Table of Contents

Preface

1. Summary of contents

2. Target audience and prerequisites

3. Products covered in this guide

4. Typographical conventions

5. Contact and support information

5.1. Sales contact

5.2. Support contact

5.3. Training

6. About this document

6.1. Summary of changes

6.2. Feedback

1. Zorp administration

2. Components of Zorp firewall solution

2.1. Zorp

2.2. Zorp Management System (ZMS)

2.3. Transfer and Monitoring Agents

2.4. Zorp Management Console (ZMC)

2.5. Zorp Authentication System (ZAS)

2.6. Zorp Content Vectoring (ZCV)

3. Architectural overview

3.1. Introduction to firewalls

3.1.1. Functions of firewalls

3.1.2. Packet filters

3.1.3. Application proxies

3.1.4. Differences between packet filters and application proxies

3.2. Zorp software components

3.2.1. ZorpOS

3.2.2. Packet filtering in Zorp

3.2.3. Transparency and TPROXY

3.2.4. Virtual Private Networking support

3.2.5. Native Proxies

3.2.6. System logging

3.2.7. High Availability

3.3. Operation modes of Zorp

3.3.1. Packet forwarding

3.3.2. Traffic proxying

3.4. Basic Zorp concepts

3.4.1. Access control

3.4.2. Transparency

3.4.3. Deep protocol analysis

3.4.4. Proxy customization

3.4.5. Modular architecture

4. ZMS configuration management

4.1. ZMS and ZMC

4.1.1. Define a new host and start up ZMC

4.2. ZMC structure

4.2.1. Configuration tree

4.2.2. Main workspace

4.2.3. Menu & status bars and Preferences

4.3. Configuration and Configuration management

4.3.1. Configuration process

4.3.2. Configuration buttons

4.3.3. Committing related components

4.3.4. Recording and commenting configuration changes

4.3.5. Multiple access and lock management

4.3.6. Status indicator icons

4.3.7. Copy/Paste and Multiple select in ZMC

4.3.8. Links and variables

4.3.9. Disabling rules and objects

4.3.10. Filtering list entries

4.4. Viewing Zorp logs

4.4.1. The command bar of the log viewer

5. Registering new hosts

5.1. Bootstrapping a new host

5.1.1. Bootstrap a new host

5.2. Reconnecting to a host

5.2.1. Reconnect ZMS to a host

6. Networking, routing, and name resolution

6.1. Configuring networking interfaces

6.1.1. General interface configuration

6.1.2. Configuring virtual networks and alias interfaces

6.1.3. Configuring bond interfaces

6.1.4. Configuring bridge interfaces

6.1.5. Enabling spoof protection

6.1.6. Interface options and activation scripts

6.1.7. Interface status and statistics

6.2. Managing name resolution

6.3. Managing client-side name resolution

6.3.1. Configure name resolution

6.4. The routing editor

6.4.1. Routes

6.4.2. Sorting, filtering, and disabling routes

6.4.3. Managing the routing tables locally

7. Creating Zorp policies

7.1. Understanding Zorp policies

7.2. Creating new services with the Service Wizard

7.2.1. Creating new services with the Service Wizard

7.3. Finding services

7.3.1. Finding services

7.3.2. The Report Generator

7.4. Zones

7.4.1. Managing zones with ZMC

7.4.2. Creating new zones

7.4.3. Zone hierarchies

7.4.4. Finding zones

7.4.5. Umbrella zones

7.5. Zorp instances

7.5.1. Managing Zorp instances

7.5.2. Instance hierarchies

7.6. Zorp services

7.6.1. Creating a service manually

7.6.2. Routing — selecting routers and chainers

7.7. Zorp dispatchers

7.7.1. Creating a dispatcher manually

7.7.2. Advanced dispatcher options

7.7.3. Limiting the connection rate

7.7.4. CSZoneDispatcher

7.7.5. Non-transparent dispatchers

7.8. Proxy classes

7.8.1. Proxies and the traffic

7.8.2. Customizing proxies

7.8.3. Renaming and editing proxy classes

7.8.4. Analyzing embedded traffic

7.9. Policies

7.9.1. Creating and managing policies

7.9.2. NAT policies

7.9.3. Matcher policies

7.9.4. Resolver policies

7.9.5. Stacking providers

7.10. Monitoring active connections

7.11. Traffic reports

7.11.1. Configuring Zorp reporting

8. Logging with syslog-ng

8.1. Introduction to syslog-ng

8.1.1. Global options

8.1.2. Sources

8.1.3. Destinations

8.1.4. Filters

8.2. Configuring syslog-ng with ZMC

8.2.1. Configure syslog-ng

8.2.2. Configuring syslog-ng components via ZMC

9. FreeText plugin

9.1. Using the FreeText plugin

9.1.1. Configure services with the FreeText plugin

9.1.2. Use the additional features of FreeText plugin

10. Native services

10.1. BIND

10.1.1. BIND operation modes

10.1.2. Configuring BIND with ZMC

10.1.3. Setting up split-DNS configuration

10.2. NTP

10.2.1. Configuring NTP with ZMC

10.2.2. Status and statistics

10.3. Postfix

10.3.1. Configuring Postfix with ZMC

10.4. Local services on Zorp

10.4.1. Enabling access to local services

11. Local firewall administration

11.1. Linux

11.2. Login to the firewall

11.3. Editing configuration files

11.4. Network configuration

11.5. System logging

11.6. NTP

11.7. BIND

11.8. Updating and upgrading the system

11.9. Packet filter

11.10. Zorp configuration

11.10.1. Policy.py and instances.conf

11.10.2. Zorp control

12. Key and certificate management in Zorp

12.1. Cryptography basics

12.1.1. Symmetric and asymmetric encryption

12.2. PKI Basics

12.2.1. Centralized PKI system

12.2.2. Digital certificates

12.2.3. Creating and managing certificates

12.2.4. CRLs

12.2.5. Authentication with certificates

12.2.6. Digital encryption in work

12.2.7. Storing certificates and keys

12.3. PKI in ZMS

12.3.1. Committing changes and locking in PKI

12.3.2. The certificate entity

12.3.3. Rules of distribution and owner hosts

12.3.4. Trusted groups

12.3.5. The PKI menu

12.3.6. PKI management

12.3.7. Trusted CAs

12.3.8. Certificates

13. Clusters and high availability

13.1. Introduction to clustering

13.2. Clustering solutions

13.2.1. Fail-Over clusters

13.2.2. Load balance clusters

13.3. Managing clusters with ZMS

13.3.1. Creating clusters

13.4. Heartbeat

13.4.1. Functionality of Heartbeat

13.4.2. Heartbeat resources

13.4.3. Configuring Heartbeat

13.4.4. Configuring Heartbeat resources

13.5. Clustering in ZMS

13.5.1. Zorp clusters

14. Advanced ZMS and Agent configuration

14.1. Setting configuration parameters

14.1.1. Configuring user authentication and privileges

14.1.2. Configuring backup

14.1.3. Configuring the connection between ZMS and ZMC

14.1.4. Configuring ZMS and agent connections

14.1.5. Configuring ZMS database save

14.1.6. Setting configuration check

14.1.7. Configuring CRL update settings

14.1.8. Configuring logs

14.1.9. Configuring SSL handshake parameters

14.1.10. Configuring monitor database

14.2. Setting agent configuration parameters

14.2.1. Configuring monitoring for agents

14.2.2. Configuring connections for agents

14.2.3. Configuring connection to engine

14.2.4. Configuring logs for agents

14.2.5. Configuring SSL handshake parameters for agents

14.3. Managing connections

14.3.1. Setting up initial connection with management agents

14.3.2. Configuring connection with agents

14.3.3. Administering connections

14.3.4. Configuring recovery connection

14.4. Handling XML databases

15. Virus and content filtering using ZCV

15.1. Content vectoring basics

15.1.1. Quarantining

15.2. The concept of the ZCV framework

15.2.1. Content vectoring with ZCV

15.2.2. Supported modules

15.3. Content vectoring with ZCV

15.3.1. Creating module instances

15.3.2. Creating scanpaths

15.3.3. Routers and rule groups

15.3.4. Configuring Zorp proxies to use ZCV

15.3.5. Managing ZCV performance and resource use

15.4. Quarantine management in ZMC

15.4.1. Information stored about quarantined objects

15.4.2. Configuring quarantine cleanup

16. Connection authentication and authorization

16.1. Authentication and authorization basics

16.1.1. Inband authentication

16.1.2. Outband authentication

16.2. The concept of ZAS

16.2.1. Supported backends and authentication methods

16.3. Authenticating connections with ZAS

16.3.1. Configuring ZAS

16.3.2. Authentication of Zorp services with ZAS

16.3.3. Authorization of Zorp services

16.3.4. Configuring the authentication agent

16.4. Logging in ZAS

17. Monitoring hosts and servers

17.1. Monitoring concepts in Zorp

17.1.1. Configuring monitoring in ZMC

17.2. Monitoring with ZMS

17.2.1. The Monitoring tree

17.3. Jobs

17.3.1. Triggers

17.3.2. Calendars

17.3.3. Monitoring clusters

17.4. Nonmanaged hosts

17.4.1. Adding nonmanaged hosts to monitoring

17.5. Displaying the data collected in the monitoring database

17.5.1. Displaying histograms

18. Virtual Private Networks

18.1. Virtual Private Networking basics

18.1.1. Types of VPN

18.1.2. VPN topologies

18.1.3. The IPSec protocol

18.1.4. The OpenVPN protocol

18.2. Using VPN connections

18.2.1. Using VPN connections

18.3. Configuring IPSec connections

18.3.1. Configuring IPSec connections

18.3.2. IPSec options

18.3.3. Forwarding IPSec traffic on Zorp

18.4. Configuring SSL (OpenVPN) connections

18.4.1. Configuring SSL connections

18.4.2. SSL options

Appendix 1. Packet Filtering

1.1. How packet filtering works

1.2. Packet filtering on Linux

1.3. Understanding Netfilter and IPTables

1.3.1. Hooks

1.3.2. Tables

1.3.3. Chains

1.3.4. Rules

1.3.5. Configuration summary

1.4. Managing packet filter rules in ZMC

1.4.1. Configuration management: iptables-utils

1.4.2. Modifying the ruleset

1.4.3. Understanding the packet filter ruleset

1.4.4. The Rule Search window

Appendix 2. Keyboard shortcuts in ZMC

2.1. Function keys

2.2. Shortcuts

2.3. Access keys

Appendix 3. Further readings

3.1. Zorp related material

3.2. General, Linux related material

3.3. Postfix documentation

3.4. BIND Documentation

3.5. NTP references

3.6. SSH resources

3.7. TCP/IP Networking

3.8. Netfilter/IPTables

3.9. General security related resources

3.10. syslog-ng references

3.11. Python references

3.12. Public key infrastructure (PKI)

3.13. Virtual Private Networks (VPN)

Appendix 4. Zorp Application Level Gateway End-User License Agreement

4.1. 1. SUBJECT OF THE LICENSE CONTRACT

4.2. 2. DEFINITIONS

4.3. 3. LICENSE GRANTS AND RESTRICTIONS

4.4. 4. SUBSIDIARIES

4.5. 5. INTELLECTUAL PROPERTY RIGHTS

4.6. 6. TRADE MARKS

4.7. 7. NEGLIGENT INFRINGEMENT

4.8. 8. INTELLECTUAL PROPERTY INDEMNIFICATION

4.9. 9. LICENSE FEE

4.10. 10. WARRANTIES

4.11. 11. DISCLAIMER OF WARRANTIES

4.12. 12. LIMITATION OF LIABILITY

4.13. 13.DURATION AND TERMINATION

4.14. 14. AMENDMENTS

4.15. 15. WAIVER

4.16. 16. SEVERABILITY

4.17. 17. NOTICES

4.18. 18. MISCELLANEOUS

Appendix 5. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License

Glossary

Index