Proventia Network Active Bypassn

  • 749 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
749
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IBM Proventia Network Active BypassC8O
  • 2. f(yw© Copyright IBM Corporation 2009.U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBMCorp.vfUZ:2009 j 11 B
  • 3. ?<|0Z]. . . . . . . . . . . . . . . v CJmgf . . . . . . . . . . . . . . 13 `X Proventia Network Active Bypass %*D4, 14XZ>vfo . . . . . . . . . . . . vii m Proventia Network Active Bypass %*DhC 15`Xvfo . . . . . . . . . . . . . . vii hCVNdC . . . . . . . . . . . . . 15<uV*5== . . . . . . . . . . . . viii dCmKZhC . . . . . . . . . . . 17 hCgSJ~(* . . . . . . . . . . . 18Z 1 B Proventia Network Active dC SNMP ]e . . . . . . . . . . . 19Bypass %*ri . . . . . . . . . . . 1 ,=1dMhC1x . . . . . . . . . . 19& . . . . . . . . . . . . . . . . . 1 mCJhC . . . . . . . . . . . 20XZ Proventia Network Active Bypass %* . . . . 3 8]rV4hC . . . . . . . . . . . . 20y>Yw. . . . . . . . . . . . . . . . 4 &CL~|B . . . . . . . . . . . . . 21 tC53U>G< . . . . . . . . . . . 21Z 2 B hC Proventia Network Active XBt/ Proventia Network Active Bypass %* 22 dC6LO$ . . . . . . . . . . . . . 22Bypass %* . . . . . . . . . . . . . 7dCM?p Proventia Network Active Bypass %* . . 7 Z 4 B 9C|nPgfdC Proventia EC Proventia Network Active Bypass %*M Proventia Network IPS h8 . . . . . . . . 8 Network Active Bypass %* . . . . . 23 ,Sg4_ . . . . . . . . . . . . . . 8 CJ|nPgf . . . . . . . . . . . . . 24 G<=mgf . . . . . . . . . . . . 9 |nPN}Do( . . . . . . . . . . . . 25 hCgSJ~(*. . . . . . . . . . . . 9 |nPN} . . . . . . . . . . . . . . 25 hCVN . . . . . . . . . . . . . . 10 yw . . . . . . . . . . . . . . . . 31Z 3 B ZmgfPdC Proventia Lj . . . . . . . . . . . . . . . . . 32Network Active Bypass %* . . . . . 11 w} . . . . . . . . . . . . . . . . 33XZmgf . . . . . . . . . . . . . . 12© Copyright IBM Corp. 2009 iii
  • 4. iv Proventia Network Active Bypass: C8O
  • 5. |0Z] li Proventia Network Active Bypass %*D|0,i4Gq1YNN+w# |0PZ li|0P,7#|0PP|,TBo7: v ;v Proventia Network Active Bypass %* v Ey-B(L+) v ;yXF(gB(6+) v =v@fg4#i v g4_ v ;E CD© Copyright IBM Corp. 2009 v
  • 6. vi Proventia Network Active Bypass: C8O
  • 7. XZ>vfo >8O<Zozz,SMdC Proventia Network Active Bypass %*# JC6 >8O|( Proventia Network Active Bypass %*Dy>E"M+d,S=xgT0d Cy>hCyhD=h# ?jTs >8OkT:p20MdCxgM53h8Dxg53m1#9C_&C_8PX xg_TM IP xgdCDy>*6#`Xvfo >8O5wKgNhCMdC Proventia Network Active Bypass %*TCZ IBM Proventia® Network Intrusion Prevention System(IPS)h8# iRd{D5 PX IBM® ISS z7Dd{D5IZ IBM ISS Web >c(http://www.iss.net/support/ documentation/)OR=# `Xvfo kNDBPD5q!PX Proventia Network Active Bypass %*VD Proventia Net- work IPS h8D|`E": D5 Z] IBM Proventia GX5000 Series Getting Started ,SMdC GX5000 5P IPS h8D5w Card IBM Proventia GX6000 Series Getting Started ,SMdC GX6000 5P IPS h8D5w Card IBM Proventia Network Intrusion Prevention Sys- PX4(Mm_TMl&,T0,$h8h tem G and GX Appliance User Guide CDEvM}L# *6b IBM ISS V*6bG+_[5DE"44#IS http://www.iss.net/support/ knowledgebase/ CJ*6b#IT9CX|Vrp4j6Qw*6b# a>:kNDp4j6 3321,TKb Proventia Network IPS h8DnB<IMQ*J b#© Copyright IBM Corp. 2009 vii
