aXsGUARD Gatekeeper - Vasco

aXsGUARD Gatekeeper 

Installation Guide

aXsGUARD Gatekeeper Installation Guide v2.7 

Legal Notice 

VASCO Products 

VASCO Data Security, Inc. and/or VASCO Data Security International GmbH are referred to in this document as 

'VASCO'. VASCO Products comprise Hardware, Software, Services and Documentation. This document 

addresses potential and existing VASCO customers and has been provided to you and your organization for the 

sole purpose of helping you to use and evaluate VASCO Products. As such, it does not constitute a license to 

use VASCO Software or a contractual agreement to use VASCO Products. 

Disclaimer of Warranties and Limitations of Liabilities 

VASCO Products are provided ‘as is’ without warranty or conditions of any kind, whether implied, statutory, or 

related to trade use or dealership, including but not limited to implied warranties of satisfactory quality, 

merchantability, title, non-infringement or fitness for a particular purpose. 

VASCO, VASCO DISTRIBUTORS, RESELLERS AND SUPPLIERS HAVE NO LIABILITY UNDER ANY 

CIRCUMSTANCES FOR ANY LOSS, DAMAGE OR EXPENSE INCURRED BY YOU, YOUR ORGANIZATION OR ANY 

THIRD PARTY (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS 

INTERRUPTION OR LOSS OF DATA) ARISING DIRECTLY OR INDIRECTLY FROM THE USE, OR INABILITY TO USE 

VASCO SOFTWARE, HARDWARE, SERVICES OR DOCUMENTATION, REGARDLESS OF THE CAUSE OF THE 

LOSS, INCLUDING NEGLIGENCE, EVEN IF VASCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 

DAMAGES, OR IF THEY WERE FORESEEABLE. OUR MAXIMUM AGGREGATE LIABILITY TO YOU, AND THAT OF 

OUR DISTRIBUTORS, RESELLERS AND SUPPLIERS SHALL NOT EXCEED THE AMOUNT PAID BY YOU FOR THE 

PRODUCT. THE LIMITATIONS IN THIS SECTION SHALL APPLY WHETHER OR NOT THE ALLEGED BREACH OR 

DEFAULT IS A BREACH OF A FUNDAMENTAL CONDITION OR TERM, OR A FUNDAMENTAL BREACH. THIS 

SECTION WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY 

REQUIRES LIABILITY DESPITE THE FOREGOING EXCLUSIONS AND LIMITATIONS. 

Intellectual Property and Copyright 

VASCO Products contain proprietary and confidential information. VASCO Data Security, Inc. and/or VASCO 

Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, 

updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, 

database rights and all other intellectual and industrial property rights. No part of these Products may be 

transferred, disclosed, reproduced or transmitted in any form or by any means, electronic, mechanical or 

otherwise, for any purpose, except as expressly permitted by VASCO or its authorized licensee in writing. 

This document is protected under US and international copyright law as an unpublished work of authorship. No 

part of it may be transferred, disclosed, reproduced or transmitted in any form or by any means, electronic, 

mechanical or otherwise, for any purpose, except as expressly permitted in writing by VASCO or its authorized 

licensee. 

Trademarks 

VASCO®, VACMAN®, IDENTIKEY®, aXsGUARD, DIGIPASS®, DIGIPASS as a Service and the ® 

logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security 

International GmbH in the U.S. and other countries. Other company brand or product names or other 

designations, denominations, labels and/or other tags, titles, as well as all URLs (Internet addresses) linked to 

such designations or communications (irrespective of whether protected by intellectual property law or not), 

mentioned in VASCO Products may be the trademarks or registered trademarks or be part of any other 

entitlement of their respective owners. 

Radius Disclaimer 

Information on the RADIUS server provided in this document relates to its operation in the aXsGUARD 

Gatekeeper environment. We recommend that you contact your NAS/RAS vendor for further information. 

Copyright © 2010 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. 

© August 2010 - VASCO Data Security 2

aXsGUARD Gatekeeper Installation Guide v2.7 Table of Contents 

Table of Contents 

1 Introduction............................................................................................................................................... 8 

1.1 Audience and Purpose of this Document............................................................................................. 8 

1.2 What is the aXsGUARD Gatekeeper?................................................................................................. 10 

1.3 VASCO........................................................................................................................................... 10 

2 Safety and Environmental Information...................................................................................................... 11 

2.1 Overview........................................................................................................................................ 11 

2.2 Electrical Safety............................................................................................................................... 11 

2.3 Personal, Environmental and aXsGUARD Gatekeeper Safety............................................................... 11 

2.4 Temperature, Power and Humidity.................................................................................................... 12 

2.5 Dimensions..................................................................................................................................... 12 

2.6 Chassis Rails.................................................................................................................................. 12 

3 Before you Begin...................................................................................................................................... 13 

4 Connecting the aXsGUARD Gatekeeper to a Network................................................................................ 14 

4.1 Overview........................................................................................................................................ 14 

4.2 Powering on the aXsGUARD Gatekeeper........................................................................................... 14 

4.3 Connecting to your Network............................................................................................................. 16 

4.4 Workstation TCP/IP Settings............................................................................................................. 16 

5 Installation steps: an overview................................................................................................................. 18 

6 Logging into the Administrator Tool.......................................................................................................... 19 

7 Changing the sysadmin password............................................................................................................ 21 

8 Licensing................................................................................................................................................. 22 

8.1 Overview........................................................................................................................................ 22 

8.2 Downloading a System Info file......................................................................................................... 22 

8.3 Acquiring a VASCO License file........................................................................................................ 23 

8.3.1 Downloading a Commercial License File....................................................................................... 23 

8.3.2 Downloading an Evaluation License File....................................................................................... 26 

8.4 Uploading the License file to the aXsGUARD Gatekeeper.................................................................... 29 

9 aXsGUARD Gatekeeper Configuration....................................................................................................... 30 

9.1 Overview........................................................................................................................................ 30 

9.2 Creating an Administrator with full administrator rights....................................................................... 30 

9.3 Customer Information...................................................................................................................... 33 

9.3.1 Overview.................................................................................................................................... 33 

9.3.2 Entering Customer Information.................................................................................................... 34 



9.4 Menu Structure and Navigation........................................................................................................ 35 

9.5 Entering the System Information....................................................................................................... 36 

9.6 Network Device Settings.................................................................................................................. 38 

9.6.1 Setting up the Ethernet Secure LAN Device.................................................................................. 38 

9.6.2 Setting up an Ethernet Internet Device......................................................................................... 41 

9.7 General Network Settings................................................................................................................. 43 

9.8 General E-mail Settings .................................................................................................................. 45 

9.8.1 Content Scanning and E-mail Server Features Active.................................................................... 45 

9.8.2 Content Scanning Feature Active, E-mail Server Feature Inactive................................................... 47 

9.8.3 Content Scanning and E-mail Server Features both Inactive........................................................... 48 

10 What's Next............................................................................................................................................. 49 

11 aXsGUARD Gatekeeper Security Concepts................................................................................................ 50 

11.1 Overview........................................................................................................................................ 50 

11.2 Security Policies and Levels............................................................................................................. 50 

11.3 Groups........................................................................................................................................... 53 

11.4 Users.............................................................................................................................................. 53 

11.5 Computers and Servers................................................................................................................... 54 

