www.astaro.

com

Astaro Security Gateway V7 6. The Internal Network (LAN) Definition

In the Definitions directory,

ASG - Minimum Hardware Requirements:
Pentium 4 (1.5 GHz) or compatible CPU
1024 MB RAM
20 GB IDE/SATA/SCSI hard drive
Bootable CD-ROM drive
open the Networks menu. You
Client - Hard-/Software Requirements: will see 3 “objects” that
1 GHz and 512 MB RAM represent your Internal LAN
Browser: Firefox recommended (based on the Interface config)
(http://www.getfirefox.com/) which can be used to easily
or Microsoft Internet Explorer 6 or 7 make rules and reference your
WebAdmin is running on port 4444 local network throughout ASG.

1. Install the Software 7. Configure the Internet(WAN) Connection

Astaro Security Install the Astaro Security Gateway V7 Software on a Open the Network >> Inter-
Gateway V7 dedicated machine. The installation will completely faces tab and configure the
erase all data on the hard disk including all programs interface to be used to connect
Switch eth0 and the operating system. to the Internet. The choice of
Internal When the install completes, reboot. Once the system interface and the required
Network has rebooted (a process which, depending on settings depend on what kind of
hardware, can take up to five minutes), ping the IP connection you have from your
Admin
Client address of the eth0 interface to ensure it is reachable. ISP.

2. Start your Browser and open the graphical user interface (WebAdmin) 8. Define Masquerading Rules

Open the Network Security >>

Before you can access the graphical user interface (WebAdmin), you will need to con-
NAT >> Masquerading tab and
figure your Client Computer with the LAN connection properties specified during install.
configure a MASQ rule. This is
If needed, you can later change Astaro’s addresses to matches the local network.
required if you wish to use
To change your clients IP address will vary depending on your operating system. For
private IP addresses for your
example: With Microsoft Windows XP the menu can be found under Start-->System
LAN and you wish to connect to
Control-->Network connections.
the Internet using machines in
LAN connection properties: your private space.
IP Address: Any address in the range 192.168.2.1 through
192.168.2.254 (192.168.2.100 excepted)
Netmask: Enter 255.255.255.0 9. Configure the DNS Proxy
Standard Gateway: Enter the IP address of the appliance’s
internal network card (eth0): 192.168.2.100 In the Network >> DNS direc-
DNS Server: Enable this option and enter the IP address of tory, open the Global tab and
the internal network card (eth0): 192.168.2.100 specify the internal networks to
Admin Client use the Astaro Security Gateway
as a DNS resolver.
Once your browser is correctly configured, start it and enter the management address of
the security system (the internal IP address configured for eth0) as follows:
https://IP Address:4444 (e.g., https://192.168.2.100:4444).

3. Enter the Administrator Contact and set the System Passwords 10. Connect other Networks

In the Basic System Setup Astaro Security If you wish to connect other
window, enter the Administrator Gateway V7 eth2 internal networks (e.g., DMZ)
Contact and the passwords for to the Astaro Security Gateway,
Switch eth0
the Astaro Security Gateway. attach their cables now.
Internal Switch
Network
DMZ
Admin
Client

4. Log in to WebAdmin & Complete the Setup Wizard 11. Configure Web Filtering

Username: admin In the Web Security directory,

Password: Password of the open the HTTP menu and enable
WebAdmin user the filter. In Transparent mode it
Please closely follow the wizard isn’t necessary to change
steps to easily setup the Astaro. browser configuration, they will
Optionally, if you’d like to set up be automatically routed through
manually, click cancel and do the Web Filtering. You will also
steps 5-13 in this guide. get usage reports on surfing.

>> The Dashboard 12. Configure the Packet Filter

The Dashboard graphically dis- In the Network Security >>

plays a snapshot of the current Packet Filter directory, open
operating status of the Astaro the Rules tab and establish the
device. packet filtering rules. By default,
Here you can see what you have all packets are filtered until you
enabled, see the hardware explicitly enable certain services.
usage, and see daily figures for A common rule is to allow all
various filters. outgoing traffic.

5. Check/Changes the Internal Network (LAN) Interface (eth0) 13. Updating the Astaro

In the Network >> Interfaces By default, the Firmware and

directory, open the Interfaces Pattern Up2Dates will be down-
tab and check the settings for loaded automatically from the
eth0 network card. Up2Date server. To keep the sys-
These settings can be changed tem safe, please install any
to match your existing network available Firmware Up2Dates
IP setup if desired, just “edit” ASAP to have the latest features
them. and protection patterns.