Table of Contents

Preface

1. Summary of contents

2. Target audience and prerequisites

3. Products covered in this guide

4. Typographical conventions

5. Contact and support information

5.1. Sales contact

5.2. Support contact

5.3. Training

6. About this document

6.1. Version information

6.2. Feedback

1. Zorp administration

2. Components of Zorp firewall solution

2.1. Zorp

2.2. Zorp Management System (ZMS)

2.3. Transfer and Monitoring Agents

2.4. Zorp Management Console (ZMC)

2.5. Zorp Authentication System (ZAS)

2.6. Zorp Content Vectoring (ZCV)

3. Architectural overview

3.1. Introduction to firewalls

3.1.1. Functions of firewalls

3.1.2. Packet filters

3.1.3. Application proxies

3.1.4. Differences between packet filters and application proxies

3.2. Zorp software components

3.2.1. ZorpOS

3.2.2. Packet filter in Zorp

3.2.3. Transparency and TPROXY patch

3.2.4. Virtual Private Networking support

3.2.5. Native Proxies

3.2.6. System logging

3.2.7. High Availability

3.3. Operation modes of Zorp

3.3.1. Packet forwarding

3.3.2. Traffic proxying

3.4. Basic Zorp concepts

3.4.1. Access control

3.4.2. Transparency

3.4.3. Deep protocol analysis

3.4.4. Proxy customization

3.4.5. Modular architecture

4. Installation and getting started

4.1. Overview of the installation process

4.2. Installation of ZorpOS and the Zorp modules

4.2.1. Booting from the Zorp CD-ROM

4.2.2. The Installer menu

4.2.3. End-User License Agreement

4.2.4. Using the installer

4.2.5. Choosing country or region

4.2.6. Selecting keyboard layout

4.2.7. Optical drive detection

4.2.8. Selecting installer components to load

4.2.9. Network setup

4.2.10. Hard disk detection and partitioning

4.2.11. Selecting the time zone

4.2.12. Setting up user accounts and passwords

4.2.13. Installing the ZorpOS base system

4.2.14. Installing Zorp modules

4.3. Configuring the installed modules

4.3.1. Configuring jail updates

4.3.2. Configuring Postfix

4.3.3. Configuring Openswan

4.3.4. Configuring RAID devices

4.3.5. Configuring the zorp-utils package

4.3.6. Settings of ZMS

4.4. Installing packages manually

4.4.1. Installing system components with apt-get install

4.5. Upgrading Zorp

4.5.1. Upgrading with apt tools

4.6. Installing the Zorp Management Console

4.6.1. Installing ZMC on Debian/GNU Linux

4.6.2. Installing ZMC on Microsoft Windows 2000/XP

4.7. Installing the Zorp Authentication Agent (Satyr)

4.7.1. Installing Satyr on Debian/GNU Linux

4.7.2. Installing Satyr on Microsoft Windows 2000/XP

5. ZMS configuration management

5.1. ZMS and ZMC

5.2. ZMC structure

5.2.1. Configuration tree

5.2.2. Main workspace

5.2.3. Menu & status bars and Preferences

5.3. Configuration and Configuration management

5.3.1. Configuration process

5.3.2. Configuration buttons

5.3.3. Committing related components

5.3.4. Multiple access and lock management

5.3.5. Status indicator icons

5.3.6. Copy/Paste and Multiple select in ZMC

5.3.7. Links and variables

5.3.8. Disabling rules and objects

5.3.9. Filtering list entries

5.4. Viewing Zorp logs

5.4.1. The command bar of the log viewer

6. Registering new hosts

6.1. Bootstrapping a new host

6.2. Reconnecting to a host

7. Working with the Networking component

7.1. Interfaces tab

7.1.1. General interface configuration

7.1.2. Special interface configuration

7.1.3. Spoof protection

7.1.4. Interface activation scripts

7.1.5. Interface status and statistics

7.2. Naming tab

