TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3 RADWARE APPXCEL... 3 ALADDIN ESAFE GATEWAY... 4 SOLUTION DETAILS...5 TESTED NETWORK OVERVIEW... 6 HTTP NETWORK FLOW... 7 HTTPS NETWORK FLOW... 8 CONFIGURATION...9 RADWARE SECUREFLOW - ACTIVE... 9 RADWARE SECUREFLOW - BACKUP... 14 ALADDIN ESAFE CONFIGURATION... 15 APPXCEL CONFIGURATION... 16 CERTIFICATE GENERATION AND INSTALLATION... 16 TECHNICAL SUPPORT...18 TECHNICAL SOLUTION GUIDE DATE: Thursday, December 22, 2005 Version: 1.0 Author Elad Kurzweil
Introduction Security alongside functionality is the main concern for organizations. Every organization strives for all its local users who access the World Wide Web, to be able to do so without posing security threats to the organization's network and yet without slowing down and complicating the daily work process. In other words, when it comes to the core issues of daily work and the flow of data in and out of an organization, the ultimate goal of any successful and productive entity is to achieve maximum security along with transparent operation. Organizations spend millions of dollars annually to avoid having their incoming and outgoing data exposed to security threats such as virus attacks, Spams and intrusions. Aladdin's esafe Gateway serves as the ultimate solution for such security threats. With its ability to provide and operate various functions such as Proactive Anti-virus, Signature anti virus, Application Filtering and Spam management, esafe addresses all layers of content security and provides excellent protection that can be easily utilized by any type of organization. More so, the combined technologies of Aladdin's esafe along with Radware's AppXcel enhance the security protection to an even higher level. The usage of SSL with web based applications is highly popular among many of today's organization's, however, it exposes many of them to additional security threats since encrypted traffic can not be inspected and scanned by network security devices, such as Aladdin's esafe. AppXcel's ability to inspect secure transactions provides and extra layer of protection to any out going or incoming data, ensuring only recognized and approved data is released from or entered into the organization's network. Furthermore, while esafe and AppXcel may address and solve content security issues, functionality problems may still exist. Scalability, availability and performance problems may lead to overloading and crashes. The ultimate goal of any organization should be to achieve transparent interception in which the user's daily work will not be interrupted and professional affectivity will still be achieved, with minimal administration overhead. Radware s SecureFlow addresses and helps avoiding such problems. It optimizes the performance and high availability of all types of content inspection devices, such as esafe Gateway and AppXcel thus being able to centrally manage content inspection and avoid the above-mentioned operational obstacles. The traffic management ability of SecureFlow allows for scalability along with the growth in new users without causing additional functionality failures. In conclusion, the combined solution of Aladdin's esafe along with Radware's AppXcel and SecureFlow allows any organization to achieve all related security goals while enhancing the achievement of its operational goals. 2
Radware SecureFlow SecureFlow enables transparent, selective integration of content inspection, anti-virus, VPN, IDS and firewall best-of-breed security tools into a unified switched architecture to eliminate the security/performance tradeoff and improve ROI. SecureFlow ensures high security tool availability, eliminates security bottlenecks and boosts security processing speeds while enabling cost effective security scaling letting you extract more value from your combined defense architecture. Affording centralized security resource management, SecureFlow enables the seamless addition of new security tools, for complete