Gigamon GigaVUE Supplemental Administrative Guidance

Transcription

1 Gigamon GigaVUE Supplemental Administrative Guidance Version: 1.0 January 28, 2016 Gigamon Inc Olcott Street Santa Clara, CA Prepared By: Cyber Assurance Testing Laboratory 900 Elkridge Landing Road, Suite 100 Linthicum, MD 21090

2 Contents 1 Introduction Intended Audience Terminology References Evaluated Configuration of the TOE TOE Components Supporting Environment Components Assumptions Secure Installation and Configuration Initial out-of-the-box Setup: Verify Software Version Configure the TOE to use Enhanced Security Mode: Configure the TOE to record log and audit data (locally): Disable Telnet and Enable SSH Configure and Access the WebGUI (aka H-VUE) Secure Management of Gigamon GigaVUE Authenticating to Gigamon GigaVUE Public-Key Based Authentication Configuration LDAP Authentication Configuration (CLI) LDAP Authentication Configuration (WebGUI) Managing Users Create a New Admin User Account (CLI): Create a New Admin User Account (GUI): Password Management Session Termination Admin Logout Termination from Inactivity Login Banner System Time Configuration Manually Configure the Time (CLI) P a g e

3 7.6.2 Manually Configure the Time Configuration (WebGUI) Configure Connection to an NTP Server (CLI) Configure Connection to an NTP Server (GUI) Secure Updates Display the Current Version (CLI) Display the Current Version (WebGUI) Downloading and Installing the New Image (CLI) Downloading and Installing the New Image (WebGUI) Rebooting TOE (CLI) Rebooting the TOE (WebGUI) Actions to be taken upon Failure Auditing Audit Storage Assigning a Public-Key to the Syslog Server and SSH (CLI) Configuring the Syslog Server (CLI) Communications Protocols and Services Modes of Operation Obtaining Technical Assistance Table of Tables Table 5-1: HD8 and HD4 Series... 5 Table 5-2: HC2 Series... 6 Table 5-3: HB1 Series... 7 Table 5-4: TA10 Series... 7 Table 5-5: TA40 Series... 8 Table 5-6: Supporting Environmental Components... 8 Table 8-1: NDPP Auditable Events P a g e

4 1 Introduction The Target of Evaluation (TOE) includes the models HD8, HD4, HC2, HB1, TA10 and TA40 with software version These models allow an Authorized Administrator to access the TOE through a serial port, remote CLI via SSH, and a WebGUI via TLS/HTTPS. The TOE was evaluated against the requirements defined in the Gigamon GigaVUE Security Target. The GigaVUE's primary functionality is to use the Gigamon Forwarding Policy to receive out-of-band copied network data from external sources (TAP or SPAN port) and forward that copied network data to one or many tool ports for packet capture or analyzing tools based on user selected criteria. GigaVUE can also copy the network traffic itself when sitting in-line with the network flow using passive, inline and bypass taps or any combination. GigaVUE features extensive filtering abilities enabling authorized users to forward precise customized data flows of copied data from many sources to a single tool, from a single source to many tools, or from many sources to many tools. The TOE was evaluated as a network device only and the GigaVUE s network traffic capture, filter, and forwarding capabilities described above were not assessed during this evaluation. The TOE is the general network device functionality (I&A, auditing, security management, trusted communications, etc.) of the GigaVUE, consistent with the claimed Protection Profile. 2 Intended Audience This document is intended for administrators responsible for installing, configuring, and/or operating Gigamon GigaVUE version Guidance provided in this document allows the reader to deploy the product in an environment that is consistent with the configuration that was evaluated as part of the product s Common Criteria (CC) testing process. It also provides the reader with instructions on how to exercise the security functions that were claimed as part of the CC evaluation. The reader is expected to be familiar with the Security Target for Gigamon GigaVUE version and the general CC terminology that is referenced in it. This document references the Security Functional Requirements (SFRs) that are defined in the Security Target document and provides instructions on how to perform the security functions that are defined by these SFRs. The GigaVUE product as a whole provides a great deal of security functionality but only those functions that were in the scope of the claimed PP are discussed here. Any functionality that is not described here or in the Gigamon GigaVUE Security Target was not evaluated and should be exercised at the user s risk. 3 Terminology In reviewing this document, the reader should be aware of the terms listed below. These terms are also described in the Gigamon GigaVUE Security Target. CC: stand for Common Criteria. Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. 3 P a g e