11.6 System........................................................................................................................................... 55 

12 Support.................................................................................................................................................... 56 

12.1 Overview........................................................................................................................................ 56 

12.2 If you encounter a problem............................................................................................................... 56 

12.3 Return procedure if you have a hardware failure................................................................................ 56 



Illustration Index 

Image 1: aXsGUARD Gatekeeper AG-3XXX.................................................................................................................................................................. 8 

Image 2: aXsGUARD Gatekeeper AG-5XXX.................................................................................................................................................................. 8 

Image 3: Back of a Typical aXsGUARD Gatekeeper..................................................................................................................................................... 14 

Image 4: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-3XX3................................................................................................ 15 



Image 7: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-7XXX................................................................................................ 15 

Image 8: Power Button and Power LED..................................................................................................................................................................... 16 

Image 9: Command Prompt and Testing TCP/IP Settings............................................................................................................................................ 17 

Image 10: Certificate Screen.................................................................................................................................................................................... 19 

Image 11: aXsGUARD Gatekeeper Login Screen........................................................................................................................................................ 20 

Image 12: Screen on sysadmin first-time logon.......................................................................................................................................................... 20 

Image 13: Changing the System Administrator Password............................................................................................................................................ 21 

Image 14: Changing the System Administrator Password: Password entry.................................................................................................................... 21 

Image 15: Downloading the System Info file............................................................................................................................................................... 22 

Image 16: VASCO's Product Registration Website...................................................................................................................................................... 23 

Image 17: VASCO Terms and Conditions................................................................................................................................................................... 24 

Image 18: Registration Menu................................................................................................................................................................................... 24 

Image 19: Uploading the System Info file................................................................................................................................................................... 25 

Image 20: Downloading the License file.................................................................................................................................................................... 25 

Image 21: VASCO Product Registration Website......................................................................................................................................................... 26 

Image 22: Product Selection.................................................................................................................................................................................... 26 

Image 23: VASCO Terms and Conditions................................................................................................................................................................... 27 

Image 24: Uploading the System Info file................................................................................................................................................................... 28 

Image 25: Downloading the License file.................................................................................................................................................................... 28 

Image 26: Uploading the License file in the Administrator Tool.................................................................................................................................... 29 

Image 27: Confirmation of successful License importation.......................................................................................................................................... 29 

Image 28: Creating a System Administrator User....................................................................................................................................................... 31 

Image 29: Configuration possibilities with full administrator rights................................................................................................................................ 32 

Image 30: Customer Information............................................................................................................................................................................... 33 

Image 31: System > General Screen........................................................................................................................................................................ 35 

Image 32: System > General Screen........................................................................................................................................................................ 36 

Image 33: Network > Devices > Eth......................................................................................................................................................................... 38 

Image 34: Network > Devices > Eth > eth0.............................................................................................................................................................. 38 



Image 35: Fixed IP Configuration IP Settings.............................................................................................................................................................. 39 

Image 36: Network > Devices > Eth >eth1............................................................................................................................................................... 41 

Image 37: PPPoE Configuration Account Settings....................................................................................................................................................... 43 

Image 38: Fixed IP Configuration IP Settings.............................................................................................................................................................. 43 

Image 39: Network > General.................................................................................................................................................................................. 44 

Image 40: E-mail > Domains > Add New: with SMTP and E-mail Server Features........................................................................................................ 46 

Image 41: E-mail > Domain > Add New: SMTP Only.................................................................................................................................................. 47 

Image 42: E-mail>General: SMTP and E-mail Disabled............................................................................................................................................... 48 

Image 43: Rules, Policies and Application Levels....................................................................................................................................................... 50 

Image 44: Policy Application to Security Levels.......................................................................................................................................................... 51 

Image 45: Restrictive powers and broadness of application......................................................................................................................................... 52 



Index of Tables 

Table 1: System General Fields............................................................................................................................................................. 37 

Table 2: Network > Devices > Eth > eth0 Fields....................................................................................................................................39 

Table 3: Network > Devices > Eth > eth1 Fields....................................................................................................................................42 


aXsGUARD Gatekeeper Installation Guide v2.7 Introduction 

1 Introduction 

1.1 Audience and Purpose of this Document 

This Installation Guide explains how to set up the aXsGUARD TM Gatekeeper AG-3XXX, AG-5XXX (see images 

below), and AG-7XXX models, and is intended for technical personnel and / or system administrators within an 

organization, who are installing and configuring an aXsGUARD Gatekeeper. 

If the aXsGUARD Gatekeeper you are configuring is a spare or replacement appliance, please refer to the 

aXsGUARD Gatekeeper Replacement How To. 

If the aXsGUARD Gatekeeper serves exclusively as an authentication server in your Local Area Network, please 

refer to the aXsGUARD Gatekeeper Authentication Quick Install guide. 

Image 1: aXsGUARD Gatekeeper AG-3XXX 

Image 2: aXsGUARD Gatekeeper AG-5XXX 

In sections 1.2 and 1.3, we introduce the aXsGUARD Gatekeeper and VASCO ® . 

In section 2, we provide safety and environmental information. This section must be read before installing your 

aXsGUARD Gatekeeper. 

In section 3 , we list the information you need to collect in preparation for installation. 

In section 4 we explain how to physically connect the aXsGUARD Gatekeeper to your network. Following 

successful connection, the aXsGUARD Gatekeeper's settings can be adjusted by accessing the Administrator 

Tool. 

In section 5 , we explain the two levels of functionality available with the aXsGUARD Gatekeeper, and the main 



installation and configuration steps required for full operation. 

In section 6, we explain how to access the aXsGUARD Gatekeeper Administrator Tool. 

In section 7, we explain how to change the default sysadmin user password. 

In section 8, we explain how to acquire and upload a VASCO License for your aXsGUARD Gatekeeper, to 

support full functionality. 

In section 9 , we provide step by step instructions for the minimal configurations required to get started. 

In section 10, we list the next configurations required, and where you can read more information about these 

tasks. We also recommend that you read section 11 on Security Concepts before continuing with configuration. 

In section 11 we explain the security concepts to help you to implement the security policy to meet your 

organization's needs. 

In section 12, 

we explain how to request support, and return hardware for replacement. 

An index at the end of the document will help you to find specific information you are searching for. 

Other documents in the set of aXsGUARD Gatekeeper documentation include: 

The aXsGUARD Gatekeeper System Administration How To guide, which provides detailed information 

about configuration using the Administrator Tool. 

How To guides, which provide detailed information on configuration of each of the features available as 

'add-on' modules (explained in the next section). These guides cover specific features, examples of which 

are: 

aXsGUARD Gatekeeper Authentication 

aXsGUARD Gatekeeper Firewall 

aXsGUARD Gatekeeper Single Sign-On 

aXsGUARD Gatekeeper VPN 

aXsGUARD Gatekeeper Reverse Proxy 

aXsGUARD Gatekeeper Directory Services 

Access to aXsGUARD Gatekeeper guides is provided through the Documentation button in the aXsGUARD 

Gatekeeper Administrator Tool. A paper copy of the aXsGUARD Gatekeeper Installation Guide is also provided 

with delivery of the aXsGUARD Gatekeeper. 

Further resources available include: 

Context-sensitive help, which is accessible in the aXsGUARD Gatekeeper Administrator Tool through the 

Help button. This button is permanently available and displays information related to the current screen. 

