Getting Started

From Halon Security

Jump to: navigation, search

Follow these steps in order to produce a simple configuration for the H/OS 2.0 appliance. It is assumed that the appliance is factory reset. There are model specific getting started manuals in PDF format on our documentation page.

Logging into the Web Administration

  1. Connect the power adapter/cable between the appliance and the power grid outlet.
  2. Connect a workstation with a web (HTTP/HTML) browser (like http://www.mozilla.com) with the appliance ethernet connector number 1 with a cross-wired RJ45 cable (usually included). Alternatively, a patch RJ45 cable can be used if a switch, or auto-sensning workstation, is used.
  3. Configure the workstation to use the IP address 192.168.0.2 and netmask 255.255.255.0.
  4. Start a web browser and go to https://192.168.0.1
  5. The default configuration username and password is "admin".
  6. Go to Security → Users and change the password

Basic configuration of SPG-series appliance

This guide assumes a topology of a Halon SPG-series appliance processing mail for a SMTP mail server, which it can connect to.

  1. Set the IP address of the H/OS appliance. In case of the appliance being placed behind firewall with NAT enabled, it should probably use an internal (192.168/172.16/10.0) address. Go to Network → Addresses, and add a new address by pressing the plus (+) button. Type the desired address and the bitmask. The bitmask can be calculated from the netmask using the calculator in the upper right section of the interface. For example, the bitmask for 255.255.255.0 is /24. The complete address string could be 192.168.0.1/24. If the new address is in a different address space (network) than the default 192.168.0.1/24 address, it can be added to another interface (for example ether2. The advantage of using another interface, is that ether1 can be used for administration only. Then done, press "Save as New".
  2. Once the address is configured, add a default gateway (router). Go to Network → Routing, press the plus (+) button, check the "Default Gateway" checkbox, type the gateway (router) address in the "Gateway" field, and press "Save as New".
  3. Add DNS servers at Network → DNS by pressing the plus (+) button, and typing the IP address if a DNS server that the appliance can connect to using the default gateway previously added. Press "Save as New". Take your time to add multiple DNS servers, if one should fail.
  4. Check on the Network → Addresses section that a green status light is shown left to the IP address. Also go to Diagnostics → Troubleshooter, and confirm that at least the first five test succeeded. Otherwise, look for errors in the network configuration.
  5. On Mail Gateway/Incoming, modify the default incoming SMTP listener. The listener is the object (server) that receives e-mail. In the first field, "Hostname", type the domain name to be reported in SMTP sessions. mx1.example.org could be suitable. By default, it will listen to all addresses configured on the appliance. If LDAP is desired, first add a LDAP connector at the Mail Gateway → LDAP section. Then select it for the listener (called "Recipient Database", available from the "Advanced Options" panel). Press "Save".
  6. Unless LDAP or a text file is used as "Recipient Database" in the previous step, all domains has to be explicitly added on the Mail Gateway/Domains section. Unless a domain has been added, or the "any" domain is configured, the appliance will deny relaying mail messages for that domain. The domain also is the connection between an incoming listener (receiving mail), the process flow (scanning mail) and the outgoing transport (sending mail). For now, use the default listener ("Received by" field), transport ("Send to" field) and process flow.
  7. On Mail Gateway/Process Flows, a very powerful flow editor with scripting language (HSL) modules is available. However, the default flow can be used for now.
  8. On the Mail Gateway/Outgoing section, outgoing transports can be defined. One option is to specify an SMTP server to which all mail will be sent, or use the "MX Record" option in order to let the appliance automatically find the correct server by looking at the recipient address. For now, change "Send to Server" of the default transport from 192.168.0.100 to the real address of your mail server.
  9. Again, go to Diagnostics → Troubleshooter and confirm that all tests passed. If they did, try sending mail to the IP address of the appliance. If successful, change the MX record of your domain to point against the Halon SPG appliance, instead of the real mail server. If a NAT firewall is being used, it is usually easier to change the "port forwarding" entry for SMTP (port 25).
Retrieved from "http://wiki.halonsecurity.com/Getting_Started"
Personal tools