . . . . . . . . . . . . . . . 34
. . . . . 34
VLAN . . . . . . . . . . 35
IP . . . . . . . . . . . . . . . . 36

IPS. . . . . . . . . . . . . . . . . . . . . . . . . 37

. . . . . . . . . . . . . . . . . . . . . . . . . . . 38
. . . . . 39
. . . . . . . . 40

. . . . . . . . . . . . . . . . . . . . . . . 41
. . . . . 42
Bypassing Traffic on Overload . . . . . . . . . . . . 43
. . . . . . . . . . . . 43
6

16
16
16
16
17
19

IPS .
. . . . . . . . . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . . . . . . . . . . .

20
20
20
21

NAT . . . . . . . . . . . . . . . . 23
NAT . . . . . . . . . . 24
. . . . . . . . . . . . . . . . . 25

45
. . . . . . . . . . . . . . . . . . 46

. . . . . . . . . . . . . . . 46

. . . . . . . . . . . . . . . . 49
7


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
. . . . . . . . . . . . .
Next-hop . .
. . . .
. . . . . . . . .
Strict Policy System
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPS . . . . . . . . . . . . . . .

52
53
54
54
55
57


Intel 61
. . . . . . . . 62
. . . . . . . . . . . . . . . . . 62
. . . . . . . . . . . . . . 62
. . . . . . . . . . . . . . . 62
. . . . . . . . . . 62
CD-ROM . . . . . . . . 14
. . . . . . . . . . . . . . . . . . . . . 63
. . . . . . . . . . . . . . . . . . . . . . . 64

USB flash . . . . . . . 64

. . . . . . . . . . . . . . . . . . . 65

. . . . . . . . . . . . . . . . . . . . . . . . . . . 65
. . . . . . . . 67
Management Server . . . . . . . 68

. . . . . . . . . . . . . . . . . . . . . . 68
Management
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
. . . . . . . . . . . . . . . . . . . . 69

Management Server . . . . . . . . . . . . . . . . . 70

Expert Mode . . . . . . . . . . . . . . . . . . . . . . . . 70
. . . . . . . 70
. . . . . . . . . . . . . . . . . 71

. . . . . . . . . . . . . . . . . . . . . . . . . 75
. . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . .

One Proof Code. . . . . . . . . . . . . . . . . . . . . .

Multiple Proof Codes . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . .
. . . . . . . . . . . .
4

76
77
77
78
78
79
80
81
81

. . . . . . . . . . . . 84
. . . . . . 84
ZIP . . . . . . . . . . . . . 85

. . . . . . . . . . . . . 89
StoneGate . . . . 90
. . . . . . . . . . . . . . . . . . . . 93

. . . . . . . 95
Management Center . . . . . . . . . . . . . . 96
IPS . . . . . . . . . . . . . . . . . . . 98

. . . . . . . . . . . . . 101
. . . . . . . . . . . . . . . . . . .
. . .
. . . . . .
. .
. . . . . . . . . . .
. . . . .
SMC . . . . . . . . . . . . . . . . . . . . . .
DMZ . . . . . . . .
DMZ. . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . .
- . . . . . . . . . . .
. . . . . . . . . .
Log Server . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

102
103
103
104
104
104
104
105
105
105
106
106
106
107


:
StoneGate - 7

STONEGATE

,
StoneGate IPS .
.
:
( 8)
( 9)
( 10).


IPS Installation Guide ,
StoneGate IPS.
IPS.
,
.

:
3.1

(, , )

.

,
.

:
: ,
, . (,
, ),
.

,
.
,
.

, ,
.
8

StoneGate


StoneGate :
. StoneGate
.


a a .
P PDF
Management Center http://www.stonesoft.com/
support/.
Table 3.2


(Reference Guide)

StoneGate.

.
StoneGate Management Center, Firewall/VPN,
StoneGate IPS.


(Installation Guide)

,
StoneGate. StoneGate
Management Center, Firewall/VPN, StoneGate IPS
SOHO .

(Online help)

.
"Help" "Help",
F1 . StoneGate Management
Client, StoneGate Web Portal StoneGate SSL VPN Administrator.


(AdministratorsGuide)'

.
StoneGate Firewall/
VPN StoneGate IPS, a
StoneGate SSL VPN StoneGate IPsec VPN Client.


(UsersGuide)'

.
StoneGate IPsec VPN client StoneGate Web Portal.


(Appliance
Installation Guide)


StoneGate ( ,
..).
StoneGate .


StoneGate
.
StoneGate, .
StoneGate Stonesoft http://
www.stonesoft.com/support/.


StoneGate
: http://www.stonesoft.com/en/products_and_solutions/products/ips/
Software_Solutions/ (. ).
StoneGate,
(Release Notes),

Stonesoft.