security vendor freedom, with no performance or integration overhead making it easy to change/add new tools to meet emerging security needs. SecureFlow s powerful policy-based flow control coordinates security operations across multiple devices letting you custom fit security operations while greatly simplifying management. SecureFlow combines the power of Multi-Gigabit Application Switching hardware with APSolute OS Application-Smart Networking including traffic classification and flow management, health monitoring and failure bypassing, traffic redirection, bandwidth management, intrusion prevention and DoS protection, unifying security operations across any combined security architecture for unified high performing defense. Radware AppXcel AppXcel provides end-to-end application acceleration for web-based, SSL-based FTP applications, and all types of clients such as desktops, PDAs and smart-phones, enabling complete transaction reliability, accelerated transaction response time and cost effective scalability. AppXcel is a high yield application accelerator, driving application performance using a comprehensive set of AoIP acceleration technologies including compression, caching, connection pooling, TCP optimization, SSL offloading and wireless acceleration for fastest application and transaction response times and the best end user experience across the LAN, WAN and the Internet. AppXcel allows for economical and transparent scaling of server resources and delivers immediate ROI by optimizing server resources and boosting webbased application speeds by up to 500%. AppXcel dramatically reduces transaction response times by compressing web content, optimizing images, HTTP connection multiplexing and controlling bandwidth utilization. By offloading SSL and persistent functions (processor and server intensive operations) from servers, AppXcel frees the CPU to handle additional requests, thus eliminating the need to buy additional hardware in order to support application processing requirements. AppXcel clustering enables further transaction scalability delivering up to 35,000 TPS, for unlimited transaction growth. AppXcel uses a high throughput, dedicated and specialized acceleration platform that enables fastest SSL transactions per second and supports concurrent connections managing certificates. Featuring client and server side SSL sniffing, AppXcel provides complete transaction visibility and security of encrypted traffic, preventing SSL virus tunneling while guaranteeing end-to-end application-smart performance tuning for web-enabled, SSL-based applications on all types of clients including desktops, PDAs, and smart-phones. For more information, please visit: http://www.radware.com 3
Aladdin esafe Gateway esafe's integrated content security is fast and proactive, preventing known and unknown malicious code, spam, non-productive and inappropriate content from entering your network. It addresses all layers of content security, and delivers superior protection that is easy to deploy and manage. esafe is a comprehensive, fully-integrated content security solution that addresses all content security layers. It includes: Proactive anti-virus: Proactively blocks most zero-hour malicious code, including worms and Trojans. Signature anti-virus: ICSA and Checkmark certified to block 100% of in-the-wild viruses. Exploit protection: Proactively block security vulnerability attacks in all email and on the web. HTTP protocol enforcement and exploit detection. HTML inspection for malicious scripts and exploits in web pages, webmail and email body. Email standardization to RFC standards eliminates known and unknown exploits. Email Compliance based on textual content and attached file types. Web/URL Filtering according to category, content, and files types. Application Filtering of Internet worms, spyware, IM, P2P, remote control applications and tunneling. Spam Management blocks the flood of unsolicited bulk email, saving time and money. 4-Layer Spyware Blocking Layer 1: Spyware download blocking Layer 2: Spyware ID blocking Layer 3: Spyware signature blocking Layer 4: Spyware communications blocking For more information, please visit: http://www.aladdin.com 4
Solution Details The document presents an organization that wants to protect his local network from viruses using HTTP and HTTPS traffic. The local client connects to the web via HTTP or HTTPS (encrypted mode). The configuration is with 2x SecureFlow Active and backup, 2x AppXcel (or more), 2x Aladdin esafe Gwateway (or more). Aladdin esafe Gateway are working as a transparent/spoofed router (2x legs) the SecureFlow has enable special feature that can work with 2x legs connected to the device called Alternate leg. HTTP Traffic Flow: If the client generates an HTTP request, the request will pass through the SecureFlow. The SecureFlow will forward it to the available esafe as HTTP request. If the session is infected the esafe will drop the session and inform the client that this request is not allowed. If the session passed the esafe inspection the esafe will forward it back to the SecureFlow. The SecureFlow will forward the session to the desired WEB address. Return traffic will go back the same way. HTTPS Traffic Flow: If an HTTPS request is generated by the client the request will pass through the SecureFlow, the SecureFlow will forward it to the available AppXcel as HTTPS request; the AppXcel will decrypt the request to HTTP and forward it back to the SecureFlow. Then, the SecureFlow will choose one of the available esafe Gateways for HTTP inspection. If the session is infected the esafe will drop the session and inform the client that this request is not allowed. If the session passed the esafe inspection the esafe will forward it back to the SecureFlow. The SecureFlow will forward the session to the AppXcel; the AppXcel will encrypt the session as HTTPS and forward it to the SecureFlow. Finally the SecureFlow will forward the HTTP session to the desired WEB address. Return traffic will go back the same way. Software and Hardware The following is a list of hardware and software tested to verify the interoperability of the presented solution: Aladdin esafe Gateway v.5.1.0 (2 units) Radware s SecureFlow v.4.10.02 (2 units) Radware s AppXcel v.3.21.07 (2 units) 5
Tested network overview Network Diagram 6
HTTP network flow 7
HTTPS network flow 8
Configuration RADWARE SECUREFLOW - ACTIVE 1. Create IP 2.1.1.1/24 on port 1 2. Create IP 1.1.1.1/24 on port 2 3. Create IP 3.1.1.1/24 on port 3 4. Create IP 4.1.1.1/24 on port 4 5. Create IP 5.1.1.1/24 on port 5 6. Create Default GW to 1.1.1.254 7. Farm Configuration: a. Create Farm called AppXcel.Farm.443 in SecureFlow -> Farms -> Security Farm Table with these parameters, i. Security Farm Name AppXcel.Farm.443 ii. Connectivity Checks Status - Health Monitoring iii. Dispatch Method Cyclic iv. Persistency Mode Client Table v. Leave all other fields as default b. Create Farm called AppXcel.Farm.80 in SecureFlow -> Farms -> Security Farm Table with these parameters, i. Security Farm Name AppXcel.Farm.80 ii. Connectivity Checks Status - Health Monitoring iii. Dispatch Method Cyclic iv. Persistency Mode Client Table v. Reflect Traffic at Flow End - Enable vi. Leave all other fields as default c. Create Farm called esafe.farm in SecureFlow -> Farms -> Security Farm Table with these parameters, i. Security Farm Name esafe.farm ii. Connectivity Checks Status - Health Monitoring iii. Dispatch Method Cyclic iv. Persistency Mode Client Table v. Leave all other fields as default 8. Server Configuration: NOTE: When configuring the server, it is required to define the alternate server address, since the Aladdin esafe GW acts as a router. a. Add Server 3.1.1.101 (AppXcel) to Farm AppXcel.Farm.443 (AppXcel-HTTPS) called AppXcel-1 in SecureFlow -> Servers -> Logical Security Servers Table with these parameters, i. Farm Address AppXcel.Farm.443 ii. Server Name AppXcel-1 iii. IP Address 3.1.1.101 iv. Leave all other fields as default 9
