Getting Started

Note

Tough this edition of the manual is not maintained anymore, some information has been updated (e.g., web sites). Please refer to newer versions of this manual (online at http://docs.endian.com/), if you do not find here what you were looking for.

The documentation for the software and products developed by Endian has been completely rewritten for the 2.5 release, using the previous 2.4 release documentation as its starting point. The main differences with the 2.4 release are summarised as follows.

• All the various section have been expanded, adding whenever possible useful information and configuration suggestions.
• The layout has been improved, using markup to highlight the points that are either important or that require care.
• While maintaining the structure of the previous documentation (i.e., one section for every menu item of the main navigation bar), an extended introduction (i.e., this section and the previous one) has been added.
• Description of topics they may help the reader to understand some of the configuration options or some relevant subject have been introduced within the text.
• Links to additional online resources are provided at the end of every section or within the text.
• A quicksheet that should help locate some of the most used configuration options has been added in the Appendix.

About this Reference Manual

This Manual has been written for the 2.5 release, with the New Mini ARM as guide, but it is intended for all types of the Endian UTM Appliances. Since the functionalities and abilities may differ between the various Endian UTM Appliances, the description of some of the displayed data or configuration options may slightly vary for some appliance or not being present at all. However, special care has been taken to highlight within the text whether a feature is not included in some type of appliance. This guide is intended both as an online, contextual help as well as an user manual, providing also quick introductory descriptions to some of the concepts that lay behind the various functionalities provided by the Endian UTM Appliance.

Note

The online HTML reference manual.

The online reference manual is currently a common reference for both the Endian UTM Appliances and the Endian 4i Edge appliances, though in the future it is planned that they be separated. To provide a means to immediately find out whether a functionality is present in the Endian UTM Appliance, in the 4i Edge, or in both, the following icons have been placed next to each section title:

	The functionality is present in the Endian UTM Appliance only.
	The functionality is present in the Endian 4i Edge only.
	The functionality is present on both features.

This distinction applies also to the present pdf edition of the manual.

Feedback about this guide, or any error found, can be reported using the Endian‘s web page at http://www.endian.com/us/community/get-help/documentation/.

The remainder of this section contains some basic information about this guide and how to move your first steps within the Endian UTM Appliance, introducing some important concepts and describing the most significant parts of GUI.

Conventions Used in This Document

To improve the readability and clarity of this document, several conventions are used:

A Tooltip is displayed for various terms when moving the mouse over them.

This is an example box.

Boxes like this one contain example of configurations or short howtos for the quick setup of some feature or service described in the main document.

Besides for emphasis, italics is used to denote non-interactive objects or labels within the web GUI, while a dashed-underlined word(s) indicates objects that require user interaction, i.e., clicking on a button or to open a hyperlink.

Admonitions are employed to mark items, actions, or tasks that require special attention:

Warning

Changing this value will cause the service to restart!

Note

Remember that you can modify this later.

Hint

Tips about configuration of options

A relevant subject or an example

In boxes like this one (“topic”), you can find the explanation of some subject that requires a not-so-short explanation and is relevant to the topic of the section or to the configuration of some setting. Also, quick how-tos or examples may appear in it. At their bottom there might be present one or more hyperlinks to online resources.

Newly introduced or modified functionalities are explicitly tagged:

New in version 2.5: The version in which the feature first appeared and short description.

Changed in version 2.5: Feature that was present in previous releases, but that changed in the 2.5, or feature that was removed in that version.

A sequence like Menubar ‣ Firewall ‣ Port forwarding/DNAT ‣ Show system rules requires to click on each of the items, in the sequence shown, to reach a particular page or configuration item. This example shows how to reach the page that shows the configuration of the system rules for the firewall’s DNAT.

Alternatively, in a sequence like Menubar ‣ Firewall ‣ Port forwarding/DNAT ‣ [Rule list] ‣ Edit, the [...] means that there is a large number of objects (in this case there is a list of firewall’s rules) from which one should be chosen to carry out on it the action (Edit).

These sequences can be found within “see-also” boxes, underheath an hyperlink, like this one:

See also

Network configuration

Menubar ‣ System ‣ Network Configuration

In the box, the hyperlink gives direct access to the documentation, while the sequence underneath it shows how to reach from the home page, the page where to configure that functionality.

Often, a “see-also” box is used to provide links to resources like e.g., online how-tos or other parts of the documentation.

Finally, in the introductory part of each help page, small icons like or may appear, meaning that the corresponding functionality is available only on that product. This happens, for example when a product is available, but the dedicated help has not yet been finalised.

