APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)

Size: px
Start display at page:

Download "APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)"

Transcription

1 High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder) This solution leverages interoperable and best-of-breed networking and security products, tailored to fit individual enterprise requirements.

2 CONTENTS Introduction... 3 About McAfee... 3 About Brocade... 3 Overview... 3 Failover... 4 Heath Checks... 4 Interoperability Test Results... 4 Reference Architecture... 5 Brocade ServerIron ADX Series Configuration... 6 External ServerIron ADX A (SI-EXT-A)... 6 External ServerIron ADX B (SI-EXT-B)... 8 Internal ServerIron ADX A (SI-INT-A)... 9 Internal ServerIron ADX B (SI-INT-B) Sidewinder Firewall GUI Configuration Firewall 1: Interfaces Firewall 1: Routing Firewall 1: Rules Firewall 1: SNMP Traps Firewall 2: Interfaces Firewall 2: Routing Firewall 2: Rules Firewall 2: SNMP Traps Network Management Loading MIBs into Brocade INM Compiling the MIBs Registering and Customizing MIBs Event Log Network Security Manager SNMP Fault Notification Sensor Access IPS Settings Appendix A: Use Cases Use Case 1: Host Sweep Attack Use Case 2: Port Scan Attack High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 2 of 40

3 INTRODUCTION Brocade and McAfee are partnering to deliver a comprehensive solution for High Availability (HA) Firewall Load Balancing (FWLB) with the Brocade ServerIron ADX Series of application load balancing switches and McAfee Firewall Enterprise (Sidewinder). This joint solution brings end-to-end networking and security to the enterprise. About McAfee McAfee, the world s largest dedicated security technology company, is relentlessly committed to tackling the world s toughest security challenges. The company delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to safely connect to the Internet, browse, and shop the Web securely. McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. For McAfee support: McAfee Prime Support Technical Support: McAfee Prime Support Service Portal: mysupport.mcafee.com About Brocade Brocade is a leading provider of high-performance data center, enterprise, and service provider networking solutions and services. Brocade develops extraordinary networking solutions that enable today s complex, data-intensive businesses to optimize information connectivity and maximize the business value of their data. The Brocade ServerIron ADX Series of application delivery and traffic management switches is the industry leader in high availability, acceleration, security, and scalability for business-critical IP and Web applications. For Brocade support: Phone support in the US: International support: support: ipsupport@brocade.com Web support: OVERVIEW To achieve HA in the network, you can deploy pairs of ServerIron ADX switches in active-active configurations on each side of the firewalls. In an active-active configuration, both switches actively load balance firewall traffic. Active-active operation provides redundancy in the event that a Brocade ServerIron ADX becomes unavailable, while enhancing performance by using both switches to process and forward traffic. HA load balancing on the Brocade ServerIron ADX s always stateful. Each ServerIron ADX sends session information about its active traffic flows to the other switch. If a failover occurs, the ServerIron ADX that is still active can provide service for the other ServerIron traffic flows using the session information provided by the ServerIron that is currently unavailable. In an HA topology, both ServerIron ADX switches actively load balance traffic to the firewalls. If one of the ServerIron ADX switches becomes unavailable, the other automatically assumes the load balancing function for the sessions that had been on the unavailable ServerIron ADX. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 3 of 40

4 This solution is an example of an active-active FWLB configuration that uses VRRP. Each pair of Brocade ServerIron ADX Series switches provides redundant load balancing, while VRRP on the external pair of ServerIron ADX switches provides redundancy for the default gateway address used by the client. Failover In active-active FWLB, if one of the ServerIron ADX devices becomes unavailable, the other takes over. ServerIron ADX devices use the following parameters to manage failover: ServerIron ADX priority (active-standby only). You can specify a priority from 0 through 255 on each ServerIron ADX. The ServerIron ADX with the higher priority is the default active device. Specifying the priority is required. Path tolerance. Optionally, you also can configure a minimum number of firewall paths and router paths that must be available. By default, failover occurs if the health checks between the ServerIron ADX switches reveal that the active ServerIron ADX has lost a path link. Heath Checks There are two types of health checks in this solution: Path health checks. One of the required FWLB parameters is a separate path from the ServerIron ADX through each firewall to each of the ServerIron ADX switches on the other side of the firewall. A path to the ServerIron ADX s gateway router is also required. By default, the ServerIron ADX performs a Layer 3 health check on each firewall and router path by sending an Internet Control Message Protocol (ICMP) ping packet on each path. Application health checks. You can also add information for individual application ports (optional). You can specify the following application protocols (TCP or UDP) and port number. The ServerIron ADX checks the health of the TCP or UDP service used by the application by sending a Layer 4 TCP or UDP health check to the firewall. Layer 4 health checks are enabled by default. Interoperability Test Results Interoperability compliance testing covers features, functionality, and serviceability between the Brocade switches and the McAfee Network Security Platform (NSP) sitting inline. The following compliance tests were conducted: Trunking. A two-link 802.3ad link aggregation was created between the Brocade FastIron SuperX to an internal Brocade FastIron GS and another 802.3ad link aggregation between the Brocade BigIron RX to an internal FastIron GS. The test confirmed that the 802.3ad trunk could be negotiated and form a trunk with the McAfee Intrushield positioned between the switches. To test failover, one of the trunk links was disconnected and it was confirmed that traffic continued to flow on the other link. Spanning Tree. Rapid Spanning Tree was enabled on all switches and it was confirmed that spanning tree converged when the path went down. Virtual Router Redundancy Protocol-Extended (VRRP-e). VRRP-e was enabled on the Brocade FastIron SuperX and Brocade BigIron RX switches and redundancy was provided for default gateways while the Intrushield appliances were positioned between the switches. Media types. Tests were conducted with copper and fiber interfaces. Port configuration. Different port speeds were used: Auto-Negotiate and 1000-Full. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 4 of 40

