www.pineapp.com
PineApp™ Surf-SeCure™ Quick
Installation Guide
September 2010
WEB BASED INSTALLATION – SURF-SECURE AS PROXY
1.
Once logged in, set the appliance’s clock:a.
Click on the Edit link under Time-Zone section.b. Choose your current time zone from the Time Zone dropdown list in the pane.
c. Click on Set time zone button.
2.
Go to Networking > General tab, and set up new DNS server(s):a.
Click on the Add new DNS link. A new pane will appear on the right hand side of the screen.b. DNS – Type the DNS server’s IP address c. Click on the Add DNS button.
3.
Set up a new hostname, by clicking on the Edit link. Inside the Host Name text field, type the appliance’s FQDN (Fully Qualified Domain Name), and click on Update Hostname button.4. Go to Networking > Interfaces tab, and choose Proxy only from the above Working Mode menu.
Click on Save changes and Apply Settings to finalize the decision.
5.
In Networking > Interfaces, set up a new interface.a.
Choose the interface you wish to assign and click on the Add new IP link next to it.b. IP – Type the requested IP address for the interface.
c. Subnet Mask – Choose the proper subnet mask for the interface from the dropdown list.
d. Click on the Add New IP button.
Once done, connect the assigned interface’s port to the firewall, using a network cable.
6.
Go to Routes tab and set up a new default route:a.
Click on the Edit link.b. Click on the Update default route button.
If you do not want to use authentication or to enable policy per group/user, please skip steps 7 & 8.
7.
Go to Authentication > LDAP and Click on the Edit link next to the existing default parameter. Fill in the information according to the below table.8. Go to Authentication > NTLM tab, and set up NTLM authentication:
a. Enable NTLM – Click once on this icon in order to activate the NTLM feature.
b. User – type a username which has permissions to add workstations to domain and is member in Build-In security group: Windows Authorization Access Group.
c. Password –Type the username’s corresponding password d. Server Name & Domain – See appendix C for further details.
e. Click on the Save button.
9. In case you wish to assign policy rules for specific object groups of any sort, you will first have to Synchronize User & Group database
from LDAP Check box to activate module.
LDAP server type Choose the type of the LDAP server from the list.
LDAP Synchronization Interval Choose the synchronization intervals to the LDAP server from the menu.
LDAP Server Enter the LDAP server›s IP address
LDAP Bind DN Enter the Branch that has searching
privileges in the tree. Example:
LDAP Server Hostname (optional) Enter the LDAP server›s Hostname (optional).
LDAP port (389=common,
3265=Global catalog) If you are not using the default LDAP port (389), type the port you are using to synchronize the LDAP server.
LDAP Context Enter the Root Branch definition. For example, if the domain is pineapp.com, type: dc=pineapp, dc=com (There must be a space between the comma and “dc”).
Pressing the Fetch DNs button will cause the different DNs that are available on the specific Active directory to pop up. Make sure you have defined the IP of the LDAP server, Bind DN and password before pressing it.
LDAP Password Enter the Password of the Administrator.
Creating Object lists
Creating Object lists is done be choosing Add new object lists link from the section.
a.
Type a list name and description (optional).b. Click the Save button.
Creating Objects
a.
Choose from the drop-down menu the type of object you wish to create (IP, Domain, URL and Network).b. Type the IP (or URL, Domain or network – according to the type of object you wish to add) and description (optional).
c.
Click the Save button.10.
In order to add objects to the list, click on the group name, choose the objects you wish to add and click on the Add button.11.
Configure policy rules, according to the instructions on chapter 5 of Surf-SeCure user manual.12.
In order to receive real-time alerts from the system, go to System->Maintenance tab, and type the system administrator’s email address in the input text field.WEB BASED INSTALLATION – SURF-SECURE AS BRIDGE
1.
Repeat steps 1-3 from the previous section.2.
Go to Networking > Interfaces tab, and edit IP address info for br0:a.
Click on the Edit link next to the br0 record.b. IP – Type the requested IP address for the interface.
c. Subnet Mask – Choose the proper subnet mask for the interface from the dropdown list.
d. Click on the Update device button.
3.
Go to Routes tab and set up a new default route:c.
Click on the Edit link.d. Click on the Update default route button.
4.
Repeat steps 8-10 from the previous section, in order to configure new object lists and policy rules.5.
In order to receive real-time alerts from the system, go to System->Maintenance tab, and type the system administrator’s email address in the input text field.BACKING UP THE CONFIGURATION
Once configure, it is highly recommended that you back up your configuration (“System” > “Configuration Management”).
To backup the configurations, type in the name of the file to create and click the Backup button. After a few seconds, the file will be listed in the stored configuration table (A green “successful” message will appear).
To download a configuration backup to the desktop, click on the desired file name. Save the file on the desktop.
For further information and configuration steps, please refer to Surf-SeCure’s user manual.
TECHNICAL SUPPORT
In case you need any technical support, please contact your reseller or PineApp’s technical support center:
North America: +1-877-300-3422 International: +972-4-8212-321 Email: [email protected] Website:
http://www.pineapp.com/
APPENDIX B – RETRIEVING NTLM INFORMATION e
Retrieving server name
a.
Open your Active directory serverb. Under the organization domain’s root folder, go to Computers > System properties. The following pane will appear:
c.
In system properties > General section, under Full Computer Name, copy the initial part (before the first dot – highlighted red in the above image) and use it for Server name credentials.For example: if Full computer name is example.domain.com, type “example” in Server name.
Retrieving Domain information
a.
Open your Active directory serverb. Right click on the domain’s root folder and choose Properties. the following pane will appear: