Magnum Network Software DX



Similar documents
Administrator's Guide

RuggedCom Solutions for

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Management Software. User s Guide AT-S84. For the AT-9000/24 Layer 2 Gigabit Ethernet Switch. Version Rev. B

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Innominate mguard Version 6

"Charting the Course...

Introduction of Quidway SecPath 1000 Security Gateway

AT-S60 Version Management Software for the AT-8400 Series Switch. Software Release Notes

How To Learn Cisco Cisco Ios And Cisco Vlan

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Interconnecting Cisco Networking Devices Part 2

Configuring IPsec VPN with a FortiGate and a Cisco ASA

SSVP SIP School VoIP Professional Certification

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

TotalCloud Phone System

V310 Support Note Version 1.0 November, 2011

Cisco Certified Network Expert (CCNE)

AT-S95 Version AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes

: Interconnecting Cisco Networking Devices Part 2 v1.1

Skills Assessment Student Training Exam

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Course Contents CCNP (CISco certified network professional)

AT-S41 Version Management Software for the AT-8326 and AT-8350 Series Fast Ethernet Switches. Software Release Notes

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Cisco Networking Professional-6Months Project Based Training

Secure Network Foundation 1.1 Design Guide for Single Site Deployments

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

High Performance 10Gigabit Ethernet Switch

How To Install An At-S100 (Geo) On A Network Card (Geoswitch)

20 GE + 4 GE Combo SFP G Slots L3 Managed Stackable Switch

UIP1868P User Interface Guide

AT-S105 Version Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches

How To Industrial Networking

Configuring the Transparent or Routed Firewall

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Chapter 5 Virtual Private Networking Using IPsec

DSL-2600U. User Manual V 1.0

TP-LINK. JetStream 28-Port Gigabit Stackable L3 Managed Switch. Overview. Datasheet T3700G-28TQ.

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

7750 SR OS System Management Guide

Chapter 8 Router and Network Management

EdgeRouter Lite 3-Port Router. Datasheet. Model: ERLite-3. Sophisticated Routing Features. Advanced Security, Monitoring, and Management

Cisco Which VPN Solution is Right for You?

AT-S84 Version ( ) Management Software for the AT-9000/24 Gigabit Ethernet Switch Software Release Notes

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

Chapter 9 Monitoring System Performance

EdgeMarc 4508T4/4508T4W Converged Networking Router

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

VPNC Interoperability Profile

Layer 3 Network + Dedicated Internet Connectivity

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Configuring a BANDIT Product for Virtual Private Networks

CCT vs. CCENT Skill Set Comparison

IP Router QUICK START GUIDE

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

IP Office Technical Tip

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Datasheet. Advanced Network Routers. Models: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

Operating System for Ubiquiti EdgeRouters Release Version: 1.4

Network Security Firewall

! encor e networks TM

Virtual Private Network and Remote Access Setup

Cisco RV220W Network Security Firewall

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Objectives. Background. Required Resources. CCNA Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Cisco RV 120W Wireless-N VPN Firewall

Gigabit SSL VPN Security Router

Interconnecting Cisco Network Devices 1 Course, Class Outline

SSVVP SIP School VVoIP Professional Certification

Cisco Certified Security Professional (CCSP)

Chapter 6 Basic Virtual Private Networking

VPN. VPN For BIPAC 741/743GE

Welcome to Todd Lammle s CCNA Bootcamp

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

SonicOS Enhanced Release Notes

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview

Broadband Router ESG-103. User s Guide

Introduction about cisco company and its products (network devices) Tell about cisco offered courses and its salary benefits (ccna ccnp ccie )

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Network Security Firewall Manual Building Networks for People

WAN Failover Scenarios Using Digi Wireless WAN Routers

Configuring IP Load Sharing in AOS Quick Configuration Guide

Networking 4 Voice and Video over IP (VVoIP)

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

ADMINISTRATION GUIDE Cisco Small Business

How to access peers with different VPN through IPSec. Tunnel

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Nortel VPN Router Software Release V8_05.100

Configure IPSec VPN Tunnels With the Wizard

GregSowell.com. Mikrotik Basics

Configuring a VPN for Dynamic IP Address Connections

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Transcription:

Magnum Network Software DX Software Release Notes Software Revision 3.0.1 RC5, Inc. www..com www..com/techsupport email: support@.com

This document contains Confidential information or Trade Secrets, or both, which are the property of. This document may not be copied, reproduced or transmitted to others in any manner, nor may any use of the information in the document be made, except for the specific purposes for which it is transmitted to the recipient, without the prior written consent of. Copyright 2010,. All Rights Reserved 2

Release 3.0.1 RC5 Release Notes The following notes describe significant changes in MNS-DX version 3.0.1 RC5 (since version 2.1.1 RC2). 1.0 INTRODUCTION The following notes contain details related to the MNS-DX v3.0.1 RC5 software release. MNS-DX v3.0.1 RC5 includes three main enhancements over MNS-DX v2.1.1 RC2 as follows: Support for the new DX940 hardware platform Support for tiered software feature sets through the use of license keys Enhanced IPSec and VPN implementation 2.0 NEW FEATURES 2.1 DX940 Support A new hardware platform has been developed, the DX940, which is supported in v3.0.1 RC5 software. The initial DX940 supports the following port configurations: 2 Gigabit Ethernet Ports can be configured as o 2 SFP (multi-mode or single-mode fiber) or o 2 Fixed Copper 4 Fast Ethernet Ports can be configured as o 4 SFP (multi-mode or single-mode fiber) or o 4 Fixed Copper 4 DB-9 Serial Ports can be configured as o 4 RS-232/485 software selectable ports or o No ports populated Please contact your sales representative or reference the website at http://www.garrettcom.com/dx940.htm for further details on the DX940 offering. 2.2 License Keys Beginning with MNS-DX v3.0.1 RC5, customers will be given the choice of purchasing the appropriate mix of software license keys along with their DX router hardware. The license keys sets are summarized below: 3

MNS-DX is the base software license key that comes standard with all DX units and includes capabilities such as: Ethernet ports can be configured as switched ports or routed ports or combinations Serial ports can be software configurable as RS232 or RS485 ports RSTP supports RSTP-2004 (802.1w) & STP (802.1d), provides resilient Ethernet networks Routing features support RIP and RIP-II for routed ports VRRP Virtual Router Redundancy Protocol provides router redundancy for Ethernet LAN devices DHCP Server and Client provides DHCP services or queries for IP addresses Remote Access for secure administration is via SSH and optionally via telnet VLANs (802.1q) supports tagged based VLANs as access VLANs or trunk ports SNMP supports v1, v2 and v3 for managing the device using Network Management Systems Event log locally stored provides a log of the most recent events SNTP provides time synchronization with NTP/SNTP servers Modbus interoperability over Ethernet or serial ports (RS232 or RS485) QoS prioritzation to traffic using QoS and DiffServ tags across a network, and across a WAN port Trouble shooting is made easy with a built in protocol analyzer MNS-DX-SECURE is an optional license key that can be purchased to add extra security features to the base MNS-DX such as IPSec, VPN, firewall, encryption and authentication needed for industrial cyber security. These extra Security features are unlocked via a licensed software key. MNS-DX-SECURE license key includes: IPSec VPN support with proven interoperability and conformance to industry standards Firewall provides stateful firewall rules for traffic flows or for IP streams or ports RADIUS provides management authentication via a RADIUS Server Configurable Login Banner message presented before user login to deter unauthorized users Secure Serial SSL connectivity to encrypt data Syslog operation enables logs to be collected by syslog servers for analysis SSH Port Forwarding allows secure access to less secure devices on the network Ethernet port security MNS-DX-ADVAR is an optional license key that can be purchased to add the advanced routing options of OSPF and BGP to the base MNS-DX. These Advanced Routing features are unlocked via a licensed software key. 2.2.1 License Key Transition Strategy DX units shipped prior to the release v3.0.1 may be upgraded to MNS-DX v3.0.1 and will retain their full feature set and capabilities (all License Keys enabled). However, in future releases (e.g. v3.1.0), these units will revert to the basic MNS-DX (no MNS- DX-SECURE or MNS-DX-ADVAR features will be present) license key level. 4

Important Note: Therefore, it is important that customers install the appropriate license keys once they have upgraded to v3.0.1. Please contact your representative to obtain details on receiving the required License Keys. The proper License Keys can be installed via the CLI or Web interfaces 2.2.2 License Key CLI commands Syntax: license add <SECURE ADVAR> <key> license show Examples: MagnumDX# license add SECURE ################ MagnumDX# license show Feature Key ======= ================ SECURE ################ 2.2.3 License Key Web interface There is a new page called "Administration : Software Features" that allows you to add new license keys and view existing license keys. This is where you can view the License Keys that are set (under Existing License Key(s) heading) in the DX unit or add the MNS-DX-SECURE or MNS-DX-ADVAR License Keys: 5

