Symantec Web
Security 2.5
Facilities Setup Guide
Revision April 25, 2002
Part Number: FG-00020
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Copyright Notice
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Other brands and products are trademarks of their respective holder/s. Copyright © 2002
Symantec Corporation. All Rights Reserved. Any technical documentation that is made
available by Symantec Corporation is the copyrighted work of Symantec Corporation and is
owned by Symantec Corporation.
NO WARRANTY. The technical documentation is being delivered to you AS-IS, and
Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical
documentation or the information contained therein is at the risk of the user. Documentation
may include technical or other inaccuracies or typographical errors. Symantec reserves the
right to make changes without prior notice.
No part of this publication may be copied without the express written permission of
Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.
Trademarks
Symantec, the Symantec logo, Intruder Alert, NetProwler, Raptor, VelociRaptor, Symantec
Desktop Firewall, Symantec Enterprise VPN, Symantec Enterprise Firewall, RaptorMobile,
NetRecon, Enterprise Security Manager, NAV, Norton AntiVirus, Symantec System Center,
Symantec Web Security, Mail-Gear and I-Gear are trademarks of Symantec Corporation.
Windows is a registered trademark of Microsoft Corporation. Pentium is a registered
trademark of Intel Corporation. Other product names mentioned in this manual may be
trademarks of their respective companies and are hereby acknowledged.
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Document overview
This document provides background information for technical staff
responsible for setting up a training room facility for the Symantec Web
Security course. This guide describes the requirements for the network
equipment and computers that are installed and configured by the facilities
personnel for the training course.
1
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Related documentation
Related documentation
The following is a list of reference materials related to the Symantec Web
Security 2.5 training. These materials may be of some additional value to
facilities personnel in understanding the setup tasks performed by the
instructor and the overall training objectives.
" Student Guide for the Symantec Web Security 2.5 course
" Symantec Web Security Implementation guide
2 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Setup for course
Setup for this course consists of four major tasks summarized below:
Setup Task Comments Responsibility
Network and computer Installation of computers in a Facilities personnel
equipment installation and networked environment with
configuration NICs and network cables.
Installation of required Operating
Systems and minimum service
packs. Installation and
configuration of all networking
software as required.
Configure DNS (specifications
found in the Installing Symantec
Web Security section
Installation of software Installation of Microsoft Internet Facilities personnel
Explorer 5.0 or Netscape
Navigator® 4.7 or later
Installation of PowerPoint or
PowerPoint viewer
Acrobat or Acrobat Reader
Utility that extracts .zip files
Obtain a license A temporary license may be Instructor
downloaded from the software
trial download section at
symantec.com
Installation of application Installation of Symantec Web Instructor
software Security on instructor computer
Create a share on the instructor
computer and add the Symantec
Web Security installation files.
Place installation files on the
student computers using the
share or CD.
Upload the BackupConfigFile.gfh
after installation of the software.
3
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Installing Symantec Web Security
Installing Symantec Web Security
Upgrading from earlier versions
To upgrade an earlier version of the content filtering component, install this
distribution as described in this guide. The installation process automatically
upgrades your content filtering component installation to the release
contained in this distribution.
If you are upgrading from Symantec I-Gear to Symantec Web Security, do not
uninstall the older version of I-Gear. Install Symantec Web Security over I-
Gear. Uninstalling I-Gear may remove settings (such as defined users,
scheduled events, and list definitions) that you do not want to lose. These
settings are retained in Symantec Web Security.
Do not uninstall I-Gear after installing Symantec Web Security. Symantec
Web Security will not function properly if I-Gear is uninstalled later.
Installing and configuring the operating system
Ensure that your server s operating system software and applicable updates
are installed, configured, and working properly before you install Symantec
Web Security. Consult your server s documentation for more information.
Installation of your operating system software and updates is outside the
scope of this guide.
Installing and configuring TCP/IP
Ensure that a valid Transmission Control Protocol/Internet Protocol (TCP/IP)
configuration exists and is working properly before you install Symantec Web
Security. Symantec Web Security will not function without TCP/IP
configured.
Installing and configuring FireWall-1
If you are using Symantec Web Security with FireWall-1, the firewall must be
installed, configured, and working correctly before you install Symantec Web
Security. The computer on which FireWall-1 is installed must have two
network cards, one interfacing with an internal network and one with an
external network. Consult Check Point FireWall-1 documentation for more
information.
4 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Note: You can install Symantec Web Security for FireWall-1 on the computer on
which the firewall is installed or on another computer inside or outside of the
network. Preparing for installation
Verifying DNS settings
You must verify that your server is configured as a Domain Name Server
(DNS) client prior to installing Symantec Web Security, and TCP/IP DNS
settings must be correct.
Windows NT
Your server s TCP/IP DNS settings must be correct before you install
Symantec Web Security. To verify DNS settings on Windows NT:
1. In the Network window, on the Protocols tab, click TCP/IP Protocol.
2. Click Properties.
3. In the Microsoft TCP/IP Properties window, on the DNS tab, verify that
both the Host Name and Domain fields have the appropriate entries and
that at least one valid DNS server is listed in the DNS Service Search
Order list, and make the necessary changes.
