Professional Documents
Culture Documents
User Guide
Software Version 3.40.00
Document ID: RDWR-APSV-V034000_UG1512
December 2015
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 2015. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 2015. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Copyright Radware Ltd. 2015. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and
the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL,
please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.
Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3.
All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)
4.
The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote
products derived from this software without prior written permission. For written permission,
please contact openssl-core@openssl.org.
5.
Products derived from this software may not be called OpenSSL nor may OpenSSL appear in
their names without prior written permission of the OpenSSL Project.
6.
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are
aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution
is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts
of the library used.
This can be in the form of a textual message at program startup or in documentation (online or
textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not
cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgment:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code
cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
This code is hereby placed in the public domain.
Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3.
Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided as is without express or implied warranty of any kind.
This product includes the DB2 Express-C database, the copyrights of which are owned IBM.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur: http://www.gnu.org/licenses/oldlicenses/gpl-2.0.html.
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3. Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
Ce produit inclut un logiciel dvelopp par Markus Friedl.
Ce produit inclut un logiciel dvelopp par Theo de Raadt.
Ce produit inclut un logiciel dvelopp par Niels Provos.
Ce produit inclut un logiciel dvelopp par Dug Song.
Ce produit inclut un logiciel dvelopp par Aaron Campbell.
Ce produit inclut un logiciel dvelopp par Damien Miller.
Ce produit inclut un logiciel dvelopp par Kevin Steves.
Ce produit inclut un logiciel dvelopp par Daniel Kouril.
Ce produit inclut un logiciel dvelopp par Wesley Griffin.
Ce produit inclut un logiciel dvelopp par Per Allansson.
Ce produit inclut un logiciel dvelopp par Nils Nordman.
Ce produit inclut un logiciel dvelopp par Simon Wilkinson.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.
Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschrnkten Nutzungslizenz und
knnen nur in Verbindung mit dieser Anwendung benutzt werden.
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/
gpl-2.0.html.
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3.
Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
Standard Warranty
The following standard warranty is presented in English, French, and German.
Standard Warranty
Radware offers a limited warranty for all its products (Products). Radware hardware products are
warranted against defects in material and workmanship for a period of one year from date of
shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days
after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at
its discretion, repair or replace the Product.
For hardware warranty service or repair, the product must be returned to a service facility
designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay
the shipping charges in returning the product to the customer. Please see specific details outlined in
the Standard Warranty section of the customers purchase order.
Radware shall be released from all obligations under its Standard Warranty in the event that the
Product and/or the defective component has been subjected to misuse, neglect, accident or
improper installation, or if repairs or modifications were made by persons other than Radware
authorized service personnel, unless such repairs by others were made with the written consent of
Radware.
EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE
PROVIDED BY AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.
Garantie standard
Radware octroie une garantie limite pour lensemble de ses produits (Produits). Le matriel
informatique (hardware) Radware est garanti contre tout dfaut matriel et de fabrication pendant
une dure dun an compter de la date dexpdition. Les logiciels (software) Radware sont fournis
avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du
logiciels (bugs) pendant une dure maximum de 90 jours compter de la date dachat. Dans
lhypothse o un Produit prsenterait un dfaut pendant ladite (lesdites) priode(s), Radware
procdera, sa discrtion, la rparation ou lchange du Produit.
Sagissant de la garantie dchange ou de rparation du matriel informatique, le Produit doit tre
retourn chez un rparateur dsign par Radware. Le Client aura sa charge les frais denvoi du
Produit Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter
les conditions spcifiques dcrites dans la partie Garantie Standard du bon de commande client.
Radware est libre de toutes obligations lies la Garantie Standard dans lhypothse o le Produit
et/ou le composant dfectueux a fait lobjet dun mauvais usage, dune ngligence, dun accident ou
dune installation non conforme, ou si les rparations ou les modifications quil a subi ont t
effectues par dautres personnes que le personnel de maintenance autoris par Radware, sauf si
Radware a donn son consentement crit ce que de telles rparations soient effectues par ces
personnes.
SAUF DANS LES CAS PREVUS CI-DESSUS, LENSEMBLE DES PRODUITS RADWARE (MATERIELS ET
LOGICIELS) SONT FOURNIS TELS QUELS ET TOUTES GARANTIES EXPRESSES OU IMPLICITES
SONT EXCLUES, EN CE COMPRIS, MAIS SANS SY RESTREINDRE, LES GARANTIES IMPLICITES DE
QUALITE MARCHANDE ET DADQUATION UNE UTILISATION PARTICULIRE.
10
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
11
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
12
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
13
Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!
Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.
Connect the power cable to the main socket, located on the rear panel of the device.
2.
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.
14
Figure 4: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)
Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS
15
Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.
Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.
Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.
2.
Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.
3.
NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.
4.
Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.
5.
Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.
6.
7.
Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.
PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
16
Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!
Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
17
18
Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.
19
Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.
2.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1.
Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.
2.
3.
Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.
4.
Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.
5.
Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.
6.
Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.
7.
Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.
Electromagnetic-Interference Statements
The following statements are presented in English, French, and German.
Electromagnetic-Interference Statements
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
20
21
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI
Figure 12: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.
Figure 13: Dclaration pour lquipement de classe A certifi KCC en langue corenne
22
23
Tma 25C
2.
2000m
2000m
DD
2000m
DD
DD.1
24
2000m 2000m
DD.2
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item
Description
Description
Beschreibung
An example scenario
Un scnario dexemple
Ein Beispielszenarium
Possible damage to
equipment, software, or
data
Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel
Additional information
Informations
complmentaires
Zustzliche
Informationen
A statement and
instructions
Rfrences et
instructions
A suggestion or
workaround
Une suggestion ou
solution
Example
Caution:
Note:
To
Tip:
Possible physical harm to Blessure possible de
the operator
loprateur
Verletzungsgefahr des
Bedieners
Warning:
25
26
Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Standard Warranty ........................................................................................................ 9
Limitations on Warranty and Liability ........................................................................... 10
Safety Instructions ....................................................................................................... 11
Electromagnetic-Interference Statements ................................................................... 20
Altitude and Climate Warning ...................................................................................... 24
Document Conventions ............................................................................................... 25
42
42
42
43
43
43
44
44
44
44
45
45
45
45
46
46
46
47
47
47
47
48
48
50
50
50
51
27
51
53
55
56
61
61
61
62
62
63
63
63
81
84
84
84
85
28
Chapter 5 Setting Up Your Network and Basic Device Configuration .......... 129
Device PaneSites, Clusters, and Physical Containers ......................................... 129
Configuring Sites ...................................................................................................... 130
Adding and Removing Devices ................................................................................ 131
Managing Devices and Device Properties ................................................................ 133
APSolute Vision Server Registered for Device EventsAlteon and LinkProof NG . 144
APSolute Vision Server Registered for Device EventsDefensePro ..................... 145
Locking and Unlocking Devices ................................................................................ 145
Managing DefensePro Clusters for High Availability ................................................ 146
High-Availability in DefenseProOverview .....................................................................
Configuring High-Availability Clusters ...............................................................................
Monitoring DefensePro Clusters .......................................................................................
Synchronizing High-Availability Devices and Switching the Device States ......................
147
149
150
151
Using the Multi-Device View and the Multiple Devices Summary ............................ 152
After You Set Up Your Managed Devices ................................................................ 153
29
162
180
182
184
188
192
196
199
201
204
206
208
210
212
30
224
226
228
230
231
232
242
244
246
248
249
Chapter 10 Monitoring Alteon with the Dashboard and Service Status View .....
251
252
254
255
257
31
Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier ............................... 285
Monitoring Interfaces ......................................................................................................... 286
32
Viewing Dashboards for Single Standalone and vADC Devices .............................. 335
Displaying the Dashboard and Managing the Display ...................................................... 336
Dashboard Components for Single Standalone and vADC Devices ........................ 336
Viewing the Dashboard for ADC-VX Devices ........................................................... 338
Displaying the VX Dashboard and Managing the Display ................................................ 338
348
350
351
352
33
382
382
408
417
424
Using Real-Time Security Monitoring with AppWall and Alteon ............................... 427
Monitoring Security Events ................................................................................................ 427
Monitoring Attack Distribution ............................................................................................ 431
437
437
438
438
438
438
439
440
34
443
443
444
444
444
444
445
447
447
449
450
451
453
453
454
455
469
469
496
497
497
497
501
35
36
37
38
For information about installing the APSolute Vision server and initial settings on the APSolute Vision
platform, see the APSolute Vision Installation and Maintenance Guide.
Alteon Alteon is an application delivery controller (ADC) and load balancer that guarantees
application SLA. For information about the required workflows for configuring application
delivery with Alteon, see the Alteon Application Switch Operating System Application Guide.
AppWall AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure
delivery of mission-critical Web applications. For more information on AppWall, see the AppWall
User Guide.
LinkProof NGLinkProof NG provides link load-balancing. For information about the basic
and advanced link load balancing and configuration of LinkProof NG, see the LinkProof NG User
Guide.
39
Support for AppShape templates, which automate and streamlines device configuration for
common applications.
Scheduling device control and maintenance tasks, such as, backup and restore, and so on.
Auditing
Management of DefensePro templates for Network Protection and Server Protection policies
Monitoring and control of multiple devicesThis includes enabling and disabling entities
within a device. APSolute Vision can configure and monitor multiple devices in a single view.
Security reporting and statisticsAt the device level, and on logical entities within a device.
For real-time and historical security reporting, APSolute Vision can also provide device and
multi-device reports for immediate problem isolation, convenient attack and status visibility, and
information drill-down.
REST API supportAPSolute Vision exposes a REST API for all functionality supported by the
APSolute Vision WBM, including configuration, monitoring, and security reporting.
Runs as a Web application on a PC browser and provides a graphical user interface with separate
perspectives for configuration, monitoring and control, and security monitoring.
Transmits user requests to the server tier and displays the results in the APSolute Vision
interface in an intuitive and easy-to-read format.
40
The network physical or virtual device tier enables management of the collection of network
elements connected to APSolute Vision, which includes the following:
Alteon
AppWall
DefensePro
LinkProof NG
Historical Security Reporting for DefensePro and AppWallAPSolute Vision Reporter, page 46
41
Inline filtering
Logical-element grouping
Hierarchical browsing
Routing table
General status
Statistics
Device statistics tables for the device level and logical level
Managing AppShape templates and AppShape instances for Alteon ADC devices. AppShape
automates/streamlines ADC configuration for common applications, such as SAP Portal and
Microsoft SharePoint Server.
Managing DefensePro templates for Network Protection policies and Server Protection policies.
Rebooting devices.
42
Device Drivers
APSolute Vision device drivers can enable you to install or upgrade Radware devices without the
need to upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical
user interface and configuration for the software version of a managed device. The software version
of a managed device defines the baseline driver version. You can install a newer version of the
device driver, and you can revert to the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server. Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.
Notes
There are cases where upgrading the Radware device software requires upgrading the APSolute
Vision server software. Check the release notes of the new Radware device version to determine
the minimum APSolute Vision version required.
When you upgrade device software, you need to reboot the device. However, when you install a
new version of a device driver or revert to the baseline version, you do not need to reboot the
device.
Device drivers do not include the online help. If the APSolute Vision server is configure so that
the clients get help from the server (the default option), the APSolute Vision administrator
should make sure that the APSolute Vision server has the latest version of the online-help
package.
The Properties pane that is displayed for a device includes the name of the device driver.
Scheduled Tasks
You can configure scheduled tasks for various operations for the APSolute Vision server and
managed devices.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
43
Password constraints
Administrative actionsTo create users, reset user passwords (except for the radware
user), and locking out users
Tracking user statisticsFor successful logins, failed logins, account locks, and so on
APSolute Vision clientFor APSolute Vision server options, such as, timeouts, connectivity,
event forwarding, and so on, and for server monitoring
Alteon VAA software-based ADC supporting AlteonOS functionality and running on the
VMware virtual infrastructure
ADC-VXA specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated
ADC hardware, Radwares OnDemand Switch platforms
44
Notes
For more information, see the Alteon Application Switch Operating System Application Guide.
The Alerts tab in the Alerts pane displays Alteon and LinkProof NG configuration messages. A
message is displayed in the Alerts pane after each Alteon or LinkProof NG configurationmanagement action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and
Dump). When you double-click a message, APSolute Vision opens a separate pane that contains
the full message text, which you can copy to the clipboard.
If the new configuration is different from the current one, to indicate that the Apply command is
required, the message Apply is required is displayed under the Apply button in the device
toolbar and a fiery background displays behind the button.
During the Apply operation, the device icon may momentarily change from locked
to
maintenance
, and the value of the Status parameter in the Properties pane may
momentarily change from Up to Maintenance.
Note: For more information, see the Application Performance Monitor User Guide.
Note: For more information, see Using the Application SLA Dashboard, page 433.
Add and delete Alteon and DefensePro devices to the devices that the APSolute Vision manages.
Change the and delete Alteon and DefensePro devices to the devices that the APSolute Vision
manages.
45
Full business agility and resource elasticityImproved business agility by ensuring the
application delivery layer is constantly aligned with the changes in the virtual infrastructure.
Advanced incident handling for security operating centers (SOCs) and network operating centers
(NOCs)
Notes
For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes.
For information about APSolute Vision Reporter and how to use it, see its online help and the
APSolute Vision Reporter User Guide.
46
DefensePipe Access
The APSolute Vision main toolbar displays the DefensePipe button (
connects you to the associated DefensePipe interface.
Note: For more information on DefensePipe, see the DefensePipe User Guide.
DefenseFlow Access
The APSolute Vision main toolbar displays the DefenseFlow button ( ) when the DefenseFlow IP
address is configured in APSolute Vision. This option is available using APSolute Vision CLI. Clicking
the button opens the DefenseFlow interface.
DefensePro
DefenseFlow
AppWall (WAF)
DefensePipe
Note: For more information, see Using the Security Control Center, page 436.
radware.comThe online help files at radware.com are always the most up-to-date.
47
The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.
Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based
Access Control (RBAC). For more information, see the APSolute Vision User Guide. For more
information, see Role-Based Access Control (RBAC), page 70 and Configuring Local Users for
APSolute Vision, page 79.
(Settings) button at the top of the main screen to select the APSolute Vision Settings
SystemFor more information, see Settings ViewSystem Perspective, page 51. Access to the
APSolute Vision Settings view System perspective is restricted to administrators.
Click the relevant button (System, Dashboards, or Preferences) to display the perspective that
you require.
At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision
device-properties pane. For more information, see APSolute Vision Device-Properties Pane, page 49.
When you hover over a device node in the device pane, a popup displays. For more information, see
Device-Properties Hover Popup, page 50.
48
Alerts paneDisplays the Alerts table. The Alerts table displays APSolute Vision alerts,
device alerts, DefensePro security alerts, and device configuration messages.
The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device
name.
A picture of the device front panel. When the device is locked, you can click the
reset or shut down the device.
Locked ByIf the device is locked, the user who locked it.
Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)This field displays the platform and form factor.
button to
49
Platform (displayed only for DefensePro version 6.x and 7.x devices)The platform type, for
example x420.
APM License (displayed only for Alteon and LinkProof NG devices)The pages-per-minute limit
of the APM license.
HA Status (displayed only for Alteon, DefensePro for Cisco Firepower 9300, and LinkProof NG
devices)The high-availability status of the device. For Alteon and LinkProof NG, displayed only
with HA configured: Active or Standby. For DefensePro: Standalone, Primary, or
Secondary.
Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.
Locked ByIf the device is locked, the user who locked it.
Form Factor (displayed only for Alteon, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)The form factor, for example, Standalone.
HA Status (displayed only for Alteon, DefensePro, and LinkProof NG devices)The highavailability status of the device. For Alteon and LinkProof NG, displayed only with HA configured:
Active or Standby. For DefensePro: N/A, Standalone, Primary, or Secondary.
Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.
Application SLA DashboardFor more information, see Using the Application SLA Dashboard,
page 433.
Security Control CenterFor more information, see Using the Security Control Center,
page 436.
50
Monitor or manage the general settings of the APSolute Vision serverMonitoring and
managing the general settings of the APSolute Vision server include the following:
Connectivity
Monitoring parameters
Authentication protocols
Device drivers
Licenses
DefensePipe URL
Display formats
Maintenance files
Manage and monitor usersUsers can, in turn, manage multiple devices concurrently. Using
APSolute Vision RBAC, administrators can allow the users various access control levels on
devices. RBAC provides a set of predefined roles, which you can assign per user and per working
scope (device or group of devices). RBAC definition is supported both internally (in APSolute
Vision) and through remote authentication (with RADIUS or TACACS+).
Note: For more information on the most of the operations that are exposed in the APSolute Vision
Settings view System perspective, see Managing and Monitoring the APSolute Vision System,
page 87.
Device Pane
Users with a proper role can use the device pane to add or delete the Radware devices that the
APSolute Vision server manages.
Click the little button close to the upper-left corner to display the device pane (see Figure 20 Device Pane (Not Docked), page 52).
You can organize managed devices into high-availability clusters and sites.
Typically, a site is a group of devices that share properties, such as location, services, or device
type. You can nest sites; that is, each site can contain child sites and devices. In the context of rolebased access control (RBAC) RBAC, sites enable administrators to define the scope of each user.
In the context of Alteon, sites also play a role in the context of vADCs and ADC-VXs. When you
manage a vADC hosted by an ADC-VX in the device pane Physical Containers tree, you specify the
site under which that vADC is displayed in the Sites and Clusters tree.
When you double-click a device in the device pane, APSolute Vision displays the device-properties
pane and the last perspective that you viewed on the device along with the corresponding content
area.
51
TypeAlteon, AppWall, DefensePro, or LinkProof NG. The Physical Containers tab does
not display this field.
NameThe name of a device, site, or string contained in the name (for example, the value aRy
matches an element named Primary1 and SecondaryABC).
After you configure the filter criteria, to apply the filter, click the
Click the
52
Configuration Perspective
Use the Configuration perspective to configure Radware devices.
Choose the device to configure in the device pane.
You can view and modify device configurations in the content area.
When APSolute Vision manages Alteon or LinkProof NG:
You choose the standalone, VA, or vADC device to configure in the device pane Sites and
Clusters tree.
You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.
Content
pane.
The following points apply to all configuration tasks in the Configuration perspective:
To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 145.
When you change a field value (and there is configuration that is pending Submit action), the
tab title changes to in italics with an asterisk (*).
53
You can perform one or more of the following operations on table entries:
Device configuration information is saved only on the managed device, not in the APSolute
Vision database.
To commit information to the device, you must click Submit when you modify settings in a
configuration dialog box or configuration page.
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the change
without an immediate reboot. When you submit a change without a reboot, the Properties pane
displays a Reboot Required notification until you reboot the device.
For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (globalcommand) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new
configuration requires an Apply or Save operation to take effect, the button is displayed with an
orange background.
For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If
the configuration requires an Apply operation to take effect, the button is displayed with an orange
background.
54
Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.
Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
configuration messages.
55
Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
DefensePro configuration messages.
56
Security DashboardA graphical summary view of all current active attacks in the
network with color-coded attack-category identification, graphical threat-level indication,
and instant drill-down to attack details.
Current AttacksA view of the current attacks in a tabular format with graphical notations
of attack categories, threat-level indication, drill-down to attack details, and easy access to
the protecting policies for immediate fine-tuning.
Traffic MonitoringA real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.
HTTP ReportsReal-time graphs and tables with statistics on policies, protections according to
specified traffic direction and protocol, along with learned traffic baselines.
Note: For more information on the Security Monitoring perspective, see Using Real-Time Security
Monitoring, page 381.
57
58
Notes
For information about installing the APSolute Vision server, see the APSolute Vision Installation
and Maintenance Guide.
For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.
Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:
Data bits: 8
Parity: None
Stop bits: 1
Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute
Vision terminates the session.
59
Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and
that console computer is turned on.
2.
Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.
3.
4.
5.
6.
Type the IP address for the APSolute Vision server, and then, press Enter.
7.
Type the value for the network mask for the APSolute Vision server, and then, press Enter.
8.
Type the value for the default gateway for the APSolute Vision server, and then, press Enter.
9.
Type the value for the primary DNS server for the APSolute Vision server, and then, press Enter.
10. If applicable, type the value for the secondary DNS server for the APSolute Vision server, and
then, press Enter.
Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter
without typing anything, the installation will proceed.
11. Type the interface identifierfor example G1 or G2 (case sensitive)that is, the interface the
APSolute Vision clients access, and then, press Enter.
Notes
The installation program checks whether there are connected interfaces, and it displays their
identifiers. If there are no connected interfaces, a No link detected message is displayed.
The interface identifiers that are supported depend on the APSolute Vision form factor.
N no, that is, you need to go back and change one or more values.
The initialization script asks whether you want to change the root user password.
14. Change the root user password if required.
Note: For information on how to change the default passwords, see APSolute Vision CLI
Commands, page 441.
60
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.
61
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.
Notes
For more information, see APSolute Vision Specifications and Requirements, page 607.
For the list of required UDP/TCP ports, see UDP/TCP Ports, page 608.
Windows 8 64-bit
Mac OS X
62
Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision
WBM, there is sometimes a problem when downloading files. You can fix the problem by updating
the Windows registry. The update tells IE to open JSON documents in the browser. In the update,
the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the Browse in place
action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00
and update the Windows registry with the following:
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
63
Note: Users with the Administrator role can manage APSolute Vision users. For information on
managing APSolute Vision users, see Managing APSolute Vision Users, page 69.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your
credentials and privileges may be managed through an authentication server or through the local
APSolute Vision user database.
After successful authentication, the users role is assigned. The role determines the devices that the
user is authorized to manage. Furthermore, the role determines which content panes, menus, and
operations the user can access. The assigned role remains fixed throughout the user session.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 84). If the user uses credentials from
an authentication server (for example, a RADIUS server), you must contact the administrator of that
authentication server.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 69.
In a Web browser, enter the hostname or IP address of the APSolute Vision server.
2.
PasswordYour user password. Depending on the configuration of the server, you may be
required to change your password immediately. Default: radware.
3.
Click Login.
Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware
recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System
perspective, General Settings > Connectivity > Timeout).
Note: For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.
64
Parameter
Description
Current Username
Current Password
New Password
Parameter
Description
The page that APSolute Vision displays when you open APSolute
Vision WBM.
Values:
Default: None
Note: Your user role and scope determines the available options.
If you do not have permission to view default page configured on
the APSolute Vision server, you land in the first permitted tab in
the APSolute Vision Settings view. For information on user roles
and scopes, see Managing APSolute Vision Users, page 69.
65
If required, configure local APSolute Vision users and global user settings in the APSolute Vision
Settings view System perspective, under User Management. For more information, see
Managing APSolute Vision Users, page 69.
Add the devices that you want to manage using APSolute Vision. For more information, see
Setting Up Your Network and Basic Device Configuration, page 129.
To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.
Configure the Radware devices that APSolute Vision manages. For more information, see the
APSolute Vision online help.
Monitor the managed devices using APSolute Vision. For more information, see the APSolute
Vision online help.
Note: For more information about the Radware products that APSolute Vision supports, see the
relevant product user guides and related documentation.
Notes
You can configure and control a managed device only when the device is locked (see Locking
and Unlocking Devices, page 145).
Icon/Button
66
Command
Description
Add
Edit
Icon/Button
Command
Description
Duplicate
Delete
Export
View
), click
Notes
For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a
match if the string that you enter is merely contained in a value. For example, if you enter
ser in the text box, the filter returns rows with the values ser, service1, and service2.
2. Click the
67
68
Caution: Radware recommends that the radware user be used by customers for disaster recovery
and kept secret from all other administrators.
The radware user can create and manage additional local users and their individual and global user
settings.
The radware user cannot be deleted.
The radware user is authenticated only in the Local Users table, regardless of whether the system is
configured to use a different authentication method. That is, the radware user cannot be overridden
by the configuration of an authentication server (see Configuring Connections to Authentication
Servers, page 103).
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
The radware user can change the password of the radware user in the CLI or in the login dialog box.
For more information, see the APSolute Vision User Guide.
69
To log in to APSolute Vision for the first time as the radware user
1.
In your Web browser, enter the hostname or IP address of the APSolute Vision server.
2.
3.
Click Login.
Caution: If the name of an APSolute Vision site changes and an authentication server
authenticates users, you must reconfigure the user scopes on the authentication server.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role
defines a set of privileges.
All roles, except Administrator, User Administrator, or Vision Administrator must be assigned a
scope.
Users with the Administrator, User Administrator, or Vision Administrator role with the All scope.
APSolute Vision always configures users with the Administrator, User Administrator, or Vision
Administrator role with the All scope.
Caution: When defined through an authentication server, users with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL] (including the
square brackets).
A user sees the APSolute Vision GUI displayed according to that users role, for example:
When a user has full read and write permissions, all Add, Edit, and Delete buttons are displayed.
When a user has update permissions only, Add buttons are not displayed.
When a user does not have any configuration permissions, Add, Delete, and Submit buttons are
not displayed.
The APSolute Vision Settings view System perspective is displayed only to users with the
Administrator, User Administrator, or Vision Administrator role.
70
A user with the User Administrator role can manage all user settings: the Local Users table, the
Authentication Method, and so on. A user with the User Administrator role cannot view other
elements in the APSolute Vision Settings view System perspective.
The tree in device pane displays only those devices that belong to scope associated with the
user.
The Security Monitoring perspective displays visible attacks only of those devices that belong to
the scope and specified DefensePro Network Protection policies associated with the user. This
applies also to the information that APSolute Vision Reporter displays.
Caution: Users with the name admin (case insensitive) cannot be created in the APSolute Vision
local user table. If users with the name admin (case insensitive) are defined in an external
authentication server (RADIUS or TACACS+) or were created in the local user table prior to APSolute
Vision version 3.30, they can log in to APSolute Vision, but they will not be able to log in to the AVR.
All users can see the Alerts pane, but the alerts displayed are limited according to device
permissions.
The relevance and descriptions for the predefined roles may depend on the device type (Alteon or
DefensePro).
Each role has an associated identity-management (IDM) string. You use the IDM strings in an
authentication-server configuration, for example. If the user is authenticated, the APSolute Vision
server grants access according to the users IDM string and scope. The authentication server AccessAccept response must include an IDM-stringscope combination.
Note: APSolute Vision RBAC functionality is separate from the functionality of device user accounts.
The following table lists the predefined roles and the corresponding IDM strings.
Role
IDM String
ADC_AND_CERTIF_ADMIN
ADC Administrator
ADC_ADMIN
ADC Operator
ADC_OPERATOR
Administrator
SYS_ADMIN
Certificate Administrator
CERTIF_ADMIN
Device Administrator
DEV_ADMIN
Device Configurator
CONFIG
Device Operator
DEVICE_OPERATOR
Device Viewer
VIEWER
REAL_SERVER_OPERATOR
Security Administrator
SEC_ADMIN
Security Monitor
SEC_MON
User Administrator
USR_ADMIN
Vision Administrator
VISION_ADMIN
Vision Reporter
REPORTER
71
Role
Can Add
Manages Application
Manages Security
New Device Delivery Devices (Alteon Devices (AppWall and
and LinkProof NG)
DefensePro)
No
Yes
No
ADC Administrator
No
Yes
No
ADC Operator
No
Yes
No
Administrator
Yes
Yes
Yes
Certificate Administrator
No
Yes
No
Device Administrator
Yes
Yes
Yes
Device Configurator
No
Yes
Yes
Device Operator
No
Yes
No
Device Viewer
No
Yes
Yes
No
Yes
No
Security Administrator
No
No
Yes
Security Monitor
No
Yes
Yes
User Administrator
No
N/A
N/A
Vision Administrator
Yes
Yes
Yes
Vision Reporter
No
Yes
Yes
Role
Description
ADC + Certificate
Administrator
ADC Administrator
Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can access Security Monitoring perspective.
ADC Operator
72
Role
Description
Administrator
Can access the CLI and can perform all actions and access all functionality.
Certificate
Administrator
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can access the Monitoring perspective.
Can perform all functions related to Alteon and LinkProof NG, but some
functions are read-only.
Can view the Application SLA Dashboard.
Device
Administrator
Has full control over devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table.
Can access the Templates tab.
Has full control over all Monitoring perspective panes and can access the
Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG, including
AppShapes, but some functions are read-only.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Device Viewer
Can access all devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Real Server
Operator
Can lock and unlock an Alteon device for which the user has credentials.
Can access the Monitoring perspective with the following permissions with
read-write access to the following nodes (all other nodes are hidden):
Can configure and manage network and server security, ACL policies, and so
on.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table. Furthermore, can open the AppShapes & Templates
tab, and can see and use the DefensePro Configuration Templates node.
Security Monitor
Has full control over Security Monitoring and APSolute Vision Reporter.
User Administrator
Can access the APSolute Vision Settings view System perspective, and in it,
can create and manage users. Cannot view other elements in the APSolute
Vision Settings view System perspective.
73
Role
Description
Vision
Administrator
Can access the CLI except for system snmp community and system snmp
trap target and can perform all actions and access all functionality,
except for user management and authentication protocols (RADIUS Settings
and TACACS+ Settings).
Vision Reporter
Has full control over APSolute Vision reporting capabilities (APM, AVR, and
DPM).
vDirect
AppShapes
DefensePro Configuration
Templates
Scheduler
AVR
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role
ADC +
Certificate
Administrator
Yes
Yes
Yes
No
Yes
No
No
No
Yes
Yes
ADC
Administrator
Yes
Yes
No
Yes
No
No
No
Yes
Yes
ADC Operator
Yes
No
No
Yes
No
No
No
No
No
Administrator
Yes
Yes
Yes
Yes, all
Yes
Yes
Yes
Yes
Yes
Yes
Yes
74
vDirect
No
No
No
No
No
No
No
No
Device
Administrator
Yes
Yes
Yes
Yes
Yes
Yes, but
cannot click
Vision
Settings.
Yes
Yes
Yes
Yes
Device
Configurator
No
Yes
Yes, but
cannot click
Vision
Settings.
Yes
No
No
No
Device
Operator
Yes
No
No
Yes
No
Yes
No
No
No
Device Viewer
Yes
Yes
Yes
Yes, but
cannot click
Vision
Settings.
No
No
No
No
Scheduler
Certificate
Administrator
AVR
AppShapes
DefensePro Configuration
Templates
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role
75
vDirect
No
No
No
No
No
No
No
No
No
Security
Administrator
Yes
Yes
Yes
Yes
No
Yes, but
cannot click
Vision
Settings.
Yes
Yes
No
No
Security
Monitor
No
No
Yes
Yes
No
Yes, but
cannot click
Vision
Settings.
No
No
No
No
User
Administrator
No
No
No
No
No
No
No
No
No
No
Vision
Administrator
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
76
Scheduler
Real Server
Operator
AVR
AppShapes
DefensePro Configuration
Templates
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role
No
Yes
Yes
No
No
DefensePro Configuration
Templates
Scheduler
AVR
Settings View
Yes, but only User
Preferences
No
vDirect
No
AppShapes
Vision Reporter No
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role
No
No
In the APSolute Vision Settings view System perspective, select User Management > Roles.
77
Parameter
Authentication Mode
Description
The user-authentication method APSolute Vision users.
The Administrator or User Administrator user can specify the
user-authentication method for all APSolute Vision interfaces.
The setting is retained after reboot of the APSolute Vision
server, and it is included in the APSolute Vision configuration
backup and restore operations.
Values:
Default: Local
Maximum Password Challenges
The default password that new users, other than the radware
user, enter on initial login or after password reset.
Notes:
78
Parameter
Description
For information about setting global user configurations, see Configuring General User Settings,
page 77.
Note: An authentication server is specified to authenticate the APSolute Vision users. When the
authentication server is down, user authentication fails over to the Local Users table.
Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware
recommends that administrator users be defined also in the Local Users table. Having users defined
also in the Local Users table is for fall-back access to APSolute Vision in case the authentication
server is not available.
Use the Local Users tab for the following operations:
79
In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
The Local Users tab displays information for all currently defined users. Additional information for
users is available when editing specific rows in the Local Users table.
Parameter
Description
User Name
Language
Scope
Role
The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.
Contact Info
Active User
Created On
80
Parameter
Description
Last Lockout
Note: The terms Network Protection policy and network policy may be used interchangeably in
APSolute Vision and in the documentation.
3. In the Permissions tab User Roles and Scopes table, do one of the following:
4. Do the following:
From the Role drop-down list, select the role for the selected scope.
From the Scope drop-down list, select the scope containing the devices that the user can
access.
Note: For information on roles, see Role-Based Access Control (RBAC), page 70.
5. Click Submit.
6. Configure the rest of the user parameters, and click Submit.
81
Note: At the initial login, a new user enters the password and is then prompted to create a new
password. Users can always change their own passwords at login. For more information, see
Changing Passwords for Local Users, page 64. The initial password can be a default password (see
Table 8 - User Management Settings, page 78) or a personal password configured for the specific
user (see Table 13 - User: Password Parameters, page 83).
Parameter
Description
User Name
Language
The user can change his/her own display language, by using the
icon at the upper-right corner of the main screen.
Parameter
Description
The specified role for the user on the specified device or devices for
which the user has credentials.
82
Parameter
Description
Address
Phone Number
Parameter
Description
Confirm Password
The value for confirmation of Password, when you specify the initial
password for the new user.
To configure the DefensePro Network Protection policies whose security data the user
can access in the Security Monitoring perspective and APSolute Vision Reporter
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Permissions tab, under the title Authorized Network Policies for Security
Monitoring, configure the Selected table with the Network Protection policies whose security
data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Notes
By default, users have access to all policies of all devices in their scope.
