Endian Firewall 2.

3 rc1 - Manual Book

Endian Firewall 2.3 rc1

~ Manual Book ~

Endian Firewall

Endian Firewall 2.3 rc1 - Manual Book

E-book Firewall

Green, Red, Blue, Orange ?

Lan set IP Address

Firewall, Proxy, Load Balance
... ????
ThaiAdmin


ThaiAdmin
...

topic Endian Firewall

Topic
Endian Firewall

Firewall
...
E-Book



Thaiadmin
PM DM
Link

(
.. ^o^ )
... E-book

!! E-book
...

Endian Firewall 2.3 rc1 - Manual Book

Somhpong Ph.
Soi62@ThaiAdmin
13 Oct 2009

.
....
ref : http :// www . thaiadmin . org / board / index . php ? topic =112996.0

Endian Firewall 2.3 rc1 - Manual Book

Quality of Service Devices

Part 1 :
Endian Firewall (EFW) Overview
Endian Firewall Community ? (Neoboyd@Thaiadmin)
EFW? ?
EFW(Neoboyd@Thaiadmin)
Hardware (Neoboyd@Thaiadmin)
(Soi62@Thaiadmin)
Part 2 :
Network (Neoboyd@Thaiadmin)
(Green & Red)
(Neoboyd@Thaiadmin)
Network EFW
Green, Red, Blue Orange(DMZ) (Neoboyd@Thaiadmin
Red ThaiAdmin ?

Part 3 :
config Firewall
config system access
config outgoing
Part 4 :
4.1 Proxy (Neoboyd@Thaiadmin)
4.2 Contentfilter block
, (tototyt)

Part 5 :
config Logging Log
Log
Part 6 :
Config VPN server
Open VPN Client to Site (tototyt@thaiadmin)
Open Vpn Site to Site (tototyt@thaiadmin)
IPSEC

Part 7 : Network
7.1 Interfaces : ( Link )

Endian Firewall 2.3 rc1 - Manual Book

7.2 Routing
:

7.3 Edit Hosts : Hosts

Part 8 : Service
8.1 DHCP : IP Address
8.2 Traffic Monitoring :

Ntop
8.3 Quality of Service Devices (QOS) :

Part 9 :
FAQ

Part 10 :
Appendix ()
Credits ()

Endian Firewall 2.3 rc1 - Manual Book

Part 1 :
Endian Firewall (EFW) Overview

First Sceen (Dashboard)

Endian Firewall 2.3 rc1 - Manual Book

Dashboard
Quality of Service and Bandwidth Management

Endian Firewall 2.3 rc1 - Manual Book

Intrusion Prevention System

Group-based content filtering & enhanced Web Security

Enhanced Network Address Translation (NAT)

Other....
- Traffic-based Hotspot tickets and automatic user generation
- Event handling and notification
- SNMP support
- Revamped Mail Security

Endian Firewall 2.3 rc1 - Manual Book

- Sophos Anti-Virus (optional)
- Commtouch RPD (optional)

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall Community ?

Endian Firewall Community


Unified Threat Management (UTM)*

...

1.
2.
3.
4.
5.

Stateful packet inspection firewall**

Application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with Antivirus support
Virus and spamfiltering for email traffic (POP and SMTP)
Content filtering of Web traffic
VPN solution (based on OpenVPN)

Endian Firewall software Open

source Endian S.r.l.
* Network firewall + E-mail spam filtering + Anti-virus capability + IDS or IPS = UTM
** Stateful packet inspection firewall

EFW? ?
1. Firewall
EFW OpenSource
2. Linux
config Web Browser***
3.
3D

4. consult,
config


5. community ThaiAdmin

" 5
^o^ "
Web Browser : Internet
Explorer, FireFox, Safari, Chrome, etc...
***

Download EFW

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall version 2.3 rc1

...
Endian Firewall Community 2.3 Release Candidate
123 MB. download
ISO ISO
CD CD
speed
4x ~ 12X

Hardware
Endian Firewall Community Edition

1. Zone
network

2.
Linux operating system Linux.com article for
more details.
CentOS 4.6 operating system.
CentOS

driver version linux

chipset Realtek Intel

intel Nvidia
Raid
hardware

Computer
Endian Firewall

Network
25 Vpn 5 connection
...
Recommend Spec :
Pentium 3.1 GHz.