  • 8. mI$-i *q! IBM Internet Security System z7DmI$E",kS http://www.ibm.com/ services/us/iss/html/contracts_landing.html BX IBM mI$-i#mb,Proventia Net- work Active Bypass %*f=D CD-ROM O2|,KmI$E"#<uV*5== IBM Internet Security Systems™(IBM ISS)(}d Web >cT0gSJ~{"rg 0==a)<uV# IBM ISS V>c (} IBM ISS V Web 3f(http://www.ibm.com/services/us/iss/support/),IT1 SCJ*zCD5"10f>Pm"j8Dz7JO"W$iM<uV*6b# V1d Bma)K@zMd{XxD<uV1d: Xx 1d @z +l 24 !1 yPd{Xx 1X1d;Ae,Og 9 c - Bg 6 c,IBM ISS +<DZ YU}b ":TZ@zTbDXx,g{ZG$w1d0s<uV,ITr @zD<uVPDBgr"MgSJ~# *5E" *q!*5E",k*A IBM ISS V Web 3f:http://www.ibm.com/services/us/iss/ support/#viii Proventia Network Active Bypass: C8O
  • 9. Z 1 B Proventia Network Active Bypass %*ri Proventia Network Active Bypass %*G;VbSh8,|9Cn/T7&,IZh 8"zJOrOg17#xgw?;PO#Proventia Network Active Bypass %*a) K^lDJO*F"s?Dm&M 4 v@"DWT+xSZVN(I,Sw`i J) #>Bi Proventia Network Active Bypass %*D&MKP-m# wb Z 3 3D:XZ Proventia Network Active Bypass %*; :&; Z 4 3D:y>Yw; Z v 3D:|0Z];& >wbhv Proventia Network Active Bypass %*D&# &Pm v }]wDn/;;,T@53JO v ;/T7,OgZdX;IY v 4e4C - Z*h8O^hd{}/Lr v CZ;/}]w`XD TAP & v 10/100/1000 TX(-B)"SX(`#)M LX(%#)V v inD?p!n,|(-B"`#bK"%#bKT0-B=bK*; v _`g4,Ia)nsLHDI?T v yZ)9D CLI M WEB Dm v CZ2+mD SSH M HTTPS v PX53B~DgSJ~(* v TACACS+ O$ v 53U>V v j+{O RoHS )9T7dC v T7 - ^(r*r^(XU v T7v/EE(FdC|(: – v/EE#= – v/EE5J v kT47PODT7 v $nT7047PON}DdC© Copyright IBM Corp. 2009 1
  • 10. v {CT70v/EEN}DdC 2+D Web m Proventia Network Active Bypass %*a)K2+D Web mgf,dP|,: v )9D CLI gf v mKZOD SSH ,S v kT(eB~D SNMP ]x v kT(eB~DgSJ~(* v TACACS+ O$ v 53U>V ITSNb;v Web /@w(}mgf4mM`X Proventia Network Active Bypass %*#Proventia Network Active Bypass %*DmKZ_P;vVdD IP X 7#I9C|nPN}4lwr|DC IP X7# *CJmgf,kr* Web /@w"dk https://,szmKZD IP X7# mKZD1! IP X7* 192.168.0.111#1!mKZ Web X7* https:// 192.168.0.111# mgfZZ 11 3DZ 3 B, :ZmgfPdC Proventia Network Active Bypass %*;PPyG<# g4JO#$ Proventia Network Active Bypass %*IC=v_`g4,Ia)nsLHDI?T# g{g4"zJO,G4=vb*Xa+ Proventia Network Active Bypass %*Sx gPKv,by Proventia Network Active Bypass %*D&M`1Z=y1,gB#2 Proventia Network Active Bypass: C8O
  • 11. XZ Proventia Network Active Bypass %* Z+ Proventia Network Active Bypass %*mS=xg.0,kWHl$C%*D& ?~# 0fe< B<5wK Proventia Network Active Bypass %*D0fe: ":VNSRAsEP,3r*:VN 4"VN 3"VN 2 MVN 1# 1. xgKZ:1G(SR"LR r-B)N1 M N2 KZ,,SAkZxgMvZxg 2. h8KZ:1G(SR"LR r-B)A1 M A2 KZ,,SA IPS h8 3. LCD T>A ":LCD 4%;pwC# 4. 8>F v 1 Gb KZD47/n/8>F v 8>T74,Dl+8>F v 8>Z*4,DL+8>F 5. XF(KZ(.Z) 6. mKZ(T+x) 7. TAP KZ g4Jdw zXk9C UL PvDg4,g4dv*1wg,n(dvg9* 12 |,n(dvg w* 5 2`,"Ro=K LPS r NEC 2 `j<# Z 1 B Proventia Network Active Bypass %*ri 3
  • 12. y>Yw >wbhv Proventia Network Active Bypass %*Dy>Yw-m# dM?p B<T>K}]gN(} Proventia Network Active Bypass %*Sxg+d= Proventia Network IPS,"R;vT>KZT7;;DwWNyf0=D`X&# ;;#= Proventia Network Active Bypass %*a)=V;;#=: ;;#= hv n/ n/#=(} Proventia Network IPS h8Z+ CxgM(Cxg.d("T+x!(@#4 T+CxgD}]w(#=oKZ N1(xgk Z) #Proventia Network Active Bypass %*+ }]+M=KZ A1(h8dkZ),;s(} Proventia Network IPS h8+}]7I=KZ A2(h8dvZ) #SE,n/;;(}KZ N2 7I}]"R+}]dv=(Cxg# n/#=2ITfrYw,I+}]S(Cx g7I=+Cxg#4 Proventia Network Active Bypass: C8O