There are also some terms that have a special usage or meaning throughout this manual, and that can be found in the Glossary.

The zones

One of the most important concepts on which the Endian UTM Appliance is grounded, the Zone, finds its root in IPCOP’s idea to protect the networks it can reach by grouping them into different segments -the zone, indeed- and allowing the traffic to be exchanged only in certain directions among these segments. The four main zones are identified by a color and may group together a number of servers of workstation that have a same purpose.

• RED, this is the so-called Untrusted segment, i.e., the WAN: It encompasses all the networks outside the Endian UTM Appliance or, broadly speaking, the Internet, and is the source of incoming connections. This is the only zone that can not be managed: but only access to and from it can be granted or limited.

• GREEN, the internal network, i.e., the LAN. This zone is the most protected one and is dedicated to the workstations and should never be directly accessed from the RED zone. It is also the only zone that by default can access the management interface.

• ORANGE, The DMZ. This zone should host the servers that need to access the Internet to provide services (e.g., SMTP/POP, SVN and HTTP and so on). It is a good practice that the ORANGE zone be the only zone directly accessable from the RED zone. Indeed, if an attacker manages to break into one of the servers, she will be trapped within the DMZ and will not be able reach the GREEN zone, making impossible for her to gain sensitive information from local machines in the GREEN zone.

• BLUE, the WiFi zone, i.e., the zone that should be used by wireless clients to access the Internet. Wireless networks are often not secure, so the idea is to trap by default all the wireless connected clients into their own zone without access to any other zone except RED.

For the Endian UTM Appliance to correctly operate, it is not necessary to configure the ORANGE and BLUE zones. Indeed, it suffices to define the GREEN zone, since also the RED zone can be in some cases left unconfigured.

The Endian UTM Appliance has pre-defined firewall rules that forbid the network traffic to flow between some of the zones. Besides the four main zones, two more zones are available, but are used only in advanced setups: The OpenVPN clients zone (sometimes called PURPLE), and the HA zone. These are two special zones that are used as networks for the OpenVPN remote users that should connect to the Endian UTM Appliance and for the HA service. By default, they use the 192.168.15.0/24 and 192.168.177.0/24 networks respctively, so those networks ranges should not be used in the main zones, especially when planning to use either of these services. Indeed, those networks would overlap, possibly causing undesirable effects. The IP ranges of these two zones can however be modified during the set up of the OpenVPN or HA services.

To each zone corresponds an (network) interface and an IP address. The interface is the (ethernet or wireless) port through which the network traffic flows to the zone, so RED interface it the port through which you can reach the RED zone and the Internet. The IP address of the interface is the <Zone>IP. For example, the factory setting for the GREEN zone is the 192.168.0.15/24 network, hence the GREEN interface will have IP 192.168.0.15, which is referenced to as the GREENIP.

See also

High availability

for a description of High Availability

VPN

for a description of OpenVPN

The Endian UTM Appliance Management Interface

Changed in version 2.5: The Hotspot Administration Interface. When selecting the Menubar ‣ Hotspot ‣ Administration Interface menu, the main menubar will disappear and replaced with a new one. The Hotspot Administration Interface indeed, has many functionalities, configuration options, and menus, therefore the choice was to create a dedicated menubar.

The GUI of the Endian UTM Appliance has been designed to be easy to use, and consists of five main parts: The header, the main menubar, the sub-menu, the main area, and the footer. A sample screenshot of the Service module can be seen below.

The header

The header of the page contains the Endian logo on the left, while on the right-hand side there is an image showing the type of Endian UTM Appliance, above which two links appear: one to the online documentation (help), which is context-dependent (i.e., from each page the correspondent help will be displayed) and one to logout from the GUI. This part is static and does not change.

The footer

The footer is placed at the very bottom of the page. It consists of two lines of text with a few infomation on the running Endian UTM Appliance. The top line shows (Status:) whether an uplink is connected of connecting and which one (if there are more than one uplinks defined) and the time elapsed (Uptime:) since the last time the connection was established and the uptime of the machine, which is reported as the output of the uptime command, i.e., the time since last boot, the number of users and the load average. When you change page, the information are updated. The bottom line shows the version of the appliance with the deployset, and the copyright, with a link to Endian web site.

The Main Navigation Bar

The main navigation bar is a menu bar with an Endian-green background that displays all the available sections of the Endian UTM Appliance. Situated right below the header, it is static, but when the name of one of the modules is clicked (e.g., Services), its colors are inverted, to highlight the current module used. Upon clicking on a menu item, also the sub-menu on the left of the page and the title at the top of the main area change, since they are context-dependant. By default, the GUI opens on the System menu.