Endian Firewall 2.3 rc1 - Manual Book

512 MB. RAM
8 GB. Hard Disk Drive
1 x 100 Mb. Network Cards (Green & Red )
24 hrs. x 365 days

50
vpn 10 connections :
Performance Spec :
Pentium4 2.8 GHz. up
1~4 GB. RAM up
20~80 GB. Hard Disk Drive (Caching, Logging)*
4 x 100 Mb. Network Cards (Green, Red, Blue, Orange

)
24 hrs. x 365 days

*Caching :
ISP Client EFW
ISP
*Logging : Log EFW .
90 ...

Endian Firewall 2.3 rc1 - Manual Book

1. CD
CD-Rom Drive

Boot
CD-Rom Drive ....

2. Enter
Enter
..

Endian Firewall 2.3 rc1 - Manual Book

3.
Enter

Endian Firewall 2.3 rc1 - Manual Book

4. EFW
HDD Endian
Yes Enter

Endian Firewall 2.3 rc1 - Manual Book

5. console
Serial Yes
Green ....
No Enter .....

Endian Firewall 2.3 rc1 - Manual Book

6. 5-10

Endian Firewall 2.3 rc1 - Manual Book

7. IP Address
Green

().... Enter
...

Endian Firewall 2.3 rc1 - Manual Book

8. IP Address Eject CD
...
EFW

9. EFW Enter Reboot

...

Endian Firewall 2.3 rc1 - Manual Book

10. Shutdown 10

11.
CD .... ?

Endian Firewall 2.3 rc1 - Manual Book

12. config

Endian Firewall 2.3 rc1 - Manual Book

13.
Green IP ....
0-Shell : linux

1-Restore Factory : config

EFW
Clear

2-Reboot : EFW

Endian Firewall 2.3 rc1 - Manual Book

14. EFW Shell username=root ;

password=endian ...

exit Enter ...

....

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall
Config http://
ip 7
IP Green

1. >>> config

2. English(English)
Asia/Bangkok

3. Accept License

Endian Firewall 2.3 rc1 - Manual Book

4. Restore Backup
Endian Firewall Restore

NO >>>

Restore Yes
>>> Browse Config
Backup
5.
Remote SSH
6

Endian Firewall 2.3 rc1 - Manual Book

>>>

6. Red Interface
Internet

1. Ethernet Static IP
IP

2. Ethernet Dhcp IP
IP DHCP Server

IP

3. PPPOE internet Adsl

4.
5.
6.
7.

username password IP ISP IP

Fix Dynamic
Adsl USB PCI adsl interface usb pci
3
driver
ISDN
digital

Analog/UMTS Modem
UMTS*

Gateway Endian
Internet Nat
router

Endian Firewall 2.3 rc1 - Manual Book

*UMTS "Universal Mobile Telecommunication System"
3G GSM, GPRS EDGE
W-CDMA

-
UMTS
2 Mbit/sec -
EDGE 4

7. Network Zone
Zone
Blue Orange ...
1. Orange Zone DMZ
Server Map Public IP
ISP
2. Blue Zone Wifi Zone

* Blue & Orange

None >>>

Endian Firewall 2.3 rc1 - Manual Book

8. Internet
8.1 Red interface Ethernet Static
1. IP address ip
Internet Leased Line Adsl
Fixed IP Ip 1 IP
address Subnet Mask
2. Add additional Addresses(One IP/Netmask or IP/CIDR perline): IP

Leased Line IP 8
1 Network Class, 1
Router, 1
Broadcasting 1
Endian Firewall IP 4

Map Orange Zone Server

172.16.1.10/255.255.255.0 172.16.1.10/24
3. Interface
4. Default Gateway Internet