7.3. Resolver tab

7.4. The routing editor

7.4.1. Routes

7.4.2. Sorting, filtering, and disabling routes

7.4.3. Managing the routing tables locally

8. Creating Zorp policies

8.1. Zorp instances

8.1.1. Creating and configuring instances

8.2. Zones

8.2.1. Managing zones with ZMC

8.2.2. Zone hierarchies

8.2.3. Finding zones

8.2.4. Umbrella zones

8.3. Zorp services

8.3.1. Service parameters

8.3.2. Services and instances

8.3.3. Services and zones

8.4. Zorp Listeners

8.4.1. Setting up a listener

8.4.2. Listeners and packet filters

8.5. Proxy classes

8.5.1. Proxies and the traffic

8.5.2. Customizing proxies

8.5.3. Renaming and editing proxy classes

8.5.4. Stacking proxies

8.5.5. Customized proxies and the services

8.6. Policies

8.6.1. Creating and managing policies

8.6.2. NAT policies

8.6.3. Matcher policies

8.6.4. Resolver policies

8.6.5. Stacking providers

8.7. Service Wizard

8.8. Report generator

8.9. Monitoring active connections

9. Packet Filtering

9.1. Packet filtering function

9.2. Packet filter on Linux

9.3. NetFilter/IPTables

9.3.1. Hooks

9.3.2. Tables

9.3.3. Chains

9.3.4. Rules

9.3.5. Configuration summary

9.4. ZMS and Packet filter

9.4.1. Configuration management: iptables-utils

9.4.2. Modifying the ruleset

9.4.3. Skeleton concept

9.4.4. The Rule Search window

10. Logging with syslog-ng

10.1. Introduction to syslog-ng

10.1.1. Global options

10.1.2. Sources

10.1.3. Destinations

10.1.4. Filters

10.2. Configuring syslog-ng with ZMC

10.2.1. Configuring syslog-ng components via ZMC

11. FreeText plugin

11.1. Using the FreeText plugin

12. Native services

12.1. BIND

12.1.1. BIND operation modes

12.1.2. Configuring BIND with ZMC

12.1.3. Setting up split-DNS configuration

12.2. NTP

12.2.1. Configuring NTP with ZMC

12.2.2. Status and statistics

12.3. Postfix

12.3.1. Configuring Postfix with ZMC

13. Local firewall administration

13.1. Linux

13.2. Login to the firewall

13.3. Editing configuration files

13.4. Network configuration

13.5. System logging

13.6. NTP

13.7. BIND

13.8. Updating and upgrading the system

13.9. Packet filter

13.10. Zorp configuration

13.10.1. Policy.py and instances.conf

13.10.2. Zorp control

14. Key and certificate management in Zorp

14.1. Cryptography basics

14.1.1. Symmetric and asymmetric encryption

14.2. PKI Basics

14.2.1. Centralized PKI system

14.2.2. Digital certificates

14.2.3. Creating and managing certificates

14.2.4. CRLs

14.2.5. Authentication with certificates

14.2.6. Digital encryption in work

14.2.7. Storing certificates and keys

14.3. PKI in ZMS

14.3.1. Committing changes and locking in PKI

14.3.2. The certificate entity

14.3.3. Rules of distribution and owner hosts

14.3.4. Trusted groups

14.3.5. The PKI menu

14.3.6. PKI management

14.3.7. Trusted CAs

14.3.8. Certificates

15. Advanced ZMS and Agent configuration

15.1. Setting configuration parameters

15.1.1. Configuring authentication

15.1.2. Configuring backup

15.1.3. Configuring the connection between ZMS and ZMC

15.1.4. Configuring ZMS and agent connections

15.1.5. Configuring ZMS database save

15.1.6. Setting configuration check

15.1.7. Configuring CRL update settings

15.1.8. Configuring logs

15.1.9. Configuring SSL handshake parameters

15.1.10. Configuring monitor database

15.2. Setting agent configuration parameters

15.2.1. Configuring monitoring for agents

15.2.2. Configuring connections for agents

15.2.3. Configuring connection to engine