  • 13. ;;#= hvT7 T7#=("+Cxg=KZ N1(xgkZ) DT+x!(@#}](}SKZ N1(xgk Z)=KZ N2(xgvZ)bvUO77xP 7I,F}K Proventia Network IPS h8,S x9!IT1SS+Cxg=o(Cxg# T7#=2ITfrYw,+}]S(Cxg 7I=+Cxg#v/EE#=Proventia Network Active Bypass %*IT(}"MMSUv/EE4Vx`X ProventiaNetwork IPS h8DKP4v#byI7#}]wD512+TM+7T#zIT9CZ Timeout 5P(eDh(1d(kNDZ 25 3D:|nPN};i4,15D5w)4dCv/EE!,b)!S Proventia Network Active Bypass %*D;vh8KZ"v"Zm;vKZSU#Proventia Network Active Bypass %*a)TBv/EE#=:v/EE#= hvZ?v/EE!XM#= ;vC(eDT+xv/EE!,I Proventia Network Active Bypass %*zI,S KZ A1 "v#Proventia Network Active Bypass %*T+xKZ A2 XkS Proventia Network IPS h8SU=,;vv/EE!# ":1!ivB? 100 Ak(ms)"M;vv /EE,CdtITvsA 25500 Ak# C#=CZw*xED Proventia Network IPS h8#7#Th8xPK}7DdC,byC h8M;a}Ktv/EE#C#=;h* Proventia Network IPS h8D}/Lr# 1!5:1474,v/EE#= v/EEw* Proventia Network Active Bypass %*T+xKZ A1 M A2 D474,8> w#g{KZ A1 r A2 D47O*,Proventia Network Active Bypass %*+#9v/EED +d"$nT7#=# Z 1 B Proventia Network Active Bypass %*ri 5
  • 14. KP#= Proventia Network Active Bypass %*_PTBKP#=: KP#= hv #= 0:}#n/Z* g{ Proventia Network Active Bypass %*Z ,1Z^ZSU=v/EE,G4;;#=+ #V*rd*“n/;;”#=# g{ Proventia Network Active Bypass %*Z ,1Z^Z4SU=v/EE,G4|+d* r#V*“T7;;”#=# 1!ivB(^v/EE),Proventia Net- work Active Bypass %*T“T7;;”#=K P# #= 1:}#Z* g{ Proventia Network Active Bypass %*Z ,1Z^ZSU=v/EE,G4;;#=+ #V;drd*“T7;;”#=# g{ Proventia Network Active Bypass %*Z ,1Z^Z4SU=v/EE,G4|+d* r#V*“n/;;”#=# 1!ivB(^v/EE),Proventia Net- work Active Bypass %*#V*“n/;;”# =# #= 2:V$n/Z* Proventia Network Active Bypass %*<U&Z “n/;;”#=# #= 3:V$n/T7 Proventia Network Active Bypass %*<U&Z “T7;;”#=# #= 4:V$;/T7 Proventia Network Active Bypass %*&Z;/ T74,,bb6ET7#=PDb*XQ “XU”#6 Proventia Network Active Bypass: C8O
  • 15. Z 2 B hC Proventia Network Active Bypass %* >B2vK,SMdC Proventia Network Active Bypass %*# wb }LEv:dCM?p Proventia Network Active Bypass %* :dCM?p Proventia Network Active Bypass %*;dCM?p Proventia Network Active Bypass %* >wbj8hvKdCM?p Proventia Network Active Bypass %*D=h# XZKNq TB}LGdCM?p Proventia Network Active Bypass %*yXhD# }L 1. + Proventia Network Active Bypass %*M Proventia Network IPS h8ECZz O# 2. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg B"TCh8xPdC# 3. + Proventia Network Active Bypass %*Dg4_Vp,S==v;,Dg4(T a__`H) # 4. (}/@wCJmgf"G<# 5. li Proventia Network Active Bypass %*Gq}Z+]}]w# 6. (}mgfhCVNdC# ) (C}La3dh8ODKZ"hC$@TT7#© Copyright IBM Corp. 2009 7
  • 16. EC Proventia Network Active Bypass %*M Proventia Network IPS h8 }L 1. v( Proventia Network Active Bypass %*M Proventia Network IPS h8DEC ;C# 2. + Proventia Network Active Bypass %*M Proventia Network IPS h8EC=z O# 3. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg B# ":Proventia Network Active Bypass %*9CDv 1Gb VN# ,Sg4_ }L 1. +?v;wg4JdwD1wS7ek Proventia Network Active Bypass %*# 2. +dP;yg4_ek;wg4ey#+m;yg4_ek4Tm;v;wg4D ;wg4ey# a>:9C@"D;wg4,ITZ3v;wg4"zPODivB,T7#a )g&,ns/g4_`T# 3. lig48>F,7O Proventia Network Active Bypass %*QS(g4#8 Proventia Network Active Bypass: C8O
