Table of Contents

Preface

1. Summary of contents

2. Target audience and prerequisites

3. Products covered in this guide

4. Typographical conventions

5. Contact and support information

5.1. Sales contact

5.2. Support contact

5.3. Training

6. About this document

6.1. Version information

6.2. Feedback

1. Zorp administration

2. Components of Zorp firewall solution

2.1. Zorp

2.2. Zorp Management System (ZMS)

2.3. Transfer and Monitoring Agents

2.4. Zorp Management Console (ZMC)

2.5. Zorp Authentication System (ZAS)

2.6. Zorp Content Vectoring (ZCV)

3. Architectural overview

3.1. Introduction to firewalls

3.1.1. Functions of firewalls

3.1.2. Packet filters

3.1.3. Application proxies

3.1.4. Differences between packet filters and application proxies

3.2. Zorp software components

3.2.1. ZorpOS

3.2.2. Packet filtering in Zorp

3.2.3. Transparency and TPROXY

3.2.4. Virtual Private Networking support

3.2.5. Native Proxies

3.2.6. System logging

3.2.7. High Availability

3.3. Operation modes of Zorp

3.3.1. Packet forwarding

3.3.2. Traffic proxying

3.4. Basic Zorp concepts

3.4.1. Access control

3.4.2. Transparency

3.4.3. Deep protocol analysis

3.4.4. Proxy customization

3.4.5. Modular architecture

4. Installation and getting started

4.1. Overview of the installation process

4.2. Installing ZorpOS

4.2.1. Booting from the Zorp CD-ROM

4.2.2. The Installer menu

4.2.3. End-User License Agreement

4.2.4. Using the installer

4.2.5. Choosing language

4.2.6. Selecting keyboard layout

4.2.7. Optical drive detection

4.2.8. Selecting installer components to load

4.2.9. Network setup

4.2.10. Hard disk detection and partitioning

4.2.11. Selecting the time zone

4.2.12. Setting up user accounts and passwords

4.2.13. Installing the ZorpOS base system

4.3. Configuring the Zorp modules

4.3.1. Installing Zorp modules

4.3.2. Configuring jail updates

4.3.3. Configuring Postfix

4.3.4. Configuring the zorp-utils package

4.3.5. Configuring the Kaspersky virus filtering modules

4.3.6. Configuring the Nod32 virus filtering modules

4.3.7. Configuring ZMS monitoring

4.3.8. Configuring Openswan

4.3.9. Settings of ZMS

4.3.10. Installing the electronic license keys

4.4. Installing packages manually

4.4.1. Installing system components with apt-get install

4.5. Upgrading Zorp

4.5.1. Upgrading with apt tools

4.6. Installing the Zorp Management Console

4.6.1. Installing ZMC on Debian/GNU Linux

4.6.2. Installing ZMC on Microsoft Windows 2000/XP

4.7. Installing the Zorp Authentication Agent (Satyr)

4.7.1. Installing Satyr on Debian/GNU Linux

4.7.2. Installing Satyr on Microsoft Windows 2000/XP

4.8. Manual partitioning

4.8.1. Creating a partition

4.8.2. Modifying partitions

4.8.3. Configuring software RAID

5. ZMS configuration management

5.1. ZMS and ZMC

5.1.1. Define a new host and start up ZMC

5.2. ZMC structure

5.2.1. Configuration tree

5.2.2. Main workspace

5.2.3. Menu & status bars and Preferences

5.3. Configuration and Configuration management

5.3.1. Configuration process

5.3.2. Configuration buttons

5.3.3. Committing related components

5.3.4. Recording and commenting configuration changes

5.3.5. Multiple access and lock management

5.3.6. Status indicator icons

5.3.7. Copy/Paste and Multiple select in ZMC

5.3.8. Links and variables

5.3.9. Disabling rules and objects

5.3.10. Filtering list entries

5.4. Viewing Zorp logs

5.4.1. The command bar of the log viewer

6. Registering new hosts

6.1. Bootstrapping a new host

6.1.1. Bootstrap a new host

6.2. Reconnecting to a host

6.2.1. Reconnect ZMS to a host

7. Networking, routing, and name resolution

7.1. Configuring networking interfaces

7.1.1. General interface configuration

7.1.2. Configuring virtual networks and alias interfaces

7.1.3. Enabling spoof protection

7.1.4. Interface options and activation scripts

7.1.5. Interface status and statistics

7.2. Managing name resolution