Training courses covering features in detail can be organized on demand. These courses address all levels 

of expertise. Please see www.vasco.com for further information. 

Welcome to aXsGUARD Gatekeeper security. 



1.2 What is the aXsGUARD Gatekeeper? 

1.3 VASCO 

The aXsGUARD Gatekeeper is an authentication appliance, intended for small and medium sized enterprises. In 

addition to strong authentication, the aXsGUARD Gatekeeper has the potential to manage all of your Internet 

security needs. Its modular design means that optional features can be purchased at any time to support, for 

example, e-mail, Web access and VPN management. The aXsGUARD Gatekeeper can easily be integrated into 

existing IT infrastructures as a stand-alone authentication appliance or as a gateway providing both 

authentication services and Internet Security. 

Authentication and other features such as firewall, e-mail and Web access, are managed by security policies, 

which implement a combination of rules, for example, whether a user must use a DIGIPASS ® One-Time 

Password in combination with a static password for authentication. Rules can be further adjusted with 

restrictions. Security Policies are applied to specific users or groups of users and can also be applied to 

specific computers and the entire system. 

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in 

Internet security applications and transactions. VASCO has positioned itself as global software company for 

Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, 

including approximately 1,500 international financial institutions. VASCO’s prime markets are the financial 

sector, enterprise security, e-commerce and e-government. 

For further information, please see www.vasco.com. 


aXsGUARD Gatekeeper Installation Guide v2.7 Safety and Environmental Information 

2 Safety and Environmental Information 

2.1 Overview 

In this section we provide details important both for the safe use of the aXsGUARD Gatekeeper and also to help 

maintain the device in a safe environment to keep it fully operational. 

2.2 Electrical Safety 

Caution 

Please read all of this section before starting to install your aXsGUARD Gatekeeper. 

Caution 

Never disconnect the power supply (power cord) while the appliance is booting up or active, 

as this may cause system or hardware damage. 

Use the exact type of power cord recommended: 

only use a power cord which is certified in compliance with safety regulations 

only use a power cord which is compliant with the AC voltage requirements in your region 

Before turning on the power, plug the power cord(s) into a socket which is properly grounded 

Before disconnecting the power supply, turn the system off. 

Use the exact type of network cable recommended: 

to conform to certification restrictions, only use a network cable with maximum length of 3.0 meters. 

2.3 Personal, Environmental and aXsGUARD Gatekeeper Safety 

To avoid back injuries: when lifting the aXsGUARD Gatekeeper, avoid injuries to your back by using your 

leg muscles. Keep your back straight and bend your knees when lifting the device. 

Protecting the environment: producing the aXsGUARD Gatekeeper involves the extraction and use of 

natural resources. The product may contain substances which are hazardous for human health and the 

environment. To reduce the risk of any hazardous substances being released into the environment and to 

reduce the depletion of natural resources, we encourage you to use appropriate recycling systems. Such 

systems reuse or recycle most end-of-life materials in a safe way. The 'crossed-bin symbol' invites you to 

use such systems. 


aXsGUARD Gatekeeper Installation Guide v2.7 Safety and Environmental Information 

Further information on collection, reuse and recycling is available from your local or regional refuse 

administration center. 

For further information on the aXsGUARD Gatekeeper and the environment, please contact your supplier 

(see section 12). 

To avoid dropping the aXsGUARD Gatekeeper: do not lift the device by the chassis handles. These 

handles are for sliding the aXsGUARD Gatekeeper in and out of the chassis rails only (see section 2.6). Do 

not carry the aXsGUARD Gatekeeper by these handles. 

2.4 Temperature, Power and Humidity 

2.5 Dimensions 

VASCO recommends installing the aXsGUARD Gatekeeper in a 'server room' with air conditioning and UPS 

(Uninterrupted Power Supply). If the equipment is built into a server cupboard, make sure there is sufficient 

ventilation. Environmental requirements are: 

2.6 Chassis Rails 

Operating Temperature Range: 10 to 35 degrees Celsius (50 to 95 degrees Fahrenheit) 

Non-Operating Temperature Range: -40 to +70 degrees Celsius (-40 to 158 degrees Fahrenheit) 

Operating Humidity Range: 8% to 90% non-condensing 

Humidity Range: 5% to 95% non-condensing 

Power Supply: Thermal control 260 W AC power supply with PFC [24-pin, 4-pin=12V, (2) 4-pin] 

AG-3XXX AG-5XXX AG-7XXX 

Height 1.7'' (43mm) 1.7'' (43mm) 3.5'' (89mm) 

Width 16.8'' (426mm) 16.8'' (426mm) 17.2'' (437mm) 

Depth 10'' (253mm) 14'' (356mm) 17.7'' (450mm) 

Chassis rails for storing the aXsGUARD Gatekeeper on a sliding shelf are available for the AG-5XXX model only. 

These are not included in the VASCO price list. Please consult www.supermicro.com for compatible chassis 

rails (part number CSE-PT08). 


aXsGUARD Gatekeeper Installation Guide v2.7 Before you Begin 

3 Before you Begin 

Collecting the following information before you start will help to speed up your installation: 

an unused IP address in your network 

the Default Gateway setting in your network 

DNS Server IP address(es) for your network 

DNS Suffix(es) (optional) 

the Maintenance Reference provided by VASCO for licensing your appliance 

the Serial Number provided by VASCO for licensing your appliance 

an appropriate network cable, with maximum length of 3.0 meters (see section 2.2) 


aXsGUARD Gatekeeper Installation Guide v2.7 Connecting the aXsGUARD Gatekeeper to a Network 

4 Connecting the aXsGUARD Gatekeeper to a Network 

4.1 Overview 

In this section we provide step by step instructions to connect the aXsGUARD Gatekeeper to your network. 

Important: 

Please first read the safety information in section 2, check that all the package contents you 

need (listed on a separate sheet supplied with the aXsGUARD Gatekeeper) have been 

supplied, and that you have all the information you need for installation (listed in section 3). 

4.2 Powering on the aXsGUARD Gatekeeper 

Powering the aXsGUARD Gatekeeper on requires the following four steps: 

1. Connect the eth0 interface to the network's hub or switch with an appropriate network cable. The 

aXsGUARD Gatekeeper has two or more LAN Ethernet interface(s), depending on the chosen 

configuration and type (AG-3, AG-5 or AG-7 series). For all models, the default LAN interface is labeled 

as eth0 (example stickers are shown in the images below: please check the sticker labeling the 

interfaces on your aXsGUARD Gatekeeper to identify the correct socket). 

Image 3: Back of a Typical aXsGUARD Gatekeeper 



Image 4: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-3XX3 



Image 7: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-7XXX 



2. Connect the aXsGUARD Gatekeeper via the power cable to a supply. The AG-7XXX models have two 

power units, each with a separate power cable. These power cables need to be connected to separate 

power circuits. The second (redundant) supply provides backup in case the fuse for the supplying power 

circuit fails. 

3. Power up the aXsGUARD Gatekeeper by pressing the power switch once (see image below). A green LED 

lights up. 

4. To check the network is correctly connected, you can verify whether a green light shows at the socket 

where the network cable is plugged in. If a green light is not visible, check that the network cable is in 

good working order and correctly plugged into the device labeled as 'eth0' on the aXsGUARD Gatekeeper 

and your network hub or switch. 

