Some of the functions of Ingate Firewall are:
Packet filtering: You can set the type of traffic that can be transferred from one network to another.
Dynamic session management.
Masquerading (NAT, Network Address Translation): Hides all computers on a network. All connections from this network appear to come from the firewall.
Time-controlled firewall rules, where the rules are active in given time intervals only.
Forwarding of network traffic via relays.
Protection against such attacks as address spoofing.
Logging/alarm locally on the firewall, via email and/or via syslog.
Managing several logical/directly-connected networks and several network connections/physical networks. Having several network connections let you create a DMZ - a separate net for WWW and other servers.
Administration of the firewall through a web browser using http or https.
Choice of language. Choose between Swedish and English.
SIP proxy: Forwarding of SIP requests.
SIP registrar: Registration of SIP users.
Failover - connect two firewalls in parallel; one handles traffic and the other acts as a hot standby.
Branch Office VPN and Road Warrior VPN using IPSec or PPTP (using the VPN expansion module).
QoS - bandwidth limitation and traffic prioritizing (using the QoS expansion module).
STUN server and Remote SIP Connectivity for SIP clients behind NAT boxes which are not SIP aware (using the Remote SIP Connectivity module).
Ingate Firewall is easy to install:
Select an IP address for the firewall on your network.
The network interfaces are marked with Eth0, Eth1, .... These are the names of the physical interfaces and the ones which you should use in the installation program.
Plug in the power cord and turn on the firewall.
Wait while the firewall boots up.
Connect the network cables to the network interfaces.
Find out the MAC address of the firewall's eth0 interface (printed on the firewall label).
Add a static entry in your local ARP table consisting of the firewall's MAC address and the IP address it should have on eth0.
This is how to add a static ARP entry if you use a Windows computer:
Run the command command (or cmd).
In the Command window, enter the command arp -s ipaddress macaddress where ipaddress is the new IP address for the eth0 interface, and macaddress is the MAC address printed on the firewall, but with all colons (:) replaced with dashes (-).
Ping this IP address to give the firewall its new IP address. You should receive a ping reply if the address distribution was successful.
Direct your web browser to the IP address of the firewall. You will be prompted to set a password for the firewall admin user.
The top page of the Ingate Firewall is the first page displayed. Go to the Eth0 page under Network and configure this interface. See also the Interface section.
Then, move on to the other interface pages and give the firewall at least one IP address per active interface and state the networks connected to each interface. See also the Interface section.
If NAT is wanted for some traffic through the firewall, go to the NAT page and make settings for this. See also the NAT section.
Go to the Networks and Computers page to define the networks that will send and receive traffic through the firewall. Usually, at least one network per interface of the firewall is needed. Some computers should be handled separately, and they therefore need their own networks. See also the Networks and Computers section.
Go to the Basic Configuration page under Basic Configuration and enter a Default gateway, and set a log class for the configuration traffic. See also the Basic Configuration section.
Go to the Access Control page and make settings for the configuration of the firewall. See also the Access Control section.
Go to the Rules page under Rules and Relays and make rules for the traffic through the firewall. Traffic over TCP (e.g. smtp) works without any reply rules, but traffic over UDP and ICMP needs rules for both directions in order to work correctly. However, if NAT is used, only rules for the "start direction" is needed. See also the Rules and Services sections.
If NAT is used for traffic from an interface, relays are needed to get packets through to this interface. Go to the Relays page and define relays for the traffic allowed. See also the Relays section.
Press the Administration button and go to the Save/Load Configuration page. Select Apply configuration. First the new configuration is tested. When it is satisfactory, it can be saved permanently. If the configuration is not satisfactory, select Revert or restart the firewall. The old configuration will remain.
Do a rough sketch of the network to make the configuration simpler. Things to think of:
Which IP addresses will the firewall interfaces use? There can be more than one IP address on one interface.
Which series of IP addresses will be used on the networks connected to the different interfaces?
Are there networks behind routers?
What is the default gateway for the firewall?
To make the installation traffic break as short as possible, you can configure the firewall before connecting it to the networks. All that is really needed for the configuration is to connect it to the inner network, to make the workstation (from where configuration is done) reach the firewall.
Which traffic should be allowed? The Ingate Firewall rejects all traffic not explicitly let through. Note that many services requires a DNS server, which means that DNS traffic usually needs to be allowed.
See also the configuration examples in appendix B, More in-depth examples.