APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)
|
|
- Nigel Sullivan
- 8 years ago
- Views:
Transcription
1 High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder) This solution leverages interoperable and best-of-breed networking and security products, tailored to fit individual enterprise requirements.
2 CONTENTS Introduction... 3 About McAfee... 3 About Brocade... 3 Overview... 3 Failover... 4 Heath Checks... 4 Interoperability Test Results... 4 Reference Architecture... 5 Brocade ServerIron ADX Series Configuration... 6 External ServerIron ADX A (SI-EXT-A)... 6 External ServerIron ADX B (SI-EXT-B)... 8 Internal ServerIron ADX A (SI-INT-A)... 9 Internal ServerIron ADX B (SI-INT-B) Sidewinder Firewall GUI Configuration Firewall 1: Interfaces Firewall 1: Routing Firewall 1: Rules Firewall 1: SNMP Traps Firewall 2: Interfaces Firewall 2: Routing Firewall 2: Rules Firewall 2: SNMP Traps Network Management Loading MIBs into Brocade INM Compiling the MIBs Registering and Customizing MIBs Event Log Network Security Manager SNMP Fault Notification Sensor Access IPS Settings Appendix A: Use Cases Use Case 1: Host Sweep Attack Use Case 2: Port Scan Attack High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 2 of 40
3 INTRODUCTION Brocade and McAfee are partnering to deliver a comprehensive solution for High Availability (HA) Firewall Load Balancing (FWLB) with the Brocade ServerIron ADX Series of application load balancing switches and McAfee Firewall Enterprise (Sidewinder). This joint solution brings end-to-end networking and security to the enterprise. About McAfee McAfee, the world s largest dedicated security technology company, is relentlessly committed to tackling the world s toughest security challenges. The company delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to safely connect to the Internet, browse, and shop the Web securely. McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. For McAfee support: McAfee Prime Support Technical Support: McAfee Prime Support Service Portal: mysupport.mcafee.com About Brocade Brocade is a leading provider of high-performance data center, enterprise, and service provider networking solutions and services. Brocade develops extraordinary networking solutions that enable today s complex, data-intensive businesses to optimize information connectivity and maximize the business value of their data. The Brocade ServerIron ADX Series of application delivery and traffic management switches is the industry leader in high availability, acceleration, security, and scalability for business-critical IP and Web applications. For Brocade support: Phone support in the US: International support: support: ipsupport@brocade.com Web support: OVERVIEW To achieve HA in the network, you can deploy pairs of ServerIron ADX switches in active-active configurations on each side of the firewalls. In an active-active configuration, both switches actively load balance firewall traffic. Active-active operation provides redundancy in the event that a Brocade ServerIron ADX becomes unavailable, while enhancing performance by using both switches to process and forward traffic. HA load balancing on the Brocade ServerIron ADX s always stateful. Each ServerIron ADX sends session information about its active traffic flows to the other switch. If a failover occurs, the ServerIron ADX that is still active can provide service for the other ServerIron traffic flows using the session information provided by the ServerIron that is currently unavailable. In an HA topology, both ServerIron ADX switches actively load balance traffic to the firewalls. If one of the ServerIron ADX switches becomes unavailable, the other automatically assumes the load balancing function for the sessions that had been on the unavailable ServerIron ADX. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 3 of 40
4 This solution is an example of an active-active FWLB configuration that uses VRRP. Each pair of Brocade ServerIron ADX Series switches provides redundant load balancing, while VRRP on the external pair of ServerIron ADX switches provides redundancy for the default gateway address used by the client. Failover In active-active FWLB, if one of the ServerIron ADX devices becomes unavailable, the other takes over. ServerIron ADX devices use the following parameters to manage failover: ServerIron ADX priority (active-standby only). You can specify a priority from 0 through 255 on each ServerIron ADX. The ServerIron ADX with the higher priority is the default active device. Specifying the priority is required. Path tolerance. Optionally, you also can configure a minimum number of firewall paths and router paths that must be available. By default, failover occurs if the health checks between the ServerIron ADX switches reveal that the active ServerIron ADX has lost a path link. Heath Checks There are two types of health checks in this solution: Path health checks. One of the required FWLB parameters is a separate path from the ServerIron ADX through each firewall to each of the ServerIron ADX switches on the other side of the firewall. A path to the ServerIron ADX s gateway router is also required. By default, the ServerIron ADX performs a Layer 3 health check on each firewall and router path by sending an Internet Control Message Protocol (ICMP) ping packet on each path. Application health checks. You can also add information for individual application ports (optional). You can specify the following application protocols (TCP or UDP) and port number. The ServerIron ADX checks the health of the TCP or UDP service used by the application by sending a Layer 4 TCP or UDP health check to the firewall. Layer 4 health checks are enabled by default. Interoperability Test Results Interoperability compliance testing covers features, functionality, and serviceability between the Brocade switches and the McAfee Network Security Platform (NSP) sitting inline. The following compliance tests were conducted: Trunking. A two-link 802.3ad link aggregation was created between the Brocade FastIron SuperX to an internal Brocade FastIron GS and another 802.3ad link aggregation between the Brocade BigIron RX to an internal FastIron GS. The test confirmed that the 802.3ad trunk could be negotiated and form a trunk with the McAfee Intrushield positioned between the switches. To test failover, one of the trunk links was disconnected and it was confirmed that traffic continued to flow on the other link. Spanning Tree. Rapid Spanning Tree was enabled on all switches and it was confirmed that spanning tree converged when the path went down. Virtual Router Redundancy Protocol-Extended (VRRP-e). VRRP-e was enabled on the Brocade FastIron SuperX and Brocade BigIron RX switches and redundancy was provided for default gateways while the Intrushield appliances were positioned between the switches. Media types. Tests were conducted with copper and fiber interfaces. Port configuration. Different port speeds were used: Auto-Negotiate and 1000-Full. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 4 of 40
5 REFERENCE ARCHITECTURE The solution components are listed below and shown in Figure 1: 4 x Brocade ServerIron ADX 4000 (v12.1c routing code) 2 x Brocade FastIron LS Series (v routing code) 2 x McAfee Firewall Enterprise (Sidewinder, v and v8.0.1) 1 x McAfee Intrusion Protection System (IPS) Figure 1. FWLB solution topology High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 5 of 40
6 BROCADE SERVERIRON ADX SERIES CONFIGURATION Both ServerIron ADX switches external to the firewall and both switches external to the firewall were configures as detailed in the following four sections. External ServerIron ADX A (SI-EXT-A) global-protocol-vlan # When configuring ADX for IronClad FWLB, you need to specify the port number of the dedicated synchronization link between the ADX and its active-active partner. server fw-port 1/5 no server l4-check # High-availability FWLB configurations require that you identify the ports on the ServerIron that are attached to the routers. server router-ports ethernet 1/9 # Specify the data path/links with the peer partner ADX. server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 #enables the active-active mode sym-priority 200 fw-name fw1 fw-name fw2 # Configure the paths for the firewall traffic. Each path consists of a path ID, the ServerIron port attached to the firewall, the IP address of the ServerIron at the other end of the path, and the next-hop IP address (usually the firewall interface connected to this ADX). fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port # The always-active feature is used to simplify the topology of high-availability FWLB configurations always-active vlan 2 name Router_Vlan by port untagged ethe 1/9 always-active router-interface ve 2 vlan 3 name FW_Vlan by port High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 6 of 40
7 untagged ethe 1/6 to 1/7 always-active router-interface ve 3 vlan 99 name Synch_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-EXT-A ip route ip route ip route ip route ip route logging buffered 1000 router vrrp-extended no-asm-block-till-bootup interface management 1 ip address interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ethernet 1/11 disable interface ve 2 ip address ip vrrp-extended vrid 2 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 3 ip address ip vrrp-extended vrid 3 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable end High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 7 of 40
8 External ServerIron ADX B (SI-EXT-B) global-protocol-vlan server fw-port 1/5 no server l4-check server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 100 fw-name fw1 fw-name fw2 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 2 name Router_Vlan by port untagged ethe 1/9 always-active router-interface ve 2 vlan 3 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 3 vlan 99 name Synch_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-Ext-B ip route ip route ip route ip route ip route logging buffered 1000 router vrrp-extended no-asm-block-till-bootup High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 8 of 40
9 interface management 1 ip address interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ethernet 1/11 disable interface ve 2 ip address ip vrrp-extended vrid 2 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 3 ip address ip vrrp-extended vrid 3 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable End Internal ServerIron ADX A (SI-INT-A) global-protocol-vlan server fw-port 1/5 server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 200 fw-name fw1 fw-name fw2 High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 9 of 40
10 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 4 name Int_Vlan by port untagged ethe 1/9 always-active router-interface ve 4 vlan 5 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 5 vlan 99 name Sync_Vlan by port untagged ethe 1/5 ethe 1/8 hostname SI-Int-A ip route ip route router vrrp-extended no-asm-block-till-bootup interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ve 4 ip address ip vrrp-extended vrid 4 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 5 ip address ip vrrp-extended vrid 5 backup priority 101 advertise backup ip-address track-port e 1/7 track-port e 1/9 High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 10 of 40
11 enable end Internal ServerIron ADX B (SI-INT-B) global-protocol-vlan server fw-port 1/5 server router-ports ethernet 1/9 server partner-ports ethernet 1/6 context default server fw-name fw server fw-name fw server fw-group 2 sym-priority 100 fw-name fw1 fw-name fw2 fwall-info 1 1/ fwall-info 2 1/ fwall-info 3 1/ fwall-info 4 1/ fwall-info 5 1/ vlan 1 name DEFAULT-VLAN by port always-active vlan 4 name Int_Vlan by port untagged ethe 1/9 always-active router-interface ve 4 vlan 5 name FW_Vlan by port untagged ethe 1/6 to 1/7 always-active router-interface ve 5 vlan 99 by port untagged ethe 1/5 ethe 1/8 hostname SI-Int-B ip route ip route telnet server username admin password... router vrrp-extended snmp-server community... rw High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 11 of 40