Endian Firewall 2.3 rc1 - Manual Book

8.2 Red interface Ethernet DHCP

1. Interface Internet DHCP

2. MTU packet

Endian Firewall 2.3 rc1 - Manual Book

3. Spoof Mac address with Mac address

4. Dns 2 Dns server

ISP Manul Dns server

5. >>>

8.3 Red interface PPPOE

Endian Firewall 2.3 rc1 - Manual Book

1. Interface Internet
2. Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Adsl Corporate Premium IP
1 ip
Concept username password
authen IP
Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Online Adsl IP
Dynamic
3. Username
4. Password
5. Authentication PAP or Chap
6. MTU packet

7. Dns 2 Dns server

ISP Manul Dns server

8. Service ISP
9. Concentractor Name
10. >>>

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

8.4 Adsl (USB,PCI) Adsl Modem

USB PCI
1. Modem
>>>

2. ISP
PPPOE
>>>

Endian Firewall 2.3 rc1 - Manual Book

3. VPI / VCI

3.1 VPI (
ISP )
3.2 VCI (
ISP )
3.3 Encapsulation LLC

3.4 MTU packet

3.5 Add additional Addresses(One IP/Netmask or IP/CIDR perline):

Adsl Corporate Premium IP
1 ip Concept
username password authen
IP Add additional
Addresses(One IP/Netmask or IP/CIDR perline): Online
Adsl IP Dynamic

3.6 Username
3.7 Password
3.8 Authentication PAP or Chap

Endian Firewall 2.3 rc1 - Manual Book

3.9 Dns 2 Dns server
ISP Manul Dns server
>>>
VPI / VCI ISP

ISP

VPI

VCI

Cslox

35

Samart

35

TOT

32

True

100

TT&T

33

CATTELECOM

33

Buddy BB

35

Endian Firewall 2.3 rc1 - Manual Book

8.5 ISDN

1. Modem ISDN
2.
Internet

Endian Firewall 2.3 rc1 - Manual Book

Usename
Password
Authen PAP or CHAP

7. Add additional Addresses(One IP/Netmask or IP/CIDR perline):

ISDN Corporate Premium IP
1 ip
Concept username password
authen IP
Add additional Addresses(One IP/Netmask or IP/CIDR perline):
Online ISDN IP
Dynamic
8. MTU packet

9. Dns 2 Dns server ISP

Manul Dns server
>>>

3.
4.
5.
6.

Endian Firewall 2.3 rc1 - Manual Book

8.6 Analog /UMTS Modem

1. Port
/dev/ttyS0/
2. Modem
>>>

Endian Firewall 2.3 rc1 - Manual Book

3.
4. Access Point

5. Username
6. Password
7. Authen PAP or CHAP

8. Add additional Addresses(One IP/Netmask or IP/CIDR perline):

Personal Use
IP
ISP Dynamic
9. MTU packet

10. Dns 2 Dns server ISP
Manul Dns server
>>>

Endian Firewall 2.3 rc1 - Manual Book

8.7 Gateway
IP Internet
>>>

Endian Firewall 2.3 rc1 - Manual Book

9. DNS Server 2 (
DNS
) >>>

Endian Firewall 2.3 rc1 - Manual Book

DNS Server
HiNet by CAT :
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
HiNet by TTT
DNS : 202.129.27.135 / 61.19.245.246 / 61.19.254.134
TTT ( 3BB )
DNS : 202.69.137.137 / 202.69.137.138
TOT
DNS : 203.113.127.199 / 203.113.24.199
True
DNS: 203.144.207.29 / 203.144.207.49
10.
...
1. Email
2. Email Endian
3. smtp server
>>>

Endian Firewall 2.3 rc1 - Manual Book

11. OK, Apply Configuration

12.

