Sophos UTM. Remote Access via IPsec Configuring UTM and Client. Product version: Document date: Tuesday, December 13, 2016

Similar documents
Sophos Firewall Configuring SSL VPN for Remote Access

Sophos Transparent Authentication Suite Quick Start Guide. Product version: 2.0 Document date: Wednesday, July 05, 2017

3.1 Getting Software and Certificates

Remote Access via Cisco VPN Client

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Configuring SSL. SSL Overview CHAPTER

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Client VPN OS Configuration. Android

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Secure Access Configuration Guide For Wireless Clients

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Configuring SSL. SSL Overview CHAPTER

Quick Setup Guide. 2 System requirements and licensing

NetExtender for SSL-VPN

Chapter 8. User Authentication

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Configuring SSL CHAPTER

VII. Corente Services SSL Client

Manual Overview. This manual contains the following sections:

Astaro Security Linux v5 & NCP Secure Entry Client A quick configuration guide to setting up NCP's Secure Entry Client and Astaro Security Linux v5

Firepower Threat Defense Site-to-site VPNs

Wireless LAN Controller Web Authentication Configuration Example

VI. Corente Services Client

Configuring the VPN Client

Kerio Control. User Guide. Kerio Technologies

NCP Secure Client Juniper Edition (Win32/64) Release Notes

How to Set Up VPN Certificates

Configuring OpenVPN on pfsense

Content and Purpose of This Guide... 1 User Management... 2

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Probe Service Board Module v1.0

How to Set Up External CA VPN Certificates

IKEv2 Roadwarrior VPN. thuwall 2.0 with Firmware & 2.3.4

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

The Cisco HCM-F Administrative Interface

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

NCP Secure Client Juniper Edition Release Notes

Proxy Protocol Support for Sophos UTM on AWS. Sophos XG Firewall How to Configure VPN Connections for Azure

User Manual. SSV Remote Access Gateway. Web ConfigTool

Service Managed Gateway TM. Configuring IPSec VPN

Kerio Control. User Guide. Kerio Technologies

NeoAccel NeoAccel Management Console: Gateway Gateway Administration version version 2.3

Configuring the Cisco APIC-EM Settings

Firepower Threat Defense Remote Access VPNs

Sample excerpt. Virtual Private Networks. Contents

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

Security Digital Certificate Manager

Wired Dot1x Version 1.05 Configuration Guide

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Cisco Expressway Authenticating Accounts Using LDAP

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

IBM. Security Digital Certificate Manager. IBM i 7.1

Message Networking 5.2 Administration print guide

Dolby Conference Phone 3.1 configuration guide for West

Teldat Secure IPSec Client - for professional application Teldat IPSec Client

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Managing External Identity Sources

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

How to Configure SSL Interception in the Firewall

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Link Platform Manual. Version 5.0 Release Jan 2017

Authenticating Cisco VCS accounts using LDAP

Using SSL to Secure Client/Server Connections

Sophos Mobile as a Service

Configuring an IPSec Tunnel Between a Cisco SA500 and the Cisco VPN Client

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

Chapter 5 Virtual Private Networking

How to Configure Authentication and Access Control (AAA)

vcloud Director Tenant Portal Guide vcloud Director 8.20

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Overview. SSL Cryptography Overview CHAPTER 1

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Secure IIS Web Server with SSL

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

Defining IPsec Networks and Customers

Wireless-G Router User s Guide

Parallels Remote Application Server

Series 5000 ADSL Modem / Router. Firmware Release Notes

IBM i Version 7.2. Security Digital Certificate Manager IBM

ClearPass QuickConnect 2.0

Configuring Request Authentication and Authorization

L2TP over IPsec. About L2TP over IPsec/IKEv1 VPN

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

vcloud Director User's Guide

SSL Certificate Based VPN

RX3041. User's Manual

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

Sophos Migration Assistant. migration guide

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN

Read the following information carefully, before you begin an upgrade.