When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in
the Policy Name column. This signifies that the user can access all policies for each permitted
device. A user must be authorized for all network policies of a device ([ALL]) or for selected
network policies of a device. When you move a policy from the Available table to the Selected
table, [ALL] values move automatically from the Selected table to the Available table.
A change to Authorized Network Policies for Security Monitoring takes effect the next
time the user logs in, and does not affect current ongoing sessions.
83
Deleting Users
Deleting a user removes the user from the Users table.
Notes
You can suspend a user without removing the user from the table. For more information, see
Revoking and Enabling Users, page 85.
To delete a user
1.
In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2.
In the Local Users table, select the username, and click the
toolbar.
3.
In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2.
In the Local Users table, select the username(s) that you want to unlock, and click
Selected Users).
3.
Reset the user password to the default, see Resetting User Passwords to the Default, page 84.
(Unlock
Note: You cannot reset the password of the radware user. If the radware user is locked out for any
reason, contact Radware Technical Support.
84
To revoke a user
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Local Users table, select the username(s), and click
(Revoke Selected Users). The
value in the Active User column of the user in the Local Users table changes from Yes to No.
Note: For the list of predefined roles, see Predefined Roles, page 72.
In the APSolute Vision Settings view System perspective, select User Management > Roles.
85
Currently Connected UsersThe users who are currently connected to APSolute Vision
through the local user table or an authentication server.
The table contains the following columns:
Name
Login Date and TimeThe date and time of last login. The date/time format is configurable
according to your preferences (APSolute Vision Settings view Settings perspective, General
Settings > Display).
User StatisticsA table, which you can filter, and which contains the following columns:
User Name
Date
Successful Logins
Password Changes
Lock-Outs
In the APSolute Vision Settings view System perspective, select User Management > User
Statistics.
A password must include characters from at least two (2) of the following character types: text
character, number, special characterexcept for characters that may have command functions.
A password must not be the same as the username with which they are associated.
A new password must not contain a sequence of three (3) or more characters from the previous
password.
For information about changing individual and default passwords, see the following:
86
Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 117
Notes
When the value of a parameter has changed, before the value is submitted, the label is in italics.
In the English language display, when a value of a parameter has changed, before the value is
submitted, the tab label is in italics and has an asterisk (*).
In the Chinese language display, when a value of a parameter has changed, before the value is
submitted, the tab label has a dashed underline.
87
Managing and Updating the Attack Descriptions File for DefensePro, page 90
In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
Parameter
Description
Operational Status
Management IP Address
Hardware Platform
88
Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For
optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade
Commands, page 490.
Parameter
Description
Software Version
Build
Last Upgrade
Upgrade Status
89
In the Password text box, enter the passwordif required. A password is required for upgrade
to all major versions. Upgrade without a password is allowed when upgrading to minor versions.
Note: The password is based on the size of the upgrade file and the MAC address of the
APSolute Vision G1 or G2 port, which the Basic Parameters pane displays. You can request the
password from Radware Technical Support. The password is also available using the password
generator at radware.com.
6.
Click Upload.
In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2.
3.
Click Download Upgrade Log. You can open the file with a selected application, or you can
save the file to a specified location.
In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2.
Parameter
Description
RAM Size
Note: Radware also recommends updating the Attack Description file each time you update the
Signature files on DefensePro devices.
90
To view the date and time of the last update of the Attack Description file
1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Select the Attack Descriptions File tab.
Parameter
Description
The time of the latest update of the Attack Description file on the
APSolute Vision server.
To update the Attack Description file from Radware, select the Radware.com radio button.
b.
In the File Name text box, enter the file path of the Attack Description file or click
Browse to navigate to and select the file.
3. Click Update. The Alerts pane displays a success or failure notification and whether the
operation was performed using a proxy server.
91
Parameter
Description
Timeout
The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect to other Radware devices. If the device does not
respond after the configured number of retries, APSolute Vision
notifies the user that the connection failed.
Values: 1180
Default: 3
Caution: For DefensePro 7.x versions and in networks with high
latency, Radware recommends increasing the SNMP Timeout to
180 seconds (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Timeout).
Retries
Port
Parameter
Description
Connection Timeout
The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the handshake for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20
Socket Timeout
The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the data transfer for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20
92
Table 19: APSolute Vision Connectivity HTTP/S Parameters Toward Devices (cont.)
Parameter
Description
The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the handshake for certain long file
operationsbefore disconnecting the socket and returning an
exception.1
Values: 11200
Default: 180
The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the data transfer for certain long file
operationsbefore disconnecting the socket and returning an
exception.
Values: 11200
Default: 180
Parameter
Description
93
Parameter
Description
Register This APSolute Vision Registers the APSolute Vision server as a target of the device events
Server for Device Events
(for example, traps, alerts, IRP messages, and packet-reporting
data) on all the managed devices.
(button)
In Alteon or LinkProof NG, when you click the button and run the
Apply command, APSolute Vision configures itself as a target of the
device events and ensures that the device also sends traps for
authentication-failure events. Alteon or LinkProof NG, by default,
does not send traps for authentication-failure events.
When multiple APSolute Vision servers manage the same
DefensePro device, the device sends the following:
Traps to all the APSolute Vision servers that manage it. The
Target Address table and the Target Parameters table contain
entries for all APSolute Vision servers.
Parameter
Description
These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
Enable Proxy Server
IP Address
Port
Use Authentication
Username
Password
Verify Password
94
Parameter
Description
These settings define when to close the user session if there is no activity on either side.
Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a
poll from the WBM within 30 seconds, the server closes the user session.
Inactivity Timeout for
The time, in minutes, of inactivity after which the server logs the
Configuration and Monitoring user out of the Configuration or Monitoring perspectives of a
Perspectives
managed device, or the APSolute Vision Settings view System
perspective.
If the connection has not yet timed out, any activity in the Security
Monitoring perspective, APM, or DPM also resets the timer.
Values: 160
Default: 20
Inactivity Timeout for
Security Monitoring
Perspective, APM, and DPM
95
Parameter
Description
Default: Disabled
Notes:
96
Parameter
Description
When the option is disabled, the message gives the name of the
scalar and says that the value was changed.
When the option is enabled, the message gives the name of the
scalar and the new value.
When the option is disabled, the message gives the name of the
table and says that a row was added or edited.
When the option is enabled, the message gives the name of the
table, the table parameters, and the value for each parameter.
When the option is disabled, the message gives the name of the
table and says that a row was deleted.
When the option is enabled, the message gives the name of the
table and the indexes of the deleted row.
Default: Disabled
Notes:
Parameter
Description
These settings determine how APSolute Vision reports and logs events from the Alerts pane to a
syslog server. For more information, see Alert Information, page 244.
Enable
Report
L4 Destination Port
Values: 165,535
Default: 514
97
Parameter
Description
Syslog Facility
The facility for all APSolute Vision syslog reporting. The list includes
facilities as defined in the RFC 3164. The default is Log Audit.
Change the default if the syslog server uses this facility for reports
from another system.
Enable Encryption
CA Certificate
Enable Authentication
(This parameter is available
only when the Enable
Encryption checkbox is
selected.)
1.
Click the Update button next to this text field. A file browser
dialog box opens.
2.
Browse to the certificate file, and click Open. The field displays
Pending.
3.
Authentication Type
Values:
Permitted Peer
98
Parameter
Description
These settings configure how APSolute Vision sends events from the Alerts pane via e-mail to
defined recipients.
Enable
Specifies whether APSolute Vision sends reports and logs via e-mail.
Default: Disabled
Vision@MyCompany.com.
Subject Header
From Header
Devices
Click to select a subset of managed devices for which to send alerts.
Move the required devices from the Available list to the Selected list.
Severity
Critical
Major
Minor
Warning
Information
Module
Vision Configuration
Vision General
Vision Control
99
Parameter
Description
Device General
Device Security
Security Reporting
Parameter
Description
Refresh Interval
In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Security Alerts.
2.
Select the check box next to each parameter you want to include in the alerts.
You can choose any combination of the following parameters:
Policy Name
Attack Name
Source IP Address
Destination IP Address
Destination Port
Action
Click Submit.
Note: Changes to the settings take effect on alerts generated from the time of the change and
onward.
100
Parameter
Description
These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for On-line
Monitoring
Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for a
response of a device-status poll before considering a device to be
down.
Default: 300
Note: If the network has latency longer than the Timeout for
Device Status Poll, devices will appear up and down or always
down, and therefore unmanageable. If you encounter such
behavior, increase the value accordingly.
Reports
This setting configures APSolute Vision monitoring for real-time reports for DefensePro.
Polling Interval for Reports
101
Two threshold values for rising alarms to issue warning and error alerts respectively. The rising
server-alarm threshold value must always be lower than the rising error threshold. When the
parameter value exceeds the rising server-alarm threshold value but is less than the error
threshold value, a warning alert is issued. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Two threshold values for falling alarms to clear warning and error alerts respectively. The falling
alarm values must be less than their respective rising alarm values.
Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.
In the APSolute Vision Settings view System perspective, select General Settings > Server
Alarm.
2.
To edit the thresholds for a specific parameter, double-click the parameter name.
3.
Parameter
Description
Parameter
Enabled
Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning
The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.
Error
The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning
The falling warning alarm value must be less than the rising warning alarm
value.
Error
The falling error alarm value must be less than the rising error alarm value.
102
Caution: Users defined through a RADIUS server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).
Caution: If the name of an APSolute Vision site changes and a RADIUS server authenticates users,
the user scopes on the RADIUS server must be reconfigured manually.
Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.
4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see Each RADIUS server (primary and
secondary) for APSolute Vision user authentication requires the following:, page 104). If the
RADIUS server does not authenticate the user, the RADIUS server sends an Access-Reject
message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5. If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
103
The RADIUS server must use the port specified on the APSolute Vision server.
The RADIUS server must use the authentication type (for example, PAP) that is specified in the
APSolute Vision server.
Your RADIUS server and/or RADIUS Authentication system and your dictionary file must include
the following:
Vendor ID 89To specify Radware (as assigned by Internet Assigned Numbers Authority,
IANA). Vendor ID 89 will need to be configured on the RADIUS server.
Vendor Attribute ID 100To specify the Radware-Role attribute. The RADIUS server can
use this attribute to return the IDM-stringscope combination to the APSolute Vision serer.
Vendor Attribute ID 101To specify the Radware-Policy attribute. The RadwarePolicy attribute is used to limit what DefensePro security data the user sees in the Security
Monitoring perspective and APSolute Vision Reporter according to specified DefensePro
Network Protection policies. This feature is supported only in DefensePro on x412 platforms
with the DME and x420 devices.
The RADIUS server Access-Accept response must include an IDM-stringscope combination, for
the Radware-Role attribute, in the following format:
<IDM string>:<Scope>
where:
<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70. The list of the available RADIUS attribute IDs and corresponding attribute names is
available at http://www.iana.org/assignments/radius-types/radius-types.xhtml.
<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more rows
specifying a site or managed-device name.
Examples:
ADMINISTRATOR:[ALL]ADC_OPERATOR:MyADCSiteADC_OPERATOR:MyADCSite
ADC_OPERATOR:MyDevice1
ADC_OPERATOR:MyDevice2
Caution: Users defined through a RADIUS server with the Administrator, User
Administrator, or Vision Administrator roles role must be configured with the scope [ALL]
(including the square brackets).
If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must
include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy
attribute, in the following format:
<SecurityMonitoringScope>:<ProtectionPolicyName>
104
<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more rows.
Examples:
[ALL]:[ALL] The user has security-monitoring access to all the supported DefensePro
devices for the corresponding scope and all the associated Network Protection policies.
10.202.199.36:MyNetProtPolicy1
10.202.199.36:MyNetProtPolicy2
10.202.199.36:MyNetProtPolicy3 The user has security-monitoring access to data
related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and
MyNetProtPolicy3, that are configured in the DefensePro device with the IP address
10.202.199.36.
Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.
Parameter
Description
IP Address
105
Parameter
Description
Port
Shared Secret
The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
Parameter
Description
IP
Authenticate Port
Shared Secret
Parameter
Description
Timeout
Retries
Attribute ID
106
Parameter
Description
Vendor ID
(This parameter is
Default: 89Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
Vendor Attribute ID
PAP
CHAP
EAP-MD5
EAP-MSCHAP v1
MSCHAP v1
MSCHAP v2
Default: PAP
Caution: Users defined through a TACACS+ server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).
Caution: If the name of an APSolute Vision site changes and a TACACS+ server authenticates
users, the user scopes on the TACACS+ server must be reconfigured manually.
107
If the TACACS+ server recognizes and authorizes the APSolute Vision server, the TACACS+
server processes the request for the user and password.
Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute
Vision server), the TACACS+ server ignores the request.
4.
If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see TACACS+ Server Requirements,
page 108). If the TACACS+ server does not authenticate the user, the TACACS+ server sends an
Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5.
If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
The TACACS+ server must use the port specified on the APSolute Vision server.
The TACACS+ server configuration file must use the following structure:
user = <user> {
login = <login>
member = <user group>
}
group = <user group>{
service = <service> {
radware-role = <IDM string>:<Scope>
radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>
priv-lvl = <privilege level>
}
}
108
<login> is the login type and the users password. The login type can be cleartext,
where the users password is exposed in the configuration file, or may use encryption such
as des. If the password includes a space, the password must be enclosed in quotation
marks (").
Examples:
cleartext mypassword
cleartext "my password"
des l5c2fHiF21uZ6
<user group> is the group of which the user is a member.
<service> is the Service Name configured for the TACACS+ connection in APSolute Vision.
<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70.
<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more entries
specifying a site or managed-device namedelimited by plus signs (+).
Caution: Users defined through a TACACS+ server with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).
<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more entriesdelimited by plus signs (+).
Examples:
dp1:[ALL] The user has security-monitoring access to all the Network Protection
dp3:MyNetProtPolicy1+dp3:MyNetProtPolicy2+dp3:MyNetProtPolicy3 The
DefensePro devices for the corresponding scope and all the associated Network
Protection policies.
user has security-monitoring access to data related to the Network Protection policies
named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured
in the DefensePro device named dp3.
109
Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.
<privilege level> is the Minimal Required Privilege Level configured for the
TACACS+ connection in APSolute Vision. TACACS+ indicates the privilege level at which the
user is authenticating.
Note: Privilege levels are ordered values from 0 to 15 with each level representing a privilege
level that is a superset of the next lower value. If a NAS client uses a different privilege level
scheme, mapping must be provided.
The predefined values are as follows:
TAC_PLUS_PRIV_LVL_MAX
:= 0x0f
TAC_PLUS_PRIV_LVL_ROOT
:= 0x0f
TAC_PLUS_PRIV_LVL_USER
:= 0x01
TAC_PLUS_PRIV_LVL_MIN
:= 0x00
Example
The following is an example of a TACACS+ configuration file.
The file includes definitions of the user testuser who belongs to the group testgroup.
dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.
The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.
RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all
policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.
user = testuser {
login = cleartext "radware"
member = testgroup
}
group = testgroup {
service = connection {
radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4
radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]
priv-lvl = 2
}
}
110
Parameter
Description
IP Address
Port
Shared Secret
Parameter
Description
IP Address
Authenticate Port
Shared Secret
111
Parameter
Description
Timeout
Retries
The minimum TACACS+ privilege level specified for a user that will
allow access to APSolute Vision. A user can successfully be authorized
by the TACACS+ server but have a privilege level that is too low to
access APSolute Vision.
0 (zero) is the lowest privilege level, meaning: all users can access
APSolute Vision. 15 is the highest level. For example, if the Minimal
Required Privilege Level is defined as 1, all users with access level of 1
or higher can access APSolute Vision; and users with level 0 (zero) will
not have access to APSolute Vision.
Values: 015
Default: 0
Service Name
Caution: Device drivers do not include changes to the online help. Depending on the configuration
of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute
Vision server (the default option) or radware.com. The online-help files at radware.com are always
the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute
Vision clients get online help from the APSolute Vision server, after updating a device driver, the
online-help files on the server should be updated. It is the responsibility of the APSolute Vision
administrator to make sure that the help files on the server are updated as necessary. For more
information, see Appendix A - Managing the Online-Help Package on the Server, page 505.
112
Note: The device driver includes the minimum APSolute Vision version.
When an APSolute Vision server detects that a new device has been installed or that a new device
software version has been installed on an existing device, the server retrieves the driver version
from the device.
The server checks whether it already has a driver version that corresponds to the device software
version, and uses the newest device driver.
If the driver version on the device is newer than the device version on the server, the server
downloads the new driver from the device, but does not apply it. The table in the Device Drivers
node (in the APSolute Vision Settings view System perspective) displays the device-version row
shaded gray.
If the device driver is incompatible or not found, APSolute Vision behaves as follows:
Issues an appropriate error message, but displays the device in the tree of the device pane with
a special icon (?) on top of it.
When you click the device in the tree, no screen is displayed, but the following information is
displayed in the device-properties pane: Device Name (from Vision), Device Type (if known),
Status: Unsupported, and Software Version: <SW_version>
Update all the device drivers that are not updated in the APSolute Vision server.
If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or
not. If you change the driver version when a device is locked by other users, you may lose the
changes for those users.
Column
Description
Product Name
Alteon
AppWall
DefensePro
LinkProof NG
Product Version
Instances
The number of devices that use the same device software version.
Driver Baseline
The baseline version of the driver used for this device software version.
Driver in Use
Latest Driver
The latest driver version for this device software version that is stored in
the APSolute Vision server.
Supported Languages
113
In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2.
Select the row with the relevant device and device version.
3.
Click the
4.
5.
Click Update. APSolute Vision verifies that the device driver version is relevant for the device
software.
6.
Read the confirmation message, and then, accept or abort the action.
The version of the driver that you install cannot be the same version or an older version of the
driver baseline version. If the driver version that you install is newer than the baseline version
but older than the driver version in use, APSolute Vision prompts you for confirmation to change
the current driver. If the driver version that you install is newer than the baseline version and
newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade
the current driver.
To apply a driver version to a specific device when there is a newer version in the server
1.
In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2.
Select the row with the relevant device and device version.
3.
Select the
To revert to baseline driver version that resides on the APSolute Vision server
1.
In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2.
Select the row with the relevant device and device version.
3.
Select
Note: This option is displayed only when the driver version in use is different from the baseline
driver release.
114
To update all the device drivers to the latest ones that are stored in the APSolute Vision
server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click
Note: This command is available only when the APSolute Vision server has device driver
version that is later than one of the device drivers in use.
The following procedure is for troubleshooting a situation such as the following:
A driver for the device you want to add to the APSolute Vision configuration does not exist in the
APSolute Vision server or does not exist as part of the device software.
The driver for the device you want to add to the APSolute Vision configuration is corrupt in the
APSolute Vision server.
The driver for the device you want to add to the APSolute Vision configuration does not exist in
the APSolute Vision server and is corrupt in device software.
Note: The APSolute Vision CLI includes a command for troubleshooting problems related to
device drivers. For more information, see system database maintenance driver_table delete,
page 472.
To load a driver for a software version that does not exist in the Device Drivers table
(that is, APSolute Vision has never managed a device using this software version)
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click the
115
Notes
In the APSolute Vision Settings view System perspective, select General Settings > APSolute
Vision Reporter.
2.
Parameter
Description
148
Unlimited
Default: 12
Note: After upgrade from an APSolute Vision version prior to 2.30,
the value is Unlimited. You can modify this value if you require.
Upload Logo
(button)
116
You can upload a logo to display on reports. Click the button and enter
the name of the file to upload.
(Add) button.
In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
Parameter
Description
117
Parameter
Description
Unavailable Devices
Notes
APM requires a proper license, which you can manage in the License Management tab (APSolute
Vision Settings view System perspective, General Settings > License Management).
For information on the installation of the APM server, see the APSolute Vision Installation and
Maintenance Guide.
For information on how to configure Alteon or LinkProof NG with APM, see Configuring the APM
Server in an Alteon, page 59 and Managing Virtual Services Settings, page 231.
For information on using APM, see the Application Performance Monitoring User Guide.
For information on how to use the APM Web interface, click the
Web interface.
118
Do the following:
).
a.
In the APSolute Vision Settings view System perspective, select General Settings >
APM Settings.
b.
The Alteon must be managed by the same APSolute Vision that hosts the APM server.
If the instance of the APM server is replaced without restoring the previous database, the
system administrator must reapply the APM configuration on each virtual service.
DownThe APM server is down. Typically, this is because the APM server is not yet
configured in the table or the APM license is not yet installed.
(Add) button.
119
Parameter
Description
Use the APM Server Installed on Specifies whether APSolute Vision uses the APM server associated
this APSolute Vision Server
with the APSolute Vision server with APM server VA installation.
(This parameter is available only Values:
with the APSolute Vision server DisabledAPSolute Vision uses an external APM server.
with APM server VA offering.)
EnabledAPSolute Vision uses the APM server associated
with the APSolute Vision installation, and populates the
following fields with read-only values:
Default: Disabled
Notes:
Management IP Address
Port
120
Parameter
Description
Data IP Address
Backup IP Address
Performance Limit
Parameter
Description
Device Name
Virtual Server IP
Port
Description
In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings > APM-Enabled Devices.
Parameter
Description
Device Name
Device Management IP
Software Version
Form Factor
121
Parameter
Description
Hardware Platform
) in the
Note: For more information on DefensePipe, see the DefensePipe User Guide.
In the APSolute Vision Settings view System perspective, select General Settings >
DefensePipe Settings.
2.
In the DefensePipe URL text box, type the URL, and click Submit.
In the APSolute Vision Settings view System perspective, select General Settings >
Advanced.
2.
122
Parameter
Description
Maximum Configuration Files The maximum number of configuration files per managed device
for Device
that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 110
Default: 5
Note: If you change the maximum value to less than the number
of existing configuration files, none of the existing files will be
deleted. For example, the configured maximum value is 10 and
there are 8 configuration files, if you then change the configured
maximum value to 4, no files are deleted.
Minimal Log Level
Fatal
Error
Warning
Info
Debug
Trace
Default: Error
Caution: Lowering the value of the Minimal Log Level
parameter may negatively affect the performance of the APSolute
Vision server. Radware recommends using the default value,
Error, except when there are specific troubleshooting
requirements.
Device Lock Timeout
The time, in minutes, that a device remains locked. If you have the
appropriate permissions to configure a device, you can lock the
device so that other user cannot configure the device at the same
time.
Values: 5180
Default: 10
123
Parameter
Description
Note: After you click Submit, for a change to take effect immediately, you may need to refresh
your browser display or clear the browser cache.
Online Help URL
Opens the dialog box to update the online-help package that resides
in the APSolute Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.
The online help currently on the server reverts to the online help
package that was included with the installation of the APSolute
Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.
In the APSolute Vision Settings view System perspective, select General Settings > Display.
2.
124
Parameter
Description
The default display language for new users in the APSolute Vision
system.
Notes:
If you change the value, the change affects only users created
after the change.
The page that APSolute Vision displays by default for new users in
the APSolute Vision system.
Values:
None
If you change the value, the change affects only users created
after the change.
125
Parameter
Description
Date Format
The date format for information that includes time and date and
displayed in the APSolute Vision client.
Values:
dd.MM.yyyy
MM.dd.yyyy
dd/MM/yyyy
MM/dd/yyyy
Default: dd.MM.yyyy
Time Format
The time format for information that includes time and date and
displayed in the APSolute Vision client.
Values:
HH:mm:ss
HH:mm:ss z
h:mm:ss aa
h:mm:ss aa z
Default: HH:mm:ss
In the APSolute Vision Settings view System perspective, select General Settings >
Maintenance Files.
2.
3.
Use the dialog box to open the file with a selected application or save the file to a selected
location.
For information about configuring the maximum number of configuration files per device that can be
stored, see Configuring APSolute Vision Server Advanced Parameters, page 122.
126
In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
(Delete) button.
To get the configuration file of the device from the APSolute Vision server and download
the file to the local PC
1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Select the relevant entry.
3. Click the
Parameter
Description
File Name
File Type
SW Version
Backup Date
The date and time that the file was saved on the APSolute Vision server.
Description
A description of the file. You can enter and edit text in this field.
127
In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2.
3.
Click the
4.
From the Compare... With drop-down list, select one of the following:
5.
6.
Click OK.
Back up the APSolute Vision dataYou can back up the configuration tables and other APSolute
Vision data. To back up the database including real-time and historical reports, you must use CLI
commands. For more information, see APSolute Vision CLI Commands, page 441.
You can perform the following operations using APSolute Vision CLI:
For more information about APSolute Vision CLI commands, see APSolute Vision CLI Commands,
page 441.
128
Using the Multi-Device View and the Multiple Devices Summary, page 152
Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.
Alteon standalone, VA, and vADC devices and clusters of Alteon devices for high availability
AppWall devices
LinkProof NG devices
You can organize the devices into logical groups, referred to as sites.
You can configure sites in both the Sites and Clusters tree and the Physical Containers tree.
You may configure sites according to a geographical location, administrative function, or device
type.
Each site can contain nested sites and devices. You can create clusters of devices for high
availability.
You can also display real-time security monitoring for multiple devices. You can select a site or select
multiple devices (using standard mouse click/keyboard combinations) whether or not the devices
are in the same site.
Tree nodes are organized alphabetically in the tree within each level. For example, a site called
Alteon_Site appears before a site at the same level called DefensePro_Site.
All nested sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a site and a device the same
name, and you cannot give devices in different sites the same name.
Node names are case-sensitive.
129
Configuring Sites
By default, the root site is called Default. You can rename this site, and add nested sites and
devices.
You can add, rename, and delete sites. When you delete a site, you must first remove all its child
sites and devices.
Notes
To move a device between sites, you must first delete the device from the sites tree and then
add it in the required target site.
A site cannot have the same name as a device, and sites nested under different parent sites
cannot have the same name.
In the device pane, select the site name in which you want to create the new site.
2.
Click the
3.
4.
5.
Click Submit.
Caution: With RADIUS or TACACS+, if a user definition explicitly mention the name of a site and
the site name changes, the user definition in the RADIUS or TACACS+ server must be updated
accordingly.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
To rename a site
1.
2.
Click the
3.
4.
Click Submit.
130
(Edit) button.
To delete a site
1. In the device pane, select the site.
2. Click the
Notes
You can change the name of a device after you have added it to the APSolute Vision
configuration
To move a device between sites, you must first delete the device from the sites tree and then
add it to the required target site.
If you replace a device with a new device to which you want to assign the same management IP
address, you must delete the device from the site and then recreate it for the replacement.
When you delete a device, you can no longer view historical reports for that device.
When you delete a device, the device alarms and security monitoring information are removed
also.
You can export a CSV file with the devices in the Sites and Clusters tab. The CSV file includes
information on each device. The file does not include information regarding associated sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and
Clusters tab, page 144.
131
HTTPS is used for downloading/uploading various files from/to managed devices, including:
configuration files, certificate and key files, attack-signature files, device-software files, and so
on. For DefensePro 6.x versions 6.14 and later, APSolute Vision uses Transport Layer Security
(TLS) protocol version 1.1 or later.
You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server.
The following procedure, To add a new device, page 133, is relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
AppWall
DefensePro
LinkProof NG
To add a new device, page 133Relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
AppWall
DefensePro
LinkProof NG
To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by
the same APSolute Vision server, page 139
To edit device connection information, page 143Relevant for the following device types:
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
132
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
3. From the Type drop-down list, select the device type that you require.
4. Configure the parameters, and click Submit.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane.
Parameter
Type
Description
The type of the object.
Values:
Name
Site
Alteon
AppWall
DefensePro
LinkProof NG
Parameter
Description
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Management IP
SNMP Version
133
Parameter
Description
Maximum characters: 18
Use Authentication
Default: Disabled
Authentication Protocol
Authentication Password
Default: MD5
Parameter
Description
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
134
Parameter
Description
Management IP
Password
HTTP Port
HTTPS Port
Default: 80
Default: 443
Parameter
Description
Password
SSH Port
135
Parameter
Description
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures itself
for Device Events
as a target of the device events.
Values:
Default: Enabled
Note: APSolute Vision runs this action each time you click
Submit in the dialog box. For more, important
information, see APSolute Vision Server Registered for
Device EventsAlteon and LinkProof NG, page 144.
Register APSolute Vision Server IP
(This parameter is available only
when the Register This APSolute
Vision Server for Device Events
checkbox is selected.)
Remove All Other Targets of Device
Events
(This parameter is available only
when the Register This APSolute
Vision Server for Device Events
checkbox is selected.)
To add an ADC-VX
1.
In the device pane Physical Containers tree, navigate to and select the site name to which you
want to add the ADC-VX.
2.
Click the
3.
136
Parameter
Description
Type
Name
Parameter
Description
Management IP
SNMP Version
SNMP Community
Maximum characters: 18
Use Authentication
Default: disabled
Authentication Protocol
Authentication Password
Default: MD5
137
Parameter
Description
Use Privacy
Default: Disabled
Parameter
Description
User Name
Password
HTTP Port
HTTPS Port
138
Parameter
Description
Default: Enabled
APSolute Vision runs this action each time you click Submit in
the dialog box.
For more, important information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG,
page 144.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to which
the managed device sends events.
(This parameter is available only
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Remove All Other Targets of
Device Events
(This parameter is available only
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
139
In the Device Properties dialog box, configure the parameters, and click Submit.
After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and
Clusters tree. The device information is displayed in the content pane, and device properties
information is displayed in the device-properties pane. Once you add the vADC to the device
pane Sites and Clusters tree, you cannot change its location or configure any of its properties
from the Physical Containers tree.
Parameter
Description
Name
Notes:
Location
The site in the device pane Sites and Clusters tree where
APSolute Vision locates the vADC.
Parameter
Description
Management IP
SNMP Version
SNMP Community
140
Parameter
Description
Use Privacy
Parameter
Description
User Name
Password
HTTP Port
HTTPS Port
Parameter
Description
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name
Password
141
Parameter
Description
SSH Port
Parameter
Description
Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events
itself as a target of the device events.
Values:
Default: Enabled
APSolute Vision runs this action each time you click
Submit in the dialog box.
For more, important information, see APSolute Vision
Server Registered for Device EventsAlteon and
LinkProof NG, page 144.
Register APSolute Vision Server IP
(This parameter is available only when
the Register This APSolute Vision
Server for Device Events checkbox is
selected.)
Remove All Other Targets of Device
Events
142
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
(Edit) button.
3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.
(Edit) button.
3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.
The following procedure, To delete a device, page 143, is relevant for the following device types:
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
To delete a device
1. In the device pane Sites and Clusters tree, select the device name, and click the
button.
(Delete)
2. Click Yes in the confirmation box. The device is deleted from the list of managed devices.
143
To delete an ADC-VX
1.
In the device pane Physical Containers tree, select the device name and click the
button.
2.
Click Yes in the confirmation box. The device is deleted from the list.
(Delete)
To export a CSV file with the devices in the Sites and Clusters tab
1.
2.
View the file or specify the location and file name, and then, click Save.
The CSV file includes the following columns:
Device Name
Device Type
Status
Management IP Address
Software Version
MAC Address
License
Platform
Form Factor
HA Status
Device Driver
/cfg/sys/ssnmp/auth.
You can view the APSolute Vision address target with the CLI commands
/cfg/sys/ssnmp/trap1 or /cfg/sys/ssnmp/trap2.
144
Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target
Parameters table contain entries for all APSolute Vision servers.
Packet-reporting data only to the last APSolute Vision server that registered on the device.
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter might not collect and display
information about the device.
Note: Only one APSolute Vision server should manage any one Radware device.
While the device is locked:
The device icon in the device pane includes a small lock symbol
LinkProof NG,
for DefensePro.
Configuration panes are displayed in read-only mode to other users with configuration
permissions for the device.
If applicable, the
145
2.
In the device pane, select the devices to lock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.
2.
Click the
3.
(View) button.
(the drawing of the unlocked padlock at the lower-left
In the device pane, select the devices to unlock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.
2.
Click the
3.
(View) button.
(the drawing of the locked padlock at the lower-left
Note: DefensePro does not support this feature when the Device Operation Mode is IP (see
Configuring the Device Operation Mode for DefensePro, page 153).
This section contains the following topics:
Synchronizing High-Availability Devices and Switching the Device States, page 151
146
High-Availability in DefenseProOverview
To support high availability (HA), you can configure two compatible DefensePro devices to operate in
a two-node cluster. One member of the cluster is configured as the primary; the other member of
the cluster assumes the role of secondary.
Both cluster members must meet the following requirements:
Platform
Software version
Software license
Throughput license
Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,
or both MNG-1 and MNG-2 on both devices).
When you configure a cluster and submit the configuration, the newly designated primary device
configures the required parameters on the designated secondary device.
You can configure a DefensePro high-availability cluster in the following ways:
To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, you can use the High Availability pane (Configuration perspective, Setup >
High Availability). When you specify the primary device, you specify the peer device, which
becomes the secondary member of the cluster.
To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and
Associated Management Ports), you can use the Create Cluster pane. The following graphic
shows the Create Cluster pane and the device pane.
147
The primary device transfers the relevant configuration objects to the secondary device.
A secondary device maintains its own configuration for the device users, IP interfaces, routing, and
the port-pair Failure Mode.
