• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Configuring VPN from Proventia
 

Configuring VPN from Proventia

on

  • 1,126 views

 

Statistics

Views

Total Views
1,126
Views on SlideShare
1,126
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Configuring VPN from Proventia Configuring VPN from Proventia Document Transcript

    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems August 12, 2005 Overview Introduction This document describes how to configure a VPN tunnel from a Proventia M Series appliance running a Firmware 2.1 operating system or later to NetScreen 208 systems. Intended use This document provides an example for configuring VPN from a Proventia M Series appliance to a NetScreen system running a version 4.0.0r6 operating system. The example is not designed for operational use without modification. A knowledgeable IPSEC network administrator or advanced user should design new, custom polices for operational use. Scope This document does not provide specific procedures, but rather examples of settings. For specific instructions on how to configure these settings, refer to the documentation listed in the Related documentation section of this topic. Related Refer to the Proventia Manager Online Help and the Proventia M Series Appliances User documentation Guide for more information about the following: ● IKE settings ● IPSEC and IPSEC policies ● security gateways ● access policies ● NAT policies For procedures for configuring the NetScreen system, refer to the documentation provided with your system. © Internet Security Systems, Inc. 2005. All rights reserved worldwide. 1
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems In this document This document contains the following topics: Topic Page Before You Begin 3 Configuring the Proventia Appliance Security Gateway 5 Configuring the Proventia Appliance IPSEC Policy 7 Creating an IPSEC Policy for Antivirus Protection with VPN Connection 8 Creating Related Access Policies for the Proventia M Series Appliance 10 Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series 11 Appliance Creating Access Policies to Enable Traffic from Subnet A to Subnet B 12 Creating NAT Rules 14 Creating Network Objects for the NetScreen System 16 Configuring VPN on the NetScreen System Using the VPN Wizard 18 Configuring VPN on the NetScreen System Manually 20 Configuring IKE Phase 2 Policy on the NetScreen System 22 Creating Firewall Rules on the NetScreen System 23 Contents of document subject to change. 2
    • Before You Begin Before You Begin Introduction This topic includes a topography graphic and a checklist to help you gather the information you need to configure VPN for your Proventia M Series appliance and NetScreen system. Topography The following graphic illustrates the network topography of a Proventia M Series appliance configured for VPN with a NetScreen system. The example used in this document is based on the topography depicted. Table 1: Topography for VPN tunnel from Proventia appliance to NetScreen Contents of document subject to change. 3
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Checklist The following checklist indicates the information that you need before configuring your VPN tunnel. Task Description Proventia M Series External IP address _____________________________ Note: This is the IP address that you will use where a.a.a.a appears in the examples in this document. Proventia M Series Internal IP Address _____________________________ Subnet A IP address _____________________________ Netscreen External IP address _____________________________ Note: This is the IP address that you will use where b.b.b.b appears in the examples in this document. Netscreen Internal IP address _____________________________ Subnet B IP address/mask _____________________________ Preshared key (minimum of 16 characters) _____________________________ Note: Use signed certificates to identify the Proventia appliance and Check Point VPN server for better security. IKE Phase 1 (Main Mode) Authentication MD5 SHA1 IKE Phase 1 Encryption 3DES DES AES Note: If you select AES, select an AES key length: 128 192 256 IKE Phase 1 Key Lifetime Seconds _____________________________ IKE Phase 1 Key Lifetime Kbytes _____________________________ IKE Phase 1 Diffie-Hellman Group Group1 Group2 Group5 IKE Phase 2 (Quick Mode) Authentication MD5 SHA1 IKE Phase 2 Encryption 3DES DES AES Note: If you select AES, select an AES key length: 128 192 256 IKE Phase 2 Key Lifetime Seconds _____________________________ IKE Phase 2 Key Lifetime Kbytes _____________________________ IKE Phase 2 Diffie-Hellman Group None Group1 Group2 Group5 Access Policies Table 2: Checklist before configuring VPN tunnel Contents of document subject to change. 4