12 no-asm-block-till-bootup interface ethernet 1/7 speed-duplex 1000-full interface ethernet 1/8 disable interface ve 4 ip address ip vrrp-extended vrid 4 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable interface ve 5 ip address ip vrrp-extended vrid 5 backup advertise backup ip-address track-port e 1/7 track-port e 1/9 enable end SIDEWINDER FIREWALL GUI CONFIGURATION After configuring the Brocade ServerIron ADX switches, you need to log in to the firewall and configure it using the McAfee Firewall Enterprise Admin Console. The following sections describe configuring internal and external interfaces, routing, rules, and SNMP traps on the two firewalls. The Dashboard is the first screen that appears when you log in to the Firewall Admin Console. Paths are given starting from the Dashboard. When you see New in the path, click the green plus sign (+) button on the left above the table. Firewall 1: Interfaces Configure the external and internal interfaces of FW1: Fw1 Dashboard > Network > Interfaces > + (New) For this configuration, the following interface configurations are added: em0 is external em1 is internal High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 12 of 40
13 Firewall 1: Routing Configure the network routes and use the VRRP-e addresses configured on the ADX devices as the gateways for FW1: Fw1 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 13 of 40
14 Firewall 1: Rules Configure the required policy rules for Fw1: Fw1 Dashboard > Policy > Rules > (Administration selected in list) + (New) For this configuration, the following rules are added: Login Console Admin Console Secure Shell Server *HTTP Proxy *HTTP Proxy_Rev (The two rules above can also be handled with one rule: HTTP Proxy Inbound and Outbound) SNMP *ICMP Packet Filter *ICMP Packet Filter_Rev (The two rules above can also be handled with one rule: ICMP Packet Filter Inbound and Outbound) HTTP Proxy Select HTTP Proxy from the Service menu. To add source and destination, click the buttons with three dots ( ) at the bottom of the Source and Destination sections. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 14 of 40
15 Make sure that you select both external and internal burbs and click OK. HTTP Proxy Inbound and Outbound Rule The final saved rule for HTTP includes the HTTP Proxy service and internal and external burbs, now displayed in the Source and Destination sections of the New Proxy Rule dialog box. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 15 of 40
16 SIDEWINDER FIREWALL GUI CONFIGURATION (VERSION 8 CODE) The GUI for version code looks a bit different than version Here is configuration for the same reference architecture as used in version 7. In this setup we replaced x.x subnet with x.x and x.x with x.x repectively. Firewall 1: Interfaces Add 3 new interfaces em0 (external), em1 (em1), bge0 (management) Fw1 Dashboard > Network > Interfaces > + (New) For this configuration, the following interface configurations are added: em0 is external em1 is internal bge0 is the management port. This is the IP we use to connect to the firewall remotely. Firewall 1: Routing Configure the network routes and use the VRRP-e addresses configured on the ADX devices as the gateways for FW1. Add 3 routes. One each for management, internal and external interface. Fw1 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway Network Destination Default Mask Gateway Firewall 1: Groups Create a new Group called icmp_packet_filter Fw1 Dashboard > Policy > Application Defenses > Groups > + (New) High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 16 of 40
17 Firewall 1: Defense rule Create a new defense rule icmp_packet_filter Fw1 Dashboard > Policy > Application Defenses > Defenses > Generic (Required) + (New) Uncheck ICMP proxy Uncheck Enable stateful packet inspection under Stateful Inspection Tab High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 17 of 40
18 Firewall 1: Accesss control rules Add new Access Control Rules adx_int_ext, adx_ext_int Fw1 Dashboard > Policy > Access Control Rules > + (New) Select application ICMP for the rule adx_ext_int. Select Source Zone as external and Destination zone as internal. Select application ICMP for the rule adx_int_ext. Select Source Zone as internal and Destination zone as external. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 18 of 40
19 Firewall 1: Attack Responses Fw1 Dashboard > Monitor > Attack Responses High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 19 of 40
20 SNMP Select SNMP Agent from the Service menu. Select internal from the Burb menus in both the Source and Destination sections. For this solution, a required services (ICMP) was not listed in the default Service menu. In order to add a service, you first create it: Fw1 Dashboard > Policy > Rule Element > Service > + (New) Fill in information in the Modify Service dialog box, select ICMP Packet Filter from the drop-down menu, and click OK. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 20 of 40
21 ICMP Packet Filter Inbound and Outbound Now return to the New Rule dialog box: Fw1 Dashboard > Policy > Rules > + (New) Select the ICMP Packet Filter from the Service menu. To add source and destination, click the buttons with three dots ( ) at the bottom of the Source and Destination sections. Make sure that you select both external and internal burbs in the Source Options dialog box and click OK. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 21 of 40
22 Configure the SNMP Agent (snmpd) for SNMP v2c and v3. Add the SNMP management station where the trap will be sent. Fw1 Dashboard > Policy > Rule Elements > Services > snmpd > Properties For this configuration, you need to manually configure: Host: User: root1234 Community: public Configure the SNMP filter for SNMP v2c traffic. Fw1 Dashboard > Policy > Application Defenses > Defenses > SNMP High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 22 of 40
23 This is the configuration after the required rules are added under Administration. Fw1 Dashboard > Policy > Rules High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 23 of 40
24 Firewall 1: SNMP Traps When the firewall is added to the network, traps can be enabled: Fw1 Dashboard -> Monitor -> IPS Attack Responses For this configuration, the following traps were enabled for SNMP. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 24 of 40