15.2.4. Configuring logs for agents

15.2.5. Configuring SSL handshake parameters for agents

15.3. Managing connections

15.3.1. Setting up initial connection with management agents

15.3.2. Configuring connection with agents

15.3.3. Administering connections

15.3.4. Configuring recovery connection

15.4. Handling XML databases

16. Clusters and high availability

16.1. Introduction to clustering

16.2. Clustering solutions

16.2.1. Fail-Over clusters

16.2.2. Load balance clusters

16.3. Managing clusters with ZMS

16.3.1. Creating clusters

16.4. Heartbeat

16.4.1. Functionality of Heartbeat

16.4.2. Heartbeat resources

16.4.3. Configuring Heartbeat

16.4.4. Configuring Heartbeat resources

16.5. Clustering in ZMS

16.5.1. Zorp clusters

17. Virus and content filtering using ZCV

17.1. Content vectoring basics

17.1.1. Quarantining

17.2. The concept of the ZCV framework

17.2.1. Supported modules

17.3. Content vectoring with ZCV

17.3.1. Creating module instances

17.3.2. Creating scanpaths

17.3.3. Routers and rule groups

17.3.4. Configuring Zorp proxies to use ZCV

17.3.5. Managing ZCV performance and resource use

17.4. Quarantine management in ZMC

17.4.1. Information stored about quarantined objects

17.4.2. Configuring quarantine cleanup

18. Connection authentication and authorization

18.1. Authentication and authorization basics

18.1.1. Inband authentication

18.1.2. Outband authentication

18.2. The concept of ZAS

18.2.1. Supported backends and authentication methods

18.3. Authenticating connections with ZAS

18.3.1. Configuring ZAS

18.3.2. Authentication of Zorp services with ZAS

18.3.3. Authorization of Zorp services

18.3.4. Configuring the authentication agent

18.4. Logging in ZAS

19. Monitoring hosts and servers

19.1. Monitoring concepts in Zorp

19.1.1. Configuring monitoring in ZMC

19.2. Monitoring with ZMS

19.2.1. The Monitoring tree

19.3. Jobs

19.3.1. Triggers

19.3.2. Calendars

19.3.3. Monitoring clusters

19.4. Nonmanaged hosts

19.5. Displaying the data collected in the monitoring database

20. Virtual Private Networks

20.1. Virtual Private Networking basics

20.1.1. Types of VPN

20.1.2. VPN topologies

20.1.3. The IPSec protocol

20.1.4. The OpenVPN protocol

20.2. Using VPN connections

20.3. Configuring IPSec connections

20.3.1. IPSec options

20.4. Configuring SSL (OpenVPN) connections

20.4.1. SSL options

1. Keyboard shortcuts in ZMC

1.1. Function keys

1.2. Shortcuts

1.3. Access keys

2. Further readings

2.1. Zorp related material

2.2. General, Linux related material

2.3. Postfix documentation

2.4. BIND Documentation

2.5. NTP references

2.6. SSH resources

2.7. TCP/IP Networking

2.8. Netfilter/IPTables

2.9. General security related resources

2.10. syslog-ng references

2.11. Python references

2.12. Public key infrastructure (PKI)

2.13. Virtual Private Networks (VPN)

3. Zorp Application Level Gateway End-User License Agreement

3.1. 1. SUBJECT OF THE LICENSE CONTRACT

3.2. 2. DEFINITIONS

3.3. 3. LICENSE GRANTS AND RESTRICTIONS

3.4. 4. SUBSIDIARIES

3.5. 5. INTELLECTUAL PROPERTY RIGHTS

3.6. 6. TRADE MARKS

3.7. 7. NEGLIGENT INFRINGEMENT

3.8. 8. INTELLECTUAL PROPERTY INDEMNIFICATION

3.9. 9. LICENSE FEE

3.10. 10. WARRANTIES

3.11. 11. DISCLAIMER OF WARRANTIES

3.12. 12. LIMITATION OF LIABILITY

3.13. 13.DURATION AND TERMINATION

3.14. 14. AMENDMENTS

3.15. 15. WAIVER

3.16. 16. SEVERABILITY

3.17. 17. NOTICES

3.18. 18. MISCELLANEOUS

Glossary

Index