SnapGear 2.0.1 User Manual

Page 7

Advertising
background image

Introduction

3

This approach offers an increased measure of protection against internal threats as well
as conventional Internet security concerns. You can update, configure and monitor the
firewall and VPN connectivity of a workstation or server from any web browser. In the
event of a breach, you have complete control over individual PCs' access policies
independent of the host PC's operating system, even if the system has been subverted
and is denying normal administrator access.

All network filtering and what can be CPU intensive cryptographic processing is handled
entirely by the CyberGuard SG appliance. This has the advantage over the traditional
approach of a host-based personal software firewall and VPN services of not taxing the
host PC's resources.

Bridged mode

By default, the CyberGuard SG PCI appliance operates in bridged mode. This is
distinctly different from the NAT/masquerading behavior of the CyberGuard SG gateway
appliance range.

In bridged mode, the CyberGuard SG appliance uses two IP addresses. Note that these
addresses are both in the same range as the LAN, as no NAT/masquerading is being
performed (see the chapter entitled Firewall for more information).

One IP address is used to manage the CyberGuard SG appliance via the Web
Management Console web administration pages.

The other is the host PC's IP address, configurable through the host operating system
identical to a regular NIC. This is the IP address that other PCs on the LAN see. It
should be dynamically (DHCP) or statically configured to use the same gateway, DNS,
etc. settings as a regular PC on the LAN.

It is possible to configure the CyberGuard SG PCI appliance to run in NAT mode. This is
discussed in the chapter entitled Network Connections.

Secure by default

By default, all CyberGuard SG appliances run a fully secured stateful firewall. This
means from the PC that it is plugged into, most network resources are freely accessible.
However, any services that the PC provides, such as file shares or web services (e.g. IIS)
will not be visible to the general office LAN without further configuration of the
CyberGuard SG appliance. For details on how services on the host PC can be made
available to the general office LAN, see the section Allowing individual ports in bridged
mode at the end of the chapter entitled Firewall.

Advertising
Popular Brands
Popular manuals