| |
The Network panel lets you configure the appliance to function on the network on which it is installed.
Path: Network > IP addresses
The IP Addresses tab displays the network adapters, which are the physical connectors into the ICS appliance, and the IP addresses associated with each adapter. The list reflects the current ICS appliance hardware configuration.
Using the buttons to the right of the list, you can associate IP addresses with adapters and change IP address information. Each adapter can have multiple subnets associated with it, and each subnet will have one or more IP addresses associated with it. You can either define individual IP addresses and masks, or you can add a subnet address and mask and then add multiple IP addresses from that subnet range.
The IP address and the mask define a subnet. You cannot use the first or last address in any given subnet. You cannot create a subnet that collides with another subnet. You cannot create a subnet which spans multiple adaptors.
The following are valid subnet masks:
Path: Network > IP Addresses > TCP Options
The parameters displayed in this dialog box are standard TCP configuration settings. For more information on adjusting these parameters, see one of the TCP/IP references available at any bookstore carrying computer reference manuals.
Connection Timeout: The number of seconds the proxy server attempts to establish a connection before timing out because the other side has not responded. You might want to increase this value if you notice that the remote server is reachable (the ping succeeds) but the load is heavy.
Keep Alive Interval: The number of minutes a connection is idle before the proxy server queries to check if the other server is still responding.
Data Read Timeout: The number of seconds the proxy server waits for expected data to begin arriving before it times out. You might want to increase this value if you notice that the browser receives incomplete data or the connection is disconnected in the middle of data transfer.
Idle Server Timeout: The number of minutes the proxy server keeps the TCP connection between the browser and the proxy server active, even if there is no data flow.
Idle Client Timeout: The number of seconds the proxy server keeps the connection to the origin web server or another proxy server active, even if there is no data flow.
Path: Network > IP Addresses > Adapter Options
Adapter Options: Lets you change the speed and duplex settings for the network adapters on the system to ensure compatibility with an existing LAN. Speed options include Default, 10 M, and 100 M. Duplex options include Default, Half, and Full. Both speed and duplex are set to Default initially. Change these settings only if your LAN requires specialized adapter card changes.
Path: Network > DNS
The DNS tab lets you configure Domain Name Service that the ICS appliance will use, including setting a domain name for domain-relative address resolution.
DNS servers are searched in the order listed.
You must specify a domain name for the ICS appliance to use relative domain names.
Domain: Specify the domain of your ICS Appliance. Valid ranges include all valid domain names.
DNS Server IP: Specify the IP addresses of the DNS servers you are using. You can enter up to three.
Appliance Domain Name or Alias: (Optional) Specify a unique domain name or alias for the appliance. This name is used in the via headers that track packet routes across the network.
Path: Network > DNS > Advanced Options
The parameters displayed in the DNS Advanced Options dialog box are standard DNS configuration settings. For more information on adjusting these parameters, see one of the TCP/IP references available at any bookstore carrying computer reference manuals.
Negative Lookup: How long a failed DNS lookup domain name remains in the proxy server cache. If the proxy server cannot resolve a domain name, it stores that information in its cache for the specified amount of time. If the proxy server receives requests for that domain name within this period, it sends a "Bad Gateway" error message to the browser and does not resolve the domain name again. Valid ranges include 0 - 99999.
Minimum Entry Time to Live: The minimum amount of time that DNS entries remain in cache before they expire. This is the minimum value regardless of the value returned by the DNS name server. Valid ranges include 0 - 99999.
Maximum Entry Time to Live: The maximum amount of time that DNS entries remain in cache before they expire. This is the maximum value regardless of the value returned by the DNS name server. Valid ranges include 0 - 99999.
Maximum Entry Threshold: The maximum number of DNS cache entries. When this number is reached, the proxy server deletes old entries to make room for newer ones. The default is 2,500. Valid range is 2,000 - 100,000.
DNS Transport Protocol: The transport protocol DNS uses on the network where the appliance is installed.
Path: Network > Gateway/Firewall
The Gateway/Firewall tab lets you set up both default gateways as well as additional gateways for specific routing to hosts or networks. It also lets you specify RIP and SOCKS information for firewalls.
In order for ICS to function, you must specify a default gateway (router) whether ICS is originating packets that need to be routed (from proxy requests or scheduled downloads) or is serving as a router for packets that need to be routed externally.
Default Gateway IP Address: You must have at least one gateway defined for ICS to function. This is the IP address of the gateway or router being used by ICS.
Additional Gateways: (See Additional Gateways Dialog Box.)
Enable RIP: Allows you to turn on Routing Information Protocol. Through this protocol, ICS is able to "learn routes."
Reset Learned Routes: Throws away all information acquired through RIP. RIP must be turned on for this to have any effect.
Act As Router: Check this box if the appliance will function as the default gateway for clients on the network. See Transparent Proxy As a Default Gateway (Router) and Transparent Proxy As an Inline Router (Network Gateway).
Enable SOCKS Client: SOCKS is a firewall communication protocol. If there is a firewall preventing ICS from communicating directly, you can specify information for SOCKS 4 or 5 servers.
Server IP Address: The address of the SOCKS server you want to use.
Server Port: The port number for SOCKS traffic on the network.
SOCKS V4: Enables SOCKS version 4 protocol.
Username: Specify a username if the SOCKS v4 server requires one for communication.
SOCKS V5: Enables SOCKS version 5 protocol. ICS currently supports only NULL and Username/Password authentications.
No Authentication: If you use SOCKS v5 without verification, this box must be checked (where there is no username or password required).
Username/Password Authentication: Enables the entry of a SOCKS v5 username and password if your SOCKS server requires authentication.
Username: Enter your SOCKS username here.
Password: Enter your SOCKS password here.
Path: Network > Gateway/Firewall > Additional Gateways
This dialog box lets you specify additional gateways to be used by ICS. These can be used to route to specific destinations through specific gateways. For example, you might have a specific destination address that you want to set up to use a specific gateway. This is done under Host Gateways. You can also specify that any destination address on a specific subnet must use a specific gateway. This is done under Network Gateways.
You can also use the Metric field for each of the additional gateway types to alter the normal "specific to general" routing used here. The default value for Metric is 1. A higher number is generally used to indicate a higher cost associated with the gateway being referenced. When ICS has a destination address that matches the host list or the network list, it usually sends to that address unless the metric value for it is higher than the default. In this way, a more expensive gateway is not used unless the default or less specific gateway is unavailable.
NOTE: The ICS appliance conveniently allows you to enter information for the default gateway, specific destination hosts, or specific subnet destinations without requiring you to enter masking information to accomplish the routing. Simply enter the appropriate host or network information in one of the entry locations for that purpose, and the ICS appliance does the rest.
Default Gateway: The default gateway entered on the gateway panel. You can add a metric and specify whether the gateway is active or passive:
Host Gateways: You can define one or more gateways to be used for packets being sent to specific hosts:
Network Gateways: You can define one or most gateways to be used for packets being sent to specific subnets.
| |