Tuesday, 17 January 2012

Contact Us

Username

********

Home Community o o o

Solutions Support Knowledgebase

search...

Community Menu

Case Studies Competitions Articles Support Forums

Latest News

Endian UTM 2.5 Beta - Secure Mobile Connectivity Update release for version 2.4 on 6/12/2011 Update release for version 2.4-arm on 6/12/2011 REMINDER: End of Life for Endian Version 2.2 More Articles...

Live Support Chat

A Contact Manager featuresSat Jul 11 2009 22:16:29 GMT+0530 (India Standard Time) Acontact Manager 1.5.12 is available for download, in this new version there are some innovative features, like the spam ... Ajax Captcha for Joomla!Sun Jun 07 2009 17:03:05 GMT+0530 (India Standard Time) On the left an example on how AJAX Captcha for Joomla! works, allowing to validate the CAPTCHA field in real time without ...

Joomla Autosuggest AJAX search Wed Feb 04 2009 05:30:00 GMT+0530 (India Standard Time) Make your Joomla website search with autosuggest capability like Google suggest was the goal of this reading.Let me tell you ...
Home Articles How to Install Endian Software

How to Install Endian Software

How to Install Endian Enterprise Software Step by Step

By Veritech Support

This guide describes step-by-step how to install the Endian Enterprise UTM software onto your own hardware to make an Endian UTM Appliance. It also has includes tips to help when installing Endian as a Virtual Machine.

Table of Contents
Part 1 Obtain Image Part 2 Installing onto Hardware Part 3 - Management Console Initial Setup Part 4 Network Setup Wizard Step 1 RED Interface Step 2 Choose Network Zones Step 3 Network Zone and Interface Setup (Network Preferences) Step 4 Internet Access Preferences 4.1 Internet Ethernet Static

4.2 Internet Ethernet DHCP 4.3 Internet PPPoE 4.4 Internet ADSL (USB, PCI) 4.5 Internet ISDN 4.6 Internet ANALOG/UMTS Modem 4.7 Internet Gateway Step 5 Configure DNS Resolver Step 6 Default Admin Email Step 7 Apply Configuration Step 8 End Part 4 Endian Network Registration No Existing Account Use an Existing Account Registration Page

Part 1 Obtain Image

Download the ISO image this will generally be provided by your Endian Distributor as a link to the Endian download site. This file is probably around 170MB in size, and download time will depend on the speed of your Internet connection. This image will have a registration code built it to it (although you can register it using another code). Burn the ISO file to a CD as an image. This is different to just copying the file to the disk. You need to burn the image to the CD so that it will boot. This can be done with 'ISO Recorder Power Toy, Nero or other CD software.

Part 2 Installing onto Hardware

Prepare your hardware device minimum specifications are available athttp://www.endian.com/en/products/software/

If Installing on a Virtual Machine: Choose the Guest Operating System to be Redhat Enterprise Linux 5 (32-bit). 4 to 8 GB of disk space should be sufficient. Attach the CD ROM on the host.

Insert the Endian bootable ISO disk into the CDROM drive and boot the system.

Be aware your file system will be overwritten if you proceed further! Press Enter to continue, and you will see the system loading...

Then choose your Language (arrows to move up and down, TAB to get to Ok button, and

Enter key to accept):

Follow the screens:

When prompted for your Activation Key enter it to continue (including dashes).

After the key is entered, press TAB and Ok

Choose YES to continue, or NO to stop now. If you don't have an ethernet connection, you can use a serial cable to install and manage the software. You can choose this now.

The installer will proceed to partition the disk and install the system:

Wait for the installer to complete all of its tasks

When the system is installed, you will be prompted to configure the minimum settings. The first setting is the IP address. The default IP is 192.168.0.15 with a subnet mask of 255.255.255.0 You should change both of these to match your local (internal) network. If you are not sure of an appropriate IP and mask, it's okay, you can change it later. It just makes it easier to connect later if you have the correct address for your network now.

If you reach the next screen, you have completed the installation:

Remove the boot CD (you wont need it any more but keep it handy in case you ever need to re-install your system!) Press Enter to reboot the new Endian hardware! When the system has rebooted, the console should present you with a menu (as shown below) which gives you the option to exit to sell, Reboot, change root password, change admin password or restore to factory defaults.

You are now ready to connect with the Management Console.

If Installing on a Virtual Machine on vmware: You should also install the vmware tools onto the Guest Operating System. This will allow vmware to communicate and control the guest system.