,
StoneGate Stonesoft : http://www.stonesoft.com/.


License Center : https://
my.stonesoft.com/managelicense.do.
, order@stonesoft.com.


Stonesoft
StoneGate.
Support : http://www.stonesoft.com/support/.


,
, .

feedback@stonesoft.com.

documentation@stonesoft.com.


info@stonesoft.com.

10

StoneGate

:
IPS - 13
IPS - 19
NAT - 25

11

12

IPS

,
, .
:
StoneGate IPS ( 14)
( 15)
( 15)
( 15)
(Capture) ( 16)

13

StoneGate IPS
StoneGate IPS (Sensors), (Analyzers),
StoneGate Management Center. ,
, .
.
StoneGate:
-: .
.
: 2-16 ,
.
: .
:
IDS ( ):
, ,
.
IPS ( ):
, , , .
,
.

Ethernet (2 ).
StoneGate IPS :
.
fingerprints .
.

.
, , ,
.
.
. ,
, TCP ,
(blacklisting), inline IPS.

StoneGate Management Center (SMC). ,
, SMC. SMC
StoneGate. SMC
. SMC SMC
Reference Guide. IPS IPS
Reference Guide.

14

IPS


StoneGate ,
,
StoneGate. . ( 107).


1. , .
(Capture) ( 16).
2. IPS. . IPS
( 19).
3. NAT
IPS, (Contact Addresses). .
NAT ( 25).
4. Management Client. .
( 33).
5. . .
( 51).
6. .
StoneGate,
Appliance Installation Guide.

Intel ( 67).
7. . .
( 57).
.


, ,
. Reference Guide,
StoneGate.


:
StoneGate IPS.
Intel- . (Hardware
Requirements) http://www.stonesoft.com/en/support/.
VMware. StoneGate IPS ,
, .
(Release Notes) .
. StoneGate IPS
VMWare ESX StoneGate Technical
Documentation.

15

,
Linux, StoneGate,
.


Management Server
. ,
(UTC) Management Server.

(Capture)
,
(SPAN) (TAP).
. . IPS
inline, ,
.
StoneGate IPS,
Stonesoft: http://www.stonesoft.com/support/.

(SPAN)
(SPAN)
.
. ,
.

SPAN . ,
SPAN .

(TAP)
(TAP) - ,
. , .
TAP,
. ,
TAP, .
,
.
, .


inline IPS: , /
, .
,
,
, fail-open
.

16

IPS

, (CAT 5e CAT 6 ).
4.1



.
.
:
,
. ,
. .
:
,
(
), (
). ,
.
4.2 /

100/Full

100/Full

100/Full

1000/Full

17

18

IPS

IPS


.
:
IPS ( 20)
( 20)
( 22)

19

IPS
.
(Management Server)
Management Client. .
Management Server
.
StoneGate.
Management Center. ,
,
.
IPS ,
:
NAT -
, . NAT ( 25).
NAT ,
, . ( 33).


:
1. Stonesoft. .
( 20).
2. Management Client. . ( 22).


Stonesoft (POL)
(POS). (POL)
, (POS), StoneGate.
- .
, ,
.

1. Stonesoft License Center: my.stonesoft.com/managelicense.do.
2. License Identification Submit.
.
3. Register. .
4. IP ,
.
,
Stonesoft. ,
Management Client.

20

IPS

5. Submit Request.
.

.
.

21


,
Management Client.
,
, .
StoneGate
1.
FileSystem
2.

.
,
1. Configuration

Administration.
Administration Configuration.

2.
Licenses
IPS.

22

IPS

K .
Management-bound, ,
.
?
NAT /
, . NAT
( 25).
NAT ,
. .
( 33).

23

24

IPS

NAT

Locations
, NAT /
.
:
NAT ( 26)
Locations ( 27)
SMC ( 29)

25

NAT
NAT ,
IP , .
StoneGate
( 103).
Location StoneGate
NAT. Default Location ,
Location. NAT
, Location,
(Contact Address) ,
.

(Contact address: Default).
Properties .
, , Location
, Location
.
6.1 Locations

Location

Location


Management/

Log Server

, Management Server Log Server


StoneGate .
NAT, :

IP SMC .
, ,
.

StoneGate . ,
IP ,
Management Server .
,
Location, , , StoneGate
Location. Location ,
StoneGate ,
SMC .

26

NAT


, :
1. Location. . Locations ( 27).
2. Management Server Log Server(s). .
SMC ( 29).
3. Location IPS,
. .
( 33).

Locations
Location,
NAT. ,
Location, IP
. IP Properties
Location.
Location
1. Configuration

Administration.
Administration Configuration.

