OUR INNOVATION – YOUR SECURITY

PineApp™ Surf-SeCure™
Quick Installation Guide
March 2010

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

This Quick Installation Guide is designed to help you get started quickly and easily with PineApp Surf-SeCure™
hardware series. We strongly recommend reading through these instructions carefully before beginning your
installation.

For further detailed instructions, please refer to the complete User Manual which is adjacent to the CD that
accompanies the appliance. If you have purchased a different model or want to set up the advanced features,
please refer to the User Manual for further help.

PHYSICAL INSTALLATION
1. Place the Surf-SeCure appliance in a suitable location or in a standard 19” rack mount. Be sure that the
cooling vents in the rear are not blocked or obstructed.

2. Connect the power cord to the rear of the unit.

3. Surf-SeCure management console is accessed via web browser so you will need to prepare a workstation
that is running a standard web browser to configure your unit.

4. Power up the appliance using the power switch located in the front/rear of the unit according to the
appliance. The power LED on the front panel should light up. The LED should be ON before continuing.

5. Connect the workstation that you prepared to the Surf-SeCure unit using a standard network cable. The
workstation and the Surf-SeCure unit must be connected to the same network. You may also connect
directly from the workstation to the Surf-SeCure unit. This will require a crossed network cable.

6. Using your workstation, open the web browser and enter the default URL address of the Surf-SeCure
unit: https:// 192.168.24.25:7443 (you can also connect to the system with http://192.168.24.25:7080).

7. A security alert message will appear. Click OK to continue. In IE 7.0, an error page may appear. Click on
“Continue to this website (not recommended)” in order to continue.

8. Enter the default username and password. The default username is “pineapp” and the default password
is “password”.

9. In order to continue you will need to read and accept the User License Agreement. Once
you have successfully logged in, you will see the status page of the system information.

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

WEB BASED INSTALLATION – SURF-SECURE AS A WEB PROXY

1. Once logged in, set the appliance’s clock:

a. Click on the Edit link under Time-Zone section.
b. Choose your current time zone from the Time Zone dropdown list in the pane.
c. Click on Set time zone button.

2. Go to Networking > General tab, and set up new DNS server(s):

a. Click on the Add new DNS link. A new pane will appear on the right hand side of the screen.
b. DNS – Type the DNS server’s IP address
c. Click on the Add DNS button.

3. Set up a new hostname, by clicking on the Edit link. Inside the Host Name text field, type the
appliance’s FQDN (Fully Qualified Domain Name), and click on Update Hostname button.

4. Go to Networking > Interfaces tab, and choose Proxy only from the above Working Mode menu.
Click on Save changes and Apply Settings to finalize the decision.

5. In Networking > Interfaces, set up a new interface according to the interface which is connected
to your firewall:

a. Choose the interface you wish to assign and click on the Add new IP link next to it.
b. IP – Type the requested IP address for the interface.
c. Subnet Mask – Choose the proper subnet mask for the interface from the dropdown list.
d. Click on the Add New IP button.
Once done, connect the assigned interface’s port to the firewall, using a network cable.

*Default interface

6. Go to Routes tab and set up a new default route:

a. Click on the Edit link.
b. Click on the Update default route button.

If you do not want to use authentication or to enable policy per group/user, please skip steps 7 & 8.

7. Go to Authentication > LDAP and Click on the Edit link next to the existing default parameter. Fill
in the information according to the below table.

Synchronize User & Group database

Check box to activate module.
from LDAP
Choose the type of the LDAP server from the
LDAP server type
list.
Choose the synchronization intervals to the
LDAP Synchronization Interval
LDAP server from the menu.

LDAP Server Enter the LDAP server›s IP address

Enter the Branch that has searching privileges

LDAP Bind DN in the tree. Example: administrator@pineapp.
com.

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

LDAP Server Hostname (optional) Enter the LDAP server›s Hostname (optional).

If you are not using the default LDAP

LDAP port (389=common, 3265=Global
port (389), type the port you are using to
catalog)
synchronize the LDAP server.
Enter the Root Branch definition. For
example, if the domain is pineapp.com,
type: dc=pineapp, dc=com (There must be
a space between the comma and “dc”).
LDAP Context Pressing the Fetch DNs button will cause the
different DNs that are available on the specific
Active directory to pop up. Make sure you
have defined the IP of the LDAP server, Bind
DN and password before pressing it.