7.3. Managing client-side name resolution

7.3.1. Configure name resolution

7.4. The routing editor

7.4.1. Routes

7.4.2. Sorting, filtering, and disabling routes

7.4.3. Managing the routing tables locally

8. Creating Zorp policies

8.1. Understanding Zorp policies

8.2. Creating new services with the Service Wizard

8.2.1. Creating new services with the Service Wizard

8.3. Finding services

8.3.1. Finding services

8.3.2. The Report Generator

8.4. Zones

8.4.1. Managing zones with ZMC

8.4.2. Creating new zones

8.4.3. Zone hierarchies

8.4.4. Finding zones

8.4.5. Umbrella zones

8.5. Zorp instances

8.5.1. Managing Zorp instances

8.5.2. Instance hierarchies

8.6. Zorp services

8.6.1. Creating a service manually

8.6.2. Routing — selecting routers and chainers

8.7. Zorp dispatchers

8.7.1. Creating a dispatcher manually

8.7.2. Advanced dispatcher options

8.7.3. Limiting the connection rate

8.7.4. CSZoneDispatcher

8.7.5. Non-transparent dispatchers

8.8. Proxy classes

8.8.1. Proxies and the traffic

8.8.2. Customizing proxies

8.8.3. Renaming and editing proxy classes

8.8.4. Analyzing embedded traffic

8.9. Policies

8.9.1. Creating and managing policies

8.9.2. NAT policies

8.9.3. Matcher policies

8.9.4. Resolver policies

8.9.5. Stacking providers

8.10. Monitoring active connections

8.11. Traffic reports

8.11.1. Configuring Zorp reporting

9. Logging with syslog-ng

9.1. Introduction to syslog-ng

9.1.1. Global options

9.1.2. Sources

9.1.3. Destinations

9.1.4. Filters

9.2. Configuring syslog-ng with ZMC

9.2.1. Configure syslog-ng

9.2.2. Configuring syslog-ng components via ZMC

10. FreeText plugin

10.1. Using the FreeText plugin

10.1.1. Configure services with the FreeText plugin

10.1.2. Use the additional features of FreeText plugin

11. Native services

11.1. BIND

11.1.1. BIND operation modes

11.1.2. Configuring BIND with ZMC

11.1.3. Setting up split-DNS configuration

11.2. NTP

11.2.1. Configuring NTP with ZMC

11.2.2. Status and statistics

11.3. Postfix

11.3.1. Configuring Postfix with ZMC

11.4. Local services on Zorp

11.4.1. Enabling access to local services

12. Local firewall administration

12.1. Linux

12.2. Login to the firewall

12.3. Editing configuration files

12.4. Network configuration

12.5. System logging

12.6. NTP

12.7. BIND

12.8. Updating and upgrading the system

12.9. Packet filter

12.10. Zorp configuration

12.10.1. Policy.py and instances.conf

12.10.2. Zorp control

13. Key and certificate management in Zorp

13.1. Cryptography basics

13.1.1. Symmetric and asymmetric encryption

13.2. PKI Basics

13.2.1. Centralized PKI system

13.2.2. Digital certificates

13.2.3. Creating and managing certificates

13.2.4. CRLs

13.2.5. Authentication with certificates

13.2.6. Digital encryption in work

13.2.7. Storing certificates and keys

13.3. PKI in ZMS

13.3.1. Committing changes and locking in PKI

13.3.2. The certificate entity

13.3.3. Rules of distribution and owner hosts

13.3.4. Trusted groups

13.3.5. The PKI menu

13.3.6. PKI management

13.3.7. Trusted CAs

13.3.8. Certificates

14. Advanced ZMS and Agent configuration

14.1. Setting configuration parameters

14.1.1. Configuring user authentication and privileges

14.1.2. Configuring backup

14.1.3. Configuring the connection between ZMS and ZMC

14.1.4. Configuring ZMS and agent connections

14.1.5. Configuring ZMS database save

14.1.6. Setting configuration check

14.1.7. Configuring CRL update settings

14.1.8. Configuring logs

14.1.9. Configuring SSL handshake parameters

14.1.10. Configuring monitor database

14.2. Setting agent configuration parameters

14.2.1. Configuring monitoring for agents

14.2.2. Configuring connections for agents

14.2.3. Configuring connection to engine

14.2.4. Configuring logs for agents

14.2.5. Configuring SSL handshake parameters for agents

14.3. Managing connections

14.3.1. Setting up initial connection with management agents

14.3.2. Configuring connection with agents

