Administrator's Guide
`
`- Specify path for installation: You can specify a path for installation. or
`you can select-the default path. The default path for 32-bit operating
`SyflenBisc:\Program Fi1es\Auentail\Connect
`
`For 16-bit-only operating systems, the default is
`-c:\Connecc
`
`
`
`' NOTE:
`
`if you are upgrading from an earlier version of Aventail Connect, .
`Aventail Connect will install to the same directory that the eartier
`version of it was installed to.
`
`- Platforms: You must specify which operating systems need to be sup-
`ported in the setup package. Aventail Connect 3.1 supports Windows
`95 {with the Microsoft Wlnsock 2 update), Windows 98. and Windows
`NT 4.0 (with Service Pack 3 or above, available from Microsoft). Aven-
`tail Connect 2.6 supP()rts Windows 95 (without the Microsoft WinSock 2
`update). Windows 3.1, Windows for Wontgroups 3.11, and Windows NT
`3.51. For more information, refer to "What Does Aventaii Connect Do?"
`
`- Trusted Roots File and Certificate File: if you want to use server cer-
`tificates, you must include the trusted roots file that contains those oer-
`tificates. If you want to use client certificates, you must specify the
`location of the file that contains the X. 509 certificate.
`- Running Setup in Unattended Mode: Unattended setup mode simpli-
`fies distribution of numerous client configuration files. The network
`administrator specifies all settings before users receive the Aventaii
`Connect setup package file. No end-user input is required because the
`network administrator has already selected the setup options; users
`simply open the package file, which will automatically installon their
`workstations.
`
`
`
`NOTE: Specifying unattended setup mode will cause the setup package
`to automatically install using default values for any options not
`explicitly specified.
`
`- Adding Aventail Connect to the Startup Directory: If you choose to
`add Aventail Connect to the startup directory, Aventail Connect will
`automatically start when Windows starts.
`
`- Select Tools: Aventail Connect gives you the option to install various
`components, including Extranet Neighborhoodisecure Extranet
`Explorer (SEE), configuration tools (Config Tool and Configuration File
`command). or diagnostic tools (Logging Tool and S5 Ping). The default
`value is to install all package components.
`
`- Secure Extranet Explorer: Secure Extranet Explorer (SEE) allows
`you to view your Extranet Neighborhood, which is accessed through
`the Extranet Neighborhood icon on your desktop. Extranet Neigh-
`borhood functions much like Network Neighborhood, except Extranet
`
`_
`
`Aventail Connect 3. 1/2. 6 Adnvinislratofs Guide - 28
`
`Petitioner Apple Inc. — Exhibit 1022, p. 250
`
`Petitioner Apple Inc. - Exhibit 1022, p. 250
`
`

`
`Administrator’s Guide
`
`. Neighborhood allows you to browse, copy. move, and delete files
`from secured remote computers via an extranet. while Network
`Neighborhood displays all computers on your local network.
`
`- Config Tool: The Aventail Connect Config Tool allows you to create
`configuration files that determine how network requests will be routed
`and which authentication protocols will_ be enabled. You can add,
`remove, or edit configuration files at any time. If necessary. you can
`create several configuration files for different users or user groups. If
`_ you want to prohibit end users from editing configuration files, do not
`_
`include the Config Tool in the installation package.
`
`- S5 Ping: S5 Ping allows you to use the ping and traceroute utilities,
`two diagnostic tools. The ping utility checks for network connectivity
`between two hosts and returns information about the quality of the
`connection. The traceroute utility checks for network connectivity by
`displaying information about routers between two hosts; it displays
`information for each hop.
`'
`
`- Logging Tool: The Logging Tool is a diagnostic utility that traces
`Aventail Connect activity. When running a trace. the Logging Tool dis-
`plays errors, warnings, and information as Aventail Connect gener-
`ates them. If necessary. the message list can be saved to a tog file
`that can be used by Aventail Technical Support lntroubleshooting
`technical problems. These traces are also useful when running Aven-
`tail Connect for the first time to ensure that network traffic is being
`routed appropriately.
`
`- Select Authentication Modules: Aventail Connect lets you select any,
`all, or none of the following authentication modules: SSL, CRAM,
`CHAP. UNiPW. SOCKS v4, or HTTP Basic (usernameipassword).
`- Secure Sockets Layer: Secure Sockets Layer (SSL) is a session-
`layer protocol for securing connections in a general. protocol-inde-
`pendent fashion.
`
`
`
`NOTE:
`
`in versions of Aventaii Connect that do not include encryption,
`the Secure Sockets Layer {SSL) authentication moduie is not
`included.
`
`v CRAM: The Challenge Response Authentication Method (CRAM)
`sends your username and password as clear text between extranet
`(SOCKS) servers. but encrypted between servers that support
`CRAM. Typically, CRAM subauthenticates within SSL. which pro-
`vides both encryption and credential caching options.
`
`NOTE:
`
`in versions of Avventaii Connect that do not include encryption,
`the CRAM authentication moduie is not included.
`
`
`
`Aventaii Connect 3.1/2.6 Administrator's Guide - 29
`
`Petitioner Apple Inc. — Exhibit 1022, p. 251
`
`Petitioner Apple Inc. - Exhibit 1022, p. 251
`
`

`
`Administrators Guide
`
`v CHAP: The Challenge Handshake Authentication Protocol (CHAP)
`sends your username and password encrypted across the network to
`the destination server.
`
`- UsernamelPassword: The RFC 1928 (lntemet standards docu-
`ment) UsemamelPassword (UNPW) authentication protocol sends
`your username and password in clear text across the network to the
`destination server.
`
`- SOCKS 4 identification: Aventaii Connect includes backward com-
`patibility for the SOCKS 4 protocol. SOCKS 4 does not support pass-
`word aulhentication, so only your username is sent. unencrypted. to
`the SOCKS server along with your connection request.
`
`» HTTP Basic [UsernamelPassworcl): The HTTP Basic authentica-
`tion module enables usernameipassword authentication against
`HTTP proxies that implement the RFC 2068 HTTP Basic authentica-
`tion protocol.
`
`
`
`NOTE: Not all versions of Aventail Connect have encryption enabled.
`
`- Configuration Files: Aventail Connect needs at least one configura-
`tion (.cfg) file in order to function properly. The configuration file con-
`tains all of the authentication and traffic routing instructions that you
`specify. You can include one or more configuration files in the setup
`package; however. each configuration file must have a different name.
`If you include only one configuration file in a setup package. Aventail
`Connect will automatically use that configuration file. If, however, you
`include multiple configuration files. Aventail Connect will prompt users
`to select a configuration file at startup.
`You can include local configuration files. remote configuration files, or a
`combination of both. Local configuration files are included in the setup
`package and are installed on users‘ machines. If you include remote
`configuration files, pointers to those files are included in the package;
`the remote configuration files remain in their original location on the net-
`work, where they can be shared by multiple users.
`
`If your setup package does not already contain a configuration file, you
`can add a configuration file to the package. If your setup package con-
`tains one or more configuration files, you can remove or replace any or
`all of the existing configurationfiles, or you can leave them, unchanged.
`in the package. if you are upgrading from an earlier version of Aventaii
`Connect. ‘you may not need a new configuration file.
`
`- License Files: Aventail Connect requires a valid license file in order to
`function properly.
`If your setup package contains a license file, you can
`remove or replace the existing license file. or you can leave it.
`unchanged, in the package. If your setup package does not contain a
`
`Aventail Connect 3.1/2.6 Administrator's Guide - 30
`
`Petitioner Apple Inc. — Exhibit 1022, p. 252
`
`Petitioner Apple Inc. - Exhibit 1022, p. 252
`
`

`
`Administrator's Guide
`
`license file. you can add one to the package. You must use the pack-
`aged Aventail license file, aventail . al 3.’.
`
` I CAUTION: Aventaii Connect 3. 1 and2.6use a differentlicense (. a1f) lite
`
`format than eanier versions ofA ventaii Connect (VPN Client or
`AutoSOCKS) did. if you are upgrading from an eartier version
`omventait Connect (V2.42 or eanier), you must include a new
`Aventaii license tiie.
`
`- Extranet (SEE) Hosts Files: Secure Extranet Explorer (SEE) allows
`you to browse remote computers using Extranet Neighborhood. SEE
`requires a hosts file that specifies which Windows domains, WINS serv-
`ers, and other computers are available in Extranet Neighborhood. The
`extranet hosts (SEEHosts) file is contained in the setup package. if you
`install SEE, this file is placed in the target directory. If you do not include
`a hosts file in the setup package, Ayentail Connect will automatically
`create a hosts file on users‘ machines the first time they open Extranet
`Neighborhood. (Available only in vtnndows 95, Windows 98, and Win-
`dows NT 4.0.)
`
`CREATING, LOADING, AND SAVING PACKAGES
`
`You can create, load, or save custom setup packages through either the Cus-
`tomizer Editor or the Customizer Wizard.
`
`..T.° °'°Ft.e 3 '_"e“_‘K._Pa.°“§9e
`
`There are two ways to create a new custom setup package:
`
`In the Customizer Editor window. select File | New.
`
`-
`_
`-OR-
`o Type the filename of a new package in the first window of the Custom-
`izer Wizard and click Next.
`
`.T°.'°a.9'_ .3 .Pa°."§.9“-'..
`
`.
`
`..
`
`There are two ways to load an existing setup package:
`
`-
`
`In the Customizer Editor window, select File | Open. and then enter
`the filename of the package you want to load
`
`_OR_
`
`- Type the tilename of the package in the first window of the Custornizer
`\Nzard and then click Next.
`
`when you load a package. Customizer reads the setup control file to determine
`what information the package contains. Customizer uses this information to pop-
`ulate the Customizer Editor window. Custornizer also reads the configuration
`fiIe(s) into memory; configuration files are stored in memory to facilitate adding
`them to and removing them from a package.
`
`Aventaii Connect 3. 1/2. 6 Administrator’s Guide - 3 1
`
`Petitioner Apple Inc. — Exhibit 1022, p. 253
`
`Petitioner Apple Inc. - Exhibit 1022, p. 253
`
`