2. Other
Elements.

3.
Locations New Location.
Location Properties.

Locations

27

4. Name.
5. ().
6. Add.
7. 5-6,
,
.
8. OK.
, Location.
?
Management Server Log Server
, . SMC
( 29).

, .
( 33).

28

NAT

SMC
Management Server Log Server
Location. , ,
Multi-Link .
Management Server Log Server.
1.



Properties.

2. Location .
3.
Contact
addresses Default.

IP ,
.
4. Exceptions

Location,
Location
.

, Location,
IP . ,
Location, ,
Location.
, .
?
( 33).

SMC

29

30

NAT

:
- 33
- 51
- 57

31

32

.
Management Client.
Management Center.
:
( 34)
( 34)
IPS
( 39)
IPS ( 42)
( 44)

33


IPS (Sensor)
(Analyser). Management Server.
, IPS
. Management Client.
.
:
. ,
.
.
.
.
Management Center.
Interface ID.
. ,
USB flash , ID
(eth0
Interface ID 0 ..).
,
ID Management Center.


.
.
, -.
?
-,
-
( 35).
,
, .
,
( 36).
,
( 37) ( 38).

34

-
SMC. Online Help Administrators Guide.
-
1.
Configuration

IPS.
IPS
Configuration.

2.
IPS Engines

NewCombined SensorAnalyzer.

3.
Name.
4. Log Server,



,

.
5. Log Server,


.
6. ,
Location (.
NAT
( 25)).
?
. IPS
( 39).

35


.
Online Help Administrators
Guide.

1.
Configuration

IPS.
IPS
Configuration.

2.
IPS Engines

NewAnalyzer.

3.


Name.
4. Log
Server,


,


.
5. ,
Location (.
NAT
( 25)).

?
. IPS
( 39).

36


.
Online Help StoneGate
Administrators Guide.

1.
Configuration

IPS.
IPS
Configuration.

2.
IPS Engines
NewSingle Sensor.

3.

Name.
4. Analyser,

.
5. Log Server.

,
.


.
6. ,
Location (
NAT ( 25)).

?
. IPS
( 39).

37


.
Online Help
Administrators Guide.

1.
Configuration

IPS.
IPS
Configuration.

2.
IPS Engines

NewSensor Cluster.
3.
Name.
4. Analyser,


.
5. Log Server

,
.



.
6. ()
,
Location (.
NAT
( 25)).
?
. IPS
( 39).
38


IPS
IPS
.
,
Management Server.
:
.
.



1.
Interfaces.
2.

New
Physical Interface.
Properties Physical
Interface.

3. Interface ID.
4. (
)
Normal Interface Type.
5. OK.
. ,
.
?
VLAN , .
VLAN ( 40).
, . IP ( 41).

IPS

39

VLAN
VLAN .
4095 VLAN .
VLAN.
VLAN
, . ,
VLAN,
. .
VLAN
1.



NewVLAN Interface.

Interface Properties.

2. VLAN ID (1-4094).
3. OK.
VLAN ID .
VLAN ID VLAN ID
VLAN .
, VLAN
( 4095).
, VLAN
. VLAN InterfaceID.VLAN-ID, 2.100 Interface ID 2 VLAN ID 100.

40

IP
IP
1.

VLAN


NewIP Address.

IP Address Properties.

2. IP
Address IP .

.

3. Netmask.
4. NAT
,
Contact Address
.
, OK,
IP
Address Properties.

IPS

41


1.
Default,
IP
.

Location.
2. ( )
Add,

Location.
3. OK,
Contact Addresses.
4. OK,
IP Address Properties.

IP .
, , ,
Interface ID.

IPS

.

42

1. Options.

Interface Options.

2. Primary Control
Interface
Management Server.
3. ( )
Backup ,
,
.
4. (

) Primary Heartbeat
Interface

.
VLAN .
5. (
)
Backup
Heartbeat Interface.
6. Log/Analyzer communication source IP address (IP
/).

.
-,
Log Server.
7. OK.

. ,
.

IPS

43

IPS . :
(capture interface)

inline .
inline
.
, inline
. ,
, en (reset interface).
TCP ICMP destination unreachable,
. ,
,
VLAN.
, .
.
,
(
( inline ).
?
inline
, ,
, . ( 45).
,
.
( 46).
,
( 47).
inline ,
( 48).

44


IPS
. StoneGate .

VLAN .
.
IPS Strict Template IPS System Template
.

1.
Configuration

IPS.
IPS
Configuration.

2. Other
Elements.

3.
Logical Interfaces
New Logical Interface.
Logical
Interface Properties.

4.
Name.
5. ( )
VLAN

inline ,
View interface as one
LAN, ,

,

VLAN

SPAN.
6. OK.

45

.
?
,
.
( 46).
,
( 47).
inline ,
( 48).


