CacheGuard-OS
User's Guide - Version EH-1.5.5
General Modes
CacheGuard is an integrated appliance that secures
and optimises Web traffic by providing multiple features. But above all CacheGuard is a network appliance with a myriad of network characteristics.
All network and functionality modes can be activated or deactivated. That way, you can implement the appliance in your infrastructure to match your specific needs. The command "
mode" allows you to activate or deactivate feature modes. For almost every feature, appropriate commands allow you to configure that feature while the feature activated.
Note that the command "
apply" should be invoked after activating or deactivating feature modes.
Network Modes
IP router
The appliance may act as a secure IP forwarding gateway to access the Internet. To activate the
router mode use the following command:
Source NAT
The appliance may NAT all outgoing traffic with its own external IP address. To activate the
SNAT mode use the following command:
Transparent implementation
The appliance can be implemented transparently for Web browsers. This means that Web browsers don't need to specify the appliance as a Web proxy. To activate the
transparent mode use the following command:
Please note that in transparent mode, you should configure the routing in your organisation to route all Web traffic via the appliance.
Transparent Source NAT
In transparent mode, Web browsers can preserve their real IP addresses or be Source NATed with the appliance external IP address. Web browsers use the appliance external IP address by default. The keyword
tnat (transparent NAT) allows you to configure this feature. To preserve Web browsers real IP addresses in transparent mode use the following command:
Please note that in transparent when the
tnat is deactivated you should take care to avoid any asymmetric routing in order to route all Web traffic via the appliance.
Caching DNS
The appliance integrates a caching Domain Name Server for all Internet domains. To activate the
DNS mode use the following command:
DHCP server
The appliance integrates a DHCP server. To activate the
DHCP mode use the following command:
See the command
dhcp for further information.
Statefull Firewall
The appliance integrates a stateful configurable firewall to control all forwarded network traffic. To activate the
firewall mode use the following command:
See the command
firewall for further information.
802.1q VLAN
The appliance supports 802.1q Virtual LAN to secure and isolate different traffic types. To activate the
VLAN mode use the following command:
See the command "
vlan" for further information.
High Availability
The appliance could be implemented in a High Availability infrastructure. It supports VRRP and link bonding. The command "
vrrp" allows you to configure the VRRP while the command "
link" is used to configure the link bonding). To activate the
HA mode use the following command:
Quality of Service (QoS)
The appliance can shape and schedule network traffic to offer a better Quality of Service. To activate the
QoS mode use the following command:
See the command
qos for further information.
Feature Modes
Forwarding proxy
The appliance may act as a forwarding Web proxy to secure and optimise Web user traffic. To activate the
proxy mode use the following command:
SSL mediation
The appliance can be implemented to act as an SSL mediator and decrypt HTTPS traffic in order to block viruses and/or cache its content. To activate the
SSL mediation mode use the following command:
Reverse proxy
The appliance may act as a reverse Web proxy to secure and optimise Web servers. To activate the
reverse proxy mode use the following command:
See the command
rweb for further information.
URL guarding
The appliance may act as a guarding system against unwanted URLs, restricting the Web usage. To activate the
guard mode use the following command:
See the command
guard for further information.
The antivirus
The appliance may filter all malware like viruses, trojans and worms to protect Web user workstations and/or Web servers. To activate the
mode use the following command:
See the command antivirus for further information.
Authentication
The appliance may authenticate users before granting them access to the Web (or Web servers in reverse mode). To activate the authenticate mode use the following command:
See the command authenticate for further information.
OCSP responder
The appliance can act as an OCSP responder to check certificate revocation state. To activate the OCSP responder mode use the following command:
See the command tls for further information.
VPN IPsec
The appliance allows you to build an inter site (site to site) or remote access VPN IPsec. To activate the VPN IPsec mode use the following command:
See the command vpnipsec for further information.
Web caching
The appliance may cache Web traffic to save the network bandwidth and in some environments accelerate Web traffic exchanges. To activate the cache mode use the following command:
HTML compression
The appliance may compress textual content to save the network bandwidth. To activate the compress mode use the following command:
Access logging
The appliance may log Web access for analysis with your favourite log analyser system. To activate the log mode use the following command:
See the command log for further information.
The Web Application Firewall
The appliance may filter unwanted Web requests like XSS or SQL Injection to protect Web servers. To activate the waf mode use the following commands:
See the commands waf and rweb for further information.
Anonymous browsing
The appliance may alter some HTTP headers to make anonymous HTTP requests. To activate the anonymous mode use the following command:
Copyright (C) 2009-2021 CacheGuard - All rights reserved