Endian Firewall 2.3 rc1 - Manual Book

13. Browser
http:// IP Green Zone

14. login default Webconfig User Admin

password 5

Endian Firewall 2.3 rc1 - Manual Book

15. Dash Board

Endian Firewall 2.3 rc1 - Manual Book

~ ~

Endian Firewall 2.3 rc1 - Manual Book

Part 2 : Network
Network EFW

Zone Linux Firewall

Zone 4 Zone
1. RED :
(untrusted network Internet)
2. GREEN : (trusted
network Intranet(Lan))
3. ORANGE :
Server (DMZ Server Zone)
4. BLUE :
( Wireless )

Zone

Endian Firewall 2.3 rc1 - Manual Book

1 : Endian Server Firewall

Nat Proxy Management log

2 : Endian Server
Zone DMZ 2

Endian Firewall 2.3 rc1 - Manual Book

3 : Endian
Zone 4 Zone Endian Firewall

Endian Firewall 2.3 rc1 - Manual Book

4 : Endian Firewall
Gateway
log internet
Traffic Mornitor
internet

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Manual
1Wan(RED) + 1 Lan(Green) Leased Line Adsl
Config
Requirement Adsl
2 Config Adsl

Endian Config Red
Main Uplink Internet
Internet

1. Login Dashboard
Interface
UP
Online Config

CPU MEMORY HDD version
log build
Uplinks
Connect

Endian Firewall 2.3 rc1 - Manual Book

2.
internet

log Authentication


IP 2 Fix
Dynamic IP Set Fix
DHCP
IP
Endian DHCP

Service -> DHCP-SERVER DHCP

Client IP
Endian Firewall Start Address IP
DHCP End address IP IP
Primary Dns Secondary Dns
NTP IP Time-server

Endian Firewall 2.3 rc1 - Manual Book

Enable Click Save
IP
policy
Version IP
Dhcp server IP Network
Version
IP Fixed
Lease
Ex.: Notebook
set tcp/ip Optain auto IP
Dhcp Endian Function
Allow only fixed lease IP
Current Fixed lease Notebook
IP Endian
manual tcp/ip properties windows
Add fixed lease notebook
Mac address
ipconfig /all
Add a Fixed Lease IP
save
IP
Add a Fixed Lease
Dynamic IP DHCPserver Endian IP
user
IP Config Dhcp
IP
set

Endian Firewall 2.3 rc1 - Manual Book

Static DHCP
Add a fied lease
Fixed lease 3

1. Computer Name

2. Mac Address

3. IP Mac address
IP
IP

1. Setup Tcp/Ip

2. Mac address 1 IP 1

Endian Firewall 2.3 rc1 - Manual Book

3. IP Set manual
Dhcp Fix Lease

4. Version Function Allow only Fixed lease

Current fixed lease
*** Cap ***
*** update DNS
Windows Server Client Dynamic
Dhcp Window server Dns server
Window ip client
ip Faq 2***
3. Default Internet
Client IP Gateway Internet

internet Proxy
Client
internet Firewall
Firewall Firewall

internet
Endian Firewall

Iptable routing port firewall
Port Forwarding/Nat Outgoing
Firewall
Source? --> Destination? Service? Policy? Actions





*** update concpet forward server client
***
Firewall -> Port Forwarding/Nat

Internet Port Forwarding/Nat

Server
online Endian Firewall
*** update concpet internet ***

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Part 3 : Config Endian Firewall

Firewall -> Outgoing Traffic

Internet
Config Disable
port 80 443 user

user proxy

Config Endian Firewall

***
***

Endian Firewall 2.3 rc1 - Manual Book

Part 4 : Proxy
4.1 Proxy

(Neoboyd@Thaiadmin)

Proxy download
internet Proxy server
1 Endian
Proxy

1. Client
Endian

2. Proxy Client
Browser Concept Browser
IP Port Proxy-Server
3. Endian Firewall version 2.3 rc1
Automatic Configuration Script
proxy.pac Script
proxy
address proxy.pac
http://Ip endain/proxy.pac
Domain Group Policy

set proxy client
Admin support

1.
2.
3.
4.
5.
6.
7.