The sub-menu

The sub-menu appears on the left-hand side of the GUI and changes depending on the section selected on the menubar. It appears as a vertical list of items that can be clicked to change the content of the main area and to access all the functionalities of that Endian UTM Appliance‘s module.

The Main Area

The main area contains all the information and settings encompassed by the current selection of the menu/sub-menu combination. Some of the pages (e.g., the Dashboard or parts of the Service and Logs menus) are simply informative, showing the current status of the Endian UTM Appliance either graphically or textually, in the latter case conveying the output of linux commands on the screen. The vast majority of the pages, however, shows a table containing various information about the current configured settings, allowing to modify or delete existing settings and to add new ones. Particularly elaborate services like e.g., the HTTP proxy or the firewall, contain so many configuration options that a single page does not suffice to present them all, so the available settings are grouped together and organised in tabs.

Within tabs, often the configuration options are packed in one or more boxes, that gather together settings that refer to a common part of the overall configuration.

The Hotspot Administration Interface

The only exception to the layout of the Endian UTM Appliance GUI is the Hotspot Administration Interface, pictured in the screenshot below, which has no footer, places the submenu under the main menubar, and presents on the far right of the menubar a Main menu link to go back to the main menu.

Note that when referring to items under the Hotspot Administration Interface, the initial Menubar is usually omitted.

The Icons

Many icons are used throughout the pages served by the Endian UTM Appliance to denote either an action that can be quickly carried out, or convey some meaning to the settings shown.

Switches

Switches are used to entirely enable or disable a service and are present on the top of the main area. The gray switch suggests that the service is disabled and inactive, with the main area showing no settings or configuration options. Upon clicking on it, the service and the daemons that are necessary for its proper functioning are started and initialised. After a few seconds, the switch’s color turns green and all the configuration options available will appear. To disable the service, click again on the switch: This causes all the daemons to be stopped, the switch to turn grey, and the settings to disappear.

Policies

These icons are found in those services that require some form of access policies or traffic control, like, e.g., firewall rules or proxy specifications. Whenever a packet matches a rule, the policy specified for that rule is applied, determining if and how the packet can pass or not.

accept the access with no restriction.

allow the access but only after the packets have positively passed the IPS. This policy is only available in firewall rules.

blocks the packets and discards it.

blocks the packets, but a notification is sent to the source.

partial accept the rules. This is only found on the heading of a list of policies, to give at a glance the idea that some of the policies in the list are accepted and some are rejected, like e.g., in Menubar ‣ Proxy ‣ HTTP ‣ Contentfilter.

Other icons

Additional icons that can be found on the Endian UTM Appliance.

expands a panel, revealing its content.

closes a panel, hiding its content.

Navigation bar

In most places where a long list of item appears, a navigation bar appears to ease the listing of the items, which is composed of several cells: First and Previous on the left, Next and Last on the right, which enclose a variable amount of cells containing the page numbers. Clicking on the various cells leads to either the page indicated by the number, to the first or last page, or to the previous and next page.

Common Actions and Tasks

There are two types of actions that can be performed within the GUI: Actions on a single item in a list of configuration settings (i.e., one firewall rule), and ‘global’ actions to save, store, and apply all the settings in a list, a box, or a page.

Actions and icons

These icons are placed in the Actions column on the right of the various tables that appear on the pages and usually show a list of the items defined, like e.g., the firewall rules or the OpenVPN users. The actions’ icons allow to execute one task on the element of the list to which they correspond. Some action is only available on some type of lists:

and indicate the status of an item, enabled and disabled respectively. You can change the status by clicking on the icon. After that, a callout may notify you to restart service, if this is needed, to let the daemons reload the configuration and activate the changes.

and are available only in lists where the order is important, e.g., firewall rules, and allow to modify the order by moving up or down the corresponding item.

allows to modify the current item. Clicking on this icon will open the appropriate editor for that item.

causes the selected item to be removed from the list and from the configuration. A message will appear, asking for confirmation before the item is definitely deleted.

allows to download the item (usually an archive).

is used in limited locations, e.g., in Menubar ‣ Services ‣ Spam Training to test the connection of an item to a remote servers.

and appear in the IPS (Menubar ‣ Services ‣ Intrusion Prevention) and allow to log the packets that are allowed to pass or are blocked after they have matched a rule.

‘Global’ Actions

At the bottom of every page that allows the customisation of one or more options, there is the option to Save and store the new configuration on disk or to cancel the customisation done so far. In the latter case, no further action is required, since the configuration did actually not change. In the former case, however, it proves necessary to restart the service just modified, and perhaps also a few other related or dependant services, for the new settings to be reloaded and used in the running configuration. For the sake of convenience, when this action is required, a callout is displayed after the settings have been saved, with an Apply button, to be clicked to restart the service.

Whenever a Multiselect box is used (e.g., in Menubar ‣ Hotspot Settings), Add all and Remove all can be clicked as shortcut to add or remove all the available entries from the list of the available items or the selected and active items, respectively.

Multiple entries in one configuration option

In several places, several values can be entered for a single configuration item, for example the source or destination of a firewall rule. In those cases, either a textarea or a drop-down menu is shown. In the former case it is possible to enter one value per line, like e.g., it a MAC address, a network range (in CIDR notation), or an OpenVPN user. In the latter case, the choice is limited among a number of predefined values, that can be selected by holding the Control key on the keyboard and clicking on the values to be selected.

IPv4 and CIDR notation.

An IPv4 address is a network address whose length is 32 bits, divided in four, 8-bits long octets. In decimal, each octet can assume any value between 0 and 255 (2⁸= 256).

When specifying a network range, the IP address of the first host on the network along with the subnet mask, or netmask for short, is given, which defines the number of hosts available in that network. The subnet is defined as the length of the network prefix, i.e., that part of the address shared by all the hosts in a network.

There are two possibilities to denote the network/netmask pair:

• explicitly, i.e., both are given in quad dotted notation. For example:

  network 192.168.0.0
  netmask 255.255.255.0
  

  This is a network starting at the address 192.168.0.0 with 256 host available, i.e., the network range from 192.168.0.0 to 192.168.0.255. The first three octet in the netmask are 255, showing that there are no free host (or that this part of the address is the network prefix), while the fourth is 0, meaning that all hosts (256 - 0 = 0) are available.

• in CIDR notation, a more compact way to show the network range, in which the free bits instead of the free hosts are given. The same network range as above is expressed as:

  192.168.0.0/24
  

  This notation shows the length in bits of the shared part of the IP address. 24 means that the first three octets (each consisting of 8 bits) are shared, while the fourth octet is free, giving a number of free hosts that is equivalent to 32 - 24 = 8 bits, i.e., 256 hosts.

  The same line of reasoning can apply to an IPv6 address, with the only difference that IPv6 addresses are 128 bits long.

Accessing the Endian UTM Appliance

There are several ways to access the Endian UTM Appliance: The most intuitive and straightforward one is from the web-based GUI. There are also console-based access via SSH and serial console, although they are suggested to advanced users only.

The Endian UTM Appliance GUI

Hint

The default IP address of the Endian UTM Appliance is 192.168.0.15.

The recommended access to the Endian UTM Appliance GUI is very simple: Start the browser and enter the GREENIP address, whether or not this is the first time the Endian UTM Appliance is used.

The browser will be redirected to a secure HTTPS connection on port 10443. Since Endian UTM Appliance uses a self-signed HTTPS certificate, the browser might ask to accept the certificate during the first connection. The system will then ask for username and password. Specify “admin” as the username and provide the password received from the reseller or, if the Endian UTM Appliance has already been customised, insert the password that provided during the installation.

After entering the password, the Dashboard of the Endian UTM Appliance GUI is displayed, and it is possible to immediately start exploring the information available on this interface or further browse and configure the appliance. The rest of this manual follows the layout of the main navigation bar: Each item in the main menu-bar represents a different section of the Endian UTM Appliance and is presented in a separate chapter, with sub-menu items and tabs having sub- and sub-sub-sections headings markup respectively.

Console-based access

Console-based access to the Endian UTM Appliance is suggested only to users that are acquainted with the Linux command line.

Two possibilities are available to reach the CLI: Using SSH access or via serial console. SSH access is by default disabled, but can be activated under Menubar ‣ System ‣ SSH access, while Serial Console access is enabled by default on all appliances with the following parameters:

• port: ttyS0
• bit, parity bit, stop bit: 8, N, 1
• speed: 38400 baud or 115200 baud in newer appliances.

The connection using the serial console requires:

• A suitable terminal program like minicom for Unix/Linux boxes or putty for MS Windows.
• A workstation with a serial interface
• A nullmodem cable to connect a workstation to the appliance

or

• Terminal program.
• Networked Serial-to-Ethernet adapter.
• Serial-to-Ethernet cable to connect the appliance to the adapter.

Note

In case the network is not configured properly, the serial console may represent the only way to access the Endian UTM Appliance.