Part 3 - Management Console Initial Setup

After you have configured the system via the console, you can then continue the configuration using a web browser. Open your web browser and type in http://your.ip.address.here where the IP address is the address you assigned to your Endian previously.

If you received warnings about a certificate, or untrusted connection, continue through the warnings.

CERTIFICATE WARNINGS For Firefox: Select I understand the risks, then Add Exception, then Get Certificate and then Confirm Security Exception. For Internet Explorer: Select Continue to this website

You should then see the Endian Welcome Screen.

Click the button labelled >>> to continue. Choose your language and Timezone and then click the >>> button.

You should take time to understand the licensing agreement, select the I accept checkbox and then the >>> button.

Next you have the opportunity to restore from a backup. This is particularly useful if you are recovering from a system crash. However, if this is a first-time install, you won't have a backup, select No in the drop list and then >>>.

The next screen gives you the opportunity to change the passwords. The Endian has two passwords for management, one is for the Web Management Front end, and the other is for Secure Shell (SSH). The default password for both is 'endian' but you have the chance to change it now.

Fill out the four password fields and then select >>>.

Part 4 Network Setup Wizard

Now you move directly to the 'Network Setup Wizard' where you can configure the key components of the network. Although the Network Setup is primarily conducted now, you can always re-run this wizard later if you need to reconfigure settings on the live Endian firewall.

Step 1 RED Interface

The first step is to define what type of Internet (public) connection you have. This depends on what you connect to.

Step 2 Choose Network Zones

This step allows you to configure optional, additional Network Zones. The number of zones available depends on the number of network interfaces available and you can have up to four zones: Red, Green, Blue, and Orange.

NETWORK ZONES
GREEN - is the trusted network segment. RED - is the untrusted network segment.

ORANGE - is the demilitarized zone (DMZ). If you host servers, it is wise to connect them to a different network than your GREEN network. If an attacker manages to break into one of your servers, he or she is trapped within the DMZ and cannot gain sensible information from local machines in your GREEN zone. BLUE - is the wireless zone (WLAN). You can attach a hotspot or WiFi access point to an interface assigned to this zone. Wireless networks are often not secure - so the purpose is to trap all wirelessly connected machines into their own zone without access to any other zone except RED (by default).

As a minimum, the Endian will need a RED zone and a GREEN zone, which represent the public and private networks respectively. In step two, you specify if you want to use one of the optional zones, the ORANGE and BLUE networks. In the first diagram below, there a no extra zones available. You have no choice, and you cannot select an ORANGE or BLUE zone. This is because the hardware had only one Network Interface, and that was already allocated to the Red zone.

However, a system with 4 or more interfaces will give you the option for each of the optional ORANGE and BLUE zones. You can choose, none, one or the other, or both:

On the next page (after clicking >>>) you can setup each of the zone interfaces.

Step 3 Network Zone and Interface Setup (Network Preferences)

Zone Interface Setups Warning: This can be a long page, especially if you have all 4 zonesdefined. Be sure to scroll down and complete the setup for each of the zones!

The diagram above shows the setup for the GREEN zone although the same setup will be repeated on the same page for each optional zone you confirmed in the previous page (ORANGE and BLUE). Here you set the IP address, the subnet mask, additional IP addresses, and you select which physical network card is associated with this zone (in the 'Interfaces' section). You can select multiple interfaces for the same zone if you wish (this can provide some load sharing). At the bottom of the page you need to define the hostname, and the domain name of the system. It is handy to make the hostname as an identifiable name for this system.

Step 4 Internet Access Preferences

This step depends on what type of Internet connection you chose earlier. All options are shown in sections 4.1 through to 4.7 here:

4.1 Internet Ethernet Static

If you need to define a static ethernet address for your Internet connection, the setup screen is similar as for the GREEN, ORANGE and BLUE zones. Set the IP address, the subnet mask, additional IP addresses, and you select which physical network card is associated with this zone (in the 'Interfaces' section). You cannot select multiple physical interfaces for the RED zone. You must define a 'Default Gateway' which is an address which must be directly reachable from this Endian interface. You can also define the MTU and a spoofed MAC address for the RED interface. RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever checkbox you select will become the RED interface.

4.2 Internet Ethernet DHCP

This is for when you use a DHCP allocated address on your Internet connection. The setup screen is similar as for the GREEN, ORANGE and BLUE zones. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually. You can also define the MTU and a spoofed MAC address for the RED interface. RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever check-box you select will become the RED interface.