*** Set Proxy Group Policy Domain Windows Server ****

User Configuration
Windows Settings
Internet Explorer Maintenance
Connection
Proxy Setting double click
Enable proxy settings ip endian http port
Use the same proxy server for all addresse

*** Set Proxy Group Policy Windows server Disable

Proxy IE ***
1. Start Run gpedit.msc
2. User Configuration > Administrative Templets > Windows components > Internet
Explorer
3. Disable Changinging proxy settings
4. Enabled
*** Msn proxy ***

Endian Firewall 2.3 rc1 - Manual Book

1. proxy msn
2. username password user
3.
Proxy Enable proxy

5. Proxy
Green Orange Blue

1. Not Transparent Zone

Authentication

2. Transparent internet
Authentication

Proxy Setting

1. Port Used by Proxy Port Proxy

server

Endian Firewall 2.3 rc1 - Manual Book

2. Error Langauge Error

3. Visible Hostname Proxy-server

4. Email Used For notification

5. minimum download size
download
6. Maximum upload Size
upload
7. Allowed port port proxy
SSL
8. Log Settings log

log user agent

9. By pass tranparent proxy config
Authentication

10. Cache Size on harddisk proxy

harddisk
cache

Harddisk user cache

11. Cache Size within Memory Cache

Ram

12. Maximum Object Size

proxy

cache
cache

version
KB
13. Minimum Object size
proxy
internet
jpg swf html
1024Kb. 1 Mb.
version
KB
14. Clear Cache
Clear cache
index squid

15. Enable Offline mode offline

cache
internet

Endian Firewall 2.3 rc1 - Manual Book

16. Do not cache this destinations url

cache

17. Upstream Proxy Proxy proxy

speed cache

ip:port username password Click
Save

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

6. Antivirus

7. Authentication

Local username password
Endian Windows Authentication Ldap
Window Domain Radius
Server Endian Username
Password Radius Server
Authentication Local

Endian Firewall 2.3 rc1 - Manual Book

1. Authentication Realm
2.
3.

4.
5.
6.
7.
8.

login
proxy
Number of Child Authentication children login

Number of different ips per user IP

user
IP user login comupter

user login
1
Authentication cache TTL user login

User/IP Cache TTL user IP

4
Min Password Lenght

user
Manage User
user
Manage Group User

Endian Firewall 2.3 rc1 - Manual Book

USER Click Add NCSA user

Endian Firewall 2.3 rc1 - Manual Book

user password
create user

Endian Firewall 2.3 rc1 - Manual Book

Create User 2 Admin User

Authentication

Endian Firewall 2.3 rc1 - Manual Book

authentication click Manage Group

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Group admin add user admin

Group Admin Create Group
add User Group

Endian Firewall 2.3 rc1 - Manual Book

add User Group Group

Apply

Endian Firewall 2.3 rc1 - Manual Book

User Group

Endian Firewall 2.3 rc1 - Manual Book

Group Policy Internet

1. Proxy -> Access Policy Policy

2. Add Access Policy

Endian Firewall 2.3 rc1 - Manual Book

3. Policy
1. Source Type Policy
Any Authentication
Internet
2. Destination Any
Authenticaiton user
internet
3. Authentication

Allowed Users
4. Time Restriction

5. Active Days 4 Active

Days policy
6. Start Hours, Start Minutes, Stop Hours Stop Minutes 4
policy
7. User Agents Browser
click Browser
8. Access Policy Allow
Authentication

Endian Firewall 2.3 rc1 - Manual Book

9. Filter Profile Endian Filter

Virus

10. Position Policy

11. Enable Policy Rule policy
Update Policy

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Apply Policy
apply

Policy
Reboot
login

Endian Firewall 2.3 rc1 - Manual Book

user Set
internet login browser username password

4.2 Contentfilter block

, (tototyt@thaiadmin)
*
Endian Firewall Community release 2.3.0 (c) 2004-2009

(
)
1. Profile Create a Profile
Profile ( content1 )
1.1 Profile Name :

Endian Firewall 2.3 rc1 - Manual Book

1.2 Activate antivirus scan * activate
antivirus scan

1.3 Platform for Internet Content Selection

1.4 Max. score for phrases (50-300) *
1.5 3

- Filters pages containing phrases of the following categories. (Content

Filtering)

(Content Filtering)

- Filter pages known to have content of the following categories.