    • Configuring the Proventia Appliance Security Gateway Configuring the Proventia Appliance Security Gateway Introduction You must configure the security gateway that represents the NetScreen appliance. The security gateway contains the IKE and IPSEC communication settings. To configure the security gateway, create an Auto Key IPSEC Security Gateway with the settings shown below. Security gateway Define the security gateway name, and configure IKE settings on the IKE Configuration IKE Configuration tab, as shown in the following table: settings Item Setting Name To_NetScreen Enabled Selected Comment IPSEC tunnel to NetScreen system Direction Both Directions Exchange Type Main Mode Encryption Algorithm AES AES Key Length 128 Authentication SHA1 Algorithm Authentication Mode Pre Shared Key Pre-Shared Key A text string value of at least 16 alphanumeric characters Example 1234567890abcdef Note: Use the same text string for the NetScreen system. Life Time Secs 28800 Life Time KBytes 0 DH Group Group2 Local IP Address Static Address Note: In the IP Address field, type the external interface IP address of the Proventia appliance. Example a.a.a.a Remote IP Address Static Address Note: In the IP Address field, type the external interface IP address of the Symantec system. Example b.b.b.b Table 3: IKE Configuration settings for the Proventia appliance Contents of document subject to change. 5
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Item Setting Local ID Static Address Note: In the IP Address field, type the external interface IP address of the Proventia appliance. Example a.a.a.a Remote ID Static Address Note: In the IP Address field, type the external interface IP address of the NetScreen system. Example b.b.b.b Table 3: IKE Configuration settings for the Proventia appliance IKE XAuth settings In the XAuth area of the IKE Configuration tab, the Enabled checkbox is disabled by default. Make sure that this checkbox is cleared to disable the XAuth settings. IPSEC Configuration Define the IPSEC Configuration general settings on the IPSEC Configuration tab, as general settings shown in the following table: Item Setting Encapsulation Mode Tunnel Perfect Forward Group2 Secrecy Advanced Settings Disabled Table 4: IPSEC Configuration general settings for the Proventia appliance Adding a security In the Security Proposal area of the IPSEC Configuration tab, add a security proposal proposal with the settings shown in the following table: Item Setting Security Protocol ESP with Auth Auth Algorithm SHA1 ESP Algorithm AES ESP AES Key 128 Length Life Time Secs 3600 Life Time KBytes 0 Table 5: Security Proposal settings for the Proventia appliance Advanced settings In the Advanced Settings area of the IPSEC Configuration tab, the Enabled checkbox is cleared by default. Make sure that this checkbox is cleared to disable the advanced settings. Contents of document subject to change. 6
    • Configuring the Proventia Appliance IPSEC Policy Configuring the Proventia Appliance IPSEC Policy Introduction You must configure the IPSEC policy to define what is encrypted between the Proventia appliance and the NetScreen system. The IPSEC policy is configured without network address translation (NAT). Reference: See “Creating NAT Rules” on page 14. IPSEC policy Define the IPSEC policy general settings as shown in the following table: general settings Item Setting Name To_NetScreen Enabled Selected Comment IPSEC tunnel to NetScreen Security Process Encrypt Protocol All Table 6: IPSEC general policy settings for the Proventia appliance IPSEC policy Define the remaining IPSEC policy settings as shown in the following table: remaining settings On this subtab... Select this item... With this setting... Security Gateway Auto Key Security Gateway To_NetScreen Source Address Network Address/#Network Bits The network address and subnet (CIDR) mask for subnet A Example 192.168.1.0/24 Source Port Any N/A Destination Address Network Address/#Network Bits The network address and subnet (CIDR) mask for subnet B Example 10.1.0.0/16 Destination Port Any N/A Table 7: IPSEC policy settings for the Proventia appliance Contents of document subject to change. 7