`
`Administrator's Guide
`
`T9 save. ¢hanses.t.9 ?_P.?FK39?_._ _ _
`
`There are two ways to save changes to a setup package:
`
`- After making the desired changes to the package, click Save (or Save
`As) on the File menu in the Customizer Editor window
`
`.09-
`
`- Click Save Package in the final window of the Customizer Wizard.
`
`customizes TlPS
`
`The following tips will help you use the Aventail Customizer more efficiently.
`
`- Keep the package size small: You can control the size of your custom
`setup packages by selecting components carefully. To keep the pack-
`ageas small as possible. include only the options that you need, and
`support only the platforms (e.g., Windows 98, Windows NT 4.0, etc.)
`that your users work with. You may find that creating two separate.
`smaller packages is preferable to creating one larger package. For
`example, you might create one package that supports Windows 98 and
`Windows NT 4.0 operating systems. and another separate package
`that supports Windows 3.1 and Windows 95 operating systems.
`- Use descriptive package names: when naming setup packages.
`assign descriptive. recognizable names that will help users identify the
`setup packages.
`
`- Select components carefully: If you include the Config Toolin the
`package. users will be able to view and modify the settings in the Con-
`fig Tool. Aventail recommends that, in most cases. you do not include
`the Config Tool in your custom setup packege(s}. Excluding options
`such as the Config Tool will eliminate users’ ability to modify your set-
`tings, and will keep the package size smaller. However, the S5 Ping
`and Logging Tool utilities are useful diagnostic tools. and Aventail rec-
`ommends including these options in the setup package whenever pos-
`sible.
`
`-
`
`'
`
`0
`
`Install Aventail Connect 2.6 on Windows 95: By default, Vvlndows 95
`does not support Wlnsock 2. but you can upgrade it to support Win-
`Sock 2 with a Microsoft patch. {The patch, w95ws2 setup . exe, is
`available from Microsoft, at
`http:l'!www.microsoft.comiwindows95ldownloadslcontents:‘wuad-
`rnintoolsl's__wunetworkingtoolsIW95Sockets2ldefault.asp. How-
`ever, this procedure adds an extra step to the installation and setup
`process. Unless users need the MuItiProxy feature, which is available
`only in Aventail Connect 3.1, Aventail recommends that you install
`Aventail Connect 2.6 ratherthan 3.1 on machines running the Windows
`95 operating system.
`
`Include a hosts file: If you install Secure Extranet Explorer (SEE) with-
`out also installing a corresponding hosts file, SEE will automatically cre-
`ate a hosts file the first time that users open SEE. -If you want to control
`which hosts users can view, Aventail recommends that you include a
`hosts file in the custom setup package.
`
`Aventail Connect 3. 112.6 Administrator's Guide - 32
`
`Petitioner Apple Inc. — Exhibit 1022, p. 254
`
`Petitioner Apple Inc. - Exhibit 1022, p. 254
`
`