14.3.3. Administering connections

14.3.4. Configuring recovery connection

14.4. Handling XML databases

15. Clusters and high availability

15.1. Introduction to clustering

15.2. Clustering solutions

15.2.1. Fail-Over clusters

15.2.2. Load balance clusters

15.3. Managing clusters with ZMS

15.3.1. Creating clusters

15.4. Heartbeat

15.4.1. Functionality of Heartbeat

15.4.2. Heartbeat resources

15.4.3. Configuring Heartbeat

15.4.4. Configuring Heartbeat resources

15.5. Clustering in ZMS

15.5.1. Zorp clusters

16. Virus and content filtering using ZCV

16.1. Content vectoring basics

16.1.1. Quarantining

16.2. The concept of the ZCV framework

16.2.1. Content vectoring with ZCV

16.2.2. Supported modules

16.3. Content vectoring with ZCV

16.3.1. Creating module instances

16.3.2. Creating scanpaths

16.3.3. Routers and rule groups

16.3.4. Configuring Zorp proxies to use ZCV

16.3.5. Managing ZCV performance and resource use

16.4. Quarantine management in ZMC

16.4.1. Information stored about quarantined objects

16.4.2. Configuring quarantine cleanup

17. Connection authentication and authorization

17.1. Authentication and authorization basics

17.1.1. Inband authentication

17.1.2. Outband authentication

17.2. The concept of ZAS

17.2.1. Supported backends and authentication methods

17.3. Authenticating connections with ZAS

17.3.1. Configuring ZAS

17.3.2. Authentication of Zorp services with ZAS

17.3.3. Authorization of Zorp services

17.3.4. Configuring the authentication agent

17.4. Logging in ZAS

18. Monitoring hosts and servers

18.1. Monitoring concepts in Zorp

18.1.1. Configuring monitoring in ZMC

18.2. Monitoring with ZMS

18.2.1. The Monitoring tree

18.3. Jobs

18.3.1. Triggers

18.3.2. Calendars

18.3.3. Monitoring clusters

18.4. Nonmanaged hosts

18.4.1. Adding nonmanaged hosts to monitoring

18.5. Displaying the data collected in the monitoring database

18.5.1. Displaying histograms

19. Virtual Private Networks

19.1. Virtual Private Networking basics

19.1.1. Types of VPN

19.1.2. VPN topologies

19.1.3. The IPSec protocol

19.1.4. The OpenVPN protocol

19.2. Using VPN connections

19.2.1. Using VPN connections

19.3. Configuring IPSec connections

19.3.1. Configuring IPSec connections

19.3.2. IPSec options

19.3.3. Forwarding IPSec traffic on Zorp

19.4. Configuring SSL (OpenVPN) connections

19.4.1. Configuring SSL connections

19.4.2. SSL options

Appendix 1. Packet Filtering

1.1. How packet filtering works

1.2. Packet filtering on Linux

1.3. Understanding Netfilter and IPTables

1.3.1. Hooks

1.3.2. Tables

1.3.3. Chains

1.3.4. Rules

1.3.5. Configuration summary

1.4. Managing packet filter rules in ZMC

1.4.1. Configuration management: iptables-utils

1.4.2. Modifying the ruleset

1.4.3. Understanding the packet filter ruleset

1.4.4. The Rule Search window

Appendix 2. Keyboard shortcuts in ZMC

2.1. Function keys

2.2. Shortcuts

2.3. Access keys

Appendix 3. Further readings

3.1. Zorp related material

3.2. General, Linux related material

3.3. Postfix documentation

3.4. BIND Documentation

3.5. NTP references

3.6. SSH resources

3.7. TCP/IP Networking

3.8. Netfilter/IPTables

3.9. General security related resources

3.10. syslog-ng references

3.11. Python references

3.12. Public key infrastructure (PKI)

3.13. Virtual Private Networks (VPN)

Appendix 4. Zorp Application Level Gateway End-User License Agreement

4.1. 1. SUBJECT OF THE LICENSE CONTRACT

4.2. 2. DEFINITIONS

4.3. 3. LICENSE GRANTS AND RESTRICTIONS

4.4. 4. SUBSIDIARIES

4.5. 5. INTELLECTUAL PROPERTY RIGHTS

4.6. 6. TRADE MARKS

4.7. 7. NEGLIGENT INFRINGEMENT

4.8. 8. INTELLECTUAL PROPERTY INDEMNIFICATION

4.9. 9. LICENSE FEE

4.10. 10. WARRANTIES

4.11. 11. DISCLAIMER OF WARRANTIES

4.12. 12. LIMITATION OF LIABILITY

4.13. 13.DURATION AND TERMINATION

4.14. 14. AMENDMENTS

4.15. 15. WAIVER

4.16. 16. SEVERABILITY

4.17. 17. NOTICES

4.18. 18. MISCELLANEOUS

Glossary

Index