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Creating an IPSEC Policy for Antivirus Protection with VPN Connection Introduction The antivirus software proxies traffic to the external interface of the Proventia appliance for the following protocols: ● HTTP ● FTP ● SMTP ● POP3 To ensure that traffic analyzed by the antivirus software is sent and received from the remote VPN subnet B, you must create an additional IPSEC policy. Note: The Proventia appliance automatically creates the mirror inbound policy for antivirus protection for VPN. IPSEC policy Define the IPSEC policy general settings as shown in the following table: general settings Item Setting Name AV_To_NetScreen Enabled Selected Comment IPSEC policy to protect AV traffic to NetScreen Security Process Encrypt Protocol All Table 8: IPSEC Configuration general settings for antivirus protection for VPN IPSEC policy Define the remaining IPSEC policy settings as shown in the following table: remaining settings On this subtab... Select this item... With this setting... Security Gateway Auto Key Security Gateway To_NetScreen Source Address Single IP Address The external interface IP address of the Proventia appliance Example a.a.a.a Note: This setting encapsulates traffic from the Proventia appliance external interface. Source Port Any N/A Destination Address Network Address/#Network Bits The network mask for subnet B (CIDR) Example 10.1.0.0/16 Table 9: IPSEC Configuration remaining settings for antivirus protection for VPN Contents of document subject to change. 8
    • Creating an IPSEC Policy for Antivirus Protection with VPN Connection On this subtab... Select this item... With this setting... Destination Port Any N/A Table 9: IPSEC Configuration remaining settings for antivirus protection for VPN (Continued) Contents of document subject to change. 9
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Creating Related Access Policies for the Proventia M Series Appliance Introduction You must create additional access policies on the Proventia appliance to do the following: ● enable Internet Security Association and Key Management Protocol (ISAKMP) traffic to the Proventia appliance external interface Reference: See “Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance” on page 11. ● enable traffic from subnet A to subnet B without NAT (Network Address Translation) Reference: See “Creating Access Policies to Enable Traffic from Subnet A to Subnet B” on page 12. Guideline You are creating a VPN tunnel in which the original IP addresses are preserved in the ESP, so you do not need NAT for the subnets. See “Creating NAT Rules” on page 14. Order of access The appliance processes access policies in the order that they appear in the Access Policy policies list. Contents of document subject to change. 10
    • Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance Creating an Access Policy to Enable ISAKMP Traffic to the Proventia M Series Appliance Introduction Although you have created a VPN tunnel from the NetScreen server to the Proventia VPN server, you must configure the firewall to accept or deny traffic from the VPN client. To do this, enable ISAKMP traffic to the Proventia appliance external interface. To enable ISAKMP traffic to the Proventia appliance, enable the access policy that allows VPN traffic. You can identify this policy by the Comment field that includes the following default text: Enable this rule for VPN Connectivity Note: This access policy is disabled by default. You must enable it to allow VPN traffic. ISAKMP access Define the access policy general settings as defined in the following table: policy general settings Item Setting Enabled Selected Action Allow Log Enabled Not selected (optional) Comment Enable this rule for VPN Connectivity Table 10: ISAKMP access policy general settings for the Proventia appliance ISAKMP access Define the remaining access policy settings as shown in the following table: policy remaining settings On this subtab... Select this item... With this setting... Protocol Any N/A Source Address Single IP Address The external interface IP address for the NetScreen server (Unit B) Example b.b.b.b Source Port Any N/A Destination Address Self N/A Destination Port Specify Network Objects ISAKMP_UDP Table 11: ISAKMP access policy settings for the Proventia appliance Contents of document subject to change. 11