( URL Blacklist )

Endian Firewall 2.3 rc1 - Manual Book

Filter
( URL Blacklist )

- Custom black- and whitelists

Custom

1.6
Create profile Update profile

Endian Firewall 2.3 rc1 - Manual Book

1.7 Contenfilter Profile
Prolicy Tab Access Policy

Add access policy
Filter profile
Profile

: Policy

Endian Firewall 2.3 rc1 - Manual Book

**** Update ****

Endian Firewall 2.3 rc1 - Manual Book

Part 5 :

config Logging
Log

Live log Proxy

log
*** update ***
*** update ***

Backup Configuration Restore Configuration

*** update ***

Endian Firewall 2.3 rc1 - Manual Book

FAQ
Q: EFW "GRUB
Loading Stage 2 ......" EFW ?
A: EFW

console
Serial port port
...
Serial port BIOS EFW

Q: DNS server Window Server Client

Dynamic IP Endian firewall Dns server
Window ip client
A: Windows Server Dns Server
Domain Allow Dynamic update Non-secure and Secure
Dns
update Aging Scavenge

Q:
A:

Q:
A:

Q:
A:

Endian Firewall 2.3 rc1 - Manual Book

Part 6 Config Open VPN

6.1 Open VPN Client to Site
OpenVPN Host-to-Net ( Client to Site ) Endian Firewall
Community 2.3 RC1

( : tototyt ,
:Noktualek )
2/07/2008 ( 27/10/2009)
efw 2.3 RC1

Endian Firewall Community

OpenVPN
net-to-net host-to-net
host-to-net

VPN host-to-net 1
(LAN)

Internet LAN

(Internet)
LAN

LAN
VPN

Endian Firewall 2.3 rc1 - Manual Book

1 VPN host-to-net client to site

VPN
1. Public IP Fix IP Site A
2. Fix IP Dynamic DSN
3. IP IP
VPN Subnet

192.168.1.0/24
remote 192.168.121 .0/24

192.168.1.1/24 Endian Firewall
Remote ADSL Router 192.168.1.1/24
IP Address VPN

Server
1. Endian Firewall Community Web Browser
(https://server_ip_address:10443)

Endian Firewall 2.3 rc1 - Manual Book

2. vpn Openvpn
Server Tab Server configuration

3. Dynamic IP pool start address Dynamic IP pool end address

IP Address (LAN)
( Roadwarrior )

checkbox OpenVPN Server enabled

IP
VPN DHCP
IP 192.168.1.151-219

4. Save and restart 2

5. Accounts
Add account

Endian Firewall 2.3 rc1 - Manual Book

6. Username Password checkbox Direct all client

traffic through the VPN server
Save
* connect Fix IP
IP Static ip addresses

7. Restart OpenVPN server 5

8. Advanceed
6 Save and restart

Endian Firewall 2.3 rc1 - Manual Book

6 Advanced
9. Download CA Certificate XXX.cer
Client 7 (
IE 8
xxx.cer (xxx
) Firefox Google Chrome
xxx.pem

Service VPN Server

Status Services STOPED

RUNNING

Endian Firewall 2.3 rc1 - Manual Book

Client
1. OpenVPN GUI for Windows
http://openvpn.se/ Download
Stable Installation Package
openvpn-2.0.9-gui1.0.3-install.exe

2.
OpenVPN client
Default Options

C:\Program Files\OpenVPN
3. Icon
Taskbar

4. client.ovpn C:\Program
Files\OpenVPN\sample-config C:\Program
Files\OpenVPN\config

5. VPN Icon 9
Edit Config
C:\Program Files\OpenVPN\config\client.ovpn
6.
( config
copy config

client
dev tap
proto udp

Endian Firewall 2.3 rc1 - Manual Book

remote site-001a.dyndns.org xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist- key
persist- tun
ca cacert.pem ( 9)
auth-user-pass
comp- lzo
remote
Domian site-001a.dyndns.org
IP Address OpenVPN Server IP
Public IP IP
port 1194
ca path (
CA )
7. disable cert client.crt key client.key client.ovpn
";" (
6
)
8. CA (xxxx.cer) OpenVPN Server
( 9 Server)
config C:\Program Files\OpenVPN\config