25 Firewall 2: Interfaces The procedure used to configure Firewall 2 is the same as the procedure for Firewall 1, but with different parameters. Configure the external and internal interfaces of Fw2: Fw2 Dashboard > Network > Interfaces > + (New) For this configuration, the following IP addresses are added: em0 is external em1 is internal Firewall 2: Routing Configure the network routes and use the VRRP-e addresses configured on the NetIron ADX devices as the gateways for Fw2: Fw2 Dashboard > Network > Routing > Static Routing > + (New) For this configuration, the following routes are added: Network Destination Mask Gateway Network Destination Mask Gateway Firewall 2: Rules Configure the required policy rules under Administration for Fw2: Fw2 Dashboard > Policy > Rules > + (New) For this configuration, the following rules are added: Login Console Admin Console Secure Shell Server HTTP Proxy HTTP Proxy_Rev (provides the reverse direction of the http proxy) SNMP ICMP Packet Filter ICMP Packet Filter_Rev (provides the reverse direction for the ICMP ping) HTTP Proxy If any of the required services are not listed when the rules are configured, they can be created and modified under the Rule Element first, and then added to the Rules: Fw2 Dashboard > Policy > Rule Element > Service > + (New) Fw2 Dashboard > Policy > Rules > + (New) Configure the SNMP Agent (snmpd) for SNMP v2c and v3. Add the SNMP management station where the TRAP will be sent: Fw2 Dashboard > Policy > Rule Elements > Services > snmpd > Properties For this configuration, the following parameters are added: Host: User: root1234 Community: public Configure the SNMP filter for SNMP v2c traffic: Fw2 Dashboard -> Policy -> Application Defenses -> Defenses -> SNMP High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 25 of 40
26 This is the configuration after the required rules are added under Administration: Fw2 Dashboard -> Policy -> Rules High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 26 of 40
27 Firewall 2: SNMP Traps When the firewall is added to the network, traps can be enabled: Fw2 Dashboard > Monitor > IPS Attack Responses For this configuration, the following traps were enabled for SNMP. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 27 of 40
28 NETWORK MANAGEMENT Brocade IronView Network Management (INM) can be used to alert the network operator when an issue occurs in the network. Brocade INM acts in response to the alert to protect the network and the hosts connected to the network. Brocade INM can monitor, notify, and act on alerts provided by McAfee Firewall and IPS using MIBs provided by McAfee, which are added to existing MIBs. Loading MIBs into Brocade INM Create new folders for the McAfee MIBs in this INM folder: C:\ironview\htdocs\mibs Two new folders were added: mcafee_ips mcafee_snmp_mibs High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 28 of 40
29 Compiling the MIBs Modify the mibs_to_compile.txt file to include the McAfee MIBs, including the folder containing the MIBs: C:\ironview\htdocs\mibs Open mibs_to_compile.txt, change all the extensions from.txt to.mib (example circled in red below), and save and close the file. Saving and closing the file compiles the MIBs. Registering and Customizing MIBs Once the MIBs are compiled, they are located in the Event reception under the Trap Configuration, Not Registered section (one example circled in red below): Administration > Event Reception > Trap Configuration > Not Registered Select a trap to register and customize. Customizing the trap means that when the message is displayed, it contains the severity and a specified message. The message is the information that the network operator sees in the description field when the alert is displayed. You also need to customize the trap to display the varbind (a variable that is predefined and captured at run time) data. The message field configuration is the set up with the name of the data and the pointer to the varbind it belongs to. An example: Host Sweep Alert $1, $5 In this example, the alert message for Host Sweep Alert with varbind data from the first ($1) and fifth ($5) variable. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 29 of 40
30 NOTE: This message field has a limit of 512 bytes and if the message exceeds the limit, it will be truncated. So think carefully about what you want to display and be sure not to exceed the limit. All registered MIBs can be found in Brocade INM: Administration > Event Reception > Trap Configuration >Registered High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 30 of 40
31 Event Log All registered triggered events can be logged in the Event Log. Event Manager -> Event Log -> Search This is an example of a failed login. NETWORK SECURITY MANAGER The McAfee Network Security Manager (NSM) is required to manage IPS and provide traps. A separate NSM server is required to be configured for SNMP and to forward traps to Brocade INM. On the NSM server, make sure that you: Start the SNMP Service if is it is not started Stop the SNMP Trap Service if it is started Display the Services window. Select the SNMP Service and if it is not started, click Restart the service. Select the SNMP Trap Service and if it is started, click Stop the service. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 31 of 40
32 SNMP Fault Notification Add the SNMP server IP address to which the traps will be forwarded: My computer > Fault Notification > SNMP > add The server IP address added for this configuration is Sensor Access Add the NMS Sensor Access IP address: My computer > Device List > Sensor Access > NMS IP > add The NMS IP address added for this configuration is High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 32 of 40
33 IPS Settings Add the SNMP server IP address for Alert Forwarding: My computer -> IPS Setting -> Alert Notification -> SNMP -> add The SNMP IP address added for this configuration is High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 33 of 40
34 APPENDIX A: USE CASES Use Case 1: Host Sweep Attack When host sweep attacks occur: 1. McAfee IPS detects the attack and alerts Brocade INM. 2. Brocade INM receives the IPS attack alert and sends an Access Control List (ACL) to the Brocade switch to block the attacker and a Security Assessment (SA, an notification) to the network operator. The assessment type is: Compromised network infrastructure equipment. NOTE: IPS automatically alerts for host sweep attacks. The NSM must be configured to send alerts to INM (described earlier in this document). Figure 2 illustrates the process. Attacker (Host Scan, Port Scan, XMAS, Signature Alerts) Blocked Brocade Switch The stealthiest attacks are detected and thwarted by McAfee IPS Figure 2. Response to a host sweep attack Attack alerts are relayed from IPS via Security Assessment message to INM, which then executes an ACL to the Brocade Switch to block the Attacker and sends an event message to the Network Operator Note that before you configure an alert, you need to create it. In the Event Processor window, shown in Step 1, click New at the top of the list and follow the onscreen instructions to create the alert. In this solution, the alert is IPS_HOSTSweepAlert. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 34 of 40