4.3 Connecting to your Network 

Installation of the aXsGUARD Gatekeeper requires temporarily isolating a client workstation from the network 

and linking it to the aXsGUARD Gatekeeper. This involves changing a client workstation IP address to within the 

specified IP address range for the aXsGUARD Gatekeeper. During the first-time configuration, the aXsGUARD 

Gatekeeper IP address is modified to within the range of your network (we explain how to do this in section 

9.6.1). The client workstation network settings can then be restored. 

The aXsGUARD Gatekeeper is delivered with a default LAN configuration as follows: 

IP address / Netmask 192.168.250.254/24 

Network Host Name axsguard 

Domain Name domain.be 

DHCP Server Disabled 

4.4 Workstation TCP/IP Settings 

Image 8: Power Button and Power LED 

To access the aXsGUARD Gatekeeper, a workstation needs to be temporarily configured with the same TCP/IP 

settings as the aXsGUARD Gatekeeper. 

1. Configure a workstation with the following settings: 

IP address 192.168.250.1 

Subnet Mask 255.255.255.0 

Gateway 192.168.250.254 

DNS Server 192.168.250.254 



2. Once the TCP/IP settings (listed above) are active on a workstation, open a command prompt (Microsoft 

Windows) or Terminal (Linux) and run the following command: 

ping 192.168.250.254 

If a reply is received as shown in the image above, everything is OK. 

If a Request Timed Out or Destination Host Unreachable response is received, please check the following: 

check that the workstation's TCP/IP settings have been entered correctly (see above) 

check that the network cable is in good working order and correctly plugged into the device labeled 'eth0' 

on the aXsGUARD Gatekeeper and your network hub or switch (see section 4.2). 

Once the workstation is correctly configured, the aXsGUARD Gatekeeper Administrator Tool can be accessed 

through a browser on the workstation, as explained in the following section. 

Note 

Image 9: Command Prompt and Testing TCP/IP Settings 

Once the network settings on the aXsGUARD Gatekeeper have been configured appropriately, 

(explained in section 9.6.1), the workstation IP address can be reconfigured onto the 

network, and the aXsGUARD Gatekeeper can be accessed from any browser on the network. 


aXsGUARD Gatekeeper Installation Guide v2.7 Installation steps: an overview 

5 Installation steps: an overview 

aXsGUARD Gatekeeper installation steps require an understanding of its two levels of functioanlity, the spare 

unit level, and fully licensed and operational 'in-service' level, which we explain here. 

A spare unit is an unlicensed appliance, with limited configuration possible. It can be configured to act as a 

reserve appliance for fast replacement, if needed, or licensed to full functionality as a new appliance in an 

organization. All appliances are spare units until they are licensed. 

The default sysadmin user can log on to a spare unit with access rights to: 

connect the appliance to a network 

upgrade the appliance to keep it up-to-date 

configure a Web proxy for connection to the VASCO Support Center, sc.vasco.com 

backup and restore configurations 

import licenses 

For instructions on how to configure a spare unit, please refer to the aXsGUARD Gatekeeper Replacement How 

To. 

With a licensed appliance, configurations for all purchased options are possible for a user with full 

administration rights. 

The default sysadmin user can log on to modify some general system parameters and add or modify users. 

This allows the sysadmin user to create a user with full administrator rights to configure all features of the 

appliance. 

The newly created user with full administrator rights can configure all available features of the aXsGUARD 

Gatekeeper. 

The instructions in this guide are for the complete installation, licensing and configuration of an appliance to 

fully operational 'in-service' status. This requires the following steps: 

1. Logging on to the aXsGUARD Gatekeeper as the default sysadmin user, as explained in section 6. 

2. Changing the sysadmin password for security, as explained in section 7. 

3. Licensing the appliance, as explained in section 8. 

4. Creating a new user with full administration rights, to configure the aXsGUARD Gatekeeper, as explained 

in section 9. 


aXsGUARD Gatekeeper Installation Guide v2.7 Logging into the Administrator Tool 

6 Logging into the Administrator Tool 

Accessing the aXsGUARD Gatekeeper Administrator Tool is possible from any workstation in the same network 

using a standard Web browser, providing the browser does not have a proxy setup in its browser settings. 

Access is secured by SSL (Secure Socket Layer) encryption over the HTTPS protocol. 

To log into the Administrator Tool: 

1. Enter the URL for the Administrator Tool into the browser: 

https://192.168.250.254:82 

Note 

1) Remember to include the port number (:82) after the IP address or the connection will fail. 

2) If the aXsGUARD Gatekeeper is configured as the browser's proxy, 'tool' may be used, 

rather than the IP address and port number mentioned above (see the aXsGUARD 

Gatekeeper System Administration How To guide). 

2. As you are accessing a website secured with a self-signed certificate, the browser presents a warning 

asking you to accept the certificate (see image below) to continue. After the certificate has been 

accepted, the aXsGUARD Gatekeeper login screen appears (see image 10). 

Note 

The procedure for accepting a certificate varies between browsers. 

Image 10: Certificate Screen 


aXsGUARD Gatekeeper Installation Guide v2.7 Logging into the Administrator Tool 

Image 11: aXsGUARD Gatekeeper Login Screen 

3. Enter the default system administrator's Username and Password (use lower case only): 

Username: sysadmin 

Password: sysadmin 

Press Enter or click on Log in (see image above) to proceed. The screen below displays. 

Image 12: Screen on sysadmin first-time logon 


aXsGUARD Gatekeeper Installation Guide v2.7 Changing the sysadmin password 

7 Changing the sysadmin password 

Caution 

The default System Administrator (sysadmin) password must be changed as soon as you log 

on; otherwise the appliance can be accessed by non-authorized users. 

After logging in to the aXsGUARD Gatekeeper, as explained in section 6, to change the default user (sysadmin) 

password: 

1. Click on Change (see image below). 

Image 13: Changing the System Administrator Password 

2. Enter and confirm the System Administrator Password fields shown in the image below. The password 

should consist of at least 6 characters, some of which are digits. For more information on secure 

passwords, please refer to the document, aXsGUARD Gatekeeper System Administration How To, which 

is available via the Documentation button in the Administrator Tool. 

Image 14: Changing the System Administrator Password: Password entry 

Note: 

Changing the sysadmin password is possible at any time in the Administrator Tool, by 

navigating to the System > General screen. 


aXsGUARD Gatekeeper Installation Guide v2.7 Licensing 

8 Licensing 

8.1 Overview 

Licensing your aXsGUARD Gatekeeper to make all features operational requires three steps: 

1. Downloading a System Info file from your aXsGUARD Gatekeeper. 

2. Acquiring a License file from VASCO's Product Registration website (https://sc.vasco.com/registration) 

using the: 

System Info file 

Maintenance Reference (for a commercial license only) 

Serial Number (for a commercial license only) 

details of your organization 

3. Uploading the License file to the aXsGUARD Gatekeeper. 

8.2 Downloading a System Info file 

To download the aXsGUARD Gatekeeper System Info file: 

1. Access the Administrator Tool as explained in section 5 . 

2. Navigate to System > Status > System Info (see image below). 

3. Click on the Export button (see image below). 

Image 15: Downloading the System Info file 



4. Download and save the System Info ('.txt') file. You will need this file to acquire a License file from the 

VASCO Product Registration website (explained next). 