Consult with your network administrator or Internet service provider (ISP)
if you are unsure of the settings that should be used here.
4. Click OK.
5. Restart your server if necessary.
Windows 2000
Your server s TCP/IP DNS settings must be correct before you install
Symantec Web Security. To verify DNS settings on Windows 2000:
1. Right-click My Network Places, then click Properties.
2. Right-click Primary Network Connection, then click Properties.
3. Click Internet Protocol (TCP/IP), then click Properties.
4. Verify that the appropriate IP address for a valid DNS server is selected.
Consult with your network administrator or Internet service provider (ISP)
if you are unsure of the settings that should be used here.
5. Click Advanced.
6. On the DNS tab, check Append these DNS Suffixes.
7. Click OK.
5
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Installing Symantec Web Security
8. Restart your server if necessary.
Solaris
Your server must be configured as a DNS client prior to installing Symantec
Web Security.
Note: On Netra"! systems, the Web-based Netra administration interface should be
used to configure the system as a DNS client. After the settings have been made using
the Netra administration interface, you are encouraged to verify the settings as
shown here.
To verify your DNS settings on Solaris:
1. Examine the following file: /etc/resolv.conf
This file should contain lines similar to the following:
domain yourdomain.here
nameserver 192.168.1.2
nameserver 192.168.9.7
2. Verify that the specific domain name and name server addresses used in
your file are appropriate for your site and make any necessary changes.
Consult with your network administrator or ISP if you are unsure of the
values that should be used.
If the /etc/resolv.conf file does not exist on your server, create the file
using the above example as a template. Be sure to replace the domain
name and name server addresses with values that are appropriate for your
site.
Configuring the DNS server
In addition to your server being configured to use DNS, your site s DNS zone
must be configured to contain at least the following records:
" An A (address) record that corresponds to your server s host name.
" A PTR (pointer) record that maps your server s IP address to its host
name, including the domain name (for example, server.brightcorp.com).
Check with your Domain Name Server Administrator or ISP if you are
uncertain whether the necessary records have been installed on the DNS
server that you are using.
6 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Configuration options at installation
During the install process, Symantec Web Security prompts you for certain
configuration options.
Installation directories
As the program prompts you for the location of each directory during
installation, a default location is shown. Unless you have a compelling reason
to do otherwise (for example, inadequate disk space on the root disk drive),
accept the default locations.
" Built-in HTTP server port
During the installation process, you are prompted for the TCP/IP port
number on which this built-in HTTP server listens. The port number
specified must be exclusive to Symantec Web Security and must not
already be in use by any other program or service.
Unless you have a compelling reason to do otherwise, you should use the
default port number of 8002
" Virtual administrator account password
A virtual administrator account is created at installation with a logon
name of virtadmin. You are prompted to provide a password for this
account during the installation process. Make the password the same as
the login.
" Cache size
You are prompted to specify the amount of disk space to allocate for the
cache. Use the default setting of 400 MB.
Note: If you are using FireWall-1 and plan to use Symantec Web Security as a
Content Vectoring Protocol (CVP) resource, the caching feature of Symantec Web
Security does not function, and the amount of allocated disk space can be small.
However, if you run Symantec Web Security concurrently with FireWall-1 and
configure any browser clients to use the Symantec Web Security proxy server, the
caching feature is operational for those clients, and the amount of disk space should
be adjusted accordingly.
Using Symantec Web Security with Check Point FireWall-1
You will be prompted to specify whether you will use Symantec Web Security
in conjunction with FireWall-1 via the Content Vectoring Protocol (CVP). The
decision to use the software in conjunction with FireWall-1 via CVP also can
be changed at any time.
7
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Installing Symantec Web Security
Solaris
The Solaris version of Symantec Web Security is distributed as a self-
extracting, self-installing shell archive (shar) file, sws.sh.
To install Symantec Web Security on Solaris:
1. Log on as root.
2. Copy the distribution file, sws.sh, to a directory on the computer on
which you plan to install Symantec Web Security.
3. Change directory to the location where you copied the distribution file.
4. Type the following command:
# /bin/sh ./sws.sh
5. Follow the on-screen instructions.
Windows NT and Windows 2000
To install Symantec Web Security on Windows NT and Windows 2000:
1. Log on as Administrator or with administrative rights.
2. Copy the Setup.exe file to a directory on the computer on which you plan
to install Symantec Web Security or locate Setup.exe on the CD.
3. Double-click Setup.exe.
4. Follow the on-screen instructions.
5. Restart the system.
In rare cases, not restarting prevents you from being able to log on using the
virtadmin account.
