Résumé du contenu de la page N° 1
ADMINISTRATION
GUIDE
Cisco Small Business
ISA500 Series Integrated Security Appliances
(ISA550, ISA550W, ISA570, ISA570W)
Résumé du contenu de la page N° 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2013 Cisco Systems, Inc. All rights reserved. 78-20776-03
Résumé du contenu de la page N° 3
Federal Communication Commission Interference Statement (For ISA570 and ISA570W) This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruc
Résumé du contenu de la page N° 4
The availability of some specific channels and/or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user. Industry Canada statement: This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, includ
Résumé du contenu de la page N° 5
Conformément à la réglementation d'Industrie Canada, le présent émetteur radio peutfonctionner avec une antenne d'un type et d'un gain maximal (ou inférieur) approuvé pourl'émetteur par Industrie Canada. Dans le but de réduire les risques de brouillage radioélectriqueà l'intention des autres utilisateurs, il faut choisir le type d'antenne et son gain de sorte que lapuissance isotrope rayonnée équivalente (p.i.r.e.) ne dépasse pas l'intensité nécessaire àl'établissement d'une communication s
Résumé du contenu de la page N° 6
Contents Chapter 1: Getting Started 19 Introduction 20 Product Overview 21 Front Panel 21 Back Panel 23 Getting Started with the Configuration Utility 25 Logging in to the Configuration Utility 26 Navigating Through the Configuration Utility 27 Using the Help System 28 Configuration Utility Icons 28 Factory Default Settings 30 Default Settings of Key Features 30 Restoring the Factory Default Settings 31 Performing Basic Configuration Tasks 32 Changing the Default Administrator Password 32 Upgr
Résumé du contenu de la page N° 7
Contents Configuring DMZ Services 45 Configuring Wireless Radio Settings 47 Configuring Intranet WLAN Access 48 Configure Security Services 49 Viewing Configuration Summary 50 Using the Dual WAN Wizard to Configure WAN Redundancy Settings 51 Starting the Dual WAN Wizard 51 Configuring a Configurable Port as a Secondary WAN Port 51 Configuring the Primary WAN 52 Configuring the Secondary WAN 52 Configuring WAN Redundancy 52 Configuring Network Failure Detection 53 Viewing Configuration Summary
Résumé du contenu de la page N° 8
Contents Configuring Transform Policies 69 Configuring Local and Remote Networks 70 Viewing Configuration Summary 70 Using the DMZ Wizard to Configure DMZ Settings 71 Starting the DMZ Wizard 71 Configuring DDNS Profiles 71 Configuring DMZ Network 72 Configuring DMZ Services 74 Viewing Configuration Summary 76 Using the Wireless Wizard (for ISA550W and ISA570W only) 76 Starting the Wireless Wizard 76 Configuring Wireless Radio Settings 76 Configuring Wireless Connectivity Types 77 Specify Wirel
Résumé du contenu de la page N° 9
Contents NAT Status 100 VPN Status 101 IPsec VPN Status 101 SSL VPN Status 103 Active User Sessions 105 Security Services Reports 106 Web Security Report 106 Anti-Virus Report 107 Email Security Report 108 Network Reputation Report 109 IPS Report 110 Application Control Report 111 System Status 112 Processes 112 Resource Utilization 113 Chapter 4: Networking 115 Viewing Network Status 116 Configuring IPv4 or IPv6 Routing 116 Managing Ports 116 Viewing Status of Physical Interfaces 117 Configur
Résumé du contenu de la page N° 10
Contents Configuring DMZ 141 Configuring Zones 146 Security Levels for Zones 146 Predefined Zones 147 Configuring Zones 147 Configuring DHCP Reserved IPs 149 Configuring Routing 149 Viewing the Routing Table 150 Configuring Routing Mode 150 Configuring Static Routing 151 Configuring Dynamic Routing - RIP 152 Configuring Policy-Based Routing 153 Configuring Quality of Service 155 General QoS Settings 155 Configuring WAN QoS 156 Managing WAN Bandwidth for Upstream Traffic 156 Configuring WAN Que
Résumé du contenu de la page N° 11
Contents Configuring IGMP 172 Configuring VRRP 173 Address Management 175 Configuring Addresses 175 Configuring Address Groups 176 Service Management 177 Configuring Services 177 Configuring Service Groups 178 Configuring Captive Portal 179 Requirements 179 Before You Begin 180 VLAN Setup 180 Wireless Setup 181 User Authentication 181 Configuring a Captive Portal 181 Troubleshooting 185 Using External Web-Hosted CGI Scripts 186 CGI Source Code Example: No Authentication and Accept Button 195 R
Résumé du contenu de la page N° 12