8.3 Acquiring a VASCO License file 

To acquire a VASCO License file for your aXsGUARD Gatekeeper, you need to upload the System Info file 

(downloaded in the previous section) to the VASCO Product Registration website. This file identifies your 

appliance to VASCO, for the issue of a License file. 

Two types of License file can be downloaded: 

a commercial License file, which remains valid indefinitely: this is explained in section 8.3.1. 

an evaluation License file, which is only valid for 30 days: this is described in section 8.3.2. 

8.3.1 Downloading a Commercial License File 

To identify your aXsGUARD Gatekeeper to VASCO for a License file to be issued, you need to : 

1. Browse to VASCO’s Registration website: https://sc.vasco.com/registration (see image below). Enter the 

Maintenance Reference and Serial Number provided by VASCO for your aXsGUARD Gatekeeper and click 

on Login. 

Image 16: VASCO's Product Registration Website 

2. If you have read and agree with VASCO's Terms and Conditions, tick the checkbox and click on I AGREE 

(see image below). 



3. Click on Product Registration (see image below). If you have already used the same Maintenance 

Reference to register a product, the menu option to select will be Register Additional Component. 

Tip: 

If VASCO does not have full contact details on file, you may be asked to complete a form 

providing details, before proceeding with registration. In this case, after completion and 

submission of the form, an email will be sent to you with a link for validation. You need to click 

on the link to confirm receipt of the email, before you can proceed with product registration. 

4. Optionally enter a Description (see image below). 

5. In the Component field, select Gatekeeper. 

Image 17: VASCO Terms and Conditions 

Image 18: Registration Menu 



6. Enter or browse to the System Info file downloaded in section 8.2. 

7. Click on Next to continue. 

Image 19: Uploading the System Info file 

8. Right click to download and save the License file (see image below). 

Image 20: Downloading the License file 



8.3.2 Downloading an Evaluation License File 

To request an evaluation License file to be issued, you need to: 

1. Browse to VASCO’s Registration website: https://sc.vasco.com/registration (see image below). Select 

Click here for an evaluation license (see image below). 

Image 21: VASCO Product Registration Website 

2. Select Gatekeeper registration (see image below). 

Image 22: Product Selection 



3. If you have read and agree with VASCO's Terms and Conditions, tick the checkbox and click on I AGREE 

(see image below). 

4. Enter the names of a contact and of your organization, and (optionally) a description (see image below). 

5. Enter or Browse to the System Info file downloaded in section 8.2. 

6. In the Component field, select Gatekeeper. 

Image 23: VASCO Terms and Conditions 

7. Click on Create Evaluation License (see image below). 



Image 24: Uploading the System Info file 

8. Right click to download and save the evaluation License file (see image below). 

Image 25: Downloading the License file 



8.4 Uploading the License file to the aXsGUARD Gatekeeper 

To import the aXsGUARD Gatekeeper License ('.dat') file acquired from the VASCO Product Registration 

website (as explained in section 8.3): 

1. Access the Administrator Tool as explained in section 5. 

2. Navigate to System > Licence > Import. 

3. Enter or browse to the License file (see image below). Click on Update. 

4. Successful License importation is confirmed (see image below). 

Note: 

Image 26: Uploading the License file in the Administrator Tool 

Image 27: Confirmation of successful License importation 

After successful Licensing, the User 'sysadmin' will only be able to create or modify Users 

(see image above). It is then necessary to create a User with full administrative rights and log 

on as that User (explained in section 9.2). 


aXsGUARD Gatekeeper Installation Guide v2.7 aXsGUARD Gatekeeper Configuration 

9 aXsGUARD Gatekeeper Configuration 

9.1 Overview 

This section explains configuration of the aXsGUARD Gatekeeper to implement the required network security, 

providing instructions on how to: 

create a System Administrator with full administrator rights (section 9.2) 

enter customer information (section 9.3.1) 

navigate through the Administrator Tool (section 9.4) 

enter system information (section 9.5) 

configure network devices settings (section 9.6.1) 

configure email settings (section 9.8) 

9.2 Creating an Administrator with full administrator rights 

Caution 

The default System Administrator (sysadmin) password must be changed as soon as you log on; 

otherwise the appliance can be accessed by non-authorized users (see section 7). 

The sysadmin user (see section 5) has limited access. This default user can only modify some general system 

parameters and add/remove or modify users. The first step is to add a new user with full administration 

privileges to further configure the aXsGUARD Gatekeeper. This also facilitates troubleshooting, since all actions 

performed by administrators in the Administrator Tool are logged by user name, a useful feature when multiple 

system administrators exist. 

To create a System Administrator user with full administration rights: 

1. Access the Administrator Tool as explained in section 5. 

2. Navigate to Users & Groups > Users and click on Add new. The screen below is displayed. Fields with a 

description in bold are mandatory (cannot be left blank). 



3. Enter a user name. 

4. Enter the user's full name (optional). 

5. Enter and confirm the user's password. The password should consist of at least 6 characters, some of 

which are digits. For more information on secure passwords, please refer to the document, aXsGUARD 

Gatekeeper System Administration How To, which is available via the Documentation button in the 

Administrator Tool. 

6. Under the aXsGUARD Gatekeeper Administration tab, select Full Administration (see image above). 

7. Click on Update / Save. 

8. Log off and log on with the newly created administrator credentials. All purchased features can be 

configured by the new user with full administrative rights (see image below). 

Tip 

Mandatory fields are highlighted in bold on screen. 

Note 

Image 28: Creating a System Administrator User 

A log of the actions performed in the aXsGUARD Gatekeeper Administrator Tool is available 

under System > Logs > Admin Tool. 



Image 29: Configuration possibilities with full administrator rights 



9.3 Customer Information 

9.3.1 Overview 

When a User with full administrative rights first logs on to a licensed aXsGUARD Gatekeeper, the Customer 

information screen is presented (see image below). The Customer Information screen continues to display on 

logon until the information has been entered (and submitted by clicking on Update). 

Customer information is sent to VASCO back-up servers and automatically entered into the support database. 

Keeping this information up-to-date helps VASCO to inform you about the latest product updates, features and 

developments. 

Image 30: Customer Information 



9.3.2 Entering Customer Information 

To supply VASCO with your contact information and define preferences: 

1. After logging on as a System Administrator with full administration rights, enter the contact information 

as requested (see image above). 

2. To enter information about your Dealer (which is preferable), you need to select dealer or both for The 

aXsGUARD Gatekeeper is managed by field. The Dealer contact tab is then displayed for data entry. 

3. If you prefer not to receive any mailings from VASCO, uncheck the checkbox shown on the above screen 

to specify which information to receive. This presents check boxes for the information types, so you can 

select which if any you prefer to receive. 

To update contact information and preferences later: 

1. Navigate to System >Customer, where the customer information screen is displayed. 

2. Enter or modify contact information and preferences as described above. 

Caution: 

E-mail addresses must be entered accurately as they are needed to deliver system-critical 

information. 



9.4 Menu Structure and Navigation 

The Administrator Tool interface has three panes (highlighted orange in the image below). The pane across 

the top is permanently visible; the left pane displays the menu. Selecting a menu or sub menu item displays 

the corresponding configuration pane to the right for viewing and modifying settings (see image below). 

Image 31: System > General Screen 

Navigating the tree menu structure is possible using the following buttons: 

Clicking on Collapse closes all sub menus, returning the menu to its original state. 

Clicking on the plus sign displays (expands) the sub menu of the selected item. 

Clicking on the menu item while the sub menu is collapsed also displays the sub 

menu. (Some menu items, such as Computers, do not have sub menus.) 

Clicking on the minus sign closes (collapses) the sub menu of the selected item. 

Clicking on the menu item while the sub menu is displayed also closes the sub menu. 

Tip 

In the Administrator Tool, a selectable item can be identified by moving the cursor over it. The 

cursor changes to a hand-pointing symbol: 

For more information on the Administrator Tool menu, please refer to the aXsGUARD Gatekeeper System 

Administration How To, available through the Documentation button in the Administrator Tool. 

Navigation instructions in the rest of this manual use the following format: 

Navigate to Users & Groups > General 

This example indicates that you need to expand the main menu topic 'Users & Groups' and click on the 

subtopic 'General'. 



9.5 Entering the System Information 

To enter system information: 

1. Navigate to System > General. The screen below is displayed. 

2. Configure the fields as explained in the table below. 

3. Click on Update to finish. 

Caution 

1) Changing the default System Administrator (sysadmin) password is critical for security. It 

should be changed as soon as you log on; otherwise the appliance could be accessed by 

non-authorized users. 

2) The Domain Name is not necessarily the Windows Domain Name (see also the Domain 

Name field explanation in the table below). 

Note 

Image 32: System > General Screen 

1) Fields with a description in bold are mandatory (cannot be left blank). 

2) With the Content Filtering feature operational, the aXsGUARD Gatekeeper domain must be 

added in E-mail > Domains (see section 9.8) 

, as e-mails originating from non-registered 

domains are rejected. 



Table 1: System General Fields 

Field Description 

Hostname This is the internal (DNS) name of the aXsGUARD Gatekeeper appliance. The name axsguard is 

used by default. VASCO does not recommended changing this, unless absolutely necessary, in 

which case no upper cases, special characters or spaces may be used. Changing the hostname 

requires Advanced Administrator access (see section 9.2) 

. 

Domain Name Enter your organization's name. No upper cases, special characters or spaces may be used. If 

more than one domain name exists, enter the main Domain Name. This domain becomes the 

primary domain for the internal DNS server and is used whenever the aXsGUARD Gatekeeper 

sends an e-mail to the administrator or the outside world. For more information on the aXsGUARD 

Gatekeeper DNS, please refer to the document, aXsGUARD Gatekeeper System Administration 

How To, which is available via the Documentation button in the Administrator Tool. 

Time Zone Select the applicable time zone from the drop-down list. 

System Administrator 

E-mail address 

System Administrator 

Password 

Enter the System Administrator's e-mail address. All aXsGUARD Gatekeeper-generated reports 

are sent to this e-mail address. More than one e-mail address may be entered. 

The System Administrator password can be modified here (see section 9.2) 

. The new password 

should be entered twice. VASCO recommends changing this password immediately after 

installation, to prevent further use of the default system password. 



9.6 Network Device Settings 

The next step in configuring the aXsGUARD Gatekeeper is the configuration of the network devices. The default 

secure LAN device is shown in section 4.2. 

9.6.1 Setting up the Ethernet Secure LAN Device 

To set up the Ethernet Secure LAN Device: 

1. Navigate to Network > Devices > Eth. 

2. Click on eth0 (secure LAN). The screen below is displayed. 



Image 33: Network > Devices > Eth 

Image 34: Network > Devices > Eth > eth0 



Table 2: Network > Devices > Eth > eth0 Fields 


Description (optional) Enter the description of your choice for the selected device. 

Alias Names Enter additional names for the selected device. A DNS entry will be added in the aXsGUARD 

Gatekeeper DNS server database for each alias. For more information on the aXsGUARD 



Interface Type The following interface types are offered: 

Not in use 

Internet: An insecure zone with official IP-addresses. This is the aXsGUARD Gatekeeper 

device that connects to the Internet. 

Secure: A secure zone with non-official IP-addresses. This is most often where all your 

company PCs are, secured from hackers by the aXsGUARD Gatekeeper firewall. 

DMZ: An insecure zone in your company with official or non-official IP-addresses. This is 

where you would place any servers you wish to be accessible from the Internet. 

If your aXsGUARD Gatekeeper is serving exclusively as an authentication appliance, and not as a 

gateway to the Internet, select Secure. 

Upstream / 

Downstream 

Bandwidth 

These settings should only be modified when using the Bandwidth Management feature. 

Connection Settings Select the applicable option for your network: 

If DHCP Client is selected, no extra configuration is required. 

If Fixed IP Configuration is selected, additional IP settings need to be added in the IP 

Settings tab (see image below). The aXsGUARD Gatekeeper's IP address (as seen by a 

network segment connected to the Ethernet device) needs to be entered. 

Image 35: Fixed IP Configuration IP Settings 

Notes 

1) Fields with a description in bold are mandatory (cannot be left blank). 

2) If no Internet connectivity is required, the eth1 device Interface Type (see next section) can 

be set to Not in use. 



9.6.2 Setting up an Ethernet Internet Device 

Caution 

If your aXsGUARD Gatekeeper serves exclusively for authentication and not as a gateway 

between your LAN and the Internet, the instructions in this section are not relevant to your 

setup. If your aXsGUARD Gatekeeper acts as a gateway between your LAN and the Internet, 

configuring the Internet device as instructed in this section is essential. 

To set up the Ethernet Internet Device: 

1. Navigate to Network > Devices > Eth (see section 9.6.1). 

2. Click on the Internet device, eth1. The screen below is displayed. 



Image 36: Network > Devices > Eth >eth1 



Table 3: Network > Devices > Eth > eth1 Fields 


Description (optional) Enter the description of your choice for the selected device. 

Alias Names Enter additional names for the selected device. A DNS entry will be added in the aXsGUARD 

Gatekeeper DNS server database for each alias. For more information on the aXsGUARD 



Interface Type The following interface types are offered: 

Not in use 

Internet: An insecure zone with official IP-addresses. This is the aXsGUARD Gatekeeper 

device that connects to the Internet. 

Secure: A secure zone with non-official IP-addresses. This is most often where all your 

company PCs are, secured from hackers by the aXsGUARD Gatekeeper firewall. 

DMZ: An insecure zone in your company with official or non-official IP-addresses. This is 

where you would place any servers you wish to be accessible from the Internet. 

Select Internet. 

Upstream / 

Downstream 

Bandwidth 

These settings should only be modified when using the Bandwidth Management feature. Please 

contact your Internet Service Provider (ISP) for the correct settings. 

Connection Settings Select the applicable option for your network: 

If DHCP Client is selected, no extra configuration is required. 

If PPP over Ethernet (PPPoE) is selected, the adequate ISP account information should be 

added under the Account Settings tab (see first image below). 

If Fixed IP Configuration is selected, additional IP settings need to be added under the IP 

Settings tab (see second image below). These data are available from your Internet Service 

Provider. 

If PPTP Client is selected, settings should be modified appropriately under both the 

Account and IP Settings tabs. 