1. Connect Icon OpenVPN Client

user password 10

Endian Firewall 2.3 rc1 - Manual Book

10
2. Connect OpenVPN Icon Taskbar
11

11
3. IP Address Server
IP pool 12

Endian Firewall 2.3 rc1 - Manual Book

12
4. OpenVPN Server
user
13 kill

Endian Firewall 2.3 rc1 - Manual Book

13
user

CA
Server
(
)
1. Server IP Client
IP

IP Dynamic IP pool start
address Restart

Endian Firewall 2.3 rc1 - Manual Book

Connect

IP

Endian Firewall 2.3 rc1 - Manual Book

2. Connect
Firewall VPN traffic Enable VPN
Firewall

Endian Firewall 2.3 rc1 - Manual Book

rule

Open VPN
1. Webconfig Endian
Forward Router

Endian Firewall 2.3 rc1 - Manual Book

2. Ping Private IP Address VPN Client IP Address

3. Remote Admin File Sharing Printer Sharing

Endian Firewall 2.3 rc1 - Manual Book

VPN Client to Site ADSL

1.
ADSL client endian server
2. Database
Map drive Express
VPN Client
Site

Terminal Remote Desktop
3. Open VPN Client(Open VPN 2.0.9)
Windows 7
4. Internet VPN Client

gateway Endian Server

Upload Endian Server (
)
5. 4 LAN Policy Firewall
VPN Policy

6.
IP Address
7. Sharing folder
Protocal UDP TCP 6
client 6
8. IP
Class A 10.0.0.0/24 Endian 2.2 IP
Client VPN
192.168.0.0/24
Bug

Endian Firewall 2.3 rc1 - Manual Book

* Rule

6.2 Open VPN Site to Site Net-to-Net Endian Firewall

25/11/2006 (
: )

Endian Firewall 2.3

OpenVPN Net-to-Net Endian Firewall

2.3
VPN net-to-net
Site-to-Site Intranet VPN

2 Site A Site B
Site

Site

Site

IP Private IP Site

VPN OpenVPN
Open Source
OpenVPN Endian Firewll

1 VPN host-to-hots

Endian Firewall 2.3 rc1 - Manual Book

Site
A Site B

Server Site A
*
Host-to-Net Client To Site

1. Endian Firewall 2 Site

2. Endian
3.

4.

Firewall Community
Web Browser (https://server_ip_address:10443)
vpn
Openvpn Server
Tab Server configuration
Dynamic IP pool start address Dynamic
IP pool end address IP Address
(LAN)
( Roadwarrior )

checkbox OpenVPN Server enabled

2

Endian Firewall 2.3 rc1 - Manual Book

2 Server configuration
5.
Save and restart
2
6.
Accounts
3 Add account

Endian Firewall 2.3 rc1 - Manual Book

3 Accounts
7.
Username Password
checkbox Direct all client traffic through the VPN server

4 Save

4 Add new user

Endian Firewall 2.3 rc1 - Manual Book

8.
Restart OpenVPN server
5

5
9.
Advanceed
6
Save and restart

Endian Firewall 2.3 rc1 - Manual Book

6 Advanced
10. Download CA Certificate
XXX.cer
Server Site B

7 Download CA Certification
Status Services

STOPED

RUNNING 7.1

Endian Firewall 2.3 rc1 - Manual Book

7.1 Open VPN Server Status

Server Site B
1.
Site B
OpenVPN client (Gw2Gw)
Add tunnel configuration

8 OpenVPN client (Gw2Gw)

2.

Add VPN tunnel 9

- Connection Name :

- Connection to : Public IP VPN Server

Site A
- Upload ca file : CA
VPN Server Site A
- Username : username VPN Server
Site A

Endian Firewall 2.3 rc1 - Manual Book

- Password : password VPN Sever

Site A
- Remark :

9 Add VPN tunnel

3.
Advanced tunnel configuration

10
Connection configuration
Fallback VPN servers :


Prot
(1194)

Endian Firewall 2.3 rc1 - Manual Book

Connection type: Routed

Bridge to : GREEN

Block DHCP responses coming from

tunnel:
NAT : *
Ping

Protocol: UDP

HTTP proxy configuration

*
Proxy
HTTP proxy :
Proxy username :
Proxy password :
Forge proxy user-agent :

Endian Firewall 2.3 rc1 - Manual Book

10 Advanced tunnel configuration

4.