5 REFERENCE ARCHITECTURE The solution components are listed below and shown in Figure 1: 4 x Brocade ServerIron ADX 4000 (v12.1c routing code) 2 x Brocade FastIron LS Series (v routing code) 2 x McAfee Firewall Enterprise (Sidewinder, v and v8.0.1) 1 x McAfee Intrusion Protection System (IPS) Figure 1. FWLB solution topology High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 5 of 40

6 BROCADE SERVERIRON ADX SERIES CONFIGURATION Both ServerIron ADX switches external to the firewall and both switches external to the firewall were configures as detailed in the following four sections. External ServerIron ADX A (SI-EXT-A) global-protocol-vlan # When configuring ADX for IronClad FWLB, you need to specify the port number of the dedicated synchronization link between the ADX and its active-active partner. server fw-port 1/5 no server l4-check # High-availability FWLB configurations require that you identify the ports on the ServerIron that are attached to the routers. server router-ports ethernet 1/9 # Specify the data path/links with the peer partner ADX. server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 #enables the active-active mode sym-priority 200 fw-name fw1 fw-name fw2 # Configure the paths for the firewall traffic. Each path consists of a path ID, the ServerIron port attached to the firewall, the IP address of the ServerIron at the other end of the path, and the next-hop IP address (usually the firewall interface connected to this ADX). fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port # The always-active feature is used to simplify the topology of high-availability FWLB configurations always-active vlan 2 name Router_Vlan by port untagged ethe 1/9 always-active router-interface ve 2 vlan 3 name FW_Vlan by port High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 6 of 40

7 untagged ethe 1/6 to 1/7 always-active router-interface ve 3 vlan 99 name Synch_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-EXT-A ip route ip route ip route ip route ip route logging buffered 1000 router vrrp-extended no-asm-block-till-bootup interface management 1 ip address interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ethernet 1/11 disable interface ve 2 ip address ip vrrp-extended vrid 2 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 3 ip address ip vrrp-extended vrid 3 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable end High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 7 of 40

8 External ServerIron ADX B (SI-EXT-B) global-protocol-vlan server fw-port 1/5 no server l4-check server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 100 fw-name fw1 fw-name fw2 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 2 name Router_Vlan by port untagged ethe 1/9 always-active router-interface ve 2 vlan 3 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 3 vlan 99 name Synch_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-Ext-B ip route ip route ip route ip route ip route logging buffered 1000 router vrrp-extended no-asm-block-till-bootup High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 8 of 40

9 interface management 1 ip address interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ethernet 1/11 disable interface ve 2 ip address ip vrrp-extended vrid 2 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 3 ip address ip vrrp-extended vrid 3 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable End Internal ServerIron ADX A (SI-INT-A) global-protocol-vlan server fw-port 1/5 server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 200 fw-name fw1 fw-name fw2 High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 9 of 40

10 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 4 name Int_Vlan by port untagged ethe 1/9 always-active router-interface ve 4 vlan 5 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 5 vlan 99 name Sync_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-Int-A ip route ip route router vrrp-extended no-asm-block-till-bootup interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ve 4 ip address ip vrrp-extended vrid 4 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 5 ip address ip vrrp-extended vrid 5 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 10 of 40

11 enable end Internal ServerIron ADX B (SI-INT-B) global-protocol-vlan server fw-port 1/5 server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 100 fw-name fw1 fw-name fw2 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 4 name Int_Vlan by port untagged ethe 1/9 always-active router-interface ve 4 vlan 5 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 5 vlan 99 by port untagged ethe 1/5 ethe 1/8 hostname SI-Int-B ip route ip route telnet server username admin password... router vrrp-extended snmp-server community... rw High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 11 of 40

12 no-asm-block-till-bootup interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ve 4 ip address ip vrrp-extended vrid 4 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 5 ip address ip vrrp-extended vrid 5 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable end SIDEWINDER FIREWALL GUI CONFIGURATION After configuring the Brocade ServerIron ADX switches, you need to log in to the firewall and configure it using the McAfee Firewall Enterprise Admin Console. The following sections describe configuring internal and external interfaces, routing, rules, and SNMP traps on the two firewalls. The Dashboard is the first screen that appears when you log in to the Firewall Admin Console. Paths are given starting from the Dashboard. When you see New in the path, click the green plus sign (+) button on the left above the table. Firewall 1: Interfaces Configure the external and internal interfaces of FW1: Fw1 Dashboard > Network > Interfaces > + (New) For this configuration, the following interface configurations are added: em0 is external em1 is internal High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 12 of 40

13 Firewall 1: Routing Configure the network routes and use the VRRP-e addresses configured on the ADX devices as the gateways for FW1: Fw1 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 13 of 40