  • 17. G<=mgf }L 1. 9CmgB(j"*“CAT5E”),+Fcz,S= Proventia Network Active Bypass %*ODmKZ# *c:7#z4UP5nQv(4#$T:DX*xgy!h)#kp+mKZ ,S=Tb?w?*EDNNxg#mKZ;&,S=(CZm Proventia Net- work Active Bypass %*M Proventia Network IPS h8D^xg# 2. t/ Internet Explorer# 3. dk https://192.168.0.111# ":mKZD1! IP X7* 192.168.0.111#g{|DKmKZ IP X7,G4 CJmKZD Web X72&f.|D*|(bvBD IP X7# 4. G<=mgf#WN,S=mgf1,k9C1!C{Mk# VN 1!hC C{ admin k admin ":g{ZmgfDC3fO|DK1!DG<hC,G4zhCD5aZf sYN"TG<1z#hCgSJ~(* XZKNq dCgSJ~(*,TcZ Proventia Network Active Bypass %*D4,"zd/1I TSU4,gSJ~#ZdCVN.0,XkhCgSJ~(*# Z 2 B hC Proventia Network Active Bypass %* 9
  • 18. hCVN }L 1. ZmgfP,kTz*dCDVN!qVN3f# 2. dkr!q`&DhC,;s%w#f10 Proventia Network Active Bypass: C8O
  • 19. Z 3 B ZmgfPdC Proventia Network Active Bypass%* zIT9Cmgfr|nPgf4hC Proventia Network Active Bypass %*Ds? VdC!n#>BPvKZCgfPICDdC!n,"hvKgNTdxPh C# wb Z 12 3D:XZmgf; Z 13 3D:CJmgf; Z 14 3D:`X Proventia Network Active Bypass %*D4,; Z 15 3D:m Proventia Network Active Bypass %*DhC;© Copyright IBM Corp. 2009 11
  • 20. XZmgf Proventia Network Active Bypass %*a)K;v2+D Web mgf# m3f mgfI;5P3fiI,b)3fgBmy># m3f hv 4, PX Proventia Network Active Bypass %*D 4,E" mKZ mKZD IP hC VN 1 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 2 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 3 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 4 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# gSJ~(* gSJ~(*yhDhC,nggSJ~J MJ~~qwE" SNMP hC CZr SNMP ]e~qw"M SNMP ]eD hC NTP hC 9xg1d-i(NTP)+ Proventia Network Active Bypass %*1dkxg1d~qw,= DhC 1dhC Proventia Network Active Bypass %*D1xh C 8]/V4 8]"V4T04;=v1!& L~|B +L~|BD~OX= Proventia Network Active Bypass %* U>hC 53U>D~DhC XBt/ XBt/ Proventia Network Active Bypass % * C |D admin k 6LO$ Jm6LCJ~qwkO$~qwxP(ET 7OCGqP(CJxgDhC12 Proventia Network Active Bypass: C8O
  • 21. CJmgf IT(}Nb;v Web /@w4mM`X Proventia Network Active Bypass %*# Hvu~ 7# Proventia Network Active Bypass %*DT+xmKZQ,S=>Xxgrwz# 1!mKZ IP X7M Web X7 Proventia Network Active Bypass %*P;vVdxmKZD1! IP X7#BmP T>K1! IP X7M URL: n 1!5 mKZ IP X7 192.168.0.111 mKZ Web X7 https://192.168.0.111 b)1!5Z|D.0<UP#zIT9C|nPN}r9CmgfDmKZ 3f4|DmKZD IP X7# *c:TmKZxP|D+POmgfD,S#ZxPNN|D.0,k7#I TCJBD IP X7#|D IP X7s,mKZD Web X72f.|D# mgfD Web X7 zIT9CI https:// szmKZD IP X7iID Web X74CJmgf#C Web X7Dq=gB: https://xxx.xxx.xxx.xxx Zdk Web X71,CVdxmKZD IP X7f; xxx.xxx.xxx.xxx# }g,1! Web X7* https://192.168.0.111 ":Zdk Web X7s,+a4=;uPX Web >c2+O$D{"#%w“LxC JC Web >c(;Fv)”TLx# G< xkm Web >cs,+4=G<A;#4UBmPD5wjITBVN# VN hv C dkC{ ":1!C* admin# k dkk ":1!k* admin# 1!5Z|D.0<UP#g{h*|DC{rk,IT9CmgfDC 3fr|nPgf# Z 3 B ZmgfPdC Proventia Network Active Bypass %* 13