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

VMware Horizon View Deployment

Secure Web Appliance. SSL Intercept

Transcription:

Sophos UTM Remote Access via IPsec Configuring UTM and Client Product version: 9.400 Document date: Tuesday, December 13, 2016

The specifications and information in this document are subject to change without notice. Companies, names, and data used in examples herein are fictitious unless oth erwise noted. This document may not be copied or distributed by any means, in whole or in part, for any reason, without the express written permission of Sophos Limited. Trans lations of this original manual must be marked as follows: "Translation of the original manual". 2016 Sophos Limited. All rights reserved. http://www.sophos.com Sophos UTM, Sophos UTM Manager, Astaro Security Gateway, Astaro Command Center, Sophos Gateway Manager, Sophos iview Setup and WebAdmin are trademarks of Sophos Limited. Cisco is a registered trademark of Cisco Systems Inc. ios is a trademark of Apple Inc. Linux is a trademark of Linus Torvalds. All further trademarks are the property of their respective owners.

Limited Warranty No guarantee is given for the correctness of the information contained in this document. Please send any comments or corrections to nsg-docu@sophos.com.

Contents 1 Introduction 5 2 Configuring UTM 6 2.1 Defining a User Account 6 2.2 Configuring IPsec Settings 7 2.3 Configuring Advanced IPsec Settings 10 2.4 Creating Firewall and Masquerading Rules 13 2.4.1 Defining a Firewall Rule 13 2.4.2 Defining a Masquerading Rule 14 3 Configuring the Remote Client 17 3.1 Getting Software and Certificates 17 3.2 Configuring the Sophos IPsec Client 18 4 Connecting to the VPN 21 5 Disconnecting from the VPN 22

1 Introduction This guide describes step by step the configuration of a remote access to the UTM by using IPsec. IPsec allows you to give individual hosts access to your network through an encrypted IPsec tunnel. The structure is described in the following chart. First, the system administrator configures the Sophos UTM to allow remote access. Additionally he enables the User Portal of the Sophos UTM for the remote access users. The User Portal offers the Sophos IPsec Client software, the configuration files, the necessary keys, and a configuration guide to the remote access user. Login data for the User Portal should be provided by the system administrator. The Sophos IPsec Client comes with a 30-day trial license. You have to purchase the license to use the unlimited version. The IPsec Client works on Microsoft Windows XP, Vista, and 7 operating systems and will work on Windows 8, too. Additional information This guide contains complementary information on the Administration Guide and the Online Help. If you are not sure whether you have the current version of this guide, you can download it from the following Internet address: http://www.sophos.com/en-us/support/knowledgebase/b/2450/3100/5300.aspx If you have questions or find errors in the guide, please, contact us under the following e-mail address: nsg-docu@sophos.com For further help use our support forum under... http://www.astaro.org... or our knowledgebase under... http://www.sophos.com/en-us/support/knowledgebase/b/2450.aspx... or use the Sophos support offers: http://www.sophos.com/en-us/support/contact-support/utm-support.aspx

2 Configuring UTM The UTM is configured via the web-based WebAdmin configuration tool from the administration PC. Opening and using this configuration tool is extensively described in the UTM administration guide. 2.1 Defining a User Account First, you need to create a user account which is necessary for accessing the User Portal and for actually using the VPN connection. 1. Open the Definitions & Users > Users & Groups > Users tab. 2. Click the New User button. The Create New User dialog box opens. 3. Make the following settings: Username: Enter a specific username (e.g., gforeman). In doing so remember that the remote user will need this username later to log in to the User Portal. Real name: Enter the full name of the remote user (e.g., George Foreman). Email address: Enter the e-mail address of the user. When you specify an e-mail address, an X.509 certificate for this user will be generated automatically while creating the user account, using the e-mail address as the certificate's VPN ID. The certificate will be displayed on the Remote Access > Certificate Management > Certificates tab. Authentication: With the Local authentication method the following two fields will be displayed for the definition of the password.

2 Configuring UTM Password: Enter the password for the user. In doing so remember that the remote user will need this password later to log in to the User Portal. Repeat: Confirm the password. Use static remote access IP (optional): Each remote access user can be assigned to a specific IP address. The assigned IP address must not originate from the IP address pool used in the remote access settings (see below). During the dial-up the address is automatically assigned to the host. Enter the static IP address in the RAS address box. Comment (optional): Enter a description or additional information on the user. 4. Click Save. Your settings will be saved. Cross Reference More detailed information on the configuration of a user account and detailed explanations of the individual settings can be found in the UTM admin istration guide in chapter Definitions & Users. 2.2 Configuring IPsec Settings This chapter describes how to enable IPsec, configuring basic settings and access con trol. 1. Open the Remote Access > IPsec > Connections tab. 2. Click New IPsec Remote Access Rule. The Add IPsec Remote Access Rule dialog box opens. 7 UTM 9 Remote Access via IPsec

2 Configuring UTM 3. Make the following settings: Name: Enter a descriptive name for this connection. Interface: Select the network interface which is used as the local endpoint of the IPsec tunnel. Local networks: Select the local networks that should be reachable to the client. Note If you wish the IPsec-connected users to be allowed to access the Inter net, you need to select Any in the Local networks dialog box. Additionally, you need to define appropriate Masquerading or NAT rules. Virtual IP pool: The default settings assign addresses from the private IP space 10.242.4.x/24. This network is called the VPN Pool (IPsec). If you wish to use a dif ferent network, simply change the definition of the VPN Pool (IPsec) on the Defin itions & Users > Network Definitions page. Policy: Select an already defined policy (in this example: AES-256). Or you can use the IPsec > Policies tab to define your own policies. Cross Reference Creating new IPsec policies is described in the UTM admin istration guide in Chapter Remote Access. Authentication type: IPsec remote access supports authentication based on CA DN match, Preshared key, and X.509 certificate. The settings in this section depend on the authentication type: UTM 9 Remote Access via IPsec 8

2 Configuring UTM CA DN match The authentication is based on the Distinguished Name (DN) and the fol lowing widgets are displayed: Authority: Select the certificate authority VPN Signing CA for the VPN users. DN mask: In order to use a Distinguished Name as an ID, you will need inform ation from the X.509 index. Possible indications are Country (C), State (ST), Local (L), Organization (O), Unit (OU), Common Name (CN), and E-Mail Address (E). Enable XAUTH (optional): Extended authentication should be enabled to require authentication of users against configured backends. Preshared key If you select Preshared key, the following widgets are displayed: Preshared key: Enter the shared secret. This shared secret is a secure phrase or password that is used to encrypt the traffic using the encryption algorithm for IPsec. Confirm: Confirm the shared secret. Security Note Use a secure password! Your name spelled backwards is, for example, not a secure password while something like xft35!4z would be. Ensure that this password does not fall into the hands of unauthorized third parties. With this password, an attacker can build a connection to the internal network. We recommend changing this password at regular inter vals. Enable XAUTH (optional): Extended authentication should be enabled to require authentication of users against configured backends. Note that this option has to be enabled and the user has to be added to the Allowed users box to be able to access the respective remote access information in the User Portal. X.509 certificate If you select X.509 CA certificate, the following widgets will be displayed: Enable XAUTH (optional): Extended authentication should be enabled to require authentication of users against configured backends. Allowed users: Select the user object which had been created automatically, e.g., gforeman. Automatic firewall rules: If selected, once the VPN tunnel is successfully estab lished, the firewall rules for the data traffic will automatically be added. After the connection is terminated, the firewall rules are removed. If unselected, you need to define the firewall rules manually (see below). Comment (optional): Add a description or other information about the IPsec con nection. 9 UTM 9 Remote Access via IPsec

2 Configuring UTM 4. Click Save. Your settings will be saved. 5. Enable the IPsec rule. You can enable the rule now or later after completing the whole UTM con figuration. Click the toggle switch in front of the rule to activate the rule. The toggle switch turns green. The IPsec remote access rule is active now. Cross Reference More detailed information on the configuration of a remote access and detailed explanations of the individual settings can be found in the UTM admin istration guide in chapter Remote Access. 2.3 Configuring Advanced IPsec Settings 1. Open the Remote Access > IPsec > Advanced tab. UTM 9 Remote Access via IPsec 10

2 Configuring UTM 2. In the Local X.509 Certificate section, select the certificate. By default, the local X.509 certificate is used for IPsec connections to authen ticate the server. 3. Click Apply to save your settings. 4. In the Dead Peer Detection (DPD) section, enable DPD. This option is enabled by default. It is used to automatically determine whether a remote IPsec peer can still be reached. Usually it is safe to always enable this option. The IPsec peers automatically determine whether the remote side sup ports Dead Peer Detection or not, and fall back to normal mode if necessary. 5. Click Apply to save your settings. 6. In the NAT Traversal (NAT-T) section, enable NAT-T. This option is enabled by default with a keepalive of 60 seconds. It allows IPsec traffic to pass upstream systems which use Network Address Translation (NAT). If 11 UTM 9 Remote Access via IPsec