TCP ICMP
destination unreachable,
, .
VLAN- , VLAN .
, ,
VLAN .
,
, .
IP MAC ,
.
,
IP .

1.
New Physical Interface.
Physical Interface
Properties.

2. Interface ID.
3. Normal
Interface Type.
4. OK.
. ,
,
, , .

46


,
.
.
, .
,
.
SPAN TAP,
. , .
(Capture) ( 16) ( 13).

1.
New
Physical Interface.
Properties
.

2. Interface ID.
3. Capture Interface Type.
4. ( ) TCP
Reset Interface
.
5. Logical Interface, Select
.
6. OK.

,
.
?
inline ,
( 48).
, , k
Interface ID OK, Properties.

47

inline
. inline
,
.
, . ,
.
Inline ( )
. IPS
, .
fail-open ,
.
, fail-open ,
. USB flash ,
. . /
USB flash ( 70)
.
inline

1.
New Physical Interface.
Physical
Interface Properties.

2. Interface ID.
3. Inline Interface Type.
4. ()
Second Interface ID.
5. Inspect Unspecified
VLANs, ,
VLAN-,
.
6.
Logical Interface Default_Eth, Select
.
7. OK.
, inline .
, ,
Interface ID OK, .

48

No.

?

. . ( 51).

49

50


Management Center
.
:
( 52)

( 53)

( 56)

51


Management Client,
.
:
1. Management Client. .
( 53).
2. .
.
( 56).




,
" " Management Server.
" "
Management Server. :

.
USB flash ,
.
USB flash ,
.
.

StoneGate .

52


1. IPS Engines.
IPS.

2.
Save Initial Configuration. Initial
Configuration.
?
, .
( 54).
,
. ( 55).

53


1. ( ) ,
Management Server SSL Fingerprint. fingerprint
Management
Server.

2. , One-Time Password
. ,
.
3. ( )
, SSH (Local Time
Zone) (Keyboard Layout).
4. , Save As
USB flash .
5. Close.
?
.
( 56).

54


1. ( ) SSH,
.
2. .

1
3

3. Save As USB flash ,


.
4. Close.
, SSH
Management Client. SSH
. ,
Management Server , .

(UTC), .
(UTC),
Management Server.
,
.
,
, "
" Management Server.

55

StoneGate.
.
?

StoneGate, Appliance Installation Guide.
, ,
(.
( 57) Online Help
Administrators Guide.
. . .
Intel ( 67)

56

" "
Management Server.
. .
Management Client.
:
( 58)
Strict Policy System Policy ( 61)

57


StoneGate, Management Client.

. .
(inline) ;
, .
,
:
. IP
, .
,
, .
:
Network: IP .
Router: ,
.
,
, ,
.
ConfigurationRouting.

1. IPS,
.

2. Routing. Routing
.

Routing. ,
.

58

3. ,
.

.
. ,
, .
, , Routing.

Next-hop
StoneGate IPS, Management
Center (Management Servers Log Servers)
. ,
,
.
, Router,
, .

1. Networks
NewRouter. Router Properties.

59

2. IP Router.
?
, .
( 60).
, .
( 61).



Router New
Any Network.

( , Any Network).
?
, . .
, . Strict Policy System Policy
( 61).

60



1. Router New
Network. Network Properties.

2. Name .
, (Networks) Router.

, IPS .

Strict Policy System Policy


,
IPS. IPS - Strict Policy System
Policy. , , IPS.
, . Strict Policy
System Policy ,
. Online Help
Administrators Guide. Strict Policy, IPS Strict Template, System Policy, IPS System
Template . IPS Reference Guide
.
, ,
, .
.

Strict Policy System Policy

61

Strict Policy System Policy


1. Configuration IPS.
IPS Configuration, IPS
Policies.
11

2. Strict Policy System Policy


Install Policy. Policy Upload Task Properties.
Strict Policy System Policy ,
Terminate Analyzer-only Situation.
Unsupported Definitions ,
.

3. () .
4. Add. Target .

62

5. OK. ,
.

6. , .
, ,
, .

IPS
, .
,
.

Strict Policy System Policy

63


1. IPS Engines.

2. Status. ,
Info, .
3. Commands, /
. .
.
.

. , Online Help
Administrators Guide, StoneGate
Getting Started.

64

:
Intel - 67

65

66

1 0



I NTEL

StoneGate IPS Intel ,
Intel.
:
( 68)
( 68)
( 69)
/ ( 70)
/ Expert Mode ( 77)

67


StoneGate
.
Appliance Installation Guide,
.

. Management
Center IPS .
, -
, .
, Automatic Power Management (APM)
Advanced Configuration and Power Interface (ACPI) BIOS.
,
.
StoneGate IPS.
.


1. Stonesoft, .
( 68), .
2. , .
( 69).
3.
Management Server. . / ( 70).
?
, .
( 69).
, .
.



1. Stonesoft Downloads: https://my.stonesoft.com/download.
2. .iso .

68

10

Intel


, StoneGate
, , .

. MD5 SHA-1.
-
Stonesoft, .
Windows MD5 SHA-1 .
.
- MD5 SHA-1,
:
1. - https://my.stonesoft.com/
download/.
2. , (), .
3. - md5sum
sha1sum filename, filename - .

filename

4. .
.

-. ,
Stonesoft
.

CD-ROM
, ,
,
CD, .iso .
.iso ,
.


, ,
.
" "
.
Management Center. .
( 52).
, .
.
StoneGate .

69

StoneGate
1. StoneGate (StoneGate
Firewall) .
.
2. YES ,
.

3. :
2 : Full Install Full Install in expert mode.
1, Full Install.
2, Full Install in expert mode,
, /
Expert Mode ( 77).
4. :
, 1 .
, 2 .
5. YES ,
. .
,
.
. / USB
flash .
,
, .
. .
/ ( 71).

/
/
USB flash
StoneGate.

USB flash . ,
, ,
.

70

10

Intel

, ID
: Physical Interface ID 0
eth0, Physical Interface ID 1 eth1, .

,
Management Client ,
. Online Help
StoneGate Administrators Guide.
USB flash :
1. , ,
, Serial .
2. USB flash .
3. ,
. ,
USB flash , " "
Management Server.
, ,
(sg_autoconfig.log), USB flash ,
.
connection refused, , IP
.
,
.
?
.
( 77).

USB flash (.
( 51)),
.

71


, Import
. ,
Next . .
( 72).


1. Floppy Disk USB Memory .

2. , .
3. Next , .



1. Keyboard Layout .
Select Keyboard Layout.

2. .
, .
,
, US_English.

72

10

Intel


1. Local Timezone .

2. .

.
(UTC).
.

1. .
2. (root).
, .

3. ( ) Enable SSH Daemon ,



SSH .
,
SSH,
SSH .
4. Next . Configure
Network Interfaces.


.
. ,
autodetect, .

73


Autodetect .

1
, .
?
, . .
( 75)
, .
(interface ID).
(interface ID)
1. ID,
.

2. / ,
, Media ENTER.
Sniff, .
Sniff , .
3. ( , ) Initial Bypass
, -
initial bypass soft-bypass,
.
initial bypass , IPS,

(Normal mode).
(initial bypass) IPS ,
IPS.
(Initial
bypass mode),
(Bypass mode).
, 1 soft-bypass 2.

74

10

Intel

4. Mgmt ,
.
,
Management Center
.
5. Next , .
?
. (Management
Server) ( 75).

1. Add .

1
2. ,
.
, ,
.


(Management Server)
Prepare for Management Contact.
, .


Management Server,
.
,
.

1. Switch Node to Initial Configuration .
1

2. .
(Primary Control IP Address).

75

, Gateway to management
.
IPS. ,
IPS Management Client.


, "
" .
- , .
( 51).
Management Server
1. Contact Contact at Reboot .

2. IP .
3. () Key fingerprint,
. .

"
" Management Server. " ",
Management Center
. ,
" "
.


, : ,
-.
Management Client.

1. .

2. Finish .
" " Management
Server.

76

10

Intel

connection refused, ,
IP .
, ,
.
/ Management Server Log Server
, ,
.
. ( 103),
.
,
sg-reconfigure.


,
, .
Management Client Unknown No Policy Installed,
Connected, ,
.
?
, .
( 57).

/ Expert Mode
, (
( 68)).
Expert Mode ,
Expert Mode .
Linux,
.
,
reboot, halt, .
init. Management
Client.


, StoneGate ,
. . ,
, .
.

1. , y.
/ Expert Mode

77

2. , . .
3. :
10.1

Engine root A

Engine root B

Swap

Data

Linux

200 MB


StoneGate IPS.

Linux

200 MB


StoneGate IPS.


Linux


StoneGate IPS.

Linux

500 MB

Linux

Spool

4. , .
5. Write, , yes.
6. Quit .


, StoneGate IPS.

1. , . yes .
2. ,
. :
engine root A, 1.
engine root B, 2.
swap, 5.
data, 6.
spool, 7.
78

10

Intel

3. yes, .
.
4. ,
, .
?
, . /
( 70).

/ Expert Mode

79

80

10

Intel


:
- 83

79

80

11

IPS.
, .
:
( 84)
( 86)
( 91)
( 93)

83

- .
.
, Management Client.
, .
.
.
,
. ,

. .
, ,
, .
(, ..)
.
,
.
.