4.3 Internet PPPoE

PPPoE connections are used if you have a direct ADSL connection. Here you need to define your login details, authentication method. You may select additional IP addresses. Note that this option is only needed if your modem uses bridging mode and requires your firewall to use PPPoE to connect to your provider. Don't confuse this option with the ETHERNET STATIC or ETHERNET DHCP options used to connect to ADSL

routers that handle the PPPoE themselves. RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever check-box you select will become the RED interface. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.

4.4 Internet ADSL (USB, PCI)

For the ADSL option, you can connect a USB or PCI ADSL modem to the Endian. In the first substep, select a modem driver:

And then a connection type:

And then all of the ADSL login details:

You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.

4.5 Internet ISDN

If you chose an ISDN interface, the setup is similar to ADSL, however you need to specify ISDN phone numbers here. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.

4.6 Internet ANALOG/UMTS Modem

The UMTS modem option allows you to connect a dial-up modem, wireless dongle or other UMTS wireless adapter to connect to the Internet. In this setup, the wireless adapter will be the default Internet connection although a common approach is to use a wireless connection as the fallback connection in case your main connection fails. A failover connection is setup later, when the Endian has been fully configured. Specify the serial port and modem type.

And then select the baud rate, AP name, and login authentication provided by your wireless provider.

4.7 Internet Gateway

In this case the Endian UTM Appliance has no RED interface. This is unusual since a firewall normally needs to have two interfaces at least - for some scenarios this does make sense though. One example would be if you want to use only a specific service of the firewall. Another, more sophisticated example is an Endian UTM Appliance whose BLUE zone is connected through a VPN to the GREEN interface of a second Endian UTM Appliance. The second firewalls GREEN IP address can then be used as a backup uplink on the first firewall. If you choose this option, you will need to configure a default gateway.

Step 5 Configure DNS Resolver

Now you define how the DNS is resolved. If you specified 'automatic DNS resolution' in the previous step, then this will be fixed as 'automatic' and cannot be set here. Otherwise, you will need to specify to DNS server addresses. Both addresses can be the same, although it is advisable to have separate DNS servers for reliability.

Step 6 Default Admin Email

System events can be emailed to an administrator. This is an optional step. The 'smarthost' is the email server which will deliver the emails.

Step 7 Apply Configuration

This is the final step before your selections are committed to the Endian. You can go back by clicking the <<< button if you would like to make changes. Otherwise, click OK, apply configuration and wait for the settings to be saved.

Step 8 End

Part 4 Endian Network Registration

When you first connect after configuring the system, the Endian asks you if you have an existing EN (Endian Network) login. This prompting screen will continue to be displayed until a successful registration has been completed. However, it is possible to bypass this screen (by clicking the Cancel button) and you can configure the Endian system. The Endian Network registration process is important in order to receive system updates, antispam and anti-virus updates, and support. So it is recommended that the registration process is completed as soon as possible. If this is your first registration, you probably won't have an existing account, so choose 'No'. If you already have other Endian units, it makes sense to collate them into the same account, so choose 'Yes'.

No Existing Account

By choosing 'No' you will be asked to setup an Endian Network account before proceeding. Click on the link, and another browser window will open, asking you to create your account.

Enter your activation code into the field. This will associate your login with this system.

The activation code must be written in exactly as provided, including the dashes and as capitals. After clicking the 'Continue' button, fill out the form specifying all of your account details.

And click 'Create Account' to complete the process. Even though it prompts you to 'click here' to connect to the Endian Network, there is no need to at this stage. Simply close the browser window and return to the Endian device Registration Page.

Use an Existing Account

By choosing 'Yes' you will be taken directly to the Registration Page.

Registration Page
Complete the Registration Page. The username should be the same as your Endian Account login (described in the previous section). The other settings are selfexplanatory!

If the system keeps returning to the same page, it implies there is some problem connecting back to the Endian Network. In that case, here are some tips:

Make sure the Internet connection is working properly. You may need to reconfigure the Endian using the Network Setup Wizard. Make sure your account name and password are exactly as setup previously on the Endian Network. Make sure the activation code entered on the form matches the activation code which was configured on the Endian at install-time. Check if there are any firewalls between the Endian unit and the Internet? Make sure DNS resolution is working.

Failing all of these checks, you should contact your reseller for assistance.

On successful registration, you will be able to see your Endian firewall when you logon with your account onto the Endian Network. From the Endian Network you can manage and update the device.

Also, the web management interface, within the System > Endian Network location you can check out the registration status of the device.

Copyright 2009 Security with Passion. Built & hosted by: Veritech