Image 37: PPPoE Configuration Account Settings 



9.7 General Network Settings 

To configure a Domain Name Server (DNS) on the aXsGUARD Gatekeeper: 

1. Navigate to Network > General. The screen shown below appears. 

2. Enter the name of the appropriate DNS server: 

If you are using the aXsGUARD Gatekeeper as a gateway to the Internet, the Domain Name Server 

(DNS) to be entered here is the the name provided by your Internet Service Provider (ISP). If 

necessary, contact your ISP for the correct settings. 

If you are using the aXsGUARD Gatekeeper exclusively for authentication on your LAN, the name to 

be entered here is the name of the DNS server on your LAN. 

3. Click on Add and Update to finish. 

Image 38: Fixed IP Configuration IP Settings 

Image 39: Network > General 



9.8 General E-mail Settings 

If the aXsGUARD Gatekeeper Content Scanning and E-mail Server features are both inactive, please skip to 

section 9.8.3. 

Note 

If the e-mail is handled by a server within your secure LAN, use the procedure explained in 

section 9.8.2. 

9.8.1 Content Scanning and E-mail Server Features Active 

Some company-wide e-mail settings need to be configured for the aXsGUARD Gatekeeper e-mail system to 

operate. More information on these settings is available in the documentation about e-mail concepts, which 

can be accessed by clicking on the Documentation button in the aXsGUARD Gatekeeper Administrator Tool. 

To configure the aXsGUARD Gatekeeper e-mail system: 

1. Navigate to E-mail > Domains and click on Add New. 

2. Enter in lower case the same System Domain as entered under System > General (see section 9.5). 

3. Enter a description (optional) for the domain. 

4. Select local as the type. 

5. Save the settings by clicking on Update (see image below). 

Image 40: E-mail > Domains > Add New: with SMTP and E-mail Server Features 



9.8.2 Content Scanning Feature Active, E-mail Server Feature Inactive 

The following instructions only apply when the aXsGUARD Gatekeeper Content Scanning Feature is active and 

the E-mail Server Feature is inactive (i.e. when a separate e-mail server is available in your secure LAN, e.g. a 

Microsoft Exchange Server). 

To configure this setup: 

1. Navigate to E-mail > Domains and click on Add New (see image 41). 

2. Enter the system domain as entered under System > General (see section 9.5). 

3. Enter a description (optional) for the domain. 

4. Select Forwarded as the type. 

5. Select Unlisted computer in the Server Settings. 

6. Enter the DNS name or IP address of the e-mail server in your secure LAN. 

7. Enter the port number (Forward Port). 

Image 41: E-mail > Domain > Add New: SMTP Only 

8. Save the settings by clicking on the Save button. 



9.8.3 Content Scanning and E-mail Server Features both Inactive 

The following instructions only apply if both the aXsGUARD Gatekeeper Content Scanning and E-mail Server 

Features are both inactive. This scenario allows system e-mails to be transmitted to another system in the 

secure LAN, or to the ISP SMTP relay server if no mail system is available in the secure LAN, without 

aXsGUARD Gatekeeper intervention. 

To configure for this setup: 

1. Navigate to E-mail > General. 

2. Enter the DNS name or IP address of the SMTP relay server used in your network (see image 42). 

3. Click on Update to save the settings. 

Image 42: E-mail>General: SMTP and E-mail Disabled 


aXsGUARD Gatekeeper Installation Guide v2.7 What's Next 

10 What's Next 

Before configuring your aXsGUARD Gatekeeper, you need to define your organization's security needs. To help 

you with this, we describe in the following section the aXsGUARD Gatekeeper Policies and the levels at which 

they can be applied. 

After reading section 11, the next steps to configure your aXsGUARD Gatekeeper are to: 

1. Create users and groups (manually, or automatically using the directory service feature). 

2. Register servers on the aXsGUARD Gatekeeper (if needed). 

3. Set up authentication. 

4. Configure each service in the aXsGUARD Gatekeeper. 

Further information is available through the Documentation button in the Administrator Tool: 

For more information on the above tasks, please refer to the document aXsGUARD Gatekeeper System 

Administration How To. This document also explains the structure of the Administrator Tool, backup & 

restore and update infrastructures and network functions such as DHCP, NAT, DNS and Routing. 

For more information on setting up authentication, please refer to the aXsGUARD Gatekeeper 

Authentication How To guide. This document explains how to set up local and back-end authentication 

using policies, rules and restrictions. It also provides detailed instructions on how to configure and use the 

aXsGUARD Gatekeeper RADIUS Server. 

For in depth information on each of the features offered with the aXsGUARD Gatekeeper, such as Firewall, 

Reverse Proxy etc., please also refer to the appropriate How To guides. 


aXsGUARD Gatekeeper Installation Guide v2.7 aXsGUARD Gatekeeper Security Concepts 

11 aXsGUARD Gatekeeper Security Concepts 

11.1 Overview 

To help you define your organization's security needs, we describe here the aXsGUARD Gatekeeper Policies 

and the levels at which they can be applied. 

Explanations are included for an aXsGUARD Gatekeeper serving exclusively for authentication, and for an 

aXsGUARD Gatekeeper also serving as a gateway to the Internet with features such as firewall, e-mail server, 

Web access, etc. Configurations vary, therefore, depending on the features enabled with your appliance (see 

section 1.2). 

11.2 Security Policies and Levels 

Caution 

The aXsGUARD Gatekeeper system-wide policy (system level) should enforce the strictest 

security! 

Authentication and other features such as firewall, e-mail and Web access, are managed by Security Policies, 

which implement a combination of rules, for example, whether a user must use a DIGIPASS One-Time 

Password in combination with a static password for authentication. The aXsGUARD Gatekeeper applies Policies 

at 4 levels: system, computer, group and user levels (see illustration below). 

Image 43: Rules, Policies and Application Levels 



Security Policies define rights for authentication and for data transmission related to e-mail, Web access and 

the firewall. For more information on how security policies are assigned to the system, computer, group and 

user levels, and the relations between the policies assigned at different levels, please refer to: 

the aXsGUARD Gatekeeper System Administrator How To 

the aXsGUARD Gatekeeper Authentication How To, and 

the feature-specific How To guides. 

These documents are all available through the permanently on-screen Documentation button. 

The aXsGUARD Gatekeeper system-wide security policy is valid for all users who are connected to the network, 

i.e. guests, visitors, etc., (see image below). This policy should therefore enforce the strictest rules. 

Image 44: Policy Application to Security Levels 



VASCO recommends the implementation of a security policy which enforces user authentication. User 

authentication should be widely implemented as more permissions (specific access) can be given at the user 

level. The image below shows the optimal implementation, with the levels (system, computer, groups and 

users) varying in terms of broadness of application (e.g. from everybody to a specific user) and restrictive 

powers (from very restrictive to less restrictive). Restrictions are high for a large number of people, but can be 

reduced for a single authenticated user. 

For more information on Policies and security levels please refer to the document, aXsGUARD Gatekeeper 

System Administration How To, which is available via the Documentation button in the Administrator Tool. 

Note 

Image 45: Restrictive powers and broadness of application 

With the Web access feature, a security policy is referred to as Access Control List (ACL). 