, Management Center .
Management Center
.
Management Center. . Release Notes
.
, , ,
. ,
. ,
.
, System Status.
General Info.
, ViewInfo.
, (Release Notes)
, :
http://www.stonesoft.com/en/support/technical_support_and_documents.

84

11


:
1. ( )
(.
( 85)).
2. ( )
, CD,
.iso .
3. ( ) (.
( 86)).
4. . ,
, (.
( 91) ( 93)).


,
, ,
MD5 SHA-1. Windows
MD5 SHA-1,
.

1. : www.stonesoft.com/download/.
:
.zip
.
USB flash .
.iso
.
2. , , .
3. - md5sum filename sha1sum
filename, filename .

$ md5sum sg_engine_1.0.0.1000.iso
869aecd7dc39321aa2e0cfaf7fafdb8f sg_engine_1.0.0.1000.iso
4. - .
. ,
Stonesoft
.
ZIP
1. Management Client
FileImportImport Engine Upgrades.

85

2. (sg_engine_version_platform.zip) Import.
.
, Management Client.
ZIP
USB flash CD .
ISO
,
CD, .iso .
.iso ,
.
?
, , .
. ( 91),
( 93).
,
.


StoneGate, ,
StoneGate .
, (,
1.2.3 1.2.4). ,
(, 1.2.3 1.3.0).
, .
Stonesoft.
?
, , .
. ( 91),
( 93).
,
One Proof Code ( 86).
,
Multiple Proof Codes ( 87).

One Proof Code


, POL,
.
multi-upgrade, (.
Multiple Proof Codes ( 87)).

86

11


1. Stonesoft License Center: www.stonesoft.com/license/.
2. POL License Identification Submit.
.
3. Update. .
4. , .
.
?
. ( 88).

Multiple Proof Codes


POL,
.

1.
ConfigurationConfigurationAdministratio
n . Administration
Configuration.

2.
Licenses IPS.

87

3. Ctrl Shift ,
.
4.

Export License Info.
5. ,
. .

6. ( )
Yes,
- multiupgrade
Stonesoft License Center.
, Stonesoft License Center
multi-upgrade. .
StoneSoft,
License
Center.


Management Client.

88

11

StoneGate

1. FileSystem
Tools
Install Licenses.
2.
,
.
.


, .
.

89


1.
ConfigurationConfigurationAdministratio
n. Administration Configuration.

2.
Licenses IPS.
.

.
?
,
( 91).
, .
( 93).

90

11


.
, .
(ask) ,
Online Help.
, , ,
. ,
.

1.
Configuration

IPS. IPS
Configuration.

2. IPS
Engines.

3. ( )
,

Commands Go Offline.

91

3.

ConfigurationUpgrade
Software.

4. ,

,

.
5.
,
.

6. Engine
Upgrade ,
.
7. OK.
, . ,
,
. Abort, .
, ,
.
,
.
StoneGate
.

92

11

, . ,
. ,
. .
, sg-toggle-active,
. . ( 95)
.
?
.


, ,
, serial
.
, ,
.
?

StoneGate,
.
.zip USB flash CD ,
. ZIP ( 94).


StoneGate .
.iso-, Stonesoft
.

1. ( ) root,
. Management Client.
2. .
3. reboot ()
, .
.

4. 1, ,
. .

93

5. , ,
.
, , ,
. / ( 71).
6. , Management
Client CommandsGo Online.
sg-cluster online.
.
,
, . StoneGate
.
, .
. ,
. .
, sg-toggle-active,
.
. ( 95).
?
.

ZIP
, .zip
,
.

1. () root
. Management Client.
2. USB flash CD
3. sg-reconfigure. .
4. Upgrade .

5. , .
6. ( ) Calculate SHA1, -.
. -
- .zip .
-.
Cancel, - - -
Stonesoft, .
94

11

7. OK. .
8. , . .
, . ,
. ,
. .
, sg-toggle-active,
.
( 95).
?
.

95

96

11


:
- 95
- 103
- 107

93

94

1 2


StoneGate IPS.
Administrators Guide Online Help Management Client.
:
StoneGate ( 96)
( 101)

95

StoneGate
StoneGate
.
, . Administrators
Guide Online Help Management Client.