b. Add Server 3.1.1.102 (AppXcel) to Farm AppXcel.Farm.443 (AppXcel-HTTPS) called AppXcel-2 in SecureFlow -> Servers -> Logical Security Servers Table with these parameters, i. Farm Address AppXcel.Farm.443 ii. Server Name AppXcel-2 iii. IP Address 3.1.1.102 iv. Leave all other fields as default c. Add Server 4.1.1.101 (esafe Gatewayl) to Farm esafe.farm called esafe.server.1 in SecureFlow -> Servers -> Logical Security Servers Table with these parameters, i. Farm Address esafe.farm ii. Server Name esafe.server.1 iii. IP Address 4.1.1.101 iv. Alternate IP Address 5.1.1.101 v. Leave all other fields as default d. Add Server 4.1.1.102 (esafe Gatewayl) to Farm esafe.farm called esafe.server.2 in SecureFlow -> Servers -> Logical Security Servers Table with these parameters, i. Farm Address esafe.farm ii. Server Name esafe.server.2 iii. IP Address 4.1.1.102 iv. Alternate IP Address 5.1.1.102 v. Leave all other fields as default e. Add Server 3.1.1.101 (AppXcel) to Farm AppXcel.Farm.80 (AppXcel-HTTP) called AppXcel-1 in SecureFlow -> Servers - > Logical Security Servers Table with these parameters, i. Farm Address AppXcel.Farm.80 ii. Server Name AppXcel-1 iii. IP Address 3.1.1.101 iv. Leave all other fields as default f. Add Server 3.1.1.102 (AppXcel) to Farm AppXcel.Farm.80 (AppXcel-HTTP) called AppXcel-2 in SecureFlow -> Servers - > Logical Security Servers Table with these parameters, i. Farm Address AppXcel.Farm.80 ii. Server Name AppXcel-2 iii. IP Address 3.1.1.102 iv. Leave all other fields as default 9. Flow Table Configuration a. Create a Flow Table called HTTPS.to.AppXcel in SecureFlow -> Flow Management -> Farms Flow Table with these parameters i. Flow Name HTTPS.to.AppXcel ii. Farm Name AppXcel.Farm.443 iii. Farm Index - 1 b. Create a Flow Table called HTTP.from.AppXcel in SecureFlow -> Flow Management -> Farms Flow Table with these parameters i. Flow Name HTTP.from.AppXcel ii. Farm Name AppXcel.Farm.80 iii. Farm Index - 1 10
c. Create a Flow Table called HTTP.from.AppXcel in SecureFlow -> Flow Management -> Farms Flow Table with these parameters i. Flow Name HTTP.from.AppXcel ii. Farm Name esafe.farm iii. Farm Index - 2 d. Define the Clients network object that you wan to protects in Classes -> Modify Networks with these parameters, i. Name Clients-NET ii. Address 22.1.1.0 iii. Mask 255.255.255.0 iv. Mode IP Mask e. Define a Port Group attached to physical interface 3 called AppXcel in Classes -> Modify Port Group 10. Flow Table Policies Configuration a. Define the Farm flow rule Called HTTP.From.AppXcel to work with Farm Flow HTTP.Form.APPXCEL in SecureFlow -> Flow Management-> Modify Policies with these parameters, i. Name HTTP.From.AppXcel ii. Index 1 iii. Source Clients-NET iv. Destination Any v. Direction OneWay vi. Service Type Filter vii. Service HTTP viii. Farm Flow HTTP.From.AppXcel ix. Inbound Physical Port AppXcel x. Leave all other fields as default b. Define the Farm flow rule Called HTTP.to.eSafe to work with Farm Flow HTTP.to.eSafe in SecureFlow -> Flow Management-> Modify Policies with these parameters, i. Name HTTP.to.eSafe ii. Index 2 iii. Source Clients-NET iv. Destination Any v. Direction OneWay vi. Service Type Filter vii. Service HTTP viii. Farm Flow HTTP.to.eSafe ix. Leave all other fields as default c. Define the Farm flow rule Called HTTPS.to.AppXcel to work with Farm Flow HTTPS.to.AppXcel in SecureFlow -> Flow Management-> Modify Policies with these parameters, i. Name HTTPS.to.AppXcel ii. Index 3 iii. Source Clients-NET iv. Destination Any v. Direction OneWay vi. Service Type Filter vii. Service HTTPS viii. Farm Flow HTTPS.to.AppXcel ix. Leave all other fields as default 11