A primary device immediately transfers each relevant change to its secondary device. For example,
after you make a change to a Network Protection policy, the primary device immediately transfers
the change to the secondary device. However, if you change the list of device users on the primary
device, the primary device transfers nothing (because the secondary device maintains its own list of
device users).
The passive device periodically synchronizes baselines for BDoS and HTTP Mitigator protections.
The following situations trigger the active device and the passive device to switch states (active to
passive and passive to active):
The passive device does not detect the active device according to the specified Heartbeat
Timeout.
All links are identified as down on the active device according to the specified Link Down
Timeout.
Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the
specified Idle Line Timeout.
You issue the Switch Over command. To switch the device states, select the cluster node, and
then select Switch Over.
Switch the device state (that is, switch over active to passive and passive to active).
Reboot.
Shut down.
Initiate a baseline synchronization if the device is passive, using the CLI or Web Based
Management.
Notes
By design, an active device does not fail over during a user-initiated reboot. Before you reboot
an active device, you can manually switch to the other device in the cluster.
148
You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web
Based Management.
When you upgrade the device software, you need to break the cluster (that is, ungroup the two
devices). Then, you can upgrade the software and reconfigure the cluster as you require.
In an existing cluster, you cannot change the role of a device (primary to secondary or vice
versa). To change the role of a device, you need to break the cluster (that is, ungroup the two
devices), and then, reconfigure the cluster as you require.
If the devices of a cluster belong to different sites, APSolute Vision creates the cluster node
under the site where the primary device resides; and APSolute Vision removes the secondary
device from the site where it was configured.
APSolute Vision issues an alert if the state of the device clusters is ambiguous. For example, if
there has been no trigger for switchover and both cluster members detect traffic. This state is
normal during the initial synchronization process.
There is no failback mechanism. There is only the automatic switchover action and the manual
Switch Over command.
When a passive device becomes active, any grace time resets to 0 (for example, the time of the
Graceful Startup Mode Startup Timer).
You can monitor high-availability operation in the High Availability pane of the Monitoring
perspective (Monitoring perspective, Operational Status > High Availability).
The Properties pane displays the high-availability information of the selected device.
Parameter
Description
Cluster Name
Primary Device
149
In the device pane Sites and Clusters tab, select cluster node.
2.
Click the
After your confirmation, the cluster node is removed from the tree, and the DefensePro devices
are displayed under the parent node.
In the device pane Sites and Clusters tab, select the cluster node.
2.
Click the
3.
In the Cluster Name text box, type the new name (up to 32 characters).
4.
Click Submit.
(Edit) button.
In the device pane Sites and Clusters tab, select the cluster node.
2.
Click the
3.
(Edit) button.
Note: You cannot change the value if the currently specified management port is being used by
the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you
cannot change the value to MNG2.
Icon
Description
Cluster
Primary device
Secondary device
The following table describes the icon elements that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.
150
Icon
Description
The cluster is operating nominally.
The primary device is active, unlocked, and operating nominally.
The primary device is passive, unlocked, and operating nominally.
The secondary device is active, locked, and operating nominally.
3. Click the
(Synchronize) button.
3. Click the
151
(View) button.
Run configuration-management actions for the relevant devicesYou can run the Apply
or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on
multiple DefensePro devices.
Open the Security Monitoring perspectiveIn the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabswith the data
aggregated for all the selected devices. For more information, see Using Real-Time Security
Monitoring, page 381.
152
(View) button.
Perform administration and maintenance tasks on managed devices such as scheduling tasks,
making backups, and so on.
For more information, see Managing Device Operations and Maintenance, page 155.
153
154
Device-Configuration Management (Global Commands) for Alteon and LinkProof NG, page 158
Downloading a DefensePro Log File to the APSolute Vision Client, page 162
Updating a Radware Signature File or RSA Signature File in DefensePro Devices, page 162
Reset will cause failover of the ADC, which might cause an interruption in network service.
Configuration changes that have not been applied will be lost. Run the Diff command to view
the changes that have not been applied, and then, run the Apply command as needed.
Configuration changes that have not been saved will be lost. Run the Diff Flash command to
view the changes that have not been saved, and then, run the Save command as needed.
The spanning tree will be restarted, which will likely cause an interruption in network service.
Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see
Managing Tasks in the Scheduler, page 222.
To reboot a device
1.
2.
3.
Select Reset.
155
2.
3.
In the device pane, select the devices. You can select a site or select multiple devices (using
standard mouse click/keyboard combinations) whether or not the devices are in the same site.
2.
Click the
3.
Click
(View) button.
. The Multi-Device Configuration dialog box opens.
Note: The top table, which you can filter, contains all the selected devices and comprises the
following columns: Device Type, Device Name, IP Address, and Version.
4.
From the top table, select the lead device, whose configuration changes will be applied to the
selected additional devices. The bottom table, which you can filter, displays the selected devices
of the same type and major version.
5.
From the bottom table, select the checkbox next to each device that the lead device will try to
change.
6.
Click Go. The GUI of the lead device opens. The device pane shows the lead device and the
selected additional devices as selected.
7.
8.
9.
After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the selected additional devices.
Notes
APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on a selected additional devices.
156
Other Device Running ConfigurationThat is, another device of the same type and
major version
Backup File from SystemThat is, a device-configuration backup file stored on the
APSolute Vision server
Backup File from Local File SystemThat is, a device-configuration backup file stored on
the local file system
The Compare action displays differences in the configurations using a green background for the
configuration of the first device and red background for the configuration of the other device.
Diff Flash (Alteon and LinkProof NG only)Collects the pending configuration changes and the
affected configuration stored in flash memory on the device.
Click the
157
Role
Description
Apply
Applies any changes that have been made to the device configuration.
If the new configuration is different from the current configuration, to
indicate that the Apply command is required to take effect, the Apply
Required button is displayed with an orange background.
The Apply operation requires the device to be locked. When you select
a single device, the Apply option is available only if the device is
locked. When you select multiple devices, the Apply option is always
available. When you select the Apply option for multiple devices,
APSolute Vision tries to lock all the selected devices. If APSolute Vision
is able to lock all the devices, APSolute Vision performs the Apply
operation. When the operation completes, APSolute Vision unlocks the
devices that were unlocked prior to the operation. If APSolute Vision is
not able to lock all the devices because some of the devices are locked
by another user, a pop-up message is displayed, asking you whether
to continue the Apply operation on the remaining devices (that is, the
devices are locked by you or not locked at all). If you confirm the
action, APSolute Vision performs the Apply operation. When the
operation completes, APSolute Vision unlocks the devices that were
unlocked prior to the operation.
Note: During the Apply operation, the device icon in the device
pane may momentarily change from locked
to
maintenance
, and the value of the Status parameter in
the device-properties pane may momentarily change from Up to
Maintenance.
Save
Revert
Revert Apply
158
Table 64: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)
Role
Description
Diff
Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 157.
Diff Flash
Dump
Figure 34: Revert ButtonArrow Clicked Shows Revert and Revert Apply Options
159
Figure 35: Diff ButtonClicked Displays Compare, Diff, and Diff Flash Options
160
Back up the existing configuration file. For more information, see Downloading a DeviceConfiguration File, page 27.
Ensure that you have configured on the device the authentication details for the protocol used to
upload the file.
Parameter
Description
Upload Via
(Read-only) The protocol used to upload the software file from APSolute
Vision to the device.
Value: HTTPS
File Name
Software Version
Password
Enter the password received with the new software version, and verify.
The password is case sensitive.
161
2.
3.
4.
(Operations) icon.
Parameter
Download Via
Description
(Read-only) The protocol used to download the log file.
Value: HTTPS
Save As
Save the downloaded log file as a text file on the client system. Enter or
browse to the location of the saved log file, and select or enter a file
name.
Radware.com or the proxy file server that is configured in the Vision Server
Connection configurationThe Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
APSolute Vision client systemThe name of the signature file must be <DEVICE-MACADDRESS>.sig.
Caution: Updating the signature file consumes large amounts of resources, which may cause the
device to go temporarily into an overload state. Radware recommends updating the signature file
during hours of low activity.
162
Note: You can schedule signature-file updates in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.
For more information about using signature files, see the DefensePro User Guide.
(Operations) icon.
Parameter
Description
Signature Type
Radware Signatures
RSA Signatures
Note: You can select RSA Signatures only on DefensePro version6.x devices that have Fraud Protection enabled.
Update From
Upload Via
File Name
(This parameter is
displayed only when
Update From Client is
selected)
163
Note: You can also download a DefensePro technical support file using the DefensePro CLI. For
more information, see the DefensePro User Guide.
Use the following procedure to download a technical support file using APSolute Vision.
1.
In the device pane, select the device, and then, click the arrow of the
icon.
2.
3.
(Operations)
Parameter
Description
Download Via
Save As
Save the downloaded technical support file as a text file on the client
system. Enter or browse to the location of the saved file, and select or
enter a file name.
Commands that do not require rebooting the deviceCopying and pasting a command
from this section takes effect immediately after pasting. The commands in the section are not
bound to SNMP. The section has the heading: The following commands take effect
164
Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.
(Operations) icon.
Parameter
Description
Download to
Download Via
Save As
Save the downloaded configuration file as a text file on the client system.
On the server, the default name is a combination of the device name and
backup date and time. You can change the default name.
Passphrase
(This parameter is
displayed only in Alteon
devices.)
Include Private Keys
165
Caution: Importing a configuration file that has been edited is not supported.
2.
3.
4.
5.
(Operations) icon.
Parameter
Description
Upload from
Upload Via
File Name
When uploading from the client system, enter or browse to the name of
the configuration file to upload.
When uploading from the server, select the configuration to upload.
Passphrase
(This parameter is
available only with
Alteon devices.)
ACL policy
White list
166
Black list
Classes
>
In the device pane, select the device, and then, click the
button.
167
168
DefensePro setup and network configurationFor example, device time, physical ports,
and so on.
User-defined signatures.
Notes
The terms Network Protection policy, and network policy may be used interchangeably in
APSolute Vision and in the documentation.
You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.
You can import Network Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.
You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
169
In the Configuration perspective, select Network Protection > Network Protection Policies.
2.
Select the Network Protection policy that you want to export, and click
3.
(Export).
Parameter
Description
Download To
Values:
Default: Server
Download Via
Configuration
DNS Baseline
Specifies whether DefensePro exports the template with the current DNS
baseline of the policy.
Default: Enabled
BDoS Baseline
Specifies whether DefensePro exports the template with the current BDoS
baseline of the policy.
Default: Enabled
User-Defined Signature Specifies whether DefensePro exports the template with the current userProtection Profile
defined Signature Protection profile of the policy.
Default: Enabled
Save As
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2014.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
170
(Export).
Parameter
Description
Download To
Values:
Default: Server
Download Via
Configuration
HTTP Baseline
Specifies whether DefensePro exports the template with the current HTTP
baseline of the policy.
Default: Enabled
Save As
<DeviceName>__<PolicyName>_<date>_<time>
Example:
MyDefensePro__MyPolicy_2015.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Date and Time
Format.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
171
The name of the device from which the template was exported.
File TypeDisplays Server Protection for a template from a Server Protection policy or
Network Protection for a template from a Network Protection policy.
Export DateDisplays the date and time that the template was added to the Template List.
The date-time format is determined in the APSolute Vision Settings view Preferences
perspective, under General Settings > Date and Time Format.
Delete the templates from one or more DefensePro devicesThe delete command
removes the selected template(s) from the table and, from the DefensePro devices, the policy
definitions and all other policy-related configurations (Network Classes, VLAN Tag Classes,
profile definitions) as long as the other policies on the device(s) are not using those objects.
Delete the rowsThis action deletes the policy or policies, without the related objects.
Click Templates (
2.
172
Parameter
Source Device Name
Description
Values:
Default: All
File Type
File Name
Values:
The filename that the filter uses. The value supports one or two
wildcards (*).
Examples:
To clear the template-list filter and show all of the stored templates
1. Click Templates (
2. Click Clear.
2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Send to Devices.
5. Configure the parameters, and then click Submit.
173
Parameter
Description
Available Devices
The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.
Selected Devices
Update Method
Values:
Install on Instance
Values:
Default: Disabled
174
2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Delete from Devices.
5. Configure the parameters, and then click Submit.
Parameter
Description
Available Devices
The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.
Selected Devices
Values:
Default: Disabled
(Add) button.
Parameter
Description
File Type
Values:
Upload From
The filepath of the template. Click Browse to browse to the directory and
select the file.
175
Click Templates (
2.
Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3.
Select the rows with the required templates (using standard Windows key combinations).
4.
Click the
5.
In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
6.
Click Save.
Click Templates (
2.
Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3.
Select the rows with the required templates (using standard Windows key combinations).
4.
Click the
DefenseSSL
Oracle E Business
SharePoint 2010
SharePoint 2013
Zimbra
176
Real servers
Server groups
Virtual servers
Virtual services
Users with the Administrator role can manage the AppShape templates.
Users with following roles can create AppShape instances on Alteon devices:
Administrator
ADC Administrator
Device Administrator
System Configuration
To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run
CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH
must be enabled in the Management Protocols pane (Configuration perspective, System >
Management Access > Management Protocols). And, the SSH port configured in the
Management Protocols pane must be the same as the value in the SSH Port text box in the Device
Properties pane. (The Device Properties pane opens from the Sites and Clusters tab when you add a
new device or edit device properties.)
To view the basic parameters of AppShape instances that the APSolute Vision server is
managing
>
Click Templates (
Parameter
Description
AppShape Type
Name
Device Name
Virtual Address
Configuration Validation
Last Validation
The last time that the configuration of the device was synchronized
with the AppShape template.
177
The nodes under the AppShapes node display, by default, the instances of the corresponding
AppShape type.
Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the
default of most AppShape types), configure the SSL certificate before you configure the AppShape
instance (Configuration perspective, Application Delivery > Application Services > SSL >
Certificate Repository).
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
3.
Click the
4.
Do the following:
5.
From the AppShape Type drop-down list, select the AppShape type that you require.
From the Device Name drop-down list, select the Alteon instance on which to configure the
AppShape instance.
178
2. Select the row with the instance whose configuration you want to view or modify, and then, click
the
(Edit) button.
Caution: If you upload an AppShape template type that already exists in the APSolute Vision
server, before proceeding, and overwriting the existing template, Radware strongly recommends
that you remove existing instances of the template. If you overwrite the existing template and there
are existing instances of this template, unexpected results may occur.
Note: The online help that includes the description of the new AppShape template type will be in
the online-help files at radware.com and the latest online-help package. The APSolute Vision
administrator can configure whether the online help comes from the APSolute Vision server or from
radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary with the latest online-help package.
179
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Common
Web ApplicationAppShape-generated Configuration, page 573.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
180
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter
Description
Caching
Compression
Connection Management
Proxy IP
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
181
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see
DefenseSSLAppShape-generated Configuration, page 575.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > DefenseSSL. The AppShape Type dropdown list displays DefenseSSL.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
182
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
SSL Acceleration
Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Parameter
Description
Address
MAC Address
VLAN
Port
183
Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
External Clients
Ethernet
Ethernet
DMZ
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
ACT
LINK
10
11
ACT
1000
10/100
Alteon 4416
MNG 1
LINK
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOLE
Alteon.active.device
ACT
192.168.1.1/24
LINK
10
11
ACT
1000
10/100
Alteon 4416
MNG 1
LINK
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS O K
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
184
192.168.1.82
192.168.1.34
192.168.1.36
Active Directory
(not part of the AppShape configuration )
192.168.1.10
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2010AppShape-generated Configuration, page 576.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Table 90: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
185
Parameter
Description
POP3
Secured
IMAP4 (Optional)
Secured
Parameter
Description
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
186
Parameter
Description
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
CAS
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
SMTP Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: smtp
1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.
Parameter
Description
Caching
Compression
Connection Management
187
Parameter
Description
Proxy IP
Parameter
SSL Acceleration
Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
188
External Clients
Ethernet
Ethernet
DMZ
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
ACT
LINK
10
11
ACT
Alteon 4416
MNG 1
LINK
1000
10/100
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOLE
Alteon.active.device
ACT
LINK
10
11
ACT
Alteon 4416
MNG 1
LINK
1000
192.168.1.1/24
10/100
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
192.168.1.82
192.168.1.34
192.168.1.36
Active Directory
(not part of the AppShape configuration )
192.168.1.38
192.168.1.10
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2013AppShape-generated Configuration, page 579.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
189
Parameter
Description
AppShape Type
Device Name
Table 97: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
190
Parameter
Description
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
CAS
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
IMAP Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: imap
POP3 Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: pop3
1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.
191
Parameter
Description
Compression
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link ExternalAppShape-generated Configuration, page 582.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > Microsoft Lync External. The AppShape
Type drop-down list displays Microsoft Lync External.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
192
Parameter
Description
Device Name
Table 103: Microsoft Lync External: Microsoft Lync External Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Parameter
Description
SIP Servers
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
193
Parameter
Description
IM Servers
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
194
Parameter
Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync
External Instance Parameters, page 193 table.
Edge HTTPS SIP (443) Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Real Servers, page 326.
195
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link InternalAppShape-generated Configuration, page 584.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > Microsoft Lync Internal. The AppShape
Type drop-down list displays Microsoft Lync Internal.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
The text box contains the virtual IP address of the front end, and
the checkbox specifies whether the address is used.
The text box contains the virtual IP address of the internal edge,
and the checkbox specifies whether the address is used.
The text box contains the virtual IP address of the directors, and
the checkbox specifies whether the address is used.
196
Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters (cont.)
Parameter
Description
Parameter
Description
Real Servers
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
197
Parameter
Description
CWA Servers
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal
Instance Parameters, page 196 table.
Front-End Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Edge Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Directors Settings
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
198
Parameter
Description
Compression
Domain Name
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle EBusinessAppShape-generated Configuration, page 593.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
199
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > Oracle E-Business. The AppShape Type
drop-down list displays Oracle E-Business.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
Oracle E-Business server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
200
Parameter
Description
SLB Metric
Parameter
Description
Caching
Compression
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
SOA Suite 11gAppShape-generated Configuration, page 594.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
201
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > Oracle SOA Suite 11g. The AppShape Type
drop-down list displays Oracle SOA Suite 11g.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Table 119: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Customer VIP
Internal SOA Services VIP The virtual IP address of the internal SOA services.
Management Access VIP
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
Oracle SOA Suite 11g server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
202
Table 121: Oracle SOA Suite 11g: Load Balancing Settings Parameters
Parameter
Description
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter
Description
Caching
Compression
Connection Management
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
203
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
WebLogic 12cAppShape-generated Configuration, page 596.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > Oracle WebLogic 12c. The AppShape Type
drop-down list displays Oracle WebLogic 12c.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Table 125: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
204
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
Oracle WebLogic 12c server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
SLB Metric
Parameter
Description
Compression
Parameter
SSL Acceleration
Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
205
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2010AppShape-generated Configuration, page 598.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > SharePoint 2010. The AppShape Type
drop-down list displays SharePoint 2010.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
206
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
SharePoint 2010 server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
SLB Metric
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter
Description
Caching
Compression
Connection Management
Domain Name
Proxy IP
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
207
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2013AppShape-generated Configuration, page 600.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > SharePoint 2013. The AppShape Type
drop-down list displays SharePoint 2013.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
208
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
SharePoint 2013 server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
SLB Metric
Description
The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.
Parameter
Description
Compression
Domain Name
209
Parameter
Description
SSL Acceleration
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware
View 5.1AppShape-generated Configuration, page 601.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
) and select AppShapes > VMware View 5.1. The AppShape Type
drop-down list displays VMware View 5.1.
3.
4.
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
210
Table 143: VMware View 5.1: VMware View 5.1 Instance Parameters
Parameter
Description
Last Validation
Valid Configuration
Instance Name
Virtual Address
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
VMware View 5.1 server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
SLB Metric
Description
The SLB metric used to select next server in the group.
Default: Persistent Hash
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.
Parameter
Description
Compression
Parameter
Description
SSL Acceleration
211
Parameter
Description
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra
AppShape-generated Configuration, page 602.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
displays Zimbra.
3.
4.
) and select AppShapes > Zimbra. The AppShape Type drop-down list
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
AppShape Type
Device Name
Parameter
Description
Last Validation
Valid Configuration
212
Parameter
Description
Instance Name
Virtual Address
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
Zimbra server.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
button.
(Edit)
Parameter
Description
SLB Metric
Parameter
Description
Compression
Parameter
SSL Acceleration
Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)
213
Running an Administrative Script from the Administrative Scripts Tab, page 220
Administrative ScriptsOverview
Use administrative scripts in APSolute Vision to automate common administrative tasks on managed
Alteon and DefensePro devices. You can run any script configured in APSolute Vision from the
Administrative Scripts tab. You can also run scripts by clicking an icon in the toolbar of managed
devices.
Administrative scripts in APSolute Vision use the vDirect infrastructure. Administrative scripts in
APSolute Vision are vDirect scripts. They are text files with the .vm extension, and they use vDirect
syntax. There is a joint APSolute-VisionvDirect repository. You can load the scripts from APSolute
Vision or from vDirectand execute them from both locations. Any change you to make to a script
is reflected in both locations. The vDirect component in APSolute Vision validates the scripts and
hosts them in the vDirect Configuration Templates tab. You can use vDirect to write new
administrative scripts and then configure them in APSolute Vision. If a script is already configured in
APSolute Vision, you can click on its link, which opens the script in vDirectfor you to view or
modify as you require.
Note: For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect
with APSolute Vision, page 495, and the Radware vDirect documentation.
214
All the functionality for using administrative scriptswhich comprises the following:
Exporting a script from the APSolute Vision server, to modify or view as necessary.
A table with all the scripts configured in the APSolute Vision serverwhich comprises
the following columns:
File NameThe file name of the script, which is a hyperlink to the script in the vDirect
component.
IconThe icon that runs the script from the toolbar of a managed device. This is relevant
only when the Assign to Toolbar parameter is set in the script configuration.
CategoryThe category assigned to sort the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.
Device ToolbarThe device types whose toolbar displays an icon to run the script.
215
Caution: Upgrade of APSolute Vision may include changes to predefined scripts, which overwrite
any script modification that you have made to the predefined scripts. If you modify a predefined
script, it is recommended that you download the file, rename it, and upload it to APSolute Vision as
a new script.
Typically, you may want to modify the values of the following parameters of a predefined script:
Action TitleIf you modify the script, you may want to modify the title to be more descriptive.
Assign to ToolbarBy default, this parameter is disabled. That is, by default, you cannot run
a predefined script from the toolbar of a managed device. You may want to enable this
parameter.
If you configure the script to run from the toolbar of a managed device, you can specify the
following related parameters:
Device ToolbarSpecifies which device types display the icon to run the script.
IconSpecifies the icon that runs the script. You can choose from an assortment of icons
that APSolute Vision provides.
CategorySpecifies a category to assign to the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.
Notes
The predefined scripts (see Predefined Administrative Scripts, page 216) incorporate the
guidelines as appropriate. For example, using #haltOnDeviceError is not incorporated in a
script that uses a GET command.
For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect with
APSolute Vision, page 495, and the Radware vDirect documentation.
Tip: If you need to run a script repeatedly with the same values, edit the script and define default
values for parameters.
216
When you write a vDirect script to use as an administrative script APSolute Vision, Radware
recommends using the following:
An output parameter, so that the APSolute Vision alert message displays the output of the
script formatted well and clearly.
217
Click Templates (
2.
3.
218
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Parameter
Description
Action Title
Assign to Toolbar
Specifies whether you can run the script from the toolbar of a managed
device.
Default: Disabled
Icon
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Category
The icon that you click to run the script from the toolbar of a managed
device.
Configuration
Data Export
Emergency
High Availability
Monitoring
Operations
Unassigned
Default: Unassigned
Upload From
Device Toolbar
The device type whose toolbar displays the icon to click to run the script
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Tooltip
The tooltip that displays when you hover over the icon in device toolbar.
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Description
Default: All
219
Click Templates (
2.
(Delete) button.
Click Templates (
2.
Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3.
Select the rows with the required templates (using standard Windows key combinations).
4.
Click the
5.
In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
6.
Click Save.
Click Templates (
2.
3.
Specify the target devices and script-specific values, and then click Submit.
220
Overview of Scheduling
You can schedule various operations for the APSolute Vision server and managed devices. Scheduled
operations are called tasks.
The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be
performed next. When you configure a task for multiple devices, the task runs on each device
sequentially. After the task completes on one device, it begins on the next. If the task fails to
complete on a device, the Scheduler will activate the task on the next listed device.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision
server or the managed device, take the time offset into consideration.
When you define a task, you can choose whether to enable or disable the task. All configured tasks
are stored in the APSolute Vision database.
You can define the following types of scheduled tasks:
Reboot a device
Update the Radware security signature file onto a DefensePro device from Radware.com or the
proxy server
Update the RSA security signature file onto a DefensePro device from Radware.com or the proxy
server
Update the APSolute Vision Attack Description file from Radware.com or the proxy server
Note: You can perform some of the operations manually, for example, from the APSolute Vision
Settings view System perspective, or from the Operations options
).
221
Note: For more information on filtering table rows, see Filtering Table Rows, page 67.
Parameter
Description
Task Type
Name
Description
Current Status
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task is saved in the database.
Whether the last task run was successful. When the task is disabled or
has not yet started, the status is Never Executed.
Values:
222
Failure
Never Executed
Success
Warning
The date and time of the last task run. When the task is disabled or has
not yet started, this field is empty.
Parameter
Description
The date and time of the next task run. When the task is disabled, this
field is empty.
Run
The frequency at which the task runs; for example, daily or weekly. The
schedule start date is displayed, if it has been defined.
Values:
Daily
Minutes
Once
Weekly
To edit an entry in the table, select the entry and click the
(Edit) button.
3. Configure task parameters, and click Submit. All task configurations include basic parameters
and scheduling parameters. Other parameters depend on the task type that you select.
Task Parameters
The following sections describe the parameters for Scheduler tasks:
223
The password of the radware user of the APSolute Vision server appliance
Attack data
Notes
For information on managing the backups using the CLI, see System Commands, page 452.
Restoring the configuration is performed using the CLI. For more information, see system
backup config restore, page 458.
APSolute Vision stores up to five configuration-backup iterations in the storage location. After
the fifth configuration-backup, APSolute Vision deletes the oldest one.
The storage location is, by default, a hard-coded location in the APSolute Vision server.
The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 156: APSolute Vision Configuration Backup: General Parameters
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Current Status
224
Parameter
Run
Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date5
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
225
Parameter
Description
Protocol
FTP
SCP
SFTP
SSH
Default: FTP
IP Address
Directory
User
The username.
Password
Confirm Password
Notes
For information on managing the backups using the CLI, see System Commands, page 452.
Restoring the data is performed using the CLI. For more information, see system backup config
restore, page 458.
APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage
location. After the third reporter-backup, the system deletes the oldest one.
The storage location is, by default, a hard-coded location in the APSolute Vision server.
The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 159: APSolute Vision Reporter Backup: General Parameters
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
226
Parameter
Run
Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date5
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
227
Parameter
Description
Protocol
FTP
SCP
SFTP
SSH
Default: FTP
IP Address
Directory
User
The username.
Password
Confirm Password
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
228
Parameter
Run
Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date5
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
Table 164: Update Security Signature Files: Target Device List Parameters
Parameter
Description
The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices whose Radware signature files this task updates.
229
Caution: In DefensePro 7.x versions, DefensePro 8.x versions, and DefensePro for Cisco Firepower
9300, this feature is non-operational.
Note: The frequency range for the Update RSA Security Signature task is 1060 minutes. The
default interval is 60 minutes.
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter
Description
Run
Minutes
Run Always
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
230
Table 167: Update RSA Security Signature Task: Target Device List Parameters
Parameter
Description
The Available list and the Selected list. The Available list displays the DefensePro devices with
Fraud Protection enabled. The Selected list displays the DefensePro devices whose RSA signature
files this task update.
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter
Description
Run
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
231
Table 169: Update Vision's Attack Description File: Schedule Parameters (cont.)
Parameter
Description
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
The date and time at which the task is activated.
Start Date
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision
server. You can change this parameter in the APSolute Vision Setup tab.
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
232
Parameter
Description
Run
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
The date and time at which the task is activated.
Start Date5
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
Parameter
Description
233
Parameter
Description
External Location
Protocol
Values:
FTP
SCP
SFTP
SSH
IP Address
Directory
User
The username.
Password
Confirm Password
Parameter
Description
The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices whose configurations this task backs up.
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
234
Parameter
Run
Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date5
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
Parameter
Description
The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices that this task reboots.
235
DefensePro setup and network configurationFor example, device time, physical ports,
and so on.
User-defined signatures.
Notes
The scope configured for an APSolute Vision user determines the DefensePro devices that the
DefensePro Configuration Templates task displays. (For more information, see Managing
APSolute Vision Users, page 69.)
You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.
You can import Network Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.
You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
APSolute Vision issues a success message if all the task actions are successful on all the selected
destination (target) DefensePro devices.
APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each actionthat is, whether the action succeeded or failed for each
selected, destination device.
If all the policies that are configured in a task are deleted from the source DefensePro devices,
APSolute Vision disables the task.
If a DefensePro device in the Target Device List is deleted from APSolute Vision, APSolute
Vision deletes the device from the Target Device List and continues running the task.
If all the DefensePro devices in the Target Device List are deleted from APSolute Vision,
APSolute Vision disables the task.
236
Parameter
Description
Name
Description
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter
Description
Run
OnceThe task runs one time only at the specified date and time.
Date2
Minutes3
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
237
Parameter
Description
The list of Available list and the Selected list. The Available list displays (per device) the
Network Protection policies in the devices that you have permission to view, and which support
exporting policies. The Selected list displays (per device) the Network Protection policies that the
task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the
(Filter) button. To clear the filter, and display all the rows, click Clear.
Note: If you select any Network Protection policy, you must select at least one of the Export
checkboxes (Configuration, BDoS Baseline, or DNS Baseline).
Configuration
DNS Baseline
BDoS Baseline
Parameter
Description
The list of Available list and the Selected list. The Available list displays (per device) the Server
Protection policies in the devices that you have permission to view, and which support exporting
policies. The Selected list displays (per device) the Server Protection policies that the task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the
(Filter) button. To clear the filter, and display all the rows, click Clear.
Note: If you select any Server Protection policy, you must select at least one of the Export
checkboxes (Configuration, or HTTP Baseline).
Configuration
HTTP Baseline
238
Parameter
Description
The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices to which the task deploys the selected policies.
Update Method
Values:
Default: Disabled
239
240
Note: APSolute Vision server alerts are added to the alert table, and added to the audit table and
forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on
the underlying operating system is down, alerts triggered by the operating system are sent to the
alert table only.
This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the
network. In APSolute Vision, you can also configure the managed devices to log all configuration
changes on the device.
The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts pane,
and can be displayed in the Alerts pane depending on the alerts filter configuration. APSolute Vision
allows read-only access to the Auditing log. You can extract the data and store it remotely, as you
require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the oldest
entries after the maximum number of entries is reached and also ages entries that are older than six
months.
The following information is logged to the audit log:
All user management events and user activitiesfor example, access attempts, successful
login, password change by user, password reset by admin, and so on.
Device configuration activities (if device auditing is enabled). The audit log records all
configuration changes applied to the managed devices.
241
Enable or disable configuration auditing for devices. For more information, see Enabling
Configuration Auditing for Managed Devices, page 242.
2.
Enable and configure syslog and e-mail settings for sending audit information from the Alerts
pane. For more information, see Configuring Settings for the Alerts Pane, page 95.
Note: To prevent overloading the managed device and prevent degraded performance, the feature
is disabled by default.
In the Configuration perspective, select Setup > Advanced Parameters > Configuration
Audit.
2.
Managing Alerts
The Alerts tab in the Alerts pane stores and displays alerts.
The alerts are based on events that are received from:
All alert information is stored in the APSolute Vision database in a table separate from the audit
information. Alert information can be sent to a central audit repository via syslog, and to a
configured recipient via e-mail.
242
SNMP Traps
The Alerts pane handles all traps generated by APSolute Vision and the managed devices, including:
Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.
Auditing Messages
APSolute Vision forwards all logged audit events from all APSolute Vision modules and managed
devices to the Alerts pane, including:
Action: <action>5 .
Action: <action>.
1 Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions,
Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM
243
Alert Information
All alert information is stored in the APSolute Vision database.
Double-click on a an alert in the Alerts tab to open the Alert Details dialog box, which displays all the
information with the expanded alert message.
The following table describes the fields of the APSolute Vision alerts.
Alert Information
Description
Displayed in
Alerts Pane?
Ack Acknowledged
Severity
The APSolute Vision severity of the event: Critical, Major, Yes, by default
Minor, Warning, Info. SNMP trap severities are mapped
as shown in SNMP Trap Severity Mapped to APSolute
Vision Severity, page 245 and APSolute Vision Alerts
Mapped to Syslog Severity, page 246.
Time
Yes, by default
The values differ according to the alert type, as follows: Yes, by default
Yes, by default
Message
Yes, by default
244
Alert Information
Description
Displayed in
Alerts Pane?
Module
Yes, by default
Values:
User Name
Yes, if
configured
Device Type
Yes, by default
Trap SID
Yes, if
configured
Port
The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered
the Alert key.
Trap Severity
Fatal
Critical
Error
Major
Minor
Warning
245
Table 184: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)
Trap Severity
Info
Information
Level in Syslog
1 - CRITICAL
3 - CRITICAL
2 - MAJOR
4 - ERROR
3 - MINOR
5 - WARNING
4 - WARNING
6 - NOTICE
5 - INFO
7 - INFORMATIONAL
Click the
(Maximize) button.