2 Configuring UTM necessary, you can change the keepalive interval for NAT traversal in the field NAT traversal keepalive. 7. Click Apply to save your settings. 8. Optionally, make some settings in the CRL Handling section. There might be situations, in which the provider of a certificate attempts to revoke the confirmation awarded with still valid certificates, for example if it has become known that the receiver of the certificate fraudulently obtained it by using wrong data (name, etc.) or because an attacker has got hold of the private key, which is part of the certified public key. For this purpose, so-called Certificate Revocation Lists or CRLs are used. They normally contain the serial numbers of those cer tificates of a certifying instance, that have been held invalid before their expir ation. Automatic fetching: This option automatically requests the CRL through the URL defined in the partner certificate via HTTP, Anonymous FTP, or LDAP Ver sion 3. On request, the CRL can be downloaded, saved, and updated, once the validity period has expired. Strict policy: Using the option, any partner certificate without a cor responding CRL is rejected. 9. Click Apply to save your settings. 10. Optionally, enable Preshared Key Probing. In the Preshared Key Probing section, activate the option Enable probing of pre shared keys if you want to use different preshared keys (PSKs) for your IPsec con nections in respond-only mode. This option applies to L2TP-over-IPsec, IPsec remote access, and IPsec site-to-site connections with a respond-only remote gateway. 11. Click Apply to save your settings. 12. Open the Remote Access > Advanced page. This page allows you to define name servers (DNS and WINS) and the name ser vice domain, which should be assigned to hosts during the connection estab lishment. 13. Click Apply to save your settings. UTM 9 Remote Access via IPsec 12

2 Configuring UTM 2.4 Creating Firewall and Masquerading Rules 2.4.1 Defining a Firewall Rule Only for authentication based on X.509 certificate, you do not need define this firewall rule if you have enabled the Automatic firewall rule function during the configuration of IPsec. 1. Open the Network Protection > Firewall > Rules tab. 2. Click the New Rule button. The dialog box Create New Rule opens. 3. Make the following settings: Sources: Add the remote host or user (in this example: gforeman). Services: Add the allowed services. Destinations: Add the allowed networks (in this example: Internal (Network)). For the remote user to be able to access Internet you should e.g. select the Internet or Any network definition. Action: Select Allow. 13 UTM 9 Remote Access via IPsec

2 Configuring UTM 4. Click Save. The new firewall rule is added to the list and remains disabled (toggle switch shows gray). 5. Enable the rule by clicking the toggle switch. The toggle switch turns green. Security Note Active rules are processed in the order of the numbers (next to the toggle switch) until the first matching rule. Then the following rules will be ignored! The sequence of the rules is thus very important. Therefore never place a rule such as Any Any Any Allow at the beginning of the rules since all traffic will be allowed through and the following rules ignored. Cross Reference More detailed information on the definition of Firewall rules and detailed explanations of the individual settings can be found in the UTM admin istration guide in chapter Network Protection. 2.4.2 Defining a Masquerading Rule Note This is an optional step depending on your environment. Masquerading is used to mask the IP addresses of one network (in this example: gfore man) with the IP address of a second network (e.g. External). Thus remote users who have only private IP addresses can e.g. surf on the Internet with an official IP address. Depending on your system configuration masquerading can also be necessary for other connection types. 1. Open the Network Protection > NAT > Masquerading tab. 2. Click the New Masquerading Rule button. 3. Make the following settings: Network: Select the network of the remote endpoint (in this example: gforeman). Interface: Select the interface that should be used to mask the clients (in this example: External). Use address: If the interface you selected has more than one IP address assigned, you can define here which IP address is to be used for masquerading. UTM 9 Remote Access via IPsec 14

2 Configuring UTM 4. Click Save. Your settings will be saved. The new masquerading rule is added at the end of the list and remains disabled (toggle switch shows gray). 5. Enable the rule by clicking the toggle switch. The toggle switch turns green. Cross Reference More detailed information on the definition of masquerading rules and detailed explanations of the individual settings can be found in the UTM administration guide in chapter Network Services. 6. Optionally, activate the proxies: If the remote employees should access URL services via the remote access you may configure the required proxies on the UTM this would be the DNS and HTTP proxy for example. Cross Reference More detailed information on the configuration of proxies and detailed explanations of the individual settings can be found in the UTM admin istration guide. 7. Open the Management > User Portal > Global tab. The User Portal needs to be activated for the remote access user. If the toggle switch is gray, click the Enable button to enable the User Portal. 8. Select the networks that are allowed to access the User Portal. To the Allowed networks box, add the networks that should be allowed to access the User Portal (in this example: Any or the respective VPN Pool, or just gforeman). Cross Reference More detailed information on the configuration of the User Portal and detailed explanations of the individual settings can be found in the UTM administration guide in chapter Management. 15 UTM 9 Remote Access via IPsec

