Your SlideShare is downloading. ×
Proventia Network Active Bypassn
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Proventia Network Active Bypassn

796
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
796
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IBM Proventia Network Active BypassC8O
  • 2. f(yw© Copyright IBM Corporation 2009.U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBMCorp.vfUZ:2009 j 11 B
  • 3. ?<|0Z]. . . . . . . . . . . . . . . v CJmgf . . . . . . . . . . . . . . 13 `X Proventia Network Active Bypass %*D4, 14XZ>vfo . . . . . . . . . . . . vii m Proventia Network Active Bypass %*DhC 15`Xvfo . . . . . . . . . . . . . . vii hCVNdC . . . . . . . . . . . . . 15<uV*5== . . . . . . . . . . . . viii dCmKZhC . . . . . . . . . . . 17 hCgSJ~(* . . . . . . . . . . . 18Z 1 B Proventia Network Active dC SNMP ]e . . . . . . . . . . . 19Bypass %*ri . . . . . . . . . . . 1 ,=1dMhC1x . . . . . . . . . . 19& . . . . . . . . . . . . . . . . . 1 mCJhC . . . . . . . . . . . 20XZ Proventia Network Active Bypass %* . . . . 3 8]rV4hC . . . . . . . . . . . . 20y>Yw. . . . . . . . . . . . . . . . 4 &CL~|B . . . . . . . . . . . . . 21 tC53U>G< . . . . . . . . . . . 21Z 2 B hC Proventia Network Active XBt/ Proventia Network Active Bypass %* 22 dC6LO$ . . . . . . . . . . . . . 22Bypass %* . . . . . . . . . . . . . 7dCM?p Proventia Network Active Bypass %* . . 7 Z 4 B 9C|nPgfdC Proventia EC Proventia Network Active Bypass %*M Proventia Network IPS h8 . . . . . . . . 8 Network Active Bypass %* . . . . . 23 ,Sg4_ . . . . . . . . . . . . . . 8 CJ|nPgf . . . . . . . . . . . . . 24 G<=mgf . . . . . . . . . . . . 9 |nPN}Do( . . . . . . . . . . . . 25 hCgSJ~(*. . . . . . . . . . . . 9 |nPN} . . . . . . . . . . . . . . 25 hCVN . . . . . . . . . . . . . . 10 yw . . . . . . . . . . . . . . . . 31Z 3 B ZmgfPdC Proventia Lj . . . . . . . . . . . . . . . . . 32Network Active Bypass %* . . . . . 11 w} . . . . . . . . . . . . . . . . 33XZmgf . . . . . . . . . . . . . . 12© Copyright IBM Corp. 2009 iii
  • 4. iv Proventia Network Active Bypass: C8O
  • 5. |0Z] li Proventia Network Active Bypass %*D|0,i4Gq1YNN+w# |0PZ li|0P,7#|0PP|,TBo7: v ;v Proventia Network Active Bypass %* v Ey-B(L+) v ;yXF(gB(6+) v =v@fg4#i v g4_ v ;E CD© Copyright IBM Corp. 2009 v
  • 6. vi Proventia Network Active Bypass: C8O
  • 7. XZ>vfo >8O<Zozz,SMdC Proventia Network Active Bypass %*# JC6 >8O|( Proventia Network Active Bypass %*Dy>E"M+d,S=xgT0d Cy>hCyhD=h# ?jTs >8OkT:p20MdCxgM53h8Dxg53m1#9C_&C_8PX xg_TM IP xgdCDy>*6#`Xvfo >8O5wKgNhCMdC Proventia Network Active Bypass %*TCZ IBM Proventia® Network Intrusion Prevention System(IPS)h8# iRd{D5 PX IBM® ISS z7Dd{D5IZ IBM ISS Web >c(http://www.iss.net/support/ documentation/)OR=# `Xvfo kNDBPD5q!PX Proventia Network Active Bypass %*VD Proventia Net- work IPS h8D|`E": D5 Z] IBM Proventia GX5000 Series Getting Started ,SMdC GX5000 5P IPS h8D5w Card IBM Proventia GX6000 Series Getting Started ,SMdC GX6000 5P IPS h8D5w Card IBM Proventia Network Intrusion Prevention Sys- PX4(Mm_TMl&,T0,$h8h tem G and GX Appliance User Guide CDEvM}L# *6b IBM ISS V*6bG+_[5DE"44#IS http://www.iss.net/support/ knowledgebase/ CJ*6b#IT9CX|Vrp4j6Qw*6b# a>:kNDp4j6 3321,TKb Proventia Network IPS h8DnB<IMQ*J b#© Copyright IBM Corp. 2009 vii