For more information about Alerts pane navigation features, see APSolute Vision Interface
Navigation, page 48.
The number of unacknowledged alerts for each severity are displayed in the bar above the table.
The information in the alert table is refreshed according to your configured preferences.
In the Alerts pane, you can:
Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require
user acknowledgment to indicate that they have been seen by the user. The alert remains in the
Alerts pane display.
Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering
Alerts, page 248.
Clear all the alerts in APSolute Vision database that match the current filter, whether or not the
alerts are visible in the Alerts pane.
246
Double-click the alert row that you want to view. The alert details are displayed in the Alert
Details dialog box.
For more information about the information displayed, see Alert Information, page 244.
To clear all the alerts in APSolute Vision database that match the current filter, whether
or not the alerts are visible in the Alerts pane
>
Click the
To acknowledge alerts
>
To acknowledge one or more alerts, select the alert row in the table, and click the
(Acknowledge Selected Alerts) button.
To unacknowledge alerts
>
Select the alert row(s) in the table and select click the
button.
>
To clear alerts, select the alert row(s) in the table and select the
button.
Notes
(Pause) button.
247
Click the
(Pause) button.
Click the
(Resume) button.
Note: Radware recommends pausing automatic refresh while you are analyzing alert information
to prevent alerts disappearing from the display.
Filtering Alerts
You can display a subset of the currently displayed alerts by filtering the alerts according to various
alert information criteria.
The criteria are organized according to categories, for example, alert severity, device module, and
so on. Criteria from the same category are combined with logical OR. Criteria from different
categories are combined with logical AND.
The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in
the last hour are displayed.
Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.
Note: Regardless of the filter defined, the configured number of most recent critical alerts are
always displayed at the top of the table on a colored background. This means that critical alerts that
match the filter criteria are displayed twice.
Click the
2.
Click the
3.
Set the filtering criteria and click Submit. The table is updated at the next automatic refresh.
4.
To restore the default filtering criteria, click Restore Defaults, then click Submit.
For more information about the filtering criteria, see Alert Information, page 244.
Parameter
Description
Select Devices
248
Parameter
Description
Raised Time
Alerts raised within the defined time period are displayed. For
example, if you define 1 hour, alerts raised in the last hour are
displayed. After the defined time, alerts are cleared from the display
(not from the Alerts database).
Values: 1 minute24 hours
Default: 1 hour
Severity
Module
Device Type
Acknowledgment
Client preferencesDefine how many critical alerts to display and how often the client polls
the server for alert information. For more information, see Configuring Settings for the Alerts
Pane, page 95.
Server preferencesDefine how the APSolute Vision server handles alerts. You can enable
and configure reporting and logging events from the Alerts pane to a syslog server. You can
configure sending alert information via e-mail to a defined recipient. For more information, see
Configuring Settings for the Alerts Pane, page 95.
249
250
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
This chapter contains the following main topics:
CPU utilization
System usage
License capacity
The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA,
vADC, or ADC-VX).
The dashboard opens in a new browser tab. Each click on the Dashboard opens a new browser
tab, which does not affect the display of any other opened browser tabs.
To change the display in the frame from a chart/graph to a table and from a table to a chart/
graph, click the icon in the upper right of any frame.
251
To change the sorting from ascending to descending and descending to ascending, click in a
table heading.
To pause or resume the display, click the icon in the upper right of any frame. When you pause
the display, the timestamp is displayed. The timestamp is according to the timezone of the
client.
To pause or resume the display of all the displays in the current dashboard, click the Pause
button or Resume button the top of the dashboard.
In a some charts, hovering over a point opens a box with details of the specific point.
Component
Description
CPU Utilization
The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
252
Table 187: System View Dashboard for Alteon Standalone and VA (cont.)
Component
Description
A table with the sensor number and the temperature status (for
example: Normal).
The table view for temperature displays a table with the following
columns:
Sensor ID.
The table view for fans displays a table with the following columns:
System Usage
The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:
253
Table 187: System View Dashboard for Alteon Standalone and VA (cont.)
Component
Description
License Capacity
SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
Component
Description
CPU Utilization
The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
System Usage
The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:
254
Component
Description
License Capacity
SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
Table 189: System View Dashboard for Dashboard for Alteon ADC-VX
Component
Description
CPU Utilization
The chart view displays a line graph showing the MP CPU utilization
(%) on the platform over time. The X-axis displays the time
(hh:mm:ss). The Y-axis displays the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform.
255
Table 189: System View Dashboard for Dashboard for Alteon ADC-VX (cont.)
Component
Description
The table view for temperature displays a table with the following
columns:
Sensor ID.
The table view for fans displays a table with the following columns:
System Usage
256
Component
Description
vADC Summary and Selection This frame contains two sections: vADC Utilization Summary and
vADC Selection.
There is no table view for this frame.
vADC Utilization Summary shows a status indicator (High, Medium,
Low) for SP CPU Utilization and Throughput Utilization.
Use the vADC Selection table to select the vADC to monitor in the
dashboard (up to five). The table contains the following columns:
ID, Name, and CU (which displays the number of allocated CUs).
CPU Utilization
The chart view displays two bar graphs for each selected vADC.
One bar shows the current MP CPU utilization (%). One bar shows
the current SP CPU utilization (%). The Y-axis displays the
utilization percentage. If more than one vADC is operating at the
same utilization, only the top line is displayed.
The table view displays a table with the following columns:
MP utilization (%).
SP CPU (%).
Throughput (%).
SSL (%).
257
Table 191: Application Delivery View Dashboard for Alteon Standalone and vADC
Component
Virtual Service Selection
Description
The table view displays a table with the following columns:
The chart view displays the following for each entry selected in the
Virtual Service Selection frame:
Throughput (Mbps)
Concurrent Connections
Virtual Server
Port
Throughput (Mbps)
Concurrent Connections
Note: You must globally enable virtual service statistics reporting to display information in the
Application Delivery View.
Select Configuration > Application Delivery > Virtual Services > Settings.
2.
3.
In the Statistics Measuring Period field, type a value in seconds in the range 13600.
4.
5.
Click Submit.
258
AppShape++ scripts
Content rules
Server groups
Real servers
Note: For information on the statuses, see Status Criteria, page 261 below.
In the Configuration perspective or Monitoring perspective, select Overview > Service Status
View.
The Service Status View comprises two frames: Status Summary and Detailed Status.
The Status Summary shows a summary of the following:
Virtual servicesThe total number of virtual services configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, and Admin Down).
Server groupsThe total number of server groups configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and
Mixed). Mixed indicates that the group is associated with multiple virtual services, and the
statuses are not the same.
Real serversThe total number of real servers configured on the platform and a pie chart
that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed).
Mixed indicates that the real server is associated with multiple server groups, and the
statuses are not the same.
Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status
frame.
The Detailed Status frame comprises:
Detailed Status treeA tree with all the virtual services on the devices
Detailed Status filterA filter with which you can filter the services
By default, all the parent nodes in the treethe Virtual Service nodesare collapsed.
Each Virtual Service node is in the following format:
259
< Action> is either the specified Action when the Application is HTTP or HTTPS (Group,
Redirect, or Discard) or Group for all other Application values.
Example
Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group
Expanding a Virtual Service node displays the following:
AppShape++ Script(s) Associated The Service Status View displays this node only if the
Content Rules This node is displayed only if the virtual service is configured with one or
Group ID: <ID> The ID of the server group, and includes the following node(s) sorted
alphanumerically, each in the following format:
<Real server ID>: <IP address>
Note: Backup real servers and backup groups appear in the tree only when they are active.
Parameter
Description
Status
Values:
Admin DownShow only the specified object types with the Down status.
WarningShow only the specified object types with the Warning status.
Down + WarningShow the specified object types with the Down status and
the Warning status.
Default: All
Note: For more status information, see Status Criteria, page 261.
260
Table 192: System View Dashboard for Alteon Standalone and VA (cont.)
Parameter
Description
Type
Values:
Virtual ServiceShow only the virtual services that match the other criteria.
Server GroupShow only the server groups that match the other criteria.
Real ServerShow only the real servers that match the other criteria.
Content RuleShow only the content rules that match the other criteria.
Default: All
Free Text
You can filter for a group by entering the suffix of its ID.
Status Criteria
The following table describes the criteria for the statuses of virtual servers. One of the criteria is the
service-action status. You can specify Action for an HTTP or HTTPS serviceGroup, Redirect or
Discard. For non-HTTP/S services, the action is always (implicitly) Group. When the Action is Group,
the service-action status is the Group status. When the Action is Redirect or Discard, the serviceaction status is always Up. For more information, see Configuring a Virtual Service for a Virtual
Server, page 237.
Status
Description
Admin Down
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Admin Down state)
OR
The Enable Virtual Server checkbox is cleared.
Down
(The service-action status is in the Down state AND the Content Rules status is in
the Down state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Down state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Admin Down state).
261
Status
Description
Up
(The service-action status is in the Up state AND the Content Rules status is in the
Up state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Up state)
OR
(The service-action status is in the Up state AND the Content Rules status is in the
Admin Down state).
Warning
The following table describes the criteria for the statuses of Content Rules. Only HTTP and HTTPS
applications support content-based rules. The Service Status View determines the value by taking
into account all the content-based rules in the virtual service.
Status
Description
Admin Down
The Enable Content Based Rule checkbox is cleared for all the contentbased rules.
Down
All the all the content-based rules are in the Down state
OR
Some of the all the content-based rules are in the Down state while the rest
are in the Admin Down state.
The Service Status View always considers a content-based rule with no
associated Content Class to be in the Down state.
Up
Warning
262
Real-Server
Group Status
Real Server Is in
Up State
Real Server is in
Admin Down State
Up
Warning
Down
Admin Down
263
264
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:
Parameter
Description
Switch Name
System Time
System Date
Last Apply
Last Save
Last Boot
Switch Uptime
Parameter
Description
Software Features
Parameter
Description
MAC Address
Serial Number
265
Parameter
Description
Mainboard Hardware No
Temperature Sensors
Hard Disk
Total RAM
Power Supply
Fan Status
SSL Chip
(Alteon VX only.)
TypeFor example:
HSM State
Current throughput
Max throughput
CPU Utilization
To monitor CPU utilization
>
266
Parameter
Description
Last 4 Seconds
The CPU utilization of the admin context in the last four seconds.
Last 64 Seconds
CPU Utilization
This group box is displayed only in vADC mode and standalone mode.
Last Second
Last 4 Seconds
Last 64 Seconds
Memory
This group box is displayed only in standalone mode and ADC-VX mode and standalone mode.
Free
Total
Parameter
Description
CPU Utilization
SP Number
Last Second
Last 4 Seconds
The CPU utilization of the switch processor in the last four seconds.
Last 64 Seconds
Total Memory
Current Memory
Hi water mark
Allowed Max
267
Monitoring Capacity
This feature is available only in Alteon standalone, VA, and ADC-VX.
Monitoring capacity comprises the following:
Table 201: System Capacity Parameters in Alteon Standalone, VA, and vADC
Parameter
Description
RAM (GB)
Parameter
vADCs
Capacity Units
268
Description
Comprises the following two values:
Parameter
Description
FDB
VLANs
ARP Entries
IP Interfaces
IP Routes
VRRP Routers
269
Parameter
FDB
ARP Entries
IP Interfaces
IP Routes
VRRP Routers
Description
Comprises the following two values:
Parameter
VLANs
Description
Comprises the following two values:
270
In the Monitoring perspective, select System > Capacity > Application Delivery.
Parameter
Real Servers
Server Groups
Virtual Servers
Description
Comprises the following two values:
Virtual Services
Real Services
Filters
Keys
271
Parameter
Description
Server Certificates
Maintenance
Use the Maintenance tab to manage technical support data, packet capture, and trace logging of
application services.
Note: All passwords in the technical support data files are encrypted.
2.
In the Technical Support Data tab, configure the parameters, and do one the following:
Parameter
Description
Passphrase
Confirm Passphrase
Packet Capture
The Alteon VA translates the VMware MAC address assigned to virtual servers and interfaces to its
own, internal MAC address for internal processing. It switches the Alteon VA MAC address back to
the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the
internal Radware Alteon VA MAC address is shown in some of the tables and dumps displayed on the
console.
272
Parameter
Description
Packet Count
Packet Length
Port Range
The packet snap length, that is, the length of packets to capture, in bytes.
Range: 0-9100
The port range.
The valid range depends on the Alteon platform:
VA:1-2
5412:1-16
4416:1-16
4408:1-8
5208:1-10
5224:1-26
5224XL:1-26
5412XL:1-16
4416XL:1-16
4408XL:1-8
5208XL:1-10
6420:1-24
VLAN
273
Parameter
Description
The packet capture filter string field is used to set the capture filter
parameters. It accepts the same filter criteria (syntax) as the tcpdump
format.
The following parameters can be set with an and or an or operator
between them, or using parentheses:
dst host <host>Filters the output on the specified destination host IP.
2.
In the Application Services Trace Log tab, configure the parameters, and do one the following:
3.
4.
5.
Parameter
Description
AppShape++
Caching
Compression
Content Class
274
Parameter
Description
HTTP
HTTP Modification
Default: Disabled
Default: Disabled
SSL
TCP
FastView Logs
This procedure describes how access the FastView log files.
SMF Hub
Configuration Manager
Compiler
View the FastView logs for SMF Hub, Config Manager, and the Compiler. Each button launches a new
pane for you to see the details in the log.
Parameter
Description
FastView
FastView SMF
275
276
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:
Parameter
Description
Port ID
Status
Operational Status
Octets
In
Out
Unicast Packets
In
Out
Broadcast Packets
In
Out
Multicast Packets
In
277
Parameter
Description
Out
Discards
In
Out
Errors
In
Out
2.
3.
Click Enable.
2.
3.
Click Disable.
2.
3.
Monitoring Layer 2
This feature is available only in version 30.0 and later.
Monitoring Layer 2 comprises the following topics:
Monitoring FDB
This feature is available only in Alteon standalone, VA, and vADC.
The forwarding database (FDB) contains information that maps the media access control (MAC)
address of each known Alteon to the port where the Alteon address was learned. The FDB also
shows which other ports have seen frames destined for a particular MAC address.
278
Note: The master forwarding database supports up to 16K MAC address entries on the MP per
Alteon. Each SP supports up to 8K entries.
Parameter
Description
MAC Address
VLAN
The VLAN.
Values: 14090
Port
Trunk
State
References SPs
Values:
The SP number.
Values: 14
Learned Port
279
Monitoring STG
This feature is available only in Alteon standalone and VA.
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.
Parameter
Description
Statistic
Description
Port
Status
TCN
RSTP/MST
BPDUs Transmitted
Configuration
TCN
RSTP/MST
Monitoring Layer 3
This feature is available only in Alteon standalone, VA, and vADC.
Monitoring Layer 3 comprises the following topics:
Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 285
280
Monitoring Gateways
This feature is available only in version 30.0 and later.
To monitor gateways
>
Parameter
Description
Status
Gateway ID
IP Address
VLAN
Monitoring Routes
This feature is available only in version 30.0 and later.
To monitor routes
>
Parameter
Description
Entry
Destination
Mask
Gateway
Type
281
Parameter
Tag
Description
The tag that indicates the origin of the route.
Values:
BGPThe address was learned via the Border Gateway Protocol (BGP)
Metric
The metric for RIP tagged routes, specifying the number of hops to the
destination (1 through 15 hops, or 16 for infinite hops).
Interface
The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is
shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.
Parameter
Description
Entry
Destination
VLAN
Next Hop
Protocol
ARP, page 283Displaying ARP monitoring parameters and clearing the ARP cache
282
ARP
This procedure describes how to display the ARP monitoring parameters.
In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
Parameter
Description
IP Address
Flags
clear
MAC Address
VLAN
Port
Referenced SPs
Neighbor Cache
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link layer addresses and
reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor.
Neighbor Cache entries are added in the following situations:
A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
283
In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
Parameter
Description
IP6 Address
MAC Address
VLAN
Port
State
Type
INCPMIncomplete. The link-layer address of the neighbor has not yet been
determined.
Parameter
Description
In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
2.
3.
284
In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
Parameter
Description
Status
Router ID
VR ID
IP Address
Interface
Priority
285
Parameter
Description
Ownership
In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
2.
Monitoring Interfaces
This feature is available only in version 30.0 and later.
To monitor interfaces
>
Parameter
Description
State
Interface ID
IP Address
Mask
The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields
displays 0.0.0.0.
Prefix
The prefix of the interface if the interface is IPv6. If the interface is IPv4, the
fields displays 0.
VLAN
Monitoring High Availability for Alteon Version 30.2 and Later, page 289
286
Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.
For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do
the following:
When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.
Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
In the Monitoring perspective, select Network > Layer 3 > High Availability.
Parameter
Description
Status
HA Group ID
In the Monitoring perspective, select Network > Layer 3 > High Availability
Parameter
Description
Peer Switch ID
Last Sync
287
In the Monitoring perspective, select Network > Layer 3 > High Availability.
Parameter
Description
Status
Router ID
VR ID
IP Address
Interface
Priority
288
Parameter
Ownership
Description
The owner of the VRRP IP address.
Values:
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.
Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.
When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.
Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
289
Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
In the Monitoring perspective, select Network > High Availability > Sync Status.
Parameter
Description
Status
HA Group ID
In the Monitoring perspective, select Network > High Availability > Sync Status.
Parameter
Description
Peer Switch ID
Last Sync
290
In the Monitoring perspective, select Network > High Availability > Sync Status.
Parameter
Description
Status
Router ID
VR ID
IP Address
Interface
Priority
Ownership
291
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.
2.
Click Backup.
2.
3.
Click Backup.
292
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
This section contains the following main topics:
Counters required for Layer 4 and Layer 7 operations (such as current real server sessions)
2.
293
In Alteon version 30.1 and later, you can clear all SLB statistics.
Note: Changing the operational status of a real server is typically performed for maintenance
purposes. If you execute a change to the operational status of a real server, the change takes effect
without an Apply or Save command. When the Alteon resets, the real server reverts to its
configuration status (that is, enabled or disabled).
In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.
2.
In the table, select the rows of the real server whose operational statue you want to change.
3.
From the Real Server Operations drop-down list, select the required option, and then click
Execute.
Default: Disable.
Parameter
Description
Disable
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fastages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
and Fastage
1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Fastages existing sessions.
4. Disables the real server when there are no connections including
the persistent data for the real server.
Enable
294
Note: Users with CoS type User can see the statistics and status of all real servers, but they
can only perform operations on the real servers that are assigned to them.
2. To view the monitoring information for one specific real server, click the
button.
Parameter
Description
Status
Server State
The run-time state of the real server (which is, the result of the realserver health check).
Values: Disabled, Failed, Running
Operational Status
Real Server ID
Description
IP Address
MAC Address
Parameter
Description
Current Sessions
Total Sessions
Highest Sessions
Parameter
Description
Total Bytes
Parameter
Description
Server Failures
The number of times the real server has failed since the last reboot.
295
Parameter
Description
(These parameters are displayed only when monitoring a specific real server.)
Last Failure
Up Time
Down Time
In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
Parameter
Description
Server Group ID
Description
SLB Metric
Health Check
Current Sessions
Total Sessions
The total number of sessions that the real server has handled.
Highest Sessions
The highest number of sessions that the real server has handled.
Total Octets
The total number of octets that the real server has handled.
296
(Edit) button.
3. From the Real Server per Group Operation drop-down list, select Enable.
4. Click Execute.
(Edit) button.
3. From the Real Server per Group Operation drop-down list, select Disable.
4. Click Execute.
Parameter
Description
Server State
The run-time state of the real server in the group. For example, if the
health check passed, the Status is Enable.
Values: Enable, Disable
Operational Status
Real Server ID
IP Address
Description
Current (Sessions)
Total (Sessions)
The total number of sessions that the real server has handled.
Highest (Sessions)
The highest number of sessions that the real server has handled.
Bytes
The total number of bytes that the real server has handled.
297
In the Monitoring perspective, select Application Delivery > Virtual Services > Virtual
Servers.
Parameter
Description
Status
Virtual Server ID
Name
Current Sessions
Total Sessions
Highest Sessions
Total Octets
Table 238: Virtual Services Monitoring: General Parameters (Alteon Version 30.1 and Later)
Parameter
Description
Virtual Server ID
The ID of the virtual server associated with the selected virtual service.
Service Port
Action
Group ID
Table 239: Virtual Services Monitoring: Traffic Parameters (Alteon Version 30.1 and Later)
Parameter
Description
Real ID
Current Sessions
Total Sessions
Highest Sessions
The time since the device was last reset and traffic statistics were
cleared.
298
Table 240: Virtual Services Monitoring: HTTP Parameters (Alteon Version 30.2 and Later)
Parameter
Description
HTTP 2.0
HTTP 1.1
HTTP 1.0
HTTP/2 Connection
Statistics
Client Streams
PUSH Streams
HTTP/2 Header
Compression Statistics
Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics
The time since the device was last reset and traffic statistics were
cleared.
299
Table 241: Virtual Services Monitoring: Caching and Compression Parameters (Alteon Version
30.2 and Later)
Parameter
Description
Cache Hits
Cache Requests
Peak New Cached Objects Number of peak new cached objects per second.
Compression Statistics
Compression-specific statistics:
Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics
The time since the device was last reset and traffic statistics were
cleared.
Table 242: Virtual Services Monitoring: FastView Parameters (Alteon Version 30.2 and Later)
Parameter
Description
Transactions
HTML Pages
Optimized Pages
Tokens Rewritten
Compiled Pages
Number of bytes saved with image reduction for current traffic, and for
traffic since the last clear of statistics.
Percentage of bytes saved with image reduction for current traffic, and
for traffic since the last clear of statistics.
Number of responses with expiry modified for current traffic, and for
traffic since the last clear of statistics.
Percentage of responses with expiry modified for current traffic, and for
traffic since the last clear of statistics.
Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics
300
The time since the device was last reset and traffic statistics were
cleared.
Parameter
Description
Virtual Server ID
Service ID
Content Rule ID
Action
Current Sessions
Total Sessions
Highest Sessions
Total Octets
Note: You can also access this information directly from the Content Rule pane or the FastView
Web Application pane.
2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server
pane.
3. Select the FastView tab on the View Virtual Service pane.
4. View the information available for each virtual service:
Parameter
Description
Transactions
The counter of HTTP GET requests served by FastView for this virtual
service within the measured period.
HTML Pages
The number of HTML pages served by FastView. Some of them may not be
optimized, for example if they are excluded in the configuration.
Optimized Pages
Tokens Rewritten
Compiled Pages
301
Parameter
Description
Responses with Expiry Displays the number of responses that have a modified expiry.
Modified
% Responses with
Expiry Modified
Statistics Measuring
Period
Time since last device Displays the time in seconds since the platform was last reset or the
reset / clear statistics statistics were cleared.
To monitor APM
>
In the Monitoring perspective, select Application Delivery > Virtual Services > APM.
Parameter
Description
Virtual Server ID
Service
2.
3.
Statistic
Description
Script ID
Event
302
Statistic
Description
Activation
The number of times that the AppShape++ script or script event was
activated.
Failures
The number of times that the AppShape++ script failed, and the failure
distribution between the script events (how many of the failures occurred
during treatment of each event).
Aborts
The number of times that the AppShape++ script was aborted, and the abort
distribution between the script events (how many of the aborts occurred
during treatment of each event).
HTTP Services
This feature is available only in Alteon standalone, VA, and vADC.
HTTP services include:
303
Parameter
Description
HTTP 2.0
HTTP 1.1
HTTP 1.0
Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics
The time since the device was last reset and traffic statistics were
cleared.
In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2.
3.
Parameter
Description
Virtual Server
Service Port
Object URL
304
To flush selected learned FastView Web applications, filter the FastView Web Applications
table by Web Application ID or State, select the required entries, and then click the
button.
In Alteon version 30.2 and later, this option is no longer available. To flush all the learned
FastView Web applications, click the
button.
Optimization Status
Workload Monitor
Resource Library
Instruction List
Note: The FastView Web Applications tab stays active once you launch it. If you want to view
diagnostics for another Web application, you can navigate from the FastView Web Applications
tab or close the tab and reopen from the HTTP page, with another Web application selected.
Resource Library
The Resource Library tab displays a list of all modified resources for a Web application.
By selecting any resource on the list, you can find out more details about it, including its treated
name, if it is in a preload list, and so on.
305
ID
Name
Size
Note: It can be very difficult to find individual treated resources using the Resource Library, as the
list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware
recommends using the ?printcompileinfo parameter, which specifically displays information
about treated resources for a specific page.
Instruction Lists
Each time a page is optimized for a client browser, it is called an instruction. Instructions are a
representation of a treated HTML document and the manner in which it is rewritten to call treated
resources. It does not represent the treated resources themselves, except when those resources
have been inlined into the page as part of a treatment.
This section includes the following topics:
Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2.
Select the Web application for which you want the instruction list.
3.
Select Diagnostics.
4.
The instruction list contains a list of all the compiled pages for the Web Application, including which
page URL it is for, which Client Group it is part of, and if it is a landing page. Each of these individual
values create a unique page instruction.
Filters
Use the following procedure to filter the instruction set.
Select the filter options: URL contents, client groups, landing page, rows per page.
2.
Instruction Details
You can drill down into each instruction to get more details about it.
306
Note: The treatment information here does not necessarily align with the actual FastView for
Alteon NG treatments. These are representative of the processes that are applied to a page
when they undergo acceleration treatment.
Dashboard Tab
The Dashboard tab includes details on:
Refresh the results with the Refresh icon in the top right corner of the Dashboard tab.
Optimization Status
The Optimization Status displays the following information:
Optimization by Instruction
This displays the various instructions that are being treated by FastView. An instruction is a unique
view of a Web page (based on Web browser client and page compile type). For example, /
home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single
instruction.
Each instruction can be in one of the following states:
First CompileThe instruction has been served as treated, but FastView has only viewed the
page once. FastView still needs to process the page to learn how to provide instructions.
LearningThe instruction is being served as treated, but FastView is still learning how to treat
the instruction. The next time FastView serves the page, it may be treated differently depending
on how the next few unique browsers request the instruction. This continues until the Compiled
threshold (number of same unique views) occurs.
CompiledThe instruction has been requested enough times (defined by unique page views
that are the same) to consider the page as Compiled. FastView does not continue to process
the page until it goes through a touch-up or recompile.
307
TouchupThe percentage of instructions that are in the Touchup state. This indicates that the
instruction will still be served, but FastView will examine the next request to the instruction to
ensure that everything is still valid.
The graph indicates, by percentage, where the instructions are located in the system. For detailed
information on a specific instruction, see Instruction Lists, page 306.
Optimization by Page View
This displays the status of unique views rather than instruction states. It contains the following:
LearningThe viewed page displayed to the client as accelerated, but FastView is still learning
the best way to treat the page.
The Optimization by Page View is a cumulative view of each unique request to a page. The following
workflow illustrates how values display in this section:
1.
Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.
2.
Person B and Person C now browse to the same page. Each of these users add to the Learning
state. This results in 33% Unaccelerated and 66% Learning.
3.
Person D now browses to the same page. The page has a compile threshold set to three unique
views which has been reached by Persons A, B and C. Because of this, the request is set to the
Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25%
Accelerated.
Settings
This section displays the current FastView settings. These values are generally not configurable:
Touch-Up IntervalThe number of minutes that FastView waits per compiled instruction
before it re-examines it for the next request. This value is the starting value for the Touch-Up
Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up
interval takes. The default Touch-Up Interval is five minutes.
Recompile IntervalThe number of minutes that FastView waits per compiled instruction
before it discards the instruction and performs full recompile. The default recompile time is 1440
minutes or one day.
The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize
changing data on your Web server after the initial instruction compilation has occurred.
Workload Monitor
The Workload Monitor displays the amount of processing FastView is currently performing.
The Peak, Current, Average, and Total values for the following rates are displayed with the following
values:
Request RateThe number of unique pages requested through FastView. This provides a
Pages Per Second (PPS) view of your traffic.
Parse RateThe amount of information that FastView has looked at for potential replacement
in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and
displayed in tokens per second/minute (tkps/tkpm).
308
Rewrite RateThe amount of information that FastView actually acts upon when replacing
data in Web content that is served. This is also displayed in number of tokens per second/minute
(tkps/tkpm).
Parameter
Description
Parameter
Description
Status
Filter ID
Name
Action
Source IP
Source Port
309
Parameter
Description
Destination IP
Destination Port
Firings
Monitoring LinkProof
Monitoring LinkProof services comprises:
In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.
2.
Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.
3.
4.
If you want to clear all WAN link data, click Clear All.
button to view the WAN Link measurements for the selected WAN
Parameter
Description
Status
(Per WAN Link ID)
ID
(Per WAN Link ID)
IP Address
310
Parameter
Description
Concurrent Connections
3. If you want to clear all WAN Link Group data, click Clear All.
Parameter
Description
Download
Upload
Total
The total (download and upload) bandwidth of the WAN link group.
Concurrent Connections
Monitoring Proximity
This feature is available only in Alteon version 30.1 and later.
To monitor proximity
1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.
2. Select a row and click the
button to view the proximity measurements for the selected WAN
link (see Proximity Parameters, page 311).
3. If you want to clear all proximity data, click Clear Proximity Table.
Parameter
Description
Subnet
The network subnet for which proximity data is available. For each
subnet, proximity data is available for up to three (the best three) WAN
Links.
311
Parameter
Description
The time, in seconds, required for the round trip to the specified subnet
via this WAN link.
Hops
The number of hops to the specified subnet via this WAN link.
312
The time, in minutes, after which the entry is cleared. Once the entry is
cleared, if new requests arrive for this subnet, proximity is checked
and a new entry is created.
Notes
For information on monitoring Alteon device performance using the Device Performance Monitor,
see Using the Device Performance Monitor, page 315.
For more information on this feature, see the Alteon Application Switch Operating System
Application Guide.
To monitor vADCs
>
Parameter
Description
Status
vADC ID
Boot Action
vADC Name
Capacity Units
SP Utilization
The SP utilization.
vMP Utilization
Throughput Utilization
Up Time
To reboot a vADC
1.
2.
Select the row with the relevant vADC and click Reset vADC.
313
314
Viewing Dashboards for Single Standalone and vADC Devices, page 335
Viewing Dashboards for Multiple Standalone and vADC Devices, page 340
DPM Overview
DPM requires a valid license installed on the associated APSolute Vision server.
When DPM is enabled in an Alteon or LinkProof NG device (see Configuring Device Performance
Monitoring, page 61), the device sends its performance data to APSolute Vision. APSolute Vision
processes the data and can display the information in the Device Performance Monitoring Web
interface.
The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with
historical data.
Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that
sends data to DPM.
Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.
The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list
of supported browsers.
The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC
scope.
Users with the following roles can launch the DPM Web interface:
ADC Administrator
ADC Operator
Administrator
Device Administrator
Device Configurator
Device Operator
Device Viewer
315
Notes
For requirements, limitations, and information on configuring DPM parameters in the Alteon or
LinkProof NG device, see Configuring Device Performance Monitoring, page 61.
For information on roles, see Role-Based Access Control (RBAC), page 70.
One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk
space in the course of a year.
For information on managing the DPM database and DPM technical-support files, see APSolute
Vision CLI Commands, page 441.
icon.
316
317
Sampling Period
Time
Number of Samples
15 seconds
15 minutes
60
2 minute
1 hour
30
15 minutes
24 hours
96
1 hour
72 hours
72
1 day
3 months
93
1 week
1 year
52
Viewing Reports
The tab that you select in the Devices pane (Organization or Physical) determines which reports you
can view in the Report tab of the content area. You specify the Report Category and Report Type and
configure a filter. Some Report Types are available for more than one Report Category. A Report
Category with the same name displays the same report. For more information on the reports, see
Supported Report Categories, page 320.
To view a report
1.
2.
In the Report tab, from the Report Category drop-down list, select the category, and then,
from the Report Type drop-down list, select the required type. The category determines the
available report types.
3.
Configure the filter or filters. The set of filters that you can configure depends on the selected
Report Category.
4.
318
Filter Time PeriodIncludes last hour, day, week, month, year, and Custom, with start date/
time and end date/time.
Filter ScopeIn the filter, you can select the object on which to perform the report,
depending on the report type.
Group ByIn the filter configuration, you can specify to display the data per selected object
or grouped by ADC.
).
Exporting Reports
You can export a report in any of the following formats:
HTML
Excel
Text
RTF
XML
PostScript
To export a report
1. In the content area, click the Export button (
2. Do the following:
From the Export File Format drop-down list, select the required format.
Select the checkboxes next to the name or each report component to include in the report.
If you require, in the File Name text box, modify the file name.
319
ADC/vADC Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category ADC/vADC:
Table 260 - Total Network Statistics per Port Report, page 324
The ADC names in the reports correspond to the selected objects in the Devices pane.
Component Description
Maximum SP CPU
Utilization Peak Usage
graph
Columns:
ADC Name
320
Component Description
MP Memory Utilization
graph
MP Memory Utilization
Peak Usage graph
Maximum SP Memory
Utilization graph
Maximum SP Memory
Utilization Peak Usage
graph
Columns:
ADC Name
321
Component Description
Columns:
ADC Name
Columns:
ADC Name
322
Component Description
Hard Disk Utilization Peak Displays the peak utilization (%) in the
Usage graph
selected time period. DPM calculates the
values based on the installed/allocated hard
disk on the ADC/vADC.