14 Firewall 1: Rules Configure the required policy rules for Fw1: Fw1 Dashboard > Policy > Rules > (Administration selected in list) + (New) For this configuration, the following rules are added: Login Console Admin Console Secure Shell Server *HTTP Proxy *HTTP Proxy_Rev (The two rules above can also be handled with one rule: HTTP Proxy Inbound and Outbound) SNMP *ICMP Packet Filter *ICMP Packet Filter_Rev (The two rules above can also be handled with one rule: ICMP Packet Filter Inbound and Outbound) HTTP Proxy Select HTTP Proxy from the Service menu. To add source and destination, click the buttons with three dots ( ) at the bottom of the Source and Destination sections. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 14 of 40

15 Make sure that you select both external and internal burbs and click OK. HTTP Proxy Inbound and Outbound Rule The final saved rule for HTTP includes the HTTP Proxy service and internal and external burbs, now displayed in the Source and Destination sections of the New Proxy Rule dialog box. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 15 of 40

16 SIDEWINDER FIREWALL GUI CONFIGURATION (VERSION 8 CODE) The GUI for version code looks a bit different than version Here is configuration for the same reference architecture as used in version 7. In this setup we replaced x.x subnet with x.x and x.x with x.x repectively. Firewall 1: Interfaces Add 3 new interfaces em0 (external), em1 (em1), bge0 (management) Fw1 Dashboard > Network > Interfaces > + (New) For this configuration, the following interface configurations are added: em0 is external em1 is internal bge0 is the management port. This is the IP we use to connect to the firewall remotely. Firewall 1: Routing Configure the network routes and use the VRRP-e addresses configured on the ADX devices as the gateways for FW1. Add 3 routes. One each for management, internal and external interface. Fw1 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway Network Destination Default Mask Gateway Firewall 1: Groups Create a new Group called icmp_packet_filter Fw1 Dashboard > Policy > Application Defenses > Groups > + (New) High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 16 of 40

17 Firewall 1: Defense rule Create a new defense rule icmp_packet_filter Fw1 Dashboard > Policy > Application Defenses > Defenses > Generic (Required) + (New) Uncheck ICMP proxy Uncheck Enable stateful packet inspection under Stateful Inspection Tab High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 17 of 40

18 Firewall 1: Accesss control rules Add new Access Control Rules adx_int_ext, adx_ext_int Fw1 Dashboard > Policy > Access Control Rules > + (New) Select application ICMP for the rule adx_ext_int. Select Source Zone as external and Destination zone as internal. Select application ICMP for the rule adx_int_ext. Select Source Zone as internal and Destination zone as external. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 18 of 40

19 Firewall 1: Attack Responses Fw1 Dashboard > Monitor > Attack Responses High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 19 of 40

20 SNMP Select SNMP Agent from the Service menu. Select internal from the Burb menus in both the Source and Destination sections. For this solution, a required services (ICMP) was not listed in the default Service menu. In order to add a service, you first create it: Fw1 Dashboard > Policy > Rule Element > Service > + (New) Fill in information in the Modify Service dialog box, select ICMP Packet Filter from the drop-down menu, and click OK. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 20 of 40

21 ICMP Packet Filter Inbound and Outbound Now return to the New Rule dialog box: Fw1 Dashboard > Policy > Rules > + (New) Select the ICMP Packet Filter from the Service menu. To add source and destination, click the buttons with three dots ( ) at the bottom of the Source and Destination sections. Make sure that you select both external and internal burbs in the Source Options dialog box and click OK. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 21 of 40

22 Configure the SNMP Agent (snmpd) for SNMP v2c and v3. Add the SNMP management station where the trap will be sent. Fw1 Dashboard > Policy > Rule Elements > Services > snmpd > Properties For this configuration, you need to manually configure: Host: User: root1234 Community: public Configure the SNMP filter for SNMP v2c traffic. Fw1 Dashboard > Policy > Application Defenses > Defenses > SNMP High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 22 of 40

23 This is the configuration after the required rules are added under Administration. Fw1 Dashboard > Policy > Rules High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 23 of 40

24 Firewall 1: SNMP Traps When the firewall is added to the network, traps can be enabled: Fw1 Dashboard -> Monitor -> IPS Attack Responses For this configuration, the following traps were enabled for SNMP. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 24 of 40

25 Firewall 2: Interfaces The procedure used to configure Firewall 2 is the same as the procedure for Firewall 1, but with different parameters. Configure the external and internal interfaces of Fw2: Fw2 Dashboard > Network > Interfaces > + (New) For this configuration, the following IP addresses are added: em0 is external em1 is internal Firewall 2: Routing Configure the network routes and use the VRRP-e addresses configured on the NetIron ADX devices as the gateways for Fw2: Fw2 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway Firewall 2: Rules Configure the required policy rules under Administration for Fw2: Fw2 Dashboard > Policy > Rules > + (New) For this configuration, the following rules are added: Login Console Admin Console Secure Shell Server HTTP Proxy HTTP Proxy_Rev (provides the reverse direction of the http proxy) SNMP ICMP Packet Filter ICMP Packet Filter_Rev (provides the reverse direction for the ICMP ping) HTTP Proxy If any of the required services are not listed when the rules are configured, they can be created and modified under the Rule Element first, and then added to the Rules: Fw2 Dashboard > Policy > Rule Element > Service > + (New) Fw2 Dashboard > Policy > Rules > + (New) Configure the SNMP Agent (snmpd) for SNMP v2c and v3. Add the SNMP management station where the TRAP will be sent: Fw2 Dashboard > Policy > Rule Elements > Services > snmpd > Properties For this configuration, the following parameters are added: Host: User: root1234 Community: public Configure the SNMP filter for SNMP v2c traffic: Fw2 Dashboard -> Policy -> Application Defenses -> Defenses -> SNMP High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 25 of 40

26 This is the configuration after the required rules are added under Administration: Fw2 Dashboard -> Policy -> Rules High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 26 of 40

27 Firewall 2: SNMP Traps When the firewall is added to the network, traps can be enabled: Fw2 Dashboard > Monitor > IPS Attack Responses For this configuration, the following traps were enabled for SNMP. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 27 of 40

28 NETWORK MANAGEMENT Brocade IronView Network Management (INM) can be used to alert the network operator when an issue occurs in the network. Brocade INM acts in response to the alert to protect the network and the hosts connected to the network. Brocade INM can monitor, notify, and act on alerts provided by McAfee Firewall and IPS using MIBs provided by McAfee, which are added to existing MIBs. Loading MIBs into Brocade INM Create new folders for the McAfee MIBs in this INM folder: C:\ironview\htdocs\mibs Two new folders were added: mcafee_ips mcafee_snmp_mibs High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 28 of 40

29 Compiling the MIBs Modify the mibs_to_compile.txt file to include the McAfee MIBs, including the folder containing the MIBs: C:\ironview\htdocs\mibs Open mibs_to_compile.txt, change all the extensions from.txt to.mib (example circled in red below), and save and close the file. Saving and closing the file compiles the MIBs. Registering and Customizing MIBs Once the MIBs are compiled, they are located in the Event reception under the Trap Configuration, Not Registered section (one example circled in red below): Administration > Event Reception > Trap Configuration > Not Registered Select a trap to register and customize. Customizing the trap means that when the message is displayed, it contains the severity and a specified message. The message is the information that the network operator sees in the description field when the alert is displayed. You also need to customize the trap to display the varbind (a variable that is predefined and captured at run time) data. The message field configuration is the set up with the name of the data and the pointer to the varbind it belongs to. An example: Host Sweep Alert $1, $5 In this example, the alert message for Host Sweep Alert with varbind data from the first ($1) and fifth ($5) variable. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 29 of 40

30 NOTE: This message field has a limit of 512 bytes and if the message exceeds the limit, it will be truncated. So think carefully about what you want to display and be sure not to exceed the limit. All registered MIBs can be found in Brocade INM: Administration > Event Reception > Trap Configuration >Registered High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 30 of 40

31 Event Log All registered triggered events can be logged in the Event Log. Event Manager -> Event Log -> Search This is an example of a failed login. NETWORK SECURITY MANAGER The McAfee Network Security Manager (NSM) is required to manage IPS and provide traps. A separate NSM server is required to be configured for SNMP and to forward traps to Brocade INM. On the NSM server, make sure that you: Start the SNMP Service if is it is not started Stop the SNMP Trap Service if it is started Display the Services window. Select the SNMP Service and if it is not started, click Restart the service. Select the SNMP Trap Service and if it is started, click Stop the service. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 31 of 40

32 SNMP Fault Notification Add the SNMP server IP address to which the traps will be forwarded: My computer > Fault Notification > SNMP > add The server IP address added for this configuration is Sensor Access Add the NMS Sensor Access IP address: My computer > Device List > Sensor Access > NMS IP > add The NMS IP address added for this configuration is High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 32 of 40

33 IPS Settings Add the SNMP server IP address for Alert Forwarding: My computer -> IPS Setting -> Alert Notification -> SNMP -> add The SNMP IP address added for this configuration is High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 33 of 40

34 APPENDIX A: USE CASES Use Case 1: Host Sweep Attack When host sweep attacks occur: 1. McAfee IPS detects the attack and alerts Brocade INM. 2. Brocade INM receives the IPS attack alert and sends an Access Control List (ACL) to the Brocade switch to block the attacker and a Security Assessment (SA, an notification) to the network operator. The assessment type is: Compromised network infrastructure equipment. NOTE: IPS automatically alerts for host sweep attacks. The NSM must be configured to send alerts to INM (described earlier in this document). Figure 2 illustrates the process. Attacker (Host Scan, Port Scan, XMAS, Signature Alerts) Blocked Brocade Switch The stealthiest attacks are detected and thwarted by McAfee IPS Figure 2. Response to a host sweep attack Attack alerts are relayed from IPS via Security Assessment message to INM, which then executes an ACL to the Brocade Switch to block the Attacker and sends an event message to the Network Operator Note that before you configure an alert, you need to create it. In the Event Processor window, shown in Step 1, click New at the top of the list and follow the onscreen instructions to create the alert. In this solution, the alert is IPS_HOSTSweepAlert. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 34 of 40

35 1. In Brocade INM, select the host sweep alert and double-click: Event Manager > Event Processor > IPS_HOSTSweepAlert 2. The Edit Event Action dialog box appears, in which you can enter a name and description. Click Next. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 35 of 40

36 3. The Events window shows the currently selected traps from the all available traps. Configure Varbind filters to Yes and click Next. 4. Configure senders for the alert (Brocade devices that can send alerts): Event Manger > Event Processor > Event Actions > Edit Event Action > Senders High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 36 of 40

37 5. Configure the policy for the alert (under what conditions to send the alert): Event Manger > Event Processor > Event Actions > Edit Event Action > Policy 6. Configure the actions to take when a trap is received. Select Deploy CLI Config, and click More. Event Manger > Event Processor > Event Actions > Edit Event Action > Action Group > Actions If you want to send an notification to the network operator when an alert is triggered, you can configure it at this point. See the product documentation for instructions on how to set up a Security Assessment (SA) alert. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 37 of 40

38 7. Click the Global Configuration tab in the CLI Configuration Manager (note that Demo CLI, shown in the window below, was created for this solution testing), select the CLI option to configure. Whatever you configure in the CLI Configuration Manager is sent to the global configuration mode of the Brocade device you ll be selecting to act upon. 8. Select the CLI Commands tab to configure the CLI commands that will be executed on the Brocade switch in response to an alert. Enter the CLI parameter, select the type of variable from the drop-down menu, and click Insert and then Save. Saving the CLI commands takes you back to the CLI Configuration Manager. Closing that window takes you back to the Actions window, shown in Step 6. But now the CLI parameter you configured appears in the Parameters list. Then you can map the parameter to the Varbind of the trap. You can find these procedures explained in greater detail in the Brocade INM product documentation. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 38 of 40

39 Use Case 2: Port Scan Attack When port scan attacks occur: 1. McAfee IPS detects the attack and alerts Brocade INM. 2. Brocade INM receives the IPS attack alert and sends an Access Control List (ACL) to the Brocade switch to block the attacker and a Security Assessment (SA, an notification) to the network operator. The assessment type is: Compromised network infrastructure equipment. NOTE: IPS automatically alerts for port scan attacks. The NSM must be configured to send alerts to INM (described earlier in this document). Figure 3 illustrates the process. Attacker (Host Scan, Port Scan, XMAS, Signature Alerts) Blocked Brocade Switch The stealthiest attacks are detected and thwarted by McAfee IPS Figure 3. Response to a port scan attack Attack alerts are relayed from IPS via Security Assessment message to INM, which then executes an ACL to the Brocade Switch to block the Attacker and sends an event message to the Network Operator Note that before you configure an alert, you need to create it. In the Event Processor window, shown in Step 1 on page 31, click New at the top of the list and follow the onscreen instructions to create the alert. In this solution, the alert is IPS_PortScanAlert. 1. In Brocade INM, select the port scan alert and double-click: Event Manager > Event Processor > Event Actions > IPS_PortScanAlert 2. Follow the same steps as described in the previous use case, Host Sweep Attack. Finish by selecting the CLI Commands tab and enter configuration commands that will be executed on the Brocade switch in response to an alert issued from Brocade INM. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 39 of 40

40 2010 Brocade Communications Systems, Inc. All Rights Reserved. 5/10 GA-AN Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and Brocade Assurance, DCFM, Extraordinary Networks, and Brocade NET Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 40 of 40

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG This document provides best-practice guidance for Brocade ServerIron ADC deployments using Transparent Cache Switching (TCS) with

More information

ServerIron TrafficWorks Firewall Load Balancing Guide

ServerIron TrafficWorks Firewall Load Balancing Guide ServerIron TrafficWorks Firewall Load Balancing Guide ServerIron 4G Series ServerIronGT C Series ServerIronGT E Series ServerIron 350 & 350-PLUS ServerIron 350 & 350-PLUS ServerIron 450 & 450-PLUS Release

More information

APPLICATION NOTES Seamless Integration of LAN and WLAN through Brocade mobility products and

APPLICATION NOTES Seamless Integration of LAN and WLAN through Brocade mobility products and Seamless Integration of LAN and WLAN through Brocade mobility products and ShoreTel VoIP Phones This solution leverages interoperable and best-of-breed networking and security products, tailored to fit

More information

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch DATA CENTER Best Practices for High Availability Deployment for the Brocade ADX Switch CONTENTS Contents... 2 Executive Summary... 3 Introduction... 3 Brocade ADX HA Overview... 3 Hot-Standby HA... 4 Active-Standby

More information

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing DG_PAFWLB_120718.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Prerequisites... 4 3 Architecture Overview... 5 4 Access Credentials...

More information

Deployment Guide AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing

Deployment Guide AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing Deployment Guide AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing DG_PA-SSL_Intercept_2012.12.1 Table of Contents 1 Overview... 4 2 Deployment Prerequisites... 4 3 Architecture

More information

53-1002684-01 17 December 2012. ServerIron ADX. Firewall Load Balancing Guide. Supporting Brocade ServerIron ADX version 12.5.00

53-1002684-01 17 December 2012. ServerIron ADX. Firewall Load Balancing Guide. Supporting Brocade ServerIron ADX version 12.5.00 17 December 2012 ServerIron ADX Firewall Load Balancing Guide Supporting Brocade ServerIron ADX version 12.5.00 2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol,

More information

F-SECURE MESSAGING SECURITY GATEWAY

F-SECURE MESSAGING SECURITY GATEWAY F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE

More information

Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO

Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO WHITE PAPER www.brocade.com IP NETWORK SECURITY Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO The Non-Stop Secure Network, a Brocade and McAfee joint solution,

More information

Multi-Chassis Trunking for Resilient and High-Performance Network Architectures

Multi-Chassis Trunking for Resilient and High-Performance Network Architectures WHITE PAPER www.brocade.com IP Network Multi-Chassis Trunking for Resilient and High-Performance Network Architectures Multi-Chassis Trunking is a key Brocade technology in the Brocade One architecture

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management. SOLUTION GUIDE Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management. North America Radware Inc. 575 Corporate Dr Suite 205 Mahwah, NJ 07430

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

Diagnostics and Troubleshooting Using Event Policies and Actions

Diagnostics and Troubleshooting Using Event Policies and Actions Diagnostics and Troubleshooting Using Event Policies and Actions Brocade Network Advisor logs events and alerts generated by managed devices and the management server and presents them through the master

More information

Thunder ADC for SSL Insight and Load Balancing DEPLOYMENT GUIDE

Thunder ADC for SSL Insight and Load Balancing DEPLOYMENT GUIDE Thunder ADC for SSL Insight and Load Balancing DEPLOYMENT GUIDE Table of Contents 1 Overview...3 2 Deployment Prerequisites...3 3 Architecture Overview...3 3.1 SSL Insight with an Inline Security Deployment...4

More information

Managing Latency in IPS Networks

Managing Latency in IPS Networks Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Migrating from Brocade IronView Network Manager to Brocade Network Advisor

Migrating from Brocade IronView Network Manager to Brocade Network Advisor Migrating from Brocade IronView Network Manager to Brocade Network Advisor Brocade Network Advisor continues Brocade leadership in network management with a unified SAN/IP network management software platform.

More information

Cisco S380 and Cisco S680 Web Security Appliance

Cisco S380 and Cisco S680 Web Security Appliance QUICK START GUIDE Cisco S380 and Cisco S680 Web Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance in a Rack 6 Plug In the Appliance

More information

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance 1 0 0 0 1 1 QUICK START GUIDE Web Security Appliance Web Security Appliance Cisco S170 303417 Cisco S170 Web Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Reference to common tasks

Reference to common tasks APPENDIXA This section provides how-to information for common tasks that you need to know how to do before you can effectively work with the vcom Command Center. Creating and editing domains Working with

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Barracuda Link Balancer Administrator s Guide

Barracuda Link Balancer Administrator s Guide Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks

More information

QUICK START GUIDE. Cisco C170 Email Security Appliance

QUICK START GUIDE. Cisco C170 Email Security Appliance 1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance

More information

Brocade One Data Center Cloud-Optimized Networks

Brocade One Data Center Cloud-Optimized Networks POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere

More information

Overview of WebMux Load Balancer and Live Communications Server 2005

Overview of WebMux Load Balancer and Live Communications Server 2005 AVANU Load Balancing for Microsoft Office Live Communications Server 2005 WebMux Delivers Improved Reliability, Availability and Scalability Overview of WebMux Load Balancer and Live Communications Server

More information

Cisco Application Networking Manager Version 2.0

Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager (ANM) software enables centralized configuration, operations, and monitoring of Cisco data center networking equipment

More information

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM NOTE: Foundry s ServerIron load balancing switches have been certified in Microsoft s load balancing LCS 2005 interoperability labs. Microsoft experts executed a variety of tests against Foundry switches.

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1

More information

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet H3C SecBlade LB Card Configuration Examples Keyword: LB Abstract: This document describes the configuration examples for the H3C SecBlade LB service cards in various applications. Acronyms: Acronym Full

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010

Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010 Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010 Provides reference architecture and procedures for deploying the Brocade ServerIron ADX Series switches with Microsoft Exchange

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

WhatsUpGold. v3.0. WhatsConnected User Guide

WhatsUpGold. v3.0. WhatsConnected User Guide WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected

More information

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1. Avaya Solution & Interoperability Test Lab Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.0 Abstract These Application

More information

Quick Start Guide. Sendio Email System Protection Appliance. Sendio 5.0

Quick Start Guide. Sendio Email System Protection Appliance. Sendio 5.0 Sendio Email System Protection Appliance Quick Start Guide Sendio 0 Sendio, Inc. 4911 Birch St, Suite 150 Newport Beach, CA 92660 USA +949.274375 www.sendio.com QUICK START GUIDE SENDIO This Quick Start

More information

Deployment Guide: Transparent Mode

Deployment Guide: Transparent Mode Deployment Guide: Transparent Mode March 15, 2007 Deployment and Task Overview Description Follow the tasks in this guide to deploy the appliance as a transparent-firewall device on your network. This

More information

READYNAS INSTANT STORAGE. Quick Installation Guide

READYNAS INSTANT STORAGE. Quick Installation Guide READYNAS INSTANT STORAGE Quick Installation Guide Table of Contents Step 1 Connect to FrontView Setup Wizard 3 Installing RAIDar on Windows 3 Installing RAIDar on Mac OS X 3 Installing RAIDar on Linux

More information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel

More information

DSL-G604T Install Guides

DSL-G604T Install Guides Internet connection with NAT...2 Internet connection with No NAT, IP Un-number...6 Port Forwarding...12 Filtering & Firewall Setup...20 Access Control... 21 DMZ Setup... 26 Allow Incoming Ping... 27 How

More information

Application Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0

Application Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0 Abstract These Application Notes describe the configuration

More information

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide

More information

Broadband Router ESG-103. User s Guide

Broadband Router ESG-103. User s Guide Broadband Router ESG-103 User s Guide FCC Warning This equipment has been tested and found to comply with the limits for Class A & Class B digital device, pursuant to Part 15 of the FCC rules. These limits

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

VoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299

VoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299 VoiceGear/3CX Integration Guide Ver.0.1 Page 2 1. OVERVIEW... 3 1.1 SETTING UP 3CX PBX...4 1.2 SETTING UP VOICEGEAR GATEWAY...5 2. VOICEGEAR-3CX SIP INTEGRATION... 6 2.1 3CX CONFIGURATION...7 2.2 VOICEGEAR

More information

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring SSL VPN on the Cisco ISA500 Security Appliance Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these

More information

N5 NETWORKING BEST PRACTICES

N5 NETWORKING BEST PRACTICES N5 NETWORKING BEST PRACTICES Table of Contents Nexgen N5 Networking... 2 Overview of Storage Networking Best Practices... 2 Recommended Switch features for an iscsi Network... 2 Setting up the iscsi Network

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

SecureIT Plus Firewall Features and Functionality

SecureIT Plus Firewall Features and Functionality SecureIT Plus Firewall Features and Functionality Iowa Network Services SecureIT Plus Firewall Page 1 of 11 1.1 Enabling Firewall 1.1.1 Main Settings Once you have installed the firewall and have rebooted

More information

Blue Coat Security First Steps Transparent Proxy Deployments

Blue Coat Security First Steps Transparent Proxy Deployments Transparent Proxy Deployments SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,

More information

Brocade to Cisco Comparisons

Brocade to Cisco Comparisons 1 2 3 Console cables - The console cables are not interchangeable between Brocade and Cisco. Each vendor provides their console cable with each manageable unit it sells. Passwords - Neither Cisco or Brocade

More information

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished

More information

Ethernet Fabrics: An Architecture for Cloud Networking

Ethernet Fabrics: An Architecture for Cloud Networking WHITE PAPER www.brocade.com Data Center Ethernet Fabrics: An Architecture for Cloud Networking As data centers evolve to a world where information and applications can move anywhere in the cloud, classic

More information

6.0. Getting Started Guide

6.0. Getting Started Guide 6.0 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License

More information

150-420. Brocade Certified Layer 4-7 Professional 2010. Version: Demo. Page <<1/8>>

150-420. Brocade Certified Layer 4-7 Professional 2010. Version: Demo. Page <<1/8>> 150-420 Brocade Certified Layer 4-7 Professional 2010 Version: Demo Page QUESTION NO: 1 Given the command shown below, which statement is true? aaa authentication enable default radius local A.

More information

Avaya P330 Load Balancing Manager User Guide

Avaya P330 Load Balancing Manager User Guide Avaya P330 Load Balancing Manager User Guide March 2002 Avaya P330 Load Balancing Manager User Guide Copyright 2002 Avaya Inc. ALL RIGHTS RESERVED The products, specifications, and other technical information

More information

VCS Monitoring and Troubleshooting Using Brocade Network Advisor

VCS Monitoring and Troubleshooting Using Brocade Network Advisor VCS Monitoring and Troubleshooting Using Brocade Network Advisor Brocade Network Advisor is a unified network management platform to manage the entire Brocade network, including both SAN and IP products.

More information

FortKnox Personal Firewall

FortKnox Personal Firewall FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright

More information

Optimum Business SIP Trunk Set-up Guide

Optimum Business SIP Trunk Set-up Guide Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need

More information

Networking and High Availability

Networking and High Availability TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured

More information

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering Tuesday, Feb 21 st, 2012 KernSafe Technologies, Inc. www.kernsafe.com Copyright KernSafe Technologies 2006-2012.

More information

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Using LiveAction with Cisco Secure ACS (TACACS+ Server) LiveAction Application Note Using LiveAction with Cisco Secure ACS (TACACS+ Server) September 2012 http://www.actionpacked.com Table of Contents 1. Introduction... 1 2. Cisco Router Configuration... 2

More information

Brocade Network Advisor High Availability Using Microsoft Cluster Service

Brocade Network Advisor High Availability Using Microsoft Cluster Service Brocade Network Advisor High Availability Using Microsoft Cluster Service This paper discusses how installing Brocade Network Advisor on a pair of Microsoft Cluster Service nodes provides automatic failover

More information

Silver Peak WAN Optimization Appliances. Network Deployment Guide. VXOA 6.2 March 2015 PN 200059-001 Rev L

Silver Peak WAN Optimization Appliances. Network Deployment Guide. VXOA 6.2 March 2015 PN 200059-001 Rev L Silver Peak WAN Optimization Appliances Network Deployment Guide VXOA 6.2 March 2015 PN 200059-001 Rev L Silver Peak NX Series Appliances Network Deployment Guide Silver Peak NX Series Appliances Network

More information

ReadyNAS Setup Manual

ReadyNAS Setup Manual ReadyNAS Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA October 2007 208-10163-01 v1.0 2007 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,

More information

> Technical Configuration Guide for Microsoft Network Load Balancing. Ethernet Switch and Ethernet Routing Switch Engineering

> Technical Configuration Guide for Microsoft Network Load Balancing. Ethernet Switch and Ethernet Routing Switch Engineering Ethernet Switch and Ethernet Routing Switch Engineering > Technical Configuration Guide for Microsoft Network Load Balancing Enterprise Solutions Engineering Document Date: March 9, 2006 Document Version:

More information

HP LeftHand SAN Solutions

HP LeftHand SAN Solutions HP LeftHand SAN Solutions Support Document Applications Notes Best Practices for Using SolarWinds' ORION to Monitor SANiQ Performance Legal Notices Warranty The only warranties for HP products and services

More information

WHITE PAPER September 2012. CA Nimsoft For Network Monitoring

WHITE PAPER September 2012. CA Nimsoft For Network Monitoring WHITE PAPER September 2012 CA Nimsoft For Network Monitoring Table of Contents EXECUTIVE SUMMARY 3 Solution overview 3 CA Nimsoft Monitor specialized probes 3 Network and application connectivity probe

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

Best Practices: Pass-Through w/bypass (Bridge Mode)

Best Practices: Pass-Through w/bypass (Bridge Mode) Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based

More information

Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0

Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0 Avaya Solution & Interoperability Test Lab Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0 Abstract These Application Notes describes a procedure for

More information

Using Cisco UC320W with Windows Small Business Server

Using Cisco UC320W with Windows Small Business Server Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

Installing GFI MailSecurity

Installing GFI MailSecurity Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install

More information

eprism Email Security Suite

eprism Email Security Suite Guide eprism 2505 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered

More information

ReadyNAS Duo Setup Manual

ReadyNAS Duo Setup Manual ReadyNAS Duo Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA February 2008 208-10215-01 v1.0 2008 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,

More information

Networking and High Availability

Networking and High Availability yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.

More information

Panorama High Availability

Panorama High Availability Panorama High Availability Palo Alto Networks Panorama Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054

More information

SuperLumin Nemesis. Administration Guide. February 2011

SuperLumin Nemesis. Administration Guide. February 2011 SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility

More information

PerleVIEW Device Management System User s Guide

PerleVIEW Device Management System User s Guide PerleVIEW Device Management System User s Guide Version 1.2 Part #5500320-12 May 2013 PerleVIEW V1.2 Copyright Statement This document must not be reproduced in any way whatsoever, either printed or electronically,

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions

How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions Overview: This document provides a reference for configuration of the Cisco UC500 IP PBX to connect to Integra Telecom SIP Trunks.

More information

Designing Networks with Palo Alto Networks Firewalls

Designing Networks with Palo Alto Networks Firewalls Designing Networks with Palo Alto Networks Firewalls Suggested Designs for Potential and Existing Customers Revision B 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents Introduction...3

More information

ProCurve Switch 1700-8 ProCurve Switch 1700-24

ProCurve Switch 1700-8 ProCurve Switch 1700-24 Management and Configuration Guide ProCurve Switch 1700-8 ProCurve Switch 1700-24 www.procurve.com ProCurve Series 1700 Switch Management and Configuration Guide Copyright 2007 Hewlett-Packard Development

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

How To - Deploy Cyberoam in Gateway Mode

How To - Deploy Cyberoam in Gateway Mode How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article

More information

Installing Intercloud Fabric Firewall

Installing Intercloud Fabric Firewall This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric

More information

Deploying SAP NetWeaver Infrastructure with Foundry Networks ServerIron Deployment Guide

Deploying SAP NetWeaver Infrastructure with Foundry Networks ServerIron Deployment Guide Deplloyiing SAP NetWeaver Inffrastructure s wiith Foundry Networks ServerIron Deployment Guide July 2008 Copyright Foundry Networks Page 1 Table of Contents Executive Overview... 3 Deployment Architecture...

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

This How To Note describes one possible basic VRRP configuration.

This How To Note describes one possible basic VRRP configuration. AlliedWare TM OS How To Configure VRRP (Virtual Router Redundancy Protocol) Introduction VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server

More information

Deploying ACLs to Manage Network Security

Deploying ACLs to Manage Network Security PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

Multi-Homing Security Gateway

Multi-Homing Security Gateway Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

Innominate Security Configuration Manager

Innominate Security Configuration Manager Innominate Security Configuration Manager Quick Installation Guide / Working with Innominate mguard ISCM Release 3.x.x Document Rev. 1.7 Innominate Security Technologies AG Albert-Einstein-Straße 14 12489

More information

Network Security Platform 7.5

Network Security Platform 7.5 M series Release Notes Network Security Platform 7.5 Revision B Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document

More information

Configuring the WT-4 for ftp (Ad-hoc Mode)

Configuring the WT-4 for ftp (Ad-hoc Mode) En Configuring the WT-4 for ftp (Ad-hoc Mode) Windows XP Introduction This document provides basic instructions on configuring the WT-4 wireless transmitter and a Windows XP Professional SP2 ftp server

More information