35 1. In Brocade INM, select the host sweep alert and double-click: Event Manager > Event Processor > IPS_HOSTSweepAlert 2. The Edit Event Action dialog box appears, in which you can enter a name and description. Click Next. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 35 of 40
36 3. The Events window shows the currently selected traps from the all available traps. Configure Varbind filters to Yes and click Next. 4. Configure senders for the alert (Brocade devices that can send alerts): Event Manger > Event Processor > Event Actions > Edit Event Action > Senders High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 36 of 40
37 5. Configure the policy for the alert (under what conditions to send the alert): Event Manger > Event Processor > Event Actions > Edit Event Action > Policy 6. Configure the actions to take when a trap is received. Select Deploy CLI Config, and click More. Event Manger > Event Processor > Event Actions > Edit Event Action > Action Group > Actions If you want to send an notification to the network operator when an alert is triggered, you can configure it at this point. See the product documentation for instructions on how to set up a Security Assessment (SA) alert. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 37 of 40
38 7. Click the Global Configuration tab in the CLI Configuration Manager (note that Demo CLI, shown in the window below, was created for this solution testing), select the CLI option to configure. Whatever you configure in the CLI Configuration Manager is sent to the global configuration mode of the Brocade device you ll be selecting to act upon. 8. Select the CLI Commands tab to configure the CLI commands that will be executed on the Brocade switch in response to an alert. Enter the CLI parameter, select the type of variable from the drop-down menu, and click Insert and then Save. Saving the CLI commands takes you back to the CLI Configuration Manager. Closing that window takes you back to the Actions window, shown in Step 6. But now the CLI parameter you configured appears in the Parameters list. Then you can map the parameter to the Varbind of the trap. You can find these procedures explained in greater detail in the Brocade INM product documentation. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 38 of 40
39 Use Case 2: Port Scan Attack When port scan attacks occur: 1. McAfee IPS detects the attack and alerts Brocade INM. 2. Brocade INM receives the IPS attack alert and sends an Access Control List (ACL) to the Brocade switch to block the attacker and a Security Assessment (SA, an notification) to the network operator. The assessment type is: Compromised network infrastructure equipment. NOTE: IPS automatically alerts for port scan attacks. The NSM must be configured to send alerts to INM (described earlier in this document). Figure 3 illustrates the process. Attacker (Host Scan, Port Scan, XMAS, Signature Alerts) Blocked Brocade Switch The stealthiest attacks are detected and thwarted by McAfee IPS Figure 3. Response to a port scan attack Attack alerts are relayed from IPS via Security Assessment message to INM, which then executes an ACL to the Brocade Switch to block the Attacker and sends an event message to the Network Operator Note that before you configure an alert, you need to create it. In the Event Processor window, shown in Step 1 on page 31, click New at the top of the list and follow the onscreen instructions to create the alert. In this solution, the alert is IPS_PortScanAlert. 1. In Brocade INM, select the port scan alert and double-click: Event Manager > Event Processor > Event Actions > IPS_PortScanAlert 2. Follow the same steps as described in the previous use case, Host Sweep Attack. Finish by selecting the CLI Commands tab and enter configuration commands that will be executed on the Brocade switch in response to an alert issued from Brocade INM. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 39 of 40
40 2010 Brocade Communications Systems, Inc. All Rights Reserved. 5/10 GA-AN Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and Brocade Assurance, DCFM, Extraordinary Networks, and Brocade NET Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. High-Availability Load Balancing with the Brocade ADX and McAfee Firewall Enterprise (Sidewinder) 40 of 40
Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG
Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG This document provides best-practice guidance for Brocade ServerIron ADC deployments using Transparent Cache Switching (TCS) with
More informationServerIron TrafficWorks Firewall Load Balancing Guide
ServerIron TrafficWorks Firewall Load Balancing Guide ServerIron 4G Series ServerIronGT C Series ServerIronGT E Series ServerIron 350 & 350-PLUS ServerIron 350 & 350-PLUS ServerIron 450 & 450-PLUS Release
More informationAPPLICATION NOTES Seamless Integration of LAN and WLAN through Brocade mobility products and
Seamless Integration of LAN and WLAN through Brocade mobility products and ShoreTel VoIP Phones This solution leverages interoperable and best-of-breed networking and security products, tailored to fit
More informationDATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch
DATA CENTER Best Practices for High Availability Deployment for the Brocade ADX Switch CONTENTS Contents... 2 Executive Summary... 3 Introduction... 3 Brocade ADX HA Overview... 3 Hot-Standby HA... 4 Active-Standby
More informationDeployment Guide AX Series for Palo Alto Networks Firewall Load Balancing
Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing DG_PAFWLB_120718.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Prerequisites... 4 3 Architecture Overview... 5 4 Access Credentials...
More informationDeployment Guide AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing
Deployment Guide AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing DG_PA-SSL_Intercept_2012.12.1 Table of Contents 1 Overview... 4 2 Deployment Prerequisites... 4 3 Architecture
More information53-1002684-01 17 December 2012. ServerIron ADX. Firewall Load Balancing Guide. Supporting Brocade ServerIron ADX version 12.5.00
17 December 2012 ServerIron ADX Firewall Load Balancing Guide Supporting Brocade ServerIron ADX version 12.5.00 2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol,
More informationF-SECURE MESSAGING SECURITY GATEWAY
F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE
More informationBrocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO
WHITE PAPER www.brocade.com IP NETWORK SECURITY Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO The Non-Stop Secure Network, a Brocade and McAfee joint solution,
More informationMulti-Chassis Trunking for Resilient and High-Performance Network Architectures
WHITE PAPER www.brocade.com IP Network Multi-Chassis Trunking for Resilient and High-Performance Network Architectures Multi-Chassis Trunking is a key Brocade technology in the Brocade One architecture
More informationHow To Understand and Configure Your Network for IntraVUE
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
More informationSOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.
SOLUTION GUIDE Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management. North America Radware Inc. 575 Corporate Dr Suite 205 Mahwah, NJ 07430
More informationNMS300 Network Management System
NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationDiagnostics and Troubleshooting Using Event Policies and Actions
Diagnostics and Troubleshooting Using Event Policies and Actions Brocade Network Advisor logs events and alerts generated by managed devices and the management server and presents them through the master
More informationThunder ADC for SSL Insight and Load Balancing DEPLOYMENT GUIDE
Thunder ADC for SSL Insight and Load Balancing DEPLOYMENT GUIDE Table of Contents 1 Overview...3 2 Deployment Prerequisites...3 3 Architecture Overview...3 3.1 SSL Insight with an Inline Security Deployment...4
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationMigrating from Brocade IronView Network Manager to Brocade Network Advisor
Migrating from Brocade IronView Network Manager to Brocade Network Advisor Brocade Network Advisor continues Brocade leadership in network management with a unified SAN/IP network management software platform.
More informationCisco S380 and Cisco S680 Web Security Appliance
QUICK START GUIDE Cisco S380 and Cisco S680 Web Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance in a Rack 6 Plug In the Appliance
More informationQUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance
1 0 0 0 1 1 QUICK START GUIDE Web Security Appliance Web Security Appliance Cisco S170 303417 Cisco S170 Web Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation
More informationManagement Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.
Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of
More informationReference to common tasks
APPENDIXA This section provides how-to information for common tasks that you need to know how to do before you can effectively work with the vcom Command Center. Creating and editing domains Working with
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationQUICK START GUIDE. Cisco C170 Email Security Appliance
1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance
More informationBrocade One Data Center Cloud-Optimized Networks
POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere
More informationOverview of WebMux Load Balancer and Live Communications Server 2005
AVANU Load Balancing for Microsoft Office Live Communications Server 2005 WebMux Delivers Improved Reliability, Availability and Scalability Overview of WebMux Load Balancer and Live Communications Server
More informationCisco Application Networking Manager Version 2.0
Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager (ANM) software enables centralized configuration, operations, and monitoring of Cisco data center networking equipment
More informationWHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM
NOTE: Foundry s ServerIron load balancing switches have been certified in Microsoft s load balancing LCS 2005 interoperability labs. Microsoft experts executed a variety of tests against Foundry switches.
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503
More informationConfiguring the BIG-IP and Check Point VPN-1 /FireWall-1
Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1
More informationHow To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet
H3C SecBlade LB Card Configuration Examples Keyword: LB Abstract: This document describes the configuration examples for the H3C SecBlade LB service cards in various applications. Acronyms: Acronym Full
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationDeploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010
Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010 Provides reference architecture and procedures for deploying the Brocade ServerIron ADX Series switches with Microsoft Exchange
More informationMulti-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
More informationWhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
More informationApplication Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.
Avaya Solution & Interoperability Test Lab Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.0 Abstract These Application
More informationQuick Start Guide. Sendio Email System Protection Appliance. Sendio 5.0
Sendio Email System Protection Appliance Quick Start Guide Sendio 0 Sendio, Inc. 4911 Birch St, Suite 150 Newport Beach, CA 92660 USA +949.274375 www.sendio.com QUICK START GUIDE SENDIO This Quick Start
More informationDeployment Guide: Transparent Mode
Deployment Guide: Transparent Mode March 15, 2007 Deployment and Task Overview Description Follow the tasks in this guide to deploy the appliance as a transparent-firewall device on your network. This
More informationREADYNAS INSTANT STORAGE. Quick Installation Guide
READYNAS INSTANT STORAGE Quick Installation Guide Table of Contents Step 1 Connect to FrontView Setup Wizard 3 Installing RAIDar on Windows 3 Installing RAIDar on Mac OS X 3 Installing RAIDar on Linux
More informationCREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC
CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel
More informationDSL-G604T Install Guides
Internet connection with NAT...2 Internet connection with No NAT, IP Un-number...6 Port Forwarding...12 Filtering & Firewall Setup...20 Access Control... 21 DMZ Setup... 26 Allow Incoming Ping... 27 How
More informationApplication Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0 Abstract These Application Notes describe the configuration
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationBroadband Router ESG-103. User s Guide
Broadband Router ESG-103 User s Guide FCC Warning This equipment has been tested and found to comply with the limits for Class A & Class B digital device, pursuant to Part 15 of the FCC rules. These limits
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
More informationVoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299
VoiceGear/3CX Integration Guide Ver.0.1 Page 2 1. OVERVIEW... 3 1.1 SETTING UP 3CX PBX...4 1.2 SETTING UP VOICEGEAR GATEWAY...5 2. VOICEGEAR-3CX SIP INTEGRATION... 6 2.1 3CX CONFIGURATION...7 2.2 VOICEGEAR
More informationConfiguring SSL VPN on the Cisco ISA500 Security Appliance
Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these
More informationN5 NETWORKING BEST PRACTICES
N5 NETWORKING BEST PRACTICES Table of Contents Nexgen N5 Networking... 2 Overview of Storage Networking Best Practices... 2 Recommended Switch features for an iscsi Network... 2 Setting up the iscsi Network
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationSecureIT Plus Firewall Features and Functionality
SecureIT Plus Firewall Features and Functionality Iowa Network Services SecureIT Plus Firewall Page 1 of 11 1.1 Enabling Firewall 1.1.1 Main Settings Once you have installed the firewall and have rebooted
More informationBlue Coat Security First Steps Transparent Proxy Deployments
Transparent Proxy Deployments SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationBrocade to Cisco Comparisons
1 2 3 Console cables - The console cables are not interchangeable between Brocade and Cisco. Each vendor provides their console cable with each manageable unit it sells. Passwords - Neither Cisco or Brocade
More informationSymantec Database Security and Audit 3100 Series Appliance. Getting Started Guide
Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished
More informationEthernet Fabrics: An Architecture for Cloud Networking
WHITE PAPER www.brocade.com Data Center Ethernet Fabrics: An Architecture for Cloud Networking As data centers evolve to a world where information and applications can move anywhere in the cloud, classic
More information6.0. Getting Started Guide
6.0 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
More information150-420. Brocade Certified Layer 4-7 Professional 2010. Version: Demo. Page <<1/8>>
150-420 Brocade Certified Layer 4-7 Professional 2010 Version: Demo Page QUESTION NO: 1 Given the command shown below, which statement is true? aaa authentication enable default radius local A.
More informationAvaya P330 Load Balancing Manager User Guide
Avaya P330 Load Balancing Manager User Guide March 2002 Avaya P330 Load Balancing Manager User Guide Copyright 2002 Avaya Inc. ALL RIGHTS RESERVED The products, specifications, and other technical information
More informationVCS Monitoring and Troubleshooting Using Brocade Network Advisor
VCS Monitoring and Troubleshooting Using Brocade Network Advisor Brocade Network Advisor is a unified network management platform to manage the entire Brocade network, including both SAN and IP products.
More informationFortKnox Personal Firewall
FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright
More informationOptimum Business SIP Trunk Set-up Guide
Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need
More informationNetworking and High Availability
TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured
More informationistorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering
istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering Tuesday, Feb 21 st, 2012 KernSafe Technologies, Inc. www.kernsafe.com Copyright KernSafe Technologies 2006-2012.
More informationUsing LiveAction with Cisco Secure ACS (TACACS+ Server)
LiveAction Application Note Using LiveAction with Cisco Secure ACS (TACACS+ Server) September 2012 http://www.actionpacked.com Table of Contents 1. Introduction... 1 2. Cisco Router Configuration... 2
More informationBrocade Network Advisor High Availability Using Microsoft Cluster Service
Brocade Network Advisor High Availability Using Microsoft Cluster Service This paper discusses how installing Brocade Network Advisor on a pair of Microsoft Cluster Service nodes provides automatic failover
More informationSilver Peak WAN Optimization Appliances. Network Deployment Guide. VXOA 6.2 March 2015 PN 200059-001 Rev L
Silver Peak WAN Optimization Appliances Network Deployment Guide VXOA 6.2 March 2015 PN 200059-001 Rev L Silver Peak NX Series Appliances Network Deployment Guide Silver Peak NX Series Appliances Network
More informationReadyNAS Setup Manual
ReadyNAS Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA October 2007 208-10163-01 v1.0 2007 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,
More information> Technical Configuration Guide for Microsoft Network Load Balancing. Ethernet Switch and Ethernet Routing Switch Engineering
Ethernet Switch and Ethernet Routing Switch Engineering > Technical Configuration Guide for Microsoft Network Load Balancing Enterprise Solutions Engineering Document Date: March 9, 2006 Document Version:
More informationHP LeftHand SAN Solutions
HP LeftHand SAN Solutions Support Document Applications Notes Best Practices for Using SolarWinds' ORION to Monitor SANiQ Performance Legal Notices Warranty The only warranties for HP products and services
More informationWHITE PAPER September 2012. CA Nimsoft For Network Monitoring
WHITE PAPER September 2012 CA Nimsoft For Network Monitoring Table of Contents EXECUTIVE SUMMARY 3 Solution overview 3 CA Nimsoft Monitor specialized probes 3 Network and application connectivity probe
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationBest Practices: Pass-Through w/bypass (Bridge Mode)
Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based
More informationConfiguring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0
Avaya Solution & Interoperability Test Lab Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0 Abstract These Application Notes describes a procedure for
More informationUsing Cisco UC320W with Windows Small Business Server
Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationInstalling GFI MailSecurity
Installing GFI MailSecurity Introduction This chapter explains how to install and configure GFI MailSecurity. You can install GFI MailSecurity directly on your mail server or you can choose to install
More informationeprism Email Security Suite
Guide eprism 2505 eprism Email Security Suite 800-782-3762 www.edgewave.com 2001 2012 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered
More informationReadyNAS Duo Setup Manual
ReadyNAS Duo Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA February 2008 208-10215-01 v1.0 2008 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,
More informationNetworking and High Availability
yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.
More informationPanorama High Availability
Panorama High Availability Palo Alto Networks Panorama Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054
More informationSuperLumin Nemesis. Administration Guide. February 2011
SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility
More informationPerleVIEW Device Management System User s Guide
PerleVIEW Device Management System User s Guide Version 1.2 Part #5500320-12 May 2013 PerleVIEW V1.2 Copyright Statement This document must not be reproduced in any way whatsoever, either printed or electronically,
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationHow to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions
How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions Overview: This document provides a reference for configuration of the Cisco UC500 IP PBX to connect to Integra Telecom SIP Trunks.
More informationDesigning Networks with Palo Alto Networks Firewalls
Designing Networks with Palo Alto Networks Firewalls Suggested Designs for Potential and Existing Customers Revision B 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents Introduction...3
More informationProCurve Switch 1700-8 ProCurve Switch 1700-24
Management and Configuration Guide ProCurve Switch 1700-8 ProCurve Switch 1700-24 www.procurve.com ProCurve Series 1700 Switch Management and Configuration Guide Copyright 2007 Hewlett-Packard Development
More information1:1 NAT in ZeroShell. Requirements. Overview. Network Setup
1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already
More informationHow To - Deploy Cyberoam in Gateway Mode
How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article
More informationInstalling Intercloud Fabric Firewall
This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric
More informationDeploying SAP NetWeaver Infrastructure with Foundry Networks ServerIron Deployment Guide
Deplloyiing SAP NetWeaver Inffrastructure s wiith Foundry Networks ServerIron Deployment Guide July 2008 Copyright Foundry Networks Page 1 Table of Contents Executive Overview... 3 Deployment Architecture...
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationThis How To Note describes one possible basic VRRP configuration.
AlliedWare TM OS How To Configure VRRP (Virtual Router Redundancy Protocol) Introduction VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server
More informationDeploying ACLs to Manage Network Security
PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationMulti-Homing Security Gateway
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
More informationHP IMC Firewall Manager
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
More informationInnominate Security Configuration Manager
Innominate Security Configuration Manager Quick Installation Guide / Working with Innominate mguard ISCM Release 3.x.x Document Rev. 1.7 Innominate Security Technologies AG Albert-Einstein-Straße 14 12489
More informationNetwork Security Platform 7.5
M series Release Notes Network Security Platform 7.5 Revision B Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document
More informationConfiguring the WT-4 for ftp (Ad-hoc Mode)
En Configuring the WT-4 for ftp (Ad-hoc Mode) Windows XP Introduction This document provides basic instructions on configuring the WT-4 wireless transmitter and a Windows XP Professional SP2 ftp server
More information