APSolute Vision - USER GUIDE - Check Point Software

APSolute Vision User Guide

APSolute VisionUSER GUIDE

Software Version 4.0.0Document ID: RDWR-APSV-V04000_UG1809 September 2018


2 Document ID: RDWR-APSV-V04000_UG1809


Document ID: RDWR-APSV-V04000_UG1809 3

Important NoticesThe following important notices are presented in English, French, and German.

Important NoticesThis guide is delivered subject to the following conditions and restrictions:Copyright Radware Ltd. 2018. All rights reserved.The copyright and all other intellectual property rights and trade secrets included in this guide are owned by Radware Ltd.The guide is provided to Radware customers for the sole purpose of obtaining information with respect to the installation and use of the Radware products described in this document, and may not be used for any other purpose.The information contained in this guide is proprietary to Radware and must be kept in strict confidence.It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without the prior written consent of Radware.

Notice importanteCe guide est sujet aux conditions et restrictions suivantes:Copyright Radware Ltd. 2018. Tous droits réservés.Le copyright ainsi que tout autre droit lié à la propriété intellectuelle et aux secrets industriels contenus dans ce guide sont la propriété de Radware Ltd.Ce guide d’informations est fourni à nos clients dans le cadre de l’installation et de l’usage des produits de Radware décrits dans ce document et ne pourra être utilisé dans un but autre que celui pour lequel il a été conçu.Les informations répertoriées dans ce document restent la propriété de Radware et doivent être conservées de manière confidentielle.Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce manuel sans avoir obtenu le consentement préalable écrit de Radware.

Wichtige AnmerkungDieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschränkungen ausgeliefert:Copyright Radware Ltd. 2018. Alle Rechte vorbehalten.Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und Geschäftsgeheimnisse sind Eigentum von Radware Ltd.Dieses Handbuch wird Kunden von Radware mit dem ausschließlichen Zweck ausgehändigt, Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von Radware bereitzustellen. Es darf für keinen anderen Zweck verwendet werden.Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und müssen streng vertraulich behandelt werden.Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung von Radware zu kopieren, vervielfältigen, reproduzieren oder offen zu legen.



Copyright NoticesThe following copyright notices are presented in English, French, and German.

Copyright NoticesThe programs included in this product are subject to a restricted use license and can only be used in conjunction with this application.The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL, please contact [email protected] LicenseCopyright (c) 1998-2011 The OpenSSL Project. All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).Original SSLeay LicenseCopyright (C) 1995-1998 Eric Young ([email protected])All rights reserved.This package is an SSL implementation written by Eric Young ([email protected]).The implementation was written so as to conform with Netscapes SSL.



This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]).Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed.If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used.This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.


3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young ([email protected])" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgment:

"This product includes software written by Tim Hudson ([email protected])"THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS”' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]This product contains the Rijndael cipher The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license: @version 3.0 (December 2000)Optimized ANSI C code for the Rijndael cipher (now AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>The OnDemand Switch may use software components licensed under the GNU General Public License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.This code is hereby placed in the public domain.

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html





This product contains code developed by the OpenBSD ProjectCopyright ©1983, 1990, 1992, 1993, 1995The Regents of the University of California. All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:



3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

This product includes software developed by Markus Friedl.This product includes software developed by Theo de Raadt.This product includes software developed by Niels ProvosThis product includes software developed by Dug SongThis product includes software developed by Aaron CampbellThis product includes software developed by Damien MillerThis product includes software developed by Kevin StevesThis product includes software developed by Daniel KourilThis product includes software developed by Wesley GriffinThis product includes software developed by Per AllanssonThis product includes software developed by Nils NordmanThis product includes software developed by Simon WilkinsonRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:



This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for any particular purpose. It is provided “as is” without express or implied warranty of any kind.This product includes the DB2 Express-C database, the copyrights of which are owned IBM.

Notice traitant du copyrightLes programmes intégrés dans ce produit sont soumis à une licence d’utilisation limitée et ne peuvent être utilisés qu’en lien avec cette application.L’implémentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du domaine public et distribuée sous les termes de la licence suivante:@version 3.0 (Décembre 2000)Code ANSI C code pour Rijndael (actuellement AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>.



Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets à source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande auprès de Radware. Une copie de la licence est répertoriée sur: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.Ce code est également placé dans le domaine public.Ce produit renferme des codes développés dans le cadre du projet OpenSSL.Copyright ©1983, 1990, 1992, 1993, 1995Les membres du conseil de l’Université de Californie. Tous droits réservés.La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée pour autant que les conditions suivantes soient remplies:

1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette liste de conditions et l’avis de non-responsabilité suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et l’avis de non-responsabilité suivant.

3. Le nom de l’université, ainsi que le nom des contributeurs ne seront en aucun cas utilisés pour approuver ou promouvoir un produit dérivé de ce programme sans l’obtention préalable d’une autorisation écrite.

Ce produit inclut un logiciel développé par Markus Friedl.Ce produit inclut un logiciel développé par Theo de Raadt.Ce produit inclut un logiciel développé par Niels Provos.Ce produit inclut un logiciel développé par Dug Song.Ce produit inclut un logiciel développé par Aaron Campbell.Ce produit inclut un logiciel développé par Damien Miller.Ce produit inclut un logiciel développé par Kevin Steves.Ce produit inclut un logiciel développé par Daniel Kouril.Ce produit inclut un logiciel développé par Wesley Griffin.Ce produit inclut un logiciel développé par Per Allansson.Ce produit inclut un logiciel développé par Nils Nordman.Ce produit inclut un logiciel développé par Simon Wilkinson.La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée pour autant que les conditions suivantes soient remplies:

1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette liste de conditions et l’avis de non-responsabilité suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et l’avis de non-responsabilité suivant.

LE LOGICIEL MENTIONNÉ CI-DESSUS EST FOURNI TEL QUEL PAR LE DÉVELOPPEUR ET TOUTE GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S’Y LIMITER, TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE ET D’ADÉQUATION À UN USAGE PARTICULIER EST EXCLUE.EN AUCUN CAS L’AUTEUR NE POURRA ÊTRE TENU RESPONSABLE DES DOMMAGES DIRECTS, INDIRECTS, ACCESSOIRES, SPÉCIAUX, EXEMPLAIRES OU CONSÉCUTIFS (Y COMPRIS, MAIS SANS S’Y LIMITER, L’ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D’USAGE, DE DONNÉES OU DE PROFITS OU L’INTERRUPTION DES AFFAIRES), QUELLE QU’EN SOIT LA CAUSE ET LA THÉORIE DE RESPONSABILITÉ, QU’IL S’AGISSE D’UN CONTRAT, DE RESPONSABILITÉ STRICTE OU D’UN ACTE DOMMAGEABLE (Y COMPRIS LA NÉGLIGENCE OU AUTRE), DÉCOULANT DE QUELLE QUE FAÇON QUE CE SOIT DE L’USAGE DE CE LOGICIEL, MÊME S’IL A ÉTÉ AVERTI DE LA POSSIBILITÉ D’UN TEL DOMMAGE.







CopyrightvermerkeDie in diesem Produkt enthalten Programme unterliegen einer eingeschränkten Nutzungslizenz und können nur in Verbindung mit dieser Anwendung benutzt werden.Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist öffentlich zugänglich und wird unter folgender Lizenz vertrieben:@version 3.0 (December 2000)Optimierter ANSI C Code für den Rijndael cipher (jetzt AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>Der OnDemand Switch verwendet möglicherweise Software, die im Rahmen der DNU Allgemeine Öffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschließlich LinuxBios und Filo Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhältlich. Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.Dieser Code wird hiermit allgemein zugänglich gemacht.Dieses Produkt enthält einen vom OpenBSD-Projekt entwickelten CodeCopyright ©1983, 1990, 1992, 1993, 1995The Regents of the University of California. Alle Rechte vorbehalten.Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.

3. Weder der Name der Universität noch die Namen der Beitragenden dürfen ohne ausdrückliche vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete Produkte zu empfehlen oder zu bewerben.

Dieses Produkt enthält von Markus Friedl entwickelte Software.Dieses Produkt enthält von Theo de Raadt entwickelte Software. Dieses Produkt enthält von Niels Provos entwickelte Software.Dieses Produkt enthält von Dug Song entwickelte Software.Dieses Produkt enthält von Aaron Campbell entwickelte Software.Dieses Produkt enthält von Damien Miller entwickelte Software.Dieses Produkt enthält von Kevin Steves entwickelte Software.Dieses Produkt enthält von Daniel Kouril entwickelte Software.Dieses Produkt enthält von Wesley Griffin entwickelte Software.Dieses Produkt enthält von Per Allansson entwickelte Software.Dieses Produkt enthält von Nils Nordman entwickelte Software.Dieses Produkt enthält von Simon Wilkinson entwickelte Software.Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.







SÄMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (“AS IS”) BEREITGESTELLT. JEGLICHE AUSDRÜCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH, DOCH NICHT BESCHRÄNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGÄNGIGKEIT UND DER ANWENDBARKEIT FÜR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.UNTER KEINEN UMSTÄNDEN HAFTET DER AUTOR FÜR DIREKTE ODER INDIREKTE SCHÄDEN, FÜR BEI VERTRAGSERFÜLLUNG ENTSTANDENE SCHÄDEN, FÜR BESONDERE SCHÄDEN, FÜR SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FÜR FOLGESCHÄDEN EINSCHLIESSLICH, DOCH NICHT BESCHRÄNKT AUF, ERWERB VON ERSATZGÜTERN ODER ERSATZLEISTUNGEN; VERLUST AN NUTZUNG, DATEN ODER GEWINN; ODER GESCHÄFTSUNTERBRECHUNGEN) GLEICH, WIE SIE ENTSTANDEN SIND, UND FÜR JEGLICHE ART VON HAFTUNG, SEI ES VERTRÄGE, GEFÄHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLÄSSIGKEIT ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST WENN AUF DIE MÖGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.

Standard WarrantyThe following standard warranty is presented in English, French, and German.

Standard WarrantyRadware offers a limited warranty for all its products (“Products”). Radware hardware products are warranted against defects in material and workmanship for a period of one year from date of shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at its discretion, repair or replace the Product.For hardware warranty service or repair, the product must be returned to a service facility designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay the shipping charges in returning the product to the customer. Please see specific details outlined in the Standard Warranty section of the customer’s purchase order.Radware shall be released from all obligations under its Standard Warranty in the event that the Product and/or the defective component has been subjected to misuse, neglect, accident or improper installation, or if repairs or modifications were made by persons other than Radware authorized service personnel, unless such repairs by others were made with the written consent of Radware.EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE PROVIDED BY “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

Garantie standardRadware octroie une garantie limitée pour l’ensemble de ses produits (“Produits”). Le matériel informatique (hardware) Radware est garanti contre tout défaut matériel et de fabrication pendant une durée d’un an à compter de la date d’expédition. Les logiciels (software) Radware sont fournis avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du logiciels (bugs) pendant une durée maximum de 90 jours à compter de la date d’achat. Dans l’hypothèse où un Produit présenterait un défaut pendant ladite (lesdites) période(s), Radware procédera, à sa discrétion, à la réparation ou à l’échange du Produit.S’agissant de la garantie d’échange ou de réparation du matériel informatique, le Produit doit être retourné chez un réparateur désigné par Radware. Le Client aura à sa charge les frais d’envoi du Produit à Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter les conditions spécifiques décrites dans la partie “Garantie Standard” du bon de commande client.



Radware est libérée de toutes obligations liées à la Garantie Standard dans l’hypothèse où le Produit et/ou le composant défectueux a fait l’objet d’un mauvais usage, d’une négligence, d’un accident ou d’une installation non conforme, ou si les réparations ou les modifications qu’il a subi ont été effectuées par d’autres personnes que le personnel de maintenance autorisé par Radware, sauf si Radware a donné son consentement écrit à ce que de telles réparations soient effectuées par ces personnes.SAUF DANS LES CAS PREVUS CI-DESSUS, L’ENSEMBLE DES PRODUITS RADWARE (MATERIELS ET LOGICIELS) SONT FOURNIS “TELS QUELS” ET TOUTES GARANTIES EXPRESSES OU IMPLICITES SONT EXCLUES, EN CE COMPRIS, MAIS SANS S’Y RESTREINDRE, LES GARANTIES IMPLICITES DE QUALITE MARCHANDE ET D’ADÉQUATION À UNE UTILISATION PARTICULIÈRE.

Standard GarantieRadware bietet eine begrenzte Garantie für alle seine Produkte (“Produkte”) an. Hardware Produkte von Radware haben eine Garantie gegen Material- und Verarbeitungsfehler für einen Zeitraum von einem Jahr ab Lieferdatum. Radware Software verfügt über eine Standard Garantie zur Fehlerbereinigung für einen Zeitraum von bis zu 90 Tagen nach Erwerbsdatum. Sollte ein Produkt innerhalb des angegebenen Garantiezeitraumes einen Defekt aufweisen, wird Radware das Produkt nach eigenem Ermessen entweder reparieren oder ersetzen.Für den Hardware Garantieservice oder die Reparatur ist das Produkt an eine von Radware bezeichnete Serviceeinrichtung zurückzugeben. Der Kunde hat die Versandkosten für den Transport des Produktes zu Radware zu tragen, Radware übernimmt die Kosten der Rückversendung des Produktes an den Kunden. Genauere Angaben entnehmen Sie bitte dem Abschnitt zur Standard Garantie im Bestellformular für Kunden.Radware ist von sämtlichen Verpflichtungen unter seiner Standard Garantie befreit, sofern das Produkt oder der fehlerhafte Teil zweckentfremdet genutzt, in der Pflege vernachlässigt, einem Unfall ausgesetzt oder unsachgemäß installiert wurde oder sofern Reparaturen oder Modifikationen von anderen Personen als durch Radware autorisierten Kundendienstmitarbeitern vorgenommen wurden, es sei denn, diese Reparatur durch besagte andere Personen wurden mit schriftlicher Genehmigung seitens Radware durchgeführt.MIT AUSNAHME DES OBEN DARGESTELLTEN, SIND ALLE RADWARE PRODUKTE (HARDWARE UND SOFTWARE) GELIEFERT “WIE GESEHEN” UND JEGLICHE AUSDRÜCKLICHEN ODER STILLSCHWEIGENDEN GARANTIEN, EINSCHLIESSLICH ABER NICHT BEGRENZT AUF STILLSCHWEIGENDE GEWÄHRLEISTUNG DER MARKTFÄHIGKEIT UND EIGNUNG FÜR EINEN BESTIMMTEN ZWECK AUSGESCHLOSSEN.

Limitations on Warranty and LiabilityThe following limitations on warranty and liability are presented in English, French, and German.

Limitations on Warranty and LiabilityIN NO EVENT SHALL RADWARE LTD. OR ANY OF ITS AFFILIATED ENTITIES BE LIABLE FOR ANY DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDWARE AND SOFTWARE) DESCRIBED IN THIS USER GUIDE, OR BY ANY DEFECT OR INACCURACY IN THIS USER GUIDE ITSELF. THIS INCLUDES BUT IS NOT LIMITED TO ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION). THE ABOVE LIMITATIONS WILL APPLY EVEN IF RADWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.



Limitations de la Garantie et ResponsabilitéRADWARE LTD. OU SES ENTITIES AFFILIES NE POURRONT EN AUCUN CAS ETRE TENUES RESPONSABLES DES DOMMAGES SUBIS DU FAIT DE L’UTILISATION DES PRODUITS (EN CE COMPRIS LES MATERIELS ET LES LOGICIELS) DECRITS DANS CE MANUEL D’UTILISATION, OU DU FAIT DE DEFAUT OU D’IMPRECISIONS DANS CE MANUEL D’UTILISATION, EN CE COMPRIS, SANS TOUTEFOIS QUE CETTE ENUMERATION SOIT CONSIDEREE COMME LIMITATIVE, TOUS DOMMAGES DIRECTS, INDIRECTS, ACCIDENTELS, SPECIAUX, EXEMPLAIRES, OU ACCESSOIRES (INCLUANT, MAIS SANS S’Y RESTREINDRE, LA FOURNITURE DE PRODUITS OU DE SERVICES DE REMPLACEMENT; LA PERTE D’UTILISATION, DE DONNEES OU DE PROFITS; OU L’INTERRUPTION DES AFFAIRES). LES LIMITATIONS CI-DESSUS S’APPLIQUERONT QUAND BIEN MEME RADWARE A ETE INFORMEE DE LA POSSIBLE EXISTENCE DE CES DOMMAGES. CERTAINES JURIDICTIONS N’ADMETTANT PAS LES EXCLUSIONS OU LIMITATIONS DE GARANTIES IMPLICITES OU DE RESPONSABILITE EN CAS DE DOMMAGES ACCESSOIRES OU INDIRECTS, LESDITES LIMITATIONS OU EXCLUSIONS POURRAIENT NE PAS ETRE APPLICABLE DANS VOTRE CAS.

