uf_SG720_qig_700-2240A00_en-us.
uf_SG720_qig_700-2240A00_en-us.fm Page 2 Monday, October 12, 2009 11:56 AM COPYRIGHT Copyright © 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
uf_SG720_qig_700-2240A00_en-us.fm Page 3 Monday, October 12, 2009 11:56 AM Introduction This Quick Installation Guide walks you through the installation of your UTM Firewall device. This guide is intended for anyone who needs to set up an SG720 McAfee UTM Firewall device. You can find additional information at the following locations: • Help – Help is built into the UTM Firewall Management Console. Click the Help icon in the upper right corner. • Support – Visit mysupport.mcafee.
uf_SG720_qig_700-2240A00_en-us.fm Page 4 Monday, October 12, 2009 11:56 AM Installation overview Installing the UTM Firewall device into a well-planned network is quick and easy; however, network planning is outside the scope of this guide. Take some time to plan your network prior to installing your UTM Firewall device.
uf_SG720_qig_700-2240A00_en-us.fm Page 5 Monday, October 12, 2009 11:56 AM Unpack the UTM Firewall device In addition to this document, check that you have the following items included with your UTM Firewall device: • Power cable • UTM Firewall CD • Network cable The front panel of the UTM Firewall device has 2 10/100/1000 ports (A and B), 3 10/100 ports (C, D, and E), a serial port, status LEDs, and an Erase button (Appendix 1).
uf_SG720_qig_700-2240A00_en-us.fm Page 6 Monday, October 12, 2009 11:56 AM Set up a single computer connection The UTM Firewall device ships with initial network settings of: • LAN IP address – 192.168.0.1 • LAN subnet mask – 255.255.255.0 The UTM Firewall device needs an IP address suitable for your LAN before it is connected. You can choose to use the UTM Firewall device initial network settings as a basis for your LAN settings. NOTE: Initial configuration is performed through port A.
uf_SG720_qig_700-2240A00_en-us.fm Page 7 Monday, October 12, 2009 11:56 AM Figure 2 Internet Protocol (TCP/IP) Properties 6 Select Use the following IP address, and type: • IP address – 192.168.0.100 • Subnet mask – 255.255.255.0 • Default gateway – 192.168.0.1 7 Select Use the following DNS server addresses. 8 In the Preferred DNS Server field, enter 192.168.0.1.
uf_SG720_qig_700-2240A00_en-us.fm Page 8 Monday, October 12, 2009 11:56 AM Set your password Launch your Web browser. The UTM Firewall Management Console window appears. 1 NOTE: If the UTM Firewall Management Console window does not appear, navigate to 192.168.0.1. If you are unable to browse to the UTM Firewall device at 192.168.0.1, or if the initial username and password are not accepted: a Press the erase button on the UTM Firewall device's rear panel twice within 3 seconds, 1 second apart.
uf_SG720_qig_700-2240A00_en-us.fm Page 9 Monday, October 12, 2009 11:56 AM 4 Enter and confirm a new password for your UTM Firewall device. The new password takes effect immediately. You are prompted to enter the new password when completing the next step. NOTE: This is the password for the main administrative user (root) account on the UTM Firewall device. It is important you choose a password hard that is hard to guess, and keep it safe. 5 Click Submit.
uf_SG720_qig_700-2240A00_en-us.fm Page 10 Monday, October 12, 2009 11:56 AM Set LAN connection settings 1 [Optional] The host name defaults to the model number. If you want to use a different host name, type the new name in the Hostname field. The name must begin with an alpha character. 2 Click Next. The LAN window appears (Figure 5).
uf_SG720_qig_700-2240A00_en-us.fm Page 11 Monday, October 12, 2009 11:56 AM 3 Select an option for your LAN configuration: • [Recommended] To manually configure your LAN and enable the built-in DHCP server option which automatically configures the network settings of computers and other hosts on your LAN, select Use a Fixed IP. • To use the initial network settings (page 6) as a basis for your LAN settings and not use the built-in DHCP server, select Skip.
uf_SG720_qig_700-2240A00_en-us.fm Page 12 Monday, October 12, 2009 11:56 AM Figure 6 LAN Configuration window . b [Optional] To enable the UTM Firewall device's built-in DHCP server, enter a range of addresses in the DHCP Server Start Address and DHCP Server End Address fields.
uf_SG720_qig_700-2240A00_en-us.fm Page 13 Monday, October 12, 2009 11:56 AM Figure 7 ISP connection window . 6 Select an option for your Internet Port Configuration: • Cable Modem – Connect using a cable modem. • Modem – Connect using a regular analog modem. • ADSL – Connect using an ADSL modem. Selecting ADSL will attempt automatic detection of your ADSL connection type. • Direct Connection – Connect directly to the Internet (for example, over a leased line).
uf_SG720_qig_700-2240A00_en-us.fm Page 14 Monday, October 12, 2009 11:56 AM Click Next. Continue based on the option you selected. • Cable Modem, Modem, or ADSL – Configuration windows for those options are presented for you to complete. i Refer to the on-screen instructions, the Help, and the UTM Firewall Administration Guide for more details. ii When you finish entering your details, go to Select a security level on page 16. • Skip – Go to Select a security level on page 16.
uf_SG720_qig_700-2240A00_en-us.fm Page 15 Monday, October 12, 2009 11:56 AM Click Next. Continue based on the option you selected. • Use an IP address obtained from a server on the Internet (DHCP) – Go to Select a security level on page 16. • Use a Fixed IP – Go to Step 8 on page 15. 8 [Conditional] If you selected Use a Fixed IP in Step 7 on page 14, manually configure your WAN settings (Figure 9). Figure 9 Internet (WAN) interface window .
