Integrated Secure Gateway 2
Integrated Secure Gateway 2.1
Integrated Secure Gateway 2.1Table of ContentsISG Required Ports, Protocols, and Services.6ISG Security Best Practices. 8About Integrated Secure Gateway. 10About Licensing ISG Applications. 10About Network Interfaces for Applications and Appliances. 10About Application Serial Numbers and License IDs.11First Steps. 11Manage Applications.13Manage Images.15Manage Licenses.16Upgrade Instructions. 17Platform and Performance Reference.18Troubleshooting.19Command Line Overview. 20Command Usage Conventions. 20Typographical Conventions.20Command Prompts. 20Edit Previously Entered Commands. 21Standard Mode Commands.21enable. 21exit. 22show. 22Enable Mode Commands. 23applications.23authentication. 24clock.24configure. 25diagnostics.25diagnostic-systems. 25disable. 26display-level. 26event-log. 27exit. 28halt. 28health-monitoring. 28health-monitoring metric.282
Integrated Secure Gateway 2.1health-monitoring view. 30history. 31images. 32installed-systems. 32ip. 33licensing.34login-banner.35logout. 35ntp. 36password-policy. 36pcap. 36ping. 37proxy-settings. 38restart.38restore-defaults.38send. 38show. 39shutdown. 40smtp. 41snmp. 41ssh-console.41ssl. 43ssl create.44ssl delete. 45ssl edit. 45ssl inline. 46ssl view.47traceroute.48upload. 49Configure Mode Commands. 49acl. 50appliance-name. 50applications.51applications attach-console.51applications create. 51applications delete. 52applications edit. 52applications start. 53applications stop. 53applications view. 533
Integrated Secure Gateway 2.1authentication. 54clock.54diagnostic-systems. 55dns. 56event-log. 56exit. 57halt. 57health-monitoring. 58health-monitoring metric.58health-monitoring view. 60images. 61images delete.61images load.61images view. 62installed-systems. 62interface. 63ipv6. 64licensing.64login-banner.65ntp. 66password-policy. 67pcap. 69proxy-settings. 69restart.70restore-defaults.70show. 71shutdown. 72smtp. 72snmp. 73snmp agent. 73snmp community. 74snmp notify.74snmp system. 75snmp target. 75snmp usm local.76snmp usm remote. 77snmp vacm group access.77snmp vacm group member.77ssh-console.78ssl. 794
Integrated Secure Gateway 2.1ssl create.80ssl delete. 81ssl edit. 82ssl inline. 83ssl view.84timezone. 85upload. 86ISG CLI Error Message Reference. 86Documentation Legal Notice. 885
Integrated Secure Gateway 2.1ISG Required Ports, Protocols, and ServicesDepending on your ISG appliance configuration, you must open certain ports and protocols on your firewalls for theappliance to function as intended, to use enabled features, or to allow connectivity to various components and datacenters. This document topic basic configurations and some commonly used options.Inbound ConnectionsComponentDefault oSSH ClientSSH management ofthe applianceSNMP161UDPNoSNMP clientSNMP monitoringOutbound ConnectionsComponentDefault UDPNoDNS serverPort used by yourDNS serverHTTP443TCPNoDepends on theserviceProvides accessto various HTTPSservices. See full listin the URLs/IPs forSymantec Service.NTP123UDPYesNTP serverPeriodic time updatefrom default orconfigured NTPserversRADIUS1812 1813TCPYesRADIUS serverRADIUSauthenticationSMTPN/ATCPYesSMTP serverEmail notificationsSNMP162UDPNoTrap receiverSend SNMP trapsSyslog514UDPNoSyslog serverSyslog uploads toremote serverSyslog6514TCPNoSyslog serverSyslog uploads toremote server6
Integrated Secure Gateway 2.1URLs/IPs for Symantec ServicesServiceURLProtocolPortFunctionSymantec CertificateAuthorityabrca.bluecoat.comHTTP80A Blue Coat/Symantecservice that respondsto CSR requests byreturning a signedcertificate in response.This is used whenrenewing or initiallyrequesting a certificate.Symantec eat/postHTTPS443ISG emits a heartbeatto the Blue Coat/Symantec heartbeatserver on the followingoccasions: appliancebootup, daily, and after asystem failure. Using theinformation contained inthe heartbeat messages,Symantec is able toprovide better, fastersupport to its users.Symantec NetworkProtection (Blue 443URLs used by theappliance to managethe appliance license(applicable to licenseswithout birth certificates).Symantec NetworkProtection (Blue URL for managing thevirtual appliance license,and to perform softwareimage update checksfor all versions of ISG(applicable to licenseswith birth certificates).Symantec Supportupload.bluecoat.comHTTPS443A web form for submittingfiles to com(ISG can also acceptconfiguration of otherNTP servers)UDP123Synchronize theappliance clock with averified time referenceserver.Trust Package Updatesappliance.bluecoat.comHTTP80Download trust packages(CA certificate updatepackages) fromSymantec.7