Haftungs- und GewährleistungsausschlussIN KEINEM FALL IST RADWARE LTD. ODER EIN IHR VERBUNDENES UNTERNEHMEN HAFTBAR FÜR SCHÄDEN, WELCHE BEIM GEBRAUCH DES PRODUKTES (HARDWARE UND SOFTWARE) WIE IM BENUTZERHANDBUCH BESCHRIEBEN, ODER AUFGRUND EINES FEHLERS ODER EINER UNGENAUIGKEIT IN DIESEM BENUTZERHANDBUCH SELBST ENTSTANDEN SIND. DAZU GEHÖREN UNTER ANDEREM (OHNE DARAUF BEGRENZT ZU SEIN) JEGLICHE DIREKTEN; IDIREKTEN; NEBEN; SPEZIELLEN, BELEGTEN ODER FOLGESCHÄDEN (EINSCHLIESSLICH ABER NICHT BEGRENZT AUF BESCHAFFUNG ODER ERSATZ VON WAREN ODER DIENSTEN, NUTZUNGSAUSFALL, DATEN- ODER GEWINNVERLUST ODER BETRIEBSUNTERBRECHUNGEN). DIE OBEN GENANNTEN BEGRENZUNGEN GREIFEN AUCH, SOFERN RADWARE AUF DIE MÖGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WORDEN SEIN SOLLTE. EINIGE RECHTSORDNUNGEN LASSEN EINEN AUSSCHLUSS ODER EINE BEGRENZUNG STILLSCHWEIGENDER GARANTIEN ODER HAFTUNGEN BEZÜGLICH NEBEN- ODER FOLGESCHÄDEN NICHT ZU, SO DASS DIE OBEN DARGESTELLTE BEGRENZUNG ODER DER AUSSCHLUSS SIE UNTER UMSTÄNDEN NICHT BETREFFEN WIRD.

Safety InstructionsThe following safety instructions are presented in English, French, and German.

Safety InstructionsCAUTION A readily accessible disconnect device shall be incorporated in the building installation wiring. Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that involve opening panels or changing components must be performed by qualified service personnel only.To reduce the risk of fire and electrical shock, disconnect the device from the power line before removing cover or panels. The following figure shows the caution label that is attached to Radware platforms with dual power supplies.



Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESEThe following figure is the warning for Radware platforms with dual power supplies.

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:This unit has more than one power supply. Disconnect all power supplies before maintenance to avoid electric shock. SERVICING Do not perform any servicing other than that contained in the operating instructions unless you are qualified to do so. There are no serviceable parts inside the unit. HIGH VOLTAGEAny adjustment, maintenance, and repair of the opened instrument under voltage must be avoided as much as possible and, when inevitable, must be carried out only by a skilled person who is aware of the hazard involved. Capacitors inside the instrument may still be charged even if the instrument has been disconnected from its source of supply.GROUNDINGBefore connecting this device to the power line, the protective earth terminal screws of this device must be connected to the protective earth in the building installation.LASERThis equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard.FUSESMake sure that only fuses with the required rated current and of the specified type are used for replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided. Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be made inoperative and be secured against any unintended operation. LINE VOLTAGE Before connecting this instrument to the power line, make sure the voltage of the power source matches the requirements of the instrument. Refer to the Specifications for information about the correct power rating for the device. 48V DC-powered platforms have an input tolerance of 36-72V DC.



SPECIFICATION CHANGES Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense.SPECIAL NOTICE FOR NORTH AMERICAN USERSFor North American power connection, select a power supply cord that is UL Listed and CSA Certified 3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply cord that is internationally harmonized and marked “<HAR>”, 3 - conductor, 0,75 mm2 minimum mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated 250 V, 3 A.RESTRICT AREA ACCESSThe DC powered equipment should only be installed in a Restricted Access Area. INSTALLATION CODESThis device must be installed according to country national electrical codes. For North America, equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16, 110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.INTERCONNECTION OF UNITS Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or DP-2. (Note- when residing in non LPS circuit)OVERCURRENT PROTECTION A readily accessible listed branch-circuit over current protective device rated 15 A must be incorporated in the building wiring for each power input.REPLACEABLE BATTERIESIf equipment is provided with a replaceable battery, and is replaced by an incorrect battery type, then an explosion may occur. This is the case for some Lithium batteries and the following is applicable:• If the battery is placed in an Operator Access Area, there is a marking close to the battery or

a statement in both the operating and service instructions.• If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a

statement in the service instructions.

This marking or statement includes the following text warning:CAUTIONRISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.Caution – To Reduce the Risk of Electrical Shock and Fire

1. This equipment is designed to permit connection between the earthed conductor of the DC supply circuit and the earthing conductor equipment. See Installation Instructions.

2. All servicing must be undertaken only by qualified service personnel. There are not user serviceable parts inside the unit.

3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.



4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.

5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label adjacent to the power inlet, housing the fuse.

6. Do not operate the device in a location where the maximum ambient temperature exceeds 40°C/104°F.

7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove and/or check the main power fuse. CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60 825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001

AC units for Denmark, Finland, Norway, Sweden (marked on product):• Denmark - “Unit is class I - unit to be used with an AC cord set suitable with Denmark

deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket outlet which is connected to a protective earth. Socket outlets which are not connected to earth are not to be used!”

• Finland - (Marking label and in manual) - “Laite on liitettävä suojamaadoituskoskettimilla varustettuun pistorasiaan”

• Norway (Marking label and in manual) - “Apparatet må tilkoples jordet stikkontakt”• Unit is intended for connection to IT power systems for Norway only.• Sweden (Marking label and in manual) - “Apparaten skall anslutas till jordat uttag.”

To connect the power connection:

1. Connect the power cable to the main socket, located on the rear panel of the device.2. Connect the power cable to the grounded AC outlet.

CAUTIONRisk of electric shock and energy hazard. Disconnecting one power supply disconnects only one power supply module. To isolate the unit completely, disconnect all power supplies.

Instructions de sécuritéAVERTISSEMENTUn dispositif de déconnexion facilement accessible sera incorporé au câblage du bâtiment.En raison des risques de chocs électriques et des dangers énergétiques, mécaniques et d’incendie, chaque procédure impliquant l’ouverture des panneaux ou le remplacement de composants sera exécutée par du personnel qualifié.Pour réduire les risques d’incendie et de chocs électriques, déconnectez le dispositif du bloc d’alimentation avant de retirer le couvercle ou les panneaux.La figure suivante montre l’étiquette d’avertissement apposée sur les plateformes Radware dotées de plus d’une source d’alimentation électrique.

Figure 3: Étiquette d’avertissement de danger de chocs électriques



AVERTISSEMENT DE SÉCURITÉ POUR LES SYSTÈMES DOTÉS DE DEUX SOURCES D’ALIMENTATION ÉLECTRIQUE (EN CHINOIS)La figure suivante représente l’étiquette d’avertissement pour les plateformes Radware dotées de deux sources d’alimentation électrique.

Figure 4: Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation électrique (en chinois)

Traduction de la Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation électrique (en chinois):Cette unité est dotée de plus d’une source d’alimentation électrique. Déconnectez toutes les sources d’alimentation électrique avant d’entretenir l’appareil ceci pour éviter tout choc électrique.ENTRETIENN’effectuez aucun entretien autre que ceux répertoriés dans le manuel d’instructions, à moins d’être qualifié en la matière. Aucune pièce à l’intérieur de l’unité ne peut être remplacée ou réparée.HAUTE TENSIONTout réglage, opération d’entretien et réparation de l’instrument ouvert sous tension doit être évité. Si cela s’avère indispensable, confiez cette opération à une personne qualifiée et consciente des dangers impliqués.Les condensateurs au sein de l’unité risquent d’être chargés même si l’unité a été déconnectée de la source d’alimentation électrique.MISE A LA TERREAvant de connecter ce dispositif à la ligne électrique, les vis de protection de la borne de terre de cette unité doivent être reliées au système de mise à la terre du bâtiment.LASERCet équipement est un produit laser de classe 1, conforme à la norme IEC60825 - 1: 1993 + A1: 1997 + A2: 2001.FUSIBLESAssurez-vous que, seuls les fusibles à courant nominal requis et de type spécifié sont utilisés en remplacement. L’usage de fusibles réparés et le court-circuitage des porte-fusibles doivent être évités. Lorsqu’il est pratiquement certain que la protection offerte par les fusibles a été détériorée, l’instrument doit être désactivé et sécurisé contre toute opération involontaire.TENSION DE LIGNEAvant de connecter cet instrument à la ligne électrique, vérifiez que la tension de la source d’alimentation correspond aux exigences de l’instrument. Consultez les spécifications propres à l’alimentation nominale correcte du dispositif.Les plateformes alimentées en 48 CC ont une tolérance d’entrée comprise entre 36 et 72 V CC. MODIFICATIONS DES SPÉCIFICATIONSLes spécifications sont sujettes à changement sans notice préalable.



Remarque: Cet équipement a été testé et déclaré conforme aux limites définies pour un appareil numérique de classe A, conformément au paragraphe 15B de la réglementation FCC et EN55022 Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC 61000-4-11, pour la marque de conformité de la CE. Ces limites sont fixées pour fournir une protection raisonnable contre les interférences nuisibles, lorsque l’équipement est utilisé dans un environnement commercial. Cet équipement génère, utilise et peut émettre des fréquences radio et, s’il n’est pas installé et utilisé conformément au manuel d’instructions, peut entraîner des interférences nuisibles aux communications radio. Le fonctionnement de cet équipement dans une zone résidentielle est susceptible de provoquer des interférences nuisibles, auquel cas l’utilisateur devra corriger le problème à ses propres frais.NOTICE SPÉCIALE POUR LES UTILISATEURS NORD-AMÉRICAINSPour un raccordement électrique en Amérique du Nord, sélectionnez un cordon d’alimentation homologué UL et certifié CSA 3 - conducteur, [18 AWG], muni d’une prise moulée à son extrémité, de 125 V, [10 A], d’une longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la connexion européenne, choisissez un cordon d’alimentation mondialement homologué et marqué “<HAR>”, 3 - conducteur, câble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isolée. La prise à l’extrémité du cordon, sera dotée d’un sceau moulé indiquant: 250 V, 3 A.ZONE A ACCÈS RESTREINTL’équipement alimenté en CC ne pourra être installé que dans une zone à accès restreint.CODES D’INSTALLATIONCe dispositif doit être installé en conformité avec les codes électriques nationaux. En Amérique du Nord, l’équipement sera installé en conformité avec le code électrique national américain, articles 110-16, 110 -17, et 110 -18 et le code électrique canadien, Section 12.INTERCONNEXION DES UNÎTESLes câbles de connexion à l’unité RS232 et aux interfaces Ethernet seront certifiés UL, type DP-1 ou DP-2. (Remarque- s’ils ne résident pas dans un circuit LPS).PROTECTION CONTRE LES SURCHARGESUn circuit de dérivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit être intégré au câblage du bâtiment pour chaque puissance consommée.BATTERIES REMPLAÇABLESSi l’équipement est fourni avec une batterie, et qu’elle est remplacée par un type de batterie incorrect, elle est susceptible d’exploser. C’est le cas pour certaines batteries au lithium, les éléments suivants sont donc applicables:• Si la batterie est placée dans une zone d’accès opérateur, une marque est indiquée sur la

batterie ou une remarque est insérée, aussi bien dans les instructions d’exploitation que d’entretien.

• Si la batterie est placée ailleurs dans l’équipement, une marque est indiquée sur la batterie ou une remarque est insérée dans les instructions d’entretien.

Cette marque ou remarque inclut l’avertissement textuel suivant: AVERTISSEMENTRISQUE D’EXPLOSION SI LA BATTERIE EST REMPLACÉE PAR UN MODÈLE INCORRECT. METTRE AU REBUT LES BATTERIES CONFORMÉMENT AUX INSTRUCTIONS.Attention - Pour réduire les risques de chocs électriques et d’incendie

1. Cet équipement est conçu pour permettre la connexion entre le conducteur de mise à la terre du circuit électrique CC et l’équipement de mise à la terre. Voir les instructions d’installation.

2. Tout entretien sera entrepris par du personnel qualifié. Aucune pièce à l’intérieur de l’unité ne peut être remplacée ou réparée.

3. NE branchez pas, n’allumez pas ou n’essayez pas d’utiliser une unité manifestement endommagée.

4. Vérifiez que l’orifice de ventilation du châssis dans l’unité n’est PAS OBSTRUE.



5. Remplacez le fusible endommagé par un modèle similaire de même puissance, tel qu’indiqué sur l’étiquette de sécurité adjacente à l’arrivée électrique hébergeant le fusible.

6. Ne faites pas fonctionner l’appareil dans un endroit, où la température ambiante dépasse la valeur maximale autorisée. 40°C/104°F.

7. Débranchez le cordon électrique de la prise murale AVANT d’essayer de retirer et/ou de vérifier le fusible d’alimentation principal.

PRODUIT LASER DE CLASSE 1 ET RÉFÉRENCE AUX NORMES LASER LES PLUS RÉCENTES: IEC 60825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001Unités à CA pour le Danemark, la Finlande, la Norvège, la Suède (indiqué sur le produit):• Danemark - Unité de classe 1 - qui doit être utilisée avec un cordon CA compatible avec les

déviations du Danemark. Le cordon inclut un conducteur de mise à la terre. L’unité sera branchée à une prise murale, mise à la terre. Les prises non-mises à la terre ne seront pas utilisées!

• Finlande (Étiquette et inscription dans le manuel) - Laite on liitettävä suojamaadoituskoskettimilla varustettuun pistorasiaan

• Norvège (Étiquette et inscription dans le manuel) - Apparatet må tilkoples jordet stikkontakt• L’unité peut être connectée à un système électrique IT (en Norvège uniquement).• Suède (Étiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.

Pour brancher à l’alimentation électrique:

1. Branchez le câble d’alimentation à la prise principale, située sur le panneau arrière de l’unité.2. Connectez le câble d’alimentation à la prise CA mise à la terre.

AVERTISSEMENTRisque de choc électrique et danger énergétique. La déconnexion d’une source d’alimentation électrique ne débranche qu’un seul module électrique. Pour isoler complètement l’unité, débranchez toutes les sources d’alimentation électrique.ATTENTIONRisque de choc et de danger électriques. Le débranchement d’une seule alimentation stabilisée ne débranche qu’un module “Alimentation Stabilisée”. Pour Isoler complètement le module en cause, il faut débrancher toutes les alimentations stabilisées.Attention: Pour Réduire Les Risques d’Électrocution et d’Incendie

1. Toutes les opérations d’entretien seront effectuées UNIQUEMENT par du personnel d’entretien qualifié. Aucun composant ne peut être entretenu ou remplacée par l’utilisateur.

2. NE PAS connecter, mettre sous tension ou essayer d’utiliser une unité visiblement défectueuse.

3. Assurez-vous que les ouvertures de ventilation du châssis NE SONT PAS OBSTRUÉES.

4. Remplacez un fusible qui a sauté SEULEMENT par un fusible du même type et de même capacité, comme indiqué sur l’étiquette de sécurité proche de l’entrée de l’alimentation qui contient le fusible.

5. NE PAS UTILISER l’équipement dans des locaux dont la température maximale dépasse 40 degrés Centigrades.

6. Assurez vous que le cordon d’alimentation a été déconnecté AVANT d’essayer de l’enlever et/ou vérifier le fusible de l’alimentation générale.

SicherheitsanweisungenVORSICHTDie Elektroinstallation des Gebäudes muss ein unverzüglich zugängliches Stromunterbrechungsgerät integrieren.



Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr dürfen Vorgänge, in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschließlich von qualifiziertem Servicepersonal durchgeführt werden.Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gerät vor der Entfernung der Abdeckung oder der Paneele von der Stromversorgung getrennt werden.Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit Doppelspeisung angebracht ist.

Figure 5: Warnetikett Stromschlaggefahr

SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FÜR SYSTEME MIT DOPPELSPEISUNGDie folgende Abbildung ist die Warnung für Radware-Plattformen mit Doppelspeisung.