2 Configuring UTM After configuring the VPN server (headquarter) you need to configure the road warrior. Depending on the security policy of your organization and the requirements of your net work, you might have to make additional settings. UTM 9 Remote Access via IPsec 16

3 Configuring the Remote Client To be able to access the UTM via IPsec VPN, you need to configure your remote com puter. To do so, access the UTM User Portal with a browser on the remote client. There, the necessary installation instructions, the Sophos IPsec Client software and configuration files are available for download. Then you install the software and con figure the installed software. 3.1 Getting Software and Certificates The UTM User Portal is available to all remote access users. From this portal, you can download guides and tools for the configuration of your client. You should get the fol lowing user credentials for the User Portal from your system administrator: IP address, username, and password. Especially for the IPsec remote access based on authentication with X.509 certificate, the User Portal offers the Sophos IPsec Client software, the configuration files, and necessary keys. 1. Start your browser and open the User Portal. Start your browser and enter the management address of the User Portal as fol lows: https://ip address (example: https://218.93.117.220). A security note will be displayed. Accept the security note. Depending on the browser, click I Understand the Risks > Add Exception > Confirm Security Exception (Mozilla Firefox), or Proceed Anyway (Google Chrome), or Continue to this website (Microsoft Internet Explorer). 2. Log in to the User Portal. Enter your credentials: Username: Your username, which you received from the administrator. Password: Your password, which you received from the administrator. Please note that passwords are case-sensitive. Click Login. 3. On the Remote Access page, download the tools and/or configuration guide for setting up your remote access connection. This page can contain up to five sections, depending on the remote access con nection types (IPsec, SSL, L2TP, PPTP, ios devices) your administrator enabled for you. At the top of most of the sections you find a help icon which opens the respective remote access guide.

3 Configuring the Remote Client The IPsec VPN section contains the executable client software, configuration file, and certificate (if selected) for the remote access client. In the Export password field, enter a password to secure the PKCS#12 container before downloading the certificate. Note that you will need the security password of the certificate later on. Start the download processes by clicking the respective Download button. Down load all files and store them in a location of your choice. You will need all those files later on when installing and configuring the Sophos IPsec Client. 4. Close the User Portal session by clicking Log out. The rest of the configuration takes place on the Sophos IPsec Client. Note The Sophos IPsec Client runs on Windows XP, Vista, 7, 8 and 10. 3.2 Configuring the Sophos IPsec Client First you have to start the Sophos IPsec Client installation via double-clicking the down loaded exe file and follow the necessary steps in the installation wizard. As a separate software it has its own documentation. You can instantly use the 30-day trial licence or activate the software using the purchased licence key. After installation, in order to configure the Sophos IPsec Client, proceed as follows: 18 UTM 9 Remote Access via IPsec

3 Configuring the Remote Client 1. Import the user s configuration file. The profile settings of the INI file have to be imported to the Sophos IPsec Client. In the Profile dialog box, click Add/Import. The New Pro file Wizard appears. Follow the steps of the wizard to import the user s configuration file. 2. Import the PKCS#12 file. Open the Configuration > Cer tificates menu of Sophos IPsec Client. Click Add. Enter a Name, and as Certificate select from PKCS#12 File. Then click the button next to PKCS#12 File name. Browse for the PKCS#12 file of the user and select it. Store the key by clicking OK and close the dialog box. 3. Assign the certificate to the user. UTM 9 Remote Access via IPsec 19

3 Configuring the Remote Client Open the Configuration > Pro files menu on Sophos IPsec Cli ent. In the Profile dialog box, select the imported profile, and click Edit. On the left, select the Identities entry. From the Cer tificate configuration dropdown list, select the previously imported certificate. Click OK. 20 UTM 9 Remote Access via IPsec

4 Connecting to the VPN In Sophos IPsec Client, click the Con nection button. If the connection establishes suc cessfully, you will see a green bar and the information Connection established, as displayed in the figure. Additionally, the Tray icon of Sophos IPsec Client switches from red to green. If you chose X.509 as authentication method, a PIN dialog will open when connecting to the VPN. In this case, enter the password you used for down loading the PKCS#12 container from the User Portal. The Sophos IPsec Client has a caching mechanism. So during normal operation (connect/disconnect) it is only neces sary to enter the PIN once. It is only after a restart of your computer that you need to enter the PIN again. Alternatively, you can connect from the Sophos IPsec Client Tray icon menu. Rightclick the icon, and select the Connect entry from the context menu.