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Creating Access Policies to Enable Traffic from Subnet A to Subnet B Introduction You must create two additional access policies on the Proventia appliance to allow all traffic from subnet A to subnet B: ● a policy to allow inbound traffic ● a policy to allow outbound traffic Inbound access Define the inbound access policy general settings as defined in the following table: policy general settings Item Setting Enabled Selected Action Allow Log Enabled Not selected (optional) Comment Access policy to allow traffic from remote NetScreen network Table 12: Inbound access policy general settings Inbound access Define the remaining inbound access policy settings as shown in the following table: policy remaining settings On this subtab... Select this item... With this setting... Protocol Any N/A Source Address Network Address/#Network Bits The network IP address and (CIDR) mask for subnet B Example 10.1.0.0/16 Source Port Any N/A Destination Address Network Address/#Network Bits The network IP address and (CIDR) mask for subnet A Example 192.168.1.0/24 Destination Port Any N/A Table 13: Inbound access policy remaining settings Outbound access Define the outbound access policy general settings as defined in the following table: policy general settings Item Setting Enabled Selected Action Allow Log Enabled Not selected (optional) Table 14: Outbound access policy general settings Contents of document subject to change. 12
    • Creating Access Policies to Enable Traffic from Subnet A to Subnet B Item Setting Comment Access policy to allow traffic out to remote NetScreen network Table 14: Outbound access policy general settings (Continued) Outbound access Define the remaining outbound access policy settings as shown in the following table: policy remaining settings On this subtab... Select this item... With this setting... Protocol Any N/A Source Address Network Address/#Network Bits The network mask for subnet A (CIDR) Example 192.168.1.0/24 Source Port Any N/A Destination Address Network Address/#Network Bits The network mask for subnet B (CIDR) Example 10.1.0.0/16 Destination Port Any N/A Table 15: Outbound access policy remaining settings Contents of document subject to change. 13
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Creating NAT Rules Introduction In firmware version 2.1 and later, you must add NAT (Network Address Translation) rules to bypass NAT and insure that the appliance does not translate packets that travel between subnets. The additional NAT rules are as follows: ● a Source NAT Rule ● a Destination NAT Rule Source NAT Rule Create a Source NAT Rule with general settings as defined in the following table: general settings Item Setting Name NetScreen_BypassNAT_Src Enabled Selected Comment Source NAT Rule to bypass NAT Table 16: Source NAT Rule general settings Source NAT Rule Define the remaining Source NAT Rule settings as shown in the following table: remaining settings On this subtab... Select this item... With this setting... Protocol Any N/A Source Address Network Address/#Network Bits The network mask for subnet A. (CIDR) Example 192.168.1.0/24 Destination Address Network Address/#Network Bits The network mask for subnet B. (CIDR) Example 10.1.0.0/16 Destination Port Any N/A Translated Address Do Not Translate N/A Table 17: Source NAT Rule remaining settings Note: Make sure that the Source NAT Rule is in the first position in the Source NAT Rules table. Destination NAT Create a Destination NAT Rule with general settings as defined in the following table: Rule general settings Item Setting Name NetScreen_BypassNAT_Dst Enabled Selected Comment Destination NAT Rule to bypass NAT Table 18: Destination NAT Rule general settings Contents of document subject to change. 14
    • Creating NAT Rules Destination NAT Define the remaining Destination NAT Rule settings as shown in the following table: Rule remaining settings On this subtab... Select this item... With this setting... Protocol Any N/A Source Address Network Address/#Network Bits The network mask for subnet B. (CIDR) Example 10.1.0.0/16 Destination Address Network Address/#Network Bits The network mask for subnet A. (CIDR) Example 192.168.1.0/24 Destination Port Any N/A Translated Address Do Not Translate N/A Translated Port Do Not Translate N/A Table 19: Destination NAT Rule remaining settings Note: Make sure that the Destination NAT Rule is in the first position in the Destination NAT Rules table. Contents of document subject to change. 15
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Creating Network Objects for the NetScreen System Introduction You must create network objects on the NetScreen management console. Creating an To create an address list object for subnet A: address list object for subnet A 1. In the left pane, select Objects Addresses List. 2. Select Untrust. 3. Click New, and then configure the following settings: Item Setting Address Name Subnet A IP/Netmask The network address and subnet mask for subnet A Example 192.168.1.0/24 Zone Untrust Table 20: NetScreen address list object settings for Subnet A 4. Click OK. Creating an To create an address list object for Subnet B: address list object for subnet B 1. In the left pane, select Objects Addresses List. 2. Select Trust. 3. Click New, and then configure the following settings: Item Setting Address Name Subnet B IP/Netmask The network address and subnet mask for subnet B Example 10.1.0.0/16 Zone Trust Table 21: NetScreen address list object settings for Subnet B 4. Click OK. Creating an To create an address list object for the Proventia appliance external IP address: address list object for the Proventia 1. In the left pane, select Objects Addresses List. appliance external 2. Select Untrust. IP address Contents of document subject to change. 16