uf_SG720_qig_700-2240A00_en-us.fm Page 16 Monday, October 12, 2009 11:56 AM Select a security level UTM Firewalls support packet filtering rules that can be used to restrict access between different parts of your network. Use the Firewall security level window to select a security level that will activate one or more packet filtering rules (Figure 10).
uf_SG720_qig_700-2240A00_en-us.fm Page 17 Monday, October 12, 2009 11:56 AM 1 Select a Firewall Configuration option: • Block Everything – Blocks all traffic that is not expressly allowed by a packet filtering rule. • Ultra / VPN access – Allows VPN, Dialin and LAN traffic to move through the firewall. Denies all Internet traffic • High / Web and VPN access – Allows VPN, Dialin, LAN, HTTP, and HTTPS traffic to move through the firewall. Denies other common traffic types.
uf_SG720_qig_700-2240A00_en-us.fm Page 18 Monday, October 12, 2009 11:56 AM Connect to your LAN Review your configuration selections (Figure 11). 1 Figure 11 Confirm selections window . 2 If you are satisfied with your settings, click Finish to activate the new configuration. NOTE: Depending on how you configured your LAN settings, you may have to navigate to the UTM Firewall’s new LAN IP address to access the Management Console.
uf_SG720_qig_700-2240A00_en-us.fm Page 19 Monday, October 12, 2009 11:56 AM Set up computers on your LAN Each computer on your LAN must now be assigned an appropriate IP address, and have the UTM Firewall device LAN IP address designated as its gateway and DNS server. A DHCP server allows computers to automatically obtain these network settings when they start up.
uf_SG720_qig_700-2240A00_en-us.fm Page 20 Monday, October 12, 2009 11:56 AM Figure 12 IP Properties window 4 Select the following options: • Obtain an IP address automatically • Obtain DNS server address automatically 5 Click OK. 6 Repeat steps 1-5 for each computer in your network.
uf_SG720_qig_700-2240A00_en-us.fm Page 21 Monday, October 12, 2009 11:56 AM Use an existing DHCP server NOTE: If you are setting the UTM Firewall device LAN using the Use an IP address obtained from a server on the LAN (DHCP) option (Step 3 on page 11), McAfee recommends you add a lease to your existing DHCP server to reserve the IP address you chose for the UTM Firewall device LAN connection.
uf_SG720_qig_700-2240A00_en-us.fm Page 22 Monday, October 12, 2009 11:56 AM Manually configure LAN properties 1 Click Start | (Settings |) Control Panel, then double-click Network Connections. 2 Right-click Local Area Connection (or appropriate network connection), and select Properties. 3 Select Internet Protocol (TCP/IP), and click Properties.
uf_SG720_qig_700-2240A00_en-us.fm Page 23 Monday, October 12, 2009 11:56 AM Set up the Internet connection If you skipped configuring connection settings, or have additional port connections to configure, continue with this procedure. Otherwise, go to Register your UTM Firewall device on page 24. NOTE: If you changed the UTM Firewall device’s LAN connection settings (Set LAN connection settings on page 10), browse to the new LAN IP address.
uf_SG720_qig_700-2240A00_en-us.fm Page 24 Monday, October 12, 2009 11:56 AM Register your UTM Firewall device You must register your UTM Firewall in order to receive technical support. A current email address is required to register your product. For prompt product registration, go to my.securecomputing.com. Step-by-step procedures for registering your device and activating add-on features are provided in the McAfee UTM Firewall Administration Guide. This completes the setup of your UTM Firewall.
uf_SG720_qig_700-2240A00_en-us.fm Page 25 Monday, October 12, 2009 11:56 AM SOFTWARE LICENSE AGREEMENT NOTICE TO ALL USERS: PLEASE READ THIS CONTRACT CAREFULLY. BY CLICKING THE ACCEPT BUTTON OR INSTALLING THE SOFTWARE, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN CONTRACT SIGNED BY YOU.
uf_SG720_qig_700-2240A00_en-us.fm Page 26 Monday, October 12, 2009 11:56 AM 4 5 6 7 26 is included in the above described materials, then the Term shall be for one (1) year from the date of purchase unless earlier terminated as set forth herein. This Agreement will terminate automatically if you fail to comply with any of the limitations or other requirements described herein.
uf_SG720_qig_700-2240A00_en-us.fm Page 27 Monday, October 12, 2009 11:56 AM 8 9 or introduce the Beta Software, and that McAfee may not introduce a product similar to or compatible with the Beta Software. Accordingly, you acknowledge that any research or development that you perform regarding the Beta Software or any product associated with the Beta Software is done entirely at your own risk.
uf_SG720_qig_700-2240A00_en-us.fm Page 28 Monday, October 12, 2009 11:56 AM remainder of the original warranty period. Outside the United States, this remedy is not available to the extent McAfee is subject to restrictions under United States export control laws and regulations. c Warranty Disclaimer. Except for the limited warranty set forth herein, THE SOFTWARE IS PROVIDED "AS IS" AND MCAFEE MAKES NO WARRANTY AS TO ITS USE OR PERFORMANCE.
uf_SG720_qig_700-2240A00_en-us.fm Page 29 Monday, October 12, 2009 11:56 AM 12 Export Controls. You acknowledge that the Software is subject to the export control laws and regulations of the United State of America (“US”), and any amendments thereof.
uf_SG720_qig_700-2240A00_en-us.fm Page 30 Monday, October 12, 2009 11:56 AM 17 18 19 20 30 perform functions on its behalf, such as payment processing, order fulfillment, marketing programs and customer service. McAfee may share your information with such subcontractors in order to perform these and other functions, but such subcontractors may not use your personal information for other purposes, unless you agree.
uf_SG720_qig_700-2240A00_en-us.
uf_SG720_qig_700-2240A00_en-us.