5 Disconnecting from the VPN 5 Disconnecting from the VPN To disconnect from the VPN, click the Disconnect button. Alternatively, you can disconnect from the Sophos IPsec Client Tray icon menu. Rightclick the icon, and select the Disconnect entry from the context menu. Note The client has a timeout mechanism included. By default, Sophos IPsec Client does not close the VPN connection in case of an inactivity (default value set to 0). In order to increase this value, edit your profile in Configuration > Profile Settings, and go to the section Line Management. You can specify a higher value in Inactivity Timeout, which means that the connection will be terminated if no data is transmitted for the time specified. 22 UTM 9 Remote Access via IPsec

Glossary A AES Advanced Encryption Standard ASG Astaro Security Gateway Astaro Security Gateway C CA Former Name of Sophos UTM Certificate Authority Certificate Authority Entity or organization that issues digital certificates for use by other parties. CHAP Challenge-Handshake Authentication Protocol CRL D DN Certificate Revocation List Distinguished Name DNS Domain Name Service Domain Name Service Translates the underlying IP addresses of computers connected through the F Internet into more human-friendly names or aliases. FTP H File Transfer Protocol HTTP/S Hypertext Transfer Protocol Secure HTTPS Hypertext Transfer Protocol Secure Hypertext Transfer Protocol Protocol for the transfer of information on the Internet. Hypertext Transfer Protocol over Secure Socket Layer I Protocol to allow more secure HTTP communication. Internet Protocol IP Data-oriented protocol used for communicating data across a packetswitched network. Internet Protocol IP Address Unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard.

Glossary IPsec L Internet Protocol Security L2TP Layer Two (2) Tunneling Protocol LDAP M Lightweight Directory Access Protocol Masquerading Technology based on NAT that allows an entire LAN to use one public IP address to communicate with the rest of the Internet. MD5 Message-Digest algorithm 5 Message-Digest algorithm 5 Cryptographic hash function with a 128- bit hash value. MSCHAPv2 N Microsoft Challenge Handshake Authentication Protocol Version 2 NAS Network Access Server NAT Network Address Translation Network Address Translation System for reusing IP addresses. P PAP Password Authentication Protocol PKCS Public Key Cryptography Standards Port Virtual data connection that can be used by programs to exchange data directly. More specifically, a port is an additional identifier in the cases of TCP and UDP, a number between 0 and 65535 that allows a computer to distinguish between multiple concurrent connections between the same two computers. PPTP Point to Point Tunneling Protocol Protocol Well-defined and standardized set of rules that controls or enables the connection, communication, and data transfer between two computing endpoints. Proxy Computer that offers a computer network service to allow clients to make indirect network connections to other network services. PSK R Preshared Key RADIUS Remote Authentication Dial In User Service 24 UTM 9 Remote Access via IPsec

Glossary RAS S Remote Access Server Secure Sockets Layer Cryptographic protocol that provides secure communications on the Internet, predecessor of the Transport LayerSecurity (TLS). Shared Secret Password or passphrase shared between two entities for secure communication. SSH T Secure Shell TCP Transmission Control Protocol Transmission Control Protocol U Protocol of the Internet protocol suite allowing applications on networked computers to create connections to one another. The protocol guarantees reliable and in-order delivery of data from sender to receiver. URL Uniform Resource Locator UTM Unified Threat Management V Virtual Private Network Private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol such as PPTP or IPsec. VPN W Virtual Private Network WebAdmin Web-based graphical user interface of Sophos products such as UTM and SUM. Windows Internet Naming Service Microsoft's implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names. WINS X Windows Internet Naming Service X.509 Specification for digital certificates published by the ITU-T (International Telecommunications Union Telecommunication). It specifies information and attributes required for the identification of a person or a computer system. UTM 9 Remote Access via IPsec 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback