CEQURUX FIREWALL/VPN FREQUENTLY ASKED QUESTIONS

This document tries to answer some of the most frequently asked questions about CEQURUX Firewall/VPN, and includes last minute changes that didn't make it into the manual, if any. If there's something you're having trouble with and you don't see the answer here or in the manual, then contact your reseller or send mail to: support@cequrux.com

Contents

Section A: Hardware and Installation

1. What do I need to run CEQURUX Firewall/VPN?
2. I want to install CEQURUX Firewall/VPN onto a disk that has more than1024 cylinders. How do I do it?
   When I boot CEQURUX Firewall/VPN it says `Missing Operating System'.
   When I boot CEQURUX Firewall/VPN it says `Cyl > 1024' (or similar)
3. I have an IDE drive with lots of bad blocks on it and CEQURUX Firewall/VPN doesn't seem to install properly. Why?
4. My network card keeps reporting errors like, `ed0: timeout'. Why is this?
5. What kind of hard drives does CEQURUX Firewall/VPN run on?
6. What SCSI controllers are supported?
7. What CD-ROM drives are supported by CEQURUX Firewall/VPN?
8. What types of tape drives are supported under CEQURUX Firewall/VPN?
9. What network cards does CEQURUX Firewall/VPN support?
10. Programs occasionally die with `Signal 11' errors. What's going on?
11. How do I tell if CEQURUX Firewall/VPN found my serial ports or modem cards?
12. While installing from CDROM, the kernel boots, the messages mention the ATAPI IDE CDROM drive, but when selecting the Media, no CDROM drive gets detected.
13. I've just replaced my router, and now none of the gateways on the firewall work.
14. I have 100BaseTX full-duplex Fast Ethernet network interfaces, but they seem to be working at only 10BaseT. How do I fix this?
15. Is it possible to have a backup machine with the same configuration as our operational firewall?
16. I want to add another hard drive to my firewall for more squid cache space and/or for more space to store mail. How do I do it?
17. How do I upgrade my firewall's kernel?

Section B: Other Boot Problems

1. When I boot up I see the message `Checking if DNS root cache needs to be updated...', and then nothing happens for quite a while. What's going on?

Section C: Basic Configuration

1. We want to install a CEQURUX Firewall/VPN but currently have only a single class C network address space. How can we install the firewall without having to renumber all of our hosts?
2. How does the user licensing work?

Section D: Mail Handling

1. I have heard that sendmail has all sorts of security holes. Does CEQURUX Firewall/VPN use sendmail, and if so, is this safe?
2. Does CEQURUX Firewall/VPN prevent external users from using it as a mail relay for spam?
3. What other ways can CEQURUX Firewall/VPN be used to prevent spam mail?
4. Can a standard disclaimer be attached to the contents of every outgoing mail message?
5. Can CEQURUX Firewall/VPN handle mail for domains other than the principal domain?
6. Is an internal mail server required, or can the firewall be used as the mail server?
7. My ISP handles all the mail for our users, who retrieve the mail using POP/IMAP. Can CEQURUX Firewall/VPN handle this?
8. We have had some outgoing mail bounce with an error message `I/O error'. What does this mean?
9. How do I obtain a username and password for the Sophos antivirus system?
10. Where can I alter the timeouts for deferred mail warnings and bounces?
11. How do I display the full headers of a message in my mail client?

Section E: Name Service

1. Hosts on our internal network use DHCP to obtain their IP addresses, but CEQURUX Firewall/VPN seems to want fixed domain name to address bindings. What do we do?
2. Does CEQURUX Firewall/VPN's DNS server hide internal addresses from the outside world?
3. Does CEQURUX Firewall/VPN support secondary name servers?
4. I've heard that CEQURUX Firewall/VPN supports something called `distributed DNS'. What is this?
5. How do I configure secondary DNS servers for virtual domains?

Section F: WWW Access

1. Can we access web servers running on non-standard ports?
2. How do I make the firewall display another HTML file when it blocks some access or other?

Section G: FTP Access

1. Can we access FTP servers running on non-standard ports?
2. Can our public FTP service also support user accounts allowing restricted access to some directories?
3. Can we access FTP server farms where the data connection may be from a different host to the control connection?

Section H: PPP

1. We are using PPP with an ISDN modem, and are having problems. Do you have any suggestions?

Section I: Network Address Translation (NAT)

1. CEQURUX Firewall/VPN performs network address translation and hides all internal hosts from the outside. Can this be disabled so that some internal hosts are visible and accessible from the outside?

Section J: Logging and Reports

1. Can the daily reports be customised?
2. Can I get log filters to send a notification to a MS-Windows host?

Section K: Virtual Private Networking

1. CEQURUX Firewall/VPN supports both IPSec and its own proprietary VPN technology. Which should be used under which circumstances?

Section L: NetBIOS

1. Can CEQURUX Firewall/VPN be used to gateway NetBIOS? How secure is this?
2. How do I map a network drive to some shared resource that is behind a CEQURUX Firewall if I am on the outside of the Firewall?

Section M: IPX

1. Can CEQURUX Firewall/VPN be used to gateway IPX? How secure is this?

Section N: Remote Administration

1. While trying to access webadmin, I get 'Document contains no data' on my browser, while on the firewall I see loads of messages regarding SSL. What am I doing wrong?
2. While trying to setup remadmin and keyadmin, I get 'connection failed' on the windows side, and on the firewall console assorted 'access denied' messages. Why?
3. I am using Microsoft Internet Explorer version 5 and I am experiencing connection timeouts every so often when requesting reports from webadmin. I have checked all the timeout settings on the firewall and on my browser and they are all fine.
4. The navigation buttons don't load when I am browsing the Administrator's manual from webadmin
5. How do I upgrade the Windows administration and authentication tools ?
6. How do I export my RSA/DSA private key to disk?
7. What do I do with the blank fields when I want to add/edit a proxy or gateway service?

Section O: Other Services

1. We have created a number of gateway/proxy entries for a service, for different clients. However, the behaviour is not as we expect. How can we check which entry gets used when a client attempts a connection?
2. How do I set up incoming proxies on my externally aliased IP addresses?
3. What do I have to do to be able to use the Napster client for Windows?
4. How do I configure Mirabilis ICQ to work from behind the firewall?
5. How do I configure the firewall for MSN Messenger?
6. How do I configure AOL Instant Messenger to work from behind the firewall?
7. How do I configure the Firewall for RealPlayer?
8. What about creating proxies that start from the DMZ?
9. What if I want proxies starting from a second DMZ with a fourth network interface?
10. What must I do to make Kerberos5 work with the KDC and server applications outside the firewall and the client applications on the inside?
11. What if I really need UDP proxies?
12. How do I allow browsing access for machines on the DMZ?
13. How do I bind another IP address to the DMZ interface?

Section P: Miscellaneous

1. Under heavy load, the squid and/or publogwww services seem to stop working for 10 minutes, while all other services still work correctly.
2. How do I use Standard Bank's Business Internet Banking system from behind the firewall?

Section Q: Sophos Anti-Virus

1. How do I update Sophos Anti-Virus?
2. How do I check the Version Number?