96

12

12.1 StoneGate

sg-blacklist
show [-v] [-f FILENAME] |
add [
[-i FILENAME] |
[src IP_ADDRESS/MASK]
[dst IP_ADDRESS/MASK]
[proto {tcp|udp|icmp|NUM}]
[srcport PORT{-PORT}]
[dstport PORT{-PORT}]
[duration NUM]
]|
del [
[-i FILENAME] |
[src IP_ADDRESS/MASK]
[dst IP_ADDRESS/MASK]
[proto {tcp|udp|icmp|NUM}]
[srcport PORT{-PORT}]
[dstport PORT{-PORT}]
[duration NUM]
]|
iddel NODE_ID ID |

:
show
: engine node ID | blacklist entry ID | (internal) | entry
creation time | (internal) | address and port match | originally set
duration | (internal) | (internal). -f,
(/data/
blacklist/db_<number>). -v
.
add .
-i,
.
del .
(. ) i, .
iddel NODE_ID ID
. NODE_ID - , ID ( show).
flush .
/ :
.
.
;
.
src IP_ADDRESS/MASK IP
. IP
.
dst IP_ADDRESS/MASK IP
. IP
.
proto {tcp|udp|icmp|NUM}
.
IP .
srcport PORT[-PORT] TCP/UDP
.
.
dstport PORT[-PORT] TCP/UDP
.
.
duration NUM ,
. 0, ,
.
:
sg-blacklist add src 192.168.0.2/32 proto tcp
dstport 80 duration 60
sg-blacklist add -i myblacklist.txt
sg-blacklist del dst 192.168.1.0/24 proto 47

StoneGate

97

12.1 StoneGate ()

sg-bootconfig
[--primary-console=tty0|ttyS
PORT,SPEED]
[--secondary-console=
[tty0|ttyS PORT,SPEED]]
[--flavor=up|smp]
[--initrd=yes|no]
[--crashdump=yes|no|Y@X]
[--append=kernel options]
[--help]
apply


.
--primary-console=tty0|ttyS PORT,SPEED
.
--secondary-console= [tty0|ttyS PORT,SPEED]

.
--flavor=up|smp [-kdb]
.
--initrd=yes|no , Ramdisk
.
--crashdump=yes|no|Y@X
,
(Y).
24M. X 16M.
--append=kernel options
, .
--help
.
apply
.

sg-clear-all

,
StoneGate .
. serial
, .

sg-contact-mgmt

" "
Management Server,
(. sg-reconfigure ).
Management Server
,
.

98

12

12.1 StoneGate ()

sg-logger
-f FACILITY_NUMBER
-t TYPE_NUMBER
[-e EVENT_NUMBER]
[-i "INFO_STRING"]
[-s]
[-h]


.
-f FACILITY_NUMBER
.
-t TYPE_NUMBER
.
-e EVENT_NUMBER
. 0
(H2A_LOG_EVENT_UNDEFINED).
-i "INFO_STRING"
.
-s
stdout
-h .

sg-raid
[-status] [-add] [-re-add] [-force]
[-help]


StoneGate.
StoneGate, RAID (Redundant Array of
Independent Disks -
) .
-status .
-add .
-add -force,
,
.
-re-add ,
.
.
-re-add -force,
.
-help .

sg-reconfigure
[--boot]
[--no-shutdown]

.
--boot .
,
.
--no-shutdown
.

.

sg-status [-l] [-h]

.
-l
.
-h .

StoneGate

99

12.1 StoneGate ()

sg-toggle-active SHA1 SIZE |


--force [--debug]

.
.
,

.
, .
.
,
/var/run/stonegate (ls-l /var/run/
stonegate.
SHA1 SIZE
, ,
. ,
- -

sg_engine_[version.build]_i386.zip.
--debug .
--force
.

sg-version

sginfo
[-f] [-d] [-s] [-p] [--] [--help]

,
Stonesoft support,
. ,
Stonesoft support
.
-f sgInfo ,
.
-d sgInfo.
-s slapcat sgInfo.
-p sgInfo (
).
sgInfo .
--help .

100

12



, StoneGate.
Ctrl+c.
12.2

dmesg

. -h,
.

halt

ip

IP-.
, . :
ip addr, .

ping

ICMP .
, .

ps

reboot

. ,
. ,
.

scp

. ,
.

sftp

FTP ( ).
, .

ssh

SSH ( ).
, .

tcpdump

. -h,
.

top

,
. -h
.

101

102

12

1 3

StoneGate
, StoneGate .
:
Management Center ( 104)
IPS ( 106)

103

Management Center
,
Management Center (SMC) SMC .
1.
.1 SMC
LDAP-

Stonesoft

Log
Server

TCP:
3020
8916
8917

TCP:
443

TCP:
389

RADIUS-

Management
Server

Web Portal
Server

UDP:
1812

Management Server

TCP:
8902-8913
8916
8917

TCP:
8903
8907

TCP:
8902-8913

+ 3021
TCP, UDP:

(
162/5162
514/5514
)
Win/Linux)
UDP:
161
, SMC
. .

. SMC
, .
.1 Management Center

DNS-

53/UDP,
53 TCP

Management
Client,
Management
Server, Log Server

DNS.

DNS (UDP)

LDAP-

389/TCP

Management
Server

LDAP
/
Management Client.