    • Creating Network Objects for the NetScreen System 3. Click New, and then configure the following settings: Item Setting Address Name ProventiaM IP/Netmask The external interface IP address of the Proventia appliance Example a.a.a.a/32 Zone Untrust Table 22: Netscreen address list object settings for the Proventia appliance 4. Click OK. Contents of document subject to change. 17
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Configuring VPN on the NetScreen System Using the VPN Wizard Introduction Configuring VPN on the NetScreen system involves the following tasks: ● setting up VPN using the VPN wizard ● setting up the VPN rules to allow antivirus software to function ● disabling NAT traversal Setting up VPN To set up VPN: 1. In the left pane, select Wizards VPN. 2. Select LAN-to-LAN. 3. Select Local Static IP <-> Remote Static IP. 4. In the Remote Gateway IP Address field, type the external interface IP address of the Proventia appliance. Example a.a.a.a 5. Select Standard (128/168-bit encryption strength). 6. In the Preshared Secret field, type the same pre-shared key that you used for the Proventia appliance. Example 1234567890abcdef 7. Choose Select from the untrust zone address book, and then select Subnet A from the list. 8. Choose Select from the trust zone address book, and then select Subnet B from the list. 9. Review the configuration, and then click Next to accept. Setting up VPN To set up VPN rules to allow the antivirus software to function: rules to allow antivirus software 1. In the left pane, select Wizards VPN. to function 2. Select LAN-to-LAN. 3. Select Local Static IP <-> Remote Static IP. 4. In the Remote Gateway IP Address field, type the external interface IP address of the Proventia appliance. Example a.a.a.a 5. Select Standard (128/168-bit encryption strength). 6. In the Preshared Secret field, type the same pre-shared key that you used for the Proventia appliance. Example Contents of document subject to change. 18
    • Configuring VPN on the NetScreen System Using the VPN Wizard 1234567890abcdef 7. Choose Select from the untrust zone address book, and then select ProventiaM from the list. 8. Choose Select from the trust zone address book, and then select Subnet B from the list. 9. Review the configuration, and then click Next to accept. Disabling NAT To disable NAT traversal: traversal 1. In the left pane, select VPN Autokey Advanced Gateway. 2. In the right pane, click Edit next to Gateway to Subnet A. 3. Click Advanced. 4. Clear the Enable NAT-Traversal check box. 5. Click Return. 6. Click OK. Contents of document subject to change. 19
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Configuring VPN on the NetScreen System Manually Introduction If you do not want to use the VPN wizard, or if the wizard does not properly configure your VPN settings, you can configure the settings manually. The remainder of this document describes how to configure VPN on the NetScreen system manually. Creating gateway To create the gateway object and IKE phase 1 policy: object and IKE phase 1 policy 1. Select VPNs AutoKey Advanced Gateway. 2. In the right pane, click New. 3. Configure the following settings: Item Setting Gateway Name Gateway for Subnet A Security Level Standard Reference: For information about the Standard Security Level, refer to “Description of Standard Security Level” on page 21. Remote Gateway Type Static IP Address IP Address The external interface IP address of the Proventia appliance Example a.a.a.a Peer ID The external interface IP address of the Proventia appliance Example a.a.a.a User None Group None Preshared Key The same pre-shared key that you used for the Proventia appliance Example 1234567890abcdef Local ID Leave blank Outgoing Interface Select the interface configured as Untrust under Network Interfaces Example ethernet3 Table 23: NetScreen gateway object and IKE Phase 1 policy settings 4. Click Advanced. 5. Clear the Enable NAT-Traversal check box. 6. Click Return. 7. Click OK. Contents of document subject to change. 20