LDAP Password Enter the Password of the Administrator.

8. Go to Authentication > NTLM tab, and set up NTLM authentication:

a. Enable NTLM – Click once on this icon in order to activate the NTLM feature.
b. User – type a username which has permissions to add workstations to domain and is member
in Build-In security group: Windows Authorization Access Group.
c. Password –Type the username’s corresponding password
d. Server Name & Domain – See appendix C for further details.
e. Click on the Save button.

9. In case you wish to assign policy rules for specific object groups of any sort, you will first have to
configure object lists.

Creating Object lists

Creating Object lists is done be choosing Add new object lists link from the section.
a. Type a list name and description (optional).
b. Click the Save button.

Creating Objects
a. Choose from the drop-down menu the type of object you wish to create (IP, Domain, URL and
Network).
b. Type the IP (or URL, Domain or network – according to the type of object you wish to add) and
description (optional).
c. Click the Save button.

10. In order to add objects to the list, click on the group name, choose the objects you wish to add and
click on the Add button.

11. Configure policy rules, according to the instructions on chapter 5 of Surf-SeCure user
manual.

12. In order to receive real-time alerts from the system, go to System->Maintenance

tab, and type the system administrator’s email address in the input text field.

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

WEB BASED INSTALLATION – SURF-SECURE AS BRIDGE

1. Repeat steps 1-3 from the previous section.

2. Go to Networking > Interfaces tab, and edit IP address info for br0:
a. Click on the Edit link next to the br0 record.
b. IP – Type the requested IP address for the interface.
c. Subnet Mask – Choose the proper subnet mask for the interface from the dropdown list.
d. Click on the Update device button.
Once done, connect eth0 port to the firewall, using a network cable. In addition, connect eth1 port
to your LAN switch.

*Default interface

3. Go to Routes tab and set up a new default route:

c. Click on the Edit link.
d. Click on the Update default route button.

4. Repeat steps 8-10 from the previous section, in order to configure new object lists and policy rules.

5. In order to receive real-time alerts from the system, go to System->Maintenance tab, and type
the system administrator’s email address in the input text field.

BACKING UP THE CONFIGURATION

Once configured, it is highly recommended that you back up your configuration (“System” > “Configuration
Management”).
To backup the configurations, type in the name of the file to create and click the Backup button. After a few
seconds, the file will be listed in the stored configuration table (A green “successful” message will appear).
To download a configuration backup to the desktop, click on the desired file name. Save the file on the
desktop.
For further information and configuration steps, please refer to Surf-SeCure’s user manual.

TECHNICAL SUPPORT
In case you need any technical support, please contact your reseller or PineApp’s technical support center:
North America: +1-877-300-3422 International: +972-4-8212-321 Email: support@PineApp.com Website:
http://www.pineapp.com/

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

APPENDIX A - NETWORK INTERFACE PORTS OF THE DIFFERENT MODELS

The following section provides further information as for the location of each network interface port in Surf-
SeCure’s different hardware models.

Surf-SeCure 1700 series

Surf-SeCure 2700 series

Surf-SeCure 3700 series

Surf-SeCure 5700 series

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

APPENDIX B – RETRIEVING NTLM INFORMATION

The following section provides instructions for retrieving information required for NTLM authentication from
your Active Directory server.

Retrieving server name

a. Open your Active directory server
b. Under the organization domain’s root folder, go to Computers > System properties. The
following pane will appear:

c. In system properties > General section, under Full Computer Name, copy the initial part
(before the first dot – highlighted red in the above image) and use it for Server name credentials.
For example: if Full computer name is example.domain.com, type “example” in Server name.

www.pineapp.com
 OUR INNOVATION – YOUR SECURITY

Retrieving Domain information

a. Open your Active directory server
b. Right click on the domain’s root folder and choose Properties. the following pane will appear:

c. Copy the domain name that appears in General > Domain name (highlighted red in the above
image).

www.pineapp.com