5 SFR: stands for Security Functional Requirement. An SFR is a security capability that was tested as part of the CC process. TOE: stands for Target of Evaluation. This refers to the aspects of Gigamon GigaVUE that contain the security functions that were tested as part of the CC evaluation process. 4 References The following documents are part of the Gigamon GigaVUE version This is the standard documentation set that is provided with the product. [1] GigaVUE-OS-CLIUsersGuide-v4400 [2] GigaVUE-OS-HVUE-UsersGuide-v4400 [3] GV-TA-Series-UpgradeGuide-v4400 [4] GV-H-Series-UpgradeGuide-v4400 [5] GV-HB-Series-HardwareInstallationGuide-v4400 [6] GV-HC-Series-HardwareInstallationGuide-v4400 [7] GV-HD-Series-HardwareInstallationGuide-v4400 [8] GV-TA-Series-HardwareInstallationGuide-v4400 [9] GV-OS-ReleaseNote-v4400 [10] Gigamon GigaVUE Security Target v1.0 (ST) [11] Gigamon Linux-Based Cryptographic Module CMVP certificate #2128 Note: [11] refers to the FIPS validated cryptographic module used by the GigaVUE products. 5 Evaluated Configuration of the TOE This section lists the components that have been included in the TOE s evaluated configuration, whether they are part of the TOE itself, environmental components that support the security behavior of the TOE, or non-interfering environmental components that were present during testing but are not associated with any security claims: 5.1 TOE Components Property HD8 HD8 HD4 HD4 Model Number 4 P a g e GVS-HD8A1 GigaVUE-HD8 base unit w/ chassis, CLI GVS-HD8A2 GigaVUE-HD8 base unit w/ chassis, CLI GVS-HD4A1 GigaVUE-HD4 base unit w/ chassis, CLI Size 14RU 14RU 5RU 5RU Total Slots Power AC DC AC DC Control Cards 1 or 2 1 or Port Blades PRT-H00-X12G04 Port Blade, HD Series, 12x10G 4x1G GVS-HD4A2 GigaVUE-HD4 base unit w/ chassis, CLI

6 PRT-H00-X12TS Port Blade, HD Series, 12x10G Time Stamp PRT-H00-X04G44 Port Blade, HD Series, 4x10G 44x1G PRT-H00-Q02X32 Port Blade, HD Series, 2x40G 32x10G (24 10G G or 32 10G active) PRT-HD0-Q08 Port Blade, HD Series, 8x40G PRT-HD0-C01 Port Blade, HD Series, 1x100G PRT-HD0-C02X08 Port Blade, HD Series, 2x100G CFP cages + 8x10G cages PRT-HD0-C02X08A Port Blade, HD Series, 2x100G CFP2 cages + 8x10G cages GigaSMART Module: SMT-HD0-GigaSMART, HD Series blade (includes Slicing, Masking, Source Port,& GigaVUE Tunneling De-Encapsulation SW Power Supplies Processor PowerPC 600 PowerPC 600 PowerPC 600 PowerPC 600 Memory (RAM) Logical Drive Capacity CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB Fixed Ports None None None None Configurable Ports Provided by Port Blades Provided by Port Provided by Port Blades Blades Table 5-1: HD8 and HD4 Series CCv1: 2GB CCv2: 4GB CCv1: 2GB CCv2: 8GB Provided by Port Blades Property HC2 HC2 Model Number GVS-HC201 GigaVUE-HC2 base unit w/ chassis, CLI, Size 2RU 2RU Front Bays 4 4 Rear Bays 1 1 Power AC DC Main Board 1 1 TAP Modules Bypass Combo Modules GVS-HC202 GigaVUE-HC2 base unit w/ chassis, CLI TAP-HC0-D25AC0 TAP module, HC Series, SX/SR Internal TAP Module 50/125, 12 TAPs TAP-HC0-D25BC0 TAP module, HC Series, SX/SR Internal TAP Module 62.5/125, 12 TAPs TAP-HC0-D35CC0 TAP module, HC Series, LX/LR Internal TAP Module, 12 TAPs TAP-HC0-G100C0 TAP and Bypass module, HC Series, Copper, 12 TAPs or BPS pairs BPS-HC0-D25A4G Bypass Combo Module, HC Series, 4 SX/SR 50/125 BPS pairs, 16 10G cages BPS-HC0-D25B4G Bypass Combo Module, HC Series, 4 SX/SR 62.5/125 BPS pairs, 16 10G cages 5 P a g e

7 Port Modules BPS-HC0-D35C4G Bypass Combo Module, HC Series, 4 LX/LR BPS pairs, 16 10G cages PRT-HC0-X24 Port Module, HC Series, 24x10G PRT-HC0-Q06 Port Module, HC Series, 6x40G GigaSMART Modules: SMT-HC0-R GigaSMART, HC Series rear module (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW) SMT-HC0-X16 GigaSMART, HC Series, Front Module, 16 10G cages (includes Slicing, Masking, Source Port & GigaVUE Tunneling De-Encapsulation SW Power Supplies 2 2 Processor PowerPC 600 PowerPC 600 Memory (RAM) 4GB 4GB Logical Drive Capacity 8GB Fixed Ports PTP IEEE 1588 Configurable Ports Stack Mgmt. Port Mgmt. Console Provided by TAP Modules, Bypass combo modules, Port Modules Table 5-2: HC2 Series 8GB PTP IEEE 1588 Stack Mgmt. Port Mgmt. Console Provided by TAP Modules, Bypass combo modules, Port Modules Property HB1 HB1 Model Number GVS-HB GVS-HB branch node branch node Size 1RU 1RU Cages 4 10G cages 4 10G cages 8 1G cages 8 1G cages Copper 8 1G 8 1G Power AC DC Power Supplies 1 1 Processor PowerPC 600 PowerPC 600 Memory (RAM) 2GB 2GB Logical Drive 2GB 2GB Capacity Fixed Ports PTP 1588 PTP 1588 Mgmt. Mgmt. 6 P a g e