PIP Allocation graph
PIP Allocation Peak Usage Displays the peak utilization (%) in the
graph
selected time period. DPM calculates the
values based on the maximum PIP addresses
available on the ADC/vADC.
ADC System Resources
Utilization table
Columns:
ADC Name
Session (%)
323
Component Description
Lists the ports of the selected ADCs.
Select one or more rows to filter the results.
Click
the filter.
Total Dropped RX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped received packets per port.
Total Dropped TX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped transmitted packets per
port.
Total Error RX per Port
(Packets) graph
Columns:
ADC Name
Port
RX (Packets)
TX (Packets)
Dropped RX (Packets)
Dropped TX (Packets)
Error RX (Packets)
Error TX (Packets)
Bandwidth (Mbit)
324
Component Description
Packets per Second graph Displays, per ADC/vADC, the packets-persecond rate, for traffic entering and exiting all
ADC/vADC data ports, according to time.
Caution: For this version of APSolute
Vision, the values include traffic that enters
and exits the data ports, so therefore may
seem to be double the traffic.
Throughput graph
Packets/second
Connections/second
Throughput (Mbps)
Columns:
ADC Name
Application Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category Application:
Table 262 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 326
Table 263 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 327
325
Table 264 - Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC, page 328
Table 265 - Total Usage of Resources per Network Class per Application Report for LinkProof NG,
Alteon Standalone, VA, or vADC, page 328
Table 262: Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Component
Component Description
Columns:
ADC Name
Columns:
App Name
ADC Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM
326
Table 263: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Component Description
Click
(erase) in the list title bar
to clear the filter.
Network Performance of
Application per Real Server
table
ADC Name
APP Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM
327
Table 264: Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC
Component
Component Description
Columns:
Application
Network Class
Bandwidth (Mbits)
Table 265: Total Usage of Resources per Network Class per Application Report for LinkProof
NG, Alteon Standalone, VA, or vADC
Component
Component Description
Network Class
Application
Bandwidth (Mbits)
328
Table 266 - Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 329
Table 267 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 330
Table 268 - Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 331
Table 266: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Component Description
Lists the real servers.
Select one or more rows to filter
the results.
Click
(erase) in the list title bar
to clear the filter.
Displays the connections per
second per real server according to
time.
Displays the packets per second per
real server according to time.
Throughput graph
Columns:
ADC Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10
PM)
329
Table 267: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Component
Component Description
ADC Name
APP Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10
PM)
330
Table 268: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Component Description
Lists the real servers.
Select one or more rows to filter
the results.
Click
(erase) in the list title
bar to clear the filter.
Displays the total connections per
real server.
Displays the total bandwidth, in
Mbits, per real server.
Columns:
ADC Name
Real Identifier
Real Name
Connections
Bandwidth (Mbit)
Port Reports
The following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC
with Report Category Port:
Table 269 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 332
Table 270 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 333
331
Table 269: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC
Component Description
Lists the ports of the selected ADCs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the total received packets per
port.
Columns:
ADC Name
Port
RX (Packets)
TX (Packets)
Dropped RX (Packets)
Dropped TX (Packets)
Error RX (Packets)
Error TX (Packets)
Bandwidth (Mbit)
332
Table 270: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC
Component Description
Lists the ports of the selected ADCs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the rates, in Mbps, of received
traffic per port according to time.
Port
RX (bps)
TX (bps)
Packets/second
Throughput (Mbps)
VX Reports
The following tables describe the DPM Report for Alteon VX with Report Category VX:
Table 271 - CPU Utilization per vADC Report for Alteon VX, page 334
Table 272 - Throughput Limit Utilization per vADC Report for Alteon VX, page 335
333
Component Description
Lists the vADCs of the selected VXs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the CPU utilization (%) per vADC
vMP according to time.
Columns:
vADC Name
334
Table 272: Throughput Limit Utilization per vADC Report for Alteon VX
Component Description
Lists the vADCs of the selected VXs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the vADC throughput-limit
utilization (%) according to time. DPM
measures the vADC throughput of the
traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.
Columns:
vADC
Dashboard Components for Single Standalone and vADC Devices, page 336
335
2.
3.
In the content area (on the right, by default), select the Dashboard tab.
Use the buttons, which are described in the following table, to manage the dashboard display.
Button
Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the currently displayed dashboard tab.
336
Table 274: Dashboard Components for Single Standalone and vADC Devices
Dashboard
Component
Description
System
(This graph is displayed Note: Each fan icon is displayed with its
only for physical
corresponding ID number. The fan ID numbers might
devices.)
not be sequential.
Capacity Utilization
graph
Network
Bars:
Temperature chart
Throughput graph
Throughput Usage
graph
Bars:
Columns:
337
Table 274: Dashboard Components for Single Standalone and vADC Devices (cont.)
Dashboard
Component
Description
Application
To display the
Application
dashboard,
select a single
device in the
Organization
tab and up to
10 services
from the Filter
table.
Click
Selected Virtual
Services Status pie
chart
Virtual Service
Throughput graph
Virtual Service
The Virtual Service connections, in CPS.
Connections per Second
graph
2.
3.
In the content area (on the right, by default), select the VX Dashboard tab.
Use the buttons, which are described in the following table, to manage the dashboard display.
338
Button
Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the VX Dashboard tab.
Component
Description
Temperature chart
Low
Medium
High
Low
Medium
High
339
Component
Description
vADC Identifier
The maximum vSP or vMP CPU utilization (%) per vADC, polled
every two minutes. If more than one vADC is operating at the
same utilization, only the top line is displayed.
Displaying the Multi-Device Dashboard and Managing the Display, page 340
2.
3.
In the content area (on the right, by default), select the Multi-Dashboard tab.
Use the buttons, which are described in the following table, to manage the dashboard display.
Button
Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the Multi-Device Dashboard tab.
340
Component
Description
Throughput Utilization
Distribution pie chart
Max. Temperature Distribution The proportion and number of devices per maximum-temperature
pie chart
level.
Values: Low, Medium, High, NA (vADC)
Monitoring Parameters per
Device
Columns:
341
342
Monitoring and Controlling DefensePro Device Ports and Trunks, page 344
Parameter
Description
Hardware Platform
Uptime
(This parameter is
exposed only in 7.x
versions and 6.x
versions 6.12 and
later.)
343
Parameter
Description
When RSA is enabled, this parameter can display the timestamp of the
last update of RSA signatures, received from Radware.com and
downloaded to the DefensePro device.
Values:
Parameter
Description
Software Version
APSolute OS Version
Build
Version Status
FinalReleased version
Parameter
Description
Hardware Version
(This parameter is
exposed only in 6.x and
7.x versions.)
RAM Size
Flash Size
344
Parameter
Description
Port Name
Port Family
Port Speed
MAC Address
Admin Status
Operational Status
The value of System Up time at the time the interface entered its
current operational state. If the current state was entered prior to the
last re-initialization of the local network management subsystem,
then this value is zero (0).
Parameter
Description
Incoming Bytes
The number of packets delivered by this sub-layer to a higher sublayer, which were not addressed to a multicast or broadcast address
at this sub-layer.
Incoming Non-Unicast
Packets
The number of packets delivered by this sub-layer to a higher sublayer, which were addressed to a multicast or broadcast address at
this sub-layer.
345
Parameter
Description
Incoming Discards
Incoming Errors
Outgoing Bytes
Outgoing Non-Unicast
Packets
Outgoing Discards
Outgoing Errors
Note: When you issue the Switch Over command on the cluster node, the active device switches
over. To switch modes, select the cluster node, and then select Switch Over.)
To view the parameters related to the high availability of a selected DefensePro device
>
346
Parameter
Description
Device Role
Values:
Device State
Cluster State
Values:
Values:
Values:
Hold onThe device is waiting for information from the other member
of the high-availability cluster.
347
In the Monitoring perspective, select Operational Status > Resource Utilization > CPU
Utilization.
Table 286: CPU Utilization: General Parameters in 8.x Versions and DefensePro for Cisco
Firepower 9300
Parameter
Description
Resource Utilization
Parameter
Description
Note: DefensePro 7.x versions running on the x420 platform contains internal logic of two
DefensePro software instancesusing the DoS Mitigation Engine (DME) and physical ports as
shared resources. For more information, see the DefensePro User Guide.
Resource Utilization Instance 0
RS Resource Utilization
Instance 0
RS Resource Utilization
Instance 1
RE Resource Utilization
Instance 0
RE Resource Utilization
Instance 1
348
Parameter
Description
Last 60 sec. Average Utilization The average utilization of instance-0 resources in the last 60
Instance 0
seconds.
Last 60 sec. Average Utilization The average utilization of instance-1 resources in the last 60
Instance 1
seconds.
Parameter
Description
Instance
Accelerator Type
CPU ID
Forwarding Task
Other Tasks
Idle Task
Parameter
Description
Resource Utilization
RS Resource Utilization
RE Resource Utilization
Parameter
Description
Accelerator Type
CPU ID
The CPU number for the accelerator. OnDemand Switch 2 and OnDemand
Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has three CPU
cores.
Forwarding Task
349
Parameter
Description
Other Tasks
The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task
Table 291: CPU Utilization: Engine Utilization Parameters in 8.x Versions and DefensePro for
Cisco Firepower 9300
Parameter
Description
Engine ID
Forwarding Task
Other Tasks
The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task
In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
Parameter
Description
Table Size
Table Utilization
Aging Time
Parameter
Description
Table Size
Table Utilization
Aging Time
350
Parameter
Description
Table Size
Table Utilization
Aging Time
Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table
action can take up to 10 seconds.
Note: If the device is not equipped with the DME, 0 (zero) values are displayed.
In the Monitoring perspective, select Operational Status > Resource Utilization > Policies.
Parameter
Description
If any of the values in this tab is close to the maximum, the resources for the device are
exhausted.
Total Policies
351
Parameter
Description
HW Entries Utilization
Sub-Policies Utilization
Source-IP-address range
Destination-IP-address range
VLAN-tag range
Table 296: DME-Utilization Monitoring Policies Table Parameters for DefensePro 6.x and 7.x
Versions
Parameter
Description
Policy Name
Direction
Inbound
Outbound
HW Entries
Sub-Policies
In the Monitoring perspective, select Operational Status > Resource Utilization > Syslog
Monitor.
Parameter
Description
Syslog Server
Status
Messages in Backlog
352
Note: For more information on SGTs in DefensePro, see Configuring SGT Classes, page 25.
To monitor SGTs
>
Parameter
Description
Name
Value
353
354
Parameter
Description
355
Parameter
Description
In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Second). The Policy Statistics (Last Second) table is displayed.
2.
To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.
Parameter
Description
Policy Name
Matched Packets
Matched Bandwidth
Sent Bandwidth
The number of new TCP sessions the device detected in the last
second.
The number of new UDP sessions the device detected in the last
second.
Queued Bandwidth
356
Parameter
Description
Inbound Packets
Outbound Packets
Parameter
Description
Policy Name
Matched Packets
Matched Bandwidth
Sent Bandwidth
357
Parameter
Description
The number of new TCP sessions the device detected in the last
specified period.
The number of new UDP sessions the device detected in the last
specified period.
Queued Bandwidth
Inbound Packets
Outbound Packets
Parameter
Description
Number of IP Packets
Received
358
Parameter
Description
Number of Discarded IP
Packets
Number of Transmitted
Packets (Inc. Discards)
Number of Discarded Packets The number of output IP datagrams for which no problem was
on TX
encountered to prevent their transmission to their destination, but
which were discarded, for example, the lack of buffer space.
This counter includes any datagrams counted in the Number of IP
Packets Forwarded if those packets meet this (discretionary) discard
criterion.
Parameter
Description
Number of IP Packets
Forwarded
The number of input datagrams for which this entity was not their
final IP destination, as a result of which an attempt was made to
find a route to forward them to that final destination. In entities that
do not act as IP Gateways, this counter includes only those packets
which were Source - Routed via this entity, and the Source - Route
option processing was successful.
Number of IP Packets
Discarded Due to Unknown
Protocol
Number of IP Packets
Discarded Due to No Route
Number of IP Fragments
Received
Number of IP Fragments
Successfully Reassembled
Number of IP Fragments
Failed Reassembly
Number of IP Datagrams
Successfully Reassembled
The number of IP datagrams that have been successfully reassembled at this entity.
359
Parameter
Description
Number of IP Datagrams
Discarded Due to
Fragmentation Failure
Number of IP Datagrams
Fragments Generated
360
You can monitor and manage DefensePro diagnostics using in APSolute Vision only in DefensePro 6.x
versions 6.12 and later, and 7.x versions.
Note: In DefensePro 6.x versions earlier than 6.12, you can monitor and manage DefensePro
diagnostics using DefensePro CLI or WBM.
Notes
To see the actual timestamp of the packets in the files that the diagnostic packet-capture tool
produces, in the packet analyzer (for example, Wireshark), you may need to modify the format
of the time display. The timestamp in the packets in the files that the diagnostic packet-capture
tool produces is always UTC.
The diagnostic packet-capture tool cannot capture packets that pass through the device as the
result of Traffic Exclusion. Traffic Exclusion is when DefensePro passes through all traffic that
matches no network policy configured on the device.
In DefensePro version 6.x platforms, the diagnostic packet-capture tool truncates packets longer
than 1619 bytes (regardless of the configuration for jumbo frames).
In DefensePro version 7.x platforms, the diagnostic packet-capture tool does not handle jumbo
frames. DefensePro version 7.x platforms either pass through jumbo-frame traffic or drop
jumbo-frame traffic.
361
2.
3.
(Add) button.
Parameter
Description
Name
Index
The number of the policy in the order in which the diagnostic packetcapture tool classifies (that is, captures) the packets.
Default: 1
Description
The VLAN Tag group whose packets the policy classifies (that is,
captures).
Destination Input
Destination
Source Input
Source
362
Parameter
Description
Service Type
The service type whose packets the policy classifies (that is, captures).
Values:
None
Basic Filter
AND Group
OR Group
Default: None
Service
The service whose packets the policy classifies (that is, captures).
The Physical Port class whose outbound packets the policy classifies
(that is, captures).
You cannot set the this parameter when the Trace-Log Status
parameter is enabled in the DefensePro CLI or Web Based Management,
The Physical Port class whose inbound packets the policy classifies (that
is, captures).
The destination MAC group whose packets the policy classifies (that is,
captures).
The source MAC group whose packets the policy classifies (that is,
captures).
Maximal Number of
Packets
The maximal number of packets the policy captures. Once the policy
captures the specified number of packets, it stops capturing traffic. In
some cases, the policy captures fewer packets than the configured
value. This happens when the device is configured to drop packets.
Trace-Log Status
Capture Status
363
2.
3.
364
Notes
The filtered Session table is not automatically refreshed periodically. The information is loaded
when you select to display the Session Table pane and when you manually refresh the display.
DefensePro issues alerts for high utilization alerts of the Session table. DefensePro sends alerts
to APSolute Vision when table utilization reaches 90% and 100%.
In the Monitoring perspective, select Networking > Session Table > Session Table.
Parameter
Description
Source IP
Destination IP
Source L4 Port
365
Parameter
Description
Destination L4 Port
Protocol
Physical Interface
The physical port on the device at which the request arrives from the
client.
Lifetime (Sec.)
The time, in seconds, following the arrival of the last packet, that the
entry remains in the table before it is deleted.
Aging Type
In the Monitoring perspective, select Networking > Session Table > Session Table Filters.
2.
3.
366
(Add) button.
Parameter
Description
Filter Name
Physical Interface
The physical port on the device at which the request arrives from the
client.
Default: Any
Source IP Address
Source IP Mask
The source IP address used to define the subnet that you want to
present in the Session Table.
Select IPv4 or IPv6, and then, enter the mask.
Destination IP Address
Destination IP Mask
The destination IP address used to define the subnet that you want to
present in the Session Table.
Select IPv4 or IPv6, and then, enter the mask.
Source L4 Port
Destination L4 Port
Note: The Routing table is not automatically refreshed periodically. The information is loaded when
you select to display the Routing Table pane, and when you manually refresh the display.
Parameter
Description
Destination Network
Netmask
Next Hop
The IP address of the next hop toward the Destination subnet. (The next
hop always resides on the subnet local to the device.)
367
Parameter
Description
Via Interface
Type
Metric
Note: The ARP table is not automatically refreshed periodically. The information is loaded when you
select to display the ARP Table pane, and when you manually refresh the display.
Parameter
Heading
Port
IP Address
MAC Address
Type
368
(Add) button.
Parameter
Description
MPLS RD
Type
Upper Tag
The upper tag for the link on which the device is installed.
Lower Tag
The lower tag for the link on which the device is installed.
369
Parameter
Description
Source IP
Destination IP
The IP address to which traffic was suspended (0.0.0.0 means traffic to all
destinations was suspended).
Destination Port
The application port to which traffic was suspended (0 means all ports).
Protocol
Module
Classification Type
Values:
Policy / Server Name The name of the policy that suspended the traffic.
Expiration Type
Expiration Time
The number of seconds until the entry is removed from the Suspend table.
Notes
For more information on the Device Operation Mode, see Configuring the Device Operation Mode
for DefensePro, page 153).
For more information on the tunnels in the context the IP Device Operation Mode, see
Configuring Tunnel Interfaces, page 42.
Parameter
Description
Tunnel IP Address
370
Parameter
Description
Note: The routing tables managed by a Border Gateway Protocol (BGP) implementation are
adjusted continually to reflect changes in the network, such as links breaking and being restored, or
routers going down and coming back up. In the network as a whole, these changes happen almost
continuously, but for any particular router or link, changes should be relatively infrequent.
Parameter
Description
Peer IP Address
Admin Status
Connection State
Remote AS
Peer Identifier
The IP address that identifies the remote peer for the current BGP
connection.
371
Parameter
Description
Local Address
In Updates
Out Updates
In Total Messages
Last Error
The last error code and subcode seen by the peer on the
connection. If no error has occurred, the value for this field is zero
(0). Otherwise, the first byte of this two-byte OCTET STRING
contains the error code, and the second byte contains the subcode.
How long, in seconds, the peer has been in the established state, or
how long since the peer was last in the established state. It is set to
zero when a new peer is configured or the router is booted.
The total number of times the BGP FSM transitioned into the
established state.
Hold Time
The time, in seconds, the Hold Timer established with the peer. The
value of this object is calculated by the BGP speaker by using the
smaller of the value by the specified Hold Time and the Hold Time
received in the OPEN message. The value zero (0) indicates that the
Hold Timer has not been established with the peer, or, the specified
Hold Time is zero (0).
The interval, in seconds, for the keepalive timer established with the
peer. The value of this object is calculated by the BGP speaker. The
value zero (0) indicates that the keepalive timer has not been
established with the peer, or, the specified Keep-Alive Time is zero
(0).
The elapsed time, in seconds, since the last BGP UPDATE message
was received from the peer.
372
Note: In DefenseFlow version 2.01, the order of the Operation and System tabs are switched.
Operation
The Operation pane lets you manage protected objects and manually activate them using the
Protected Objects pane, including:
Pending Actions
This feature is only available starting with version 2.02.
The Pending Actions pane lets you manage pending actions to be performed for protected objects in
User Confirmation mode.
Parameter
Description
PO Name
Detected IP
Address
Attack ID
373
Parameter
Pending Action
Description
The pending action waiting for confirmation.
Values:
Configured
Action
Start An attack was detected for the protected object. The user can confirm
activation of the configured actions.
EndThe attack was terminated. The user can confirm deactivation of the
active actions.
2.
3.
To confirm start of a pending action, click Confirm Start. The action parameters display and
can be modified:
(Edit) button.
To
4.
To ignore a pending action and remove it from the pending actions table, click Ignore.
Click Submit.
Mitigation Devices
This feature is only available starting with version 2.02.
The Mitigation Devices pane lets you monitor the status of mitigation devices.
374
Parameter
Description
Name
Operational
Status
CPU Utilization
BW Utilization
(Gbps)
Policies
Utilization
Update Time
Protected Objects
The Protected Objects pane lets you monitor protected objects and manually activate them.
Parameter
Description
Name
Action Status
ActiveThe configured actions are active. This means that the action
specified for the protected object is now enabled. The action can be enabled
automatically or manually.
Mitigation
The list of mitigation devices that are currently performing mitigation for the
Device/
protected object.
Mitigation Group
(This parameter
is only available
in version 2.01)
375
Parameter
Description
Action Mode
Pending Action
The pending action waiting for confirmation for a protected object that is in User
Confirmation mode.
Values:
Activate An attack was detected for the protected object. The user can
confirm activation of the configured actions.
Configured
Action
Protected
Destination
(This parameter
is only available
starting with
version 2.02)
2.
3.
(Edit) button.
To activate that configured action on a protected object (Manual mode), click Activate.
Performing this action on a protected object that is not in Manual mode changes the
protected objects configuration to Manual.
Starting with version 2.02, configure the activation parameters:
376
To de-activate a protected object (in version 2.01, for a protected object that is in Manual
mode), click Deactivate.
In version 2.01, performing this action on a protected object that is not in Manual mode
changes the protected objects configuration to Manual.
In version 2.02, delete all the entries that should be deactivated from the list of activated
destinations.
In version 2.01, to confirm the pending action for a protected object in User Confirmation
mode that has a Pending Action, click Confirm.
In version 2.02, to cancel all active protections and move the protected object to Manual
mode in one operation, click Cancel all protection and move to manual protection.
4. In version 2.01, a confirmation message displays; click Yes to perform the action. In version
2.02, click Submit.
Ongoing Protections
This feature is only available starting with version 2.02.
The Ongoing Protections pane lets you monitor the status of currently active protections.
Parameter
Description
Name
Origin
IP Address
Attack ID
Start Time
Configured
Action
Strategy
Mitigation
The list of mitigation devices that are currently performing mitigation for this
Device/
protection.
Mitigation Group
Diversion Group The diversion network elements for the protection.
(Edit) button.
BGP
This feature is only available starting with version 2.02.
377
Peers
The Peers pane lets you monitor the status of BGP peers.
Parameter
Description
Peer Name
IP Address
Peering State
Last
Connectivity
Time
ID
Local AS
Peer AS
Number of withdrawals.
Announcements
The Announcements pane lets you monitor the status of currently active BGP announcements.
Parameter
Description
Peer Name
Peer IP
Protected Object The name of the protected object for which that the announcement was sent.
Network
Next Hop
Type
Community
378
Parameter
Description
Status
Time
System
The System pane lets you view system information and utilization statistics, including:
General Information
The General Information pane lets you view DefenseFlow general system information.
Parameter
Description
Uptime
Time since the last reboot of the system in the format hh:mm:ss (hours: minutes,
seconds).
Software
Version
Build
System Utilization
The System Utilization pane lets you view the current DefenseFlow utilization statistics and set alert
levels.
Parameter
Description
CPU Utilization
Alert Level
Memory
Utilization
Free
Total
Alert Level
379
380
AppWall standalone
DefensePro
Using Real-Time Security Monitoring with DefensePro and DefenseFlow, page 381
Using Real-Time Security Monitoring with AppWall and Alteon, page 427
Notes
Use APSolute Vision Reporter (AVR) to view and analyze historical security information. For
information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes. For information about APSolute Vision Reporter and how to use
it, see its online help and the APSolute Vision Reporter User Guide.
The contents of the Security Monitoring perspective are customized per the specific monitored
device. The reporting information for DefensePro and DefenseFlow mitigation devices is different
from the reporting information for AppWall and Alteon devices.
When selecting multiple devices, the Security Monitoring perspective display reports that are
relevant across devices, with the same reporting information. When selecting multiple devices
including DefensePro and other device types (AppWall or Alteon), the Security Monitoring
perspective shows reports only for the DefensePro devices.
Using the Dashboard Views for Real-Time Security Monitoring, page 382
381
Notes
Your user permissions (your RBAC user definition) determine the DefensePro devices and
policies, or DefenseFlow protected objects, that the Security Monitoring perspective displays to
you. You can view and monitor only the attacks blocked by the DefensePro devices and policies,
or DefenseFlow mitigation devices and protected objects, that are available to you.
APSolute Vision also manages and issues alerts for new security attacks.
DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic
levels.
When calculating the real-time network traffic and statistical parameters, DefensePro or
DefenseFlow version 2.01 do not include traffic that exceeded the throughput license.
Risk Levels
The following table describes the risk levels that DefensePro supports to classify security events.
Note: For some protections, the user can specify the risk level for an event. For these protections,
the descriptions in the following table are recommendations, and specifying the risk level is the
users responsibility.
Risk Level
Description
Info
Low
The risk does not pose a threat to normal service operation, but may be part of
a preliminary action for malicious behavior.
Medium
The risk may pose a threat to normal service operation, but is not likely to cause
complete service outage, remote code execution, or unauthorized access.
High
The risk is very likely to pose a threat to normal service availability, and may
cause complete service outage, remote code execution, or unauthorized access.
Use a Dashboard View in the Security Monitoring perspective to analyze activity and security events
in the network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a site, or all devices in the network.
The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of
the system.
382
Current Attacks Tablewhich is a table display (see Figure 45 - Current Attacks Table
DefensePro, page 386).
Ongoing Attacks Monitorwhich includes a graphical, chart display (see Figure 47 - Ongoing
Attacks Monitor, page 392).
The Scope and other display parameters that you configure apply to the Current Attacks Table and
to the Ongoing Attacks Monitor. For more information, see Configuring the Display Parameters of a
Dashboard View, page 383.
When you double-click an attack in the Current Attacks Table or Ongoing Attacks Monitor, APSolute
Vision displays the details in an Attack Details tab. There, you can display the Sampled Data dialog
box for the all attack types that support sampled data.
By default, the display of the Dashboard View refreshes every 15 seconds. Administrators can
configure the refresh rate (APSolute Vision Settings view System perspective, General Settings >
Monitoring > Polling Interval for Reports).
Parameter
Description
Scope
383
Parameter
Description
Display Last
How long the dashboard displays attacks after the attack terminates.
That is, the dashboard displays all attacks that are currently ongoing or
that terminated within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
2 Hours
6 Hours
12 Hours
24 Hours
Default: 10 Minutes
Top Attacks to Display
(This parameter is
available only in the
Ongoing Attacks
Monitor.)
Values: 150
Sort By
Values:
(This parameter is
available only in the
Ongoing Attacks
Monitor.)
Default: 20
To control the scope of the information that the Dashboard View displays for DefensePro
1.
Click
. Two tables open. One table has the Device Name and Port columns, and the
other table has the Device Name and Policy columns.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300 does not support
limiting the physical ports for the Scope.
384
To limit the physical ports or Network Protection policies that the dashboard displays, select
the corresponding checkboxes.
To display the information for all the currently relevant physical ports or Network Protection
policies, click in the top-left table cell, and then, select Select All.
To display all the information in the database, even information that is not associated with a
specific port or specific Network Protection policy, click in the top-left table cell, and then,
select Select None.
To control the scope of the information that the Dashboard View displays for
DefenseFlow
1. Click
. Three tables open. One table has the Protected Object, one table has the Device
Name and Port columns, and the third table has the Device Name and Policy columns.
2. To toggle the sort order of the information in any of the columns, hover over the column heading
until you see an arrow, and then, click the arrow.
Filter the rowsYou can filter table rows according to values in the table columns. For more
information on filtering table rows, see Filtering Table Rows, page 67.
Sort the rowsYou can change the row order from ascending to descending or vice versa. To
do this, hover the mouse over the column to display the arrow and change the order.
View additional information for a specific attackTo do this, select the relevant row, and
click
(View Attack Details). For more information, see Attack Details, page 392
(Go to Policy).
385
386
Function buttons:
View Attack Details
Go to Policy
Export Table to CSV
Pause
Arrow for
sorting
ascending or
descending.
Function buttons:
View Attack Details
Go to Policy
Export Table to CSV
Pause
Arrow for
sorting
ascending or
descending.
Parameter
Description
Source Type
(This parameter is
available only in
DefenseFlow.)
Values:
Start Time
DPDefensePro
DFDefenseFlow
387
Parameter
Attack Category
Description
The threat type to which this attack belongs.
Values:
Status
Risk
StartedAn attack containing more than one security event has been
detected. (Some attacks contain multiple security events, such as DoS,
Scans, and so on.)
The predefined attack severity level (see Risk Levels, page 382).
Values:
Attack Name
388
High
Medium
Low
Info
Parameter
Description
Source Address
The source IP address of the attack. If there are multiple IP sources for an
attack, this field displays Multiple. The multiple IP addresses are displayed
in the Attack Details window. Multiple may also refer to cases when
DefensePro or DefenseFlow cannot report a specific value.
The Search string can be any legal IPv4 or IPv6 address, and can include a
wildcard (*).
Destination Address
The destination IP address of the attack. If there are multiple IP sources for
an attack, this field displays Multiple. The multiple IP addresses are
displayed in the Attack Details window. Multiple may also refer to cases
when DefensePro or DefenseFlow cannot report a specific value.
Policy
In DefenseFlow, the name of the configured Security Policy that was set to
mitigate this attack. The default policy name is the name of the protected
object. Policies in DefenseFlow cannot be edited.
Radware ID
Direction
389
Parameter
Description
Action Type
The reported action against the attack. The actions are specified in the
protection profile, which may or may not be available or relevant for your
system.
(This parameter is
available only in
DefensePro.)
Values:
Proxy
The number of identified attack packets from the beginning of the attack.
Volume
For most protections, this value is the volume of the attack, in kilobits, from
when the attack started.
In DefensePro, for SYN protection (SYN cookies), this value is the number of
SYN packets dropped, multiplied by 60 bytes (the SYN packet size).
Device IP
(This parameter is
available only in
DefensePro.)
Protected Object
(This parameter is
available only in
DefenseFlow.)
390
Parameter
Description
Application Protocol
TCP
UDP
ICMP
IP
MPLS RD
The VLAN tag value or Context Group in the policy that handled the attack.
The value N/A or 0 (zero) in this field indicates that the VLAN tag or Context
Group is not available.
Note: The VLAN tag or Context Group identifies similar information in this
field. DefensePro 6.x and 7.x versions support VLAN tags. DefensePro 8.x
versions and DefensePro for Cisco Firepower 9300 support Context
Groups.
Source Port1
Destination Port
The Layer 4 destination port of the attack. If there are multiple destination
L4 ports, this field displays Multiple. In cases when DefensePro cannot
report a specific value, the field displays 0 (zero).
Physical Port
The port on the device to which the attack packets arrived. In cases when
DefensePro cannot report a specific value, the field displays 0 (zero).
Source MSISDN
Destination MSISDN
391
Attack Details
An Attack Details tab is displayed when you double-click an attack in a Security Monitoring
Dashboard View.
APSolute Vision displays attack details for the following attacks:
392
Each Attack Details tab includes two or more sub-tabs, which provide details on the attack. All
Attack Details tabs include the sub-tabs Attack Characteristics and the Attack Description. The
Attack Characteristics tab displays information that is also available in the hidden columns of the
Current Attacks Table. The Attack Description tab displays the information from the Attack
Descriptions file. An attack description is displayed only if the Attacks Description file has been
uploaded on the APSolute Vision server.
Notes
In addition to viewing the details of the attack, in each Attack Details tab, you can do the following:
Export the information in the in the Attack Details tab to a CSV fileTo do this, click
(CSV). Then, you can view the file or specify the location and file name.
Export the information in the in the Attack Details tab to a CAP fileTo do this, click
(Export Attack Capture Files), and enter a file name in the file selection dialog box.
(Go to Policy).
Notes
Up to 255 bytes of packet information is saved in the CAP file. That is, DefensePro exports
full packets but APSolute Vision trims them to 255 bytes.
The file is available only as long as it is displayed in the Current Attacks table.
The file is created only if packet reporting is enabled in the protection configuration for the
profile that was violated.
DefensePro exports only the last packet in a sequence that matches the filter. Furthermore,
if traffic matches a signature that consists of more than one packet, the reported packet will
not include the whole expression in the filter.
Parameter
Description
Protocol
Physical Port1
Packet Count
393
Parameter
Description
VLAN
MPLS RD
Device IP
1 This parameter is not resolved, and the value Multiple is always displayed.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Anti-Scanning Details
Table 327: Anti-Scanning Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
Parameter
Description
Action
Action Reason
Blocking Duration
Number of Probes
The number of scan events from the time the attack started.
Parameter
Description
DST IP
DST L4 Port
394
Parameter
Description
TCP Flag
Parameter
Description
The footprint blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Protocol
Physical Port1
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
1 This parameter is not resolved, and the value Multiple is always displayed.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
395
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values displayed
depend on the current stage of the attack. If a field is part of the dynamic signature (that is, a
specific value or values appear in all the attack traffic), the field displays the relevant value or
values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
support Context Groups.
MPLS RD
Device IP
TTL
L4 Checksum
IP ID Number
Fragmentation Offset
Fragmentation Flag
The fragmentation flag that the attack uses or used. 0 indicates that
fragmentation is allowed. 1 indicates that fragmentation is not allowed.
Flow Label
(IPv6 only) The flow label that the attack uses or used.
ToS
Packet Size
Destination IP
Source Ports
Destination Ports
DNS ID
DNS Query
396
Parameter
Description
{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/
NormalPPS)}
Values:
State
Parameter
Description
The footprint blocking rule generated by the Behavioral DoS Protection, which provides the
narrowest effective blocking rule against the flood attack.
Parameter
Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the
protocols: TCP (includes all flags), UDP, or ICMP.