LDAP (TCP)

104

13

.1 Management Center

Log Server

162/UDP,
5162/UDP

SNMPv1
.
Windows
162, Linux 5162.

SNMP (UDP)

Log Server

514/TCP,
514/UDP,
5514/TCP,
5514/UDP

Syslog
.
514
Windows, 5514 Linux.

Syslog (UDP)
[Partial match]

Log Server

3020/TCP

Log Server,
Web Portal Server

SG Log

Log Server

8914-8918/
TCP

Management
Client

SG Data Browsing

Log Server

8916-8917/
TCP

Web Portal Server

SG Data Browsing
(Web Portal Server)

Management
Server

3021/TCP

Log Server, Web


Portal Server

/
.

SG Log Initial
Contact

Management
Server

8902-8913/
TCP

Management
Client, Log Server,
Web Portal Server

SG Control

161/UDP

Log Server

SNMP
IP .

SNMP (UDP)

Management
Server

8903, 8907/
TCP

Management
Server

(pull)
Management Server.

SG Control

RADIUS
(Authentication)

RADIUS

1812/UDP

Management
Server

RADIUS

.


RADIUS .

Management
Server

89028913/TCP

Management
Server

(push)
Management Server.

SG Control

Stonesoft

443/TCP

Management
Server

, ,
update.stonesoft.com
smc.stonesoft.com.

HTTPS

Management Center

105

.1 Management Center

Syslog

514/UDP, ,
5514/UDP


syslog.

LogServerConfiguration.txt.

Log Server

Syslog (UDP)
[Partial match]

IPS
,
IPS SMC .
1.
.2 IPS

Log Server
TCP:
3020

TCP:
18890

TCP:
4950
18888

Management
Server

TCP:
4950
18889

TCP:
3002
3003
3010
UDP:
3000
3001

TCP:
3021
3023

, IPS StoneGate
. .
.
.2 IPS ()

514/UDP

Syslog

Syslog,
.

Syslog (UDP)

4950/TCP

Management
Server

SG RemoteUpgrade

106

13

.2 IPS ()

18889

Management
Server

SG Commands
(Analyzer)

18890/TCP

,
.

SG Event Transfer

BrightCloud

2316/TCP


BrightCloud.

BrightCloud
update

SG Log

Log Server

3020/TCP


;

;
, ,
.

Management
Server

3021/TCP

/

( ).

SG Initial Contact

Management
Server

3023/TCP


().

SG Reverse
Monitoring

3000-3001/
UDP
3002,3003,
3010/TCP

SG State Sync
(Multicast), SG
State Sync
(Unicast), SG Data
Sync

4950/TCP

Management
Server

SG Remote
Upgrade

18888/TCP

Management
Server

SG Commands
(Sensor)

15000/TCP

Management
Server,
,

SG Blacklisting

107

108

13

1 4

StoneGate ,
IPS.
.
:
( 108)
( 109)
( 110)
DMZ ( 111)
( 112)

107


:
.
(DMZ) .
- .
:
.
- .
, .
14.1.
. IPS Reference Guide
StoneGate IPS.
14.1


DMZ

172.16.1.0/24

192.168.1.0/24

192.168.10.0/24

108

14

172.16.1.0/24


14.2
10.42.1.42

10.42.1.41

SPAN

1
172.16.1.42

172.16.1.1

172.16.1.41


,
, .
: 1 2.
14.1


SPAN -
. SPAN .

.
.

-
. IP 1 - 172.16.1.41 2 172.16.1.42.
Normal
Management Server, ,
TCP.

. 1
IP- 10.42.1.41, 2 IP- 10.42.1.42.

109


14.3
Management Server
192.168.10.200

192.168.10.1

192.168.10.61

212.20.1.254

HQ Log Server
192.168.10.201


DMZ
,
.
14.2


IP- 192.168.10.61.

, ,
, IP
.


NAT
. IP
:
Internal: 192.168.10.1
External: 212.20.1.254

110

14


14.3 SMC

SMC

Management
Server

Management Server IP
192.168.10.200. Management Server ,
, StoneGate IPS
.

HQ Log Server

IP
192.168.10.201.
.

DMZ
14.4 DMZ
192.168.1.41
DMZ


192.168.1.1

DMZ
, DMZ DMZ -
inline .
14.4

DMZ DMZ.
inline .

DMZ IP
192.168.1.41.
,
, TCP.

DMZ

111


14.5
172.16.2.41

212.20.2.254

172.16.2.1

Log Server

172.16.2.201

-
, - -
- (inline).
14.5 -

-
.

.

- normal ,
IP 172.16.2.41.

,
, TCP ().


NAT
. IP :
Internal (): 172.16.2.1
External (): 212.20.2.254

Log Server
,
IP 172.16.2.201.
- .

112

14