8 Console 8 10/100/1000 Ports, 8 1G Ports (SFP), 4 1G/10G (SFP+) Console Configurable Ports None None Table 5-3: HB1 Series 8 10/100/1000 Ports, 8 1G Ports (SFP), 4 1G/10G (SFP+) Property TA10 TA10 Model Number GigaVUE-TA10 Edge Traffic Aggregation Node (SKU GVS-TAX01) Size 1RU 1RU Power AC DC Power Supplies 2 2 GigaVUE-TA10 Edge Traffic Aggregation Node (SKU GVS-TAX01) Processor PowerPC e500 PowerPC e500 Memory (RAM) 4GB 4GB Logical Drive Capacity Fixed Ports 8GB Mgmt. Console 48 1G/10G Ports (SFP+) 4 10G/40G QSFP Ports 8GB Mgmt. Console Configurable Ports None None Table 5-4: TA10 Series 48 1G/10G Ports (SFP+) 4 10G/40G QSFP Ports Property TA40 TA40 Model Number GigaVUE-TA40 GigaVUE-TA40 Edge Traffic Aggregation Node Edge Traffic Aggregation Node (SKU GVS-TAQ01) (SKU GVS-TAQ01) Size 1RU 1RU Power AC DC Power Supplies 2 2 Processor PowerPC e500 PowerPC e500 Memory (RAM) 4GB 4GB Logical Drive 8GB 8GB Capacity Fixed Ports Mgmt. Mgmt. 7 P a g e

9 Console 32 10G/40G QSFP Ports Console Configurable Ports None None Table 5-5: TA40 Series 5.2 Supporting Environment Components 32 10G/40G QSFP Ports Component LDAP Server Management Workstation NTP Server SPAN Syslog Server TAP Tool Update Server Definition A system that is capable of receiving authentication requests using LDAP over TLS and validating these requests against identity and credential data that is defined in an LDAP directory. Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser (Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher) to access the WebGUI, or locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications. A server that provides reliable time data to the TOE s system clock so that the timestamps on its audit records can be synchronized with other devices in the Operational Environment that connect to the same server. This component provides the TOE with copied network data, but only if the TOE is configured to receive data from an external TAP or SPAN device. The Syslog Server connects to the TOE and allows the TOE to send Syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes. This component provides the TOE with copied network data, either from an internal GigaVUE TAP or an external TAP. The TOE can also be configured to receive data from an external source, meaning a TAP device or SPAN port. This component is any analysis, capture or troubleshooting tool connected to a tool port. This component is required for the TOE to forward data. The connection to the tool is a physical connection. A general-purpose computer that includes a web server and is used to store software update packages that can be retrieved by the TOE using TLS/HTTPS. The update server can be a server maintained by Gigamon or it can be set up locally in the Operational Environment by an administrator if the TOE s deployment prevents it from being able to access Gigamon s web domain. Table 5-6: Supporting Environmental Components 5.3 Assumptions In order to ensure the product is capable of meeting its security requirements when deployed in its evaluated configuration, the following conditions must be satisfied by the organization, as defined in the claimed Protection Profile: No general purpose computing capabilities: The GigaVUE product must only be used for its intended purpose. General purpose computing applications, especially those with network-visible interfaces, may compromise the security of the product if introduced. 8 P a g e

10 Physical security: The GigaVUE product does not claim any sort of physical tamper-evident or tamper-resistant security mechanisms. Therefore, it is necessary to deploy the product in a locked or otherwise physically secured environment so that it is not subject to untrusted physical modification. Trusted administration: The GigaVUE product does not provide a mechanism to protect against the threat of a rogue or otherwise malicious administrator. Therefore, it is the responsibility of the organization to perform appropriate vetting and training for security administrators prior to granting them the ability to manage the product. 6 Secure Installation and Configuration Documentation for how to order and acquire the TOE is described in the Contacting Sales section of documents [5] through [8]. When receiving delivery of a TOE model, this documentation should be checked as part of the acceptance procedures so that the correctness of the hardware can be verified. Additionally, documents [5] through [8] can be referenced for physical requirements such as unpacking the TOE, installing modules, racking the TOE, cabling (i.e. network and power), as well as verifying power and environmental operating conditions. The TOE comes with the software image installed on it by default, but if additional validation is necessary, an administrator may acquire the software image separately from Gigamon and perform a software upgrade to the known version. Regardless of the specific model being installed, the software is functionally identical with respect to the Common Criteria security requirements, so secure management for each device is described in the remainder of this document. Note that these steps can be performed using the initial default user account. Note: Use the write memory command in the CLI to save configuration changes to flash. Otherwise, changes will be added to the active configuration immediately but will not be saved across a reboot unless the write memory command is used. 6.1 Initial out-of-the-box Setup 1. Connect to the TOE via the local console using the following settings on a terminal application: 115,200 Baud 8 data bits No parity 1 stop bit No flow control 2. Authenticate using the default credentials: Username: admin Password: admin123a! 3. Start the jump-start script by entering the following commands on the TOE: config terminal config jump-start 9 P a g e

11 Refer to the Run the Jump-Start Script Section in documents [5] through [8] for more information on completing the jump-start setup. Note: Ensure to modify the default password for the default admin account. 6.2 Verify Software Version Now verify the version of software operating on the TOE by issuing a show version command and compare the displayed version to the expected version. If the version is not what is expected then follow the instructions in Section 7.7 to obtain and install the correct software image from Gigamon. 6.3 Configure the TOE to use Enhanced Security Mode Enhanced Security Mode must be configured to limit the cryptographic options to be consistent with the claims made for the Common Criteria evaluation. 1. Enter the following commands to secure cryptography mode: 10 P a g e config terminal system security crypto enhanced reload 2. Respond yes to Configuration has been modified; save first? and then confirm the reload. 3. Authenticate to the TOE. 4. Verify that after authenticating, the TOE reports System in secure cryptography mode. 6.4 Configure the TOE to record log and audit data (locally) In the evaluated configuration, all auditable events relevant to the Common Criteria evaluation are logged locally by entering the following commands. config terminal logging level audit mgmt info logging level cli commands info logging local info 6.5 Disable Telnet and Enable SSH2 Both Telnet and SSH2 can be configured for remote connections to the GigaVUE s Ethernet Management Port. By default, SSH2 is d and Telnet is disabled. In the Common Criteria evaluated configuration, Telnet must remain disabled. If Telnet is d, enter the following commands: config terminal no telnet-server If SSH2 is disabled, enter the following commands:

