Specifications
3
Firewall Administration System (FAS)
The Example, Inc., Configuration
Page 1/2 Administration via SSH
Remote access to the firewall should be possible only by the Adminhost via
SSH. To enable this, the firewall must have the public key of the administra-
tor. To do this, select ‘Import key’ and choose either id_rsa.pub (SSH2) or
identity.pub (SSH1). If required, both SSH versions can be supported. To
be extremely cautious, deactivate the fallback to “password authentication”
by unchecking SSH password.
Page 2/2 Administration via SSH
At Example, Inc., the Adminhost has the IP address 192.168.10.254. This
must be entered here:
Access allowed for: 192.168.10.254
Time Synchronization
With this module, configure the time server xntpd. This ensures that com-
puter time can be kept in sync with an external time source (a computer with
the exact time). This is important so the time stamps in log files can be com-
pared to the time stamps in other log files on other hosts.
Enter the IP addresses of the time servers from to request the current time
(Figure
3.52 on the next page). The NTP protocol is UDP-based, which means
you must open the corresponding ports of the packet filter in FAS.
The Example, Inc., Configuration
So all computers in the internal network are always set to the same time, the
NTP service is used. The firewall itself is synchronized from the time server.
At Example, Inc., there is the following time server:
Time Server: 192.168.10.23
192.168.10.24
Log File Analysis
The Log File Analysis in FAS is opened with ‘Tools’ ➝ ‘Log File Analysis’.
End the log analysis by clicking ‘Log File Analysis’ ➝ ‘Finish’. Get context-
sensitive help with ‘Log File Analysis’ ➝ ‘Help’.
99SuSE Linux – Firewall on CD2