After initial setup is complete, the administrator is ready to go further with configuring cOS Core to suit the requirements of a particular networking scenario.

The primary reference documentation for cOS Core consists of:

Other available documents are:

In addition, each cOS Core release has an associated Release Notes document that lists new features, fixes and known issues.

All documents can be downloaded in PDF format by logging into https://my.clavister.com and going to the downloads for the relevant cOS Core release. Alternatively, documentation for the latest cOS Core release can be read in HTML format at https://docs.clavister.com.

The cOS Core Administrators Guide

This guide is a comprehensive description of all cOS Core features and includes a detailed table of contents with a comprehensive index to quickly locate particular topics.

Examples of the setup for various scenarios are included but screenshots are kept to a minimum since the user has a variety of management interfaces to choose from.

Basic cOS Core Objects and Rules

As a minimum, the new administrator should become familiar with the cOS Core Address Book for defining IP address objects and with the cOS Core IP rule set for defining IP Rule objects which allow or block different traffic and which can also be used to set up NAT address translation.

IP rules identify the targeted traffic using combinations of the source/destination interface/network combined with protocol type. By default, no IP rules are defined so all traffic is dropped. At least one IP rule needs to be defined before traffic can traverse the Clavister Next Generation Firewall.

An alternative to IP Rule objects is to use IP Policy objects and this is the recommended object to use to control which traffic can flow through the firewall. These have essentially the same function but simplify the setting up of address translation and the use of important functions such as application control, virus scanning and web content filtering.

In addition to IP rules, Route objects need to be defined in a Routing Table so that traffic can be sent on the correct interface to reach its final destination. Traffic will need both a relevant rule and route to exist in order for it to traverse the firewall. A number of routes are automatically defined in cOS Core that route the network configured on an interface to that interface.

ALGs

Once the address book and IP rules are understood, the various ALGs will probably be relevant for managing higher level protocols such as HTTP. For example, for management of web browsing, the HTTP ALG provides a number of important features such as content filtering. Using IP Policy objects is the recommended method of applying ALGs to traffic since the ALG does not need to be created as a separate configuration object.

VPN Setup

A common requirement is to quickly setup VPN networks based on Clavister Next Generation Firewalls. The cOS Core Administration Guide includes an extensive VPN section and as part of this, a VPN Quick Start section which goes through a checklist of setup steps for nearly all types of VPN scenarios.

Included with the quick start section is a checklist for troubleshooting and advice on how best to deal with the networking complications that can arise with certificates.

Log Messages

By default, certain events will generate log messages and at least one log server should be configured in cOS Core to capture these messages. However, a cOS Core feature called memlog will capture recent log messages in local cOS Core memory. The administrator should review what events are important to them and at what severity. The cOS Core Log Reference Guide provides a complete listing of the log messages that cOS Core is capable of generating.

The CLI Reference Guide

The CLI Reference Guide provides a complete listing of the available CLI commands with their options. A CLI overview is also provided as part of the cOS Core Administration Guide.

cOS Core Education Courses

For details about classroom and online cOS Core education as well as cOS Core certification, visit the Clavister company website at https://www.clavister.com or contact your local sales representative.

Staying Informed

Notifications of new cOS Core releases are sent out to the email address associated with MyClavister accounts. Email preferences can be adjusted by choosing the Settings option after logging into the relevant account at the following URL:

https://my.clavister.com