Parameter
Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which the
attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line
represents the normal adapted traffic baseline.
397
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values
displayed depend on the current stage of the attack. If a field is part of the dynamic signature
(that is, a specific value or values appear in all the attack traffic), the field displays the relevant
value or values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
support Context Groups.
MPLS RD
Device IP
TTL
L4 Checksum
IP ID Number
Packet Size
Destination IP
Destination Ports
DNS ID
DNS Query
398
Parameter
Description
State
Mitigation Action
Signature Challenge
Collective Challenge
Parameter
Description
The footprint blocking rule that the Behavioral DoS Protection generated. The footprint blocking
rule provides the narrowest effective blocking rule against the flood attack.
Parameter
Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the DNS
query types: A, MX, PTR, AAAA, Text, SOA, NAPTR, SRV, Other.
Parameter
Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which
the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue
line represents the normal adapted traffic baseline.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Protocol
Physical Port
Packet Count
399
Parameter
Description
VLAN / Context
The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
support Context Groups.
MPLS RD
Device IP
Parameter
Description
Action
Attacker IP
Protected Host
Protected Port
Attack Duration
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values
displayed depend on the current stage of the attack. If a field is part of the dynamic signature
(that is, a specific value or values appear in all the attack traffic), the field displays the relevant
value or values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
400
Parameter
Protection State
Description
The state of the protection process.
Values:
Mitigation Flow
Action
Challenge Method
Suspicious Sources
Challenged Sources
Blocked Sources
401
Parameter
Description
Source IP address
Request URI
The HTTP request URIs that took part in the HTTP flood attack and
were mitigated.
Bypassed / Blocked
Parameter
Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines.
Table columns:
Outbound Kbps
Parameter
Description
The graph displays the HTTP request URI size distribution. The y-axis shows the number of HTTP
requests per second that refers to GET and POST request methods, and the x-axis shows the
Request URI size in bytes. The blue line represents the normal expected HTTP request rates and the
orange line represents the real-time rate values identified when the attack was triggered.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
402
Parameter
Description
Protocol
Physical Port1
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
1 This parameter is not resolved, and the value Multiple is always displayed.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Protocol
Physical Port1
Packet Count
VLAN / Context
The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions and DefensePro
for Cisco Firepower 9300 support Context Groups.
MPLS RD
Device IP
Attack Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
1 This parameter is not resolved, and the value Multiple is always displayed.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
403
Parameter
Description
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
Parameter
Description
Blocking Duration
Number of Probes
The number of scan events from the time the attack started.
Parameter
Description
Requests Details
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
404
Parameter
Description
Protocol
Physical Port1
Packet Count
VLAN
MPLS RD
Device IP
1 This parameter is not resolved, and the value Multiple is always displayed.
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter
Description
Protocol
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions and DefensePro for
Cisco Firepower 9300 support Context Groups.
MPLS RD
Parameter
Description
Attack Threshold
405
Parameter
Description
Attack Volume
Attack Duration
TCP Challenge
HTTP Challenge
The HTTP Authentication Method that identified the attack: 302Redirect or JavaScript.
Table 367: SYN Flood Attack Details: Authentication Lists Utilization Parameters
Parameter
Description
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Note: APSolute Vision stores sampled attack data, which includes the source and destination
addresses of the sampled packets. This information reflects a sampling of the attack packets; it does
not reflect the full attack data. For example, it is possible that the source IP addresses of the
sampled data do not include all of the source addresses of the attack.
Note: This feature is not supported on OnDemand Switch 2 S2 (DefensePro 1016 IPS & Behavioral
Protection - DME).
The table in the Sampled Data tab comprises the following columns:
Time
Source Address
Source L4 Port
Destination Address
Destination L4 Port
406
Protocol
VLAN / Context
MPLS RD
Physical Port
Select Current Attacks Table, and then, double-click the relevant row.
4. Click the
You can export some rows of the table in the Sampled Data dialog box to a CSV file.
Select Current Attacks Table, and then, double-click the relevant row.
4. Click the
5. Select the row with which you want the data rows in the file to start.
6. Click the
(CSV) button.
407
Notes
In DefensePro 6.x versions, the traffic is calculated according to the selected port pairs.
In DefensePro 7.x versions 7.40 and later, when a DefensePro device is configured in the
Transparent Device Operation Mode, the traffic is calculated according to the selected port pairs.
When a DefensePro device is configured in the IP Device Operation Mode, the traffic is calculated
according to the selected ports. When you are viewing multiple DefensePro devices in the
Security Monitoring perspective, the table displays both port pairs and single ports as
appropriate.
You can also view graphs of connection rates and concurrent connections based on data from the
Session Table.
By default, all traffic is presented in these graphs and tables. In each graph, you can filter the
display by protocol or traffic direction, but not for concurrent connections.
The Connection Statistics are displayed only when the device is operating in Full Layer 4 Session
Table Lookup mode.
You can monitor the following traffic information in the Traffic Monitoring tab:
Statistics GraphDisplays information for the selected port pairs in DefensePro, and protected
object in DefenseFlow, as a graph. The graph contains information for a selected protocol or the
total for all protocols over a period of time.
There is a curve on the graph for each the following:
Outbound IP traffic
To hide or show a curve for a particular traffic type, click the corresponding colored square in the
legend.
408
Caution: When the value of the Scope parameter is Devices/Policies (see Table 369 - Traffic
Utilization Report: Display Parameters for Graph and Table, page 410), during the Update
Policies process, the Statistics Graph momentarily displays Traffic Utilization as 0 (zero).
Last Sample StatisticsDisplays the last reading for each protocol and provides totals for all
protocols, for a single device. (This information is only available when viewing a single device.)
To view or save a CSV file, click
(CSV).
Tip: To get the current traffic rate in packets or bytes per second (calculated as the average rate in
15 seconds), you can use the following CLI command on the DefensePro device:
409
Table 369: Traffic Utilization Report: Display Parameters for Graph and Table
Parameter
Description
Scope
Using DefensePro, the Scope table displays the physical ports or the Network
Protection policies that the Traffic Utilization Report displays. However, the
Scope for DefensePro platforms without the DME can be only according to
physical ports, not Network Protection policies. By default, the Scope is Any
Port or Any Policydepending on the specified value in the Scope dropdown list. That is, by default, the Traffic Utilization Report displays all the
information.
Using DefenseFlow, the Scope table displays the Protected Objects or the
Security policies that the Traffic Utilization Report displays. By default, the
Scope is Any Protected Object.
To control the scope of the information that the Traffic Utilization Report
shows for DefensePro, see the procedure To control the scope of the
information that the Traffic Utilization Report shows for DefensePro,
page 411.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
do not support limiting the physical ports for the Scope.
Display Last
How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Scope
410
To control the scope of the information that the Traffic Utilization Report shows for
DefensePro
1. Click
. A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columnsaccording to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300 do not support
limiting the physical ports for the Scope.
2. Do one of the following:
To limit the physical ports or Network Protection policies that the Traffic Utilization Report
displays, select the corresponding checkboxes.
To display the information for all the currently relevant physical ports or Network Protection
policies, click in the top-left table cell, and then, select Select All.
To display all the information in the database, even information that is not associated with a
specific port or specific Network Protection policy, click in the top-left table cell, and then,
select Select None.
Table 370: Traffic Utilization Report: Filter Parameters for the Traffic Statistics Graph
Parameter
Description
Direction
OtherShow the statistics of the traffic that is not TCP, UDP, ICMP,
IGMP, or SCTP.
411
Parameter
Description
Protocol
Current Attacks
Authentication Table Utilization % The percentage of the Authentication Table that is full.
Challenges Rate
Parameter
Description
Protocol
TCP
UDP
ICMP
IGMP
SCTP
OtherThe statistics of the traffic that is not TCP, UDP, ICMP, IGMP, or
SCTP.
Inbound
The amount of inbound traffic for the protocol identified in the row.
Outbound
The amount of outbound traffic for the protocol identified in the row.
(This parameter is
available only in
DefensePro.)
Discarded Inbound
The amount of discarded inbound traffic for the protocol identified in the row.
Discarded Outbound
The amount of discarded outbound traffic for the protocol identified in the
row.
(This parameter is
available only in
DefensePro.)
Clean
The amount of clean traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Dropped
The amount of traffic dropped traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
412
Table 372: Traffic Utilization Report: Last Sample Statistics Parameters (cont.)
Parameter
Description
Diverted
The amount of traffic diverted traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Discard %
The percentage of discarded traffic for the protocol identified in the row.
Excluded Inbound
The amount of excluded inbound traffic for the protocol identified in the row.
Excluded Outbound
The amount of excluded outbound traffic for the protocol identified in the
row.
(This parameter is
available only in
DefensePro.)
413
OID
MIB
Comment
1.3.6.1.4.1.89.35.1.65.188.4
rsTrafficUtilizationPerPolicy
1.3.6.1.4.1.89.35.1.65.188.4.1
rsTrafficUtilizationPerPolicyTableUDP
1.3.6.1.4.1.89.35.1.65.188.4.2
rsTrafficUtilizationPerPolicyTableTCP
1.3.6.1.4.1.89.35.1.65.188.4.3
rsTrafficUtilizationPerPolicyTableICMP
1.3.6.1.4.1.89.35.1.65.188.4.4
rsTrafficUtilizationPerPolicyTableOTHER
1.3.6.1.4.1.89.35.1.65.188.4.5
rsTrafficUtilizationPerPolicyTableSCTP
1.3.6.1.4.1.89.35.1.65.188.4.6
rsTrafficUtilizationPerPolicyTableIGMP
1.3.6.1.4.1.89.35.1.65.188.4.<X>.1
rsPolicyNamePerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.2
rsNewConnectionsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.3
rsConcurConnections<Y>1
1.3.6.1.4.1.89.35.1.65.188.4.<X>.4
rsDroppedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.5
rsDroppedBytesPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.6
rsReceivedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.7
rsReceivedBytesPerPolicy<Y>
414
Parameter
Description
Scope
The physical ports and the Network Protection policies that the Connection
Rate Report shows. However, the Scope for DefensePro platforms without the
DME can be only according to physical ports, not Network Protection policies.
By default, the Scope is Any Port or Any Policy (depending on the specified
value in the Scope drop-down list). That is, by default, the Connection Rate
Report displays all the information.
To control the scope of the information that the Traffic Utilization Report
shows, see the procedure To control the scope of the information that the
Traffic Utilization Report shows, page 416.
Display Last
How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Scope
415
Parameter
Direction
Description
Values:
BothShow both inbound traffic and outbound traffic. Data for inbound
and outbound are displayed as separate lines, not as totals.
Select Policies
(This button is
displayed only when
the Scope is
Devices/Policies.)
Opens the Select Port Pairs dialog box. Select the port pairs relevant for the
network topology by moving the required port pairs to the Selected Port
Pairs list. All other port pairs should be in the Available Port Pairs list.
Note: You can select port pairs for each direction; however, Radware
recommends that you select a port pair in one direction only, and display
traffic for both directions, if required. If you select port pairs in both
directions, and traffic for both directions, the graph will display the same
traffic twice.
Opens the Select Policies dialog box. Select the Network Protection policies
relevant for the network topology by moving the required policies the
Selected Policies list.
To control the scope of the information that the Traffic Utilization Report shows
1.
Click
. A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columnsaccording to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
2.
416
To limit the physical ports or Network Protection policies that the Traffic Utilization Report
displays, select the corresponding checkboxes.
To display the information for all the currently relevant physical ports or Network Protection
policies, click in the top-left table cell, and then, select Select All.
To display all the information in the database, even information that is not associated with a
specific port or specific Network Protection policy, click in the top-left table cell, and then,
select Select None.
Parameter
Description
Display Last
How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Protocol
Protection Monitoring
Protection Monitoring provides the real-time traffic monitoring per network policy, either for the
network as a wholeif BDoS is configured, or for DNS trafficif DNS is configured. The statistical
traffic information that Protection Monitoring provides can help you better understand the traffic that
flows through the protected network, how the configured protection is working, and, most
importantly, how anomalous traffic is detected.
For information about displaying protection information for a selected device, see the following:
417
2.
3.
Policy Name
IPv4-TCP
IPv4-UDP
IPv4-ICMP
IPv4-DNS
IPv6-TCP
IPv6-UDP
IPv6-ICMP
IPv6-DNS
When an attack icon is displayed in the table, click the icon to display the corresponding attack
traffic information.
Caution: When traffic matches multiple Network Protection policies with Out-of-State protection,
the value that APSolute Vision displays for the total dropped traffic represents the sum of all
dropped traffic for all relevant Network Protection policies. This is because when traffic matches
multiple Network Protection policies with Out-of-State protection, all those Network Protection
policies count the same dropped traffic.
To display traffic information for a Network Policy that includes BDoS protection
1.
2.
3.
Configure the scope for the display of the BDoS Traffic Statistics graph and Last Sample
Statistics table.
Statistics Graph
The table displays the traffic rates for the selected Network Protection policy according to the
specified parameters.
418
Table 376: Scope Parameters for the Statistics Graph and Last Sample Statistics Table
Parameter
Description
Scope
The Network Protection policy. The list only displays policies that are
configured with a BDoS profile.
Display Last
How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Direction
The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units
The unit according to which the Statistics Graph and Last Sample Statistics
table display the traffic.
Values:
419
Parameter
Description
IP Version
Protection Type
Scale
TCP FRAG
TCP RST
TCP SYN
UDP
ICMP
IGMP
UDP FRAG
TCP
TCP SYN
SYN ACK
TCP FRAG
TCP RST
UDP
UDP FRAG
ICMP
Other IP
The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status
Line
Description
Total Traffic
The total traffic that the device sees for the specific protection type and
direction.
dark blue)
Legitimate Traffic
(
light blue)
Normal Edge
(
420
dashed green)
Line
Description
Suspected Edge
(
Attack Edge
dashed red)
Parameter
Description
Traffic Type
The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline
Total Traffic
The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion %
An indication for the rate invariant baselinethat is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion %
The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic
The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of traffic, after the device blocked the attack.
Traffic Peak
(This parameter is
available only in
DefenseFlow.)
Degree of Attack
Peak traffic value, in bps, to use in case of a manual action without attack
volume information available.
421
To display traffic information for a Network Protection policy that includes DNS
protection
1.
2.
3.
Configure the filter for the display of the Statistics Graph and Last Sample Statistics table.
Statistics Graph
The graph displays the traffic rates for the selected Network Protection policy according to the
specified parameters.
Table 380: Scope Parameters for the Statistics Graph and Last Sample Statistics Table
Parameter
Description
Scope
The Network Protection policy. The list only displays rules configured with a
DNS profile.
Direction
The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units
(Read-only) The unit according to which the Statistics Graph and Last
Sample Statistics table display the traffic.
Value: QPSQueries per second
Parameter
Description
IP Version
Protection Type
Scale
Other
Text
AAAA
MX
NAPTR
PTR
SOA
SRV
The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status
422
Line
Description
Total Traffic
(
The total traffic that the device sees for the specific protection type and
direction.
dark blue)
Legitimate Traffic
(
light blue)
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
The statistically calculated baseline traffic rate.
Normal Edge1
(
dashed green)
Suspected Edge1
(
dashed orange)
Attack Edge1
(
dashed red)
1 This line is not displayed if the protection is configured to use a footprint bypass or
manual triggers.
Parameter
Description
Traffic Type
The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline
Total Traffic
The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion %
An indication for the rate invariant baselinethat is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion %
The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic
The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of traffic, after the device blocked the attack.
Degree of Attack
423
HTTP Reports
This feature is functional only in DefensePro 6.x and 7.x versions.
This feature is not functional in DefensePro 8.x versions and DefensePro for Cisco Firepower 9300.
HTTP Mitigator protection monitors rate-based and rate-invariant HTTP traffic parameters, learns
them, and generates normal behavior baselines accordingly.
Note: DefensePro examines the number and rate of HTTP requests. Thus, when HTTP pipelining is
used, the detection mechanism remains accurate.
You can monitor real-time and historical (normal baseline) values, and analyze HTTP traffic
anomalies using the following reports:
Channel
Description
The rate of HTTP GET and POST requests sent per second to the
protected server.
The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
The maximum rate of HTTP GET and POST requests per second
per source IP address.
This parameter characterizes the site users behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Legitimate users may generate many requests per second, but
automatic devices such as bots or scanners generate many more.
424
Channel
Description
The maximum number of HTTP GET and POST requests per TCP
connection.
This parameter characterizes the site users behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Many requests over a single TCP connection may indicate bot or
scanner activity.
Outbound Bandwidth
Note: Normal Requests per Source and Requests per Connection baseline parameters show the
highest number of HTTP requests generated by a single source IP address and TCP connection
respectively. This number fades out, unless a higher value is observed, within about 30 seconds.
Outbound Bandwidth
Parameter
Description
Server
The name of the protected Web server for which to display HTTP traffic
statistics.
Display Last
The last number of hours for which the graph displays information.
Values: 1, 2, 3, 6, 12, 24
Default: 1
425
Channel
Description
The rate of HTTP GET and POST requests sent per second to the
protected server.
The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Outbound Bandwidth
2.
3.
Select a report:
4.
Outbound Bandwidth
In the Server list, select the protected Web server for which to display information.
2.
3.
426
Parameter
Description
Server
Scale
The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
3. To define a filter to display the security events in the table according to selected parameters,
click the Create Filter icon, enter the required parameters (listed in the tables below for Basic
and Advanced filter parameters), and click Submit.
427
Parameter
Description
Severity
Critical
High
Low
Info
Warning
Time
Source IP
Source Port
Action
Blocked
Modified
Reported
Device IP
Server Name
Transaction ID
Parameter
Description
Display Last
Select Display Last to filter the Security Event table to only list the
events that occurred during the last specified amount of time.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
2 Hours
6 Hours
12 Hours
24 Hours
Default: 10 Minutes
Date and Time Range
Select Date and Time Range to filter the Security Event table to
only list the events that occurred during the specified date and
time range.
Note: The default time is 12:00:00 on each date selected. The
time can be changed manually within the field.
428
Parameter
Description
Time
Severity
Web Application
Critical
High
Low
Info
Warning
External IP
Action
Violation Type
Blocked
Modified
Reported
Source IP
Parameter
Description
User
AppWall Version
Target Module
Host
Tunnel
429
Parameter
Device Type
Description
The device type of the security event.
Values (Equals or Not Equals):
vHost
Stand-Alone Gateway
Stand-Alone Monitor
Cluster Manager
Source Port
Destination Port
Protocol
Parameter Name
TCP
HTTP
HTTPS
Transaction ID
Request
Role
Module
Event Type
Directory
Tunnel Listen IP
URI
Violation Category
430
Parameter
Description
appPath
Destination IP
Method
Parameter Type
GET
POST
Rule ID
Title
431
In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top
Attacks by Source.
2.
In the Display Last option, you can filter the display to only show the events that occurred
during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1
hour.
432
View the high-level status of each APM-enabled ADC (Alteon or LinkProof NG) service, which use
the following indicators:
Not AvailableThe Application SLA Dashboard cannot display the status because the
feature is not supported on the Alteon platform or the required license is not installed.
No DataThe Application SLA Dashboard cannot display the status because no traffic
transactions were generated in the collection interval.
Click an icon on the dashboard to go to the related APM dashboard, Alteon dashboard, or
Application Delivery View dashboard. For more information on APM, see the Application
Performance Monitor User Guide.
433
In the APSolute Vision Settings view System perspective, select Dashboards > Application
SLA Dashboard.
Name
Display
Click Action
Application Name
The application
name in APM.
None
None
The User
Experience (UE)
SLA statusgreen
(acceptable),
orange (warning),
and red (critical
alert)during the
last 15 minutes.1
Parameters:
Parameters: DC SLA %,
Avg DC Time
434
UE SLA %
Avg UE Time
Rendering Time
Network Time
Name
Display
Service Availability
Parameters:
The indicator for
the availability of
Status
the application
green (acceptable), Successful/Total
orange (warning),
and red (critical
alert)during the
last 15 minutes.2
Service Throughput
(Mbps)
(The Application SLA
Dashboard resolves this
parameter only for
Alteon version 30.2 and
later.)
Infrastructure
Click Action
Opens the Service Status
View dashboard of the
Alteon that manages the
service.
The throughput, in
Mbps, for the
application.
Parameters:
Device Name
Management IP
Device Status
CPU SP (Avg)
CPU MP
Cache
Hard drive
Session
Throughput License
SSL License
Temperature (Critical
/ High / Normal)
1 The status is the same as that in APM. The dashboard displays the status only if the
service has generated transactions and APM data is available.
2 This is based on one poll per minute for the last 15 minutesGreen (OK): 0 (zero)
service-down records. Amber (Warning): 12 service-down records. Red (Critical): 3 or
more service-down records.
435
AppWall AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and
secure delivery of mission-critical Web applications. For Security Control Center information,
see AppWall Information in the Security Control Center, page 438.
Each tab displays one of the following global-status indicators, in addition to the label (for example,
DefensePro):
OK.
Mixed results.
Warning or Fail.
Not enough data, polling data, or the Security Control Center cannot determine the status.
436
In the APSolute Vision Settings view click System perspective, select Dashboards >
Security Control Center.
Click the
The APSolute Vision server is managing one or more DefensePro devices with enabled
policies.
The APSolute Vision server is managing one or more DefensePro devices, but none have
any enabled policy.
The Security Control Center has not yet determined the status.
When the global status is OK or mixed-results, the DefensePro node of the Security Control Center
displays the parameters described in the following table.
Parameter
Description
Total Policies
Enabled Policies
Disabled Policies
DefenseFlow is available.
437
The APSolute Vision server is managing one or more AppWall devices, which is reporting
to the associated APSolute Vision Reporter.
The APSolute Vision server is managing one or more AppWall device(s), but one or more
of the AppWall device(s) is not reporting to the APSolute Vision Reporter that is associated with
this APSolute Vision server.
When the global status is OK or mixed-results, the AppWall node of the Security Control Center
displays the parameters described in the following table.
Parameter
Description
The APSolute Vision server has a license for AVR, and AVR is available.
The APSolute Vision server has no license for AVR, or AVR is unavailable.
438
All the DefensePro devices are using the latest signature file.
Only some of the DefensePro devices are using the latest signature file version.
No DefensePro devices are using the latest signature file (whether or not they have a
subscription).
The Security Control Center cannot determine the status.
Table 395: Security Control Center: Radware Security Signatures (SUS) Parameters
Parameter
Description
DefensePro Devices Using Latest The number of DefensePro devices using the latest signature-file
Signature File Release
release.
DefensePro Devices Requiring
Signature File Update
439
All of the DefensePro devices were updated with RSA signatures in the last hour.
Only some of the DefensePro devices were updated with RSA signatures in the last hour.
No DefensePro devices were updated with RSA signatures in the last hour.
Parameter
Description
440
Caution: Radware strongly recommends that the system administrator follow the recommended
basic security procedures. The basic security procedure use the APSolute Vision CLI and affect
access to the APSolute Vision CLI. For more information, see Recommended Basic Security
Procedures, page 61 and System User Password Commands, page 492.
APSolute Vision CLI includes the following capabilities:
Command history
All configuration changes that are made using CLI commands are sent to the APSolute Vision server
audit log.
This chapter contains the following sections:
To access the CLI, you need to first log in to the APSolute Vision WBM.
There is a 60-day inactivity timeout. That is, if you have not logged in to APSolute Vision server
for 60 days, you must again log in to the APSolute Vision WBM before you can log in to the
APSolute Vision CLI.
Data bits: 8
Parity: None
Stop bits: 1
441
APSolute Vision CLI uses Control-? (127) for the Backspace key.
When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes
for idle connections. If an SSH connection is idle for five minutes, APSolute Vision terminates the
session.
Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that your
SSH client does not attempt GSSAPI authentication.
Syntax Convention
Description
Example
Bold
Brackets ([ ])
Curly brackets
containing vertical
bar(s)
({ | })
Command
Description
exit
Logs out of the APSolute Vision CLI session. For more information, see exit,
page 443.
help
Displays help for menus and commands. You can also use the ? key. For more
information, see help, page 443.
history
net
442
Command
Description
ping
Pings a host on the network to test its availability. For more information, see
ping, page 444.
reboot
Stops all processes and then reboots the APSolute Vision server. For more
information, see reboot, page 444.
shutdown
Stops all processes and then shuts down the APSolute Vision server. For more
information, see shutdown, page 444.
system
System commands for the APSolute Vision server. For more information, see
System Commands, page 452.
grep
Selects lines containing a match for the specified regular expression. For more
information, see grep, page 444.
more
Paginates command output. For more information, see more, page 445.
exit
help
history
ping
reboot
shutdown
grep
more
exit
Logs out of the APSolute Vision CLI session.
Syntax
exit
help
Displays help for a command or menu. You can also use the ? key.
Examples
A
Tip: To display the list of commands for a menu, enter the menu name and press Enter.
443
history
Displays a history of the previously run commands.
Syntax
history [-<num>]
<num>
Optional
Example
history | grep sys
Displays the history of commands containing the string sys.
ping
Pings a host on the network to test its availability.
Syntax
<IP_address>
Required
<N>
Required
reboot
Stops all processes and then reboots the APSolute Vision server.
Syntax
reboot
shutdown
Stops all processes and then shuts down the APSolute Vision server.
Syntax
shutdown
grep
Selects lines containing a match for the specified regular expression. You can use this command only
concatenated to other commands that produce output.
Syntax
444
| grep <regexp>
<regexp>
Required
Tip: Use this command with history and timezone list commands to filter output.
more
Paginates command output. You can use this command only concatenated to other commands that
produce output.
Syntax
| more
Tip: Use this command with history and timezone list commands to paginate output.
445
<IP_address>
Required
<IP_address>
Required
<IP_address>
Required
446
Note: For information on the ports opened by the APSolute Vision installation, see UDP/TCP Ports,
page 608.
The net firewall commands comprise the following:
<port_number>
Required
{open|close}
Required
Note: After changing the configuration of a management port (G1 or G2), you must restart the
APSolute Vision server.
The net ip commands comprise the following:
net ip set
net ip delete
net ip get
447
net ip set
Configures an IP address for APSolute Vision server network interface on ports G1, G2, G3, or G4.
Notes
The G4 port is available only in an APSolute Vision server with APM server VA deployment.
Syntax
<IP_address>
Required
<netmask>
Required
{G1|G2|G3|G4}
Required
net ip delete
Deletes an IP address from a port on the APSolute Vision server.
Syntax
{G1|G2|G3|G4}
Required
net ip get
Displays the MAC addresses and other information about the configured network interfaces.
Syntax
net ip get
Note: You can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on)
through ports G1, G2, and G3.
Syntax
{G1|G2}
448
Required
<hostname>
Required
Caution: The specified IP address must be routable from the client machine.
Syntax
<IP address>
449
{G1|G2}
Required
{on|off}
Optional
{10|100|1000}
Optional
{half|full}
Optional
Examples
A
450
Required
<gateway_ip>
<G1|G2|G3|G4>
Optional for
G1G3.
Required for
G4.
<net_ip>
Required
<netmask>
Required
<gateway_ip>
<G1|G2|G3|G4>
Optional for
G1G3.
Required for
G4.
451
<gateway_ip>
Required
<G1|G2|G3>
Optional
<net_ip>
<netmask>
Required
<gateway_ip>
Required
<G1|G2|G3|G4>
Optional for
G1G3.
Required for
G4.
System Commands
The system menu includes the following system commands and command types for the APSolute
Vision server:
452
Note: For more information on APSolute Vision server with APM server VA, see the APSolute Vision
Installation and Maintenance Guide and the Application Performance Monitoring Troubleshooting and
Technical Guide.
The system apm commands comprise the following:
Note: From the APM shell, the exit command returns the CLI session to the APSolute Vision shell.
Syntax
453
<protocol>
<user>@
Required
Values:
ssh
sftp
ftp
scp
The username.
Required
<server>
Required
Required
<filename>
Required
<all|yyyy-mm-dd>
Specify all to export all entries, or specify the start date of Required
records to export. The start date must be in yyyy-mm-dd
format.
454
Note: For information on the storage location, see System Storage Commands, page 486.
Each backup includes the following:
The backup config create command does not back up the following:
The password of the radware user of the APSolute Vision server appliance
Attack data
The system stores up to five configuration-backup iterations. After the fifth configuration-backup,
the system deletes the oldest one.
Syntax
455
<configName>
[description]
Optional
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<configName>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp
456
<user>@
The username.
Required
<server>
Required
Required
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<protocol>
<user>@
Values:
ssh
sftp
ftp
scp
The username.
Required
Required
<server>
Required
Required
DateThe time and date that the system-configuration backup was created.
457
Syntax
<configName>
Required
DateThe time and date that the system-configuration backup was created.
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
<configName>
Required
458
Note: For information on the storage location, see System Storage Commands, page 486.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Caution: The system backup does not include AVR or DPM data.
Syntax
<backupName>
Required
[description]
Optional
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<backupName>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
459
<backupName>
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp
The username.
Required
<server>
Required
Required
Required
Note: For information on the storage location, see System Storage Commands, page 486.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
460
<protocol>
<user>@
Values:
ssh
sftp
ftp
scp
The username.
Required
Required
<server>
Required
Required
The name of the backup in the export directory, which may Required
be different from the backupName.
When the file is imported, the filename reverts to the
backupName, that is, the name that was used when the
backup was created.
Syntax
<backupName>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
461
Caution: The system backup does not include the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM). If you use AVR or DPM, you must restore the system before you
restore the AVR and/or DPM data.
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
<backupName>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
462
Required
<description>
Optional
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Values:
ssh
sftp
ftp
scp
Required
Required
463
<user>@
Required
<server>
Required
<path/to/directory>
Required
<filename>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<protocol>
<user>@
Values:
Required
ssh
sftp
ftp
scp
The username.
Required
<server>
Required
Required
464
Syntax
<securityReporterName>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Caution: When you are restoring the system backup also, you must restore the system before you
restore AVR data.
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
<securityReporterName>
Required
465
Notes
This command is an alternative to using the two separate commands, system backup
techSupport create and system backup techSupport export.
You can delete the .tar file using system backup techSupport delete (without the .tar
extension).
APSolute Vision generates each package in a .tar file using the following format:
vision_support_<IPAddress>_<MM-dd-yy-hhmm>.tar
where:
APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
Running processes
Disk usage
Syntax
466
Note: For information on the storage location, see System Storage Commands, page 486.
Each tech-support package includes the following:
APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
Running processes
Disk usage
Syntax
Required
<description>
Optional
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
467
<techSupportName>
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp
The username.
Required
<server>
Required
Required
Required
DateThe time and date that the tech-support package was created.
Syntax
<techSupportName>
Required
468
DateThe time and date that the tech-support package was created.
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Notes
For information on the storage location, see System Storage Commands, page 486.
For information on system backup techSupport local, see system backup techSupport
local, page 466.
Syntax
<techSupportName>
Required
system cleanup
Cleans all the data on the APSolute Vision server, or cleans all the data on the APSolute Vision server
except for the following:
Installed licenses
Syntax
full|without-server-ip
469
Note: For information on APSolute Vision database table views, see Appendix B - APSolute Vision
Database Views, page 507.
The system database access commands comprise the following:
A user from a specified host IP address with the following credentials can read (SELECT) the
database tables with a MySQL connection:
User: external
Password: viewer
Notes
The system backup and system config backup commands back up the list of IP addresses
that can access the database tables.
The system cleanup command deletes the list of IP addresses that can access the database
tables.
470
Required
Required
471
For managed devices of product versions created before the introduction of the
device-driver featureAPSolute Vision reloads the device drivers from the APSolute Vision
file system. (APSolute Vision persistently maintains the device drivers of product versions
created before the introduction of the device-driver feature.)
For managed devices of product versions created with the device-driver feature
APSolute Vision retrieves and loads the device driver from each managed device.
Caution: If you require functionality that relies on a manually uploaded device driver (for
example, as is the case with configuration templates), you must upload the relevant device
driver again.
Note: For more information on device drivers, see Managing Device Drivers, page 112.
Syntax
472
Caution: For APSolute Vision VAThe time on the APSolute Vision VA must be the same asor
within several minutes ofthe time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Notes
Setting the system date requires restarting the APSolute Vision server, the APSolute Vision
Reporter, and MySQL.
The APSolute Vision Reporter client supports only a single timezone, which is the timezone
configured in APSolute Vision server.
Syntax
<date_and_time>
Required
Example
system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.
System DF Commands
Use df commands to manage the DefenseFlow associated with the APSolute Vision server.
The system df commands comprise the following:
473
<IP_address>
Required
system df shell
Launches the DefenseFlow shell.
Syntax
system df shell
Caution: This command deletes all the data for the Device Performance Monitor.
Note: For information on the storage location, see System Storage Commands, page 486.
The system stores up to three DPM backups. After the third tech-support package, the system
deletes the oldest one.
Syntax
<dpm_bu_name>
Required
474
<dpm_bu_name>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<dpm_bu_name>
Required
<protocol>
Value: ftp
Required
<user>@
The username.
Required
<server>
Required
Required
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<protocol>
Value: ftp
Required
<user>@
The username.
Required
<server>
Required
Required
Required
475
Caution: When you are restoring the system backup also, you must restore the system before you
restore DPM data. Otherwise, the devices in DPM will be marked as deleted.
Note: This action also stops and restarts the Device Performance Monitor process.
Syntax
<dpm_bu_name>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
The system stores up to three DPM tech-support packages. After the third tech-support package,
the system deletes the oldest one.