Integrated Secure Gateway 2.1ISG Security Best PracticesYour ISG appliance hosts your network security applications, so it is important that you manage it in a secure fashion.The items listed here represent best-effort security considerations. Consult the security requirements of your organizationwhen deploying ISG in your environment.Physical Location and Networking Secure the physical location where ISG is deployed.Make sure that access is limited to a few top-level administrators. Wherever possible, monitor their access. Configure management access to the appliance. Secure the setup console via serial connection to the appliance. The serial console password must be at leasteight characters in length and contain at least three character types (upper-case letters, lower-case letters, numericcharacters, and special characters).Secure any serial console servers attached to ISG.If the ISG appliance is connected to a serial console server, be aware of who can remotely connect to the server andthe CLI, and treat those types of remote management tools with the same or greater care as you do for other methodsof connecting to the appliance.Avoid deploying ISG with a direct connection to the Internet.Wherever possible, ISG should be behind a firewall, proxy, and or other security appliance to protect it from Internetbased attacks.Configure the management interfaces on the appliance in unique, non-congruent subnets.Configuring the interfaces in this way reduces the vectors available to an attacker.Ensure that your network infrastructure is prepared for the connections to and from your ISG appliance.See ISG Required Ports, Protocols, and Services for a list of URLs and ports used by ISG.Use the ssl-context CLI command to configure device connection security.An SSL context is a collection of ciphers, protocol versions, trusted certificates, and other TLS options. The ssl-contextCLI command enables you to configure a global SSL context that applies to all devices, or to assign a context on aper-device basis.Use only high-strength security ciphers and protocols.Regardless of the default values, Symantec encourages ISG administrators to be aware of the security landscape, andonly use ciphers and protocols that are known to be highly secure.Do not rely on the self-signed certificate.Replace the built-in self-signed certificate with one signed by a public Certificate Authority (CA) or your organization’sprivate CAB, before deploying your ISG appliance. This certificate should be generated with a 2048 bit or higher RSAkey, and should use the SHA2 hashing algorithm.Administering and Monitoring the Appliance Strengthen default password policy.Change the default password policy to make it stronger. Consider the following best practices: Require that passwords have a minimum of eight characters. Do not allow easily guessed passwords, such as 12345678, or common words. Require that all passwords contain characters from at least three character classes: letters (upper and lower case),numbers, and special or meta characters. (Do not use colons.) Maintain security patches.8
Integrated Secure Gateway 2.1 Most attacks exploit known vulnerabilities. Make sure your ISG appliance is updated with the latest available softwareversion.Ensure that the primary administrator account (admin) details are known only to a select few administrators.Set the primary admin password to use twelve or more characters, and include a mix of case and special characters.Save the details in a secure location.Set a unique enable password, different from the password of the built-in admin account.Set the enable password to use twelve or more characters, and include a mix of case and special characters. Save thedetails in a secure location.Make sure that every ISG administrator has their own account.Do not share admin accounts.Wherever possible, use LDAPS (Secure LDAP) authentication or AD. LDAPS and AD are more secure than localauthentication or standard LDAP or RADIUS authentication.Set the ISG Audit Log to remote output syslog.ISG sends all audit records to the syslog. Enable remote syslog so that you can detect an abnormal behavior asquickly as possible.Enable all email and other alerts.Direct emails and other alerts to addresses and services that can be viewed by multiple administrators.Review system logs regularly.Administrators must frequently examine the system regularly. Specifically, review System logs for errors, anomalies, orunexpected events, and review the Audit logs for unauthorized access attempts or suspicious activities.Set max failed attempts for authentication.Set a limit for the number of failed access attempts on any external authentication service you are using.Use SNMPv3 for system activity reporting.Earlier versions of SNMP do not support authentication or security features.9
Integrated Secure Gateway 2.1About Integrated Secure GatewayThe Integrated Secure Gateway (ISG) is the software on the Symantec Security Platform (SSP) appliance used todeploy applications.Use the ISG command line interface (CLI) to perform the following tasks: Connect the SSP appliance to your networkConnect to the ISG serial consoleCreate and run one or more applicationsLicense applicationsThe SSP is not a licensed product and only the applications it runs require licenses. For information on licensing, seeAbout Licensing ISG Applications.Limitations in Integrated Secure GatewayCurrently, ProxySG applications running on ISG do not support SG Redundancy Protocol (SGRP).About Licensing ISG ApplicationsLicensing for applications on SSP is managed by ISG (the host) rather than the application itself.Licenses for applications are managed solely via the ISG command line interface (CLI). License management from withinthe application (such as the ProxySG CLI) is disabled.IMPORTANTIf you make changes to the license, you must restart the application for the changes to take effect.There are two sub-types of licenses: Enterprise: A single
bto-services.es.bluecoat.com HTTPS 443 URL for managing the virtual appliance license, and to perform software image update checks for all versions of ISG (applicable to licenses with birth certificates). Symantec Support upload.bluecoat.com HTTPS 443 A web form for submitting files to Symantec Support. NTP ntp.bluecoat.com, ntp2.bluecoat.com
SAP NW Gateway Server SAP UI 5 Fiori UI Add-ons SAP ERP Fiori Integration Add-ons SAP NW Gateway IW_BEP 1) Central Hub Deployment of SAP NetWeaver Gateway 2) Embedded Deployment of SAP NetWeaver Gateway NetWeaver Gateway deployment options SAP NW Gateway Server SAP UI 5 Fiori UI Add-ons SAP ERP Fiori Integration Add-ons SAP NW Gateway IW_BEPFile Size: 493KB
Softswitch Operations [2/3] n Inter-Softswitch Communications Local Switch STP Trunking Gateway Signaling (SS7) Gateway Media Gateway Controller STP Trunking Gateway STP Media Gateway Controller Signaling (SS7) Gateway STP STP Domain A Domain B Local Switch Routing Directory 3 1 5 2 ISUP IAM 4
Eight Things to Know About a Secure Web Gateway 5 Steps to Ensure Strong Advanced Threat Protection White Paper - Three Reasons Secure Web Gateway is Vital for your Security Stance Secure Web Gateway Appliances Data Sheet FAQ - SWG Hardware and Licensing Gartner 2019 MQ for SWG KC 2020 Compass for Network Detection .
3. Kaspersky IoT Secure Gateway receives MQTT-topics and transmits them to subscribers in the external network. Data acquisition and visualization servers normally act as the subscribers. Standard deployment of Kaspersky IoT Secure Gateway The Kaspersky IoT Secure Gateway system can be installed only to the built-in computer Advantech UTX .
The Red Lion Gateway Module (Graco part no. 18C235) used in each Gateway Assembly is the core communication component of all five Gateway Assembly models covered in this manual. The Red Lion Gateway Module includes Modbus TCP, Modbus RTU Serial, and many other protocols. Gateway Terminology. The following terminology is used throughout this
EIGRP – enhanced interior gateway routing protocol, distance vector, Cisco proprietary Exterior gateway protocols EGP – exterior gateway protocol, replaced by BGP BGP – border gateway protocol, path vector **072 So let's talk about interior . gateway versus exterior gateway; just for a second. Interior: For me and mine; and I
Call Flow Scenarios for Successful Calls This section describes call flows for the following scenarios, which illustrate successful calls: SIP Gateway-to-SIP Gateway—Call Setup and Disconnect, page 7-3 SIP Gateway-to-SIP Gateway—Call via SIP Redirect Server, page 7-6 SIP Gateway-to-SIP Gateway—Call via SIP Proxy Server, page 7-9
This manual explains the installation of the Active Integration Gateway (AIG) software in version 19.1. The term AIG stands for the entire Active Integration Gateway product family including: T4S Teamcenter Gateway for SAP Business Suite T4O Teamcenter Gateway for Oracle EBS T4EA Teamcenter Gateway for Enterprise Applications
