Manual De UsuarioTabla de contenidosGetting Started19Introduction20Product Overview21Front Panel21Back Panel23Getting Started with the Configuration Utility25Logging in to the Configuration Utility26Navigating Through the Configuration Utility27Using the Help System28Configuration Utility Icons28Factory Default Settings30Default Settings of Key Features30Restoring the Factory Default Settings31Performing Basic Configuration Tasks32Changing the Default Administrator Password32Upgrading your Firmware After your First Login33Backing Up Your Configuration34Configuration Wizards35Using the Setup Wizard for the Initial Configuration36Starting the Setup Wizard37Configuring Cisco.com Account Credentials37Enabling Firmware Upgrade38Validating Security License39Enabling Bonjour and CDP Discovery Protocols39Configuring Remote Administration40Configuring Physical Ports41Configuring the Primary WAN42Configuring the Secondary WAN42Configuring WAN Redundancy42Configuring Default LAN Settings43Configuring DMZ44Configuring DMZ Services45Configuring Wireless Radio Settings47Configuring Intranet WLAN Access48Configure Security Services49Viewing Configuration Summary50Using the Dual WAN Wizard to Configure WAN Redundancy Settings51Starting the Dual WAN Wizard51Configuring a Configurable Port as a Secondary WAN Port51Configuring the Primary WAN52Configuring the Secondary WAN52Configuring WAN Redundancy52Configuring Network Failure Detection53Viewing Configuration Summary54Using the Remote Access VPN Wizard54Using the Remote Access VPN Wizard for IPsec Remote Access54Using Remote Access VPN Wizard for SSL Remote Access60Using the Site-to-Site VPN Wizard to Configure Site-to-Site VPN66Starting the Site-to-Site VPN Wizard67Configuring VPN Peer Settings67Configuring IKE Policies68Configuring Transform Policies69Configuring Local and Remote Networks70Viewing Configuration Summary70Using the DMZ Wizard to Configure DMZ Settings71Starting the DMZ Wizard71Configuring DDNS Profiles71Configuring DMZ Network72Configuring DMZ Services74Viewing Configuration Summary76Using the Wireless Wizard (for ISA550W and ISA570W only)76Starting the Wireless Wizard76Configuring Wireless Radio Settings76Configuring Wireless Connectivity Types77Specify Wireless Connectivity Settings for All Enabled SSIDs78Viewing Configuration Summary78Configuring the SSID for Intranet WLAN Access78Configuring the SSID for Guest WLAN Access80Status84Device Status Dashboard84Network Status88Status Summary88Traffic Statistics91Usage Reports92WAN Bandwidth Reports94ARP Table95DHCP Bindings95STP Status96CDP Neighbor98Wireless Status (for ISA550W and ISA570W only)99Wireless Status99Client Status100NAT Status100VPN Status101IPsec VPN Status101SSL VPN Status103Active User Sessions105Security Services Reports106Web Security Report106Anti-Virus Report107Email Security Report108Network Reputation Report109IPS Report110Application Control Report111System Status112Processes112Resource Utilization113Networking115Viewing Network Status116Configuring IPv4 or IPv6 Routing116Managing Ports116Viewing Status of Physical Interfaces117Configuring Physical Ports118Configuring Port Mirroring119Configuring Port-Based (802.1x) Access Control120Configuring the WAN122Configuring WAN Settings for Your Internet Connection122Configuring WAN Redundancy130Configuring Link Failover Detection132Load Balancing with Policy-Based Routing Configuration Example133Configuring Dynamic DNS134Measuring and Limiting Traffic with the Traffic Meter135Configuring a VLAN137Configuring DMZ141Configuring Zones146Security Levels for Zones146Predefined Zones147Configuring Zones147Configuring DHCP Reserved IPs149Configuring Routing149Viewing the Routing Table150Configuring Routing Mode150Configuring Static Routing151Configuring Dynamic Routing - RIP152Configuring Policy-Based Routing153Configuring Quality of Service155General QoS Settings155Configuring WAN QoS156Configuring LAN QoS166Configuring Wireless QoS169Understanding DSCP Values171Configuring IGMP172Configuring VRRP173Address Management175Configuring Addresses175Configuring Address Groups176Service Management177Configuring Services177Configuring Service Groups178Configuring Captive Portal179Requirements179Before You Begin180VLAN Setup180Wireless Setup181User Authentication181Configuring a Captive Portal181Troubleshooting185Using External Web-Hosted CGI Scripts186CGI Source Code Example: No Authentication and Accept Button195Related Information204Wireless (for ISA550W and ISA570W only)206Viewing Wireless Status207Viewing Wireless Statistics207Viewing Wireless Client Status208Configuring the Basic Settings208Configuring SSID Profiles210Configuring Wireless Security211Controlling Wireless Access Based on MAC Addresses217Mapping the SSID to VLAN218Configuring SSID Schedule218Configuring Wi-Fi Protected Setup219Configuring Captive Portal221Requirements222Before You Begin222VLAN Setup222Wireless Setup223User Authentication223Configuring a Captive Portal223Troubleshooting227Using External Web-Hosted CGI Scripts228CGI Source Code Example: No Authentication and Accept Button237Related Information246Configuring Wireless Rogue AP Detection247Advanced Radio Settings248Firewall251Configuring Firewall Rules to Control Inbound and Outbound Traffic252About Security Zones252Default Firewall Settings254Priorities of Firewall Rules255Preliminary Tasks for Configuring Firewall Rules255General Firewall Settings256Configuring a Firewall Rule257Configuring a Firewall Rule to Allow Multicast Traffic259Configuring Firewall Logging Settings260Configuring NAT Rules to Securely Access a Remote Network261Viewing NAT Translation Status262Priorities of NAT Rules263Configuring Dynamic PAT Rules264Configuring Static NAT Rules265Configuring Port Forwarding Rules266Configuring Port Triggering Rules268Configuring Advanced NAT Rules269Configuring IP Alias for Advanced NAT rules270Configuring an Advanced NAT Rule to Support NAT Hairpinning272Firewall and NAT Rule Configuration Examples274Allowing Inbound Traffic Using the WAN IP Address274Allowing Inbound Traffic Using a Public IP Address276Allowing Inbound Traffic from Specified Range of Outside Hosts279Blocking Outbound Traffic by Schedule and IP Address Range280Blocking Outbound Traffic to an Offsite Mail Server280Configuring Content Filtering to Control Internet Access281Configuring Content Filtering Policy Profiles281Configuring Website Access Control List282Mapping Content Filtering Policy Profiles to Zones283Configuring Advanced Content Filtering Settings284Configuring MAC Address Filtering to Permit or Block Traffic285Configuring IP-MAC Binding to Prevent Spoofing286Configuring Attack Protection287Configuring Session Limits288Configuring Application Level Gateway289Security Services291About Security Services292Activating Security Services293Priority of Security Services293Security Services Dashboard294Viewing Security Services Reports295Viewing Web Security Report296Viewing Anti-Virus Report297Viewing Email Security Report298Viewing Network Reputation Report299Viewing IPS Report300Viewing Application Control Report301Configuring Anti-Virus302General Anti-Virus Settings303Configuring Advanced Anti-Virus Settings306Configuring HTTP Notification307Configuring Email Notification307Updating Anti-Virus Signatures308Configuring Application Control309Configuring Application Control Policies310General Application Control Settings314Advanced Application Control Settings318Configuring Spam Filter319Configuring Intrusion Prevention321Updating IPS Signature Database324Configuring Web Reputation Filtering325Configuring Web URL Filtering327Configuring Web URL Filtering Policy Profiles328Configuring Website Access Control List329Mapping Web URL Filtering Policy Profiles to Zones330Configuring Advanced Web URL Filtering Settings330Network Reputation332VPN333About VPNs334Viewing VPN Status335Viewing IPsec VPN Status335Viewing SSL VPN Status337Configuring a Site-to-Site VPN340Configuration Tasks to Establish a Site-to-Site VPN Tunnel341General Site-to-Site VPN Settings341Configuring IPsec VPN Policies343Configuring IKE Policies349Configuring Transform Sets351Remote Teleworker Configuration Examples352Configuring IPsec Remote Access355Cisco VPN Client Compatibility356Enabling IPsec Remote Access357Configuring IPsec Remote Access Group Policies357Allowing IPsec Remote VPN Clients to Access the Internet360Configuring Teleworker VPN Client363Required IPsec VPN Servers364Benefits of the Teleworker VPN Client Feature365Modes of Operation365General Teleworker VPN Client Settings368Configuring Teleworker VPN Client Group Policies369Configuring SSL VPN372Elements of the SSL VPN373Configuration Tasks to Establish a SSL VPN Tunnel374Installing Cisco AnyConnect Secure Mobility Client375Importing Certificates for User Authentication376Configuring SSL VPN Users376Configuring SSL VPN Gateway376Configuring SSL VPN Group Policies379Accessing SSL VPN Portal382Allowing SSL VPN Clients to Access the Internet382Configuring L2TP Server385Configuring VPN Passthrough387User Management388Viewing Active User Sessions388Configuring Users and User Groups389Default User and User Group389Available Services for User Groups389Preempt Administrators390Configuring Local Users390Configuring Local User Groups391Configuring User Authentication Settings393Using Local Database for User Authentication394Using RADIUS Server for User Authentication394Using Local Database and RADIUS Server for User Authentication397Using LDAP for User Authentication398Using Local Database and LDAP for Authentication400Configuring RADIUS Servers401Device Management403Viewing System Status404Viewing Process Status404Viewing Resource Utilization404Administration405Configuring Administrator Settings406Configuring Remote Administration407Configuring Email Alert Settings408Configuring SNMP415Backing Up and Restoring a Configuration416Managing Certificates for Authentication418Viewing Certificate Status and Details419Exporting Certificates to Your Local PC420Exporting Certificates to a USB Device421Importing Certificates from Your Local PC421Importing Certificates from a USB Device422Generating New Certificate Signing Requests422Importing Signed Certificate for CSR from Your Local PC423Configuring Cisco Services and Support Settings424Configuring Cisco.com Account424Configuring Cisco OnPlus425Configuring Remote Support Settings426Sending Contents for System Diagnosis426Configuring System Time427Configuring Device Properties428Diagnostic Utilities428Ping429Traceroute429DNS Lookup430Packet Capture430Device Discovery Protocols430UPnP Discovery431Bonjour Discovery432CDP Discovery432LLDP Discovery433Firmware Management434Viewing Firmware Information435Using the Secondary Firmware435Upgrading your Firmware from Cisco.com436Upgrading Firmware from a PC or a USB Device437Firmware Auto Fall Back Mechanism438Using Rescue Mode to Recover the System438Managing Security License439Checking Security License Status440Installing or Renewing Security License441Log Management442Viewing Logs442Configuring Log Settings444Configuring Log Facilities447Rebooting and Resetting the Device448Restoring the Factory Default Settings448Rebooting the Security Appliance449Configuring Schedules449Troubleshooting453Internet Connection453Date and Time456Pinging to Test LAN Connectivity457Testing the LAN Path from Your PC to Your Security Appliance457Testing the LAN Path from Your PC to a Remote Device458Technical Specifications and Environmental Requirements459Factory Default Settings461Device Management461User Management463Networking464Wireless468VPN469Security Services471Firewall471Reports473Default Service Objects474Default Address Objects478Where to Go From Here479Tamaño: 4 MBPáginas: 479Language: EnglishManuales abiertas