Contents Requirements 222 Before You Begin 222 VLAN Setup 222 Wireless Setup 223 User Authentication 223 Configuring a Captive Portal 223 Troubleshooting 227 Using External Web-Hosted CGI Scripts 228 CGI Source Code Example: No Authentication and Accept Button 237 Related Information 246 Configuring Wireless Rogue AP Detection 247 Advanced Radio Settings 248 Chapter 6: Firewall 251 Configuring Firewall Rules to Control Inbound and Outbound Traffic 252 About Security Zones 252 Default Firewall
Résumé du contenu de la page N° 13
Contents Configuring an Advanced NAT Rule to Support NAT Hairpinning 272 Firewall and NAT Rule Configuration Examples 274 Allowing Inbound Traffic Using the WAN IP Address 274 Allowing Inbound Traffic Using a Public IP Address 276 Allowing Inbound Traffic from Specified Range of Outside Hosts 279 Blocking Outbound Traffic by Schedule and IP Address Range 280 Blocking Outbound Traffic to an Offsite Mail Server 280 Configuring Content Filtering to Control Internet Access 281 Configuring Content
Résumé du contenu de la page N° 14
Contents Configuring Advanced Anti-Virus Settings 306 Configuring HTTP Notification 307 Configuring Email Notification 307 Updating Anti-Virus Signatures 308 Configuring Application Control 309 Configuring Application Control Policies 310 General Application Control Policy Settings 310 Adding an Application Control Policy 311 Permitting or Blocking Traffic for all Applications in a Category 312 Permitting or Blocking Traffic for an Application 313 General Application Control Settings 314 Enabl
Résumé du contenu de la page N° 15
Contents Configuration Tasks to Establish a Site-to-Site VPN Tunnel 341 General Site-to-Site VPN Settings 341 Configuring IPsec VPN Policies 343 Configuring IKE Policies 349 Configuring Transform Sets 351 Remote Teleworker Configuration Examples 352 Configuring IPsec Remote Access 355 Cisco VPN Client Compatibility 356 Enabling IPsec Remote Access 357 Configuring IPsec Remote Access Group Policies 357 Allowing IPsec Remote VPN Clients to Access the Internet 360 Configuring Teleworker VPN Clien
Résumé du contenu de la page N° 16
Contents Chapter 9: User Management 388 Viewing Active User Sessions 388 Configuring Users and User Groups 389 Default User and User Group 389 Available Services for User Groups 389 Preempt Administrators 390 Configuring Local Users 390 Configuring Local User Groups 391 Configuring User Authentication Settings 393 Using Local Database for User Authentication 394 Using RADIUS Server for User Authentication 394 Using Local Database and RADIUS Server for User Authentication 397 Using LDAP for Use
Résumé du contenu de la page N° 17
Contents Generating New Certificate Signing Requests 422 Importing Signed Certificate for CSR from Your Local PC 423 Configuring Cisco Services and Support Settings 424 Configuring Cisco.com Account 424 Configuring Cisco OnPlus 425 Configuring Remote Support Settings 426 Sending Contents for System Diagnosis 426 Configuring System Time 427 Configuring Device Properties 428 Diagnostic Utilities 428 Ping 429 Traceroute 429 DNS Lookup 430 Packet Capture 430 Device Discovery Protocols 430 UPnP Dis
Résumé du contenu de la page N° 18
Contents Configuring Log Facilities 447 Rebooting and Resetting the Device 448 Restoring the Factory Default Settings 448 Rebooting the Security Appliance 449 Configuring Schedules 449 Appendix A: Troubleshooting 453 Internet Connection 453 Date and Time 456 Pinging to Test LAN Connectivity 457 Testing the LAN Path from Your PC to Your Security Appliance 457 Testing the LAN Path from Your PC to a Remote Device 458 Appendix B: Technical Specifications and Environmental Requirements 459 Appendix
Résumé du contenu de la page N° 19
1 Getting Started This chapter provides an overview of the Cisco ISA500 Series Integrated Security Appliance and describes basic configuration tasks to help you configure your security appliance. It includes the following sections: • Introduction, page 20 • Product Overview, page 21 • Getting Started with the Configuration Utility, page 25 • Factory Default Settings, page 30 • Performing Basic Configuration Tasks, page 32 NOTE For information about how to physically install your security appl
Résumé du contenu de la page N° 20
Getting Started Introduction 1 Introduction Thank you for choosing the Cisco ISA500 Series Integrated Security Appliance, a member of the Small Business Family. The ISA500 Series is a set of Unified Threat Management (UTM) security appliances that provide business-class security gateway solutions with dual WAN, DMZ, zone-based firewall, site-to-site and remote access VPN (including IPsec Remote Access, Teleworker VPN Client, and SSL VPN) support, and Internet threat protection, such as In