Syntax
system dpm techSupport create <techSupportName> [description]
Required
[description]
Optional
476
<dpm_techsupport_name>
Required
<protocol>
Value: ftp
Required
<user>@
The username.
Required
<server>
Required
<path/to/directory>
Required
<RemoteFolder>
Required
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
Note: For information on the storage location, see System Storage Commands, page 486.
Syntax
<techSupportName>
Required
477
Caution: This command performs a fresh installation of the DPM service, and all existing DPM
data is deleted.
478
<hostname>
Optional
<server>
Required
<minpoll>
<maxpoll>
prefer
Optional
479
<server>
Required
Caution: For APSolute Vision VAThe time on the APSolute Vision VA must be the same asor
within several minutes ofthe time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Syntax
480
{start|stop|status}
Required
refidAssociation ID
tType:
delayRound-trip delay
jitterJitter
Note: For information on the MIBs that the SNMP interface exposes, see Appendix D - MIBs for
Monitoring APSolute Vision, page 567.
481
Required
<community>
482
Required
<host>
Required
<community>
Required
[port]
Optional
Required
<community>
Required
483
Common NameThe server hostname or the IP address. Default: APSolute Vision Server.
Caution: Every certificate includes a validity period, which is defined by a start date and an end
date. To prevent certificate-validity conflicts, before creating certificates, make sure that the correct
time is configured on the APSolute Vision servereither manually or using an NTP server.
Note: Replacing the SSL certificate reboots the AVR web server. You will need to log in again to
AVR.
Syntax
<protocol>
<user>@
Values:
sftp
scp
Required
The username.
Required
<server>
Required
<path/to/directory>
Required
<key_filename>
Required
Required
Optional
484
Example
sftp://radware@1.1.1.1:/tmp -key key.pem -cert cert.pem -pass 12345
system ssl import pkcs12
Imports a private key and certificate in PKCS12 format.
Syntax
<protocol>
<user>@
Values:
sftp
scp
The username.
Required
Required
<server>
Required
<path/to/directory>
Required
<PKCS12_filename>
Required
<pkcs12_passphrase>
Required
Example
sftp://radware@1.1.1.1:/tmp/file.p12 -pass 12345
Subject:
Common Name
Country
State
Locality
Organization
Organization Unit
Email Address
Issuer:
Common Name
Country
State
Locality
Organization
485
Organization Unit
Email Address
Serial Number
Validity:
Syntax
system statistics
Displays system resources statistics, including CPU utilization, uptime, system disk usage, database
disk usage, RAM utilization, and network throughput.
Syntax
system statistics
Tech-support packages
Note: Only root users can manually manage files in the hard-coded local directory.
Syntax
486
<protocol>
Required
<server>
Required
<path/to/store>
Required
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Caution: The dump to the capture file (dump.cap) stops when the first condition is reached:
timeout_sec, max_packets, or size. To ensure that each dump includes as much data as
possible when you configure a timeout_sec condition, Radware recommends that you set
max_packets to the maximum (-c 0). To ensure that each dump includes as much data as
possible when you configure a max_packets condition, Radware recommends that you set
timeout_sec to the maximum (-t 0).
Syntax
487
<timeout_sec>
Optional
<max_packets>
Optional
<size>
Optional
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Syntax
<timeout_sec>
Optional
Default: 60
<max_packets>
Optional
Default: 10000
<size>
Optional
Note: The settings are persistent and are included in the APSolute Vision configuration backup and
restore operations.
The system terminal commands comprise the following:
488
489
Tip: To paginate output, use system timezone list | more. To find a specific timezone, use
|grep. For example, to find the timezone for London, use system timezone list | grep Lon
to display all time-zone names containing Lon.
Note: In an APSolute Vision server with APM server VA installation, this command affects the
APSolute Vision server and the APM module. That is, in an APSolute Vision server with APM server
VA installation, changing the timezone in the APM Linux shell, has no effect.
Timezones for named locations, for example, Europe/London, set the GMT value and daylight saving
time parameters for those areas.
To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for
example, Etc/GMT+2.
For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and
the zones east of GMT have a negative (-) sign in the timezone name. For example,
Etc/GMT-2 is 2 hours ahead/east of GMT.
To prevent incorrect timezone configuration, use the country name listed in the timezone list,
not timezones beginning with Etc/GMT.
Tip: To view the list of supported timezones, use system timezone list.
Syntax
<timezone_name>
The name of the timezone, selected from the list of supported Required
timezones. The timezone name is case sensitive, for example,
system timezone set Europe/London.
Note: You can also use the APSolute Vision WBM to upgrade the APSolute Vision software version or
the APSolute Vision online help stored on the APSolute Vision server.
490
<filename>
Required
<password>
Required only
for major
version
<APSoluteVisionIPAddress>/temp directory.
This procedure requires a valid online-helpupgrade package. For more information on the onlinehelp package, see Managing the Online-Help Package on the Server, page 505.
Syntax
<filename>
Required
Note: The setting is retained after reboot of the APSolute Vision server, and it is included in the
APSolute Vision configuration backup and restore operations.
Syntax
491
{Local|RADIUS|TACACS+}
Required
Values:
Default: Local
Caution: Radware recommends using the radware only for disaster recovery, and keeping the
details of the radware user secret from all except special administrators.
492
Notes
When you use this command, you will be prompted to enter a new password at the New UNIX
<user>
The username.
Required
493
system version
Displays the current APSolute Vision version and the versions of its components.
Syntax
system version
494
Accessing the vDirect Configuration Interface of the APSolute Vision Server, page 495
Add and delete Alteon and DefensePro devices to the devices that the APSolute Vision manages.
Change the and delete Alteon and DefensePro devices to the devices that the APSolute Vision
manages.
Note: For more information on APSolute Vision RBAC, see Role-Based Access Control (RBAC),
page 70.
495
Configuration UI
2.
3.
4.
Click Login.
In APSolute Vision, you add a device; whereas in vDirect, you register a device.
A device that you added to APSolute Vision is referred to as a managed device; whereas in
vDirect, the device is referred to as registered.
APSolute Vision categorizes Alteon devices by form factor (standalone, VX, or vADC) and
platform (platform model, VA, or hosting VX-platform model). vDirect calls all Alteon devices
containers. vDirect calls standalone/VA and vADC devices dedicated containers. vDirect calls VX
devices partitioned containers.
496
Caution: If you change the name of a vDirect site in the APSolute Vision Device pane, vDirect
does not recognize it later. That is, if you change the name of a vDirect site in the APSolute Vision
Device pane, and you register a new Radware device with APSolute Vision, vDirect will create a new
a vDirect site.
For Radware devices that are added to APSolute Vision using APSolute Vision WBM, vDirect
displays IP address of each device, not the specified name.
You cannot register multiple vADCs from multiple VXs in the same operation.
There are differences in the set of device-access parameters that vDirect and APSolute Vision
expose. For example, APSolute Vision exposes the HTTP and HTTPS parameters, and eventnotification parameters.
The APSolute Vision Lock operation on a device is not enforced on vDirect. That is, the APSolute
Vision and APSolute Vision vDirect can modify a device configuration in parallel. This may cause
conflicting configurations.
497
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
3.
Select Containers.
4.
Click Register.
5.
6.
b.
Parameter
Description
Name
Tenants
Assigns the container to one or more tenants. For more information, see
the vDirect documentation.
Address
The IP address where the dedicated ADC container resides. This is the
management IP address as it is defined on the managed device.
CLI Password
CLI Port
SNMP Version
SNMP Port
User Name
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Maximum characters: 18
498
Parameter
Description
Authentication
Password
Default: SHA
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the dedicated ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write Community The SNMP write community name authorized to access the dedicated
ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
499
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
3.
Select Containers.
4.
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
3.
Select Containers.
4.
5.
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
3.
Select Containers.
4.
5.
6.
500
Unregistering a Container
This section describes how to remove a container from the vDirect system.
To unregister a container
1. Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2. From the upper menu options, select Configuration.
3. Select Containers.
4. Click the box to the left of the name of the container you want to unregister.
5. Click Unregister.
6. Click Unregister again to confirm the removal.
501
Select DefensePro.
4.
Click Register.
5.
b.
Parameter
Description
Name
Tenants
Configures and adds new tenants to the DefensePro instance. For more
information, see the vDirect documentation.
Address
The username for CLI, HTTP, and HTTPS access to the device.
Maximum characters: 32
Default: radware
CLI Password
The password for CLI, HTTP, and HTTPS access to the device.
Maximum characters: 32
Default: radware
CLI Port
SNMP Version
SNMP Port
User Name
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Maximum characters: 18
502
Parameter
Description
Authentication
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write Community The SNMP write community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
503
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
3.
Select DefensePro.
4.
Click the box to the left of the name of the DefensePro instance you want to unregister.
5.
Click Unregister.
6.
504
Upgrading the online-help package that resides in the APSolute Vision server.
Reverting the online help to the original versionthat is, the online help that came with the
installation of the APSolute Vision server.
You can upgrade the online-help package that resides in the APSolute Vision server using the
procedure below (To update the APSolute Vision help on the server, page 506) or using the CLI. For
information on the CLI command, see System Upgrade Commands, page 490.
Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute
Vision Server Advanced Parameters, page 122), APSolute Vision clients access online-help pages
from the server itself or from radware.com. The online help at radware.com is always the latest, but
the files on the server might be out-of-date if a managed device was upgraded or a new device
driver is used.
The help-upgrade procedure requires a valid online-helpupgrade package.
You can download the software upgrade file from the Radware customer portal. The online-help
upgrade package may also be included in the product CD.
The name format of the online-help package is as follows:
APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade
To download the software upgrade file from the Radware customer portal
1.
2.
At the top right of the window, click My Account, and log in.
3.
505
Hover over Products, navigate to the relevant product type, and click the relevant productas
shown in the following example.
5.
6.
7.
In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2.
In the Online Help section, click the Update. The Upgrade APSolute Vision Help Version dialog
box opens.
3.
Click Browse and navigate to the online-helpupgrade package, and then, click Open.
4.
Click Send. The upgrade utility uploads the package and places the online-help files in the
location in the APSolute Vision server.
To revert the online help to the original version on the APSolute Vision server
1.
In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2.
506
Caution: Direct access to the APSolute Vision MySQL database may have performance impact on
the behavior of the APSolute Vision server, which is using the same database. Therefore, all queries
must be optimized.
Radware recommends for customers to have their own separate system, which accesses the
APSolute Vision server database and copies the relevant data to it. This enables end-users to access
the separate system, not the APSolute Vision server directly.
Figure 49: Recommended Topology for Using APSolute Vision Database Views
End Users
Customer Service
APSolute Vision server
Customer
datastore
MySQL
APSolute
Vision
database
507
508
anti_scan_attack_reports_view
attack_ips_id
anti_scan_event_samples_view
radware_id
attack_description_view
radware_id
name
attack_ips_id
attack_ips_id
anti_scan_footprints_view
attack_ips_id
http_blocking_rules_view
attack_ips_id
http_initial_statistics_view
bdos_attack_footprints_view
attack_ips_id
attack_ips_id
attack_ips_id
http_protections_view
bdos_attack_attrs_view
attack_ips_id
attack_ips_id
attack_ips_id
bdos_attack_statistics_view
attack_ips_id
srv_protect_atck_details_view
attack_ips_id
bdos_attack_tcp_statistics_view
attack_ips_id
srv_protect_event_details_view
attack_ips_id
attack_ips_id
syn_flood_attack_info_view
attack_ips_id
orm_id
srv_protect_block_details_view
attack_ips_id
attack_ips_id
srv_protect_event_messages_view
message
pps_attack_info_view
attack_ips_id
attack_ips_id
security_attack_packet_id_view
attack_ips_id
dns_attack_attrs_view
Packet_id
attack_ips_id
dns_attack_footprints_view
attack_ips_id
packet_id
packet_reports_view
attack_ips_id
packet_id
attack_ips_id
dns_attack_statistics_view
attack_ips_id
sampling_attacks_view
attack_ips_id
attack_ips_id
509
attack_description_view
This is a view of the table that stores a textual description of the relevant attack/filter, based on the Attack Description file.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
name
varchar(255)
YES
radware_id
int(11)
YES
content
text
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
attack_description
PRIMARY
orm_id
anti_scan_attack_reports_view
This is a view of the table that stores the data in the attack info section of the attack details screen for anti-scan attack details.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
avg_time_between_events
float
YES
number_of_events
bigint(20)
YES
blocking_duration
bigint(20)
YES
source_address
varchar(255)
YES
510
Key
Description
MUL
Field
Type
Null
scan_protection_actual_action
smallint(6)
YES
Key
Description
The protection Action taken.
Enum values:
scan_reason
smallint(6)
YES
Forward=1
Drop=2
Describes the difference between the configured action and the actual
action.
Enum and corresponding values:
1Configuration
2Footprint-accuracy-level
3Multiple-probed-ports
Table
Non-unique
Key Name
anti_scan_attack_reports
anti_scan_attack_reports_1ix
attack_ips_id
anti_scan_event_samples_view
This is a view of the table that stores scanning (and cracking) attack details. DefensePro can send several matched packets used during attack
detection. The information is sent over IRP.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
destination_address
varchar(255)
YES
destination_port
int(11)
YES
flag
varchar(255)
YES
The TCP packet type. This is displayed only for TCP traffic.
Key
Description
MUL
511
Field
Type
Null
icmp_msg_type
varchar(255)
YES
Key
Description
The ICMP message type, for example: Echo reply, Destination Unreachable,
Router Advertisement, Router Solicitation, Traceroute, and so on.
Table
Non-unique
Key Name
Sequence in Index
Column Name
anti_scan_event_samples
anti_scan_event_samples_1ix
attack_ips_id
anti_scan_footprints_view
This is a view of the table that stores anti-scan footprints related to specific attack instances.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
scan_direction
smallint(6)
YES
strictness_level
smallint(6)
YES
footprint_text
text
YES
Table
Non-unique
Sequence in Index
Column Name
anti_scan_footprints
anti_scan_footprints_1ix
512
attack_ips_id
bdos_attack_attrs_view
This is a view of the table that stores the data displayed in the Attack Info section of the window with BDoS attack details in the Security
Monitoring perspective.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
l4_checksum
varchar(255)
YES
The L4 checksum.
tcp_sequence_number
varchar(255)
YES
ip_id_number
varchar(255)
YES
The IP ID number.
dns_id
varchar(255)
YES
dns_query
varchar(255)
YES
dns_q_count
varchar(255)
YES
source_port
varchar(255)
YES
fragmentOffset
varchar(255)
YES
flow_label
varchar(255)
YES
source_ip
varchar(255)
YES
to_s
varchar(255)
YES
The ToS.
packet_size
varchar(255)
YES
destination_port
varchar(255)
YES
destination_ip
varchar(255)
YES
fragment
varchar(255)
YES
The fragment.
icmp_message_type
varchar(255)
YES
ttl
varchar(255)
YES
The TTL.
Key
Description
MUL
513
Field
Type
Null
controller_state
smallint(6)
YES
Key
Description
The protection state.
Enum and corresponding values:
1non-attack
2footprint-analysis
3blocking
4suspicious-activities
5non-strict-footprint
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_attrs
bdos_attack_attrs_1ix
attack_ips_id
bdos_attack_footprints_view
This is a view of the table that stores BDoS footprints related to specific instances of BDoS attacks.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
footprint_text
text
YES
time_stamp
timestamp
YES
514
Key
Description
MUL
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_footprints
bdos_attack_footprints_1ix
attack_ips_id
bdos_attack_statistics_view
This is a view of the table that stores data displayed in the Attack Statistics Table in the of the window with BDoS attack details in the Security
Monitoring perspective.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
direction
smallint(6)
YES
Key
Description
MUL
1in
2out
3unknown
515
Field
Type
Null
protection
smallint(6)
YES
Key
Description
The protection.
Enum and corresponding values:
1UDP
2ICMP
3IGMP
4TCP SYN
5TCP RST
6TCP ACK
10TCP FRAG
11TCP
21UDP FRAG
start_time
bigint(20)
YES
graph_values
varchar(255)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_statistics
bdos_attack_stat_1ix
attack_ips_id
bdos_attack_tcp_statistics_view
This is a view of the table that stores data displayed in the Attack Statistics Table with BDoS attack details in the Security Monitoring perspective.
Field
Type
Null
orm_id
varchar(255)
NO
516
Key
Description
Field
Type
Null
Key
Description
attack_ips_id
varchar(255)
YES
MUL
direction
smallint(6)
YES
The direction.
Enum and corresponding values:
counter_protection_mode
smallint(6)
YES
1in
2out
3unknown
1TCP
2UDP
3ICMP
4IGMP
5TCP-SYN
6TCP-RST
7TCP-ACK
8TCP-ACK-PSH
9TCP-ACK-FIN
10TCP-SYNC-ACK
11TCP-FRAG
start_time
bigint(20)
YES
graph_values
varchar(255)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_tcp_statistics
bdos_attack_tcp_stat_1ix
attack_ips_id
517
dns_attack_attrs_view
This is a view of the table that stores data displayed in the Attack Info section of the window with DNS-flood attack details in the Security
Monitoring perspective.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
l4_checksum
varchar(255)
YES
The L4 checksum.
ip_id_number
varchar(255)
YES
The IP ID number
dns_id
varchar(255)
YES
The DNS ID
dns_query_name
varchar(255)
YES
dns_q_count
varchar(255)
YES
dns_a_count
varchar(255)
YES
flags
varchar(255)
YES
The flags.
packet_size
varchar(255)
YES
destination_port
varchar(255)
YES
destination_ip
varchar(255)
YES
ttl
varchar(255)
YES
The TTL.
controller_state
smallint(6)
YES
518
1non-attack
2footprint-analysis
3blocking
4suspicious-activities
5non-strict-footprint
Field
Type
Null
action_type
smallint(6)
YES
Key
Description
The reported action against the attack.
Enum and corresponding values:
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
10drop-and-quarantine
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_attrs
PRIMARY
orm_id
dns_attack_attrs
dns_attack_attrs_1ix
attack_ips_id
dns_attack_footprints_view
This is a view of the table that stores DNS attack footprints related to a specific attack instance.
Field
Type
Null
Key
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
Description
The unique ID of attack instance.
The start time of the related attack.
519
Field
Type
Null
Key
Description
footprint_text
text
YES
time_stamp
datetime
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_footprints
PRIMARY
orm_id
dns_attack_footprints
dns_attack_footprints_1ix
attack_ips_id
dns_attack_statistics_view
This is a view of the table that provides data for the Attack Statistics Table in the of the window with DNS-flood attack details in the Security
Monitoring perspective.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
direction
smallint(6)
YES
Key
Description
MUL
520
1in
2out
3unknown
Field
Type
Null
protection
smallint(6)
YES
Key
Description
The protection.
Enum and corresponding values:
12A
13MX
14PTR
15AAAA
16Text
17SOA
18NAPTR
19SRV
20Other
start_time
bigint(20)
YES
graph_values
varchar(255)
YES
The value.
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_statistics
dns_attack_stat_1ix
attack_ips_id
http_blocking_rules_view
This is a view of the table that stores details for HTTP-flood attacks.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
Key
Description
MUL
521
Field
Type
Null
Key
Description
source_ip_address
varchar(255)
YES
request_uri
text
YES
bypass
bit(1)
YES
The bypass.
source_nums
int(11)
YES
Table
Non-unique
Key Name
http_blocking_rules
http_blocking_rules_1ix
attack_ips_id
http_initial_statistics_view
This is a view of the table that stores details displayed for HTTP-flood attacks, which are displayed in the Current Attacks table.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
is_normal
bit(1)
YES
R_C
int(11)
YES
other_C
int(11)
YES
outB_C
float
YES
S_R_C
int(11)
YES
con_R_C
int(11)
YES
normal_LTD
text
YES
522
Key
Description
MUL
Field
Type
Null
rate_STD
text
YES
Key
Description
The anomaly bin values of sizeDistribStatistics graph in HTTP-flood attack
details.
Table
Non-unique
Key Name
Sequence in Index
Column Name
http_initial_statistics
http_initial_stat_1ix
attack_ips_id
http_protections_view
This is a view of the table that stores data displayed in the Attack Statistics Table with HTTP-flood attack details in the Security Monitoring
perspective.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
old_protection_state
varchar(255)
YES
new_protection_state
varchar(255)
YES
old_protection_action
varchar(255)
YES
old_mitigation_state
varchar(255)
YES
new_mitigation_state
varchar(255)
YES
new_protection_action
varchar(255)
YES
The action.
rate_limit_factor
varchar(255)
YES
mitigation_mode
varchar(255)
YES
characterization_mode
varchar(255)
YES
escalation_mode
varchar(255)
YES
Key
Description
MUL
523
Field
Type
Null
Key
Description
challenge_mode
varchar(255)
YES
challenged_candidates
int(11)
YES
suspicious_sources
int(11)
YES
web_utilization
int(11)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
http_protections
http_protections_1ix
attack_ips_id
packet_reports_view
This is a view of the table that stores traffic-capture packets related to a specific attack instance. Each attack can have multiple stored packets.
The relationship between the attack and the packet ID is stored in the security_attack_packet_id table.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
start_time
bigint(20)
YES
MUL
packet_id
varchar(255)
YES
MUL
packet_type
smallint(6)
YES
packet_contents
tinyblob
YES
524
Table
Non-unique
Key Name
Sequence in Index
Column Name
packet_reports
packet_report_indx
start_time
packet_reports
packet_id_indx
packet_id
pps_attack_info_view
This is a view of the table that stores attack information of DoS attacks.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
attacker_ip
varchar(255)
YES
protected_host
varchar(255)
YES
protected_port
int(11)
YES
action
varchar(255)
YES
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
10drop-and-quarantine
525
Field
Type
Null
Key
Description
attack_duration
bigint(20)
YES
attack_rate
bigint(20)
YES
attack_total_drop_rate
bigint(20)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
pps_attack_info
pps_attack_info_1ix
attack_ips_id
sampling_attacks_view
This is a view of the table that stores information on security attacks, based on security SNMP traps (identified by OID), where the type is
sampling. These traps have the same format as regular security traps that trigger a Security Attack entry update.
Field
Type
Null
Key
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
vlan_tag
varchar(255)
YES
start_time
bigint(20)
YES
source_address
varchar(255)
YES
The source IP address of the attack. If there are multiple IP sources for an attack,
this field displays Multiple.
source_port
varchar(255)
YES
dest_address
varchar(255)
YES
dest_port
varchar(255)
YES
physical_port
smallint(6)
YES
526
Description
The unique ID of the related attack instance.
The VLAN tag value.
MUL
The start time of the attack, in milliseconds, according to the time on the APSolute
Vision server, when the trap was received.
Field
Type
Null
mpls_rd
varchar(255)
YES
Key
Description
The Multiprotocol Label Switching Route Distinguisher. This value is used to generate
reports for each customer.
The value of N/A or 0 in this field indicates that the MPLS RD is not available.
attack_protocol
smallint(6)
YES
1IP
2TCP
3UDP
4ICMP
5IGMP
6NonIP
7SCTP
8ICMPV6
Table
Non-unique
Key Name
Sequence in Index
Column Name
sampling_attacks
PRIMARY
orm_id
sampling_attacks
sampling_attacks_Idx
start_time
sampling_attacks
sampling_attack_ips_id_Idx
attack_ips_id
security_attack_packet_id_view
This is a view of the table that stores data that link a packet (traffic capture) to a specific attack instance.
Field
Type
Null
Key
orm_id
varchar(255)
NO
MUL
fkc_attack_id
varchar(255)
YES
MUL
Description
The unique ID of the attack instance.
527
Field
Type
Null
Key
Description
packet_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
Table
Non-unique
Key Name
security_attack_packet_id
FKCDA4D4052EB94D2E
fkc_attack_id
security_attack_packet_id
security_attack_packet_id_orm_id_idx
orm_id
security_attack_packet_id
security_attack_packet_id_packet_id_idx
packet_id
528
security_attacks_view
This is a view of the table that stores security attack information.
Field
Type
Description
ActionMode
Smallint(6)
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
10drop-and-quarantine
11http-200-ok
12http-200-ok-dest-reset
13http-403-forbidden
14http-403-forbidden-dest-reset
Date
Varchar()
The date, in dd/mm/yyyy format, calculated in the APSolute Vision view based on the APSolute
Vision full timestamp column - longtime.
DestAdd
Varchar(255)
DestPort
Varchar(255)
DeviceIp
varchar(255)
EventName
Varchar(255)
GroupName
Varchar(255)
LongTime
Bigint(20)
529
Field
Type
Description
PacketBandwidth
Bigint(20)
For most protections, this value is the volume of the attack, in kilobits, from when the attack started.
For SYN protection (SYN cookies), this value is the number of SYN packets dropped, multiplied by 60
bytes (the SYN packet size).
PacketCount
Bigint(20)
PhysicalPort
Smallint(6)
The port.
Protocol
Smallint(6)
RadwareId
Bigint(20)
Risk
Smallint(6)
1IP
2TCP
3UDP
4ICMP
5IGMP
6Non IP
7SCTP
8ICMPv6
The Radware ID of the attack. All attacks of the same attack_name have the same radware_Id.
The attack risk level.
Enums and corresponding values:
530
1Info
2Low
3Medium
4High
Field
Type
Description
Service
Smallint(6)
1ACL
2Anti-Scanning
3Behavioral DoS
4DoS
5HTTP Flood
6Intrusions
7Server Cracking
8SYN Flood
9Anomalies
10Stateful ACL
11DNS
12BWM
SourceAdd
Varchar(255)
SourcePort
Varchar(255)
Status
Smallint(6)
1start
2term
3sampled
4occur
5ongoing
Time
Varchar()
The time, in hh:mm:ss format, calculated in the APSolute Vision view based on the APSolute Vision
full timestamp column - start_time.
VlanTag
Varchar(255)
ReportId
Varchar(255)
531
Field
Type
Description
EndTime
Bigint(20)
The full time, in milliseconds, that the attack ended. When an attack starts, the start time is placed in
this column. This value is updated only once the attack is terminated. continuously updated with
every related SNMP trap.
MplsRd
Varchar(255)
Direction
Smallint(6)
The direction.
Enum values:
ThreatGroup
Smallint(6)
1In
2Out
3Unknown
OrmId
532
Varchar(255)
1Black List
2Network Scans
3Application DDoS
4Intrusion
5Packet Anomalies
6Server Cracking
7DDoS
8Stateful ACL
9Bandwidth Management
srv_protect_atck_details_view
This is a view of the table that stores details for Server Cracking attacks.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
attacker_ip
varchar(255)
YES
start_time
bigint(20)
YES
protected_host
varchar(255)
YES
protected_port
int(11)
YES
attacker_url
varchar(255)
YES
action
varchar(255)
YES
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
10drop-and-quarantine
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_atck_details
srv_protect_atck_details_1ix
attack_ips_id
533
srv_protect_block_details_view
This is a view of the table that stores details of attacks identified by a Server Protection policy.
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_block_details
srv_protect_block_details_1ix
attack_ips_id
srv_protect_event_details_view
This is a view of the table that stores details of attacks identified by a Server Protection policy.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
protocol
smallint(6)
YES
The protocol.
Enum and corresponding values:
1IP
2TCP
3UDP
4ICMP
5IGMP
6Non-IP
7SCTP
8ICMPv6
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_event_details
srv_protect_event_details_1ix
attack_ips_id
534
srv_protect_event_messages_view
This is a view of the table that stores samples of matched packets used during attack detection of Server Cracking (and Anti-Scan) attacks.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
message
varchar(255)
YES
start_time
bigint(20)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_event_messages
FKA3A85DD3C3E1C26
fkc_event_details_id
srv_protect_event_messages
srv_protect_event_messages_1ix
fkc_event_details_id
fkc_event_details_id
syn_flood_attack_info_view
This is a view of the table that stores SYN-flood-attack information.
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
dest_address
varchar(255)
YES
dest_port
int(11)
YES
start_time
bigint(20)
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the time the
data was received.
threshold
bigint(20)
YES
The minimum number of packets per second that trigger a SYN protection
attack.
established
bigint(20)
YES
Key
Description
MUL
535
Field
Type
Null
spoofed
bigint(20)
YES
The number of established, spoofed TCP connections per second during the
attack life cycle (aggregated). These are the sessions that were established
through the SYN-cookies mechanism or were passed through the SYN
protection trusted list.
no_data
bigint(20)
YES
attack_rate
bigint(20)
YES
The average rate of spoofed SYNs and data connection attempts per second,
calculated every 10 seconds.
web_utilization
bigint(20)
YES
tcp_utilization
bigint(20)
YES
tcp_tcpChallenge
smallint(6)
YES
http_tcpChallenge
smallint(6)
Key
YES
Description
1Safe-Reset
2Transparent proxy
1302 Redirect
2JavaScript
Table
Sequence in Index
Column Name
syn_flood_attack_info
attack_ips_id
536
syn_flood_attack_info_1ix
traffic_utilizations_view
connecction_statistics_view
device_ip
policy_name
device_ip
policy_name
physical_port
device_ip
policy_name
physical_port
concurrent_connections_view
This is a view of the table that stores the rate of current connections per protocol (TCP /UDP).
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
tcp_conn_per_sec
bigint(20)
YES
udp_conn_per_sec
bigint(20)
YES
policy_name
varchar(255)
YES
time_stamp
timestamp
YES
device_ip
varchar(255)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
concurrent_connections
PRIMARY
orm_id
537
connection_statistics_view
This is a view of the table that stores connection-rate statistics of inbound and outbound traffic for selected port pairs (or selected policy) and
protocols (TCP/UDP).
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
physical_port
smallint(6)
YES
MUL
policy_name
varchar(255)
YES
policy_direction
smallint(6)
YES
tcp_conn_per_sec
1Inbound
2Outbound
3Both
int(11)
YES
udp_conn_per_sec int(11)
YES
time_stamp
timestamp
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the time the
data was received.
device_ip
varchar(255)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
conncection_statistics
PRIMARY
orm_id
conncection_statistics
CON_STAT_PORT_TBL_INDX
physical_port
538
traffic_utilizations_view
This is a view of the table that stores data regarding the traffic the device saw in the last reporting interval.
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
physical_port
smallint(6)
YES
MUL
policy_name
varchar(255)
YES
The policy name. The pr policy report will include per policy received
statistics and per policy dropped statistics.
policy_direction
smallint(6)
YES
1Inbound
2Outbound
3Both
traffic_value
decimal (20,0)
YES
The total amount of traffic for the protocol and port identified in the row.
num_discards
decimal (20,0)
YES
The amount of discarded traffic for the protocol and port identified in the
row.
num_excluded
decimal (20,0)
YES
The graph displays excluded inbound traffic and excluded outbound traffic
only when the Traffic Exclusion option is enabled. When the Traffic
Exclusion option is enabled, the device passes through all traffic that
matches no network policy configured on the device. Excluded counters will
show zero when traffic exclusion feature is disabled or does not exist (nonEZchip platforms).
unit_id
smallint(6)
YES
1Kbps
2PPS
539
Field
Type
Null
traf_mon_protocols
smallint(6)
YES
Key
Description
The protocol for the statistics.
Enum and corresponding values:
1UDP
2TCP
3ICMP
4Other
5All
6SCTP
7IGMP
8DNS
9HTTP
time_stamp
timestamp
YES
device_ip
varchar(255)
YES
Table
Non-unique
Key Name
Sequence in Index
Column Name
traffic_utilizations
PRIMARY
orm_id
traffic_utilizations
TRAFF_UTIL_PORT_TBL_INDX
physical_port
540
audit_table_view
ID
audit_id
audit_table_view
This is a view of the table that stores audit information.
Field
Type
Description
audit_id
Varchar(255)
messagetype
Smallint(6)
severity
Smallint(6)
The severity.
Enums and corresponding values:
1Emergency
2Alert
3Critical
4Error
5Warning
6Notice
7Info
8Debug
createddate
Timestamp
description
Text
userParams_userName l
Varchar(255)
The username.
userParams_contactInformation Varchar(255)
deviceParams_deviceName
Varchar(255)
deviceParams_deviceType
Varchar(255)
2DefensePro
3APSolute Vision
5Alteon
541
Field
Type
Description
deviceParams_deviceOrmId
Varchar(255)
deviceParams_deviceIP
Varchar(255)
deviceParams_deviceDate
Timestamp
The following table lists the message types that APSolute Vision supports and the corresponding
description templates.
Message Type
Description Template
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
542
Message Type
Description Template
31
32
alert_view
This is a view of the table that stores device alerts and APSolute Vision alerts.