8 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Training room environment
The training room environment consists of the following equipment:
Operating Internet
Equipment Quantity Minimum system requirements
system access
Student servers 12 max Solaris 7 or Required Solaris server with:
later " 128 MB of memory
" 100 MB of available disk space
CD-ROM drive
15-inch monitor and cards to drive at
800 x 600 minimum resolution
Compatible mouse.
Student servers 12 max Windows NT Required
PC based on an Intel® Pentium® or
Server 4.0
compatible processor with:
with Service
" 128 MB of memory
Pack 6a or
" 100 MB of available disk space
later
CD-ROM drive
or
15-inch monitor and cards to drive at
Windows
800 x 600 minimum resolution
2000 Server
Compatible mouse.
with Service
Pack 2
Student servers 12 max Check Point Required Check Point FireWall-1 version 4 patch
FireWall-1 level 4031 or later already installed and
working.
Note: The number of computers running a particular operating system will be
determined by the customer. If their environment consists of only one
operating system, only one OS needs to be installed. If their environment
consists of multiple operating systems, divide the computers available by this
number and install the appropriate operating systems.
Instructor 1 Windows NT Required
PC based on an Intel® Pentium® or
computer Server 4.0
compatible processor with:
with Service
" minimum of 256 MB of memory
Pack 6a or
" 100 MB of available disk space for
later
configuration files, online
or
documentation etc.
Windows
CD-ROM drive
2000 Server
15-inch monitor and cards to drive at
Service Pack
800 x 600 minimum resolution
2
Color LCD or other projection system
Compatible mouse
9
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Training room environment
Instructor s computer
The instructor s computer must have:
" Windows NT/2000 server
" IP protocol running
" A share named Installs at x:\installs
" PowerPoint or PowerPoint viewer installed
" Acrobat or Acrobat reader installed
" Internet access and a Web browser
Suitable browsers include Netscape Navigator® 4.7 or later or Microsoft
Internet Explorer 5.0 or later.
" A color LCD or other projection system connected
" A CD-ROM drive
Student servers
Student servers must have:
" Windows NT/2000 server
" IP protocol running
" Internet access and a Web browser
Suitable browsers include Netscape Navigator® 4.7 or later or Microsoft
Internet Explorer 5.0 or later.
" A CD-ROM drive
Room environment
The room should contain:
" a whiteboard measuring a minimum of 1 yard by 2-3 yards in length (1
½ meter by 2-3 meters)
" multi-colored dry erase markers
10 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Classroom configuration
The configuration of this classroom is modular. Computers can be added or
removed, depending on the number of students present and the size of the
room, without compromising the number of platforms covered.
If the training environment consists of:
" NT and Solaris servers, place the Solaris servers between two NT servers
" NT and FireWall-1 servers, place the FireWall-1 servers between two NT
servers
" NT, Solaris, and FireWall-1 servers, place the NT server in the middle of
the FireWall-1 and Solaris servers
The following is a sample room setup that provides optimal support
11
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Network topology
Network topology
All computers in the training environment should be on the same subnet. The
instructor s computer should have a static IP address capable of accessing
the Internet. Student computers may have either static IP or DHCP issued
addresses.
If there is a proxy server other than Symantec Web Security, the IP address
for this server will need to be shared with the instructor. This information is
necessary when Symantec Web Security has to communicate with the
licensing server.
Computer NICs can be 10Mbit or 100Mbit (100Mbit is recommended).
All cables must be of an appropriate length, and bundled and tied out of
pathways and work areas.
12 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
 Instructor acceptance
Before the training class is scheduled to begin, the instructor will visit the
training facility to inspect and accept the setup. The technical contact for the
facility must be available to answer questions and correct any setup issues.
Both the instructor and the facility technical contact will ensure completion
of the following checklists before the training setup is deemed acceptable.
13
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For
Checklist
Checklist
Instructor computer
Verify the installation of the appropriate operating system.
Verify that all clients are visible to the instructor computer.
Document the static IP address assigned to the computer.
Type the URL of the proxy server and verify connectivity.
Visit a site on the Internet to verify Internet access.
Verify that the SWS source files are on the computer in x:\installs\
Verify that the overhead projector is functioning properly.
Verify OS and SP level by opening Start > Run and entering Winmsd (Windows only).
Verify the virtadmin account and password work correctly.
Student servers
Verify the installation of the appropriate operating system.
Verify that the instructor computer is visible to the clients.
Document the IP address assigned to the computer.
Type the URL of the proxy server and verify connectivity.
Visit a site on the Internet to verify Internet access.
Verify that the SWS source files are on the computer in x:\installs\
Verify OS and SP level by opening Start > Run and entering Winmsd (Windows only).
Classroom environment
Verify that the black and the blue markers are fresh and leave a good mark on the whiteboard.
Verify that the whiteboard has erasers and that they function well.
Verify that the whiteboard has cleaning fluid and wipes.
Verify that an easel is present with legible markers.
14 Symantec Web Security Facilities Setup Guide
ly
n
g O
n
ni
ai
r
T
f
af
t
al S
n
er
t
In
er
n
t
ar
P
ec
t
an
ym
S
For