  • 22. `X Proventia Network Active Bypass %*D4, >wbhvK(}mgf4`X Proventia Network Active Bypass %*D4,# li{e4, 4,3fGG<=mgf14=DZ;v3f#9C4,3f4i4PX Proventia Network Active Bypass %*DE"#4,3fV8v?Va)E",b)?VgBmy ># ?V hv 53 a)PX Proventia Network Active Bypass % *D#fE" g4 mwg4*t9GXU VN 1 T>VN 1 Dn//T74, VN 2 T>VN 2 Dn//T74, VN 3 T>VN 3 Dn//T74, VN 4 T>VN 4 Dn//T74, X!hC T>10DKZdC i4534, 53?Va)#fD534,,b)4,gBmy># VN hv z7{F T> Proventia Network Active Bypass %*D {F: :Proventia® NAB; z7j6 T> Proventia Network Active Bypass %*D z7j6: :Proventia NAB rev 1; 2~^)f T> Proventia Network Active Bypass %*D 2~f> L~f> T> Proventia Network Active Bypass %*D 10L~f> m IP T>mKZD IP X7 a>:g{*|DmKZD IP hC,k9C mKZ3f# 1!5:192.168.0.111 gSJ~(* m>gSJ~(*tC9G{C a>:g{*|DgSJ~hC,k9CgS J~(*3f# 1!5:{C(;"M)14 Proventia Network Active Bypass: C8O
  • 23. m Proventia Network Active Bypass %*DhC 9Cmgf4i4r|D Proventia Network Active Bypass %*DhC# hCVNdC }L 1. ZmgfP,!qVNdC3f# 2. jIDvVN(A - D)PnJOzX(xg73DVNDVN: VN hv v/EESUZdJmDn$1d(100 Ak 8(I Proventia Network Active Bypass %* - 25500 Ak) zIDC(eDT+xv/EE!# v/EE!?t 100 Ak(ms)S Proventia Network Active Bypass %* T+xKZ A1 " v,Proventia Network Active Bypass %*T+ xKZ A2 XkS Proventia Network IPS h8 SU=,;vv/EE!# *$nT7x*Dv/EE}(1-10) 8(Cw Proventia Network Active Bypass % *T+xKZ A1 M A2 D47,S4,8> wDv/EE# g{KZ A1 r A2 D47PO,G4 Proventia Network Active Bypass %*a#9v /EED+d"$nT7#=# * x k n / = = x S U = D v / E E } 8(I Proventia Network IPS h8zIDC (1-10) (eDT+xv/EE!#bG Proventia Net- work Active Bypass %**KST7#=d*n /#=xXkSUDv/EE}# 1!5:1 Z 3 B ZmgfPdC Proventia Network Active Bypass %* 15
  • 24. VN hv KP#= 8( Proventia Network Active Bypass %*D KP#=: v #= 0:}#n/T7(1!#=)- g{ Proventia Network Active Bypass %*Z,1 Z^ZSU=v/EE,G4C;;#=# V;drd*“n/;;”#=# g{ Proventia Network Active Bypass %* Z,1Z^Z4SU=v/EE,G4|+ d*r#V*“T7;;”#=# 1!ivB(;Pv/EE), Proventia Network Active Bypass %*#V*“T7;; ”#=# v #= 1:}#n/Z* - g{ Proventia Network Active Bypass %* Z,1Z^ZS Uv/EE,G4C;;#=#V;dr| DI“T7;;”#=# g{ Proventia Network Active Bypass %* Z,1Z^Z4SU=v/EE,G4|+ d*r#V*“n/;;”#=# 1!ivB(;Pv/EE),Proventia Net- work Active Bypass %* #V*“n/;;” #=# v #= 2:V$n/ - Proventia Network Active Bypass %*<U&Z“n/;;”# =# v #= 3:V$n/T7 - Proventia Net- work Active Bypass %*<U&Z“T7;; ”#=# v #= 4:V$;/T7 - Proventia Net- work Active Bypass %*&Z;/T7#=, dPT7#=PDb*X*“XU”# 47JOlb g{xgKZ#9$w,G4azI SNMP ] e# v 0:{953lb“47JOlb” v 1:953;lb"$n“47JOlb” 1!5:QtC16 Proventia Network Active Bypass: C8O
  • 25. VN hv X!hC Z“T7;;”#=M“n/;;”#=B*}] w8( Proventia Network Active Bypass %* ODKZ: v KZ N1:xgkZ v KZ N2:xgvZ v KZ A1:h8dkZ v KZ A2:h8dvZ X!hCD!nP: v RX v TX v RX/TXdCmKZhC }L (}mKZ3fdCmKZD IP hC# VN hv IP X7 mKZD IP X7 1!5:192.168.0.111 xgZk xgrSxZkD IP X7 1!5:255.255.255.0 xX xXD IP X7 1!5:192.168.0.1 DNS 1 wr{53~qwD IP X7 1!5:192.168.0.1 DNS 2 (zr{53~qwD IP X7 1!5:0.0.0.0 Z 3 B ZmgfPdC Proventia Network Active Bypass %* 17
  • 26. hCgSJ~(* XZKNq Proventia Network Active Bypass %*a)KgSJ~(*&,IdCC&,Tc 1VND;;#="zd/1"MgSJ~{"#(}gSJ~(*3fdCgSJ ~~qwMJ,T0tCr{C(*# }L 4Bmyv4hC5# VN hv gSJ~(* tCr{CgSJ~(* 1!5:Q{C(;"M) b"J~~qw(SMTP) `&Db" SMTP J~~qwDX7 b"J~~qw(SMTP)KZ b" SMTP J~~qwDKZE 1!5:25 SMTP C{ b" SMTP J~~qwDC{ SMTP k b" SMTP J~~qwDk(g{JC) b"J~~qw(SMTP)2+T SMTP J~~qwkJ~Mz.d9CD SSL S 1!5:tC(2+) "~K("~KDgSJ~X7) &CT>Zb"gSJ~{""~KVNPD {FrX7 U~K(U~KPm,T:EVt) (*"MADDU~KgSJ~X7Pm wb T>Zb"gSJ~{"wbPPDwb >}::Proventia NAB status report;18 Proventia Network Active Bypass: C8O
  • 27. dC SNMP ]e XZKNq Proventia Network Active Bypass %*a)K SNMP ]e&,(}C&IZVN 4,rg44,"zd/1r]e~qw"M{"#(} SNMP hC3fdC SNMP ?j IP M SNMPv2 xr{F,T0tCr{C SNMP ]e&# }L 4UBmPD5wjITBVN# VN hv "M SNMP ]e tCr{C SNMP ]eD"M 1!5:Q{C SNMP h]?j IP SNMP ]e~qwD?j IP 1!5:localhost SNMPv2 gx SNMP ]e~qwDxr{F 1!5:+2 N<:kND IBM ISS MIB D~}C#,=1dMhC1x }L (} NTP Setting 3ftCxg1d-i(NTP),9 Proventia Network Active Bypass %* 1dkxg1d~qw,=#(} Time Setting 3fhC Proventia Network Active Bypass %*D1x#4BmyvhCTB5# VN hv NTP 9 Proventia Network Active Bypass %*1d kxg1d~qw,=D-i 1!5:Q{C NTP ~qw 9C NTP a)1dD;iFczD+2r 1x Proventia Network Active Bypass %*9CD1 x 1!5:@z&< Z 3 B ZmgfPdC Proventia Network Active Bypass %* 19
  • 28. mCJhC }L (}C3f|DCJ Web mgfyhDC{Mk# VN hv k (} Web /@wCJmgfyhDk 7Ok (} Web /@wCJmgfyhkD7O 8]rV4hC }L (}8]/V43fFw8]D~r9 Proventia Network Active Bypass %*5XAd 1!hC#4UBmPD5wjITBVN# VN hv 8] + Proventia Network Active Bypass %*O1 0hCD1>#fZ{* config.txt DD~P V4T Qf"D8]D~D;C#dkD~;Cr/ @ACD~,;s%wV4T# V4=v1!dC 9 Proventia Network Active Bypass %*Dh CV4*1!dC,;sXBt/# *c:mgfD IP X7;a4;#20 Proventia Network Active Bypass: C8O
  • 29. &CL~|B XZKNq (}L~|B3f,TV$==+L~|BOX= Proventia Network Active Bypass % *#/@A|BD~D;C,;s%w%wL~# ":jIC}Ln`h* 5 VS# kl4,3fTi$Gq20KBDL~f>#tC53U>G< XZKNq (}U>hC3f,+w53PDU>}]O"=Pkf"bP#53U>|,rC ;%(g53XBt/rV/&dC)r53Yw(gL~|BsDT/XBt /)<B Proventia Network Active Bypass %*yI!YwDX*E"# }L 4UBmPD5wjITBVN# VN hv U>G< hCU>}]DO" 1!5:Q{C Syslog ~qwwz U>}]Pkf"bD IP X7 1!5:localhost Syslog ~qwKZ 53U>~qw}Z`XDKZE 1!5:514 Syslog ~qwj6 53U>~qwDwz{ 1!5:NAB Z 3 B ZmgfPdC Proventia Network Active Bypass %* 21
  • 30. XBt/ Proventia Network Active Bypass %* XZKNq (}XBt/3fXBt/ Proventia Network Active Bypass %*# dC6LO$ XZKNq (}6LO$3fdC TACACS+ -iDhC#TACACS+(Terminal Access Control- ler Access Control System Plus,v?DUKCJXFwCJXF53)-i*4T; vr`v~qwD Proventia Network Active Bypass %*a)CJXF(@"O$"Z (MJ~q) # }L 4UBmPD5wjITBVN# VN hv TACACS+ Jm TACACS+ -ixPCJXF 1!5:Q{C ~qw a)CJ~qD~qwD IP X7 1!5:0.0.0.0 S T TACACS+ |DweS,9(E|2+ 1!5:q ? *MzMX$Lry*DCZSD2m ?5 1!5:^ ~q ksO$D~q 1!5:+?22 Proventia Network Active Bypass: C8O
  • 31. Z 4 B 9C|nPgfdC Proventia Network ActiveBypass %* zIT9Cmgfr|nPgf4hC Proventia Network Active Bypass %*Ds? VdC!n#>BPvK|nPN},"hvKgN(}|nPgf4hCdC! n# wb Z 24 3D:CJ|nPgf; Z 25 3D:|nPN}Do(; Z 25 3D:|nPN};© Copyright IBM Corp. 2009 23
  • 32. CJ|nPgf >wb2vKPXCJ|nPgf=fDZ]# ,S`M zIT(}TB=V==.;4CJ Proventia Network Active Bypass %*D|nPg f: v (}.PUKBfw v (} SSH 6L shell Bfw ,S*s BmT>KTZ=V,S`My&_8Du~# Proventia Network Active ,S`M Bypass %*ODKZ gB .PUKBfw XF(KZ XF(gB SSH 6L shell Bfw mKZ mgB .PUKhC 9C.PUKBfwMTBUKhC: hC 5 (EKZ (#* COM1(!vZFczhC) Bf VT100 HX/k 115200 }]; 8 f<T#i ^ #9; 1 w?XF ^ SSH KZ Proventia Network Active Bypass %* SSH ~qw9Cj<KZ 22# C{Mk 9Cm1J4dCN}"`X Proventia Network Active Bypass %*D4,#Bm PvK1!C{Mk# VN hv C dkC{ ":1!C* admin# k dkk ":1!C* admin#24 Proventia Network Active Bypass: C8O
  • 33. ":zIT(}|nPgfr(}mgf4|Dk#|nPN}Do( >wbEvK9C|nPN}hCrlw51yhDo(# (^*s ;P Admin J_PhCMlw53N}D(^# |nPo( 9CTB|nPo(4hCrlwN}5# |n Yw cli get |more dvyPN}D5 cli get parameter_ name *N}8(5 }g:dk cli get timeout +T>.xFq =D,15 cli set parameter_name parameter_value *8(DN}hC5 }g:dk cli set timeout 20 a+,15h C* 20|nPN} >wbPvKICZ Proventia Network Active Bypass %*D|nPN}# N}V*TB8`: v mKZ v (E v gSJ~(* v SNMP v KP ww9CN} kww9Cb)|nPN},r*|GXFE Proventia Network Active Bypass %*D P*#}GIT7(|D1!5sTxgzzDa{,qrkp|D1!5#3)N };PZ IBM ISS MVzmD8<BEITxP|D# mKZN} BmPDN}XFmKZD IP hC# N} hv ip Proventia Network Active Bypass %*mKZ D10 IP X7 1!5:172.16.124.17 Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 25
  • 34. N} hv mask mKZDSxZk 1!5:255.255.255.0 gw mKZDxX IP X7 1!5:172.16.124.1 current_ip mKZD10 IP X7 ":current_ip N}*;AN}# (EN} BmPDN}XFE Proventia Network Active Bypass %*D(E&#9C cli get 4lwN}D105#9C cli set SB54|DN}5#}g,cli set ip 127.0.0.1# N} hv dns DNS ~qw IP X7 ":CN}T&ZCgfPD DNS 1# dns2 Z~v DNS ~qw IP X7 domain >XwzDr{ 1!5:local dhcp DHCP Mz dhcp:+CN}hC* dhcp TtC Proventia Network Active Bypass %*mKZOD DHCP Mz# Static:+CN}hC* static T{C Proventia Network Active Bypass %*mKZOD DHCP Mz host C%*Dwz{ CN}*;AN}# 1!5:Proventia_NAB username m1J{ 1!5:admin k m1k 1!5:admin https tCr{C HTTPS ~qw v 0:{C2+ Web mgf v 1:tCT2+ Web mgfDCJ 1!5:1(tC)26 Proventia Network Active Bypass: C8O
  • 35. gSJ~(*N}BmPDN}XFEgSJ~(*&#N} hvemail tCr{CgSJ~(*& v 0:{CgSJ~(* v 1:tCgSJ~(* 1!5:1email_from T>ZgSJ~(*“"~K”VNPD{Fr gSJ~X7email_security tCr{CgSJ~2+& v 0:{CgSJ~2+& v 1:tCgSJ~2+& 1!5:1email_username S Proventia Network Active Bypass %*"M gSJ~(*yCDgSJ~JDC{email_password S Proventia Network Active Bypass %*"M gSJ~(*yCDgSJ~JDkemail_server J~~qwD SMTP ~qwX7email_subject Z(*gSJ~{"DwbPPT>DD> y>:“Notice: PNAB segment(s) have switched modes”email_to +rd"M(*DgSJ~X7PmSNMP N}BmPDN}XFE SNMP ]eD"M#N} hvsnmp tCr{C SNMP & v 0:{C SNMP & v 1:tC SNMP & 1!5:0({C)snmp_community SNMP xr{F 1!5:+2snmp_destination SNMP ?j 1!5:localhostLFD g{xgKZPO,cazI“47JOlb” v 0:{953lb“47JOlb” v 1:953;lb"$n“47JOlb” 1!5:QtC Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 27
  • 36. KPN} BmPDN}XFE Proventia Network Active Bypass %*DP*# N} hv timeout Proventia Network Active Bypass %*D,15 ?v,1%** 100 Ak#(,16* 100 Ak= 25.5 k# ) Z1!T7KP#=B,g{ Proventia Net- work Active Bypass %*Zh(D,15Z;P lb=v/EE!,G4CVN+Sn/#= P;AT7#=# 1!5:1 force kT?v I/O %*D?F(wT)#= v 0:{C?F(wT)#= v 2:?FVN&Z“n/;;”#= v 4:?FVN&Z“T7;;”#= 1!5:0({C) op_mode Proventia Network Active Bypass %*D1!K P#= v 0:}#n/T7 g{SU=v/EE,G453+&ZZ* 4,# v 1:}#Z* g{U=v/EE,G453+&ZT74 ,# v 2:<UZ* v 4:<Un/T7 v 5:V$;/T7(T7#=PD“T7;; ”;XU) 1!5:0(}#n/T7) hb_mode Proventia Network Active Bypass %*Dv/E E#= v hb_mode 1:53}ZzIv/EE v hb_mode 2:b?4}ZzIv/EE v hb_mode 3:53y]h8OD47lb$n T7 1!5:hb_mode 1 state Proventia Network Active Bypass %*D4, CN}*;AN}# v 0:“T7;;”4, v 1:“n//Z*;;”4,28 Proventia Network Active Bypass: C8O
  • 37. N} hvactive_hb_cnt f"n/v/EEF} ;PZVNSU= active_hb_cnt v,xv/E EsEaP;*“n/;;”#=# 1!5:2(6:1 = 10)bypass_hb_cnt f"T7v/EEF} ;PZVN* bypass_hb_cnt vv/EEsE aP;*“T7;;”#=# 1!5:3(6:1 = 10)TACACS+ N}(} CLI CTBN}4dC TACACS+:N} hvtacacs 5: v 0:{C v 1:tCtacacs_encryption 5: v 0:{C v 1:tCtacacs_protocol TACACS+ -i 1!5:+?tacacs_secret TACACS+ ? 1!5:^tacacs_server TACACS+ ~qwD IP X7tacacs_service TACACS+ ~q 1!5:+? Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 29
  • 38. 30 Proventia Network Active Bypass: C8O
  • 39. yw >E"G*Z@za)Dz7M~q`4D# IBM IZd{zRrXx;a)>D5PV[Dz7"~qr&XT#PXz10 yZxrDz7M~qDE",krz1XD IBM zmI/#NNT IBM z7"L rr~qD}C"GbZw>r5>;9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&Dz7"Lrr~q,<ITzf IBM z7"Lrr ~q#+G,@@Mi$NNG IBM z7"Lrr~q,+ICTP:p# IBM IQ5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhCN N9Cb)({DNNmI#zITCif==+mIi/Dy: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM 6z(?E* 5,rCif==+i/Dy: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan >un;JC"zrNNbyDunk1X(I;;BDzRrXx:INTERNA- TIONAL BUSINESS MACHINES CORPORATION “4V4”a)>vfo,;=PN NV`D(^[Gw>D9G5,D)#$,|((+;^Z)5,DPXGV(" JzMJCZ3X(C>DP^#$#3)zRrXxZ3);WP;Jmb}w> r5,D#$#rK>unI;JCZz# >E"PI|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b )|D+`k>JODBf>P#IBM ITf1T>JOPhvDz7M/rLrxPD xM/r|D,x;mP(*# >E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN== d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V, 9CG) Web >cx4DgU+IzTPP## IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN pN# >LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4( DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE "xP`%9C,kkBPX7*5:© Copyright IBM Corp. 2009 31
  • 40. IBM Corporation Project Management C55A/74KB 6303 Barfield Rd., Atlanta, GA 30328 U.S.A ;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD E"# >D5PhvDmILr0dyPICDmIJOyI IBM @] IBM M-i"IBM zJm~mI-irNN,H-iPDuna)# yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv m>K?jMb8xQ#Lj IBM"IBM UjM ibm.com G International Business Machines Corp., Z+rm`>( xrDLjr"aLj#d{z7M~q{FIG IBM rd{+>DLj#Web > c www.ibm.com/legal/copytrade.shtml O“f(MLjE"”?VP|,K IBM LjD nBPm# Linux® G Linus Torvalds Z@zM/rd{zRrXxD"aLj# UNIX® G The Open Group Z@zMd{zRrXxD"aLj# Microsoft® M Windows® G Microsoft Corporation Z@zM/rd{zRrXxD"a Lj# d{+>"z7r~q{FIGd{+>DLjr~qjG#32 Proventia Network Active Bypass: C8O
  • 41. w}[B] [Y]|0Z] v Cgf 118]/V4 20 CJhC 20 o(, |nP 25[C]XBt/ 22 [Z] v?DUKCJXFwCJXF53 22 *6b vii[D] UKCJXFwCJXF53 22g4 3 4, 14g4JO#$ 2gSJ~(* 18 I IBM Internet Security Systems[F] <uV viiiVNdC 15 Web >c viii IBM ISS V*6b vii[G] S|BL~ 21L~|B 21 SSH KZ 24 syslog 21mKZhC 17mgf 11 T[J] TACACS<uV, IBM Internet Security kND UKCJXFwCJXF53 Systems viii TACACS+;;#= 4 kND v?DUKCJXFwCJXF 53[M] W|nPgf Web >c, IBM Internet Security N} 25 Systems viii CJ 24|nPo( 25[W]D5 vii[X]534, 14mI$-i viii© Copyright IBM Corp. 2009 33
  • 42. 34 Proventia Network Active Bypass: C8O
  • 43. Printed in China