Field
Type
ID
Bigint(20)
module
Smallint(6)
devicetype
severity
Smallint(6)
Smallint(6)
Description
The module, represented as an integer, according to the
following mapping:
1Device Security
2Device General
3Vision General
4Vision Configuration
5Vision Control
6Security Reporting
2DefensePro
3APSolute Vision
5Alteon
1Critical
2Major
3Minor
4Warning
5Info
raisedtime
Timestamp
message
Text
username
Varchar(255)
The username.
deviceormid
Varchar(255)
deviceip
Varchar(255)
devicename
Varchar(255)
trapsid
Varchar(255)
The OID of the trap, if the alert was received via a trap.
port
Varchar(255)
The port.
cleared
Bit(1)
clearedtime
Timestamp
acknowledged
Bit(1)
543
Field
Type
Description
acknowledgedtime
Timestamp
mailed
Bit(1)
View
anti_scan_attack_reports_view
24
anti_scan_event_samples_view
25
anti_scan_footprints_view
25
bdos_attack_attrs_view
25
bdos_attack_footprints_view
25
bdos_attack_statistics_view
25
bdos_attack_tcp_statistics_view
25
dns_attack_attrs_view
25
dns_attack_footprints_view
25
dns_attack_statistics_view
25
http_blocking_rules_view
25
http_initial_statistics_view
At least 1 hour
http_protections_view
25
packet_reports_view
24
pps_attack_info_view
25
sampling_attacks_view
24
security_attack_packet_id_view
24
security_attacks_view
24
srv_protect_atck_details_view
25
srv_protect_block_details_view
25
srv_protect_event_details_view
25
srv_protect_event_messages_view
25
syn_flood_attack_info_view
25
544
View
concurrent_connections_view
connection_statistics_view
traffic_utilizations_view
545
546
547
Global Parameters
The following table lists the messages that are triggered by actions performed on global parameters.
The value in the Type column identifies whether the message is regular (R), or detailed (D) when
detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
ID
Type
Message
User <username> has changed the default password for other users.
User <username> has changed the default Password for the user radware.
User <username> has changed the Number of Last Passwords Saved to value
<value>.
User <username> changed the setting that users must change their password at
first login.
User <username> changed the setting that users must change their password at
first login to <value>.
Advanced Parameters
The following table lists the messages that are triggered by actions performed on advanced
parameters. The value in the Type column identifies whether the message is regular (R), or detailed
(D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
ID
Type
Message
User <username> has changed the Online Help URL to APSolute Vision Server.
User <username> User <username> User <username> has changed the Minimal
Log Level.
User <username> has changed the Max. Number of Configuration Files per
Device.
548
ID
Type
Message
User <username> has changed the Max. Number of Configuration Files per Device
to <value>.
ID
Type
Message
User <username> has changed the L4 Destination Port for Syslog Reporting.
User <username> has changed the L4 Destination Port for Syslog Reporting to Port
<value>.
User <username> has changed the Syslog Reporting report (scope) to <value>.
549
ID
Type
Message
User <username> changed the detailed APSolute Vision activity auditing alerts
feature to <value>
User <username> changed the detailed APSolute Vision activity auditing alerts
feature.
Connection Settings
The following table lists the messages that are triggered by actions performed on connection
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
ID
Type
Message
00986
User <username> has changed the password for authentication with the proxy
server.
00987
User <username> has changed the user name for authentication with the proxy
server.
00999
User <username> has changed the user name for authentication with the proxy
server to proxy-username <value>.
00988
00988
00989
00989
User <username> has changed the port of the proxy server to port <value>.
00990
00998
User <username> has changed the IP address of the proxy server to IP Address
<value>.
00991
00991
00992
User <username> has changed the timeout for connecting to a device using
SNMP.
00992
User <username> has changed the timeout for connecting to a device using SNMP
to <value>.
00993
User <username> has changed the number of retries for connecting to a device
using SNMP.
00993
User <username> has changed the number of retries for connecting to a device
using SNMP to <value>.
00994
User <username> has changed the port for accessing a device using SNMP.
550
ID
Type
Message
00994
User <username> has changed the port for accessing a device using SNMP to port
<value>.
00995
User <username> has changed the value of the 'Session Inactivity Timeout'
parameter.
00995
User <username> has changed the value of the 'Session Inactivity Timeout'
parameter to <value>.
00996
User <username> has changed the default HTTPS port toward devices.
00996
User <username> has changed the default HTTPS port toward devices to port
<value>.
00997
User <username> has changed the default HTTP port toward devices.
00997
User <username> has changed the default HTTP port toward devices to port
<value>.
Monitoring Settings
The following table lists the messages that are triggered by actions performed on monitoring
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
ID
Type
Message
01000
01000
User <username> has changed the Polling Interval for Reports to <value>.
01001
User <username> has changed the Timeout for Device Status Poll.
01001
User <username> has changed the Timeout for Device Status Poll to <value>.
01002
User <username> has changed the polling interval for device status.
01002
User <username> has changed the polling interval for device status to <value>.
01003
User <username> has changed the Polling Interval for System Configuration.
01003
User <username> has changed the Polling Interval for System Configuration to
<value>.
01004
User <username> has changed the Polling Interval for On-line Monitoring.
01004
User <username> has changed the Polling Interval for On-line Monitoring to
<value>.
01005
01006
01007
01007
01008
01008
01009
551
ID
Type
Message
01009
01010
1 The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and
later.
RADIUS Configuration
The following table lists the messages that are triggered by actions performed on the RADIUS
configuration. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane,
page 95).
ID
Type
Message
User <username> has changed the Timeout for the RADIUS servers.
User <username> has changed the Timeout for the RADIUS servers to <value>.
User <username> has changed the Retries for the RADIUS servers.
User <username> has changed the Retries for the RADIUS servers to <value>.
User <username> has changed the Authentication Type for the RADIUS servers.
User <username> has changed the Authentication Type for the RADIUS servers
to <value>.
User <username> has changed the Attribute ID for the RADIUS servers.
User <username> has changed the Attribute ID for the RADIUS servers to
<value>.
User <username> has changed the Vendor ID for the RADIUS servers.
User <username> has changed the Vendor ID for the RADIUS servers to
<value>.
User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers.
User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers to <value>.
User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers.
User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers to <value>.
User <username> has changed the Shared Secret for the Secondary RADIUS
server.
User <username> has changed the Shared Secret for the Primary RADIUS server.
User <username> has changed the Port for the Secondary RADIUS server.
User <username> has changed the Port for the Secondary RADIUS server to
<value>.
User <username> has changed the Port for the Primary RADIUS server.
552
ID
Type
Message
User <username> has changed the Port for the Primary RADIUS server to
<value>.
User <username> has changed the IP Address for the Secondary RADIUS server.
User <username> has changed the IP Address for the Secondary RADIUS server
to <value>.
User <username> has changed the IP Address for the Primary RADIUS server.
User <username> has changed the IP Address for the Primary RADIUS server to
<value>.
ID
Message
01012
01013
01014
01015
01016
01017
01018
01019
01020
01021
01022
01023
ID
Type
Message
553
ID
Type
Message
ID
Type
Message
00980
User <username> has changed the threshold for Warning Falling CPU
Utilization.
00980
User <username> has changed the threshold for Warning Falling CPU
Utilization to <value>.
00982
User <username> has changed the threshold for Error Falling CPU Utilization.
00982
User <username> has changed the threshold for Error Falling CPU Utilization to
<value>.
00983
User <username> has changed the threshold for Error Rising CPU Utilization.
00983
User <username> has changed the threshold for Error Rising CPU Utilization to
<value>.
00981
User <username> has changed the threshold for Warning Rising CPU
Utilization.
00981
User <username> has changed the threshold for Warning Rising CPU Utilization
to <value>.
554
ID
Type
Message
00984
00985
SharePath Settings
The following table lists the messages that are triggered by actions performed on SharePath
settings.
ID
Message
00586
A SharePath server instance was removed from the configuration of the APSolute Vision
server.
00585
A SharePath server instance was added to the configuration of the APSolute Vision server.
ID
Message
00852
A new license of type <license type> was provided for APSolute Vision.
ID
Message
555
ID
Message
ID
Message
00915
User <username> uploaded a configuration file to device <Device Name> - <Device IP>
successfully.
00920
User <username> upgraded the software for device <Device Name> - <Device IP>
successfully.
00961
User <username> failed upgrading software for device <Device Name> - <Device IP>.
00933
00934
00948
User <username> downloaded a certificate file from device <Device Name> <Device IP> successfully.
00949
User <username> failed downloading a certificate file from device <Device Name> <Device IP>.
00951
User <username> uploaded a certificate file to device <Device Name> - <Device IP>
successfully.
00950
User <username> failed uploading a certificate file to device <Device Name> - <Device
IP>.
00955
User <username> uploaded a file to device <Device Name> - <Device IP> successfully.
00954
User <username> failed uploading a file to device <Device Name> - <Device IP>.
00956
User <username> downloaded a file from device <Device Name> - <Device IP>
successfully.
00957
User <username> failed downloading a file from device <Device Name> - <Device IP>.
00910,
00952
User <username> failed uploading a quarantine file to device <Device Name> - <Device
IP>.
556
ID
Message
00912
User <username> failed downloading a quarantine file from device <Device Name> <Device IP>.
00958
User <username> uploaded a certificate revocation list file to device <Device Name> <Device IP> successfully.
00959
User <username> failed uploading a certificate revocation list file to device <Device
Name> - <Device IP>.
01049
User <username> downloaded <file type> file from device <Device Name> <Device IP> successfully.
00947
Failed to retrieve the <file type> file <file name> from device <Device Name> <Device IP>.
01050
Failed to retrieve the <file type> file from device <Device Name> - <Device IP>. Check
your HTTP/HTTPS configuration and try again.
01051,
00940
User <username> failed downloading file <file name> from device <Device Name> <Device IP>.
01048,
01105
User <username> failed uploading file <file name> to device <Device Name> <Device IP>.
01106
Failed <file type> file verification on device <Device Name> - <Device IP>.
00916,
00945
User <username> failed uploading a configuration file to device <Device Name> <Device IP>.
00915,
00944
User <username> uploaded a configuration file to device <Device Name> - <Device IP>
successfully.
00942,
01047
User <username> uploaded file <file name> to device <Device Name> - <Device IP>
successfully.
User <username> backed up a configuration file for device <Device Name> <Device IP>.
User <username> restored a configuration file to device <Device Name> - <Device IP>.
User <username> uploaded an attack signatures file to device <Device Name> - <Device
IP>.
User <username> updated the attack signatures file to device <Device Name>.
01107
00921
User <username> failed uploading the attack signatures file to device <Device Name>.
00926
00935
00936
01110
00937
557
ID
Message
00927,
00938,
01098
00939
00941
User <username> failed to update Anti-Fraud signatures for device <Device Name>.
<Operation Name> action finished successfully for device <Device name>. <Operation
Output>
00908
<Operation Name> action failed for device <Device name>. <Operation Output>
<Operation Name> action failed for device <Device Name> due to: <reason>
01052
01053
01099
A newer device driver is available for {0} {1}: {2}. You can manage device drivers in the
Settings view.
01102
The software version from the device driver metadata ({0}) does not match the software
version from the driver name ({1}).
00723
Failed to retrieve the Device Driver from <Device Name>. Please enable HTTPS or HTTP
communication on the device.
01100
Failed to retrieve the Device Driver from <Device Name>. Please check status of HTTPS
or HTTP communication on the device and specified credentials.
00699,
00971
Devices <device name> and <device name> have identical SNMP engine IDs. To prevent
connection problems, change the engine ID on one of the devices.
00967
00968
01103
00964,
00965
The device type or version is not compatible with DefensePro Configuration Template
feature.
ID
Message
00855
558
ID
Message
00866
00873
00874
The configuration template <template> was added to the APSolute Vision server.
00875
The configuration template <template> was updated to the APSolute Vision server.
00876
The configuration template <template> was deleted to sic the APSolute Vision server.
00877
00878
ID
Message
00180
The specified HTTPS user <User Name> does not exist on the device.
00182
The specified HTTPS password is incorrect, or you have exceeded the maximum allowed
login attempts.
00184
APSolute Vision has encountered an error communicating with the device over HTTPS.
559
ID
Message
00071
00075
RSA update failed due to no valid subscription for RSA signatures update for following
devices: <Device List>.
00070
00093
00072
The RSA Anti-Fraud update task is not applicable to device <Device Name>.
00076
The Update RSA Security Signature task failed. No device configured for the task has
Fraud Protection enabled.
00482
Not authorized operation launched by the user: <Name> on screen <screen Id>
00815
00062
Synchronization Task (<Task Name>) failed: Skipping device: <Name> (backup device
was not found).
Operation Constant
The following table lists the messages that are triggered by operation constants.
ID
Message
01042
01041
01044
01043
01046
01045
00918
00917
560
Audit Messages
The following table lists the audit messages.
ID
Message
User <username> added account <account> ,with Scope <scope>, Role <role> and
Network Policy <policy>
User <username> changed password expiration Date for user <user name>, to
expiration Date <date>
00857
00858
00859
00860
00861
00862
00863
00864
00865
00866
00868
User <username> update the Full Name of account <account>, to Full Name: <value>
00870
00872
00874
The configuration template <template> was added to the APSolute Vision server
00875
The configuration template <template> was updated to the APSolute Vision server
00876
The configuration template <template> was deleted to the APSolute Vision server
00877
00878
00880
User <username> added or modified the Role-scope pair for account <account> , to
Role-scope pair <pair>
00882
00883
00884
561
ID
Type
Message
01026
01028
01028
01029
User <user name> has changed the From Header in the Email Reporting
Configuration.
01029
User <user name> has changed the From Header in the Email Reporting
Configuration to <value>.
01030
01030
User <username> has changed the Number of Alerts per Email to <value>.
01031
01024
01032
01032
01033
01025
01034
User <username> has changed the Subject Header in the Email Reporting
Configuration.
User <username> has changed the Subject Header in the Email Reporting
Configuration to <value>.
ID
Type
Message
User <username> changed the scheduled task backup file name to <value>.
User <username> has changed the password for authentication with the backup
device during a scheduled task.
562
ID
Type
Message
User <username> has changed the password for authentication with the backup
device during a scheduled task.
User <username> changed the protocol to communicate with the backup device
during a scheduled task.
User <username> changed the protocol to communicate with the backup device
during a scheduled task to protocol <value>.
User <username> has changed the user name for authentication with the backup
device during a scheduled task.
User <username> has changed the user name for authentication with the backup
device during a scheduled task to username <value>.
00978
00977
00972
00973
00976
00976
563
ID
Type
Message
User <username> updated the start date of the scheduled period of a scheduled
task.
User <username> updated the start date of the scheduled period of a scheduled
task to <value>.
User <username> updated the end date of the scheduled period of a scheduled
task.
User <username> updated the end date of the scheduled period of a scheduled
task to <value>.
General
The following table lists the message that is triggered when the APSolute Vision server is up.
ID
Message
00810
ID
Message
60000
60001
User <username> has failed to create a system backup with error message: <error
message>.
60004
60005
User <username> has failed to restore a system backup with error message: <error
message>.
60006
60007
User <username> failed to export a system backup with error message: <error
message>.
60008
60009
User <username> failed to create a new system configuration backup with error
message: <error message>.
60012
60013
User <username> failed to restore a system configuration backup with error message:
<error message>.
60014
564
ID
Message
60015
User <username> failed to export a system configuration backup with error message:
<error message>.
60016
60017
User <username> failed to create a new Vision Reporter backup with error message:
<error message>.
60020
60021
User <username> failed to restore a Vision Reporter backup with error message: <error
message>.
60022
60023
User <username> failed to export a Vision Reporter backup with error message: <error
message>.
60024
60025
User <username> failed to create a tech-support file with error message: <error
message>.
60028
60029
User <username> failed to restore a tech-support file with error message: <error
message>.
60030
60031
User <username> failed to export a tech-support file with error message: <error
message>.
60032
User <username> changed the date and time on the APSolute Vision server to Date and
Time <value>.
60033
User <username> changed the timezone of the APSolute Vision server to Timezone
<value>.
60034
60035
60036
60037
60038
User <username> changed the IP address for the <value> port of the APSolute Vision
server to IP Address <value>.
60039
User <username> changed the tech-support password of the APSolute Vision server.
60040
User <username> changed the web-access password of the APSolute Vision server.
60041
The <username> user password of the APSolute Vision system was changed.
60042
User <username> changed the root user password of the APSolute Vision system.
60043
User <username> changed the vision-files user password of the APSolute Vision
system.
60044
60045
60046
60047
60048
565
ID
Type
Message
Hardware Alerts
The following table lists the messages that APSolute Vision issues the following alerts related to
hardware issues.
Table 480:
ID
Message
00889
00890
00892
APM server disk space and usage exceeding the <number> percent threshold - usage is
<number> percent
566
Note: For information on managing the settings of the SNMP interface, see System SNMP
Commands, page 481.
567
Object
OID
Data Type
Description
sysDescr
1.3.6.1.2.1.1.1
DisplayString
(SIZE (0..255))
A textual description of the entity. This value should include the full name
and version identification of the systems hardware type, software
operating-system, and networking software. It is mandatory that this only
contain printable ASCII characters.
sysUptime
1.3.6.1.2.1.1.3
TimeTicks
sysContact
1.3.6.1.2.1.1.4
DisplayString
(SIZE (0..255))
The textual identification of the contact person for this managed node,
together with information on how to contact this person.
sysName
1.3.6.1.2.1.1.5
DisplayString
(SIZE (0..255))
system
Interface
ifTable
1.3.6.1.2.1.2.2
ifIndex
1.3.6.1.2.1.2.2.1.1
INTEGER32
ifDescr
1.3.6.1.2.1.2.2.1.2
DisplayString
(SIZE (0..255))
ifPhysAddress
1.3.6.1.2.1.2.2.1.6
OCTETSTR
The interface's address at its protocol sub-layer. For example, for an 802.x
interface, this object normally contains a MAC address.
568
Table 481: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Object
ifOperStatus
OID
Data Type
Description
1.3.6.1.2.1.2.2.1.8
INTEGER
1Up
2Down
3Testing
4Unknown
5Dormant
6Not present
Ip
ipAddrTable
1.3.6.1.2.1.4.20
ipAdEntAddr
1.3.6.1.2.1.4.20.1.1
IpAddress
ipAdEntIfIndex
1.3.6.1.2.1.4.20.1.2
INTEGER
The index value which uniquely identifies the interface to which this entry
is applicable. The interface identified by a particular value of this index is
the same interface as identified by the same value of ifIndex.
ipAdEntNetMask
1.3.6.1.2.1.4.20.1.3
IpAddress
The subnet mask associated with the IPv4 address of this entry. The value
of the mask is an IPv4 address with all the network bits set to 1 and all the
hosts bits set to 0.
ipRouteTable
1.3.6.1.2.1.4.21
ipRouteDest
1.3.6.1.2.1.4.21.1.1
IpAddress
ipRouteIfIndex
1.3.6.1.2.1.4.21.1.2
INTEGER
The index value which uniquely identifies the local interface through which
the next hop of this route should be reached. The interface identified by a
particular value of this index is the same interface as identified by the same
value of ifIndex.
569
Table 481: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Object
OID
Data Type
Description
ipRouteNextHop
1.3.6.1.2.1.4.21.1.7
IpAddress
The IP address of the next hop of this route. (In the case of a route bound
to an interface which is realized via a broadcast media, the value of this
field is the agents IP address on that interface.)
ipRouteMask
1.3.6.1.2.1.4.21.1.11
IpAddress
Table 482: Host Resources MIB Objects for Monitoring APSolute Vision
Object
OID
Data Type
Description
hrSystemData
1.3.6.1.2.1.25.1.2
DateAndTime
hrSystemUptime
1.3.6.1.2.1.25.1.1
TimeTicks
The amount of time since this host was last initialized. Note that this is
different from sysUpTime in the SNMPv2-MIB [RFC1907] because
sysUpTime is the uptime of the network management portion of the
system.
hrSystem
Object
OID
Data Type
Description
1.3.6.1.4.1.2021.4.3
INTEGER32
Memory
memTotalSwap
570
Table 483: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision (cont.)
Object
OID
Data Type
Description
memAvailSwap
1.3.6.1.4.1.2021.4.4
INTEGER32
memTotalReal
1.3.6.1.4.1.2021.4.5
INTEGER32
memAvailReal
1.3.6.1.4.1.2021.4.6
INTEGER32
memTotalFree
1.3.6.1.4.1.2021.4.11
INTEGER32
The total amount of memory free or available for use on this host. This
value typically covers both real memory and swap space or virtual
memory.
Object
OID
Type
Description
coldStart
1.3.6.1.6.3.1.1.5.1
Trap
nsNotifyShutdown
1.3.6.1.4.1.8072.4.0.2
Trap
At APSolute Vision application startup (for example, after running the CLI
command system vision-server start). This occurs after the
shutdown trap.
At APSolute Vision startup (for example, after running the CLI command
system vision-server start). This occurs before the startup trap.
571
572
Appendix E AppShape-Generated
Configurations
This appendix contains the configurations that the various AppShape templates generate. The
sections include values that the templates explicitly configureas the result of the hard-coded
AppShape pattern or as the result of a value that you specify in the AppShape Instance tab.
This appendix contains the following sections:
Note: For more information on the Common Web Application AppShape type, see Configuring a
Common Web Application AppShape Instance, page 180.
573
574
DefenseSSLAppShape-generated Configuration
The following is the Alteon CLI configuration that the DefenseSSL AppShape generates.
Note: For more information on the DefenseSSL AppShape type, see Configuring a DefenseSSL
AppShape Instance, page 182.
575
ena
ipver v4
vip <user-specified IP address>
vname "secureservice.<user-specified instance name>"
/c/slb/virt <user-specified instance name>/service 80 http
group <user-specified instance name>_grp
rport <user-specified port>
/c/slb/virt <user-specified instance name>/service 443 https
group <user-specified instance name>_grp
rport <user-specified port>
dbind ena
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol 1
/c/l3/arp/static
add <user-specified IP address> <user-specified MAC address> <userspecified VLAN> <user-specified port>
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2010 AppShape Instance, page 184.
576
577
rport 80
pbind clientip norport
dbind ena
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 80 http/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 20
/c/slb/virt <user-specified virtual-server name>/service 25 smtp
group <user-specified virtual-server name>_grpSMTP
rport 25
pbind clientip norport
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 135 basic-slb
group <user-specified virtual-server name>_grpCAS
rport 135
pbind clientip norport
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 59532 basic-slb
group <user-specified virtual-server name>_grpCAS
rport 59532
/c/slb/virt <user-specified virtual-server name>/service 59531 basic-slb
group <user-specified virtual-server name>_grpCAS
rport 59531
/c/slb/virt <user-specified virtual-server name>/service 443 https
group <user-specified virtual-server name>_grpCAS
rport 80
pbind clientip norport
dbind ena
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 443 https/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 20 [disabled by default]
/c/slb/virt <user-specified virtual-server name>/service 443 https/ssl
srvrcert <user-specified certificate>
sslpol <generated index number>
/c/slb/virt <user-specified virtual-server name>/service 993 https
group <user-specified virtual-server name>_grpCAS
578
rport 143
pbind clientip norport
dbind ena
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 993 https/ssl
srvrcert <user-specified certificate>
sslpol <generated index number>
/c/slb/virt <user-specified virtual-server name>/service 995 https
group <user-specified virtual-server name>_grpCAS
rport 110
pbind clientip norport
dbind ena
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 995 https/ssl
srvrcert <user-specified certificate>
sslpol <generated index number>
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2013 AppShape Instance, page 188.
579
580
581
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Lync External AppShape Instance, page 192.
582
583
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Lync Internal AppShape Instance, page 196.
/c/slb/accel/compress/comppol 1
name "cwa"
minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate>
/c/slb/ssl/certs/request <user-specified certificate>
/c/slb/ssl/certs/cert <user-specified certificate>
/c/slb/ssl/sslpol <generated index number>
name "Lync.SSL.policy"
ena
/c/slb/real <user-specified instance name>_CWA_<generated index number>
584
ena
ipver v4
rip <user-specified IP address>
addport <user-specified port>
/c/slb/group <user-specified instance name>_CWA
ipver v4
content "<user-specified port>"
add <user-specified instance name>_CWA_<generated index number>
name "Lync.CWA.Group"
/c/slb/group <user-specified instance name>_Directors_1
ipver v4
content "5061"
name "Lync.Directors"
/c/slb/group <user-specified instance name>_Directors_2
ipver v4
name "Lync.Director.5060"
/c/slb/group <user-specified instance name>_EDGE_1
ipver v4
name "EDGE.Replication.4443"
/c/slb/group <user-specified instance name>_EDGE_2
ipver v4
name "EDGE.INT.443"
/c/slb/group <user-specified instance name>_EDGE_3
ipver v4
name "EDGE.INT.5061"
/c/slb/group <user-specified instance name>_EDGE_4
ipver v4
name "EDGE.INT.5062"
/c/slb/group <user-specified instance name>_EDGE_5
ipver v4
name "GE.INT.UDP.STUN.3478"
/c/slb/group <user-specified instance name>_EDGE_6
ipver v4
name "EDGE.INT.8057"
/c/slb/group <user-specified instance name>_Fronted_1
ipver v4
content "5060"
name "Lync.frontend.SIP.5060"
/c/slb/group <user-specified instance name>_Fronted_2
585
ipver v4
content "444"
name "Lync.frontend.HTTPS.conf.444"
/c/slb/group <user-specified instance name>_Fronted_3
ipver v4
content "443"
name "Lync.frontend.HTTPS.443"
/c/slb/group <user-specified instance name>_Fronted_4
ipver v4
content "5061"
name "Lync.frontend.MTLS.5061"
/c/slb/group <user-specified instance name>_Fronted_5
ipver v4
content "135"
name "Lync.frontend.DCOM.135"
/c/slb/group <user-specified instance name>_Fronted_6
ipver v4
name "Proxy.to.FE.4443"
/c/slb/group <user-specified instance name>_Fronted_7
ipver v4
name "FE.IM.REQ.8057"
/c/slb/group <user-specified instance name>_Fronted_8
ipver v4
name "fe.web.service.8080"
/c/slb/group <user-specified instance name>_Fronted_9
ipver v4
name "FE.CALL.ADM.448"
/c/slb/group <user-specified instance name>_Fronted_10
ipver v4
name "FE.App.Share.5065"
/c/slb/group <user-specified instance name>_Fronted_11
ipver v4
name "FE.monitoring.5069"
/c/slb/group <user-specified instance name>_Fronted_12
ipver v4
name "FE.RES.GROUP.5071"
/c/slb/group <user-specified instance name>_Fronted_13
ipver v4
name "FE.SIP.REQ.5072"
586
587
tmout 20
/c/slb/virt <user-specified instance name>_EDGE_1
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_1/service 3478 basic-slb
group <user-specified instance name>_EDGE_5
rport 3478
protocol udp
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_2
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_2/service 443 https
group <user-specified instance name>_EDGE_2
rport 443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_3
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_3/service 5062 basic-slb
group <user-specified instance name>_EDGE_4
rport 5062
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_4
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_4/service 8057 basic-slb
group <user-specified instance name>_EDGE_6
rport 8057
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_5
588
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_5/service 5061 basic-slb
group <user-specified instance name>_EDGE_3
rport 5061
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_6
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_6/service 4443 basic-slb
group <user-specified instance name>_EDGE_1
rport 4443
pbind clientip norport
/c/slb/virt <user-specified instance name>_Fronted_1
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_1/service 135 basic-slb
group <user-specified instance name>_Fronted_5
rport 135
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_Fronted_2
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_2/service 443 https
group <user-specified instance name>_Fronted_3
rport 443
pbind clientip norport
tmout 30
direct dis
/c/slb/virt <user-specified instance name>_Fronted_3
ena
ipver v4
vip <user-specified IP address>
589
590
591
592
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_17/service 8080 http
group <user-specified instance name>_Fronted_8
rport 8080
pbind clientip norport
/c/slb/layer7/httpmod <generated index number>
ena
name "htto.to.https.lync.cwa"
/c/slb/layer7/httpmod <generated index number>/rule <generated index number>
text
name "htto.to.https.cwa"
directn resp
body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Note: For more information on the Oracle E-Business AppShape type, see Configuring an Oracle EBusiness AppShape Instance, page 199.
593
Note: For more information on the Oracle SOA Suite 11g AppShape type, see Configuring an Oracle
SOA Suite 11g AppShape Instance, page 201.
594
595
Note: For more information on the Oracle WebLogic 12c AppShape type, see Configuring an Oracle
WebLogic 12c AppShape Instance, page 204.
596
597
Note: For more information on the SharePoint 2010 AppShape type, see Configuring a SharePoint
2010 AppShape Instance, page 206.
598
599
directn resp
body include
action replace "FROMTEXT=http://<user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Note: For more information on the SharePoint 2013 AppShape type, see Configuring a SharePoint
2013 AppShape Instance, page 208.
600
Note: For more information on the VMware View 5.1 AppShape type, see Configuring an VMware
View 5.1 AppShape Instance, page 210.
601
ZimbraAppShape-generated Configuration
The following is the Alteon CLI configuration that the Zimbra AppShape generates.
Note: For more information on the Zimbra AppShape type, see Configuring a Zimbra AppShape
Instance, page 212.
602
603
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.imap.servers"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.smtp.servers"
/c/slb/virt <user-specified instance name>
ena
ipver v4
vip <user-specified IP address>
vname "zimbra.servers.MyZimbraInstance"
/c/slb/virt <user-specified instance name>/service 443 https
group <user-specified instance name>_grp<generated index number>
rport 80
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol <generated index number>
xforward ena
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol <user-specified instance name>_ssl<generated index number>
/c/slb/virt <user-specified instance name>/service 993 ssl
name "Secure.IMAP"
group <user-specified instance name>_grp<generated index number>
rport 143
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 993 ssl/ssl
srvrcert cert <user-specified certificate>
sslpol <user-specified instance name>_ssl<generated index number>
/c/slb/virt <user-specified instance name>/service 995 ssl
name "Secure.POP3"
group <user-specified instance name>_grp<generated index number>
rport 110
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 995 ssl/ssl
srvrcert cert <user-specified certificate>
604
605
606
Notes
APSolute Vision server can run as a physical or virtual appliance called APSolute Vision server.
For hardware and virtual-appliance (VA) specifications, see the APSolute Vision Installation and
Maintenance Guide.
APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
APSolute Vision supports multiple device types and versions. For the most up-to-date lists of
supported devices and versions, see the APSolute Vision Release Notes for the required version.
System Capacity
The following table lists the capacity of a single APSolute Vision system.
Topic
User Accounts
Unlimited
Unlimited
Concurrent Users
50
1000
40
1000
100M
607
UDP/TCP Ports
Radware management interfaces communicate with various UDP/TCP ports using HTTPS, HTTP,
Telnet, and SSH. If you intend to use these interfaces, ensure they are accessible and not blocked by
your firewall.
The following table lists the ports for APSolute Vision server-client communication.
Table 486: Ports for APSolute Vision Server-WBM Communication and Operating System
Port
Protocol
Type
Usage
Opened on APSolute
Vision Server Firewall
22
SSH, SFTP,
SCP
TCP
Yes
Server to northbound.
25
SMTP
TCP
No
69
TFTP
TCP
Yes
80
HTTP
TCP
Yes
443
HTTPS
TCP
Yes
514
Syslog
UDP
Yes
631
IPP
TCP UDP
Yes
2093
Proprietary
TCP UDP
Yes
2189
Proprietary
TCP UDP
Yes
2214
Syslog
TCP UDP
Yes
3306
MySQL
TCP
5353
608
UDP
UDP
Yes
Table 486: Ports for APSolute Vision Server-WBM Communication and Operating System
Port
Protocol
Type
Usage
Opened on APSolute
Vision Server Firewall
9216
HTTPS
TCP
Yes
9443
TCP
TCP
1 Alteon also uses port 80 to communicate with the APM server (over the APM Data
interface).
The following table lists the ports for communication between APSolute Vision server and Radware
devices.
Table 487: Communication Ports for APSolute Vision Server with Radware Devices
Port
Protocol
Type
Usage
Opened on APSolute
Vision Server Firewall
801
HTTP
TCP
Yes
161
SNMP
UDP
No
162
SNMP
UDP
Yes
443
HTTPS
TCP
Yes
2088
IRP
UDP
Yes
3030
TCP
TCP
8200
8270
8300
SSL
TCP
609
Windows 8 64-bit
Mac OS X
Chrome 37
610
License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you
accept, a limited, nonexclusive, nontransferable license to install and use the Software in
machine-readable, object code form only and solely for your internal business purposes
(Commercial License). If the Software is distributed to you with a software development kit
(the SDK), then, solely with regard to the SDK, the Commercial License above also includes a
limited, nonexclusive, nontransferable license to install and use the SDK solely on computers
within your organization, and solely for your internal development of an integration or
interoperation of the Software and/or other Radware Products with software or hardware
products owned, licensed and/or controlled by you (the SDK Purpose). To the extent an SDK is
distributed to you together with code samples in source code format (the Code Samples) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
611
Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any timelimited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (Evaluation Use) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the Evaluation Period). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radwares then-current list prices.
3.
Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
4.
Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (Feedback),
provided by you to Radware will be owned exclusively by Radware and considered Radwares
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sub-licensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 4 will survive
the termination or expiration of this Agreement.
5.
Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble,
disassemble, decompile, reverse engineer or otherwise attempt to derive source code (or the
underlying ideas, algorithms, structure or organization) from the Software, in whole or in part,
or in any instance where the law permits any such action, you agree to provide Radware at least
ninety (90) days advance written notice of your belief that such action is warranted and
permitted and to provide Radware with an opportunity to evaluate if the laws requirements
necessitate such action; or (c) create, develop, license, install, use, or deploy any software or
services to circumvent, enable, modify or provide access, permissions or rights which violate the
technical restrictions of the Software; (d) in the event the Software is provided as an embedded
or bundled component of another Radware Product, you shall not use the Software other than as
part of the combined Product and for the purposes for which the combined Product is intended;
(e) remove any copyright notices, identification or any other proprietary notices from the
Software (including any notices of Third Party Software (as defined below); or (f) copy the
612
613
614
615