12 config terminal ssh server After verifying that Telnet is disabled and SSH2 is d, attempt to authenticate to the TOE with a SSH2 client by pointing the client at the TOE s IP address and using the default admin account s credentials. To be able to connect to the TOE, the SSH2 client must support diffie-hellman-group14-sha1 as the key exchange method, and one or more of the following encryption and data integrity algorithms. Encryption Algorithms: AES-CBC-128 or AES-CBC-256 Data Integrity Algorithms: hmac-sha1, hmac-sha2-256, or hmac-sha Configure and Access the WebGUI (aka H-VUE) Follow the instructions for enabling the WebGUI by following the directions under Enabling the <MODEL NAME> Web Server Section in documents [5] through [8]. Then continue with that Section s directions for connecting and authenticating to the WebGUI. The WebGUI can be accessed by navigating to in a web browser. Web browsers that should be used in the Common Criteria evaluated configuration are Microsoft Internet Explorer 11 or higher and Google Chrome 36 or higher. These web browsers must be configured to support TLS 1.0, and one or more of the following ciphersuites: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA The TOE supports HTTPS and HTTP for the WebGUI. By default, HTTPS is d and HTTP is disabled. In the Common Criteria evaluated configuration, HTTP must remain disabled. If HTTP is d, enter the following commands: config terminal no web http Note: Ensure to modify the default password for the default admin account. 7 Secure Management of Gigamon GigaVUE 7.1 Authenticating to Gigamon GigaVUE Users must authenticate to Gigamon GigaVUE in order to perform any management functions. Section 8.4 of the ST discusses the process in which Gigamon GigaVUE authenticates users via the CLI, WebGUI or remotely via LDAP. Section also discusses the trusted channels that are invoked in order to send the data securely. Local users login to the Command line interface (CLI) using username and password, while remote users can login to GigaVUE via the CLI using username and password or public key based authentication. User authentication information that is sent remotely via the CLI is protected using SSHv2. Users may also 11 P a g e

13 authenticate remotely via a WebGUI that is protected using TLS/HTTPS. Remote authentication is possible using an LDAP server for its user store. Note: Connections to the LDAP server are protected with TLS. The TLS session for an LDAP request establishes and terminates almost immediately, making it nearly impossible to interrupt the TLS session. If the LDAP server is unreachable, the TOE will only perform a single attempt to connect to the LDAP server and will then default to verifying the authentication credential s to the TOE s local store Public-Key Based Authentication Configuration SSH public/private key pairs must be generated or loaded on the TOE so that SSH authentication using a public- key is possible. Perform the following steps to add an authorized public-key to a user on the TOE: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands on the TOE: config terminal ssh client user <USERNAME> authorized-key sshv2 <PUBLIC KEY> 3. Provide the user the corresponding private key for their use to authenticate via SSH. 4. The user would then load the private key on their SSH client when attempting to authenticate LDAP Authentication Configuration (CLI) Perform the following steps to configure the LDAP server on the TOE via the CLI. Refer to Adding an LDAP Server Section in document [1] for more information. 1. Authenticate to the TOE via the CLI as an Admin user 2. Enter the following commands on the TOE to install the public-key for the LDAP server: config terminal crypto certificate name <NAME> public-cert pem -----BEGIN CERTIFICATE----- <CERT_DATA_HERE>-----END CERTIFICATE----- crypto certificate ca-list default-ca-list name <INSTALLED CERTIFICATE> 3. Refer to the ldap section in document [1] between pages 773 and 776 to configure the LDAP parameters. The commands below are provided as an example of the LDAP parameters that need to be defined for a working configuration. The commands in bold must be configured as such in the evaluated configuration. ldap base-dn <STRING> ldap bind-dn <STRING> ldap bind-password <PASSWORD HERE> ldap group-attribute <STRING> ldap host <LDAP_SERVER_IP_ADDRESS_HERE> ldap login-attribute <STRING> ldap ssl mode tls ldap ssl ca-list default-ca-list ldap ssl cert-verify ldap version 3 12 P a g e