2.3 Enhanced IPSec and VPN implementation V3.0.0 RC7 offers a new integrated IPSec library into the DX offerings but the user interface and configuration model remains unchanged. Users can upgrade from previous versions of the DX software and their configuration will be automatically migrated to 3.0.0. This release provides the following IPSec and VPN enhancements/capabilities: Adds AES256 and Blowfish encryption Adds SHA-2 hash (256 and 512 bit) Adds Diffie-Hellman (DH) groups 5 and 14 Adds Bypass Firewall/NAT for VPN tunnels Maximum configurable VPN tunnels: 128 Maximum configurable IKE peers: 8 2.3.1 Bypass Firewall/NAT An option called Bypass Firewall/NAT has been added in the VPN tunnel configuration table. This option allows the user to select one of two forwarding behaviors for traffic received from a VPN tunnel: "No". The packet forwarding from the tunnel continues to work as it did in previous DX software releases. That is, once a packet is decrypted and de-encapsulated, it is passed completely through the stack again. Thus, NAT and Firewall rules will be applied to the packet as if it were actually received on an external IP interface. This means that the NAT and firewall must be configured to deal appropriately with the decrypted packet as it emerges from the IPsec tunnel. "Yes". This is a new forwarding behavior that allows the decrypted and deencapsulated packet to simply continue its processing in the IP stack. The packet is NOT passed back through the stack and therefore bypasses the typical NAT and Firewall input processing. This effectively allows the router to filter unwanted packets coming from the public network while implictly allowing all taffic that was sent through the tunnel. 2.3.2 Bypass Firewall/NAT CLI commands The addition of the Bypass Firewall/NAT feature has expanded the vpn tunnel command to include the ability to set the proper Bypass Firewall/NAT setting. The default setting is No. The Bypass Firewall/NAT feature can be set to Yes either by entering a new VPN tunnel definition using the add tunnel command as follows: Syntax: MagnumDX(vpn)# add tunnel <src address> <src mask> <dest address> <dest mask> <gateway address> bypass <y or n> 6

Or you can use the edit tunnel command as follows: MagnumDX(vpn)# edit tunnel <tunnel id> [src-address <A.B.C.D>] [src-mask <A.B.C.D>] [dst-address <A.B.C.D>] [dst-mask <A.B.C.D>] [gateway <A.B.C.D>] [profile <profile-name>] [authentication <authentication-method-name>] [bypass <y n>] <cr> 2.3.3 Bypass Firewall/NAT WEB Interface The addition of the Bypass Firewall/NAT feature has expanded the Security:VPN:Tunnels page to allow viewing and setting of the Bypass Firewall/NAT feature as follows: 3.0 QUALITY ENHANCEMENTS 3.1 Pings to an Ethernet interface that is in a down state will now return the proper response of Host unreachable. 3.2 The Ethernet clear statistics command now properly clears the specified Ethernet port statistics. 7

3.3 The DX unit would reboot when multiple ports were entered into the VLAN set command. This has been resolved. 3.4 If you deleted a VID from the DX it would still stay active until you performed a system reboot. This has been resolved and is no longer active after it has been deleted. 3.5 Improved VPN re-key operation to minimize traffic loss. 3.6 Resolved issue where you were unable to change the WAN mode setting between T1 and E1 via the CLI. 3.7 Resolved several cases where terminal server sessions started using SSH port forwarding did not always close properly. 3.8 The software now saves active event files prior to system reboots so that the information is no longer lost. 3.9 The W2 port statistics on the DX1000 now reflect the true W2 statistics and are not a copy of thew1 statistics as in previous versions. 3.10 SSH sessions no longer have a fixed timeout of 1 hour. 3.11 The DX has been enhanced to now log Loop Up/Loop Down events. 3.12 Disabling OSPF on a PPP interface no longer causes a system problem. 3.13 Resolved the issue of a WAN port, that was running OSPF, displaying a default metric of 75 but really using a metric of 1. 3.14 Resolved issue with SSH port forwarding to a non-existent device. 3.15 Resolved issue where a Frame Relay DLCI could be configured on a WAN port that was defined for PPP operation. 3.16 Any port forwarding SSH session will automatically use a setting of no idle timeout value instead of using the session timeout setting that is used for any user sessions to the DX CLI or GUI. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information