ADTRAN, Inc. offers a variety of subscription-based security services to provide layered
security for your network. ADTRAN security services are designed to integrate seamlessly into your network to provide complete protection.
The following subscription-based security services are listed in
Security Services
on the firewall’s management interface:
You can activate and manage ADTRAN security services directly from the ADTRAN
management interface or from http://www.adtran.com/NetVantaSecurityPortal
.
The top of the
Security Services
> Summary
page provides a brief overview of services available for your firewall.
Below the list in the
Synchronize Licenses
area, you can click the Synchronize
button to synchronize licenses on the appliance with NetVanta Security Portal account. Licenses are automatically synchronized at regular intervals, but you may want to do this if you have just purchased a license. This area also provides a direct link to the login page of NetVanta Security Portal account.
At the top of the list, you can click the link to the
System > Licenses
page to view license status and the available ADTRAN security services and upgrades for your firewall and access NetVanta Security Portal account for activating services using Activation Keys.
A list of currently available services is displayed in the
Security Services Summary
table. Subscribed services are displayed with Licensed
in the Status
column. The service expiration date is displayed in the Expiration
column. If the service is limited to a number of users, the number is displayed in the Count
column. If the service is not licensed, Not Licensed
is displayed in the Status
column. If the service license has expired, Expired
is displayed in the Status column.
The
Manage Security Services Online
area is also on the System > Licenses page, below the Security Services Summary
table. This section of the page allows you to synchronize licenses with NetVanta Security Portal account, and activate or renew security services licenses using Activation Keys. You can manually upgrade your licenses by entering the “keyset” for them, obtained on NetVanta Security Portal account It also provides a link to the login page of NetVanta Security Portal account.
If your firewall is not registered, the
System > Licenses
page does not include the Services
Summary
table. Your firewall must be registered to display the Services Summary
table.
To activate ADTRAN Security Services, you need to have a NetVanta Security Portal account
and your firewall must be registered. Creating an account is easy and free. You can create an account directly from the ADTRAN management interface. Simply complete an online registration form. Once your account is created, you can register firewalls and activate ADTRAN Security Services associated with the firewall.
The NetVanta Security Portal delivers a convenient, one-stop resource for registration,
activation, and management of your ADTRAN products and services. Your NetVanta Security Portal account provides a single profile to do the following:
Your NetVanta Security Portal account is accessible from any Internet connection with a Web
browser using the HTTPS (Hypertext Transfer Protocol Secure) protocol to protect your sensitive information. You can also access NetVanta Security Portal license and registration services directly from the ADTRAN management interface for increased ease of use and simplified services activation.
Clicking the link to NetVanta Security Portal displays the
NetVanta Security Portal Login
page
for accessing your NetVanta Security Portal account licensing information.
Enter your NetVanta Security Portal username and password in the
User Name
and Password
fields, and then click Submit
. The System > Licenses
page is displayed with the Security
Services Summary
table.
The information in the
Security Services Summary
table is updated from your NetVanta Security Portal account.
If you are already connected to your NetVanta Security Portal account from the management
interface, the Security Services Summary
table
is displayed.
Click
Synchronize
to update the licensing and subscription information on the firewall from your NetVanta Security Portal account.
The following sections describe global configurations that are performed on the
Security
Services > Summary
page:
The Security Services Settings section provides the following options for fine-tuning ADTRAN
security services:
|
|
•
|
Security Services Settings
- This pulldown menu specifies whether ADTRAN UTM security services are applied to maximize security or to maximize performance:
|
|
|
–
|
Maximum Security (Recommended)
- Inspect all content with any threat probability (high/medium/low). For additional performance capacity in this maximum security setting, utilize SonicOS UTM Clustering.
|
|
|
–
|
Performance Optimized
- Inspect all content with a high or medium threat probability. Consider this performance optimized security setting for bandwidth or CPU intensive gateway deployments or utilize SonicOS UTM Clustering.
|
The
Maximum Security
setting provides maximum protection. The Performance
Optimized
setting utilizes knowledge of the currently known threats to provide high protection against active threats in the threat landscape.
|
|
•
|
Reduce Anti-Virus traffic for ISDN connections
- Select this feature to enable the ADTRAN Anti-Virus to check only once a day (every 24 hours) for updates and reduce the frequency of outbound traffic for users who do not have an “always on” Internet connection.
|
This section provides the ability for firewalls that operate in networks where they must access
the Internet through a proxy server to download signatures. This feature also allows for registration of firewalls through a proxy server without compromising privacy. To enable signature download or appliance registration through a proxy server, perform the following steps:
|
1.
|
Select the
Download Signatures through a Proxy Server
checkbox.
|
|
2.
|
In the
Proxy Server Name or IP Address
field, enter the hostname or IP address of the proxy server.
|
|
3.
|
In the
Proxy Server Port
field, enter the port number used to connect to the proxy server.
|
|
4.
|
Select the
This Proxy Server requires Authentication
checkbox if the proxy server requires a username
and password
.
|
|
6.
|
Click
Accept
at the top of the page.
|
This section previously displayed the brief overview of services available for your firewall, that
is now displayed at the top of the page.
The Manual Signature Update feature is intended for networks where reliable, broadband
Internet connectivity is either not possible or not desirable (for security reasons). The Manual Signature Update feature provides a method to update the latest signatures at the network administrator’s discretion. The network administrator first downloads the signatures from http:/
/www.adtran.com/NetVantaSecurityPortal
to a separate computer, a USB drive, or other media. Then the network administrator uploads the signatures to the firewall. The same signature update file can be used to all firewalls that meet the following requirements:
To manually update signature files, complete the following steps:
|
Step 1
|
On the
Security Services > Summary
page, scroll to the Update Signatures Manually
heading at the bottom of the page. Note the Signature File ID for the device.
|
|
Step 2
|
Log on to
http://www.adtran.com/NetVantaSecurityPortal
using the NetVanta Security Portal account that was used to register the firewall.
|
|
Step 3
|
Click on
Download Signatures
under the Downloads
heading.
|
|
Step 6
|
Return to the
Security Services > Summary
page on the firewall GUI.
|
|
Step 9
|
Click
Import
. The signatures are uploaded for the security services that are enabled on the firewall.
|
UTM Clustering consists of two NetVanta 2830 and 2840 appliances setup in series to pass
traffic through both units. The first appliance is configured in NAT mode, and takes care of GAV and inbound Anti-Spyware. The second appliance is configured as an L2 Bridge, and runs IPS and outbound Anti-Spyware. This allows for improved performance by splitting up security services amongst the two UTM appliances. The appliances are configured as follows:
To activate a ADTRAN Security Service, refer to the specific Security Service chapter.