NG Firewall User Guide
The NG Firewall User Guide
If you have not already installed NG Firewall, read the Installation Guide.
The Administration Interface
The Administration Interface is the main interface used to configure NG Firewall.
A registration and welcome message is displayed upon the first visit to the administration interface. It will make a suggestion about the suggested applications that may be useful for your network. You can choose to install the recommended apps or to install the apps manually.
There are four main tabs in the administration interface in the main menu:
In the sub-menu there are four views:
The Dashboard provides an overview of the state of your NG Firewall. It is extremely useful for quickly viewing or monitoring what is happening on the network and the current status of the NG Firewall server.
By default the dashboard will show several widgets with varying pieces of information. However, the dashboard is completely customizable. Widgets can be removed and added so the administrator sees exactly the information that is important to them on the dashboard.
There are many different type of widgets available:
|Information||Shows some information about NG Firewall, like name, model, version, etc.|
|Resources||Shows an overview current memory swap and disk usage.|
|CPU Load||Shows a graph of recent CPU load.|
|Network Information||Shows an overview of the network information like session count and device/host count.|
|Network Layout||Shows an overview of the network layout based on the interface configuration.|
|Map Distribution||Shows the current sessions mapped geolocation on a world map, sized by throughput.|
|Report||Shows any Report Entry from Reports|
To change what is displayed on the dashboard click on Manage Widgets at the top. From here you can show or hide the built-in widgets, or add new widgets from Reports by clicking on the Add button.
When adding a Report widget, you must also specify a timeframe (the number of hours worth of data to display) and a refresh interval (how often the widget refreshes on the dashboard).
When viewing a Report Entry in Reports you can also easily add it to your dashboard by clicking on the Add to Dashboard button.
If you see an alert icon near the top of the dashboard, hover over it for more information - these are Administrative Alerts designed to help you keep your NG Firewall healthy.
Applications are plugins that add functionality to your NG Firewall server - just like "apps" on an iPhone or Android device.
On the Apps tab you'll see the currently installed apps. Across the top there is a dropdown menu to switch to different Policies. Policies can be controlled via the Policy Manager app.
Apps can be installed by clicking the "Install Apps" button at the top. It will display the apps that can currently be installed. To install an app simply click on its icon. You can install as many apps at the same time as you like. After starting the installation of the desired apps you can click the "Done" button at the top to go back to the apps view.
Once installed the applications' settings can be configured by clicking on the Settings button or the icon of app, depending on the skin. Applications install with the suggested configuration which is the default settings and on/enabled in most cases. An application that is off/disabled will not process any network traffic. To enable a disabled application edit the settings and click "Enable" on the first tab inside the settings.
After clicking Settings, you will be presented with tabs for different settings sections, as well as typical buttons marked OK, Cancel and Apply. Apply saves any changes. OK saves any changes and closes the window. Cancel closes the window without saving settings. On the left hand side there is a Remove button which will remove the application from the current policy. The Help button will open the help for the tab currently being viewed.
NG Firewall has two types of Applications:
- Filter Applications All the Applications above the Services pane in the interface can have one instance per policy.
- Service Applications All the Applications below the Services pane are global and exist in all virtual racks.
Many networks only need one policy which means all traffic gets processed by the same apps and same configuration, but multiple policies (sometimes called "racks") are possible for bigger networks. For more information about running multiple racks check out the Policy Manager application.
To learn more about each application use the links below.
The config tab holds all the settings related to configuration of the NG Firewall server itself and settings for components of the platform that apps may interact with.
This is an list of all sections available under the Config tab in the Administration UI.
The Network configuration contains all the settings to control how your NG Firewall server routes and handles network traffic. Properly configuring network settings is critical for proper operation.
- Port Forward Rules
- NAT Rules
- Bypass Rules
- Filter Rules
- DNS Server
- DHCP Server
- Network Reports
The Network Configuration documentation documents how networking in NG Firewall functions and is commonly configured.
Administration controls the administration-related functionality of the NG Firewall server.
Email contains all the email-related configuration of the NG Firewall server.
Local Directory stores a list of users that can be used by the applications. It also supports RADIUS for 802.1x authentication from properly configured wireless network access points.
The RADIUS Server can be enabled to allow WiFi users to authenticate as any user configured in Local Directory.
The RADIUS Proxy can be enabled to allow WiFi users to authenticate with credentials that are validated with a configured Active Directory Server.
Upgrade allows the server to upgrade and contains upgrade-related settings.
Upgrades show the currently available upgrades if any. If upgrades are available, an upgrade can be started by pressing the Upgrade button at the top under Status.
To see changes see the Changelogs.
After the upgrade begins, it will download the new packages (which may take some time) and then the upgrades will be applied. Do not reboot or power off the server during the upgrade.
If Automatically Install Upgrades is checked, NG Firewall will automatically check for new versions and upgrade if available.
Automatic Upgrade Schedule configures when NG Firewall will automatically upgrade if upgrades are available. NG Firewall will automatically upgrade at the specified time on the days of the week than are checked.
When will I get the upgrade version?
- Upgrades are rolled out over time to NG Firewall deployments. The rollout can stretch out several weeks. If you want the upgrade immediately, email your UID to the Support team and request they add your UID to the Early Upgrade list.
How do I know when the new version is available for my NG Firewall?
- In the Upgrade page of your NG Firewall, when a new version is available, the Upgrade button will appear. If automatic upgrade setting is enabled, your NG Firewall will upgrade automatically once the upgrade is available on day and time specified.
Does the upgrade require a reboot?
- If a reboot is needed, the upgrade will reboot automatically once the upgrade is installed. There is no need for a manual reboot. Most upgrades will not reboot as there is no kernel change.
How long does the upgrade take?
- It's difficult to be precise since customer platforms, Internet connection speed and complexity of the upgrade vary. Generally upgrades take less than 20 mins. If the database version is changed as part of the NG Firewall upgrade, the process will take longer as the database will need to be converted. There are extreme cases of the upgrade taking over an hour.
Do I need to reinstall?
- No, upgrade process will update all the components on the NG Firewall seamlessly.
Where can I get what is changed in the new version?
- Release changes are posted on the NG_Firewall_Changelogs page.
System contains settings related to the server
About contains system information