  • 8. mI$-i *q! IBM Internet Security System z7DmI$E",kS http://www.ibm.com/ services/us/iss/html/contracts_landing.html BX IBM mI$-i#mb,Proventia Net- work Active Bypass %*f=D CD-ROM O2|,KmI$E"#<uV*5== IBM Internet Security Systems™(IBM ISS)(}d Web >cT0gSJ~{"rg 0==a)<uV# IBM ISS V>c (} IBM ISS V Web 3f(http://www.ibm.com/services/us/iss/support/),IT1 SCJ*zCD5"10f>Pm"j8Dz7JO"W$iM<uV*6b# V1d Bma)K@zMd{XxD<uV1d: Xx 1d @z +l 24 !1 yPd{Xx 1X1d;Ae,Og 9 c - Bg 6 c,IBM ISS +<DZ YU}b ":TZ@zTbDXx,g{ZG$w1d0s<uV,ITr @zD<uVPDBgr"MgSJ~# *5E" *q!*5E",k*A IBM ISS V Web 3f:http://www.ibm.com/services/us/iss/ support/#viii Proventia Network Active Bypass: C8O
  • 9. Z 1 B Proventia Network Active Bypass %*ri Proventia Network Active Bypass %*G;VbSh8,|9Cn/T7&,IZh 8"zJOrOg17#xgw?;PO#Proventia Network Active Bypass %*a) K^lDJO*F"s?Dm&M 4 v@"DWT+xSZVN(I,Sw`i J) #>Bi Proventia Network Active Bypass %*D&MKP-m# wb Z 3 3D:XZ Proventia Network Active Bypass %*; :&; Z 4 3D:y>Yw; Z v 3D:|0Z];& >wbhv Proventia Network Active Bypass %*D&# &Pm v }]wDn/;;,T@53JO v ;/T7,OgZdX;IY v 4e4C - Z*h8O^hd{}/Lr v CZ;/}]w`XD TAP & v 10/100/1000 TX(-B)"SX(`#)M LX(%#)V v inD?p!n,|(-B"`#bK"%#bKT0-B=bK*; v _`g4,Ia)nsLHDI?T v yZ)9D CLI M WEB Dm v CZ2+mD SSH M HTTPS v PX53B~DgSJ~(* v TACACS+ O$ v 53U>V v j+{O RoHS )9T7dC v T7 - ^(r*r^(XU v T7v/EE(FdC|(: – v/EE#= – v/EE5J v kT47PODT7 v $nT7047PON}DdC© Copyright IBM Corp. 2009 1
  • 10. v {CT70v/EEN}DdC 2+D Web m Proventia Network Active Bypass %*a)K2+D Web mgf,dP|,: v )9D CLI gf v mKZOD SSH ,S v kT(eB~D SNMP ]x v kT(eB~DgSJ~(* v TACACS+ O$ v 53U>V ITSNb;v Web /@w(}mgf4mM`X Proventia Network Active Bypass %*#Proventia Network Active Bypass %*DmKZ_P;vVdD IP X 7#I9C|nPN}4lwr|DC IP X7# *CJmgf,kr* Web /@w"dk https://,szmKZD IP X7# mKZD1! IP X7* 192.168.0.111#1!mKZ Web X7* https:// 192.168.0.111# mgfZZ 11 3DZ 3 B, :ZmgfPdC Proventia Network Active Bypass %*;PPyG<# g4JO#$ Proventia Network Active Bypass %*IC=v_`g4,Ia)nsLHDI?T# g{g4"zJO,G4=vb*Xa+ Proventia Network Active Bypass %*Sx gPKv,by Proventia Network Active Bypass %*D&M`1Z=y1,gB#2 Proventia Network Active Bypass: C8O
  • 11. XZ Proventia Network Active Bypass %* Z+ Proventia Network Active Bypass %*mS=xg.0,kWHl$C%*D& ?~# 0fe< B<5wK Proventia Network Active Bypass %*D0fe: ":VNSRAsEP,3r*:VN 4"VN 3"VN 2 MVN 1# 1. xgKZ:1G(SR"LR r-B)N1 M N2 KZ,,SAkZxgMvZxg 2. h8KZ:1G(SR"LR r-B)A1 M A2 KZ,,SA IPS h8 3. LCD T>A ":LCD 4%;pwC# 4. 8>F v 1 Gb KZD47/n/8>F v 8>T74,Dl+8>F v 8>Z*4,DL+8>F 5. XF(KZ(.Z) 6. mKZ(T+x) 7. TAP KZ g4Jdw zXk9C UL PvDg4,g4dv*1wg,n(dvg9* 12 |,n(dvg w* 5 2`,"Ro=K LPS r NEC 2 `j<# Z 1 B Proventia Network Active Bypass %*ri 3