14 4. Refer to the aaa authentication section in document [1] between pages 661 and 664 to configure the AAA Authentication parameters. The command below is provided as an example of the AAA Authentication parameters that need to be defined for a working configuration. The command is in bold because it must be configured as such in the evaluated configuration. aaa authentication login default ldap local 5. Refer to the aaa authorization section in document [1] between pages 664 and 665 to configure the AAA Authorization parameters. The commands below are provided as an example of the AAA Authorization parameters that need to be defined for a working configuration. aaa authorization map order <POLICY> aaa authorization map default-user <USER> LDAP Authentication Configuration (WebGUI) Perform the following steps to configure the LDAP server on the TOE via the WebGUI. 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Refer to the Configuring Authentication and Authorization (AAA) section in document [2] between pages 182 and 183 to configure AAA. The following options must be chosen: a. First Priority: LDAP b. Second Priority: Local 3. Refer to the Adding an LDAP Server section in document [2] on page 190 to add an LDAP server. 4. Refer to the Configuring LDAP Authentication section in document [2] between pages 195 and 196 to configure LDAP authentication. The following options must be chosen: a. LDAP Version: v3 b. SSL Mode tls c. SSL Cert Check: on d. SSL ca-list: default CA list Note: Installing the public-key for the LDAP server must be performed via the CLI. Refer to Section steps 1 and 2 for directions for installing the public-key. 7.2 Managing Users GigaVUE has role based authentication. There are three roles which can be Admin, Operator, or Monitor, depending on the role assigned by an Authorized Administrator and each has different levels of authorization in terms of the functions that can be performed by them. All SFR relevant management activity is performed by the Admin role. The Admin user corresponds to the PP s definition of Authorized Administrator. Only Admin users have the ability to assign roles to users and more than one role may be assigned to a user Create a New Admin User Account (CLI): 1. Authenticate to the TOE via the CLI as an Admin user. 2. Select a password that meets the password strength requirements in section Enter the following commands to create a new user account: config terminal username <USERNAME> password <PASSWORD> 13 P a g e

15 username < USERNAME> roles add admin Note: An Admin user can delete user accounts with the no username command Create a New Admin User Account (GUI): 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Roles and Users > Users 3. Click on Add. 4. Fill in the fields as appropriate. 5. Assign the user the admin capability and click Save. Note: An Admin user can delete user accounts under the Roles and Users > Users by selecting the user and clicking Delete. 7.3 Password Management Passwords can be composed using any combination of upper case and lower case letters, numbers and special characters. The special characters that are supported include the #, $, %, ^, &, *, (, and ). The password policy includes a configurable minimum length, which can be configured by an Admin user to any value between 15 and 30 in the evaluated configuration. Perform the following steps to configure minimum length for passwords: 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to secure passwords mode: config terminal system security passwords enhanced system security passwords min-length 15 show system 3. Verify the TOE reports Configured secure passwords mode : d and Minimum password length : 15. In order to minimize the risk of account compromise, it is recommended to use a password that includes a mixture of uppercase, lowercase, numeric, and special characters and is not a common word or phrase, but is not so complex that it must be written down in order to be remembered. 7.4 Session Termination Admin Logout The Admin is able to terminate their own session by entering the "Exit" command when logged into the local console or remote CLI via SSH. The Admin can terminate their own session by clicking on the "logout" tab when logged into the WebGUI. 14 P a g e

16 7.4.2 Termination from Inactivity The TOE is designed to terminate a local session after a specified period of time with a default setting of 15 minutes. The TOE has a single configuration for the CLI accessed via the serial port and the CLI accessed via SSH. In the event that the inactivity setting is met while users are logged into the CLI via the serial port, the session will end. In the event that the inactivity setting is met while users are logged into the CLI via SSH, the TOE tears down the SSH connection. This setting can be configured between minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The CLI timeout is configured via the CLI by an Admin user with the following commands: 15 P a g e config terminal cli default auto-logout <MINUTES> In the event that the inactivity setting is reached while a user is logged into the WebGUI, the session will end. This setting can be configured between minutes. The value of 0 means that this setting is disabled and there is no timeout configured. The WebGUI timeout can be configured via the CLI by an Admin user with the following commands: config terminal web auto-logout <MINUTES> Additionally, an Admin user authenticated to the WebGUI can only configure the timeout setting for the WebGUI and they would use the following steps: 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Global Settings > Web. 3. Click Edit. 4. In the field for Auto logout Timeout enter <MINUTES> 5. Click Save 7.5 Login Banner The CLI login banner is created by an Admin user authenticated to the CLI with the following commands: config terminal banner login <STRING> The WebGUI login banner is created by an Admin user authenticated to the WebGUI with the following steps: 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Settings > Global Settings > Hostname 3. Click on Edit 4. Enter <BANNER TEXT> in the Login Message box. 5. Click Save

17 7.6 System Time Configuration In the evaluated configuration of the TOE, the system time can either be set manually or by synchronizing with an NTP server in the TOE s Operational Environment. Only an Admin user is able to perform these operations Manually Configure the Time (CLI) 1. Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following command to view the current time: show clock 3. Enter the following commands to set the date and time: config terminal clock set <hh:mm:ss> [<yyyy/mm/dd>] Manually Configure the Time Configuration (WebGUI) 1. Authenticate to the TOE via the WebGUI as an Admin user. 2. Click on Settings > Date And Time. This step will also allow the Admin user to view the current time. 3. Click on Edit 4. Specify a new date and time in the fields and then click Save Configure Connection to an NTP Server (CLI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the CLI with the following commands: config terminal ntp ntp server [NTP_SERVER_IP_ADDRESS] Refer to the ntp section of document [1] on pages 808 and 809 for more information regarding configuring a connection to an NTP server Configure Connection to an NTP Server (GUI) The TOE can be configured to connect to an NTP server by an Admin user authenticated to the Web with the following steps: 1. Authenticate to the WebGUI 2. Click on Settings > Date and Time > NTP 3. Click Add 4. Populate the Server IP field with the NTP server IP address and version field 5. Check the server d box, and uncheck the key d box 6. Click on Settings > and check Enabled for NTP time synchronization and click Save 16 P a g e

18 7.7 Secure Updates To maintain security throughout the lifecycle of the GigaVUE product, the TOE provides a mechanism to apply software upgrades. To upgrade the software, the new software image must be either available on the Gigamon update server or on a local update server. The Gigamon update server is a Gigamon hosted site and the Admin user must enter a username and password to download the image. The local update server is under the control of the Admin user and is used by the Admin user to store a downloaded image. The following sections describe the steps which must be taken in order to install a new software image either by using the CLI or by using the WebGUI. Both communications channels are protected by TLS/HTTPS. If the connection is interrupted during a download of the software update but the TLS/HTTPS session has not timed out, the TOE will automatically continue the software update download over TLS/HTTPS once the connection has been re-established. If the TLS/HTTPS session has timed out, the Admin user will have to re-initiate the download of the software update Display the Current Version (CLI) Before downloading a new image, the current version of the software image should be identified. The current version of the software image is displayed via the CLI by using the command show version Display the Current Version (WebGUI) The current version of the software image is displayed via the WebGUI by following these steps: 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Reboot and Upgrade > Images. 3. Note the current version of the currently booted partition Downloading and Installing the New Image (CLI) The image command is used via the CLI to download and install the new image. For more information on the image command, refer to the image Section in document [1] between pages 741 and Authenticate to the TOE via the CLI as an Admin user. 2. Enter the following commands to fetch an update to the TOE: config terminal image fetch 3. After the update has been fetched, enter the following commands on the TOE to initiate the update: image install <FILENAME> install-boot image boot next 4. If prompted to save modified configuration, answer yes. 5. Once the TOE reboots, enter the write memory command. 17 P a g e

19 7.7.4 Downloading and Installing the New Image (WebGUI) On the WebGUI the following steps must be performed in order to download and install the new image. 1. Authenticate to the TOE via the WebGUI as an Admin user 2. Click on Settings > Reboot and Upgrade > Images 3. Click on New 4. Choose the install from local file option if installing from the local file server and select choose file 5. Alternatively if installing from the Gigamon or local update server, choose the Install from url option and provide the url Rebooting TOE (CLI) Once the image has been installed, the TOE must be rebooted for the new image to take effect and become the executing image. On the CLI this is achieved by using the following command: Reload Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section or above Rebooting the TOE (WebGUI) On the WebGUI the Admin user must navigate to the Settings > Reboot and Upgrade > Reboot screen. Once the TOE fully reboots, the new version of the software can be checked by performing the steps of section or above Actions to be Taken Upon Failure The software image for the TOE contains a digital signature. If an attempt is made to download and install an illegitimate update, the Admin user must obey the verification warning from the TOE that the digital signature has failed and reject the software image by not installing. The Admin user can attempt to repeat the process to determine if the error condition disappears. However if the error continues then the attempts to perform a software update should be halted. 8 Auditing In order to be compliant with Common Criteria, GigaVUE must audit the events in the table below. The audit records that GigaVUE creates include the date and time, outcome of the event, event type, subject identity and the source of the event. Auditing is turned on and off by using the logging command, refer to Section 6.4 for more information. The show log or show logs command displays audit information. It is possible to use regular expressions in the show log command to restrict the search. 18 P a g e

20 Component Event Additional Information Audit Examples FAU_GEN.1 Startup and shutdown of audit functions Startup of audit functions: Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.info]: Config change ID 8: requested by: user admin (System Administrator) via CLI, 1 item(s) changed Nov 5 17:15:59 GigaVUE-HD mgmtd[1957]: [mgmtd.info]: Config change ID 8: item 1: CLI command log level changed from "none" to "info" Shutdown of audit functions: FCS_TLS_EX T.1 Failure to establish an TLS session Establishme nt/terminati on of a TLS session. Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 5 17:07:44 GigaVUE-HD cli[2441]: [cli.info]: user admin: Executing command: logging level cli commands none Failure to establish session (TLS): Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [notice] [client ] Connection to child 7 established (server GigamonHD4:443) Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [error] [client ] (70014)End of file found: SSL handshake interrupted by system [Hint: No shared ciphers or stop button pressed in browser?!] Jan 27 17:05:12 GigamonHD4 httpd[20125]: [Wed Jan 27 17:05: ] [notice] [client ] Connection closed to child 7 with abortive shutdown (server GigamonHD4:443) Session establishment (TLS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (TLS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection closed to child 3 with standard shutdown (server GigamonHD4:443) FCS_SSH_EX Failure to Reason for failure. Failure to establish SSH session: 19 P a g e

21 T.1 establish an SSH session Establishme nt/terminati on of an SSH session. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 4 14:07:44 GigaVUE-HD sshd[4691]: Connection from port Nov 4 14:07:44 GigaVUE-HD sshd[4691]: fatal: Unable to negotiate a key exchange method [preauth] Nov 4 14:08:28 GigaVUE-HD sshd[4714]: Connection from port Nov 4 14:08:28 GigaVUE-HD sshd[4714]: fatal: no matching mac found: client hmac-md5 server hmacsha1,hmac-sha2-256,hmac-sha2-512 [preauth] Nov 4 14:09:06 GigaVUE-HD sshd[4737]: Connection from port Nov 4 14:09:06 GigaVUE-HD sshd[4737]: fatal: no matching cipher found: client 3des-cbc server aes128- cbc,aes256-cbc [preauth] Session establishment (SSH): Nov 4 13:24:20 GigaVUE-HD sshd[3753]: Connection from port Session termination (SSH): FCS_HTTPS_ EXT.1 Failure to establish an HTTPS session. Establishme nt/terminati on of an HTTPS session. Reason for failure. Non-TOE endpoint of connection (IP address) for both successes and failures. Nov 4 13:24:51 GigaVUE-HD sshd[3753]: Connection closed by [preauth] Failure to establish session (HTTPS): Refer to 'Audit log(s) for FCS_TLS_EXT.1' Session establishment (HTTPS): Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 established (server GigamonHD4:443) Jan 27 16:59:37 GigamonHD4 httpd[20123]: [Wed Jan 27 16:59: ] [notice] [client ] Connection to child 3 completed successfully (server GigamonHD4:443) Session termination (HTTPS): Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.info]: ugwd_release_session_ptr: sessions IIj5UbD9HXxluUE5IqvnBxxRCheg67fQWLpBeD35 BEBmAAg= count 0 logout 1 Nov 4 13:20:04 GigaVUE-HD ugwd[2088]: [ugwd.info]: session 1: closing for peer mgmtd user 20 P a g e

22 i: (0/0) 0 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: session 37: closing for peer ugwc user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.notice]: User admin (System Administrator) from logged out of Web UI Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: Web session 8 closed Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD wsmd[2078]: [wsmd.info]: Recording web logout of user admin on device /dev/web/8 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.notice]: User admin: logout from through trusted ugwc.8 channel. Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: session 36: closing for peer wsmd user admin (0/0) 1 Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: EVENT: /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Calling internal interest callback for event /mgmtd/session/events/logout Nov 4 13:20:04 GigaVUE-HD mgmtd[1954]: [mgmtd.notice]: User admin: logout from 21 P a g e

23 through trusted web channel. Nov 4 13:20:08 GigaVUE-HD gsd[2079]: [gsd.info]: gsd_mon_handle_get(), gsd_mgmt.c:422: bname: /gv/internal/state/liveness/gsd Local console login: Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin (local user admin) authentication method: local Oct 29 02:50:25 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: login from local through trusted cli channel. GUI login: Oct 29 04:59:16 GigaVUE-HD <EF><BB><BF><14>tornado.login: [INFO]: user admin attempting login from Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 13 created Oct 29 04:59:16 GigaVUE-HD wsmd[2237]: [wsmd.info]: Recording web login of user admin on device /dev/web/13 FIA_UIA_EX T.1 All use of the identificatio n and authenticati on mechanism. Provided user identity, origin of the attempt (e.g., IP address). Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: Opened session: 73 Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 73: opened for client wsmd user admin (0/0) 1 Oct 29 04:59:17 GigaVUE-HD wsmd[2237]: [wsmd.info]: session 1: client open for peer mgmtd (local name wsmd ) Oct 29 04:59:17 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: TRUSTED_AUTH_INFO (user admin/admin): validated OK LDAP GUI login: Oct 29 05:06:04 GigaVUE-HD <EF><BB><BF><14>tornado.login: [INFO]: user testuser1 attempting login from Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 14 created Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.info]: Recording web login of user admin on device /dev/web/14 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: Opened session: P a g e

24 Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 75: opened for client wsmd user testuser1 (0/0) 1 Oct 29 05:06:09 GigaVUE-HD wsmd[2237]: [wsmd.notice]: User testuser1 local user admin (System Administrator) logged into Web UI from Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: TRUSTED_AUTH_INFO (user testuser1/admin): validated OK Oct 29 05:06:09 GigaVUE-HD ugwd[2247]: [ugwd.info]: remote user id: testuser1, local user id: admin Oct 29 05:06:09 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User testuser1 (local user admin) authentication method: ldap SSH login using public key: Jan 27 12:57:39 GigamonHD4 sshd[18546]: Connection from port Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Postponed publickey for cctl from port ssh2 [preauth] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Found matching RSA key: de:2c:f2:4b:e6:f7:37:5e:41:18:96:c3:51:27:59:5a:09:3 c:47:c9 [SHA-1] Jan 27 12:57:41 GigamonHD4 sshd[18546]: Accepted publickey for cctl from port ssh2 Jan 27 12:57:41 GigamonHD4 sshd[18546]: User cctl logged in via ssh2 from SSH login using password: Oct 29 02:58:04 GigaVUE-HD sshd[3477]: Connection from port Oct 29 02:58:11 GigaVUE-HD sshd[3477]: Accepted keyboard-interactive/pam for admin from port ssh2 Oct 29 02:58:11 GigaVUE-HD sshd[3477]: User 23 P a g e

25 admin (System Administrator) logged in via ssh2 from FIA_UAU_E XT.2 All use of the authenticati on mechanism. Origin of the attempt (e.g., IP address). See FIA_UIA_EXT.1 CLI Changes to time: Nov 4 13:43:10 GigaVUE-HD cli[4166]: [cli.info]: user admin: Executing command: show clock Nov 4 13:43:14 GigaVUE-HD cli[3985]: [cli.info]: user admin: Executing command: show log Nov 4 13:43:36 GigaVUE-HD cli[4166]: [cli.info]: user admin: Getting command line help: "clock set 13:44:00?" Nov 4 13:43:41 GigaVUE-HD cli[4166]: [cli.info]: user admin: Executing command: clock set 13:44: /11/04 Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: requested by: user admin (System Administrator) via CLI FPT_STM.1 Changes to the time. The old and new values for the time. Origin of the attempt (e.g., IP address). Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: descr: system clock: set date and time Nov 4 13:43:41 GigaVUE-HD mgmtd[1954]: [mgmtd.info]: Action ID 27: param: date and time: 2015/11/04 13:44:00 Nov 4 13:44:00 GigaVUE-HD pm[1953]: [pm.info]: Restarting process crond (Cron Daemon) from RUNNING state GUI changes to time: Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.info]: Action ID 51: descr: system clock: set date and time Jan 27 15:15:03 GigamonHD4 mgmtd[1944]: [mgmtd.info]: Action ID 51: param: date and time: 2015/01/27 19:14:48 Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.info]: Restarting process crond (Cron Daemon) from RUNNING state Jan 27 19:14:48 GigamonHD4 pm[1943]: [pm.notice]: Terminating process crond (Cron 24 P a g e

26 Daemon) NTP changes to time: Nov 16 16:07:49 gigamon-20016a ntpd[3114]: synchronized to , stratum 1 FPT_TUD_E XT.1 Initiation of update. No additional information Nov 18 18:18:04 gigamon-20016a ntpd[3114]: time reset s Initiation of update (CLI): Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.info]: user admin: Executing command: image install hdccv2_ img install-boot Nov 2 12:27:53 GigaVUE-HD cli[2377]: [cli.info]: user admin: Tracking progress on operation ID cli Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: requested by: user admin (System Administrator) via CLI Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: descr: install system software image Nov 2 12:27:53 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 8: param: image filename: hdccv2_ img, version: GigaVUE-OS hd_4402_bah # :41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Initiation of update (GUI): Oct 30 10:48:02 GigaVUE-HD ugwd[2085]: [ugwd.info]: :wsmd_user_id: admin, and wsmd_local_user_id :admin Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: requested by: user admin (System Administrator) via ugwc-2085 Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: descr: install system software image FTA_SSL_EX T.1 Any attempts at unlocking No additional information. Oct 30 10:48:02 GigaVUE-HD mgmtd[1949]: [mgmtd.info]: Action ID 7: param: image filename: hdccv2_ img, version: GigaVUE-OS hd_4402_bah # :41:06 ppc gvcc2 build_master@jenkins-slave021:svn57106 Session termination due to inactivity (local console): 25 P a g e

27 FTA_SSL.3 of an interactive session. The termination of a remote session by the session locking mechanism. No additional information. Oct 28 20:00:42 GigaVUE-HD cli[10349]: [cli.notice]: user admin: Inactive for 3 minutes -- automatically logging out Session termination due to inactivity (remote CLI): Oct 28 18:32:51 GigaVUE-HD cli[8386]: [cli.notice]: user admin: Inactive for 3 minutes -- automatically logging out Session termination due to inactivity (remote WebGUI): FTA_SSL.4 The termination of an interactive session. No additional information. Oct 28 19:20:33 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 21 timed out due to inactivity Manual session termination by admin (local console): Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.info]: user admin: Executing command: exit Oct 29 11:10:22 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: logout from local through trusted cli channel. Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.info]: user admin: session 1: closing, but already closed Oct 29 11:10:22 GigaVUE-HD cli[29757]: [cli.notice]: user admin: CLI exiting Oct 29 11:10:22 GigaVUE-HD login: pam_unix(login:session): session closed for user admin Manual session termination by admin (remote CLI): Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.info]: user admin: Executing command: exi Oct 29 11:13:20 GigaVUE-HD mgmtd[2115]: [mgmtd.notice]: User admin: logout from through trusted cli channel. Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.info]: user admin: session 1: closing, but already closed Oct 29 11:13:20 GigaVUE-HD cli[29837]: [cli.notice]: user admin: CLI exiting Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Connection closed by P a g e

28 Oct 29 11:13:20 GigaVUE-HD sshd[29832]: pam_unix(sshd:session): session closed for user admin Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Transferred: sent 3408, received 3056 bytes Oct 29 11:13:20 GigaVUE-HD sshd[29832]: Closing connection to port Manual session termination by admin (remote WebGUI): Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.info]: ugwd_release_session_ptr: sessions IKklQOWsG3GsGsAHUT7LronYyFy54sZej6VCAhc ZgCYCABs= count 0 logout 1 Oct 29 11:17:47 GigaVUE-HD ugwd[2247]: [ugwd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 Oct 29 11:17:47 GigaVUE-HD mgmtd[2115]: [mgmtd.info]: session 129: closing for peer ugwc user admin (0/0) 1 Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.notice]: User admin (System Administrator) from logged out of Web UI Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.info]: session 1: closing for peer mgmtd user i: (0/0) 0 FTP_ITC.1 Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions. Identification of the initiator and target of failed trusted channels establishment attempt. Oct 29 11:17:47 GigaVUE-HD wsmd[2237]: [wsmd.info]: Web session 27 closed Initiation & termination of the trusted channel (HTTPS update web server): Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.info]: user admin: Executing command: image fetch Nov 2 12:27:06 GigaVUE-HD cli[2377]: [cli.info]: user admin: Tracking progress on operation ID cli Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 7: requested by: user admin (System Administrator) via CLI Nov 2 12:27:06 GigaVUE-HD mgmtd[1943]: [mgmtd.info]: Action ID 7: descr: download file Nov 2 12:27:30 GigaVUE-HD progress[2401]: 27 P a g e