Endian firewall enterprise 2.2 download

By utilizing this platform, your business can simply and securely access, monitor, and manage all the network-connected devices in your network. If it is ok, i will change my boss' mind to buy the big one for his company. We also know that this process can be part of a large and long-running project. Protect your business network from viruses, malware and other threats using the simplest UTM Unified Threat Management platform in the industry.

The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more. Click on Add tunnel configuration to enter information about the OpenVPN server you want to connect to there can be more than one :. Click the Save button to save the tunnel settings. Select VPN from the menu bar at the top of the screen, then select IPsec from the submenu on the left side of the screen.

Therefore IPsec must be implemented in the IP stack which is part of the kernel. Because of its design some situations are even impossible to handle, whereas they work well with OpenVPN, especially if you have to cope with NAT.

However, Endian Firewall implements an easy to use adminstration interface that supports different authentication methods. We strongly encourage you to use IPSec only if you need to because of interoperability purposes. In the Global settings section you can set the main parameters for your IPsec configuration.

The values you can set are:. In the Connection status and control section you can see a list of accounts and their connection status. By clicking on the icons in the Actions column you can perform various actions as described in the icon legend below the list. You can add a connection by clicking on the Add button. Submit your choice by clicking on the Add button.

On the next page you can specify the details for this connection you will also see this page when editing an existing connection. You can configure the network parameters in the first section of the page:. In the Authentication section you can configure how authentication is handled. If you have chosen to edit the advanced settings of this connection, a new page will open after you hit the Save button. In this page you can set Advanced connection settings.

Unexperienced users should not change the settings here:. Back on the main IPsec page you can generate new certificates and upload existing CA certificates in the Certificate authorities section. To upload a new certificate you have to provide a name in the CA name field. Then click on browse and select the certificate file before clicking the Upload CA certificate button.

You will see a new page where you can enter the required information. If you already created certificates and want to create new certificates you must click on the Reset button. Please note that by doing this not only the certificates but also certificate based connections will be erased.

If you want to generate new root and host certificates some information has to be entered. The fields are described below:. If you already created certificate somewhere else earlier you can upload a PKCS12 file in the lower section of the page instead of generating new certificates. Following is the list of available backups initially empty : you can choose to download them, delete them or restore them by clicking on the appropriate icon in this list. Each backup is annotated with zero or more of the following flags:.

You can provide a GPG public key that will be used to encrypt all backups. Select your public key by clicking on the Browse button and then choosing the key file from your local file system. Make sure Encrypt backup archives is checked.

Confirm and upload the key file by clicking Save. You can upload a previously downloaded backup. Select your backup by clicking on the Browse button and then choosing the backup file from your local file system. Fill in the Remark field in order to name the backup and upload it by clicking Save. It is not possible to import encrypted backups. You must decrypt such backups before uploading them. The backup appears in the backup list above.

You can now choose to restore it by clicking on the restore icon. Clicking the Factory defaults button allows you to reset the configuration of your Endian Firewall to factory defaults and reboot the system immediately after. A backup of the old settings is saved automatically. Select the Scheduled backups tab if you wish to enable and configure automated backups. First, enable and configure automatic backups. You can choose what should be part of the backup: the configuration, database dumps, log files and old log files as seen in the Backup Sets section.

You can also choose how many backups you want to keep and the interval between backups hourly, daily, weekly or monthly. When you're done click the Save button. Next, you can tell the system whether or not you want backups emailed to you. If you wish to receive backups by email you can enable this feature and select the email address of the recipient.

You can then Save the settings. There is also a Send a backup now button that will save the settings and try to send an email with the backup immediately, so you can test the system.

Optionally you can also provide a sender email address this must be done if your domain or hostname are not resolvable by your DNS and the address of a smarthost to be used in case you want all outgoing email go through your companies SMTP server, rather than be sent directly by your Endian Firewall. If the SMTP proxy is disabled it is absolutely necessary to add a smarthost to be able to send emails. Select System from the menu bar at the top of the screen, then select Shutdown from the submenu on the left side of the screen.

In this screen you can shutdown or reboot your Endian Firewall by clicking the Shutdown or the Reboot button respectively. Select System from the menu bar at the top of the screen, then select Credits from the submenu on the left side of the screen. This screen displays the list of people that brought Endian Firewall to you. The uplink is currently disconnecting. Endian Firewall keeps pinging the gateway and announces when it becomes available.

There was a failure while connecting to the uplink. Endian Firewall is trying again. The uplink is connected, but the hosts that were defined in Network , Interfaces to check the connection could not be reached. Essentially this means that the uplink is not operational.

You want to operate an Ethernet adapter and you need to setup network information IP address and netmask manually. This is typically the case when you connect your RED interface to a simple router using an Ethernet crossover cable. Note that this option is only needed if your modem uses bridging mode and requires your firewall to use PPPoE to connect to your provider. This is unusual since a firewall normally needs to have two interfaces at least - for some scenarios this does make sense though.

One example would be if you want to use only a specific service of the firewall. If you choose this option, you will need to configure a default gateway later on. If an attacker manages to break into one of your servers, he or she is trapped within the DMZ and cannot gain sensible information from local machines in your GREEN zone. You can attach a hotspot or WiFi access point to an interface assigned to this zone.

Wireless networks are often not secure - so the purpose is to trap all wirelessly connected machines into their own zone without access to any other zone except RED by default. Specify one IP address such as Pay attention not to use addresses that are already in use in your network. You need to be particularly careful when configuring the interfaces in the GREEN zone to avoid locking yourself out of the web interface!

If you change IP addresses of an Endian Firewall in a production environment, you might need to adjust settings elsewhere, for example the HTTP proxy configuration in web browsers. It is important to use the same mask for all devices on the same subnet. You can add additional IP addresses from different subnets to the interface here. Map the interfaces to zones. Each interface can be mapped to only one zone and each zone must have at least one interface.

However, you might assign more than one interface to a zone. In this case these interfaces are bridged together and act as if they were part of a switch. All shown interfaces are labeled with their PCI identification number, the device description as returned by lspci and their MAC addresses.