APSVision 3-40 UG

APSolute Vision
User Guide
Software Version 3.40.00
Document ID: RDWR-APSV-V034000_UG1512
December 2015
APSolute Vision User Guide
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 2015. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 2015. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Copyright Radware Ltd. 2015. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and
the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL,
please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.
Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3.
All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)
4.
The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote
products derived from this software without prior written permission. For written permission,
please contact openssl-core@openssl.org.
5.
Products derived from this software may not be called OpenSSL nor may OpenSSL appear in
their names without prior written permission of the OpenSSL Project.
6.
Redistributions of any form whatsoever must retain the following acknowledgment:

This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are
aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution
is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts
of the library used.
This can be in the form of a textual message at program startup or in documentation (online or
textual) provided with the package.
1. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not
cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgment:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code
cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
This code is hereby placed in the public domain.
This product contains code developed by the OpenBSD Project

Copyright 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
1.
2.
distribution.
3.
Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This product includes software developed by Markus Friedl.

This product includes software developed by Theo de Raadt.
This product includes software developed by Niels Provos
This product includes software developed by Dug Song
This product includes software developed by Aaron Campbell
This product includes software developed by Damien Miller
This product includes software developed by Kevin Steves
This product includes software developed by Daniel Kouril
This product includes software developed by Wesley Griffin
This product includes software developed by Per Allansson
This product includes software developed by Nils Nordman
This product includes software developed by Simon Wilkinson
1.
2.
distribution.
This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided as is without express or implied warranty of any kind.
This product includes the DB2 Express-C database, the copyrights of which are owned IBM.
Notice traitant du copyright

Les programmes intgrs dans ce produit sont soumis une licence dutilisation limite et ne
peuvent tre utiliss quen lien avec cette application.
Limplmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribue sous les termes de la licence suivante:
@version 3.0 (Dcembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur: http://www.gnu.org/licenses/oldlicenses/gpl-2.0.html.
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3. Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
Ce produit inclut un logiciel dvelopp par Markus Friedl.
Ce produit inclut un logiciel dvelopp par Theo de Raadt.
Ce produit inclut un logiciel dvelopp par Niels Provos.
Ce produit inclut un logiciel dvelopp par Dug Song.
Ce produit inclut un logiciel dvelopp par Aaron Campbell.
Ce produit inclut un logiciel dvelopp par Damien Miller.
Ce produit inclut un logiciel dvelopp par Kevin Steves.
Ce produit inclut un logiciel dvelopp par Daniel Kouril.
Ce produit inclut un logiciel dvelopp par Wesley Griffin.
Ce produit inclut un logiciel dvelopp par Per Allansson.
Ce produit inclut un logiciel dvelopp par Nils Nordman.
Ce produit inclut un logiciel dvelopp par Simon Wilkinson.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.
Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschrnkten Nutzungslizenz und
knnen nur in Verbindung mit dieser Anwendung benutzt werden.
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/
gpl-2.0.html.
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3.
Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthlt von Markus Friedl entwickelte Software.

Dieses Produkt enthlt von Theo de Raadt entwickelte Software.
Dieses Produkt enthlt von Niels Provos entwickelte Software.
Dieses Produkt enthlt von Dug Song entwickelte Software.
Dieses Produkt enthlt von Aaron Campbell entwickelte Software.
Dieses Produkt enthlt von Damien Miller entwickelte Software.
Dieses Produkt enthlt von Kevin Steves entwickelte Software.
Dieses Produkt enthlt von Daniel Kouril entwickelte Software.
Dieses Produkt enthlt von Wesley Griffin entwickelte Software.
Dieses Produkt enthlt von Per Allansson entwickelte Software.
Dieses Produkt enthlt von Nils Nordman entwickelte Software.
Dieses Produkt enthlt von Simon Wilkinson entwickelte Software.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.
Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2.
Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)

BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH,
DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER
ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.
UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR
BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR
SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH
NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN
NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE
ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE,
GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT
ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST
WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.
Standard Warranty
The following standard warranty is presented in English, French, and German.
Standard Warranty
Radware offers a limited warranty for all its products (Products). Radware hardware products are
warranted against defects in material and workmanship for a period of one year from date of
shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days
after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at
its discretion, repair or replace the Product.
For hardware warranty service or repair, the product must be returned to a service facility
designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay
the shipping charges in returning the product to the customer. Please see specific details outlined in
the Standard Warranty section of the customers purchase order.
Radware shall be released from all obligations under its Standard Warranty in the event that the
Product and/or the defective component has been subjected to misuse, neglect, accident or
improper installation, or if repairs or modifications were made by persons other than Radware
authorized service personnel, unless such repairs by others were made with the written consent of
Radware.
EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE
PROVIDED BY AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.
Garantie standard
Radware octroie une garantie limite pour lensemble de ses produits (Produits). Le matriel
informatique (hardware) Radware est garanti contre tout dfaut matriel et de fabrication pendant
une dure dun an compter de la date dexpdition. Les logiciels (software) Radware sont fournis
avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du
logiciels (bugs) pendant une dure maximum de 90 jours compter de la date dachat. Dans
lhypothse o un Produit prsenterait un dfaut pendant ladite (lesdites) priode(s), Radware
procdera, sa discrtion, la rparation ou lchange du Produit.
Sagissant de la garantie dchange ou de rparation du matriel informatique, le Produit doit tre
retourn chez un rparateur dsign par Radware. Le Client aura sa charge les frais denvoi du
Produit Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter
les conditions spcifiques dcrites dans la partie Garantie Standard du bon de commande client.
Radware est libre de toutes obligations lies la Garantie Standard dans lhypothse o le Produit
et/ou le composant dfectueux a fait lobjet dun mauvais usage, dune ngligence, dun accident ou
dune installation non conforme, ou si les rparations ou les modifications quil a subi ont t
effectues par dautres personnes que le personnel de maintenance autoris par Radware, sauf si
Radware a donn son consentement crit ce que de telles rparations soient effectues par ces
personnes.
SAUF DANS LES CAS PREVUS CI-DESSUS, LENSEMBLE DES PRODUITS RADWARE (MATERIELS ET
LOGICIELS) SONT FOURNIS TELS QUELS ET TOUTES GARANTIES EXPRESSES OU IMPLICITES
SONT EXCLUES, EN CE COMPRIS, MAIS SANS SY RESTREINDRE, LES GARANTIES IMPLICITES DE
QUALITE MARCHANDE ET DADQUATION UNE UTILISATION PARTICULIRE.
Limitations on Warranty and Liability

The following limitations on warranty and liability are presented in English, French, and German.
Limitations on Warranty and Liability

IN NO EVENT SHALL RADWARE LTD. OR ANY OF ITS AFFILIATED ENTITIES BE LIABLE FOR ANY
DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDWARE AND
SOFTWARE) DESCRIBED IN THIS USER GUIDE, OR BY ANY DEFECT OR INACCURACY IN THIS USER
GUIDE ITSELF. THIS INCLUDES BUT IS NOT LIMITED TO ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION). THE ABOVE LIMITATIONS WILL APPLY EVEN IF RADWARE HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
Limitations de la Garantie et Responsabilit

RADWARE LTD. OU SES ENTITIES AFFILIES NE POURRONT EN AUCUN CAS ETRE TENUES
RESPONSABLES DES DOMMAGES SUBIS DU FAIT DE LUTILISATION DES PRODUITS (EN CE
COMPRIS LES MATERIELS ET LES LOGICIELS) DECRITS DANS CE MANUEL DUTILISATION, OU DU
FAIT DE DEFAUT OU DIMPRECISIONS DANS CE MANUEL DUTILISATION, EN CE COMPRIS, SANS
TOUTEFOIS QUE CETTE ENUMERATION SOIT CONSIDEREE COMME LIMITATIVE, TOUS DOMMAGES
DIRECTS, INDIRECTS, ACCIDENTELS, SPECIAUX, EXEMPLAIRES, OU ACCESSOIRES (INCLUANT,
MAIS SANS SY RESTREINDRE, LA FOURNITURE DE PRODUITS OU DE SERVICES DE
REMPLACEMENT; LA PERTE DUTILISATION, DE DONNEES OU DE PROFITS; OU LINTERRUPTION
DES AFFAIRES). LES LIMITATIONS CI-DESSUS SAPPLIQUERONT QUAND BIEN MEME RADWARE A
ETE INFORMEE DE LA POSSIBLE EXISTENCE DE CES DOMMAGES. CERTAINES JURIDICTIONS
NADMETTANT PAS LES EXCLUSIONS OU LIMITATIONS DE GARANTIES IMPLICITES OU DE
RESPONSABILITE EN CAS DE DOMMAGES ACCESSOIRES OU INDIRECTS, LESDITES LIMITATIONS
OU EXCLUSIONS POURRAIENT NE PAS ETRE APPLICABLE DANS VOTRE CAS.
10
Haftungs- und Gewhrleistungsausschluss

IN KEINEM FALL IST RADWARE LTD. ODER EIN IHR VERBUNDENES UNTERNEHMEN HAFTBAR FR
SCHDEN, WELCHE BEIM GEBRAUCH DES PRODUKTES (HARDWARE UND SOFTWARE) WIE IM
BENUTZERHANDBUCH BESCHRIEBEN, ODER AUFGRUND EINES FEHLERS ODER EINER
UNGENAUIGKEIT IN DIESEM BENUTZERHANDBUCH SELBST ENTSTANDEN SIND. DAZU GEHREN
UNTER ANDEREM (OHNE DARAUF BEGRENZT ZU SEIN) JEGLICHE DIREKTEN; IDIREKTEN; NEBEN;
SPEZIELLEN, BELEGTEN ODER FOLGESCHDEN (EINSCHLIESSLICH ABER NICHT BEGRENZT AUF
BESCHAFFUNG ODER ERSATZ VON WAREN ODER DIENSTEN, NUTZUNGSAUSFALL, DATEN- ODER
GEWINNVERLUST ODER BETRIEBSUNTERBRECHUNGEN). DIE OBEN GENANNTEN BEGRENZUNGEN
GREIFEN AUCH, SOFERN RADWARE AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS
HINGEWIESEN WORDEN SEIN SOLLTE. EINIGE RECHTSORDNUNGEN LASSEN EINEN AUSSCHLUSS
ODER EINE BEGRENZUNG STILLSCHWEIGENDER GARANTIEN ODER HAFTUNGEN BEZGLICH
NEBEN- ODER FOLGESCHDEN NICHT ZU, SO DASS DIE OBEN DARGESTELLTE BEGRENZUNG ODER
DER AUSSCHLUSS SIE UNTER UMSTNDEN NICHT BETREFFEN WIRD.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
Figure 1: Electrical Shock Hazard Label
DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

The following figure is the warning for Radware platforms with dual power supplies.
11
Figure 2: Dual-Power-Supply-System Safety Warning in Chinese
Translation of Dual-Power-Supply-System Safety Warning in Chinese:

This unit has more than one power supply. Disconnect all power supplies before maintenance to
avoid electric shock.
SERVICING
Do not perform any servicing other than that contained in the operating instructions unless you are
qualified to do so. There are no serviceable parts inside the unit.
HIGH VOLTAGE
Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided
as much as possible and, when inevitable, must be carried out only by a skilled person who is aware
of the hazard involved.
Capacitors inside the instrument may still be charged even if the instrument has been disconnected
from its source of supply.
GROUNDING
Before connecting this device to the power line, the protective earth terminal screws of this device
must be connected to the protective earth in the building installation.
LASER
This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 +
A2:2001 Standard.
FUSES
Make sure that only fuses with the required rated current and of the specified type are used for
replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided.
Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be
made inoperative and be secured against any unintended operation.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
12
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
This marking or statement includes the following text warning:

CAUTION
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Caution To Reduce the Risk of Electrical Shock and Fire
1. This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2. All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.
4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6. Do not operate the device in a location where the maximum ambient temperature exceeds
40C/104F.
7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
13
AC units for Denmark, Finland, Norway, Sweden (marked on product):
Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!
Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

varustettuun pistorasiaan
Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt
Unit is intended for connection to IT power systems for Norway only.
Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.
To connect the power connection:

1.
Connect the power cable to the main socket, located on the rear panel of the device.
2.
Connect the power cable to the grounded AC outlet.
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.
Figure 3: tiquette davertissement de danger de chocs lectriques
AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

LECTRIQUE (EN CHINOIS)
La figure suivante reprsente ltiquette davertissement pour les plateformes Radware dotes de
deux sources dalimentation lectrique.
14
Figure 4: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)
Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS
15
Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon dalimentation

homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni dune prise moule son extrmit,
de 125 V, [10 A], dune longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion europenne, choisissez un cordon dalimentation mondialement homologu et marqu
<HAR>, 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La
prise lextrmit du cordon, sera dote dun sceau moul indiquant: 250 V, 3 A.
ZONE A ACCS RESTREINT
Lquipement aliment en CC ne pourra tre install que dans une zone accs restreint.
CODES DINSTALLATION
Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du
Nord, lquipement sera install en conformit avec le code lectrique national amricain, articles
110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12.
INTERCONNEXION DES UNTES
Les cbles de connexion lunit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou
DP-2. (Remarque- sils ne rsident pas dans un circuit LPS).
PROTECTION CONTRE LES SURCHARGES
Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
tre intgr au cblage du btiment pour chaque puissance consomme.
BATTERIES REMPLAABLES
Si lquipement est fourni avec une batterie, et quelle est remplace par un type de batterie
incorrect, elle est susceptible dexploser. Cest le cas pour certaines batteries au lithium, les
lments suivants sont donc applicables:
Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.
Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.
Cette marque ou remarque inclut lavertissement textuel suivant:

AVERTISSEMENT
RISQUE DEXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT.
METTRE AU REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS.
Attention - Pour rduire les risques de chocs lectriques et dincendie
1.
Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.
2.
Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.
3.
NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.
4.
Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.
5.
Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.
6.
Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la

valeur maximale autorise. 40C/104F.
7.
Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.
PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
16
Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):
Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!
Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt
Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).
Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Pour brancher lalimentation lectrique:

1. Branchez le cble dalimentation la prise principale, situe sur le panneau arrire de lunit.
2. Connectez le cble dalimentation la prise CA mise la terre.
AVERTISSEMENT
Risque de choc lectrique et danger nergtique. La dconnexion dune source dalimentation
lectrique ne dbranche quun seul module lectrique. Pour isoler compltement lunit, dbranchez
toutes les sources dalimentation lectrique.
ATTENTION
Risque de choc et de danger lectriques. Le dbranchement dune seule alimentation stabilise ne
dbranche quun module Alimentation Stabilise. Pour Isoler compltement le module en cause, il
faut dbrancher toutes les alimentations stabilises.
Attention: Pour Rduire Les Risques dlectrocution et dIncendie
1. Toutes les oprations dentretien seront effectues UNIQUEMENT par du personnel dentretien
qualifi. Aucun composant ne peut tre entretenu ou remplace par lutilisateur.
2. NE PAS connecter, mettre sous tension ou essayer dutiliser une unit visiblement dfectueuse.
3. Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES.
4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme
capacit, comme indiqu sur ltiquette de scurit proche de lentre de lalimentation qui
contient le fusible.
5. NE PAS UTILISER lquipement dans des locaux dont la temprature maximale dpasse 40
degrs Centigrades.
6. Assurez vous que le cordon dalimentation a t dconnect AVANT dessayer de lenlever et/ou
vrifier le fusible de lalimentation gnrale.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
17
Figure 5: Warnetikett Stromschlaggefahr
SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG

Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.
Figure 6: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung
bersetzung von Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung:

Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von
Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab.
WARTUNG
Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei
denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile.
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter
Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie
ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn
das Gert von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der
Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.
LASER
Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der
angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das
Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der
Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben
bezglich der korrekten elektrischen Werte des Gertes.
18
Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC.

NDERUNGEN DER TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA
Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [10 A],
mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische
Anschlsse verwenden Sie ein international harmonisiertes, mit <HAR> markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker fr 250 V, 3 A enden.
BEREICH MIT EINGESCHRNKTEM ZUGANG
Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
BERSTROMSCHUTZ
Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr
jede Stromeingabe in der Gebudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen
falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.
Diese Markierung oder Erklrung enthlt den folgenden Warntext:

VORSICHT
EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT
WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.
Denmark - Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in

Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine
geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!
Finland - (Markierungsetikett und im Handbuch) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
19
Norway - (Markierungsetikett und im Handbuch) - Apparatet m tilkoples jordet stikkontakt

Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen
Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Anschluss des Stromkabels:

1.
Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.
2.
Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1.
Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.
2.
Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt

werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile.
3.
Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.
4.
Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.
5.
Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.
6.
Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.
7.
Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.
Electromagnetic-Interference Statements
The following statements are presented in English, French, and German.
Electromagnetic-Interference Statements
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
20
Figure 7: Statement for Class A VCCI-certified Equipment
Translation of Statement for Class A VCCI-certified Equipment:

This is a Class A product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this equipment is used in a domestic environment,
radio disturbance may occur, in which case, the user may be required to take corrective actions.
KCC KOREA
Figure 8: KCCKorea Communications Commission Certificate of Broadcasting and

Communication Equipment
Figure 9: Statement For Class A KCC-certified Equipment in Korean
Translation of Statement For Class A KCC-certified Equipment in Korean:

This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user
should take notice of it, and this equipment is to be used in the places except for home.
BSMI
Figure 10: Statement for Class A BSMI-certified Equipment
Translation of Statement for Class A BSMI-certified Equipment:

This is a Class A product, in use in a residential environment, it may cause radio interference in
which case the user will be required to take adequate measures.
Dclarations sur les Interfrences lectromagntiques

MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
21
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI
Figure 11: Dclaration pour lquipement de classe A certifi VCCI
Traduction de la Dclaration pour lquipement de classe A certifi VCCI:

Il sagit dun produit de classe A, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement
domestique, des perturbations radiolectriques sont susceptibles dapparatre. Si tel est le cas,
lutilisateur sera tenu de prendre des mesures correctives.
KCC Core
Figure 12: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.
Figure 13: Dclaration pour lquipement de classe A certifi KCC en langue corenne
Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:

Cet quipement est un matriel (classe A) en adquation aux ondes lectromagntiques et le
vendeur ou lutilisateur doit prendre cela en compte. Ce matriel est donc fait pour tre utilis
ailleurs qu la maison.
BSMI
22
Figure 14: Dclaration pour lquipement de classe A certifi BSMI
Translation de la Dclaration pour lquipement de classe A certifi BSMI:

Il sagit dun produit de Classe A; utilis dans un environnement rsidentiel il peut provoquer des
interfrences, lutilisateur devra alors prendre les mesures adquates.
Erklrungen zu Elektromagnetischer Interferenz

NDERUNGEN DER TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ
Figure 15: Erklrung zu VCCI-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse A:

Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer
verpflichtet, korrigierend einzugreifen.
KCC KOREA
Figure 16: KCCKorea Communications Commission Zertifikat fr Rundfunk-und

Nachrichtentechnik
23
Figure 17: Erklrung zu KCC-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu KCC-zertifizierten Gerten der Klasse A:

Verkufer oder Nutzer sollten davon Kenntnis nehmen, da dieses Gert der Klasse A fr industriell
elektromagnetische Wellen geeignete Gerten angehrt und dass diese Gerte nicht fr den
heimischen Gebrauch bestimmt sind.
BSMI
Figure 18: Erklrung zu BSMI-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu BSMI-zertifizierten Gerten der Klasse A:

Dies ist ein Class A Produkt, bei Gebrauch in einer Wohnumgebung kann es zu Funkstrungen
kommen, in diesem Fall ist der Benutzer verpflichtet, angemessene Manahmen zu ergreifen.
Altitude and Climate Warning

This warning only applies to The Peoples Republic of China.
1.
Tma 25C
2.
2000m
2000m
DD
2000m
DD
DD.1
24
2000m 2000m
DD.2
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item
Description
Description
Beschreibung
An example scenario
Un scnario dexemple
Ein Beispielszenarium
Possible damage to
equipment, software, or
data
Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel
Additional information
Informations
complmentaires
Zustzliche
Informationen
A statement and
instructions
Rfrences et
instructions
Eine Erklrung und

Anweisungen
A suggestion or
workaround
Une suggestion ou
solution
Ein Vorschlag oder eine

Umgehung
Example
Caution:
Note:
To
Tip:
Possible physical harm to Blessure possible de
the operator
loprateur
Verletzungsgefahr des
Bedieners
Warning:
25
26

Table of Contents
Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Standard Warranty ........................................................................................................ 9
Limitations on Warranty and Liability ........................................................................... 10
Safety Instructions ....................................................................................................... 11
Electromagnetic-Interference Statements ................................................................... 20
Altitude and Climate Warning ...................................................................................... 24
Document Conventions ............................................................................................... 25
Chapter 1 Introduction to APSolute Vision ....................................................... 39

What is APSolute Vision? ............................................................................................ 39
APSolute Vision Three-Tier Architecture ..................................................................... 40
Overview of APSolute Vision Features ........................................................................ 41
Online Device Configuration ................................................................................................
Monitoring of Managed Devices and Services ....................................................................
Operation Control and Maintenance ....................................................................................
Device Drivers .....................................................................................................................
Scheduled Tasks .................................................................................................................
Auditing and Alerts ...............................................................................................................
User Management and Role-based Access Control (RBAC) ..............................................
APSolute Vision Platform Security .......................................................................................
APSolute Vision Platform Management ...............................................................................
Supported Form Factors for Alteon and LinkProof NG ........................................................
Device Performance Monitoring for Alteon and LinkProof NG ............................................
Application Performance Monitor for Alteon and LinkProof NG ...........................................
Application SLA Dashboard .................................................................................................
vDirect with APSolute Vision ...............................................................................................
DefensePro Configuration Templates ..................................................................................
Real-Time Security Reporting for DefensePro ....................................................................
Historical Security Reporting for DefensePro and AppWallAPSolute Vision Reporter ....
DefensePipe Access ............................................................................................................
DefenseFlow Access ...........................................................................................................
Security Control Center .......................................................................................................
APSolute Vision Online Help ...............................................................................................
Language Support (Localization) .........................................................................................
42
42
42
43
43
43
44
44
44
44
45
45
45
45
46
46
46
47
47
47
47
48
APSolute Vision Interface Navigation .......................................................................... 48

APSolute Vision Settings View ............................................................................................
Device-Properties Hover Popup ..........................................................................................
Settings ViewPreferences Perspective ............................................................................
Settings ViewDashboards Perspective ............................................................................
Settings ViewSystem Perspective ...................................................................................
48
50
50
50
51
27

Table of Contents
Device Pane ........................................................................................................................

Configuration Perspective ...................................................................................................
Monitoring Perspective ........................................................................................................
Security Monitoring Perspective ..........................................................................................
51
53
55
56
Chapter 2 Getting Started with APSolute Vision .............................................. 59

Initializing the APSolute Vision Server ....................................................................... 59
Recommended Basic Security Procedures ................................................................ 61
Restricting Root Access ......................................................................................................
Restricting APSolute Vision CLI Access .............................................................................
Restricting Web Access to the APSolute Vision Server ......................................................
Restricting Web Access by Radware Technical Support ....................................................
61
61
61
62
APSolute Vision WBM Requirements ......................................................................... 62

APSolute Vision WBM Requirements .................................................................................
Application Performance Monitoring Requirements ............................................................
APSolute Vision Reporter Requirements ............................................................................
Device Performance Monitor Requirements .......................................................................
62
63
63
63
Logging into APSolute Vision ..................................................................................... 63

Changing Passwords for Local Users ........................................................................ 64
Selecting Your Landing Page ..................................................................................... 65
After Initial Configuration of APSolute Vision ............................................................. 66
Using Common GUI Elements in APSolute Vision ..................................................... 66
Icons/Buttons and Commands for Managing Table Entries ................................................ 66
Filtering Table Rows ............................................................................................................ 67
Chapter 3 Managing APSolute Vision Users..................................................... 69

Logging In as the Default Administrator Userradware User ................................... 69
Role-Based Access Control (RBAC) .......................................................................... 70
Configuring General User Settings ............................................................................. 77
Configuring Local Users for APSolute Vision ............................................................. 79
Adding and Editing Users ....................................................................................................
Deleting Users .....................................................................................................................
Releasing User Lockout ......................................................................................................
Resetting User Passwords to the Default ............................................................................
Revoking and Enabling Users .............................................................................................
81
84
84
84
85
Viewing Predefined Roles .......................................................................................... 85

Viewing User Statistics ............................................................................................... 86
APSolute Vision Password Requirements .................................................................. 86
Chapter 4 Managing and Monitoring the APSolute Vision System................. 87

Monitoring APSolute VisionOverview ..................................................................... 87
Managing APSolute Vision Basic Information and Properties .................................... 88
28

Table of Contents
Configuring Connectivity Parameters for Server Connections .................................... 91

Configuring Settings for Alerts ..................................................................................... 95
Configuring Settings for the Alerts Pane .............................................................................. 95
Selecting Parameters to Include in Security Alerts ........................................................... 100
Configuring Monitoring Settings ............................................................................... 101

Configuring APSolute Vision Server Alarm Thresholds ............................................ 102
Configuring Connections to Authentication Servers ................................................. 103
Configuring RADIUS Server Connections ........................................................................ 103
Configuring TACACS+ Server Connections ..................................................................... 107
Managing Device Drivers ......................................................................................... 112

Configuring APSolute Vision Reporter Parameters .................................................. 116
Managing APSolute Vision Licenses and Viewing Capacity Utilization .................... 117
Managing APM in APSolute Vision .......................................................................... 118
Viewing Information on the APM-Enabled Devices .......................................................... 121
Configuring DefensePipe Settings ............................................................................ 122

Configuring APSolute Vision Server Advanced Parameters .................................... 122
Configuring APSolute Vision Display Parameters .................................................... 124
Managing APSolute Vision Maintenance Files ......................................................... 126
Managing Stored Device Configuration/Backup Files .............................................. 126
Controlling APSolute Vision Operations ................................................................... 128
Chapter 5 Setting Up Your Network and Basic Device Configuration .......... 129
Device PaneSites, Clusters, and Physical Containers ......................................... 129
Configuring Sites ...................................................................................................... 130
Adding and Removing Devices ................................................................................ 131
Managing Devices and Device Properties ................................................................ 133
APSolute Vision Server Registered for Device EventsAlteon and LinkProof NG . 144
APSolute Vision Server Registered for Device EventsDefensePro ..................... 145
Locking and Unlocking Devices ................................................................................ 145
Managing DefensePro Clusters for High Availability ................................................ 146
High-Availability in DefenseProOverview .....................................................................
Configuring High-Availability Clusters ...............................................................................
Monitoring DefensePro Clusters .......................................................................................
Synchronizing High-Availability Devices and Switching the Device States ......................
147
149
150
151
Using the Multi-Device View and the Multiple Devices Summary ............................ 152
After You Set Up Your Managed Devices ................................................................ 153
Chapter 6 Managing Device Operations and Maintenance ............................ 155

Rebooting and Shutting Down Managed Devices .................................................... 155
Configuring Multiple Devices .................................................................................... 156
29

Table of Contents
Using the Diff Feature ............................................................................................... 157

Device-Configuration Management (Global Commands) for Alteon and LinkProof NG ...
158
Upgrading DefensePro Device Software .................................................................. 161

Downloading a DefensePro Log File to the APSolute Vision Client ......................... 162
Updating a Radware Signature File or RSA Signature File in DefensePro Devices
162
Downloading a DefensePro Technical Support File ................................................. 164

Managing DefensePro Configurations ...................................................................... 164
DefensePro Configuration File Content ............................................................................. 164
Downloading a Device-Configuration File ......................................................................... 165
Restoring a Device Configuration ...................................................................................... 166
Updating DefensePro Policy Configurations ............................................................ 166
Chapter 7 Using Templates in APSolute Vision.............................................. 169

Using DefensePro Templates ................................................................................... 169
Using AppShape Templates and Instances ............................................................. 176
Configuring a Common Web Application AppShape Instance ..........................................
Configuring a DefenseSSL AppShape Instance ...............................................................
Configuring a Microsoft Exchange 2010 AppShape Instance ...........................................
Configuring a Microsoft Exchange 2013 AppShape Instance ...........................................
Configuring a Microsoft Lync External AppShape Instance ..............................................
Configuring a Microsoft Lync Internal AppShape Instance ...............................................
Configuring an Oracle E-Business AppShape Instance ....................................................
Configuring an Oracle SOA Suite 11g AppShape Instance ..............................................
Configuring an Oracle WebLogic 12c AppShape Instance ...............................................
Configuring a SharePoint 2010 AppShape Instance .........................................................
Configuring a SharePoint 2013 AppShape Instance .........................................................
Configuring an VMware View 5.1 AppShape Instance ......................................................
Configuring a Zimbra AppShape Instance ........................................................................
180
182
184
188
192
196
199
201
204
206
208
210
212
Using Administrative Scripts ..................................................................................... 214

Guidelines for Writing Administrative Scripts .................................................................... 216
Running an Administrative Script from the Administrative Scripts Tab ............................. 220
Chapter 8 Scheduling APSolute Vision and Device Tasks ............................ 221

Overview of Scheduling ............................................................................................ 221
Managing Tasks in the Scheduler ............................................................................ 222
Task Parameters ...................................................................................................... 223
APSolute Vision Configuration BackupParameters ......................................................
APSolute Vision Reporter BackupParameters ..............................................................
Update Security Signature FilesParameters .................................................................
Update RSA Security SignatureParameters .................................................................
Update Attack Description FileParameters ...................................................................
Device Configuration BackupParameters .....................................................................
30
224
226
228
230
231
232

Table of Contents
Device Reboot TaskParameters ................................................................................... 234

DefensePro Configuration Templates TaskParameters ............................................... 236
Chapter 9 Managing Auditing and Alerts......................................................... 241

APSolute Vision Auditing .......................................................................................... 241
Enabling Configuration Auditing for Managed Devices ............................................ 242
Managing Alerts ....................................................................................................... 242
Events Handled in the Alerts Pane ...................................................................................
Alert Information ...............................................................................................................
Displaying Alert Information ..............................................................................................
Filtering Alerts ...................................................................................................................
Configuring Preferences for the Alerts Pane ....................................................................
242
244
246
248
249
Chapter 10 Monitoring Alteon with the Dashboard and Service Status View .....
251
Monitoring Alteon with the Dashboard ...................................................................... 251

System View Dashboard of the Alteon Standalone and Alteon VA Platforms ..................
System View Dashboard of the Alteon vADC Platform ....................................................
System View Dashboard for the Alteon ADC-VX Platform ...............................................
vADCs View Dashboard for Alteon ADC-VX ....................................................................
252
254
255
257
Monitoring Alteon with the Application Delivery View ............................................... 258

Monitoring Alteon with the Service Status View ....................................................... 259
Chapter 11 Monitoring the Alteon System....................................................... 265

Monitoring General Information ................................................................................ 265
CPU Utilization ......................................................................................................... 266
Monitoring Capacity .................................................................................................. 268
Monitoring System Capacity ............................................................................................. 268
Monitoring Network Capacity ............................................................................................ 269
Monitoring Application Delivery Capacity ......................................................................... 270
Maintenance ............................................................................................................. 272
Chapter 12 Monitoring the Alteon Network ..................................................... 277

Monitoring and Controlling Physical Ports ................................................................ 277
Monitoring Layer 2 .................................................................................................... 278
Monitoring FDB ................................................................................................................. 278
Monitoring STG ................................................................................................................. 280
Monitoring Layer 3 .................................................................................................... 280

Monitoring Gateways ........................................................................................................ 281
Monitoring Routes ............................................................................................................. 281
Monitoring Learned MACs (or IP FDB) ............................................................................. 282
31

Table of Contents
Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier ............................... 285
Monitoring Interfaces ......................................................................................................... 286
Monitoring High Availability ...................................................................................... 286

Monitoring High Availability in Alteon Version 30.1 ........................................................... 287
Monitoring High Availability for Alteon Version 30.2 and Later ......................................... 289
Chapter 13 Monitoring Alteon Application Delivery ....................................... 293

Clearing Non-operating SLB Statistics ..................................................................... 293
Monitoring and Controlling Virtual Service ............................................................... 293
Monitoring and Controlling Real Servers ........................................................................... 294
Monitoring and Controlling Server Groups ............................................................... 296

Monitoring and Controlling Virtual Servers ............................................................... 298
View a FastView Web Application ............................................................................ 301
Monitoring and Controlling APM ............................................................................... 302
Monitoring AppShape++ Statistics ........................................................................... 302
Monitoring and Controlling Application Services ...................................................... 303
Monitoring and Controlling HTTP ..................................................................................... 303
Monitoring and Controlling SSL ................................................................................ 309

Managing SSL Client Authentication and the OCSP /CDP Cache .................................... 309
Monitoring and Managing Filters .............................................................................. 309

Monitoring LinkProof ................................................................................................. 310
Monitoring WAN Links ...................................................................................................... 310
Monitoring WAN Link Groups ............................................................................................ 311
Monitoring Proximity .......................................................................................................... 311
Chapter 14 Monitoring and Controlling Alteon vADC .................................... 313

Chapter 15 Using the Device Performance Monitor ....................................... 315
DPM Overview .......................................................................................................... 315
Opening the Device Performance Monitor ............................................................... 316
Device Performance Monitor Main Interface ............................................................ 316
Displaying and Filtering Sites and Devices .............................................................. 318
Viewing and Managing Reports ................................................................................ 318
Viewing Reports ................................................................................................................ 318
Opening the Filter Window ................................................................................................ 319
Exporting Reports ..................................................................................................... 319

Supported Report Categories ................................................................................... 320
ADC/vADC Reports ........................................................................................................... 320
Application Reports ........................................................................................................... 325
Real Server Reports .......................................................................................................... 329
32

Table of Contents
Port Reports ...................................................................................................................... 331

VX Reports ....................................................................................................................... 333
Viewing Dashboards for Single Standalone and vADC Devices .............................. 335
Displaying the Dashboard and Managing the Display ...................................................... 336
Dashboard Components for Single Standalone and vADC Devices ........................ 336
Viewing the Dashboard for ADC-VX Devices ........................................................... 338
Displaying the VX Dashboard and Managing the Display ................................................ 338
Dashboard Components for VX Devices .................................................................. 339

Viewing Dashboards for Multiple Standalone and vADC Devices ............................ 340
Displaying the Multi-Device Dashboard and Managing the Display ................................. 340
Multi-Device Dashboard Components ...................................................................... 341
Chapter 16 Monitoring and Controlling the DefensePro Operational Status 343

Monitoring the General DefensePro Device Information .......................................... 343
Monitoring and Controlling DefensePro Device Ports and Trunks ........................... 344
Monitoring DefensePro High Availability .................................................................. 346
Monitoring DefensePro Resource Utilization ............................................................ 348
Monitoring DefensePro CPU Utilization ............................................................................
Monitoring and Clearing DefensePro Authentication Tables ............................................
Monitoring DME Utilization According to Configured Policies ..........................................
Monitoring DefensePro Syslog Information ......................................................................
348
350
351
352
Monitoring Cisco Security Group Tags (SGTs) ........................................................ 353
Chapter 17 Monitoring DefensePro Statistics ................................................. 355

Monitoring DefensePro SNMP Statistics .................................................................. 355
Monitoring DefensePro Bandwidth Management Statistics ...................................... 356
Displaying the Last-Second BWM Statistics for a Selected DefensePro Device .............. 356
Displaying the Last-Period BWM Statistics for a Selected DefensePro Device ............... 357
Monitoring DefensePro IP Statistics ......................................................................... 358
Chapter 18 Monitoring and Managing DefensePro Diagnostics ................... 361

Configuring Diagnostic Tool Parameters .................................................................. 361
Configuring Diagnostics Policies .............................................................................. 362
Managing Capture Files ........................................................................................... 363
Chapter 19 Monitoring and Controlling DefensePro Networking.................. 365

Monitoring and Controlling the DefensePro Session Table ...................................... 365
Monitoring Session Table Information .............................................................................. 365
Configuring DefensePro Session Table Filters ................................................................ 366
Monitoring Routing Table Information ...................................................................... 367

Monitoring DefensePro ARP Table Information ....................................................... 368
33

Table of Contents
Monitoring MPLS RD Information ............................................................................. 369

Monitoring the DefensePro Suspend Table .............................................................. 369
Monitoring Tunnel Interfaces .................................................................................... 370
Monitoring BGP Peers .............................................................................................. 371
Chapter 20 Monitoring and Controlling DefenseFlow Operation .................. 373

Operation .......................................................................................................................... 373
System .............................................................................................................................. 379
Chapter 21 Using Real-Time Security Monitoring .......................................... 381

Using Real-Time Security Monitoring with DefensePro and DefenseFlow ............... 381
Risk Levels ........................................................................................................................
Using the Dashboard Views for Real-Time Security Monitoring .......................................
Viewing Real-Time Traffic Reports ....................................................................................
Protection Monitoring ........................................................................................................
HTTP Reports ...................................................................................................................
382
382
408
417
424
Using Real-Time Security Monitoring with AppWall and Alteon ............................... 427
Monitoring Security Events ................................................................................................ 427
Monitoring Attack Distribution ............................................................................................ 431
Chapter 22 Using the APSolute Vision Dashboards ...................................... 433

Using the Application SLA Dashboard ..................................................................... 433
Using the Security Control Center ............................................................................ 436
DefensePro Information in the Security Control Center ....................................................
DefenseFlow Information in the Security Control Center ..................................................
AppWall Information in the Security Control Center ..........................................................
APSolute Vision Reporter Information in the Security Control Center ..............................
Emergency Response Team Information in the Security Control Center ..........................
DefensePipe Information in the Security Control Center ...................................................
Radware Signature-Update-Service (SUS) Information in the Security Control Center ....
RSA Security Signatures Information in the Security Control Center ................................
437
437
438
438
438
438
439
440
Chapter 23 APSolute Vision CLI Commands .................................................. 441

Accessing APSolute Vision CLI ................................................................................ 441
Command Syntax Conventions ................................................................................ 442
Main CLI Menu ......................................................................................................... 442
General CLI Commands ........................................................................................... 443
exit .....................................................................................................................................
help ...................................................................................................................................
history ................................................................................................................................
ping ...................................................................................................................................
reboot ................................................................................................................................
shutdown ...........................................................................................................................
34
443
443
444
444
444
444

Table of Contents
grep ................................................................................................................................... 444

more .................................................................................................................................. 445
Network Configuration Commands ........................................................................... 445

Network DNS Commands .................................................................................................
Net Firewall Commands ...................................................................................................
Network IP Interface Commands ......................................................................................
Network NAT Commands .................................................................................................
Network Physical Interface Commands ............................................................................
Network Routing Commands ............................................................................................
445
447
447
449
450
451
System Commands .................................................................................................. 452

System APM Commands ..................................................................................................
system audit-log export .....................................................................................................
System APSolute Vision Server Commands ....................................................................
System Backup Commands .............................................................................................
system cleanup .................................................................................................................
System Database Commands ..........................................................................................
453
453
454
455
469
469
Chapter 24 Using vDirect with APSolute Vision ............................................. 495

vDirect-APSolute Vision IntegrationOverview ...................................................... 495
Accessing the vDirect Configuration Interface of the APSolute Vision Server ......... 495
Managing Devices in APSolute Vision with vDirect .................................................. 496
APSolute Vision and vDirect Terminology ........................................................................
APSolute Vision vDirect Sites ...........................................................................................
APSolute Vision vDirect Limitations ..................................................................................
Configuring a Container in vDirect ....................................................................................
Managing DefensePro Instances in APSolute Vision vDirect ...........................................
496
497
497
497
501
Appendix A Managing the Online-Help Package on the Server .................... 505

Appendix B APSolute Vision Database Views ................................................ 507
Using APSolute Vision Database Views ................................................................... 507
View Description and Relationships ......................................................................... 507
Security Attacks Tables .................................................................................................... 508
Traffic and Connection Tables .......................................................................................... 537
APSolute Vision Server Information Tables ...................................................................... 541
Real-time Data Retention and Aging ........................................................................ 544
Appendix C APSolute Vision Log Messages and Alerts ................................ 547

Global Parameters .................................................................................................... 548
Advanced Parameters .............................................................................................. 548
Alert Browser Settings .............................................................................................. 549
Connection Settings ................................................................................................. 550
Monitoring Settings ................................................................................................... 551
35

Table of Contents
RADIUS Configuration .............................................................................................. 552

Security Alert Settings .............................................................................................. 553
TACACS+ Configuration Settings ............................................................................. 553
Warning Threshold Settings ..................................................................................... 554
SharePath Settings ................................................................................................... 555
APSolute Vision License Settings ............................................................................ 555
Upload Logo Settings ............................................................................................... 555
Security Group Settings ............................................................................................ 556
Device Operation Alerts ............................................................................................ 556
Audit Message Type Enum ...................................................................................... 558
HTTPS Communication Check ................................................................................. 559
RSA Update on the Device ....................................................................................... 560
Operation Constant .................................................................................................. 560
Audit Messages ........................................................................................................ 561
Alert Mail Notifier ...................................................................................................... 562
Scheduled Task Alerts .............................................................................................. 562
General ..................................................................................................................... 564
Alerts from CLI .......................................................................................................... 564
Device Configuration Audit Messages ...................................................................... 566
Hardware Alerts ........................................................................................................ 566
Appendix D MIBs for Monitoring APSolute Vision ........................................ 567

RFC1213 MIB Objects for Monitoring APSolute Vision ............................................ 568
Host Resources MIB Objects for Monitoring APSolute Vision .................................. 570
UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision ................................ 570
Trap Objects for Monitoring APSolute Vision ........................................................... 571
Appendix E AppShape-Generated Configurations......................................... 573

Common Web ApplicationAppShape-generated Configuration ........................... 573
DefenseSSLAppShape-generated Configuration ................................................. 575
Microsoft Exchange 2010AppShape-generated Configuration ............................ 576
Microsoft Exchange 2013AppShape-generated Configuration ............................ 579
Microsoft Link ExternalAppShape-generated Configuration ................................ 582
Microsoft Link InternalAppShape-generated Configuration .................................. 584
Oracle E-BusinessAppShape-generated Configuration ....................................... 593
Oracle SOA Suite 11gAppShape-generated Configuration ................................. 594
Oracle WebLogic 12cAppShape-generated Configuration .................................. 596
SharePoint 2010AppShape-generated Configuration .......................................... 598
SharePoint 2013AppShape-generated Configuration .......................................... 600
36

Table of Contents
VMware View 5.1AppShape-generated Configuration ......................................... 601

ZimbraAppShape-generated Configuration .......................................................... 602
Appendix F APSolute Vision Specifications and Requirements ................... 607

System Capacity ....................................................................................................... 607
UDP/TCP Ports ........................................................................................................ 608
APSolute Vision Web Based Management Interface Requirements ........................ 609
APSolute Vision WBM Supported Operating Systems ..................................................... 610
APSolute Vision WBM Supported Browsers ..................................................................... 610
Application Performance Monitoring Requirements ................................................. 610

Device Performance Monitoring Requirements ........................................................ 610
APSolute Vision Reporter Requirements ................................................................. 610
Radware Ltd. End User License Agreement....................................................... 611
37

Table of Contents
38
Chapter 1 Introduction to APSolute Vision

This guide is intended for users and administrators of APSolute Vision. The guide describes the
relevant aspects of APSolute Vision and how to use it.
The following topics introduce APSolute Vision:
What is APSolute Vision?, page 39
APSolute Vision Three-Tier Architecture, page 40
Overview of APSolute Vision Features, page 41
APSolute Vision Interface Navigation, page 48
For information about installing the APSolute Vision server and initial settings on the APSolute Vision
platform, see the APSolute Vision Installation and Maintenance Guide.
What is APSolute Vision?

Use APSolute Vision to manage, monitor, control, and enhance Radware application-delivery-control
(ADC) and security products, modules, and servicesincluding the following:
Alteon Alteon is an application delivery controller (ADC) and load balancer that guarantees
application SLA. For information about the required workflows for configuring application
delivery with Alteon, see the Alteon Application Switch Operating System Application Guide.
AppWall AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure
delivery of mission-critical Web applications. For more information on AppWall, see the AppWall
User Guide.
DefenseFlow DefenseFlow is a network-wide attack detection and cyber command and

control application designed to protect networks against known and emerging network attacks
that threaten network resources availability. For more information on DefenseFlow, see the
DefenseFlow User Guide.
DefensePro DefensePro is a real-time attack-mitigation device that protects organizations

against emerging network and application cyber-attacks. For information about the required
workflows for configuring network security with DefensePro, see the DefensePro User Guide.
APSolute Vision supports the following products, which are related to DefensePro:
Check Point DDoS ProtectorUnless stated otherwise in the APSolute Vision

documentation or the Check Point DDoS Protector Release Notes, the term DefensePro
refers also to the Check Point DDoS Protector product. For more information on Check Point
DDoS Protector, including limitations and different behavior, see the Check Point DDoS
Protector Release Notes, Check Point DDoS Protector User Guide, and the related Check
Point documentation.
DefensePro for Cisco Firepower 9300Unless described otherwise in the APSolute

Vision documentation, the term DefensePro refers also to the DefensePro for Cisco
Firepower 9300 product. For more information on DefensePro for Cisco Firepower 9300,
including limitations and different behavior, see the Cisco Firepower 9300 Release Notes and
the related Cisco documentation.
LinkProof NGLinkProof NG provides link load-balancing. For information about the basic
and advanced link load balancing and configuration of LinkProof NG, see the LinkProof NG User
Guide.
39

Introduction to APSolute Vision
APSolute Vision provides:
A Role-Based Access Control (RBAC) systemAPSolute Visions RBAC provides granular

control and monitoring of various aspects for different users.
Online configuration per device and multiple-device configuration and toolsThese

include the following:
Support for AppShape templates, which automate and streamlines device configuration for
common applications.
Support for DefensePro Configuration Templates, which automate and streamline

configuration in various applications.
Management capabilitiesThese include the following:
Scheduling device control and maintenance tasks, such as, backup and restore, and so on.
Auditing
Viewing alerts and configuration messages (Alerts pane)
Device software management
Management of DefensePro templates for Network Protection and Server Protection policies
Monitoring and control of multiple devicesThis includes enabling and disabling entities
within a device. APSolute Vision can configure and monitor multiple devices in a single view.
Capability for Application Performance Monitoring (APM)On HTTP/HTTPS traffic flowing

through Alteon devices.
Device Performance Monitoring (DPM) on Alteon and LinkProof NG devicesWhen DPM

is enabled, the device listens for requests for its performance data and sends the data to
APSolute Vision. APSolute Vision processes the data and can display the information in the
Device Performance Monitoring Web interface. The DPM Web interface includes alerts,
dashboards with current monitoring data, and reports with historical data.
Security reporting and statisticsAt the device level, and on logical entities within a device.
For real-time and historical security reporting, APSolute Vision can also provide device and
multi-device reports for immediate problem isolation, convenient attack and status visibility, and
information drill-down.
vDirect supportRadwares vDirect is a software-based plug-in that integrates Radwares

ADC and security products with networking virtualization and automation solutions.
REST API supportAPSolute Vision exposes a REST API for all functionality supported by the
APSolute Vision WBM, including configuration, monitoring, and security reporting.
APSolute Vision Three-Tier Architecture

APSolute Vision is a three-tier management system with client, server and device tiers. APSolute
Vision server can run as a standalone physical appliance or as a virtual appliance (VA). The client
tier does not connect to devices directly.
The client tier does the following:
Runs as a Web application on a PC browser and provides a graphical user interface with separate
perspectives for configuration, monitoring and control, and security monitoring.
Transmits user requests to the server tier and displays the results in the APSolute Vision
interface in an intuitive and easy-to-read format.
40

The server tier does the following:
Runs on the APSolute Vision platform
Processes user commands
Transmits and stores data from other tiers
Makes logical decisions and performs calculations
Performs user authentication and authorization
Communicates with the managed devices
Collects statistics and generates reports
Collects alerts and messages from managed devices
The network physical or virtual device tier enables management of the collection of network
elements connected to APSolute Vision, which includes the following:
Alteon
AppWall
DefensePro
LinkProof NG
Overview of APSolute Vision Features

This section provides an overview of APSolute Visions main features:
Online Device Configuration, page 42
Monitoring of Managed Devices and Services, page 42
Operation Control and Maintenance, page 42
Device Drivers, page 43
Scheduled Tasks, page 43
Auditing and Alerts, page 43
User Management and Role-based Access Control (RBAC), page 44
APSolute Vision Platform Security, page 44
APSolute Vision Platform Management, page 44
Supported Form Factors for Alteon and LinkProof NG, page 44
Device Performance Monitoring for Alteon and LinkProof NG, page 45
Application Performance Monitor for Alteon and LinkProof NG, page 45
vDirect with APSolute Vision, page 45
DefensePro Configuration Templates, page 46
Real-Time Security Reporting for DefensePro, page 46
Historical Security Reporting for DefensePro and AppWallAPSolute Vision Reporter, page 46
DefensePipe Access, page 47
DefenseFlow Access, page 47
APSolute Vision Online Help, page 47
Language Support (Localization), page 48
41

Online Device Configuration

Online configuration of devices using APSolute Vision supports the following:
Easy access for all device configuration topics
Simultaneous configuration of multiple managed devices
Hierarchical grouping of logical elements
Graphical change notation
Drill-down configuration topics
Inline filtering
Online configuration per device
AppShape templates to automate and streamline device configuration for common

applications.
DefensePro configuration templates.
Monitoring of Managed Devices and Services

Monitoring of managed devices and services in APSolute Vision supports the following:
Easy access for device monitoring topics
Logical-element grouping
Hierarchical browsing
Propertiesstatus, management IP address, software version, device-driver version, hardware

platform, license information, and the time of the last configuration change
Routing table
IP statisticsreceived and discarded
Information on ports, VLANs, and trunks, such as:
General status
Statistics
Device statistics tables for the device level and logical level
Operation Control and Maintenance

Control and maintenance operations include the following:
Enabling and disabling all relevant entities on a device.
Managing AppShape templates and AppShape instances for Alteon ADC devices. AppShape
automates/streamlines ADC configuration for common applications, such as SAP Portal and
Microsoft SharePoint Server.
Managing DefensePro templates for Network Protection policies and Server Protection policies.
Managing pairs of devices for high availability (HA).
Performing file transfers.
Managing configuration backups.
Rebooting devices.
42

Device Drivers
APSolute Vision device drivers can enable you to install or upgrade Radware devices without the
need to upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical
user interface and configuration for the software version of a managed device. The software version
of a managed device defines the baseline driver version. You can install a newer version of the
device driver, and you can revert to the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server. Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.
Notes
There are cases where upgrading the Radware device software requires upgrading the APSolute
Vision server software. Check the release notes of the new Radware device version to determine
the minimum APSolute Vision version required.
When you upgrade device software, you need to reboot the device. However, when you install a
new version of a device driver or revert to the baseline version, you do not need to reboot the
device.
Device drivers do not include the online help. If the APSolute Vision server is configure so that
the clients get help from the server (the default option), the APSolute Vision administrator
should make sure that the APSolute Vision server has the latest version of the online-help
package.
The Properties pane that is displayed for a device includes the name of the device driver.
Scheduled Tasks
You can configure scheduled tasks for various operations for the APSolute Vision server and
managed devices.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
Auditing and Alerts

Auditing and alerts in APSolute Vision logs all alerts and actions for APSolute Vision and for the
managed devices. You can view auditing information and other alerts in the APSolute Vision Alerts
pane.
Alerts are created with the time at which the APSolute Vision server processed them, but the time
displayed in the Alerts pane is the time of the APSolute Vision client with the proper time offset.
APSolute Vision provides the audit trail for system messages and modifications to the configuration
of managed devices.
APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute
Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications
can be sent via SMTP. Notifications can be sent to a syslog server.
43

The Alerts tab in the Alerts pane provides fault management by supporting the following system and
audit alarms:
APSolute Vision server alarms
General device alarms (fan, CPU, and so on)
Alteon device configuration and operation messages
DefensePro security alerts
Audit trail messages
User Management and Role-based Access Control (RBAC)

The APSolute Vision server supports multi-user access and role-based access control (RBAC).
RBAC provides the following:
Predefined basic roles and permissions
Customized permissions per role and device
Access-control configuration and management in a local user table or using an external

authentication server (TACACS+, or RADIUSusing custom attributes defined to provide the
APSolute Vision RBAC definitions)
APSolute Vision Platform Security

APSolute Vision supports user security with user-account options for the following parameters:
Password expirationSpecified in days
Inactivity timeoutAutomatic logout
Forbidding use of old passwords
Password challenge configuration
Password constraints
Administrative actionsTo create users, reset user passwords (except for the radware
user), and locking out users
Tracking user statisticsFor successful logins, failed logins, account locks, and so on
APSolute Vision Platform Management

The APSolute Vision Server supports the following management interfaces:
CLI shell commandsFor installation, first-time configuration, and special maintenance

activities
APSolute Vision clientFor APSolute Vision server options, such as, timeouts, connectivity,
event forwarding, and so on, and for server monitoring
Supported Form Factors for Alteon and LinkProof NG

APSolute Vision supports the following form factors (or modes) for Alteon and LinkProof NG:
StandaloneThe traditional hardware Application Delivery Controller (ADC)
Alteon VAA software-based ADC supporting AlteonOS functionality and running on the
VMware virtual infrastructure
ADC-VXA specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated
ADC hardware, Radwares OnDemand Switch platforms
vADCA virtualized instance of the Alteon operating system (AlteonOS)
44

Notes
For more information, see the Alteon Application Switch Operating System Application Guide.
The Alerts tab in the Alerts pane displays Alteon and LinkProof NG configuration messages. A
message is displayed in the Alerts pane after each Alteon or LinkProof NG configurationmanagement action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and
Dump). When you double-click a message, APSolute Vision opens a separate pane that contains
the full message text, which you can copy to the clipboard.
If the new configuration is different from the current one, to indicate that the Apply command is
required, the message Apply is required is displayed under the Apply button in the device
toolbar and a fiery background displays behind the button.
During the Apply operation, the device icon may momentarily change from locked
to
maintenance
, and the value of the Status parameter in the Properties pane may
momentarily change from Up to Maintenance.
Device Performance Monitoring for Alteon and LinkProof NG

APSolute Vision Device Performance Monitoring (DPM) enables you to view current and historical
device-performance data from Alteon and LinkProof NG devices.
Application Performance Monitor for Alteon and LinkProof NG

APSolute Vision Application Performance Monitoring (APM) enables you to view real applicationperformance statistics from Alteon and LinkProof NG devices.
APM opens from the APSolute Vision main screen.
Note: For more information, see the Application Performance Monitor User Guide.
Application SLA Dashboard

The Application SLA Dashboard enables you to view all major application SLA issues.
Note: For more information, see Using the Application SLA Dashboard, page 433.
vDirect with APSolute Vision

The APSolute Vision 3.40.00 installation includes vDirect version 3.20.
Users with the proper roles can use vDirect with APSolute Vision to do the following:
Add and delete Alteon and DefensePro devices to the devices that the APSolute Vision manages.
Change the and delete Alteon and DefensePro devices to the devices that the APSolute Vision
manages.
Use the Administrative Scripts feature.
45

vDirect, a component within the Radware Virtual Application Delivery Infrastructure (VADI), is a
software-based plug-in that integrates Radwares ADC and security products with networking
virtualization and automation solutions. With vDirect, enterprise and cloud IT personnel can
provision, decommission, configure, and monitor complex ADC and security services, both physical
and virtual, in matter of hours and even minutes, thus maintaining maximum business agility and IT
efficiency.
vDirect exposes the following APIs:
SSH/HTTPS APIs for CLI or Web integration
SOAP APIs for use with the vDirect Java SDK
REST APIs for easy scripting integration
Key benefits of the vDirect plug-in include:
Full business agility and resource elasticityImproved business agility by ensuring the
application delivery layer is constantly aligned with the changes in the virtual infrastructure.
Drives IT efficiency through workflow automationFull integration of Radwares ADC and

security products into the data center workflow automation, driving greater levels of IT
efficiency and extracting more value from Radware solutions.
DefensePro Configuration Templates

APSolute Vision enables you to manage and dispatch DefensePro configurations of Network
Protection and Server Protection policies, along with associated profiles, configuration objects (such
as and network classes) and baselines.
Real-Time Security Reporting for DefensePro

APSolute Vision provides real-time attack views and security service alarms for DefensePro devices.
Historical Security Reporting for DefensePro and AppWallAPSolute

Vision Reporter
APSolute Vision Reporter (AVR) is a historical security reporting engine, which provides the
following:
Customizable dashboards, reports, and notifications
Advanced incident handling for security operating centers (SOCs) and network operating centers
(NOCs)
Standard security reports
In-depth forensics capabilities
Ticket workflow management
Notes
For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes.
For information about APSolute Vision Reporter and how to use it, see its online help and the
APSolute Vision Reporter User Guide.
46

DefensePipe Access
The APSolute Vision main toolbar displays the DefensePipe button (
connects you to the associated DefensePipe interface.
). Clicking the button
Note: For more information on DefensePipe, see the DefensePipe User Guide.
DefenseFlow Access
The APSolute Vision main toolbar displays the DefenseFlow button ( ) when the DefenseFlow IP
address is configured in APSolute Vision. This option is available using APSolute Vision CLI. Clicking
the button opens the DefenseFlow interface.
Security Control Center

The Security Control Center enables you to view and monitor the following:
Radware security products and modules
DefensePro
DefenseFlow
AppWall (WAF)
APSolute Vision Reporter (AVR)
Radware subscription, security services:
Radware security signature files / Signature Update Service (SUS)
RSA Security signatures
Emergency Response Team (ERT)
DefensePipe
Note: For more information, see Using the Security Control Center, page 436.
APSolute Vision Online Help

By default, APSolute Vision clients get online help from the APSolute Vision server. The default
installation of the APSolute Vision server includes online-help files.
Depending on the configuration of the APSolute Vision server (see Configuring APSolute Vision
Server Advanced Parameters, page 122), APSolute Vision clients get online help from one of the
following locations:
A hard-coded location on the APSolute Vision serverInstallation of the APSolute Vision

server includes online-help files. However, the online-help files on the server should be updated
with a new online-help package if managed devices are upgraded later (with a new device, new
device version, new device driver, or new AppShape template type). It is the responsibility of the
APSolute Vision administrator to make sure that the help files on the server are updated as
necessary. For more information, see Appendix A - Managing the Online-Help Package on the
Server, page 505.
radware.comThe online help files at radware.com are always the most up-to-date.
47

Language Support (Localization)

APSolute Vision supports an English graphical user interfaces and online help.
Additionally, APSolute Vision supports a Chinese graphical user interfaces and online help for Alteon
version 30.2 and later.
APSolute Vision Interface Navigation

This section contains the following topics:
APSolute Vision Settings View, page 48
Device Pane, page 51
Configuration Perspective, page 53
Monitoring Perspective, page 55
Security Monitoring Perspective, page 56
The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.
Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based
Access Control (RBAC). For more information, see the APSolute Vision User Guide. For more
information, see Role-Based Access Control (RBAC), page 70 and Configuring Local Users for
APSolute Vision, page 79.
APSolute Vision Settings View

Click the
view.
(Settings) button at the top of the main screen to select the APSolute Vision Settings
The APSolute Vision Settings view includes the following perspectives:
SystemFor more information, see Settings ViewSystem Perspective, page 51. Access to the
APSolute Vision Settings view System perspective is restricted to administrators.
DashboardsFor more information, see Settings ViewDashboards Perspective, page 50.
PreferencesFor more information, see Settings ViewPreferences Perspective, page 50.
Click the relevant button (System, Dashboards, or Preferences) to display the perspective that
you require.
At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision
device-properties pane. For more information, see APSolute Vision Device-Properties Pane, page 49.
When you hover over a device node in the device pane, a popup displays. For more information, see
Device-Properties Hover Popup, page 50.
48

Figure 19: Settings View (Showing the System Perspective)

Displays the device pane.
APSolute Vision device-properties pane.
The System perspective in the APSolute Vision Settings view is being displayed.
Dashboards buttonDisplays the Dashboards perspective in the APSolute Vision
Settings view.
Preferences buttonDisplays the Preferences perspective in the APSolute
Vision Settings view.
Settings buttonSwitches to
and from the APSolute Vision
Settings view.
Content area.
Alerts paneDisplays the Alerts table. The Alerts table displays APSolute Vision alerts,
device alerts, DefensePro security alerts, and device configuration messages.
APSolute Vision Device-Properties Pane

The APSolute Vision device-properties pane displays the following parameters for the currently
selected device:
The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device
name.
An icon showing whether the device is locked.
A picture of the device front panel. When the device is locked, you can click the
reset or shut down the device.
StatusThe device general status: Up, Down, or Maintenance.
Locked ByIf the device is locked, the user who locked it.
Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)This field displays the platform and form factor.
button to
49

Platform (displayed only for DefensePro version 6.x and 7.x devices)The platform type, for
example x420.
Mngt IPThe host or IP address of the devices.
VersionThe device version.
MACThe MAC address.
LicenseThe license for the device.
APM License (displayed only for Alteon and LinkProof NG devices)The pages-per-minute limit
of the APM license.
HA Status (displayed only for Alteon, DefensePro for Cisco Firepower 9300, and LinkProof NG
devices)The high-availability status of the device. For Alteon and LinkProof NG, displayed only
with HA configured: Active or Standby. For DefensePro: Standalone, Primary, or
Secondary.
Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.
Device DriverThe device driver name.
Device-Properties Hover Popup

When you hover over a device node in the device pane, a popup displays the following parameters:
Device NameThe user-defined device name.
StatusThe device general status: Up, Down, or Maintenance.
Locked ByIf the device is locked, the user who locked it.
Management IP AddressThe host or IP address of the device.
Device TypeThat is, Alteon, AppWall, DefensePro, or LinkProof NG.
VersionThe device version.
MACThe MAC address.
LicenseThe license for the device.
Form Factor (displayed only for Alteon, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)The form factor, for example, Standalone.
PlatformThe platform type.
HA Status (displayed only for Alteon, DefensePro, and LinkProof NG devices)The highavailability status of the device. For Alteon and LinkProof NG, displayed only with HA configured:
Active or Standby. For DefensePro: N/A, Standalone, Primary, or Secondary.
Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.
Device DriverThe device driver name.
Settings ViewPreferences Perspective

Use the Preferences perspective to change your password.
Settings ViewDashboards Perspective

Users with a proper role can use the APSolute Vision Settings view Dashboards perspective to access
the following:
Application SLA DashboardFor more information, see Using the Application SLA Dashboard,
page 433.
Security Control CenterFor more information, see Using the Security Control Center,
page 436.
50

Settings ViewSystem Perspective

Administrators can use the APSolute Vision Settings view System perspective to do the following:
Monitor or manage the general settings of the APSolute Vision serverMonitoring and
managing the general settings of the APSolute Vision server include the following:
General properties, details, and statistics of the APSolute Vision server
Statistics of the APSolute Vision server
Connectivity
Alert browser and security alerts
Monitoring parameters
Server alarm thresholds
Authentication protocols
Device drivers
APSolute Vision Reporter for DefensePro
Licenses
Application Performance Monitoring (APM)
DefensePipe URL
Advanced general parameters
Display formats
Maintenance files
Manage and monitor usersUsers can, in turn, manage multiple devices concurrently. Using
APSolute Vision RBAC, administrators can allow the users various access control levels on
devices. RBAC provides a set of predefined roles, which you can assign per user and per working
scope (device or group of devices). RBAC definition is supported both internally (in APSolute
Vision) and through remote authentication (with RADIUS or TACACS+).
Manage device resources For example, device backup files.
Note: For more information on the most of the operations that are exposed in the APSolute Vision
Settings view System perspective, see Managing and Monitoring the APSolute Vision System,
page 87.
Device Pane
Users with a proper role can use the device pane to add or delete the Radware devices that the
APSolute Vision server manages.
Click the little button close to the upper-left corner to display the device pane (see Figure 20 Device Pane (Not Docked), page 52).
You can organize managed devices into high-availability clusters and sites.
Typically, a site is a group of devices that share properties, such as location, services, or device
type. You can nest sites; that is, each site can contain child sites and devices. In the context of rolebased access control (RBAC) RBAC, sites enable administrators to define the scope of each user.
In the context of Alteon, sites also play a role in the context of vADCs and ADC-VXs. When you
manage a vADC hosted by an ADC-VX in the device pane Physical Containers tree, you specify the
site under which that vADC is displayed in the Sites and Clusters tree.
When you double-click a device in the device pane, APSolute Vision displays the device-properties
pane and the last perspective that you viewed on the device along with the corresponding content
area.
51

You can filter the sites and devices that APSolute Vision displays. The filter applies to all the sites
and devices in the tree. The filter does not change the contents of the tree, only how APSolute Vision
displays the tree to you. By default, APSolute Vision displays all the sites and devices that you have
permission to view. To each node in the tree, APSolute Vision appends the number of devices
matching the filter at that level according to your RBAC permissions.
You can filter the sites and devices that APSolute Vision displays according to the following criteria:
StatusUp, Down, Maintenance, or Unknown.
TypeAlteon, AppWall, DefensePro, or LinkProof NG. The Physical Containers tab does
not display this field.
NameThe name of a device, site, or string contained in the name (for example, the value aRy
matches an element named Primary1 and SecondaryABC).
IP AddressThe IP address, IP range, or IP mask.
After you configure the filter criteria, to apply the filter, click the
Click the
button to apply the filter.
button to cancel the filter.
Figure 20: Device Pane (Not Docked)

Minimizes the docked device pane.
Docks the device pane.
Displays the UI for the selected device(s).
Controls for filtering the devices that the pane

displays.
APSolute Vision appends the number of devices

matching the filter at that level according to your
RBAC permissions.
52

Configuration Perspective
Use the Configuration perspective to configure Radware devices.
Choose the device to configure in the device pane.
You can view and modify device configurations in the content area.
When APSolute Vision manages Alteon or LinkProof NG:
You choose the standalone, VA, or vADC device to configure in the device pane Sites and
Clusters tree.
You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.
Figure 21: Configuration PerspectiveAlteon and LinkProof NG

Device pane (docked) with the Sites and Clusters tree displayedDisplays, according
to your filter, the configured sites and standalone, vADC, and VA devices.
Physical Containers tabDisplays, according to your filter, the configured
sites and ADC-VXs with the hosted vADCs.
The Configuration perspective is being displayed.
Device-properties pane.
Monitoring buttonOpens the Monitoring perspective.
Configuration-management buttons.
Alerts TableDisplays APSolute Vision alerts,

device alerts, and configuration messages.
Content
pane.
The following points apply to all configuration tasks in the Configuration perspective:
To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 145.
When you change a field value (and there is configuration that is pending Submit action), the
tab title changes to in italics with an asterisk (*).
By default, tables display up to 20 rows per table page.
53

You can perform one or more of the following operations on table entries:
Add a new entry to the table, and define its parameters.
Edit one or more parameters of an existing table entry.
Delete a table entry.
Device configuration information is saved only on the managed device, not in the APSolute
Vision database.
To commit information to the device, you must click Submit when you modify settings in a
configuration dialog box or configuration page.
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the change
without an immediate reboot. When you submit a change without a reboot, the Properties pane
displays a Reboot Required notification until you reboot the device.
For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (globalcommand) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new
configuration requires an Apply or Save operation to take effect, the button is displayed with an
orange background.
Figure 22: Apply (Required) and Save (Required) Buttons
For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If
the configuration requires an Apply operation to take effect, the button is displayed with an orange
background.
Figure 23: Apply Button for AppWall
Figure 24: Apply Required Button for AppWall
For DefensePro, click Update Policies to implement policy-configuration changes if necessary.

Policy-configuration changes for a device are saved on the device, but the device does not apply the
changes until you perform a device-configuration update. For DefensePro 7.x versions 7.32 and
later, if the new configuration requires an Update Policies operation to take effect, the button is
displayed with an orange background.
Figure 25: Update Policies Button
Figure 26: Update Policies Required Button
54

Example Device selection in the Configuration perspective

The following example shows the selections you would make to view or change configuration
parameters for a Radware device:
1. Select the required device in the device pane by drilling down through the sites and child sites.
2. Lock the device by clicking the
icon in the device-properties pane. The icon changes to
(a picture of a locked padlock).

3. Click Configuration (
) to open the Configuration perspective.
4. Navigate to the configuration objects in the content pane.
Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.
Figure 27: Monitoring PerspectiveAlteon and LinkProof NG

Device pane (docked) with the Sites and Clusters tree displayedDisplays, according
to your filter, the configured sites and standalone, vADC, and VA devices.
Physical Containers tabDisplays, according to your filter, the configured
sites and ADC-VXs with the hosted vADCs.
The Monitoring perspective is being displayed.
Configuration-management buttons.
Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
configuration messages.
55

Figure 28: Monitoring PerspectiveDefensePro

Device paneIncludes the Sites and Clusters tree and the Physical Containers tree.
Only the Sites and Clusters tree is relevant for DefensePro.
The Monitoring perspective is being displayed.
DefensePro configuration-management buttons.
Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
DefensePro configuration messages.
Security Monitoring Perspective

For DefensePro and DefenseFlow, APSolute Vision displays the Security Monitoring perspective.
The Security Monitoring perspective is available for single devices and also for multiple devices.
Security monitoring for multiple devices supports two report categories: the Dashboard View and
Traffic Monitoring. Security monitoring for single devices supports two additional report categories:
Protection Monitoring and HTTP Reports.
You can filter the sites and devices that APSolute Vision displays. The filter does not change the
contents of the tree, only how APSolute Vision displays the tree to you.
In the Security Monitoring perspective, you can access a collection of real-time security-monitoring
tools that provide visibility regarding current attacks that the DefensePro device has detected. The
Properties pane displays information about the currently selected device.
The Security Monitoring perspective includes the following tabs:
56
Dashboard ViewComprises the following:
Security DashboardA graphical summary view of all current active attacks in the
network with color-coded attack-category identification, graphical threat-level indication,
and instant drill-down to attack details.
Current AttacksA view of the current attacks in a tabular format with graphical notations
of attack categories, threat-level indication, drill-down to attack details, and easy access to
the protecting policies for immediate fine-tuning.

Traffic MonitoringA real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.
Protection MonitoringReal-time graphs and tables with statistics on policies, protections

according to specified traffic direction and protocol, along with learned traffic baselines.
HTTP ReportsReal-time graphs and tables with statistics on policies, protections according to
specified traffic direction and protocol, along with learned traffic baselines.
Figure 29: Security Monitoring PerspectiveShowing the Security Dashboard
Note: For more information on the Security Monitoring perspective, see Using Real-Time Security
Monitoring, page 381.
57

58
Chapter 2 Getting Started with APSolute

Vision
The following topics describe how to get started and set up APSolute Vision before configuring and
monitoring your Radware devices:
Initializing the APSolute Vision Server, page 59
Recommended Basic Security Procedures, page 61
APSolute Vision WBM Requirements, page 62
Logging into APSolute Vision, page 63
Changing Passwords for Local Users, page 64
After Initial Configuration of APSolute Vision, page 66
Using Common GUI Elements in APSolute Vision, page 66
Notes
For information about installing the APSolute Vision server, see the APSolute Vision Installation
and Maintenance Guide.
For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.
Initializing the APSolute Vision Server

On a physical appliance, access the APSolute Vision CLI using a serial cable and terminal emulation
application, or from an SSH client.
Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:
Bits per second: 19200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None
Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute
Vision terminates the session.
59

Getting Started with APSolute Vision
To initialize the APSolute Vision server

1.
Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and
that console computer is turned on.
2.
Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.
3.
Wait for the login prompt, vision login:.
4.
Type the default username radware, and then, press Enter.
5.
Type the default password radware, and then, press Enter.
6.
Type the IP address for the APSolute Vision server, and then, press Enter.
7.
Type the value for the network mask for the APSolute Vision server, and then, press Enter.
8.
Type the value for the default gateway for the APSolute Vision server, and then, press Enter.
9.
Type the value for the primary DNS server for the APSolute Vision server, and then, press Enter.
10. If applicable, type the value for the secondary DNS server for the APSolute Vision server, and
then, press Enter.
Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter
without typing anything, the installation will proceed.
11. Type the interface identifierfor example G1 or G2 (case sensitive)that is, the interface the
APSolute Vision clients access, and then, press Enter.
Notes
The installation program checks whether there are connected interfaces, and it displays their
identifiers. If there are no connected interfaces, a No link detected message is displayed.
The interface identifiers that are supported depend on the APSolute Vision form factor.
12. Review the values.

13. Type one of the following values:
y yes, that is, you accept the values.
N no, that is, you need to go back and change one or more values.
The initialization script asks whether you want to change the root user password.
14. Change the root user password if required.
Note: For information on how to change the default passwords, see APSolute Vision CLI
Commands, page 441.
60

Recommended Basic Security Procedures

This section describes the basic procedures that Radware recommends for the security of the
APSolute Vision system.
Restricting Root Access

The APSolute Vision server runs on a Linux shell.
The APSolute Vision server supports root access to the operating system. The default password is
radware, which can be modified during the initial setup of the APSolute Vision server. Additionally,
user radware can modify the password using the CLI command system user password root.
Radware recommends that the root user password be kept secret from other administrators, and
retained for troubleshooting by Radware Technical Support.
If you require recovery of the root password, contact Radware Technical Support.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.
Restricting APSolute Vision CLI Access

The default username/password for the APSolute Vision CLI is radware/radware.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly, Radware recommends that you change the default password of the radware
user, using the CLI command system user password change radware.
Change the password with the relevant CLI command.
Access to the APSolute Vision CLI is available only to users with the Administrator or Vision
Administrator role.
page 441.
Restricting Web Access to the APSolute Vision Server

You install of APSolute Vision client software by accessing an APSolute Vision appliance using a Web
browser.
The APSolute Vision installation includes one default user, radware, with the password radware.
The radware user has access to all APSolute Vision interfaces.
Radware recommends that you change the password of the radware user. Change the password with
the relevant CLI command.
operating properly.
page 441.
61

Restricting Web Access by Radware Technical Support

Radware Technical Support can access an APSolute Vision appliance using a Web browser.
operating properly, Radware recommends that you change the default password.
Change the password with the relevant CLI command.
page 441.
APSolute Vision WBM Requirements

APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
This section describes the basic requirements with the following topics:
APSolute Vision WBM Requirements, page 62
Application Performance Monitoring Requirements, page 63
APSolute Vision Reporter Requirements, page 63
Device Performance Monitor Requirements, page 63
Notes
For more information, see APSolute Vision Specifications and Requirements, page 607.
For the list of required UDP/TCP ports, see UDP/TCP Ports, page 608.
APSolute Vision WBM Requirements

This section includes the following topics:
APSolute Vision Client Supported Operating Systems, page 62
APSolute Vision WBM Supported Browsers, page 62
APSolute Vision Client Supported Operating Systems

The following operating systems support APSolute Vision client:
Windows Server 2008R2 64-bit
Windows 8 64-bit
Windows 7 SP1 32-bit and 64-bit
Linux Ubuntu (Desktop)
Mac OS X
APSolute Vision WBM Supported Browsers

You can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device
Performance Monitor, and the APM server Web interface) using a Web browser. For the list of
supported browsers, refer to the release notes.
62

Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision
WBM, there is sometimes a problem when downloading files. You can fix the problem by updating
the Windows registry. The update tells IE to open JSON documents in the browser. In the update,
the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the Browse in place
action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00
and update the Windows registry with the following:
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
Application Performance Monitoring Requirements

APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor (APM).
The APM is a process that runs on the APSolute Vision server with APM server VA offering. APSolute
Vision WBM includes an option to open the APM Web interface. You access the APM via a browser on
your PC. APSolute Vision WBM includes an option to open the APM Web interface.
For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and
Maintenance Guide.
APSolute Vision Reporter Requirements

APSolute Vision WBM can connect to the APSolute Vision Reporter (AVR). APSolute Vision WBM
includes a button that opens the AVR in a separate browser tab.
Java client version 1.6.0_22 or later must be installed to run the APSolute Vision Reporter.
Device Performance Monitor Requirements

APSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for
Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser
tab.
Logging into APSolute Vision

To start working with APSolute Vision, you log in to the APSolute Vision Web application, which is
referred to as Web Based Management (WBM).
The first login to APSolute Vision WBM requires an APSolute Vision Activation License (which has a
vision-activation prefix). The license is based on the MAC address of the APSolute Vision G1 or G2
port, which the CLI command net ip get displays. You can request the license from Radware
Technical Support. The license is also available using the license generator at radware.com.
Up to 50 concurrent users can access the APSolute Vision server concurrently.
63

Note: Users with the Administrator role can manage APSolute Vision users. For information on
managing APSolute Vision users, see Managing APSolute Vision Users, page 69.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your
credentials and privileges may be managed through an authentication server or through the local
APSolute Vision user database.
After successful authentication, the users role is assigned. The role determines the devices that the
user is authorized to manage. Furthermore, the role determines which content panes, menus, and
operations the user can access. The assigned role remains fixed throughout the user session.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 84). If the user uses credentials from
an authentication server (for example, a RADIUS server), you must contact the administrator of that
authentication server.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 69.
To log into APSolute Vision as an existing user

1.
In a Web browser, enter the hostname or IP address of the APSolute Vision server.
2.
In the login dialog box, specify the following:
User NameYour user name.
PasswordYour user password. Depending on the configuration of the server, you may be
required to change your password immediately. Default: radware.
3.
(globe icon)The language of the APSolute Vision graphical user interface.
Click Login.
Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware
recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System
perspective, General Settings > Connectivity > Timeout).
Changing Passwords for Local Users

If your user credentials are managed through the APSolute Vision Local Users table (not through an
authentication server, such as RADIUS or TACACS+), you can change your user password at the
login or in the APSolute Vision Settings view Preferences perspective. For information about
password requirements, see APSolute Vision Password Requirements, page 86.
If your password has expired, you must change it in the APSolute Vision Login dialog box.
Note: For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.
64

To change a password for a local user

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences > User
Password Settings.
2. Configure the parameters, and click Update Password.
Table 1: User Password Settings Parameters
Parameter
Description
Current Username
(Read-only) The current username.
Current Password
Your current password.
New Password
Your new password.
Confirm New Password
Your new password.
Selecting Your Landing Page

You can select the page that APSolute Vision displays when you open APSolute Vision WBM.
To selecting your landing page

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences >
Display.
2. Configure the parameter, and click Submit.
Table 2: Display Parameter
Parameter
Description
Default Landing Page
The page that APSolute Vision displays when you open APSolute
Vision WBM.
Values:
NoneWhen you open APSolute Vision WBM, you land in the

default page configured on the APSolute Vision server (see
Configuring APSolute Vision Display Parameters, page 124).
Application SLA DashboardWhen you open APSolute Vision

WBM, you land on the Application SLA Dashboard (see Using the
Application SLA Dashboard, page 433).
Security Control CenterWhen you open APSolute Vision WBM,

you land on the Security Control Center (see Using the Security
Control Center, page 436).
Default: None
Note: Your user role and scope determines the available options.
If you do not have permission to view default page configured on
the APSolute Vision server, you land in the first permitted tab in
the APSolute Vision Settings view. For information on user roles
and scopes, see Managing APSolute Vision Users, page 69.
65

After Initial Configuration of APSolute Vision

After initial configuration of the APSolute Vision server, continue with the following (as permitted by
your RBAC role):
If required, configure local APSolute Vision users and global user settings in the APSolute Vision
Settings view System perspective, under User Management. For more information, see
Managing APSolute Vision Users, page 69.
Add the devices that you want to manage using APSolute Vision. For more information, see
Setting Up Your Network and Basic Device Configuration, page 129.
To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.
Configure the Radware devices that APSolute Vision manages. For more information, see the
APSolute Vision online help.
Manage device operations and maintenance.
Monitor the managed devices using APSolute Vision. For more information, see the APSolute
Vision online help.
Note: For more information about the Radware products that APSolute Vision supports, see the
relevant product user guides and related documentation.
Using Common GUI Elements in APSolute Vision

This section contains the following:
Icons/Buttons and Commands for Managing Table Entries, page 66
Filtering Table Rows, page 67
Icons/Buttons and Commands for Managing Table Entries

The following table describes icons/buttons and corresponding commands that are available when
you manage table entries (rows) using APSolute Vision Web Based Management. The commands
that are available depend on the feature. The icons/buttons are always above a table on the left
side. When the mouse cursor (pointer) hovers over an icon/button, the display changes from
monochrome (gray) to colored.
Notes
You can configure and control a managed device only when the device is locked (see Locking
and Unlocking Devices, page 145).
The APSolute Vision documentation shows icons/buttons in their colored state.
Table 3: Icons/Buttons and Commands for Managing Table Entries
Icon/Button
66
Command
Description
Add
Opens an Add New... tab to configure a new entry.
Edit
Opens an Edit... tab to modify the selected existing entry.

Table 3: Icons/Buttons and Commands for Managing Table Entries (cont.)
Icon/Button
Command
Description
Duplicate
Opens an Add New... tab, which is populated with the values

from the selected entry, except for the indexes.
Delete
Deletes the selection.
Export
Exports the selected entry.
View
Opens a View... tab to view the values of the selected entry.
Filtering Table Rows

For many tables in APSolute Vision and managed devices, you can filter table rows according to
values in the table columns.
The filter uses a Boolean AND operator for the filter criteria that you specify. That is, the filtered
table displays the rows that match all the search parameters, not any of the search parameters. For
example, if the table includes the columns Policy and Port, and you filter for the policy value ser,
and the port value 80, the filtered table displays rows where the value of the Policy parameter
includes ser AND the value of the Port parameter includes 80.
To filter table rows

1. Do the following:
If a table column displays a drop-down list (with an arrow, like this,

the arrow and select the value to filter by.
If the table column displays a white, text box (like this,

filter by.
), click
), type the value to
Notes
For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a
match if the string that you enter is merely contained in a value. For example, if you enter
ser in the text box, the filter returns rows with the values ser, service1, and service2.
If the box at the top of a column is gray (like this,

according to that parameter.
2. Click the
), you cannot filter
(Filter) button or press Enter.
67

68
Chapter 3 Managing APSolute Vision Users

APSolute Vision supports concurrent access to up to 50 users.
Each user has individual credentials and privileges. APSolute Vision supports role-based access
control (RBAC) to manage user privileges. RBAC users can be defined and managed in the local
APSolute Vision user database (the Local Users table) or through an external authentication server.
All user credentials for local users are encrypted and stored in the APSolute Vision database.
All all actions by all users (local or non-local) are stored in the audit log.
Users with the appropriate privileges can lock a device on an APSolute Vision server and modify its
configuration. Locking the device prevents other users from performing configuration tasks on that
device at the same time.
The following topics describe role-based access control, and how to configure and monitor local
APSolute Vision users:
Logging In as the Default Administrator Userradware User, page 69
Role-Based Access Control (RBAC), page 70
Configuring Local Users for APSolute Vision, page 79
Viewing User Statistics, page 86
Configuring General User Settings, page 77
APSolute Vision Password Requirements, page 86
Logging In as the Default Administrator Userradware

User
A new APSolute Vision server (one that no one has yet logged into) contains a single predefined
Administrator user, which is called radware, defined with the Administrator role.
Caution: Radware recommends that the radware user be used by customers for disaster recovery
and kept secret from all other administrators.
The radware user can create and manage additional local users and their individual and global user
settings.
The radware user cannot be deleted.
The radware user is authenticated only in the Local Users table, regardless of whether the system is
configured to use a different authentication method. That is, the radware user cannot be overridden
by the configuration of an authentication server (see Configuring Connections to Authentication
Servers, page 103).
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
The radware user can change the password of the radware user in the CLI or in the login dialog box.
For more information, see the APSolute Vision User Guide.
69

Managing APSolute Vision Users
To log in to APSolute Vision for the first time as the radware user
1.
In your Web browser, enter the hostname or IP address of the APSolute Vision server.
2.
3.
UsernameThe name of the user, radware.
PasswordThe password for the radware user.
Click Login.
Role-Based Access Control (RBAC)

You can determine the functionality and managed devices available to each user in APSolute Vision
by using RBAC to associate users with roles and scopes of devices.
Except for the radware user, all users can also be defined and managed through an authentication
server.
A user with the Administrator or User Administrator role can create, edit, and manage local APSolute
Vision users. User management includes assigning scopes and roles. A scope defines the devices
that the user can access. A role defines the set of permissions for the corresponding scope.
Scopes of devices correspond to the hierarchy in the device pane. A scope can contain an individual
device or all the devices in a site (and its child sites). Scopes are named according to the
corresponding site or device name. The All scope contains all devices and the APSolute Vision server.
Caution: If the name of an APSolute Vision site changes and an authentication server
authenticates users, you must reconfigure the user scopes on the authentication server.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role
defines a set of privileges.
All roles, except Administrator, User Administrator, or Vision Administrator must be assigned a
scope.
Users with the Administrator, User Administrator, or Vision Administrator role with the All scope.
APSolute Vision always configures users with the Administrator, User Administrator, or Vision
Administrator role with the All scope.
Caution: When defined through an authentication server, users with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL] (including the
square brackets).
A user sees the APSolute Vision GUI displayed according to that users role, for example:
When a user has full read and write permissions, all Add, Edit, and Delete buttons are displayed.
When a user has update permissions only, Add buttons are not displayed.
When a user does not have any configuration permissions, Add, Delete, and Submit buttons are
not displayed.
The APSolute Vision Settings view System perspective is displayed only to users with the
Administrator, User Administrator, or Vision Administrator role.
70

A user with the User Administrator role can manage all user settings: the Local Users table, the
Authentication Method, and so on. A user with the User Administrator role cannot view other
elements in the APSolute Vision Settings view System perspective.
The tree in device pane displays only those devices that belong to scope associated with the
user.
The Security Monitoring perspective displays visible attacks only of those devices that belong to
the scope and specified DefensePro Network Protection policies associated with the user. This
applies also to the information that APSolute Vision Reporter displays.
Caution: Users with the name admin (case insensitive) cannot be created in the APSolute Vision
local user table. If users with the name admin (case insensitive) are defined in an external
authentication server (RADIUS or TACACS+) or were created in the local user table prior to APSolute
Vision version 3.30, they can log in to APSolute Vision, but they will not be able to log in to the AVR.
All users can see the Alerts pane, but the alerts displayed are limited according to device
permissions.
The relevance and descriptions for the predefined roles may depend on the device type (Alteon or
DefensePro).
Each role has an associated identity-management (IDM) string. You use the IDM strings in an
authentication-server configuration, for example. If the user is authenticated, the APSolute Vision
server grants access according to the users IDM string and scope. The authentication server AccessAccept response must include an IDM-stringscope combination.
Note: APSolute Vision RBAC functionality is separate from the functionality of device user accounts.
The following table lists the predefined roles and the corresponding IDM strings.
Table 4: Predefined Roles and IDM Strings
Role
IDM String
ADC + Certificate Administrator
ADC_AND_CERTIF_ADMIN
ADC Administrator
ADC_ADMIN
ADC Operator
ADC_OPERATOR
Administrator
SYS_ADMIN
Certificate Administrator
CERTIF_ADMIN
Device Administrator
DEV_ADMIN
Device Configurator
CONFIG
Device Operator
DEVICE_OPERATOR
Device Viewer
VIEWER
Real Server Operator
REAL_SERVER_OPERATOR
Security Administrator
SEC_ADMIN
Security Monitor
SEC_MON
User Administrator
USR_ADMIN
Vision Administrator
VISION_ADMIN
Vision Reporter
REPORTER
71

Table 5: Role per Radware Product
Role
Can Add
Manages Application
Manages Security
New Device Delivery Devices (Alteon Devices (AppWall and
and LinkProof NG)
DefensePro)
No
Yes
No
ADC Administrator
No
Yes
No
ADC Operator
No
Yes
No
Administrator
Yes
Yes
Yes
Certificate Administrator
No
Yes
No
Yes
Yes
Yes
Device Configurator
No
Yes
Yes
Device Operator
No
Yes
No
Device Viewer
No
Yes
Yes
Real Server Operator
No
Yes
No
Security Administrator
No
No
Yes
Security Monitor
No
Yes
Yes
User Administrator
No
N/A
N/A
Vision Administrator
Yes
Yes
Yes
Vision Reporter
No
Yes
Yes
The following table describes the predefined roles in APSolute Vision.
Table 6: Predefined Roles
Role
Description
ADC + Certificate
Administrator
The union of ADC Administrator and Certificate Administrator roles.

Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can access Security Monitoring perspective.
ADC Administrator
Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Can access Security Monitoring perspective.
ADC Operator
Has read-only permission on the configuration of ADC devices and general

device control.
72

Table 6: Predefined Roles (cont.)
Role
Description
Administrator
Can access the CLI and can perform all actions and access all functionality.
Certificate
Administrator
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can access the Monitoring perspective.
Can perform all functions related to Alteon and LinkProof NG, but some
functions are read-only.
Can view the Application SLA Dashboard.
Device
Administrator
Has full control over devices for which the user has credentials.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table.
Can access the Templates tab.
Device Configurator Can access all Configuration-perspective panes and Monitoring-perspective

panes, and has full control over the Setup, Networking, Device Security and
Advanced parameter tabs of the Configuration perspective of the devices for
which the user has credentials.
Can perform all Configuration and Monitoring pane perspective functions of
the devices for which the user has credentials, excluding AppShapes.
Device Operator
Has full control over all Monitoring perspective panes and can access the
Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG, including
AppShapes, but some functions are read-only.
Device Viewer
Can access all devices for which the user has credentials.
Real Server
Operator
Can lock and unlock an Alteon device for which the user has credentials.
Can access the Monitoring perspective with the following permissions with
read-write access to the following nodes (all other nodes are hidden):
Application Delivery > Virtual Service > Real Servers
Application Delivery > Virtual Service > Server Groups
Can view the Application SLA Dashboard.

Security
Administrator
Can configure and manage network and server security, ACL policies, and so
on.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table. Furthermore, can open the AppShapes & Templates
tab, and can see and use the DefensePro Configuration Templates node.
Security Monitor
Has full control over Security Monitoring and APSolute Vision Reporter.
User Administrator
Can access the APSolute Vision Settings view System perspective, and in it,
can create and manage users. Cannot view other elements in the APSolute
Vision Settings view System perspective.
73

Table 6: Predefined Roles (cont.)
Role
Description
Vision
Administrator
Can access the CLI except for system snmp community and system snmp
trap target and can perform all actions and access all functionality,
except for user management and authentication protocols (RADIUS Settings
and TACACS+ Settings).
Vision Reporter
Has full control over APSolute Vision reporting capabilities (APM, AVR, and
DPM).
vDirect
AppShapes
DefensePro Configuration
Templates
Scheduler
AVR
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role
APM, DPM, and Application

SLA Dashboard
Security Control
Center
Table 7: Feature-Accessibility per Role
ADC +
Certificate
Administrator
Yes
Yes
Yes
Yes, but only User

Preferences and
Device Resources
No
Yes
No
No
No
Yes
Yes
ADC
Administrator
Yes, except for

Certificate
Repository, which is
read-only
Yes
Yes
Yes, but only User

Preferences and
Device Resources
No
Yes
No
No
No
Yes
Yes
ADC Operator
Yes, but read-only
Yes
No
Yes, but only User

Preferences and
Device Resources
No
Yes
No
No
No
No
No
Administrator
Yes
Yes
Yes
Yes, all
Yes
Yes
Yes
Yes
Yes
Yes
Yes
74

vDirect
Yes, but read-only,

Yes, but read-only
except for read-write
access to Certificate
Repository and the
Client Authentication
Policy
No
Yes, but only User

Preferences and
Device Resources
No
No
No
No
No
No
No
Device
Administrator
Yes
Yes
Yes
Yes, but only User

Preferences and
Device Resources
Yes
Yes
Yes, but
cannot click
Vision
Settings.
Yes
Yes
Yes
Yes
Device
Configurator
Yes, but some items

are read-only
Yes, but some items No

are read-only (for
example, realserver status)
Yes, but only User

Preferences and
Device Resources
No
Yes
Yes, but
cannot click
Vision
Settings.
Yes
No
No
No
Device
Operator
Yes, but read-only
Yes
No
Yes, but only User

Preferences and
Device Resources
No
Yes
No
Yes
No
No
No
Device Viewer
Yes, but read-only
Yes, but read-only
Yes
Yes, but only User

Preferences and
Device Resources
Yes
Yes
Yes, but
cannot click
Vision
Settings.
No
No
No
No
Scheduler
Certificate
Administrator
AVR
AppShapes
Templates
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role

SLA Dashboard
Security Control
Center
Table 7: Feature-Accessibility per Role (cont.)
75

vDirect
No
Yes, but limited to

Real Servers and
Server Groups
nodes
No
Yes, but only User

Preferences
No
No
No
No
No
No
No
Security
Administrator
Yes
Yes
Yes
Yes, but only User

Preferences and
Device Resources
Yes
No
Yes, but
cannot click
Vision
Settings.
Yes
Yes
No
No
Security
Monitor
No
No
Yes
Yes, but only User

Preferences
Yes
No
Yes, but
cannot click
Vision
Settings.
No
No
No
No
User
Administrator
No
No
No
Yes, but only User

Preferences and
User Management
settings
No
No
No
No
No
No
No
Vision
Administrator
Yes
Yes
Yes
All, but excluding

User Management
settings and
authentication
protocols (RADIUS
Settings and
TACACS+ Settings)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
76
Scheduler
Real Server
Operator
AVR
AppShapes
Templates
Settings View
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role

SLA Dashboard
Security Control
Center

No
Yes
Yes
No
No
Templates
Scheduler
AVR
Settings View
Yes, but only User
Preferences
No
vDirect
No
AppShapes
Vision Reporter No
Security Monitoring
Perspective
Monitoring
Perspective
Configuration
Perspective
Role

SLA Dashboard
Security Control
Center
No
No
To view the list of predefined roles

>
In the APSolute Vision Settings view System perspective, select User Management > Roles.
Configuring General User Settings

The Administrator or User Administrator user can specify the user-authentication method for all APSolute Vision interfaces.
To configure general user-management settings

1. In the APSolute Vision Settings view System perspective, select User Management > User Management Settings.
2. Configure the parameters, and click Submit.
77

Table 8: User Management Settings
Parameter
Authentication Mode
Description
The user-authentication method APSolute Vision users.
The Administrator or User Administrator user can specify the
user-authentication method for all APSolute Vision interfaces.
The setting is retained after reboot of the APSolute Vision
server, and it is included in the APSolute Vision configuration
backup and restore operations.
Values:
LocalThe Local Users table stores the credentials of and

authenticates the APSolute Vision users (see Configuring
Local Users for APSolute Vision, page 79).
RADIUSA RADIUS server stores the credentials of and

RADIUS Server Connections, page 103). If the primary
RADIUS server and, if defined, secondary RADIUS server is
down, user authentication fails over to the Local Users table
(see Configuring Local Users for APSolute Vision, page 79).
TACACS+A TACACS+ server stores the credentials of and

TACACS+ Server Connections, page 107). If the primary
TACACS+ server and, if defined, secondary TACACS+
server is down, user authentication fails over to the Local
Users table (see Configuring Local Users for APSolute
Vision, page 79).
Default: Local
Maximum Password Challenges
The number of consecutive unsuccessful password entries

before a user is locked out.
Values: 310
Default: 3
Default Password for Other Users
The default password that new users, other than the radware
user, enter on initial login or after password reset.
Notes:
You can configure the initial password for an individual user.

For more information, see Table 13 - User: Password
Parameters, page 83.
The radware user can change the password at any time or

on expiration.
Confirm Default Password for

Other Users
The value for confirmation of Default Password for Other

Users.
Password Validity Period
The number of days from password creation until that password

expires. When you change this value, the new value is applied
to any subsequently created passwords; current passwords are
not affected by the change.
Values: 13670
Default: 30
78

Table 8: User Management Settings (cont.)
Parameter
Description
User Statistics Storage Period
The number of days the user statistics information is stored

before being deleted.
Values: 13670
Default: 30
Number of Last Passwords Saved
The number of passwords that APSolute Vision saves for a user

to prevent the user from reusing a recently expired password.
Values: 2100
Default: 3
User Must Change Password at

First Login
Specifies whether all users must change their password when

logging in for the first time to the APSolute Vision server.
Default: Disabled
Note: The value for this parameter applies to when the user
is created, and does not change. For example, if the value for
this parameter is enabled when the user is created, and then
the value changes to disabledbut the user has not yet
logged in, the user will be required to change his/her
password when he/she first logs in.
Configuring Local Users for APSolute Vision

The Local Users table contain individual local APSolute Vision user configurations.
A user with the Administrator or User Administrator role can set and change the following individual
local APSolute Vision user configurations:
Specify the user-authentication method (Authentication Mode)
Add, edit, and delete users
Revoke and enable users
Release user lockout and reset user passwords
For information about setting global user configurations, see Configuring General User Settings,
page 77.
Note: An authentication server is specified to authenticate the APSolute Vision users. When the
authentication server is down, user authentication fails over to the Local Users table.
Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware
recommends that administrator users be defined also in the Local Users table. Having users defined
also in the Local Users table is for fall-back access to APSolute Vision in case the authentication
server is not available.
Use the Local Users tab for the following operations:
Adding and Editing Users, page 81
Deleting Users, page 84
Releasing User Lockout, page 84
79

Resetting User Passwords to the Default, page 84
Revoking and Enabling Users, page 85
To open the Local Users tab

>
In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
The Local Users tab displays information for all currently defined users. Additional information for
users is available when editing specific rows in the Local Users table.
Table 9: Local User Table Parameters
Parameter
Description
User Name
The username used for login.
User Full Name
The users full name.
Language
The default display language for the user.

Notes:
The Default Display Language parameter (see Configuring

APSolute Vision Display Parameters, page 124) determines the
default value.
The user can change his/her own display language, by using

the
Scope
icon at the upper-right corner of the main screen.
The scopes of devices organized according to the site tree in the

device pane. A scope can contain an individual device or all the
devices in a site. The All scope contains all devices and the
APSolute Vision server.
The displayed scopes for each user represent the devices that the
user can access. Each scope in the list is associated with a
corresponding role that defines the permissions for the user on
those devices.
Users defined through an authentication server with the
Administrator, User Administrator, or Vision Administrator role
must be configured with the scope [ALL] (including the square
brackets).
Role
The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.
Contact Info
The users contact informationorganization, address, and phone

number.
Password Expiration Date
The date on which the current password expires.
Active User
Specifies whether the user is currently enabled.

Values:
Currently Locked Out
YesThe user is currently enabled.
NoThe user is currently suspended and cannot log in.
Specifies whether the user is currently locked out.
Created On
The date on which the user was created.
Last Password Change
The date on which the user password was last changed.
80

Table 9: Local User Table Parameters (cont.)
Parameter
Description
Last Lockout
The date on which the user was last locked out.
Adding and Editing Users

When you add a user, you associate the user with one or more role-and-scope pairs to define the
users privileges and the managed devices to which the privileges apply. Scopes represent the
devices for which the user has credentials. The corresponding role for each scope in the list defines
the permissions for the user on those devices.
When you modify the role and/or scope assignment for a user who is logged into APSolute Vision,
the user must log out and log in again for the changes to take effect.
By default, a new user is not associated with any scope or role.
You can only add a scope once for each user. You cannot add a scope that contains devices that are
already in a scope associated with the user.
For DefensePro devices, after you configure the role-scope pair, you can configure the securitymonitoring access for the user. Security-monitoring access defines what security data the user sees
in the Security Monitoring perspective and APSolute Vision Reporter according to specified
DefensePro Network Protection policies.
Note: The terms Network Protection policy and network policy may be used interchangeably in
APSolute Vision and in the documentation.
To add or edit a user

1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. Do one of the following:
To add a user, click the
(Add) button in the tab toolbar.
To edit a user, double-click the username.
3. In the Permissions tab User Roles and Scopes table, do one of the following:
To add a new role-scope pair, click the
To edit a role-scope pair, click
(Edit) in the tab toolbar.
From the Role drop-down list, select the role for the selected scope.
From the Scope drop-down list, select the scope containing the devices that the user can
access.
Note: For information on roles, see Role-Based Access Control (RBAC), page 70.
5. Click Submit.
6. Configure the rest of the user parameters, and click Submit.
81

Tip: Select a row and click the

(Duplicate...) button to open a new add row tab, which is
populated with the values from the selected row, except for the indexes.
Note: At the initial login, a new user enters the password and is then prompted to create a new
password. Users can always change their own passwords at login. For more information, see
Changing Passwords for Local Users, page 64. The initial password can be a default password (see
Table 8 - User Management Settings, page 78) or a personal password configured for the specific
user (see Table 13 - User: Password Parameters, page 83).
Table 10: User: General Parameters
Parameter
Description
User Name
The username used for login. This field is mandatory.

The name must start with a letter or an underscore and cannot start
with a number or any other character.
The remaining characters can be letters, numbers, underscores,
hyphens, or periods (dots).
APSolute Vision usernames are not case sensitive when logging in to
APSolute Vision WBM.
APSolute Vision usernames are case sensitive when logging in to the
APSolute Vision CLI.
APSolute Vision user passwords are case sensitive.
User Full Name
The users full name. This field is optional.
Language
The default display language for the user.

Notes:
The Default Display Language parameter (see Configuring

APSolute Vision Display Parameters, page 124) determines the
default value.
The user can change his/her own display language, by using the
Table 11: User: Permissions Parameters
Parameter
Description
User Roles and Scopes
The specified role for the user on the specified device or devices for
which the user has credentials.
Authorized Network Policies

for Security Monitoring
The DefensePro Network Protection policies that the user is

authorized to monitor in the Security Monitoring perspective. For
more information, see the procedure below, To configure the
DefensePro Network Protection policies whose security data the user
can access in the Security Monitoring perspective and APSolute
Vision Reporter, page 83.
82

Table 12: User: Contact Info Parameters
Parameter
Description
These fields are optional.

Organization
The users organization.
Address
The users address.
Phone Number
The users phone number.
Table 13: User: Password Parameters
Parameter
Description
These fields are optional.

If you specify no password, APSolute Vision uses the default password for new users. (For more
information, see Default Password for Other Users in Table 8 - User Management Settings,
page 78.)
Password
The initial password for the new user.
Confirm Password
The value for confirmation of Password, when you specify the initial
password for the new user.
To configure the DefensePro Network Protection policies whose security data the user
can access in the Security Monitoring perspective and APSolute Vision Reporter
Users.
2. In the Permissions tab, under the title Authorized Network Policies for Security
Monitoring, configure the Selected table with the Network Protection policies whose security
data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Notes
By default, users have access to all policies of all devices in their scope.
When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in
the Policy Name column. This signifies that the user can access all policies for each permitted
device. A user must be authorized for all network policies of a device ([ALL]) or for selected
network policies of a device. When you move a policy from the Available table to the Selected
table, [ALL] values move automatically from the Selected table to the Available table.
A change to Authorized Network Policies for Security Monitoring takes effect the next
time the user logs in, and does not affect current ongoing sessions.
83

Deleting Users
Deleting a user removes the user from the Users table.
Notes
The radware user cannot be deleted.
You can suspend a user without removing the user from the table. For more information, see
Revoking and Enabling Users, page 85.
To delete a user
1.
Users.
2.
In the Local Users table, select the username, and click the
toolbar.
3.
Click Yes in the confirmation box.
(Delete) button in the tab
Releasing User Lockout

When a user performs more than the permitted number of unsuccessful logins (User
Management > User Management Settings > Maximum Password Challenges), the user is
locked out and cannot log in again until the user administrator releases the lock and resets the
password.
To release a user lockout

1.
Users.
2.
In the Local Users table, select the username(s) that you want to unlock, and click
Selected Users).
3.
Reset the user password to the default, see Resetting User Passwords to the Default, page 84.
(Unlock
Resetting User Passwords to the Default

Following a user lockout, a user administrator can reset a local users password to the default user
password. When the user next logs into APSolute Vision, that user will be prompted to change the
default password according to APSolute Vision Password Requirements, page 86.
Note: You cannot reset the password of the radware user. If the radware user is locked out for any
reason, contact Radware Technical Support.
84

To reset a users password to the default

Users.
2. In the Local Users table, select the username(s) whose password you want to reset, and click
(Reset Selected User Password).
Revoking and Enabling Users

Revoking a user suspends the user, but does not delete the user from the Users table. To delete a
user from the Users table, see Deleting Users, page 84.
To revoke a user
Users.
2. In the Local Users table, select the username(s), and click
(Revoke Selected Users). The
value in the Active User column of the user in the Local Users table changes from Yes to No.
To enable a revoked user

Users.
2. In the Users table, select the username(s), and click
(Enable Selected Users). The value in
the Active User column of the user in the Local Users table changes from No to Yes.
Viewing Predefined Roles

APSolute Vision provides the predefined roles, which you cannot delete or modify.
Note: For the list of predefined roles, see Predefined Roles, page 72.
To view the table of predefined roles

>
In the APSolute Vision Settings view System perspective, select User Management > Roles.
85

Viewing User Statistics

Use the User Statistics tab to view user statistics.
The User Statistics tab includes the following tables:
Currently Connected UsersThe users who are currently connected to APSolute Vision
through the local user table or an authentication server.
The table contains the following columns:
Name
Login Date and TimeThe date and time of last login. The date/time format is configurable
according to your preferences (APSolute Vision Settings view Settings perspective, General
Settings > Display).
User StatisticsA table, which you can filter, and which contains the following columns:
User Name
Date
Successful Logins
Failed Authentication Attempts
Password Changes
Lock-Outs
To display user statistics

>
In the APSolute Vision Settings view System perspective, select User Management > User
Statistics.
APSolute Vision Password Requirements

All personal and default passwords required by the Administrator user and other local users must
conform to the following rules:
A password must be at least eight (8) characters in length.
A password must include characters from at least two (2) of the following character types: text
character, number, special characterexcept for characters that may have command functions.
A password must not be the same as the username with which they are associated.
A new password must not contain a sequence of three (3) or more characters from the previous
password.
For information about changing individual and default passwords, see the following:
Changing Passwords for Local Users, page 64
Configuring General User Settings, page 77
86
Chapter 4 Managing and Monitoring the

APSolute Vision System
APSolute Vision monitors and controls the APSolute Vision server and platform, and the associated
database.
This chapter contains the following main sections:
Monitoring APSolute VisionOverview, page 87
Managing APSolute Vision Basic Information and Properties, page 88
Configuring Connectivity Parameters for Server Connections, page 91
Configuring Settings for the Alerts Pane, page 95
Configuring Monitoring Settings, page 101
Configuring APSolute Vision Server Alarm Thresholds, page 102
Configuring Connections to Authentication Servers, page 103
Managing Device Drivers, page 112
Configuring APSolute Vision Reporter Parameters, page 116
Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 117
Managing APM in APSolute Vision, page 118
Configuring DefensePipe Settings, page 122
Configuring APSolute Vision Server Advanced Parameters, page 122
Configuring APSolute Vision Display Parameters, page 124
Managing APSolute Vision Maintenance Files, page 126
Managing Stored Device Configuration/Backup Files, page 126
Controlling APSolute Vision Operations, page 128
Notes
The labels of mandatory APSolute Vision parameters are bold.
When the value of a parameter has changed, before the value is submitted, the label is in italics.
In the English language display, when a value of a parameter has changed, before the value is
submitted, the tab label is in italics and has an asterisk (*).
In the Chinese language display, when a value of a parameter has changed, before the value is
submitted, the tab label has a dashed underline.
Monitoring APSolute VisionOverview

APSolute Vision monitors the APSolute Vision server and platform, and the associated database. The
system monitors performance and operational status, and stores the processed monitoring
information in the APSolute Vision database. When a problem is identified, an alert is issued, and
displayed in the Alerts pane.
87

Managing and Monitoring the APSolute Vision System
Managing APSolute Vision Basic Information and

Properties
Displaying Basic Information About the APSolute Vision Server, page 88
Managing APSolute Vision Server Software, page 89
Displaying APSolute Vision Server Hardware Information, page 90
Managing and Updating the Attack Descriptions File for DefensePro, page 90
Displaying Basic Information About the APSolute Vision Server

You can view the basic information about the APSolute Vision server. You can also verify that the
date and time on the APSolute Vision server is synchronized with the date and time on the client PC.
To display the basic information about the APSolute Vision server

>
In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
Table 14: Basic Parameters: General Parameters
Parameter
Description
Operational Status
Specifies whether the of the APSolute Vision server is currently

up or down.
Management IP Address
The IP address of the of the APSolute Vision server used for

management.
Hardware Platform
The type of hardware platform of the APSolute Vision server.
Vision Server Uptime
The up time of the APSolute Vision server, in days, hours,

minutes, and seconds.
APSolute Vision Server Time
The current date, time, and timezone in the APSolute Vision

server.
Note: APSolute Vision requires the time and date settings of
the server and client to be configured correctly relative to the
real time, taking into consideration their defined timezones.
Upon logging into the APSolute Vision client, an alert is
generated if a discrepancy of more than 5 minutes is found
between the time and date settings of the server and client.
MAC Address of Port G1
The MAC address of the APSolute Vision server G1 port.

Note: If the port is not supported, the field displays the value
Unsupported.

Note: If the port is not supported, the field displays the value
Unsupported.
88

To verify the date and time settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Click Verify Time Settings.
Managing APSolute Vision Server Software

You can view information about the APSolute Vision server software. You can also update the
software, and you can download a log of the upgrades to the server.
Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For
optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade
Commands, page 490.
To display APSolute Vision server software information

Parameters.
2. Select the Software tab.
Table 15: APSolute Vision Server Software Parameters
Parameter
Description
Software Version
The version of the APSolute Vision server, APSolute Vision Reporter

(AVR), Device Performance Monitor (DPM), and Application
Performance Monitor (DPM).
Build
The date and build number of the current software version.
Last Upgrade
The date and time of the last upgrade.
Upgrade Status
The upgrade status.

Values: OK, Failed
To update the APSolute Vision server software

Parameters.
2. Select the Software tab.
3. Click Update.
4. Click Browse, navigate to the upgrade file, and click Open.
89

5.
In the Password text box, enter the passwordif required. A password is required for upgrade
to all major versions. Upgrade without a password is allowed when upgrading to minor versions.
Note: The password is based on the size of the upgrade file and the MAC address of the
APSolute Vision G1 or G2 port, which the Basic Parameters pane displays. You can request the
password from Radware Technical Support. The password is also available using the password
generator at radware.com.
6.
Click Upload.
To download the upgrade log of the APSolute Vision server

1.
Parameters.
2.
Select the Software tab.
3.
Click Download Upgrade Log. You can open the file with a selected application, or you can
save the file to a specified location.
Displaying APSolute Vision Server Hardware Information

You can view information about the APSolute Vision server hardware.
To display APSolute Vision server hardware information

1.
Parameters.
2.
Select the Hardware tab.
Table 16: APSolute Vision Server Hardware Parameters
Parameter
Description
RAM Size
The amount of RAM, in gigabytes.
Managing and Updating the Attack Descriptions File for DefensePro

You can view the time of the latest update of the Attack Description file on the APSolute Vision
server, and you can update the file.
The Attack Description file contains descriptions of all the different attacks that DefensePro can
handle. You can view a specific description by entering the attack name. When you first configure
APSolute Vision, you should download the latest Attack Description file to the APSolute Vision server.
The file is used for real-time and historical reports to show attack descriptions for attacks coming
from DefensePro devices.
The file versions on APSolute Vision and on the DefensePro devices should be identical. Radware
recommends synchronizing regular updates of the file at regular intervals on APSolute Vision and on
the individual devices.
Note: Radware also recommends updating the Attack Description file each time you update the
Signature files on DefensePro devices.
90

When you update the Attack Description file, APSolute Vision downloads the file directly from
Radware.com or from the enabled proxy file server.
To view the date and time of the last update of the Attack Description file
Parameters.
2. Select the Attack Descriptions File tab.
Table 17: Attack Descriptions File Parameter
Parameter
Description
Attack Descriptions Last Update
The time of the latest update of the Attack Description file on the
To update the Attack Description file

Parameters.
To update the Attack Description file from Radware, select the Radware.com radio button.
To update the files from the APSolute Vision client host:

a.
Select the Client radio button.
b.
In the File Name text box, enter the file path of the Attack Description file or click
Browse to navigate to and select the file.
3. Click Update. The Alerts pane displays a success or failure notification and whether the
operation was performed using a proxy server.
Configuring Connectivity Parameters for Server

Connections
These settings define how the APSolute Vision server communicates with the APSolute Vision clients,
external servers, and Radware devices.
To configure the connections to and from the APSolute Vision server

1. In the APSolute Vision Settings view System perspective, select General Settings >
Connectivity.
91

Table 18: Connectivity: SNMP Parameters Toward Devices Parameters
Parameter
Description
Timeout
The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect to other Radware devices. If the device does not
respond after the configured number of retries, APSolute Vision
notifies the user that the connection failed.
Values: 1180
Default: 3
Caution: For DefensePro 7.x versions and in networks with high
latency, Radware recommends increasing the SNMP Timeout to
180 seconds (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Timeout).
Retries
The number of connection retries to another Radware device, when

the device does not respond.
Values: 1100
Default: 3
Port
The port used to communicate with Radware devices.

Values: 165,535
Default: 161
Table 19: APSolute Vision Connectivity HTTP/S Parameters Toward Devices
Parameter
Description
Default HTTP Port
The default HTTP port that APSolute Vision uses to communicate

with Radware devices. This value is displayed in the HTTP Port text
box in the Device Properties dialog box.
Values: 165,535
Default: 80
Default HTTPS Port
The default HTTPS port that APSolute Vision uses to communicate

with Radware devices. This value is displayed in the HTTPS Port text
box in the Device Properties dialog box.
Values: 165,535
Default: 443
Connection Timeout
The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the handshake for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20
Socket Timeout
the remote hostduring the data transfer for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20
92

Table 19: APSolute Vision Connectivity HTTP/S Parameters Toward Devices (cont.)
Parameter
Description
Long Operation Connection

Timeout
the remote hostduring the handshake for certain long file
operationsbefore disconnecting the socket and returning an
exception.1
Values: 11200
Default: 180
Long Operation Socket

Timeout
the remote hostduring the data transfer for certain long file
operationsbefore disconnecting the socket and returning an
exception.
Values: 11200
Default: 180
1 This parameter relates to the following operations:

Import/export configuration file operations.
Export of the quarantined-addresses file (for DefensePro).
DefensePro-template import/export operations.
Import/export of Radware-devices log files.
Import/export of certificate files.
Import/export of DNSSEC files.
Import/export AppShape script files (for Alteon or LinkProof NG).
RSA update (for DefensePro).
Attack signatures updates (for DefensePro).
Download of the Attack Description file (for DefensePro).
Table 20: APSolute Vision Connectivity Event Notification Parameters
Parameter
Description
Vision Management Port
Specifies the management port on the APSolute Vision server to

which the managed Radware devices send events. Any change of
this parameter takes effect only when you click Register This
APSolute Vision Server for Device Events button. Clicking
Submit in this pane has no effect on this parameter.
Caution: This parameter overwrites the Register APSolute
Vision Server IP parameter.
Remove All Other Targets of

Device Events
Specifies whetherwhen you click Register This APSolute Vision

Server for Device Eventsthe APSolute Vision server removes
(from all the managed devices) all recipients of device events except
for its own address.
Default: Disabled
Note: For related information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG, page 144
and APSolute Vision Server Registered for Device Events
DefensePro, page 145.
93

Table 20: APSolute Vision Connectivity Event Notification Parameters (cont.)
Parameter
Description
Register This APSolute Vision Registers the APSolute Vision server as a target of the device events
Server for Device Events
(for example, traps, alerts, IRP messages, and packet-reporting
data) on all the managed devices.
(button)
In Alteon or LinkProof NG, when you click the button and run the
Apply command, APSolute Vision configures itself as a target of the
device events and ensures that the device also sends traps for
authentication-failure events. Alteon or LinkProof NG, by default,
does not send traps for authentication-failure events.
When multiple APSolute Vision servers manage the same
DefensePro device, the device sends the following:
Traps to all the APSolute Vision servers that manage it. The
Target Address table and the Target Parameters table contain
entries for all APSolute Vision servers.
Packet-reporting data only to the last APSolute Vision server that

registered on the device.
Note: For related information, see APSolute Vision Server

Registered for Device EventsAlteon and LinkProof NG, page 144
and APSolute Vision Server Registered for Device Events
DefensePro, page 145.
Table 21: Connectivity: Proxy Server Parameters
Parameter
Description
These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
Enable Proxy Server
Specifies whether the APSolute Vision server uses a proxy server to

download files from Radware.com.
IP Address
The IP address of the proxy server.
Port
The port of the proxy server.
Use Authentication
Specifies whether authentication is required for a successful

connection between the APSolute Vision server and the proxy server.
Username
The username for the proxy server.
Password
The password for the proxy-server user.
Verify Password
The password for the proxy-server user.
94

Table 22: Connectivity: Inactivity Timeouts Parameters
Parameter
Description
These settings define when to close the user session if there is no activity on either side.
Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a
poll from the WBM within 30 seconds, the server closes the user session.
Inactivity Timeout for
The time, in minutes, of inactivity after which the server logs the
Configuration and Monitoring user out of the Configuration or Monitoring perspectives of a
Perspectives
managed device, or the APSolute Vision Settings view System
perspective.
If the connection has not yet timed out, any activity in the Security
Monitoring perspective, APM, or DPM also resets the timer.
Values: 160
Default: 20
Inactivity Timeout for
Security Monitoring
Perspective, APM, and DPM
The time, in minutes, of inactivity in the Security Monitoring

perspective, APM, or DPM, after which the server logs the user out of
the Security Monitoring perspective, APM, and DPM.
Values: 14320
Default: 1440
Configuring Settings for Alerts

Configuring settings for alerts comprises the following topics:
Configuring Settings for the Alerts Pane, page 95
Selecting Parameters to Include in Security Alerts, page 100
Configuring Settings for the Alerts Pane

APSolute Vision displays alerts for APSolute Vision and all the managed Radware devices. The Alerts
pane is available in all APSolute Vision perspectives. APSolute Vision saves all alert information in
the database. You can configure Alerts pane settings to send alert reports to a syslog server and via
e-mail to defined recipients. You can also configure default settings for the Alerts pane per client.
For more information about the Alerts pane, see Managing Auditing and Alerts, page 241.
To configure Alerts pane settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Alert Browser.
95

Table 23: Alert Browser: Auditing Settings Parameters
Parameter
Description
Enable Detailed Auditing of

APSolute Vision Activity
Specifies whether the messages that APSolute Vision issues

regarding APSolute Vision activity include additional information,
such as the new value for a parameter.
For example:
When an administrator changes a value for a parameter (such as

Device Lock Timeout):
When the option is disabled, the message gives the name of

the parameter and says that the value was changed.
When the option is enabled, the message gives the name of

the parameter and the new value.
When a user administrator changes the contact information of

another user:
When the option is disabled, the message gives the name of

the user and says that the users properties were changed.
When the option is enabled, the message gives the name of

the user, says that the users properties were changed, and
gives the new contact information.
Default: Disabled
Notes:
96
When a message refers to a change that a user initiated, the

message includes the username (even when the option is
disabled).
For a list of log messages corresponding to when this option is

disabled, see Appendix C - APSolute Vision Log Messages and
Alerts, page 547.

Table 23: Alert Browser: Auditing Settings Parameters (cont.)
Parameter
Description
Enable Detailed Auditing of

Device Configuration
Changes
Specifies whether the messages that APSolute Vision issues

regarding configuration changes made on managed devicesfrom
APSolute Visioninclude additional information.
When a user changes a value for a scalar parameter:
When the option is disabled, the message gives the name of the
scalar and says that the value was changed.
When the option is enabled, the message gives the name of the
scalar and the new value.
When a user adds or edits an entry to a table:
table and says that a row was added or edited.
table, the table parameters, and the value for each parameter.
When a user deletes an entry in a table:
table and says that a row was deleted.
table and the indexes of the deleted row.
Default: Disabled
Notes:
When a message refers to a change that a user initiated, the

message includes the username (even when the option is
disabled).
This parameter does not affect audit messages that the

managed device generates, which APSolute Vision displays in the
Alerts pane. This parameter only affects alerts that APSolute
Vision generates itself.
Table 24: Alert Browser: Syslog Reporting Parameters
Parameter
Description
These settings determine how APSolute Vision reports and logs events from the Alerts pane to a
syslog server. For more information, see Alert Information, page 244.
Enable
Specifies whether APSolute Vision sends reports and logs to a syslog

server.
Default: Disabled
Report
Specifies whether APSolute Vision reports all messages received by

the Alerts pane or only audit messages.
Values: All Messages, Audit Messages
Default: All Messages
Syslog Server Address
The IP address of the device running the syslog service.
L4 Destination Port
Values: 165,535
Default: 514
97

Table 24: Alert Browser: Syslog Reporting Parameters (cont.)
Parameter
Description
Syslog Facility
The facility for all APSolute Vision syslog reporting. The list includes
facilities as defined in the RFC 3164. The default is Log Audit.
Change the default if the syslog server uses this facility for reports
from another system.
Enable Encryption
Specifies whether APSolute Vision sends syslog messages encrypted

over TLS.
Default: Disabled
CA Certificate
The filepath of the CA certificate.
(This parameter is available

only when the Enable
Encryption checkbox is
selected.)
To update the certificate
Enable Authentication
selected.)
1.
Click the Update button next to this text field. A file browser
dialog box opens.
2.
Browse to the certificate file, and click Open. The field displays
Pending.
3.
Click Submit. If successful, the field displays Installed.
Specifies whether the certificate must be authenticated with a

private key and a public key.
Default: Disabled
Authentication Type
Values:

selected.)
Certificate Validation (certvalid)APSolute Vision checks with

the syslog server that the certificate is valid.
NameAPSolute Vision checks with the syslog server that the

certificate is valid and includes the specified Permitted Peer in
the certificate subject.
Permitted Peer
The string that the certificate subject must include for

authentication.

only when the
Authentication Type is
Name.)
Private Key
The filepath of the private key.
(This parameter is available To update the certificate

1. Click the Update button next to this text field. A file browser
Authentication checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3.
Public Key
The filepath of the public key.
(This parameter is available To update the certificate

1. Click the Update button next to this text field. A file browser
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3.
98

Table 25: Alert Browser: Email Reporting Configuration Parameters
Parameter
Description
These settings configure how APSolute Vision sends events from the Alerts pane via e-mail to
defined recipients.
Enable
Specifies whether APSolute Vision sends reports and logs via e-mail.
Default: Disabled
SMTP Server Address

SMTP User Name
The name or IP address of the SMTP e-mail server.

The account name used to send e-mail notifications; for example,
Vision@MyCompany.com.
Subject Header
The text that appears in the Subject header of the e-mail.

Default: Alert Notification Message.
From Header
The text that appears in the From header of the e-mail.

Default: APSolute Vision
Recipient Email Address
The e-mail addresses of the intended recipients. When there are

multiple e-mail addresses, use comma (,) or semi-colon (;)
separators.
Email Sending Interval
The interval, in seconds, between successive e-mail messages.

Values: 603600
Default: 60
Alerts per Email
The maximum number of alerts to include in an e-mail message.

When there are more than the maximum number of alerts, multiple
e-mail messages are sent.
Values: 1100
Default: 30
Devices
Click to select a subset of managed devices for which to send alerts.
Move the required devices from the Available list to the Selected list.
Severity
Critical
Specifies whether to include alerts of this severity in e-mail

messages.
Major

messages.
Minor

messages.
Warning

messages.
Information

messages.
Module
Vision Configuration

messages.
Vision General
Specifies whether to include alerts regarding this module in e-mail

messages.
Vision Control

messages.
99

Table 25: Alert Browser: Email Reporting Configuration Parameters (cont.)
Parameter
Description
Device General

messages.
Device Security

messages.
Security Reporting

messages.
Table 26: Alert Browser: Display Parameters
Parameter
Description
Refresh Interval
The interval, in seconds, that APSolute Vision refreshes the Alerts

Table with the latest messages.
Values: 5300
Default: 5
Selecting Parameters to Include in Security Alerts

You can limit the parameters that are included in security alerts. This option enables you to
customize the alerts to provide the relevant information according to your administrative
requirements.
To select parameters to include in security alerts

1.
In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Security Alerts.
2.
Select the check box next to each parameter you want to include in the alerts.
You can choose any combination of the following parameters:
Policy Name
Attack Name
Source IP Address
Destination IP Address
Destination Port
Action
By default, all the checkboxes are selected.

3.
Click Submit.
Note: Changes to the settings take effect on alerts generated from the time of the change and
onward.
100

Configuring Monitoring Settings

APSolute Vision can perform online monitoring of all the managed Radware devices. It also collects
information for online security reports for DefensePro. You can configure general global settings
about how APSolute Vision obtains data for online monitoring and reports.
To configure APSolute Vision monitoring parameters

Monitoring.
Table 27: Monitoring Parameters
Parameter
Description
These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for On-line
Monitoring
The interval, in seconds, between data collections for online

monitoring of a managed device. A shorter interval provides more
up-to-date data, but uses more network and device resources.
Values: 153600
Default: 15
Polling Interval for Device

Status
The number of seconds between polls of a device to determine the

up or down status of the device and its elements.
Values: 103600
Default: 15
Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for a
response of a device-status poll before considering a device to be
down.
Default: 300
Note: If the network has latency longer than the Timeout for
Device Status Poll, devices will appear up and down or always
down, and therefore unmanageable. If you encounter such
behavior, increase the value accordingly.
Reports
This setting configures APSolute Vision monitoring for real-time reports for DefensePro.
Polling Interval for Reports
The time, in seconds, between data collections for reports. A

smaller interval provides more up-to-date information at the
expense of network resources.
Values: 153600
Default: 15
101

Configuring APSolute Vision Server Alarm Thresholds

You can configure the following server-alarm thresholds for specific alarms:
Two threshold values for rising alarms to issue warning and error alerts respectively. The rising
server-alarm threshold value must always be lower than the rising error threshold. When the
parameter value exceeds the rising server-alarm threshold value but is less than the error
threshold value, a warning alert is issued. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Two threshold values for falling alarms to clear warning and error alerts respectively. The falling
alarm values must be less than their respective rising alarm values.
Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.
To configure APSolute Vision server-alarm thresholds

1.
In the APSolute Vision Settings view System perspective, select General Settings > Server
Alarm.
2.
To edit the thresholds for a specific parameter, double-click the parameter name.
3.
Configure the parameters, and click Submit.
Table 28: Server-Alarm Threshold Parameters
Parameter
Description
Parameter
(Read-only) The parameter name.
Enabled
Specifies whether the threshold parameter is used for the corresponding

alarm.
Default: Enabled
Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning
The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.
Error
The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning
The falling warning alarm value must be less than the rising warning alarm
value.
Error
The falling error alarm value must be less than the rising error alarm value.
102

Configuring Connections to Authentication Servers

Besides the local user table, APSolute Vision users can be authenticated through RADIUS or
TACACS+.
Configuring RADIUS Server Connections, page 103
Configuring TACACS+ Server Connections, page 107
Configuring RADIUS Server Connections

APSolute Vision can authenticate users using its role-based access control (RBAC) through a Remote
Authentication Dial In User Service (RADIUS) server connection. For more information on RBAC and
RBAC roles and scopes, see Role-Based Access Control (RBAC), page 70.
Caution: Users defined through a RADIUS server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).
Caution: If the name of an APSolute Vision site changes and a RADIUS server authenticates users,
the user scopes on the RADIUS server must be reconfigured manually.
Authentication Process with RADIUS

If the APSolute Vision server is configured to use RADIUS for authentication, the user-authentication
process is as follows:
1. The user starts the APSolute Vision client, enters the username and password given by the
RADIUS administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the RADIUS
server.
3. If the RADIUS server recognizes and authorizes the APSolute Vision server, the RADIUS server
processes the request for the user and password.
Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.
4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see Each RADIUS server (primary and
secondary) for APSolute Vision user authentication requires the following:, page 104). If the
RADIUS server does not authenticate the user, the RADIUS server sends an Access-Reject
message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5. If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
103

Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the
following:
The RADIUS server must use the port specified on the APSolute Vision server.
The RADIUS server must authorize the APSolute Vision server.
The RADIUS server must use the authentication type (for example, PAP) that is specified in the
Your RADIUS server and/or RADIUS Authentication system and your dictionary file must include
the following:
Attribute ID 26To specify a Vendor-Specific Attribute (VSA).
Vendor ID 89To specify Radware (as assigned by Internet Assigned Numbers Authority,
IANA). Vendor ID 89 will need to be configured on the RADIUS server.
Vendor Attribute ID 100To specify the Radware-Role attribute. The RADIUS server can
use this attribute to return the IDM-stringscope combination to the APSolute Vision serer.
Vendor Attribute ID 101To specify the Radware-Policy attribute. The RadwarePolicy attribute is used to limit what DefensePro security data the user sees in the Security
Monitoring perspective and APSolute Vision Reporter according to specified DefensePro
Network Protection policies. This feature is supported only in DefensePro on x412 platforms
with the DME and x420 devices.
The RADIUS server Access-Accept response must include an IDM-stringscope combination, for
the Radware-Role attribute, in the following format:
<IDM string>:<Scope>
where:
<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70. The list of the available RADIUS attribute IDs and corresponding attribute names is
available at http://www.iana.org/assignments/radius-types/radius-types.xhtml.
<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more rows
specifying a site or managed-device name.
Examples:
ADMINISTRATOR:[ALL]ADC_OPERATOR:MyADCSiteADC_OPERATOR:MyADCSite
ADC_OPERATOR:MyDevice1
ADC_OPERATOR:MyDevice2
Caution: Users defined through a RADIUS server with the Administrator, User
Administrator, or Vision Administrator roles role must be configured with the scope [ALL]
(including the square brackets).
If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must
include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy
attribute, in the following format:
<SecurityMonitoringScope>:<ProtectionPolicyName>
104

where:
<SecurityMonitoringScope> is the scope of the user in the context of DefensePro

security monitoring. The scope [ALL] (including the square brackets) specifies all
supported DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more rows specifying an IP address of a
supported DefensePro device.
<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more rows.
Examples:
[ALL]:[ALL] The user has security-monitoring access to all the supported DefensePro
devices for the corresponding scope and all the associated Network Protection policies.
10.202.199.36:[ALL] The user has security-monitoring access to all the Network

Protection Policies for the DefensePro device with the IP address 10.202.199.36.
10.202.199.36:MyNetProtPolicy The user has security-monitoring access to data

related to the Network Protection Policy named MyNetProtPolicy that is configured in the
DefensePro device with the IP address 10.202.199.36.
10.202.199.36:MyNetProtPolicy1
10.202.199.36:MyNetProtPolicy2
10.202.199.36:MyNetProtPolicy3 The user has security-monitoring access to data
related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and
MyNetProtPolicy3, that are configured in the DefensePro device with the IP address
10.202.199.36.
Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.
Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for

<ProtectionPolicy> must be [ALL].
Configuring the RADIUS Server Connections

Use the following procedure to configure your RADIUS server connections.
To configure a RADIUS-server connection

Authentication Protocols > RADIUS Settings.
Table 29: Primary RADIUS Configuration Parameters
Parameter
Description
IP Address
The IP address of the primary RADIUS server for authentication.
105

Table 29: Primary RADIUS Configuration Parameters (cont.)
Parameter
Description
Port
The Layer 4 port on the primary RADIUS server.

Values: 1812, 1645
Default: 1812
Shared Secret
The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
Verify Shared Secret
The RADIUS shared secret used for communication between the primary
Table 30: Secondary RADIUS Configuration Parameters
Parameter
Description
IP
The IP address of the secondary RADIUS server for authentication.
Authenticate Port
The Layer 4 port on the secondary RADIUS server.

Values: 1812, 1645
Default: 1812
Shared Secret
The shared secret used for communication between the secondary


Table 31: Shared RADIUS Configuration Parameters
Parameter
Description
Timeout
The time, in seconds, between retransmissions to the RADIUS servers.

Values: 1100
Default: 5
Note: If connectivity is too slow, increase the value.
Retries
The number of authentication retries before a second RADIUS server (if

configured) is contacted.
Values: 110
Default: 3
Attribute ID
The RADIUS attribute used in the RADIUS profile.

Values: 1255
Default: 26that is, Vendor Specific Attribute
106

Table 31: Shared RADIUS Configuration Parameters (cont.)
Parameter
Description
Vendor ID
The vendor ID for the vendor-specific attribute (VSAs).
(This parameter is
Default: 89Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
Vendor Attribute ID
The vendor-specific-attribute ID to hold the <IDM string>:<Scope>

values.
(This parameter is
displayed only if the
Default: 100Specifies the Radware Radware-Role.
specified Attribute ID is
Note: Names of vendor-specific attributes are decided on by the
26.)
vendor.
Authentication Type
The method of authentication to be used.

Values:
PAP
CHAP
EAP-MD5
EAP-MSCHAP v1
MSCHAP v1
MSCHAP v2
Default: PAP
Configuring TACACS+ Server Connections

APSolute Vision can authenticate users using its role-based access control (RBAC) through a
Terminal Access Controller Access-Control System Plus (TACACS+) server connection. For more
information on RBAC and RBAC roles and scopes, see Role-Based Access Control (RBAC), page 70.
Caution: Users defined through a TACACS+ server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).
Caution: If the name of an APSolute Vision site changes and a TACACS+ server authenticates
users, the user scopes on the TACACS+ server must be reconfigured manually.
Authentication Process with TACACS+

If the APSolute Vision server is configured to use TACACS+ for authentication, the userauthentication process is as follows:
1. The user starts the APSolute Vision client, enters the username and password given by the
TACACS+ administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the
TACACS+ server.
107

3.
If the TACACS+ server recognizes and authorizes the APSolute Vision server, the TACACS+
server processes the request for the user and password.
Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute
Vision server), the TACACS+ server ignores the request.
4.
If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see TACACS+ Server Requirements,
page 108). If the TACACS+ server does not authenticate the user, the TACACS+ server sends an
Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5.
If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
TACACS+ Server Requirements

The TACACS+ implementation in APSolute Vision supports standard ASCII inbound login to the
device. PAP, CHAP, ARAP, and MSCHAP login methods are not supported. TACACS+ change password
requests are not supported. One-time password authentication is not supported. APSolute Vision
performs encryption of body packets by concatenating a series of MD-5 hashes. Setting the
TAC_PLUS_UNENCRYPTED_FLAG, which allows the exchange of clear text TACACS+ packets, is not
allowed.
Each TACACS+ server (primary and secondary) for APSolute Vision user authentication requires the
following:
The TACACS+ server must use the port specified on the APSolute Vision server.
The TACACS+ server must authorize the APSolute Vision server.
The TACACS+ server configuration file must use the following structure:
user = <user> {
login = <login>
member = <user group>
}
group = <user group>{
service = <service> {
radware-role = <IDM string>:<Scope>
radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>
priv-lvl = <privilege level>
}
}
108

where:
<user> is the users name.
<login> is the login type and the users password. The login type can be cleartext,
where the users password is exposed in the configuration file, or may use encryption such
as des. If the password includes a space, the password must be enclosed in quotation
marks (").
Examples:
cleartext mypassword
cleartext "my password"
des l5c2fHiF21uZ6
<user group> is the group of which the user is a member.
<service> is the Service Name configured for the TACACS+ connection in APSolute Vision.
<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70.
<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more entries
specifying a site or managed-device namedelimited by plus signs (+).
Caution: Users defined through a TACACS+ server with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).
The radware-policy row defines DefensePro security monitoring.

The radware-policy row is optional if the managed device does not support DefensePro
security monitoring.
<SecurityMonitoringScope> is the scope of the user in the context of DefensePro

security monitoring. The scope [ALL] (including the square brackets) specifies all
supported DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more entries specifying a DefensePro-device
name or APSolute Vision site namedelimited by plus signs (+).
and
<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more entriesdelimited by plus signs (+).
Examples:
[ALL]:[ALL] The user has security-monitoring access to all the supported
dp1:[ALL] The user has security-monitoring access to all the Network Protection
dp2:Syn_ACK_V21_Policy The user has security-monitoring access to data related

to the Network Protection Policy named Syn_ACK_V21_Policy that is configured in the
DefensePro device named dp2.
dp3:MyNetProtPolicy1+dp3:MyNetProtPolicy2+dp3:MyNetProtPolicy3 The
DefensePro devices for the corresponding scope and all the associated Network
Protection policies.
policies for the DefensePro device named dp1.
user has security-monitoring access to data related to the Network Protection policies
named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured
in the DefensePro device named dp3.
109

Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.
Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for

<ProtectionPolicy> must be [ALL].
<privilege level> is the Minimal Required Privilege Level configured for the
TACACS+ connection in APSolute Vision. TACACS+ indicates the privilege level at which the
user is authenticating.
Note: Privilege levels are ordered values from 0 to 15 with each level representing a privilege
level that is a superset of the next lower value. If a NAS client uses a different privilege level
scheme, mapping must be provided.
The predefined values are as follows:
TAC_PLUS_PRIV_LVL_MAX
:= 0x0f
TAC_PLUS_PRIV_LVL_ROOT
:= 0x0f
TAC_PLUS_PRIV_LVL_USER
:= 0x01
TAC_PLUS_PRIV_LVL_MIN
:= 0x00
Example
The following is an example of a TACACS+ configuration file.
The file includes definitions of the user testuser who belongs to the group testgroup.
dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.
The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.
RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all
policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.
user = testuser {
login = cleartext "radware"
member = testgroup
}
group = testgroup {
service = connection {
radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4
radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]
priv-lvl = 2
}
}
110

Configuring the TACACS+ Server Connections

Use the following procedure to configure your TACACS+ server connections.
To configure a TACACS+ server connection

Authentication Protocols > TACACS+ Settings.
Table 32: Primary TACACS+ Configuration Parameters
Parameter
Description
IP Address
The IP address of the primary TACACS+ server for authentication.
Port
The Layer 4 port on the primary TACACS+ server.

Values: 49
Default: 49
Shared Secret
The TACACS+ shared secret used for communication between the

primary TACACS+ server and APSolute Vision. The value can contain
special characters.
The TACACS+ shared secret used for communication between the

primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Table 33: Secondary TACACS+ Configuration Parameters
Parameter
Description
IP Address
The IP address of the secondary TACACS+ server for authentication.
Authenticate Port
The Layer 4 port on the secondary TACACS+ server.

Values: 49
Default: 49
Shared Secret

TACACS+ server and APSolute Vision. The value can contain special
characters.

TACACS+ server and APSolute Vision. The value can contain special
characters.
111

Table 34: Shared TACACS+ Configuration Parameters
Parameter
Description
Timeout
The time, in seconds, between retransmissions to the TACACS+

servers.
Values: 1100
Default: 5
Retries
The number of authentication retries before a second TACACS+ server

(if configured) is contacted.
Values: 110
Default: 3
Minimal Required Privilege

Level
The minimum TACACS+ privilege level specified for a user that will
allow access to APSolute Vision. A user can successfully be authorized
by the TACACS+ server but have a privilege level that is too low to
access APSolute Vision.
0 (zero) is the lowest privilege level, meaning: all users can access
APSolute Vision. 15 is the highest level. For example, if the Minimal
Required Privilege Level is defined as 1, all users with access level of 1
or higher can access APSolute Vision; and users with level 0 (zero) will
not have access to APSolute Vision.
Values: 015
Default: 0
Service Name
The name of the service as defined in the TACACS+ server

configuration file.
Managing Device Drivers

A device driver in APSolute Vision defines the GUI and configuration of the software version of a
managed device. The software version of a managed device defines the baseline driver version.
There may be multiple device-driver versions for a single software version of a device, but there can
be only one device-driver version in use on any single APSolute Vision server. That is, each device
driver applies to all devices in the system that use the same device-software version. Typically,
subsequent versions of device drivers include only fixes for GUI and configuration bugs. You can
install a newer version of the device driver, and you can revert to the baseline version.
When you upgrade device software, you need to reboot the device. However, when you install a new
version of a device driver or revert to the baseline version, you do not need to reboot the device.
Caution: Device drivers do not include changes to the online help. Depending on the configuration
of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute
Vision server (the default option) or radware.com. The online-help files at radware.com are always
the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute
Vision clients get online help from the APSolute Vision server, after updating a device driver, the
online-help files on the server should be updated. It is the responsibility of the APSolute Vision
administrator to make sure that the help files on the server are updated as necessary. For more
information, see Appendix A - Managing the Online-Help Package on the Server, page 505.
112

Note: The device driver includes the minimum APSolute Vision version.
When an APSolute Vision server detects that a new device has been installed or that a new device
software version has been installed on an existing device, the server retrieves the driver version
from the device.
The server checks whether it already has a driver version that corresponds to the device software
version, and uses the newest device driver.
If the driver version on the device is newer than the device version on the server, the server
downloads the new driver from the device, but does not apply it. The table in the Device Drivers
node (in the APSolute Vision Settings view System perspective) displays the device-version row
shaded gray.
If the device driver is incompatible or not found, APSolute Vision behaves as follows:
Issues an appropriate error message, but displays the device in the tree of the device pane with
a special icon (?) on top of it.
When you click the device in the tree, no screen is displayed, but the following information is
displayed in the device-properties pane: Device Name (from Vision), Device Type (if known),
Status: Unsupported, and Software Version: <SW_version>
The device-properties pane includes the name of the device driver.

You can do the following:
Update the drivers of the devices of a particular software version.
Update all the device drivers that are not updated in the APSolute Vision server.
Revert the driver to the baseline driver version.
If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or
not. If you change the driver version when a device is locked by other users, you may lose the
changes for those users.
Table 35: Driver Parameters
Column
Description
Product Name
The device type.

Values:
Alteon
AppWall
DefensePro
LinkProof NG
Product Version
The device software version.
Instances
The number of devices that use the same device software version.
Driver Baseline
The baseline version of the driver used for this device software version.
Driver in Use
The driver version in use for this device software version.
Latest Driver
The latest driver version for this device software version that is stored in
the APSolute Vision server.
Supported Languages
The languages that the device driver supports.
113

To update a device driver

1.
In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2.
Select the row with the relevant device and device version.
3.
Click the
4.
Click Browse, navigate to the driver, and click Open.
5.
Click Update. APSolute Vision verifies that the device driver version is relevant for the device
software.
6.
Read the confirmation message, and then, accept or abort the action.
(Update Device Driver) button.
The version of the driver that you install cannot be the same version or an older version of the
driver baseline version. If the driver version that you install is newer than the baseline version
but older than the driver version in use, APSolute Vision prompts you for confirmation to change
the current driver. If the driver version that you install is newer than the baseline version and
newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade
the current driver.
To apply a driver version to a specific device when there is a newer version in the server
1.
Drivers.
2.
3.
Select the
(Update to Latest Driver) button.
To revert to baseline driver version that resides on the APSolute Vision server
1.
Drivers.
2.
3.
Select
(Revert to Baseline Driver) button.
Note: This option is displayed only when the driver version in use is different from the baseline
driver release.
114

To update all the device drivers to the latest ones that are stored in the APSolute Vision
server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click
(Update All Drivers to Latest) button.
Note: This command is available only when the APSolute Vision server has device driver
version that is later than one of the device drivers in use.
The following procedure is for troubleshooting a situation such as the following:
A driver for the device you want to add to the APSolute Vision configuration does not exist in the
APSolute Vision server or does not exist as part of the device software.
The driver for the device you want to add to the APSolute Vision configuration is corrupt in the
The driver for the device you want to add to the APSolute Vision configuration does not exist in
the APSolute Vision server and is corrupt in device software.
Note: The APSolute Vision CLI includes a command for troubleshooting problems related to
device drivers. For more information, see system database maintenance driver_table delete,
page 472.
To load a driver for a software version that does not exist in the Device Drivers table
(that is, APSolute Vision has never managed a device using this software version)
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click the
(Upload Device Driver) button.
3. Click Browse, navigate to the driver, and click Open.

4. Click Upload. The action loads a driver into the APSolute Vision server. The driver version is
displayed in the Device Driver table, in the Latest Driver column, if there is a managed device of
the corresponding software version. The driver is available when you add a new device to the
APSolute Vision configuration.
115

Configuring APSolute Vision Reporter Parameters

You can view historical security reports in the APSolute Vision Reporter (AVR).
The AVR client supports only a single timezone, which is the timezone configured on the APSolute
Vision server.
Notes
To open the AVR, click AVR (
AVR does not support Alteon or LinkProof NG.
) in the APSolute Vision toolbar.
To configure APSolute Vision Reporter settings

1.
In the APSolute Vision Settings view System perspective, select General Settings > APSolute
Vision Reporter.
2.
Table 36: APSolute Vision Reporter Parameters
Parameter
Description
Attack Polling Interval
(Read-only) The interval for polling security attack data, which is 5

minutes.
Data Retention Interval
The time, in months, that APSolute Vision retains AVR data.

Values:
148
Unlimited
Default: 12
Note: After upgrade from an APSolute Vision version prior to 2.30,
the value is Unlimited. You can modify this value if you require.
Upload Logo
(button)
116
You can upload a logo to display on reports. Click the button and enter
the name of the file to upload.

Managing APSolute Vision Licenses and Viewing Capacity

Utilization
Licenses for APSolute Vision can be generated based on the MAC address of the APSolute Vision port
G1 or G2.
APSolute Vision displays the MAC address of port G1 in the License Management pane above the
License table.
Contact Radware Technical Support to purchase the license you require.
To manage a license for APSolute Vision

1. In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
To add an entry, click the
(Add) button.
To edit an entry, double-click the row.
3. In the License String text box, enter the license string.

4. Click Submit.
Viewing APSolute Vision Capacity Utilization

APSolute Vision has capacity limitations. For more information, see the APSolute Vision Release
Notes for the relevant version.
Use the Current Utilization table to help determine whether you exceed scale/capacity specifications
and whether you need to purchase additional RTU licenses. The Current Utilization table displays
various Item parameters and the number of each item (see Table 37 - Capacity Utilization Table
Parameters, page 117).
To view the Capacity Utilization table

>
In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
Table 37: Capacity Utilization Table Parameters
Parameter
Description
Managed Physical Devices
The number of physical devices (of any supported

device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
Managed Virtual Devices
The number of virtual devices (of any supported

device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
Managed DefensePro Devices
The number of DefensePro devices of any deployment

type (virtual or physical appliance) that the APSolute
Vision is managing.
117

Table 37: Capacity Utilization Table Parameters (cont.)
Parameter
Description
Unavailable Devices
The number of devices that the APSolute Vision is

managing whose status is not Up. That is, devices
whose status is Down, Maintenance, Unknown,
and so on.
Total Enabled DefensePro Policies
The sum of enabled Network Protection policies and

Server Protection policies on the DefensePro devices
that the APSolute Vision is managing.
Total Profiles Assigned to Enabled Policies
The number of profiles in both the Network Protection

policies and Server Protection policies on the
DefensePro devices that the APSolute Vision is
managing. If a profile is associated with multiple
policies, it is counted multiple times.
Managing APM in APSolute Vision

Application Performance Monitoring (APM) monitors traffic through Alteon and LinkProof NG devices.
APM can continuously monitor all transactions and provide visibility into the true end-user
experience in the data center, network, or online application.
The APM server is part of the APSolute Vision server with APM server VA offering. One APM server
per APSolute Vision server supports the APM functionality. The APM server is an OVA installation in a
VMware vSphere environment. You specify the connection details of the APM server in the APSolute
Vision Settings view System perspective, under General Settings > APM Settings.
From the APM Settings node, you can view information related to the virtual services of the
managed devices that have APM enabled. There, you can also directly access the service in APM Web
interface.
Notes
The term APM server may also be referred to as SharePath server.
APM requires a proper license, which you can manage in the License Management tab (APSolute
Vision Settings view System perspective, General Settings > License Management).
For information on the installation of the APM server, see the APSolute Vision Installation and
Maintenance Guide.
For information on how to configure Alteon or LinkProof NG with APM, see Configuring the APM
Server in an Alteon, page 59 and Managing Virtual Services Settings, page 231.
For information on using APM, see the Application Performance Monitoring User Guide.
For information on how to use the APM Web interface, click the
Web interface.
118
(Help) button in the APM

To open the APM Web interface

>
Do one of the following:
In the main toolbar, click APM (
Do the following:
).
a.
In the APSolute Vision Settings view System perspective, select General Settings >
APM Settings.
b.
In the table, in the APM Server column, click the hyperlink.
Considerations and Constraints Using APM with Alteon Version 29.5

The following lists describes the considerations and constraints using APM with Alteon version 29.5:
The Alteon must be managed by the same APSolute Vision that hosts the APM server.
If the instance of the APM server is replaced without restoring the previous database, the
system administrator must reapply the APM configuration on each virtual service.
Managing the APM Server

This section describes how to manage the APM server.
Use the APM-Enabled Services table to view information related to the virtual services of the
managed Alteon or LinkProof NG devices that have APM enabled. There, you can also directly access
the service in the APM Web interface.
To manage the APM server

1. In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings. The APM Settings tab displays the APM Server State field and a table with
information about the APM server.
The APM Server State field can display the following values:
InitializingThe APM server is initializing.
RunningThe APM server is running.
DownThe APM server is down. Typically, this is because the APM server is not yet
configured in the table or the APM license is not yet installed.
(Add) button.
3. Configure the parameters, and then, click Submit.
119

Table 38: APM Server Parameters
Parameter
Description
Use the APM Server Installed on Specifies whether APSolute Vision uses the APM server associated
this APSolute Vision Server
with the APSolute Vision server with APM server VA installation.
(This parameter is available only Values:
with the APSolute Vision server DisabledAPSolute Vision uses an external APM server.
with APM server VA offering.)
EnabledAPSolute Vision uses the APM server associated
with the APSolute Vision installation, and populates the
following fields with read-only values:
Management IP AddressThe IP address of the APSolute

Vision management port (G1 or G2), which is the
management port for both APM and APSolute Vision
server.
Data IP AddressThe IP address of the G4 port.
Backup IP AddressThe IP address of the G3 port. This

value is not mandatory.
Default: Disabled
Notes:
For information on configuring the IP address for each port,

see Network IP Interface Commands, page 447.
For information on configuring the routing for each port, see

Network Routing Commands, page 451.
The IP address of the port on the SharePath/APM server that

APSolute Vision uses for APM management traffic.
In the APSolute Vision server with APM server VA offering, this
address is typically the management IP address of the APSolute
Vision server too. By default, this the IP address of the G1 port.
Port
The management interface TCP port.

Values: 165535
Default: 443
Caution: Specifying a non-default port involves modifying the
APM server configuration. For more information, in the
Application Performance Monitoring Troubleshooting and
Technical Guide, see the appendix Configuring a Non-Default
APM Port for APM Reports.
Note: You can specify the port only when you add a new APM
server to the APSolute Vision configuration. You cannot modify
the port on an APM server that is already configured in
APSolute Vision. To modify the port, you need to remove the
APM server from the APSolute Vision configuration, and then,
add the APM server with the required port to the APSolute
Vision configuration again.
120

Table 38: APM Server Parameters (cont.)
Parameter
Description
Data IP Address

APSolute Vision uses for APM data traffic. In the APSolute Vision
server with APM server VA offering, this address is typically the IP
address of the APSolute Vision G4 port. This field is significant
only for older Alteon versions 29.5, 30.0.0, 30.0.1, 30.0.2,
30.0.3, and 30.1. New versions use the configuration on the
device and ignore the Data IP Address field. The default is set
to G4, assuming that APM must support the device sending
beacons from the Alteon data interface.
Backup IP Address

APSolute Vision uses for APM backup traffic.
Note: This value is not mandatory.
Performance Limit
The maximum events (performance reports for an HTML page)

per second that the APM server can process.
Values: 101000
Default: 500
Table 39: APM-Enabled Services Table
Parameter
Description
Device Name
The name of the device with the APM-enabled service.
Virtual Server Index
The index of the APM-enabled service.
Virtual Server IP
The IP address of the APM-enabled service.
Port
The port of the APM-enabled service.
Description
The description of the APM-enabled service.
APM Application Link
A hyperlink to the APM-enabled service in the APM interface.
Viewing Information on the APM-Enabled Devices

Use the APM Enabled-Devices pane to view information on the devices managed by the APSolute
Vision server that have at least one virtual service with APM enabled.
To view information on the APM-enabled devices

>
In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings > APM-Enabled Devices.
Table 40: APM-Enabled Devices Table
Parameter
Description
Device Name
The name of the device with an APM-enabled service.
Device Management IP
The IP address of the device.
Software Version
The software version of the device.
APM License (PgPM)
The APM license currently installed on the device.
Form Factor
The form factor of the device.
121

Table 40: APM-Enabled Devices Table (cont.)
Parameter
Description
Hardware Platform
The platform of the device.
APM Server Management IP
The IP address of the management port of the APM server.

For the APSolute Vision server with APM server VA offering, this is
the IP address of the management port of the APSolute Vision
server.
Configuring DefensePipe Settings

Use the DefensePipe Settings pane to specify the DefensePipe URL.
APSolute Vision uses the URL to connect to DefensePipe when you click DefensePipe (
APSolute Vision menu bar.
) in the
Note: For more information on DefensePipe, see the DefensePipe User Guide.
To specify the DefensePipe URL

1.
DefensePipe Settings.
2.
In the DefensePipe URL text box, type the URL, and click Submit.
Configuring APSolute Vision Server Advanced

Parameters
Use the following procedure to configure additional advanced parameters and online-help
parameters for the APSolute Vision server.
To configure advanced parameters for the APSolute Vision server

1.
Advanced.
2.
122

Table 41: APSolute Vision Advanced: General Parameters
Parameter
Description
Maximum Configuration Files The maximum number of configuration files per managed device
for Device
that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 110
Default: 5
Note: If you change the maximum value to less than the number
of existing configuration files, none of the existing files will be
deleted. For example, the configured maximum value is 10 and
there are 8 configuration files, if you then change the configured
maximum value to 4, no files are deleted.
Minimal Log Level
The lowest severity of messages that will be logged for debugging

purposes.
Values:
Fatal
Error
Warning
Info
Debug
Trace
Default: Error
Caution: Lowering the value of the Minimal Log Level
parameter may negatively affect the performance of the APSolute
Vision server. Radware recommends using the default value,
Error, except when there are specific troubleshooting
requirements.
Device Lock Timeout
The time, in minutes, that a device remains locked. If you have the
appropriate permissions to configure a device, you can lock the
device so that other user cannot configure the device at the same
time.
Values: 5180
Default: 10
Results per Page
The number of rows that are displayed per table page.

If you change this setting after retrieving information into a table in
the current session, the table information will be lost and APSolute
Vision will need to obtain the device information again. Radware
recommends changing this setting at the beginning of a session
before obtaining information from a managed device.
Values: 10100
Default: 20
123

Table 42: APSolute Vision Advanced: Online Help Parameters
Parameter
Description
Note: After you click Submit, for a change to take effect immediately, you may need to refresh
your browser display or clear the browser cache.
Online Help URL
The source of the online help that clients request.

Values:
APSolute Vision ServerThe server provides the client with

online-help files stored on the server. Installation of the
APSolute Vision server includes online-help files, but if managed
devices are somehow upgraded later (with a new device, new
device version, or new device driver), the online-help files on
the server should be updated. It is the responsibility of the
APSolute Vision administrator to make sure that the help files on
the server are updated as necessary. For more information, see
Appendix A - Managing the Online-Help Package on the Server,
page 505.
Radware.comThe client sends online-help requests to the

radware.com Web site and receives files from there. The onlinehelp files at radware.com are always the most up-to-date, but
clients may encounter latency or connectivity problems.
Default: APSolute Vision Server

Update
(button)
Opens the dialog box to update the online-help package that resides
in the APSolute Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.
Revert to Default Help

(button)
The online help currently on the server reverts to the online help
package that was included with the installation of the APSolute
Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.
Configuring APSolute Vision Display Parameters

You can configure display parameters for APSolute Vision clients, which also affect certain other
APSolute Vision functionalities.
To configure APSolute Vision display parameters

1.
In the APSolute Vision Settings view System perspective, select General Settings > Display.
2.
124

Table 43: Display: General Parameters
Parameter
Description
Default Display Language
The default display language for new users in the APSolute Vision
system.
Notes:
Each user can change his/her own display language, by using

the
Default Landing Page
If you change the value, the change affects only users created
after the change.
An Administrator can specify the default language for each

specific user (see Configuring Local Users for APSolute Vision,
page 79).
The page that APSolute Vision displays by default for new users in
the APSolute Vision system.
Values:
First Device in the TreeAPSolute Vision opens displaying the

Device pane with the first available device selected, and the
Configuration perspective.
Application SLA DashboardNew users land on the Application

SLA Dashboard (see Using the Application SLA Dashboard,
page 433).
Security Control CenterNew users land on the Security

Control Center (see Using the Security Control Center,
page 436).
None
Default: First Device in the Tree

Notes:
User roles and scopes determine whether the selected option is

relevant. If a user does not have permission to view the selected
option, the user lands in the first permitted tab in the APSolute
Vision Settings view). For information on user roles and scopes,
see Managing APSolute Vision Users, page 69.
Each user can change his/her own landing page (APSolute

Vision Settings view Preferences perspective, User
Preferences > Display).
If you change the value, the change affects only users created
after the change.
125

Table 44: Display: Date and Time Format Parameters
Parameter
Description
Date Format
The date format for information that includes time and date and
displayed in the APSolute Vision client.
Values:
dd.MM.yyyy
MM.dd.yyyy
dd/MM/yyyy
MM/dd/yyyy
Default: dd.MM.yyyy
Time Format
The time format for information that includes time and date and
displayed in the APSolute Vision client.
Values:
HH:mm:ss
HH:mm:ss z
h:mm:ss aa
h:mm:ss aa z
Default: HH:mm:ss
Managing APSolute Vision Maintenance Files

You can open and save the maintenance files and upgrade log files of the APSolute Vision server.
To open or save a maintenance file or upgrade log file

1.
Maintenance Files.
2.
Double-click the row with the relevant file.
3.
Use the dialog box to open the file with a selected application or save the file to a selected
location.
Managing Stored Device Configuration/Backup Files

You can manage configuration files of managed devices that are stored on the APSolute Vision
server.
You can do the following:
View details of the configuration files of managed devices
Save configuration files from the server to your PC
Delete configuration files from the server
Edit configuration file descriptions
For information about configuring the maximum number of configuration files per device that can be
stored, see Configuring APSolute Vision Server Advanced Parameters, page 122.
126

To open the APM Web interface

>
In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
To edit the description of a configuration file

1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Double-click the relevant entry.
3. In the Description text box, add or edit the text, up to 50 characters.
To delete a configuration file from the server

Backups.
2. Select the relevant entry.
3. Click the
(Delete) button.
To get the configuration file of the device from the APSolute Vision server and download
the file to the local PC
Backups.
2. Select the relevant entry.
3. Click the
(Download Selected File) button.
4. Open or save the file as you require.
Table 45: Device Configuration File Parameters
Parameter
Description
File Name
The name of the stored configuration file.
File Type
This field always displays Regular.
SW Version
The software version of the device.
Backup Date
The date and time that the file was saved on the APSolute Vision server.
Description
A description of the file. You can enter and edit text in this field.
127

To compare a device-backup fileof an Alteon, DefensePro, or LinkProof NG device

from the APSolute Vision server to another object
1.
In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2.
Select the relevant entry.
3.
Click the
4.
From the Compare... With drop-down list, select one of the following:
(Compare Backup File) button.
Other Device Running Configuration
Backup File from System
Backup File from Local File System
5.
Select the device, configuration, or file.
6.
Click OK.
Controlling APSolute Vision Operations

You can perform the following operations on APSolute Vision:
Back up the APSolute Vision dataYou can back up the configuration tables and other APSolute
Vision data. To back up the database including real-time and historical reports, you must use CLI
commands. For more information, see APSolute Vision CLI Commands, page 441.
Update the Attack Description file.
You can perform the following operations using APSolute Vision CLI:
Restoring the appliance configuration.
Restoring the server configuration.
Restarting the APSolute Vision server.
For more information about APSolute Vision CLI commands, see APSolute Vision CLI Commands,
page 441.
128
Chapter 5 Setting Up Your Network and Basic

Device Configuration
Before you can configure Radware devices through APSolute Vision, you add sites and devices to the
APSolute Vision server configuration.
The following topics describe how to set up your network of managed Radware devices:
Device PaneSites, Clusters, and Physical Containers, page 129
Configuring Sites, page 130
Adding and Removing Devices, page 131
Locking and Unlocking Devices, page 145
Managing DefensePro Clusters for High Availability, page 146
Using the Multi-Device View and the Multiple Devices Summary, page 152
After You Set Up Your Managed Devices, page 153
Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.
Device PaneSites, Clusters, and Physical Containers

You organize the devices that APSolute Vision manages in the device pane.
The device pane includes the Sites and Clusters tree or Physical Containers tree.
The Sites and Clusters tree can contain:
Alteon standalone, VA, and vADC devices and clusters of Alteon devices for high availability
AppWall devices
DefensePro devices and clusters of DefensePro devices for high availability
LinkProof NG devices
You can organize the devices into logical groups, referred to as sites.
You can configure sites in both the Sites and Clusters tree and the Physical Containers tree.
You may configure sites according to a geographical location, administrative function, or device
type.
Each site can contain nested sites and devices. You can create clusters of devices for high
availability.
You can also display real-time security monitoring for multiple devices. You can select a site or select
multiple devices (using standard mouse click/keyboard combinations) whether or not the devices
are in the same site.
Tree nodes are organized alphabetically in the tree within each level. For example, a site called
Alteon_Site appears before a site at the same level called DefensePro_Site.
All nested sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a site and a device the same
name, and you cannot give devices in different sites the same name.
Node names are case-sensitive.
129

Setting Up Your Network and Basic Device Configuration
You can export a CSV file with the devices in the Sites and Clusters tab. The CSV file includes
information on each device. The file does not include information regarding associated sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and Clusters
tab, page 144.
Configuring Sites
By default, the root site is called Default. You can rename this site, and add nested sites and
devices.
You can add, rename, and delete sites. When you delete a site, you must first remove all its child
sites and devices.
Notes
To move a device between sites, you must first delete the device from the sites tree and then
add it in the required target site.
A site cannot have the same name as a device, and sites nested under different parent sites
cannot have the same name.
You cannot delete the Default site.
To add a new site

1.
In the device pane, select the site name in which you want to create the new site.
2.
Click the
3.
From the Type drop-down list, select Site.
4.
In the Name text box, type the name of the site.
5.
Click Submit.
Caution: With RADIUS or TACACS+, if a user definition explicitly mention the name of a site and
the site name changes, the user definition in the RADIUS or TACACS+ server must be updated
accordingly.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
To rename a site
1.
In the device pane, select the site.
2.
Click the
3.
In the Name text box, type the name of the site.
4.
Click Submit.
130
(Edit) button.

To delete a site
1. In the device pane, select the site.
2. Click the
(Delete) button and confirm your action.
Adding and Removing Devices

Before you can manage a Radware device in APSolute Vision, you need to add the device to the
appropriate site tree in the device pane.
When you add a device, you can define a name for it. You also provide the device-connection
information, including authentication parameters (credentials) for communication between the
device and the APSolute Vision server.
After submitting device-connection information, the APSolute Vision server verifies that it can
connect to the device. APSolute Vision then retrieves and stores the device information and licensing
information.
After the connection has been established, you can modify some of the connection information and
configure the device.
When you add a device or modify device properties, you can specify whether the APSolute Vision
server configures itself as a target of the device events and whether the APSolute Vision server
removes from the device all recipients of device events except for its own address. For more
important information, see APSolute Vision Server Registered for Device EventsAlteon and
LinkProof NG, page 144 and APSolute Vision Server Registered for Device EventsDefensePro,
page 145.
After adding devices, you can create clusters of the main and backup devices, or the primary and
secondary devices (according to the device type).
Notes
A device cannot have the same name as a site.
Devices in different sites cannot have the same name.
You can change the name of a device after you have added it to the APSolute Vision
configuration
To move a device between sites, you must first delete the device from the sites tree and then
add it to the required target site.
If you replace a device with a new device to which you want to assign the same management IP
address, you must delete the device from the site and then recreate it for the replacement.
When you delete a device, you can no longer view historical reports for that device.
When you delete a device, the device alarms and security monitoring information are removed
also.
You can export a CSV file with the devices in the Sites and Clusters tab. The CSV file includes
information on each device. The file does not include information regarding associated sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and
Clusters tab, page 144.
131

HTTPS is used for downloading/uploading various files from/to managed devices, including:
configuration files, certificate and key files, attack-signature files, device-software files, and so
on. For DefensePro 6.x versions 6.14 and later, APSolute Vision uses Transport Layer Security
(TLS) protocol version 1.1 or later.
You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server.
The following procedure, To add a new device, page 133, is relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
AppWall
DefensePro
LinkProof NG
This section includes the procedures to do the following:
To add a new device, page 133Relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
AppWall
DefensePro
LinkProof NG
To add an ADC-VX, page 136
To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by
the same APSolute Vision server, page 139
To edit device connection information, page 143Relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC displayed in the Sites and Clusters tree
AppWall
DefensePro
LinkProof NG
To edit ADC-VX connection information, page 143
To delete a device, page 143Relevant for the following device types:
132
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
To delete an ADC-VX, page 144

To add a new device

1. In the device pane Sites and Clusters tree, navigate to and select the site name to which you
want to add the device.
2. Click the
3. From the Type drop-down list, select the device type that you require.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane.
Managing Devices and Device Properties

This section describes managing devices and device properties.
The following tables describe the parameters of the Device Properties dialog box.
Table 46: Device Properties: General Parameters
Parameter
Type
Description
The type of the object.
Values:
Name
Site
Alteon
AppWall
DefensePro
LinkProof NG
The name of the device.

Notes:
There are some reserved words (for example,

DefenseFlow) that APSolute Vision does not allow as
names.
You can change the name of a device after you have

added it to the APSolute Vision configuration.
Table 47: Device Properties: SNMP Parameters
Parameter
Description
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Management IP
The management IP address as it is defined on the managed

device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
SNMP Version
The SNMP version used for the connection.
133

Table 47: Device Properties: SNMP Parameters (cont.)
Parameter
Description
SNMP Read Community
The SNMP read community name.
(This parameter is displayed only

when SNMP Version is SNMPv1 or
SNMPv2.)
SNMP Write Community
The SNMP write community name.

when SNMP Version is SNMPv1 or
SNMPv2.)
User Name
The username for the SNMP connection.

when SNMP Version is SNMPv3.)
Use Authentication
Specifies whether the device authenticates the user for a

successful connection.

when SNMP Version is SNMPv3.)
Default: Disabled
Authentication Protocol
The protocol used for authentication.
(This parameter is available only

when the Use Authentication
checkbox is selected.)
Values: MD5, SHA
Authentication Password
The password used for authentication.
Default: MD5

Use Privacy
when and the Use Authentication
Privacy Password
Specifies whether the device encrypts SNMPv3 traffic for

additional security.
Default: Disabled
The password used for the Privacy facility.

when the Use Privacy checkbox is
selected.)
Table 48: Device Properties: HTTP/S Access Parameters
Parameter
Description
Verify HTTP Access
Specifies whether APSolute Vision verifies HTTP access to the

managed device.
(This option is not available for

AppWall.)
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access

(This option is not available for
AppWall.)
134
Specifies whether APSolute Vision verifies HTTPS access to

the managed device.
Default: Enabled

Table 48: Device Properties: HTTP/S Access Parameters (cont.)
Parameter
Description
Management IP

device.
(This option is available only for

AppWall.)
User Name

The username for HTTP and HTTPS communication.
Default: admin
Password
The password used for HTTP and HTTPS communication.

Default: admin
HTTP Port
The port for HTTP communication with the device.
HTTPS Port
The port for HTTPS communication with the device.
Default: 80
Default: 443
Table 49: Device Properties: SSH Access Parameters
Parameter
Description
(This tab is available only for Alteon and LinkProof NG devices.)

Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name
The username for SSH access to the device.

Default: admin
Password
The password for SSH access to the device.

Default: admin
SSH Port
The port for SSH communication with the device.

Default: 22
Note: This value should be the same as the value for the
SSH port configured in the device (Configuration
perspective, System> Management Access >
Management Protocols > SSH).
135

Table 50: Device Properties: Event Notification Parameters
Parameter
Description
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures itself
for Device Events
as a target of the device events.
Values:
EnabledThe APSolute Vision server configures itself as

a target of the device events (for example, traps, alerts,
IRP messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision server

adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Note: APSolute Vision runs this action each time you click
Submit in the dialog box. For more, important
information, see APSolute Vision Server Registered for
Device EventsAlteon and LinkProof NG, page 144.
Register APSolute Vision Server IP
when the Register This APSolute
Vision Server for Device Events
Remove All Other Targets of Device
Events
when the Register This APSolute
Vision Server for Device Events
The port and IP address of the APSolute Vision server to

which the managed device sends events.
Select an APSolute Vision server interface that is used as the
APSolute Vision server data port, and is configured to have a
route to the managed devices.
Specifies whether the APSolute Vision server removes from
the device all recipients of device events (for example, traps,
and IRP messages) except for its own address.
Default: Disabled
APSolute Vision runs this action each time you click Submit
in the dialog box. For example, if you select the checkbox
and click Submitand later, a trap target is added to the
trap target-address tableAPSolute Vision removes the
additional address the next time you click Submit in the
dialog box.
For more, important information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG,
page 144.
To add an ADC-VX
1.
In the device pane Physical Containers tree, navigate to and select the site name to which you
want to add the ADC-VX.
2.
Click the
3.
From the Type drop-down list, select Alteon.
136

After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane. The vADCs
that the ADC-VX is hosting are displayed as child nodes of the ADC-VX. The name format in the
vADC child nodes is <ADC-VX Name>_vADC-<vADC ID>.
Table 51: ADC-VX Device Properties: General Parameters
Parameter
Description
Type
The type of the object.

Values: Site, Alteon
Name
The name of the device.

Notes:

names.

Table 52: ADC-VX Device: SNMP Properties
Parameter
Description
Management IP

device.
SNMP Version
SNMP Community
The SNMP community name.

when SNMP Version is SNMPv1
or SNMPv2.)
User Name

when SNMP Version is
SNMPv3.)
Use Authentication

successful connection.

when SNMP Version is
SNMPv3.)
Default: disabled

Values: MD5, SHA
Default: MD5

137

Table 52: ADC-VX Device: SNMP Properties (cont.)
Parameter
Description
Use Privacy

additional security.

when and the Use
selected.)
Privacy Password
Default: Disabled

when the Use Privacy checkbox is
selected.)
Table 53: ADC-VX Device: HTTP/S Access Properties
Parameter
Description
Verify HTTP Access
Specifies whether APSolute Vision verifies HTTP access to the

managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access
Specifies whether APSolute Vision verifies HTTPS access to the

managed device.
Default: Enabled
User Name

Default: admin
Password

Default: admin
HTTP Port

Default: 80
HTTPS Port

Default: 443
138

Table 54: ADC-VX Device: Event Notification Properties
Parameter
Description
Register This APSolute Vision

Server for Device Events
Specifies whether the APSolute Vision server configures itself

Values:
EnabledThe APSolute Vision server configures itself as a

target of the device events (for example, traps, alerts, IRP
messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision server

adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes itself
Default: Enabled
APSolute Vision runs this action each time you click Submit in
the dialog box.
page 144.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to which
the managed device sends events.
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Remove All Other Targets of
Device Events
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Specifies whether the APSolute Vision server removes from the

device all recipients of device events (for example, traps, and
IRP messages) except for its own address.
Default: Disabled
APSolute Vision runs this action each time you click Submit in
the dialog box. For example, if you select the checkbox and
click Submitand later, a trap target is added to the trap
target-address tableAPSolute Vision removes the additional
address the next time you click Submit in the dialog box.
page 144.
To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX

managed by the same APSolute Vision server
1. In the device pane Physical Containers tree, expand the node of the ADC-VX that hosts the
vADC.
2. Select the vADCs and click the
(Manage vADC) button.
139

3.
In the Device Properties dialog box, configure the parameters, and click Submit.
After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and
Clusters tree. The device information is displayed in the content pane, and device properties
information is displayed in the device-properties pane. Once you add the vADC to the device
pane Sites and Clusters tree, you cannot change its location or configure any of its properties
from the Physical Containers tree.
Table 55: vADC Device Properties: General Parameters
Parameter
Description
Name
The name of the device. You can change the default.
(This parameter is not available when

configuring APSolute Vision to manage
multiple vADCs.)
Notes:
Location

names.

The site in the device pane Sites and Clusters tree where
APSolute Vision locates the vADC.
Table 56: vADC Device Properties: SNMP Parameters
Parameter
Description
Management IP
The management IP address as it is defined on the

managed device.
SNMP Version
SNMP Community
The SNMP community name.
(This parameter is displayed only when

SNMP Version is SNMPv1 or SNMPv2.)
User Name
(This parameter is displayed only when Maximum characters: 18

SNMP Version is SNMPv3.)
Use Authentication

(This parameter is displayed only when successful connection.
SNMP Version is SNMPv3.)
Default: disabled
(This parameter is displayed only when Values: MD5, SHA

the Use Authentication checkbox is
Default: MD5
selected.)

the Use Authentication checkbox is
selected.)
140

Table 56: vADC Device Properties: SNMP Parameters (cont.)
Parameter
Description
Use Privacy

(This parameter is displayed only when additional security.
and the Use Authentication checkbox Default: disabled
is selected.)
Privacy Password

the Use Privacy checkbox is selected.)
Table 57: vADC Device Properties: HTTP/S Access Parameters
Parameter
Description
Verify HTTP Access
Specifies whether APSolute Vision verifies HTTP access to

the managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5
and later.
Verify HTTPS Access
Specifies whether APSolute Vision verifies HTTPS access

to the managed device.
Default: Enabled
User Name

Default: admin
Password

Default: admin
HTTP Port

Default: 80
HTTPS Port

Default: 443
Table 58: vADC Device Properties: SSH Access Parameters
Parameter
Description
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name

Default: admin
Password

Default: admin
141

Table 58: vADC Device Properties: SSH Access Parameters (cont.)
Parameter
Description
SSH Port

Default: 22
Note: This value should be the same as the value for
the SSH port configured in the device (Configuration
perspective, System > Management Access >
Management Protocols > SSH).
Table 59: vADC Device Properties: Event Notification Parameters
Parameter
Description
Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events
Values:
EnabledThe APSolute Vision server configures itself

as a target of the device events (for example, traps,
alerts, IRP messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision

server adds the device without registering itself as a
target for events.
For an existing device, the APSolute Vision removes
Default: Enabled
APSolute Vision runs this action each time you click
Submit in the dialog box.
For more, important information, see APSolute Vision
Server Registered for Device EventsAlteon and
LinkProof NG, page 144.
Register APSolute Vision Server IP
(This parameter is available only when
the Register This APSolute Vision
Server for Device Events checkbox is
selected.)
Remove All Other Targets of Device
Events
The port and IP address of the APSolute Vision server to

which the managed device sends events.
Specifies whether the APSolute Vision server removes

from the device all recipients of device events (for
example, traps, and IRP messages) except for its own
address.
(This parameter is available only when

the Register This APSolute Vision
Server for Device Events checkbox is Default: Disabled
selected.)
APSolute Vision runs this action each time you click
Submit in the dialog box. For example, if you select the
checkbox and click Submit and later, a trap target is
added to the trap target-address tableAPSolute Vision
removes the additional address the next time you click
Submit in the dialog box.
For more, important information, see APSolute Vision
Server Registered for Device EventsAlteon and
LinkProof NG, page 144.
142

The following procedure, To edit device connection information, page 143, is relevant for the
following device types:
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
To edit device connection information

1. In the device pane Sites and Clusters tree, select the device name.
2. Click the
(Edit) button.
3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.
To edit ADC-VX connection information

1. In the device pane Physical Containers tree, select the device.
2. Click the
(Edit) button.
3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.
The following procedure, To delete a device, page 143, is relevant for the following device types:
Alteon standalone
Alteon VA
AppWall
DefensePro
LinkProof NG
To delete a device
1. In the device pane Sites and Clusters tree, select the device name, and click the
button.
(Delete)
2. Click Yes in the confirmation box. The device is deleted from the list of managed devices.
143

To delete an ADC-VX
1.
In the device pane Physical Containers tree, select the device name and click the
button.
2.
Click Yes in the confirmation box. The device is deleted from the list.
(Delete)
To export a CSV file with the devices in the Sites and Clusters tab
1.
In the device pane Sites and Clusters tree, click
(Export Device List to CSV).
2.
View the file or specify the location and file name, and then, click Save.
The CSV file includes the following columns:
Device Name
Device Type
Status
Software Version
MAC Address
License
Platform
Form Factor
HA Status
Device Driver
Note: The file does not include information regarding sites.
APSolute Vision Server Registered for Device Events

Alteon and LinkProof NG
In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click Submit in the dialog box.
In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run
the Apply command, APSolute Vision configures itself as a target of the device events and ensures
that the device also sends traps for authentication-failure events.
Alteon, by default, does not send traps for authentication-failure events.
The CLI command for enabling sending traps for these events is
/cfg/sys/ssnmp/auth.
You can view the APSolute Vision address target with the CLI commands
/cfg/sys/ssnmp/trap1 or /cfg/sys/ssnmp/trap2.
144

APSolute Vision Server Registered for Device Events

DefensePro
In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click Submit in the dialog box.
DefensePro support a device being managed by multiple APSolute Vision servers.
When multiple APSolute Vision servers manage the same DefensePro device, the device sends the
following:
Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target
Parameters table contain entries for all APSolute Vision servers.
Packet-reporting data only to the last APSolute Vision server that registered on the device.
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter might not collect and display
information about the device.
Locking and Unlocking Devices

When you have permissions to perform device configuration on a specific device, you must lock the
device before you can configure it. Locking the device ensures that other users cannot make
configuration changes at the same time. The device remains locked until you unlock the device, you
disconnect, until the Device Lock Timeout elapses, or an Administrator unlocks it.
Locking a device does not apply to the same device that is configured on another APSolute Vision
server, using Web Based Management, or using the CLI.
Note: Only one APSolute Vision server should manage any one Radware device.
While the device is locked:
The device icon in the device pane includes a small lock symbol
LinkProof NG,
for AppWall, and
for Alteon and
for DefensePro.
Configuration panes are displayed in read-only mode to other users with configuration
permissions for the device.
If applicable, the Submit button is available.
If applicable, the
(Add) button is displayed.
To lock a single device

1. In the device pane, select the device.
2. In the device-properties pane, click
(the drawing of the unlocked padlock at the lower-left
corner of the device drawing). The drawing changes to
145

To unlock a single device

1.
In the device pane, select the device.
2.
In the device-properties pane, click
(the drawing of the locked padlock at the lower-left
(a picture of an unlocked padlock).
To lock multiple devices

1.
In the device pane, select the devices to lock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.
2.
Click the
3.
(View) button.
(the drawing of the unlocked padlock at the lower-left
To unlock multiple devices

1.
In the device pane, select the devices to unlock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.
2.
Click the
3.
(View) button.
(the drawing of the locked padlock at the lower-left
(a picture of an unlocked padlock).
Managing DefensePro Clusters for High Availability

Radware recommends installing DefensePro devices in pairs to provide high availability (HA)that
is, fault tolerance in the case of a single device failure.
Note: DefensePro does not support this feature when the Device Operation Mode is IP (see
Configuring the Device Operation Mode for DefensePro, page 153).
High-Availability in DefenseProOverview, page 147
Configuring High-Availability Clusters, page 149
Monitoring DefensePro Clusters, page 150
Synchronizing High-Availability Devices and Switching the Device States, page 151
146

High-Availability in DefenseProOverview
To support high availability (HA), you can configure two compatible DefensePro devices to operate in
a two-node cluster. One member of the cluster is configured as the primary; the other member of
the cluster assumes the role of secondary.
Both cluster members must meet the following requirements:
Must use the same:
Platform
Software version
Software license
Throughput license
Radware signature file
Must be on the same network.
Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,
or both MNG-1 and MNG-2 on both devices).
When you configure a cluster and submit the configuration, the newly designated primary device
configures the required parameters on the designated secondary device.
You can configure a DefensePro high-availability cluster in the following ways:
To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, you can use the High Availability pane (Configuration perspective, Setup >
High Availability). When you specify the primary device, you specify the peer device, which
becomes the secondary member of the cluster.
To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and
Associated Management Ports), you can use the Create Cluster pane. The following graphic
shows the Create Cluster pane and the device pane.
Figure 30: Create Cluster Pane
The members of a cluster work in an active-passive architecture.
147

When a cluster is created:
The primary device becomes the active member.
The secondary device becomes the passive member.
The primary device transfers the relevant configuration objects to the secondary device.
A secondary device maintains its own configuration for the device users, IP interfaces, routing, and
the port-pair Failure Mode.
A primary device immediately transfers each relevant change to its secondary device. For example,
after you make a change to a Network Protection policy, the primary device immediately transfers
the change to the secondary device. However, if you change the list of device users on the primary
device, the primary device transfers nothing (because the secondary device maintains its own list of
device users).
The passive device periodically synchronizes baselines for BDoS and HTTP Mitigator protections.
The following situations trigger the active device and the passive device to switch states (active to
passive and passive to active):
The passive device does not detect the active device according to the specified Heartbeat
Timeout.
All links are identified as down on the active device according to the specified Link Down
Timeout.
Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the
specified Idle Line Timeout.
You issue the Switch Over command. To switch the device states, select the cluster node, and
then select Switch Over.
You cannot perform many actions on a secondary device.

You can perform only the following actions on a secondary device:
Switch the device state (that is, switch over active to passive and passive to active).
Break the cluster if the primary device is unavailable.
Configure management IP addresses and routing.
Configure the port-pair Failure Mode.
Manage device users.
Download a device configuration.
Upload a signature file.
Download the device log file.
Download the support log file.
Reboot.
Shut down.
Change the device name.
Change the device time.
Initiate a baseline synchronization if the device is passive, using the CLI or Web Based
Management.
Notes
To create a cluster, the devices must not be locked by another user.
By design, an active device does not fail over during a user-initiated reboot. Before you reboot
an active device, you can manually switch to the other device in the cluster.
148

You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web
Based Management.
When you upgrade the device software, you need to break the cluster (that is, ungroup the two
devices). Then, you can upgrade the software and reconfigure the cluster as you require.
In an existing cluster, you cannot change the role of a device (primary to secondary or vice
versa). To change the role of a device, you need to break the cluster (that is, ungroup the two
devices), and then, reconfigure the cluster as you require.
If the devices of a cluster belong to different sites, APSolute Vision creates the cluster node
under the site where the primary device resides; and APSolute Vision removes the secondary
device from the site where it was configured.
APSolute Vision issues an alert if the state of the device clusters is ambiguous. For example, if
there has been no trigger for switchover and both cluster members detect traffic. This state is
normal during the initial synchronization process.
There is no failback mechanism. There is only the automatic switchover action and the manual
Switch Over command.
When a passive device becomes active, any grace time resets to 0 (for example, the time of the
Graceful Startup Mode Startup Timer).
You can monitor high-availability operation in the High Availability pane of the Monitoring
perspective (Monitoring perspective, Operational Status > High Availability).
The Properties pane displays the high-availability information of the selected device.
Configuring High-Availability Clusters

You can configure DefensePro high-availability clusters from the APSolute Vision device pane Sites
and Clusters tab.
To create a DefensePro high-availability cluster

1. In the device pane Sites and Clusters tab, select the two DefensePro devices for the cluster
(select one device and press Ctrl and click the other device).
2. Click the
(Create Cluster) button.
Table 60: Cluster Setup Parameters
Parameter
Description
Cluster Name
The name for the cluster (up to 32 characters).
Primary Device
Specifies which of the cluster members is the primary device.
Associated Management Ports
Specifies the management (MNG) port or ports through which the

primary and secondary devices communicate.
Values: MNG1, MNG2, MNG1+2
Note: You cannot change the value if the currently specified
management port is being used by the cluster. For example, if
the cluster is configured with MNG1+2, and MNG1 is in use,
you cannot change the value to MNG2.
149

To break a DefensePro high-availability cluster

1.
In the device pane Sites and Clusters tab, select cluster node.
2.
Click the
(Break Cluster) button.
After your confirmation, the cluster node is removed from the tree, and the DefensePro devices
are displayed under the parent node.
To rename a DefensePro high-availability cluster

1.
In the device pane Sites and Clusters tab, select the cluster node.
2.
Click the
3.
In the Cluster Name text box, type the new name (up to 32 characters).
4.
Click Submit.
(Edit) button.
To change the associated management ports of a DefensePro high-availability cluster

1.
In the device pane Sites and Clusters tab, select the cluster node.
2.
Click the
3.
Configure the parameters, and then click Submit.
(Edit) button.
Note: You cannot change the value if the currently specified management port is being used by
the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you
cannot change the value to MNG2.
Monitoring DefensePro Clusters

In the device pane, APSolute Vision identifies the high-availability cluster elements, roles, modes,
and states using various combinations of icons and icon elements.
The following table describes the icons that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.
Table 61: Icons for DefensePro High-Availability Clusters
Icon
Description
Cluster
Primary device
Secondary device
The following table describes the icon elements that APSolute Vision displays in the device pane for
150

Table 62: Icons Elements for DefensePro High-Availability Clusters
Icon Element Description

Active device
Synchronizing
Unavailable
The following table describes some icons that APSolute Vision can display in the device pane for
Table 63: Icons for DefensePro High-Availability ClustersExamples
Icon
Description
The cluster is operating nominally.
The primary device is active, unlocked, and operating nominally.
The primary device is passive, unlocked, and operating nominally.
The secondary device is active, locked, and operating nominally.
The secondary device is passive, unlocked, and operating nominally.

The device unavailable.
Synchronizing High-Availability Devices and Switching the Device States

Use the Synchronize button to synchronize the members of a high-availability cluster. Use the
Switch Over button to switch the state of the members of a high-availability cluster.
To synchronize the members of a high-availability cluster

1. In the device pane, select the cluster node.
2. Lock the devices.
3. Click the
(Synchronize) button.
To switch the state of the members of a high-availability cluster

1. In the device pane, select the cluster node.
2. Lock the devices.
3. Click the
(Switch Over) button.
151

Using the Multi-Device View and the Multiple Devices

Summary
APSolute Vision the displays multi-device view when you select multiple devices in the device pane,
and then click the
(View) button.
Use the multi-device view to do the following:
Lock multiple devices to configure them.
View the Multiple Devices Summary table.
Run configuration-management actions for the relevant devicesYou can run the Apply
or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on
multiple DefensePro devices.
Open the Multi-Device Configuration dialog box to configure multiple devices

simultaneouslyFor more information, see Configuring Multiple Devices, page 156.
Open the Security Monitoring perspectiveIn the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabswith the data
aggregated for all the selected devices. For more information, see Using Real-Time Security
Monitoring, page 381.
Figure 31: Multi-Device View

Multiple devices are selected. You can select a site or select multiple devices (using standard
mouse click/keyboard combinations) whether or not the devices are in the same site.
View button.
Configuration buttonOpens the Multi-Device Configuration
dialog box.
Security Monitoring button Opens the Security
Monitoring perspective.
The relevant configuration-management buttons
display for the selected devices.
Multiple Devices
Summary pane.
152

To open the multi-devices view

1. In the device pane, select the devices. You can select a site or select multiple devices (using
standard mouse click/keyboard combinations) whether or not the devices are in the same site.
2. Click the
(View) button.
After You Set Up Your Managed Devices

After you set up your network of managed devices, and establish a connection to the devices,
APSolute Vision obtains the network configuration and displays the settings in the device
configuration tabs.
You can then do the following:
Set and change the device configuration through APSolute Vision.

For more information about configuring DefensePros associated services, such as network
protection settings, and so on, see Managing DefensePro Network Protection Policies, page 1.
For information about configuring DefensePros associated services, see the APSolute Vision
online help.
Perform administration and maintenance tasks on managed devices such as scheduling tasks,
making backups, and so on.
For more information, see Managing Device Operations and Maintenance, page 155.
Monitor managed devices through APSolute Vision.

For more information, see the APSolute Vision online help.
For more information, see Monitoring and Controlling the DefensePro Operational Status,
page 343.
153

154
Chapter 6 Managing Device Operations and

Maintenance
This section describes the following:
Rebooting and Shutting Down Managed Devices, page 155
Configuring Multiple Devices, page 156
Using the Diff Feature, page 157
Device-Configuration Management (Global Commands) for Alteon and LinkProof NG, page 158
Upgrading DefensePro Device Software, page 161
Downloading a DefensePro Log File to the APSolute Vision Client, page 162
Updating a Radware Signature File or RSA Signature File in DefensePro Devices, page 162
Downloading a DefensePro Technical Support File, page 164
Managing DefensePro Configurations, page 164
Updating DefensePro Policy Configurations, page 166
Rebooting and Shutting Down Managed Devices

You can activate a device reboot (reset) or device shutdown from APSolute Vision.
Some configuration changes on the device require a device reboot for the configuration to take
effect. You can activate the device reboot from APSolute Vision.
For Alteon and LinkProof NG:
Reset will cause failover of the ADC, which might cause an interruption in network service.
If possible, synchronize the configuration before you reset the system.
Configuration changes that have not been applied will be lost. Run the Diff command to view
the changes that have not been applied, and then, run the Apply command as needed.
Configuration changes that have not been saved will be lost. Run the Diff Flash command to
view the changes that have not been saved, and then, run the Save command as needed.
The spanning tree will be restarted, which will likely cause an interruption in network service.
Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see
Managing Tasks in the Scheduler, page 222.
To reboot a device
1.
Lock the device.
2.
In the Properties pane, click the
3.
Select Reset.
(On-Off) button, which is part of the device picture.
155

Managing Device Operations and Maintenance
To shut down a device

1.
Lock the device.
2.
In the Properties pane, click the
3.
Select Shut Down.
(On-Off) button, which is part of the device picture.
Configuring Multiple Devices

Use the Multi-Device Configuration feature to make changes to multiple devices of the same type
and major version.
To configure the multiple devices

1.
In the device pane, select the devices. You can select a site or select multiple devices (using
standard mouse click/keyboard combinations) whether or not the devices are in the same site.
2.
Click the
3.
Click
(View) button.
. The Multi-Device Configuration dialog box opens.
Note: The top table, which you can filter, contains all the selected devices and comprises the
following columns: Device Type, Device Name, IP Address, and Version.
4.
From the top table, select the lead device, whose configuration changes will be applied to the
selected additional devices. The bottom table, which you can filter, displays the selected devices
of the same type and major version.
5.
From the bottom table, select the checkbox next to each device that the lead device will try to
change.
6.
Click Go. The GUI of the lead device opens. The device pane shows the lead device and the
selected additional devices as selected.
7.
Lock the devices if necessary.
8.
Make a required change in the GUI of the lead device.
9.
After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the selected additional devices.
Notes
APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on a selected additional devices.
10. Repeat step 8 and step 9 as necessary.
156

Using the Diff Feature

Click the
(Diff) button to run the following commands on a single selected device:
Compare (Alteon, DefensePro, and LinkProof NG only)Compares the configuration of the

selected device with one of the following:
Other Device Running ConfigurationThat is, another device of the same type and
major version
Backup File from SystemThat is, a device-configuration backup file stored on the
APSolute Vision server
Backup File from Local File SystemThat is, a device-configuration backup file stored on
the local file system
The Compare action displays differences in the configurations using a green background for the
configuration of the first device and red background for the configuration of the other device.
Diff (Alteon and LinkProof NG only)Collects the pending configuration changes.
Diff Flash (Alteon and LinkProof NG only)Collects the pending configuration changes and the
affected configuration stored in flash memory on the device.
Figure 32: Diff Feature (Displaying Options for Alteon)
Click the
(Save to File) button to save the results to a specified location.
157

Device-Configuration Management (Global Commands)

for Alteon and LinkProof NG
Alteon and LinkProof NG devices support the following configuration-management actionsalso
referred to as global commands.
Table 64: Alteon and LinkProof-NG Device Configuration Management Actions
Role
Description
Apply
Applies any changes that have been made to the device configuration.
If the new configuration is different from the current configuration, to
indicate that the Apply command is required to take effect, the Apply
Required button is displayed with an orange background.
The Apply operation requires the device to be locked. When you select
a single device, the Apply option is available only if the device is
locked. When you select multiple devices, the Apply option is always
available. When you select the Apply option for multiple devices,
APSolute Vision tries to lock all the selected devices. If APSolute Vision
is able to lock all the devices, APSolute Vision performs the Apply
operation. When the operation completes, APSolute Vision unlocks the
devices that were unlocked prior to the operation. If APSolute Vision is
not able to lock all the devices because some of the devices are locked
by another user, a pop-up message is displayed, asking you whether
to continue the Apply operation on the remaining devices (that is, the
devices are locked by you or not locked at all). If you confirm the
action, APSolute Vision performs the Apply operation. When the
operation completes, APSolute Vision unlocks the devices that were
unlocked prior to the operation.
Note: During the Apply operation, the device icon in the device
pane may momentarily change from locked
to
maintenance
, and the value of the Status parameter in
the device-properties pane may momentarily change from Up to
Maintenance.
Save
Saves the current configuration in backup memory and saves the

active configuration by overwriting the current configuration. TW Note
that there is also Save Configuration (no back up), which saves the
current configuration to the flash memory.
When you select a single device, this option is available only if the
device is locked. When you select multiple devices, this option is
always available.
Revert
Reverts the device to the current active configuration.

When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were not applied.
When you select multiple devices, this option is always available.
Revert Apply
Reverts the device to the current saved configuration.

When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were applied but
not saved. When you select multiple devices, this option is always
available.
158

Table 64: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)
Role
Description
Diff
Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 157.
Diff Flash
Collects the pending configuration changes and the affected

configuration stored in flash memory on the device. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
Note: For more information, see Using the Diff Feature, page 157.
Dump
Collects a dump of the current device configuration. You can view,

save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
To perform a configuration-management action on a single device

1. From the device pane, select the device name.
2. Click the required button. The Diff Flash option is available when you click the Diff button. The
Revert Apply option is available when you click the arrow of the Revert button.
Figure 33: Apply (Required) and Save (Required) Buttons
Figure 34: Revert ButtonArrow Clicked Shows Revert and Revert Apply Options
159

Figure 35: Diff ButtonClicked Displays Compare, Diff, and Diff Flash Options
Figure 36: Dump ButtonClicked
160

Upgrading DefensePro Device Software

You can upgrade the software version on DefensePro devices from APSolute Vision.
A device upgrade enables the new features and functions on the device without altering the existing
configuration. In exceptional circumstances, new software versions are incompatible with legacy
configuration files from earlier software versions. This most often occurs when attempting to
upgrade from a very old version to the most recently available version.
The software version file must be located on the APSolute Vision client system. APSolute Vision
automatically transfers it to the APSolute Vision server and uploads it to the device. New software
versions require a password, which can be obtained from the Radware corporate Web site. For a
maintenance-only upgrade, the password is not required.
After the device upgrade is complete, you must reboot the device.
Caution: Before upgrading to a newer software version, do the following:
Back up the existing configuration file. For more information, see Downloading a DeviceConfiguration File, page 27.
Ensure that you have configured on the device the authentication details for the protocol used to
upload the file.
To update the device software version

2. Click the arrow of the Operations icon.
Figure 37: Arrow of the Operations Icon
3. Select Update Software Versions.

4. Configure software upgrade parameters, and click Update.
5. When the device upgrade is complete, reboot the device.
Table 65: Software Upgrade Parameters
Parameter
Description
Upload Via
(Read-only) The protocol used to upload the software file from APSolute
Vision to the device.
Value: HTTPS
File Name
The name of the file to upload.
Software Version
The software version number as specified in the new software

documentation.
Password
Enter the password received with the new software version, and verify.
The password is case sensitive.
161

Downloading a DefensePro Log File to the APSolute

Vision Client
You can download a log file to the APSolute Vision client system. The log file is automatically
generated by the device and contains a report of configuration errors. The log file can be used for
debugging.
To download a device log file

1.
In the device pane, select the device
2.
Click the arrow of the
3.
Click Export Log File.
4.
Configure download parameters, and click Submit.
(Operations) icon.
Table 66: Device Log File Download Parameters
Parameter
Download Via
Description
(Read-only) The protocol used to download the log file.
Value: HTTPS
Save As
Save the downloaded log file as a text file on the client system. Enter or
browse to the location of the saved log file, and select or enter a file
name.
Updating a Radware Signature File or RSA Signature File

in DefensePro Devices
You can upload an updated Radware signature file or RSA signature file to a DefensePro device.
You can upload an updated Radware signature file to a DefensePro device.
Uploading an updated RSA signature file is relevant only DefensePro version-6.x devices.
You can upload an updated Radware signature file to a DefensePro device from the following
sources:
Radware.com or the proxy file server that is configured in the Vision Server
Connection configurationThe Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
APSolute Vision client systemThe name of the signature file must be <DEVICE-MACADDRESS>.sig.
Caution: Updating the signature file consumes large amounts of resources, which may cause the
device to go temporarily into an overload state. Radware recommends updating the signature file
during hours of low activity.
162

Note: You can schedule signature-file updates in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.
For more information about using signature files, see the DefensePro User Guide.
To update the signature file of a device

2. Click the arrow of the
(Operations) icon.
3. Select Update Security Signatures.

4. Configure the parameters, and click Update.
Table 67: Update Device Signature File Parameters for DefensePro
Parameter
Description
Signature Type
The type of the signature file to upload to the device.

Values:
Radware Signatures
RSA Signatures
Note: You can select RSA Signatures only on DefensePro version6.x devices that have Fraud Protection enabled.
Update From
The location of the signature file to upload.

Values:
Upload Via
Radware.comAPSolute Vision uploads the signature file directly

from Radware.com or from the proxy server that is configured in
the Vision Server Connection configuration.
ClientAPSolute Vision uploads the signature file from the

APSolute Vision client system. This option is only available for
Radware signatures.
The protocol used to upload the signature file.

Values: HTTP, HTTPS, TFTP
File Name
Name of the signature file on the client system.
(This parameter is
displayed only when
Update From Client is
selected)
163

Downloading a DefensePro Technical Support File

For debugging purposes, a DefensePro device can generate a TAR file containing the technical
information that Radware Technical Support requires. The file includes output of various CLI
commands, for example, a printout of the Client table.
You can download a DefensePro technical support file and send it to Radware Technical Support.
Note: You can also download a DefensePro technical support file using the DefensePro CLI. For
more information, see the DefensePro User Guide.
Use the following procedure to download a technical support file using APSolute Vision.
To download a technical support file using APSolute Vision
1.
In the device pane, select the device, and then, click the arrow of the
icon.
2.
Select Export Tech Support File.
3.
Configure download parameters, and click Submit.
(Operations)
Table 68: Device Technical Support File Download Parameters
Parameter
Description
Download Via
(Read-only) The protocol used to download the technical support file.

Value: HTTPS
Save As
Save the downloaded technical support file as a text file on the client
system. Enter or browse to the location of the saved file, and select or
enter a file name.
Managing DefensePro Configurations

This section describes how to manage configurations of the DefensePro devices that are configured
on the APSolute Vision server.
DefensePro Configuration File Content

The configuration file content is divided into two sections:
Commands that require rebooting the deviceThese include BWM Application

Classification Mode, Application Security status, Device Operation Mode, tuning parameters, and
so on. Copying and pasting a command from this section takes effect only after the device is
rebooted. The section has the heading: The following commands will take effect
only once the device has been rebooted!
Commands that do not require rebooting the deviceCopying and pasting a command
from this section takes effect immediately after pasting. The commands in the section are not
bound to SNMP. The section has the heading: The following commands take effect
immediately upon execution!

The commands are printed within each sectionin the order of implementation.
164

At the end of the file, the device prints the signature of the configuration file. This signature is used
to verify the authenticity of the file and that it has not been corrupted. The signature is validated
each time the configuration file is uploaded to the device. If the validity check fails, the device
accepts the configuration, but a notification is sent to the user that the configuration file has been
tampered with and there is no guarantee that it works. The signature looks like File Signature:
063390ed2ce0e9dfc98c78266a90a7e4.
Downloading a Device-Configuration File

You can download a configuration file from a managed device to APSolute Vision, for backup. If you
choose to download to the APSolute Vision server, a copy is always saved in the APSolute Vision
database.
By default, you can save up to five (5) configuration files per device on the APSolute Vision server.
You can change this parameter in the APSolute Vision Setup page up to a maximum of 10. When the
limit is reached, you are prompted to delete the oldest file. For more information, see Configuring
APSolute Vision Server Advanced Parameters, page 122.
Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.
To download a device-configuration file

2. Click the arrow of the
(Operations) icon.
3. Select Export Configuration File.

4. Configure the download parameters, and then, click Save.
Table 69: Device Configuration File Download Parameters
Parameter
Description
Download to
Where to back up the device configuration file.

Values: Client, Server
Download Via
(Read-only) The protocol used to download the configuration file.

Values: HTTPS
Save As
Save the downloaded configuration file as a text file on the client system.
On the server, the default name is a combination of the device name and
backup date and time. You can change the default name.
Passphrase
The passphrase for HTTPS.
(This parameter is
displayed only in Alteon
devices.)
Include Private Keys
When enabled, the certificate private key information is included in the

downloaded file. You must include the private key information to restore
the private keys; otherwise, the device reverts to default keys.
165

Restoring a Device Configuration

You can restore a DefensePro or DefenseFlow configuration from a backup configuration file on the
APSolute Vision server or client system to the DefensePro or DefenseFlow device. When you upload
the configuration file to the device, it overwrites the existing device configuration.
After the restore operation is complete, you must reboot the device.
Caution: Importing a configuration file that has been edited is not supported.
Caution: Importing a configuration file from a different version is not supported.
To restore a devices configuration

1.
In the device pane, select the device.
2.
Click the arrow of the
3.
Click Import Configuration File.
4.
Configure upload parameters, and click Submit.
5.
When the upload completes, reboot the device.
(Operations) icon.
Table 70: Device Configuration File Upload Parameters
Parameter
Description
Upload from
The location of the backup device configuration file to send.

Values: Client, Server
Upload Via
(Read-only) The protocol used to upload the configuration file.

Value: HTTPS
File Name
When uploading from the client system, enter or browse to the name of
the configuration file to upload.
When uploading from the server, select the configuration to upload.
Passphrase
The passphrase for HTTPS.
(This parameter is
available only with
Alteon devices.)
Updating DefensePro Policy Configurations

You can apply the following configuration changes to a DefensePro device in a single operation:
Network Protection policy
Server Protection policy
ACL policy
White list
166

Black list
Classes
To update policy configurations on a DefensePro device
>
In the device pane, select the device, and then, click the
button.
167

168
Chapter 7 Using Templates in APSolute Vision

Using DefensePro Templates, page 169
Using AppShape Templates and Instances, page 176
Using Administrative Scripts, page 214
Using DefensePro Templates

This feature is available only in DefensePro 6.x versions 6.11 and later, and 7.x versions.
You can export and import DefensePro configuration templates.
A DefensePro configuration template can include the configuration (the definitions and security
settings) and/or policy baselines of a Network Protection policy and/or Server Protection policy.
A template from a Network Protection policy can include the baselines from the associated DNS and/
or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:
DefensePro setup and network configurationFor example, device time, physical ports,
and so on.
DefensePro security settingsThe protections that a policy template uses must be

supported and enabled globally in the target DefensePro device (that is, the target DefensePro
device into which you are importing the policy template). For example, if you export a Network
Protection policy that includes a BDoS Protection profile, the DefensePro device into which you
are importing the policy template must have BDoS Protection enabled globally (Configuration
perspective, Setup > Security Settings > BDoS Protection > Enable BDoS Protection).
User-defined signatures.
Notes
The terms Network Protection policy, and network policy may be used interchangeably in
APSolute Vision and in the documentation.
You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.
versions into platforms running supported 7.x versions.
You can import Server Protection policies from DefensePro platforms running supported 6.x
169

Using Templates in APSolute Vision
Exporting a Network Protection Policy as a Template

Use the following procedure to export a Network Protection policy as a template.
To export a Network Protection policy as a template

1.
In the Configuration perspective, select Network Protection > Network Protection Policies.
2.
Select the Network Protection policy that you want to export, and click
3.
(Export).
Table 71: Export Network Protection Parameters
Parameter
Description
Download To
Values:
ClientDefensePro exports the template to the location specified in

the filepath or by browsing to the location with the Browse button.
ServerDefensePro exports the template to the APSolute Vision

database.
Default: Server
Download Via
(Read-only) The transport method.

Value: HTTPS
Configuration
Specifies whether DefensePro exports the template with the configuration

of the policy.
Default: Enabled
DNS Baseline
Specifies whether DefensePro exports the template with the current DNS
baseline of the policy.
Default: Enabled
BDoS Baseline
Specifies whether DefensePro exports the template with the current BDoS
Default: Enabled
User-Defined Signature Specifies whether DefensePro exports the template with the current userProtection Profile
defined Signature Protection profile of the policy.
Default: Enabled
Save As
The filepath when Download To is Client or the filename when

Download To is Server.
The default filename uses the following format (with no extension):
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2014.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
170

Exporting a Server Protection Policy as a Template

Use the following procedure to export a Server Protection policy as a template.
To export a Server Protection policy as a template

1. In the Configuration perspective, select Server Protection > Server Protection Policy.
2. Select the policy that you want to export, and click
(Export).
3. Configure the parameters, and then click Submit.
Table 72: Export Server Protection Parameters
Parameter
Description
Download To
Values:
ClientDefensePro exports the template to the location specified in

the filepath or by browsing to the location with the Browse button.
ServerDefensePro exports the template to the APSolute Vision

database.
Default: Server
Download Via
(Read-only) The transport method.

Value: HTTPS
Configuration
Specifies whether DefensePro exports the template with the configuration

of the policy.
Default: Enabled
HTTP Baseline
Specifies whether DefensePro exports the template with the current HTTP
Default: Enabled
Save As
The filepath when Download To is Client or the filename when

Download To is Server.
The default filename uses the following format (with no extension):
<DeviceName>__<PolicyName>_<date>_<time>
Example:
MyDefensePro__MyPolicy_2015.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Date and Time
Format.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
171

Managing DefensePro Configuration Templates

Use the DefensePro Configuration Templates pane to manage security-protection templates.
The DefensePro Configuration Templates pane contains the table of templates, which comprises the
following columns:
Source Device NameDisplays one of the following:
The name of the device from which the template was exported.
LocalThe template was uploaded from the local PC.
SystemThe template is a predefined template.
File NameDisplays the filename of the template.
File TypeDisplays Server Protection for a template from a Server Protection policy or
Network Protection for a template from a Network Protection policy.
Export DateDisplays the date and time that the template was added to the Template List.
The date-time format is determined in the APSolute Vision Settings view Preferences
perspective, under General Settings > Date and Time Format.
The template table can contain up to 2000 entries.

You can filter the display of the list for convenience and efficiency, and clear the filter as necessary.
You can select one or multiple rows, using standard key combinations.
When you make a selection, you can do the following:
Send the templates to one or more DefensePro devices.
Delete the templates from one or more DefensePro devicesThe delete command
removes the selected template(s) from the table and, from the DefensePro devices, the policy
definitions and all other policy-related configurations (Network Classes, VLAN Tag Classes,
profile definitions) as long as the other policies on the device(s) are not using those objects.
Add (upload) templates from another location to the template table.
Download the templates to another location.
Delete the rowsThis action deletes the policy or policies, without the related objects.
To filter the display of the template list

1.
Click Templates (
2.
Configure the parameters, and then, click the
172
) to open the DefensePro Configuration Templates pane.

(Search) button.

Table 73: Template-List Filter Parameters
Parameter
Source Device Name
Description
Values:
Device nameShows only the templates downloaded from the

selected device.
LocalShows only the templates uploaded from the local PC.
SystemShows only the predefined templates.
Default: All
File Type
File Name
Values:
Server ProtectionShows the templates from Server Protection

policies.
Network ProtectionShows the templates from Network Protection

policies.
The filename that the filter uses. The value supports one or two
wildcards (*).
Examples:
*pol* Shows any filename containing the string pol.
*pol Shows any filename ending with the string pol.
pol* Shows any filename starting with the string pol.
To clear the template-list filter and show all of the stored templates
1. Click Templates (
2. Click Clear.
To send templates to DefensePro devices

2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Send to Devices.
173

Table 74: Send to Devices: Select Devices to Update Parameters
Parameter
Description
Available Devices
The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.
Selected Devices
The DefensePro devices selected to update. Select devices and use

the arrows to move them to the other list as required.
Update Method
Values:
Append to Existing ConfigurationThe template adds the policy

and profile configurations, and any baselines, to the devices in the
Selected Devices list. If a policy or profile name exists in a
target device, the update fails.
Overwrite Existing ConfigurationThe template adds the policy

and profile configurations, and any baselines, to the devices in the
Selected Devices list. If a policy or profile with the same name
exists in a target device, the template overwrites it.
Default: Overwrite Existing Configuration

Caution: The following limitations exist for user-defined Signature
Protection profiles included in the policy (DefensePro 6.x versions
6.13 and later with the User-Defined Signature Protection
Profile option enabled):
When the Update Method is Append to Existing

Configuration and the policy does not exist, but a user-defined
Signature Protection profile name exists in the target device, the
policy is created in the target device using the existing Signature
protection profile.
When the Update Method is Overwrite Existing

Configuration and the user-defined Signature Protection profile
name exists in the target device, the policy is created or modified
(if it exists already), but the template does not modify the rules or
attributes of the existing Signature Protection profilethe
template only extends the profile with new rules and attributes on
the target device.
Install on Instance
The identifier or the DefensePro hardware instance onto which to add

(This parameter is relevant the template.
only for DefensePro x420
Values: 0, 1
platforms.)
Default: 0
Update Policies After
Sending Configuration
Values:
EnabledAfter successfully uploading a template to a device, an

Update Policies (activate latest changes) action is automatically
initiated.
DisabledAfter successfully uploading a template to a device, an

Update Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled
174

To delete templates and associated configuration objects from DefensePro devices

2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Delete from Devices.
Table 75: Delete from Devices: Select Devices to Update Parameters
Parameter
Description
Available Devices
The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.
Selected Devices
The DefensePro devices selected to update. Select devices and use

the arrows to move them to the other list as required.
Note: The list can contain only DefensePro devices running 6.x
versions 6.14 and later, or 7.x versions 7.41.02 and later.

Values:
EnabledAfter successfully deleting the template(s) and

associated configuration objects from a device, an Update Policies
(activate latest changes) action is automatically initiated.
DisabledAfter successfully deleting the template(s) and

associated configuration objects from the device(s), an Update
Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled
To add (upload) templates from another location to the template list

2. Click the
(Add) button.
Table 76: Upload File to Server Parameters
Parameter
Description
File Type
Values:
Upload From
Server ProtectionThe template defines a Server Protection policy.
Network ProtectionThe template defines a Network Protection policy.
The filepath of the template. Click Browse to browse to the directory and
select the file.
175

To download templates to another location

1.
Click Templates (
2.
Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3.
Select the rows with the required templates (using standard Windows key combinations).
4.
Click the
5.
In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
6.
Click Save.
To delete stored templates

1.
Click Templates (
2.
page 172).
3.
4.
Click the
(Delete) button in the pane.
Using AppShape Templates and Instances

Use AppShape templates to accelerate, simplify, and optimize the configuration of Alteon ADC
devices for deployments of the following applications:
Common Web Applications
DefenseSSL
Microsoft Exchange 2010
Microsoft Exchange 2013
Microsoft Lync External
Microsoft Lync Internal
Oracle E Business
Oracle SOA Suite 11g
Oracle WebLogic 12c
SharePoint 2010
SharePoint 2013
VMware View 5.1
Zimbra
176

AppShape templates configure all the required ADC options tailored and optimized for the selected
business application. With APSolute Vision, you can create instances of AppShape templates from
one single configuration pane with a small set of parameters.
AppShape configures the full, optimal Server Load Balancing (SLB) configuration for the selected
business application, which comprises:
Real servers
Server groups
Virtual servers
Virtual services
Application servicessuch as (depending on the selected business application) health check,

FastView optimized caching, compression, connection management, or acceleration
Users with the Administrator role can manage the AppShape templates.
Users with following roles can create AppShape instances on Alteon devices:
Administrator
ADC Administrator
System Configuration
To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run
CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH
must be enabled in the Management Protocols pane (Configuration perspective, System >
Management Access > Management Protocols). And, the SSH port configured in the
Management Protocols pane must be the same as the value in the SSH Port text box in the Device
Properties pane. (The Device Properties pane opens from the Sites and Clusters tab when you add a
new device or edit device properties.)
To view the basic parameters of AppShape instances that the APSolute Vision server is
managing
>
Click Templates (
) and select AppShapes.
Table 77: Basic Parameters of AppShape Instances in APSolute Vision
Parameter
Description
AppShape Type
The AppShape type.
Name
The name of the AppShape instance.

Note: You can change the name in the configuration of the
instance on the device.
Device Name
The name of the device on which the AppShape instance is deployed.
Virtual Address
The virtual IP address of the service.
Configuration Validation
The latest-known status that specifies whether the AppShape

instance is synchronized with the AppShape template.
Last Validation
The last time that the configuration of the device was synchronized
with the AppShape template.
177

You can filter the display of the AppShapes Service table according to the values in any column. The
filter is either a drop-down list or a text box. If the filter is a text box, the result is a case-insensitive
match of a string that the specified string in the value. After you configure the filter criteria, to apply
the filter, click the
button to apply the filter. Click Clear to cancel the filter.
The nodes under the AppShapes node display, by default, the instances of the corresponding
AppShape type.
Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the
default of most AppShape types), configure the SSL certificate before you configure the AppShape
instance (Configuration perspective, Application Delivery > Application Services > SSL >
Certificate Repository).
To create an AppShape instance on a device

1.
Lock the Alteon device on which you intend to configure the AppShape instance.
2.
Click Templates (
3.
Click the
4.
Do the following:
5.
(Add) button in the AppShape Service pane.
From the AppShape Type drop-down list, select the AppShape type that you require.
From the Device Name drop-down list, select the Alteon instance on which to configure the
AppShape instance.
Configure the mandatory parameters, make changes to non-mandatory parameters as required,

and click Submit.
For information on the various AppShape types and associated parameters, see the relevant
section:
Configuring a Common Web Application AppShape Instance, page 180
Configuring a DefenseSSL AppShape Instance, page 182
Configuring a Microsoft Exchange 2010 AppShape Instance, page 184
Configuring a Microsoft Exchange 2013 AppShape Instance, page 188
Configuring a Microsoft Lync External AppShape Instance, page 192
Configuring a Microsoft Lync Internal AppShape Instance, page 196
Configuring an Oracle E-Business AppShape Instance, page 199
Configuring an Oracle SOA Suite 11g AppShape Instance, page 201
Configuring an Oracle WebLogic 12c AppShape Instance, page 204
Configuring a SharePoint 2010 AppShape Instance, page 206
Configuring a SharePoint 2013 AppShape Instance, page 208
Configuring an VMware View 5.1 AppShape Instance, page 210
Configuring a Zimbra AppShape Instance, page 212
To validate an AppShape instance

>
178
Select the row with the AppShape instance and click
(Validate AppShape Instance).

To view or modify the configuration of an existing AppShape instance on a specific

device
2. Select the row with the instance whose configuration you want to view or modify, and then, click
the
(Edit) button.
3. View or modify the configuration as required.
Uploading a New AppShape Template Type to the APSolute Vision Server

You can upload a new AppShape template type to the APSolute Vision server. When you upload a
new AppShape template type to the APSolute Vision server, you do not need to change or even
restart the APSolute Vision server. All you need is the AppShape-template ZIP file, that you receive
from Radware.
Caution: If you upload an AppShape template type that already exists in the APSolute Vision
server, before proceeding, and overwriting the existing template, Radware strongly recommends
that you remove existing instances of the template. If you overwrite the existing template and there
are existing instances of this template, unexpected results may occur.
Note: The online help that includes the description of the new AppShape template type will be in
the online-help files at radware.com and the latest online-help package. The APSolute Vision
administrator can configure whether the online help comes from the APSolute Vision server or from
radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary with the latest online-help package.
To upload a new AppShape template type to the APSolute Vision server

2. Click the
(Upload AppShape Template) button at the top-left of the Templates pane.
3. Navigate to the AppShape-template ZIP file, and then, click Open.
179

Configuring a Common Web Application AppShape Instance

Use the Common Web Application AppShape to configure an Alteon ADC device to work in a network
architecture with a generic HTTP-based application.
Notes
For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Common
Web ApplicationAppShape-generated Configuration, page 573.
The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
To configure a Common Web Application AppShape instance on a device

1.
2.
Click Templates (
3.
4.
) and select AppShapes > Common Web Application.
To add an entry to the table, click the
(Add) button.
To edit an entry in the table, select the entry and click the
(Edit) button.
Table 78: Common Web Application: General Parameters
Parameter
Description
AppShape Type
The specified AppShape type.
Device Name
Table 79: Common Web Application: Web Application Instance Parameters
Parameter
Description
Last Validation
(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that

the configuration device was synchronized with the AppShape
template.
Valid Configuration
(Read-only) Specifies whether the configuration is valid.
Instance Name

Virtual Address
180

Table 80: Common Web Application: Application Servers Parameters
Parameter
Description
Address/Port table
Contains the addresses and ports of each real server configured for the
service.
(Add) button.
button.
(Edit)
For information on configuring real servers, see Configuring Real

Servers, page 326.
Table 81: Common Web Application: Load Balancing Settings Parameters
Parameter
Description
SLB Metric
The SLB metric used to select next server in the group.

Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.
Health Check
The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Table 82: Common Web Application: HTTP Parameters
Parameter
Description
Caching
Specifies whether the HTTP profile uses caching.

Default: Enabled
Compression
Specifies whether the HTTP profile uses compression.

Default: Enabled
Connection Management
Specifies whether the HTTP profile uses connection management.

If enabled, you must configure the proxy IP address.
Default: Enabled
Proxy IP
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Opens the Proxy IP pane. For information on adding a new proxy IP

address, see Configuring Proxy IP, page 118.
181

Table 83: Common Web Application: SSL Parameters
Parameter
Description
SSL Acceleration
Specifies whether SSL offloading is enabled for acceleration.

Default: Enabled
Server Certificate
The name of the SSL certificate, selected from the drop-down list.
(This parameter is
displayed only when the
SSL Acceleration
To edit the selected SSL certificate, click Server Certificate.

For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.
Configuring a DefenseSSL AppShape Instance

Use the DefenseSSL AppShape to configure an Alteon ADC device to work in a network architecture
with DefenseSSL. DefenseSSL mitigates SSL encrypted flood attacks at the network perimeter.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see
DefenseSSLAppShape-generated Configuration, page 575.
To configure a DefenseSSL AppShape instance on a device

1.
2.
Click Templates (
) and select AppShapes > DefenseSSL. The AppShape Type dropdown list displays DefenseSSL.
3.
4.
(Add) button.
(Edit) button.
Table 84: DefenseSSL: General Parameters
Parameter
Description
AppShape Type
Device Name
182

Table 85: DefenseSSL: DefenseSSL Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 86: DefenseSSL: Application Servers Parameters
Parameter
Description
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 87: DefenseSSL: SSL Parameters
Parameter
SSL Acceleration
Description
Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Table 88: DefenseSSL: Static ARP Parameters
Parameter
Description
Address
The IP address for the ARP entry.
MAC Address
The MAC address for the ARP entry.
VLAN
The VLAN for the ARP entry.

Values: 14090
Port
The port for the ARP entry.

The range of valid values depends on the device on which you are
deploying the AppShape instance.
183

Configuring a Microsoft Exchange 2010 AppShape Instance

Use the Microsoft Exchange 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2010.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2010 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.
Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
Figure 38: Alteon and Microsoft Exchange 2010 Architecture
External Clients
Ethernet
Ethernet
DMZ
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
ACT
LINK
10
11
ACT
1000
10/100
Alteon 4416
MNG 1
LINK
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOLE
Alteon.active.device
ACT
192.168.1.1/24
LINK
10
11
ACT
1000
10/100
Alteon 4416
MNG 1
LINK
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS O K
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers

(client access servers)
192.168.1.81
184
192.168.1.82
Mail Box Servers DAG

(not part of the AppShape configuration )
192.168.1.33
192.168.1.34
Exchange SMTP application servers

(HUB transport)
192.168.1.35
192.168.1.36
Active Directory
192.168.1.10

Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2010AppShape-generated Configuration, page 576.
To configure a Microsoft Exchange 2010 AppShape instance on a device

1. Lock the Alteon device on which you intend to configure the AppShape instance.
) and select AppShapes > Microsoft Exchange 2010. The AppShape
Type drop-down list displays Microsoft Exchange 2010.
(Add) button.
(Edit) button.
Table 89: Microsoft Exchange 2010: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 90: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 91: Microsoft Exchange 2010: Protocols Parameters
Parameter
Description
RPC Client Access
The static port for the RPC Client Access Service.

Values: 1065535
Default: 135
185

Table 91: Microsoft Exchange 2010: Protocols Parameters (cont.)
Parameter
Description
RPC Endpoint Mapper
The port for the RPC Endpoint Mapper.

Values: 1065535
Default: 59532
Exchange Address Book
The port for the Exchange Address Book.

Values: 1065535
Default: 59533
POP3
The port for the associated POP3 server.

This parameter is optional.
Values: 1065535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 110
Secured
Specifies whether the POP3 server uses a secured port.

Default: Enabled
IMAP4 (Optional)
The port for the associated IMAP4 server.

This parameter is optional.
Values: 1065535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 143
Secured
Specifies whether the IMAP4 server uses a secured port.

Default: Enabled
Table 92: Microsoft Exchange 2010: Application Servers Parameters
Parameter
Description
Exchange CAS Application Servers

Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
186

Table 92: Microsoft Exchange 2010: Application Servers Parameters (cont.)
Parameter
Description
Exchange SMTP Application Servers

Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 93: Microsoft Exchange 2010: Load Balancing Settings Parameters
Parameter
Description
CAS
SLB Metric
The SLB metric used to select next server in the group.1

Default: Least Connections
Health Check
Default: http
SMTP Settings
SLB Metric

Health Check
Default: smtp
1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.
Table 94: Microsoft Exchange 2010: HTTP Parameters
Parameter
Description
Caching

Default: Enabled
Compression

Default: Enabled

Default: Disabled
187

Table 94: Microsoft Exchange 2010: HTTP Parameters (cont.)
Parameter
Description
Proxy IP

only when the
Connection
selected.)
Table 95: Microsoft Exchange 2010: SSL Parameters
Parameter
SSL Acceleration
Description
Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring a Microsoft Exchange 2013 AppShape Instance

Use the Microsoft Exchange 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2013.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2013 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.
Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
188

Figure 39: Alteon and Microsoft Exchange 2013 Architecture
External Clients
Ethernet
Ethernet
DMZ
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
ACT
LINK
10
11
ACT
Alteon 4416
MNG 1
LINK
1000
10/100
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOLE
Alteon.active.device
ACT
LINK
10
11
ACT
Alteon 4416
MNG 1
LINK
1000
192.168.1.1/24
10/100
PWR
PWR
FAN
ACT LINK
ACT LINK
ACT LINK
ACT LINK
13
14
15
16
SYS OK
ACT
LINK
ACT
12
LINK
RST
USB
MNG 2
CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers

(client access servers)
192.168.1.81
192.168.1.82
Mail Box Servers DAG

192.168.1.33
192.168.1.34
Exchange IMAP application servers

192.168.1.35
192.168.1.36
Exchange POP3 application servers

192.168.1.37
Active Directory
192.168.1.38
192.168.1.10
Notes
Exchange 2013AppShape-generated Configuration, page 579.
To configure a Microsoft Exchange 2013 AppShape instance on a device

1. Lock the Alteon device on which you intend to configure the AppShape instance.
) and select AppShapes > Microsoft Exchange 2013. The AppShape
Type drop-down list displays Microsoft Exchange 2013.
(Add) button.
(Edit) button.
189

Table 96: Microsoft Exchange 2013: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 97: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 98: Microsoft Exchange 2013: Application Servers Parameters
Parameter
Description
Exchange CAS Application Servers

Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Exchange IMAP Application Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
190

Table 98: Microsoft Exchange 2013: Application Servers Parameters (cont.)
Parameter
Description
Exchange POP3 Application Servers

Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 99: Microsoft Exchange 2013: Load Balancing Settings Parameters
Parameter
Description
CAS
SLB Metric

Groups, page 339.
Health Check
Default: http
IMAP Settings
SLB Metric

Health Check
Default: imap
POP3 Settings
SLB Metric

Health Check
Default: pop3
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.
191

Table 100: Microsoft Exchange 2013: HTTP Parameter
Parameter
Description
Compression

Default: Enabled
Table 101: Microsoft Exchange 2013: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring a Microsoft Lync External AppShape Instance

Use the Microsoft Lync External AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync External.
Notes
Link ExternalAppShape-generated Configuration, page 582.
To configure a Microsoft Lync External AppShape instance on a device

1.
2.
Click Templates (
) and select AppShapes > Microsoft Lync External. The AppShape
Type drop-down list displays Microsoft Lync External.
3.
4.
(Add) button.
(Edit) button.
Table 102: Microsoft Lync External: General Parameters
Parameter
Description
AppShape Type
192

Table 102: Microsoft Lync External: General Parameters (cont.)
Parameter
Description
Device Name
Table 103: Microsoft Lync External: Microsoft Lync External Instance Parameters
Parameter
Description
Last Validation
(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f

format, that the configuration device was synchronized
with the AppShape template.
Valid Configuration
Instance Name

Edge AV HTTPS Virtual Address
The text box contains the virtual IP address of the edge

audio-visual service, and the checkbox specifies whether
the service is enabled.
Edge Meeting HTTPS Virtual Address

Meeting service, and the checkbox specifies whether the
service is enabled.
Edge IM HTTPS Virtual Address

instant-messaging service, and the checkbox specifies
whether the service is enabled.
Edge SIP HTTPS Virtual Address

SIP service, and the checkbox specifies whether the
service is enabled.
CWA Virtual Address
The text box contains the virtual IP address of the

Communicator Web Access (CWA) server, and the
checkbox specifies whether the service is enabled.
Table 104: Microsoft Lync External: Application Servers Parameters
Parameter
Description
SIP Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
193

Table 104: Microsoft Lync External: Application Servers Parameters (cont.)
Parameter
Description
IM Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
CWA Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Meeting Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
AV Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
194

Table 105: Microsoft Lync External: Load Balancing Settings Parameters
Parameter
Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync
External Instance Parameters, page 193 table.
Edge HTTPS SIP (443) Settings
SLB Metric

Health Check
Default: TCP
Edge IM (443) Settings

SLB Metric

Health Check
Default: TCP
Edge Meeting (443) Settings

SLB Metric

Health Check
Default: TCP
Edge CWA Settings

SLB Metric

Health Check
Default: TCP
Edge AV (443) Settings

SLB Metric

Health Check
Default: TCP
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Real Servers, page 326.
195

Configuring a Microsoft Lync Internal AppShape Instance

Use the Microsoft Lync Internal AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync Internal.
Notes
Link InternalAppShape-generated Configuration, page 584.
To configure a Microsoft Lync Internal AppShape instance on a device

1.
2.
Click Templates (
) and select AppShapes > Microsoft Lync Internal. The AppShape
Type drop-down list displays Microsoft Lync Internal.
3.
4.
(Add) button.
(Edit) button.
Table 106: Microsoft Lync Internal: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters
Parameter
Description
Last Validation
(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format,

that the configuration device was synchronized with the AppShape
template.
Valid Configuration
Instance Name

Front-End Virtual Address
The text box contains the virtual IP address of the front end, and
the checkbox specifies whether the address is used.
Edge Internal Virtual Address
The text box contains the virtual IP address of the internal edge,
and the checkbox specifies whether the address is used.
Directors Virtual Address
The text box contains the virtual IP address of the directors, and
the checkbox specifies whether the address is used.
196

Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters (cont.)
Parameter
Description
CWA Virtual Address
The text box contains the virtual IP address of the Communicator

Web Access (CWA) server, and the checkbox specifies whether the
address is used.
Table 108: Microsoft Lync Internal: Application Servers Parameters
Parameter
Description
Real Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Edge Internal Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Director Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
197

Table 108: Microsoft Lync Internal: Application Servers Parameters (cont.)
Parameter
Description
CWA Servers
Address/Port table
service.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 109: Microsoft Lync Internal: Load Balancing Settings Parameters
Parameter
Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal
Instance Parameters, page 196 table.
Front-End Settings
SLB Metric

Health Check
Default: TCP
Edge Settings
SLB Metric

Health Check
Default: TCP
Directors Settings
SLB Metric

Health Check
Default: TCP
Edge CWA Settings

SLB Metric

Health Check
Default: TCP
198

Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Real Servers, page 326.
Table 110: Microsoft Lync Internal: CWA HTTP Configuration Parameters
Parameter
Description
Compression
Specifies whether compression is enabled on the Communicator Web

Access (CWA) servers.
Default: Enabled
Domain Name
The CWA domain name.

Example: https://cwa.lyncmycompany.com
Note: Internally, APSolute Vision forces the prefix of the domain
name to be https. For example, if you enter
http://cwa.lyncmycompany.com or just
cwa.lyncmycompany.com, APSolute Vision configures the value in
Alteon as
https://cwa.lyncmycompany.com.
Table 111: Microsoft Lync Internal: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring an Oracle E-Business AppShape Instance

Use the Oracle E-Business AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle E-Business.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle EBusinessAppShape-generated Configuration, page 593.
199

To configure an Oracle E-Business instance on a device

1.
2.
Click Templates (
) and select AppShapes > Oracle E-Business. The AppShape Type
drop-down list displays Oracle E-Business.
3.
4.
(Add) button.
(Edit) button.
Table 112: Oracle E-Business: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 113: Oracle E-Business: Oracle E-Business Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 114: Oracle E-Business: Application Servers Parameters
Parameter
Description
Address/Port table
Oracle E-Business server.
(Add) button.
button.
(Edit)

Servers, page 326.
200

Table 115: Oracle E-Business: Load Balancing Settings Parameters
Parameter
Description
SLB Metric

Groups, page 339.
Table 116: Oracle E-Business: HTTP Parameters
Parameter
Description
Caching

Default: Enabled
Compression

Default: Enabled
Table 117: Oracle E-Business: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring an Oracle SOA Suite 11g AppShape Instance

Use the Oracle SOA Suite 11g AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle SOA Suite 11g.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
SOA Suite 11gAppShape-generated Configuration, page 594.
201

To configure a Oracle SOA Suite 11g instance on a device

1.
2.
Click Templates (
) and select AppShapes > Oracle SOA Suite 11g. The AppShape Type
drop-down list displays Oracle SOA Suite 11g.
3.
4.
(Add) button.
(Edit) button.
Table 118: Oracle SOA Suite 11g: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 119: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Customer VIP
The virtual IP address of the customer.
Internal SOA Services VIP The virtual IP address of the internal SOA services.
Management Access VIP
The virtual IP address of the management access.
Table 120: Oracle SOA Suite 11g: Application Servers Parameters
Parameter
Description
Address/Port table
Oracle SOA Suite 11g server.
(Add) button.
button.
(Edit)

Servers, page 326.
202

Table 121: Oracle SOA Suite 11g: Load Balancing Settings Parameters
Parameter
Description
SLB Metric

Groups, page 339.
Health Check
Default: http
Table 122: Oracle SOA Suite 11g: HTTP Parameters
Parameter
Description
Caching

Default: Enabled
Compression

Default: Enabled

Default: Enabled
Table 123: Oracle SOA Suite 11g: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

203

Configuring an Oracle WebLogic 12c AppShape Instance

Use the Oracle WebLogic 12c AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle WebLogic 12c.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
WebLogic 12cAppShape-generated Configuration, page 596.
To configure a Oracle WebLogic 12c instance on a device

1.
2.
Click Templates (
) and select AppShapes > Oracle WebLogic 12c. The AppShape Type
drop-down list displays Oracle WebLogic 12c.
3.
4.
(Add) button.
(Edit) button.
Table 124: Oracle WebLogic 12c: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 125: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
204

Table 126: Oracle WebLogic 12c: Application Servers Parameters
Parameter
Description
Address/Port table
Oracle WebLogic 12c server.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 127: Oracle WebLogic 12c: Load Balancing Settings Parameters
Parameter
Description
SLB Metric

Groups, page 339.
Table 128: Oracle WebLogic 12c: HTTP Parameters
Parameter
Description
Compression

Default: Enabled
Table 129: Oracle WebLogic 12c: SSL Parameters
Parameter
SSL Acceleration
Description
Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

205

Configuring a SharePoint 2010 AppShape Instance

Use the SharePoint 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2010.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2010AppShape-generated Configuration, page 598.
To configure a SharePoint 2010 AppShape instance on a device

1.
2.
Click Templates (
) and select AppShapes > SharePoint 2010. The AppShape Type
drop-down list displays SharePoint 2010.
3.
4.
(Add) button.
(Edit) button.
Table 130: SharePoint 2010: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 131: SharePoint 2010: SharePoint 2010 Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
206

Table 132: SharePoint 2010: Application Servers Parameters
Parameter
Description
Address/Port table
SharePoint 2010 server.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 133: SharePoint 2010: Load Balancing Settings Parameters
Parameter
Description
SLB Metric

Groups, page 339.
Health Check
Default: http
Table 134: SharePoint 2010: HTTP Parameters
Parameter
Description
Caching

Default: Enabled
Compression

Default: Enabled

Default: Enabled
Domain Name
The domain for of the SharePoint 2010 server.

Proxy IP
only when the
Connection
selected.)

207

Table 135: SharePoint 2010: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring a SharePoint 2013 AppShape Instance

Use the SharePoint 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2013.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2013AppShape-generated Configuration, page 600.
To configure a SharePoint 2013 AppShape instance on a device

1.
2.
Click Templates (
) and select AppShapes > SharePoint 2013. The AppShape Type
drop-down list displays SharePoint 2013.
3.
4.
(Add) button.
(Edit) button.
Table 136: SharePoint 2013: General Parameters
Parameter
Description
AppShape Type
Device Name
208

Table 137: SharePoint 2013: SharePoint 2013 Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 138: SharePoint 2013: Application Servers Parameters
Parameter
Description
Address/Port table
SharePoint 2013 server.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 139: SharePoint 2013: Load Balancing Settings Parameters
Parameter
SLB Metric
Description
Groups, page 339.
Table 140: SharePoint 2013: HTTP Parameters
Parameter
Description
Compression

Default: Enabled
Domain Name
The domain for of the SharePoint 2013 server.

209

Table 141: SharePoint 2013: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

Configuring an VMware View 5.1 AppShape Instance

Use the VMware View 5.1 AppShape to configure an Alteon ADC device to work in a network
architecture with VMware View 5.1.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware
View 5.1AppShape-generated Configuration, page 601.
To configure a VMware View 5.1 instance on a device

1.
2.
Click Templates (
) and select AppShapes > VMware View 5.1. The AppShape Type
drop-down list displays VMware View 5.1.
3.
4.
(Add) button.
(Edit) button.
Table 142: VMware View 5.1: General Parameters
Parameter
Description
AppShape Type
Device Name
210

Table 143: VMware View 5.1: VMware View 5.1 Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
Instance Name

Virtual Address
Table 144: VMware View 5.1: Application Servers Parameters
Parameter
Description
Address/Port table
VMware View 5.1 server.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 145: VMware View 5.1: Load Balancing Settings Parameters
Parameter
SLB Metric
Description
Default: Persistent Hash
Groups, page 339.
Table 146: VMware View 5.1: HTTP Parameters
Parameter
Description
Compression

Default: Enabled
Table 147: VMware View 5.1: SSL Parameters
Parameter
Description
SSL Acceleration

Default: Enabled
211

Table 147: VMware View 5.1: SSL Parameters (cont.)
Parameter
Description
Server Certificate
(This parameter is
SSL Acceleration

Configuring a Zimbra AppShape Instance

Use the Zimbra AppShape to configure an Alteon ADC device to work in a network architecture with
Zimbra.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra
AppShape-generated Configuration, page 602.
To configure a Zimbra instance on a device

1.
2.
Click Templates (
displays Zimbra.
3.
4.
) and select AppShapes > Zimbra. The AppShape Type drop-down list
(Add) button.
(Edit) button.
Table 148: Zimbra: General Parameters
Parameter
Description
AppShape Type
Device Name
Table 149: Zimbra: Zimbra Instance Parameters
Parameter
Description
Last Validation

template.
Valid Configuration
212

Table 149: Zimbra: Zimbra Instance Parameters (cont.)
Parameter
Description
Instance Name

Virtual Address
Table 150: Zimbra: Application Servers Parameters
Parameter
Description
Address/Port table
Zimbra server.
(Add) button.
button.
(Edit)

Servers, page 326.
Table 151: Zimbra: Load Balancing Settings Parameters
Parameter
Description
SLB Metric

Default: Persistent Hash
Groups, page 339.
Table 152: Zimbra: HTTP Parameters
Parameter
Description
Compression

Default: Enabled
Table 153: Zimbra: SSL Parameters
Parameter
SSL Acceleration
Description
Default: Enabled
Server Certificate
(This parameter is
SSL Acceleration

213

Using Administrative Scripts

The following sections describe using administrative scripts:
Administrative ScriptsOverview, page 214
Predefined Administrative Scripts, page 216
Guidelines for Writing Administrative Scripts, page 216
Managing Administrative Scripts, page 218
Running an Administrative Script from the Administrative Scripts Tab, page 220
Administrative ScriptsOverview
Use administrative scripts in APSolute Vision to automate common administrative tasks on managed
Alteon and DefensePro devices. You can run any script configured in APSolute Vision from the
Administrative Scripts tab. You can also run scripts by clicking an icon in the toolbar of managed
devices.
Administrative scripts in APSolute Vision use the vDirect infrastructure. Administrative scripts in
APSolute Vision are vDirect scripts. They are text files with the .vm extension, and they use vDirect
syntax. There is a joint APSolute-VisionvDirect repository. You can load the scripts from APSolute
Vision or from vDirectand execute them from both locations. Any change you to make to a script
is reflected in both locations. The vDirect component in APSolute Vision validates the scripts and
hosts them in the vDirect Configuration Templates tab. You can use vDirect to write new
administrative scripts and then configure them in APSolute Vision. If a script is already configured in
APSolute Vision, you can click on its link, which opens the script in vDirectfor you to view or
modify as you require.
Note: For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect
with APSolute Vision, page 495, and the Radware vDirect documentation.
214

Figure 40: Administrative Scripts Interface

CategoriesYou can define a category for each script. When you click on the category
node, the Administrative Scripts tab displays only the scripts belonging to the category.
Buttons for managing a script: Add, Edit (that is, its properties not the
script itself), Delete, and Download.
Run buttonRuns the select script and opens the Run Script tab,
where you specify the target devices and script-specific values.
The Administrative Scripts tab includes the following:
All the functionality for using administrative scriptswhich comprises the following:
Running a selected script.
Configuring script in the APSolute Vision server.
Exporting a script from the APSolute Vision server, to modify or view as necessary.
Deleting a script from the APSolute Vision server.
A table with all the scripts configured in the APSolute Vision serverwhich comprises
the following columns:
Action TitleThe title for the script.
File NameThe file name of the script, which is a hyperlink to the script in the vDirect
component.
IconThe icon that runs the script from the toolbar of a managed device. This is relevant
only when the Assign to Toolbar parameter is set in the script configuration.
CategoryThe category assigned to sort the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.
Device ToolbarThe device types whose toolbar displays an icon to run the script.
DescriptionThe user-defined description of the script.
Created ByThe username who uploaded the script to APSolute Vision.
Upload DateThe date the script was uploaded to APSolute Vision.
215

Predefined Administrative Scripts

APSolute Vision provides many out-of-the-box predefined scripts. The predefined scripts are
configured by default in the Administrative Scripts tab.
As with all scripts configured in the Administrative Scripts tab, you can export them, modify them,
and add them back into the Administrative Scripts tab.
If you intend to run a predefined script often, you may want to modify its default configuration
according to your system configuration.
Caution: Upgrade of APSolute Vision may include changes to predefined scripts, which overwrite
any script modification that you have made to the predefined scripts. If you modify a predefined
script, it is recommended that you download the file, rename it, and upload it to APSolute Vision as
a new script.
Typically, you may want to modify the values of the following parameters of a predefined script:
Action TitleIf you modify the script, you may want to modify the title to be more descriptive.
Assign to ToolbarBy default, this parameter is disabled. That is, by default, you cannot run
a predefined script from the toolbar of a managed device. You may want to enable this
parameter.
If you configure the script to run from the toolbar of a managed device, you can specify the
following related parameters:
Device ToolbarSpecifies which device types display the icon to run the script.
IconSpecifies the icon that runs the script. You can choose from an assortment of icons
that APSolute Vision provides.
CategorySpecifies a category to assign to the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.
Guidelines for Writing Administrative Scripts

This section presents guidelines for writing a vDirect script to use as an administrative script
APSolute Vision.
Notes
The predefined scripts (see Predefined Administrative Scripts, page 216) incorporate the
guidelines as appropriate. For example, using #haltOnDeviceError is not incorporated in a
script that uses a GET command.
For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect with
APSolute Vision, page 495, and the Radware vDirect documentation.
Tip: If you need to run a script repeatedly with the same values, edit the script and define default
values for parameters.
216

Here are some snippets showing how to set a default value for a parameter:
#param($activate, 'type=string', 'prompt=Enable User',

'values=Enable,Disable', 'defaultValue=Enable')
#param($crtmng, 'type=string', 'prompt=Certificate Management',

'values=Enable,Disable', 'defaultValue=Disable')
#param($name, 'type=string', 'prompt=Server Name',

'properties={"maxCharLength" : "24"}', 'defaultValue="My Server"'))
#param($privsrc, 'type=ip', 'prompt=Primary Source Address',

'required=false', 'defaultValue=0.0.0.0')
When you write a vDirect script to use as an administrative script APSolute Vision, Radware
recommends using the following:
#haltOnDeviceError(true|false) ... #end This block directive surrounds a block of

commands.
When you use the true argument, every command is automatically tested for errors and, if an
error response is detected, the script is halted with an exception. The drawback to this is that
when you run an administrative script on multiple devices, the first exception causes the script
to halt.
When you use the false argument, no command is tested for errors, and the script is not halted.
An output parameter, so that the APSolute Vision alert message displays the output of the
script formatted well and clearly.
Figure 41: Example Output that Is Not Formatted Well
Figure 42: Example Output that Is Formatted Well
217

The following is an excerpt of a script that includes an output parameter, so that the APSolute
Vision alert message displays the output of the script formatted well and clearly.
#device($alteons, 'type=alteon[]', 'prompt=Alteon/LinkProof NG')

#param($output, 'type=string','out')
#set($output = 'The following devices are pending apply:<br>')
#set($negOutput = 'There are no devices pending apply.')
#set($tempOutput = '')
#foreach($alteon in $alteons)
#select($alteon)
#set($applyTable = $alteon.readAllBeans("AgApply"))
#foreach($applyRow in $applyTable)
#if($applyRow.agApplyPending == 'APPLYNEEDED')
#set($tempOutput = $tempOutput + $alteon.ip + '<br>')
#end
#end
#end
#if($tempOutput.isEmpty())
#set($output = $negOutput)
#else
#set($output = $output + $tempOutput)
#end
Managing Administrative Scripts

Managing administrative scripts includes the following:
Configuring an Administrative Script in APSolute Vision, page 218
Deleting an Administrative Script from APSolute Vision, page 220
Downloading an Administrative Script, page 220
Configuring an Administrative Script in APSolute Vision

Use the Administrative Scripts tab to configure an administrative script in APSolute Vision.
To configure an administrative script in APSolute Vision

1.
Click Templates (
2.
3.
218
) and select Administrative Scripts.
(Add) button.
(Edit) button.

Table 154: Administrative Script Parameters
Parameter
Description
Action Title
The title for the script.
Assign to Toolbar
Specifies whether you can run the script from the toolbar of a managed
device.
Default: Disabled
Icon
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Category
The icon that you click to run the script from the toolbar of a managed
device.
The category that determines which node (under the parent

Administrative Scripts node) contains the script. That is, when you click
on a category node, the Administrative Scripts tab displays only the scripts
belonging to that category.
Values:
Configuration
Data Export
Emergency
High Availability
Monitoring
Operations
Unassigned
Default: Unassigned
Upload From
The path to the script.
Device Toolbar
The device type whose toolbar displays the icon to click to run the script
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Values: Alteon, LinkProof NG, DefensePro, All
Tooltip
The tooltip that displays when you hover over the icon in device toolbar.
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Description
The description of the script.
Default: All
219

Deleting an Administrative Script from APSolute Vision

Use the Administrative Scripts tab to delete an administrative script in APSolute Vision.
To delete an administrative script from APSolute Vision

1.
Click Templates (
2.
Select the script, and click the
(Delete) button.
Downloading an Administrative Script

Use the Administrative Scripts tab to download or view an administrative script in APSolute Vision.
To download or view an administrative script

1.
Click Templates (
2.
page 172).
3.
4.
Click the
5.
In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
6.
Click Save.
Running an Administrative Script from the Administrative Scripts Tab

You can run an administrative script from the Administrative Scripts tab.
To run an administrative script from APSolute Vision

1.
Click Templates (
2.
Select the script, and click the
3.
Specify the target devices and script-specific values, and then click Submit.
220

(Run Script) button. The Run Script tab opens.
Chapter 8 Scheduling APSolute Vision and

Device Tasks
The following topics describe how to schedule APSolute Vision and device operations in the APSolute
Vision Scheduler:
Overview of Scheduling, page 221
Managing Tasks in the Scheduler, page 222
Task Parameters, page 223
Overview of Scheduling
You can schedule various operations for the APSolute Vision server and managed devices. Scheduled
operations are called tasks.
The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be
performed next. When you configure a task for multiple devices, the task runs on each device
sequentially. After the task completes on one device, it begins on the next. If the task fails to
complete on a device, the Scheduler will activate the task on the next listed device.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision
server or the managed device, take the time offset into consideration.
When you define a task, you can choose whether to enable or disable the task. All configured tasks
are stored in the APSolute Vision database.
You can define the following types of scheduled tasks:
Back up the APSolute Vision server configuration
Back up a device configuration
Back up the APSolute Vision Reporter data
Reboot a device
Update the Radware security signature file onto a DefensePro device from Radware.com or the
proxy server
Update the RSA security signature file onto a DefensePro device from Radware.com or the proxy
server
Update the APSolute Vision Attack Description file from Radware.com or the proxy server
Apply DefensePro configuration templates
Note: You can perform some of the operations manually, for example, from the APSolute Vision
Settings view System perspective, or from the Operations options
).
221

Scheduling APSolute Vision and Device Tasks
Managing Tasks in the Scheduler

The Task List table is the starting point for viewing and configuring tasks, which are scheduled
operations. The table displays the information for each configured task. You can sort and filter the
table rows according to your needs. You can also drag the bottom of Task List pane to lengthen the
table.
Figure 43: Sorting Rows in the Task List

Click the far-right side of the title of the column with the values to
sort by. Then, select Sort Ascending or Sort Descending.
Note: For more information on filtering table rows, see Filtering Table Rows, page 67.
Table 155: Tasks Table Parameters
Parameter
Description
Task Type
The type of task to be performed.
Name
The name of the configured task.
Description
The user-defined description of the task.
Current Status
The current status of the task.

Values: Waiting, In progress
Enabled
When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task is saved in the database.
Last Execution Status
Whether the last task run was successful. When the task is disabled or
has not yet started, the status is Never Executed.
Values:
Last Execution Time
222
Failure
Never Executed
Success
Warning
The date and time of the last task run. When the task is disabled or has
not yet started, this field is empty.

Table 155: Tasks Table Parameters (cont.)
Parameter
Description
Next Execution Time
The date and time of the next task run. When the task is disabled, this
field is empty.
Run
The frequency at which the task runs; for example, daily or weekly. The
schedule start date is displayed, if it has been defined.
Values:
Daily
Minutes
Once
Weekly
To configure a scheduled task

1. In the main toolbar, click the
each scheduled task.
(Scheduler) button. The Tasks table displays information for

(Add) button. Then, select the type of task, and
click Submit. The dialog box for the selected task type is displayed.
(Edit) button.
3. Configure task parameters, and click Submit. All task configurations include basic parameters
and scheduling parameters. Other parameters depend on the task type that you select.
To run an existing task

1. In the main toolbar, click the
each scheduled task.
(Scheduler) button. The Tasks table displays information for
2. Select the required task, and click the
(Run Now) button.
Task Parameters
The following sections describe the parameters for Scheduler tasks:
APSolute Vision Configuration BackupParameters, page 224
APSolute Vision Reporter BackupParameters, page 226
Update Security Signature FilesParameters, page 228
Update RSA Security SignatureParameters, page 230
Update Attack Description FileParameters, page 231
Device Configuration BackupParameters, page 232
Device Reboot TaskParameters, page 234
DefensePro Configuration Templates TaskParameters, page 236
223

APSolute Vision Configuration BackupParameters

The APSolute Vision Configuration Backup task creates a backup of the APSolute Vision configuration
and exports it to a specified destination.
Each backup includes the following:
The APSolute Vision system configuration
The local users
The managed devices
The host IP addresses in the database-viewer list
The task does not back up the following:
The password of the radware user of the APSolute Vision server appliance
The IP address(es) of the APSolute Vision server
The DNS address(es) of the APSolute Vision server
The network routes of the APSolute Vision server
Attack data
Notes
For information on managing the backups using the CLI, see System Commands, page 452.
Restoring the configuration is performed using the CLI. For more information, see system
backup config restore, page 458.
APSolute Vision stores up to five configuration-backup iterations in the storage location. After
the fifth configuration-backup, APSolute Vision deletes the oldest one.
The storage location is, by default, a hard-coded location in the APSolute Vision server.
The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 156: APSolute Vision Configuration Backup: General Parameters
Parameter
Description
Name
A name for the task.
Description
A user-defined description of the task.
Enabled
tasks are not activated, but the task configuration is saved in the
database.
Current Status
(Read-only) The current status of the task.

Values: Waiting, In progress
224

Table 157: APSolute Vision Configuration Backup: Schedule Parameters
Parameter
Run
Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
OnceThe task runs one time only at the specified date and time.
MinutesThe task runs at intervals of the specified number of

minutes between task starts.
DailyThe task runs daily at the specified time.
WeeklyThe task runs every week on the specified day or days, at

the specified time.
Note: Tasks run according to the time as configured on the APSolute

Vision client.
Time1
The time at which the task runs.
Date2
The date on which the task runs.
Minutes3
The interval, in minutes, at which the task runs.
Run Always4
Specifies whether the task always runs or only during the defined period.
Values:
EnabledThe task is activated immediately and runs indefinitely, with

no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.
Default: Enabled
Start Date5
The date and time at which the task is activated.
Start Time
End Date
The date and time after which the task no longer runs.
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter
is available only when the specified Run value is Once, Daily, or

is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.
225

Table 158: APSolute Vision Configuration Backup Task: Destination Parameters
Parameter
Description
Protocol
The protocol that APSolute Vision uses for this task.

Values:
FTP
SCP
SFTP
SSH
Default: FTP
IP Address
The IP address of the server.
Directory
The path to the export directory with no spaces. Only alphanumeric

characters and underscores (_) are allowed.
Backup File Name
The name of the backup, up to 15 characters, with no spaces. Only

alphanumeric characters and underscores (_) are allowed.
User
The username.
Password
The user password.
Confirm Password
The user password.
APSolute Vision Reporter BackupParameters

The APSolute Vision Reporter Backup task creates a backup of the APSolute Vision Reporter data
and exports it to a specified destination. The backup includes all the APSolute Vision Reporter data.
Notes
For information on managing the backups using the CLI, see System Commands, page 452.
Restoring the data is performed using the CLI. For more information, see system backup config
restore, page 458.
APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage
location. After the third reporter-backup, the system deletes the oldest one.
The storage location is, by default, a hard-coded location in the APSolute Vision server.
The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 159: APSolute Vision Reporter Backup: General Parameters
Parameter
Description
Name
Description
Enabled
database.
226

Table 160: APSolute Vision Reporter Backup: Schedule Parameters
Parameter
Run
Description
parameters.
Values:

minutes between task starts. TBD: minimum

the specified time.

Vision client.
Time1
Date2
Minutes3
Run Always4
Values:

Default: Enabled
Start Date5
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

227

Table 161: APSolute Vision Reporter Backup: Destination Parameters
Parameter
Description
Protocol

Values:
FTP
SCP
SFTP
SSH
Default: FTP
IP Address
The IP address of the server.
Directory

Backup File Name

User
The username.
Password
The user password.
Confirm Password
The user password.
Update Security Signature FilesParameters

The Update Security Signature Files task updates the Radware security signature files on the
selected DefensePro devices.
Caution: In DefensePro for Cisco Firepower 9300, this feature is non-operational.
Table 162: Update Security Signature Files: General Parameters
Parameter
Description
Name
Description
Enabled
database.
228

Table 163: Update Security Signature Files: Schedule Parameters
Parameter
Run
Description
parameters.
Values:


the specified time.

Vision client.
Time1
Date2
Minutes3
Run Always4
Values:

Default: Enabled
Start Date5
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

Table 164: Update Security Signature Files: Target Device List Parameters
Parameter
Description
The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices whose Radware signature files this task updates.
229

Update RSA Security SignatureParameters

The Update RSA Security Signature task updates the RSA security signature on the selected
DefensePro devices.
Caution: In DefensePro 7.x versions, DefensePro 8.x versions, and DefensePro for Cisco Firepower
9300, this feature is non-operational.
Note: The frequency range for the Update RSA Security Signature task is 1060 minutes. The
default interval is 60 minutes.
Table 165: Update RSA Security Signature: General Parameters
Parameter
Description
Name
Description
Enabled
database.
Table 166: Update RSA Security Signature: Schedule Parameters
Parameter
Description
Run
(Read-only) The frequency unit at which the task runs.

Value: Minutes
Vision client.
Minutes
The frequency, in minutes, at which the task runs.

Values: 1060
Default: 60
Vision client.
Run Always
Values:

Default: Enabled
230

Table 167: Update RSA Security Signature Task: Target Device List Parameters
Parameter
Description
The Available list and the Selected list. The Available list displays the DefensePro devices with
Fraud Protection enabled. The Selected list displays the DefensePro devices whose RSA signature
files this task update.
Update Attack Description FileParameters

The Update Attack Description File task updates the attack description file on the APSolute Vision
server.
Caution: In DefensePro for Cisco Firepower 9300, this feature is non-operational.
Table 168: Update Attack Description File: General Parameters
Parameter
Description
Name
Description
Enabled
database.
Table 169: Update Vision's Attack Description File: Schedule Parameters
Parameter
Description
Run

parameters.
Values:


the specified time.

Vision client.
Time1
Date2
Minutes3
231

Table 169: Update Vision's Attack Description File: Schedule Parameters (cont.)
Parameter
Description
Run Always4
Values:

Default: Enabled
Start Date
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

Device Configuration BackupParameters

The Device Configuration Backup task saves a configuration backup of the specified devices.
Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision
server. You can change this parameter in the APSolute Vision Setup tab.
Table 170: Device Configuration Backup: General Parameters
Parameter
Description
Name
Description
Enabled
database.
232

Table 171: Device Configuration Backup: Schedule Parameters
Parameter
Description
Run

parameters.
Values:


the specified time.

Vision client.
Time1
Date2
Minutes3
Run Always4
Values:

Default: Enabled
Start Date5
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

Table 172: Device Configuration Backup: Parameters Parameters
Parameter
Description
Specifies whether to include the certificate private key information in the

configuration file in devices that support private keys.
Default: Disabled
233

Table 173: Device Configuration Backup: Destination Parameters
Parameter
Description
Backup Configuration To The destination the backup configuration files.

Values:
APSolute Vision Server
External Location
Default: APSolute Vision Server

Protocol
Values:
FTP
SCP
SFTP
SSH
IP Address
The IP address of the external location.
Directory

Backup File Name

User
The username.
Password
The user password.
Confirm Password
The user password.
1 This parameter is available only when Backup Configuration To is External Location.
Table 174: Device Configuration Backup: Target Device List Parameters
Parameter
Description
Selected list displays the devices whose configurations this task backs up.
Device Reboot TaskParameters

The Device Reboot task reboots the specified devices.
Table 175: Device Reboot: General Parameters
Parameter
Description
Name
Description
Enabled
database.
234

Table 176: Device Reboot: Schedule Parameters
Parameter
Run
Description
parameters.
Values:


the specified time.

Vision client.
Time1
Date2
Minutes3
Run Always4
Values:

Default: Enabled
Start Date5
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

Table 177: Device Reboot: Device List Parameters
Parameter
Description
Selected list displays the devices that this task reboots.
235

DefensePro Configuration Templates TaskParameters

The DefensePro Configuration Templates task can export (download) and import (deploy)
DefensePro configuration templates.
A DefensePro configuration template can include the configuration (the definitions and security
settings) and/or policy baselines of a Network Protection policy and/or Server Protection policy.
A template from a Network Protection policy can include the baselines from the associated DNS and/
or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:
DefensePro setup and network configurationFor example, device time, physical ports,
and so on.
DefensePro security settingsThe protections that a policy template uses must be

supported and enabled globally in the target (destination) DefensePro device (that is, the target
DefensePro device into which you are importing the policy template). For example, if you export
a Network Protection policy that includes a BDoS Protection profile, the DefensePro device into
which you are importing the policy template must have BDoS Protection enabled globally
(Configuration perspective, Setup > Security Settings > BDoS Protection > Enable BDoS
Protection).
User-defined signatures.
User-defined Signature Protection profiles. THIS IS SUPPORTED IN 6.13 AND LATER IN

THE TEMPLATE FEATURE, BUT IT IS NOT SUPPORTED FOR THE TASK.
Notes
The scope configured for an APSolute Vision user determines the DefensePro devices that the
DefensePro Configuration Templates task displays. (For more information, see Managing
APSolute Vision Users, page 69.)
versions into platforms running supported 6.x or 7.x versions.
APSolute Vision issues a success message if all the task actions are successful on all the selected
destination (target) DefensePro devices.
APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each actionthat is, whether the action succeeded or failed for each
selected, destination device.
If all the policies that are configured in a task are deleted from the source DefensePro devices,
APSolute Vision disables the task.
If a DefensePro device in the Target Device List is deleted from APSolute Vision, APSolute
Vision deletes the device from the Target Device List and continues running the task.
If all the DefensePro devices in the Target Device List are deleted from APSolute Vision,
APSolute Vision disables the task.
236

Table 178: DefensePro Configuration Templates: General Parameters
Parameter
Description
Name
The name of the task.
Description
Enabled
database.
Table 179: DefensePro Configuration Templates: Schedule Parameters
Parameter
Description
Run

parameters.
Values:


the specified time.

Vision client.
Time1
Date2
Minutes3
Run Always4
Values:

Default: Enabled
Start Date
Start Time
End Date
End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

237

Table 180: DefensePro Configuration Templates: Network Protection Policies Parameters
Parameter
Description
The list of Available list and the Selected list. The Available list displays (per device) the
Network Protection policies in the devices that you have permission to view, and which support
exporting policies. The Selected list displays (per device) the Network Protection policies that the
task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the
(Filter) button. To clear the filter, and display all the rows, click Clear.
Note: If you select any Network Protection policy, you must select at least one of the Export
checkboxes (Configuration, BDoS Baseline, or DNS Baseline).
Configuration
Specifies whether DefensePro exports the configuration of each selected

policy.
Default: Enabled
DNS Baseline
Specifies whether DefensePro exports the current DNS baseline of each

selected policy.
Default: Enabled
BDoS Baseline
Specifies whether DefensePro exports the current BDoS baseline of each

selected policy.
Default: Enabled
Table 181: DefensePro Configuration Templates: Server Protection Policies Parameters
Parameter
Description
The list of Available list and the Selected list. The Available list displays (per device) the Server
Protection policies in the devices that you have permission to view, and which support exporting
policies. The Selected list displays (per device) the Server Protection policies that the task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the
(Filter) button. To clear the filter, and display all the rows, click Clear.
Note: If you select any Server Protection policy, you must select at least one of the Export
checkboxes (Configuration, or HTTP Baseline).
Configuration
Specifies whether DefensePro exports the configuration of each selected

policy.
Default: Enabled
HTTP Baseline
Specifies whether DefensePro exports the current HTTP baseline of each

selected policy.
Default: Enabled
238

Table 182: DefensePro Configuration Templates: Destination Devices Parameters
Parameter
Description
Selected list displays the devices to which the task deploys the selected policies.
Update Method
Values:
Append to Existing ConfigurationThe task adds the policy and profile

configurations, and any baselines, to the devices in the Selected list.
If a policy or profile name exists in a destination device, the update
fails.
Overwrite Existing ConfigurationThe task adds the policy and profile

configurations, and any baselines, to the devices in the Selected list.
If a policy or profile with the same name exists in a destination device,
the template overwrites it.
Default: Overwrite Existing Configuration

Install on Instance
(This parameter is
relevant only for
DefensePro x420
platforms.)
The identifier or the DefensePro hardware instance onto which to deploy

the selected policies.
Values: 0, 1
Default: 0
Values:
EnabledAfter successfully deploying all the selected policies to a

device, an Update Policies (activate latest changes) action is
automatically initiated.
DisabledAfter successfully deploying all the selected policies to a

device, an Update Policies (activate latest changes) action is required
for the configuration to take effect.
Default: Disabled
239

240
Chapter 9 Managing Auditing and Alerts

APSolute Vision logs all alerts and actions for APSolute Vision and, optionally, for the managed
devices. You can view auditing information and other alerts in the Alerts pane.
The following topics describe APSolute Vision auditing and the Alerts pane:
APSolute Vision Auditing, page 241
Enabling Configuration Auditing for Managed Devices, page 242
Managing Alerts, page 242
Note: APSolute Vision server alerts are added to the alert table, and added to the audit table and
forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on
the underlying operating system is down, alerts triggered by the operating system are sent to the
alert table only.
APSolute Vision Auditing

APSolute Vision auditing meets compliance requirements by automatically logging the following:
All APSolute Vision alerts and user actions
All configuration changes made to managed devices via APSolute Vision
This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the
network. In APSolute Vision, you can also configure the managed devices to log all configuration
changes on the device.
The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts pane,
and can be displayed in the Alerts pane depending on the alerts filter configuration. APSolute Vision
allows read-only access to the Auditing log. You can extract the data and store it remotely, as you
require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the oldest
entries after the maximum number of entries is reached and also ages entries that are older than six
months.
The following information is logged to the audit log:
All user management events and user activitiesfor example, access attempts, successful
login, password change by user, password reset by admin, and so on.
Actions performed on the devicefor example, uploading or downloading a file to a device,

device reboot and shutdown, log file retrieval, and so on.
APSolute Vision activities, including:
APSolute Vision upgrade
User management events (for example, creating or deleting a user, activating or

deactivating a user, and so on)
Device changes through CLI or WBM (if device auditing is enabled).
Alarms received from the device (if device auditing is enabled).
Device configuration activities (if device auditing is enabled). The audit log records all
configuration changes applied to the managed devices.
Device addition and deletion.
241

Managing Auditing and Alerts
To manage APSolute Vision auditing

1.
Enable or disable configuration auditing for devices. For more information, see Enabling
Configuration Auditing for Managed Devices, page 242.
2.
Enable and configure syslog and e-mail settings for sending audit information from the Alerts
pane. For more information, see Configuring Settings for the Alerts Pane, page 95.
Enabling Configuration Auditing for Managed Devices

When configuration auditing for devices is enabled on the APSolute Vision server and on the device,
any configuration change on a device using APSolute Vision creates two records in the Audit
database, one from the APSolute Vision server, and one from the device audit message.
Note: To prevent overloading the managed device and prevent degraded performance, the feature
is disabled by default.
To enable configuration auditing for a managed device

1.
In the Configuration perspective, select Setup > Advanced Parameters > Configuration
Audit.
2.
Select the Enable Configuration Auditing checkbox, and click Submit.
Managing Alerts
The Alerts tab in the Alerts pane stores and displays alerts.
The alerts are based on events that are received from:
SNMP traps sent by managed Radware devices.
Auditing messages from all APSolute Vision modules.
APSolute Vision server events.
Configuration auditing messages for managed devices, if enabled on the device.
All alert information is stored in the APSolute Vision database in a table separate from the audit
information. Alert information can be sent to a central audit repository via syslog, and to a
configured recipient via e-mail.
Events Handled in the Alerts Pane

The following types of events are handled in the Alerts pane:
SNMP Traps, page 243
Auditing Messages, page 243
APSolute Vision Server Events, page 243
Alerts for New Security Attacks, page 243
242

SNMP Traps
The Alerts pane handles all traps generated by APSolute Vision and the managed devices, including:
Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.
Radware traps common to all Radware devices.
Device-specific Radware traps.
Auditing Messages
APSolute Vision forwards all logged audit events from all APSolute Vision modules and managed
devices to the Alerts pane, including:
Successful and failed login attempts
Backup and restore operations
Configuration changes to APSolute Vision and the managed devices
Monitoring and control changes
Successful and failed task scheduling changes
User management configuration changes
APSolute Vision Server Events

APSolute Vision server events include events from:
Server and database monitoring processes
The APSolute Vision appliance
The watchdog process, which monitors APSolute Vision server processes
Alerts for New Security Attacks

APSolute Vision triggers an alert when a new attack is displayed in the Current Attacks table (which
is part of the Security Monitoring perspective).
The value in the Module column in the Alerts pane is Security Reporting.
Each DefensePro device triggers separate security alerts.
The security alerts are either for a single security event (that is, a single attack event) or aggregated
from multiple security events. The format is similar for alerts for single attacks and multiple attacks.
Table 183: Information in Security Alerts
String in a Security Alert for a Single Attack
String in a Security Alert Aggregated Attack

Information
An attack of type: <attack category>1 started.
<quantity of attacks> attacks of type: <attack

category> started between <start time of first
attack> and <start time of last attack>.2
Detected by policy: <policy>;
Detected by policy: <policy>;3
Attack name: <attack name>;
Attack name: <attack name>;
Source IP: <attacker IP address>;
Source IP: <attacker IP address>;4
Destination IP: <attacked IP address>;
Destination IP: <attacked IP address>;
Destination port: <attacked port>;
Destination port: <attacked port>;
Action: <action>5 .
Action: <action>.
1 Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions,
Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM
243

2 Times are in the format dd.MM.yy hh:mm.
3 When there are differences in the field values for the attacks, the values are commaseparated.
4 When there are differences in the field values for the attacks, the value is multiple.
5 Action values: forward, proxy, drop, source-reset, dest-reset, source-dest-reset,
bypass, challenge, quarantine, drop-and-quarantine
Alert Information
All alert information is stored in the APSolute Vision database.
Double-click on a an alert in the Alerts tab to open the Alert Details dialog box, which displays all the
information with the expanded alert message.
The following table describes the fields of the APSolute Vision alerts.
Alert Information
Description
Displayed in
Alerts Pane?
Ack Acknowledged
A check box indicating whether the alert has been

Yes, by default
acknowledged. Alerts of Info severity are acknowledged
automatically when raised. Alerts of severity higher than
Info require user acknowledgment. Acknowledging an
alert indicates that it has been seen by the user and
remains in the Alerts pane display. You can select or
clear the check box to acknowledge or un-acknowledge
alerts.
Severity
The APSolute Vision severity of the event: Critical, Major, Yes, by default
Minor, Warning, Info. SNMP trap severities are mapped
as shown in SNMP Trap Severity Mapped to APSolute
Vision Severity, page 245 and APSolute Vision Alerts
Mapped to Syslog Severity, page 246.
Time
The date and GMT time at which the event occurred.
Yes, by default
In the Alert Details dialog box, this value is displayed

with the label Raised Time.
Device Name
The values differ according to the alert type, as follows: Yes, by default
SNMP trapsThe value is the name of the device

that generated them.
APSolute Vision auditing events, which have device

context (configuration, monitoring). The value is the
name of the device to which the event relates.
When the alert is generated by the APSolute Vision

server, no device name is displayed.
Device IP address
The IP address of the device to which the message

relates. No value is provided for alerts generated by
APSolute Vision.
Yes, by default
Message
The description of the event.
Yes, by default
244

Alert Information
Description
Displayed in
Alerts Pane?
Module
The source module of the event.
Yes, by default
Values:
Vision ConfigurationAPSolute Vision configuration

auditing messages
Vision GeneralIncludes general APSolute Vision

auditing messages and APSolute Vision server
events
Vision ControlAPSolute Vision Monitoring auditing

messages
Device GeneralFor all other device alerts
Device SecurityFor network security alerts
Security ReportingFor security alerts
User Name
For APSolute Vision auditing, the name of the user

whose action was audited. If no user is associated with
the action, the user APSolute_Vision is displayed.
Yes, if
configured
Device Type
The type of device that generated the alert:
Yes, by default
The APSolute Vision serverfor auditing, appliance,

server and database monitoring, and watchdog
alerts
Any AppDirector device
Any Alteon device
Any AppWall device
Any DefensePro device
Any LinkProof NG device
Trap SID
The trap SID for SNMP traps. There is no value for

events that are not SNMP traps.
Yes, if
configured
Port
The port number included in the alert information, if it

Yes, by default
exists (for example, when a port link goes up or down).
The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered
the Alert key.
Table 184: SNMP Trap Severity Mapped to APSolute Vision Severity
Trap Severity
APSolute Vision Severity Severity Description
Fatal
Critical
Indicates a severe problem, which prevents or

disrupts normal use of the object.
Error
Major
Indicates a problem of relatively high severity,

which is likely to prevent normal use of the
object.
Minor
Indicates a problem of relatively low severity,

which should not prevent normal use of the
object.
Warning
While the managed object is functioning as it

is intended to function, conditions exist that
could potentially cause a problem.
(APSolute Vision uses

predefined criteria to
assign Major or Minor
severity.)
Warning
245

Table 184: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)
Trap Severity
APSolute Vision Severity Severity Description
Info
Information
Information only. There are no problems and

the object is functioning normally.
Table 185: APSolute Vision Alerts Mapped to Syslog Severity
Severity in APSolute Vision Alerts Pane
Level in Syslog
1 - CRITICAL
3 - CRITICAL
2 - MAJOR
4 - ERROR
3 - MINOR
5 - WARNING
4 - WARNING
6 - NOTICE
5 - INFO
7 - INFORMATIONAL
Displaying Alert Information

Alert information is displayed in the Alerts pane, which, by default, is below the content pane. For
more information about the information displayed, see Alert Information, page 244.
By default, alert information is displayed for one hour after the alert is raised. The information is
then cleared from the display, but remains in the Alerts database. You can change the default in the
Filtering dialog box. For more information, see Filtering Alerts, page 248.
The configured number of most recent critical alerts are always displayed at the top of the table on
a colored background.
You can maximize and minimize the Alerts pane.
To view the Alert table

>
Click the
(Maximize) button.
For more information about Alerts pane navigation features, see APSolute Vision Interface
Navigation, page 48.
The number of unacknowledged alerts for each severity are displayed in the bar above the table.
The information in the alert table is refreshed according to your configured preferences.
In the Alerts pane, you can:
Show and hide columns.
Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require
user acknowledgment to indicate that they have been seen by the user. The alert remains in the
Alerts pane display.
Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering
Alerts, page 248.
Clear individual alerts from the alert table display.
Clear all the alerts in APSolute Vision database that match the current filter, whether or not the
alerts are visible in the Alerts pane.
Turn off automatic refresh of alert information.
246

To view details of an alert

>
Double-click the alert row that you want to view. The alert details are displayed in the Alert
Details dialog box.
For more information about the information displayed, see Alert Information, page 244.
To clear all the alerts in APSolute Vision database that match the current filter, whether
or not the alerts are visible in the Alerts pane
>
Click the
(Clear All Alerts) button.
To acknowledge alerts
>
To acknowledge one or more alerts, select the alert row in the table, and click the
(Acknowledge Selected Alerts) button.
To acknowledge all alerts in the alert table, click the
(Acknowledge All Alerts) button.
To unacknowledge alerts
>
Select the alert row(s) in the table and select click the
button.
(Unacknowledge Selected Alerts)
To clear alerts from display
>
To clear alerts, select the alert row(s) in the table and select the
button.
(Clear Selected Alerts)
Notes
Cleared alerts remain in the database, but cannot be viewed.
Clearing an unacknowledged alert automatically acknowledges the alert.
Automatic refresh is indicated by the selected
(Pause) button.
247

To pause automatic refresh of alert information

>
Click the
(Pause) button.
To resume automatic refresh of alert information

>
Click the
(Resume) button.
Note: Radware recommends pausing automatic refresh while you are analyzing alert information
to prevent alerts disappearing from the display.
Filtering Alerts
You can display a subset of the currently displayed alerts by filtering the alerts according to various
alert information criteria.
The criteria are organized according to categories, for example, alert severity, device module, and
so on. Criteria from the same category are combined with logical OR. Criteria from different
categories are combined with logical AND.
The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in
the last hour are displayed.
Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.
Note: Regardless of the filter defined, the configured number of most recent critical alerts are
always displayed at the top of the table on a colored background. This means that critical alerts that
match the filter criteria are displayed twice.
To filter alerts in the alert table

1.
Click the
(Maximize) button to maximize the Alerts pane.
2.
Click the
(Alert Filter) button.
3.
Set the filtering criteria and click Submit. The table is updated at the next automatic refresh.
4.
To restore the default filtering criteria, click Restore Defaults, then click Submit.
For more information about the filtering criteria, see Alert Information, page 244.
Table 186: Filtering Criteria Parameters
Parameter
Description
Select Devices
Click to select a subset of managed devices for which to display alerts.

In the Select Devices dialog box, move the required devices from the
Available Devices list to the Selected Devices list.
248

Table 186: Filtering Criteria Parameters (cont.)
Parameter
Description
Select All Devices
When selected, matching alerts for all devices are displayed.
Raised Time
Alerts raised within the defined time period are displayed. For
example, if you define 1 hour, alerts raised in the last hour are
displayed. After the defined time, alerts are cleared from the display
(not from the Alerts database).
Values: 1 minute24 hours
Default: 1 hour
Severity
Alerts of the selected severities are displayed.
Module
Alerts for the selected modules are displayed.
Device Type
Alerts for the selected device types are displayed.
Acknowledgment
Specifies whether to display acknowledged alerts, unacknowledged

alerts, or both.
Configuring Preferences for the Alerts Pane

You can configure the following preferences for the Alerts pane:
Client preferencesDefine how many critical alerts to display and how often the client polls
the server for alert information. For more information, see Configuring Settings for the Alerts
Pane, page 95.
Server preferencesDefine how the APSolute Vision server handles alerts. You can enable
and configure reporting and logging events from the Alerts pane to a syslog server. You can
configure sending alert information via e-mail to a defined recipient. For more information, see
Configuring Settings for the Alerts Pane, page 95.
249

250
Chapter 10 Monitoring Alteon with the

Dashboard and Service Status View
This chapter describes the monitoring Alteon using the Dashboard and Service Status View.
This feature is available only in Alteon version 30.0 and later.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
This chapter contains the following main topics:
Monitoring Alteon with the Dashboard, page 251
Monitoring Alteon with the Application Delivery View, page 258
Monitoring Alteon with the Service Status View, page 259
Monitoring Alteon with the Dashboard

Every 15 seconds, Alteon polls the following information for the dashboard:
CPU utilization
System usage
License capacity utilization
License capacity
Temperature and fans (physical platforms only)
The top row of the dashboard includes the following:
The device IP address or device name if configured
The current date and time on the client
The role of the user who opened the dashboard
The name of the user who opened the dashboard
Log Out to log out of the session
The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA,
vADC, or ADC-VX).
Dashboard Features and Usage

The following dashboard features and usage are common to all form factors:
The dashboard opens in a new browser tab. Each click on the Dashboard opens a new browser
tab, which does not affect the display of any other opened browser tabs.
To change the display in the frame from a chart/graph to a table and from a table to a chart/
graph, click the icon in the upper right of any frame.
251

Monitoring Alteon with the Dashboard and Service Status View
To change the sorting from ascending to descending and descending to ascending, click in a
table heading.
To pause or resume the display, click the icon in the upper right of any frame. When you pause
the display, the timestamp is displayed. The timestamp is according to the timezone of the
client.
To pause or resume the display of all the displays in the current dashboard, click the Pause
button or Resume button the top of the dashboard.
In a some charts, hovering over a point opens a box with details of the specific point.
To view the dashboard

>
In the Configuration perspective or Monitoring perspective, select Overview > Dashboard.
System View Dashboard of the Alteon Standalone and Alteon VA

Platforms
The following table describes the frames in the System View dashboard for the Alteon standalone
and VA platforms.
Table 187: System View Dashboard for Alteon Standalone and VA
Component
Description
CPU Utilization
The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
252

Table 187: System View Dashboard for Alteon Standalone and VA (cont.)
Component
Description
Temperature and Fans
This frame contains two sections: the temperature and status of

the critical fans.
(The dashboard displays this

frame only for physical
standalone platforms.)
The chart view for temperature displays the following:
A thermometer, per sensor, with a color indicator for

temperature status: greenfor nominal, and redfor not
operating/not operating properly.
A table with the sensor number and the temperature status (for
example: Normal).
The table view for temperature displays a table with the following
columns:
Sensor ID.
StateFor example, Normal.
TemperatureIn Celsius and Fahrenheit.
The chart view for fans displays the following:
A fan with a color indicator for the current temperature status:

greenfor nominal, and redfor not operating/not operating
properly.
A table with the number of fans and the current operational

status (for example: Up).
The table view for fans displays a table with the following columns:
System Usage
Fan IDOnly the critical fans.
StateFor example, Up.
The chart view contains bar graphsSession Table, Hard Disk

(displayed only for physical standalone platforms), and Caching
showing the current utilization value (percentage). The Y-axis
displays the current utilization percentage.
The table view displays a table with the following columns:
License Capacity Utilization
NameHard Disk (displayed only for physical standalone

platforms), Capacity Units, and ADC Allocation.
UtilizationThe current utilization value (percentage).
CurrentThe current utilization absolute valuefor example,

in KB.
MaximumThe maximum available absolute valuefor

example, in KB.
The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
NameThe name of the license type and the units (for

example, Mbps).
LicenseThe license capacity.
CurrentThe current utilization absolute value.
PeakThe peak utilization absolute value.
253

Component
Description
License Capacity
The chart view for this frame contains two tabs:
ThroughputA solid line for the Alteon, displaying the

throughput usage (Mbps) over time. A dotted line indicates the
maximum throughput that the license allows. The scale of the
Y-axis is logarithmic.
SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
System View Dashboard of the Alteon vADC Platform

The following table describes the frames in the System View dashboard for the Alteon vADC
platform.
Table 188: System View Dashboard for Alteon vADC
Component
Description
CPU Utilization
The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
platform and the CPU utilization (%) for each SP.
System Usage
The chart view contains bar graphsSession Table, Hard Disk

(relating to the physical ADC-VX), and Cachingshowing the
current utilization value (percentage). The Y-axis displays the
current utilization percentage.
NameHard Disk (relating to the physical ADC-VX), Capacity

Units, and ADC Allocation.
CurrentThe current utilization absolute valuefor example,

in KB.
MaximumThe maximum available absolute valuefor

example, in KB.
The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
254
NameThe name of the license type and the units (for

example, Mbps).
LicenseThe license capacity.
CurrentThe current utilization absolute value.
PeakThe peak utilization absolute value.

Table 188: System View Dashboard for Alteon vADC (cont.)
Component
Description
License Capacity
ThroughputA solid colored line for the Alteon, displaying the

throughput usage (Mbps) over time. A solid gray line for the
Alteon, displaying the latest peak throughput usage (Mbps)
over time. A dotted line indicates the maximum throughput
that the license allows. The scale of the Y-axis is logarithmic.
SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
System View Dashboard for the Alteon ADC-VX Platform

The following table describes the frames in the System View dashboard for the Alteon ADC-VX
platform.
Table 189: System View Dashboard for Dashboard for Alteon ADC-VX
Component
Description
CPU Utilization
The chart view displays a line graph showing the MP CPU utilization
(%) on the platform over time. The X-axis displays the time
(hh:mm:ss). The Y-axis displays the utilization percentage.
platform.
255

Table 189: System View Dashboard for Dashboard for Alteon ADC-VX (cont.)
Component
Description
Temperature and Fans
This frame contains two sections: the temperature and status of

the critical fans.
The chart view for temperature displays the following:
A thermometer, per sensor, with a color indicator for

temperature status: greenfor nominal, and redfor not
operating/not operating properly.
A table with the sensor number and the temperature status

(for example: Normal).
The table view for temperature displays a table with the following
columns:
Sensor ID.
StateFor example, Normal.
TemperatureIn Celsius and Fahrenheit.
The chart view for fans displays the following:
A fan with a color indicator for the current temperature status:

greenfor nominal, and redfor not operating/not operating
properly.
A table with the number of fans and the current operational

status (for example: Up).
The table view for fans displays a table with the following columns:
System Usage
Fan IDOnly the critical fans.
StateFor example, Up.
The chart view contains three bar graphsHard Disk, Capacity

Units, and ADC Allocationshowing the current utilization value
(percentage). The Y-axis displays the current utilization
percentage.
256
NameHard Disk, Capacity Units, and ADC Allocation.
CurrentThe current utilization absolute value (for Hard disk,

in gigabytes, for Capacity Units and ADC Allocation, the
number).
MaximumThe maximum available absolute value (for Hard

disk, in gigabytes, for Capacity Units and ADC Allocation, the
number).

vADCs View Dashboard for Alteon ADC-VX

You can select up to five vADCs to monitor.
The following table describes the frames in the vADCs View dashboard for the ADC-VX platform.
Table 190: vADCs View Dashboard for ADC-VX
Component
Description
vADC Summary and Selection This frame contains two sections: vADC Utilization Summary and
vADC Selection.
There is no table view for this frame.
vADC Utilization Summary shows a status indicator (High, Medium,
Low) for SP CPU Utilization and Throughput Utilization.
Use the vADC Selection table to select the vADC to monitor in the
dashboard (up to five). The table contains the following columns:
ID, Name, and CU (which displays the number of allocated CUs).
CPU Utilization
The chart view displays two bar graphs for each selected vADC.
One bar shows the current MP CPU utilization (%). One bar shows
the current SP CPU utilization (%). The Y-axis displays the
utilization percentage. If more than one vADC is operating at the
same utilization, only the top line is displayed.
vADCThe vADC ID.
NameThe vADC name, if configured.
MP utilization (%).
SP CPU (%).
ThroughputA line for each selected vADC displaying the

throughput utilization percentage over time. If more than one
vADC is operating at the same utilization, only the top line is
displayed.
SSLA line for each selected vADC displaying the SSL

utilization percentage over time. If more than one vADC is
operating at the same utilization, only the top line is displayed.
vADCThe vADC ID.
NameThe vADC name, if configured.
Throughput (%).
SSL (%).
257

Monitoring Alteon with the Application Delivery View

The Application Delivery View is available for Alteon standalone and vADC.
The following table describes the frames in the Application Delivery View dashboard for the Alteon
standalone and vADC platforms.
Table 191: Application Delivery View Dashboard for Alteon Standalone and vADC
Component
Virtual Service Selection
Virtual Service Performance
Description
StatusThe operational status of the virtual service.
Virtual ServerThe identifier of the virtual server for the

virtual service.
ApplicationValues: http, ftp, dns
PortThe virtual service port.
ProtocolThe virtual service protocol. Values: tcp, udp
The chart view displays the following for each entry selected in the
Virtual Service Selection frame:
Throughput (Mbps)
Connections per Second
Concurrent Connections
The chart contains tool tips displaying a timestamp, a colored

virtual service identifier, and virtual service performance statistics.
Virtual Server
Port
Throughput (Mbps)
Note: You must globally enable virtual service statistics reporting to display information in the
Application Delivery View.
To configure virtual service statistics settings

1.
Select Configuration > Application Delivery > Virtual Services > Settings.
2.
Select the Statistics tab.
3.
In the Statistics Measuring Period field, type a value in seconds in the range 13600.
4.
Set the Per Service Statistics option to Enable.
5.
Click Submit.
258

Monitoring Alteon with the Service Status View

The Service Status View is available for Alteon standalone, VA, and vADC.
The Service Status View, which refreshes every 15 seconds, can display configuration information
and status information on all the virtual services and the following associated Alteon objects:
AppShape++ scripts
Content rules
Server groups
Real servers
Note: For information on the statuses, see Status Criteria, page 261 below.
To view the Service Status View

>
In the Configuration perspective or Monitoring perspective, select Overview > Service Status
View.
The Service Status View comprises two frames: Status Summary and Detailed Status.
The Status Summary shows a summary of the following:
Virtual servicesThe total number of virtual services configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, and Admin Down).
Server groupsThe total number of server groups configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and
Mixed). Mixed indicates that the group is associated with multiple virtual services, and the
statuses are not the same.
Real serversThe total number of real servers configured on the platform and a pie chart
that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed).
Mixed indicates that the real server is associated with multiple server groups, and the
statuses are not the same.
Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status
frame.
The Detailed Status frame comprises:
Detailed Status treeA tree with all the virtual services on the devices
Detailed Status filterA filter with which you can filter the services
The status of each node in the tree is identified with an icon
By default, all the parent nodes in the treethe Virtual Service nodesare collapsed.
Each Virtual Service node is in the following format:
Virtual Service ID: <ID>, (<Port> <TCP|UDP>), Action: < Action>

where:
<ID> is the specified ID of the virtual service.
<Port> is the specified port number of the of the virtual service.
259

<TCP|UDP> is the relevant protocol of the virtual service.
< Action> is either the specified Action when the Application is HTTP or HTTPS (Group,
Redirect, or Discard) or Group for all other Application values.
Example
Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group
Expanding a Virtual Service node displays the following:
AppShape++ Script(s) Associated The Service Status View displays this node only if the
Content Rules This node is displayed only if the virtual service is configured with one or
virtual service is configured with one or more AppShape++ scripts.

more content rules. The Service Status View displays content rules numerically, each in the
following format:
<Rule ID>, Action: <Action>, Group: <Group name>
Group ID: <ID> The ID of the server group, and includes the following node(s) sorted
alphanumerically, each in the following format:
<Real server ID>: <IP address>
Note: Backup real servers and backup groups appear in the tree only when they are active.
Detailed Status Filter

Applying a filter refreshes the tree view and shows the updated statuses and objects based on the
filter criteria. The filter uses a Boolean AND operator on the data.
By default, the child objects of each virtual service node are collapsed. After you apply the filter, the
tree view displays the relevant object expanded.
To filter the Detailed Status tree

>
Configure the filter parameters and click GO.
Table 192: System View Dashboard for Alteon Standalone and VA
Parameter
Description
Status
Values:
AllShow the specified object types with all statuses.
UpShow only the specified object types with the Up status.
DownShow only the specified object types with the Up status.
Admin DownShow only the specified object types with the Down status.
WarningShow only the specified object types with the Warning status.
Down + WarningShow the specified object types with the Down status and
the Warning status.
Default: All
Note: For more status information, see Status Criteria, page 261.
260

Parameter
Description
Type
Values:
AllShow all object types.
Virtual ServiceShow only the virtual services that match the other criteria.
Server GroupShow only the server groups that match the other criteria.
Real ServerShow only the real servers that match the other criteria.
Content RuleShow only the content rules that match the other criteria.
Default: All
Free Text
Free text that filters the results according to ID or other identifier.

For example:
You can filter for a real server by entering its IP address.
You can filter for a group by entering the suffix of its ID.
Status Criteria
The following table describes the criteria for the statuses of virtual servers. One of the criteria is the
service-action status. You can specify Action for an HTTP or HTTPS serviceGroup, Redirect or
Discard. For non-HTTP/S services, the action is always (implicitly) Group. When the Action is Group,
the service-action status is the Group status. When the Action is Redirect or Discard, the serviceaction status is always Up. For more information, see Configuring a Virtual Service for a Virtual
Server, page 237.
Table 193: Virtual Service Statuses
Status
Description
Admin Down
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Admin Down state)
OR
The Enable Virtual Server checkbox is cleared.
Down
(The service-action status is in the Down state AND the Content Rules status is in
the Down state)
OR
is in the Down state)
OR
is in the Admin Down state).
261

Table 193: Virtual Service Statuses (cont.)
Status
Description
Up
(The service-action status is in the Up state AND the Content Rules status is in the
Up state)
OR
is in the Up state)
OR
(The service-action status is in the Up state AND the Content Rules status is in the
Admin Down state).
Warning
The service-action status is in the Warning state

OR
The Content Rules status is in the Warning state
OR
(The service-action status is in the Down state AND the Content Rules status is in
the Up state)
OR
(The service-action status is in the UP state AND the Content Rules status is in the
Down state)
OR
(There is an enabled associated AppShape++ script AND the service-action status is
in the Down AND The Content Rules status is in the Down state).
The following table describes the criteria for the statuses of Content Rules. Only HTTP and HTTPS
applications support content-based rules. The Service Status View determines the value by taking
into account all the content-based rules in the virtual service.
Table 194: Content Rules Statuses
Status
Description
Admin Down
The Enable Content Based Rule checkbox is cleared for all the contentbased rules.
Down
All the all the content-based rules are in the Down state
OR
Some of the all the content-based rules are in the Down state while the rest
are in the Admin Down state.
The Service Status View always considers a content-based rule with no
associated Content Class to be in the Down state.
Up
All the all the content-based rules are in the Up state

OR
Some of the all the content-based rules are in the Up state while the rest are
in the Admin Down state.
Warning
At least one content-based rule is in the Warning state

OR
some of the content-based rules are in the UP state and some are in the
Down state.
262

The following table lists the criteria for the statuses of real-server groups. The Service Status View
determines the value based on the status of each real server in the groupusing a Boolean AND
operator. The value 1 represents Yes. The value 0 represents No.
Table 195: Real-Server Group Statuses
Real-Server
Group Status
Real Server Is in
Up State
Real Server Is in Real Server Is in

Warning State
Down State
Real Server is in
Admin Down State
Up
Warning
Down
Admin Down
263

264
Chapter 11 Monitoring the Alteon System

This chapter describes monitoring Alteon system operations.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
Monitoring General Information, page 265
CPU Utilization, page 266
Monitoring Capacity, page 268
Maintenance, page 272
Monitoring General Information

The Alteon parameters that Alteon displays depend on the Alteon form factor and/or platform:
To monitor general system information

>
In the Monitoring perspective, select System > General Information.
Table 196: General Information: General Parameters
Parameter
Description
Switch Name
The name of the switch.
System Time
The system time.
System Date
The system date.
Last Apply
The time and date of the last Apply action.
Last Save
The time and date of the last Save action.
Last Boot
The time and date of the last boot.
Switch Uptime
The amount of time the switch has been up.
Table 197: General Information: Licenses Parameters
Parameter
Description
Software Features
The software features.
Table 198: General Information: System Hardware Parameters
Parameter
Description
MAC Address
The MAC address.
Serial Number
The serial number.
265

Monitoring the Alteon System
Parameter
Description
Mainboard Hardware No
The mainboard hardware number.
Mainboard Hardware Rev
The mainboard hardware revision.
Ethernet Board Hardware

No
The Ethernet board hardware number.
Ethernet Board Hardware

Rev
The Ethernet board hardware revision.
Temperature Sensors
The number of temperature sensors.

(Alteon VX only.)
Hard Disk
The capacity, in GBs, of the hard disk.
Used Disk Space
The used space, in GBs, of the hard disk.
Total RAM
The capacity, in GBs, of RAM.
Power Supply
The number of power supplies.

(Alteon VX only.)
Fan Status
The fan status.
SSL Chip
Displays the following parameters regarding the SSL chips:
(Alteon VX only.)
SSL Chip StatusValues: Active Initialized, and so on.
TypeFor example:
Cavium HSM; Model NITROX XL CN16XX-NFBE;
HSM State
AmountThe quantity of HSM card on the platform, which is

typically 1.
The state of the HSM card.

Values: trusted, and so on.
Note: Initialization of the HSM card is done using the Alteon CLI.
For more information, see the Alteon Application Switch Operating
System Application Guide and Alteon Application Switch Operating
System Command Reference.
Current capacity units
The current capacity units configured on the platform.

(Alteon standalone only.)
Max capacity units
The maximum capacity units configured on the platform.

Current throughput
The current throughput.

Max throughput
The maximum throughput configured on the platform.

CPU Utilization
To monitor CPU utilization
>
266
In the Monitoring perspective, select System > CPU Utilization.

Table 199: CPU Utilization: Management Processor Parameters
Parameter
Description
Admin Context CPU Utilization

This group box is displayed only in ADC-VX mode.
Last Second
The CPU utilization of the admin context in the last second.
Last 4 Seconds
The CPU utilization of the admin context in the last four seconds.
Last 64 Seconds
The CPU utilization of the admin context in the last 64 seconds.
CPU Utilization
This group box is displayed only in vADC mode and standalone mode.
Last Second
The CPU utilization of the management processor in the last second.
Last 4 Seconds
The CPU utilization of the management processor in the last four

seconds.
Last 64 Seconds
The CPU utilization of the management processor in the last 64

seconds.
Memory
This group box is displayed only in standalone mode and ADC-VX mode and standalone mode.
Free
The memory resources currently free on the management processor.
Total
The total memory resources of the management processor.
Table 200: CPU Utilization: Switch Processor Parameters
Parameter
Description
CPU Utilization
SP Number
The switch-processor number.
Last Second
The CPU utilization of the switch processor in the last second.
Last 4 Seconds
The CPU utilization of the switch processor in the last four seconds.
Last 64 Seconds
The CPU utilization of the switch processor in the last 64 seconds.
Dynamic Memory Statistics

This group box is not displayed in ADC-VX mode.
SP Number
The switch-processor number.
Total Memory
The total memory resources of the switch processor.
Current Memory
The memory resources, in KB, currently used on the switch processor.
Hi water mark
The peak memory resources, in KB, used on the switch processor.
Allowed Max
The allowed maximum memory usage, in KB.
To clear the current CPU-utilization data of the switch processor

1. In the Monitoring perspective, select System > CPU Utilization.
2. In the Switch Processor group box, click Clear.
267

Monitoring Capacity
This feature is available only in Alteon standalone, VA, and ADC-VX.
Monitoring capacity comprises the following:
Monitoring System Capacity, page 268
Monitoring Network Capacity, page 269
Monitoring Application Delivery Capacity, page 270
Monitoring System Capacity

This feature is available only in version 30.0 and later.
To monitor system capacity

>
In the Monitoring perspective, select System > Capacity > System.
Table 201: System Capacity Parameters in Alteon Standalone, VA, and vADC
Parameter
Description
Cache Usage (MB)
Comprises the following two values:
Hard Disk (GB)
RAM (GB)
MaximumThe maximum cache usage, in MB, that the device can

support.
CurrentThe current cache usage, in MB.
MaximumThe hard-disk size, in GB, that the device can support.
CurrentThe current hard-disk usage, in GB.
In UseThe amount of hard-disk space in use, in MB.
MaximumThe maximum RAM, in GB, that the device can support.
Table 202: System Capacity Parameters in ADC-VX
Parameter
vADCs
Capacity Units
268
Description
MaximumThe maximum number of vADCs that the device can

support.
CurrentThe current number of vADCs configured on the device

and, in parentheses, the number of enabled vADCs on the device.
MaximumThe maximum number of capacity units that the device

can support.
CurrentThe current number of capacity units configured on the

device.

Monitoring Network Capacity

To monitor network capacity

>
In the Monitoring perspective, select System > Capacity > Network.
Table 203: Network Capacity Parameters in Alteon Standalone and VA
Parameter
Description
FDB
VLANs
ARP Entries
IP Interfaces
IP Routes
VRRP Routers
MaximumThe maximum Forwarding Database usage that the

device can support.
CurrentThe current Forwarding Database usage.
MaximumThe maximum number of VLANs that the device can

support.
CurrentThe current number of VLANs configured on the device

and, in parentheses, the number of enabled VLANs on the device.
MaximumThe maximum ARP entries that the device can support.
CurrentThe current number of ARP entries configured on the

device and, in parentheses, the number of enabled ARP entries on
the device.
MaximumThe maximum number of IP interfaces that the device

can support.
CurrentThe current number of IP interfaces configured on the

device and, in parentheses, the number of enabled IP interfaces on
the device.
MaximumThe maximum number of IP routes that the device can

support.
CurrentThe current number of IP routes configured on the

device.
MaximumThe maximum number of VRRP routers that the device

can support.
CurrentThe current number of VRRP routers configured on the

device and, in parentheses, the number of enabled VRRP routers
on the device.
269

Table 204: Network Capacity Parameters in Alteon vADC
Parameter
FDB
ARP Entries
IP Interfaces
IP Routes
VRRP Routers
Description
MaximumThe maximum Forwarding Database usage that the

device can support.
CurrentThe current Forwarding Database usage.
MaximumThe maximum ARP entries that the device can support.
CurrentThe current number of ARP entries configured on the

device and, in parentheses, the number of enabled ARP entries on
the device.
MaximumThe maximum number of IP interfaces that the device

can support.
CurrentThe current number of IP interfaces configured on the

device and, in parentheses, the number of enabled IP interfaces on
the device.
MaximumThe maximum number of IP routes that the device can

support.
CurrentThe current number of IP routes configured on the device.
MaximumThe maximum number of VRRP routers that the device

can support.
CurrentThe current number of VRRP routers configured on the

device and, in parentheses, the number of enabled VRRP routers on
the device.
Table 205: Network Capacity Parameters in ADC-VX
Parameter
VLANs
Description
MaximumThe maximum number of VLANs that the device can

support.
CurrentThe current number of VLANs configured on the device

and, in parentheses, the number of enabled VLANs on the device.
Monitoring Application Delivery Capacity

This feature is available only in Alteon standalone, VA, and vADC.
To monitor application-delivery capacity

>
270
In the Monitoring perspective, select System > Capacity > Application Delivery.

Table 206: Application Delivery Capacity Parameters
Parameter
Real Servers
Server Groups
Virtual Servers
Description
MaximumThe maximum number of real servers that the

device can support.
CurrentThe current number of real servers configured on

the device and, in parentheses, the number of enabled real
servers on the device.
MaximumThe maximum number of server groups that

the device can support.
CurrentThe current number of server groups configured

on the device.
MaximumThe maximum number of virtual servers that

the device can support.
CurrentThe current number of virtual servers configured

on the device and, in parentheses, the number of enabled
virtual servers on the device.
Virtual Services
The maximum number of virtual services that the device can

support.
Real Services
The maximum number of real services that the device can

support.
Filters

in version 30.0 and later.)
MaximumThe maximum number of filters that the device

can support.
CurrentThe current number of filters currently used and,

in parentheses, the number of enabled filters on the device.
Session Table Entries

MaximumThe maximum number of Session table entries

that the device can support.
CurrentThe current number of Session table entries

currently used and, in parentheses, the number of enabled
Session table entries on the device.
Dynamic Data Store
MaximumThe maximum number of 512-byte blocks that

the device can support in the dynamic data store.
CurrentThe current number of 512-byte blocks currently

used in the dynamic data store. Note that each persistency
and user-defined entry can occupy one or more 512 byte
blocks.
Keys

MaximumThe maximum number of keys that the device

can support.
CurrentThe current number of keys configured on the

device.
271

Table 206: Application Delivery Capacity Parameters (cont.)
Parameter
Description
Certificate Signing Requests

MaximumThe maximum number of certificate signing

requests that the device can support.
CurrentThe current number of certificate signing requests

configured on the device.
Server Certificates

MaximumThe maximum number of server certificates

that the device can support.
CurrentThe current number of server certificates

configured on the device.
Maintenance
Use the Maintenance tab to manage technical support data, packet capture, and trace logging of
application services.
Technical Support Data

This procedure describes how manage technical support data.
Note: All passwords in the technical support data files are encrypted.
To manage technical support data

1.
In the Monitoring perspective, select System > Maintenance.
2.
In the Technical Support Data tab, configure the parameters, and do one the following:
Click Generate to generate the technical support file.
Click Export to export the put dump archive.
Table 207: Technical Support Data Parameters
Parameter
Description
Specifies whether to include private keys.
Passphrase
The passphrase, which must be at least four characters long.
Confirm Passphrase
The passphrase, which must be at least four characters long.
Packet Capture
The Alteon VA translates the VMware MAC address assigned to virtual servers and interfaces to its
own, internal MAC address for internal processing. It switches the Alteon VA MAC address back to
the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the
internal Radware Alteon VA MAC address is shown in some of the tables and dumps displayed on the
console.
272

To manage packet capture

1. In the Monitoring perspective, select System > Maintenance.
2. In the Packet Capture tab, configure the parameters, and do one the following:
Click Start to start the packet capture.
Click Stop to stop the packet capture.
Click Export to export the packet capture.
Click Clear Capture File to clear the packet capture file.
Table 208: Packet Capture Parameters
Parameter
Description
Packet Count
The maximum number of captured packets.

Range: 0-1000000000
Packet Length
Port Range
The packet snap length, that is, the length of packets to capture, in bytes.
Range: 0-9100
The port range.
The valid range depends on the Alteon platform:
VA:1-2
5412:1-16
4416:1-16
4408:1-8
5208:1-10
5224:1-26
5224XL:1-26
5412XL:1-16
4416XL:1-16
4408XL:1-8
5208XL:1-10
6420:1-24
VLAN
The VLAN range.

Range: 1-4090
273

Table 208: Packet Capture Parameters (cont.)
Parameter
Description
Packet Filter String
The packet capture filter string field is used to set the capture filter
parameters. It accepts the same filter criteria (syntax) as the tcpdump
format.
The following parameters can be set with an and or an or operator
between them, or using parentheses:
dst host <host>Filters the output on the specified destination host IP.
src host <host>Filters the output on the specified source host IP

address.
dst port <port>Filters the output on the specified destination port.
src port <port>Filters the output on the specified source port.
portFilters the output on the specified port.
tcpFilters the output for TCP traffic only.
udpFilters the output for UDP traffic only
icmpFilters the output for ICMP traffic only.
ip multicastFilters the output for multicast traffic only.
ip broadcastFilters the output for broadcast traffic only.
Example: (dst host 6.6.6.6 or src host 6.6.3.3) and port 80

Application Services Trace Log

Enabling Application Services Trace Logging may impact performance on Alteon traffic processing
capabilities. Make sure that you disable trace logging when you are done.
To manage application services trace log

1.
In the Monitoring perspective, select System > Maintenance.
2.
In the Application Services Trace Log tab, configure the parameters, and do one the following:
3.
Click Clear to clear the trace log.
4.
Click Export to export the trace log.
5.
Click Submit to submit the configuration.
Table 209: Application Services Trace Log Parameters
Parameter
Description
AppShape++
Specifies whether to enable logging of AppShape++ activities.

Default: Disabled
Caching
Specifies whether to enable logging of caching activities.

Default: Disabled
Compression
Specifies whether to enable logging of compression activities.

Default: Disabled
Content Class
Specifies whether to enable logging of Content Class activities.

Default: Disabled
274

Table 209: Application Services Trace Log Parameters (cont.)
Parameter
Description
HTTP
Specifies whether to enable logging of HTTP activities.
HTTP Modification
Specifies whether to enable logging of HTTP Modification activities.
Default: Disabled
Default: Disabled
SSL
Specifies whether to enable logging of SSL activities.

Default: Disabled
TCP
Specifies whether to enable logging of TCP activities.

Default: Disabled
FastView Logs
This procedure describes how access the FastView log files.
To manage technical support data

1. In the Monitoring perspective, select System > Maintenance.
2. In the FastView Logs tab, select one of the following FastView log files to display:
SMF Hub
Configuration Manager
Compiler
View the FastView logs for SMF Hub, Config Manager, and the Compiler. Each button launches a new
pane for you to see the details in the log.
Table 210: Application Services Trace Log Parameters
Parameter
Description
FastView
Specifies whether to enable logging of FastView activities.
FastView SMF
Specifies whether to enable logging of FastView SMF activities.
275

276
Chapter 12 Monitoring the Alteon Network

This chapter describes monitoring Alteon network operations.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
Monitoring and Controlling Physical Ports, page 277
Monitoring Layer 2, page 278
Monitoring Layer 3, page 280
Monitoring High Availability, page 286
Monitoring and Controlling Physical Ports

This feature is available only in Alteon standalone, VA, and ADC-VX.
To monitor physical ports

>
In the Monitoring perspective, select Network > Physical Ports.
Table 211: Physical Port Parameters
Parameter
Description
Port ID
The port identifier.
Status
The status of the port.

Values: Enable, Disable
Operational Status
The port status.

Values: Online, Offline
Octets
In
The number of inbound octets.
Out
The number of outbound octets.
Unicast Packets
In
The number of inbound unicast packets.
Out
The number of outbound unicast packets.
Broadcast Packets
In
The number of inbound broadcast packets.
Out
The number of outbound broadcast packets.
Multicast Packets
In
The number of inbound multicast packets.
277

Monitoring the Alteon Network
Table 211: Physical Port Parameters (cont.)
Parameter
Description
Out
The number of outbound multicast packets.
Discards
In
The number of inbound discarded packets.
Out
The number of outbound discarded packets.
Errors
In
The number of inbound errored packets.
Out
The number of outbound errored packets.
To enable physical ports

1.
2.
Select the row in the table for the required port.
3.
Click Enable.
To disable physical ports

1.
2.
3.
Click Disable.
To clear statistics for physical ports

1.
2.
3.
Click Clear Statistics.
Monitoring Layer 2
Monitoring Layer 2 comprises the following topics:
Monitoring FDB, page 278
Monitoring STG, page 280
Monitoring FDB
The forwarding database (FDB) contains information that maps the media access control (MAC)
address of each known Alteon to the port where the Alteon address was learned. The FDB also
shows which other ports have seen frames destined for a particular MAC address.
278

Note: The master forwarding database supports up to 16K MAC address entries on the MP per
Alteon. Each SP supports up to 8K entries.
To display FDB monitoring parameters

>
In the Monitoring perspective, select Network > Layer 2 > FDB.
Table 212: FDB Monitoring Parameters
Parameter
Description
MAC Address
The MAC address in the FDB.
VLAN
The VLAN.
Values: 14090
Port
The port number. 0 specifies unknown.
Trunk
The trunk-group number. The FDB entries on a single trunk.

Values: 14090
State
References SPs
Values:
ForwardThe address has been learned by Alteon.
TrunkingThe Port field represents the trunk group number.
UnknownThe MAC address has not yet been learned by Alteon,

but has only been seen as a destination address. When an address
is in the Unknown state, no outbound port is indicated, although
ports which reference the address as a destination are listed under
reference ports.
InterfaceThe MAC address is for a standard VRRP virtual router.
Virtual server (VIP)The MAC address is for a virtual server

router, a virtual router with the same IP address as a virtual server.
The SP number.
Values: 14
Learned Port
The learned port number.

Values: 14
To clear the entire FDB

1. In the Monitoring perspective, select Network > Layer 2 > FDB.
2. Click Clear Entire FDB.
279

Monitoring STG
This feature is available only in Alteon standalone and VA.
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.
Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.
To display Spanning Tree Group monitoring parameters

>
In the Monitoring perspective, select Network > Layer 2 > STG.
Table 213: STG Monitoring Parameters
Parameter
Description
Spanning Tree Group
The IP address of ARP entry.
Number Of Topology changes
The number of topology changes.
Time Since Last Changes
The time since the last changes.
Table 214: Spanning Tree Group BPDU Statistics Parameters
Statistic
Description
Port
The port number.
Status
The status of the port.
BPDUs Received AB 20141223 changed to Bold all - per original

Configuration
The number of configuration BPDUs received.
TCN
The number of TCN (Topology Change Notification) messages received.
RSTP/MST
The number of MST or RST BPDUs received.
BPDUs Transmitted
Configuration
The number of configuration BPDUs transmitted.
TCN
The number of TCN (Topology Change Notification) messages transmitted.
RSTP/MST
The number of MST or RST BPDUs transmitted.
Monitoring Layer 3
Monitoring Layer 3 comprises the following topics:
Monitoring Gateways, page 281
Monitoring Routes, page 281
Monitoring Learned MACs (or IP FDB), page 282
Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 285
Monitoring Interfaces, page 286
280

Monitoring Gateways
To monitor gateways
>
In the Monitoring perspective, select Network > Layer 3 > Gateways.
Table 215: Gateway Monitoring Parameters
Parameter
Description
Status
The status of the gateway.
Gateway ID
The identifier of the gateway.
IP Address
The IP address of the gateway.
VLAN
The VLAN identifier of the gateway.
Monitoring Routes
To monitor routes
>
In the Monitoring perspective, select Network > Layer 3 > Routes.
Table 216: IPv4 Routes Monitoring Parameters
Parameter
Description
Entry
The number of the route entry.
Destination
The destination IP address of the route.
Mask
The subnet mask of the route.
Gateway
The IP address of the route gateway.
Type
The route type.

Values:
IndirectThe next hop to the host or subnet destination are forwarded

through a router at the gateway address.
DirectPackets are delivered to a destination host or subnet attached to

Alteon.
LocalIndicates a route to one of the Alteon IP interfaces.
BroadcastIndicates a broadcast route.
MartianThe destination belongs to a host or subnet that is filtered out.

Packets to this destination are discarded.
281

Parameter
Tag
Description
The tag that indicates the origin of the route.
Values:
FixedThe address belongs to a host or subnet attached to Alteon.
StaticThe address is a static route which has been configured on Alteon.
AddrThe address belongs to one of the Alteon IP interfaces.
RIPThe address was learned by the Routing Information Protocol (RIP).
OSPFThe address was learned by Open Shortest Path First (OSPF).
BGPThe address was learned via the Border Gateway Protocol (BGP)
BroadcastIndicates a broadcast address.
MartianThe address belongs to a filtered group.
MulticastIndicates a multicast address.
VIPIndicates a route destination that is a virtual server IP address. VIP

routes are needed to advertise virtual server IP addresses via BGP.
Metric
The metric for RIP tagged routes, specifying the number of hops to the
destination (1 through 15 hops, or 16 for infinite hops).
Interface
The IP interface that the route uses.
The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is
shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.
Table 217: IPv6 Routes Monitoring Parameters
Parameter
Description
Entry
The number of the route entry.
Destination
The destination IP address of the route.
VLAN
The VLAN of the route.
Next Hop
The next hop of the route.
Protocol
The route protocol.

Values: Local, Static
Monitoring Learned MACs (or IP FDB)

The name of this node in Alteon version 30.1 and earlier is IP FDB. The name of this node in Alteon
version 30.2 and later is Learned MACs.
Monitoring learned MACs (or IP FDB) comprises the following topics:
ARP, page 283Displaying ARP monitoring parameters and clearing the ARP cache
Neighbor Cache, page 283Includes displaying neighbor-cache monitoring parameters and

summary information and clearing the neighbor cache
282

ARP
This procedure describes how to display the ARP monitoring parameters.
To display ARP monitoring parameters

>
In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
Table 218: ARP Monitoring Parameters
Parameter
Description
IP Address
The IP address of ARP entry.
Flags
The flag associated with the entry.

Examples:
clear
permanentNot obtained via an ARP request (for example, IP interface and

VIP)
layer4Layer 4 IP address (VIP)
MAC Address
The MAC address of the ARP entry.
VLAN
The VLAN of the ARP entry.
Port
The physical port where this IP address owner is connected.
Referenced SPs
The number of SPs on which this ARP entry is present.
To clear the ARP cache

1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
2. Select the relevant row in the table.
3. Click Clear ARP Cache.
Neighbor Cache
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link layer addresses and
reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor.
Neighbor Cache entries are added in the following situations:
Entries are added when an IPv6 interface or virtual IP is operational.
Reception of ND messages from neighbor.
A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
283

To display neighbor-cache monitoring parameters and summary information

>
Table 219: Neighbor Cache Monitoring Parameters
Parameter
Description
IP6 Address
The IPv6 address of the Neighbor Cache entry.
MAC Address
The MAC address of the Neighbor Cache entry.
VLAN
The VLAN of the Neighbor Cache entry.
Port
The physical port of the Neighbor Cache entry.
State
The the reachability state of the Neighbor Cache entry.

Values:
Type
INCPMIncomplete. The link-layer address of the neighbor has not yet been
determined.
REACHReachable. The neighbor is known to have been reachable recently.
StaleThe neighbor is no longer known to be reachable, but until traffic is

sent to the neighbor, no attempt should be made to verify its reachability.
DelayThe neighbor is no longer known to be reachable, and traffic has

recently been sent to the neighbor.
ProbeThe neighbor is no longer known to be reachable, and ND messages

are sent to the neighbor to verify reachability.
The type of the Neighbor Cache entry.

Values:
LOCALThe entry is a preconfigured address on Alteon.
DYNAMICThe entry is a neighbor address learned from ND.
Table 220: Neighbor Cache Summary Information Parameters
Parameter
Description
Total dynamic neighbor cache entries
The total number of dynamic Neighbor Cache entries.
Total local neighbor cache entries
The total number of local Neighbor Cache entries.
Other neighbor cache entries
The number of other Neighbor Cache entries.
To clear the neighbor cache

1.
2.
Select the relevant row in the table.
3.
Click Clear Neighbor Cache.
284

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier

To monitor VRRP virtual routers

>
In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
Table 221: Legacy VRRP Virtual Router Parameters
Parameter
Description
Status
The VRRP status.

Values:
InitIf there is no port in the virtual routers VLAN with an active

link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
MasterThe virtual router is the master.
BackupThe virtual router is a backup.
HoldoffVRRP operation is globally suspended for the specified

interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.
Router ID
The router identifier.
VR ID
The virtual router identifier.
IP Address
The IP address of the virtual router.
Interface
The IP interface of the device. If the IP interface has the same IP

address as the IP address, this device is considered the owner of the
defined virtual router.
Priority
The election priority bias for this virtual server.

During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual routers IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.
285

Table 221: Legacy VRRP Virtual Router Parameters (cont.)
Parameter
Description
Ownership
The owner of the VRRP IP address.

Values:
OwnerIf the IP interface has the same IP address as the virtual

address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.
RenterThe virtual router that is not owned by the device.
To switch over a VRRP virtual router

1.
In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
2.
Select an entry and click Backup.
Monitoring Interfaces
To monitor interfaces
>
In the Monitoring perspective, select Network > Layer 3 > Interfaces.
Table 222: Interface Monitoring Parameters
Parameter
Description
State
The state of the interface.
Interface ID
The identifier of the interface.
IP Address
The IP address of the interface.
Mask
The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields
displays 0.0.0.0.
Prefix
The prefix of the interface if the interface is IPv6. If the interface is IPv4, the
fields displays 0.
VLAN
The VLAN identifier of the interface.
Monitoring High Availability

This section comprises the following topics:
Monitoring High Availability in Alteon Version 30.1, page 287
Monitoring High Availability for Alteon Version 30.2 and Later, page 289
286

Monitoring High Availability in Alteon Version 30.1

Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.
For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do
the following:
When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.
When the High Availability Mode on the device is Service HA:
Monitor high-availability information.
Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
When the High Availability Mode on the device is Legacy VRRP:
Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
To monitor Service HA information in Alteon version 30.1

>
In the Monitoring perspective, select Network > Layer 3 > High Availability.
Table 223: Service HA Monitoring Parameters
Parameter
Description
Status
The Service HA status.
HA Group ID
The HA Group identifier.
To monitor Switch HA information in Alteon version 30.1

>
In the Monitoring perspective, select Network > Layer 3 > High Availability
Table 224: Switch HA Monitoring Parameters
Parameter
Description
Peer Switch ID
The identifier of the peer.
Peer Switch Address
The IP address of the advertisement IP interface associated with the

peer.
Last Sync
The type (manual or automatic), status, timestamp, and failure reason

of the last configuration synchronization attempt.
Last Successful Sync
The type (manual or automatic) and timestamp of the last successful

configuration synchronization.
287

To monitor legacy VRRP virtual routers in Alteon version 30.1

>
In the Monitoring perspective, select Network > Layer 3 > High Availability.
Parameter
Description
Status
The VRRP status.

Values:

owner.

server.
Router ID
VR ID
IP Address
Interface

Priority

Values: 1254
Default: 100
288

Table 225: Legacy VRRP Virtual Router Parameters (cont.)
Parameter
Ownership
Description
Values:

authority.
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.
To force a master Alteon into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Click Backup.
To force a master service group into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Select the required service group or service groups.
3. Click Backup.
Monitoring High Availability for Alteon Version 30.2 and Later

Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.
When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.
When the High Availability Mode on the device is Service HA:
Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
When the High Availability Mode on the device is Legacy VRRP:
289

Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
To view High Availability mode and state

>
In the Monitoring perspective, select Network > High Availability.

The High Availability Mode field displays one of the following: Disabled, Switch HA, Service
HA, Legacy VRRP
The Status field displays master or backup.
To monitor Service HA information

>
In the Monitoring perspective, select Network > High Availability > Sync Status.
Table 226: Service HA Monitoring Parameters
Parameter
Description
Status
The Service HA status.
HA Group ID
The HA Group identifier.
To monitor Switch HA information

>
Table 227: Switch HA Monitoring Parameters
Parameter
Description
Peer Switch ID
The identifier of the peer.
Peer Switch Address
The IP address of the advertisement IP interface associated with the

peer.
Last Sync
The type (manual or automatic), status, timestamp, and failure reason

of the last configuration synchronization attempt.
Last Successful Sync
The type (manual or automatic) and timestamp of the last successful

configuration synchronization.
To monitor legacy VRRP virtual routers

>
290

Parameter
Description
Status
The VRRP status.

Values:

owner.

server.
Router ID
VR ID
IP Address
Interface

Priority

Values: 1254
Default: 100
Ownership

Values:

authority.
291

Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.
To force a master Alteon into backup mode

1.
2.
Click Backup.
To force a master service group into backup mode

1.
2.
Select the required service group or service groups.
3.
Click Backup.
292
Chapter 13 Monitoring Alteon Application

Delivery
This chapter describes monitoring Alteon application-delivery operations.
This section contains the following main topics:
Clearing Non-operating SLB Statistics, page 293
Monitoring and Controlling Virtual Service, page 293
Monitoring and Controlling Server Groups, page 296
Monitoring and Controlling Virtual Servers, page 298
View a FastView Web Application, page 301
Monitoring and Controlling APM, page 302
Monitoring AppShape++ Statistics, page 302
Monitoring and Controlling Application Services, page 303
Monitoring and Controlling SSL, page 309
Monitoring and Managing Filters, page 309
Monitoring LinkProof, page 310
Clearing Non-operating SLB Statistics

In Alteon version 30.1 and later, you can clear all non-operating SLB statistics, resetting them to
zero.
The action, Clear All SSB Statistics, does not reset Alteon and does not affect the following
counters:
Counters required for Layer 4 and Layer 7 operations (such as current real server sessions)
All related SNMP counters
To clear all non-operating SLB statistics

1.
In the Monitoring perspective, select Application Delivery > Virtual Service.
2.
Click Clear All SSB Statistics.
Monitoring and Controlling Virtual Service

Monitoring and controlling virtual services comprises the following:
Monitoring and Controlling Real Servers, page 294
Monitoring and Controlling Server Groups, page 296
293

Monitoring Alteon Application Delivery
Monitoring and Controlling Virtual Servers, page 298
Monitoring and Controlling APM, page 302
In Alteon version 30.1 and later, you can clear all SLB statistics.
Monitoring and Controlling Real Servers

You can view monitoring information of the real servers and change their operational status.
Note: Changing the operational status of a real server is typically performed for maintenance
purposes. If you execute a change to the operational status of a real server, the change takes effect
without an Apply or Save command. When the Alteon resets, the real server reverts to its
configuration status (that is, enabled or disabled).
To change the operation status or one or more real servers

1.
In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.
2.
In the table, select the rows of the real server whose operational statue you want to change.
3.
From the Real Server Operations drop-down list, select the required option, and then click
Execute.
Default: Disable.
Table 229: Real Server OperationsOptions
Parameter
Description
Disable
Disables the selected real server(s) immediately and close existing

connections.
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fastages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
and Fastage
2. Keeps persistent data until session expiration.
3. Fastages existing sessions.
4. Disables the real server when there are no connections including
the persistent data for the real server.
Enable
294
Enables the selected real server(s).

To view monitoring information for the real servers

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.
The table in the Real Servers tab displays information for all the real servers.
Note: Users with CoS type User can see the statistics and status of all real servers, but they
can only perform operations on the real servers that are assigned to them.
2. To view the monitoring information for one specific real server, click the
button.
Table 230: Real Server Monitoring: General Parameters
Parameter
Description
Status
The configuration status of the real server.

Values:
Server State
EnabledThe real server is enabled.
DisabledThe real server is disabled.
Disable-with-fastageThe real server was disabled and fastaged

the existing sessions.
The run-time state of the real server (which is, the result of the realserver health check).
Values: Disabled, Failed, Running
Operational Status
The value of the Real Server Operations parameter. For more

information, see Real Server OperationsOptions, page 294.
Real Server ID
The identifier of the real server.
Description
The description of the real server.
IP Address
The IP address of the real server.
MAC Address
The MAC address of the real server.
Table 231: Real Server Monitoring: Sessions Parameters
Parameter
Description
Current Sessions
The number of sessions currently open on the real server.
Total Sessions
The total sessions the real server was assigned.
Highest Sessions
The highest number of simultaneous sessions recorded for each real

server.
Table 232: Real Server Monitoring: Octets Parameter
Parameter
Description
Total Bytes
The real server transmit and receive octets.
Table 233: Real Server Monitoring: Failures Parameter
Parameter
Description
Server Failures
The number of times the real server has failed since the last reboot.
295

Table 234: Real Server Monitoring: Health Check Parameters
Parameter
Description
(These parameters are displayed only when monitoring a specific real server.)
Last Failure
The time of the last failure.
Up Time
The time that the server has been up.
Down Time
The time that the server has been down
Monitoring and Controlling Server Groups

To monitor basic information of the server groups

>
In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
The Server Groups table comprises the following columns:
Table 235: Server Groups Table Columns
Parameter
Description
Server Group ID
The identifier of the server group.
Description
The description of the server group.
SLB Metric
The SLB metric.
Health Check
The health check type, for example tcp.

Values: icmp, tcp, http, httphead, dns, smtp, pop3, nntp, ftp, imap,
radius, sslh, script1, script2, script3, script4, script5, script6, script7,
script8, script9, script10, script11, script12, script13, script14,
script15, script16, link, wsp, wtls, ldap, udpdns, arp, snmp1, snmp2,
snmp3, snmp4, snmp5, radiusacs, tftp, wtp, rtsp, sipping, sipoptions,
wts, dhcp, radiusaa, script17, script18, script19, script20, script21,
script64
Current Sessions
The number of current sessions that the real server is handling.
Total Sessions
The total number of sessions that the real server has handled.
Highest Sessions
The highest number of sessions that the real server has handled.
Total Octets
The total number of octets that the real server has handled.
296

To enable selected servers in a group

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
2. In the Real Servers per Group table, select the required row(s) and click the
(Edit) button.
3. From the Real Server per Group Operation drop-down list, select Enable.
4. Click Execute.
To disable selected servers in a group

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
2. In the Real Servers per Group table, select the required row(s) and click the
(Edit) button.
3. From the Real Server per Group Operation drop-down list, select Disable.
4. Click Execute.
To monitor information of the real servers in a server group

1. In the Monitoring perspective, select Application Delivery > Virtual Services > Server
Groups.
2. Double-click the relevant server group.
The Real Server Groups per Group table comprises the following columns:
Table 236: Real Server in This Group Parameters
Parameter
Description
Real Servers per Group

Status
The real server configuration status in the group.

Server State
The run-time state of the real server in the group. For example, if the
health check passed, the Status is Enable.
Operational Status
The operational status of the server.

Real Server ID
The ID of the real server.
IP Address
The IP address of the real server.
Description
The description of the real server.
Current (Sessions)
The number of current sessions that the real server is handling.
Total (Sessions)
The total number of sessions that the real server has handled.
Highest (Sessions)
The highest number of sessions that the real server has handled.
Bytes
The total number of bytes that the real server has handled.
297

Monitoring and Controlling Virtual Servers

To monitor virtual servers, virtual services, and content-based rules

>
In the Monitoring perspective, select Application Delivery > Virtual Services > Virtual
Servers.
Table 237: Virtual Servers Monitoring Parameters
Parameter
Description
Status
The status of the virtual server.
Virtual Server ID
The ID of the virtual server.
Name
The name of the virtual server.
Current Sessions
The number of current sessions in the virtual server.
Total Sessions
The total number of sessions in the virtual server.
Highest Sessions
The highest number of sessions in the virtual server.
Total Octets
The total octets in the virtual server.
Table 238: Virtual Services Monitoring: General Parameters (Alteon Version 30.1 and Later)
Parameter
Description
Virtual Server ID
The ID of the virtual server associated with the selected virtual service.
Service Port
The virtual service port.
Action
The action of the virtual service.
Group ID
The identifier of the virtual service.
Table 239: Virtual Services Monitoring: Traffic Parameters (Alteon Version 30.1 and Later)
Parameter
Description
Real ID
The identifier of a real server associated with the virtual service.
Current Sessions
The number of current sessions in the real server.
Total Sessions
The total number of sessions in the real server.
Highest Sessions
The highest number of sessions in the real server.
Time since last device

reset / clear statistics
The time since the device was last reset and traffic statistics were
cleared.
298

Table 240: Virtual Services Monitoring: HTTP Parameters (Alteon Version 30.2 and Later)
Parameter
Description
HTTP 2.0
Displays the following statistics for HTTP 2.0 traffic:
HTTP 1.1
HTTP 1.0
Connection CountNumber of connections within the statistics

measuring period.
Connection PeakNumber of connection peaks within the statistics

measuring period.
Requests CountNumber of requests within the statistics

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.
HTTP/2 Connection
Statistics
Displays the current number of connections (Current) and connection

peaks (Peak) for each of the following connections:
(These statistics are

displayed only when an
HTTP/2 policy is
associated with the
selected virtual service)
Backend Connections used by HTTP/2 Proxy
Client Streams
PUSH Streams
Canceled PUSH Requests
Session Duration AverageIn mm:ss format.
HTTP/2 Header
Compression Statistics
Displays the current number of connections (Current) and connection

peaks (Peak) for each of the following header compression types:
(These statistics are

displayed only when an
HTTP/2 policy is
associated with the
selected virtual service)
Requests - Average Compression Ratio (%)
Responses - Average Compression Ratio (%)
Average de facto HPACK Table Size
Big Headers Count
Average Evicted Bytes Per Connection
Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
cleared.
299

Table 241: Virtual Services Monitoring: Caching and Compression Parameters (Alteon Version
30.2 and Later)
Parameter
Description
Objects Served from

Cache
The number of objects served from cache.
Cache Hits
Percentage of cache hits.
Cache Requests
Number of cache requests per second.
Total Cached Objects
Total number of cached objects.
New Cached Objects
Number of cached objects per second.
Peak New Cached Objects Number of peak new cached objects per second.
Compression Statistics
Compression-specific statistics:
Throughput (KB)Amount of compressed, uncompressed, and

ratio throughput.
Average Object Size (KB)Average compressed, uncompressed,

and ratio object size.
Total Bytes Saved
Bytes SavedBytes saved per second.
Peak Bytes SavedPeak bytes saved per second.
cleared.
Table 242: Virtual Services Monitoring: FastView Parameters (Alteon Version 30.2 and Later)
Parameter
Description
Transactions
Number of current, total, and peak transactions.
HTML Pages
Number of current, total, and peak HTML pages.
Optimized Pages
Number of current, total, and peak optimized pages.
Tokens Rewritten
Number of current, total, and peak tokens rewritten.
Compiled Pages
Number of current, total, and peak compiled pages.
Bytes Saved with Image

Reduction
Number of bytes saved with image reduction for current traffic, and for
traffic since the last clear of statistics.
% Bytes Saved with

Image Reduction
Percentage of bytes saved with image reduction for current traffic, and
for traffic since the last clear of statistics.
Responses with Expiry

Modified
Number of responses with expiry modified for current traffic, and for
% Responses with Expiry

Modified
Percentage of responses with expiry modified for current traffic, and for
300
cleared.

Table 243: Content-Based Rules Monitoring Parameters
Parameter
Description
Virtual Server ID
The ID of the virtual server associated with the selected content-based

rule.
Service ID
The ID of the virtual service associated with the selected content-based

rule.
Content Rule ID
The ID of the content-based rule.
Action
The action of the content-based rule.
Current Sessions
The number of current sessions in the content-based rule.
Total Sessions
The total number of sessions in the content-based rule.
Highest Sessions
The highest number of sessions in the content-based rule.
Total Octets
The total octets in the content-based rule.
View a FastView Web Application

You can view details about any FastView Web applications from the Monitoring section.
To access monitoring details for FastView Web applications

1. Navigate to Monitoring > Application Delivery > Virtual Service > Virtual Servers.
Note: You can also access this information directly from the Content Rule pane or the FastView
Web Application pane.
2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server
pane.
3. Select the FastView tab on the View Virtual Service pane.
4. View the information available for each virtual service:
Table 244: Virtual Service
Parameter
Description
Transactions
The counter of HTTP GET requests served by FastView for this virtual
service within the measured period.
HTML Pages
The number of HTML pages served by FastView. Some of them may not be
optimized, for example if they are excluded in the configuration.
Optimized Pages
The number of HTML pages optimized and rewritten by FastView.
Tokens Rewritten
The number of substitution performed by FastView.
Compiled Pages
The number of compiled or learned pages.
Bytes Saved with

Image Reduction
Displays the number of bytes saved by the image reduction treatments on a

resource.
% Bytes Saved with

Image Reduction
Displays the percentage of bytes saved by the image reductions treatments

on a resource.
301

Table 244: Virtual Service (cont.)
Parameter
Description
Responses with Expiry Displays the number of responses that have a modified expiry.
Modified
% Responses with
Expiry Modified
Displays the percentage of responses with a modified expiry.
Statistics Measuring
Period
Displays the number of statistics that are gathered per second.

Note: The values in the Current column are defined as over the last x
seconds, where x is determined by the value of the Statistics Measuring
Period.
Time since last device Displays the time in seconds since the platform was last reset or the
reset / clear statistics statistics were cleared.
Monitoring and Controlling APM

This feature is available only in version 30.0 and later on Alteon standalone, VA, and vADC.
To monitor APM
>
In the Monitoring perspective, select Application Delivery > Virtual Services > APM.
Table 245: Virtual Servers Monitoring Parameters
Parameter
Description
Virtual Server ID
The ID of the virtual server.
Service
The service identifier.
Monitoring AppShape++ Statistics

To monitor AppShape++ statistics
1.
In the Monitoring perspective, select Application Delivery > AppShape++.
2.
Select the required row, and click Edit Row.
3.
View the parameters, and click OK.
AppShape++ statistics are described in the following table:
Table 246: AppShape++ Statistics
Statistic
Description
Script ID
The identifier for the AppShape++ script.
Event
The event name that appears in the AppShape++ script ID.
302

Table 246: AppShape++ Statistics (cont.)
Statistic
Description
Activation
The number of times that the AppShape++ script or script event was
activated.
Failures
The number of times that the AppShape++ script failed, and the failure
distribution between the script events (how many of the failures occurred
during treatment of each event).
Aborts
The number of times that the AppShape++ script was aborted, and the abort
distribution between the script events (how many of the aborts occurred
during treatment of each event).
Monitoring and Controlling Application Services

Monitoring and controlling application services comprises:
Monitoring and Controlling HTTP, page 303
Monitoring and Controlling SSL, page 309
Monitoring and Controlling HTTP

Monitoring and controlling HTTP includes the following features on the HTTP Services pane:
In Alteon version 30.2 and later, HTTP Statistics
Cache Purge of HTTP Content
Flushing Learned FastView Optimizations
HTTP Services
HTTP services include:
Viewing HTTP Statistics, page 303
Purging Cached Content of HTTP Responses, page 304
Flushing Learned FastView Optimizations, page 305
Viewing HTTP Statistics

You can view statistics for supported versions of HTTP.
To view HTTP statistics

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2. Select the HTTP tab.
303

Table 247: HTTP Statistics Parameters
Parameter
Description
HTTP 2.0
HTTP 1.1
HTTP 1.0

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.

measuring period.
cleared.
Purging Cached Content of HTTP Responses

When the caching criteria or the server content has changed, you may want to purge the cached
content of HTTP responses.
To purge cached content of HTTP responses

1.
In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2.
Select the Cache Purge tab.
3.
Configure the following parameters, and then, click Purge.
Table 248: HTTP Cache Parameters
Parameter
Description
Virtual Server
The virtual server or all virtual servers.
Service Port
The port of the virtual service or all virtual-service ports.
Object URL
The specific object URL or a URL with wildcard (*) in it.
304

Flushing Learned FastView Optimizations

If you are using FastView, you can flush learned FastView optimizations.
To flush learned FastView optimizations

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2. Select the FastView tab.
To flush selected learned FastView Web applications, filter the FastView Web Applications
table by Web Application ID or State, select the required entries, and then click the
button.
In Alteon version 30.2 and later, this option is no longer available. To flush all the learned
FastView Web applications, click the
button.
Viewing FastView Diagnostics

Diagnostics provide runtime information on your selected Web application, providing you a better
understanding of the internal optimization process and its outputs, including instructions sets and
resources. There are a few actions that you can perform in response, but primarily the diagnostics
provide a summary of the selected Web applications configuration and where this information is
stored.
You can view various diagnostics for your FastView Web applications including:
Optimization Status
Workload Monitor
Resource Library
Instruction List
To view diagnostics for FastView Web applications.

1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2. Select the appropriate Web application.
3. Select Diagnostics.
Note: The FastView Web Applications tab stays active once you launch it. If you want to view
diagnostics for another Web application, you can navigate from the FastView Web Applications
tab or close the tab and reopen from the HTTP page, with another Web application selected.
Resource Library
The Resource Library tab displays a list of all modified resources for a Web application.
By selecting any resource on the list, you can find out more details about it, including its treated
name, if it is in a preload list, and so on.
305

The following information is listed for each resource.
ID
Name
Size
Created (date is displayed)
Accessed (date is displayed)
Note: It can be very difficult to find individual treated resources using the Resource Library, as the
list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware
recommends using the ?printcompileinfo parameter, which specifically displays information
about treated resources for a specific page.
Instruction Lists
Each time a page is optimized for a client browser, it is called an instruction. Instructions are a
representation of a treated HTML document and the manner in which it is rewritten to call treated
resources. It does not represent the treated resources themselves, except when those resources
have been inlined into the page as part of a treatment.
Working with Instruction Lists, page 306
Instruction Details, page 306
Substitution Lists, page 307
Treatment Information, page 307
Working with Instruction Lists

Use the following procedure to access the instruction lists.
To access the instruction list

1.
Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2.
Select the Web application for which you want the instruction list.
3.
Select Diagnostics.
4.
Select the Instruction List tab.
The instruction list contains a list of all the compiled pages for the Web Application, including which
page URL it is for, which Client Group it is part of, and if it is a landing page. Each of these individual
values create a unique page instruction.
Filters
Use the following procedure to filter the instruction set.
To filter the instruction set

1.
Select the filter options: URL contents, client groups, landing page, rows per page.
2.
Click Refresh Instruction List.
Instruction Details
You can drill down into each instruction to get more details about it.
306

Parameters that indicate the health of the instruction include: Recompiling?, Requires Compile?,
and At Threshold?.
Substitution Lists
The details page also includes both primary and secondary substitution lists. These display what was
the original text on a compiled text or HTML page, and what is now being provided to a user.
Treatment Information
Some types of treatment information is also provided on this page. The details of these vary
between treatments, however the common information includes:
Is the treatment enabled?
Has the treatment reached its threshold?
Does it require compilation?
Note: The treatment information here does not necessarily align with the actual FastView for
Alteon NG treatments. These are representative of the processes that are applied to a page
when they undergo acceleration treatment.
Dashboard Tab
The Dashboard tab includes details on:
Optimization Status, page 307
Workload Monitor, page 308
From the Dashboard tab, you can:
Navigate to different Web applications using the Selected WebApp drop-down.
Refresh the results with the Refresh icon in the top right corner of the Dashboard tab.
Optimization Status
The Optimization Status displays the following information:
Optimization by Instruction, page 307
Optimization by Page View, page 308
Settings, page 308
Optimization by Instruction
This displays the various instructions that are being treated by FastView. An instruction is a unique
view of a Web page (based on Web browser client and page compile type). For example, /
home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single
instruction.
Each instruction can be in one of the following states:
QueuedThe instruction is being served as untreated. FastView is ready to process the

instruction for treating, but it is currently in a queue.
First CompileThe instruction has been served as treated, but FastView has only viewed the
page once. FastView still needs to process the page to learn how to provide instructions.
LearningThe instruction is being served as treated, but FastView is still learning how to treat
the instruction. The next time FastView serves the page, it may be treated differently depending
on how the next few unique browsers request the instruction. This continues until the Compiled
threshold (number of same unique views) occurs.
CompiledThe instruction has been requested enough times (defined by unique page views
that are the same) to consider the page as Compiled. FastView does not continue to process
the page until it goes through a touch-up or recompile.
307

TouchupThe percentage of instructions that are in the Touchup state. This indicates that the
instruction will still be served, but FastView will examine the next request to the instruction to
ensure that everything is still valid.
RecompileInstructions in the Recompile state have expired. A request to the instruction

causes it to go into a Learning state again.
The graph indicates, by percentage, where the instructions are located in the system. For detailed
information on a specific instruction, see Instruction Lists, page 306.
Optimization by Page View
This displays the status of unique views rather than instruction states. It contains the following:
UnacceleratedThe viewed page was unaccelerated.
LearningThe viewed page displayed to the client as accelerated, but FastView is still learning
the best way to treat the page.
AcceleratedThe page served to the client was accelerated by FastView.
The Optimization by Page View is a cumulative view of each unique request to a page. The following
workflow illustrates how values display in this section:
1.
Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.
2.
Person B and Person C now browse to the same page. Each of these users add to the Learning
state. This results in 33% Unaccelerated and 66% Learning.
3.
Person D now browses to the same page. The page has a compile threshold set to three unique
views which has been reached by Persons A, B and C. Because of this, the request is set to the
Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25%
Accelerated.
Settings
This section displays the current FastView settings. These values are generally not configurable:
Compile ThresholdThe number of unique page views that must be requested of an

instruction before it can go into the Compiled state. The default unique views is three.
Touch-Up IntervalThe number of minutes that FastView waits per compiled instruction
before it re-examines it for the next request. This value is the starting value for the Touch-Up
Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up
interval takes. The default Touch-Up Interval is five minutes.
Recompile IntervalThe number of minutes that FastView waits per compiled instruction
before it discards the instruction and performs full recompile. The default recompile time is 1440
minutes or one day.
The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize
changing data on your Web server after the initial instruction compilation has occurred.
Workload Monitor
The Workload Monitor displays the amount of processing FastView is currently performing.
The Peak, Current, Average, and Total values for the following rates are displayed with the following
values:
Request RateThe number of unique pages requested through FastView. This provides a
Pages Per Second (PPS) view of your traffic.
Parse RateThe amount of information that FastView has looked at for potential replacement
in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and
displayed in tokens per second/minute (tkps/tkpm).
308

Rewrite RateThe amount of information that FastView actually acts upon when replacing
data in Web content that is served. This is also displayed in number of tokens per second/minute
(tkps/tkpm).
Compile RateThe number of instructions compiled by FastView. As pages eventually stop

being compiled after they pass the Learning state, this number should increase greatly when
your site is first started or modified, and slowly as FastView learns how to provide the treated
pages.
Monitoring and Controlling SSL

Monitoring and controlling SSL comprises Managing SSL Client Authentication and the OCSP /CDP
Cache, page 309.
Managing SSL Client Authentication and the OCSP /CDP Cache

When the OCSP or CDP cache is filled with stale responses, you may want to purge the cache.
To monitor SSL client authentication and purge the OCSP/CDP cache

>
In the Monitoring perspective, select Application Delivery > SSL Statistics.
Table 249: SSL Client Authentication Parameters
Parameter
Description
Client Authentication Policy ID
The Client Authentication Policy ID.
OCSP Cache Purge
Purges the cached content of the relevant OCSP responses.
CDP Cache Purge
Purges the cached content of the relevant CDP responses.
Monitoring and Managing Filters

To monitor filters
>
In the Monitoring perspective, select Application Delivery > Filters.
Table 250: Filter Parameters
Parameter
Description
Status
The status of the filter.
Filter ID
The filter ID of the filter.
Name
The name of the filter.
Action
The action of the filter.
Source IP
The source IP address of the filter.
Source Port
The source port of the filter.
309

Table 250: Filter Parameters (cont.)
Parameter
Description
Destination IP
The destination IP address of the filter.
Destination Port
The destination port of the filter.
Firings
The number of times the filter was activated.
Monitoring LinkProof
Monitoring LinkProof services comprises:
Monitoring WAN Links, page 310
Monitoring WAN Link Groups, page 311
Monitoring Proximity, page 311
Monitoring WAN Links

To monitor WAN link statistics

1.
In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.
2.
Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.
3.
Select a row and click the

link.
4.
If you want to clear all WAN link data, click Clear All.
button to view the WAN Link measurements for the selected WAN
Table 251: WAN Link Parameters
Parameter
Description
Status
(Per WAN Link ID)
The WAN link status, per WAN link ID.
ID
(Per WAN Link ID)
The WAN link ID
IP Address
The WAN link IP address.
Download Bandwidth Current [Mbps]
The current download bandwidth, in Mbps, of the WAN link.
Download Bandwidth Utilization
The utilization of the download bandwidth, of the WAN link.
Upload Bandwidth Current [Mbps]
The current download upload, in Mbps, of the WAN link.
Upload Bandwidth Utilization
The utilization of the upload bandwidth, of the WAN link.
Total Bandwidth - Current

[Mbps]
The current total (download and upload) bandwidth, in Mbps, of the

WAN link.
310

Table 251: WAN Link Parameters (cont.)
Parameter
Description
Total Bandwidth Utilization
The utilization of the total (download and upload) bandwidth, of the

WAN link.
The number of concurrent connections of the WAN link.
Monitoring WAN Link Groups

To monitor WAN link group statistics

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Link Groups.
2. Select a row and click the
selected WAN link group.
button to view the WAN Link Group measurements for the
3. If you want to clear all WAN Link Group data, click Clear All.
Table 252: WAN Link Group Parameters
Parameter
Description
WAN Link Group ID
The WAN link group ID.
Download
The download bandwidth of the WAN link group.
Upload
The upload bandwidth of the WAN link group.
Total
The total (download and upload) bandwidth of the WAN link group.
The number of concurrent connections of the WAN link group.
Monitoring Proximity
To monitor proximity
1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.
2. Select a row and click the
button to view the proximity measurements for the selected WAN
link (see Proximity Parameters, page 311).
3. If you want to clear all proximity data, click Clear Proximity Table.
Table 253: Proximity Parameters
Parameter
Description
Subnet
The network subnet for which proximity data is available. For each
subnet, proximity data is available for up to three (the best three) WAN
Links.
For each WAN Link

WAN Link IP
The IP address of the WAN link.
311

Table 253: Proximity Parameters (cont.)
Parameter
Description
Round Trip Time
The time, in seconds, required for the round trip to the specified subnet
via this WAN link.
Hops
The number of hops to the specified subnet via this WAN link.
For the entire entry

Time to Live (min)
312
The time, in minutes, after which the entry is cleared. Once the entry is
cleared, if new requests arrive for this subnet, proximity is checked
and a new entry is created.
Chapter 14 Monitoring and Controlling Alteon

vADC
This chapter describes monitoring Alteon vADC operations.
This feature is available only in Alteon ADC-VX mode.
Notes
For information on monitoring Alteon device performance using the Device Performance Monitor,
see Using the Device Performance Monitor, page 315.
For more information on this feature, see the Alteon Application Switch Operating System
Application Guide.
Monitoring and Rebooting vADCs

For more information on this feature, see the Alteon Application Switch Operating System
Application Guide.
To monitor vADCs
>
In the Monitoring perspective, select vADC > vADC.
Table 254: vADC Parameters
Parameter
Description
Status
The status of the vADC.
vADC ID
The vADC ID.
Boot Action
The boot action.
vADC Name
The vADC name.
Capacity Units
The number of capacity units.
SP Utilization
The SP utilization.
vMP Utilization
The vMP utilization.
Throughput Utilization
The throughput utilization.
Up Time
The uptime, in <days>D<hours>H<minutes>M<seconds>S

format.
To reboot a vADC
1.
In the Monitoring perspective, select vADC > vADC.
2.
Select the row with the relevant vADC and click Reset vADC.
313

Monitoring and Controlling Alteon vADC
314
Chapter 15 Using the Device Performance

Monitor
DPM Overview, page 315
Opening the Device Performance Monitor, page 316
Device Performance Monitor Main Interface, page 316
Displaying and Filtering Sites and Devices, page 318
Viewing and Managing Reports, page 318
Exporting Reports, page 319
Supported Report Categories, page 320
Viewing Dashboards for Single Standalone and vADC Devices, page 335
Viewing the Dashboard for ADC-VX Devices, page 338
Viewing Dashboards for Multiple Standalone and vADC Devices, page 340
DPM Overview
DPM requires a valid license installed on the associated APSolute Vision server.
When DPM is enabled in an Alteon or LinkProof NG device (see Configuring Device Performance
Monitoring, page 61), the device sends its performance data to APSolute Vision. APSolute Vision
processes the data and can display the information in the Device Performance Monitoring Web
interface.
The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with
historical data.
Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that
sends data to DPM.
Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.
The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list
of supported browsers.
The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC
scope.
Users with the following roles can launch the DPM Web interface:
ADC Administrator
ADC Operator
Administrator
Device Configurator
Device Operator
Device Viewer
315

Using the Device Performance Monitor
Notes
For requirements, limitations, and information on configuring DPM parameters in the Alteon or
LinkProof NG device, see Configuring Device Performance Monitoring, page 61.
For information on roles, see Role-Based Access Control (RBAC), page 70.
One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk
space in the course of a year.
For information on managing the DPM database and DPM technical-support files, see APSolute
Vision CLI Commands, page 441.
Opening the Device Performance Monitor

The following procedure describes how to open the DPM Web interface.
To open the DPM Web interface

>
In the main toolbar, click the
icon.
Device Performance Monitor Main Interface

The following figure describes the Device Performance Monitor screen.
316

Figure 44: Device Performance Monitor Screen

Devices pane
Devices pane Organization tabDisplays, according to your filter, the configured sites
and or LinkProof NG, Alteon standalone, vADC, and VA devices. The Deleted Devices
node shows deleted devices on which DPM can show historical reports.
Devices pane Physical tabDisplays, according to your filter, configured sites
and Alteon ADC-VXs.
Content areaContains the Report and Dashboard tabs. The
Server Time Difference value (near the Modify Filter button)
displays the timezone difference between the PC and the APSolute
Vision server.
Report tabDisplays a report according to report category and
type.
Dashboard tabDisplays current alerts and the System,
Network, and Application dashboards for one selected
device in the Devices pane Organization tab.
VX Dashboard tabDisplays the current alerts and
status of various parameters of one selected VX device
in the Devices pane Physical tab.
Multi-Device Dashboard tabDisplays current
alerts and the status of multiple devices selected
in the Devices pane Organization tab.
Properties paneDisplays, according to the configuration in the Devices pane,

and the properties of devices.
317

Displaying and Filtering Sites and Devices

The Devices pane displays the all sites and Alteon or LinkProof NG devices of the APSolute Vision
(according to your RBAC scope).
You can filter the sites and devices that the DPM displays. The filter does not change the contents of
the tree, only how the DPM displays the tree to you.
The Properties pane displays information about the currently selected devices.
Viewing and Managing Reports

Use the Report tab in the content area to view reports. Reports display static, historical Alteondevice or LinkProof-NG-device data in various formats (line graph, bar graph, pie-chart, or table).
In addition, you can export reports in many different file formats, for example, PDF, Excel, and so
on.
DPM aggregates historical statistics data to bigger time frames as the time passes, up to one year
back.
Table 255: Aggregation of Historical Data
Sampling Period
Time
Number of Samples
15 seconds
15 minutes
60
2 minute
1 hour
30
15 minutes
24 hours
96
1 hour
72 hours
72
1 day
3 months
93
1 week
1 year
52
Viewing Reports
The tab that you select in the Devices pane (Organization or Physical) determines which reports you
can view in the Report tab of the content area. You specify the Report Category and Report Type and
configure a filter. Some Report Types are available for more than one Report Category. A Report
Category with the same name displays the same report. For more information on the reports, see
Supported Report Categories, page 320.
To view a report
1.
In the Devices pane, select the required tab (Organization or Physical).
2.
In the Report tab, from the Report Category drop-down list, select the category, and then,
from the Report Type drop-down list, select the required type. The category determines the
available report types.
3.
Configure the filter or filters. The set of filters that you can configure depends on the selected
Report Category.
4.
Click Display Report.
318

To modify a filter when the DPM is displaying a report

1. Click Modify Filter.
2. Configure the filter or filters.
The set of filters that you can configure depends on the selected Report Category, which may
include:
Filter Time PeriodIncludes last hour, day, week, month, year, and Custom, with start date/
time and end date/time.
Filter ScopeIn the filter, you can select the object on which to perform the report,
depending on the report type.
Group ByIn the filter configuration, you can specify to display the data per selected object
or grouped by ADC.
3. Click Display Report.
Opening the Filter Window

Use the Filter window to configure Boolean expressions and apply them to selected report
components.
To open the Filter window

>
In the content area, click the Filter button (
).
Exporting Reports
You can export a report in any of the following formats:
PDF
HTML
Excel
Text
RTF
XML
PostScript
To export a report
1. In the content area, click the Export button (
), and then, click OK.
From the Export File Format drop-down list, select the required format.
Select the checkboxes next to the name or each report component to include in the report.
If you require, in the File Name text box, modify the file name.
319

Supported Report Categories

The DPM supports the following report categories:
ADC/vADC Reports, page 320
Application Reports, page 325
Real Server Reports, page 329
Port Reports, page 331
VX Reports, page 333
ADC/vADC Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category ADC/vADC:
Table 256 - ADC CPU Capacity Utilization Report, page 320
Table 257 - ADC Memory Utilization Report, page 321
Table 258 - ADC Throughput License Utilization Report, page 322
Table 259 - ADC System Resources Utilization Report, page 323
Table 260 - Total Network Statistics per Port Report, page 324
Table 261 - Network Performance per ADC Report, page 325
The ADC names in the reports correspond to the selected objects in the Devices pane.
Table 256: ADC CPU Capacity Utilization Report
Supported Filter Type/s Component
Component Description
This report supports the MP CPU Utilization graph

following filter type:
Filter Time Period
Includes last hour, day,
MP CPU Utilization Peak
week, month, year, and
Usage graph
Custom, with start date/
Maximum SP CPU
Utilization graph
Displays the MP CPU utilization (%) according

to time. For vADCs, DPM bases the values on
the allocated CUs.
Displays the peak MP CPU utilization (%) in
the selected time period. For vADCs, DPM
bases the values on the allocated CUs.
Displays, according to time, the maximum SP
CPU utilization (%) from all SPs. For vADCs,
DPM bases the values on the allocated CUs.
Maximum SP CPU
Utilization Peak Usage
graph
Displays the peak SP CPU utilization (%) from

all the SPs in the selected time period. For
vADCs, DPM bases the values on the allocated
CUs.
ADC CPU Capacity

Utilization table
Columns:
ADC Name
TypeMP and SPs
CPU Utilization (%)
TimeIn dd/MMM/yyyy hh:mm:ss T

format (for example: 31/Jan/2012 03:10
PM)
To sort or filter the table, right-click in a row

and select the option that you require.
320

Table 257: ADC Memory Utilization Report
This report supports the

Filter Time Period
MP Memory Utilization
graph
Displays, according to time, the MP-memory

utilization (%). For vADCs, DPM bases the
values on the allocated CUs.
MP Memory Utilization
Peak Usage graph
Displays the peak MP-memory utilization (%)

in the selected time period. For vADCs, DPM
bases the values on the allocated CUs.
Maximum SP Memory
Utilization graph
Displays, according to time, the maximum

SP-memory utilization (%) from all the SPs.
For vADCs, DPM bases the values on the
allocated CUs.
Maximum SP Memory
Utilization Peak Usage
graph
Displays the peak SP-memory utilization (%)

from all the SPs in the selected time period.
For vADCs, DPM bases the values on the
allocated CUs.
ADC Memory Capacity

Utilization table
Columns:
ADC Name
TypeMP and SPs
Memory Utilization (%)

PM)
To sort or filter the table, select a row and

select the option that you require.
321

Table 258: ADC Throughput License Utilization Report
This report supports the Throughput License

Displays the device throughput utilization
Utilization graph
according to time. DPM measures the traffic
Filter Time Period
entering all the data ports, and calculates the
values based on the installed throughput
license (for ADC) or allocated throughput limit
(for vADC).
Throughput License Peak Displays the peak throughput utilization (%)
Usage graph
in the selected time period. DPM measures
the traffic entering all the data ports, and
calculates the values based on the installed
throughput license (for ADC) or allocated
throughput limit (for vADC).
License ADC/vADC table
Columns:
ADC Name
Throughput License (Mb)
Throughput Peak utilization (%)

ADC Throughput License
Utilization table
Columns:
ADC Name
Throughput Utilization (%)

PM)

322

Table 259: ADC System Resources Utilization Report
This report supports the Session Utilization graph

Filter Time Period
Session Utilization Peak
Usage graph
Displays the session utilization (%) according

to time. DPM calculates the values based on
the maximum session-table size available on
the ADC/vADC.
Displays the peak session utilization (%) in
the selected time period. DPM calculates the
values based on the maximum session-table
size available on the ADC/vADC.
Cache Memory Utilization Displays the memory utilization (%)

graph
according to time. DPM calculates the values
based on the memory allocated for caching on
the ADC/vADC.
Cache Memory Utilization Displays the peak memory utilization (%) in
Peak Usage graph
the selected time period. DPM calculates the
values based on the memory allocated for
caching on the ADC/vADC.
Hard Disk Utilization
graph
Displays hard-disk utilization (%) according

to time. DPM calculates the values based on
the installed/allocated hard disk on the ADC/
vADC.
Hard Disk Utilization Peak Displays the peak utilization (%) in the
Usage graph
selected time period. DPM calculates the
values based on the installed/allocated hard
disk on the ADC/vADC.
PIP Allocation graph
Displays utilization according to time. DPM

calculates the values based on the maximum
PIP addresses available on the ADC/vADC.
PIP Allocation Peak Usage Displays the peak utilization (%) in the
graph
selected time period. DPM calculates the
values based on the maximum PIP addresses
available on the ADC/vADC.
ADC System Resources
Utilization table
Columns:
ADC Name
Session (%)
Cache Memory (%)
Hard Disk (%)
PIP Allocation (%)

PM)
The last row is Average for Session (%),

Cache Memory (%), Hard Disk (%), and
PIP Allocation (%).
323

Table 260: Total Network Statistics per Port Report

This report supports the ADC Port Filter list
Filter Time Period
time and end date/time. Total RX per Port
(Packets) graph
Total TX per Port
(Packets) graph
Lists the ports of the selected ADCs.
Select one or more rows to filter the results.
Click
the filter.
(erase) in the list title bar to clear
Displays, for the specified (filter) time period,

the total received packets per port.
the total transmitted packets per port.
Total Dropped RX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped received packets per port.
Total Dropped TX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped transmitted packets per
port.
Total Error RX per Port
(Packets) graph

the total errored received packets per port.
Total Error TX per Port

(Packets) graph

the total errored transmitted packets per
port.
Total Bandwidth per Port

(Mbit) graph

the total bandwidth per port.
Total Network Statistics

per Port table
Columns:
ADC Name
Port
RX (Packets)
TX (Packets)
Dropped RX (Packets)
Dropped TX (Packets)
Error RX (Packets)
Error TX (Packets)
Bandwidth (Mbit)
The last two rows are Total per ADC and

Total for RX (Packets), TX (Packets), and
Bandwidth (Mbit).
324

Table 261: Network Performance per ADC Report
This report supports the Connections per Second

graph
Filter Time Period
Displays, per ADC/vADC, the connections per

second according to time. This value counts
only the connections established based on the
configuration of the virtual service. The value
does not count connections established based
on the Alteon-filter or LinkProof-NG-filter
configuration.
Packets per Second graph Displays, per ADC/vADC, the packets-persecond rate, for traffic entering and exiting all
ADC/vADC data ports, according to time.
Caution: For this version of APSolute
Vision, the values include traffic that enters
and exits the data ports, so therefore may
seem to be double the traffic.
Throughput graph
Displays, per ADC/vADC, the throughput, in

Mbps, for traffic entering all ADC/vADC data
ports, according to time.
Network Performance per Columns:

ADC table
Name
Packets/second
Connections/second
Throughput (Mbps)

PM)
The last row is Average for Packets/

second, Connections/second, and
Throughput (Mbps).
License per ADC table
Columns:
ADC Name
Throughput License (Mbps)

Application Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category Application:
Table 262 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 326
Table 263 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 327
325

Table 264 - Total Usage of Resources per Application per Network Class Report for Alteon
Table 265 - Total Usage of Resources per Network Class per Application Report for LinkProof NG,
Alteon Standalone, VA, or vADC, page 328
An application is a virtual service, which is identified in one of the following ways:
The specified virtual-service Description is set in the configuration (Configuration perspective

Application Delivery tab navigation pane > Virtual Services > Virtual Servers > Virtual
Services > Description/Virtual Service Name).
The virtual-service identifier in the following format:

<VirtualServerAddress>:<protocol>:<port>[:NetworkClass].
Table 262: Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Supported Filter Type/s
Component

following filter types:
Filter by Application Name list
Select one or more applications

names to filter the results.
Filter Time Period

Click
(erase) in the list title bar
to clear the filter.
Connections per Second graph Displays the connections per second
per application according to time.
Filter ScopeIn the
Displays the packets per second per
filter, you can select up Packets per Second graph
application
according to time.
to 10 applications.
Displays the throughput, in Mbps, per
Group ByIn the filter Throughput graph
application according to time.
configuration, you can
specify to group the
data by application or
ADC.
Throughput License/Limit per

ADC/vADC table
Columns:
ADC Name
Throughput License Limit (Mbps)
To sort or filter the table, select a row

and select the option that you
require.
Network Performance per
Application table
Columns:
App Name
ADC Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM
The last two rows are Average per

ADC, and Average for
Connections/second, Packets/
second, and Throughput (Mbps).
require.
326

Table 263: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Notes and Supported Filter Component

Type/s
You can view this report this Filter by Application

report only on services
Name:Real Server list
where the granularity level
is set to Real Server.
Select one or more real servers to

filter the results.
This report supports only a

single selected device.
Connections per Second graph Displays the connections per second

per application per real server
according to time.
Filter Time Period

Packets per Second graph
time and end date/time. Throughput graph
Filter ScopeIn the
filter, you can select up
to 10 real servers.
Click
Network Performance of
Application per Real Server
table

application per real server according
to time.
Displays the throughput, in Mbps, per
application per real server according
to time.
Columns:
ADC Name
APP Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
example: 31/Jan/2012 03:10 PM
The last two rows are Average/Real

and Average for Connections/
second, Packets/second, and
Throughput (Mbps).
require.
327

Table 264: Total Usage of Resources per Application per Network Class Report for Alteon
Note and Supported Filter

Type/s
Component
Note: This report

supports only a single
selected device.
Total Bandwidth (Mbits) Usage Displays the total bandwidth usage,

of Application per Network
in Mbits, per network class per
graph
application.

Total Connections (K) of

Displays the total connections, in
Application per Network graph 1000s, per network class per
application.
Filter Time Period

Includes last hour, day, Total Usage of Resources per
week, month, year, and Application table
Filter ScopeIn the
filter, you can select up
to 10 applications.
Columns:
Application
Network Class
Bandwidth (Mbits)
Total Connections (K)
The last two rows are Total per

Application and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
require.
Table 265: Total Usage of Resources per Network Class per Application Report for LinkProof
NG, Alteon Standalone, VA, or vADC
Supported Filter Type/s
Component

Total Bandwidth (Mbits) Usage Displays the total bandwidth, in

of Network per Applications
Mbits, per applications per network
graph
class.
Filter Time Period

Includes last hour, day, Total Connections (K) Usage of
week, month, year, and Network per Applications
Custom, with start date/ graph
Total Usage of Resources per
Filter ScopeIn the
Network Class per Application
filter, you can select up table
to 10 network classes.
Displays the total usage of

connections, in 1000s, per network
class per application.
Columns:
Network Class
Application
Bandwidth (Mbits)
Total Connections (K)
The last two rows are Total per

Client Subnet and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
require.
328

Real Server Reports

The following tables describe the DPM Reports for LinkProof NG, Alteon Standalone, VA, or vADC
with Report Category Real Server:
Table 266 - Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 329
Table 267 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Table 268 - Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Table 266: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC

This report supports the Filter by ADC Name:Real Server list
Filter Time Period

Includes last hour,
day, week, month,
year, and Custom,
with start date/time
and end date/time. Connections per Second graph
Filter ScopeIn the
filter, you can select
Packets per Second graph
up to 10 real
servers.
Lists the real servers.
Select one or more rows to filter
the results.
Click
Displays the connections per
second per real server according to
time.
real server according to time.
Throughput graph
Displays the throughput, in Mbps,

per real server according to time.
Network Performance per Real

Server table
Columns:
ADC Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
example: 31/Jan/2012 03:10
PM)
The last two rows are Average per

ADC and Average for
second, and Throughput
(Mbps).
To sort or filter the table, select a
row and select the option that you
require.
329

Table 267: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Notes and Supported

Filter Type/s
Component
You can view this report Filter by Application Name:Real

this report only on
Server list
services where the
granularity level is set
to Real Server.
This report supports
only a single selected
device.

the results.
Click
(erase) in the list title
bar to clear the filter.
Connections per Second graph
Displays the connections per

second per real server according to
time.
Filter Time Period Packets per Second graph

Includes last hour,
day, week, month, Throughput graph
year, and Custom,
Network Performance per Real
and end date/time.
Server table
Filter ScopeIn the
filter, you can select
up to 10 real
servers.

real server according to time.

Displays the throughput, in Mbps,

per real server according to time.
Columns:
ADC Name
APP Name
Real Identifier
Real Name
Connections/second
Packets/second
Throughput (Mbps)
TimeIn dd/MMM/yyyy
example: 31/Jan/2012 03:10
PM)
The last row is Average for

second, and Throughput
(Mbps).
To sort or filter the table, right-click
in a row and select the option that
you require.
330

Table 268: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon

This report supports the Filter by ADC Name:Real Server list
Filter Time Period

Includes last hour,
day, week, month,
year, and Custom,
and end date/time. Total Connections graph
Filter ScopeIn the
filter, you can select Total Bandwidth graph
up to 10 real
servers.
Total Usage of Resources per Real
Server table
the results.
Click
(erase) in the list title
bar to clear the filter.
Displays the total connections per
real server.
Displays the total bandwidth, in
Mbits, per real server.
Columns:
ADC Name
Real Identifier
Real Name
Connections
Bandwidth (Mbit)
The last row is Total for

Connections and Bandwidth
(Mbit).
To sort or filter the table, select a
row and select the option that you
require.
Port Reports
The following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC
with Report Category Port:
Table 269 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 332
Table 270 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 333
331

Table 269: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

This report supports the Filter by ADC Name:Port list
Filter Time Period
Custom, with start
date/time and end
Total RX per Port (Packets)
date/time.
graph
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the total received packets per
port.
Total TX per Port (Packets)

graph
Displays the total transmitted packets per

port.
Total Dropped RX per Port

(Packets) graph
Displays the total received dropped

packets per port.
Total Dropped TX per Port

(Packets) graph
Displays the total transmitted dropped

packets per port.
Total Error RX per Port

(Packets) graph
Displays the total received errored

packets per port.
Total Error TX per Port

(Packets) graph
Displays the total transmitted errored

packets per port.
Total Bandwidth per Port

(Mbit) graph
Displays the total bandwidth, in Mbits, per

port.
Total Network Statistics per

Port table
Columns:
ADC Name
Port
RX (Packets)
TX (Packets)
Dropped RX (Packets)
Dropped TX (Packets)
Error RX (Packets)
Error TX (Packets)
Bandwidth (Mbit)
The last rows are Total per ADC and

Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).
332

Table 270: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

This report supports the Filter by ADC Name:Port list
Filter Time Period
Custom, with start
date/time and end
RX Port Rate graph
date/time.
Click
clear the filter.
Displays the rates, in Mbps, of received
traffic per port according to time.
TX Port Rate graph
Displays the rates, in Mbps, of transmitted

traffic per port according to time.
Packets per Second per Port

graph
Displays the packets per second per port

according to time.
Throughput per Port graph
Displays the throughput, in Mbps, per port

according to time.
Network Performance per Port Columns:

table
ADC Name
Port
RX (bps)
TX (bps)
Packets/second
Throughput (Mbps)
The last rows are Average per ADC and

Average for RX (bps), TX (bps), and
Packets/second.
VX Reports
The following tables describe the DPM Report for Alteon VX with Report Category VX:
Table 271 - CPU Utilization per vADC Report for Alteon VX, page 334
Table 272 - Throughput Limit Utilization per vADC Report for Alteon VX, page 335
333

Table 271: CPU Utilization per vADC Report for Alteon VX

This report supports the Filter by vADC list
Filter Time Period
Custom, with start
date/time and end
vMP CPU Utilization graph
date/time.
Lists the vADCs of the selected VXs.
Click
clear the filter.
Displays the CPU utilization (%) per vADC
vMP according to time.
Peak vMP CPU Utilization

graph
Displays the peak CPU utilization (%) per

vADC vMP in the selected time period.
vSP CPU Utilization graph
Displays the CPU utilization (%) per vADC

vSP according to time.
Peak vSP CPU Utilization

graph
Displays the peak CPU utilization (%) er

vADC vSP in the selected time period.
CPU Utilization per vADC

table
Columns:
vADC Name
CPU TypevSP, vMP or the SPs (for

example, SP # 1)
CPU Utilization (%)

format (for example: 31/Jan/2012
03:10 PM)
The last rows are Total per ADC and

Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).
334

Table 272: Throughput Limit Utilization per vADC Report for Alteon VX

This report supports the Filter by vADC list
Filter Time Period
Custom, with start
date/time and end
vADC Throughput Limit
date/time.
Utilization graph
Lists the vADCs of the selected VXs.
Click
clear the filter.
Displays the vADC throughput-limit
utilization (%) according to time. DPM
measures the vADC throughput of the
traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.
Peak vADC Throughput Limit

Utilization graph
Displays the peak vADC throughput-limit

utilization (%) in the selected time period.
DPM measures the vADC throughput of
the traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.
Throughput Limit Utilization

per vADC table
Columns:
vADC
Throughput Limit Utilization (%)
TimeIn dd/MMM/yyyy hh:mm:ss

T format (for example: 31/Jan/2012
03:10 PM)
The last two rows Grand Total Average

Throughput and Grand Total
Maximum Throughput for Throughput
Limit Utilization (%).
Viewing Dashboards for Single Standalone and vADC

Devices
Use the Dashboard tab in the content area to view the dashboards with the current data for one
selected device in the Devices pane Organization tab. The contents of the dashboards differ
according to whether the selected device is a standalone or vADC. For example, the dashboard tab
for a vADC does not display temperature.
You will always see the alerts for all the devices you have in the Organization and Physical trees
according to your role and scope.
Displaying the Dashboard and Managing the Display, page 336
Dashboard Components for Single Standalone and vADC Devices, page 336
335

Displaying the Dashboard and Managing the Display

The following procedure describes how to display the dashboard.
To display the dashboard

1.
In the Devices pane, select the Organization tab.
2.
In the Organization tab, select one device.
3.
In the content area (on the right, by default), select the Dashboard tab.
Use the buttons, which are described in the following table, to manage the dashboard display.
Table 273: Dashboard-Display Buttons
Button
Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the currently displayed dashboard tab.
Dashboard Components for Single Standalone and vADC

Devices
The following table describes the dashboard components for single standalone and vADC devices.
336

Table 274: Dashboard Components for Single Standalone and vADC Devices
Dashboard
Component
Description
System
CPU Utilization graph
The utilization per SP and MP CPU.
Fans Status graph
The status of each ADC fan: nominal or not operating.
(This graph is displayed Note: Each fan icon is displayed with its
only for physical
corresponding ID number. The fan ID numbers might
devices.)
not be sequential.
Capacity Utilization
graph
Network
Bars:
CacheCache memory utilization (%). DPM

calculates the value based on the memory allocated
for caching on the ADC/vADC.
HDHard disk utilization (%). DPM calculates the

value based on the installed/allocated hard disk on
the ADC/vADC.
PIPPIP allocation utilization (%). DPM calculates

the value based on the maximum PIP addresses
SessionSession utilization (%). DPM calculates the

value based on the maximum session-table size
Temperature chart
The temperature, according to the selected scale (Celsius

or Fahrenheit), for each temperature sensor.
Throughput graph
The throughput, in Mbps, of the traffic entering all the

data ports, polled every 30 seconds.
Throughput Usage
graph
Bars:
Port Status table
The peak throughput in Mbps, of the traffic entering

all the data ports, since the last reboot.
The throughput-license limit in Mbps.
Columns:
Port IDThe ADC port ID
StatusValues: Up, Warning, Admin Down, Down
To sort or filter the table, select a row and select the

option that you require.
Port Status Summary
pie chart
The proportion and number of ports per status: Up,

Warning, Admin Down, and Down.
Port Bandwidth graph
The received and sent bandwidth, in Mbps, per port.
337

Table 274: Dashboard Components for Single Standalone and vADC Devices (cont.)
Dashboard
Component
Description
Application
Virtual Service Status

table
Lists the virtual services configured for the device with

the corresponding Content Rule, Status, and Action.
To display the
Application
dashboard,
select a single
device in the
Organization
tab and up to
10 services
from the Filter
table.
The Virtual Service Identifier is either:
The specified Description or Virtual Service Name

(depending on the Alteon version)if it is set in the
configuration (Configuration perspective Application
Delivery tab navigation pane > Virtual Services >
Virtual Servers > Virtual Services >
Description).
The virtual-service identifier in the following format:

<VirtualServerAddress>:<protocol>:<port>
[:NetworkClass].
Click
(erase) in the list title bar to clear the filter.
Selected Virtual
Services Status pie
chart
The proportion and number of the selected virtual

services per status level.
Real Servers Status of

the Selected Services
pie chart
The proportion and number of real servers per status

level for the selected services.
Virtual Service
Throughput graph
The Virtual Service Throughput, in Mbps.
Values: Up, Warning, Admin Down, Down
Values: Up, Warning, Admin Down, Down
Virtual Service
The Virtual Service connections, in CPS.
graph
Viewing the Dashboard for ADC-VX Devices

Use the VX Dashboard tab in the content area to view the current alerts for the selected Alteon VX
devices in the Devices pane Physical tab.
Displaying the VX Dashboard and Managing the Display, page 338
Dashboard Components for VX Devices, page 339
Displaying the VX Dashboard and Managing the Display

The following procedure describes how to display the VX dashboard.
To display the VX dashboard

1.
In the Devices pane, select the Physical tab.
2.
In the Physical tab, select one device.
3.
In the content area (on the right, by default), select the VX Dashboard tab.
338

Table 275: VX Dashboard-Display Buttons
Button
Description
Maximizes and floats the VX Dashboard tab.
Dashboard Components for VX Devices

The following table describes the dashboard components for VX devices.
Table 276: Dashboard Components for VX Devices
Component
Description
Temperature chart
The temperature, according to the selected scale (Celsius or

Fahrenheit), for each temperature sensor in the VX device.
When relating to an Alteon 10000 platform, the temperatures that
the monitor displays show the average temperature of the blade
sensors. The ID numbers represent the slot numbers. Slot 1
supports the Switch Blade. Slot 2 supports the Switch Extension
Blade. Slots 36 support Payload Blades. Slot 78 support Shelf
Managers. Some blades are optional.
Fan Status indicators
The status of each fan: nominal or not operating. Greenfor

nominal. Redfor not operating/not operating properly.
Each fan icon is displayed with its corresponding ID number. The
fan ID numbers might not be sequential and might be repeated.
When relating to an Alteon 10000 non-NEBS platform, the ID
number represents the fan blade. If all fans in the blade are
working properly, the status is green. If one or more fans in the
blade are not working properly, the status is red.
vADC CPU Distribution graph
The proportion and number of vADCs per maximum utilization level

of vSP and vMP.
Values:
vADC Throughput Limit

Utilization Distribution graph
Low
Medium
High
The proportion and number of vADCs per maximum throughputlimit utilization.

Values:
Low
Medium
High
339

Table 276: Dashboard Components for VX Devices (cont.)
Component
Description
vADC Identifier
Lists the vADCs of the VX.

Select rows to filter the results of the CPU Utilization per vADC
graph and Throughput Limit Utilization per vADC graph.
Click
(erase) in the list title bar to clear the filter.
CPU Utilization per vADC

graph
The maximum vSP or vMP CPU utilization (%) per vADC, polled
every two minutes. If more than one vADC is operating at the
same utilization, only the top line is displayed.
Throughput Limit Utilization

per vADC graph
The utilization (%) of the allocated throughput limit per vADC,

polled every two minutes. If more than one vADC is operating at
the same utilization, only the top line is displayed.
Viewing Dashboards for Multiple Standalone and vADC

Devices
Use the Multi-Device Dashboard tab in the content area to view the information about the selected
devices in the Devices pane Organization tab.
Displaying the Multi-Device Dashboard and Managing the Display, page 340
Multi-Device Dashboard Components, page 341
Displaying the Multi-Device Dashboard and Managing the Display

The following procedure describes how to display the multi-device dashboard.
To display the multi-device dashboard

1.
In the Devices pane, select the Organization tab.
2.
In the Organization tab, select the devices.
3.
In the content area (on the right, by default), select the Multi-Dashboard tab.
Table 277: Multi-Device Dashboard-Display Buttons
Button
Description
Maximizes and floats the Multi-Device Dashboard tab.
340

Multi-Device Dashboard Components

The following table describes the multi-device dashboard components.
Table 278: Multi-Device Dashboard Components
Component
Description
Overall Status pie chart
The proportion and number of devices per highest-severity status

level.
Values: OK, Warning, Error
Throughput Utilization
Distribution pie chart
The proportion and number of devices per throughput-utilization

level.
Values: Low, Medium, High
Max. CPU Utilization

The proportion and number of devices per maximum-CPUutilization level.

Session Table Utilization

The proportion and number of devices per session-table-utilization

level.
Max. Temperature Distribution The proportion and number of devices per maximum-temperature
pie chart
level.
Values: Low, Medium, High, NA (vADC)
Monitoring Parameters per
Device
Columns:
DeviceDisplays the device name.
Overall StatusDisplays the highest-severity status level on

the device except for Virtual Services Down. Values: OK,
Warning, Error.
Virtual Services DownDisplays the number of virtual services

that are down on the device.
Throughput Util. (%)Displays the utilization (%) of the

throughput license (for standalone devices) or the allocated
throughput limit (for vADCs).
Max. CPU Util. (%)Displays the highest current CPU

utilization (%) of all the SP/MPs.
Session Table Util. (%)Displays the current Session-table

utilization (%) of all the SP/MPs.
Max. TemperatureDisplays the highest current temperature

of the sensors on the device. This value is not applicable for
virtual devices. For a vADC, NA (vADC) is displayed.
341

342
Chapter 16 Monitoring and Controlling the

DefensePro Operational Status
APSolute Visions online monitoring for DefensePro can serve as part of a Network Operating Center
(NOC) that monitors and analyzes the network and connected devices for changes in conditions that
may impact network performance.
Monitoring the General DefensePro Device Information, page 343
Monitoring and Controlling DefensePro Device Ports and Trunks, page 344
Monitoring DefensePro High Availability, page 346
Monitoring DefensePro Resource Utilization, page 348
Monitoring Cisco Security Group Tags (SGTs), page 353
Monitoring the General DefensePro Device Information

The Overview tab displays general device information, including the information about the software
version on the device and the hardware version of the device.
To display general device information for a selected device

>
In the Monitoring perspective, select Operational Status > Overview.
Table 279: Overview: Basic Parameters
Parameter
Description
Hardware Platform
Type of hardware platform for this device.
Uptime
System up time in days, hours, minutes, and seconds.
Base MAC Address
The MAC address of the first port on the device.
Device Serial Number
The serial number of the device.
(This parameter is
exposed only in 7.x
versions and 6.x
versions 6.12 and
later.)
343

Monitoring and Controlling the DefensePro Operational Status
Table 280: Overview: Signature Update Parameters
Parameter
Description
Radware Signature File

Version
The version of the Radware Signature File installed on the device.
RSA Signatures Last

Update
When RSA is enabled, this parameter can display the timestamp of the
last update of RSA signatures, received from Radware.com and
downloaded to the DefensePro device.
Values:
The timestamp, in DDD MMM DD hh:mm:ss yyyy z format

displayed according to the timezone of your APSolute Vision client
No Feeds Received Since Device Boot
Table 281: Overview: Software Parameters
Parameter
Description
Software Version
The version of the product software installed on the device.
APSolute OS Version
Version of the APSolute OS installed on the devicefor example, 10.3103.01:2.06.08.
Build
The build number of the current software version.
Version Status
State of this software version.

Values:
OpenNot yet released
FinalReleased version
Table 282: Overview: Hardware Parameters
Parameter
Description
Hardware Version
The hardware version; for example, B.5.
(This parameter is
exposed only in 6.x and
7.x versions.)
RAM Size
The amount of RAM, in megabytes.
Flash Size
The size of flash (permanent) memory, in megabytes.
Monitoring and Controlling DefensePro Device Ports and

Trunks
A Layer 2 interface is defined as any interface that has its own MAC address, physical port, trunk,
and VLAN.
You can monitor status and interface statistics for ports and trunks on DefensePro version 6.x8.x
platforms.
You can also change the administrative status of a port, from Up to Down or vice versa.
344

To change the administrative status of a port or trunk

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. Select the row(s) with the relevant port(s), and click the
a port currently Up) or the
(Disable Selected Ports) button (for
(Enable Selected Ports) button (for a port that is currently Down).
To display L2 interface statistics for a selected device

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. To view the statistics for a specific port all in one dialog box, double-click the row.
Table 283: L2 Interface Statistics Basic Parameters
Parameter
Description
Port Name
The interface name or index number.
Port Family
A hard-coded description of the interface.
(This parameter is displayed

only in DefensePro 7.x and
8.x versions.)
Port Description
For DefensePro 7.x versionsA user-defined description of the

interface. Maximum characters: 64.
For all other versionsA hard-coded description of the interface.
Maximum characters: 64.
Port Speed
The current bandwidth of the interface. For all DefensePro platforms

except for x420 and x4420, the value is in bits per second. For
DefensePro on the x420 and x4420 platforms, the value is in
megabits per second.
MAC Address
The MAC address of the interface.
Admin Status
The administrative status of the interface, Up or Down.
Operational Status
The operational status of the interface, Up or Down.
Last Change Time
The value of System Up time at the time the interface entered its
current operational state. If the current state was entered prior to the
last re-initialization of the local network management subsystem,
then this value is zero (0).
Table 284: L2 Interface Statistics Parameters
Parameter
Description
Incoming Bytes
The number of incoming octets (bytes) through the interface

including framing characters.
Incoming Unicast Packets
The number of packets delivered by this sub-layer to a higher sublayer, which were not addressed to a multicast or broadcast address
at this sub-layer.
Incoming Non-Unicast
Packets
The number of packets delivered by this sub-layer to a higher sublayer, which were addressed to a multicast or broadcast address at
this sub-layer.
345

Table 284: L2 Interface Statistics Parameters (cont.)
Parameter
Description
Incoming Discards
The number of inbound packets chosen to be discarded even though

no errors had been detected to prevent their being deliverable to a
higher-layer protocol. One possible reason for discarding such a
packet could be to free up buffer space.
Incoming Errors
For packet-oriented interfaces, the number of inbound packets that

contained errors preventing them from being deliverable to a higherlayer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors
preventing them from being deliverable to a higher-layer protocol.
Outgoing Bytes
The total number of octets (bytes) transmitted out of the interface,

including framing characters.
Outgoing Unicast Packets
The total number of packets that higher-level protocols requested be

transmitted, and which were not addressed to a multicast or
broadcast address at this sub-layer, including those that were
discarded or not sent.
Outgoing Non-Unicast
Packets
The total number of packets that higher-level protocols requested be

transmitted, and which were addressed to a multicast or broadcast
address at this sub-layer, including those discarded or not sent.
Outgoing Discards
The number of outbound packets which were chosen to be discarded

even though no errors had been detected to prevent their being
transmitted. One possible reason for discarding such a packet could
be to free up buffer space.
Outgoing Errors
For packet-oriented interfaces, the number of outbound packets that

could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units
that could not be transmitted because of errors.
Monitoring DefensePro High Availability

You can view the status of parameters related to the high availability of a selected DefensePro
device.
Note: When you issue the Switch Over command on the cluster node, the active device switches
over. To switch modes, select the cluster node, and then select Switch Over.)
To view the parameters related to the high availability of a selected DefensePro device
>
346
In the Monitoring perspective, select Operational Status > High Availability.

Table 285: DefensePro High-Availability Monitoring Parameters
Parameter
Description
Device Role
Values:
Device State
Last Baseline Sync.
Cluster State
Cluster Node in Use
Stand AloneThe device is not configured as a member of a highavailability cluster.
PrimaryThe device is configured as the primary member of a highavailability cluster.
SecondaryThis device is configured as the secondary member of a

high-availability cluster.
Values:
ActiveThe device is in the active state. The device may be a

standalone device (not part of a high-availability cluster) or the active
member of a high-availability cluster.
PassiveThe device is the passive member of a high-availability

cluster.
Values:
Base-Line still not synched on this deviceEither high availability is

not enabled on the device or high availability is enabled on the device
but the baselines for security protections are still not synchronized.
The timestamp, in DDD MMM DD hh:mm:ss yyyy format, of the last

synchronization of the baseline between the active and passive device.
Values:
Pair not definedThe device is not configured as a member of a highavailability cluster.
DisconnectedThe device is disconnected from the other member of

the high-availability cluster.
NegotiateThe device is negotiating with the other member of the

high-availability cluster.
SynchronizingThe device is synchronizing with the other member of

the high-availability cluster.
In SyncThe members of the high-availability cluster are

synchronized.
Hold onThe device is waiting for information from the other member
of the high-availability cluster.
The IP address of the selected device.
Peer Clustered Node in The IP address of the other cluster member.

Use
347

Monitoring DefensePro Resource Utilization

Monitoring DefensePro CPU Utilization, page 348
Monitoring and Clearing DefensePro Authentication Tables, page 350
Monitoring DME Utilization According to Configured Policies, page 351
Monitoring DefensePro Syslog Information, page 352
Monitoring DefensePro CPU Utilization

You can view statistics for the devices average resource utilization and the utilization for each
accelerator.
To monitor device utilization for a selected DefensePro device

>
In the Monitoring perspective, select Operational Status > Resource Utilization > CPU
Utilization.
Table 286: CPU Utilization: General Parameters in 8.x Versions and DefensePro for Cisco
Firepower 9300
Parameter
Description
Resource Utilization
The percentage of the devices CPU currently utilized.
Last 5 sec. Average

Utilization
The average utilization of resources in the last 5 seconds.
Last 60 sec. Average

Utilization
Table 287: CPU-Utilization: General Parameters in 7.x Versions
Parameter
Description
Note: DefensePro 7.x versions running on the x420 platform contains internal logic of two
DefensePro software instancesusing the DoS Mitigation Engine (DME) and physical ports as
shared resources. For more information, see the DefensePro User Guide.
Resource Utilization Instance 0
The percentage of the devices instance-0 CPU currently utilized.
Resource Utilization Instance 1
The percentage of the devices instance-1 CPU currently utilized.
RS Resource Utilization
Instance 0
The percentage of the devices instance-0 routing services (RS)

resource currently utilized.
Instance 1
The percentage of the devices instance-1 routing services (RS)

RE Resource Utilization
Instance 0
The percentage of the devices instance-0 routing engine (RE)

Instance 1
The percentage of the devices instance-1 routing engine (RE)

Last 5 sec. Average Utilization

Instance 0
The average utilization of instance-0 resources in the last 5

seconds.
348

Table 287: CPU-Utilization: General Parameters in 7.x Versions (cont.)
Parameter
Description
Last 5 sec. Average Utilization

Instance 1
The average utilization of instance-1 resources in the last 5

seconds.
Last 60 sec. Average Utilization The average utilization of instance-0 resources in the last 60
Instance 0
seconds.
Last 60 sec. Average Utilization The average utilization of instance-1 resources in the last 60
Instance 1
seconds.
Table 288: CPU Utilization: Accelerator Utilization Parameters in 7.x Versions
Parameter
Description
Instance
The internal hardware instance of the device.
Accelerator Type
The name of the accelerator. The accelerator named

Flow_Accelerator_0 is one logical accelerator that uses several
CPU cores. The accelerator named HW Classifier is the stringmatching engine (SME).
CPU ID
The CPU number for the accelerator.
Forwarding Task
The percentage of CPU cycles used for traffic processing.
Other Tasks
The percentage of CPU resources used for other tasks such as

aging and so on.
Idle Task
The percentage of free CPU resources.
Table 289: CPU Utilization: General Parameters in DefensePro 6.x Versions
Parameter
Description
Resource Utilization
The percentage of the devices CPU currently utilized.
The percentage of the devices routing services (RS) resource currently

utilized.
The percentage of the devices routing engine (RE) resource currently

utilized.
Last 5 sec. Average

Utilization
Last 60 sec. Average

Utilization
Table 290: CPU-Utilization: Accelerator Utilization Parameters in 6.x Versions
Parameter
Description
Accelerator Type
The name of the accelerator. The accelerator named Flow_Accelerator_0

is one logical accelerator that uses several CPU cores. The accelerator
named HW Classifier is the string-matching engine (SME). OnDemand
Switch 3 S1 has no SME.
CPU ID
The CPU number for the accelerator. OnDemand Switch 2 and OnDemand
Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has three CPU
cores.
Forwarding Task
349

Table 290: CPU-Utilization: Accelerator Utilization Parameters in 6.x Versions (cont.)
Parameter
Description
Other Tasks
The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task
Table 291: CPU Utilization: Engine Utilization Parameters in 8.x Versions and DefensePro for
Cisco Firepower 9300
Parameter
Description
Engine ID
The name of the flow engine.
Forwarding Task
Other Tasks
The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task
Monitoring and Clearing DefensePro Authentication Tables

You can view statistics for the devices Authentication Tables. You can also clear the contents of each
table.
The contents of this tab are irrelevant for DefensePro version 8.x versions and DefensePro for Cisco
Firepower 9300.
To monitor Authentication Tables for a selected DefensePro device

>
In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
Table 292: TCP Authentication Table Monitoring Parameters
Parameter
Description
Table Size
The number of source addresses that the table can hold.
Table Utilization
Percent of the table that is currently utilized.
Aging Time
The aging time, in seconds, for the table.
Table 293: DefensePro HTTP Authentication Table Monitoring Parameters
Parameter
Description
Table Size
The number of source-destination couples for protected HTTP servers.

For example, if there are two attacks towards two HTTP servers and the
source addresses are the same, for those two servers, there will be two
entries for the source in the table.
Table Utilization
Aging Time
The aging time, in seconds, for the table.

Values: 603600
Default: 1200
350

Table 294: DNS Authentication Tables Monitoring Parameters
Parameter
Description
Table Size
The number of source addresses that the table can hold.
Table Utilization
Aging Time
The aging time, in minutes, for the table.
To clean an Authentication Table for a selected DefensePro device

1. In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
2. In the relevant tab (that is, TCP Authentication Table, HTTP Authentication Table, or DNS
Authentication Table), click Clean Table.
Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table
action can take up to 10 seconds.
Monitoring DME Utilization According to Configured Policies

The contents of this tab are irrelevant for DefensePro version 8.x versions and DefensePro for Cisco
Firepower 9300.
This tab is functional only on x412 platforms with the DME and x420 platforms.
You can view statistics relating the user-defined policies to the utilization of the DoS Mitigation
Engine (DME).
The values that the device exposes are the calculated according to the configured valueseven
before running the Update Policies command.
Note: If the device is not equipped with the DME, 0 (zero) values are displayed.
To monitor DME utilization according to configured policies

>
In the Monitoring perspective, select Operational Status > Resource Utilization > Policies.
Table 295: DME-Utilization Monitoring Policies Resources Utilization Parameters for

DefensePro 6.x and 7.x Versions
Parameter
Description
If any of the values in this tab is close to the maximum, the resources for the device are
exhausted.
Total Policies
The total number of policies in the context of the DME, which is

double the number of network policies configured in the device.
OnDemand Switch 3 S2 supports 50 configured network policies.
x420 supports 50 configured network policies.
351

Table 295: DME-Utilization Monitoring Policies Resources Utilization Parameters for

DefensePro 6.x and 7.x Versions (cont.)
Parameter
Description
HW Entries Utilization
The percentage of resource utilization from the HW entries in the

context of the DME.
Sub-Policies Utilization
The percentage of DME resource utilization from the entries of subpolicies.

In the context of the DME, a sub-policy is a combination of the
following:
Source-IP-address range
Destination-IP-address range
VLAN-tag range
Table 296: DME-Utilization Monitoring Policies Table Parameters for DefensePro 6.x and 7.x
Versions
Parameter
Description
Policy Name
The name of the policy.
Direction
The direction of the policy.

Values:
Inbound
Outbound
HW Entries
The number of DME hardware entries that the policy uses.
Sub-Policies
The number of DME sub-policy entries that the policy uses.
Monitoring DefensePro Syslog Information

You can view information relating to the syslog mechanism.
To monitor DefensePro syslog information

>
In the Monitoring perspective, select Operational Status > Resource Utilization > Syslog
Monitor.
Table 297: DefensePro Syslog Monitoring Parameters
Parameter
Description
Syslog Server
The name of the syslog server.
Status
The status of the syslog server.

Values:
Messages in Backlog
352
ReachableThe server is reachable.
UnreachableThe server is unreachable.
N/RSpecifies not relevant, because traffic towards the

Syslog server is over UDPas specified (Configuration
perspective, Setup > Syslog Server > Protocol > UDP).
The number of messages in the backlog to the syslog server.

Monitoring Cisco Security Group Tags (SGTs)

You can monitor the name and value of the enabled SGT, if one exists.
Note: For more information on SGTs in DefensePro, see Configuring SGT Classes, page 25.
To monitor SGTs
>
In the Monitoring perspective, select Operational Status > SGT.
Table 298: SGT Monitoring Parameters
Parameter
Description
Name
The name of the SGT.
Value
The value of the SGT.
353

354
Chapter 17 Monitoring DefensePro Statistics

Monitoring DefensePro statistics comprises the following topics:
Monitoring DefensePro SNMP Statistics, page 355
Monitoring DefensePro Bandwidth Management Statistics, page 356
Monitoring DefensePro IP Statistics, page 358
Monitoring DefensePro SNMP Statistics

You can view statistics for the SNMP layer of the device.
To monitor DefensePro SNMP statistics

>
In the Monitoring perspective, select Statistics > SNMP Statistics.
Table 299: DefensePro SNMP Statistics
Parameter
Description
Number of SNMP Received Packets
The total number of messages delivered to the SNMP entity

from the transport service.
Number of SNMP Sent Packets
The total number of SNMP messages passed from the SNMP

protocol entity to the transport service.
Number of SNMP Successful 'GET'

Requests
The total number of MIB objects retrieved successfully by

the SNMP protocol entity as the result of receiving valid
SNMP GET-Request and GET-Next PDUs.
Number of SNMP Successful 'SET'

Requests
The total number of MIB objects modified successfully by the

SNMP protocol entity as the result of receiving valid SNMP
SET-Request PDUs.
Number of SNMP 'GET' Requests
The total number of SNMP GET-Request PDUs accepted and

processed by the SNMP protocol entity.
Number of SNMP 'GET-Next'

Requests
The total number of SNMP GET-Next Request PDUs accepted

and processed by the SNMP protocol entity.
Number of SNMP 'SET' Requests
The total number of SNMP SET-Request PDUs accepted and

processed by the SNMP protocol entity.
Number of SNMP Error Too Big

Received
The total number of SNMP PDUs generated by the SNMP

protocol entity for which the value of the error-status field is
tooBig.
Number of SNMP Error No Such

Name Received

protocol entity for which the value of the error-status is
noSuchName.
Number of SNMP Error Bad Value

Received

badValue.
Number of SNMP Error Generic

Error Received

genErr.
355

Monitoring DefensePro Statistics
Table 299: DefensePro SNMP Statistics (cont.)
Parameter
Description
Number of SNMP 'GET' Responses

Sent
The total number of SNMP Get-Response PDUs generated by

the SNMP protocol entity.
Number of SNMP Traps Sent
The total number of SNMP Trap PDUs generated by the SNMP

protocol entity.
Monitoring DefensePro Bandwidth Management Statistics

This feature is available only in DefensePro 6.x versions.
You can monitor the Bandwidth Management (BWM) statistics for a DefensePro device.
Displaying the Last-Second BWM Statistics for a Selected DefensePro

Device
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).
To display the last-second BWM statistics for a selected DefensePro device

1.
In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Second). The Policy Statistics (Last Second) table is displayed.
2.
To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.
Table 300: DefensePro BWM Last-Second Statistics Parameters
Parameter
Description
Policy Name
The name of the displayed policy.
Matched Packets
The number of packets matching the policy during the last

second.
Matched Bandwidth
The traffic bandwidth, in Kbits, matching the policy during the

last second.
Sent Bandwidth
The volume of sent traffic, in Kbits, in any direction, in the last

second.
Guaranteed Bandwidth Reached
Specifies whether the guaranteed bandwidth was reached

during the last second.
Maximum Bandwidth Reached
Specifies whether the maximum bandwidth was reached during

the last second.
New TCP Sessions
The number of new TCP sessions the device detected in the last
second.
New UDP Sessions
The number of new UDP sessions the device detected in the last
second.
Queued Bandwidth
The bandwidth, in Kilobits, during the last second.
356

Table 300: DefensePro BWM Last-Second Statistics Parameters (cont.)
Parameter
Description
Full Queue Bandwidth
The bandwidth, in Kilobits, discarded during the last second,

due to a full queue.
Aged Packets Bandwidth
The amount of discarded bandwidth, in Kilobits, during the last

second, due to the aging of packets in the queue.
Inbound Packets
The number of inbound packets in the last second.
Inbound Matched Bandwidth
The volume of inbound traffic, in Kilobits, in the last second that

matched the policy.
Inbound Sent Bandwidth
The volume of inbound sent traffic, in Kilobits, in the last

second.
Outbound Packets
The number of outbound packets in the last second.
Outbound Matched Bandwidth
The volume of outbound traffic, in Kilobits, in the last second

that matched the policy.
Outbound Sent Bandwidth
The volume of outbound sent traffic, in Kilobits, in the last

second.
Displaying the Last-Period BWM Statistics for a Selected DefensePro

Device
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).
The Policy Statistics Reporting Period parameter determines the period (Configuration perspective,
BWM > Global Settings > Policy Statistics Reporting Period).
To display the last-period BWM statistics for a selected DefensePro device

1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Period). The Policy Statistics (Last Period) table is displayed.
2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.
Table 301: DefensePro BWM Last-Period Statistics Parameters
Parameter
Description
Policy Name
The name of the displayed policy.
Matched Packets
The number of packets matching the policy during the last

specified period.
Matched Bandwidth
The traffic bandwidth, in Kilobits, matching the policy during

the last specified period.
Sent Bandwidth
The volume of sent traffic, in Kilobits, in any direction, in the

last specified period.
Guaranteed Bandwidth Reached
Specifies whether the guaranteed bandwidth was reached

during the last specified period.
357

Table 301: DefensePro BWM Last-Period Statistics Parameters (cont.)
Parameter
Description
Maximum Bandwidth Reached
Specifies whether the maximum bandwidth was reached during

the last specified period.
New TCP Sessions
The number of new TCP sessions the device detected in the last
specified period.
New UDP Sessions
The number of new UDP sessions the device detected in the last
specified period.
Queued Bandwidth
The volume of queued traffic, in Kilobits, during the last second.
Full Queue Bandwidth
The bandwidth, in Kilobits, discarded in the last specified

period, due to a full queue.
Aged Packets Bandwidth
The amount of discarded bandwidth, in Kilobits, in the last

specified period, due to the aging of packets in the queue.
Inbound Packets
The number of inbound packets in the last specified period.
Inbound Matched Bandwidth
The volume of inbound traffic, in Kilobits, in the last specified

period that matched the policy.
Inbound Sent Bandwidth
The volume of inbound sent traffic, in Kilobits, in the last

specified period.
Outbound Packets
The number of outbound packets in the last specified period.
Outbound Matched Bandwidth
The volume of outbound traffic, in Kilobits, in the last specified

period that matched the policy.
Outbound Sent Bandwidth
The volume of outbound sent traffic, in Kilobits, in the last

specified period.
Monitoring DefensePro IP Statistics

You can monitor statistics for the IP layer of the device, including the number of packets discarded
and ignored. This enables you to quickly summarize the state of network congestion from a given
interface.
To display IP statistics information for a selected DefensePro device

>
In the Monitoring perspective, select Statistics > IP Statistics.
Table 302: IP Statistics Parameters
Parameter
Description
Number of IP Packets
Received
The total number of input datagrams received from interfaces,

including those received in error.
Number of IP Header Errors
The number of input datagrams discarded due to errors in their IP

headers, including bad checksums, version number mismatch, other
format errors, time-to-live exceeded, errors discovered in
processing their IP options, and so on.
358

Table 302: IP Statistics Parameters (cont.)
Parameter
Description
Number of Discarded IP
Packets
The total number of input datagrams for management that were

discarded.
This counter does not include any datagrams discarded while
awaiting re-assembly.
Number of Valid IP Packets

Received
The total number of input datagrams successfully delivered to IP

user-protocols (including ICMP).
Number of Transmitted
Packets (Inc. Discards)
The total number of IP datagrams which local IP user-protocols,

including ICMP supplied to IP in requests for transmission.
This counter does not include any datagrams counted in the Number
of IP Packets Forwarded.
Number of Discarded Packets The number of output IP datagrams for which no problem was
on TX
encountered to prevent their transmission to their destination, but
which were discarded, for example, the lack of buffer space.
This counter includes any datagrams counted in the Number of IP
Packets Forwarded if those packets meet this (discretionary) discard
criterion.
Table 303: Router Statistics Parameters
Parameter
Description
Forwarded
The number of input datagrams for which this entity was not their
final IP destination, as a result of which an attempt was made to
find a route to forward them to that final destination. In entities that
do not act as IP Gateways, this counter includes only those packets
which were Source - Routed via this entity, and the Source - Route
option processing was successful.
Discarded Due to Unknown
Protocol
The number of locally addressed datagrams received successfully

but discarded because of an unknown or unsupported protocol.
Discarded Due to No Route
The number of IP datagrams discarded because no route could be

found to transmit them to their destination.
Note: This counter includes any packets counted in the Number
of IP Packets Forwarded that meet the no-route criterion. This
includes any datagrams which a host cannot route because all of
its default gateways are down.
Number of IP Fragments
Received
The number of IP fragments received which needed to be

reassembled at this entity.
Successfully Reassembled
The number of IP datagrams successfully re-assembled.
Failed Reassembly
The number of failures detected by the IP re-assembly algorithm,

such as timed out, errors, and so on. Note: This is not necessarily a
count of discarded IP fragments since some algorithms (notably the
algorithm in RFC 815) can lose track of the number of fragments by
combining them as they are received.
Number of IP Datagrams
Successfully Reassembled
The number of IP datagrams that have been successfully reassembled at this entity.
359

Table 303: Router Statistics Parameters (cont.)
Parameter
Description
Discarded Due to
Fragmentation Failure
The number of IP datagrams that have been discarded because they

needed to be fragmented at this entity but could not be, for
example, because their Dont Fragment flag was set.
Fragments Generated
The number of IP datagram fragments that have been generated as

a result of fragmentation at this entity.
Valid Routing Entries

Discarded
Number of valid routing entries discarded.
360
Chapter 18 Monitoring and Managing

DefensePro Diagnostics
Monitoring and managing DefensePro diagnostics comprises the following topics:
Configuring Diagnostic Tool Parameters
Configuring Diagnostics Policies
Managing Capture Files
You can monitor and manage DefensePro diagnostics using in APSolute Vision only in DefensePro 6.x
versions 6.12 and later, and 7.x versions.
Note: In DefensePro 6.x versions earlier than 6.12, you can monitor and manage DefensePro
diagnostics using DefensePro CLI or WBM.
Configuring Diagnostic Tool Parameters

This feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, and 7.x
versions.
The diagnostic packet-capture tool can capture packets that enter the device, leave the device, or
both. The captured traffic is in TCPDUMP format. You can download the captured packets, and
analyze the traffic using Unix snoop or various other tools. For remote administration and
debugging, you can also send captured traffic to a terminal (CLI, Telnet, and SSH). You can specify
where the device captures packets to get a better understanding of the traffic flowespecially if the
device manipulates the packetsdue to NAT, traffic from a VIP to a real server, and so on.
Caution: Enabling this feature may cause severe performance degradation.
Notes
To see the actual timestamp of the packets in the files that the diagnostic packet-capture tool
produces, in the packet analyzer (for example, Wireshark), you may need to modify the format
of the time display. The timestamp in the packets in the files that the diagnostic packet-capture
tool produces is always UTC.
The diagnostic packet-capture tool cannot capture packets that pass through the device as the
result of Traffic Exclusion. Traffic Exclusion is when DefensePro passes through all traffic that
matches no network policy configured on the device.
The diagnostic packet-capture tool cannot capture GRE-encapsulated packets.
In DefensePro version 6.x platforms, the diagnostic packet-capture tool truncates packets longer
than 1619 bytes (regardless of the configuration for jumbo frames).
In DefensePro version 7.x platforms, the diagnostic packet-capture tool does not handle jumbo
frames. DefensePro version 7.x platforms either pass through jumbo-frame traffic or drop
jumbo-frame traffic.
361

Monitoring and Managing DefensePro Diagnostics
Configuring Diagnostics Policies

versions.
In most cases, there is no need to capture all the traffic passing through the device. Using diagnostic
policies, the device can classify the traffic, and store only the required information.
To configure a diagnostics policy

1.
In the Monitoring perspective, select Diagnostics > Diagnostic Policies.
2.
3.
(Add) button.
Configure the parameters, and then, click Submit.
Table 304: Diagnostics Policies Parameters
Parameter
Description
Name
The user-defined name of the policy.

Index
The number of the policy in the order in which the diagnostic packetcapture tool classifies (that is, captures) the packets.
Default: 1
Description
The user-defined description of the policy.

VLAN Tag Group Input
The input method for the VLAN Tag Group field.

Values: From List, User-defined Value
VLAN Tag Group
The VLAN Tag group whose packets the policy classifies (that is,
captures).
Destination Input
The input method for the Destination field.

Destination
The destination IP address or predefined class object whose packets the

policy classifies (that is, captures).
Default: anyThe diagnostic packet-capture tool classifies (that is,
captures) packets with any destination address.
Source Input
The input method for the Source field.

Source
The source IP address or predefined class object whose packets the

policy classifies (that is, captures).
Default: anyThe diagnostic packet-capture tool classifies (that is,
captures) packets with any source address.
362

Table 304: Diagnostics Policies Parameters (cont.)
Parameter
Description
Service Type
The service type whose packets the policy classifies (that is, captures).
Values:
None
Basic Filter
AND Group
OR Group
Default: None
Service
The service whose packets the policy classifies (that is, captures).
Outbound Port Group
The Physical Port class whose outbound packets the policy classifies
(that is, captures).
You cannot set the this parameter when the Trace-Log Status
parameter is enabled in the DefensePro CLI or Web Based Management,
Inbound Port Group
The Physical Port class whose inbound packets the policy classifies (that
is, captures).
Destination MAC Group
The destination MAC group whose packets the policy classifies (that is,
captures).
Source MAC Group
The source MAC group whose packets the policy classifies (that is,
captures).
Maximal Number of
Packets
The maximal number of packets the policy captures. Once the policy
captures the specified number of packets, it stops capturing traffic. In
some cases, the policy captures fewer packets than the configured
value. This happens when the device is configured to drop packets.
Maximal Packet Length
The maximal length for a packet the policy captures.
Trace-Log Status
Specifies whether the Trace-Log feature is enabled in the policy.

Values: Enabled, Disabled
Default: Disabled
Note: You cannot set the Outbound Port Group when the value of the
Trace-Log Status parameter is Enabled.
Capture Status
Specifies whether the packet-capture feature is enabled in the policy.

Values: Enabled, Disabled
Default: Disabled
Managing Capture Files

versions.
The tool uses the following format for packet capture files:
capture_<Device Name>_ddMMyyyy_hhmmss_<file number>.cap

DefensePro can store the output of the diagnostic tools in RAM and in the CompactFlash.
363

If the device is configured to store the output in the CompactFlash, when the data size in RAM
reaches its limit, the device appends the data chunk from RAM to the file on the CompactFlash drive.
For each enabled diagnostic tool, DefensePro uses two temporary files. When one temporary file
reaches the limit (1 MB), DefensePro stores the information in the second temporary file. When the
second temporary file reaches the limit (1 MB), DefensePro overwrites the first file, and so on. When
you download a CompactFlash file, the file contains both temporary files.
Use the Capture Files pane to download or delete files from the RAM or CompactFlash.
To download or delete capture files

1.
In the Monitoring perspective, select Diagnostics > Diagnostic Policies.

The pane contains two tables, Files On RAM Drive and Files On Main Flash.
Each table comprises the following columns:
File NameThe name of the file.
File SizeThe file size, in bytes.
2.
Select the required row.
3.
Click one of the following:
364
(Delete Row)Deletes the selected file.

DownloadStarts the download process of the selected data. Follow the on-screen
instructions.
Chapter 19 Monitoring and Controlling

DefensePro Networking
Monitoring and controlling DefensePro networking comprises the following topics:
Monitoring and Controlling the DefensePro Session Table, page 365
Monitoring Routing Table Information, page 367
Monitoring DefensePro ARP Table Information, page 368
Monitoring MPLS RD Information, page 369
Monitoring the DefensePro Suspend Table, page 369
Monitoring Tunnel Interfaces, page 370
Monitoring BGP Peers, page 371
Monitoring and Controlling the DefensePro Session Table

Monitoring and controlling DefensePro Session Table comprises the following topics:
Monitoring Session Table Information, page 365
Configuring DefensePro Session Table Filters, page 366
Monitoring Session Table Information

Each DefensePro device includes a Session table to keep track of sessions bridged and forwarded by
the device. By default, the Session table is enabled.
The size of the table makes it difficult to view. To generate reliable and useful reports and prevent
system failures, use filters to define the Session Table information to display. Information that
matches any enabled Session table filter is displayed.
Notes
The filtered Session table is not automatically refreshed periodically. The information is loaded
when you select to display the Session Table pane and when you manually refresh the display.
DefensePro issues alerts for high utilization alerts of the Session table. DefensePro sends alerts
to APSolute Vision when table utilization reaches 90% and 100%.
To view Session table information

>
In the Monitoring perspective, select Networking > Session Table > Session Table.
Table 305: Filtered Session-Table Monitoring Parameters
Parameter
Description
Source IP
The source IP address within the defined subnet.
Destination IP
The destination IP address within the defined subnet.
Source L4 Port
The session source port.
365

Monitoring and Controlling DefensePro Networking
Table 305: Filtered Session-Table Monitoring Parameters (cont.)
Parameter
Description
Destination L4 Port
The session destination port.
Protocol
The session protocol.
Physical Interface
The physical port on the device at which the request arrives from the
client.
Lifetime (Sec.)
The time, in seconds, following the arrival of the last packet, that the
entry remains in the table before it is deleted.
Aging Type
The reason for the Lifetime value.

Values:
SYN Flood Status
DefaultA lifetime per protocol. The default value is 100 seconds.
EndSession end. A FIN/RST arrived, and the session ended. The

value depends on the protocol defaults. The default value is 5
seconds.
SYNSYN Protection. The Lifetime was set after DefensePro

received a SYN that may be an attack. The default value is 10
seconds.
AppAn application changed the lifetime for an application-specific

reason. Note that the host table can change this lifetime only to the
Lifetime type End (for example, ACL rules).
InitialThe initial lifetime of the session, which later (probably after

the arrival of the second packet) will be modified to the Lifetime
type Default. The default value is 5 seconds.
UnknownIf none of the above options are used.
Indicates whether the entry is currently protected against SYN attacks.

Values:
Not ProtectedThe SYN Flood Protection module is disabled.
Protected (No Attack)No trigger is found for the protected server,

thus there is no attack.
Protected (Under Attack)There is an ongoing attack on the

protected server, and DefensePro is mitigating the attack
Configuring DefensePro Session Table Filters

The full Session table is very large; therefore, it is recommended to filter the information. Use
Session table filters to define the information you want to display.
To configure Session table filters

1.
In the Monitoring perspective, select Networking > Session Table > Session Table Filters.
2.
To add or modify a filter, do one of the following:
3.
366
To add a filter, click the
To edit a filter, double-click the entry in the table.
(Add) button.
Configure filter parameters and click Submit.

Table 306: DefensePro Session-Table Filter Monitoring Parameters
Parameter
Description
Filter Name
The unique name of the filter.
Physical Interface
The physical port on the device at which the request arrives from the
client.
Default: Any
Source IP Address
The source IP address within the defined subnet.

Select IPv4 or IPv6, and then, enter the address.
Source IP Mask
The source IP address used to define the subnet that you want to
present in the Session Table.
Select IPv4 or IPv6, and then, enter the mask.
Destination IP Address
The destination IP address within the defined subnet.

Select IPv4 or IPv6, and then, enter the address.
Destination IP Mask
The destination IP address used to define the subnet that you want to
present in the Session Table.
Select IPv4 or IPv6, and then, enter the mask.
Source L4 Port
The session source Layer 4 port.
Destination L4 Port
The session destination Layer 4 port.
Monitoring Routing Table Information

The Routing table stores information about destinations and how they can be reached.
By default, all networks directly attached to the DefensePro device are registered in this table. Other
entries can be statically configured or dynamically created through the routing protocol.
Note: The Routing table is not automatically refreshed periodically. The information is loaded when
you select to display the Routing Table pane, and when you manually refresh the display.
To display Routing Table information for a selected device

>
In the Monitoring perspective, select Networking > Routing.
Table 307: Routing-Table Monitoring Parameters
Parameter
Description
Destination Network
The destination network to which the route is defined.
Netmask
The network mask of the destination subnet.
Next Hop
The IP address of the next hop toward the Destination subnet. (The next
hop always resides on the subnet local to the device.)
367

Table 307: Routing-Table Monitoring Parameters (cont.)
Parameter
Description
Via Interface
In DefensePro 6.x8.x versions, this is the local interface or VLAN through

which the next hop of this route is reached. This can be the port name,
trunk name, or VLAN ID.
In DefensePro for Cisco Firepower 9300, the value is 3 (read-only), which
is the value of the management interface.
Type
This field is displayed only in the Static Routes table.

The type of routing.
Values:
Metric
LocalThe subnet is directly reachable from the device.
RemoteThe subnet is not directly reachable from the device.
The metric value defined or calculated for this route.
Monitoring DefensePro ARP Table Information

You can view the devices ARP table, which contains both static and dynamic entries. You can change
an entry type from dynamic to static.
Note: The ARP table is not automatically refreshed periodically. The information is loaded when you
select to display the ARP Table pane, and when you manually refresh the display.
To display ARP Table information for a selected DefensePro device

>
In the Monitoring perspective, select Networking > ARP.
Table 308: DefensePro ARP-Table Monitoring Parameters
Parameter
Heading
Port
The interface number where the station resides.
IP Address
The stations IP address.
MAC Address
The stations MAC address.
Type
The entry type.

Values:
368
OtherNot Dynamic or Static.
DynamicEntry is learned from ARP protocol. If the entry is not active

for a predetermined time, the node is deleted from the table.
StaticEntry has been configured by the network management station

and is permanent.

To change an entry type from dynamic to static

1. In the Monitoring perspective, select Networking > ARP.
2. Select the entry, and select Change Entry to Static.
Monitoring MPLS RD Information

This feature is supported only in DefensePro 6.x versions and 7.x versions prior to 7.40.
You can monitor MPLS RD information and configure an MPLS RD. Each MPLS RD is assigned two
tags for the link on which the device is installed, an upper tag and a lower tag. On a different link,
the same MPLS RD can be assigned with different tags.
To display MPLS RD information for a selected DefensePro device

1. In the Monitoring perspective, select Networking > MPLS RD.
The MPLS RD table displays current MPLS RD information.
2. To add an MPLS RD, click the
(Add) button.
Table 309: MPLS RD Parameters
Parameter
Description
MPLS RD
The MPLS RD name.
Type
Describes the MPLS RD format.

Values:
2 Bytes : 4 BytesAS (16 bit): Number (32 bit)
4 Bytes : 2 BytesAS (32 bit): Number (16 bit)
IP Address : 2 BytesIP: Number (16 bit)
Upper Tag
The upper tag for the link on which the device is installed.
Lower Tag
The lower tag for the link on which the device is installed.
Monitoring the DefensePro Suspend Table

When DefensePro detects an attack, some protectionssuch as Anti-Scanning, Server Cracking,
and Connection Limitadd the source IP of the attacker to the Suspend table. All traffic from the
attacker to the protected server is then handled according to the Suspend Action for a defined time
period.
To view the real-time Suspend table for a selected DefensePro device

>
In the Monitoring perspective, select Networking > Suspend Table.
369

Table 310: DefensePro Suspend-Table Monitoring Parameters
Parameter
Description
Source IP
The IP address from which traffic was suspended.
Destination IP
The IP address to which traffic was suspended (0.0.0.0 means traffic to all
destinations was suspended).
Destination Port
The application port to which traffic was suspended (0 means all ports).
Protocol
The network protocol of the suspended traffic.
Module
The security module that activated the traffic suspension.

Values: Signature Protection, Anti Scanning, Syn Protection
Classification Type
Values:
PolicyA Network Protection policy suspended the traffic.
ServerA Server Protection policy suspended the traffic.
Policy / Server Name The name of the policy that suspended the traffic.
Expiration Type
The method of determining the expiration.

Values: On Request, Fixed Timeout, Dynamic Timeout
Expiration Time
The number of seconds until the entry is removed from the Suspend table.
Monitoring Tunnel Interfaces

You can monitor tunnel interfaces that are configured in the Tunnel Interfaces pane (Configuration
perspective, Setup > Networking > IP Management > Tunnel Interfaces).
Notes
For more information on the Device Operation Mode, see Configuring the Device Operation Mode
for DefensePro, page 153).
For more information on the tunnels in the context the IP Device Operation Mode, see
Configuring Tunnel Interfaces, page 42.
To display tunnel interface information for a selected DefensePro device

>
In the Monitoring perspective, select Networking > Tunnel Interfaces.
Table 311: Tunnel Interfaces: Table Parameters
Parameter
Description
Tunnel IP Address
The IP address of the tunnel.
Primary Tunnel Status
The status of the primary tunnel.
Secondary Tunnel Status
The status of the secondary tunnel.
370

Table 312: Tunnel Interfaces: Total Tunnel Status Parameter
Parameter
Description
Total Tunnels Status
The number of reachable tunnels of the total configured tunnels,

using a slash (/) as the separator. For example, the value 10/11
signifies that there are 10 reachable tunnels of the 11 total
configured tunnels.
Monitoring BGP Peers

You can monitor statistics regarding the BGP peers configured on the device.
Note: The routing tables managed by a Border Gateway Protocol (BGP) implementation are
adjusted continually to reflect changes in the network, such as links breaking and being restored, or
routers going down and coming back up. In the network as a whole, these changes happen almost
continuously, but for any particular router or link, changes should be relatively infrequent.
To display BGP information for a selected DefensePro device

>
In the Monitoring perspective, select Networking > BGP Peers.
Table 313: BGP Information for DefensePro
Parameter
Description
Peer IP Address
The IP address of the remote peer.
Admin Status
Indicates whether the peer is enabled.
Connection State
The state of the connection.

Values:
IdleThe peer is stopped.
ConnectDefensePro initiated a TCP connection to remote peer.
ActiveThe peer is waiting during a connect retry interval, after

failing to establish TCP connection to a remote peer. In this
state, DefensePro also listens on port 179 for potential incoming
connections from the remote peer.
OpenSentA TCP connection is established with the remote

peer. DefensePro sent a BGP OPEN message to the remote peer
and expects to receive an OPEN message from it.
OpenConfirmDefensePro received an OPEN message from the

remote peer. DefensePro responds with a KEEPALIVE message
and expects a KEEPALIVE message from the remote peer.
EstablishedA BGP connection is established with a remote

peer. DefensePro can now exchange UPDATE messages with it.
Remote AS
The remote autonomous system number.
Peer Identifier
The IP address that identifies the remote peer for the current BGP
connection.
371

Table 313: BGP Information for DefensePro (cont.)
Parameter
Description
Local Address
The DefensePro IP interface address used as the source IP address

for a BGP connection.
Local Port (Source)
The TCP source port number used by DefensePro for a BGP

connection to the remote peer.
Remote Port (Destination)
The TCP destination port number used by DefensePro for a BGP

connection to the remote peer.
In Updates
The number of BGP UPDATE messages transmitted on the

connection.
Out Updates
The number of BGP UPDATE messages transmitted on the

connection.
In Total Messages
The total number of messages received from to the remote peer on

the connection.
Out Total Messages
The total number of messages transmitted to the remote peer on

the connection.
Last Error
The last error code and subcode seen by the peer on the
connection. If no error has occurred, the value for this field is zero
(0). Otherwise, the first byte of this two-byte OCTET STRING
contains the error code, and the second byte contains the subcode.
FSM Established Time
How long, in seconds, the peer has been in the established state, or
how long since the peer was last in the established state. It is set to
zero when a new peer is configured or the router is booted.
FSM Established Transitions
The total number of times the BGP FSM transitioned into the
established state.
Connect Retry Interval
The Connect Retry Interval value specified in the configuration of

the peer.
Hold Time
The time, in seconds, the Hold Timer established with the peer. The
value of this object is calculated by the BGP speaker by using the
smaller of the value by the specified Hold Time and the Hold Time
received in the OPEN message. The value zero (0) indicates that the
Hold Timer has not been established with the peer, or, the specified
Hold Time is zero (0).
Keep Alive Time
The interval, in seconds, for the keepalive timer established with the
peer. The value of this object is calculated by the BGP speaker. The
value zero (0) indicates that the keepalive timer has not been
established with the peer, or, the specified Keep-Alive Time is zero
(0).
Hold Time Configured
The Hold Time value specified in the configuration of the peer.
Keep Alive Configured
The Keep-Alive Time value specified in the configuration of the

peer.
In Update Elapsed Time
The elapsed time, in seconds, since the last BGP UPDATE message
was received from the peer.
372
Chapter 20 Monitoring and Controlling

DefenseFlow Operation
The Monitoring pane lets you view system information and statistics and the operation of protected
objects in real-time, including protected objects for:
Operation, page 373
System, page 379
Note: In DefenseFlow version 2.01, the order of the Operation and System tabs are switched.
Operation
The Operation pane lets you manage protected objects and manually activate them using the
Protected Objects pane, including:
Pending Actions, page 373
Mitigation Devices, page 374
Protected Objects, page 375
Ongoing Protections, page 377
BGP, page 377
Pending Actions
This feature is only available starting with version 2.02.
The Pending Actions pane lets you manage pending actions to be performed for protected objects in
User Confirmation mode.
To monitor pending actions

>
In the Monitoring perspective, select Operation > Pending Actions.
Table 314: Pending Actions View/Search Parameters
Parameter
Description
PO Name
The name of the protected object awaiting action confirmation.
Detected IP
Address
IP address attacked destination as detected by the selected detection device.
Attack ID
The ID of the detected attack as reported by the detection device.
373

Monitoring and Controlling DefenseFlow Operation
Table 314: Pending Actions View/Search Parameters (cont.)
Parameter
Pending Action
Description
The pending action waiting for confirmation.
Values:
Configured
Action
Start An attack was detected for the protected object. The user can confirm
activation of the configured actions.
EndThe attack was terminated. The user can confirm deactivation of the
active actions.
The configured action for the protected object.
To confirm or ignore a pending action

1.
In the Monitoring perspective, select Operation > Pending Actions.
2.
To edit a pending action, click the
3.
To confirm start of a pending action, click Confirm Start. The action parameters display and
can be modified:
(Edit) button.
To
Attack Destinationprotected the entire protected object or a specific IP address within

the protected object.
Protected IPThe specific IP address attack target to be protected. This must be within
the network classification of the protected object.
StrategyThe operation strategy to use for diversion and mitigation groups
preferences.
Attack bandwidthPeak attack level to use as a basis for configuring the DefensePro
device if the information is missing from the detection signals.
Ignore mitigation devices capacity unitsIf checked, DefenseFlow uses the selected
DefensePro devices regardless of their monitored capacity.
confirm ending protection, select Confirm End.
A confirmation message displays. Click OK to confirm.
4.
To ignore a pending action and remove it from the pending actions table, click Ignore.
Click Submit.
Mitigation Devices
The Mitigation Devices pane lets you monitor the status of mitigation devices.
To monitor mitigation devices

>
374
In the Monitoring perspective, select Operation > Mitigation Devices.

Table 315: Mitigation Devices View/Search Parameters
Parameter
Description
Name
The name of the mitigation device.
Operational
Status
The operational status of the mitigation device.
CPU Utilization
CPU utilization of the mitigation device.
BW Utilization
(Gbps)
Bandwidth utilization of the mitigation device.
Policies
Utilization
The policies table utilization of the mitigation device.
Update Time
Last monitored update time.
Protected Objects
The Protected Objects pane lets you monitor protected objects and manually activate them.
To monitor protected objects

>
In the Monitoring perspective, select Operation > Protected Objects.
Table 316: Protected Object View/Search Parameters
Parameter
Description
Name
The name of the protected object.
Detection Status The detection status of the protected object.

Values:
Action Status
Learning DefenseFlow learns protected object baselines.
NormalNo attack is currently detected for the protected object.
AttackedThe protected object is under attack.
The action status of the protected object.

Values:
ActiveThe configured actions are active. This means that the action
specified for the protected object is now enabled. The action can be enabled
automatically or manually.
Not ActiveThe configured actions are currently not active.
Mitigation
The list of mitigation devices that are currently performing mitigation for the
Device/
protected object.
Mitigation Group
(This parameter
is only available
in version 2.01)
375

Table 316: Protected Object View/Search Parameters (cont.)
Parameter
Description
Action Mode
The action mode configured for the protected object.

Values:
Pending Action
AutomaticConfigured actions are automatically activated upon detection of

an attack.
ManualConfigured actions can only be activated manually.
User confirmationThe user is prompted to confirm activation of the

configured actions upon attack.
The pending action waiting for confirmation for a protected object that is in User
Confirmation mode.
Values:
Activate An attack was detected for the protected object. The user can
confirm activation of the configured actions.
DeactivateThe attack was terminated. The user can confirm deactivation of

the active actions.
Configured
Action
Protected
Destination
A list of currently activated destinations for the protected object.
(This parameter
is only available
starting with
version 2.02)
To activate a protected object

1.
In the Monitoring perspective, select Operation > Protected Objects.
2.
Starting with version 2.02, to edit a protected object, click the
3.
(Edit) button.
To activate that configured action on a protected object (Manual mode), click Activate.
Performing this action on a protected object that is not in Manual mode changes the
protected objects configuration to Manual.
Starting with version 2.02, configure the activation parameters:
376
Attack Destinationprotected the entire protected object or a specific IP address within

the protected object.
Protected IPThe specific IP address attack target to be protected. This must be within
the network classification of the protected object.
StrategyThe operation strategy to use for diversion and mitigation groups
preferences.
Attack bandwidthPeak attack level to use as a basis for configuring the DefensePro
device if the information is missing from the detection signals.
Ignore mitigation devices capacity unitsIf checked, DefenseFlow uses the selected
DefensePro devices regardless of their monitored capacity.

To de-activate a protected object (in version 2.01, for a protected object that is in Manual
mode), click Deactivate.
In version 2.01, performing this action on a protected object that is not in Manual mode
changes the protected objects configuration to Manual.
In version 2.02, delete all the entries that should be deactivated from the list of activated
destinations.
In version 2.01, to confirm the pending action for a protected object in User Confirmation
mode that has a Pending Action, click Confirm.
In version 2.02, to cancel all active protections and move the protected object to Manual
mode in one operation, click Cancel all protection and move to manual protection.
4. In version 2.01, a confirmation message displays; click Yes to perform the action. In version
2.02, click Submit.
Ongoing Protections
The Ongoing Protections pane lets you monitor the status of currently active protections.
To monitor ongoing protections

>
In the Monitoring perspective, select Operation > Ongoing Protections.
Table 317: Ongoing Protections View/Search Parameters
Parameter
Description
Name
The name of the protected object.
Origin
Origin of the detection for this protection activation.
IP Address
Destination IP address that was activated.
Attack ID
Attack ID as received from the detection origin.
Start Time
The time that the protection has started.
Configured
Action
Strategy
The strategy used for the protection.
Mitigation
The list of mitigation devices that are currently performing mitigation for this
Device/
protection.
Mitigation Group
Diversion Group The diversion network elements for the protection.
To activate an ongoing protection

1. In the Monitoring perspective, select Operation > Ongoing protection.
2. To edit an ongoing protection, click the
(Edit) button.
3. A confirmation message displays. Click Yes to perform the action.
BGP
377

The BGP pane lets you monitor the status of BGP peers and announcements, including:
Peers, page 378
Announcements, page 378
Peers
The Peers pane lets you monitor the status of BGP peers.
To monitor the status of BGP peers

>
In the Monitoring perspective, select Operation > BGP > Peers.
Table 318: BGP Peers View/Search Parameters
Parameter
Description
Peer Name
The name of the network element.
IP Address
The IP address of the BGP peer.
Peering State
Peering State of the BGP peer.
Last
Connectivity
Time
The last connectivity time of the BGP peer.
ID
The BGP peer ID.
Local AS
The local Autonomous System number.
Peer AS
The peer Autonomous System number.
Announcements Number of BGP announcements.

Withdrawals
Number of withdrawals.
Announcements
The Announcements pane lets you monitor the status of currently active BGP announcements.
To monitor the status of BGP announcements

>
In the Monitoring perspective, select Operation > BGP > Announcements.
Table 319: BGP Announcements View/Search Parameters
Parameter
Description
Peer Name
The name of network element to which the announcement was sent.
Peer IP
The IP address of the BGP peer.
Protected Object The name of the protected object for which that the announcement was sent.
Network
The destination network of the BGP announcement.
Next Hop
The next hop address used for the BGP announcement.
Type
The type of announcement.
Community
The BGP communities in the announcement.
378

Table 319: BGP Announcements View/Search Parameters (cont.)
Parameter
Description
Status
The status of the announcement.
Time
The time the announcement was sent.
System
The System pane lets you view system information and utilization statistics, including:
General Information, page 379
System Utilization, page 379
General Information
The General Information pane lets you view DefenseFlow general system information.
To view DefenseFlow general information

>
In the Monitoring perspective, select System > General Information.
Table 320: General Information Parameters
Parameter
Description
Uptime
Time since the last reboot of the system in the format hh:mm:ss (hours: minutes,
seconds).
Software
Version
Currently installed DefenseFlow software version.
Build
Currently installed DefenseFlow software build.
System Utilization
The System Utilization pane lets you view the current DefenseFlow utilization statistics and set alert
levels.
To view DefenseFlow general information and set alert levels

>
In the Monitoring perspective, select System > System Utilization.
Table 321: System Utilization Parameters
Parameter
Description
CPU Utilization
Percent of CPU currently being utilized.
Alert Level
Set the CPU utilization percentage when an alert is issued.
Memory
Utilization
Memory percentage currently being utilized.
Free
Amount of free memory in kilobytes.
Total
Total memory in kilobytes
Alert Level
Set the memory utilization percentage when an alert is issued.
379

380
Chapter 21 Using Real-Time Security

Monitoring
Use the Security Monitoring perspective to view and analyze real-time security information of
managed devices, which include the following platform types:
AppWall standalone
Alteon NG with embedded AppWall module
DefenseFlow mitigation devices
DefensePro
The following main topics describe security monitoring in APSolute Vision:
Using Real-Time Security Monitoring with DefensePro and DefenseFlow, page 381
Using Real-Time Security Monitoring with AppWall and Alteon, page 427
Notes
Use APSolute Vision Reporter (AVR) to view and analyze historical security information. For
information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes. For information about APSolute Vision Reporter and how to use
it, see its online help and the APSolute Vision Reporter User Guide.
The contents of the Security Monitoring perspective are customized per the specific monitored
device. The reporting information for DefensePro and DefenseFlow mitigation devices is different
from the reporting information for AppWall and Alteon devices.
When selecting multiple devices, the Security Monitoring perspective display reports that are
relevant across devices, with the same reporting information. When selecting multiple devices
including DefensePro and other device types (AppWall or Alteon), the Security Monitoring
perspective shows reports only for the DefensePro devices.
Using Real-Time Security Monitoring with DefensePro and

DefenseFlow
This section describes using real-time security monitoring with DefensePro and DefenseFlow.
When an attack is detected, the DefensePro device or DefenseFlow mitigation device creates and
reports a security event that includes the information relevant to the specific attack. The Security
Monitoring perspective displays information relevant to the specific attack along with real-time
network traffic and statistical parameters. Use the Security Monitoring perspective to observe and
analyze the attacks that the device detected and the countermeasures that the device implemented.
The following main topics describe security monitoring in APSolute Vision:
Risk Levels, page 382
Using the Dashboard Views for Real-Time Security Monitoring, page 382
Viewing Real-Time Traffic Reports, page 408
Protection Monitoring, page 417
HTTP Reports, page 424
381

Using Real-Time Security Monitoring
Notes
Your user permissions (your RBAC user definition) determine the DefensePro devices and
policies, or DefenseFlow protected objects, that the Security Monitoring perspective displays to
you. You can view and monitor only the attacks blocked by the DefensePro devices and policies,
or DefenseFlow mitigation devices and protected objects, that are available to you.
APSolute Vision also manages and issues alerts for new security attacks.
DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic
levels.
When calculating the real-time network traffic and statistical parameters, DefensePro or
DefenseFlow version 2.01 do not include traffic that exceeded the throughput license.
Risk Levels
The following table describes the risk levels that DefensePro supports to classify security events.
Note: For some protections, the user can specify the risk level for an event. For these protections,
the descriptions in the following table are recommendations, and specifying the risk level is the
users responsibility.
Table 322: Risk Levels
Risk Level
Description
Info
The risk does not pose a threat to normal service operation.
Low
The risk does not pose a threat to normal service operation, but may be part of
a preliminary action for malicious behavior.
Medium
The risk may pose a threat to normal service operation, but is not likely to cause
complete service outage, remote code execution, or unauthorized access.
High
The risk is very likely to pose a threat to normal service availability, and may
cause complete service outage, remote code execution, or unauthorized access.
Using the Dashboard Views for Real-Time Security Monitoring

This section is relevant to both DefensePro and DefenseFlow.
Configuring the Display Parameters of a Dashboard View, page 383
Using the Current Attacks Table, page 385
Using the Ongoing Attacks Monitor, page 391
Attack Details, page 392
Sampled Data Tab, page 406
Viewing Real-Time Traffic Reports, page 408
Viewing Traffic Utilization Statistics, page 408
Use a Dashboard View in the Security Monitoring perspective to analyze activity and security events
in the network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a site, or all devices in the network.
The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of
the system.
382

The Dashboard View node comprises the following tabs, which display the same summary
information:
Current Attacks Tablewhich is a table display (see Figure 45 - Current Attacks Table
DefensePro, page 386).
Ongoing Attacks Monitorwhich includes a graphical, chart display (see Figure 47 - Ongoing
Attacks Monitor, page 392).
The Scope and other display parameters that you configure apply to the Current Attacks Table and
to the Ongoing Attacks Monitor. For more information, see Configuring the Display Parameters of a
Dashboard View, page 383.
When you double-click an attack in the Current Attacks Table or Ongoing Attacks Monitor, APSolute
Vision displays the details in an Attack Details tab. There, you can display the Sampled Data dialog
box for the all attack types that support sampled data.
By default, the display of the Dashboard View refreshes every 15 seconds. Administrators can
configure the refresh rate (APSolute Vision Settings view System perspective, General Settings >
Monitoring > Polling Interval for Reports).
Configuring the Display Parameters of a Dashboard View

The following table describes the display parameters of the Dashboard View in the Security
Monitoring perspective. The Scope and Display Last parameters that you configure in the Current
Attacks Table applies to the Ongoing Attacks Monitor and vice versa.
Table 323: Security Monitor Dashboard ViewDisplay Parameters
Parameter
Description
Scope
The Scope depends on whether you are monitoring using DefensePro or

DefenseFlow. Using DefensePro, this parameter defines the physical
ports and the Network Protection policies that the dashboard displays.
Using DefenseFlow, this parameter defines the Protected Object, ports,
and policies that the dashboard displays.
Using DefensePro, by default, the Scope is Any Port; Any Policy. That
is, by default, the dashboard displays all the information.
Using DefenseFlow, by default, the Scope is Any Protected Object;
Any Port; Any Policy. That is, by default, the dashboard displays all
the information.
To control the scope of the information that the dashboard displays in
DefensePro, see the procedure To control the scope of the information
that the Dashboard View displays for DefensePro, page 384.
To control the scope of the information that the dashboard displays in
DefenseFlow, see the procedure To control the scope of the information
that the Dashboard View displays for DefenseFlow, page 385.
383

Table 323: Security Monitor Dashboard ViewDisplay Parameters (cont.)
Parameter
Description
Display Last
How long the dashboard displays attacks after the attack terminates.
That is, the dashboard displays all attacks that are currently ongoing or
that terminated within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
2 Hours
6 Hours
12 Hours
24 Hours
Default: 10 Minutes
Top Attacks to Display
The number of attacks that the Ongoing Attacks Monitor displays.
(This parameter is
available only in the
Ongoing Attacks
Monitor.)
Values: 150
Sort By
Values:
(This parameter is
available only in the
Ongoing Attacks
Monitor.)
Top Total Packet CountThe Ongoing Attacks Monitor displays the

attacks with the highest number of packets.
Top VolumeThe Ongoing Attacks Monitor displays the attacks with

the highest volume.
Most RecentThe Ongoing Attacks Monitor displays the most recent

attacks.
Attack RiskThe Ongoing Attacks Monitor displays the attacks

according to attack risk.
Default: 20
Default: Top Packet Count
To control the scope of the information that the Dashboard View displays for DefensePro
1.
Click
. Two tables open. One table has the Device Name and Port columns, and the
other table has the Device Name and Policy columns.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300 does not support
limiting the physical ports for the Scope.
384

To limit the physical ports or Network Protection policies that the dashboard displays, select
the corresponding checkboxes.
To display the information for all the currently relevant physical ports or Network Protection
policies, click in the top-left table cell, and then, select Select All.
To display all the information in the database, even information that is not associated with a
specific port or specific Network Protection policy, click in the top-left table cell, and then,
select Select None.
To control the scope of the information that the Dashboard View displays for
DefenseFlow
1. Click
. Three tables open. One table has the Protected Object, one table has the Device
Name and Port columns, and the third table has the Device Name and Policy columns.
2. To toggle the sort order of the information in any of the columns, hover over the column heading
until you see an arrow, and then, click the arrow.
Using the Current Attacks Table

The Current Attacks Table displays information on current and recent attacks. The configuration of
the display parameters determine the information that the Current Attacks Table displays (see
Configuring the Display Parameters of a Dashboard View, page 383).
To display the Current Attacks Table

1. In the Security Monitoring perspective, select the DefensePro device or site, for which to display
data.
2. Select Dashboard View > Current Attacks Table.
You can do the following in the Current Attacks Table:
Filter the rowsYou can filter table rows according to values in the table columns. For more
information on filtering table rows, see Filtering Table Rows, page 67.
Sort the rowsYou can change the row order from ascending to descending or vice versa. To
do this, hover the mouse over the column to display the arrow and change the order.
View additional information for a specific attackTo do this, select the relevant row, and
click
(View Attack Details). For more information, see Attack Details, page 392
Go to the policy that handled attack To do this, click
(Go to Policy).
Export the information in the table to a CSV fileTo do this, click

can view the file or specify the location and file name.
(CSV). Then, you
Note: Export of Packet Anomalies is not supported.
385

Pause the refresh of the table displayTo do this, click

is not paused, it refreshes approximately every 15 seconds.
(Pause). When the table display
Figure 45: Current Attacks TableDefensePro

ScopeDisplays the tables to
select the physical ports and
Network Protection policies that the
Dashboard View displays.
The Scope summary.
386
Function buttons:
View Attack Details
Go to Policy
Export Table to CSV
Pause
Arrow for
sorting
ascending or
descending.

Figure 46: Current Attacks TableDefenseFlow

ScopeDisplays the tables to
select the protected objects that the
Dashboard View displays.
The Scope summary.
Function buttons:
View Attack Details
Go to Policy
Export Table to CSV
Pause
Arrow for
sorting
ascending or
descending.
Table 324: Current Attacks Table Parameters
Parameter
Description
Source Type
The source of the signal entry.
(This parameter is
available only in
DefenseFlow.)
Values:
Start Time
The date and time that the attack started.
DPDefensePro
DFDefenseFlow
387

Table 324: Current Attacks Table Parameters (cont.)
Parameter
Attack Category
Description
The threat type to which this attack belongs.
Values:
Status
ACL (not in DefenseFlow)
Anomalies (in DefenseFlow, detection was performed by an external

detector)
Anti-Scanning (not in DefenseFlow)
Bandwidth Management (not in DefenseFlow)
Behavioral DoS (in DefenseFlow, detection was performed by

DefenseFlow BDoS)
DNS Flood (not in DefenseFlow)
DoS (not in DefenseFlow)
HTTP Flood (not in DefenseFlow)
Intrusions (not in DefenseFlow)
Server Cracking (not in DefenseFlow)
Stateful ACL (not in DefenseFlow)
SYN Flood (not in DefenseFlow)
The last-reported status of the attack.

Values:
Risk
StartedAn attack containing more than one security event has been
detected. (Some attacks contain multiple security events, such as DoS,
Scans, and so on.)
Occurred (Signature-based attacks)Each packet matched with

signatures was reported as an attack and dropped.
Sampled (available only in DefenseFlow)The last reading for each

protocol and the totals for all protocols, for a single device. This
information is only available when viewing a single device.
OngoingThe attack is currently taking place, the time between Started

and Terminated (for attacks that contain multiple security events, such
as DoS, Scans, and so on).
TerminatedThere are no more packets matching the characteristics of

the attack, and the device reports that the attack has ended.
The predefined attack severity level (see Risk Levels, page 382).
Values:
Attack Name
388
High
Medium
Low
Info
The name of the detected attack.

Parameter
Description
Source Address
The source IP address of the attack. If there are multiple IP sources for an
attack, this field displays Multiple. The multiple IP addresses are displayed
in the Attack Details window. Multiple may also refer to cases when
DefensePro or DefenseFlow cannot report a specific value.
The Search string can be any legal IPv4 or IPv6 address, and can include a
wildcard (*).
Destination Address
The destination IP address of the attack. If there are multiple IP sources for
an attack, this field displays Multiple. The multiple IP addresses are
displayed in the Attack Details window. Multiple may also refer to cases
when DefensePro or DefenseFlow cannot report a specific value.
Policy
In DefensePro, the name of the configured Network Protection policy or

Server Protection policy that was violated by this attack.
To view or edit the policy for a specific attack, select the attack entry and
click the
(Go to Policy) button.
In DefenseFlow, the name of the configured Security Policy that was set to
mitigate this attack. The default policy name is the name of the protected
object. Policies in DefenseFlow cannot be edited.
Radware ID
The unique attack identifier issued by device.
Direction
The direction of the attack, inbound or outbound.

Values: in, out
389

Parameter
Description
Action Type
The reported action against the attack. The actions are specified in the
protection profile, which may or may not be available or relevant for your
system.
(This parameter is
available only in
DefensePro.)
Values:
BypassDefensePro does not protect against this attack, but rather,

sends its data out of the device, and may report it.
ChallengeDefensePro challenges the packet.
Destination ResetDefensePro sends a TCP-Reset packet to the

destination IP address and port.
DropDefensePro discards the packet.
Drop & QuarantineDefensePro discards the traffic and adds the

destination to the Web quarantine.
ForwardDefensePro continues to process the traffic and eventually

forwards the packet to its destination.
Proxy
QuarantineDefensePro adds the destination to the Web quarantine.
Source Destination ResetDefensePro sends a TCP-Reset packet to both

the packet source IP and the packet destination IP address.
Source ResetDefensePro sends a TCP-Reset packet to the packet

source IP address.
Http 200 OkDefensePro sends a 200 OK response using a predefined

page and leaves the server-side connection open.
Http 200 Ok Reset DestDefensePro sends a 200 OK response using a

predefined page and sends a TCP-Reset packet to the server side to close
the connection.
Http 403 ForbiddenDefensePro sends a 403 Forbidden response using

a predefined page and leaves the server-side connection open.
Http 403 Forbidden Reset DestDefensePro sends a 403 Forbidden

response using a predefined page and sends a TCP-Reset packet to the
server side to close the connection.
Total Packet Count
The number of identified attack packets from the beginning of the attack.
Volume
For most protections, this value is the volume of the attack, in kilobits, from
when the attack started.
In DefensePro, for SYN protection (SYN cookies), this value is the number of
SYN packets dropped, multiplied by 60 bytes (the SYN packet size).
Device IP
The IP address of the attacked device.
(This parameter is
available only in
DefensePro.)
Protected Object
The name of the protected object that was attacked.
(This parameter is
available only in
DefenseFlow.)
390

Parameter
Description
Application Protocol
The transmission protocol used to send the attack:

Values:
TCP
UDP
ICMP
IP
MPLS RD
The Multi-protocol Label Switching Route Distinguisher in the policy that

handled the attack. The value N/A or 0 (zero) in this field indicates that the
MPLS RD is not available.
VLAN Tag / Context
The VLAN tag value or Context Group in the policy that handled the attack.
The value N/A or 0 (zero) in this field indicates that the VLAN tag or Context
Group is not available.
Note: The VLAN tag or Context Group identifies similar information in this
field. DefensePro 6.x and 7.x versions support VLAN tags. DefensePro 8.x
versions and DefensePro for Cisco Firepower 9300 support Context
Groups.
Source Port1
The Layer 4 source port of the attack.
Destination Port
The Layer 4 destination port of the attack. If there are multiple destination
L4 ports, this field displays Multiple. In cases when DefensePro cannot
report a specific value, the field displays 0 (zero).
Physical Port
The port on the device to which the attack packets arrived. In cases when
DefensePro cannot report a specific value, the field displays 0 (zero).
Source MSISDN
The MSISDN Resolution feature is not supported in APSolute Vision version

3.0 and later.
Destination MSISDN
The MSISDN Resolution feature is not supported in APSolute Vision version

3.0 and later.
1 This column is not displayed by default in the Current Attacks tab.

To display the column, click the
(Table Settings) button and then select the relevant
checkbox. Click the button again to close the Table Settings list.
Using the Ongoing Attacks Monitor

The Ongoing Attacks Monitor comprises two charts: the Ongoing Attacks Monitor and Drop Intensity
gauges. The information that the charts display is according to the configuration of the display
parameters (see Configuring the Display Parameters of a Dashboard View, page 383).
To display the Ongoing Attacks Monitor

data.
2. Select Dashboard View > Ongoing Attacks Monitor.
391

The Ongoing Attacks Monitor is a graphical representation of current and recent attacks. Each icon in
the monitor represents a separate attack. The icon type (see the legend) represents the type of
protection that the attack violates. A flashing icon represents an ongoing attack. The horizontal
position of each icon in the chart indicates the attack risk (see Risk Levels, page 382). The vertical
position of the icon in the chart indicates the attack duration; the higher in the chart, the longer the
attack has existed. Attacks that have started recently are lower in the monitor. The icon size
indicates the amount of dropped data for the attack type relative to other attacks of the same type.
Hover the mouse over an icon to display summary information for the attack. Double-click an icon to
display detailed information for the attack. For more information, see Attack Details, page 392.
There are two Drop Intensity gauges: Packets and Bandwidth. The Packets gauge indicates the
proportion of dropped packets relative to the total packets. The Bandwidth gauge indicates the
proportion of dropped bandwidth relative to the total bandwidth (according to the license). The
gauges show the calculated ranges Low (up to 30% dropped), Medium (up to 70% dropped), and
High (more than 70% dropped).
Figure 47: Ongoing Attacks Monitor

ScopeDisplays the tables to select the physical ports and Network Protection policies
that the dashboard displays.
The Scope summary.
Hover the mouse over an icon to display summary

information for the attack.
Attack Details
An Attack Details tab is displayed when you double-click an attack in a Security Monitoring
Dashboard View.
APSolute Vision displays attack details for the following attacks:
ACL (Black List) Details, page 393
Anti-Scanning Details, page 394
Bandwidth Management Details, page 395
BDoS Attack Details, page 396
DNS Flood Attack Details, page 398
DoS Attack Details, page 399
HTTP Flood Attack Details, page 400
392

Intrusions Attack Details, page 403
Packet Anomalies Attack Details, page 403
Server Cracking Attack Details, page 404
Stateful ACL Details, page 405
SYN Flood Attack Details, page 405
Each Attack Details tab includes two or more sub-tabs, which provide details on the attack. All
Attack Details tabs include the sub-tabs Attack Characteristics and the Attack Description. The
Attack Characteristics tab displays information that is also available in the hidden columns of the
Current Attacks Table. The Attack Description tab displays the information from the Attack
Descriptions file. An attack description is displayed only if the Attacks Description file has been
uploaded on the APSolute Vision server.
Notes
To display hidden columns of the Current Attacks Table, click the

(Table Settings) button and
then select the relevant checkbox. Click the button again to close the Table Settings list.
In addition to viewing the details of the attack, in each Attack Details tab, you can do the following:
View sampled data from the attackTo do this, click

information, see Sampled Data Tab, page 406.
(View Sampled Data). For more
Go to the policy that handled attack To do this, click
Export the information in the in the Attack Details tab to a CSV fileTo do this, click
(CSV). Then, you can view the file or specify the location and file name.
Export the information in the in the Attack Details tab to a CAP fileTo do this, click
(Export Attack Capture Files), and enter a file name in the file selection dialog box.
(Go to Policy).
Notes
You can send the CAP file to a packet analyzer.
Up to 255 bytes of packet information is saved in the CAP file. That is, DefensePro exports
full packets but APSolute Vision trims them to 255 bytes.
The file is available only as long as it is displayed in the Current Attacks table.
The file is created only if packet reporting is enabled in the protection configuration for the
profile that was violated.
DefensePro exports only the last packet in a sequence that matches the filter. Furthermore,
if traffic matches a signature that consists of more than one packet, the reported packet will
not include the whole expression in the filter.
ACL (Black List) Details

Table 325: ACL Attack Details: Characteristics Parameters
Parameter
Description
Protocol
The protocol that the attack uses or used.
Physical Port1
The physical port that the attack uses or used.
Packet Count
The packet count of the attack.
393

Table 325: ACL Attack Details: Characteristics Parameters (cont.)
Parameter
Description
VLAN
The VLAN that the attack uses or used.
MPLS RD
The MPLS RD that the attack uses or used.
Device IP
The device IP address that the attack uses or used.
1 This parameter is not resolved, and the value Multiple is always displayed.
Table 326: ACL Attack Details: Attack Description
Parameter
Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Anti-Scanning Details
Table 327: Anti-Scanning Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Source L4 Port
The source L4 port that the attack uses or used.
Physical Port
Packet Count
The packet count that the attack uses or used.
Volume (Kbits)
The volume, in Kbits, that the attack uses or used.
VLAN
MPLS RD
Device IP
Table 328: Anti-Scanning Attack Details: Info Parameters
Parameter
Description
Action
The protection Action taken.
Action Reason
Describes the difference between the configured action and

the actual action.
Blocking Duration
The blocking duration, in seconds, of the attacker source IP

address.
Estimated Release Time (Local)
The estimated release time of attacker in local time.
Avg. Time Between Probes
The average time between scan events in seconds.
Number of Probes
The number of scan events from the time the attack started.
Table 329: Anti-Scanning Attack Details: Scan Details Parameters
Parameter
Description
DST IP
The destination IP address of the scan.
DST L4 Port
The destination port of the scan.
394

Table 329: Anti-Scanning Attack Details: Scan Details Parameters (cont.)
Parameter
Description
TCP Flag
The TCP packet type.
(This is displayed only for TCP

traffic.)
ICMP Message Type
The ICMP message type.
(This is displayed only for ICMP

traffic.)
Table 330: Anti-Scanning Attack Details: Footprint
Parameter
Description
The footprint blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.
Table 331: Anti-Scanning Attack Details: Attack Description
Parameter
Description
Vision server.
Bandwidth Management Details

Table 332: Bandwidth Management Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port1
The physical Port that the attack uses or used.
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
Table 333: Bandwidth Management Attack Details: Attack Description
Parameter
Description
Vision server.
395

BDoS Attack Details

Table 334: BDoS Attack Details: Characteristics Parameters
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values displayed
depend on the current stage of the attack. If a field is part of the dynamic signature (that is, a
specific value or values appear in all the attack traffic), the field displays the relevant value or
values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
support Context Groups.
MPLS RD
Device IP
TTL
The TTL that the attack uses or used.
L4 Checksum
The L4 checksum that the attack uses or used.
TCP Sequence Number
The TCP sequence number that the attack uses or used.
IP ID Number
The IP ID number that the attack uses or used.
Fragmentation Offset
The fragmentation offset that the attack uses or used.
Fragmentation Flag
The fragmentation flag that the attack uses or used. 0 indicates that
fragmentation is allowed. 1 indicates that fragmentation is not allowed.
Flow Label
(IPv6 only) The flow label that the attack uses or used.
ToS
The ToS that the attack uses or used.
Packet Size
The packet size that the attack uses or used.
ICMP Message Type
The ICMP message type that the attack uses or used.
(This is displayed only if

the protocol is ICMP.)
Source IP
The source IP address that the attack uses or used.
Destination IP
The destination IP address that the attack uses or used.
Source Ports
The source ports that the attack uses or used.
Destination Ports
The destination ports that the attack uses or used.
DNS ID
The DNS ID that the attack uses or used.
DNS Query
The DNS query that the attack uses or used.
DNS Query Count
The DNS query count that the attack uses or used.
396

Table 335: BDoS Attack Details: Info Parameters
Parameter
Description
Packet Size Anomaly

Region
The statistical region of the attack packets.

The formula for the packet-size baseline for a policy is as follows:
{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/
NormalPPS)}
Values:
State
Large PacketsThe attack packets are approximately 15% larger

than the normal packet-size baseline for the policy.
Normal PacketsThe attack packets are within approximately 15%

either side of the normal packet-size baseline for the policy.
Small PacketsThe attack packets are approximately 15% smaller

than the normal packet-size baseline for the policy.
The state of the protection process.

Values:
Footprints AnalysisBehavioral DoS Protection has detected an

attack and is currently determining an attack footprint.
BlockingBehavioral DoS Protection is blocking the attack based

on the attack footprint created. Through a closed feedback loop
operation, the Behavioral DoS Protection optimizes the footprint
rule, achieving the narrowest effective mitigation rule.
Non-attackNothing was blocked because the traffic was not an

attackno footprint was detected or the blocking strictness level
was not met.
Table 336: BDoS Attack Details: Footprint Parameters
Parameter
Description
The footprint blocking rule generated by the Behavioral DoS Protection, which provides the
narrowest effective blocking rule against the flood attack.
Table 337: BDoS Attack Details: Attack Statistics Table
Parameter
Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the
protocols: TCP (includes all flags), UDP, or ICMP.
Table 338: BDoS Attack Details: Attack Statistics Graph
Parameter
Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which the
attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line
represents the normal adapted traffic baseline.
397

Table 339: BDoS Attack Details: Attack Description
Parameter
Description
Vision server.
DNS Flood Attack Details

Table 340: DNS Flood Attack Details: Characteristics Parameters
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values
displayed depend on the current stage of the attack. If a field is part of the dynamic signature
(that is, a specific value or values appear in all the attack traffic), the field displays the relevant
value or values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
attack.
MPLS RD
Device IP
TTL
The TTL that the attack uses or used.
L4 Checksum
The L4 checksum that the attack uses or used.
IP ID Number
The IP ID number that the attack uses or used.
Packet Size
The packet size that the attack uses or used.
Destination IP
The destination IP address that the attack uses or used.
Destination Ports
The destination ports that the attack uses or used.
DNS ID
The DNS ID that the attack uses or used.
DNS Query
The DNS query that the attack uses or used.
DNS Query Count
The DNS query count that the attack uses or used.
DNS An Query Count
The DNS An query count that the attack uses or used.
398

Table 341: DNS Flood Attack Details: Info Parameters
Parameter
Description
State
Mitigation Action
The mitigation action.

Values:
Signature Challenge
Signature Rate Limit
Collective Challenge
Collective Rate Limit
Table 342: DNS Flood Attack: Footprint
Parameter
Description
The footprint blocking rule that the Behavioral DoS Protection generated. The footprint blocking
rule provides the narrowest effective blocking rule against the flood attack.
Table 343: DNS Flood Attack Details: Attack Statistics Table
Parameter
Description
indicates the learned normal traffic baselines. Table columns are displayed according to the DNS
query types: A, MX, PTR, AAAA, Text, SOA, NAPTR, SRV, Other.
Table 344: DNS Flood Attack Details: Attack Statistics Graph
Parameter
Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which
the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue
line represents the normal adapted traffic baseline.
Table 345: DNS Flood Attack Details: Attack Description
Parameter
Description
Vision server.
DoS Attack Details

Table 346: DoS Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port
Packet Count
399

Table 346: DoS Attack Details: Characteristics Parameters (cont.)
Parameter
Description
VLAN / Context
attack.
MPLS RD
Device IP
Table 347: DoS Attack Details: Info Parameters
Parameter
Description
Action
Attacker IP
The IP address of the attacker.
Protected Host
The protected host.
Protected Port
The protected port.
Attack Duration
The duration of the attack.
Current Packet Rate
The current packet rate.
Average Packet Rate
The average packet rate.
Table 348: DoS Attack Details: Attack Description
Parameter
Description
Vision server.
HTTP Flood Attack Details

Table 349: HTTP Flood Attack Details: Characteristics Parameters
Parameter
Description
Note: Some fields can display multiple values, when relevant and available. The values
displayed depend on the current stage of the attack. If a field is part of the dynamic signature
(that is, a specific value or values appear in all the attack traffic), the field displays the relevant
value or values.
Protocol
Source L4 Port
Physical Port
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
400

Table 350: HTTP Flood Attack Details: Info Parameters
Parameter
Protection State
Description
Values:
Mitigation Flow
CharacterizationThe protection module is analyzing the

attack footprint.
MitigationThe protection module is mitigating the attack

according to the profile configuration.
Suspicious ActivitiesThe protection module identified the

attack but cannot mitigate it.
The configuration of the mitigation flow for the profile.

Values:
Action
DefaultThe mitigation flow for the profile is configured to

use all three mitigation actions, which are selected by default:
1-Challenge Suspects, 2-Challenge All, 3-Block Suspects.
CustomizedThe mitigation flow for the profile is not

configured to use all three mitigation actions.
The current action that protection module is using to mitigate the

attack.
Values:
Challenge Suspected AttackersThe protection module is

challenging HTTP sources that match the real-time signature.
Challenge All SourcesThe protection module is challenging

all HTTP traffic toward the protected server.
Block Suspected AttackersThe protection module is

blocking all HTTP traffic from the suspect sources (that is,
sources that match the signature).
No MitigationThe protection module is in the Suspicious

Activities state and is not mitigating the attack.
Challenge Method
The user-specified Challenge Mode: 302 Redirect or JavaScript.
Suspicious Sources
The number of sources that the protection module suspects as

being malicious.
Challenged Sources
The number of sources that the protection module has identified

as being attackers and is now challenging them.
Blocked Sources
The number of sources that the protection module has identified

as being attackers and is now blocking them.
HTTP Authentication Table

Utilization [%]
The percentage of HTTP Authentication Table that is full.
401

Table 351: HTTP Flood Attack Details: Blocked Users Parameters
Parameter
Description
Source IP address
The source IP addresses mitigated as attackers. Up to 40 different

IP addresses can be viewed.
Note: When the HTTP flood attack is widely distributed,
meaning more than 1000 source IP addresses, the system does
not use any source IP addresses in the blocking rule. This
mitigation occurs only if the URI Only blocking mode option is
enabled.
Request URI
The HTTP request URIs that took part in the HTTP flood attack and
were mitigated.
Bypassed / Blocked
Usually, the value that is displayed is Blocked. Only when one of

HTTP request URIs was configured to be bypassed, is the value
Bypassed.
Table 352: HTTP Flood Attack Details: Attack Statistics Table
Parameter
Description
indicates the learned normal traffic baselines.
Table columns:
Statistic TypeAnomaly or Normal
Get and Post Requests/sec
Other HTTP Requests/sec
Outbound Kbps
GET and POST per source/sec
GET and POST per connection
Table 353: HTTP Flood Attack Details: Attack Statistics Graph
Parameter
Description
The graph displays the HTTP request URI size distribution. The y-axis shows the number of HTTP
requests per second that refers to GET and POST request methods, and the x-axis shows the
Request URI size in bytes. The blue line represents the normal expected HTTP request rates and the
orange line represents the real-time rate values identified when the attack was triggered.
Table 354: HTTP Flood Attack Details: Attack Description
Parameter
Description
Vision server.
402

Intrusions Attack Details

Table 355: Intrusions Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port1
Packet Count
Volume (Kbits)
VLAN
MPLS RD
Device IP
Table 356: Intrusions Attack Details: Attack Description
Parameter
Description
Vision server.
Packet Anomalies Attack Details

Table 357: Packet Anomalies Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port1
Packet Count
VLAN / Context
The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions and DefensePro
for Cisco Firepower 9300 support Context Groups.
MPLS RD
Device IP
Attack Description
Vision server.
Table 358: Packet Anomalies Attack Details: Attack Description
Parameter
Description
Vision server.
403

Server Cracking Attack Details

Table 359: Server Cracking Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Source L4 Port
The Source L4 Port that the attack uses or used.
Physical Port
The Physical Port that the attack uses or used.
Packet Count
The Packet Count that the attack uses or used.
Volume (Kbits)
VLAN
MPLS RD
Device IP
The Device IP that the attack uses or used.
Table 360: Server Cracking Attack Details: Info Parameters
Parameter
Description
Blocking Duration
The blocking duration, in seconds, of the attacker source IP

address.
Estimated Release Time
The estimated release time of attacker in local time.
Avg. Time Between Probes
Number of Probes
The number of scan events from the time the attack started.
Table 361: Server Cracking Attack Details: Scan Details Parameters
Parameter
Description
Requests Details
When a server-cracking attack is detected, DefensePro sends, to

the management system, sample suspicious attacker requests
in order to provide more information on the nature of the attack.
The sample requests are sent for the protocols or attacks.
Values:
Web ScanSample HTTP requests.
Web CrackingUsername and Password.
SIPSIP user (SIP URI).
FTPUsername (if sent in the same request) and Password.
POP3Username (if sent in the same request) and Password.
Table 362: Server Cracking Attack Details: Attack Description
Parameter
Description
Vision server.
404

Stateful ACL Details

Table 363: Stateful ACL Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port1
Packet Count
VLAN
MPLS RD
Device IP
Table 364: Stateful ACL Attack Details: Attack Description
Parameter
Description
Vision server.
SYN Flood Attack Details

Table 365: SYN Flood Attack Details: Characteristics Parameters
Parameter
Description
Protocol
Physical Port
Packet Count
Volume (Kbits)
VLAN / Context
The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions and DefensePro for
Cisco Firepower 9300 support Context Groups.
MPLS RD
Table 366: SYN Flood Attack Details: Info Parameters
Parameter
Description
The information is displayed when the protection action is blocking mode.

Caution: If SYN Protection is configured with report-only mode, the fields Average Attack Rate,
Attack Threshold, and Attack Volume display 0 (zero).
Average Attack Rate
The average rate of spoofed SYNs and data connection attempts

per second, calculated every 10 seconds.
Attack Threshold
The configured attack trigger threshold, in half connections per

second.
405

Table 366: SYN Flood Attack Details: Info Parameters (cont.)
Parameter
Description
Attack Volume
The number of packets from spoofed TCP connections during the

attack life cycle (aggregated). These packets are from the
sessions that were established through the SYN-cookies
mechanism or were passed through the SYN protection trusted
list.
Attack Duration
The duration, in hh:mm:ss format, of the attack on the protected

port.
TCP Challenge
The Authentication Method that identified the attack: Transparent

Proxy or Safe-Reset.
HTTP Challenge
The HTTP Authentication Method that identified the attack: 302Redirect or JavaScript.
Table 367: SYN Flood Attack Details: Authentication Lists Utilization Parameters
Parameter
Description
TCP Auth. List
The current utilization, in percent, of the TCP Authentication

table.
HTTP Auth. List
The current utilization, in percent, of the Table Authentication

table.
Table 368: SYN Flood Attack Details: Attack Description
Parameter
Description
Vision server.
Sampled Data Tab

You can display the Sampled Data dialog box for the all attack types that support sampled data.
The Sampled Data tab contains a table with data on sampled attack packets. Each row in the table
displays the data for one sampled attack packet. The title bar includes the category of the datafor
example, Behavioral DoS.
Note: APSolute Vision stores sampled attack data, which includes the source and destination
addresses of the sampled packets. This information reflects a sampling of the attack packets; it does
not reflect the full attack data. For example, it is possible that the source IP addresses of the
sampled data do not include all of the source addresses of the attack.
Note: This feature is not supported on OnDemand Switch 2 S2 (DefensePro 1016 IPS & Behavioral
Protection - DME).
The table in the Sampled Data tab comprises the following columns:
Time
Source Address
Source L4 Port
Destination Address
Destination L4 Port
406

Protocol
VLAN / Context
MPLS RD
Physical Port
To display the Sampled Data tab

data.
2. Select Dashboard View.
3. Do one of the following to open the Attack Details tab:
Select Current Attacks Table, and then, double-click the relevant row.
Select Ongoing Attacks Monitor, and then, double-click the icon.
4. Click the
(View Sampled Data) button.
You can export some rows of the table in the Sampled Data dialog box to a CSV file.
To save sampled data to a CSV file

data.
2. Select Dashboard View.
3. Do one of the following to open the Attack Details tab:
Select Current Attacks Table, and then, double-click the relevant row.
Select Ongoing Attacks Monitor, and then, double-click the icon.
4. Click the
(View Sampled Data) button.
5. Select the row with which you want the data rows in the file to start.
6. Click the
(CSV) button.
7. View the file or specify the location and file name.
407

Viewing Real-Time Traffic Reports

You can view real-time traffic reports over time for the IP traffic passing through the DefensePro
devices. The information includes data on overall IP traffic, protocol mix, and packet discards. You
can display the data in graph or table format.
Notes
In DefensePro 6.x versions, the traffic is calculated according to the selected port pairs.
In DefensePro 7.x versions 7.40 and later, when a DefensePro device is configured in the
Transparent Device Operation Mode, the traffic is calculated according to the selected port pairs.
When a DefensePro device is configured in the IP Device Operation Mode, the traffic is calculated
according to the selected ports. When you are viewing multiple DefensePro devices in the
Security Monitoring perspective, the table displays both port pairs and single ports as
appropriate.
You can also view graphs of connection rates and concurrent connections based on data from the
Session Table.
By default, all traffic is presented in these graphs and tables. In each graph, you can filter the
display by protocol or traffic direction, but not for concurrent connections.
The Connection Statistics are displayed only when the device is operating in Full Layer 4 Session
Table Lookup mode.
You can monitor the following traffic information in the Traffic Monitoring tab:
Viewing Traffic Utilization Statistics, page 408
Viewing Connection Rate Statistics, page 415
Viewing Concurrent Connections Statistics, page 417
Viewing Traffic Utilization Statistics

APSolute Vision can display traffic utilization statistics for the following:
Statistics GraphDisplays information for the selected port pairs in DefensePro, and protected
object in DefenseFlow, as a graph. The graph contains information for a selected protocol or the
total for all protocols over a period of time.
There is a curve on the graph for each the following:
Inbound IP traffic in DefensePro, Inbound traffic in DefenseFlow
Dropped inbound traffic (DefenseFlow only)
Diverted inbound traffic (DefenseFlow only)
Outbound IP traffic
Discarded inbound traffic
Discarded outbound traffic
Excluded inbound traffic (DefensePro only)
Clean inbound traffic (DefenseFlow only)
Excluded outbound traffic
To hide or show a curve for a particular traffic type, click the corresponding colored square in the
legend.
408

Excluded inbound traffic and Excluded outbound traffic are related to the Traffic Exclusion
implementation. Traffic Exclusion is when DefensePro passes through all traffic that matches no
Network Protection policy configured on the device. In DefensePro 7.x versions, Traffic Exclusion
is always enabled, and the graph always displays excluded inbound traffic and excluded
outbound traffic. DefensePro x412 platforms with the DME, running 6.x versions display
excluded inbound traffic and excluded outbound traffic when the Traffic Exclusion checkbox is
selected. For other configurations, versions, or platforms, the graph does not display excluded
inbound traffic and excluded outbound traffic. For more information, see Configuring the Basic
Parameters of the DefensePro Networking Setup, page 13.
Caution: When the value of the Scope parameter is Devices/Policies (see Table 369 - Traffic
Utilization Report: Display Parameters for Graph and Table, page 410), during the Update
Policies process, the Statistics Graph momentarily displays Traffic Utilization as 0 (zero).
Traffic Authentication Statistics (Challenge/Response)Displays statistics for the

Challenge-Response mechanism when the relevant option is enabled in the protection modules
that support the Challenge-Response mechanism. For more information, see Configuring Global
DNS Flood Protection, page 109 and Configuring HTTP Flood Protection Profiles for Server
Protection, page 22.
Last Sample StatisticsDisplays the last reading for each protocol and provides totals for all
protocols, for a single device. (This information is only available when viewing a single device.)
To view or save a CSV file, click
(CSV).
Tip: To get the current traffic rate in packets or bytes per second (calculated as the average rate in
15 seconds), you can use the following CLI command on the DefensePro device:
dp rtm-stats get [port number]
To display traffic utilization statistics

1. In the Security Monitoring perspective, select the DefensePro device or site for which to display
data.
2. Select Traffic Monitoring > Traffic Utilization Report.
3. Change display settings for the graph and table, as required.
4. For the Statistics Graph and Last Sample Statistics, set filter options for the displayed traffic
data, as required. The displayed information refreshes automatically.
409

Table 369: Traffic Utilization Report: Display Parameters for Graph and Table
Parameter
Description
Scope
Using DefensePro, the Scope table displays the physical ports or the Network
Protection policies that the Traffic Utilization Report displays. However, the
Scope for DefensePro platforms without the DME can be only according to
physical ports, not Network Protection policies. By default, the Scope is Any
Port or Any Policydepending on the specified value in the Scope dropdown list. That is, by default, the Traffic Utilization Report displays all the
information.
(This is a link that

displays the table.)
Using DefenseFlow, the Scope table displays the Protected Objects or the
Security policies that the Traffic Utilization Report displays. By default, the
Scope is Any Protected Object.
To control the scope of the information that the Traffic Utilization Report
shows for DefensePro, see the procedure To control the scope of the
information that the Traffic Utilization Report shows for DefensePro,
page 411.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
do not support limiting the physical ports for the Scope.
Display Last
How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Scope
The scope of the graph view.
(This is a drop-down Values:

list.)
Devices/Physical PortsThe graph shows traffic according to physical
ports on the specified device.
(This parameter is
not available in
Devices/PoliciesThe graph shows traffic according to Network
DefenseFlow and is
Protection policies on the specified device.
not available in
Default: Devices/Physical Ports
DefensePro version
6.x and 7.x
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300
platforms without
do not support limiting the physical ports for the Scope.
the DME.)
Units
The units for the traffic rate.

Values:
410
KbpsKilobits per second
Packet/SecPackets per second

To control the scope of the information that the Traffic Utilization Report shows for
DefensePro
1. Click
. A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columnsaccording to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
Note: DefensePro 8.x versions and DefensePro for Cisco Firepower 9300 do not support
limiting the physical ports for the Scope.
To limit the physical ports or Network Protection policies that the Traffic Utilization Report
displays, select the corresponding checkboxes.
select Select None.
Table 370: Traffic Utilization Report: Filter Parameters for the Traffic Statistics Graph
Parameter
Description
Direction
The traffic that the graph shows.

Values:
InboundShow inbound traffic.
OutboundShow outbound traffic.
BothShow inbound and outbound traffic. Data for inbound and

outbound are displayed as separate lines, not as totals.
Note: The direction of traffic between a pair of ports is defined by the

In Port setting in the port pair configuration.
Protocol
The traffic protocol to display.

Values:
TCPShow the statistics of the TCP traffic.
UDPShow the statistics of the UDP traffic.
ICMPShow the statistics of the ICMP traffic.
IGMPShow the statistics of the IGMP traffic.
SCTPShow the statistics of the SCTP traffic.
OtherShow the statistics of the traffic that is not TCP, UDP, ICMP,
IGMP, or SCTP.
AllShow total traffic statistics.
411

Table 371: Traffic Utilization Report: Traffic Authentication Statistics (Challenge/Response)

Parameters
Parameter
Description
Protocol
The protocol for the statistics displayed in the row.

Values: HTTP, TCP, DNS
Note: The HTTP row is not relevant for DefensePro 8.x
versions and DefensePro for Cisco Firepower 9300.
Current Attacks
The number of attacks currently in the device.
Authentication Table Utilization % The percentage of the Authentication Table that is full.
Challenges Rate
The rate, in PPS, that the device is sending challenges.
Table 372: Traffic Utilization Report: Last Sample Statistics Parameters
Parameter
Description
Protocol
The traffic protocol.

Values:
TCP
UDP
ICMP
IGMP
SCTP
OtherThe statistics of the traffic that is not TCP, UDP, ICMP, IGMP, or
SCTP.
AllTotal traffic statistics.
Inbound
The amount of inbound traffic for the protocol identified in the row.
Outbound
The amount of outbound traffic for the protocol identified in the row.
(This parameter is
available only in
DefensePro.)
Discarded Inbound
The amount of discarded inbound traffic for the protocol identified in the row.
Discarded Outbound
The amount of discarded outbound traffic for the protocol identified in the
row.
(This parameter is
available only in
DefensePro.)
Clean
The amount of clean traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Dropped
The amount of traffic dropped traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
412

Table 372: Traffic Utilization Report: Last Sample Statistics Parameters (cont.)
Parameter
Description
Diverted
The amount of traffic diverted traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Discard %
The percentage of discarded traffic for the protocol identified in the row.
Excluded Inbound
The amount of excluded inbound traffic for the protocol identified in the row.
Excluded Outbound
The amount of excluded outbound traffic for the protocol identified in the
row.
(This parameter is
available only in
DefensePro.)
413

MIB Support for Traffic-Monitoring Data

This feature is available on DefensePro 7.x versions and 6.x versions with the DME.
When the device configuration includes a Network Protection policy, DefensePro exposes MIBs with traffic-monitoring data for the policies. In
addition to APSolute Vision, you can use third-party SNMP readers to access the MIB data. DefensePro issues the data at 15-second intervals.
Table 373: Network-Protection-policy Monitoring OIDs and Corresponding MIBs
OID
MIB
Comment
1.3.6.1.4.1.89.35.1.65.188.4
rsTrafficUtilizationPerPolicy
1.3.6.1.4.1.89.35.1.65.188.4.1
rsTrafficUtilizationPerPolicyTableUDP
Index for the UDP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.2
rsTrafficUtilizationPerPolicyTableTCP
Index for the TCP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.3
rsTrafficUtilizationPerPolicyTableICMP
Index for the ICMP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.4
rsTrafficUtilizationPerPolicyTableOTHER
Index for the statistics table for other

protocols.
1.3.6.1.4.1.89.35.1.65.188.4.5
rsTrafficUtilizationPerPolicyTableSCTP
Index for the SCTP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.6
rsTrafficUtilizationPerPolicyTableIGMP
Index for the IGMP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.<X>.1
rsPolicyNamePerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.2
rsNewConnectionsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.3
rsConcurConnections<Y>1
<X> refers to one of the indexing tables

detailed above. <Y> refers to the protocol
according to the <X> value.
1.3.6.1.4.1.89.35.1.65.188.4.<X>.4
rsDroppedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.5
rsDroppedBytesPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.6
rsReceivedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.7
rsReceivedBytesPerPolicy<Y>
1 A placeholder (zeros) is displayed here.
414

Viewing Connection Rate Statistics

This feature is functional only in DefensePro 6.x and 7.x versions.
This feature is not functional in DefensePro 8.x versions and DefensePro for Cisco Firepower 9300.
You can display a graph showing connection rate statistics of inbound and outbound traffic for
selected port pairs. You can display the information for a selected protocol or the total for all
protocols over the last 30 minutes.
To display connection rate statistics

data.
2. Select Traffic Monitoring > Connections Rate Report.
3. Change display settings for the graph as required.
Table 374: Connection Rate Report: Display Parameters
Parameter
Description
Scope
The physical ports and the Network Protection policies that the Connection
Rate Report shows. However, the Scope for DefensePro platforms without the
DME can be only according to physical ports, not Network Protection policies.
By default, the Scope is Any Port or Any Policy (depending on the specified
value in the Scope drop-down list). That is, by default, the Connection Rate
Report displays all the information.
To control the scope of the information that the Traffic Utilization Report
shows, see the procedure To control the scope of the information that the
Traffic Utilization Report shows, page 416.
Display Last
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Scope
The scope of the graph view.

Values:
Devices/Physical PortsThe graph shows traffic according to physical

ports on the specified device.
Devices/Network PoliciesThe graph shows traffic according to Network

Protection policies on the specified device. This graph is available only on
x420 devices and x412 devices with the DME.
Default: Devices/Physical Ports
415

Table 374: Connection Rate Report: Display Parameters (cont.)
Parameter
Direction
Description
Values:
BothShow both inbound traffic and outbound traffic. Data for inbound
and outbound are displayed as separate lines, not as totals.
InboundShow only inbound traffic.
OutboundShow only outbound traffic.
Note: The direction of traffic between a pair of ports is defined by the In

Port setting in the port pair configuration.
Protocol

When you select All, total traffic statistics are displayed.
Select Port Pair

(This button is
displayed only when
the Scope is
Devices/Physical
Ports.)
Select Policies
(This button is
displayed only when
the Scope is
Devices/Policies.)
Opens the Select Port Pairs dialog box. Select the port pairs relevant for the
network topology by moving the required port pairs to the Selected Port
Pairs list. All other port pairs should be in the Available Port Pairs list.
Note: You can select port pairs for each direction; however, Radware
recommends that you select a port pair in one direction only, and display
traffic for both directions, if required. If you select port pairs in both
directions, and traffic for both directions, the graph will display the same
traffic twice.
Opens the Select Policies dialog box. Select the Network Protection policies
relevant for the network topology by moving the required policies the
Selected Policies list.
To control the scope of the information that the Traffic Utilization Report shows
1.
Click
. A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columnsaccording to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
2.
416
To limit the physical ports or Network Protection policies that the Traffic Utilization Report
displays, select the corresponding checkboxes.
select Select None.

Viewing Concurrent Connections Statistics

You can display a graph showing the rate of current connections for selected port pairs. You can
display the information for a selected protocol or the total for all protocols over the last 30 minutes.
To display concurrent connections statistics

1. In the Security Monitoring perspective, select the device, or site, for which to display data.
2. Select Traffic Monitoring > Concurrent Connections.
3. Change display settings for the graph as required.
Table 375: Connection Rate Display Settings
Parameter
Description
Display Last
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Protocol

When you select All, total traffic statistics are displayed.
Protection Monitoring
Protection Monitoring provides the real-time traffic monitoring per network policy, either for the
network as a wholeif BDoS is configured, or for DNS trafficif DNS is configured. The statistical
traffic information that Protection Monitoring provides can help you better understand the traffic that
flows through the protected network, how the configured protection is working, and, most
importantly, how anomalous traffic is detected.
For information about displaying protection information for a selected device, see the following:
Displaying Attack Status Information, page 418
Monitoring BDoS Traffic, page 418
Monitoring DNS Traffic, page 422
417

Displaying Attack Status Information

You can display summary status information for attacks for each configured and enabled protection
policy. When there is an attack that violates a Network Protection policy, the table displays an icon
indicating the status of the attack in the corresponding row for the relevant attack traffic.
To display attack status information

1.
In the Security Monitoring perspective, select the DefensePro device to monitor.
2.
Select Protection Monitoring > Attack Status Report.

The table comprises the following columns:
3.
Policy Name
IPv4-TCP
IPv4-UDP
IPv4-ICMP
IPv4-DNS
IPv6-TCP
IPv6-UDP
IPv6-ICMP
IPv6-DNS
When an attack icon is displayed in the table, click the icon to display the corresponding attack
traffic information.
Monitoring BDoS Traffic

You can monitor the traffic for a Network Protection policy that includes BDoS protection. Traffic
information is displayed in the Statistics Graph and Last Sample Statistics table.
Caution: When traffic matches multiple Network Protection policies with Out-of-State protection,
the value that APSolute Vision displays for the total dropped traffic represents the sum of all
dropped traffic for all relevant Network Protection policies. This is because when traffic matches
multiple Network Protection policies with Out-of-State protection, all those Network Protection
policies count the same dropped traffic.
To display traffic information for a Network Policy that includes BDoS protection
1.
In the Security Monitoring perspective, select the device to monitor.
2.
Select Protection Monitoring > BDoS Traffic Monitoring Reports.
3.
Configure the scope for the display of the BDoS Traffic Statistics graph and Last Sample
Statistics table.
Statistics Graph
The table displays the traffic rates for the selected Network Protection policy according to the
specified parameters.
418

Table 376: Scope Parameters for the Statistics Graph and Last Sample Statistics Table
Parameter
Description
Scope
The Network Protection policy. The list only displays policies that are
configured with a BDoS profile.
Display Last
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
Default: 10 Minutes
Direction
The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units
The unit according to which the Statistics Graph and Last Sample Statistics
table display the traffic.
Values:
KbpsKilobits per second
Packets/SecPackets per second
419

Table 377: Statistics Graph Parameters
Parameter
Description
IP Version
The IP version of the traffic that the graph displays.

Values: IPv4, IPv6
Protection Type
The protection type to monitor.

Values:
Scale
TCP ACK FIN
TCP FRAG
TCP RST
TCP SYN
TCP SYN ACK
UDP
ICMP
IGMP
UDP FRAG
TCP
TCP SYN
SYN ACK
TCP FRAG
TCP RST
TCP ACK FIN
UDP
UDP FRAG
ICMP
Other IP
The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status
(Read-only) The status of the attack.
Table 378: Statistics Graph Legend
Line
Description
Total Traffic
The total traffic that the device sees for the specific protection type and
direction.
dark blue)
Legitimate Traffic
(
light blue)
The actual forwarded traffic rate, after DefensePro managed to block

the attack.
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
Normal Edge
(
420
The statistically calculated baseline traffic rate.
dashed green)

Table 378: Statistics Graph Legend (cont.)
Line
Description
Suspected Edge
(
The traffic rate that indicates a change in traffic that might be an

dashed orange) attack.
Caution: DefensePro reports the Suspected Edge in Kbps only. The
graph displays the Suspected Edge only when the Scope parameter
Units is Kbps (see Table 380 - Scope Parameters for the Statistics
Graph and Last Sample Statistics Table, page 422). When the Scope
parameter Units is Packets/Sec, the graph does not display the
Suspected Edge.
Attack Edge
The traffic rate that indicates an attack.
Caution: DefensePro reports the Attack Edge in Kbps only. The

graph displays the Attack Edge only when the Scope parameter
Units is Kbps (see Table 380 - Scope Parameters for the Statistics
Graph and Last Sample Statistics Table, page 422). When the Scope
parameter Units is Packets/Sec, the graph does not display the
Attack Edge.
dashed red)
Table 379: Last Sample Statistics Parameters
Parameter
Description
Traffic Type
The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline
The normal traffic rate expected by the device.
Total Traffic
The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion %
An indication for the rate invariant baselinethat is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion %
The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic
The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of traffic, after the device blocked the attack.
Traffic Peak
(This parameter is
available only in
DefenseFlow.)
Degree of Attack
Peak traffic value, in bps, to use in case of a manual action without attack
volume information available.
A numeric value that evaluates the current level of attack. A value of 8 or

greater signifies an attack.
421

Monitoring DNS Traffic

You can monitor the traffic for a Network Protection policy that includes DNS Flood protection. Traffic
information is displayed in the Statistics Graph and Last Sample Statistics table.
To display traffic information for a Network Protection policy that includes DNS
protection
1.
In the Security Monitoring perspective, select the device to monitor.
2.
Select Protection Monitoring > DNS Traffic Monitoring Reports.
3.
Configure the filter for the display of the Statistics Graph and Last Sample Statistics table.
Statistics Graph
The graph displays the traffic rates for the selected Network Protection policy according to the
specified parameters.
Table 380: Scope Parameters for the Statistics Graph and Last Sample Statistics Table
Parameter
Description
Scope
The Network Protection policy. The list only displays rules configured with a
DNS profile.
Direction
The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units
(Read-only) The unit according to which the Statistics Graph and Last
Sample Statistics table display the traffic.
Value: QPSQueries per second
Table 381: Statistics Graph Parameters
Parameter
Description
IP Version
The IP version of the traffic that the graph displays.

Values: IPv4, IPv6
Protection Type
The DNS query type to monitor.

Values:
Scale
Other
Text
AAAA
MX
NAPTR
PTR
SOA
SRV
Attack Status
422
(Read-only) The status of the attack.

Table 382: Statistics Graph Legend
Line
Description
Total Traffic
(
The total traffic that the device sees for the specific protection type and
direction.
dark blue)
Legitimate Traffic
(
The actual forwarded traffic rate, after DefensePro managed to block

the attack.
light blue)
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
The statistically calculated baseline traffic rate.
Normal Edge1
(
dashed green)
Suspected Edge1
(
dashed orange)
The traffic rate that indicates an attack.
Attack Edge1
(
The traffic rate that indicates a change in traffic that might be an

attack.
dashed red)
1 This line is not displayed if the protection is configured to use a footprint bypass or
manual triggers.
Last Sample Statistics Table

The graph displays the last sample statistics.
Table 383: Last Sample Statistics Parameters
Parameter
Description
Traffic Type
The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline
The normal traffic rate expected by the device.
Total Traffic
The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion %
An indication for the rate invariant baselinethat is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion %
The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic
The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of traffic, after the device blocked the attack.
Degree of Attack
A numeric value that evaluates the current level of attack. A value of 8 or

greater signifies an attack.
423

HTTP Reports
HTTP Mitigator protection monitors rate-based and rate-invariant HTTP traffic parameters, learns
them, and generates normal behavior baselines accordingly.
Note: DefensePro examines the number and rate of HTTP requests. Thus, when HTTP pipelining is
used, the detection mechanism remains accurate.
You can monitor real-time and historical (normal baseline) values, and analyze HTTP traffic
anomalies using the following reports:
Monitoring Continuous Learning Statistics, page 424
Monitoring Hour-Specific Learning Statistics, page 425
HTTP Request Size Distribution, page 426
Monitoring Continuous Learning Statistics

You can generate and display normal HTTP traffic baselines based on continuous traffic statistics.
Continuous learning statistics are based on recent traffic, irrespective of time of day, or day of the
week.
The learning response period (that is, the exponential sliding-window period on which statistics
measurements are based) is set based on the HTTP Mitigator learning sensitivity settings
(default: 1 week).
To build a comprehensive picture of the traffic of a protected site, the device monitors various HTTP
attack statistics.
Continuous learning reports display normal HTTP traffic baselines (blue) and real-time HTTP traffic
statistics (orange) over the specified recent time period.
Table 384: Continuous Learning Statistics Reports
Channel
Description
GET & POST Requests Rate
The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate
The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Requests Rate per Source
The maximum rate of HTTP GET and POST requests per second
per source IP address.
This parameter characterizes the site users behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Legitimate users may generate many requests per second, but
automatic devices such as bots or scanners generate many more.
424

Table 384: Continuous Learning Statistics Reports (cont.)
Channel
Description
Requests per Connection
The maximum number of HTTP GET and POST requests per TCP
connection.
This parameter characterizes the site users behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Many requests over a single TCP connection may indicate bot or
scanner activity.
Outbound Bandwidth
The bandwidth, in megabits per second, of the HTTP servers

sending the responses.
Note: Normal Requests per Source and Requests per Connection baseline parameters show the
highest number of HTTP requests generated by a single source IP address and TCP connection
respectively. This number fades out, unless a higher value is observed, within about 30 seconds.
To display continuous learning HTTP reports

1. In the Security Monitoring perspective, select the device to monitor.
2. Select HTTP Reports > Continuous Learning Statistics.
3. Select a report:
GET and POST Request Rate
Other Requests Rate
Requests Rate per Source
Requests Rate per Connection
Outbound Bandwidth
4. Configure the filter parameters for the graph.
Table 385: HTTP Report Filter Parameters
Parameter
Description
Server
The name of the protected Web server for which to display HTTP traffic
statistics.
Display Last
The last number of hours for which the graph displays information.
Values: 1, 2, 3, 6, 12, 24
Default: 1
Monitoring Hour-Specific Learning Statistics

The Hour-Specific Learning Statistics reports display normal traffic baselines for the last week. You
can view the hourly distribution of the site requests and outbound HTTP traffic for each day in the
past week and for each hour in a day.
The normal baseline for each hour in the week is calculated based on historical information for the
specific hour in the day and the specific day of the week over the past 12 weeks. The graph is
updated every hour.
425

The HTTP Mitigator learns the baseline traffic, and, based on these statistics, reports attacks based
on abnormal traffic.
Table 386: Hour-Specific Learning Statistics Reports
Channel
Description
GET & POST Requests Rate
The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate
The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Outbound Bandwidth
The bandwidth, in megabits per second, of the HTTP pages sent

as responses.
To display hour-specific learning HTTP reports

1.
2.
Select HTTP Reports > Hour-Specific Learning Statistics.
3.
Select a report:
4.
GET and POST Request Rate
Other Requests Rate
Outbound Bandwidth
In the Server list, select the protected Web server for which to display information.
HTTP Request Size Distribution

The HTTP Request Size Distribution graph displays the URI size distribution, which shows how server
resources are used, and helps you to analyze resource distribution. A large deviation from the
normal probability distribution of one or more HTTP request sizes indicates that relative usage of
these server resources has increased. The HTTP Request Size Distribution graph x-axis values are
request sizes in 10-byte increments. The y-axis values are percentages of requests. The probability
reflects the level of usage of each Request size for the protected Web server. In the graph, the blue
bars represent normal probability distribution, and the orange bars represent real-time probability
(short-term probability) as calculated in intervals of a few seconds.
To display the HTTP request size distribution

1.
2.
Select HTTP Reports > HTTP Request Size Distribution.
3.
Change display settings for the graph, as required.
426

Table 387: HTTP Request Size Distribution Settings
Parameter
Description
Server
The protected server for which to display information.
Scale
Using Real-Time Security Monitoring with AppWall and

Alteon
When an attack is detected, Alteon creates and reports a security event that includes the
information relevant to the specific attack. The Security Monitoring perspective displays information
relevant to the specific attack along with real-time network traffic and statistical parameters. Use
the Security Monitoring perspective to observe and analyze the attacks that the device detected and
the countermeasures that the device implemented.
This section describes using real-time security monitoring with AppWall and Alteon.
Monitoring Security Events, page 427
Monitoring Attack Distribution, page 431
Monitoring Security Events

Use the Dashboard View in the Security Monitoring perspective to analyze activity and security
events in the network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a site, or all devices in the network.
The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of
the system.
To view the security event list

1. In the Security Monitoring perspective, select Dashboard View > Security Events.
2. Click the Enable Auto-Refresh icon,
, to enable auto-refresh of the security events table.
3. To define a filter to display the security events in the table according to selected parameters,
click the Create Filter icon, enter the required parameters (listed in the tables below for Basic
and Advanced filter parameters), and click Submit.
427

Table 388: Security Events Parameters
Parameter
Description
Severity
The severity of the security event.

Values:
Critical
High
Low
Info
Warning
Time
The date and time that the security event occurred.
Source IP
The source IP address of the security event.
Source Port
The source port number of the security event.
Action
The action taken regarding the security event.

Values:
Blocked
Modified
Reported
Device IP
The device IP address of the security event.
Server Name
The server name of the security event.
Transaction ID
The transaction ID number of the security event.
Table 389: Security Events: Create Filter: Display Period Parameters
Parameter
Description
Display Last
Select Display Last to filter the Security Event table to only list the
events that occurred during the last specified amount of time.
Values:
10 Minutes
20 Minutes
30 Minutes
1 Hour
2 Hours
6 Hours
12 Hours
24 Hours
Default: 10 Minutes
Date and Time Range
Select Date and Time Range to filter the Security Event table to
only list the events that occurred during the specified date and
time range.
Note: The default time is 12:00:00 on each date selected. The
time can be changed manually within the field.
428

Table 390: Security Events: Create Filter: Basic Parameters
Parameter
Description
Time
The time that the security event occurred, in HH:mm:ss format.
Severity
The severity of the security event.

Values (Equals or Not Equals):
Web Application
Critical
High
Low
Info
Warning
The Web application of the security event.

Values: Contains or Not Contains the entered value
External IP
The external IP address of the security event.

Action
The action taken regarding the security event.

Violation Type
Blocked
Modified
Reported
The violation type of the security event.

Values: Equals or Not Equals the violation type from the dropdown list
Source IP
The source IP address of the security event.

Table 391: Security Events: Create Filter: Advanced Parameters
Parameter
Description
User
The user of the security event.

AppWall Version
The AppWall version of the security event.

Target Module
The target module of the security event.

Host
The host of the security event.

Tunnel
The tunnel of the security event.

Tunnel Listen Port
The tunnel listening port of the security event.

429

Table 391: Security Events: Create Filter: Advanced Parameters (cont.)
Parameter
Device Type
Description
The device type of the security event.
vHost
Stand-Alone Gateway
Stand-Alone Monitor
Cluster Manager
Cluster Gateway Node
Cluster Monitor Mode
The virtual host of the security event.

Source Port
The source port of the security event.

Destination Port
The destination port of the security event.

Protocol
The protocol of the security event.

Parameter Name
TCP
HTTP
HTTPS
The parameter name of the security event.

Transaction ID
The transaction ID number of the security event.

Request
The request of the security event.

Role
The role of the security event.

Module
The module of the security event.

Event Type
The event type of the security event.

Directory
The directory of the security event.

Tunnel Listen IP
The tunnel listening IP address of the security event.

URI
The URI of the security event.

Violation Category
The violation category of the security event.

Values: Equals or Not Equals the violation category from the
drop-down list
430

Table 391: Security Events: Create Filter: Advanced Parameters (cont.)
Parameter
Description
appPath
The application path of the security event.
Destination IP
The destination IP address of the security event.

Refine CRC
The refine CRC of the security event.

Method
The method of the security event.

Parameter Type
GET
POST
The parameter type of the security event.

Rule ID
The rule ID of the security event.

Title
The title of the security event.

Monitoring Attack Distribution

You can monitor the attacks, listed by various distribution parameters.
This section contains the following main topics:
Monitoring Top Attacks by Violation, page 431
Monitoring Top Attacks by Source IP Address, page 432
Monitoring Top Attacks by Violation

You can monitor the top attacks, graphically presented by their violation type.
To view the top attacks by violation

1. In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top
Attacks by Violation Type.
2. In the Display Last option, you can filter the display to only show the events that occurred
during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1
hour.
431

Monitoring Top Attacks by Source IP Address

You can monitor the top attacks, graphically presented by the source IP address of the attack.
To view the top attacks by source IP address

1.
In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top
Attacks by Source.
2.
In the Display Last option, you can filter the display to only show the events that occurred
during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1
hour.
432
Chapter 22 Using the APSolute Vision

Dashboards
The following topics describe the APSolute Vision dashboards and how to use them:
Using the Application SLA Dashboard, page 433
Using the Security Control Center, page 436
Using the Application SLA Dashboard

This feature requires an APM license.
Users whose RBAC role supports Alteon and LinkProof NG can access the Application SLA
Dashboard.
Use the Application SLA Dashboard to do the following:
View the high-level status of each APM-enabled ADC (Alteon or LinkProof NG) service, which use
the following indicators:
OKThe status is OK according to the corresponding module.
WarningThe status is Warning according to the corresponding module is nominal.
CriticalThe status is Critical according to the corresponding module is nominal.
Not AvailableThe Application SLA Dashboard cannot display the status because the
feature is not supported on the Alteon platform or the required license is not installed.
No DataThe Application SLA Dashboard cannot display the status because no traffic
transactions were generated in the collection interval.
Communication ErrorThe Application SLA Dashboard cannot display the status

because of a problem with the Alteon or server.
Hover over an icon in the dashboard to view additional information.
Click an icon on the dashboard to go to the related APM dashboard, Alteon dashboard, or
Application Delivery View dashboard. For more information on APM, see the Application
Performance Monitor User Guide.
433

Using the APSolute Vision Dashboards
Figure 48: Application SLA Dashboard
To view the Application SLA Dashboard

>
In the APSolute Vision Settings view System perspective, select Dashboards > Application
SLA Dashboard.
Table 392: Application SLA Dashboard Parameters
Name
Display
Hover Display (Tooltip)
Click Action
Application Name
The application
name in APM.
None
None
User Experience SLA
The User
Experience (UE)
SLA statusgreen
(acceptable),
orange (warning),
and red (critical
alert)during the
last 15 minutes.1
Parameters:
Opens APM and goes to

the related User
Experience Application
Dashboard.
The Data Center

(DC) Experience
SLA statusgreen
(acceptable),
orange (warning),
and red (critical
alert)during the
last 15 minutes.
Parameters: DC SLA %,
Avg DC Time
Data Center SLA
434
UE SLA %
Avg UE Time
Rendering Time
Network Time
Opens APM and goes to

the related Data Center
Application Dashboard.

Table 392: Application SLA Dashboard Parameters (cont.)
Name
Display
Service Availability
Parameters:
The indicator for
the availability of
Status
the application
green (acceptable), Successful/Total
orange (warning),
and red (critical
alert)during the
last 15 minutes.2
(The Application SLA

Dashboard resolves this
parameter only for
Alteon version 30.0 and
later.)
Service Throughput
(Mbps)
(The Application SLA
Dashboard resolves this
parameter only for
Alteon version 30.2 and
later.)
Infrastructure
Hover Display (Tooltip)
Click Action
Opens the Service Status
View dashboard of the
Alteon that manages the
service.
The throughput, in
Mbps, for the
application.
The throughput, in Mbps, Opens the Application

for the application.
Delivery View dashboard
of the Alteon that
manages the service.
The indicator for

the health of the
Alteon hardware
and software
resources.
Parameters:
Device Name
Management IP
Device Status
CPU SP (Avg)
CPU MP
Cache
Hard drive
Session
Throughput License
SSL License
Opens the System View

dashboard of the Alteon
that manages the service.
Additional parameters for

physical devices:
Fan Info (curr/max)
Temperature (Critical
/ High / Normal)
1 The status is the same as that in APM. The dashboard displays the status only if the
service has generated transactions and APM data is available.
2 This is based on one poll per minute for the last 15 minutesGreen (OK): 0 (zero)
service-down records. Amber (Warning): 12 service-down records. Red (Critical): 3 or
more service-down records.
435

Using the Security Control Center

The Security Control Center enables users with the proper roles (see Role-Based Access Control
(RBAC), page 70) to view and monitor the following:
Radware security products and modules:
DefensePro DefensePro is a real-time attack-mitigation device that protects

organizations against emerging network and application cyber-attacks. For Security Control
Center information, see DefensePro Information in the Security Control Center, page 437.
DefenseFlow DefenseFlow is a network-wide attack detection and cyber command and

control application designed to protect networks against known and emerging network
attacks that threaten network resources availability. For Security Control Center information,
see DefenseFlow Information in the Security Control Center, page 437.
AppWall AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and
secure delivery of mission-critical Web applications. For Security Control Center information,
see AppWall Information in the Security Control Center, page 438.
APSolute Vision ReporterAPSolute Vision Reporter (AVR) provides historical reporting

for security information. For Security Control Center information, see APSolute Vision
Reporter Information in the Security Control Center, page 438.
Radware subscription security services:
Emergency Response TeamRadwares ERT premium service is an extended set of

services that includes 24/7 monitoring and blocking of DDoS attacks, provided by a group of
dedicated security experts. For Security Control Center information, see Emergency
Response Team Information in the Security Control Center, page 438.
DefensePipeDefensePipeTM is a cloud-based DDoS scrubbing service that provides

volumetric DDoS attack mitigation and Internet pipe saturation defense measures. For
Security Control Center information, see DefensePipe Information in the Security Control
Center, page 438.
Radware Security Signatures (SUS)Radwares Security Update Service (SUS) is a

subscription service for security advisories and signature updates, which delivers rapid and
continuous updates. For Security Control Center information, see Radware SignatureUpdate-Service (SUS) Information in the Security Control Center, page 439.
RSA Security signaturesThe RSA FraudActionSM Feed IP Reputation Subscription

provides protection from fraud and phishing attacks based on RSA anti-fraud protection. For
Security Control Center information, see RSA Security Signatures Information in the
Security Control Center, page 440.
Each tab displays one of the following global-status indicators, in addition to the label (for example,
DefensePro):
OK.
Mixed results.
Warning or Fail.
Not enough data, polling data, or the Security Control Center cannot determine the status.
436

To view the Security Control Center

>
In the APSolute Vision Settings view click System perspective, select Dashboards >
Security Control Center.
Click the
(Security Control Center) button in the main toolbar.
DefensePro Information in the Security Control Center

The DefensePro node of the Security Control Center can show the following global-status indicators:
The APSolute Vision server is managing one or more DefensePro devices with enabled
policies.
The APSolute Vision server is managing one or more DefensePro devices, but none have
any enabled policy.
The APSolute Vision server is managing no DefensePro devices.
The Security Control Center has not yet determined the status.
When the global status is OK or mixed-results, the DefensePro node of the Security Control Center
displays the parameters described in the following table.
Table 393: Security Control Center: DefensePro Parameters
Parameter
Description
Total managed DefensePro devices
The number of DefensePro device that the APSolute Vision

server is managing.
Total Policies
The number of DefensePro Network Protection policies and

Server Protection policies.
Enabled Policies
The number of enabled DefensePro Network Protection

policies and Server Protection policies.
Disabled Policies
The number of disabled DefensePro Network Protection

policies and Server Protection policies.
DefenseFlow Information in the Security Control Center

The DefenseFlow node of the Security Control Center can show the following global-status
indicators:
DefenseFlow is available.
DefenseFlow is not available.
The Security Control Center cannot determine the status.
437

AppWall Information in the Security Control Center

The AppWall node of the Security Control Center can show the following global-status indicators:
The APSolute Vision server is managing one or more AppWall devices, which is reporting
to the associated APSolute Vision Reporter.
The APSolute Vision server is managing one or more AppWall device(s), but one or more
of the AppWall device(s) is not reporting to the APSolute Vision Reporter that is associated with
this APSolute Vision server.
The APSolute Vision server is managing no AppWall devices.
When the global status is OK or mixed-results, the AppWall node of the Security Control Center
displays the parameters described in the following table.
Table 394: Security Control Center: AppWall Parameters
Parameter
Description
AppWall devices Managed by APSolute

Vision
The number of AppWall devices that the APSolute Vision

server is managing.
AppWall devices Monitored by APSolute

Vision Reporter
The number of AppWall devices that APSolute Vision

Reporter is monitoring.
APSolute Vision Reporter Information in the Security Control Center

The APSolute Vision Reporter node of the Security Control Center can show the following globalstatus indicators:
The APSolute Vision server has a license for AVR, and AVR is available.
The APSolute Vision server has no license for AVR, or AVR is unavailable.
Emergency Response Team Information in the Security Control Center

The Emergency Response Team (ERT) node of the Security Control Center shows whether you have
the Radware ERT Premium service.
DefensePipe Information in the Security Control Center

The DefensePipe node of the Security Control Center can show the following global-status
indicators:
The DefensePipe service is configured in the system.
DefensePipe service is not configured in the system.
438

Tip: Users with a proper role can click the

Configuring DefensePipe Settings, page 122).
(Settings) icon to specify the DefensePipe URL (see
Radware Signature-Update-Service (SUS) Information in the Security

Control Center
The Radware Security Signatures (SUS) node of the Security Control Center can show the following
global-status indicators:
All the DefensePro devices are using the latest signature file.
Only some of the DefensePro devices are using the latest signature file version.
No DefensePro devices are using the latest signature file (whether or not they have a
subscription).

(Scheduler) button to open the Scheduler and
configure an Update Security Signature Files task (see Update Security Signature Files
Parameters, page 228).
When the global status is OK or mixed-results, the Radware Security Signatures (SUS) node of the
Security Control Center displays the parameters described in the following table.
Table 395: Security Control Center: Radware Security Signatures (SUS) Parameters
Parameter
Description
Latest Signature Release
The identifier or the Signature file.
Total DefensePro Devices
The number of DefensePro devices that the APSolute Vision

server is managing.
DefensePro Devices Using Latest The number of DefensePro devices using the latest signature-file
Signature File Release
release.
DefensePro Devices Requiring
Signature File Update
The number of DefensePro devices not using the latest

signature-file release.
DefensePro Devices Without

Signature File Update
Subscription
The number of DefensePro devices that do not have a

subscription for Signature File updates.
439

RSA Security Signatures Information in the Security Control Center

The RSA Security Signatures node of the Security Control Center can show the following globalstatus indicators:
All of the DefensePro devices were updated with RSA signatures in the last hour.
Only some of the DefensePro devices were updated with RSA signatures in the last hour.
No DefensePro devices were updated with RSA signatures in the last hour.

(Scheduler) button to open the Scheduler and
configure an Update Security Signature Files task (see Update RSA Security SignatureParameters,
page 230).
When the global status is OK or mixed-results, the RSA Security Signatures node of the Security
Control Center displays the parameters described in the following table.
Table 396: Security Control Center: RSA Security Signatures Parameters
Parameter
Description
DefensePro Devices Updated in

Last Hour
The number of DefensePro devices (managed by the APSolute

Vision server) that were updated in the last hour.
DefensePro Devices Not Updated

in Last Hour

Vision server) that were not updated in the last hour.
DefensePro Devices Without RSA

Subscription

Vision server) without an RSA subscription.
440
Chapter 23 APSolute Vision CLI Commands

Users with the Administrator or the Vision Administrator role can use APSolute Vision CLI commands
to manage the APSolute Vision server.
Caution: Radware strongly recommends that the system administrator follow the recommended
basic security procedures. The basic security procedure use the APSolute Vision CLI and affect
access to the APSolute Vision CLI. For more information, see Recommended Basic Security
Procedures, page 61 and System User Password Commands, page 492.
APSolute Vision CLI includes the following capabilities:
Consistent, logically structured and intuitive command syntax
Command completion using the TAB key
Paging and selection commands.
Command history
Short and long help for every menu and command
All configuration changes that are made using CLI commands are sent to the APSolute Vision server
audit log.
This chapter contains the following sections:
Accessing APSolute Vision CLI, page 441
Command Syntax Conventions, page 442
Main CLI Menu, page 442
General CLI Commands, page 443
Network Configuration Commands, page 445
System Commands, page 452
Accessing APSolute Vision CLI

Access to the APSolute Vision CLI is available only to users with the Administrator or Vision
Administrator role.
If your user account is defined through an external authentication server:
To access the CLI, you need to first log in to the APSolute Vision WBM.
There is a 60-day inactivity timeout. That is, if you have not logged in to APSolute Vision server
for 60 days, you must again log in to the APSolute Vision WBM before you can log in to the
APSolute Vision CLI.
The CLI login username and password is case sensitive.

APSolute Vision supports up to 15 concurrent CLI users.
You can access the APSolute Vision CLI using a serial cable and terminal emulation application, or
from an SSH client.
Terminal settings for the APSolute Vision server are as follows:
Bits per second: 19200
Data bits: 8
Parity: None
Stop bits: 1
441

APSolute Vision CLI Commands
Flow control: None
APSolute Vision CLI uses Control-? (127) for the Backspace key.
When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes
for idle connections. If an SSH connection is idle for five minutes, APSolute Vision terminates the
session.
Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that your
SSH client does not attempt GSSAPI authentication.
Command Syntax Conventions

The following table describes the command syntax conventions used in this chapter.
Syntax Convention
Description
Example
Bold
Bold text designates information that must be

entered on the command line exactly as shown.
This applies to command names and nonvariable options.
net dns get
Angle Brackets (<>)
The information enclosed in brackets (<>) is

<filename>
variable and must be replaced by whatever it
represents. In the example shown, you must
replace <filename> with the name of the specific
file.
Brackets ([ ])
The information enclosed in square brackets ([ ]) [-s <size>]

is optional. Anything not enclosed in brackets
must be specified.
Curly brackets
containing vertical
bar(s)
({ | })
Curly brackets ({ }), also called braces, identify {<host_ip>|

a set of mutually exclusive options, which are
default}
separated by a pipe ( | ). You can enter only one
of the options in a single use of the command.
Each option within the braces can be optional or
required, and variable or non-variable.
In the example shown, you can specify a value
for the variable <host_ip>, or use the nonvariable option, default.
Main CLI Menu

The following table describes the main CLI menu commands:
Command
Description
exit
Logs out of the APSolute Vision CLI session. For more information, see exit,
page 443.
help
Displays help for menus and commands. You can also use the ? key. For more
information, see help, page 443.
history
Displays a history of previously run commands. For more information, see

history, page 444.
net
Commands to display and configure network interface settings and IP routing.

For more information, see Network Configuration Commands, page 445.
442

Command
Description
ping
Pings a host on the network to test its availability. For more information, see
ping, page 444.
reboot
Stops all processes and then reboots the APSolute Vision server. For more
information, see reboot, page 444.
shutdown
Stops all processes and then shuts down the APSolute Vision server. For more
information, see shutdown, page 444.
system
System commands for the APSolute Vision server. For more information, see
System Commands, page 452.
grep
Selects lines containing a match for the specified regular expression. For more
information, see grep, page 444.
more
Paginates command output. For more information, see more, page 445.
General CLI Commands

This section describes the following APSolute Vision CLI commands:
exit
help
history
ping
reboot
shutdown
grep
more
exit
Logs out of the APSolute Vision CLI session.
Syntax
exit
help
Displays help for a command or menu. You can also use the ? key.
Examples
A
net? displays help for the net menu.
net management-ip? displays help for the net management-ip command.
Tip: To display the list of commands for a menu, enter the menu name and press Enter.
443

history
Displays a history of the previously run commands.
Syntax
history [-<num>]
<num>
The number of previous commands to display, starting from

the current command. The default is the last 50 commands.
Optional
Tip: To paginate results, use history | more.

To view command history for specific commands or menus, use |grep.
Example
history | grep sys
Displays the history of commands containing the string sys.
ping
Pings a host on the network to test its availability.
Syntax
ping <IP_address> <N>
<IP_address>
IP address of the host to ping.
Required
<N>
Number of packets to send.
Required
If N is 0, the device will ping indefinitely. Use Ctrl-C to stop.
reboot
Stops all processes and then reboots the APSolute Vision server.
Syntax
reboot
shutdown
Stops all processes and then shuts down the APSolute Vision server.
Syntax
shutdown
grep
Selects lines containing a match for the specified regular expression. You can use this command only
concatenated to other commands that produce output.
Syntax
444

| grep <regexp>
<regexp>
The regular expression string to match.
Required
Tip: Use this command with history and timezone list commands to filter output.
more
Paginates command output. You can use this command only concatenated to other commands that
produce output.
Syntax
| more
Tip: Use this command with history and timezone list commands to paginate output.
Network Configuration Commands

The net menu includes the following command types to display and configure network interface
settings and IP routing:
Network DNS Commands, page 445
Net Firewall Commands, page 447
Network IP Interface Commands, page 447
Network NAT Commands, page 449
Network Physical Interface Commands, page 450
Network Routing Commands, page 451
Network DNS Commands

Use net dns commands to display and configure DNS server settings.
The net dns commands comprise the following:
net dns get
net dns set primary
net dns set secondary
net dns set tertiary
net dns delete primary
net dns delete secondary
net dns delete tertiary
net dns get

Displays the IP address for each configured DNS server.
Syntax
net dns get
445

net dns set primary

Adds a primary DNS server to the DNS server table. If a primary DNS server already exists, the new
configuration overwrite the old one.
Syntax
net dns set primary <IP_address>
<IP_address>
The IP address of the primary DNS server.
Required
net dns set secondary

Adds a secondary DNS server to the DNS server table if there is an existing configuration of a
primary DNS server. If there is no primary DNS server, APSolute Vision defines the secondary server
as the primary. If a secondary DNS server already exists, the new configuration overwrite the old
one.
Syntax
net dns set secondary <IP_address>
<IP_address>
The IP address of the secondary DNS server.
Required
net dns set tertiary

Adds a tertiary DNS server to the DNS server table if there is an existing configuration of a primary
and secondary DNS server. If there is no primary and secondary DNS server, APSolute Vision defines
the tertiary server as the next-higher-level server (primary or secondary). If a tertiary DNS server
already exists, the new configuration overwrite the old one.
Syntax
net dns set tertiary <IP_address>
<IP_address>
The IP address of the tertiary DNS server.
Required

Deletes the primary DNS server.
Syntax

Deletes the secondary DNS server.
Syntax

Deletes the tertiary DNS server.
Syntax
446

Net Firewall Commands

Use net firewall commands to manage L4 ports other than the ports that are opened by the
APSolute Vision installation.
Note: For information on the ports opened by the APSolute Vision installation, see UDP/TCP Ports,
page 608.
The net firewall commands comprise the following:
net firewall open-port set
net firewall open-port list
net firewall open-port set

Opens or closes a specified port in the firewall other than a port opened by the APSolute Vision
installation (see UDP/TCP Ports, page 608).
Syntax
net firewall open-port set <port_number> {open|close}
<port_number>
The L4 TCP port in the firewall.
Required
{open|close}
The open argument in the command opens the port in the

firewall. The close argument in the command closes a port
that was opened with the net firewall open-port set
<port_number> open command.
Required

Lists the currently open ports in the firewall that were opened using the net firewall openport set <port_number> open command.
Syntax
Network IP Interface Commands

Use net ip commands to display and configure APSolute Vision server network-interface settings
and define the G1, G2, G3, and G4 ports on the APSolute Vision server.
Note: After changing the configuration of a management port (G1 or G2), you must restart the
The net ip commands comprise the following:
net ip set
net ip delete
net ip get
net ip management set
447

net ip set
Configures an IP address for APSolute Vision server network interface on ports G1, G2, G3, or G4.
Notes
The G3 port is available only on virtual appliances.
The G4 port is available only in an APSolute Vision server with APM server VA deployment.
Syntax
net ip set <IP_address> <netmask> {G1|G2|G3|G4}
<IP_address>
The IP address of the network interface.
Required
<netmask>
The subnet for the network interface.
Required
{G1|G2|G3|G4}
Specifies whether the interface is on G1, G2, G3, or G4.
Required
net ip delete
Deletes an IP address from a port on the APSolute Vision server.
Syntax
net ip delete {G1|G2|G3|G4}
{G1|G2|G3|G4}
The port on the APSolute Vision server whose IP address will

be deleted.
Required
net ip get
Displays the MAC addresses and other information about the configured network interfaces.
Syntax
net ip get
net ip management set

Sets the network interface on which APSolute Vision listens for incoming traps and messages from
managed devices. Managed devices must be able to reach the APSolute Vision management IP
address. The management port can be either G1 or G2, but not both simultaneously.
This is the interface that APSolute Vision registers in the event-target table on managed devices.
Note: You can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on)
through ports G1, G2, and G3.
Syntax
net ip management set {G1|G2}
{G1|G2}
448
The port on the APSolute Vision server.
Required

Network NAT Commands

To access APM or DPM from an APSolute Vision server that is deployed behind a network address
translation (NAT), use the net nat commands described in this section.
The net nat commands comprise the following:
net nat get
net nat set hostname
net nat set ip
net nat set none
net nat get

Gets the NAT-host configuration for the server.
Syntax
net nat get
net nat set hostname

Sets a hostname for the APSolute Vision server. Use this option when the APSolute Vision server is
deployed behind a NAT to enable APSolute Vision clients to access the server both from the internal
and external network.
With this option, all clients must be configured to resolve the specified hostnamefor example,
using a DNS server or modifying the hosts file. Clients behind the NAT of the APSolute Vision server
local IP address must be configured to resolve the hostname to the external NAT IP address. Clients
inside the local subnet of the APSolute Vision server must be configured to resolve the hostname to
the internal IP address.
Syntax
net nat set hostname <hostname>
<hostname>
The hostname used for APSolute Vision server-client

communication when NAT is used.
Required
The hostname must conform to RFC 952.

A period (.) is allowed only if the specified nat hostname is
the same as the system hostname. To set the system
hostname (see System Hostname Commands, page 478).
net nat set ip

Sets the external NAT IP address of the APSolute Vision server. Use this option when access is
required only from an external IP address.
Caution: The specified IP address must be routable from the client machine.
Syntax
net nat set ip <IP address>
<IP address>
The IP address of the APSolute Vision server from an external Required

network.
449

net nat set none

Removes the server-NAT configuration. The APSolute Vision server will be accessible to clients only
using the internal Management IP address.
Syntax
net nat set none
Network Physical Interface Commands

Use net physical-interface commands to display and configure network physical interface
settings on the APSolute Vision server.
The net physical commands comprise the following:
net physical-interface get
net physical-interface set

Displays speed and duplex mode for each accessible network physical interface on the APSolute
Vision server. Displays whether a physical interface is down, and whether auto-negotiation mode is
set.
Syntax
net physical-interface set

Configures the speed and duplex mode for a network physical interface using manual settings or by
setting auto-negotiation. The speed and duplex arguments take precedence over the autonegotiation setting. That is, if you change the speed and/or duplex setting, APSolute Vision sets
auto-negotiation to OFF automatically.
On APSolute Vision VA platforms, this command is not supported. The values, which apply to the
virtual NIC card, are staticwith auto-negotiation OFF, the speed 10,000 Mbps (10 Gbps), and full
duplex mode ON.
Syntax
net physical-interface set {G1|G2} autoneg {on|off} speed {10|100|1000}

duplex {half|full}
{G1|G2}
The physical interface to configure, G1 or G2.
Required
{on|off}
The auto-negotiation mode. Enter autoneg on

to set speed and duplex mode by autonegotiation.
Optional
{10|100|1000}
The speed setting, in Mbps.
Optional
{half|full}
The duplex-mode setting.
Optional
Examples
A
net physical-interface set G1 autoneg on
net physical-interface set G2 speed 1000 autoneg off
net physical-interface set G1 duplex half speed 10 autoneg off
450

Network Routing Commands

Use net route commands to display and configure IP routing settings. APSolute Vision saves
configured routes by retrieving them directly from the kernels active routing table. Routes are be
deleted when deleting an IP address from a specific device interface.
The net route commands comprise the following:
net route set host
net route set net
net route set default
net route delete
net route get
net route set host

Sets a route to a destination host.
Syntax
net route set host <host_ip> <gateway_ip> [dev <G1|G2|G3|G4>]

<host_ip>
The IP address of the destination host to which the

route is defined.
Required
<gateway_ip>
The IP address of the next hop toward the destination Required

host.
<G1|G2|G3|G4>
Optional for
G1G3.
Required for
G4.
net route set net

Sets a route to a destination network or subnet.
Syntax
net route set net <net_ip> <netmask> <gateway_ip> [dev <G1|G2|G3|G4>]
<net_ip>
The IP address of the destination network to which

the route is defined.
Required
<netmask>
The destination subnet.
Required
<gateway_ip>
The IP address of the next hop toward the destination Required

network.
<G1|G2|G3|G4>
Optional for
G1G3.
Required for
G4.
net route set default

Sets a default gateway route.
Syntax
net route set default <gateway_ip> [dev <G1|G2|G3>]
451

<gateway_ip>
The IP address of the default gateway (next hop).
Required
<G1|G2|G3>
Optional
net route delete

Deletes a route entry from the routing table.
Syntax
net route delete <net_ip> <netmask> <gateway_ip> [dev <G1|G2|G3|G4>]
<net_ip>
To delete a network route, enter the IP address of the Required

corresponding destination network.
<netmask>
The destination subnet.
Required
<gateway_ip>
The IP address of the default gateway (next hop).
Required
<G1|G2|G3|G4>
The physical port on the APSolute Vision server.
Optional for
G1G3.
Required for
G4.
net route get

Displays routing information for active routes and statically-configured host routes, network routes,
and default routes.
Syntax
net route get
System Commands
The system menu includes the following system commands and command types for the APSolute
Vision server:
System APM Commands, page 453
system audit-log export, page 453
System APSolute Vision Server Commands, page 454
System Backup Commands, page 455
system cleanup, page 469
System Database Commands, page 469
System Date Commands, page 472
System DF Commands, page 473
System DPM Commands, page 474
system hardware status get, page 478
System Hostname Commands, page 478
System NTP Commands, page 479
system rpm list, page 481
System SNMP Commands, page 481
452

System SSL Commands, page 483
system statistics, page 486
System Storage Commands, page 486
System TCP Capture Commands, page 487
System Backup Technical-Support Commands, page 466
System Terminal Commands, page 488
System Timezone Commands, page 489
System Upgrade Commands, page 490
System User Authentication-Mode Commands, page 491
System User Password Commands, page 492
system version, page 494
System APM Commands

Use system apm commands to manage aspects of an APSolute Vision server with APM server VA.
Note: For more information on APSolute Vision server with APM server VA, see the APSolute Vision
Installation and Maintenance Guide and the Application Performance Monitoring Troubleshooting and
Technical Guide.
The system apm commands comprise the following:
system apm clear, page 453
system apm shell, page 453
system apm clear

Deletes all APM data files, including raw data.
Syntax
system apm clear
system apm shell

Launches the APM shell in an APSolute Vision server with APM server VA.
Note: From the APM shell, the exit command returns the CLI session to the APSolute Vision shell.
Syntax
system apm shell
system audit-log export

Exports the audit-log to the location specified in the command.
Syntax
system audit-log export <protocol>://<user>@<server>:/<path/to/directory>/

<filename <all|yyyy-mm-dd>
453

<protocol>
<user>@
Required
Values:
ssh
sftp
ftp
scp
The username.
Required
Note: If a password is required, you are prompted for it

after the connection is initiated.
<server>
The IP address or DNS name of the server.
<path/to/directory> The path to the export directory.
Required
Required
<filename>
The filename of the audit-log in the export directory.
Required
<all|yyyy-mm-dd>
Specify all to export all entries, or specify the start date of Required
records to export. The start date must be in yyyy-mm-dd
format.
System APSolute Vision Server Commands

Use system vision-server commands to manage the APSolute Vision server.
The system vision-server commands comprise the following:
system vision-server start, page 454
system vision-server status, page 454
system vision-server stop, page 454
system vision-server start

Starts the APSolute Vision server.
Syntax
system vision-server start
system vision-server status

Shows the status of the APSolute Vision server, Server running or Server stopped.
Syntax
system vision-server status
system vision-server stop

Stops the APSolute Vision server.
Syntax
system vision-server stop
454

System Backup Commands

Use system backup commands to manage APSolute Vision system backups.
The system backup commands comprise the following:
System Backup Configuration Commands, page 455
System Backup Full Commands, page 458
System Backup SecurityReporter Commands, page 462
System Backup Technical-Support Commands, page 466
System Backup Configuration Commands

Use system backup config commands to manage APSolute Vision system-configuration
backups.
The system backup config commands comprise the following:
system backup config create, page 455
system backup config delete, page 456
system backup config export, page 456
system backup config import, page 457
system backup config info, page 457
system backup config list, page 458
system backup config restore, page 458
system backup config create

Creates a backup of the system configuration in the storage location.
Note: For information on the storage location, see System Storage Commands, page 486.
Each backup includes the following:
The APSolute Vision system configuration
The local users
The managed devices
The host IP addresses in the database-viewer list
The backup config create command does not back up the following:
The password of the radware user of the APSolute Vision server appliance
The IP address/es of the APSolute Vision server appliance
The DNS address/es of the APSolute Vision server appliance
The network routes of the APSolute Vision server appliance
Attack data
The system stores up to five configuration-backup iterations. After the fifth configuration-backup,
the system deletes the oldest one.
Syntax
system backup config create <configName> [description]
455

<configName>
The name of the system-configuration backup, up to 15

Required
characters, with no spaces. Only alphanumeric characters and
underscores (_) are allowed.
[description]
The description of the system-configuration backup.
Optional
system backup config delete

Deletes the specified system-configuration backup from the storage location.
Syntax
system backup config delete <configName>
<configName>
The name of the system-configuration backup.
Required
system backup config export

Exports the specified system-configuration backup from the storage location to a specified location.
Syntax
system backup config export <configName> <protocol>://<user>@<server>:/<path/

to/directory>/<filename>
<configName>
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp
fileThis option exports the backup locally to the

location specified in the command.
Caution: Only root users have access to the local

directory and can delete the file. You can, however, use
the system backup config import command on the
same machine with the file parameter to retrieve the
exported backup.
If you use the file option, Radware recommends that you
place the file in the Maintenance Files folder, which you can
access from the APSolute Vision server Web interface.
For example:
system backup config export MyBackupName

file:///opt/radware/storage/maintenance/
MyBackupTargetName
456

<user>@
The username.
Required

<server>

<filename>
The filename of the system-configuration backup in the

export directory, which may be different from the
configName.
Required
Required
Required
system backup config import

Imports the specified system-configuration backup from the specified location to the storage
location.
Syntax
system backup config import <protocol>://<user>@<server>:/<path/to/

directory><filename>
<protocol>
<user>@
Values:
ssh
sftp
ftp
scp
fileUses the backup file on the local machine, which

was made using the system backup config export
command with the file option.
The username.
Required
Required

<server>
<path/to/directory> The path to the remote directory.

<filename>
Required
Required
The name of the system-configuration backup in the remote Required

directory, which may be different from the configName.
When the file is imported, the filename reverts to the
configName, that is, the name that was used when the
system-configuration backup was created.
system backup config info

Displays the following information about the specified system-configuration backup:
NameThe name of the system-configuration backup.
Disk SizeThe size of the system-configuration backup on the disk.
DateThe time and date that the system-configuration backup was created.
457

VersionThe APSolute Vision version and build number.
DescriptionThe user-defined description of the system-configuration backup.
Syntax
system backup config info <configName>
<configName>
Required
system backup config list

Lists the system-configuration backups in the storage location in a table with the following columns:
NameThe name of the system-configuration backup.
Size(K)The size of the system-configuration backup on the disk.
DateThe time and date that the system-configuration backup was created.
DescriptionThe user-defined description of the system-configuration backup, which is

truncated as necessary to fit the table.
Syntax
system backup config list
system backup config restore

Restores the system using the specified system-configuration backup. The version and build number
of the current system and the version and build number of the system that created the systemconfiguration backup must be the same.
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
system backup config restore <configName>
<configName>
Required
System Backup Full Commands

The system backup full commands comprise the following:
system backup full create, page 459
system backup full delete, page 459
system backup full export, page 459
system backup full import, page 460
system backup full info, page 461
system backup full list, page 461
458

system backup full create

Creates a system backup in the storage location. Each system backup includes all the data
necessary to restore the entire systembut not the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM).
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Caution: The system backup does not include AVR or DPM data.
Syntax
system backup full create <backupName> [description]
<backupName>
The name of the backup, up to 15 characters with no spaces.

Only alphanumeric characters and underscores (_) are
allowed.
Required
[description]
The description of the backup.
Optional
system backup full delete

Deletes the specified system backup from the storage location.
Syntax
system backup full delete <backupName>
<backupName>
The name of the backup.
Required
system backup full export

Exports the specified system backup from the storage location to the location specified in the
command.
Syntax
system backup full export <backupName> <protocol>://<user>@<server>:/<path/

to/directory>/<filename>
459

<backupName>
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp


directory and can delete the file. You can, however, use
the system backup import command on the same
machine with the file parameter to retrieve the
exported backup.
For example:
system backup full export MyBackupName file:/

//opt/radware/storage/maintenance/
MyBackupTargetName
<user>@
The username.
Required

<server>

<filename>
The filename of the backup in the export directory, which

may be different from the backupName.
Required
Required
Required
system backup full import

Imports the specified system backup from the specified location to the storage location.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
system full backup import <protocol>://<user>@<server>:/<path/to/

460

<protocol>
<user>@
Values:
ssh
sftp
ftp
scp

was made using the system backup full export
command with the file option.
The username.
Required
Required

<server>

<filename>
Required
Required
The name of the backup in the export directory, which may Required
be different from the backupName.
backupName, that is, the name that was used when the
backup was created.
system backup full info

Displays the following information about the specified system backup:
NameThe name of the backup.
Disk SizeThe size of the backup on the disk.
DateThe time and date that the backup was created.
DescriptionThe user-defined description of the backup.
Syntax
system backup full info <backupName>
<backupName>
Required
system backup full list

Lists the system backups in the storage location in a table with the following columns:
NameThe name of the backup.
Size(K)The size of the backup on the disk.
DateThe time and date that the backup was created.
DescriptionThe user-defined description of the backup, which is truncated as necessary to fit

the table.
461

Syntax
system backup full list
system backup full restore

Restores the system using the specified system backup. The version and build number of the current
system and the version and build number of the system that created the backup must be the same.
Caution: The system backup does not include the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM). If you use AVR or DPM, you must restore the system before you
restore the AVR and/or DPM data.
restarts them.
Syntax
system backup full restore <backupName>
<backupName>
Required
System Backup SecurityReporter Commands

Use system backup securityReporter commands to manage backups of APSolute Vision
Reporter data.
The system backup securityReporter commands comprise the following:
system backup securityReporter create, page 462
system backup securityReporter delete, page 463
system backup securityReporter export, page 463
system backup securityReporter import, page 464
system backup securityReporter info, page 464
system backup securityReporter list, page 465
system backup securityReporter restore, page 465
system backup securityReporter create

Creates a APSolute Vision Reporter data backup in the storage location.
The system stores up to three reporter-backup iterations backups. After the third reporter-backup,
The backup includes all the APSolute Vision Reporter data.
Syntax
system backup securityReporter create <securityReporterName> <description>
462

<securityReporterName> The name of the reporter-backup, up to 15 characters,
Required
with no spaces. Only alphanumeric characters and

<description>
The description of the reporter-backup.
Optional
system backup securityReporter delete

Deletes the specified reporter-backup from the storage location.
Syntax
system backup securityReporter delete <securityReporterName>

<securityReporterName> The name of the reporter-backup.
Required
system backup securityReporter export

Exports the specified reporter-backup from the storage location to a specified location.
Syntax
system backup securityReporter export <securityReporterName> <protocol>://

<user>@<server>:/<path/to/directory>/<filename>
<securityReporterName> The name of the reporter-backup.
<protocol>
Values:
ssh
sftp
ftp
scp

Required
Required

directory and can delete the file. You can, however,
use the system backup securityReporter
import command on the same machine with the
file parameter to retrieve the exported backup.
If you use the file option, Radware recommends that
you place the file in the Maintenance Files folder, which
you can access from the APSolute Vision server Web
interface.
For example:
system backup securityReporter export

MyBackupName file:///opt/radware/storage/
maintenance/MyBackupTargetName
463

The username.
<user>@
Required
Note: If a password is required, you are prompted

for it after the connection is initiated.
<server>
Required
<path/to/directory>
The path to the export directory.
Required
<filename>
The filename of the reporter-backup in the export

directory, which may be different from the
securityReporterName.
Required
system backup securityReporter import

Imports the specified reporter-backup from the specified location to the storage location.
Syntax
system backup securityReporter import <protocol>://<user>@<server>:/<path/to/

<protocol>
<user>@
Values:
Required
ssh
sftp
ftp
scp

was made using the system backup
securityReporter export command with the file
option.
The username.
Required

<server>

<filename>
Required
Required
The name of the reporter-backup in the export directory,

Required
which may be different from the securityReporterName.
securityReporterName, that is, the name that was used
when the reporter-backup was created.
system backup securityReporter info

Displays the following information about the specified reporter-backup:
NameThe name of the reporter-backup.
Disk SizeThe size of the reporter-backup on the disk.
DateThe time and date that the reporter-backup was created.
464

DescriptionThe user-defined description of the reporter-backup.
Syntax
system backup securityReporter info <securityReporterName>
<securityReporterName>
The name of the reporter-backup.
Required
system backup securityReporter list

Lists the reporter-backups in the storage location in a table with the following columns:
NameThe name of the reporter-backup.
Size(K)The size of the reporter-backup on the disk.
DateThe time and date that the reporter-backup was created.
DescriptionThe user-defined description of the reporter-backup, which is truncated as

necessary to fit the table.
Syntax
system backup securityReporter list
system backup securityReporter restore

Restores the APSolute Vision Reporter (AVR) data using the specified reporter-backup. The version
and build number of the current system and the version and build number of the system that
created the reporter-backup must be the same.
Caution: When you are restoring the system backup also, you must restore the system before you
restore AVR data.
restarts them.
Syntax
system backup securityReporter restore <securityReporterName>
<securityReporterName>
The name of the reporter-backup.
Required
465

System Backup Technical-Support Commands

If you encounter problems with APSolute Vision, you can create a technical-support package and
send it to Radware Technical Support for assistance.
Use system backup techSupport commands to manage technical-support packages for the
The system backup techSupport commands comprise the following:
system backup techSupport local, page 466
system backup techSupport create, page 467
system backup techSupport export, page 467
system backup techSupport info, page 468
system backup techSupport list, page 468
system backup techSupport delete, page 469
system backup techSupport local

Creates a tech-support package that you can access in the APSolute Vision Web interface (APSolute
Vision Settings mode System perspective, General Settings > Maintenance Files). When the
process finishes, the CLI message includes the hard-coded filepath and name of the package, which
is a .tar file.
Notes
This command is an alternative to using the two separate commands, system backup
techSupport create and system backup techSupport export.
You can delete the .tar file using system backup techSupport delete (without the .tar
extension).
APSolute Vision generates each package in a .tar file using the following format:
vision_support_<IPAddress>_<MM-dd-yy-hhmm>.tar
where:
<IPAddress> is the IP address of the APSolute Vision server.
<MM-dd-yy-hhmm> is the date and time.
Each tech-support package includes the following:
The current system time in millis (from Unix epoch)
The APSolute Vision version and build number
APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
Running processes
The status of each APSolute Vision service
APSolute Vision system logs
APSolute Vision Reporter logs
APSolute Vision debug logs
Disk usage
Additional internal-resource information
Syntax
system backup techSupport local
466

system backup techSupport create

Creates a tech-support package.
The system stores up to three tech-support packages in the storage location. After the third techsupport package, the system deletes the oldest one.
Each tech-support package includes the following:
The current system time in millis
The APSolute Vision version and build number
APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
Running processes
The status of each APSolute Vision service
APSolute Vision system logs
APSolute Vision Reporter logs
APSolute Vision debug logs
Disk usage
Additional internal-resource information
Syntax
system backup techSupport create <techSupportName> [<description>]

<techSupportName> The name of the tech-support package, up to 15 characters,
Required

<description>
The description of the tech-support package.
Optional
system backup techSupport export

Exports the specified tech-support package from the storage location to the specified location.
Syntax
system backup techSupport export <techSupportName> <protocol>://

<user>@<server>:/<path/to/directory>/<filename>
467

<techSupportName>
The name of the tech-support package.
Required
<protocol>
Values:
Required
ssh
sftp
ftp
scp


directory and can delete the file.
For example:
system backup techSupport export

MyTechSupportName file:///opt/radware/
storage/maintenance/MyBackupTargetName
<user>@
The username.
Required

<server>

<filename>
The filename of the tech-support package in the export

directory, which may be different from the
techSupportName.
Required
Required
Required
system backup techSupport info

Displays the following information about the specified tech-support package:
NameThe name of the tech-support package.
Disk SizeThe size of the tech-support package on the disk.
DateThe time and date that the tech-support package was created.
DescriptionThe user-defined description of the tech-support package.
Syntax
system backup techSupport info <techSupportName>
<techSupportName>
Required
system backup techSupport list

Lists the tech-support packages in the storage location in a table with the following columns:
NameThe name of the tech-support package.
Size(K)The size of the tech-support package on the disk.
468

DateThe time and date that the tech-support package was created.
DescriptionThe user-defined description of the tech-support package, which is truncated as

necessary to fit the table.
Syntax
system backup techSupport list
system backup techSupport delete

Deletes the specified tech-support package. For a package that system techSupport create
created, system backup techSupport delete deletes the package in the storage location. For
a package that system backup techSupport local created, system backup techSupport
delete deletes the package in the hard-coded local location.
Notes
For information on the storage location, see System Storage Commands, page 486.
For information on system backup techSupport local, see system backup techSupport
local, page 466.
Syntax
system backup techSupport delete <techSupportName>
<techSupportName>
Required
system cleanup
Cleans all the data on the APSolute Vision server, or cleans all the data on the APSolute Vision server
except for the following:
APSolute Vision server management IP addresses and routes
Installed licenses
Syntax
system cleanup {full|without-server-ip}
full|without-server-ip
The command with the full argument restores the Required

APSolute Vision server to the factory defaults. After
you run the command with the full argument, the
initial configuration script launches automatically.
The command with the without-server-ip
argument cleans all the data on the APSolute Vision
server but retains the APSolute Vision server
management IP addresses and routes.
System Database Commands

Use system database commands to manage the APSolute Vision database.
469

The system database commands comprise the following:
system database access Commands, page 470
system database clear, page 471
system database start, page 471
system database status, page 471
system database stop, page 471
system database access Commands

Manages the list of IP addresses that can access the APSolute Vision MySQL database tables.
Note: For information on APSolute Vision database table views, see Appendix B - APSolute Vision
Database Views, page 507.
The system database access commands comprise the following:
system database access display, page 470
system database access grant, page 470
system database access revoke, page 471
A user from a specified host IP address with the following credentials can read (SELECT) the
database tables with a MySQL connection:
User: external
Password: viewer
Default schema: vision
Hostname: The IP address of the APSolute Vision server
Notes
The system backup and system config backup commands back up the list of IP addresses
that can access the database tables.
The system cleanup command deletes the list of IP addresses that can access the database
tables.
system database access display

Displays the list of IP addresses that can access the database tables.
Syntax
system database access display
system database access grant

Adds an IP address to the list of IP addresses that can access the database tables.
Note: APSolute Vision supports access from up to 10 distinct IP address.

Syntax
system database access grant <host_IP_address>
470

<host_IP_address> The host IP address of the user in the database-viewer list.
Required
system database access revoke

Removes an IP address or all IP addresses from the list of IP addresses that can access the database
tables. Use the all argument to remove all IP addresses from the list.
Syntax
system database access revoke {<host_IP_address>|all}

<host_IP_address> The host IP address of the user in the database-viewer list.
Required
system database clear

Clears and initializes the APSolute Vision database.
Syntax
system database clear
system database start

Restarts the APSolute Vision database, making it available for access.
Syntax
system database start
system database status

Shows the database status. For example, the output:
MySQL running (2688) [OK]

shows the database is up and running with process ID 2688.
Syntax
system database status
system database stop

Stops the APSolute Vision database, making it unavailable for access.
Syntax
system database stop
system database maintenance Commands

The system database maintenance commands comprise the following:
system database maintenance optimize, page 471
system database maintenance check, page 472
system database maintenance driver_table delete, page 472
system database maintenance optimize

Optimizes the relevant tables.
Syntax
system database maintenance optimize
471

system database maintenance check

Checks whether the database needs optimization.
Syntax
system database maintenance check
system database maintenance driver_table delete

Stops the APSolute Vision server, deletes all device drivers from the Device Drivers table, and starts
the server. This command permanently deletes all device drivers that were manually uploaded to the
Device Drivers table (Asset Management perspective > General Settings > Device Drivers).
When APSolute Vision restarts:
For managed devices of product versions created before the introduction of the
device-driver featureAPSolute Vision reloads the device drivers from the APSolute Vision
file system. (APSolute Vision persistently maintains the device drivers of product versions
created before the introduction of the device-driver feature.)
For managed devices of product versions created with the device-driver feature
APSolute Vision retrieves and loads the device driver from each managed device.
Caution: If you require functionality that relies on a manually uploaded device driver (for
example, as is the case with configuration templates), you must upload the relevant device
driver again.
Note: For more information on device drivers, see Managing Device Drivers, page 112.
Syntax
system database maintenance driver_table delete
System Date Commands

Use system date commands to display and set date and time on the APSolute Vision server.
The system date commands comprise the following:
system date get, page 472
system date set, page 472
system date get

Displays the APSolute Vision server date and time.
Syntax
system date get
system date set

Sets the date and time on the APSolute Vision server.
472

Caution: For APSolute Vision VAThe time on the APSolute Vision VA must be the same asor
within several minutes ofthe time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Notes
Setting the system date stops the NTP service.
Setting the system date requires restarting the APSolute Vision server, the APSolute Vision
Reporter, and MySQL.
The APSolute Vision Reporter client supports only a single timezone, which is the timezone
configured in APSolute Vision server.
Syntax
system date set <date_and_time>
<date_and_time>
The date and time in yyyy/MM/dd hh:mm:ss format.
Required
Example
system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.
System DF Commands
Use df commands to manage the DefenseFlow associated with the APSolute Vision server.
The system df commands comprise the following:
system df management-ip get, page 473
system df management-ip set, page 473
system df shell, page 474
system df management-ip get

Displays the IP address of the DefenseFlow associated with the APSolute Vision server.
Syntax
system df management-ip get
system df management-ip set

Sets the IP address of the DefenseFlow associated with the APSolute Vision server.
Syntax
system df management-ip set <IP_address>
473

<IP_address>
The IP address of the DefenseFlow associated with the

Required
system df shell
Launches the DefenseFlow shell.
Syntax
system df shell
System DPM Commands

Use dpm commands to manage the Device Performance Monitor (DPM).
The system dpm commands comprise the following:
system dpm database clear, page 474
system backup dpm create, page 474
system dpm backup delete, page 474
system dpm backup export, page 475
system dpm backup import, page 475
system dpm backup list, page 476
system dpm backup restore, page 476
system dpm techSupport Commands, page 476
system dpm debug Commands, page 477
system dpm database clear

Clears the Device Performance Monitor database.
Caution: This command deletes all the data for the Device Performance Monitor.
system backup dpm create

Creates a Device Performance Monitor backup in the storage location.
The system stores up to three DPM backups. After the third tech-support package, the system
deletes the oldest one.
Syntax
system dpm backup create <dpm_bu_name>
<dpm_bu_name>
The name of the DPM backup, up to 15 characters, with no

spaces. Only alphanumeric characters and underscores (_)
are allowed.
Required
system dpm backup delete

Deletes the specified Device Performance Monitor backup.
Syntax
474

system dpm backup delete <dpm_bu_name>
<dpm_bu_name>

are allowed.
Required
system dpm backup export

Exports the specified Device Performance Monitor backup from the storage location to the specified
target.
Syntax
system dpm backup export <dpm_bu_name> <protocol>://<user>@<ip>://<path/to/

directory><RemoteFolder>
<dpm_bu_name>
The name of the DPM backup.
Required
<protocol>
Value: ftp
Required
<user>@
The username.
Required

<server>

<RemoteFolder>
The remote folder for the file in the export directory.
Required
Required
Required
system dpm backup import

Imports the specified Device Performance Monitor backup to the storage location.
Syntax
system dpm backup import <protocol>://<user>@<ip>://<path/to/

directory><BackupFilename>
<protocol>
Value: ftp
Required
<user>@
The username.
Required

<server>
<path/to/directory> The path to the remote directory.

<BackupFilename>
The filename of the backup in the remote directory.
Required
Required
Required
475

system dpm backup list

Lists the available Device Performance Monitor backups.
Syntax
system dpm backup list
system dpm backup restore

Restores the Device Performance Monitor with the data of the specified backup.
Caution: When you are restoring the system backup also, you must restore the system before you
restore DPM data. Otherwise, the devices in DPM will be marked as deleted.
Note: This action also stops and restarts the Device Performance Monitor process.
Syntax
system dpm backup restore <dpm_bu_name>
<dpm_bu_name>

are allowed.
Required
system dpm techSupport Commands

APSolute Vision supports commands for to help Radware Technical Support solve problems with the
Device Performance Monitor. Use the commands under the instructions of Radware Technical
Support.
The system dpm techSupport commands comprise the following:
system dpm techSupport create, page 476
system dpm techSupport export, page 476
system dpm techSupport list, page 477
system dpm techSupport delete, page 477
system dpm techSupport create

Creates a DPM tech-support package in the storage location.
The system stores up to three DPM tech-support packages. After the third tech-support package,
Syntax
system dpm techSupport create <techSupportName> [description]
<techSupportName> The name of the tech-support package, up to 15 characters,
Required
[description]
Optional

The description of the tech-support package.
system dpm techSupport export
476

Exports the specified Device Performance Monitor tech-support file to the specified target.
Syntax
system dpm techSupport export <dpm_techsupport_name> <protocol>://

<user>@<ip>://<path/to/directory><RemoteFolder>
<dpm_techsupport_name>
The name of the tech-support file.
Required
<protocol>
Value: ftp
Required
<user>@
The username.
Required

<server>
Required
<path/to/directory>
The path to the export directory.
Required
<RemoteFolder>
The remote folder for the file in the export directory.
Required
system dpm techSupport list

Lists the DPM tech-support packages in the storage location.
Syntax
system dpm techSupport list

system dpm techSupport delete
Deletes the specified DPM tech-support package in the storage location.
Syntax
system dpm techSupport delete <techSupportName>
<techSupportName>
Required
system dpm debug Commands

APSolute Vision supports commands for debugging the Device Performance Monitor. Use the
commands under the instructions of Radware Technical Support.
system dpm debug commands:
system dpm debug start
system dpm debug stop
system dpm debug status
system dpm debug version
system dpm debug database
system dpm debug database count
system dpm debug database devices
477

system dpm debug database connections
system dpm debug database query
system dpm debug sample
system dpm debug sample create
system dpm debug sample delete
system dpm debug sample list
system dpm debug sample export
system dpm debug install
Caution: This command performs a fresh installation of the DPM service, and all existing DPM
data is deleted.
system hardware status get

Returns a table showing each of the APSolute Vision physical server fans and its status: OK/Failed
and the device temperature. The temperature is displayed in Celsius and Fahrenheit.
Syntax
system hardware status get
System Hostname Commands

The system hostname commands comprise the following:
system hostname get, page 478
system hostname set, page 478
system hostname get

Displays the hostname of the APSolute Vision server.
Syntax
system hostname get
system hostname set

Sets the system hostname. The hostname will be included in the system backup, configuration
backup, and restored following system restore. The hostname reverts to the default
(vision.radware) in system cleanup.
Following a hostname update, the system prompts you whether to allow or deny regenerating the
certificate, which will use the new hostname. It does not matter whether the system is using a
default self-signed certificate or a non-default certificate.
Syntax
system hostname set <hostname>
478

<hostname>
The hostname. The hostname must conform to RFC 952.
Optional
If a nat hostname is configured (see net nat set hostname,

page 449), and the nat hostname is the same as the system
hostname before running system hostname set, this
command overwrites the nat hostname.
Note: A period (.) is expected to delimit components (for
example, vision.radware.com), however, APSolute Vision
does not enforce fully qualified domain names.
System NTP Commands

Use system ntp commands to manage Network Time Protocol (NTP) settings to synchronize time
and date across the network.
The system ntp commands comprise the following:
system ntp servers add, page 479
system ntp servers del, page 479
system ntp servers get, page 480
system ntp service, page 480
system ntp servers add

Adds an NTP server to the list of NTP servers.
Syntax
system ntp servers add <server> [minpoll <minpoll>] [maxpoll <maxpoll>]

[prefer]
<server>
The URL or IP address of the NTP server.
Required
<minpoll>
The minimum poll interval for NTP messages, as a power Optional

of 2 in seconds.
Minimum: 4That is, 16 seconds.
Default: 6That is, 64 seconds.
<maxpoll>
The maximum poll interval for NTP messages, as a power Optional

of 2 in seconds.
Maximum: 17That is, approximately 36.4 hours.
Default: 10That is, 1024 seconds, approximately 17
minutes.
prefer
Specifies that this host will be chosen for

synchronization, all other things being equal. For more
information, go to
http://www.ntp.org/.
Optional
system ntp servers del

Deletes the specified NTP server.
Syntax
system ntp servers del <server>
479

<server>
The URL or IP address of the NTP server.
Required
system ntp servers get

Displays the list of the NTP servers with the specified arguments (minpoll, maxpoll, and
prefer).
Syntax
system ntp servers get
system ntp service

Starts and stops the NTP service (ntpd).
Caution: For APSolute Vision VAThe time on the APSolute Vision VA must be the same asor
within several minutes ofthe time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Syntax
system ntp service {start|stop|status}
480

{start|stop|status}
Use one of the following commands:
Required
start Starts the NTP service, which starts to send

query messages to the external NTP servers to
synchronize time and date.
stop Stops the NTP service.
status Displays the status of the NTP service

(running or stopped) and the following additional
information in table form when the service is running:
remoteServer name or IP number
refidAssociation ID
stServer stratum level
tType:
uUnicast or manycast client

bBroadcast or multicast client
lLocal (reference clock)
sSymmetric (peer)
AManycast server
BBroadcast server
MMulticast server
whenSec/min/hr since last received packet
pollPoll interval (log2(sec))
reachReach shift register (octal)
delayRound-trip delay
offsetOffset of server relative to this host
jitterJitter
system rpm list

Lists the RPM Package Manager (RPM) packages used by the APSolute Vision server.
Syntax
system rpm list
System SNMP Commands

Use system snmp commands to manage the settings of the Simple Network Management Protocol
(SNMP) interface for APSolute Vision monitoring.
By default, the SNMP service in APSolute Vision is not started.
Access to the system snmp service commands is available to users with the Administrator and
the Vision Administrator role.
Access to the system snmp community commands and to the system snmp trap target
commands is available only to users with the Administrator role.
Note: For information on the MIBs that the SNMP interface exposes, see Appendix D - MIBs for
Monitoring APSolute Vision, page 567.
481

The system snmp commands comprise the following:
system snmp service start, page 482
system snmp service status, page 482
system snmp service stop, page 482
system snmp community add, page 482
system snmp community delete, page 482
system snmp community list, page 483
system snmp trap target add, page 483
system snmp trap target delete, page 483
system snmp trap target list, page 483
system snmp service start

Starts the SNMP interface for APSolute Vision monitoring.
Note: By default, the SNMP service in APSolute Vision is not started.

Syntax
system snmp service start
system snmp service status

Shows the status of the SNMP interface for APSolute Vision monitoring: snmpd (pid <pid>) is
running or snmpd is stopped.

Syntax
system snmp service status
system snmp service stop

Stops the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp service stop
system snmp community add

Adds a community to the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp community add <community>

<community>
The community name.
Required
system snmp community delete

Deletes a community from the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp community delete <community>
<community>
482
The community name.
Required

system snmp community list

Lists the communities of the SNMP interface for APSolute Vision monitoring, with the columns:
Security Name, Source, and Community.
Syntax
system snmp community list
system snmp trap target add

Adds a trap target to the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp trap target add <host> <community> [port]
<host>
The host name or IP address.
Required
<community>
The community name.
Required
[port]
The port number.
Optional
system snmp trap target delete

Deletes a trap target from the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp target delete <host> <community>

<host>
The host name or IP address.
Required
<community>
The community name.
Required
system snmp trap target list

Lists the trap targets of the of SNMP interface for APSolute Vision monitoring, with the columns
Destination and Community.
Syntax
system snmp target list
System SSL Commands

Use system ssl commands to create, import, and show SSL certificates.
The system ssl commands comprise the following:
system ssl create, page 483
system ssl import, page 484
system ssl show, page 485
system ssl create

Creates a new self-signed certificate with the information you provide.
The system stores one SSL certificate.
The system asks you for information that will be incorporated into the certificate request. The
default value is APSolute Vision Server. To leave a field blank, press ENTER.
483

The system asks you for the following information:
Common NameThe server hostname or the IP address. Default: APSolute Vision Server.
Country NameThe two-letter code. Default: NA.
State or Province NameDefault: NA.
Locality NameFor example, the city. Default: NA.
Organization NameFor example, the company name. Default: NA.
Organizational Unit NameFor example, the company department. Default: NA.
Email AddressDefault: NA.
Caution: Every certificate includes a validity period, which is defined by a start date and an end
date. To prevent certificate-validity conflicts, before creating certificates, make sure that the correct
time is configured on the APSolute Vision servereither manually or using an NTP server.
Note: Replacing the SSL certificate reboots the AVR web server. You will need to log in again to
AVR.
Syntax
system ssl create
system ssl import

Imports a private key and certificate in PEM or PKCS12 format.
system ssl import pem
Imports a private key and certificate in PEM format.
Syntax
system ssl import pem <protocol>://<user>@<server>:/<path/to/directory> -key

<key_filename> -cert <certificate_filename>[-pass <key_passphrase>]
<protocol>
<user>@
Values:
sftp
scp
Required
The username.
Required

<server>
Required
<path/to/directory>
The path to the directory.
Required
<key_filename>
The name of the key in the remote directory.
Required
<certificate_filename> The name of the certificate in the remote directory.

<key_passphrase>
The passphrase of the key file in the remote directory.
Required
Optional
For PEM, the key passphrase is optional. Supply the key

passphrase if the private key is encrypted with a
passphrase.
484

Example
sftp://radware@1.1.1.1:/tmp -key key.pem -cert cert.pem -pass 12345
system ssl import pkcs12
Imports a private key and certificate in PKCS12 format.
Syntax
system ssl import pkcs12 <protocol>://<user>@<server>:/<path/to/directory>/

<PKCS12_filename> -pass <pkcs12_passphrase>
<protocol>
<user>@
Values:
sftp
scp
The username.
Required
Required

<server>
Required
<path/to/directory>
The path to the directory.
Required
<PKCS12_filename>
The name of the PKCS12 file in the remote directory.
Required
<pkcs12_passphrase>
The name of the passphrase in the remote directory.
Required
Example
sftp://radware@1.1.1.1:/tmp/file.p12 -pass 12345
system ssl show

Displays the following certificate details:
Subject:
Common Name
Country
State
Locality
Organization
Organization Unit
Email Address
Issuer:
Common Name
Country
State
Locality
Organization
485

Organization Unit
Email Address
Serial Number
Validity:
Start DateIn MMM DD hh:mm:ss yyyy GMT format
End DateIn MMM DD hh:mm:ss yyyy GMT format
Public Key Info:
Public Key AlgorithmFor example, rsaEncryption
RSA Public KeyFor example, (2048 bit)
Syntax
system ssl show
system statistics
Displays system resources statistics, including CPU utilization, uptime, system disk usage, database
disk usage, RAM utilization, and network throughput.
Syntax
system statistics
System Storage Commands

Use system storage commands to manage the storage locations of the following:
APSolute Vision system backups
APSolute Vision system-configuration backups
APSolute Vision Reporter data backups
Tech-support packages
The system storage commands comprise the following:
system storage backup local, page 486
system storage backup remote, page 486
system storage backup info, page 487
system storage backup local

Sets the storage location to the hard-coded local directory.
Note: Only root users can manually manage files in the hard-coded local directory.
Syntax
system storage backup local
system storage backup remote

Sets the storage location to a remote directory using either NFS or CIFS (Samba).
Syntax
system storage backup remote <protocol>://<server>:/<path/to/store>
486

<protocol>
Values: nfs, cifs
Required
<server>
Required
<path/to/store>
The path to the storage directory.
Required
system storage backup info

Lists the storage location.
Syntax
system storage backup info
System TCP Capture Commands

Use system tcpdump commands to dump a TCP capture for debugging.
The system tcpdump commands comprise the following:
system tcpdump export, page 487
system tcpdump print, page 488
system tcpdump export

Exports the TCP capture file by SSH. The capture file, dump.cap, is created locally, on the server.
When the TCP capture ends, you are prompted to download the capture file from the APSolute Vision
Web interface. (For the procedure, see Managing APSolute Vision Maintenance Files, page 126.)
The file is overwritten each time you run the tcpdump export command.
After entering the system tcpdump export command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.
Filter-expression examples:
port 80 Filter packets with source port 80.
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Caution: The dump to the capture file (dump.cap) stops when the first condition is reached:
timeout_sec, max_packets, or size. To ensure that each dump includes as much data as
possible when you configure a timeout_sec condition, Radware recommends that you set
max_packets to the maximum (-c 0). To ensure that each dump includes as much data as
possible when you configure a max_packets condition, Radware recommends that you set
timeout_sec to the maximum (-t 0).
Syntax
system tcpdump export [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
487

<timeout_sec>
The timeout, in seconds.
Optional
Enter 0 for no timeout.

Default: 60
<max_packets>
The maximum number of packets.
Optional
Enter 0 for no maximum.

Default: 10,000
<size>
The size to truncate packets to.
Optional
Default: 0Specifies no truncation
system tcpdump print

Dumps a TCP capture directly to the console.
After entering the system tcpdump print command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.
Filter-expression examples:
port 80 Filter packets with source port 80.
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Syntax
system tcpdump print [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
<timeout_sec>
The timeout in seconds. Enter 0 for no timeout.
Optional
Default: 60
<max_packets>
The maximum number of packets. Enter 0 for no maximum.
Optional
Default: 10000
<size>
The size to truncate packets to.
Optional
Default: 0Specifies no truncation
System Terminal Commands

Use CLI system terminal commands to manage the terminal prompt and banner displayed in the
APSolute Vision console. The settings are global settings common to all users who access the
APSolute Vision CLI shell.
Note: The settings are persistent and are included in the APSolute Vision configuration backup and
restore operations.
The system terminal commands comprise the following:
System Terminal Prompt Commands, page 489
System Terminal Banner Commands, page 489
488

System Terminal Prompt Commands

The system terminal prompt commands comprise the following:
system terminal prompt set, page 489
system terminal prompt get, page 489
system terminal prompt set

Specifies the string to be used as the terminal prompt.
Syntax
system terminal prompt set

system terminal prompt get
Retrieves the string currently used as the terminal prompt.
Syntax
system terminal prompt get
System Terminal Banner Commands

By default there is an empty bannerthat is, no banner.
At startup, the following is printed to the console:
1. The banner, if defined.
2. The system version information.
3. The MAC addresses of the available ports.
The system terminal banner commands comprise the following:
system terminal banner update, page 489
system terminal banner get, page 489
system terminal banner update

Launches a vi shell to edit the string to be used as start-up banner.
Syntax
system terminal banner update

system terminal banner get
Retrieves the string currently used as start-up banner.
Syntax
system terminal banner get
System Timezone Commands

Use system timezone commands to display the timezone, with or without daylight saving time, on
the APSolute Vision server.
The system timezone commands comprise the following:
system timezone get, page 489
system timezone list, page 490
system timezone set, page 490
system timezone get

Displays the timezone set on the APSolute Vision server.
Syntax
system timezone get
489

system timezone list

Lists the timezones that are supported on the APSolute Vision server.
Syntax
system timezone list
Tip: To paginate output, use system timezone list | more. To find a specific timezone, use
|grep. For example, to find the timezone for London, use system timezone list | grep Lon
to display all time-zone names containing Lon.
system timezone set

Sets the timezone on the APSolute Vision server, and implements daylight saving time, if required.
You can use any timezone from the list of supported timezones.
Note: In an APSolute Vision server with APM server VA installation, this command affects the
APSolute Vision server and the APM module. That is, in an APSolute Vision server with APM server
VA installation, changing the timezone in the APM Linux shell, has no effect.
Timezones for named locations, for example, Europe/London, set the GMT value and daylight saving
time parameters for those areas.
To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for
example, Etc/GMT+2.
For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and
the zones east of GMT have a negative (-) sign in the timezone name. For example,
Etc/GMT-2 is 2 hours ahead/east of GMT.
To prevent incorrect timezone configuration, use the country name listed in the timezone list,
not timezones beginning with Etc/GMT.
Tip: To view the list of supported timezones, use system timezone list.
Syntax
system timezone set <timezone_name>
<timezone_name>
The name of the timezone, selected from the list of supported Required
timezones. The timezone name is case sensitive, for example,
system timezone set Europe/London.
System Upgrade Commands

Use System Upgrade commands to upgrade the APSolute Vision software version or the APSolute
Vision online help stored on the APSolute Vision server.
Note: You can also use the APSolute Vision WBM to upgrade the APSolute Vision software version or
the APSolute Vision online help stored on the APSolute Vision server.
490

system upgrade full

Launches the upgrade process of APSolute Vision software, using an upgrade file in the <APSolute
Vision server IP address>/temp directory.
Copying the file is performed using the vision-files user. Only the vision-files user has SCP access
to copy and delete files from the <APSoluteVisionIPAddress>/temp directory.
Before you initiate the upgrade, you should copy the upgrade file to the <APSolute Vision
server IP address>/temp directory.

The procedure requires a valid upgrade file.
Syntax
system upgrade full <filename> <password>
<filename>
The name of the upgrade file, including the extension.
Required
<password>
The password of the upgrade file.
Required only
for major
version
system upgrade help

Starts a script to upgrade the APSolute Vision online help using an upgrade file in the <APSolute
Vision server IP address>/temp directory.

Only a vision-files user has SCP access to copy and delete files from the
<APSoluteVisionIPAddress>/temp directory.
This procedure requires a valid online-helpupgrade package. For more information on the onlinehelp package, see Managing the Online-Help Package on the Server, page 505.
Syntax
system upgrade help <filename>
<filename>
The name of the upgrade file, including the extension.
Required
System User Authentication-Mode Commands

The system user authentication-mode commands comprise the following:
system user authentication-mode set, page 491
system user authentication-mode get, page 492
system user authentication-mode set

Sets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).
Note: The setting is retained after reboot of the APSolute Vision server, and it is included in the
APSolute Vision configuration backup and restore operations.
Syntax
system user authentication-mode set {Local|RADIUS|TACACS+}
491

{Local|RADIUS|TACACS+}
The user-authentication method APSolute Vision

client users.
Required
Values:
Local The Local Users table stores the

credentials of and authenticates the APSolute
Vision client users (see Configuring Local Users
for APSolute Vision, page 79).
RADIUS A RADIUS server stores the

Vision client users (see Configuring RADIUS
Server Connections, page 103). If the RADIUS
server is down, user authentication fails over to
the Local Users table (see Configuring Local
Users for APSolute Vision, page 79).
TACACS+ A TACACS+ server stores the

Vision client users (see Configuring TACACS+
Server Connections, page 107). If the TACACS+
server is down, user authentication fails over to
the Local Users table (see Configuring Local
Users for APSolute Vision, page 79).
Default: Local
system user authentication-mode get

This command is available only to users with the Administrator role.
Gets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).
Syntax
system user authentication-mode get
System User Password Commands

Use system user password commands to reset or set passwords.
The system user password commands comprise the following:
system user password change, page 492
system user password root, page 493
system user password vision-files, page 493
system user password vision-tech, page 493
system user password change

Changes the password of the radware user or an Administrator user of the same account. That is,
this command is available only to the radware user or an Administrator user to change his/her own
password.
Caution: Radware recommends using the radware only for disaster recovery, and keeping the
details of the radware user secret from all except special administrators.
492

Notes
The default password is radware.
This command is not available to Vision Administrator users.
When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.

Syntax
system user password change <user>
<user>
The username.
Required
system user password root

Changes the root user password for access to the APSolute Vision operating system.
This command is available only to the radware user and the root user.
Note: The default password for username root is radware.

When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.

Syntax
system user password root
system user password vision-files

Runs a script to set a new password for SCP access by vision-files users. The script prompts you
for the new password. For security reasons, the characters of the password are not displayed. The
default password is radware.
The vision-files user has SCP access only to copy and delete files from the
<APSoluteVisionIPAddress>\temp directory.
The vision-files users are authenticated locally by APSolute Vision server, regardless of whether the
system is configured to use a different authentication method. That is, vision-files users cannot be
overridden by the configuration of an authentication server.
This command is available only to the radware user and Administrator users.
Syntax
system user password vision-files
system user password vision-tech

Runs a script to set a new password for Web access by Radware Technical Support. The script
prompts you for the new password. For security reasons, the characters of the password are not
displayed. The default password is radware.
This command is available only to the radware user and Administrator users.
Syntax
system user password vision-tech
493

system version
Displays the current APSolute Vision version and the versions of its components.
Syntax
system version
494
Chapter 24 Using vDirect with APSolute Vision

The following topics describe using vDirect with APSolute Vision:
vDirect-APSolute Vision IntegrationOverview, page 495
Accessing the vDirect Configuration Interface of the APSolute Vision Server, page 495
Managing Devices in APSolute Vision with vDirect, page 496
vDirect-APSolute Vision IntegrationOverview

The APSolute Vision 3.40.00 installation includes vDirect version 3.20.
Users with the proper roles can use vDirect with APSolute Vision to do the following:
Add and delete Alteon and DefensePro devices to the devices that the APSolute Vision manages.
Change the and delete Alteon and DefensePro devices to the devices that the APSolute Vision
manages.
Use the Administrative Scripts feature.
Accessing the vDirect Configuration Interface of the

APSolute Vision Server
The role-based access control (RBAC) configurations of both the APSolute Vision server and
APSolute Vision vDirect manage the access to the APSolute Vision vDirect configuration interface.
Users defined only in vDirect cannot log in to APSolute Vision.
APSolute Vision users who are defined with the Administrator or Vision Administrator role can access
vDirect.
vDirect uses the identity-management (IDM) strings of the Administrator and Vision Administrator
roles to map to an Administrator role in vDirect. The IDM string for the APSolute Vision
Administrator role is SYS_ADMIN. The IDM string for the APSolute Vision Vision Administrator role is
VISION_ADMIN.
Other than Administrator and Vision Administrator, no other APSolute Vision roles can access
vDirect. vDirect maps all other APSolute Vision roles to a vDirect role called defaultRole. The
defaultRole role has no permissions in vDirect, including viewing vDirect.
vDirect supports the following special users: admin, root, and vDirect, which are all mapped to the
vDirect Administrator role.
It is possible that the same username is defined both in APSolute Vision RBAC and vDirect access
control.
You can access vDirect explicitly through the APSolute Vision RBAC by entering vision: before the
usernamefor example, vision:john for a a user named john.
You can access vDirect explicitly through the vDirect access control by entering pam: before the
usernamefor example, pam:john for a a user named john.
Note: For more information on APSolute Vision RBAC, see Role-Based Access Control (RBAC),
page 70.
495

Using vDirect with APSolute Vision
To log in to the vDirect configuration interface of the APSolute Vision server

1.
Open a Web browser, and in the address box, enter https://<hostname|address>:2189

where <hostname|address> is the hostname or IP address of the APSolute Vision server.
The vDirect window opens and displays the following links:
Configuration UI
REST API documentation
SOAP API WSDL
Download Java Client SDK
2.
Click Configuration UI.
3.
4.
User NameYour user name.
PasswordYour user password.
Click Login.
Managing Devices in APSolute Vision with vDirect

APSolute Vision and vDirect Terminology, page 496
APSolute Vision vDirect Sites, page 497
APSolute Vision vDirect Limitations, page 497
Configuring a Container in vDirect, page 497
Managing DefensePro Instances in APSolute Vision vDirect, page 501
APSolute Vision and vDirect Terminology

The terminology for managing Radware devices differs for APSolute Vision and vDirect as follows:
In APSolute Vision, you add a device; whereas in vDirect, you register a device.
A device that you added to APSolute Vision is referred to as a managed device; whereas in
vDirect, the device is referred to as registered.
APSolute Vision categorizes Alteon devices by form factor (standalone, VX, or vADC) and
platform (platform model, VA, or hosting VX-platform model). vDirect calls all Alteon devices
containers. vDirect calls standalone/VA and vADC devices dedicated containers. vDirect calls VX
devices partitioned containers.
496

APSolute Vision vDirect Sites

When you register an Alteon or DefensePro device, adding the device to the associated APSolute
Vision server, vDirect adds the device under a site in the APSolute Vision Device pane called
vDirect. A vDirect site in the Sites and Clusters tree displays the Alteon standalone, vADC, and VA
devices and DefensePro devices. A vDirect site in the Physical Containers tab displays ADC-VXs.
Caution: If you change the name of a vDirect site in the APSolute Vision Device pane, vDirect
does not recognize it later. That is, if you change the name of a vDirect site in the APSolute Vision
Device pane, and you register a new Radware device with APSolute Vision, vDirect will create a new
a vDirect site.
APSolute Vision vDirect Limitations

vDirect in APSolute Vision 3.20.00 includes the following limitations:
For Radware devices that are added to APSolute Vision using APSolute Vision WBM, vDirect
displays IP address of each device, not the specified name.
You cannot register multiple vADCs from multiple VXs in the same operation.
vDirect does not support DefensePro high-availability (HA) clusters.
vDirect does not support Alteon high-availability (HA) clusters.
There are differences in the set of device-access parameters that vDirect and APSolute Vision
expose. For example, APSolute Vision exposes the HTTP and HTTPS parameters, and eventnotification parameters.
If a device managed by APSolute Vision is in Maintenance status, device-synchronization

messages from vDirect do not update APSolute Vision.
The APSolute Vision Lock operation on a device is not enforced on vDirect. That is, the APSolute
Vision and APSolute Vision vDirect can modify a device configuration in parallel. This may cause
conflicting configurations.
Configuring a Container in vDirect

This section comprises the following:
Registering an Alteon Dedicated or Alteon VX Partitioned Container, page 497
Viewing the Resources Related to a Container, page 499
Viewing the vADCs Related to a Partitioned Container (VX), page 500
Registering an ADC of a Partitioned Container, page 500
Modifying a Registered Container, page 501
Unregistering a Container, page 501
Registering an Alteon Dedicated or Alteon VX Partitioned Container

This section describes how to register an Alteon dedicated or Alteon partitioned container.
When you register an Alteon dedicated container, vDirect / APSolute Vision adds the Alteon in the
vDirect site of the Sites and Clusters tree in the APSolute Vision Device pane.
When you register an Alteon partitioned container, vDirect / APSolute Vision adds the Alteon VX in
the vDirect site of the Physical Containers tree of the in the APSolute Vision Device pane.
497

To configure an Alteon Dedicated or Alteon VX Partitioned container

1.
Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 495).
2.
From the upper menu options, select Configuration.
3.
Select Containers.
4.
Click Register.
5.
Select Alteon Dedicated or Alteon VX Partitioned.
6.
Configure the parameters, and then, do the following:

a.
Click Validate to check that your settings are valid.
b.
Click Register to complete the registration process.
Table 397: Alteon Dedicated or Alteon VX Partitioned Parameters
Parameter
Description
Name
The container name.

Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.
Tenants
Assigns the container to one or more tenants. For more information, see
the vDirect documentation.
Address
The IP address where the dedicated ADC container resides. This is the
management IP address as it is defined on the managed device.
CLI User Name
The username for CLI and HTTPS access to the device.

Default: admin
CLI Password
The password for CLI and HTTPS access to the device.

Default: admin
CLI Use SSH
Specifies whether the device uses SSH.

Default: Enabled
CLI Port

Default: 22
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
SNMP Version
SNMP Port
The SNMP port.

Default: 161
User Name
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
498

Table 397: Alteon Dedicated or Alteon VX Partitioned Parameters
Parameter
Description
Authentication Protocol The protocol used for authentication.

(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Values: MD5, SHA, None
Authentication
Password
Default: SHA
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol
The SNMPv3 privacy protocol to use.
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Values: DES, None

Default: DES
SNMP Read Community The SNMP read community name authorized to access the dedicated ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write Community The SNMP write community name authorized to access the dedicated
ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
Viewing the Resources Related to a Container

vDirect displays a list of the resources that are related to the vDirect object you are configuring. You
access the list of related resources as follows:
To view resources related to a container

1. Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
2. From the upper menu options, select Configuration.
3. Select Containers.
4. In the Name column, click the link to the relevant container. The Resources Referencing box
displays the list of resources related to the container.
5. In the Name column, click the link to a resource to view configuration details for that resource.
499

Viewing the vADCs Related to a Partitioned Container (VX)

You can view a list of all vADCs in a container that vDirect / APSolute Vision manages. Managed
vADCs are called registered ADCs. You can also view a list of all vADCs in a container that are not
managed by vDirect. These are called unregistered ADCs.
To view registered vADCs in a container

1.
2.
3.
Select Containers.
4.
In the Name column, click the link to the relevant container.

The Registered ADCs box displays the list of vADCs in the container.
To view unregistered ADCs in a container

1.
2.
3.
Select Containers.
4.
5.
In the Unregistered ADCs box, click Query Unregistered ADCs.
Registering an ADC of a Partitioned Container

When you register an ADC of a partitioned container, vDirect / APSolute Vision adds an Alteon vADC
in the vDirect site of the Sites and Clusters tree in the APSolute Vision Device pane.
Registering an ADC of a partitioned container is similar to configuring APSolute Vision to manage a
vADC hosted by an ADC-VX managed by the same APSolute Vision server (see configure APSolute
Vision to manage one or more vADCs hosted by an ADC-VX managed by the same APSolute Vision
server, page 139).
To register an ADC of a partitioned container

1.
2.
3.
Select Containers.
4.
5.
In the Unregistered ADCs box, click Query Unregistered ADCs.
6.
Select an ADC from the list, and click Register Selected.
500

Modifying a Registered Container

This section describes how to modify a container already defined in the vDirect system.
To modify a registered container instance

4. In the Name column, click the link to the container you want to modify.
5. Make your changes.
6. Click Validate to check that your settings are valid.
7. Click Save to complete the process.
Unregistering a Container
This section describes how to remove a container from the vDirect system.
To unregister a container
4. Click the box to the left of the name of the container you want to unregister.
5. Click Unregister.
6. Click Unregister again to confirm the removal.
Managing DefensePro Instances in APSolute Vision vDirect

This section comprises the following:
Registering a DefensePro Instance, page 501
Modifying a Registered DefensePro Instance, page 503
Unregistering a DefensePro Instance, page 504
Registering a DefensePro Instance

When you register an DefensePro instance in the vDirect / APSolute Vision system, vDirect /
APSolute Vision adds the DefensePro device in the vDirect site of the Sites and Clusters tree in the
APSolute Vision Device pane.
To register a DefensePro instance

501

3.
Select DefensePro.
4.
Click Register.
5.
Configure the parameters, and then, do the following:

a.
Click Validate to check that your settings are valid.
b.
Click Register to complete the registration process.
Table 398: DefensePro Instance Parameters
Parameter
Description
Name
The name of the DefensePro instance.

Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.
Tenants
Configures and adds new tenants to the DefensePro instance. For more
information, see the vDirect documentation.
Address
The management IP address of the DefensePro instance.
CLI User Name
The username for CLI, HTTP, and HTTPS access to the device.
Default: radware
CLI Password
The password for CLI, HTTP, and HTTPS access to the device.
Default: radware
CLI Use SSH
Specifies whether the device uses SSH.

Default: Enabled
CLI Port
The port for SSH or telnet communication with the device.

When SSH is enabled, the default SSH port is 22.
When SSH is disabled, the default Telnet port is 23.
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
SNMP Version

Default: VersionThree
SNMP Port
The SNMP port.
User Name
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Authentication Protocol The protocol used for authentication.

(This parameter is
displayed only when
SNMP Version is
VersionThree.)
502
Values: MD5, SHA, None

Default: SHA

Table 398: DefensePro Instance Parameters
Parameter
Description
Authentication
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol
The SNMPv3 privacy protocol to use.
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Values: DES, None

Default: DES
SNMP Read Community The SNMP read community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write Community The SNMP write community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
Modifying a Registered DefensePro Instance

This section describes how to modify a DefensePro instance already defined in the vDirect system.
To modify a registered DefensePro instance

3. Select DefensePro.
4. In the Name column, click the link to the DefensePro instance you want to modify.
5. Make your changes.
6. Click Validate to check that your settings are valid.
7. Click Save to complete the process.
503

Unregistering a DefensePro Instance

This section describes how to remove a DefensePro instance from the vDirect system.
To unregister a DefensePro instance

1.
2.
3.
Select DefensePro.
4.
Click the box to the left of the name of the DefensePro instance you want to unregister.
5.
Click Unregister.
6.
Click Unregister again to confirm the removal.
504
Appendix A Managing the Online-Help

Package on the Server
This appendix describes managing the online-help package on the APSolute Vision server.
Managing the online-help package is available only to users with the Administrator or Vision
Administrator role.
Managing the online-help package comprises the following:
Upgrading the online-help package that resides in the APSolute Vision server.
Reverting the online help to the original versionthat is, the online help that came with the
installation of the APSolute Vision server.
You can upgrade the online-help package that resides in the APSolute Vision server using the
procedure below (To update the APSolute Vision help on the server, page 506) or using the CLI. For
information on the CLI command, see System Upgrade Commands, page 490.
Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute
Vision Server Advanced Parameters, page 122), APSolute Vision clients access online-help pages
from the server itself or from radware.com. The online help at radware.com is always the latest, but
the files on the server might be out-of-date if a managed device was upgraded or a new device
driver is used.
The help-upgrade procedure requires a valid online-helpupgrade package.
You can download the software upgrade file from the Radware customer portal. The online-help
upgrade package may also be included in the product CD.
The name format of the online-help package is as follows:
APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade
To download the software upgrade file from the Radware customer portal
1.
Open your browser and go to www.radware.com.
2.
At the top right of the window, click My Account, and log in.
3.
At the upper right of the window, click Customer.
505

Managing the Online-Help Package on the Server
4.
Hover over Products, navigate to the relevant product type, and click the relevant productas
shown in the following example.
5.
In the Software Releases tab, click
6.
In the Help Software Upgrade row, click
7.
Save the UPGRADE file to the appropriate location.
(Download Software) for the relevant item.

.
To update the APSolute Vision help on the server

1.
In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2.
In the Online Help section, click the Update. The Upgrade APSolute Vision Help Version dialog
box opens.
3.
Click Browse and navigate to the online-helpupgrade package, and then, click Open.
4.
Click Send. The upgrade utility uploads the package and places the online-help files in the
location in the APSolute Vision server.
To revert the online help to the original version on the APSolute Vision server
1.
In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2.
In the Online Help section, click Revert to Default Help.
506
Appendix B APSolute Vision Database Views

This appendix describes the APSolute Vision MySQL database views.
This appendix contains the following main sections:
Using APSolute Vision Database Views, page 507
View Description and Relationships, page 507
Real-time Data Retention and Aging, page 544
Using APSolute Vision Database Views

You can use the APSolute Vision database views to save and query data according to your specific
requirements.
The system database access CLI commands manage the list of IP addresses that can access the
APSolute Vision MySQL database tables. For information on the commands, see System Database
Commands, page 469.
APSolute Vision supports direct access to the APSolute Vision database for up to 10 distinct IP
addresses.
Caution: Direct access to the APSolute Vision MySQL database may have performance impact on
the behavior of the APSolute Vision server, which is using the same database. Therefore, all queries
must be optimized.
Radware recommends for customers to have their own separate system, which accesses the
APSolute Vision server database and copies the relevant data to it. This enables end-users to access
the separate system, not the APSolute Vision server directly.
Figure 49: Recommended Topology for Using APSolute Vision Database Views
End Users
Customer Service
APSolute Vision server
Customer
datastore
MySQL
APSolute
Vision
database
View Description and Relationships

This section describes the database table views and the relationships between the views:
Security Attacks Tables, page 508
Traffic and Connection Tables, page 537
APSolute Vision Server Information Tables, page 541
507

APSolute Vision Database Views
Security Attacks Tables

The first group of views provide information regarding security attacks. Each instance of a specific
attack is identified by a unique ID generated by the DefensePro device. APSolute Vision uses this ID
to collect all of the information regarding a specific instance of an attack. This identifier is labeled
attack_ip_id/ReportId.
The basic table holding security attack information is the security_attacks_view table. This view
contains high-level attack information, such as the attack name, the attack ID, the attack_ip_id/
reportId, the attack category, the device IP address, the start time, and so on. The rest of the
views containing detailed attack information are connected to the security_attacks_view using the
attack_ip_id/reportId field.
The single exception is the attack_description_view. This table holds the detailed attack
descriptions, and the link to the security_attacks_view is the radware_id field. This is a unique
identifier for each signature configured on the device. This table enables looking up the detailed
description using the radware_id of the signature.
This following sections describe the views, which are as follows:
attack_description_view, page 510
anti_scan_attack_reports_view, page 510
anti_scan_event_samples_view, page 511
anti_scan_footprints_view, page 512
bdos_attack_attrs_view, page 513
bdos_attack_footprints_view, page 514
bdos_attack_statistics_view, page 515
bdos_attack_tcp_statistics_view, page 516
dns_attack_attrs_view, page 518
dns_attack_footprints_view, page 519
dns_attack_statistics_view, page 520
http_blocking_rules_view, page 521
http_initial_statistics_view, page 522
http_protections_view, page 523
packet_reports_view, page 524
pps_attack_info_view, page 525
sampling_attacks_view, page 526
security_attack_packet_id_view, page 527
security_attacks_view, page 529
srv_protect_atck_details_view, page 533
srv_protect_block_details_view, page 534
srv_protect_event_details_view, page 534
srv_protect_event_messages_view, page 535
syn_flood_attack_info_view, page 535
508

Figure 50: Security Attacks Tables

security_attacks_view
ReportId (attack_ip_id)
DeviceIp
Event Name
Group Name
RadwareID (radware_id)
Service
orm_id
anti_scan_attack_reports_view
attack_ips_id
anti_scan_event_samples_view
radware_id
attack_description_view
radware_id
name
attack_ips_id
attack_ips_id
anti_scan_footprints_view
attack_ips_id
http_blocking_rules_view
attack_ips_id
http_initial_statistics_view
bdos_attack_footprints_view
attack_ips_id
attack_ips_id
attack_ips_id
http_protections_view
bdos_attack_attrs_view
attack_ips_id
attack_ips_id
attack_ips_id
bdos_attack_statistics_view
attack_ips_id
srv_protect_atck_details_view
attack_ips_id
bdos_attack_tcp_statistics_view
attack_ips_id
srv_protect_event_details_view
attack_ips_id
attack_ips_id
syn_flood_attack_info_view
attack_ips_id
orm_id
srv_protect_block_details_view
attack_ips_id
attack_ips_id
srv_protect_event_messages_view
message
pps_attack_info_view
attack_ips_id
attack_ips_id
security_attack_packet_id_view
attack_ips_id
dns_attack_attrs_view
Packet_id
attack_ips_id
dns_attack_footprints_view
attack_ips_id
packet_id
packet_reports_view
attack_ips_id
packet_id
attack_ips_id
dns_attack_statistics_view
attack_ips_id
sampling_attacks_view
attack_ips_id
attack_ips_id
509

attack_description_view
This is a view of the table that stores a textual description of the relevant attack/filter, based on the Attack Description file.
Table 399: attack_description_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
name
varchar(255)
YES
The attack name.
radware_id
int(11)
YES
The unique ID of the attack.
content
text
YES
The textual description of the relevant attack.
Table 400: attack_description_view_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
attack_description
PRIMARY
orm_id
This is a view of the table that stores the data in the attack info section of the attack details screen for anti-scan attack details.
Table 401: anti_scan_attack_reports_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
The start time of the current attack.
avg_time_between_events
float
YES
number_of_events
bigint(20)
YES
The number of sessions attempts in this attack.
blocking_duration
bigint(20)
YES
The blocking duration, in seconds, of the attacker source IP address.
source_address
varchar(255)
YES
The attack source IP address.
510
Key
Description
MUL
The unique ID of the related attack instance.

Table 401: anti_scan_attack_reports_view Fields (cont.)
Field
Type
Null
scan_protection_actual_action
smallint(6)
YES
Key
Description
Enum values:
scan_reason
smallint(6)
YES
Forward=1
Drop=2
Describes the difference between the configured action and the actual
action.
Enum and corresponding values:
1Configuration
2Footprint-accuracy-level
3Multiple-probed-ports
Table 402: anti_scan_attack_reports_view Index
Table
Non-unique
Key Name
Sequence in Index Column Name
anti_scan_attack_reports
anti_scan_attack_reports_1ix
attack_ips_id
This is a view of the table that stores scanning (and cracking) attack details. DefensePro can send several matched packets used during attack
detection. The information is sent over IRP.
Table 403: anti_scan_event_samples_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
The start time of the current attack.
destination_address
varchar(255)
YES
The destination IP address of the scan.
destination_port
int(11)
YES
The destination port of the scan.
flag
varchar(255)
YES
The TCP packet type. This is displayed only for TCP traffic.
Key
Description
MUL
511

Table 403: anti_scan_event_samples_view Fields (cont.)
Field
Type
Null
icmp_msg_type
varchar(255)
YES
Key
Description
The ICMP message type, for example: Echo reply, Destination Unreachable,
Router Advertisement, Router Solicitation, Traceroute, and so on.
Table 404: anti_scan_event_samples_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
anti_scan_event_samples
anti_scan_event_samples_1ix
attack_ips_id
This is a view of the table that stores anti-scan footprints related to specific attack instances.
Table 405: anti_scan_footprints_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
The start time of the related attack.
scan_direction
smallint(6)
YES
The scan direction.
strictness_level
smallint(6)
YES
The desired footprint strictness level. If a created footprint does

not match the desired strictness, the attack will not be blocked.
footprint_text
text
YES
The text of the footprint.
Table 406: anti_scan_footprints_view Index
Table
Non-unique
Sequence in Index
Column Name
anti_scan_footprints
anti_scan_footprints_1ix
512
attack_ips_id

This is a view of the table that stores the data displayed in the Attack Info section of the window with BDoS attack details in the Security
Table 407: bdos_attack_attrs_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
l4_checksum
varchar(255)
YES
The L4 checksum.
tcp_sequence_number
varchar(255)
YES
The TCP sequence number.
ip_id_number
varchar(255)
YES
The IP ID number.
dns_id
varchar(255)
YES
The DNS ID.
dns_query
varchar(255)
YES
The DNS query.
dns_q_count
varchar(255)
YES
The DNS Q count.
source_port
varchar(255)
YES
The source port of the BDoS attack.
fragmentOffset
varchar(255)
YES
The fragment offset.
flow_label
varchar(255)
YES
The flow label.
source_ip
varchar(255)
YES
The source IP address.
to_s
varchar(255)
YES
The ToS.
packet_size
varchar(255)
YES
The packet size in bytes.
destination_port
varchar(255)
YES
The source port of the BDoS attack.
destination_ip
varchar(255)
YES
The destination IP address of the attack.
fragment
varchar(255)
YES
The fragment.
icmp_message_type
varchar(255)
YES
The ICMP message type.
ttl
varchar(255)
YES
The TTL.
Key
Description
MUL
513

Table 407: bdos_attack_attrs_view Fields (cont.)
Field
Type
Null
controller_state
smallint(6)
YES
Key
Description
The protection state.
1non-attack
2footprint-analysis
3blocking
4suspicious-activities
5non-strict-footprint
Table 408: bdos_attack_attrs_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_attrs
bdos_attack_attrs_1ix
attack_ips_id
This is a view of the table that stores BDoS footprints related to specific instances of BDoS attacks.
Table 409: bdos_attack_footprints_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
The attack start time.
footprint_text
text
YES
time_stamp
timestamp
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the

time the data was received.
514
Key
Description
MUL
The unique ID of the attack instance.

Table 410: bdos_attack_footprints_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_footprints
bdos_attack_footprints_1ix
attack_ips_id
This is a view of the table that stores data displayed in the Attack Statistics Table in the of the window with BDoS attack details in the Security
Table 411: bdos_attack_statistics_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
direction
smallint(6)
YES
Key
Description
MUL

The direction.
1in
2out
3unknown
515

Table 411: bdos_attack_statistics_view Fields (cont.)
Field
Type
Null
protection
smallint(6)
YES
Key
Description
The protection.
1UDP
2ICMP
3IGMP
4TCP SYN
5TCP RST
6TCP ACK
7TCP ACK PSH
8TCP ACK FIN
10TCP FRAG
11TCP
21UDP FRAG
start_time
bigint(20)
YES
The start time, in hh:mm:ss format, of the related attack.
graph_values
varchar(255)
YES
The units of value is Kbps.
Table 412: bdos_attack_statistics_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_statistics
bdos_attack_stat_1ix
attack_ips_id
This is a view of the table that stores data displayed in the Attack Statistics Table with BDoS attack details in the Security Monitoring perspective.
Table 413: bdos_attack_tcp_statistics_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
516
Key
Description

Table 413: bdos_attack_tcp_statistics_view Fields (cont.)
Field
Type
Null
Key
Description
attack_ips_id
varchar(255)
YES
MUL
direction
smallint(6)
YES
The direction.
counter_protection_mode
smallint(6)
YES
1in
2out
3unknown
The counter protection mode.

1TCP
2UDP
3ICMP
4IGMP
5TCP-SYN
6TCP-RST
7TCP-ACK
8TCP-ACK-PSH
9TCP-ACK-FIN
10TCP-SYNC-ACK
11TCP-FRAG
start_time
bigint(20)
YES
graph_values
varchar(255)
YES
The units of value is Kbps.
Table 414: bdos_attack_tcp_statistics
Table
Non-unique
Key Name
Sequence in Index
Column Name
bdos_attack_tcp_statistics
bdos_attack_tcp_stat_1ix
attack_ips_id
517

This is a view of the table that stores data displayed in the Attack Info section of the window with DNS-flood attack details in the Security
Table 415: dns_attack_attrs_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
l4_checksum
varchar(255)
YES
The L4 checksum.
ip_id_number
varchar(255)
YES
The IP ID number
dns_id
varchar(255)
YES
The DNS ID
dns_query_name
varchar(255)
YES
The DNS query name
dns_q_count
varchar(255)
YES
The DNS Q count.
dns_a_count
varchar(255)
YES
The DNS A count.
flags
varchar(255)
YES
The flags.
packet_size
varchar(255)
YES
The packet size in bytes.
destination_port
varchar(255)
YES
The destination port.
destination_ip
varchar(255)
YES
The destination IP address.
ttl
varchar(255)
YES
The TTL.
controller_state
smallint(6)
YES
The Controller State
518
1non-attack
2footprint-analysis
3blocking
4suspicious-activities
5non-strict-footprint

Table 415: dns_attack_attrs_view Fields (cont.)
Field
Type
Null
action_type
smallint(6)
YES
Key
Description
The reported action against the attack.
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
10drop-and-quarantine
Table 416: dns_attack_attrs_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_attrs
PRIMARY
orm_id
dns_attack_attrs
dns_attack_attrs_1ix
attack_ips_id
This is a view of the table that stores DNS attack footprints related to a specific attack instance.
Table 417: dns_attack_footprints_view Fields
Field
Type
Null
Key
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
Description
The unique ID of attack instance.
519

Table 417: dns_attack_footprints_view Fields (cont.)
Field
Type
Null
Key
Description
footprint_text
text
YES
time_stamp
datetime
YES
The timestamp. Not used by APSolute Vision.
Table 418: dns_attack_footprints_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_footprints
PRIMARY
orm_id
dns_attack_footprints
dns_attack_footprints_1ix
attack_ips_id
This is a view of the table that provides data for the Attack Statistics Table in the of the window with DNS-flood attack details in the Security
Table 419: dns_attack_statistics_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
direction
smallint(6)
YES
Key
Description
MUL

The direction.
520
1in
2out
3unknown

Table 419: dns_attack_statistics_view Fields (cont.)
Field
Type
Null
protection
smallint(6)
YES
Key
Description
The protection.
12A
13MX
14PTR
15AAAA
16Text
17SOA
18NAPTR
19SRV
20Other
start_time
bigint(20)
YES
graph_values
varchar(255)
YES
The value.
Table 420: dns_attack_statistics_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
dns_attack_statistics
dns_attack_stat_1ix
attack_ips_id
This is a view of the table that stores details for HTTP-flood attacks.
Table 421: http_blocking_rules_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
Key
Description
MUL

Field not in use.
521

Table 421: http_blocking_rules_view Fields (cont.)
Field
Type
Null
Key
Description
source_ip_address
varchar(255)
YES
The source IP address.
request_uri
text
YES
The requested URI.
bypass
bit(1)
YES
The bypass.
source_nums
int(11)
YES
The blocked sources.
Table 422: http_blocking_rules_view Index
Table
Non-unique
Key Name
http_blocking_rules
http_blocking_rules_1ix
attack_ips_id
This is a view of the table that stores details displayed for HTTP-flood attacks, which are displayed in the Current Attacks table.
Table 423: http_initial_statistics_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
Field not in use.
is_normal
bit(1)
YES
The Anomaly or Normal statistics type.
R_C
int(11)
YES
The GET and POST requests/sec.
other_C
int(11)
YES
The Other HTTP requests/sec.
outB_C
float
YES
The Outbound Kbps.
S_R_C
int(11)
YES
The GET and POST per source/sec.
con_R_C
int(11)
YES
The GET and POST per connection.
normal_LTD
text
YES
The normal bin values of sizeDistribStatistics graph in HTTP-flood attack

details.
522
Key
Description
MUL

Table 423: http_initial_statistics_view Fields (cont.)
Field
Type
Null
rate_STD
text
YES
Key
Description
The anomaly bin values of sizeDistribStatistics graph in HTTP-flood attack
details.
Table 424: http_initial_statistics_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
http_initial_statistics
http_initial_stat_1ix
attack_ips_id
This is a view of the table that stores data displayed in the Attack Statistics Table with HTTP-flood attack details in the Security Monitoring
perspective.
Table 425: http_protections_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
start_time
bigint(20)
YES
old_protection_state
varchar(255)
YES
Field not in use.
new_protection_state
varchar(255)
YES
The Protection State.
old_protection_action
varchar(255)
YES
Field not in use.
old_mitigation_state
varchar(255)
YES
Field not in use.
new_mitigation_state
varchar(255)
YES
The mitigation mode.
new_protection_action
varchar(255)
YES
The action.
rate_limit_factor
varchar(255)
YES
Field not in use.
mitigation_mode
varchar(255)
YES
Field not in use.
characterization_mode
varchar(255)
YES
Field not in use.
escalation_mode
varchar(255)
YES
The mitigation flow.
Key
Description
MUL
523

Table 425: http_protections_view Fields (cont.)
Field
Type
Null
Key
Description
challenge_mode
varchar(255)
YES
The Challenge method.
challenged_candidates
int(11)
YES
The challenged sources.
suspicious_sources
int(11)
YES
The suspicious sources.
web_utilization
int(11)
YES
The HTTP Authentication Table Utilization [%].
Table 426: http_protections_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
http_protections
http_protections_1ix
attack_ips_id
packet_reports_view
This is a view of the table that stores traffic-capture packets related to a specific attack instance. Each attack can have multiple stored packets.
The relationship between the attack and the packet ID is stored in the security_attack_packet_id table.
Note: DefensePro cannot capture GRE-encapsulated packets or outgoing ICMP packets.
Table 427: packet_reports_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
start_time
bigint(20)
YES
MUL
Field not in use.
packet_id
varchar(255)
YES
MUL
The unique ID of the packet capture file.
packet_type
smallint(6)
YES
Field not in use.
packet_contents
tinyblob
YES
The content of packet capture file.
524

Table 428: packet_reports_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
packet_reports
packet_report_indx
start_time
packet_reports
packet_id_indx
packet_id
This is a view of the table that stores attack information of DoS attacks.
Table 429: pps_attack_info_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
Field not in use.
attacker_ip
varchar(255)
YES
The source IP address (Attacker).
protected_host
varchar(255)
YES
The protected host.
protected_port
int(11)
YES
The protected port.
action
varchar(255)
YES

1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
525

Table 429: pps_attack_info_view Fields (cont.)
Field
Type
Null
Key
Description
attack_duration
bigint(20)
YES
The attack duration, in seconds.
attack_rate
bigint(20)
YES
The attack rate, in seconds.
attack_total_drop_rate
bigint(20)
YES
The the average dropped packets rate, per second.
Table 430: pps_attack_info_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
pps_attack_info
pps_attack_info_1ix
attack_ips_id
This is a view of the table that stores information on security attacks, based on security SNMP traps (identified by OID), where the type is
sampling. These traps have the same format as regular security traps that trigger a Security Attack entry update.
Table 431: sampling_attacks_view Fields
Field
Type
Null
Key
orm_id
varchar(255)
NO
PRI
attack_ips_id
varchar(255)
YES
MUL
vlan_tag
varchar(255)
YES
start_time
bigint(20)
YES
source_address
varchar(255)
YES
The source IP address of the attack. If there are multiple IP sources for an attack,
this field displays Multiple.
source_port
varchar(255)
YES
The source port of the attack (may be multiplied).
dest_address
varchar(255)
YES
The destination IP address of the attack (may be multiplied).
dest_port
varchar(255)
YES
The destination port of the attack (may be multiplied).
physical_port
smallint(6)
YES
The port on the device to which the attack packets arrived.
526
Description
The VLAN tag value.
MUL
The start time of the attack, in milliseconds, according to the time on the APSolute
Vision server, when the trap was received.

Table 431: sampling_attacks_view Fields (cont.)
Field
Type
Null
mpls_rd
varchar(255)
YES
Key
Description
The Multiprotocol Label Switching Route Distinguisher. This value is used to generate
reports for each customer.
The value of N/A or 0 in this field indicates that the MPLS RD is not available.
attack_protocol
smallint(6)
YES
The transmission protocol used to send the attack.

1IP
2TCP
3UDP
4ICMP
5IGMP
6NonIP
7SCTP
8ICMPV6
Table 432: sampling_attacks_view Fields Indexes
Table
Non-unique
Key Name
Sequence in Index
Column Name
sampling_attacks
PRIMARY
orm_id
sampling_attacks
sampling_attacks_Idx
start_time
sampling_attacks
sampling_attack_ips_id_Idx
attack_ips_id
This is a view of the table that stores data that link a packet (traffic capture) to a specific attack instance.
Table 433: security_attack_packet_id_view Fields
Field
Type
Null
Key
orm_id
varchar(255)
NO
MUL
fkc_attack_id
varchar(255)
YES
MUL
Description
527

Table 433: security_attack_packet_id_view Fields (cont.)
Field
Type
Null
Key
Description
packet_id
varchar(255)
YES
MUL
The unique ID of the packet capture file.
start_time
bigint(20)
YES
Field not in use.
Table 434: security_attack_packet_id_view Index
Table
Non-unique
Key Name
security_attack_packet_id
FKCDA4D4052EB94D2E
fkc_attack_id
security_attack_packet_id_orm_id_idx
orm_id
security_attack_packet_id_packet_id_idx
packet_id
528

This is a view of the table that stores security attack information.
Table 435: security_attacks_view Fields
Field
Type
Description
ActionMode
Smallint(6)
The action mode.

Enums and corresponding values:
1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
11http-200-ok
12http-200-ok-dest-reset
13http-403-forbidden
14http-403-forbidden-dest-reset
Date
Varchar()
The date, in dd/mm/yyyy format, calculated in the APSolute Vision view based on the APSolute
Vision full timestamp column - longtime.
DestAdd
Varchar(255)
The attack destination IP address.
DestPort
Varchar(255)
The attack destination port.
DeviceIp
varchar(255)
The DefensePro IP address that detected the attack.
EventName
Varchar(255)
The attack name.
GroupName
Varchar(255)
The policy name.
LongTime
Bigint(20)
The full date and time in milliseconds the attack started.
529

Table 435: security_attacks_view Fields (cont.)
Field
Type
Description
PacketBandwidth
Bigint(20)
For most protections, this value is the volume of the attack, in kilobits, from when the attack started.
For SYN protection (SYN cookies), this value is the number of SYN packets dropped, multiplied by 60
bytes (the SYN packet size).
PacketCount
Bigint(20)
The total packet count of the attack.
PhysicalPort
Smallint(6)
The port.
Protocol
Smallint(6)
The attack protocol.

RadwareId
Bigint(20)
Risk
Smallint(6)
1IP
2TCP
3UDP
4ICMP
5IGMP
6Non IP
7SCTP
8ICMPv6
The Radware ID of the attack. All attacks of the same attack_name have the same radware_Id.
The attack risk level.
530
1Info
2Low
3Medium
4High

Field
Type
Description
Service
Smallint(6)
The category (DoS, Intrusions, Anomalies, and so on).

1ACL
2Anti-Scanning
3Behavioral DoS
4DoS
5HTTP Flood
6Intrusions
7Server Cracking
8SYN Flood
9Anomalies
10Stateful ACL
11DNS
12BWM
SourceAdd
Varchar(255)
The attack source IP address.
SourcePort
Varchar(255)
The attack source port.
Status
Smallint(6)
The attack status.

1start
2term
3sampled
4occur
5ongoing
Time
Varchar()
The time, in hh:mm:ss format, calculated in the APSolute Vision view based on the APSolute Vision
full timestamp column - start_time.
VlanTag
Varchar(255)
The VLAN tag.
ReportId
Varchar(255)
The distinct ID per attack instance.
531

Field
Type
Description
EndTime
Bigint(20)
The full time, in milliseconds, that the attack ended. When an attack starts, the start time is placed in
this column. This value is updated only once the attack is terminated. continuously updated with
every related SNMP trap.
MplsRd
Varchar(255)
Direction
Smallint(6)
The direction.
Enum values:
ThreatGroup
Smallint(6)
1In
2Out
3Unknown
The threat type.

Enum values:
OrmId
532
Varchar(255)
1Black List
2Network Scans
3Application DDoS
4Intrusion
5Packet Anomalies
6Server Cracking
7DDoS
8Stateful ACL
9Bandwidth Management
The internal row numbering.

This is a view of the table that stores details for Server Cracking attacks.
Table 436: srv_protect_atck_details_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
attacker_ip
varchar(255)
YES
The source IP address (attacker).
start_time
bigint(20)
YES
Field not in use.
protected_host
varchar(255)
YES
The protected host.
protected_port
int(11)
YES
The protected port.
attacker_url
varchar(255)
YES
The attacker URL.
action
varchar(255)
YES

1forward
2proxy
3drop
4source-reset
5dest-reset
6source-dest-reset
7bypass
8challenge
9quarantine
Table 437: srv_protect_atck_details_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_atck_details
srv_protect_atck_details_1ix
attack_ips_id
533

This is a view of the table that stores details of attacks identified by a Server Protection policy.
Table 438: srv_protect_block_details_view Fields
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_block_details
srv_protect_block_details_1ix
attack_ips_id
This is a view of the table that stores details of attacks identified by a Server Protection policy.
Table 439: srv_protect_event_details_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
MUL
start_time
bigint(20)
YES
Field not in use.
protocol
smallint(6)
YES
The protocol.
1IP
2TCP
3UDP
4ICMP
5IGMP
6Non-IP
7SCTP
8ICMPv6
Table 440: srv_protect_event_details_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_event_details
srv_protect_event_details_1ix
attack_ips_id
534

This is a view of the table that stores samples of matched packets used during attack detection of Server Cracking (and Anti-Scan) attacks.
Table 441: srv_protect_event_messages_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
message
varchar(255)
YES
The content of event messages table.
start_time
bigint(20)
YES
Field not in use.
Table 442: srv_protect_event_messages_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
srv_protect_event_messages
FKA3A85DD3C3E1C26
fkc_event_details_id
srv_protect_event_messages
srv_protect_event_messages_1ix
This is a view of the table that stores SYN-flood-attack information.
Table 443: syn_flood_attack_info_view Fields
Field
Type
Null
orm_id
varchar(255)
NO
attack_ips_id
varchar(255)
YES
dest_address
varchar(255)
YES
Traffic destination IP address.
dest_port
int(11)
YES
Traffic destination port.
start_time
bigint(20)
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the time the
data was received.
threshold
bigint(20)
YES
The minimum number of packets per second that trigger a SYN protection
attack.
established
bigint(20)
YES
Field not in use.
Key
Description
MUL
535

Table 443: syn_flood_attack_info_view Fields (cont.)
Field
Type
Null
spoofed
bigint(20)
YES
The number of established, spoofed TCP connections per second during the
attack life cycle (aggregated). These are the sessions that were established
through the SYN-cookies mechanism or were passed through the SYN
protection trusted list.
no_data
bigint(20)
YES
Field not in use.
attack_rate
bigint(20)
YES
The average rate of spoofed SYNs and data connection attempts per second,
calculated every 10 seconds.
web_utilization
bigint(20)
YES
The current utilization, in percent, of the Table Authentication table.
tcp_utilization
bigint(20)
YES
The current utilization, in percent, of the TCP Authentication table.
tcp_tcpChallenge
smallint(6)
YES
http_tcpChallenge
smallint(6)
Key
YES
Description
1Safe-Reset
2Transparent proxy
1302 Redirect
2JavaScript
Table 444: syn_flood_attack_info_view Index
Table
Non-unique Key Name
Sequence in Index
Column Name
syn_flood_attack_info
attack_ips_id
536
syn_flood_attack_info_1ix

Traffic and Connection Tables

The second group of views provide information regarding device traffic and connections. The information is not related to specific attacks, and
there are no dependencies between views in this group.
concurrent_connections_view, page 537
connection_statistics_view, page 538
traffic_utilizations_view, page 539
Figure 51: Traffic and Connections Tables

concurrent_connections_view
traffic_utilizations_view
connecction_statistics_view
device_ip
policy_name
device_ip
policy_name
physical_port
device_ip
policy_name
physical_port
This is a view of the table that stores the rate of current connections per protocol (TCP /UDP).
Table 445: concurrent_connections_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
tcp_conn_per_sec
bigint(20)
YES
The TCP connections per second.
udp_conn_per_sec
bigint(20)
YES
The UDP connections per second.
policy_name
varchar(255)
YES
The protection policy name.
time_stamp
timestamp
YES
The timestamp when the data was received by APSolute

Vision.
device_ip
varchar(255)
YES
The device IP (statistics sender).
Table 446: concurrent_connections_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
concurrent_connections
PRIMARY
orm_id
537

connection_statistics_view
This is a view of the table that stores connection-rate statistics of inbound and outbound traffic for selected port pairs (or selected policy) and
protocols (TCP/UDP).
Table 447: connection_statistics_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
physical_port
smallint(6)
YES
MUL
policy_name
varchar(255)
YES
The protection policy name.
policy_direction
smallint(6)
YES
The policy direction.
The physical port number.
tcp_conn_per_sec
1Inbound
2Outbound
3Both
int(11)
YES
The TCP connections per second.
udp_conn_per_sec int(11)
YES
The UDP connections per second.
time_stamp
timestamp
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the time the
data was received.
device_ip
varchar(255)
YES
The device IP (statistics sender).
Table 448: connection_statistics_view Indexes
Table
Non-unique
Key Name
Sequence in Index
Column Name
conncection_statistics
PRIMARY
orm_id
conncection_statistics
CON_STAT_PORT_TBL_INDX
physical_port
538

This is a view of the table that stores data regarding the traffic the device saw in the last reporting interval.
Table 449: traffic_utilizations_view Fields
Field
Type
Null
Key
Description
orm_id
varchar(255)
NO
PRI
physical_port
smallint(6)
YES
MUL
policy_name
varchar(255)
YES
The policy name. The pr policy report will include per policy received
statistics and per policy dropped statistics.
policy_direction
smallint(6)
YES
The DP port the traffic went through.
1Inbound
2Outbound
3Both
traffic_value
decimal (20,0)
YES
The total amount of traffic for the protocol and port identified in the row.
num_discards
decimal (20,0)
YES
The amount of discarded traffic for the protocol and port identified in the
row.
num_excluded
decimal (20,0)
YES
The graph displays excluded inbound traffic and excluded outbound traffic
only when the Traffic Exclusion option is enabled. When the Traffic
Exclusion option is enabled, the device passes through all traffic that
matches no network policy configured on the device. Excluded counters will
show zero when traffic exclusion feature is disabled or does not exist (nonEZchip platforms).
unit_id
smallint(6)
YES
The units for the traffic rate.

1Kbps
2PPS
539

Table 449: traffic_utilizations_view Fields (cont.)
Field
Type
Null
traf_mon_protocols
smallint(6)
YES
Key
Description
The protocol for the statistics.
1UDP
2TCP
3ICMP
4Other
5All
6SCTP
7IGMP
8DNS
9HTTP
time_stamp
timestamp
YES
The timestamp, in milliseconds, on the APSolute Vision server, at the time

the data was received.
device_ip
varchar(255)
YES
The IP address of the DefensePro device.
Table 450: traffic_utilizations_view Index
Table
Non-unique
Key Name
Sequence in Index
Column Name
traffic_utilizations
PRIMARY
orm_id
traffic_utilizations
TRAFF_UTIL_PORT_TBL_INDX
physical_port
540

APSolute Vision Server Information Tables

The third group of views provide information regarding the APSolute Vision server. The information
is not related to specific attacks, and there are no dependencies between views in this group.
audit_table_view, page 541
alert_view, page 543
Figure 52: APSolute Vision Server Information Tables

alert_view
audit_table_view
ID
audit_id
audit_table_view
This is a view of the table that stores audit information.
Table 451: audit_table_view Fields
Field
Type
Description
audit_id
Varchar(255)
messagetype
Smallint(6)
Each audit message type has a unique ID, which

is related to the audit description (see Table 452
- Message Types Mapped to Descriptions, page
542).
severity
Smallint(6)
The severity.
1Emergency
2Alert
3Critical
4Error
5Warning
6Notice
7Info
8Debug
createddate
Timestamp
The timestamp for the entry.
description
Text
The description related to the message type,

containing the specific alert information. See
Table 452 - Message Types Mapped to
Descriptions, page 542.
userParams_userName l
Varchar(255)
The username.
userParams_contactInformation Varchar(255)
The contact information.
deviceParams_deviceName
Varchar(255)
The device name.
deviceParams_deviceType
Varchar(255)
The device type.

2DefensePro
3APSolute Vision
5Alteon
541

Table 451: audit_table_view Fields (cont.)
Field
Type
Description
deviceParams_deviceOrmId
Varchar(255)
The internal APSolute Vision identifier per

device.
deviceParams_deviceIP
Varchar(255)
The device IP address.
deviceParams_deviceDate
Timestamp
The following table lists the message types that APSolute Vision supports and the corresponding
description templates.
Table 452: Message Types Mapped to Descriptions
Message Type
Description Template
Added user <Username>.
Changed password expiration date for user <Username>.
User <Username> changed password.
Deleted user <Username>.
Enabled user <Username>.
Disabled user <Username>.
User <Username> was locked.
User <Username> was unlocked.
User <Username> successfully logged in.
10
User <Username> failed to login.
11
Changed password for user <Username>.
12
Changed name for user <Username> to <Username>.
13
Changed properties for user <Username>.
14
Changed properties for user <Username>.
15
User <Username> logged out.
16
N/A - for future use
17
18
19
20
21
22
23
24
25
User <Username> has credentials error.
26
27
Added Configuration template <TemplateName>.
28
Updated Configuration template <TemplateName>.
29
Deleted Configuration template <TemplateName>.
30
Propagated Configuration template <TemplateName>.
542

Table 452: Message Types Mapped to Descriptions (cont.)
Message Type
Description Template
31
Failed to propagate Configuration template <TemplateName>.
32
Updating Configuration template <TemplateName> failed because

<FailureReason>.
alert_view
This is a view of the table that stores device alerts and APSolute Vision alerts.
Table 453: alert_view Fields
Field
Type
ID
Bigint(20)
module
Smallint(6)
devicetype
severity
Smallint(6)
Smallint(6)
Description
The module, represented as an integer, according to the
following mapping:
1Device Security
2Device General
3Vision General
4Vision Configuration
5Vision Control
6Security Reporting
The device type, represented as an integer, according to the

following mapping:
2DefensePro
3APSolute Vision
5Alteon
The severity, represented as an integer, according to the

following mapping:
1Critical
2Major
3Minor
4Warning
5Info
raisedtime
Timestamp
The time the alert was triggered.
message
Text
The alert message.
username
Varchar(255)
The username.
deviceormid
Varchar(255)
The internal Vision identifier per device.
deviceip
Varchar(255)
The device IP address.
devicename
Varchar(255)
The device name.
trapsid
Varchar(255)
The OID of the trap, if the alert was received via a trap.
port
Varchar(255)
The port.
cleared
Bit(1)
The flag to mark whether the alert was cleared.
clearedtime
Timestamp
The time the alert was cleared.
acknowledged
Bit(1)
The flag to mark whether the alert was acknowledged.
543

Table 453: alert_view Fields (cont.)
Field
Type
Description
acknowledgedtime
Timestamp
The time the alert was acknowledged.
mailed
Bit(1)
The flag to mark whether the alert was mailed.
Real-time Data Retention and Aging

APSolute Vision stores real-time data in its database, which enables real-time reporting. APSolute
Vision Reporter (AVR)which reports historical security-attack informationpolls the relevant
database tables every few minutes, processes and copies the information into its own data store.
APSolute Vision automatically ages the real-time data from its database.
Note: AVR does not support Alteon.

The following tables list the retention/aging times for the relevant APSolute Vision real-time data.
Table 454: Database Table Retention/Aging TimesSecurity Attacks Tables
View
Retention/Aging Time (in Hours)
24
25
25
25
25
25
25
25
25
25
25
At least 1 hour
25
packet_reports_view
24
25
24
24
24
25
25
25
25
25
544

Table 455: Database Table Retention/Aging TimesTraffic and Connection Tables
View
Retention/Aging Time (in Hours)
connection_statistics_view
545

546
Appendix C APSolute Vision Log Messages

and Alerts
This appendix lists log messages and alerts that APSolute Vision may issue.
Many of the log messages and alerts also include a unique numeric ID. The tables in the following
sections display the ID when available.
When APSolute Vision receives a log message or alert that a managed device issues, APSolute Vision
displays the log message or alert with the ID 20000 or 30000.
Some messages or alerts comprise two versions, depending on whether the detailed auditing is
enabled (Enable Detailed Auditing of APSolute Vision Activity and Enable Detailed Auditing
of Device Configuration Changes). For more information, see Configuring Settings for the Alerts
Pane, page 95.
This appendix comprises the following sections:
Global Parameters, page 548
Advanced Parameters, page 548
Alert Browser Settings, page 549
Connection Settings, page 550
Monitoring Settings, page 551
RADIUS Configuration, page 552
Security Alert Settings, page 553
TACACS+ Configuration Settings, page 553
Warning Threshold Settings, page 554
SharePath Settings, page 555
APSolute Vision License Settings, page 555
Upload Logo Settings, page 555
Device Operation Alerts, page 556
Audit Message Type Enum, page 558
HTTPS Communication Check, page 559
RSA Update on the Device, page 560
Operation Constant, page 560
Audit Messages, page 561
Alert Mail Notifier, page 562
Scheduled Task Alerts, page 562
General, page 564
Alerts from CLI, page 564
Device Configuration Audit Messages, page 566
547

APSolute Vision Log Messages and Alerts
Global Parameters
The following table lists the messages that are triggered by actions performed on global parameters.
The value in the Type column identifies whether the message is regular (R), or detailed (D) when
detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
Table 456: Global Parameters
ID
Type
Message
User <username> has changed the default password for other users.
User <username> has changed the default Password for the user radware.
User <username> has changed the User Statistics Storage
User <username> has changed the User Statistics Storage to <value>.
User <username> has changed the Number of Password Challenges.
User <username> has changed the Number of Password Challenges to <value>.
User <username> has changed the Number of Last Passwords Saved.
User <username> has changed the Number of Last Passwords Saved to value
<value>.
User <username> has changed the Password Validity Period
User <username> changed the setting that users must change their password at
first login.
User <username> changed the setting that users must change their password at
first login to <value>.
Advanced Parameters
The following table lists the messages that are triggered by actions performed on advanced
parameters. The value in the Type column identifies whether the message is regular (R), or detailed
(D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
Table 457: Advanced Parameters
ID
Type
Message
User <username> has changed the Online Help URL.
User <username> has changed the Online Help URL to APSolute Vision Server.
User <username> has changed the Online Help URL to Radware.com.
User <username> has changed the Results per Page.
User <username> has changed the Results per Page to <value>.
User <username> has changed the Device Lock Timeout.
User <username> has changed the Device Lock Timeout to <value>.
User <username> User <username> User <username> has changed the Minimal
Log Level.
User <username> has changed the Minimal Log Level to <value>.
User <username> has changed the Max. Number of Configuration Files per
Device.
548

Table 457: Advanced Parameters (cont.)
ID
Type
Message
User <username> has changed the Max. Number of Configuration Files per Device
to <value>.
Alert Browser Settings

The following table lists the messages that are triggered by actions performed on Alert Browser
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 95).
Table 458: Alert Browser Settings
ID
Type
Message
User <username> has changed the Syslog Facility.
User <username> has changed the Syslog Facility to <value>.
User <username> has changed the L4 Destination Port for Syslog Reporting.
User <username> has changed the L4 Destination Port for Syslog Reporting to Port
<value>.
User <username> changed the Syslog server address.
User <username> changed the Syslog server address to <value>.
User <username> has changed the Syslog Reporting report (scope).
User <username> has changed the Syslog Reporting report (scope) to <value>.
User <username> changed the Syslog reporting status.
User <username> changed the Syslog reporting status to <value>.
User <username> changed the Syslog reporting encryption status.
User <username> changed the Syslog reporting encryption status to <value>.
User <username> changed the Syslog reporting encryption certificate.
User <username> changed the Syslog reporting encryption certificate to <value>.
User <username> changed the Syslog reporting authentication status.
User <username> changed the Syslog reporting authentication status to <value>.
User <username> changed the Syslog reporting authentication type.
User <username> changed the Syslog reporting authentication type to <value>.
User <username> changed the Syslog reporting encryption authentication

permitted peer was changed.
User <username> changed the Syslog reporting encryption authentication

permitted peer was changed to <value>.
User <username> changed the Syslog reporting encryption authentication private

key was changed.
User <username> changed the Syslog reporting encryption authentication private

key was changed to <value>.
User <username> changed the Syslog reporting encryption authentication public

key was changed.
549

Table 458: Alert Browser Settings (cont.)
ID
Type
Message
User <username> changed the Syslog reporting encryption authentication public

key was changed to value>.
User <username> changed the detailed APSolute Vision activity auditing alerts
feature to <value>
User <username> changed the detailed APSolute Vision activity auditing alerts
feature.
User <username> changed the detailed Device Configuration auditing alerts

feature.
User <username> changed the detailed Device Configuration auditing alerts

feature to <value>.
Connection Settings
The following table lists the messages that are triggered by actions performed on connection
Table 459: Connection Settings
ID
Type
Message
00986
User <username> has changed the password for authentication with the proxy
server.
00987
User <username> has changed the user name for authentication with the proxy
server.
00999
User <username> has changed the user name for authentication with the proxy
server to proxy-username <value>.
00988
User <username> changed the proxy-server authentication status.
00988
User <username> changed the proxy-server authentication status to <value>.
00989
User <username> has changed the port of the proxy server.
00989
User <username> has changed the port of the proxy server to port <value>.
00990
User <username> has changed the IP address of the proxy server.
00998
User <username> has changed the IP address of the proxy server to IP Address
<value>.
00991
User <username> changed the proxy-server status.
00991
User <username> changed the proxy-server status to <value>.
00992
User <username> has changed the timeout for connecting to a device using
SNMP.
00992
User <username> has changed the timeout for connecting to a device using SNMP
to <value>.
00993
User <username> has changed the number of retries for connecting to a device
using SNMP.
00993
User <username> has changed the number of retries for connecting to a device
using SNMP to <value>.
00994
User <username> has changed the port for accessing a device using SNMP.
550

Table 459: Connection Settings (cont.)
ID
Type
Message
00994
User <username> has changed the port for accessing a device using SNMP to port
<value>.
00995
User <username> has changed the value of the 'Session Inactivity Timeout'
parameter.
00995
User <username> has changed the value of the 'Session Inactivity Timeout'
parameter to <value>.
00996
User <username> has changed the default HTTPS port toward devices.
00996
User <username> has changed the default HTTPS port toward devices to port
<value>.
00997
User <username> has changed the default HTTP port toward devices.
00997
User <username> has changed the default HTTP port toward devices to port
<value>.
Monitoring Settings
The following table lists the messages that are triggered by actions performed on monitoring
Table 460: Monitoring Settings
ID
Type
Message
01000
User <username> has changed the Polling Interval for Reports.
01000
User <username> has changed the Polling Interval for Reports to <value>.
01001
User <username> has changed the Timeout for Device Status Poll.
01001
User <username> has changed the Timeout for Device Status Poll to <value>.
01002
User <username> has changed the polling interval for device status.
01002
User <username> has changed the polling interval for device status to <value>.
01003
User <username> has changed the Polling Interval for System Configuration.
01003
User <username> has changed the Polling Interval for System Configuration to
<value>.
01004
User <username> has changed the Polling Interval for On-line Monitoring.
01004
User <username> has changed the Polling Interval for On-line Monitoring to
<value>.
01005
User <username> changed the status of the MSISDN resolution feature.1
01006
User <username> changed the status of the MSISDN resolution feature to

<value>.
01007
User <username> changed the MSISDN IP address.
01007
User <username> changed the MSISDN IP address to <value>.
01008
User <username> changed the MSISDN Port address.
01008
User <username> changed the MSISDN Port address to <value>.
01009
User <username> changed the MSISDN user name.
551

Table 460: Monitoring Settings (cont.)
ID
Type
Message
01009
User <username> changed the MSISDN user name to <value>.
01010
User <username> changed the MSISDN password.
1 The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and
later.
RADIUS Configuration
The following table lists the messages that are triggered by actions performed on the RADIUS
configuration. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane,
page 95).
Table 461: RADIUS Configuration
ID
Type
Message
User <username> has changed the Timeout for the RADIUS servers.
User <username> has changed the Timeout for the RADIUS servers to <value>.
User <username> has changed the Retries for the RADIUS servers.
User <username> has changed the Retries for the RADIUS servers to <value>.
User <username> has changed the Authentication Type for the RADIUS servers.
User <username> has changed the Authentication Type for the RADIUS servers
to <value>.
User <username> has changed the Attribute ID for the RADIUS servers.
User <username> has changed the Attribute ID for the RADIUS servers to
<value>.
User <username> has changed the Vendor ID for the RADIUS servers.
User <username> has changed the Vendor ID for the RADIUS servers to
<value>.
User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers.
User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers to <value>.
User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers.
User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers to <value>.
User <username> has changed the Shared Secret for the Secondary RADIUS
server.
User <username> has changed the Shared Secret for the Primary RADIUS server.
User <username> has changed the Port for the Secondary RADIUS server.
User <username> has changed the Port for the Secondary RADIUS server to
<value>.
User <username> has changed the Port for the Primary RADIUS server.
552

Table 461: RADIUS Configuration (cont.)
ID
Type
Message
User <username> has changed the Port for the Primary RADIUS server to
<value>.
User <username> has changed the IP Address for the Secondary RADIUS server.
User <username> has changed the IP Address for the Secondary RADIUS server
to <value>.
User <username> has changed the IP Address for the Primary RADIUS server.
User <username> has changed the IP Address for the Primary RADIUS server to
<value>.
Security Alert Settings

The following table lists the messages that are triggered by actions performed on the security alert
settings.
Table 462: Security Alert Settings
ID
Message
01012
Security alert fields were modified: Rule Name was enabled.
01013
Security alert fields were modified: Rule Name was disabled.
01014
Security alert fields were modified: Source IP was enabled.
01015
Security alert fields were modified: Source IP was disabled.
01016
Security alert fields were modified: Destination port was enabled.
01017
Security alert fields were modified: Destination port was disabled.
01018
Security alert fields were modified: Attack Name was enabled.
01019
Security alert fields were modified: Attack Name was disabled.
01020
Security alert fields were modified: Action was enabled.
01021
Security alert fields were modified: Action was disabled.
01022
Security alert fields were modified: Destination IP was enabled.
01023
Security alert fields were modified: Destination IP was disabled.
TACACS+ Configuration Settings

The following table lists the messages that are triggered by actions performed on the TACACS+
configuration settings. The value in the Type column identifies whether the message is regular (R),
or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane,
page 95).
Table 463: TACACS+ Configuration Settings
ID
Type
Message
User <username> changed TACACS+ service name.
User <username> changed TACACS+ service name to <value>.
553

Table 463: TACACS+ Configuration Settings (cont.)
ID
Type
Message
User <username> changed TACACS+ timeout.
User <username> changed TACACS+ timeout to <value>.
User <username> changed TACACS+ retries.
User <username> changed TACACS+ retries to <value>.
User <username> changed TACACS+ minimal required privilege level.
User <username> changed TACACS+ minimal required privilege level to

<value>.
The Authentication Type for the TACACS+ servers was changed.
User <username> changed TACACS+ secondary server shared secret.
User <username> changed TACACS+ primary server shared secret.
User <username> changed TACACS+ secondary server port.
User <username> changed TACACS+ secondary server port to <value>.
User <username> changed TACACS+ primary server port.
User <username> changed TACACS+ primary server port to <value>.
User <username> changed TACACS+ secondary server IP address.
User <username> changed TACACS+ secondary server IP address to <value>.
User <username> changed TACACS+ primary server IP address.
User <username> changed TACACS+ primary server IP address to <value>.
Warning Threshold Settings

The following table lists the messages that are triggered by actions performed on warning threshold
Table 464: Warning Threshold Settings
ID
Type
Message
00980
User <username> has changed the threshold for Warning Falling CPU
Utilization.
00980
User <username> has changed the threshold for Warning Falling CPU
Utilization to <value>.
00982
User <username> has changed the threshold for Error Falling CPU Utilization.
00982
User <username> has changed the threshold for Error Falling CPU Utilization to
<value>.
00983
User <username> has changed the threshold for Error Rising CPU Utilization.
00983
User <username> has changed the threshold for Error Rising CPU Utilization to
<value>.
00981
User <username> has changed the threshold for Warning Rising CPU
Utilization.
00981
User <username> has changed the threshold for Warning Rising CPU Utilization
to <value>.
554

Table 464: Warning Threshold Settings (cont.)
ID
Type
Message
00984
User <username> disabled alarms for server CPU utilization.
00985
User <username> enabled alarms for server CPU utilization.
SharePath Settings
The following table lists the messages that are triggered by actions performed on SharePath
settings.
Table 465: SharePath Settings
ID
Message
00586
A SharePath server instance was removed from the configuration of the APSolute Vision
server.
00585
A SharePath server instance was added to the configuration of the APSolute Vision server.
The management IP of a SharePath server instance was updated.
The data IP of a SharePath server instance was updated.
The backup server IP of a SharePath server instance was updated.
The Performance Limit of a SharePath server instance was updated.
APSolute Vision License Settings

The following table lists the messages that are triggered by actions performed APSolute Vision
license settings.
Table 466: Upload Logo Settings
ID
Message
A license of type <feature Name> was deleted from APSolute Vision.
00852
A new license of type <license type> was provided for APSolute Vision.
Upload Logo Settings

The following table lists the message that is triggered by actions performed on APSolute Vision
Reporter logo settings.
Table 467: Upload Logo Settings
ID
Message
A new logo for Vision Reporter uploaded, filename: <file name>.
555

Security Group Settings

The following table lists the messages that are triggered by actions performed on Security Group
settings.
Table 468: Security Group Settings
ID
Message
A DefensePro Security Group's senders list was updated.
A DefensePro Security Group's receivers list was updated.
Blocking Rule parameters of a DefensePro Security Group were updated.
Security modules of a DefensePro Security Group were updated.
A DefensePro Security Group was disabled.
A DefensePro Security Group was enabled.
A DefensePro Security Group's blocking period was updated.
A new DefensePro Security Group was created.
Device Operation Alerts

The following table lists the messages that are device operation alerts.
Table 469: Device Operation Alerts
ID
Message
00915
User <username> uploaded a configuration file to device <Device Name> - <Device IP>
successfully.
00920
User <username> upgraded the software for device <Device Name> - <Device IP>
successfully.
00961
User <username> failed upgrading software for device <Device Name> - <Device IP>.
00933
User <username> rebooted device <Device Name> - <Device IP>.
00934
User <username> shutdown device <Device Name> - <Device IP>.
00948
User <username> downloaded a certificate file from device <Device Name> <Device IP> successfully.
00949
User <username> failed downloading a certificate file from device <Device Name> <Device IP>.
00951
User <username> uploaded a certificate file to device <Device Name> - <Device IP>
successfully.
00950
User <username> failed uploading a certificate file to device <Device Name> - <Device
IP>.
00955
User <username> uploaded a file to device <Device Name> - <Device IP> successfully.
00954
User <username> failed uploading a file to device <Device Name> - <Device IP>.
00956
User <username> downloaded a file from device <Device Name> - <Device IP>
successfully.
00957
User <username> failed downloading a file from device <Device Name> - <Device IP>.
00910,
00952
User <username> failed uploading a quarantine file to device <Device Name> - <Device
IP>.
556

Table 469: Device Operation Alerts (cont.)
ID
Message
00912
User <username> failed downloading a quarantine file from device <Device Name> <Device IP>.
00958
User <username> uploaded a certificate revocation list file to device <Device Name> <Device IP> successfully.
00959
User <username> failed uploading a certificate revocation list file to device <Device
Name> - <Device IP>.
01049
User <username> downloaded <file type> file from device <Device Name> <Device IP> successfully.
00947
Failed to retrieve the <file type> file <file name> from device <Device Name> <Device IP>.
01050
Failed to retrieve the <file type> file from device <Device Name> - <Device IP>. Check
your HTTP/HTTPS configuration and try again.
01051,
00940
User <username> failed downloading file <file name> from device <Device Name> <Device IP>.
01048,
01105
User <username> failed uploading file <file name> to device <Device Name> <Device IP>.
01106
Failed <file type> file verification on device <Device Name> - <Device IP>.
00916,
00945
User <username> failed uploading a configuration file to device <Device Name> <Device IP>.
00915,
00944
User <username> uploaded a configuration file to device <Device Name> - <Device IP>
successfully.
00942,
01047
User <username> uploaded file <file name> to device <Device Name> - <Device IP>
successfully.
User <username> backed up a configuration file for device <Device Name> <Device IP>.
User <username> restored a configuration file to device <Device Name> - <Device IP>.
User <username> uploaded an attack signatures file to device <Device Name> - <Device
IP>.
User <username> updated the attack signatures file to device <Device Name>.
01107
An operation was performed using a proxy server.
00921
The signature file is up-to-date. No download is required.
User <username> failed uploading the attack signatures file to device <Device Name>.
00926
<Device Name>, <Device IP> unlocked due to inactivity.
00935
<Device Name>, <Device IP> locked by user <username>.
00936
<Device Name>, <Device IP> is already locked.
<Device Name>, <Device IP> is locked by other user.
01110
User <username> failed to lock <Device Name>, <Device IP>.
User <username> failed to unlock <Device Name>, <Device IP>.
<Device Name>, <Device IP> cannot be unlocked by user <username> because it

already locked by user <username>
00937
<Device Name>, <Device IP> forcibly locked by user <username>.
557

Table 469: Device Operation Alerts (cont.)
ID
Message
00927,
00938,
01098
<Device Name>, <Device IP> unlocked by user <username>.
00939
<Device Name>, <Device IP> is already unlocked.
00941
User <username> failed to update Anti-Fraud signatures for device <Device Name>.
<Operation Name> action finished successfully for device <Device name>. <Operation
Output>
00908
<Operation Name> action failed for device <Device name>. <Operation Output>
<Operation Name> action failed for device <Device Name> due to: <reason>
01052
Restore Device Driver for device <Device Name> succeeded.
01053
Restore Device Driver failed for device <Device Name>.
Send Signature File From Website To Device
Send File To Device
Send Attack Signatures File To Device
01099
A newer device driver is available for {0} {1}: {2}. You can manage device drivers in the
Settings view.
01102
The software version from the device driver metadata ({0}) does not match the software
version from the driver name ({1}).
00723
Failed to retrieve the Device Driver from <Device Name>. Please enable HTTPS or HTTP
communication on the device.
01100
Failed to retrieve the Device Driver from <Device Name>. Please check status of HTTPS
or HTTP communication on the device and specified credentials.
For more information, see the Messages tab.
00699,
00971
Devices <device name> and <device name> have identical SNMP engine IDs. To prevent
connection problems, change the engine ID on one of the devices.
00967
Device <Device Name>, <Device IP> deleted successfully.
00968
Device <Device Name>, <Device IP> deletion failed.
01103
The driver file for device {0} is invalid.
00964,
00965
Wrong parameters are passed from client.
The device type or version is not compatible with DefensePro Configuration Template
feature.
Audit Message Type Enum

The following table lists the enum audit messages.
Table 470: Audit Message Type Enum
ID
Message
Added user <username>.
00855
Changed password expiration date for user <username>.
558

Table 470: Audit Message Type Enum (cont.)
ID
Message
User <username> changed password.
Deleted user <username>.
Enabled user <username>.
Disabled user <username>.
User <username> was locked.
User <username> was unlocked.
User <username> successfully logged in.
User <username> failed to log in.
Password for user <username> was reset.
00866
Changed name for user <username> to <username>.
Changed properties for user <username>.
User <username> logged out.
00873
User <username> has credentials error.
00874
The configuration template <template> was added to the APSolute Vision server.
00875
The configuration template <template> was updated to the APSolute Vision server.
00876
The configuration template <template> was deleted to sic the APSolute Vision server.
00877
Propagated Configuration template <template>.
00878
Failed to propagate Configuration template <template>.
Updating Configuration template <template> failed because <reason>.
Updated role-scope pair for user <username>.
Removed role-scope pair for user <username>.
User <username> changed the scheduled task name.
HTTPS Communication Check

The following table lists the messages that are triggered by actions performed on HTTPS
communication.
Table 471: HTTPS Communication Check
ID
Message
00180
Secure-Web-server operation on the device is disabled.
The specified HTTPS user <User Name> does not exist on the device.
00182
The specified HTTPS password is incorrect, or you have exceeded the maximum allowed
login attempts.
00184
APSolute Vision has encountered an error communicating with the device over HTTPS.
559

RSA Update on the Device

The following table lists the messages that are triggered by RSA update actions.
Table 472: RSA Update
ID
Message
00071
Anti-Fraud signature update failed for some of devices.
00075
RSA update failed due to no valid subscription for RSA signatures update for following
devices: <Device List>.
00070
RSA update failed: unable to retrieve RSA signatures.
00093
RSA update failed: unable to process RSA signatures.
00072
The RSA Anti-Fraud update task is not applicable to device <Device Name>.
00076
The Update RSA Security Signature task failed. No device configured for the task has
Fraud Protection enabled.
00482
Not authorized operation launched by the user: <Name> on screen <screen Id>
00815
Scheduled Task <Task Name> executed successfully
00062
Task <Task Name> failed.
Synchronize Device Configuration (for Cluster)
Synchronization Task (<Task Name>) failed: Skipping unmatching device: <Name>

(Version: <Version>, Redundancy Status: <Status>, Parent: <Name>.
Synchronization Task (<Task Name>) failed: Skipping device: <Name> (backup device
was not found).
Operation Constant
The following table lists the messages that are triggered by operation constants.
Table 473: Operation Constant
ID
Message
01042
Updating the Attack Description file from Radware site failed.
01041
Updating the Attack Description file from Radware site succeeded.
01044
Update the Attack Description file from Remote Server failed.
01043
Updating the Attack Description file from Remote Server succeeded.
01046
Updating the Attack Description file from client failed.
01045
Updating the Attack Description file from client succeeded.
00918
Backup Vision DB succeeded.
00917
Backup Vision DB failed.
RSA Security Signature Update from Radware Site failed.
RSA Security Signature Update from Radware Site succeeded.
RSA Security Signature Update was downloaded from Radware Site
RSA Security Signature Update is not required.
560

Audit Messages
The following table lists the audit messages.
Table 474: Audit Messages
ID
Message
User <username> added account <account> ,with Scope <scope>, Role <role> and
Network Policy <policy>
User <username> changed password expiration Date for user <user name>, to
expiration Date <date>
00857
User <username> changed his own password
00858
User <username> deleted account <account>
00859
User <username> enabled account <account>
00860
User <username> disabled the account <account>
00861
Account <account> was locked
00862
User <username> has unlocked account <account>
00863
Account <account> successfully logged in
00864
Account <account> failed to log in
00865
User <username> reset password for account <account>
00866
User <username> changed name for user <name>, to <name>
00868
User <username> update the Full Name of account <account>, to Full Name: <value>
00870
User <username> update the Contact Information of account <account>, to Contact

Information: <value>.
00872
Account <account> logged out.
00874
The configuration template <template> was added to the APSolute Vision server
00875
The configuration template <template> was updated to the APSolute Vision server
00876
The configuration template <template> was deleted to the APSolute Vision server
00877
Propagated Configuration template <template>
00878
Failed to propagate Configuration template <value>
Updating Configuration template <value> failed because <reason>
00880
User <username> added or modified the Role-scope pair for account <account> , to
Role-scope pair <pair>
00882
User <username> removed the Role-scope pair <pair> of account <account>
00883
User <username> changed his own password in Vision Server machine
00884
User <username> deleted device backup file <file name>
561

Alert Mail Notifier

The following table lists the messages that are triggered by actions performed on alert mail settings.
Table 475: Alert Mail Notifier
ID
Type
Message
01026
Email reporting settings were changed.
01028
User <username> has changed the Email Sending Interval.
01028
User <username> has changed the Email Sending Interval to <value>.
01029
User <user name> has changed the From Header in the Email Reporting
Configuration.
01029
User <user name> has changed the From Header in the Email Reporting
Configuration to <value>.
01030
User <username> has changed the Number of Alerts per Email.
01030
User <username> has changed the Number of Alerts per Email to <value>.
01031
User <username> has changed the Recipient Email Address.
01024
User <username> has changed the Recipient Email Address to email-address

<value>.
01032
User <username> has changed the SMTP Server Address.
01032
User <username> has changed the SMTP Server Address to IP Address

<value>.
01033
User <username> has changed the SMTP User Name.
01025
User <username> has changed the SMTP User Name to smtp-username

<value>.
01034
User <username> has changed the Subject Header in the Email Reporting
Configuration.
User <username> has changed the Subject Header in the Email Reporting
Configuration to <value>.
Scheduled Task Alerts

The following table lists the messages that are triggered by actions performed on scheduled tasks.
Table 476: Scheduled Task Alerts
ID
Type
Message
User <username> changed the scheduled task backup file name.
User <username> changed the scheduled task backup file name to <value>.
User <username> changed the scheduled task destination IP address.
User <username> changed the scheduled task destination IP address to <value>.
User <username> has changed the password for authentication with the backup
device during a scheduled task.
562

Table 476: Scheduled Task Alerts (cont.)
ID
Type
Message
User <username> has changed the password for authentication with the backup
User <username> changed the scheduled task backup directory.
User <username> changed the scheduled task backup directory to <value>.
User <username> changed the protocol to communicate with the backup device
during a scheduled task.
User <username> changed the protocol to communicate with the backup device
during a scheduled task to protocol <value>.
User <username> has changed the user name for authentication with the backup
User <username> has changed the user name for authentication with the backup
device during a scheduled task to username <value>.
00978
User <username> removed a scheduled task.
00977
User <username> created a scheduled task.
00972
User <username> changed scheduled task to enabled.
00973
User <username> changed scheduled task to disabled.
User <username> added Devices to a scheduled task's list of devices.
User <username> removed Devices from a scheduled task's list of devices.
User <username> changed scheduled task name.
User <username> changed scheduled task name to <value>.
00976
User <username> changed scheduled task file type.
00976
User <username> changed scheduled task file type to <value>.
User <username> updated the date (day) of a scheduled task.
User <username> updated the date (day) of a scheduled task to <value>.
User <username> updated the date (month) of a scheduled task.
User <username> updated the date (month) of a scheduled task to <value>.
User <username> updated the date (year) of a scheduled task.
User <username> updated the date (year) of a scheduled task to <value>.
User <username> updated the time (hour) of a scheduled task.
User <username> updated the time (hour) of a scheduled task to <value>.
User <username> updated the time (minutes) of a scheduled task.
User <username> updated the time (minutes) of a scheduled task to <value>.
User <username> updated the time (seconds) of a scheduled task.
User <username> updated the time (seconds) of a scheduled task to <value>.
User <username> updated the frequency of a scheduled task.
User <username> updated the frequency of a scheduled task to <value>.
User <username> updated the quantity of minutes between two executions of a

scheduled task.
User <username> updated the quantity of minutes between two executions of a

scheduled task to <value>.
User <username> set run always to a scheduled task.
563

Table 476: Scheduled Task Alerts (cont.)
ID
Type
Message
User <username> updated the start date of the scheduled period of a scheduled
task.
User <username> updated the start date of the scheduled period of a scheduled
task to <value>.
User <username> updated the end date of the scheduled period of a scheduled
task.
User <username> updated the end date of the scheduled period of a scheduled
task to <value>.
General
The following table lists the message that is triggered when the APSolute Vision server is up.
Table 477: General
ID
Message
00810
The APSolute Vision server is now up.
Alerts from CLI

The following table lists the messages that are triggered by actions performed in the APSolute Vision
CLI.
Table 478: Alerts from CLI
ID
Message
60000
User <username> has created a system backup.
60001
User <username> has failed to create a system backup with error message: <error
message>.
60004
User <username> has restored a system backup.
60005
User <username> has failed to restore a system backup with error message: <error
message>.
60006
User <username> exported a system backup successfully.
60007
User <username> failed to export a system backup with error message: <error
message>.
60008
User <username> has created a new system configuration backup.
60009
User <username> failed to create a new system configuration backup with error
message: <error message>.
60012
User <username> successfully restored a system configuration Backup.
60013
User <username> failed to restore a system configuration backup with error message:
<error message>.
60014
User <username> successfully exported a system configuration backup.
564

Table 478: Alerts from CLI (cont.)
ID
Message
60015
User <username> failed to export a system configuration backup with error message:
<error message>.
60016
User <username> has created a new Vision Reporter backup.
60017
User <username> failed to create a new Vision Reporter backup with error message:
<error message>.
60020
User <username> successfully restore a Vision Reporter Backup.
60021
User <username> failed to restore a Vision Reporter backup with error message: <error
message>.
60022
User <username> successfully exported a Vision Reporter Backup.
60023
User <username> failed to export a Vision Reporter backup with error message: <error
message>.
60024
User <username> created a tech-support file.
60025
User <username> failed to create a tech-support file with error message: <error
message>.
60028
User <username> successfully restore a tech-support file.
60029
User <username> failed to restore a tech-support file with error message: <error
message>.
60030
User <username> successfully exported a tech-support file.
60031
User <username> failed to export a tech-support file with error message: <error
message>.
60032
User <username> changed the date and time on the APSolute Vision server to Date and
Time <value>.
60033
User <username> changed the timezone of the APSolute Vision server to Timezone
<value>.
60034
User <username> started the Vision server.
60035
User <username> failed to started the Vision server.
60036
User <username> stopped the Vision server.
60037
User <username> failed to stop the Vision server.
60038
User <username> changed the IP address for the <value> port of the APSolute Vision
server to IP Address <value>.
60039
User <username> changed the tech-support password of the APSolute Vision server.
60040
User <username> changed the web-access password of the APSolute Vision server.
60041
The <username> user password of the APSolute Vision system was changed.
60042
User <username> changed the root user password of the APSolute Vision system.
60043
User <username> changed the vision-files user password of the APSolute Vision
system.
60044
User <username> started the database server.
60045
User <username> stopped the database server.
60046
User <username> failed to stop the database server.
60047
User <username> added CLI-Access for external user: <name>.
60048
User <username> deleted CLI-Access for external user: <name>.
565

Device Configuration Audit Messages

The following table lists the messages that are triggered by actions performed on device
configurations. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane,
page 95).
Table 479: Device Configuration Audit Messages
ID
Type
Message
User <username> set value to scalar '<Name>'
User <username> set value to scalar '<Name>': <value>.
User <username> added a row to table '<Name>':
User <username> added a row to table '<Name>', indexes:
User <username> deleted row from table '<Name>':
User <username> deleted row from table '<Name>', indexes:
User <username> edited a row of table '<Name>':
User <username> edited a row of table '<Name>', indexes:
User <username> Propagated template '<template>' in table '<Name>':
User <username> Propagated template '<template>' in table '<Name>',
Hardware Alerts
The following table lists the messages that APSolute Vision issues the following alerts related to
hardware issues.
Table 480:
ID
Message
00889
Fan number <number> is not working.
00890
Temperature above critical threshold: temperature sensor number <number> is

reporting <temperature C>C / <temperature F>F.
00892
Rising: CPU utilization is high for core <<number>>
APM server disk space and usage exceeding the <number> percent threshold - usage is
<number> percent
566
Appendix D MIBs for Monitoring APSolute

Vision
The tables in this appendix describe the MIBs that APSolute Vision exposes for monitoring APSolute
Vision.
Note: For information on managing the settings of the SNMP interface, see System SNMP
Commands, page 481.
567

MIBs for Monitoring APSolute Vision
RFC1213 MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the RFC1213 MIB for monitoring APSolute Vision.
Table 481: RFC1213 MIB Objects for Monitoring APSolute Vision
Object
OID
Data Type
Description
sysDescr
1.3.6.1.2.1.1.1
DisplayString
(SIZE (0..255))
A textual description of the entity. This value should include the full name
and version identification of the systems hardware type, software
operating-system, and networking software. It is mandatory that this only
contain printable ASCII characters.
sysUptime
1.3.6.1.2.1.1.3
TimeTicks
The time (in hundredths of a second) since the network management

portion of the system was last re-initialized.
sysContact
1.3.6.1.2.1.1.4
DisplayString
(SIZE (0..255))
The textual identification of the contact person for this managed node,
together with information on how to contact this person.
sysName
1.3.6.1.2.1.1.5
DisplayString
(SIZE (0..255))
An administratively assigned name for this managed node. By convention,

this is the node's fully-qualified domain name.
system
Interface
ifTable
1.3.6.1.2.1.2.2
A list of interface entries. The number of entries is given by the value of

ifNumber.
ifIndex
1.3.6.1.2.1.2.2.1.1
INTEGER32
A unique value, greater than zero, for each interface.
ifDescr
1.3.6.1.2.1.2.2.1.2
DisplayString
(SIZE (0..255))
A textual string containing information about the interface.
ifPhysAddress
1.3.6.1.2.1.2.2.1.6
OCTETSTR
The interface's address at its protocol sub-layer. For example, for an 802.x
interface, this object normally contains a MAC address.
568

Table 481: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Object
ifOperStatus
OID
Data Type
Description
1.3.6.1.2.1.2.2.1.8
INTEGER
The current operational state of the interface.

Values:
1Up
2Down
3Testing
4Unknown
5Dormant
6Not present
7Lower layer down
Ip
ipAddrTable
1.3.6.1.2.1.4.20
The table of addressing information relevant to this entitys IP addresses.
ipAdEntAddr
1.3.6.1.2.1.4.20.1.1
IpAddress
The IP address to which this entrys addressing information pertains.
ipAdEntIfIndex
1.3.6.1.2.1.4.20.1.2
INTEGER
The index value which uniquely identifies the interface to which this entry
is applicable. The interface identified by a particular value of this index is
the same interface as identified by the same value of ifIndex.
ipAdEntNetMask
1.3.6.1.2.1.4.20.1.3
IpAddress
The subnet mask associated with the IPv4 address of this entry. The value
of the mask is an IPv4 address with all the network bits set to 1 and all the
hosts bits set to 0.
ipRouteTable
1.3.6.1.2.1.4.21
This entitys IP Routing table.
ipRouteDest
1.3.6.1.2.1.4.21.1.1
IpAddress
The destination IP address of this route. An entry with a value of 0.0.0.0 is

considered a default route. Multiple routes to a single destination can
appear in the table, but access to such multiple entries is dependent on the
table-access mechanisms defined by the network management protocol in
use.
ipRouteIfIndex
1.3.6.1.2.1.4.21.1.2
INTEGER
The index value which uniquely identifies the local interface through which
the next hop of this route should be reached. The interface identified by a
particular value of this index is the same interface as identified by the same
value of ifIndex.
569

Table 481: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Object
OID
Data Type
Description
ipRouteNextHop
1.3.6.1.2.1.4.21.1.7
IpAddress
The IP address of the next hop of this route. (In the case of a route bound
to an interface which is realized via a broadcast media, the value of this
field is the agents IP address on that interface.)
ipRouteMask
1.3.6.1.2.1.4.21.1.11
IpAddress
Indicate the mask to be logical-ANDed with the destination address before

being compared to the value in the ipRouteDest field.
Host Resources MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the Host Resources MIB for monitoring APSolute Vision.
Table 482: Host Resources MIB Objects for Monitoring APSolute Vision
Object
OID
Data Type
Description
hrSystemData
1.3.6.1.2.1.25.1.2
DateAndTime
The hosts notion of the local date and time of day.
hrSystemUptime
1.3.6.1.2.1.25.1.1
TimeTicks
The amount of time since this host was last initialized. Note that this is
different from sysUpTime in the SNMPv2-MIB [RFC1907] because
sysUpTime is the uptime of the network management portion of the
system.
hrSystem
UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the UCD-SNMP-MIB MIB for monitoring APSolute Vision.
Table 483: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision
Object
OID
Data Type
Description
1.3.6.1.4.1.2021.4.3
INTEGER32
The total amount of swap space configured for this host.
Memory
memTotalSwap
570

Table 483: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision (cont.)
Object
OID
Data Type
Description
memAvailSwap
1.3.6.1.4.1.2021.4.4
INTEGER32
The amount of swap space currently unused or available.
memTotalReal
1.3.6.1.4.1.2021.4.5
INTEGER32
The total amount of real/physical memory installed on this host.
memAvailReal
1.3.6.1.4.1.2021.4.6
INTEGER32
The amount of real/physical memory currently unused or available.
memTotalFree
1.3.6.1.4.1.2021.4.11
INTEGER32
The total amount of memory free or available for use on this host. This
value typically covers both real memory and swap space or virtual
memory.
Trap Objects for Monitoring APSolute Vision

The following table describes the supported trap objects for monitoring APSolute Vision.
Table 484: Trap Objects for Monitoring APSolute Vision
Object
OID
Type
Description
coldStart
1.3.6.1.6.3.1.1.5.1
Trap
A coldStart trap signifies that the SNMP entity, supporting a notification

originator application, is reinitializing itself and that its configuration may
have been altered.
This trap, in SNMPv2-MIB, is generated at the following times:
nsNotifyShutdown
1.3.6.1.4.1.8072.4.0.2
Trap
At APSolute Vision machine startup (which starts the SNMP service).
At APSolute Vision application startup (for example, after running the CLI
command system vision-server start). This occurs after the
shutdown trap.
An indication that the agent is in the process of being shut down.

This trap, in NET-SNMP-AGENT-MIB, is generated at the following times:
At APSolute Vision machine shutdown (which stops the SNMP service).
At APSolute Vision startup (for example, after running the CLI command
system vision-server start). This occurs before the startup trap.
571

572
Appendix E AppShape-Generated
Configurations
This appendix contains the configurations that the various AppShape templates generate. The
sections include values that the templates explicitly configureas the result of the hard-coded
AppShape pattern or as the result of a value that you specify in the AppShape Instance tab.
This appendix contains the following sections:
Common Web ApplicationAppShape-generated Configuration, page 573
DefenseSSLAppShape-generated Configuration, page 575
Microsoft Exchange 2010AppShape-generated Configuration, page 576
Microsoft Exchange 2013AppShape-generated Configuration, page 579
Microsoft Link ExternalAppShape-generated Configuration, page 582
Oracle E-BusinessAppShape-generated Configuration, page 593
Oracle SOA Suite 11gAppShape-generated Configuration, page 594
Oracle WebLogic 12cAppShape-generated Configuration, page 596
Microsoft Link InternalAppShape-generated Configuration, page 584
SharePoint 2010AppShape-generated Configuration, page 598
SharePoint 2013AppShape-generated Configuration, page 600
VMware View 5.1AppShape-generated Configuration, page 601
ZimbraAppShape-generated Configuration, page 602
Common Web ApplicationAppShape-generated

Configuration
The following is the Alteon CLI configuration that the Common Web Application AppShape
generates.
Note: For more information on the Common Web Application AppShape type, see Configuring a
Common Web Application AppShape Instance, page 180.
/c/slb/accel/compress/comppol <generated index number>

name "WebApplication.<generated index number>"
minsize 1024
ena
/c/slb/ssl/sslpol <generated index number>
ena
/c/slb/accel/caching/cachepol <generated index number>
ena
573

AppShape-Generated Configurations
/c/slb/real <user-specified virtual-server name>_<generated suffix>

ena
ipver v4
rip <user-specified IP address>
name "CommonWebApp.<user-specified IP address>"
ena
ipver v4
name "CommonWebApp.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix>
add <user-specified virtual-server name>_<generated suffix>
name "WebApplication.servers"
/c/slb/virt <user-specified virtual-server name>
ena
ipver v4
vip <user-specified IP address>
vname "WebApp.<user-specified virtual-server name>"
/c/slb/virt <user-specified virtual-server name>/service 80 http
group <user-specified virtual-server name>_grp
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 80 http/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 10
/c/slb/virt <user-specified virtual-server name>/service 443 https
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 443 https/http
574

connmgt ena 10 [disabled by default]

/c/slb/virt <user-specified virtual-server name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol <generated index number>
DefenseSSLAppShape-generated Configuration
The following is the Alteon CLI configuration that the DefenseSSL AppShape generates.
Note: For more information on the DefenseSSL AppShape type, see Configuring a DefenseSSL
AppShape Instance, page 182.
c/slb/ssl/certs/key <user-specified certificate>

/c/slb/ssl/certs/request <user-specified certificate>
/c/slb/ssl/certs/srvrcert <user-specified certificate>
name "DefSSL. <generated index number>"
ena
/c/slb/real <user-specified instance name>_<generated index number>
ena
ipver v4
maxcon 0 physical
name "defenseSsl. <user-specified IP address>"
addport <user-specified port>
ena
ipver v4
maxcon 0 physical
name "defenseSsl. <user-specified IP address>"
/c/slb/group <user-specified instance name>_grp
ipver v4
health link
add <user-specified instance name>_<generated index number>
name "DefenseSSL.srv"
/c/slb/virt <user-specified instance name>
575

ena
ipver v4
vname "secureservice.<user-specified instance name>"
/c/slb/virt <user-specified instance name>/service 80 http
group <user-specified instance name>_grp
rport <user-specified port>
/c/slb/virt <user-specified instance name>/service 443 https
dbind ena
/c/slb/virt <user-specified instance name>/service 443 https/ssl
sslpol 1
/c/l3/arp/static
add <user-specified IP address> <user-specified MAC address> <userspecified VLAN> <user-specified port>
Microsoft Exchange 2010AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Exchange 2010 AppShape generates.
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2010 AppShape Instance, page 184.

name "MicrosoftExchange.<generated index number>"
ena
name "SSL.Exchange.2010"
ena
name "Exchange.<generated index number>"
ena
/c/slb/real <user-specified virtual-server name>_<generated index number>
ena
ipver v4
576

name "Exchange. <user-specified IP address>"

ena
ipver v4
ena
ipver v4
ena
ipver v4
/c/slb/group <user-specified virtual-server name>_grpCAS
ipver v4
health http
add <user-specified virtual-server name>_<generated index number>
name "Exchange_CAS.group"
/c/slb/group <user-specified virtual-server name>_grpSMTP
ipver v4
health smtp
name "Exchange_SMTP.group"
/c/slb/pip/type vlan [Specified by user because connection management was
enabled]
/c/slb/pip/type port [Specified by user because connection management was
enabled]
/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by
user because connection management was enabled]
ena
ipver v4
group <user-specified virtual-server name>_grpCAS
577

rport 80
pbind clientip norport
dbind ena
tmout 60
connmgt ena 20
/c/slb/virt <user-specified virtual-server name>/service 25 smtp
group <user-specified virtual-server name>_grpSMTP
rport 25
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 135 basic-slb
rport 135
tmout 60
rport 59532
rport 59531
rport 80
dbind ena
tmout 60
srvrcert <user-specified certificate>
578

rport 143
dbind ena
tmout 60
rport 110
dbind ena
tmout 60
Microsoft Exchange 2013AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Exchange 2013 AppShape generates.
Exchange 2013 AppShape Instance, page 188.

name "WebApplication. <generated index number>"
minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate>
/c/slb/ssl/certs/cert <user-specified certificate>
name "Exchange_2013. <generated index number>"
cipher "all"
convert disabled
ena
/c/slb/ssl/sslpol <generated index number>/backend
ssl enabled
579


ena
ipver v4
name "Exchange2013.<user-specified IP address>"
ena
ipver v4
name "Exchange2013.<user-specified IP address>"
ena
ipver v4
name "Exchange2013. <user-specified IP address>"
/c/slb/group <user-specified instance name>_grpCAS
ipver v4
metric roundrobin
health https
name "CAS.443.Group"
/c/slb/group <user-specified instance name>_grpIMAP
ipver v4
metric roundrobin
health imap
name "IMAP"
/c/slb/group <user-specified instance name>_grpPOP3
ipver v4
metric roundrobin
health pop3
name "POP3"
ena
ipver v4
580


vname "CAS.HTTPS"
group <user-specified instance name>_grpCAS
rport 443
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol 1
sslpol 1
/c/slb/virt <user-specified instance name>/service 110 pop3
group <user-specified instance name>_grpPOP3
rport 110
/c/slb/virt <user-specified instance name>/service 143 imap
group <user-specified instance name>_grpIMAP
rport 143
/c/slb/virt <user-specified instance name>/service 993 basic-slb
group <user-specified instance name>_grpIMAP
rport 993
/c/slb/virt <user-specified instance name>/service 995 basic-slb
group <user-specified instance name>_grpPOP3
rport 995
/c/slb/virt <user-specified instance name>/service 25 smtp
group <user-specified instance name>_grpCAS
rport 25
581

Microsoft Link ExternalAppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Link External AppShape generates.
Lync External AppShape Instance, page 192.
/c/slb/real <user-specified instance name>_AV_<generated index number>

ena
ipver v4
/c/slb/real <user-specified instance name>_CWA_<generated index number>
ena
ipver v4
/c/slb/real <user-specified instance name>_SIP_<generated index number>
ena
ipver v4
/c/slb/group <user-specified instance name>_AV
ipver v4
add <user-specified instance name>_AV_<generated index number>
name "Lync.edge.av.443"
/c/slb/group <user-specified instance name>_CWA
ipver v4
add <user-specified instance name>_CWA_<generated index number>
name "CWA.Service.group"
/c/slb/group <user-specified instance name>_IM
ipver v4
name "Lync.edge.im.443"
/c/slb/group <user-specified instance name>_MEETING
ipver v4
name "Lync.edge.meeting.HTTPS.443"
/c/slb/group <user-specified instance name>_SIP
ipver v4
582

add <user-specified instance name>_SIP_<generated index number>

name "Lync.edge.HTTPS.SIP.443"
/c/slb/virt <user-specified instance name>_AV
ena
ipver v4
/c/slb/virt <user-specified instance name>_AV/service 443 https
group <user-specified instance name>_AV
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_CWA
ena
ipver v4
/c/slb/virt <user-specified instance name>_CWA/service 443 https
group <user-specified instance name>_CWA
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_MEETING
ena
ipver v4
/c/slb/virt <user-specified instance name>_MEETING/service 443 https
group <user-specified instance name>_MEETING
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_PROXY
ena
ipver v4
vname "lm.Proxy_<user-specified instance name>_PROXY"
/c/slb/virt <user-specified instance name>_PROXY/service 443 https
group <user-specified instance name>_IM
rport 4443
tmout 30
583

/c/slb/virt <user-specified instance name>_SIP

ena
ipver v4
/c/slb/virt <user-specified instance name>_SIP/service 443 https
group <user-specified instance name>_SIP
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_STUN
ena
ipver v4
/c/slb/virt <user-specified instance name>_STUN/service 3478 basic-slb
group <user-specified instance name>_AV
rport 3478
protocol udp
tmout 30
Microsoft Link InternalAppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Link Internal AppShape generates.
Lync Internal AppShape Instance, page 196.
/c/slb/accel/compress/comppol 1
name "cwa"
minsize 1
ena
name "Lync.SSL.policy"
ena
/c/slb/real <user-specified instance name>_CWA_<generated index number>
584

ena
ipver v4
/c/slb/group <user-specified instance name>_CWA
ipver v4
content "<user-specified port>"
add <user-specified instance name>_CWA_<generated index number>
name "Lync.CWA.Group"
/c/slb/group <user-specified instance name>_Directors_1
ipver v4
content "5061"
name "Lync.Directors"
/c/slb/group <user-specified instance name>_Directors_2
ipver v4
name "Lync.Director.5060"
/c/slb/group <user-specified instance name>_EDGE_1
ipver v4
name "EDGE.Replication.4443"
ipver v4
name "EDGE.INT.443"
ipver v4
name "EDGE.INT.5061"
ipver v4
ipver v4
name "GE.INT.UDP.STUN.3478"
ipver v4
/c/slb/group <user-specified instance name>_Fronted_1
ipver v4
content "5060"
name "Lync.frontend.SIP.5060"
585

ipver v4
content "444"
name "Lync.frontend.HTTPS.conf.444"
ipver v4
content "443"
name "Lync.frontend.HTTPS.443"
ipver v4
content "5061"
name "Lync.frontend.MTLS.5061"
ipver v4
content "135"
name "Lync.frontend.DCOM.135"
ipver v4
name "Proxy.to.FE.4443"
ipver v4
name "FE.IM.REQ.8057"
ipver v4
name "fe.web.service.8080"
ipver v4
name "FE.CALL.ADM.448"
ipver v4
name "FE.App.Share.5065"
ipver v4
name "FE.monitoring.5069"
ipver v4
name "FE.RES.GROUP.5071"
ipver v4
name "FE.SIP.REQ.5072"
586


ipver v4
name "FE.CONF.ANOUN.5073"
ipver v4
name "FE.SIP.REQ.CALL.PRK.5075"
ipver v4
name "FE.AUDIO.TEST.5076"
ipver v4
name "FE.AV.AGE.TURN.TRAFF.5080"
/c/slb/virt <user-specified instance name>_CWA
ena
ipver v4
/c/slb/virt <user-specified instance name>_CWA/service 443 https
group <user-specified instance name>_CWA
dbind ena
/c/slb/virt <user-specified instance name>_CWA/service 443 https/http
comppol 1
httpmod 1
/c/slb/virt <user-specified instance name>_CWA/service 443 https/ssl
srvrcert cert cer
sslpol 1
/c/slb/virt <user-specified instance name>_Directors
ena
ipver v4
/c/slb/virt <user-specified instance name>_Directors/service 5061 basic-slb
group <user-specified instance name>_Directors_1
rport 5061
tmout 20
/c/slb/virt <user-specified instance name>_Directors/service 5060 sip
group <user-specified instance name>_Directors_2
rport 5060
587

tmout 20
/c/slb/virt <user-specified instance name>_EDGE_1
ena
ipver v4
/c/slb/virt <user-specified instance name>_EDGE_1/service 3478 basic-slb
group <user-specified instance name>_EDGE_5
rport 3478
protocol udp
tmout 30
ena
ipver v4
/c/slb/virt <user-specified instance name>_EDGE_2/service 443 https
rport 443
tmout 30
ena
ipver v4
rport 5062
tmout 30
ena
ipver v4
rport 8057
tmout 30
588

ena
ipver v4
rport 5061
tmout 30
ena
ipver v4
rport 4443
/c/slb/virt <user-specified instance name>_Fronted_1
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_1/service 135 basic-slb
group <user-specified instance name>_Fronted_5
rport 135
tmout 30
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_2/service 443 https
rport 443
tmout 30
direct dis
ena
ipver v4
589


rport 444
tmout 30
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_4/service 5060 sip
rport 5060
tmout 30
ena
ipver v4
rport 5061
tmout 30
ena
ipver v4
rport 5065
tmout 30
ena
ipver v4
rport 4443
590


ena
ipver v4
rport 5069
ena
ipver v4
rport 8057
tmout 30
ena
ipver v4
rport 448
tmout 30
ena
ipver v4
rport 5071
ena
ipver v4
591


rport 5072
ena
ipver v4
rport 5073
tmout 30
ena
ipver v4
rport 5075
ena
ipver v4
rport 5076
ena
ipver v4
rport 5080
ena
592

ipver v4
/c/slb/virt <user-specified instance name>_Fronted_17/service 8080 http
rport 8080
/c/slb/layer7/httpmod <generated index number>
ena
name "htto.to.https.lync.cwa"
/c/slb/layer7/httpmod <generated index number>/rule <generated index number>
text
name "htto.to.https.cwa"
directn resp
body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Oracle E-BusinessAppShape-generated Configuration

The following is the Alteon CLI configuration that the Oracle E-Business AppShape generates.
Note: For more information on the Oracle E-Business AppShape type, see Configuring an Oracle EBusiness AppShape Instance, page 199.

name "oracle.<generated index number>"
minsize 1024
ena
/c/slb/ssl/certs/key <user-specified certificate ID>
/c/slb/ssl/certs/request <user-specified certificate ID>
/c/slb/ssl/certs/cert <user-specified certificate ID>
name "Oracle.SSL.offloading.<generated index number>"
ena
name "oracle.cache.<generated index number>"
ena
ena
ipver v4
593


name "Oracle.app<user-specified IP address>"
ipver v4
name "oracle.app"
ena
ipver v4
vname "Oracle.e-buiss.<user-specified instance name>"
action redirect
rport 0
redirect "https://$HOST/$PATH/"
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 80 http/http
rport 8000
dbind forceproxy
ptmout 720
srvrcert cert <user-specified certificate ID>
Oracle SOA Suite 11gAppShape-generated

Configuration
The following is the Alteon CLI configuration that the Oracle SOA Suite 11g AppShape generates.
Note: For more information on the Oracle SOA Suite 11g AppShape type, see Configuring an Oracle
SOA Suite 11g AppShape Instance, page 201.
594


name "oracle.comp_<generated index number>"
ena
name "webtierssl_<generated index number>"
ena
ena
ipver v4
health http
slowstr 180
name "webtier"
/c/slb/virt <user-specified instance name>_<generated index number>
ena
ipver v4
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http
rport 7777
dbind ena
http/http
cachepol 1
https
rport 7777
pbind clientip
dbind ena
https/http
https/ssl
595


ena
ipver v4
http
rport 7777
dbind forceproxy
http/http
ena
ipver v4
http
group MyOracleSOASuite11gIn_grp
rport 7777
dbind forceproxy
http/http
Oracle WebLogic 12cAppShape-generated

Configuration
The following is the Alteon CLI configuration that the Oracle WebLogic 12c AppShape generates.
Note: For more information on the Oracle WebLogic 12c AppShape type, see Configuring an Oracle
WebLogic 12c AppShape Instance, page 204.

name "compression.<generated index number>"
minsize 1024
ena
596


/c/slb/ssl/sslpol<generated index number>
name "SSL.<generated index number>"
ena
ena
ipver v4
name "Weblogic.<user-specified IP address>"
ipver v4
metric roundrobin
name "weblogic.group"
ena
ipver v4
vname "Weblogic.<user-specified instance name>"
action redirect
rport 0
redirect "https://$HOST/$PATH/"
dbind ena
rport 7001
dbind forceproxy
597

SharePoint 2010AppShape-generated Configuration

The following is the Alteon CLI configuration that the SharePoint 2010 AppShape generates.
Note: For more information on the SharePoint 2010 AppShape type, see Configuring a SharePoint
2010 AppShape Instance, page 206.
User specified enable disable.

name "SharePoint.<index number>"
ena
User specified enable disable
/c/slb/ssl/sslpol <index number>
name "SharePoint. < generated index number>"
ena
/c/slb/ssl/sslpol < generated index number>/passinfo
frontend enabled
User specified enable disable
name "SharePoint. <generated index number>"
minsize 1024
ena
ena
ipver v4
name "SharePoint. <user-specified IP address>"
ena
ipver v4
name "SharePoint.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix first>
add <user-specified virtual-server name>_<generated suffix next>
name "SharePoint.group"
598

/c/slb/pip/type vlan [Specified by user because connection management was

enabled]
/c/slb/pip/type port [Specified by user because connection management was
enabled]
/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by
user because connection management was enabled.]
ena
ipver v4
vname "SharePoint.<user-specified virtual-server name>"
group .<user-specified virtual-server name>_grp
rport 80
dbind forceproxy
report real
rport 80
dbind forceproxy
report real
connmgt ena 10
httpmod <generated index number>
/c/slb/virt <user-specified virtual-server name>/service 443 https/<generated
index number>
ena
name "http.to.https.sharepoint"
/c/slb/layer7/httpmod <generated index number>/rule 1 text
ena
599

directn resp
body include
action replace "FROMTEXT=http://<user-specified domain>" "TOTEXT=https://
SharePoint 2013AppShape-generated Configuration

The following is the Alteon CLI configuration that the SharePoint 2013 AppShape generates.
Note: For more information on the SharePoint 2013 AppShape type, see Configuring a SharePoint
2013 AppShape Instance, page 208.

name "comp<generated index number>"
minsize 1
ena
/c/slb/ssl/sslpol 1
name "SharePoint_2013. <generated index number>"
ena
ena
ipver v4
name "SP2013.<user-specified IP address>"
ipver v4
metric roundrobin
name "sp.group"
ena
ipver v4
vname "SP.<user-specified instance name>"
600


dbind ena
httpmod <generated index number>
/c/slb/real <user-specified instance name>_<generated index number>/layer7
addlb <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/pbind cookie
insert
/c/slb/virt <user-specified instance name>/service 443 https/http/rcount
<generated index number>
ena
/c/slb/layer7/httpmod 1/rule <generated index number> text
ena
name "http.to.https.sharepoint2013"
directn resp
body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
VMware View 5.1AppShape-generated Configuration

The following is the Alteon CLI configuration that the VMware View 5.1 AppShape generates.
Note: For more information on the VMware View 5.1 AppShape type, see Configuring an VMware
View 5.1 AppShape Instance, page 210.

name "comp.<generated index number>"
minsize 1024
ena
601

name "View.<generated index number>"

convert disabled
ena
/c/slb/ssl/sslpol <generated index number>/backend
ssl enabled
ena
ipver v4
name "View.Connector.<user-specified IP address>"
ipver v4
metric phash 255.255.255.255
name "View.connectors"
ena
ipver v4
vname "View.<user-specified instance name>"
rport 443
dbind forceproxy
ZimbraAppShape-generated Configuration
The following is the Alteon CLI configuration that the Zimbra AppShape generates.
Note: For more information on the Zimbra AppShape type, see Configuring a Zimbra AppShape
Instance, page 212.
602


name "Zimbra.<generated index number>"
minsize 1024
ena
/c/slb/ssl/certs/request <user-specified certificate >
/c/slb/ssl/certs/cert <user-specified certificate >
/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>
name "Zimbra.<user-specified instance name>_ssl<generated index number>"
ena
/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>
cipher "all"
convert disabled
ena
ena
ipver v4
name "Zimbra.<user-specified IP address>"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
name "zimbra.HTTP.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.pop3.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.ldap.servers"
/c/slb/group MyZimbraInstance_grp<generated index number>
603

ipver v4
metric phash 255.255.255.255
name "zimbra.imap.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.smtp.servers"
ena
ipver v4
vname "zimbra.servers.MyZimbraInstance"
group <user-specified instance name>_grp<generated index number>
rport 80
dbind forceproxy
xforward ena
sslpol <user-specified instance name>_ssl<generated index number>
/c/slb/virt <user-specified instance name>/service 993 ssl
name "Secure.IMAP"
rport 143
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 993 ssl/ssl
name "Secure.POP3"
rport 110
dbind forceproxy
604


name "Secure.SMTP"
rport 25
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 389 ldap
rport 389
/c/slb/virt <user-specified instance name>/service 25 smtp
rport 25
/c/slb/virt <user-specified instance name>/service 110 pop3
rport 110
/c/slb/virt <user-specified instance name>/service 143 imap
rport 143
605

606
Appendix F APSolute Vision Specifications

and Requirements
This section contains various specifications and requirements for APSolute Vision, which comprise
the following:
System Capacity, page 607
UDP/TCP Ports, page 608
APSolute Vision Web Based Management Interface Requirements, page 609
Application Performance Monitoring Requirements, page 610
Device Performance Monitoring Requirements, page 610
APSolute Vision Reporter Requirements, page 610
Notes
APSolute Vision server can run as a physical or virtual appliance called APSolute Vision server.
For hardware and virtual-appliance (VA) specifications, see the APSolute Vision Installation and
Maintenance Guide.
APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
APSolute Vision supports multiple device types and versions. For the most up-to-date lists of
supported devices and versions, see the APSolute Vision Release Notes for the required version.
System Capacity
The following table lists the capacity of a single APSolute Vision system.
Table 485: APSolute Vision System Capacity
Topic
Physical Appliance and Capacity of Demo-Scale

Full-Scale Virtual
VA1
Appliance Capacity
User Accounts
Unlimited
Unlimited
Concurrent Users
50
Maximum managed Alteon devices

(Standalone, VA, ADC-VX, and vADC)
1000
Maximum managed DefensePro devices
40
Total managed devices
1000
Attacks stored in APSolute Vision Reporter
100M
Not supported for

production deployment
1 Demo-scale VA is intended for use in demonstrations and lab deployments. Demo-scale

VA should not be used in production environments.
607

APSolute Vision Specifications and Requirements
UDP/TCP Ports
Radware management interfaces communicate with various UDP/TCP ports using HTTPS, HTTP,
Telnet, and SSH. If you intend to use these interfaces, ensure they are accessible and not blocked by
your firewall.
The following table lists the ports for APSolute Vision server-client communication.
Table 486: Ports for APSolute Vision Server-WBM Communication and Operating System
Port
Protocol
Type
Usage
Opened on APSolute
Vision Server Firewall
22
SSH, SFTP,
SCP
TCP
Terminal client to server.
Yes
Server CLI management, file transfer.
Server to northbound.
Push backups, reports, and so on.
25
SMTP
TCP
Server to external e-mail server.
No
69
TFTP
TCP
Not in use. This port will be closed in

future release.
Yes
80
HTTP
TCP
Web browser to APSolute Vision

server.
Yes
APSolute Vision server to APM server

(over the APM Management
interface), for Application
Performance Monitoring (APM). Port
80 is the default port for this
functionality, but you can configure
another port. For more information,
see the Application Performance
Monitoring Troubleshooting and
Technical Guide.1
443
HTTPS
TCP
APSolute Vision WBM to server.
Yes
514
Syslog
UDP
Server to external syslog server.
Yes
631
IPP
TCP UDP
Used by the operating system and

configured by default in iptables.
Yes
2093
Proprietary
TCP UDP
Not in use. This port will be closed in a

future release.
Yes
2189
Proprietary
TCP UDP
Used for communication with vDirect.
Yes
2214
Syslog
TCP UDP
Syslog devices (AppWall servers only) to

Yes
3306
MySQL
TCP
Remote MySQL connections for read-only Closed by default, but

access to certain APSolute Vision
can be opened via
database-table views.
APSolute Vision CLI
This port is open only when the APSolute for accessing MySQL
database.
Vision server is configured to allow
remote access to its MySQL database. For
more information, see system database
access Commands, page 470.
5353
608
UDP
UDP
Used for multicast DNS by the operating

system and configured by default in
iptables.
Yes

Table 486: Ports for APSolute Vision Server-WBM Communication and Operating System
Port
Protocol
Type
Usage
Opened on APSolute
9216
HTTPS
TCP
APSolute Vision Reporter client to

APSolute Vision Reporter server.
Yes
9443
TCP
TCP
WBM Web browser to APSolute Vision

Yes
server, for Device Performance Monitoring
(DPM).
1 Alteon also uses port 80 to communicate with the APM server (over the APM Data
interface).
The following table lists the ports for communication between APSolute Vision server and Radware
devices.
Table 487: Communication Ports for APSolute Vision Server with Radware Devices
Port
Protocol
Type
Usage
Opened on APSolute
801
HTTP
TCP
APSolute Vision server to devices, for file

transfer.
Yes
161
SNMP
UDP
APSolute Vision server to devices, for

SNMP management.
No
162
SNMP
UDP
Devices to APSolute Vision server, for

traps.
Yes
443
HTTPS
TCP
APSolute Vision server to devices, and

devices to APSolute Vision server for
REST calls and file transfer.
Yes
2088
IRP
UDP
Devices to APSolute Vision server, for

statistics.
Yes
3030
TCP
TCP
APSolute Vision server to Alteon device,

No
for Device Performance Monitoring (DPM).
Note: APSolute Vision pulls the data
from Alteon.
8200
8270
8300
SSL
TCP
APSolute Vision server to AppWall devices No

(AppWall servers only).
1 This is the default port. The value is configurable.
APSolute Vision Web Based Management Interface

Requirements
Before you use the APSolute Vision client, ensure your computer meets the hardware and software
requirements.
APSolute Vision WBM Supported Browsers, page 610
APSolute Vision WBM Supported Operating Systems, page 610
609

APSolute Vision WBM Supported Operating Systems

You can access APSolute Vision WBM with browsers installed on the following operating systems:
Windows 8 64-bit
Windows 7 SP1 32-bit and 64-bit
Linux Ubuntu (Desktop)
Mac OS X
APSolute Vision WBM Supported Browsers

You can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device
Performance Monitor, and the APM server Web interface) using the following browsers:
Mozilla Firefox build 31
Chrome 37
Application Performance Monitoring Requirements

The APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor
(APM). The APM is a process that runs on the APSolute Vision server with APM server VA offering.
APSolute Vision WBM includes an option to open the APM Web interface.
For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and
Maintenance Guide.
Device Performance Monitoring Requirements

APSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for
Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser
tab.
APSolute Vision Reporter Requirements

APSolute Vision WBM can connect to the APSolute Vision Reporter (AVR). APSolute Vision WBM
includes a button that opens the AVR in a separate browser tab.
Java client version 1.6.0_22 or later must be installed to run the APSolute Vision Reporter.
610
Radware Ltd. End User License Agreement

By accepting this End User License Agreement (this License Agreement) you agree to be contacted
by Radware Ltd.s (Radware) sales personnel.
If you would like to receive license rights different from the rights granted below or if you wish to
acquire warranty or support services beyond the scope provided herein (if any), please contact
Radwares sales team.
THIS LICENSE AGREEMENT GOVERNS YOUR USE OF ANY SOFTWARE DEVELOPED AND/OR
DISTRIBUTED BY RADWARE AND ANY UPGRADES, MODIFIED VERSIONS, UPDATES, ADDITIONS,
AND COPIES OF THE SOFTWARE FURNISHED TO YOU DURING THE TERM OF THE LICENSE
GRANTED HEREIN (THE SOFTWARE). THIS LICENSE AGREEMENT APPLIES REGARDLESS OF
WHETHER THE SOFTWARE IS DELIVERED TO YOU AS AN EMBEDDED COMPONENT OF A RADWARE
PRODUCT (PRODUCT), OR WHETHER IT IS DELIVERED AS A STANDALONE SOFTWARE PRODUCT.
FOR THE AVOIDANCE OF DOUBT IT IS HEREBY CLARIFIED THAT THIS LICENSE AGREEMENT
APPLIES TO PLUG-INS, CONNECTORS, EXTENSIONS AND SIMILAR SOFTWARE COMPONENTS
DEVELOPED BY RADWARE THAT CONNECT OR INTEGRATE A RADWARE PRODUCT WITH THE
PRODUCT OF A THIRD PARTY (COLLECTIVELY, CONNECTORS) FOR PROVISIONING,
DECOMMISSIONING, MANAGING, CONFIGURING OR MONITORING RADWARE PRODUCTS. THE
APPLICABILITY OF THIS LICENSE AGREEMENT TO CONNECTORS IS REGARDLESS OF WHETHER
SUCH CONNECTORS ARE DISTRIBUTED TO YOU BY RADWARE OR BY A THIRD PARTY PRODUCT
VENDOR. IN CASE A CONNECTOR IS DISTRIBUTED TO YOU BY A THIRD PARTY PRODUCT VENDOR
PURSUANT TO THE TERMS OF AN AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT
VENDOR, THEN, AS BETWEEN RADWARE AND YOURSELF, TO THE EXTENT THERE IS ANY
DISCREPANCY OR INCONSISTENCY BETWEEN THE TERMS OF THIS LICENSE AGREEMENT AND THE
TERMS OF THE AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THE TERMS
OF THIS LICENSE AGREEMENT WILL GOVERN AND PREVAIL. PLEASE READ THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE
CONTAINING RADWARES PRODUCT, OR BEFORE DOWNLOADING, INSTALLING, COPYING OR
OTHERWISE USING RADWARES STANDALONE SOFTWARE (AS APPLICABLE). THE SOFTWARE IS
LICENSED (NOT SOLD). BY OPENING THE PACKAGE CONTAINING RADWARES PRODUCT, OR BY
DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE (AS APPLICABLE), YOU
CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS LICENSE AGREEMENT AND YOU AGREE
TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. FURTHERMORE, YOU HEREBY WAIVE
ANY CLAIM OR RIGHT THAT YOU MAY HAVE TO ASSERT THAT YOUR ACCEPTANCE AS STATED
HEREINABOVE IS NOT THE EQUIVALENT OF, OR DEEMED AS, A VALID SIGNATURE TO THIS LICENSE
AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THE TERMS OF THIS LICENSE
AGREEMENT, YOU SHOULD PROMPTLY RETURN THE UNOPENED PRODUCT PACKAGE OR YOU
SHOULD NOT DOWNLOAD, INSTALL, COPY OR OTHERWISE USE THE SOFTWARE (AS APPLICABLE).
THIS LICENSE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SOFTWARE
BETWEEN YOU AND RADWARE, AND SUPERSEDES ANY AND ALL PRIOR PROPOSALS,
REPRESENTATIONS, OR UNDERSTANDINGS BETWEEN THE PARTIES. YOU MEANS THE NATURAL
PERSON OR THE ENTITY THAT IS AGREEING TO BE BOUND BY THIS LICENSE AGREEMENT, THEIR
EMPLOYEES AND THIRD PARTY CONTRACTORS. YOU SHALL BE LIABLE FOR ANY FAILURE BY SUCH
EMPLOYEES AND THIRD PARTY CONTRACTORS TO COMPLY WITH THE TERMS OF THIS LICENSE
AGREEMENT.
1.
License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you
accept, a limited, nonexclusive, nontransferable license to install and use the Software in
machine-readable, object code form only and solely for your internal business purposes
(Commercial License). If the Software is distributed to you with a software development kit
(the SDK), then, solely with regard to the SDK, the Commercial License above also includes a
limited, nonexclusive, nontransferable license to install and use the SDK solely on computers
within your organization, and solely for your internal development of an integration or
interoperation of the Software and/or other Radware Products with software or hardware
products owned, licensed and/or controlled by you (the SDK Purpose). To the extent an SDK is
distributed to you together with code samples in source code format (the Code Samples) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
611

nonexclusive, nontransferable license to copy and modify the Code Samples and create
derivative works based thereon solely for the SDK Purpose and solely on computers within your
organization. The SDK shall be considered part of the term Software for all purposes of this
License Agreement. You agree that you will not sell, assign, license, sublicense, transfer, pledge,
lease, rent or share your rights under this License Agreement nor will you distribute copies of
the Software or any parts thereof. Rights not specifically granted herein, are specifically
prohibited.
2.
Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any timelimited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (Evaluation Use) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the Evaluation Period). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radwares then-current list prices.
3.
Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
4.
Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (Feedback),
provided by you to Radware will be owned exclusively by Radware and considered Radwares
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sub-licensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 4 will survive
the termination or expiration of this Agreement.
5.
Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble,
disassemble, decompile, reverse engineer or otherwise attempt to derive source code (or the
underlying ideas, algorithms, structure or organization) from the Software, in whole or in part,
or in any instance where the law permits any such action, you agree to provide Radware at least
ninety (90) days advance written notice of your belief that such action is warranted and
permitted and to provide Radware with an opportunity to evaluate if the laws requirements
necessitate such action; or (c) create, develop, license, install, use, or deploy any software or
services to circumvent, enable, modify or provide access, permissions or rights which violate the
technical restrictions of the Software; (d) in the event the Software is provided as an embedded
or bundled component of another Radware Product, you shall not use the Software other than as
part of the combined Product and for the purposes for which the combined Product is intended;
(e) remove any copyright notices, identification or any other proprietary notices from the
Software (including any notices of Third Party Software (as defined below); or (f) copy the
612

Software onto any public or distributed network or use the Software to operate in or as a timesharing, outsourcing, service bureau, application service provider, or managed service provider
environment. Notwithstanding Section 5(d), if you provide hosting or cloud computing services
to your customers, you are entitled to use and include the Software in your IT infrastructure on
which you provide your services. It is hereby clarified that the prohibitions on modifying, or
creating derivative works based on, any Software provided by Radware, apply whether the
Software is provided in a machine or in a human readable form. It is acknowledged that
examples provided in a human readable form may be modified by a user.
6. Intellectual Property Rights. You acknowledge and agree that this License Agreement does
not convey to you any interest in the Software except for the limited right to use the Software,
and that all right, title, and interest in and to the Software, including any and all associated
intellectual property rights, are and shall remain with Radware or its third party licensors. You
further acknowledge and agree that the Software is a proprietary product of Radware and/or its
licensors and is protected under applicable copyright law.
7. No Warranty. The Software, and any and all accompanying software, files, libraries, data and
materials, are distributed and provided AS IS by Radware or by its third party licensors (as
applicable) and with no warranty of any kind, whether express or implied, including, without
limitation, any non-infringement warranty or warranty of merchantability or fitness for a
particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or
makes any representation regarding the title in the Software, the use of, or the results of the
use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the
operation of the Software will be uninterrupted or error-free, or that the use of any passwords,
license keys and/or encryption features will be effective in preventing the unintentional
disclosure of information contained in any file. You acknowledge that good data processing
procedure dictates that any program, including the Software, must be thoroughly tested with
non-critical data before there is any reliance on it, and you hereby assume the entire risk of all
use of the copies of the Software covered by this License. Radware does not make any
representation or warranty, nor does Radware assume any responsibility or liability or provide
any license or technical maintenance and support for any operating systems, databases,
migration tools or any other software component provided by a third party supplier and with
which the Software is meant to interoperate.
This disclaimer of warranty constitutes an essential and material part of this License.
In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable
under any warranty provision, Radware shall be released from all such obligations in the event
that the Software shall have been subject to misuse, neglect, accident or improper installation,
or if repairs or modifications were made by persons other than by Radwares authorized service
personnel.
8. Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no
event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors,
contractors, subsidiaries, or parent organizations (together, the Radware Parties), be liable for
any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating
to the use of, or the inability to use, the Software, or to your relationship with, Radware or any
of the Radware Parties (including, without limitation, loss or disclosure of data or information,
and/or loss of profit, revenue, business opportunity or business advantage, and/or business
interruption), whether based upon a claim or action of contract, warranty, negligence, strict
liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of
the possibility of such damages. If any Radware Party is found to be liable to You or to any thirdparty under any applicable law despite the explicit disclaimers and limitations under these
terms, then any liability of such Radware Party, will be limited exclusively to refund of any
license or registration or subscription fees paid by you to Radware.
9. Third Party Software. The Software includes software portions developed and owned by third
parties (the Third Party Software). Third Party Software shall be deemed part of the Software
for all intents and purposes of this License Agreement; provided, however, that in the event that
a Third Party Software is a software for which the source code is made available under an open
source software license agreement, then, to the extent there is any discrepancy or inconsistency
between the terms of this License Agreement and the terms of any such open source license
agreement (including, for example, license rights in the open source license agreement that are
613

broader than the license rights set forth in Section 1 above and/or no limitation in the open
source license agreement on the actions set forth in Section 5 above), the terms of any such
open source license agreement will govern and prevail. The terms of open source license
agreements and copyright notices under which Third Party Software is being licensed to
Radware or a link thereto, are included with the Software documentation or in the header or
readme files of the Software. Third Party licensors and suppliers retain all right, title and interest
in and to the Third Party Software and all copies thereof, including all copyright and other
intellectual property associated therewith. In addition to the use limitations applicable to Third
Party Software pursuant to Section 5 above, you agree and undertake not to use the Third Party
Software as a general SQL server, as a stand-alone application or with applications other than
the Software under this License Agreement.
10. Term and Termination. This License Agreement is effective upon the first to occur of your
opening the package of the Product, purchasing, downloading, installing, copying or using the
Software or any portion thereof, and shall continue until terminated. However, sections 4-14
shall survive any termination of this License Agreement. The Licenses granted under this License
Agreement are not transferable and will terminate upon: (i) termination of this License
Agreement, or (ii) transfer of the Software, or (iii) in the event the Software is provided as an
embedded or bundled component of another Radware Product, when the Software is un-bundled
from such Product or otherwise used other than as part of such Product. If the Software is
licensed on subscription basis, this Agreement will automatically terminate upon the termination
of your subscription period if it is not extended.
11. Export. The Software or any part thereof may be subject to export or import controls under
applicable export/import control laws and regulations including such laws and regulations of the
United States and/or Israel. You agree to comply with such laws and regulations, and, agree not
to knowingly export, re-export, import or re-import, or transfer products without first obtaining
all required Government authorizations or licenses therefor. Furthermore, You hereby covenant
and agree to ensure that your use of the Software is in compliance with all other foreign,
federal, state, and local laws and regulations, including without limitation all laws and
regulations relating to privacy rights, and data protection. You shall have in place a privacy
policy and obtain all of the permissions, authorizations and consents required by applicable law
for use of cookies and processing of users data (including without limitation pursuant to
Directives 95/46/EC, 2002/58/EC and 2009/136/EC of the EU if applicable) for the purpose of
provision of any services.
12. US Government. To the extent you are the U.S. government or any agency or instrumentality
thereof, you acknowledge and agree that the Software is a commercial computer software and
commercial computer software documentation pursuant to applicable regulations and your use
of the is subject to the terms of this License Agreement.
13. Governing Law. This License Agreement shall be construed and governed in accordance with
the laws of the State of Israel.
14. Miscellaneous. If a judicial determination is made that any of the provisions contained in this
License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or
provisions shall be rendered void or invalid only to the extent that such judicial determination
finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder
of this License Agreement shall remain operative and in full force and effect. In any event a
party breaches or threatens to commit a breach of this License Agreement, the other party will,
in addition to any other remedies available to, be entitled to injunction relief. This License
Agreement constitutes the entire agreement between the parties hereto and supersedes all prior
agreements between the parties hereto with respect to the subject matter hereof. The failure of
any party hereto to require the performance of any provisions of this License Agreement shall in
no manner affect the right to enforce the same. No waiver by any party hereto of any provisions
or of any breach of any provisions of this License Agreement shall be deemed or construed
either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of
any other provision or breach of any other provision of this License Agreement.
614

IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE YOU MUST REMOVE THE
SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMIDIATELY CEASE USING THE
SOFTWARE.
COPYRIGHT 2015, Radware Ltd. All Rights Reserved.
615

APSVision 3-40 UG

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

APSVision 3-40 UG

Uploaded by

Copyright:

Available Formats

APSolute Vision

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Redistributions of any form whatsoever must retain the following acknowledgment:

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

This product contains code developed by the OpenBSD Project

This product includes software developed by Markus Friedl.

Notice traitant du copyright

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Dieses Produkt enthlt von Markus Friedl entwickelte Software.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Limitations on Warranty and Liability

Limitations on Warranty and Liability

Limitations de la Garantie et Responsabilit

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Haftungs- und Gewhrleistungsausschluss

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

This marking or statement includes the following text warning:

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

AC units for Denmark, Finland, Norway, Sweden (marked on product):

Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt

Unit is intended for connection to IT power systems for Norway only.

To connect the power connection:

Connect the power cable to the grounded AC outlet.

Figure 3: tiquette davertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon dalimentation

Cette marque ou remarque inclut lavertissement textuel suivant:

Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):

Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt

Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).

Pour brancher lalimentation lectrique: