Modifying an Ethernet interface
(advanced mode) 377
Creating a VLAN 378
Modifying a VLAN 378
Virtual interfaces 379
“IPSec interfaces (VTI)” tab 379
“Loopback” tab 379
Routing 379
“IPv6 static route” tab 379
“IPv6 dynamic routing” tab 380
“IPv6 return routes” tab 381
DHCP 381
General 381
“DHCP server” service 382
“DHCP relay” service 384
Network objects 385
Possible actions 385
The different types of objects 386
Filtering 386
“Filtering” tab 386
HOW TO: Implementing a filter rule 388
Requirements 388
Creating network objects 388
Selecting a filter policy 389
Adding a filter rule 389
Activating the filter policy 391
Testing the Filter / NAT policy 391
HOW TO: setting up a NATrule 392
Purpose 392
Creating network objects 392
Selecting a filter policy 393
Creating a filter and NAT rule 393
Activating the filter policy 395
Testing the Filter-NAT policy 395
HOW TO: IPSec VPN - Authentication
by pre-shared key 397
Implementation 397
Configuring the main site 397
Configuring the remote site 400
Checking the tunnel setup 401
Checking in Stormshield Network
Realtime Monitor 401
Incident resolution - Common errors 401
HOW TO: IPSec VPN - Authentication
by certificate 404
Implementation 404
Configuring the main site 405
Configuring remote sites A and B 410
Page 9/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
Checking the tunnel setup 413
Checking in Stormshield Network Realtime
Monitor 413
Incident resolution - Common errors 413
HOW TO: IPSec VPN - Hub and Spoke
Configuration 415
Architectures shown 415
Case no.1: internal traffic via IPSec tunnels415
Case no.2: all traffic via IPSec tunnels 415
Configuration requirements 416
Case no.1: internal traffic via IPSec
tunnels 417
417
Configuring the Hub site 417
Configuring the satellite sites Spoke A and
Spoke B 419
Case no.2: all traffic via IPSec tunnels 421
Configuring the central Hub site 422
Configuring the satellite sites Spoke A and
Spoke B 423
Checking the tunnel setup 424
Via the Stormshield Network administration
suite 424
Information and diagnosis tools in console
mode 425
Incident resolution - Common errors 427
Appendix A: Allowed names 428
Firewall name 428
Login and password 428
Comments (prohibited characters) 428
Interface names 428
Objects 428
DNS (FQDN) name objects 429
Certificates 429
Users 429
IPSEC VPN 429
SSL VPN 429
E-mail alerts 429
Appendix B: Structure of an objects
database in CSV format 430
Host 430
IP address range 430
DNS name (FQDN) 430
Network 431
Port 431
Port range 431
Protocol 432
To Next Page
Loading...