`
`Administrator's Guide
`
`-
`
`Include a license file: Aventail Connect requires a valid license file
`(aventa 11 . alf) to function properly. Aventail Connect 3.1i2.6 uses a
`different license file than earlier versions of Aventail Connect (VPN Cli-
`ent or AutoSOC KS) did. If you are upgrading from an earlier version of
`Aventail Connect (V2.42 or earlier), you must use the new Aventail
`license file, aventa 11 . alf. Including this license filein the custom
`setup package is a simple way to install the license file.
`
`- Test each custom package: Aventail recommends that you thoroughly
`test each custom setup package before distribution to users.
`
`CONFIGURING AVENTAIL CONNECT
`
`Create configuration files using the Config Tool or the Configuration wizard. You
`can launch either during the Aventail Connect installation or any time you want
`to add. modify, or remove a configuration file.
`
`The steps forcrealing a new configuration file-_ar'e:
`1. De-firife. the SOCKS servers
`
`2. Define-. the d_e.stination$'.(ne‘t\lvorl<s and hosts)
`
`3. Specify "redirection rules
`
`4. Enter Name Resolution information (optional)
`
`5. Manage authentication modules
`
`6. Enable password protection (optional)
`
`These procedures are described in the text below.
`
`.T.."....'.?F'."".’.'1.‘..'.‘$". 99959 T°°'
`
`The Config Tool opens with the Open Aventail Connect Configuration File
`dialog box. After you select a configuration file or enter a new file name. the main
`window of the Config Tool appears.
`
`1. Select the Yes, I want to configure Aventail Connect box in the Setup
`Complete dialog box (during installation).
`
`-0R.
`
`Right-click the Aventail Connect icon in the taskbar and click Config Tool
`(W’IrldOWS 95, Vwndows 98, or Vtfindows NT 4.0 programs menu option), or
`double-click the Config Tool icon in the Aventail Connect program group
`(Windows 3.1, Windows for Workgroups 3.11. or Windows NT 3.51).
`
`2.
`
`If you are creating a new configuration file, enter a name for the configuration
`file
`
`-09-
`
`Select the configuration file you want to open.
`
`This displays the main window of the Config Tool.
`
`Aventail Connect 3. 1/2. 6 Administrator's Guide - 33
`
`Petitioner Apple Inc. — Exhibit 1022, p. 255
`
`Petitioner Apple Inc. - Exhibit 1022, p. 255
`
`

`
`Administrator's Guide
`
`Illirtiltj I mil —
`
`I". X Ukvi-ml .-1n:l"i.r3i\-'t:r'il.-nil! l_lt‘_]
`
`The Config Tool window contains six tabs. The properties defined on each tab
`can be edited at any time.
`
` '- Define" 'e:aranet'(SO£:l$)server(s).
`Destinations
`
`through t_h&_$0CK_'$._sei_'ver(s}.
`
`routed
`
`
`credential cache timeouts.
`
`'
`
`Name Resolution
`
`Authentication
`
`Advanced
`
`$t$;_§E:.in.ee.-n';5ti"‘i1'eiiéioiIé-5ré<inests-at-ejriiiite':ii?'t.¢'-thatseems
`
`s.I%ir'.iie'its.)3.
`
`(Optional) $pe_c_;_i_t_’l'es 'hostharhes that will bé._i4ésoI'iiéa"b3i‘tha
`local workstation;
`
`Enables. disables. and sets properties for the authentication
`modules.
`_
`
`Enablesldisablesextranet (SOCKS) traftic through successive
`SOCKS servers, enablestdisables the Application Exclusion}
`Inclusion List. secures selected applications, and sets
`
`You can change the width of any of the fields on the tabs by positioning the cur-
`sor over the dividing line between the fields on the field bar. When the cursor
`changes to a double-headed arrow. click and drag to resize the field.
`
`' Aventail Connect 3.1 allows you to create or modify a configuration file and then
`immediately use it. without needing to restart Aventail Connect and any Aventail-
`processed applications. When you modify a configuration file, Aventail Connect
`can re—read the updated configuration file; all applications being processed by
`
`Aventaii Connect 3.1/2.6 Administrator's Guide - 34
`
`Petitioner Apple Inc. — Exhibit 1022, p. 256
`
`Petitioner Apple Inc. - Exhibit 1022, p. 256
`
`

`
`Administrator's Guide
`
`Aventail Connect will then immediately begin using the new configuration infor-
`mation.
`
`When you make a modified configuration file active, Aventail Connect will save
`the current (modified) configuration file. update the registry, and load the
`selected configuration file. Aventail Connect will begin using the modified config-
`uration file with any subsequent TCP connection requests, andtor any subse-
`quent UDP activity.
`
`
`
`NOTE: The configuration fite "retresh” feature is supported in Aventait
`Connect 3.1 onty. it is not supported in Aventait Connect 2.6. To
`activate modified configuration fites in Aventatt Connect‘ 2. 6, you
`must first shut down and restart Aventaii Connect and alt appttca-
`ttons being processed through Aventetl Connect.
`
`I9 !.9.e¢!. e__n199!_ifle.<! s9nfi99_ra*i°n_fi!.e.I°r immedi ate use
`
`' With the newly modified configuration file open, select Make Active from
`the File menu of the Config Toot
`
`-OR-
`
`* From the system tray menu, select Configuration File. and select (or enter
`the name of) the configuration file that you want to use. Click OK.
`
`DEFINE AN EXTRANET (SOCKS) SERVER
`
`SOCKS servers are defined on the Servers tab in the Config Tool.
`
`ol — -..__--man-iii. lg
`agate.
`see-“ea
`
`
`
`Aventait Connect 3. 1/2. 6 Administrator's Guide - 35
`
`"Petitioner Apple Inc. — Exhibit 1022, p. 257
`
`Petitioner Apple Inc. - Exhibit 1022, p. 257
`
`