  • 12. y>Yw >wbhv Proventia Network Active Bypass %*Dy>Yw-m# dM?p B<T>K}]gN(} Proventia Network Active Bypass %*Sxg+d= Proventia Network IPS,"R;vT>KZT7;;DwWNyf0=D`X&# ;;#= Proventia Network Active Bypass %*a)=V;;#=: ;;#= hv n/ n/#=(} Proventia Network IPS h8Z+ CxgM(Cxg.d("T+x!(@#4 T+CxgD}]w(#=oKZ N1(xgk Z) #Proventia Network Active Bypass %*+ }]+M=KZ A1(h8dkZ),;s(} Proventia Network IPS h8+}]7I=KZ A2(h8dvZ) #SE,n/;;(}KZ N2 7I}]"R+}]dv=(Cxg# n/#=2ITfrYw,I+}]S(Cx g7I=+Cxg#4 Proventia Network Active Bypass: C8O
  • 13. ;;#= hvT7 T7#=("+Cxg=KZ N1(xgkZ) DT+x!(@#}](}SKZ N1(xgk Z)=KZ N2(xgvZ)bvUO77xP 7I,F}K Proventia Network IPS h8,S x9!IT1SS+Cxg=o(Cxg# T7#=2ITfrYw,+}]S(Cxg 7I=+Cxg#v/EE#=Proventia Network Active Bypass %*IT(}"MMSUv/EE4Vx`X ProventiaNetwork IPS h8DKP4v#byI7#}]wD512+TM+7T#zIT9CZ Timeout 5P(eDh(1d(kNDZ 25 3D:|nPN};i4,15D5w)4dCv/EE!,b)!S Proventia Network Active Bypass %*D;vh8KZ"v"Zm;vKZSU#Proventia Network Active Bypass %*a)TBv/EE#=:v/EE#= hvZ?v/EE!XM#= ;vC(eDT+xv/EE!,I Proventia Network Active Bypass %*zI,S KZ A1 "v#Proventia Network Active Bypass %*T+xKZ A2 XkS Proventia Network IPS h8SU=,;vv/EE!# ":1!ivB? 100 Ak(ms)"M;vv /EE,CdtITvsA 25500 Ak# C#=CZw*xED Proventia Network IPS h8#7#Th8xPK}7DdC,byC h8M;a}Ktv/EE#C#=;h* Proventia Network IPS h8D}/Lr# 1!5:1474,v/EE#= v/EEw* Proventia Network Active Bypass %*T+xKZ A1 M A2 D474,8> w#g{KZ A1 r A2 D47O*,Proventia Network Active Bypass %*+#9v/EED +d"$nT7#=# Z 1 B Proventia Network Active Bypass %*ri 5
  • 14. KP#= Proventia Network Active Bypass %*_PTBKP#=: KP#= hv #= 0:}#n/Z* g{ Proventia Network Active Bypass %*Z ,1Z^ZSU=v/EE,G4;;#=+ #V*rd*“n/;;”#=# g{ Proventia Network Active Bypass %*Z ,1Z^Z4SU=v/EE,G4|+d* r#V*“T7;;”#=# 1!ivB(^v/EE),Proventia Net- work Active Bypass %*T“T7;;”#=K P# #= 1:}#Z* g{ Proventia Network Active Bypass %*Z ,1Z^ZSU=v/EE,G4;;#=+ #V;drd*“T7;;”#=# g{ Proventia Network Active Bypass %*Z ,1Z^Z4SU=v/EE,G4|+d* r#V*“n/;;”#=# 1!ivB(^v/EE),Proventia Net- work Active Bypass %*#V*“n/;;”# =# #= 2:V$n/Z* Proventia Network Active Bypass %*<U&Z “n/;;”#=# #= 3:V$n/T7 Proventia Network Active Bypass %*<U&Z “T7;;”#=# #= 4:V$;/T7 Proventia Network Active Bypass %*&Z;/ T74,,bb6ET7#=PDb*XQ “XU”#6 Proventia Network Active Bypass: C8O
  • 15. Z 2 B hC Proventia Network Active Bypass %* >B2vK,SMdC Proventia Network Active Bypass %*# wb }LEv:dCM?p Proventia Network Active Bypass %* :dCM?p Proventia Network Active Bypass %*;dCM?p Proventia Network Active Bypass %* >wbj8hvKdCM?p Proventia Network Active Bypass %*D=h# XZKNq TB}LGdCM?p Proventia Network Active Bypass %*yXhD# }L 1. + Proventia Network Active Bypass %*M Proventia Network IPS h8ECZz O# 2. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg B"TCh8xPdC# 3. + Proventia Network Active Bypass %*Dg4_Vp,S==v;,Dg4(T a__`H) # 4. (}/@wCJmgf"G<# 5. li Proventia Network Active Bypass %*Gq}Z+]}]w# 6. (}mgfhCVNdC# ) (C}La3dh8ODKZ"hC$@TT7#© Copyright IBM Corp. 2009 7
  • 16. EC Proventia Network Active Bypass %*M Proventia Network IPS h8 }L 1. v( Proventia Network Active Bypass %*M Proventia Network IPS h8DEC ;C# 2. + Proventia Network Active Bypass %*M Proventia Network IPS h8EC=z O# 3. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg B# ":Proventia Network Active Bypass %*9CDv 1Gb VN# ,Sg4_ }L 1. +?v;wg4JdwD1wS7ek Proventia Network Active Bypass %*# 2. +dP;yg4_ek;wg4ey#+m;yg4_ek4Tm;v;wg4D ;wg4ey# a>:9C@"D;wg4,ITZ3v;wg4"zPODivB,T7#a )g&,ns/g4_`T# 3. lig48>F,7O Proventia Network Active Bypass %*QS(g4#8 Proventia Network Active Bypass: C8O
  • 17. G<=mgf }L 1. 9CmgB(j"*“CAT5E”),+Fcz,S= Proventia Network Active Bypass %*ODmKZ# *c:7#z4UP5nQv(4#$T:DX*xgy!h)#kp+mKZ ,S=Tb?w?*EDNNxg#mKZ;&,S=(CZm Proventia Net- work Active Bypass %*M Proventia Network IPS h8D^xg# 2. t/ Internet Explorer# 3. dk https://192.168.0.111# ":mKZD1! IP X7* 192.168.0.111#g{|DKmKZ IP X7,G4 CJmKZD Web X72&f.|D*|(bvBD IP X7# 4. G<=mgf#WN,S=mgf1,k9C1!C{Mk# VN 1!hC C{ admin k admin ":g{ZmgfDC3fO|DK1!DG<hC,G4zhCD5aZf sYN"TG<1z#hCgSJ~(* XZKNq dCgSJ~(*,TcZ Proventia Network Active Bypass %*D4,"zd/1I TSU4,gSJ~#ZdCVN.0,XkhCgSJ~(*# Z 2 B hC Proventia Network Active Bypass %* 9
  • 18. hCVN }L 1. ZmgfP,kTz*dCDVN!qVN3f# 2. dkr!q`&DhC,;s%w#f10 Proventia Network Active Bypass: C8O
  • 19. Z 3 B ZmgfPdC Proventia Network Active Bypass%* zIT9Cmgfr|nPgf4hC Proventia Network Active Bypass %*Ds? VdC!n#>BPvKZCgfPICDdC!n,"hvKgNTdxPh C# wb Z 12 3D:XZmgf; Z 13 3D:CJmgf; Z 14 3D:`X Proventia Network Active Bypass %*D4,; Z 15 3D:m Proventia Network Active Bypass %*DhC;© Copyright IBM Corp. 2009 11
  • 20. XZmgf Proventia Network Active Bypass %*a)K;v2+D Web mgf# m3f mgfI;5P3fiI,b)3fgBmy># m3f hv 4, PX Proventia Network Active Bypass %*D 4,E" mKZ mKZD IP hC VN 1 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 2 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 3 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# VN 4 TCVNPh8DKZhCMv/EEhC, T$nT7rxkn/#=# gSJ~(* gSJ~(*yhDhC,nggSJ~J MJ~~qwE" SNMP hC CZr SNMP ]e~qw"M SNMP ]eD hC NTP hC 9xg1d-i(NTP)+ Proventia Network Active Bypass %*1dkxg1d~qw,= DhC 1dhC Proventia Network Active Bypass %*D1xh C 8]/V4 8]"V4T04;=v1!& L~|B +L~|BD~OX= Proventia Network Active Bypass %* U>hC 53U>D~DhC XBt/ XBt/ Proventia Network Active Bypass % * C |D admin k 6LO$ Jm6LCJ~qwkO$~qwxP(ET 7OCGqP(CJxgDhC12 Proventia Network Active Bypass: C8O
  • 21. CJmgf IT(}Nb;v Web /@w4mM`X Proventia Network Active Bypass %*# Hvu~ 7# Proventia Network Active Bypass %*DT+xmKZQ,S=>Xxgrwz# 1!mKZ IP X7M Web X7 Proventia Network Active Bypass %*P;vVdxmKZD1! IP X7#BmP T>K1! IP X7M URL: n 1!5 mKZ IP X7 192.168.0.111 mKZ Web X7 https://192.168.0.111 b)1!5Z|D.0<UP#zIT9C|nPN}r9CmgfDmKZ 3f4|DmKZD IP X7# *c:TmKZxP|D+POmgfD,S#ZxPNN|D.0,k7#I TCJBD IP X7#|D IP X7s,mKZD Web X72f.|D# mgfD Web X7 zIT9CI https:// szmKZD IP X7iID Web X74CJmgf#C Web X7Dq=gB: https://xxx.xxx.xxx.xxx Zdk Web X71,CVdxmKZD IP X7f; xxx.xxx.xxx.xxx# }g,1! Web X7* https://192.168.0.111 ":Zdk Web X7s,+a4=;uPX Web >c2+O$D{"#%w“LxC JC Web >c(;Fv)”TLx# G< xkm Web >cs,+4=G<A;#4UBmPD5wjITBVN# VN hv C dkC{ ":1!C* admin# k dkk ":1!k* admin# 1!5Z|D.0<UP#g{h*|DC{rk,IT9CmgfDC 3fr|nPgf# Z 3 B ZmgfPdC Proventia Network Active Bypass %* 13
  • 22. `X Proventia Network Active Bypass %*D4, >wbhvK(}mgf4`X Proventia Network Active Bypass %*D4,# li{e4, 4,3fGG<=mgf14=DZ;v3f#9C4,3f4i4PX Proventia Network Active Bypass %*DE"#4,3fV8v?Va)E",b)?VgBmy ># ?V hv 53 a)PX Proventia Network Active Bypass % *D#fE" g4 mwg4*t9GXU VN 1 T>VN 1 Dn//T74, VN 2 T>VN 2 Dn//T74, VN 3 T>VN 3 Dn//T74, VN 4 T>VN 4 Dn//T74, X!hC T>10DKZdC i4534, 53?Va)#fD534,,b)4,gBmy># VN hv z7{F T> Proventia Network Active Bypass %*D {F: :Proventia® NAB; z7j6 T> Proventia Network Active Bypass %*D z7j6: :Proventia NAB rev 1; 2~^)f T> Proventia Network Active Bypass %*D 2~f> L~f> T> Proventia Network Active Bypass %*D 10L~f> m IP T>mKZD IP X7 a>:g{*|DmKZD IP hC,k9C mKZ3f# 1!5:192.168.0.111 gSJ~(* m>gSJ~(*tC9G{C a>:g{*|DgSJ~hC,k9CgS J~(*3f# 1!5:{C(;"M)14 Proventia Network Active Bypass: C8O
  • 23. m Proventia Network Active Bypass %*DhC 9Cmgf4i4r|D Proventia Network Active Bypass %*DhC# hCVNdC }L 1. ZmgfP,!qVNdC3f# 2. jIDvVN(A - D)PnJOzX(xg73DVNDVN: VN hv v/EESUZdJmDn$1d(100 Ak 8(I Proventia Network Active Bypass %* - 25500 Ak) zIDC(eDT+xv/EE!# v/EE!?t 100 Ak(ms)S Proventia Network Active Bypass %* T+xKZ A1 " v,Proventia Network Active Bypass %*T+ xKZ A2 XkS Proventia Network IPS h8 SU=,;vv/EE!# *$nT7x*Dv/EE}(1-10) 8(Cw Proventia Network Active Bypass % *T+xKZ A1 M A2 D47,S4,8> wDv/EE# g{KZ A1 r A2 D47PO,G4 Proventia Network Active Bypass %*a#9v /EED+d"$nT7#=# * x k n / = = x S U = D v / E E } 8(I Proventia Network IPS h8zIDC (1-10) (eDT+xv/EE!#bG Proventia Net- work Active Bypass %**KST7#=d*n /#=xXkSUDv/EE}# 1!5:1 Z 3 B ZmgfPdC Proventia Network Active Bypass %* 15
  • 24. VN hv KP#= 8( Proventia Network Active Bypass %*D KP#=: v #= 0:}#n/T7(1!#=)- g{ Proventia Network Active Bypass %*Z,1 Z^ZSU=v/EE,G4C;;#=# V;drd*“n/;;”#=# g{ Proventia Network Active Bypass %* Z,1Z^Z4SU=v/EE,G4|+ d*r#V*“T7;;”#=# 1!ivB(;Pv/EE), Proventia Network Active Bypass %*#V*“T7;; ”#=# v #= 1:}#n/Z* - g{ Proventia Network Active Bypass %* Z,1Z^ZS Uv/EE,G4C;;#=#V;dr| DI“T7;;”#=# g{ Proventia Network Active Bypass %* Z,1Z^Z4SU=v/EE,G4|+ d*r#V*“n/;;”#=# 1!ivB(;Pv/EE),Proventia Net- work Active Bypass %* #V*“n/;;” #=# v #= 2:V$n/ - Proventia Network Active Bypass %*<U&Z“n/;;”# =# v #= 3:V$n/T7 - Proventia Net- work Active Bypass %*<U&Z“T7;; ”#=# v #= 4:V$;/T7 - Proventia Net- work Active Bypass %*&Z;/T7#=, dPT7#=PDb*X*“XU”# 47JOlb g{xgKZ#9$w,G4azI SNMP ] e# v 0:{953lb“47JOlb” v 1:953;lb"$n“47JOlb” 1!5:QtC16 Proventia Network Active Bypass: C8O
  • 25. VN hv X!hC Z“T7;;”#=M“n/;;”#=B*}] w8( Proventia Network Active Bypass %* ODKZ: v KZ N1:xgkZ v KZ N2:xgvZ v KZ A1:h8dkZ v KZ A2:h8dvZ X!hCD!nP: v RX v TX v RX/TXdCmKZhC }L (}mKZ3fdCmKZD IP hC# VN hv IP X7 mKZD IP X7 1!5:192.168.0.111 xgZk xgrSxZkD IP X7 1!5:255.255.255.0 xX xXD IP X7 1!5:192.168.0.1 DNS 1 wr{53~qwD IP X7 1!5:192.168.0.1 DNS 2 (zr{53~qwD IP X7 1!5:0.0.0.0 Z 3 B ZmgfPdC Proventia Network Active Bypass %* 17
  • 26. hCgSJ~(* XZKNq Proventia Network Active Bypass %*a)KgSJ~(*&,IdCC&,Tc 1VND;;#="zd/1"MgSJ~{"#(}gSJ~(*3fdCgSJ ~~qwMJ,T0tCr{C(*# }L 4Bmyv4hC5# VN hv gSJ~(* tCr{CgSJ~(* 1!5:Q{C(;"M) b"J~~qw(SMTP) `&Db" SMTP J~~qwDX7 b"J~~qw(SMTP)KZ b" SMTP J~~qwDKZE 1!5:25 SMTP C{ b" SMTP J~~qwDC{ SMTP k b" SMTP J~~qwDk(g{JC) b"J~~qw(SMTP)2+T SMTP J~~qwkJ~Mz.d9CD SSL S 1!5:tC(2+) "~K("~KDgSJ~X7) &CT>Zb"gSJ~{""~KVNPD {FrX7 U~K(U~KPm,T:EVt) (*"MADDU~KgSJ~X7Pm wb T>Zb"gSJ~{"wbPPDwb >}::Proventia NAB status report;18 Proventia Network Active Bypass: C8O
  • 27. dC SNMP ]e XZKNq Proventia Network Active Bypass %*a)K SNMP ]e&,(}C&IZVN 4,rg44,"zd/1r]e~qw"M{"#(} SNMP hC3fdC SNMP ?j IP M SNMPv2 xr{F,T0tCr{C SNMP ]e&# }L 4UBmPD5wjITBVN# VN hv "M SNMP ]e tCr{C SNMP ]eD"M 1!5:Q{C SNMP h]?j IP SNMP ]e~qwD?j IP 1!5:localhost SNMPv2 gx SNMP ]e~qwDxr{F 1!5:+2 N<:kND IBM ISS MIB D~}C#,=1dMhC1x }L (} NTP Setting 3ftCxg1d-i(NTP),9 Proventia Network Active Bypass %* 1dkxg1d~qw,=#(} Time Setting 3fhC Proventia Network Active Bypass %*D1x#4BmyvhCTB5# VN hv NTP 9 Proventia Network Active Bypass %*1d kxg1d~qw,=D-i 1!5:Q{C NTP ~qw 9C NTP a)1dD;iFczD+2r 1x Proventia Network Active Bypass %*9CD1 x 1!5:@z&< Z 3 B ZmgfPdC Proventia Network Active Bypass %* 19
  • 28. mCJhC }L (}C3f|DCJ Web mgfyhDC{Mk# VN hv k (} Web /@wCJmgfyhDk 7Ok (} Web /@wCJmgfyhkD7O 8]rV4hC }L (}8]/V43fFw8]D~r9 Proventia Network Active Bypass %*5XAd 1!hC#4UBmPD5wjITBVN# VN hv 8] + Proventia Network Active Bypass %*O1 0hCD1>#fZ{* config.txt DD~P V4T Qf"D8]D~D;C#dkD~;Cr/ @ACD~,;s%wV4T# V4=v1!dC 9 Proventia Network Active Bypass %*Dh CV4*1!dC,;sXBt/# *c:mgfD IP X7;a4;#20 Proventia Network Active Bypass: C8O
  • 29. &CL~|B XZKNq (}L~|B3f,TV$==+L~|BOX= Proventia Network Active Bypass % *#/@A|BD~D;C,;s%w%wL~# ":jIC}Ln`h* 5 VS# kl4,3fTi$Gq20KBDL~f>#tC53U>G< XZKNq (}U>hC3f,+w53PDU>}]O"=Pkf"bP#53U>|,rC ;%(g53XBt/rV/&dC)r53Yw(gL~|BsDT/XBt /)<B Proventia Network Active Bypass %*yI!YwDX*E"# }L 4UBmPD5wjITBVN# VN hv U>G< hCU>}]DO" 1!5:Q{C Syslog ~qwwz U>}]Pkf"bD IP X7 1!5:localhost Syslog ~qwKZ 53U>~qw}Z`XDKZE 1!5:514 Syslog ~qwj6 53U>~qwDwz{ 1!5:NAB Z 3 B ZmgfPdC Proventia Network Active Bypass %* 21
  • 30. XBt/ Proventia Network Active Bypass %* XZKNq (}XBt/3fXBt/ Proventia Network Active Bypass %*# dC6LO$ XZKNq (}6LO$3fdC TACACS+ -iDhC#TACACS+(Terminal Access Control- ler Access Control System Plus,v?DUKCJXFwCJXF53)-i*4T; vr`v~qwD Proventia Network Active Bypass %*a)CJXF(@"O$"Z (MJ~q) # }L 4UBmPD5wjITBVN# VN hv TACACS+ Jm TACACS+ -ixPCJXF 1!5:Q{C ~qw a)CJ~qD~qwD IP X7 1!5:0.0.0.0 S T TACACS+ |DweS,9(E|2+ 1!5:q ? *MzMX$Lry*DCZSD2m ?5 1!5:^ ~q ksO$D~q 1!5:+?22 Proventia Network Active Bypass: C8O
  • 31. Z 4 B 9C|nPgfdC Proventia Network ActiveBypass %* zIT9Cmgfr|nPgf4hC Proventia Network Active Bypass %*Ds? VdC!n#>BPvK|nPN},"hvKgN(}|nPgf4hCdC! n# wb Z 24 3D:CJ|nPgf; Z 25 3D:|nPN}Do(; Z 25 3D:|nPN};© Copyright IBM Corp. 2009 23
  • 32. CJ|nPgf >wb2vKPXCJ|nPgf=fDZ]# ,S`M zIT(}TB=V==.;4CJ Proventia Network Active Bypass %*D|nPg f: v (}.PUKBfw v (} SSH 6L shell Bfw ,S*s BmT>KTZ=V,S`My&_8Du~# Proventia Network Active ,S`M Bypass %*ODKZ gB .PUKBfw XF(KZ XF(gB SSH 6L shell Bfw mKZ mgB .PUKhC 9C.PUKBfwMTBUKhC: hC 5 (EKZ (#* COM1(!vZFczhC) Bf VT100 HX/k 115200 }]; 8 f<T#i ^ #9; 1 w?XF ^ SSH KZ Proventia Network Active Bypass %* SSH ~qw9Cj<KZ 22# C{Mk 9Cm1J4dCN}"`X Proventia Network Active Bypass %*D4,#Bm PvK1!C{Mk# VN hv C dkC{ ":1!C* admin# k dkk ":1!C* admin#24 Proventia Network Active Bypass: C8O
  • 33. ":zIT(}|nPgfr(}mgf4|Dk#|nPN}Do( >wbEvK9C|nPN}hCrlw51yhDo(# (^*s ;P Admin J_PhCMlw53N}D(^# |nPo( 9CTB|nPo(4hCrlwN}5# |n Yw cli get |more dvyPN}D5 cli get parameter_ name *N}8(5 }g:dk cli get timeout +T>.xFq =D,15 cli set parameter_name parameter_value *8(DN}hC5 }g:dk cli set timeout 20 a+,15h C* 20|nPN} >wbPvKICZ Proventia Network Active Bypass %*D|nPN}# N}V*TB8`: v mKZ v (E v gSJ~(* v SNMP v KP ww9CN} kww9Cb)|nPN},r*|GXFE Proventia Network Active Bypass %*D P*#}GIT7(|D1!5sTxgzzDa{,qrkp|D1!5#3)N };PZ IBM ISS MVzmD8<BEITxP|D# mKZN} BmPDN}XFmKZD IP hC# N} hv ip Proventia Network Active Bypass %*mKZ D10 IP X7 1!5:172.16.124.17 Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 25
  • 34. N} hv mask mKZDSxZk 1!5:255.255.255.0 gw mKZDxX IP X7 1!5:172.16.124.1 current_ip mKZD10 IP X7 ":current_ip N}*;AN}# (EN} BmPDN}XFE Proventia Network Active Bypass %*D(E&#9C cli get 4lwN}D105#9C cli set SB54|DN}5#}g,cli set ip 127.0.0.1# N} hv dns DNS ~qw IP X7 ":CN}T&ZCgfPD DNS 1# dns2 Z~v DNS ~qw IP X7 domain >XwzDr{ 1!5:local dhcp DHCP Mz dhcp:+CN}hC* dhcp TtC Proventia Network Active Bypass %*mKZOD DHCP Mz# Static:+CN}hC* static T{C Proventia Network Active Bypass %*mKZOD DHCP Mz host C%*Dwz{ CN}*;AN}# 1!5:Proventia_NAB username m1J{ 1!5:admin k m1k 1!5:admin https tCr{C HTTPS ~qw v 0:{C2+ Web mgf v 1:tCT2+ Web mgfDCJ 1!5:1(tC)26 Proventia Network Active Bypass: C8O
  • 35. gSJ~(*N}BmPDN}XFEgSJ~(*&#N} hvemail tCr{CgSJ~(*& v 0:{CgSJ~(* v 1:tCgSJ~(* 1!5:1email_from T>ZgSJ~(*“"~K”VNPD{Fr gSJ~X7email_security tCr{CgSJ~2+& v 0:{CgSJ~2+& v 1:tCgSJ~2+& 1!5:1email_username S Proventia Network Active Bypass %*"M gSJ~(*yCDgSJ~JDC{email_password S Proventia Network Active Bypass %*"M gSJ~(*yCDgSJ~JDkemail_server J~~qwD SMTP ~qwX7email_subject Z(*gSJ~{"DwbPPT>DD> y>:“Notice: PNAB segment(s) have switched modes”email_to +rd"M(*DgSJ~X7PmSNMP N}BmPDN}XFE SNMP ]eD"M#N} hvsnmp tCr{C SNMP & v 0:{C SNMP & v 1:tC SNMP & 1!5:0({C)snmp_community SNMP xr{F 1!5:+2snmp_destination SNMP ?j 1!5:localhostLFD g{xgKZPO,cazI“47JOlb” v 0:{953lb“47JOlb” v 1:953;lb"$n“47JOlb” 1!5:QtC Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 27
  • 36. KPN} BmPDN}XFE Proventia Network Active Bypass %*DP*# N} hv timeout Proventia Network Active Bypass %*D,15 ?v,1%** 100 Ak#(,16* 100 Ak= 25.5 k# ) Z1!T7KP#=B,g{ Proventia Net- work Active Bypass %*Zh(D,15Z;P lb=v/EE!,G4CVN+Sn/#= P;AT7#=# 1!5:1 force kT?v I/O %*D?F(wT)#= v 0:{C?F(wT)#= v 2:?FVN&Z“n/;;”#= v 4:?FVN&Z“T7;;”#= 1!5:0({C) op_mode Proventia Network Active Bypass %*D1!K P#= v 0:}#n/T7 g{SU=v/EE,G453+&ZZ* 4,# v 1:}#Z* g{U=v/EE,G453+&ZT74 ,# v 2:<UZ* v 4:<Un/T7 v 5:V$;/T7(T7#=PD“T7;; ”;XU) 1!5:0(}#n/T7) hb_mode Proventia Network Active Bypass %*Dv/E E#= v hb_mode 1:53}ZzIv/EE v hb_mode 2:b?4}ZzIv/EE v hb_mode 3:53y]h8OD47lb$n T7 1!5:hb_mode 1 state Proventia Network Active Bypass %*D4, CN}*;AN}# v 0:“T7;;”4, v 1:“n//Z*;;”4,28 Proventia Network Active Bypass: C8O
  • 37. N} hvactive_hb_cnt f"n/v/EEF} ;PZVNSU= active_hb_cnt v,xv/E EsEaP;*“n/;;”#=# 1!5:2(6:1 = 10)bypass_hb_cnt f"T7v/EEF} ;PZVN* bypass_hb_cnt vv/EEsE aP;*“T7;;”#=# 1!5:3(6:1 = 10)TACACS+ N}(} CLI CTBN}4dC TACACS+:N} hvtacacs 5: v 0:{C v 1:tCtacacs_encryption 5: v 0:{C v 1:tCtacacs_protocol TACACS+ -i 1!5:+?tacacs_secret TACACS+ ? 1!5:^tacacs_server TACACS+ ~qwD IP X7tacacs_service TACACS+ ~q 1!5:+? Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 29
  • 38. 30 Proventia Network Active Bypass: C8O
  • 39. yw >E"G*Z@za)Dz7M~q`4D# IBM IZd{zRrXx;a)>D5PV[Dz7"~qr&XT#PXz10 yZxrDz7M~qDE",krz1XD IBM zmI/#NNT IBM z7"L rr~qD}C"GbZw>r5>;9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&Dz7"Lrr~q,<ITzf IBM z7"Lrr ~q#+G,@@Mi$NNG IBM z7"Lrr~q,+ICTP:p# IBM IQ5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhCN N9Cb)({DNNmI#zITCif==+mIi/Dy: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM 6z(?E* 5,rCif==+i/Dy: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan >un;JC"zrNNbyDunk1X(I;;BDzRrXx:INTERNA- TIONAL BUSINESS MACHINES CORPORATION “4V4”a)>vfo,;=PN NV`D(^[Gw>D9G5,D)#$,|((+;^Z)5,DPXGV(" JzMJCZ3X(C>DP^#$#3)zRrXxZ3);WP;Jmb}w> r5,D#$#rK>unI;JCZz# >E"PI|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b )|D+`k>JODBf>P#IBM ITf1T>JOPhvDz7M/rLrxPD xM/r|D,x;mP(*# >E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN== d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V, 9CG) Web >cx4DgU+IzTPP## IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN pN# >LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4( DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE "xP`%9C,kkBPX7*5:© Copyright IBM Corp. 2009 31
  • 40. IBM Corporation Project Management C55A/74KB 6303 Barfield Rd., Atlanta, GA 30328 U.S.A ;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD E"# >D5PhvDmILr0dyPICDmIJOyI IBM @] IBM M-i"IBM zJm~mI-irNN,H-iPDuna)# yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv m>K?jMb8xQ#Lj IBM"IBM UjM ibm.com G International Business Machines Corp., Z+rm`>( xrDLjr"aLj#d{z7M~q{FIG IBM rd{+>DLj#Web > c www.ibm.com/legal/copytrade.shtml O“f(MLjE"”?VP|,K IBM LjD nBPm# Linux® G Linus Torvalds Z@zM/rd{zRrXxD"aLj# UNIX® G The Open Group Z@zMd{zRrXxD"aLj# Microsoft® M Windows® G Microsoft Corporation Z@zM/rd{zRrXxD"a Lj# d{+>"z7r~q{FIGd{+>DLjr~qjG#32 Proventia Network Active Bypass: C8O
  • 41. w}[B] [Y]|0Z] v Cgf 118]/V4 20 CJhC 20 o(, |nP 25[C]XBt/ 22 [Z] v?DUKCJXFwCJXF53 22 *6b vii[D] UKCJXFwCJXF53 22g4 3 4, 14g4JO#$ 2gSJ~(* 18 I IBM Internet Security Systems[F] <uV viiiVNdC 15 Web >c viii IBM ISS V*6b vii[G] S|BL~ 21L~|B 21 SSH KZ 24 syslog 21mKZhC 17mgf 11 T[J] TACACS<uV, IBM Internet Security kND UKCJXFwCJXF53 Systems viii TACACS+;;#= 4 kND v?DUKCJXFwCJXF 53[M] W|nPgf Web >c, IBM Internet Security N} 25 Systems viii CJ 24|nPo( 25[W]D5 vii[X]534, 14mI$-i viii© Copyright IBM Corp. 2009 33
  • 42. 34 Proventia Network Active Bypass: C8O
  • 43. Printed in China