d. To activate the polices go to SecureFlow -> Flow Management-> Update Policies SecureFlow Health Monitoring Enable Health Monitoring in Health Monitoring -> Global Parameters Create a Check for HTTPS on server 3.1.1.101 in Health Monitoring -> Check Table o Check name AppXcel.1.HTTPS.Check o Method SSL o Dest IP - 3.1.1.101 o Dest Port 443 Create a Check for HTTPS on server 3.1.1.102 in Health Monitoring -> Check Table o Check name AppXcel.2.HTTPS.Check o Method SSL o Dest IP - 3.1.1.102 o Dest Port 443 Create a Check for HTTP on server 4.1.1.101 (esafe Management port) in Health Monitoring -> Check Table o Check name esafe.1.http.check o Method HTTP o Dest IP - 4.1.1.101 o Dest Port 80 Create a Check for HTTPS on server 4.1.1.102 (esafe Management port) in Health Monitoring -> Check Table o Check name esafe.2.http.check o Method HTTP o Dest IP - 4.1.1.102 o Dest Port 80 Bind the SSL check AppXcel.1.HTTPS.Check to Server 3.1.1.101 in Health Monitoring -> Binding Table Bind the SSL check AppXcel.2.HTTPS.Check to Server 3.1.1.102 in Health Monitoring -> Binding Table Bind the SSL check esafe.1.http.check to Server 4.1.1.101 in Health Monitoring -> Binding Table Bind the SSL check esafe.2.http.check to Server 4.1.1.102 in Health Monitoring -> Binding Table 12
11. VRRP Configuration a. Enable VRRP in SecureFlow -> Redundancy -> Global Configuration i. IP Redundancy Admin Status VRRP ii. Interface Grouping Enable iii. ARP with interface grouping Send iv. VLAN Redundancy Active v. Backup Fake ARP Enable vi. Backup Interface Grouping Enable b. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP - > VR Table i. IF Index 1 ii. VR ID 1 iii. Priority 255 (Highest number is Active device) iv. Primary IP 2.1.1.1 c. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP - > VR Table i. IF Index 2 ii. VR ID 2 iii. Priority 255 (Highest number is Active device) iv. Primary IP 1.1.1.1 d. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP - > VR Table i. IF Index 3 ii. VR ID 3 iii. Priority 255 (Highest number is Active device) iv. Primary IP 3.1.1.1 e. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP - > VR Table i. IF Index 4 ii. VR ID 4 iii. Priority 255 (Highest number is Active device) iv. Primary IP 4.1.1.1 vi. f. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP - > VR Table i. IF Index 5 ii. VR ID 5 iii. Priority 255 (Highest number is Active device) iv. Primary IP 5.1.1.1 g. Create Associated IP Addresses in SecureFlow -> Redundancy -> VRRP - > Associated IP Addresses i. IF Index 1, VR ID 1, Associated IP 2.1.1.1 ii. IF Index 2, VR ID 2, Associated IP 1.1.1.1 iii. IF Index 3, VR ID 3, Associated IP 3.1.1.1 iv. IF Index 4, VR ID 4, Associated IP 4.1.1.1 v. IF Index 5, VR ID 5, Associated IP 5.1.1.1 13
RADWARE SECUREFLOW - BACKUP 1. Create IP 2.1.1.2/24 on port 1 2. Create IP 1.1.1.2/24 on port 2 3. Create IP 3.1.1.2/24 on port 3 4. Create IP 4.1.1.2/24 on port 4 5. Create IP 5.1.1.2/24 on port 5 6. Create Default GW to 1.1.1.254 7. Copy all configuration from the Active SecureFlow device 8. VRRP Configuration a. Enable VRRP in SecureFlow -> Redundancy -> Global Configuration i. IP Redundancy Admin Status VRRP ii. Interface Grouping Enable iii. ARP with interface grouping Send iv. VLAN Redundancy Active v. Backup Fake ARP Enable vi. Backup Interface Grouping Enable b. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP -> VR Table i. IF Index 1 ii. VR ID 1 iii. Priority 100 (Highest number is Active device) iv. Primary IP 2.1.1.1 c. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP -> VR Table i. IF Index 2 ii. VR ID 2 iii. Priority 100 (Highest number is Active device) iv. Primary IP 1.1.1.1 d. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP -> VR Table i. IF Index 3 ii. VR ID 3 iii. Priority 100 (Highest number is Active device) iv. Primary IP 3.1.1.1 14
e. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP -> VR Table i. IF Index 4 ii. VR ID 4 iii. Priority 100 (Highest number is Active device) iv. Primary IP 4.1.1.1 vi. f. Create Virtual Router interfaces in SecureFlow -> Redundancy -> VRRP -> VR Table i. IF Index 5 ii. VR ID 5 iii. Priority 100 (Highest number is Active device) iv. Primary IP 5.1.1.1 g. Create Associated IP Addresses in SecureFlow -> Redundancy -> VRRP -> Associated IP Addresses i. IF Index 1, VR ID 1, Associated IP 2.1.1.1 ii. IF Index 2, VR ID 2, Associated IP 1.1.1.1 iii. IF Index 3, VR ID 3, Associated IP 3.1.1.1 iv. IF Index 4, VR ID 4, Associated IP 4.1.1.1 v. IF Index 5, VR ID 5, Associated IP 5.1.1.1 ALADDIN ESAFE CONFIGURATION 1. Install the Software according to the setup instruction on the screen. 2. Add IP to the esafe Gateway legs 5.1.1.101/24 for the External leg and 4.1.2.101/24 for the internal leg. 3. Configure a default gateway to 0.0.0.0/0 -> 5.1.1.1 4. Add a static route to clients network 22.1.1.0/24 -> 4.1.1.1 15
APPXCEL CONFIGURATION Login to through the console (Baud rate 19200, stop bits -8, parity none) with user/password radware/radware Write the following commands system mode set client-ssl-sniffing - and press Y for yes ct server-cipher set press Y for yes and choose number 2 for All ct proxy key create 1 1024 - write a password that you like and repeat it. (???) ct ssl-sniffing ip create 3.1.1.101 255.255.255.0 -inf 1 press Y ct proxy certificate create 1 leave all areas as default ct ssl-sniffing key set 1 press Y ct client-cipher set choose the number 2 for ALL ct server-auth-action update default forward press Y net route create defaultgw 3.1.1.1 CERTIFICATE GENERATION AND INSTALLATION In order to work with AppXcel certificate and get rid of the Security Alert in the browser there is a need to export the Certificate from the AppXcel and install it on each client. Exporting the Cerificate from the AppXcel: 1. In the AppXcel run the command - ct certificate export <keyid> 2. Select one of the following options: Zmodem Ascii (Cut & Paste) Quit Choose Ascii 3. Choose the relevant certificate format according to the list below: Zmodem PEM format or pkcs12 format Ascii PEM Format Choose Ascii PEM format 4. A print of the Certificate will display on the CLI screen like this: -----BEGIN CERTIFICATE----- MIIDujCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoDELMAkG A1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEw hozxcgww9yazeqma4ga1uechmhumfkd2fyztebmbkga1uecxm SQXBwbGljYXRpb25TZXJ2ZXJzMRgwFgYDVQQDEw93d3cucmFkd2F yzs5jb20xijagbgkqhkig9w0bcqewe3n1chbvcnracmfkd2fyzs5jb 20wHhcNMDUxMjIxMTEyMTMyWhcNMDYxMjIxMTEyMTMyWjCBoDE LMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQ QHEwhOZXcgWW9yazEQMA4GA1UEChMHUmFkd2FyZTEbMBkGA1U ECxMSQXBwbGljYXRpb25TZXJ2ZXJzMRgwFgYDVQQDEw93d3cucmF kd2fyzs5jb20xijagbgkqhkig9w0bcqewe3n1chbvcnracmfkd2fyz S5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALz1Lbzf5s OCvGuPD3ENd+FguCCwkP93dUfLge07OZOFOuiY9kzNt5A3rarQtgS2 16
Ey2Q95Ka/+Das8/bVIqACB0TT2riBhnEUteJb+3caVwtHYFnN9qk1+ 6zsHFoeD+ko9HcZB2skf1zm/gLbPRWU4o2RfZQwnyYqafqn+W5LQF lagmbaagjggeamih9mb0ga1uddgqwbbtfsl8r9hls4oiott7lr9bx 1GzAzCBzQYDVR0jBIHFMIHCgBTfQSL8r9hlS4oIOTt7LR9bX1GzA6G BpqSBozCBoDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3J rmrewdwydvqqhewhozxcgww9yazeqma4ga1uechmhumfkd2f yztebmbkga1uecxmsqxbwbgljyxrpb25tzxj2zxjzmrgwfgydvq QDEw93d3cucmFkd2FyZS5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHB vcnracmfkd2fyzs5jb22caqawdaydvr0tbauwaweb/zanbgkqhki G9w0BAQQFAAOBgQAn0FoVRmdk7dBfwMhhkOXrtktIZQ2ycwVbs0N +zclpsnu/tl+vn+9nkv6s1itufdvtblf7npfjtnr/dcxwbqh9vvz4+u MNYCIomfTuWNjWMLl0Aw0wv+YJplmWzM1q0EtU5Xe/EaSufYQZW6 Mnkm8Je3LSRXXKHUFyz3np7hN7qw== -----END CERTIFICATE---- - 5. Copy the Certificate and paste it to a new file called radware.crt and save it. Installing the Certificate on the client machine: 1. Copy the Certificate file that was generated from the AppXcel called radware.crt. 2. Dubble click on the file and install it. 17
Technical Support Radware offers technical support for all of its products through the Radware Certainty Support Program. Please refer to your Certainty Support contract, or the Radware Certainty Support Guide available at: http://www.radware.com/content/support/supportprogram/default.asp. For more information, please contact your Radware Sales representative or: U.S. and Americas: (866) 234-5763 International: +972(3) 766-8666 18