`
`Administrator's Guide
`
`add ress of the server. ' The port on which the server is listening.
`
`The name you assign to the server.
`
`H I
`
`
`
`
`
`Aventail Connect 3.1 allows you to set a server fallback timeout for every Aven-
`tail ExlraNet Server. If a primary SOCKS server is down, or otherwise unable to
`accept connections, Aventail Connect can fall back to a secondary server. You
`can set the sewer fallback timeout, in seconds, on a server-by-server basis. if
`you do set a server fallback timeout. each connection to a primary server must
`be completed within the specified length of time or else the connection will fall
`back to the secondary server.
`
`NOTE: Server fallback timeouts are supported in Aventall Connect 3. 1
`only. You cannot set a server fallback timeout in Aventail Connect
`2. 6; you must let the TCP/lP stack time out.
`
`NOTE: Aventall Connect can fall back to only one server. For example,
`Aventail Connect could fall back from Server A (primary server)
`to Server 3 (secondary server). Aventeil Connect could not, how-
`ever, fell back from Server A to Server 8 to Server C.
`
`During normal operation. if you configure Aventail Connect to fall back to a sec-
`ondary server, connections will be directed to the primary server. If the primary
`server does not respond or accept the connection by the end of the fallback tim-
`eout period, the connection will be redirected to the secondary server, If the sec-
`ondary server accepts the connection. all subsequent connections will
`automatically be directed to the secondary server. The secondary server is gen-
`erally meant to be used only when the primary server is unable to accept con-
`nections. To prevent the secondary server from automatically becoming the
`default server for all subsequent connection, Aventail Connect will check the pri-_
`mary servers status every ten minutes. if the primary server is back up and able
`to accept connection, all subsequent connections will be routed through the pri-
`mary server.
`
`CAUTION: Do not enable the server fallback option if you are using plug
`gateways.
`
`Aventail Connect 3. 1/3?. 6 Adrnlm'strator’s Guide - 36
`
`"Petitioner Apple Inc. — Exhibit 1022, p. 258
`
`Petitioner Apple Inc. - Exhibit 1022, p. 258
`
`

`
`‘_'.°_'__§..".‘3.?_‘." ‘?’_‘.t_"_3__'!9? §§9.9'5§l..§§‘_TV..?'
`
`Administrators Guide
`
`1. On the Sewers tab. click Add.... The Define SOCKS Sewer dialog box
`appears.
`
`
`
`Dtelim:
`
`“|i’K1;fil'3I'VI.‘l
`
`use
`
`
`
`
`
`Alias Name
`Hostnarne or IP
`
`Part Number
`
`se}7eT1~ype'
`
`.3:
`
`9
`
`- -u;£i.~«.=§aimii$é:'
`User-frie ndly alias for extra net (SOCKS) server.
`
`'ae:e.....el»_m
`
`SOCKS server porl. Default value is 1080.
`
`SOCKS .v4
`
`soc‘KS'v5 "
`
`Detepl 'Vers'ion
`
`so'cI<s-vers'ii:ri' -‘mi.
`
`some vérsién 5.0;
`
`=sér‘ve.r.
`
`Detect SOCKS version
`number.
`
`Fallback
`
`Fall back to secondary server
`afler x seconds
`L...-
`
`Server fallback timeout period
`{in seconds).
`
`Fall back to Server“.
`
`Fall back to Host Alias
`
`SOCKS server alias for
`redundant server.
`
`Use DNS records for
`redundancy.
`
`Aventail Connect 3. 1/2. 6 Administrator's Guide - 37
`
`Petitioner Apple Inc. — Exhibit 1022, p. 259
`
`Petitioner Apple Inc. - Exhibit 1022, p. 259
`
`

`
`Administrator's Guide
`
`2. In the Alias Name box. type a user-friendly alias for the extranet (SOCKS)
`server. Do not leave this box blank.
`
`3. In the Hostname or IP address box, type the actual hostname of the SOCKS
`sewer or its IP address.
`
`4. In the Port Number box, type the extranet servers port number. If you do not
`enter a value, it defaults to the standard SOCKS port ‘I030.
`
`5. Under "Server Type," select the version of SOCKS supported by the server. If
`you are unsure of the version, click Detect Version.
`
`
`
`NOTE: Typically you should select SOCKS V5 unless the server can
`support only SOCKS V4.
`
`6.
`
`if you want to use a fallback server. select Fall back to secondary server
`after... under "Fallback." Either select Fall back to server and directly specify
`an extranet server for redundancy. or select Fall back to host alias. Select or
`enter, in seconds, the fallback timeout period. Click OK.
`
`.
`
`To edit etftranet (__SOCKS) server properties
`
`' Select the extranetserver you want to edit and click Edit.
`
`The Define SOCKS server dialog box appears with the selected server
`data filled in. Edit any of the information, and then click OK.
`
`___}:o_r§ri_3_9_ve _a‘r_t_‘_e_g:_tranet (SOQKS) server definition
`
`' Select the extranet server you want to remove and click Remove.
`
`The server is deleted from the list. Corresponding redirection rules will also
`be deleted.
`
`Aventail Connect 3. 1/2. 6 Administrator's Guide - 38
`
`Petitioner Apple Inc. — Exhibit 1022, p. 260
`
`Petitioner Apple Inc. - Exhibit 1022, p. 260
`
`

`
`DEFINE A DESTINATION
`
`Destinations are defined on the Destinations tab in the Config Tool.
`
`Administrator's Guide
`
`am‘!
`
`o to
`
`'w.'}Conli Tol
`.-I3 ""::I'
`
`
`
`
`
`
`A_it_er;_.or_1_e_ _O_l_' more SOCKS sewers "are defined. add -destinetions_to- be routed
`through them.
`
`
`
`NOTE: The “(everything else)” destination refers to all network and host
`addresses not otherwise defined. You cannot delete or rnodily
`“(everything else). ”
`
`Mentail.Qcin'rie<:t'5upestrtsthe..t4.§9.stLiviJsi9erd_,9hat,a!¢t9.r§.i.rt.'£!'e%§1i;natistn_.h9§t:
`ne.mes.._.Y9u_,can u§e'.wildc§tds.'.whe.n_.définih9 n'a.rn'e_';!.'destineti.en:-.(h§:§h3am9§).:
`you c:an_n_ot_use_ wildcen;|_s'_wt)en defining numerical destinations. "such as IP'
`.
`3
`addresses. or subnet masks-.
`
`-
`
`Acoeptsble._w'iIdea.'rd_ cha'rajcIer's.'.a'u"fe_ !.‘.'2”.a_r.:.c.I.._“'.'f?,(\v.sii.i.1.§":r'ier: ‘f'.?!?'.-iep'ra._s__étr.i'i.s one c'har- '
`ecter, and "*" represents any number of characters)-. For example:
`
`e*tra. in . aventail . com matches ex,t'1:a.. in _. aventiai 1 . com
`e?,tra.-in .a_.Ventail . com matches extra. in .ave'ntaj.l .com '
`e?ra . in . aventa-il . com does NOT match extra . in . aventail . com-
`
`oombinetion of “'7” and "*" characters between each set of peri-
`You -can use
`ods. H9w_ev9r._ each s'°a<_=t.ion must. contain at !.east.or!e. Tl°".°W_iIdt_=8|'d character.
`For example. the following destination names would be allowed:
`e.-?t?a. in.aventai1.com
`*xtr?. in .aventai'L . com
`e???a.in.ave*.com
`e* .3'.n. *tai'l.. corn
`
`The following destination names, however, would not be allowed:
`
`Aventa:‘IConnect3.1/2.6 Administrator's Guide - 39
`
`Petitioner Apple Inc. — Exhibit 1022, p. 261
`
`Petitioner Apple Inc. - Exhibit 1022, p. 261
`
`

`
`Admirristrarofs Guide
`
`extra.*.aventail.com
`
`*.*.aventail.com
`extra.in.*.com
`
`Q
`
`CAUTION: You cannot use a wiidcend character, or a series of wiidcard characters,
`
`to represent multiple secflons. Any wiidcard character in a section can
`represent characters wr'thin that section only For example:
`
`:9‘ .in.avenr.'a.1'.I. com matches extra . in.aventa_il. com
`e* . aventail . com does NOTrnatch extra. in. aventail . com
`
`T° “=!!+“...‘!..E. 9:‘=5“"a"i°"
`
`c¢m_aQ$9,t§.;9r.:I,B;§Qs;:9§§5.ran9§§;a,§§_t,.La_L=~;r.L,'z.Fc;‘.»:;:s4_-'.aI=j<'I.s4t=
`no_'_ne of;th_e_.iF_’ .t'rafflc'to_ these defined destin'atio'n$:
`
` ‘
`
`1. On the Destinations tab, click Add....
`
`The Define Destination dialog box appears.
`
`Avenrail Connect‘ 3. 1/2. 6 Ao'rnr'nr‘sfrator"s Guide - 40
`
`Petitioner Apple Inc. — Exhibit 1022, p. 262
`
`Petitioner Apple Inc. - Exhibit 1022, p. 262
`
`

`
`Administrator’s Guide
`
`
`
`a1-r‘
`
`Alias Name
`
`User—triendIy alias for destination network or host
`
`Singte Host
`
`: A specific destination computer
`
`Ending IP address
`
`' Actual name of destination network or
`host
`
`IP Address (options!)
`
`Full numeric IP address
`
`One or more computers in a network
`
`Domain Name
`éuubnet-(optional)
`
`Domain of thenetwork
`it 'ip’aaa}e'ss tiatnitimgst address "
`
`Address Range
`(optional)
`
`Beginning and ending IF’ addresses
`From
`Starting IP address
`To
`
`CA UTION: The IP Address, Subnet, and Address Range fietds
`'
`are an optional. However, in order to apply redirection
`rules when connecting by IP address, you must enter iP
`address and subnet information.
`
`2. In the Alias Name box, type a user-friendly alias for the destination network
`or host.
`
`3. Select either the Single Host or Network option:
`
`' Under "Single host,“ type the actual name of the host system andfor its
`full, numeric IP address. If you do not know the host's IP address, click
`Lookup to search for it.
`
`-09-
`
`- Under "Network," type the domain of the network and then, if applica-
`ble, select either Address Range or Subnet.
`
`—
`
`.
`
`,
`
`. _r..=e.»..'-_
`
`Enter a starting and ending IP address. All addresses between the
`two will be included as part of the destination. For example, a
`stoning IP address of192.1.1.0 and an ending IP address of
`192.1.1.255 would include all hosts ofthe 192.1.1.x subnet.
`
`address range as shown above.
`
`Enter an IP address and a netmask address. This is another way
`to specify a group of destinations. For example, an IP address of
`192.1.1.U and a net mask of 255.255.2550 defines the same
`
`
`
`Aventaii Connect 3.1/2.6 Administrator's Guide - 41'
`
`Petitioner Apple Inc. — Exhibit 1022, p. 263
`
`Petitioner Apple Inc. - Exhibit 1022, p. 263
`
`

`
`Administrator's Guide
`
`To edit a destination
`
`' Select the destination you want to edit and click Ed it....
`
`The Define Destination dialog box appears with the seiected destination
`data filled in. Edit the data as necessary.
`
`. T_°_ "9"?_‘__’Y‘_’ §'__‘_i°§*__i_I?:"'_*__i_!?'E.‘
`
`_.
`
`..
`
`' Select the destination you want to remove and click Remove.
`
`The destination is deieted from the Iist. The corresponding redirection
`rules wilt also be deleted.
`
`ENTER REDIRECTION RULES
`Once servers and destinaticns are defined,. you. can specify how youwant. Avon.-T _
`tail Connect to redirect (or deny) access to various hosts and services such as e-
`mail, FTP, and HTTP.
`
`_
`
`Redirection rules are specified on the Redirection Rules tab in the Config Tool.
`
`I .' nriliii
`
`Destination
`
`Destinations defined on the Destinations tab
`
`Type? is: lnteniét-trsfflt:
`
`Proxy Redirection
`
`Specify how to redirect traffic
`
`Aventaii Connect 3. 1/2. 5 Administr‘ator’s Guide - 42
`
`Petitioner Apple Inc. — Exhibit 1022, p. 264
`
`Petitioner Apple Inc. - Exhibit 1022, p. 264
`
`

`
`Adrnirtistrators Guide
`
`You can change the width of any of the three fields by moving the cursor to the
`dividing tine between the fields on the field bar. When the cursor changes to a
`double-headed arrow. click and drag to resize the field.
`
`T9.".‘.‘.'_'.!__3 "?_‘_“."‘_3_‘_’.t.i..°.'.‘_._'.‘-."‘?_
`
`.
`
`As you add destinations, use the arrow buttons to prioritize them. List the most
`specific rules first and the general rules last.
`
`
`
`NOTE: Aventaii Connect scans the fist from the top down and uses the
`first matching ruie it finds, so it is important to iist the most spe-
`cific ruies first.
`
`1. On the Redirection Rules tab, click Add.
`
`The Define Redirection Ruie dialog box appears.
`
`Aventeii Connect‘ 3. 1/2. 6 Administrator's Guide - 43
`
`Petitioner Apple Inc. — Exhibit 1022, p. 265
`
`Petitioner Apple Inc. - Exhibit 1022, p. 265
`
`