Figure 6: Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung

Übersetzung von Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung:Die Einheit verfügt über mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von Stromschlag vor Wartungsarbeiten sämtliche Stromversorgungsleitungen ab.WARTUNGFühren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angeführt sind, es sei denn, Sie sind dafür qualifiziert. Es gibt innerhalb des Gerätes keine wartungsfähigen Teile.HOCHSPANNUNGJegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geöffneten Gerät unter Spannung müssen so weit wie möglich vermieden werden. Sind sie nicht vermeidbar, dürfen sie ausschließlich von qualifizierten Personen ausgeführt werden, die sich der Gefahr bewusst sind.Innerhalb des Gerätes befindliche Kondensatoren können auch dann noch Ladung enthalten, wenn das Gerät von der Stromversorgung abgeschnitten wurde.ERDUNGBevor das Gerät an die Stromversorgung angeschlossen wird, müssen die Schrauben der Erdungsleitung des Gerätes an die Erdung der Gebäudeverkabelung angeschlossen werden.LASERDieses Gerät ist ein Laser-Produkt der Klasse 1 in Übereinstimmung mit IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard.SICHERUNGEN



Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstärke und der angeführten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die Kurzschließung von Sicherungsfassungen muss vermieden werden. In Fällen, in denen wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeinträchtigt ist, muss das Gerät abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.LEITUNGSSPANNUNGVor Anschluss dieses Gerätes an die Stromversorgung ist zu gewährleisten, dass die Spannung der Stromquelle den Anforderungen des Gerätes entspricht. Beachten Sie die technischen Angaben bezüglich der korrekten elektrischen Werte des Gerätes.Plattformen mit 48 V DC verfügen über eine Eingangstoleranz von 36-72 V DC.ÄNDERUNGEN DER TECHNISCHEN ANGABENÄnderungen der technischen Spezifikationen bleiben vorbehalten.Hinweis: Dieses Gerät wurde geprüft und entspricht den Beschränkungen von digitalen Geräten der Klasse 1 gemäß Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC 61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 für Konformität mit der CE-Bezeichnung. Diese Beschränkungen dienen dem angemessenen Schutz vor schädlichen Interferenzen bei Betrieb des Gerätes in kommerziellem Umfeld. Dieses Gerät erzeugt, verwendet und strahlt elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im Handbuch montiert und benutzt, könnte es mit dem Funkverkehr interferieren und ihn beeinträchtigen. Der Betrieb dieses Gerätes in Wohnbereichen wird höchstwahrscheinlich zu schädlichen Interferenzen führen. In einem solchen Fall wäre der Benutzer verpflichtet, diese Interferenzen auf eigene Kosten zu korrigieren.BESONDERER HINWEIS FÜR BENUTZER IN NORDAMERIKAWählen Sie für den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgeführt und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, für 125 V, [10 A], mit einer Mindestlänge von 1,5 m [sechs Fuß], doch nicht länger als 4,5 m. Für europäische Anschlüsse verwenden Sie ein international harmonisiertes, mit “<HAR>” markiertes Stromkabel, mit 3 Leitern von mindestens 0,75 mm2, für 300 V, mit PVC-Umkleidung. Das Kabel muss in einem gegossenen Stecker für 250 V, 3 A enden.BEREICH MIT EINGESCHRÄNKTEM ZUGANGDas mit Gleichstrom betriebene Gerät darf nur in einem Bereich mit eingeschränktem Zugang montiert werden.INSTALLATIONSCODESDieses Gerät muss gemäß der landesspezifischen elektrischen Codes montiert werden. In Nordamerika müssen Geräte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 - 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden. VERKOPPLUNG VON GERÄTEN Kabel für die Verbindung des Gerätes mit RS232- und Ethernet-müssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem nicht-LPS-Stromkreis)ÜBERSTROMSCHUTZEin gut zugänglicher aufgeführter Überstromschutz mit Abzweigstromkreis und 15 A Stärke muss für jede Stromeingabe in der Gebäudeverkabelung integriert sein.AUSTAUSCHBARE BATTERIENWird ein Gerät mit einer austauschbaren Batterie geliefert und für diese Batterie durch einen falschen Batterietyp ersetzt, könnte dies zu einer Explosion führen. Dies trifft zu für manche Arten von Lithiumsbatterien zu, und das folgende gilt es zu beachten:• Wird die Batterie in einem Bereich für Bediener eingesetzt, findet sich in der Nähe der Batterie

eine Markierung oder Erklärung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.• Ist die Batterie an einer anderen Stelle im Gerät eingesetzt, findet sich in der Nähe der Batterie

eine Markierung oder einer Erklärung in der Wartungsanleitung.

Diese Markierung oder Erklärung enthält den folgenden Warntext:VORSICHT



EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.• Denmark - “Unit is class I - mit Wechselstromkabel benutzen, dass für die Abweichungen in

Dänemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!”

• Finland - (Markierungsetikett und im Handbuch) - Laite on liitettävä suojamaadoituskoskettimilla varustettuun pistorasiaan

• Norway - (Markierungsetikett und im Handbuch) - Apparatet må tilkoples jordet stikkontakt Ausschließlich für Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen

• Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.

Anschluss des Stromkabels:

1. Schließen Sie das Stromkabel an den Hauptanschluss auf der Rückseite des Gerätes an.2. Schließen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.

VORSICHTStromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein Stromversorgungsmodul von der Stromversorgung. Um das Gerät komplett zu isolieren, muss es von der gesamten Stromversorgung getrennt werden. Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr

1. Dieses Gerät ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des Gleichstromkreises und dem Erdungsleiter des Gerätes zu ermöglichen. Siehe Montageanleitung.

2. Wartungsarbeiten jeglicher Art dürfen nur von qualifiziertem Servicepersonal ausgeführt werden. Es gibt innerhalb des Gerätes keine vom Benutzer zu wartenden Teile.

3. Versuchen Sie nicht, ein offensichtlich beschädigtes Gerät an den Stromkreis anzuschließen, einzuschalten oder zu betreiben.

4. Vergewissern Sie sich, dass sie Lüftungsöffnungen im Gehäuse des Gerätes NICHT BLOCKIERT SIND.

5. Ersetzen Sie eine durchgebrannte Sicherung ausschließlich mit dem selben Typ und von der selben Stärke, die auf dem Sicherheitsetikett angeführt sind, das sich neben dem Stromkabelanschluss, am Sicherungsgehäuse.

6. Betreiben Sie das Gerät nicht an einem Standort, an dem die Höchsttemperatur der Umgebung 40°C überschreitet.

7. Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die Hauptsicherung entfernen und/oder prüfen.

Electromagnetic-Interference StatementsThe following statements are presented in English, French, and German.

Electromagnetic-Interference StatementsSPECIFICATION CHANGES Specifications are subject to change without notice.



Note: This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense.VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS

Figure 7: Statement for Class A VCCI-certified Equipment

Translation of Statement for Class A VCCI-certified Equipment:This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may occur, in which case, the user may be required to take corrective actions.KCC KOREA

Figure 8: KCC—Korea Communications Commission Certificate of Broadcasting and Communication Equipment

Figure 9: Statement For Class A KCC-certified Equipment in Korean

Translation of Statement For Class A KCC-certified Equipment in Korean:This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user should take notice of it, and this equipment is to be used in the places except for home.BSMI

Figure 10: Statement for Class A BSMI-certified Equipment

這是甲類的資訊產品，在居住的環境使用中時，可能會造成射頻

干擾，在這種情況下，使用者會被要求採取某些適當的對策。



Translation of Statement for Class A BSMI-certified Equipment:This is a Class A product, in use in a residential environment, it may cause radio interference in which case the user will be required to take adequate measures.

Déclarations sur les Interférences ÉlectromagnétiquesMODIFICATIONS DES SPÉCIFICATIONSLes spécifications sont sujettes à changement sans notice préalable.Remarque: Cet équipement a été testé et déclaré conforme aux limites définies pour un appareil numérique de classe A, conformément au paragraphe 15B de la réglementation FCC et EN55022 Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC 61000-4-11, pour la marque de conformité de la CE. Ces limites sont fixées pour fournir une protection raisonnable contre les interférences nuisibles, lorsque l’équipement est utilisé dans un environnement commercial. Cet équipement génère, utilise et peut émettre des fréquences radio et, s’il n’est pas installé et utilisé conformément au manuel d’instructions, peut entraîner des interférences nuisibles aux communications radio. Le fonctionnement de cet équipement dans une zone résidentielle est susceptible de provoquer des interférences nuisibles, auquel cas l’utilisateur devra corriger le problème à ses propres frais.DÉCLARATIONS SUR LES INTERFÉRENCES ÉLECTROMAGNÉTIQUES VCCI

Figure 11: Déclaration pour l’équipement de classe A certifié VCCI

Traduction de la Déclaration pour l’équipement de classe A certifié VCCI:Il s’agit d’un produit de classe A, basé sur la norme du Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Si cet équipement est utilisé dans un environnement domestique, des perturbations radioélectriques sont susceptibles d’apparaître. Si tel est le cas, l’utilisateur sera tenu de prendre des mesures correctives.KCC Corée

Figure 12: KCC—Certificat de la commission des communications de Corée pour les equipements de radiodiffusion et communication.

Figure 13: Déclaration pour l’équipement de classe A certifié KCC en langue coréenne

Translation de la Déclaration pour l’équipement de classe A certifié KCC en langue coréenne:



Cet équipement est un matériel (classe A) en adéquation aux ondes électromagnétiques et le vendeur ou l’utilisateur doit prendre cela en compte. Ce matériel est donc fait pour être utilisé ailleurs qu’ á la maison.BSMI

Figure 14: Déclaration pour l’équipement de classe A certifié BSMI

Translation de la Déclaration pour l’équipement de classe A certifié BSMI:Il s’agit d’un produit de Classe A; utilisé dans un environnement résidentiel il peut provoquer des interférences, l’utilisateur devra alors prendre les mesures adéquates.

Erklärungen zu Elektromagnetischer InterferenzÄNDERUNGEN DER TECHNISCHEN ANGABENÄnderungen der technischen Spezifikationen bleiben vorbehalten.Hinweis: Dieses Gerät wurde geprüft und entspricht den Beschränkungen von digitalen Geräten der Klasse 1 gemäß Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC 61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 für Konformität mit der CE-Bezeichnung. Diese Beschränkungen dienen dem angemessenen Schutz vor schädlichen Interferenzen bei Betrieb des Gerätes in kommerziellem Umfeld. Dieses Gerät erzeugt, verwendet und strahlt elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im Handbuch montiert und benutzt, könnte es mit dem Funkverkehr interferieren und ihn beeinträchtigen. Der Betrieb dieses Gerätes in Wohnbereichen wird höchstwahrscheinlich zu schädlichen Interferenzen führen. In einem solchen Fall wäre der Benutzer verpflichtet, diese Interferenzen auf eigene Kosten zu korrigieren.ERKLÄRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ

Figure 15: Erklärung zu VCCI-zertifizierten Geräten der Klasse A

Übersetzung von Erklärung zu VCCI-zertifizierten Geräten der Klasse A:Dies ist ein Produkt der Klasse A gemäß den Normen des Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Wird dieses Gerät in einem Wohnbereich benutzt, können elektromagnetische Störungen auftreten. In einem solchen Fall wäre der Benutzer verpflichtet, korrigierend einzugreifen.KCC KOREA

Figure 16: KCC—Korea Communications Commission Zertifikat für Rundfunk-und Nachrichtentechnik





Figure 17: Erklärung zu KCC-zertifizierten Geräten der Klasse A

Übersetzung von Erklärung zu KCC-zertifizierten Geräten der Klasse A:Verkäufer oder Nutzer sollten davon Kenntnis nehmen, daß dieses Gerät der Klasse A für industriell elektromagnetische Wellen geeignete Geräten angehört und dass diese Geräte nicht für den heimischen Gebrauch bestimmt sind.BSMI

Figure 18: Erklärung zu BSMI-zertifizierten Geräten der Klasse A

Übersetzung von Erklärung zu BSMI-zertifizierten Geräten der Klasse A:Dies ist ein Class A Produkt, bei Gebrauch in einer Wohnumgebung kann es zu Funkstörungen kommen, in diesem Fall ist der Benutzer verpflichtet, angemessene Maßnahmen zu ergreifen.

Altitude and Climate WarningThis warning only applies to The People’s Republic of China.

1. 对于在非热带气候条件下运行的设备而言，Tma：为制造商规范允许的最大环境温度，或者为 25°C，采用两者中的较大者。

2. 关于在海拔不超过 2000m或者在非热带气候地区使用的设备，附加警告要求如下：

关于在海拔不超过 2000m的地区使用的设备，必须在随时可见的位置处粘贴包含如下内容或者类似用语的警告标记、或者附件DD中的符号。

“只可在海拔不超过 2000m的位置使用。”

关于在非热带气候地区使用的设备，必须在随时可见的位置处粘贴包含如下内容的警告标记：

附件DD：有关新安全警告标记的说明。

DD.1 海拔警告标记





标记含义：设备的评估仅基于 2000m以下的海拔高度，因此设备只适用于该运行条件。如果在海拔超过 2000m的位置使用设备，可能会存在某些安全隐患。

DD.2 气候警告标记

标记含义：设备的评估仅基于温带气候条件，因此设备只适用于该运行条件。如果在热带气候地区使用设备，可能会存在某些安全隐患。

Document ConventionsThe following describes the conventions and symbols that this guide uses:

Item Description Description Beschreibung

Example

An example scenario Un scénario d’exemple Ein Beispielszenarium

Caution:

Possible damage to equipment, software, or data

Endommagement possible de l’équipement, des données ou du logiciel

Mögliche Schäden an Gerät, Software oder Daten

Note:

Additional information Informations complémentaires

Zusätzliche Informationen

To

A statement and instructions

Références et instructions

Eine Erklärung und Anweisungen

Tip:

A suggestion or workaround

Une suggestion ou solution

Ein Vorschlag oder eine Umgehung

Warning:

Possible physical harm to the operator

Blessure possible de l’opérateur

Verletzungsgefahr des Bedieners


Table of Contents


TABLE OF CONTENTS

Important Notices .......................................................................................................... 3

Copyright Notices .......................................................................................................... 4

Standard Warranty ........................................................................................................ 9

Limitations on Warranty and Liability ........................................................................... 10

Safety Instructions ....................................................................................................... 11

Electromagnetic-Interference Statements ................................................................... 20

Altitude and Climate Warning ...................................................................................... 24

Document Conventions ............................................................................................... 25

CHAPTER 1 – INTRODUCTION TO APSOLUTE VISION ...................................... 41

What is APSolute Vision? ............................................................................................ 41

APSolute Vision Three-Tier Architecture ..................................................................... 43

APSolute Vision Features—Overview ........................................................................ 43APSolute Vision Platform Management ............................................................................... 44User Management and Role-based Access Control (RBAC) .............................................. 44APSolute Vision Platform Security ....................................................................................... 44Auditing and Alerts ............................................................................................................... 45Device-Configuration Features ............................................................................................ 45DefenseFlow Access ........................................................................................................... 48Radware Cloud DDoS Portal Access .................................................................................. 48Device- and Service-Monitoring Features ........................................................................... 49Application Performance Monitor—for Radware ADC Devices .......................................... 50Security-Reporting Features ................................................................................................ 51APSolute Vision Online Help ............................................................................................... 53Language Support (Localization) ......................................................................................... 53

APSolute Vision Interface Navigation .......................................................................... 53APSolute Vision Toolbar ...................................................................................................... 54APSolute Vision Settings View ............................................................................................ 55Device Pane ........................................................................................................................ 57Device-Properties Pane ....................................................................................................... 59Configuration Perspective .................................................................................................... 60Monitoring Perspective ........................................................................................................ 63Security Monitoring Perspective .......................................................................................... 64

CHAPTER 2 – MANAGING APSOLUTE VISION USERS....................................... 67

Logging In as the Default Administrator User—radware User .................................... 67

Viewing Details About the Current User ...................................................................... 68

Role-Based Access Control (RBAC) ........................................................................... 68APSolute Vision RBAC—General Information .................................................................... 69Roles and Scopes ................................................................................................................ 69


Table of Contents


GUI Display Is According to Role ........................................................................................ 70IDM Strings for Predefined Roles ........................................................................................ 71Predefined Roles Described ................................................................................................ 72Roles per Radware Product ............................................................................................... 74Feature-Accessibility per Role ............................................................................................. 75Rules for RBAC Permission Conflicts with Logical Groups ................................................. 77

Configuring General User-Management Settings ....................................................... 79

Configuring Local Users for APSolute Vision ............................................................. 82Adding and Editing Users .................................................................................................... 84Deleting Users ..................................................................................................................... 87Releasing User Lockout ...................................................................................................... 87Resetting User Passwords to the Default ............................................................................ 88Revoking and Enabling Users ............................................................................................. 88

Viewing the Predefined Roles .................................................................................... 89

Managing LDAP Object Class Permissions ............................................................... 89

Viewing User Statistics ............................................................................................... 90

APSolute Vision Password Requirements .................................................................. 91

CHAPTER 3 – GETTING STARTED WITH APSOLUTE VISION............................ 93

Initializing the APSolute Vision Server ....................................................................... 93

Recommended Basic Security Procedures ................................................................ 95Restricting Root Access ...................................................................................................... 95Restricting APSolute Vision CLI Access ............................................................................. 95Restricting Web Access to the APSolute Vision Server ...................................................... 95Restricting Web Access by Radware Technical Support .................................................... 96

APSolute Vision WBM Requirements ......................................................................... 96APSolute Vision WBM Requirements ................................................................................. 96Application Performance Monitoring Requirements ............................................................ 97APSolute Vision Reporter Requirements ............................................................................ 97Device Performance Monitor Requirements ....................................................................... 97

Logging In to and Out of APSolute Vision .................................................................. 97

Changing Passwords for Local Users ........................................................................ 99

Selecting Your Landing Page ................................................................................... 100

After Initial Configuration of APSolute Vision ........................................................... 100

Using Common GUI Elements in APSolute Vision ................................................... 101Icons/Buttons and Commands for Managing Table Entries .............................................. 101Filtering Table Rows .......................................................................................................... 102

CHAPTER 4 – MANAGING AND MONITORING THE APSOLUTE VISION SYSTEM 103

Monitoring APSolute Vision—Overview ................................................................... 104

Managing APSolute Vision Basic Information and Properties .................................. 104


Table of Contents


Configuring Connectivity Parameters for Server Connections ................................. 109

Configuring Settings for Alerts .................................................................................. 112Configuring Settings for the Alerts Pane ........................................................................... 112Selecting Parameters to Include in Security Alerts ........................................................... 124

Managing APSolute Vision Analytics Settings .......................................................... 125Managing the Email Reporting Configuration for APSolute Vision Analytics .................... 125

Configuring Monitoring Settings ............................................................................... 126

Configuring APSolute Vision Server Alarm Thresholds ............................................ 127

Configuring Connections to Authentication Servers ................................................. 128Configuring RADIUS Server Connections ........................................................................ 128Configuring TACACS+ Server Connections ..................................................................... 132Configuring LDAP Server Connections ............................................................................ 137

Managing Device Drivers ......................................................................................... 139

Configuring APSolute Vision Reporter Parameters .................................................. 143

Managing APSolute Vision Licenses and Viewing Capacity Utilization .................... 143

Managing APM in APSolute Vision .......................................................................... 147Viewing Information on the APM-Enabled Devices .......................................................... 150

Configuring the Radware Cloud DDoS Protection Setting ....................................... 151

Configuring APSolute Vision Server Advanced Parameters .................................... 151

Configuring APSolute Vision Display Parameters .................................................... 153

Managing APSolute Vision Maintenance Files ......................................................... 155

Managing Operator Toolbox Settings ....................................................................... 156

Managing Stored Device Configuration/Backup Files .............................................. 156

Viewing Device Subscriptions .................................................................................. 158

Controlling APSolute Vision Operations ................................................................... 160

CHAPTER 5 – MANAGING DEVICES, SITES, AND LOGICAL GROUPS........... 161

Using the Device Pane ............................................................................................. 161Device Pane Trees ........................................................................................................... 162Icons for High Availability .................................................................................................. 162Configuring Sites .............................................................................................................. 162Tree Nodes ....................................................................................................................... 164Exporting a CSV File with the Devices in the Sites and Devices Tree ............................ 164Filtering Entities in the Device Pane ................................................................................. 164

Managing Individual Devices ................................................................................... 164

APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG . 178

APSolute Vision Server Registered for Device Events—DefensePro ..................... 178

APSolute Vision Server Registered for Device Events—AppWall ........................... 179

Locking and Unlocking Devices ................................................................................ 179


Table of Contents


Managing DefensePro Clusters for High Availability ................................................ 181High-Availability in DefensePro—Overview ...................................................................... 181Configuring DefensePro High-Availability Clusters ........................................................... 184Monitoring DefensePro Clusters ....................................................................................... 185Synchronizing High-Availability Devices and Switching the Device States ....................... 186

Using the Multi-Device View and the Multiple Devices Summary ............................ 187

Using Logical Groups of Devices ............................................................................. 190Logical Groups—General Information .............................................................................. 190Logical Group User Interface ............................................................................................ 191Managing Logical Groups ................................................................................................. 192

After You Set Up Your Managed Devices ................................................................ 194

CHAPTER 6 – MANAGING DEVICE OPERATIONS AND MAINTENANCE........ 195

Rebooting and Shutting Down Managed Devices .................................................... 195

Configuring Multiple Devices .................................................................................... 196

Using the Diff Feature ............................................................................................... 198

Device-Configuration Management (Global Commands) for Alteon and LinkProof NG ... 199

Upgrading DefensePro Device Software .................................................................. 202

Downloading a DefensePro Log File to the APSolute Vision Client ......................... 203

Managing a Radware Signature File or Fraud Signature File in DefensePro Devices ..... 204

Downloading a DefensePro Technical Support File ................................................. 206

Managing DefensePro Configurations ...................................................................... 206DefensePro Configuration File Content ............................................................................. 206Downloading a Device-Configuration File ......................................................................... 207Restoring a Device Configuration ...................................................................................... 208

Updating DefensePro Policy Configurations ............................................................ 209

CHAPTER 7 – USING THE TOOLBOX ................................................................. 211

Using and Managing Toolbox Scripts ....................................................................... 211Managing and Customizing Panels in the Toolbox Dashboard ......................................... 214User Roles and Toolbox Scripts ........................................................................................ 216vDirect and vDirect Access to Devices .............................................................................. 216Prerequisites for Target Devices of Toolbox Scripts ......................................................... 216Predefined Toolbox Scripts ............................................................................................... 217Device Locking and Toolbox Scripts ................................................................................. 227Running Scripts ................................................................................................................. 227Managing Toolbox Scripts ................................................................................................. 233Writing and Editing Toolbox Scripts .................................................................................. 237

Using DefensePro Templates ................................................................................... 240


Table of Contents


Using AppShape Templates and Instances ............................................................. 248Configuring a Common Web Application AppShape Instance ......................................... 251Configuring a Citrix XenDesktop AppShape Instance ...................................................... 253Configuring a DefenseSSL AppShape Instance ............................................................... 256Configuring a Microsoft Exchange 2010 AppShape Instance .......................................... 258Configuring a Microsoft Exchange 2013 AppShape Instance .......................................... 262Configuring a Microsoft Lync External AppShape Instance .............................................. 266Configuring a Microsoft Lync Internal AppShape Instance ............................................... 269Configuring an Oracle E-Business AppShape Instance ................................................... 272Configuring an Oracle SOA Suite 11g AppShape Instance .............................................. 274Configuring an Oracle WebLogic 12c AppShape Instance ............................................... 276Configuring a SharePoint 2010 AppShape Instance ........................................................ 278Configuring a SharePoint 2013 AppShape Instance ........................................................ 280Configuring an VMware View 5.1 AppShape Instance ..................................................... 282Configuring a Zimbra AppShape Instance ........................................................................ 284

CHAPTER 8 – SCHEDULING APSOLUTE VISION AND DEVICE TASKS.......... 287

Overview of Scheduling ............................................................................................ 287

Managing Tasks in the Scheduler ............................................................................ 288

Task Parameters ...................................................................................................... 290APSolute Vision Configuration Backup—Parameters ...................................................... 290APSolute Vision Reporter Backup—Parameters ............................................................. 293Update Security Signature Files—Parameters ................................................................ 295Update Fraud Security Signatures—Parameters ............................................................. 296Update Attack Description File—Parameters ................................................................... 297Device Configuration Backup—Parameters ..................................................................... 299Device Reboot Task—Parameters ................................................................................... 301Operator Toolbox Task—Parameters .............................................................................. 302ERT Active Attackers Feed for DefensePro—Parameters ............................................... 305ERT IP Reputation Feed for Alteon—Parameters ........................................................... 307

CHAPTER 9 – MANAGING AUDITING AND ALERTS ......................................... 309

APSolute Vision Auditing .......................................................................................... 309

Enabling Configuration Auditing for Managed Devices ............................................ 310

Managing Alerts ....................................................................................................... 310Events Handled in the Alerts Table Pane ......................................................................... 310Alert Information ............................................................................................................... 312Displaying Alert Information .............................................................................................. 314Filtering Alerts ................................................................................................................... 316Configuring Preferences for the Alerts Pane .................................................................... 318


Table of Contents


CHAPTER 10 – MONITORING ALTEON WITH THE DASHBOARD AND SERVICE STATUS VIEW ....................................................................................................... 319

Monitoring Alteon with the Dashboard ...................................................................... 319System View Dashboard of the Alteon Standalone and Alteon VA Platforms .................. 320System View Dashboard of the vADC Platform ................................................................ 322System View Dashboard for the ADC-VX Platform ........................................................... 323vADCs View Dashboard for ADC-VX ................................................................................ 325

Monitoring Alteon with the Application Delivery View ............................................... 326

Monitoring Alteon with the Service Status View ....................................................... 327

CHAPTER 11 – MONITORING THE ALTEON SYSTEM ...................................... 331

Monitoring General Information ................................................................................ 331

CPU Utilization and Memory Statistics ..................................................................... 333

Monitoring Capacity .................................................................................................. 334Monitoring System Capacity .............................................................................................. 335Monitoring Network Capacity ............................................................................................ 335Monitoring Application Delivery Capacity .......................................................................... 337

Unlocking Users ...................................................................................................... 339

Maintenance ............................................................................................................. 339

Azure ....................................................................................................................... 344

CHAPTER 12 – MONITORING THE ALTEON NETWORK................................... 345

Monitoring and Controlling Physical Ports ................................................................ 345

Monitoring Layer 2 .................................................................................................... 346Monitoring FDB ................................................................................................................. 346Monitoring STG ................................................................................................................. 348

Monitoring Layer 3 .................................................................................................... 348Monitoring Gateways ........................................................................................................ 349Monitoring Routes ............................................................................................................. 349Monitoring Learned MACs (or IP FDB) ............................................................................. 350Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier ............................... 353Monitoring Interfaces ......................................................................................................... 354

Monitoring High Availability ...................................................................................... 355Monitoring High Availability in Alteon Version 30.1 ........................................................... 355Monitoring High Availability for Alteon Version 30.2 and Later ......................................... 358

CHAPTER 13 – MONITORING ALTEON APPLICATION DELIVERY.................. 363

Clearing Non-operating SLB Statistics ..................................................................... 363

Clearing SLB Statistics from the HA Peer ................................................................ 364

Monitoring and Controlling Virtual Servers ............................................................... 364

Monitoring and Managing Filters .............................................................................. 369


Table of Contents


Monitoring and Controlling Server Resources .......................................................... 372Monitoring and Controlling Real Servers .......................................................................... 373Monitoring and Controlling Server Groups ....................................................................... 375

View a FastView Web Application ............................................................................ 377

Monitoring and Controlling APM ............................................................................... 378

Monitoring and Controlling SSL ................................................................................ 379Monitoring SSL Client Authentication and the OCSP /CDP Cache .................................. 379Monitoring SSL Inspection ............................................................................................... 380Monitoring Security Device Groups ................................................................................. 380Monitoring Security Devices ............................................................................................ 380Monitoring CDP Group Status ......................................................................................... 381

Monitoring Traffic Match Criteria .............................................................................. 382Monitoring URL Filtering .................................................................................................. 382

Monitoring and Controlling Application Services ...................................................... 383Monitoring and Controlling HTTP .................................................................................... 383

Monitoring LinkProof ................................................................................................. 389Monitoring WAN Links ..................................................................................................... 389Monitoring WAN Link Groups ........................................................................................... 390Monitoring Proximity ......................................................................................................... 391Monitoring Smart NAT ...................................................................................................... 391

Monitoring Global Traffic Redirection Statistics ........................................................ 392Monitoring Global DNS and HTTP Redirection Statistics ................................................. 392Monitoring Remote Real And Virtual Server Statistics ..................................................... 393Monitoring Client Network Rule Statistics ......................................................................... 394Monitoring DNS Redirection Rule Statistics ..................................................................... 394Monitoring DNS Zone Statistics ........................................................................................ 395

Monitoring AppShape++ Statistics ........................................................................... 396

CHAPTER 14 – MONITORING AND CONTROLLING VADC............................... 397

CHAPTER 15 – MONITORING ALTEON IP REPUTATION SECURITY............... 399Monitoring the IP Reputation Activity Log ......................................................................... 400

CHAPTER 16 – USING THE DEVICE PERFORMANCE MONITOR..................... 403

DPM Overview .......................................................................................................... 403

Opening the Device Performance Monitor ............................................................... 404

Device Performance Monitor Main Interface ............................................................ 404

Displaying and Filtering Sites and Devices .............................................................. 406

Viewing and Managing Reports ................................................................................ 406Viewing Reports ................................................................................................................ 406Opening the Filter Window ............................................................................................... 407

Exporting Reports ..................................................................................................... 407


Table of Contents


Supported Report Categories ................................................................................... 408ADC/vADC Reports ........................................................................................................... 408Application Reports ........................................................................................................... 413Real Server Reports .......................................................................................................... 417Port Reports ...................................................................................................................... 419VX Reports ........................................................................................................................ 421

Viewing Dashboards for Single Standalone and vADC Devices .............................. 423Displaying the Dashboard and Managing the Display ....................................................... 424

Dashboard Components for Single Standalone and vADC Devices ........................ 424

Viewing the Dashboard for ADC-VX Devices ........................................................... 426Displaying the VX Dashboard and Managing the Display ................................................. 426

Dashboard Components for VX Devices .................................................................. 427

Viewing Dashboards for Multiple Standalone and vADC Devices ............................ 428Displaying the Multi-Device Dashboard and Managing the Display .................................. 428

Multi-Device Dashboard Components ...................................................................... 429

CHAPTER 17 – MONITORING AND CONTROLLING THE DEFENSEPRO OPERATIONAL STATUS ...................................................................................... 431

Monitoring the General DefensePro Device Information .......................................... 431

Monitoring and Controlling DefensePro Device Ports and Trunks ........................... 433

Monitoring DefensePro High Availability .................................................................. 435

Monitoring DefensePro Resource Utilization ............................................................ 436Monitoring DefensePro CPU Utilization ............................................................................ 436Monitoring and Clearing DefensePro Authentication Tables ............................................. 439Monitoring DME Utilization According to Configured Policies ........................................... 440Monitoring DefensePro Syslog Information ....................................................................... 441

Monitoring Cisco Security Group Tags (SGTs) ........................................................ 441

CHAPTER 18 – MONITORING DEFENSEPRO STATISTICS .............................. 443

Monitoring DefensePro SNMP Statistics .................................................................. 443

Monitoring DefensePro Bandwidth Management Statistics ...................................... 444Displaying the Last-Second BWM Statistics for a Selected DefensePro Device .............. 444Displaying the Last-Period BWM Statistics for a Selected DefensePro Device ................ 445

Monitoring DefensePro IP Statistics ......................................................................... 446

CHAPTER 19 – MONITORING AND MANAGING DEFENSEPRO DIAGNOSTICS.... 449

Configuring the Diagnostic Tool Parameters ............................................................ 449

Configuring Diagnostics Policies .............................................................................. 453

Managing Capture Files ........................................................................................... 454


Table of Contents


CHAPTER 20 – MONITORING AND CONTROLLING DEFENSEPRO NETWORKING 459

Monitoring and Controlling the DefensePro Session Table ...................................... 459Monitoring Session Table Information .............................................................................. 459Configuring DefensePro Session Table Filters ................................................................. 461

Monitoring Routing Table Information ...................................................................... 461

Monitoring DefensePro ARP Table Information ....................................................... 462

Monitoring MPLS RD Information ............................................................................. 463

Monitoring the DefensePro Suspend Table .............................................................. 464

Monitoring Tunnel Interfaces .................................................................................... 465

Monitoring BGP Peers .............................................................................................. 465

CHAPTER 21 – MONITORING AND CONTROLLING DEFENSEFLOW OPERATION 469

Operation .................................................................................................................. 469Attack Mitigation Operations ............................................................................................. 469Pending Actions ................................................................................................................ 475Mitigation Devices ............................................................................................................. 482Protected Objects ............................................................................................................. 483Ongoing Protections ......................................................................................................... 491BGP .................................................................................................................................. 496

System ..................................................................................................................... 503General Information .......................................................................................................... 503System Utilization ............................................................................................................. 504Background Processes ..................................................................................................... 504High Availability ................................................................................................................ 504

CHAPTER 22 – USING REAL-TIME SECURITY MONITORING .......................... 507

Using Real-Time Security Monitoring with AppWall and Alteon ............................... 508Monitoring Security Events ............................................................................................... 508Monitoring Attack Distribution ........................................................................................... 512Monitoring Outbound SSL Inspection ............................................................................... 513

Using Real-Time Security Monitoring with DefensePro and DefenseFlow ............... 520Risk Levels ....................................................................................................................... 521Using the Dashboard Views for Real-Time Security Monitoring ....................................... 521Viewing Real-Time Traffic Reports ................................................................................... 549Protection Monitoring ........................................................................................................ 560HTTP Reports ................................................................................................................... 568

CHAPTER 23 – USING THE APSOLUTE VISION DASHBOARDS...................... 573

Using the Application SLA Dashboard ..................................................................... 573

Using the Security Control Center ............................................................................ 576DefensePro Information in the Security Control Center .................................................... 577


Table of Contents


DefenseFlow Information in the Security Control Center .................................................. 578AppWall Information in the Security Control Center .......................................................... 578APSolute Vision Reporter Information in the Security Control Center .............................. 578APSolute Vision Analytics Information in the Security Control Center .............................. 579Emergency Response Team Information in the Security Control Center .......................... 579Radware Cloud DDoS Protection Information in the Security Control Center ................... 579Radware Signature-Update-Service (SUS) Information in the Security Control Center .... 579Fraud Security Signatures Information in the Security Control Center .............................. 580ERT Active Attackers Feed Information in the Security Control Center ............................ 581

Using the Service Status Dashboard ........................................................................ 582

CHAPTER 24 – APSOLUTE VISION CLI COMMANDS ....................................... 589

Accessing APSolute Vision CLI ................................................................................ 589

Command Syntax Conventions ................................................................................ 590

Main CLI Menu ......................................................................................................... 591

General CLI Commands ........................................................................................... 591exit ..................................................................................................................................... 591help ................................................................................................................................... 592history ................................................................................................................................ 592ping ................................................................................................................................... 592reboot ................................................................................................................................ 592shutdown ........................................................................................................................... 593grep ................................................................................................................................... 593more .................................................................................................................................. 593

Network Configuration Commands ........................................................................... 593Network DNS Commands ................................................................................................. 593Net Firewall Commands .................................................................................................... 595Network IP Interface Commands ...................................................................................... 596Network NAT Commands .................................................................................................. 597Network Physical Interface Commands ............................................................................ 598Network Routing Commands ............................................................................................ 599

System Commands .................................................................................................. 602System APM Commands .................................................................................................. 603system audit-log export ..................................................................................................... 603System APSolute Vision Server Commands ..................................................................... 604System Backup Commands .............................................................................................. 604system cleanup ................................................................................................................. 620System Configuration-Synchronization Commands .......................................................... 620System Database Commands ........................................................................................... 624System Date Commands .................................................................................................. 625System DF Commands ..................................................................................................... 626System DPM Commands .................................................................................................. 628System Exporter Commands (Event Exporter) ................................................................. 632system hardware status get .............................................................................................. 637System Hostname Commands .......................................................................................... 637


Table of Contents


System Java Security Commands .................................................................................... 637System NTP Commands .................................................................................................. 638system rpm list .................................................................................................................. 640System SNMP Commands ............................................................................................... 640System SSL Commands ................................................................................................... 642system statistics ................................................................................................................ 645System Storage Commands ............................................................................................. 645System TCP Capture Commands .................................................................................... 646System Terminal Commands ........................................................................................... 648System Timezone Commands .......................................................................................... 649System Upgrade Commands ............................................................................................ 650System User Authentication-Mode Commands ................................................................ 651System User Password Commands ................................................................................. 652system version .................................................................................................................. 654System VRM Commands ................................................................................................. 654

Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2 Platform .............................................................................................. 655

Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute Vision ..................................................................................................................... 656

CHAPTER 25 – USING VDIRECT WITH APSOLUTE VISION.............................. 657

vDirect-APSolute Vision Integration—Overview ...................................................... 657

Accessing the vDirect Configuration Interface of the APSolute Vision Server ......... 657

Managing Devices in APSolute Vision with vDirect .................................................. 658APSolute Vision and vDirect Terminology ........................................................................ 658APSolute Vision vDirect Sites ........................................................................................... 659APSolute-Vision–vDirect Limitations ................................................................................ 659APSolute-Vision–vDirect Prerequisites and Recommendations ....................................... 659Configuring a Container in vDirect .................................................................................... 660Managing DefensePro Instances in APSolute Vision vDirect ........................................... 664

APPENDIX A – MANAGING THE ONLINE-HELP PACKAGE ON THE SERVER 669

APPENDIX B – APSOLUTE VISION LOG MESSAGES AND ALERTS............... 671

Global Parameters .................................................................................................... 672

Advanced Parameters .............................................................................................. 672

Alert Browser Settings .............................................................................................. 673

Connection Settings ................................................................................................. 674

Monitoring Settings ................................................................................................... 675

RADIUS Configuration .............................................................................................. 676

Security Alert Settings .............................................................................................. 677

TACACS+ Configuration Settings ............................................................................ 678

Warning Threshold Settings ..................................................................................... 678


Table of Contents


SharePath Settings ................................................................................................... 679

APSolute Vision License Settings ............................................................................ 679

Upload Logo Settings ............................................................................................... 680

Security Group Settings ............................................................................................ 680

Device Operation Alerts ............................................................................................ 680

Audit Message Type Enum ...................................................................................... 683

HTTPS Communication Check ................................................................................. 684

Anti-Fraud Update on the Device ............................................................................. 684

SUS Updates ............................................................................................................ 685

ERT Active Attackers Feed ...................................................................................... 685

Operation Constant .................................................................................................. 686

Audit Messages ........................................................................................................ 686

Alert Mail Notifier ...................................................................................................... 687

Scheduled Task Alerts .............................................................................................. 688

General ..................................................................................................................... 690

Alerts from CLI .......................................................................................................... 690

Device Configuration Audit Messages ...................................................................... 692

Hardware Alerts ........................................................................................................ 692

APPENDIX C – MIBS FOR MONITORING APSOLUTE VISION ......................... 693

RFC1213 MIB Objects for Monitoring APSolute Vision ............................................ 694

Host Resources MIB Objects for Monitoring APSolute Vision .................................. 696

UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision ................................ 696

Trap Objects for Monitoring APSolute Vision ........................................................... 697

Trap Objects for APSolute Vision Alerts ................................................................... 698

APPENDIX D – APPSHAPE-GENERATED CONFIGURATIONS......................... 701

Common Web Application—AppShape-generated Configuration ........................... 701

Citrix XenDesktop—AppShape-generated Configuration ........................................ 703

DefenseSSL—AppShape-generated Configuration ................................................. 705

Microsoft Exchange 2010—AppShape-generated Configuration ............................ 706

Microsoft Exchange 2013—AppShape-generated Configuration ............................ 709

Microsoft Link External—AppShape-generated Configuration ................................ 711

Microsoft Link Internal—AppShape-generated Configuration .................................. 714

Oracle E-Business—AppShape-generated Configuration ....................................... 723

Oracle SOA Suite 11g—AppShape-generated Configuration ................................. 724

Oracle WebLogic 12c—AppShape-generated Configuration .................................. 726

SharePoint 2010—AppShape-generated Configuration .......................................... 727

SharePoint 2013—AppShape-generated Configuration .......................................... 729


Table of Contents


VMware View 5.1—AppShape-generated Configuration ......................................... 731

Zimbra—AppShape-generated Configuration .......................................................... 732

APPENDIX E – USING THE EVENT EXPORTER................................................. 737

Event-Record Structure and Content ....................................................................... 737

DFBdosBaseline (DefenseFlow BDoS Baseline) Records ...................................... 737

DFSecurityAttack (DefenseFlow Security Attack) Records ...................................... 739

DFTrafficUtilization (DefenseFlow Traffic Utilization) Records ................................. 742

DPSecurityAttack (DefensePro Security Attack) Records ........................................ 744

DPTrafficUtilization (DefensePro Traffic Utilization) Records ................................... 749

APPENDIX F – DEFENSEPRO ATTACK-PROTECTION IDS .............................. 751

APPENDIX G – APSOLUTE VISION SPECIFICATIONS AND REQUIREMENTS 765

UDP/TCP Ports and IP Protocols ............................................................................. 765

APSolute Vision Web Based Management Interface Requirements ........................ 768APSolute Vision WBM Supported Operating Systems ..................................................... 768APSolute Vision WBM Supported Browsers ..................................................................... 768

Application Performance Monitoring Requirements ................................................. 768

Device Performance Monitoring Requirements ........................................................ 769

APSolute Vision Reporter Requirements ................................................................. 769

RADWARE LTD. END USER LICENSE AGREEMENT ........................................ 771


Table of Contents



CHAPTER 1 – INTRODUCTION TO APSOLUTE VISION

This guide is intended for users and administrators of APSolute Vision™. The guide describes the relevant aspects of APSolute Vision and how to use it.The following topics introduce APSolute Vision:• What is APSolute Vision?, page 41• APSolute Vision Three-Tier Architecture, page 43• APSolute Vision Features—Overview, page 43• APSolute Vision Interface Navigation, page 53

For information about installing the APSolute Vision server and initial settings on the APSolute Vision platform, see the APSolute Vision Installation and Maintenance Guide.

What is APSolute Vision?APSolute Vision manages, monitors, controls, and enhances Radware application-delivery-control (ADC) and security products, modules, and services—including the following:

• Alteon®—Alteon is an application delivery controller (ADC) and load balancer that guarantees application SLA. For information about the required workflows for configuring application delivery with Alteon, see the Alteon Application Switch Operating System Application Guide.

• AppWall®—AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure delivery of mission-critical Web applications. For more information on AppWall, see the AppWall User Guide.

• DefenseFlow®—DefenseFlow is a network-wide attack detection and cyber command and control application designed to protect networks against known and emerging network attacks that threaten network resources availability. For more information on DefenseFlow, see the DefenseFlow User Guide.

• DefensePro®—DefensePro is a real-time attack-mitigation device that protects organizations against emerging network and application cyber-attacks. For information about the required workflows for configuring network security with DefensePro, see the DefensePro User Guide.APSolute Vision supports the following products, which are related to DefensePro:— Check Point DDoS Protector™—Unless stated otherwise in the APSolute Vision

documentation or the Check Point DDoS Protector Release Notes, the term DefensePro refers also to the Check Point DDoS Protector product. For more information on Check Point DDoS Protector, including limitations and different behavior, see the Check Point DDoS Protector Release Notes, Check Point DDoS Protector User Guide, and the related Check Point documentation.

— Radware DefensePro DDoS Mitigation for Cisco Firepower™—Unless described otherwise in the APSolute Vision documentation, the term DefensePro refers also to the Radware DefensePro DDoS Mitigation for Cisco Firepower service. For more information on Radware DefensePro DDoS Mitigation for Cisco Firepower, including limitations and different behavior, see the relevant release notes and the related Cisco documentation.

• LinkProof® NG—LinkProof NG provides link load-balancing. For information about the basic and advanced link load balancing and configuration of LinkProof NG, see the LinkProof NG User Guide.


Introduction to APSolute Vision


APSolute Vision provides:• A Role-Based Access Control (RBAC) system—APSolute Vision’s RBAC provides granular

control and monitoring of various aspects for different users.• Online configuration per device and multiple-device configuration and tools—These

include the following:— Support for Toolbox scripts, which automate and streamline common configuration and

management actions on Alteon, DefensePro, or LinkProof NG devices— Support for AppShape™ templates, which automate and streamlines device configuration for

common applications— Support for DefensePro Configuration Templates, which automate and streamline

configuration in various applications• Management capabilities—These include the following:

— Scheduling device control and maintenance tasks— Auditing— Viewing alerts and configuration messages (Alerts pane)— Device software management— Management of DefensePro templates for Network Protection policies and Server Protection

policies• Monitoring and control of logical groups of devices—You can use a Logical Group to help

you define the scope of APSolute Vision users, configure and monitor multiple devices in a single view, and more. When you change the set of devices in a Logical Group, the features that use the group reflect the change dynamically.

• Monitoring and control of multiple devices—This includes enabling and disabling entities within a device. APSolute Vision can configure and monitor multiple devices in a single view.

• Application Performance Monitoring (APM)—On HTTP/HTTPS traffic flowing through Alteon or LinkProof NG devices.

• Device Performance Monitoring (DPM)—On Alteon and LinkProof NG devices. When DPM is enabled, the device listens for requests for its performance data and sends the data to APSolute Vision. APSolute Vision processes the data and can display the information in the Device Performance Monitoring Web interface. The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with historical data.

• Security reporting and statistics—At the device level, and on logical entities within a device. For real-time and historical security reporting, APSolute Vision can also provide device and multi-device reports for immediate problem isolation, convenient attack and status visibility, and information drill-down.

• vDirect® support—Radware’s vDirect is a software-based plug-in that integrates Radware’s ADC and security products with networking virtualization and automation solutions.

• REST API support—APSolute Vision exposes a REST API for all functionality supported by the APSolute Vision WBM, including configuration, monitoring, and security reporting.




APSolute Vision Three-Tier ArchitectureAPSolute Vision is a three-tier management system with Web-client, server, and device tiers. APSolute Vision server can run as a standalone physical appliance or as a virtual appliance (VA). The client tier does not connect to devices directly.The client tier does the following:• Runs as a Web application on a PC browser and provides a graphical user interface with separate

perspectives for configuration, monitoring and control, and security monitoring. • Transmits user requests to the server tier and displays the results in the APSolute Vision

interface in an intuitive and easy-to-read format.

The server tier does the following:• Runs on the APSolute Vision platform• Processes user commands• Transmits and stores data from other tiers• Makes logical decisions and performs calculations• Performs user authentication and authorization• Communicates with the managed devices• Collects statistics and generates reports• Collects alerts and messages from managed devices

The network physical or virtual device tier enables management of the collection of network elements connected to APSolute Vision, which includes the following:• Alteon • AppWall • DefensePro• LinkProof NG

APSolute Vision Features—OverviewThis section provides an overview of APSolute Vision’s main features:• APSolute Vision Platform Management, page 44• User Management and Role-based Access Control (RBAC), page 44• APSolute Vision Platform Security, page 44• Auditing and Alerts, page 45• Device-Configuration Features, page 45:

— Online Device Configuration, page 45— Operation Control and Maintenance, page 46— vDirect with APSolute Vision, page 46— Supported Form Factors—for Alteon and LinkProof NG, page 47— Device Drivers, page 47— Scheduled Tasks, page 48

• DefenseFlow Access, page 48• Radware Cloud DDoS Portal Access, page 48• Device- and Service-Monitoring Features, page 49




— Monitoring General Information About Managed Devices and Services, page 49— Application SLA Dashboard—for Radware ADC Devices, page 49— Service Status Dashboard—for Radware ADC Devices, page 49— Device Performance Monitoring—for Radware ADC Devices, page 50— Security Control Center—for Radware Security Devices and Services, page 50

• Application Performance Monitor—for Radware ADC Devices, page 50• Security-Reporting Features, page 51:

— Real-Time Security Reporting, page 51— Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter

(AVR), page 52— APSolute Vision Analytics, page 52

• APSolute Vision Online Help, page 53• Language Support (Localization), page 53

APSolute Vision Platform ManagementAPSolute Vision supports the following management interfaces:• CLI shell commands—For installation, first-time configuration, and special maintenance

activities• APSolute Vision Web Based Management—For APSolute Vision server options, such as,

timeouts, connectivity, event forwarding, and so on, and for server monitoring

User Management and Role-based Access Control (RBAC)APSolute Vision supports multi-user access and role-based access control (RBAC).APSolute Vision RBAC provides the following:• Predefined basic roles and permissions• Customized permissions per role and device• Access-control configuration and management in a local user table or using an external

authentication server (TACACS+ or RADIUS—using custom attributes defined to provide the APSolute Vision RBAC definitions)

Note: For more information, see Managing APSolute Vision Users, page 67.

APSolute Vision Platform SecurityAPSolute Vision supports user security with user-account options for the following parameters:• Password expiration—Specified in days• Inactivity timeout—Automatic logout• Forbidding use of old passwords• Password challenge configuration• Password constraints

• Administrative actions—To create users, reset user passwords (except for the radware user), and locking out users

• Tracking user statistics—For successful logins, failed logins, account locks, and so on




Auditing and AlertsAPSolute Vision logs all alerts and actions for APSolute Vision and for the managed devices. You can view auditing information and other alerts in the APSolute Vision Alerts pane. Alerts are created with the time at which the APSolute Vision server processed them, but the time displayed in the Alerts pane is the time of the APSolute Vision client with the proper time offset.APSolute Vision provides the audit trail for system messages and modifications to the configuration of managed devices.APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications can be sent via SMTP. Notifications can be sent to a syslog server.The Alerts tab in the Alerts pane provides fault management by supporting the following system and audit alarms:• APSolute Vision server alarms• General device alarms (fan, CPU, and so on)• Alteon device configuration and operation messages• DefensePro security alerts• Audit trail messages

Note: For more information, see Managing Auditing and Alerts, page 309 and APSolute Vision Log Messages and Alerts, page 671.

Device-Configuration FeaturesAPSolute Vision supports the following features for configuring Radware devices:• Online Device Configuration, page 45• Operation Control and Maintenance, page 46• vDirect with APSolute Vision, page 46• Supported Form Factors—for Alteon and LinkProof NG, page 47• Device Drivers, page 47• Scheduled Tasks, page 48

Online Device ConfigurationOnline configuration of devices using APSolute Vision supports the following:• Easy access for all device configuration topics• Simultaneous configuration of multiple managed devices• Hierarchical grouping of logical elements• Graphical change notation• Drill-down configuration topics• Inline filtering• Online configuration per device• Toolbox scripts to automate and streamline common configuration and management actions on

Alteon, DefensePro, or LinkProof NG devices.




• AppShape™ templates and AppShape instances for Alteon ADC or LinkProof NG devices. AppShape automates and streamlines ADC configuration for common applications, such as SAP Portal and Microsoft SharePoint Server.

• DefensePro configuration templates to export and import Network Protection policies and Server Protection policies along with associated profiles, configuration objects, and baselines.

Notes

• You can access Toolbox scripts, AppShape templates, and DefensePro configuration templates

from the APSolute Vision toolbar ( ).

• For more information on Toolbox scripts, AppShape templates, and DefensePro configuration templates, Using the Toolbox, page 211.

Operation Control and MaintenanceControl and maintenance operations include the following:• Managing pairs of devices for high availability (HA)• Enabling and disabling all relevant entities on a device• Performing file transfers• Managing configuration backups• Rebooting devices

vDirect with APSolute VisionThe APSolute Vision installation includes vDirect.Users with a proper role can use vDirect with APSolute Vision to do the following:• Add Alteon, DefensePro, and LinkProof NG devices to the APSolute Vision configuration• Delete Alteon, DefensePro, and LinkProof NG devices from the APSolute Vision configuration• Modify Alteon, DefensePro, and LinkProof NG devices that APSolute Vision manages• Use the Toolbox scripts feature

You can open the vDirect interface from the APSolute Vision toolbar ( > ).vDirect, a component within the Radware Virtual Application Delivery Infrastructure (VADI), is a software-based plug-in that integrates Radware’s ADC and security products with networking virtualization and automation solutions. With vDirect, enterprise and cloud IT personnel can provision, decommission, configure, and monitor complex ADC and security services, both physical and virtual, in matter of hours and even minutes, thus maintaining maximum business agility and IT efficiency.vDirect exposes the following APIs:• SSH/HTTPS APIs for CLI or Web integration• SOAP APIs for use with the vDirect Java SDK• REST APIs for easy scripting integration

Key benefits of the vDirect plug-in include:• Full business agility and resource elasticity—Improved business agility by ensuring the

application delivery layer is constantly aligned with the changes in the virtual infrastructure.• Drives IT efficiency through workflow automation—Full integration of Radware’s ADC and

security products into the data center workflow automation, driving greater levels of IT efficiency and extracting more value from Radware solutions.




Note: For more information, see Using vDirect with APSolute Vision, page 657.

Supported Form Factors—for Alteon and LinkProof NGAPSolute Vision supports the following form factors (or modes) for Alteon and LinkProof NG:• Standalone—The traditional hardware Application Delivery Controller (ADC)• Alteon VA—A software-based ADC supporting AlteonOS functionality and running on the

VMware virtual infrastructure• ADC-VX—A specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated

ADC hardware, Radware’s OnDemand Switch platforms• vADC—A virtualized instance of the Alteon operating system (AlteonOS)

Notes

• For more information, see the Alteon Application Switch Operating System Application Guide.

• The Alerts tab in the Alerts pane displays Alteon and LinkProof NG configuration messages. A message is displayed in the Alerts pane after each Alteon or LinkProof NG configuration-management action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump). When you double-click a message, APSolute Vision opens a separate pane that contains the full message text, which you can copy to the clipboard.

• If the new configuration is different from the current one, to indicate that the Apply command is required, the message “Apply is required” is displayed under the Apply button in the device toolbar and a fiery background displays behind the button.

• During the Apply operation, the device icon may momentarily change from “locked” to

“maintenance” , and the value of the Status parameter in the Properties pane may momentarily change from Up to Maintenance.

Device DriversAPSolute Vision device drivers enable you to install or upgrade Radware devices without the need to upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical user interface and configuration for the software version of a managed device. The software version of a managed device defines the baseline driver version. You can install a newer version of the device driver, and you can revert to the baseline version.You can have only one device-driver version in use on any single APSolute Vision server. Typically, subsequent versions of device drivers for a particular software version of a managed device only includes very minor changes and/or bug fixes.

Notes

• There are cases where upgrading the Radware device software requires upgrading the APSolute Vision server software. Check the release notes of the new Radware device version to determine the minimum APSolute Vision version required.

• When you upgrade device software, you need to reboot the device. However, when you install a new version of a device driver or revert to the baseline version, you do not need to reboot the device.




• Device drivers do not include the online help. If the APSolute Vision server is configure so that the clients get help from the server (the default option), the APSolute Vision administrator should make sure that the APSolute Vision server has the latest version of the online-help package.

• The Properties pane that is displayed for a device includes the name of the device driver.

Scheduled TasksYou can configure scheduled tasks for various operations for the APSolute Vision server and managed devices.When you create a task and specify the time to run it, the time is according to your local OS. APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server, and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute Vision time settings, disregarding any changes made to the local OS time settings.

You can open the scheduler from the APSolute Vision toolbar ( ).

Note: For more information, see Scheduling APSolute Vision and Device Tasks, page 287.

DefenseFlow AccessWhen the DefenseFlow IP address is configured, you can open the DefenseFlow interface from the

APSolute Vision toolbar ( ). The DefenseFlow button is active only when the DefenseFlow IP address is configured in the APSolute Vision CLI. The DefenseFlow button is inactive if the DefenseFlow IP address is not configured.

Note: For more information on DefenseFlow, see the DefenseFlow User Guide.

Radware Cloud DDoS Portal AccessYou can connect to the associated Radware Cloud DDoS Protection service interface from the

APSolute Vision toolbar ( > ).

Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS Protection Services User Guide.




Device- and Service-Monitoring FeaturesAPSolute Vision supports the following features for monitoring Radware devices and services:• Monitoring General Information About Managed Devices and Services, page 49• Application SLA Dashboard—for Radware ADC Devices, page 49• Service Status Dashboard—for Radware ADC Devices, page 49• Device Performance Monitoring—for Radware ADC Devices, page 50• Security Control Center—for Radware Security Devices and Services, page 50

Monitoring General Information About Managed Devices and ServicesAPSolute Vision supports the following for monitoring general information about managed devices and services:• Easy access for device monitoring topics• Logical-element grouping• Hierarchical browsing• Properties—status, management IP address, software version, device-driver version, hardware

platform, license information, and the time of the last configuration change• Routing table• IP statistics—received and discarded• Information on ports, VLANs, and trunks, such as:

— General status— Statistics— Device statistics tables for the device level and logical level

Application SLA Dashboard—for Radware ADC DevicesThe Application SLA Dashboard enables you to view all major application SLA issues for Alteon and LinkProof NG.

Note: For more information, see Using the Application SLA Dashboard, page 573.

Service Status Dashboard—for Radware ADC DevicesThe Service Status Dashboard enables you to view configuration and status information about the following ADC objects of up to 10 managed ADC devices: • Virtual services• AppShape++ scripts• Content rules• Server groups• Real servers• WAN links

Note: For more information, see Using the Service Status Dashboard, page 582.




Device Performance Monitoring—for Radware ADC DevicesDevice Performance Monitoring (DPM) enables you to view current and historical device-performance data from Alteon and LinkProof NG devices.

You can open DPM from the APSolute Vision toolbar ( > ).

Note: For more information, see Using the Device Performance Monitor, page 403.

Security Control Center—for Radware Security Devices and ServicesThe Security Control Center, which is component of the APSolute Vision dashboards, enables you to view and monitor the following:• Radware security products and modules:

— DefensePro— DefenseFlow— AppWall (WAF)— APSolute Vision Reporter (AVR)— APSolute Vision Analytics

• Radware subscription, security services:— Emergency Response Team (ERT)— Radware Cloud DDoS Protection— Radware security signature files / Signature Update Service (SUS)— Fraud Security signatures— ERT Active Attackers Feed subscription

You can open the Security Control Center from the APSolute Vision toolbar ( > ).

Note: For more information, see Using the Security Control Center, page 576.

Application Performance Monitor—for Radware ADC DevicesApplication Performance Monitoring (APM) enables you to view real application-performance statistics from Alteon and LinkProof NG devices.

You can open APM from the APSolute Vision toolbar ( > ).

Note: For more information, see the Application Performance Monitor User Guide.




Security-Reporting FeaturesAPSolute Vision supports the following features for security reporting:• Real-Time Security Reporting, page 51• Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter (AVR),

page 52• APSolute Vision Analytics, page 52

Real-Time Security ReportingAPSolute Vision provides the Security Monitoring perspective to view and analyze real-time security information of managed devices, which include the following platform types:• Alteon with embedded AppWall module• AppWall standalone• DefenseFlow mitigation devices• DefensePro

Real-time security reporting for Alteon with embedded AppWall module or AppWall standalone includes the following:• Security-event monitoring• Attack-distribution monitoring• SSL Inspection monitoring

Note: SSL Inspection monitoring utilizes the infrastructure of APSolute Vision Analytics.Real-time security reporting for DefenseFlow and DefensePro device includes the following:• Dashboard views• Real-time traffic reports• Protection monitoring• HTTP reports

Note: For more information, see Using Real-Time Security Monitoring, page 507.Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event records from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The event exporter lets you integrate with a Security Information Event Management (SIEM) system, which you may be using as your main analytics-and-reporting system. For more information, see System Exporter Commands (Event Exporter), page 632.




Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter (AVR)APSolute Vision Reporter (AVR) is a historical security-reporting engine, which provides the following:• Customizable dashboards, reports, and notifications• Advanced incident handling for security operating centers (SOCs) and network operating centers

(NOCs)• Standard security reports• In-depth forensics capabilities• Ticket workflow management

You can open AVR from the APSolute Vision toolbar ( > ).

Notes

• For information on the products and versions that APSolute Vision Reporter supports, see the APSolute Vision Release Notes.

• For information about APSolute Vision Reporter and how to use it, see its online help and the APSolute Vision Reporter User Guide.

APSolute Vision AnalyticsAPSolute Vision Analytics is a real-time and historical security-reporting engine for DefensePro version-8.x devices.APSolute Vision Analytics provides the following:• Dashboards for DefensePro security monitoring and analytics. The dashboards organize and

present complex information in a way that is easy to comprehend. The dashboards display monitoring and reporting metrics so that you can track the state of security throughout the network. The dashboards summarize the existing network infrastructure in widgets (panels) with graphs or tables. You can perform a deep analysis by drilling down and altering rules as conditions change.

• Customizable reports• In-depth forensics capabilities

You can open APSolute Vision Analytics from the APSolute Vision toolbar ( ).

Note: For information about APSolute Vision Analytics and how to use it, see the APSolute Vision Analytics User Guide.




APSolute Vision Online Help

APSolute Vision supports context-sensitive online help, which opens when you click the (Help) button.By default, APSolute Vision clients get online help from the APSolute Vision server. The default installation of the APSolute Vision server includes online-help files.Depending on the configuration of the APSolute Vision server (see Configuring APSolute Vision Server Advanced Parameters, page 151), APSolute Vision clients get online help from one of the following locations:• A hard-coded location on the APSolute Vision server—Installation of the APSolute Vision

server includes online-help files. However, the online-help files on the server should be updated with a new online-help package if managed devices are upgraded later (with a new device, new device version, new device driver, or new AppShape template type). It is the responsibility of the APSolute Vision administrator to make sure that the help files on the server are updated as necessary. For more information, see Appendix A - Managing the Online-Help Package on the Server, page 669.

• radware.com—The online help files at radware.com are always the most up-to-date.

Language Support (Localization)APSolute Vision supports a graphical user interfaces and online help in the following languages:• Chinese• English• Japanese• Korean

Additionally, APSolute Vision supports the following:• A Chinese graphical user interface and online help for Alteon version 30.2 and later• A Japanese graphical user interface and online help for Alteon version 30.5 and later• A Korean graphical user interface and online help for Alteon version 30.5 and later

Administrators can change the default language for new users and per new user. Individual users can change their language when logging in or through the APSolute Vision toolbar (see APSolute Vision Toolbar, page 54).

APSolute Vision Interface NavigationThis section contains the following topics:• APSolute Vision Toolbar, page 54• APSolute Vision Settings View, page 55• Device Pane, page 57• Configuration Perspective, page 60• Monitoring Perspective, page 63• Security Monitoring Perspective, page 64

The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to enable easy access to options. You start at a high functional level and drill down to a specific module, function, or object.




Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based Access Control (RBAC). For more information, see Role-Based Access Control (RBAC), page 68 and Configuring Local Users for APSolute Vision, page 82.

APSolute Vision ToolbarThe following figure shows the APSolute Vision toolbar.

Figure 19: APSolute Vision Toolbar

The the APSolute Vision toolbar contains the following items:• DefenseFlow button—Opens the DefenseFlow interface (when the DefenseFlow IP address is

configured in the APSolute Vision CLI).• Scheduler button—Opens the Scheduler to schedule various operations for the APSolute

Vision server and managed devices. For more information, see Scheduling APSolute Vision and Device Tasks, page 287.

• Toolbox button—Opens the Toolbox pane, which includes the Toolbox tab and the Advanced tab. By default, the Toolbox tab displays predefined Toolbox scripts. From the Advanced tab, you can manage Toolbox scripts, use AppShape templates, and manage DefensePro configuration templates. For more information, see Using the Toolbox, page 211.

• APSolute Vision Settings button—Opens the APSolute Vision Settings view. For more information, see APSolute Vision Settings View, page 55.

• Alerts icon/button—Orange indicates that you have new alerts. Click the button to open the Alerts Table pane. The Alerts Table displays APSolute Vision alerts, device alerts, DefensePro security alerts, and device-configuration messages.

• Apps Launcher—Opens a pop-up box, with buttons to open or connect to the following apps and services: — AVR—APSolute Vision Reporter, which is historical security reporting for DefensePro and

AppWall.— APM—Application Performance Monitoring for Alteon and LinkProof NG.— DPM—Device Performance Monitoring for Alteon and LinkProof NG.— Cloud DDoS Portal button—Connects you to the to the associated Radware Cloud DDoS

Protection service interface. For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS Protection Services User Guide.

User ribbon.

Alerts icon/button. Orange indicates that you have new alerts. Click the button to open the Alerts Table pane. The Alerts Table displays APSolute Vision alerts, device alerts, DefensePro security alerts, and device-configuration messages.

Apps Launcher button, to open the following:• AVR• APM• DPM• Cloud DDoS Portal• vDirect• Security Control Center

Refresh button and last refresh time.




— vDirect—Opens the vDirect interface in the APSolute Vision server.— Security Control Center—Opens the Security Control Center.

• Refresh button and last refresh time.

• User ribbon—Clicking the arrow ( )in the User ribbon opens the User drop-down dialog box.Use the User dialog box to do the following:— View the user name, RBAC role, and previous login time.— Change the UI language by selecting another value from the Language drop-down list.— Log out of the session and log in as another user.

Figure 20: User Dialog Box

APSolute Vision Settings View

Click in the APSolute Vision toolbar APSolute Vision Settings view.The APSolute Vision Settings view includes the following perspectives:• System—For more information, see Settings View—System Perspective, page 56. Access to the

APSolute Vision Settings view System perspective is restricted to administrators.• Dashboards—For more information, see Settings View—Dashboards Perspective, page 57.• Preferences—For more information, see Settings View—Preferences Perspective, page 57.

Click the relevant button (System, Dashboards, or Preferences) to display the perspective that you require.At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision device-properties pane. For more information, see Device-Properties Pane, page 59.When you hover over a device node in the device pane, a popup displays. For more information, see Device-Properties Hover Popup, page 59.

Clicking the arrow opens the User drop-down dialog box.




Figure 21: Settings View (Showing the System Perspective)

Settings View—System PerspectiveAdministrators can use the APSolute Vision Settings view System perspective to do the following:• Monitor or manage the general settings of the APSolute Vision server—Monitoring and

managing the general settings of the APSolute Vision server include the following:— General properties, details, and statistics of the APSolute Vision server— Statistics of the APSolute Vision server— Connectivity— Alert browser and security alerts— Monitoring parameters— Server alarm thresholds— Authentication protocols— Device drivers— APSolute Vision Reporter for DefensePro— Licenses — Application Performance Monitoring (APM)— Radware Cloud DDoS Protection URL— Advanced general parameters

The System perspective in the APSolute Vision Settings view is being displayed.

Content area.

Settings button—Switches to and from the APSolute Vision Settings view.

Dashboards button—Displays the Dashboards perspective in the APSolute Vision Settings view.

Displays the device pane.

APSolute Vision device-properties pane.

Preferences button—Displays the Preferences perspective in the APSolute Vision Settings view.




— Display formats— Maintenance files— Operator Toolbox settings

• Manage and monitor users—Users can, in turn, manage multiple devices concurrently. Using APSolute Vision RBAC, administrators can allow the users various access control levels on devices. RBAC provides a set of predefined roles, which you can assign per user and per working scope (device or group of devices). RBAC definition is supported both internally (in APSolute Vision) and through remote authentication (with RADIUS or TACACS+).

• Manage device resources —For device backup files and device subscriptions.

Note: For more information on operations that are exposed in the APSolute Vision Settings view System perspective, see Managing and Monitoring the APSolute Vision System, page 103.

Settings View—Dashboards PerspectiveUsers with a proper role can use the APSolute Vision Settings view Dashboards perspective to access the following:• Application SLA Dashboard—For more information, see Using the Application SLA Dashboard,

page 573.• Security Control Center—For more information, see Using the Security Control Center,

page 576.• Service Status Dashboard—For more information, see Using the Service Status Dashboard,

page 582.

Settings View—Preferences PerspectiveUse the Preferences perspective to change your password or select the landing page (that is, the page that APSolute Vision displays when you open APSolute Vision WBM).

Device PaneUsers with a proper role can use the device pane to add or delete the Radware devices that the APSolute Vision server manages.If the device pane is not being displayed, to display it, click the little downward-pointing arrow

( ) close to the upper-left corner of the APSolute Vision main screen (see Figure 21 - Settings View (Showing the System Perspective), page 56).To organize and manage devices, the device pane includes the following three different trees: • Sites and Devices—The Sites and Devices tree can contain devices (except for ADC- VX),

user-defined Sites, and DefensePro high-availability clusters.• Physical Containers—The Physical Containers tree can contain ADC-VX instances and Sites

with ADC-VX instances.• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical

Group is a group of devices of the same type, which you manage as a single entity.




Figure 22: Device Pane (Not Docked)—Showing the Sites and Devices Tree

Notes

• For information on how to add or delete the Radware devices that the APSolute Vision server manages, see Managing Devices, Sites, and Logical Groups, page 161.

• For more information on the device pane, see Using the Device Pane, page 161.

• When you double-click a device in the Sites and Devices tree or in the Physical Containers tree, APSolute Vision displays the device-properties pane and the last perspective that you viewed on the device along with the corresponding content area.

• In the context of role-based access control (RBAC) RBAC, Sites and Logical Groups enable administrators to define the scope of each user. For more information on RBAC, see Role-Based Access Control (RBAC), page 68.

• For more information on Logical Groups, see Using Logical Groups of Devices, page 190.

Docks the device pane.

Minimizes the docked device pane.

Displays the UI for the selected device or devices.

Controls for filtering the devices that the pane displays.

APSolute Vision appends the number of devices matching the filter at that level according to your RBAC permissions.

The button that selects the device-pane tree (Sites and Devices, Physical Containers, or Logical Groups) and the name of the tree that is displayed now.




Device-Properties Hover PopupWhen you hover over a device node in the device pane, a popup displays the following parameters:• Device Name—The user-defined device name.• Status—The device general status: Up, Down, or Maintenance—and for vADCs in the

Physical Containers tab: Managed or Not Managed.• Locked By—If the device is locked, the user who locked it.• Management IP Address—The host or IP address of the device.• Device Type—That is, Alteon, AppWall, DefensePro, or LinkProof NG.• Version—The device version.• MAC—The MAC address.• License (displayed only for Alteon, and LinkProof NG devices)—The license for the device.• APM License (displayed only for Alteon devices)—The license for the device.• Form Factor (displayed only for Alteon, DefensePro version 8.x devices, Radware DefensePro

DDoS Mitigation for Cisco Firepower, and LinkProof NG devices)—The form factor, for example, Standalone.

• Platform—The platform type.• HA Status (displayed only for Alteon, DefensePro, and LinkProof NG devices)—The high-

availability status of the device. For Alteon and LinkProof NG: Active, Standby, or DISABLED. For DefensePro: N/A, Standalone, Primary, or Secondary.

• Init (displayed only for AppWall devices)—The init status, for example Ended with Successfully or Ended with Errors.

• Device Driver—The device driver name.• RTU License—The status of the Right to Use license: Valid or Invalid—and for vADCs in the

Physical Containers tab: N/A.

Note: If the status of the Right to Use license is Invalid, the device icon in the device pane

has a red slash through it— for Alteon and LinkProof NG, for ADC-VX, for AppWall, and

for DefensePro.

Logical-Group–Properties Hover PopupWhen you hover over a Logical Group in the device pane Logical Groups tree, a popup opens. For more information, see Logical Group User Interface, page 191.

Device-Properties PaneWhen you select a single device in the device pane, all APSolute Vision perspectives display the device-properties pane (see Figure 21 - Settings View (Showing the System Perspective), page 56, Figure 23 - Configuration Perspective—Alteon and LinkProof NG, page 61, Figure 27 - Monitoring Perspective—Alteon and LinkProof NG, page 63, Figure 28 - Monitoring Perspective—DefensePro, page 64, Figure 29 - DefensePro Security Monitoring Perspective—Showing the Security Dashboard, page 65). When you select multiple devices in the device pane, APSolute Vision displays the multi-device view. For more information, see Using the Multi-Device View and the Multiple Devices Summary, page 187.




When you select a single device in the device pane, the device-properties pane displays the following parameters:• The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device

name.• An icon showing whether the device is locked.

• A picture of the device front panel. When the device is locked, you can click the button to reset or shut down the device.

• Status—The device general status: Up, Down, or Maintenance.• Locked By—If the device is locked, the user who locked it.• Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, Radware DefensePro

DDoS Mitigation for Cisco Firepower, and LinkProof NG devices)—This field displays the platform and form factor.

• Platform (displayed only for DefensePro devices)—The platform type, for example x420.• Mngt IP—The host or IP address of the devices.• Version—The device version.• MAC—The MAC address.• License (displayed only for Alteon, AppWall, and LinkProof NG devices)—The license for the

device.• APM License (displayed only for Alteon)—The pages-per-minute limit of the APM license.• HA Status (displayed only for Alteon, Radware DefensePro DDoS Mitigation for Cisco Firepower,

and LinkProof NG devices)—The high-availability status of the device. For Alteon and LinkProof NG: Active, Standby, or DISABLED. For DefensePro: Standalone, Primary, or Secondary.

• Init (displayed only for AppWall devices)—The init status, for example Ended with Successfully or Ended with Errors.

• Device Driver—The device driver name.• User Role—The RBAC role that the user has for the selected device. The User Role parameter

clarifies situations where the configuration of a user includes multiple devices (scopes) and differing roles. For more information on RBAC users and role-scope pairs, see Managing APSolute Vision Users, page 67.

Configuration PerspectiveUse the Configuration perspective to configure Radware devices. Choose the device to configure in the device pane. You can view and modify device configurations in the content area.When APSolute Vision manages Alteon or LinkProof NG:• You choose the standalone, VA, or vADC device to configure in the device pane Sites and

Devices tree. • You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.




Figure 23: Configuration Perspective—Alteon and LinkProof NG

The following points apply to all configuration tasks in the Configuration perspective:• To configure a device, you must lock it. For more information, see Locking and Unlocking

Devices, page 179.• When you change a field value (and there is configuration that is pending Submit action), the

tab title changes to in italics with an asterisk (*).• By default, tables display up to 20 rows per table page.• You can perform one or more of the following operations on table entries:

— Add a new entry to the table, and define its parameters.— Edit one or more parameters of an existing table entry.— Delete a table entry.— Device configuration information is saved only on the managed device, not in the APSolute

Vision database.

Monitoring button—Opens the Monitoring perspective.

Content pane.

Device-properties pane.

Device pane (docked) with the Sites and Devices tree displayed—Displays, according to your filter, the configured Sites and standalone, vADC, and VA devices. The Physical Containers tree (not shown) displays, according to your filter, the configured Sites and ADC-VXs with the hosted vADCs.

Configuration-management buttons.

The Configuration perspective is being displayed.

Security Monitoring button—Opens the Security Monitoring perspective.




To commit information to the device, you must click Submit when you modify settings in a configuration dialog box or configuration page.Some configuration changes require an immediate device reboot. When you submit the configuration change the device will reboot immediately.Some configuration changes require a device reboot to take effect, but you can save the change without an immediate reboot. When you submit a change without a reboot, the Properties pane displays a “Reboot Required” notification until you reboot the device.

For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (global-command) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new configuration requires an Apply or Save operation to take effect, the button is displayed with an orange icon.

Figure 24: Apply (Required) and Save (Required) Buttons

For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If the configuration requires an Apply operation to take effect, the button is displayed with an orange icon.For DefensePro, click Update Policies to implement policy-configuration changes if necessary. Policy-configuration changes for a device are saved on the device, but the device does not apply the changes until you perform a device-configuration update. For DefensePro 7.x versions 7.32 and later, if the new configuration requires an Update Policies operation to take effect, the button is displayed with an orange icon.

Figure 25: Update Policies Button

Figure 26: Update Policies Required Button

Example Device selection in the Configuration perspectiveThe following example shows the selections you would make to view or change configuration parameters for a Radware device:

1. Select the required device in the device pane by drilling down through the Sites and child Sites.

2. Lock the device by clicking the icon in the device-properties pane. The icon changes to

(a picture of a locked padlock).

3. Click Configuration ( ) to open the Configuration perspective.

4. Navigate to the configuration objects in the content pane.




Monitoring PerspectiveIn the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.

Figure 27: Monitoring Perspective—Alteon and LinkProof NG

The Monitoring perspective is being displayed.


Configuration-management buttons.

Device pane (docked) with the Sites and Devices tree displayed—Displays, according to your filter, the configured Sites and standalone, vADC, and VA devices. The Physical Containers tree (not shown) displays, according to your filter, the configured Sites and ADC-VXs with the hosted vADCs.

Content pane.




Figure 28: Monitoring Perspective—DefensePro

Security Monitoring PerspectiveAPSolute Vision displays the Security Monitoring perspective to view and analyze real-time security information of managed devices, which include the following platform types:• AppWall standalone• Alteon with embedded AppWall module• DefenseFlow mitigation devices• DefensePro

The Security Monitoring perspective is available for single devices and also for multiple devices. Security monitoring for multiple devices supports two report categories: the Dashboard View and Traffic Monitoring. Security monitoring for single devices supports two additional report categories: Protection Monitoring and HTTP Reports.You can filter the Sites and devices that APSolute Vision displays. The filter does not change the contents of the tree, only how APSolute Vision displays the tree to you.

The Monitoring perspective is being displayed.

Content pane.

Device pane (docked) with the Sites and Devices tree displayed—Displays, according to your filter, the configured Sites and DefensePro devices. The Physical Containers tree (not shown) is not relevant for DefensePro.


DefensePro configuration-management buttons.




For DefenseFlow and DefensePro, the Security Monitoring perspective includes the following tabs:• Dashboard View—Comprises the following:

— Security Dashboard—A graphical summary view of all current active attacks in the network with color-coded attack-category identification, graphical threat-level indication, and instant drill-down to attack details.

— Current Attacks—A view of the current attacks in a tabular format with graphical notations of attack categories, threat-level indication, drill-down to attack details, and easy access to the protecting policies for immediate fine-tuning.

• Traffic Monitoring—A real-time graph and table displaying network information, with the attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.

• Protection Monitoring—Real-time graphs and tables with statistics on policies, protections according to specified traffic direction and protocol, along with learned traffic baselines.

• HTTP Reports—Real-time graphs and tables with statistics on policies, protections according to specified traffic direction and protocol, along with learned traffic baselines.

Figure 29: DefensePro Security Monitoring Perspective—Showing the Security Dashboard

Note: For more information on the Security Monitoring perspective, see Using Real-Time Security Monitoring, page 507.



CHAPTER 2 – MANAGING APSOLUTE VISION USERS

APSolute Vision supports concurrent access to up to 50 users.Each user has individual credentials and privileges. APSolute Vision supports role-based access control (RBAC) to manage user privileges. RBAC users can be defined and managed in the local APSolute Vision user database (the Local Users table) or through an external authentication server. All user credentials for local users are encrypted and stored in the APSolute Vision database.All all actions by all users (local or non-local) are stored in the audit log.Users with the appropriate privileges can lock a device on an APSolute Vision server and modify its configuration. Locking the device prevents other users from performing configuration tasks on that device at the same time.The following topics describe role-based access control, and how to configure and monitor local APSolute Vision users:• Logging In as the Default Administrator User—radware User, page 67• Viewing Details About the Current User, page 68• Role-Based Access Control (RBAC), page 68• Configuring Local Users for APSolute Vision, page 82• Managing LDAP Object Class Permissions, page 89• Viewing User Statistics, page 90• Configuring General User-Management Settings, page 79• APSolute Vision Password Requirements, page 91

Logging In as the Default Administrator User—radware UserA new APSolute Vision server (one that no one has yet logged into) contains a single predefined Administrator user, which is called radware, defined with the Administrator role.

Caution: Radware recommends that the radware user be used by customers for disaster recovery and kept secret from all other administrators.

The radware user can create and manage additional local users and their individual and global user settings.The radware user cannot be deleted.The radware user is authenticated only in the Local Users table, regardless of whether the system is configured to use a different authentication method. That is, the radware user cannot be overridden by the configuration of an authentication server (see Configuring Connections to Authentication Servers, page 128).

Caution: You are not required to change the password for the radware user during the initial configuration, but Radware recommends you do so.


Managing APSolute Vision Users


The radware user can change the password of the radware user in the CLI or in the login dialog box. For more information, see the APSolute Vision User Guide.

To log in to APSolute Vision for the first time as the radware user

1. In your Web browser, enter the hostname or IP address of the APSolute Vision server.2. In the login dialog box, specify the following:

— Username—The name of the user, radware.— Password—The password for the radware user.

3. Click Log In.

Viewing Details About the Current UserYou can view the following details about the current user: • The user name• The user’s RBAC role or roles• The previous login time• The UI language (which you can change by selecting another value from the drop-down list)

Figure 30: Viewing Details About the Current User

To view details about the current user

> In the APSolute Vision toolbar, in the User ribbon at the at the far right, click the arrow.

Role-Based Access Control (RBAC)This section contains the following main topics: • APSolute Vision RBAC—General Information, page 69• Roles and Scopes, page 69• GUI Display Is According to Role, page 70• IDM Strings for Predefined Roles, page 71




• Predefined Roles Described, page 72• Roles per Radware Product, page 74• Feature-Accessibility per Role, page 75• Rules for RBAC Permission Conflicts with Logical Groups, page 77

APSolute Vision RBAC—General InformationYou can determine the functionality and managed devices available to each user in APSolute Vision by using RBAC to associate users with roles and scopes of devices.All users can also be defined and managed through an authentication server—except for the users radware, defenseflow, msspportal, and reporter.

Notes

• The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter users.

• You cannot delete the radware, defenseflow, msspportal, and reporter users. They are defined, managed, and authenticated only in the Local Users table, regardless of whether the system is configured to manage other users through an authentication server.

• The reporter user is used by APSolute Vision Analytics.

• If you require a DefenseFlow or MSSP Portal platform to be authenticated remotely—for connections from a DefenseFlow or MSSP Portal platform to APSolute Vision, you can create a SYSTEM_USER on the remote authentication server, and configure DefenseFlow or MSSP Portal to use that user rather than the built-in defenseflow or msspportal user.

• For information about how to configure DefenseFlow, see the DefenseFlow User Guide.

• For information about how to configure MSSP Portal, see the MSSP Portal Deployment and Operator Guide.

Caution: You are not required to change the password for the radware user during the initial configuration, but Radware recommends you do so.

A user with the Administrator or User Administrator role can create, edit, and manage local APSolute Vision users.

Roles and ScopesUser management includes assigning roles and scopes. A scope defines the devices that the user can access. A role defines the set of permissions for the corresponding scope. A user definition can contain multiple role-scope pairs.APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role defines a set of privileges. The relevance and descriptions for the predefined roles may depend on the device type.The scopes of devices are organized according to the Sites and Devices tree and Physical Containers tree in the device pane. A scope can contain one of the following:• An individual device.• [All]—The All scope contains all devices and the APSolute Vision server.




• A Site—With all of its devices.

Note: For more information, see Configuring Sites, page 162.• A Logical Group—The user’s scope dynamically updates, according to the devices in the

Logical Group. That is, when the device-set of a Logical Group changes, the user’s scope changes accordingly.

Notes

— For more information on Logical Groups, see Using Logical Groups of Devices, page 190. — For information on permission conflicts, see Rules for RBAC Permission Conflicts with Logical

Groups, page 77.

Caution: If the name of an APSolute Vision Site or Logical Group changes and an authentication server authenticates users, you must reconfigure the user scopes on the authentication server.

If the name of an APSolute Vision Site or Logical Group changes and APSolute Vision authenticates the users locally, APSolute Vision updates the relevant scopes for the users.Every role must be assigned a scope—except for the following roles, which APSolute Vision always configures with the All scope: • Administrator• System User• User Administrator• Vision Administrator

Caution: When defined through an authentication server, users with the Administrator, User Administrator, System User, or Vision Administrator role must be configured with the scope [ALL] (including the square brackets).

GUI Display Is According to RoleAPSolute Vision displays the graphical user interface according to the user’s role, for example:• When a user has full read and write permissions, all Add, Edit, and Delete buttons are

displayed.• When a user has update permissions only, Add buttons are not displayed.• When a user does not have any configuration permissions, Add, Delete, and Submit buttons

are not displayed.• A user with the User Administrator role can manage all user settings: the Local Users table, the

Authentication Method, and so on. A user with the User Administrator role cannot view other elements in the APSolute Vision Settings view System perspective.

• The tree in device pane displays only those devices that belong to scope associated with the user.

• The Security Monitoring perspective displays information only for the devices that belong to the user’s device scope. For DefensePro devices, you can limit the Network Protection policies accessible to users in the perspective. This applies also to the information that APSolute Vision Reporter displays.




Users with a proper role can access the APSolute Vision GUI and can see the Alerts Table pane, but APSolute Vision limits the alert-display according to device permissions.

IDM Strings for Predefined RolesEach role has an associated identity-management (IDM) string. You use the IDM strings in an authentication-server configuration, for example. If the user is authenticated, the APSolute Vision server grants access according to the user’s IDM string and scope. The authentication server Access-Accept response must include an IDM-string–scope combination.

Note: APSolute Vision RBAC functionality is separate from the functionality of user accounts on the devices themselves. The following table lists the predefined roles and the corresponding IDM strings. The relevance and descriptions for the predefined roles may depend on the device type.

Table 1: Predefined Roles and IDM Strings

Role IDM StringADC + Certificate Administrator

ADC_AND_CERTIF_ADMIN

ADC Administrator ADC_ADMIN

ADC Operator ADC_OPERATOR

Administrator SYS_ADMIN

Certificate Administrator CERTIF_ADMIN

Device Administrator DEV_ADMIN

Device Configurator CONFIG

Device Operator DEVICE_OPERATOR

Device Viewer VIEWER

Real Server Operator REAL_SERVER_OPERATOR

Security Administrator SEC_ADMIN

Security Monitor SEC_MON

System User SYSTEM_USER

User Administrator USR_ADMIN

Vision Administrator VISION_ADMIN

Vision Reporter REPORTER




Predefined Roles DescribedThe following table describes the predefined roles in APSolute Vision. The relevance and descriptions for the predefined roles may depend on the device type.

Table 2: Predefined Roles

Role DescriptionADC + Certificate Administrator

The union of ADC Administrator and Certificate Administrator roles.Has full control over ADC configuration and AppShapes, can configure and manage servers, services, traffic redirection, and health checks.Can perform all functions of the devices for which the user has credentials.Has control over the Certificate Repository and the Client Authentication Policy in the Configuration perspective.Can perform all functions related to Alteon and LinkProof NG.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.Can access Security Monitoring perspective.

ADC Administrator Has full control over ADC configuration and AppShapes, can configure and manage servers, services, traffic redirection, and health checks.Can perform all functions of the devices for which the user has credentials.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.Can access Security Monitoring perspective.

ADC Operator Has read-only permission on the configuration of ADC devices and general device control.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.

Administrator Can access the CLI and can perform all actions and access all functionality.

Certificate Administrator

Has control over the Certificate Repository and the Client Authentication Policy in the Configuration perspective.Can view the Alerts Table.Can access the Monitoring perspective.Can perform all functions related to Alteon and LinkProof NG, but some functions are read-only.Can view the Application SLA Dashboard.

Device Administrator

Has full control over devices for which the user has credentials.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.Can export a policy file from the Network Protection Policies table and Server Protection Policies table. Can access the Templates tab.




Device Configurator

Can access all Configuration-perspective panes and Monitoring-perspective panes, and has full control over the Setup, Networking, Device Security and Advanced parameter tabs of the Configuration perspective of the devices for which the user has credentials.Can perform all Configuration and Monitoring pane perspective functions of the devices for which the user has credentials, excluding AppShapes. Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.

Device Operator Has full control over all Monitoring perspective panes and can access the Configuration perspective. Can perform all functions related to Alteon and LinkProof NG, including AppShapes, but some functions are read-only.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.Can view the Alerts Table.

Device Viewer Can access all devices for which the user has credentials.Can launch the Device Performance Monitor Web interface and view the Application SLA Dashboard.

Real Server Operator

Can lock and unlock an Alteon device for which the user has credentials. Can access the Monitoring perspective with the following permissions with read-write access to the following nodes (all other nodes are hidden):• Application Delivery > Virtual Service > Real Servers• Application Delivery > Virtual Service > Server GroupsCan view the Alerts Table.Can view the Application SLA Dashboard.

Security Administrator

Can configure and manage network and server security, ACL policies, and so on.Can export a policy file from the Network Protection Policies table and Server Protection Policies table. Furthermore, can open the Advanced Toolbox tab, and can see and use the DefensePro Configuration Templates node.Can view the Alerts Table.

Security Monitor Has full control over Security Monitoring and APSolute Vision Reporter.

System User Can access APSolute Vision through the REST interface (only) and can perform all actions and access all functionality.

User Administrator Can access the APSolute Vision Settings view System perspective, and in it, can create and manage users. Cannot view other elements in the APSolute Vision Settings view System perspective.