() CA
11

Endian Firewall 2.3 rc1 - Manual Book

11 Advanced tunnel configuration

5.

Siate A
Connection status and
control 12
IP Address
Global
settings VPN Server Site B
Status Site B established
13

Client
VPN Server

Endian Firewall 2.3 rc1 - Manual Book

Site A

12 Connection status and control Site A

Site B

13 Status Site B

* Site A
Site B

Endian Firewall 2.3 rc1 - Manual Book

1. Connect ( Status established ) Ping

- Advanced tunnel configuration NAT

- Filewall / VPN firewall configuration Rule

(Disable)
- Ping Site B Site A Ping Site A Site B

established
2. Connect ( Status established ) Ping

- ......

Endian Firewall 2.3 rc1 - Manual Book

Part 7 : Network
7.1 Interfaces : ( Link )
7.1.1 Uplinks manage

*
Intranet

Loadbalance
Lan Card Drivers Lan Card
Route Endian Firewall

1. Interfaces TAB Uplink editor

Create an uplink 7.1.1-1

7.1.1- 1
2.

Endian Firewall 2.3 rc1 - Manual Book

3.
Create Uplink

7.1.2 VLAN manager ..

7.2 Routing

( Policy Routing )

Routing
7.2.1
1. Tab Static
7.2.1-1

Static Routing Editor )

Routing / Add a new route

Endian Firewall 2.3 rc1 - Manual Book

7.2.1- 1
2.

3. Add
Route

7.2.2 (

Policy Routing Editor )

1. 7.2.1
()

7.2.2-1

7.2.2- 1

Endian Firewall 2.3 rc1 - Manual Book

2.
Update Rule
*
Multi WAN , Internet Load Balance
( Route )

7.3 Edit Hosts : Hosts

Hosts
Client
Report Log
Ntop IP
Hosts

IP

Endian Firewall 2.3 rc1 - Manual Book

Part 8 : Serveice
8.1 DHCP : IP Address ( Dynamic Host
Configuration Protocol )
DHCP
IP Address

8.2 Traffic Monitoring :

Ntop
NTOP ....
8.2.1. NTOP ( Enable Traffic Monitoring )
Service / Traffic Monitoring Enable Traffic
Monitoring NTOP

The Traffic Analyzer module is active: access to

the administration interface

8.2.2 NTOP ( Access to the NTOP By : administration interface )

administration
interface 8.2.2-1

Endian Firewall 2.3 rc1 - Manual Book

8.2.2- 1

8.3 Quality of Service Devices (QOS) :

8.3.1 :
Devices

: Quality of Service

Endian Firewall 2.3 rc1 - Manual Book

8.3.2 :
Classes

8.3.3 :
Rules

: Quality of Service

Quality of Service

Endian Firewall 2.3 rc1 - Manual Book

Endian Firewall 2.3 rc1 - Manual Book

Part 9 : QQ

Tip
1. Restart

- password password
"endain" ( " ")
- password root
# passwd control password
- password admin config web
# htpasswd /var/efw/auth/users admin
- update
" configure
Tools -> Options -> Advance -> Encryption -> View Certificates
Servers ip address endian firewall
Servers
Authorities efw-xxxxxx
"
NinNin
http://www.thaiadmin.org/board/index.php?topic=121955.0
Noktualek

Endian Firewall 2.3 rc1 - Manual Book

Part : 10

Referrence

http://www.easyzonecorp.net/network/view.php?ID=241
http://www.itwizard.info/technology/linux/efw/ovpn_host_to_net/efw_ovpn
_host_to_net.html
http://samba-beginner.blogspot.com/2009/01/setup-openvpn-endianfirewall.html
http://samba-beginner.blogspot.com/2009/02/openvpn-endianfirewall.html