11.3 Groups 

11.4 Users 

A group is a set of users who are grouped together based on their location (department), access rights (e.g. 

allowed Internet sites, e-mail rights, rights to use FTP, etc.) or position within the organization (e.g. 

accountants, HR, managers, etc.). 

Users automatically adopt the access rights which are configured for their group, unless overruled at the user 

level. 

The aXsGUARD Gatekeeper is preconfigured with a default group. The following policies are applied to the 

default group, depending on the modules enabled on your aXsGUARD Gatekeeper (see section 1.2): 

Website Access rights: the default group is assigned the Web access filter predef-no-porn, which allows 

access to all Internet sites, except for pornographic sites. 

E-mail rights: the default group is assigned the default e-mail policy, which allows users to send and 

receive all e-mails, except those with dangerous executable attachments or those which are identified as 

spam. If the aXsGUARD Gatekeeper spam detection system identifies a message with a sufficiently high 

spam-rate, the message is deleted. If not, the message is labeled as spam, but still delivered. 

Firewall rights: the default group is assigned the sys-base firewall policy, which allows access to the 

aXsGUARD Gatekeeper DNS and Proxy services. 

A user is a person who: 

is registered and may authenticate with the aXsGUARD Gatekeeper. 

has certain access rights depending on the applicable security policy. 

(if the e-mail server feature is enabled) has an aXsGUARD Gatekeeper mailbox (see section 9.8.1). 

Users first need to be registered on the aXsGUARD Gatekeeper and assigned to a group before they can 

authenticate and be granted firewall and Web access rights. The user automatically adopts the access rights 

defined for his/her group, unless these rights are overruled and customized at the user level. 



11.5 Computers and Servers 

Caution 

A security policy without user authentication is not as secure as a policy with user 

authentication. Without user authentication, anyone with physical access to a computer in 

your network can (ab)use the Web access and firewall policies which are assigned to it (i.e. 

abuse your public IP address). 

Even if user- and group specific policies have been configured for Web and firewall access, 

they cannot be applied without user authentication; system or computer level policies are 

applied instead. 

VASCO strongly recommends application of Policies with user authentication, rather than 

Computer registration. 

Computers from which users authenticate do not need to be registered on the aXsGUARD Gatekeeper. 

Registering a computer on the aXsGUARD Gatekeeper allows a policy to be applied to the computer. An 

unauthenticated user on a registered computer is assigned computer-level Web access and firewall policies, 

based the computer's IP address. 

Servers are dedicated computers which handle requests for data, e-mail, file transfers and other network 

services coming from other computer or hosts in a network. Server configuration for the aXsGUARD Gatekeeper 

varies according to whether you are using the appliance as a gateway with firewall or exclusively as an 

authentication appliance on your LAN. 

If you are using the aXsGUARD Gatekeeper as a gateway, firewall and Web access policies need to be 

configured to allow servers to access specific services in another network, on the aXsGUARD Gatekeeper or on 

the Internet, for instance a Microsoft updates server on the Internet. 

If you are using the aXsGUARD Gatekeeper exclusively for authentication on your LAN, a server record needs to 

be registered for each server in your network which needs to use the RADIUS server on the aXsGUARD 

Gatekeeper. 



11.6 System 

For more information on Computer and Server registration, please refer to the document, aXsGUARD 

Gatekeeper System Administration How To, which is available via the Documentation button in the 

Administrator Tool. 

Note 

1) If a computer is not registered, the aXsGUARD Gatekeeper system-wide policy is applied. 

2) Access from one server to another within the same LAN (subnet) does not require any 

configuration of extra access rights on the aXsGUARD Gatekeeper. Servers within the same 

subnet communicate directly, without aXsGUARD Gatekeeper intervention. 

Caution 

The aXsGUARD Gatekeeper system-wide policy (system level) should always enforce the 

strictest security! 

Any user 

physically connected to the network 

not registered on the aXsGUARD Gatekeeper (not authenticating) 

whose computer is not registered on the aXsGUARD Gatekeeper is subject to the system-wide policy. It is 

therefore imperative that the aXsGUARD Gatekeeper system-wide policy enforces the strictest security. 


aXsGUARD Gatekeeper Installation Guide v2.7 Support 

12 Support 

12.1 Overview 

In this section we provide instructions on what to do if you have a problem, or experience a hardware failure. 

12.2 If you encounter a problem 

If you encounter a problem with a VASCO product, please follow the steps below: 

1. Check whether your problem has already been solved and reported in the Knowledge Base at the 

following URL: http://www.vasco.com/support. 

2. If there is no solution in the Knowledge Base, please contact the company which supplied you with the 

VASCO product. 

3. If your supplier is unable to solve your problem, they will automatically contact the appropriate VASCO 

expert. If necessary, VASCO experts can access your aXsGUARD Gatekeeper remotely to solve any 

problems. 

12.3 Return procedure if you have a hardware failure 

If you experience a hardware failure, please contact your VASCO supplier. 


aXsGUARD Gatekeeper Installation Guide v2.7 

Alphabetical Index 

Administrator Password........................................................... 20, 30, 37 

Administrator Tool................................................................... 18, 35, 49 

AG-3XXX, AG-5XXX and AG-7XXX Models............................................. 12 

aXsGUARD Gatekeeper........................................................................ 10 

Chassis Rails...................................................................................... 12 

Configuration Instructions.................................................................... 30 

Connecting to your Network................................................................. 16 

Content Filtering.................................................................................. 36 

Customer Information.......................................................................... 33 

Dimensions........................................................................................ 12 

Documents..................................................................................... 9, 49 

Domain Name..................................................................................... 36 

Domain Name Server........................................................................... 43 

E-mail Addresses................................................................................ 37 

E-mail Server................................................................................ 45, 48 

E-mail Server Feature.......................................................................... 47 

E-mail Settings................................................................................... 45 

Electrical Safety.................................................................................. 11 

Environmental Requirements & Protection....................................... 11, 12 

Ethernet Internet Device....................................................................... 41 

Ethernet Secure LAN Device................................................................. 38 

Further Configuration........................................................................... 49 

General Network Settings..................................................................... 43 

Humidity............................................................................................. 12 

Knowledge Base................................................................................. 56 

LAN Interface...................................................................................... 14 

Licensing............................................................................................ 22 

Index 

Logs.................................................................................................. 31 

Mailings from VASCO.......................................................................... 34 

Menu Structure................................................................................... 35 

Navigation.......................................................................................... 35 

Network Cable.................................................................................... 11 

Network Device Settings...................................................................... 38 

Personal Safety................................................................................... 11 

Power.................................................................................... 11, 12, 14 

Pre-installation.................................................................................... 13 

Return Procedure................................................................................ 56 

Safety ............................................................................................... 11 

Security Concepts................................................................................... 

Computers................................................................................... 54 

Security Levels............................................................................. 50 

Security Policies........................................................................... 50 

System........................................................................................ 55 

Users........................................................................................... 53 

Self-signed Certificate......................................................................... 19 

SMTP Feature............................................................................... 45, 47 

Support.............................................................................................. 56 

Sysadmin Password............................................................................ 36 

System Information............................................................................. 36 

Temperature....................................................................................... 12 

Testing TCP/IP Settings....................................................................... 17 

Training................................................................................................ 9 

VASCO............................................................................................... 10 

Workstation TCP/IP Settings................................................................. 16

aXsGUARD Gatekeeper - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?