`
`Administrator's Guide
`
`
`
`Destination
`
`' Host or server destination for rriessaoe traffic.
`
`
`
`Service
`
`Proxy
`Redirection
`
`'
`
`Use a" P°'='~*
`Beginning ofport
`range
`
`Appty thTe'.'de_tiried'. 'n_iIe-to3_th.i§' tt,Irt'g'e"_o.f go'i.t§..
`
`End of 'r.iont'rang'e
`
`TCP and UDP
`
`Apply ma defined rule to both TCP and uop.
`traffic.
`
`-
`
`TOP only
`
`.
`
`Apply the "defined rule to TOP traffic only.
`
`UDP only
`
`.
`
`Apply the defined rule to. UDFF. traftio only.
`
`Specifynhow to redirect traffic.
`
`
`
`Redirect via"
`
`—
`
`Do not redirect
`
`Deny '-§e'Moe
`
`selected
`
`aj1i_:"tra,_t_'_f_l\c_:;t:t"irfo'LIgiI the-.e:ktré'net server.
`H16‘ list.
`
`
`R.ou.te.ira_ific.cIire_i:iIsi.ici_'xiié_.$hegifies1id_’§si'ih'ation
`without being _redirected.'through SHOCKS".
`
`
`
`' D.e.i1¥ ..access.'1.9.th,6 :§iti.e.cifad .d'a.§t.irié3i9n.— The.
`netw"orlt_ eon_n_et;t_lo_n- :_b|oclt6d locally‘ instead of
`at the server level.
`
`2. Select a destination from the Destination iist.
`
`3. Under “Service.” select the Use ail ports box toapply the rule to alt services.
`Otherwise, select a range of ports. To select a single port. enter that port num-
`ber in both the Beginning of port range and End of port range boxes.
`
`4. Under "Proxy Redirection," select one of three redirection options.
`
`CAUTION:
`
`it you select Deny Service and the user has edit control
`of the configuration fiie, the option can be circumvented
`by quitting Aventaii Connect or by changing the option in
`the dialog box.
`
`...T9..?_‘?!?FP.-.'°.°_‘FE":9'Ei°" “"9
`
`' Select the redirection rule you want to edit and click Edit....
`
`The Define Redirection Rule dialog box appears with the selected data
`filled in. Edit any of the information.
`
`Aventaii Connect‘ 3. 1.12.6 Adminr'strator’s Guide - 44
`
`Petitioner Apple Inc. — Exhibit 1022, p. 266 '
`
`Petitioner Apple Inc. - Exhibit 1022, p. 266
`
`

`
`Administrator's Guide
`
`7.9 "°"_'_'°‘!’.‘f..3.._.T“-?_‘..‘i'T!*!+‘?i_F_’.F‘ .'!!_'.‘E‘-T.
`
`_
`
`' Select the redirection rule you want to remove and click Remove.
`The redirection rule is deleted from the dialog box.
`
`DEFINE NAME RESOLU110N
`Name Resolution instnictsaventail §_3onn_e'._c.t tq.rasqlvehostnanlae.JQc§!ly'with&: .'
`out needing to .v.e_nt.ure.on tome l_ntei_rneti.-,Iili$-.9pfion.a|' fe,.€.l.t..ure_'9f_1_’er xou an0tfi6f'
`level of control over how--Aventail-Cohnéct"perfonnsI_narne re'soljution;;»'
`-
`The local workstation resolver is the name resolution component of the local
`TCPIIP stack. This feature acts as a shortcut; hostnames matching the strings
`defined in the Name Resolution dialog box are passed to thelocal resolver for
`name resolution instead of being proxied through the SOCKS v5 server.
`For example, if aventail.com is added to the Defined Strings list. then a work-
`station attempting to connect to www.aventail.com would perform hostname
`resolution using the local TCPHP stack.
`
`Name Resolution is specified on the Name Resolution lab in the Config Tool.
`
`
`
`Avantail Connect 3.1‘/2.6 Administrator's Guide - 45
`
`Petitioner Apple Iric. — Exhibit 1022, p. 267
`
`Petitioner Apple Inc. - Exhibit 1022, p. 267
`
`

`
`Administrators Guide
`
`Specify a domain
`- recognized by the
`workstation resolver
`
`New domain name
`
`List of domain names that can be resolvediocalty
`Known Domains
`iaéaarea ‘unqualified i ”Pass'through ;;.i'q.;;i:'iné'ai'n}¢%;;i§.;E.i;;iE3'in;‘i¢;Eas‘eégBiG;{’
`names via
`
`"