    • Configuring VPN on the NetScreen System Manually Description of The Standard Security Level setting includes the following policy settings: Standard Security Level ● Policy 1 ■ Identity Authentication: Preshared Secret ■ Perfect Forward Secrecy: Diffie-Hellman Group 2 ■ Encryption: 3DES ■ Authentication: SHA-1 ● Policy 2 ■ Identity Authentication: Preshared Secret ■ Perfect Forward Secrecy: Diffie-Hellman Group 2 ■ Encryption: AES 128 ■ Authentication: SHA-1 Note: The Proventia M Series settings match Policy 2 settings. Contents of document subject to change. 21
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Configuring IKE Phase 2 Policy on the NetScreen System Introduction This topic describes how to configure IKE Phase 2 or Quick Mode on the NetScreen system. Creating an IKE To create an IKE policy rule: policy rule 1. Select VPNs AutoKey IKE. 2. In the right pane, click New. 3. Configure the following settings: Item Setting VPN Name Tunnel for Subnet A Security Level Standard Reference: For information about the Standard Security Level, refer to “Description of Standard Security Level” on page 21. Remote Gateway Predefined Select Gateway for Subnet A. Table 24: NetScreen IKE Phase 2 policy settings 4. Click OK. Contents of document subject to change. 22
    • Creating Firewall Rules on the NetScreen System Creating Firewall Rules on the NetScreen System Introduction This topic describes how to create inbound and outbound firewall rules for the NetScreen system. Note: IKASMP and UDP port 500 rules for IKE negotiations are enabled by default. Creating the To create the outbound firewall rule: outbound firewall rule 1. In the left pane, select Polices. 2. Select Trust from the From drop-down list. 3. Select Untrust from the To drop-down list. 4. Click Go. 5. Click New, and then configure the following settings: Item Setting Name Proventia Source Address Address Book Select Subnet B from the drop-down list. Destination Address The external interface IP address of the Proventia appliance Example a.a.a.a. Service Any Action Tunnel Tunnel Tunnel for Subnet A Modify matching Selected bidirectional VPN policy L2TP None Position at Top Selected Table 25: NetScreen outbound firewall rule settings 6. Click OK. Verifying the The mirror policy for inbound traffic is automatically created when you select Modify inbound firewall rule matching bidirectional VPN policy. However, you may want to verify that it was created. To verify that the inbound rule was created: 1. Select Untrust from the From list. 2. Select Trust from the To list. 3. Click Go. You should see an enabled policy with the following settings: Contents of document subject to change. 23
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems ■ Source: Subnet A ■ Destination: Subnet B ■ Service: Any ■ Action: Tunnel Creating the To create the outbound firewall rule to allow the antivirus software to function: outbound firewall rule for the 1. In the left pane, select Polices. antivirus software 2. Select Trust from the From drop-down list. to function 3. Select Untrust from the To drop-down list. 4. Click Go. 5. Click New, and then configure the following settings: Item Setting Name Proventia Source Address Address Book Select Subnet B from the list. Destination Address Address Book Select Subnet A from the list. Service Any Action Tunnel Tunnel Tunnel for ProventiaM Modify matching Selected bidirectional VPN policy L2TP None Position at Top Selected Table 26: NetScreen antivirus outbound firewall rule settings 6. Click OK. Verifying the The mirror policy for inbound traffic is automatically created when you select Modify inbound firewall rule matching bidirectional VPN policy. However, you may want to verify that it was created. To verify that the inbound rule was created: 1. Select Untrust from the From list. 2. Select Trust from the To list. 3. Click Go. You should see an enabled policy with the following settings: ■ Source: Subnet A ■ Destination: Subnet B Contents of document subject to change. 24
    • Creating Firewall Rules on the NetScreen System ■ Service: Any ■ Action: Tunnel Copyright © 2003-2005, Internet Security Systems, Inc. All rights reserved worldwide. Internet Security Systems, the Internet Security Systems logo, and Proventia are trademarks of Internet Security Systems, Inc. Other marks and trade names mentioned are marks and names of their owners as indicated. All marks are the property of their respective owners and used in an editorial context without intent of infringement. Specifications and content are subject to change without notice. Contents of document subject to change. 25
    • Configuring VPN from Proventia® M Series Appliance to NetScreen Systems Contents of document subject to change. 26