Vision Administrator

Can access the CLI except for system snmp community and system snmp trap target—and can perform all actions and access all functionality, except for user management and authentication protocols (RADIUS Settings and TACACS+ Settings).Can use DefenseFlow.Can view the Alerts Table.

Vision Reporter Has full control over APSolute Vision reporting capabilities (APM, AVR, and DPM).

Table 2: Predefined Roles (cont.)

Role Description




Roles per Radware Product The following table lists the predefined roles and corresponding functionalities.

Table 3: Role per Radware Product

Role Can Add New Device

Manages Application Delivery Devices (Alteon and LinkProof NG)

Manages Security Devices (AppWall and DefensePro)

Can Use DefenseFlow

ADC + Certificate Administrator

No Yes No No

ADC Administrator No Yes No No

ADC Operator No Yes No No

Administrator Yes Yes Yes Yes

Certificate Administrator No Yes No No

Device Administrator Yes Yes Yes No

Device Configurator No Yes Yes No

Device Operator No Yes No No

Device Viewer No Yes Yes No

Real Server Operator No Yes No No

Security Administrator No No Yes No

Security Monitor No Yes Yes No

System User Yes1

1 – Yes, but only using the REST interface. This role does not allow access to the APSolute Vision GUI (that is, Web Based Management).

Yes1 Yes1 Yes1

User Administrator No N/A N/A N/A

Vision Administrator Yes Yes Yes Yes

Vision Reporter No Yes Yes No




Feature-Accessibility per RoleThe following table lists the predefined roles and which features are accessible.

Table 4: Feature-Accessibility per Role

Rol

e

Ale

rts

Tabl

e Pa

ne

Con

figur

atio

nPe

rspe

ctiv

e

Mon

itorin

g Pe

rspe

ctiv

e

Secu

rity

Mon

itorin

gPe

rspe

ctiv

e Se

tting

s Vi

ew

Sche

dule

r

Def

ense

Pro

Con

figur

atio

nTe

mpl

ates

App

Shap

es

vDire

ct

APS

olut

e Vi

sion

Ana

lytic

s

AVR

APM

DPM

and

App

licat

ion

SLA

Das

hboa

rd

Secu

rity

Con

trol

C

ente

r

ADC + Certificate Administrator

Yes Yes Yes Yes Yes, but only User Preferences and Device Backups

No No Yes Yes No No Yes Yes No

ADC Administrator

Yes Yes, except for Certificate Repository, which is read-only

Yes Yes Yes, but only User Preferences and Device Backups

No No Yes Yes Yes No Yes Yes No

ADC Operator Yes Yes, but read-only Yes No Yes, but only User Preferences and Device Backups

No No No No Yes No Yes Yes No

Administrator Yes Yes Yes Yes Yes, all Yes Yes Yes Yes Yes Yes Yes Yes Yes

Certificate Administrator

Yes Yes, but read-only, except for read-write access to Certificate Repository and the Client Authentication Policy

Yes, but read-only

No Yes, but only User Preferences and Device Backups

No No No No No No No No No

Device Administrator


Yes Yes Yes Yes Yes Yes Yes Yes No




Device Configurator

Yes Yes, but some items are read-only

Yes, but some items are read-only (for example, real- server status)

No Yes, but only User Preferences and Device Backups

Yes No No No No No Yes Yes No

Device Operator

Yes Yes, but read-only Yes No Yes, but only User Preferences and Device Backups

Yes No No No Yes No Yes Yes No

Device Viewer No Yes, but read-only Yes, but read-only

Yes Yes, but only User Preferences and Device Backups

No No No No No Yes No Yes No

Real Server Operator

Yes No Yes, but limited to Real Servers and Server Groups nodes

No Yes, but only User Preferences


Security Administrator


Yes Yes No No Yes Yes No No No

Security Monitor

No No No Yes Yes, but only User Preferences

No No No No Yes Yes No No No

System User Yes, but REST interface only1

User Administrator

No No No No Yes, but only User Preferences and User Management settings


Table 4: Feature-Accessibility per Role (cont.)R

ole

Ale

rts

Tabl

e Pa

ne

Con

figur

atio

nPe

rspe

ctiv

e

Mon

itorin

g Pe

rspe

ctiv

e

Secu

rity

Mon

itorin

gPe

rspe

ctiv

e Se

tting

s Vi

ew

Sche

dule

r

Def

ense

Pro

Con

figur

atio

nTe

mpl

ates

App

Shap

es

vDire

ct

APS

olut

e Vi

sion

Ana

lytic

s

AVR

APM

DPM

and

App

licat

ion

SLA

Das

hboa

rd

Secu

rity

Con

trol

C

ente

r




Rules for RBAC Permission Conflicts with Logical GroupsAPSolute Vision users can include multiple role-scope pairs, and a device can be a member of multiple Logical Groups. These factors make permission conflicts possible.

Vision Administrator

Yes Yes Yes Yes All, but excluding User Management settings and authentication protocols2

Yes Yes Yes Yes Yes Yes Yes Yes

Vision Reporter

No No No No Yes, but only User Preferences

No No No No Yes Yes Yes Yes No

1 – Users with the System User role can perform all actions and access all functionality but can access APSolute Vision only using the REST interface. The System User role does not allow access to the APSolute Vision GUI (Web Based Management).

2 – That is, RADIUS Settings, TACACS+ Settings, and LDAP Settings.

Table 4: Feature-Accessibility per Role (cont.)R

ole

Ale

rts

Tabl

e Pa

ne

Con

figur

atio

nPe

rspe

ctiv

e

Mon

itorin

g Pe

rspe

ctiv

e

Secu

rity

Mon

itorin

gPe

rspe

ctiv

e Se

tting

s Vi

ew

Sche

dule

r

Def

ense

Pro

Con

figur

atio

nTe

mpl

ates

App

Shap

es

vDire

ct

APS

olut

e Vi

sion

Ana

lytic

s

AVR

APM

DPM

and

App

licat

ion

SLA

Das

hboa

rd

Secu

rity

Con

trol

C

ente

r




APSolute Vision handles conflicting permissions as follows:• The role with an individual device overrides the user’s role with a Logical Group—That

is, if the configuration of user includes one role with a Logical-Group scope, and another role with a individual-device scope, and that individual device is a member of the same Logical Group, the role with the individual-device scope takes precedence.

• The role with a Site overrides the user’s role with a Logical Group—That is, if the configuration of user includes one role with a Logical-Group scope, and another role with a Site scope, and that Site contains a device that is a member of the same Logical Group, the role with the Site scope takes precedence.

• The role with the highest level takes precedence when a device is a member of multiple Logical Groups used in a user configuration—That is, if the configuration of a user includes one role with one Logical-Group scope, and another role with another Logical-Group scope, and the Logical Groups include a common member, the role with highest level of access takes precedence. For the list of access levels, see Table 5 - Access Levels for Determining a User’s RBAC Role for a Device, when the Device Is a Common Member of Multiple Logical Groups, page 78.

Example An APSolute Vision server includes a user named User-A, a device named Device-1, and a Logical Group named MyLG. Device-1 is a member of MyLG. The configuration of User-A contains two role-scope pairs. One role-scope pair is Configurator–Device-1. The other role-scope pair is Operator–MyLG. APSolute Vision grants User-A the role of Configurator on Device-1.

Example An APSolute Vision server includes a user named User-A, a device named Device-1, a Site named MySite, and a Logical Group named MyLG. Device-1 is a member of MySite and MyLG. The configuration of User-A contains two role-scope pairs. One role-scope pair is Configurator–MySite. The other role-scope pair is Operator–MyLG. APSolute Vision grants User-A the role of Configurator on Device-1.

Example An APSolute Vision server includes a user named User-A, a device named Device-1, a Logical Group named MyLG-X and a Logical Group named MyLG-Y. Device-1 is a member of MyLG-X and MyLG-Y. The configuration of User-A contains two role-scope pairs. One role-scope pair is ADC-Administrator–MyLG-X. The other role-scope pair is Device-Viewer–MyLG-Y. APSolute Vision grants User-A the role of ADC Administrator on Device-1.The following table lists the access levels that APSolute Vision uses to determine a user’s RBAC role for a device, when the device is a common member of multiple Logical Groups. The role with the highest level takes precedence.

Table 5: Access Levels for Determining a User’s RBAC Role for a Device, when the Device Is a Common Member of Multiple Logical Groups

Level Role1 Administrator

2 Vision Administrator

3 System User

4 User Administrator




Configuring General User-Management SettingsThe Administrator or User Administrator user can specify the user-authentication method for all APSolute Vision interfaces.

To configure general user-management settings

1. In the APSolute Vision Settings view System perspective, select User Management > User Management Settings.

2. Configure the parameters, and click Submit.

5 Device Administrator

6 Security Administrator

7 ADC + Certificate Administrator

8 ADC Administrator

9 Certificate Administrator

10 Device Configurator

11 Device Operator

12 ADC Operator

13 Real Server Operator

14 Device Viewer

15 Security Monitor

16 Vision Reporter

Table 5: Access Levels for Determining a User’s RBAC Role for a Device, when the Device Is a Common Member of Multiple Logical Groups (cont.)

Level Role




Table 6: User Management Settings

Parameter DescriptionAuthentication Mode The user-authentication method that APSolute Vision uses.

The Administrator or User Administrator user can specify the user-authentication method for all APSolute Vision interfaces.The setting is retained after reboot of the APSolute Vision server, and it is included in the APSolute Vision configuration backup and restore operations.Values:• LDAP—An LDAP server stores the credentials of and

authenticates the APSolute Vision users (see Configuring LDAP Server Connections, page 138). If the primary LDAP server and, if defined, secondary LDAP server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

• Local—The Local Users table stores the credentials of and authenticates the APSolute Vision users (see Configuring Local Users for APSolute Vision, page 82).

• RADIUS—A RADIUS server stores the credentials of and authenticates the APSolute Vision users (see Configuring RADIUS Server Connections, page 128). If the primary RADIUS server and, if defined, secondary RADIUS server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

• TACACS+—A TACACS+ server stores the credentials of and authenticates the APSolute Vision users (see Configuring TACACS+ Server Connections, page 132). If the primary TACACS+ server and, if defined, secondary TACACS+ server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

Default: Local

Maximum Password Challenges The number of consecutive unsuccessful password entries before a user is locked out.Values: 3–10Default: 3




Default Password for Other Users The default password that new users enter on initial login or after password reset—except for the following users: radware, defenseflow, msspportal, and reporter.

Notes: • You can configure the initial password for an individual

user. For more information, see Table 11 - User: Password Parameters, page 86.

• The radware user can change the password at any time or on expiration.

• The defenseflow user has a special password. For DefenseFlow version 2.5 and later, the password for both APSolute Vision and DefenseFlow must match.

• The reporter user (which APSolute Vision Analytics uses) has a special password.

Confirm Default Password for Other Users

The value for confirmation of Default Password for Other Users.

Password Validity Period The number of days from password creation until that password expires. When you change this value, the new value is applied to any subsequently created passwords; current passwords are not affected by the change.Values: 1–3670Default: 30

User Statistics Storage Period The number of days the user statistics information is stored before being deleted.Values: 1–3670Default: 30

Inactivity Timeout Period for CLI Access of Non-Local Users

The time, in days—following the initial login, that APSolute Vision allows CLI access to users who are defined in an external authentication server (RADIUS, TACACS+, or LDAP). Any subsequent login to APSolute Vision (either CLI or WBM) resets the timer. A user who has timed out can reactivate CLI access by logging in to APSolute Vision WBM.Values: 30–3650Default: 365

Note: To activate CLI access, all users defined in an external authentication server must log in to APSolute Vision WBM at least once.

Last Passwords Saved The number of passwords that APSolute Vision saves for a user to prevent the user from reusing a recently expired password.Values: 2–100Default: 3

Table 6: User Management Settings (cont.)

Parameter Description




Configuring Local Users for APSolute VisionThe Local Users table contain individual local APSolute Vision user configurations.A user with the Administrator or User Administrator role can set and change the following individual local APSolute Vision user configurations:• Add, edit, and delete users• Revoke and enable users• Release user lockout and reset user passwords

Caution: Users with the name admin (case insensitive) cannot be created in the APSolute Vision local user table. If users with the name admin (case insensitive) are defined in an external, RADIUS or TACACS+ authentication server, or were created in the local user table prior to APSolute Vision version 3.30, they can log in to APSolute Vision, but they will not be able to log in to the AVR.

Note: The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter users. You cannot delete them or modify their role and/or scope assignment.For information about setting global user configurations, see Configuring General User-Management Settings, page 79.Besides the Local Users table, APSolute Vision users can be authenticated through an authentication server (see Configuring Connections to Authentication Servers, page 128). When the authentication server is down, user authentication fails over to the Local Users table.

Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware recommends that administrator users be defined also in the Local Users table. Having users defined also in the Local Users table is for fall-back access to APSolute Vision in case the authentication server is not available.

Use the Local Users tab for the following operations:• Adding and Editing Users, page 84• Deleting Users, page 87• Releasing User Lockout, page 87• Resetting User Passwords to the Default, page 88• Revoking and Enabling Users, page 88

User Must Change Password at First Login

Specifies whether all users must change their password when logging in for the first time to the APSolute Vision server.Default: Disabled

Note: The value for this parameter applies to when the user is created, and does not change. For example, if the value for this parameter is enabled when the user is created, and then the value changes to disabled—but the user has not yet logged in, the user will be required to change his/her password when he/she first logs in.

Table 6: User Management Settings (cont.)





To open the Local Users tab

> In the APSolute Vision Settings view System perspective, select User Management > Local Users.

The Local Users tab displays information for all currently defined users. Additional information for users is available when editing specific rows in the Local Users table.

Table 7: Local User Table Parameters

Parameter DescriptionUser Name The username used for login.

User Full Name The user’s full name.

Language The default display language for the user.

Notes: • The Default Display Language parameter (see Configuring

APSolute Vision Display Parameters, page 153) determines the default value.

• A user can change his/her own display language, by opening the User drop-down dialog box (from the APSolute Vision toolbar, in the User ribbon at the at the far right) and selecting

the language from the drop-down list next to the (globe) icon.

Scope The scopes of devices, which are organized according to the Sites and Devices tree and Physical Containers tree in the device pane. A scope can be one of the following:• An individual device.• A Site, with all of its devices. • A Logical Group—The user’s scope dynamically updates,

according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the user’s scope changes accordingly. For more information, see Rules for RBAC Permission Conflicts with Logical Groups, page 77 and Using Logical Groups of Devices, page 190.

• [All]—The All scope contains all devices and the APSolute Vision server.

The displayed scopes for each user represent the devices that the user can access. Each scope in the list is associated with a corresponding role that defines the permissions for the user on those devices.Users defined through an authentication server with the Administrator, User Administrator, or Vision Administrator role must be configured with the scope [ALL] (including the square brackets).

Role The roles with which the user is associated. Each role defines a set of actions the user can perform through APSolute Vision. Each role in the list applies to its corresponding scope of devices.

Contact Info The user’s contact information—organization, address, and phone number.

Password Expiration Date The date on which the current password expires.




Adding and Editing UsersWhen you add a user, you associate the user with one or more role-and-scope pairs to define the user’s privileges and the managed devices to which the privileges apply. Scopes represent the devices for which the user has credentials. The corresponding role for each scope in the list defines the permissions for the user on those devices.When you modify the role and/or scope assignment for a user who is logged into APSolute Vision, the user must log out and log in again for the changes to take effect.

Note: You cannot modify the role and/or scope assignment of the radware, defenseflow, msspportal, and reporter users.By default, a new user is not associated with any scope or role.You can only add a scope once for each user. You cannot add a scope that contains devices that are already in a scope associated with the user.For DefensePro devices, after you configure the role-scope pair, you can configure the security-monitoring access for the user. Security-monitoring access defines what security data the user sees in the Security Monitoring perspective and APSolute Vision Reporter according to specified DefensePro Network Protection policies.

Caution: Do not configure more than 300 explicit device-policy pairs for DefensePro security-monitoring access—for any user. If there are more than 300 explicit device-policy pairs for a user, the Security Monitoring Dashboard View might not function properly for the user.

Note: The terms Network Protection policy and network policy may be used interchangeably in APSolute Vision and in the documentation.

To add or edit a user

1. In the APSolute Vision Settings view System perspective, select User Management > Local Users.

2. Do one of the following:

— To add a user, click the (Add) button in the tab toolbar.— To edit a user, double-click the username.

Active User Specifies whether the user is currently enabled.Values: • Yes—The user is currently enabled.• No—The user is currently suspended and cannot log in.

Currently Locked Out Specifies whether the user is currently locked out.

Created On The date on which the user was created.

Last Password Change The date on which the user password was last changed.

Last Lockout The date on which the user was last locked out.

Table 7: Local User Table Parameters (cont.)





3. In the Permissions tab User Roles and Scopes table, do one of the following:

— To add a new role-scope pair, click the (Add) button in the tab toolbar.

— To edit a role-scope pair, click (Edit) in the tab toolbar.4. Do the following:

— From the Role drop-down list, select the role for the selected scope.— From the Scope drop-down list, select the scope containing the devices that the user can

access.Note: For information, see Role and Scope in Table 7 - Local User Table Parameters, page 83, and Role-Based Access Control (RBAC), page 68.

5. Click Submit.

6. Configure the rest of the user parameters, and click Submit.

Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is populated with the values from the selected row, except for the indexes.

Note: At the initial login, a new user enters the password and is then prompted to create a new password. Users can always change their own passwords at login. For more information, see Changing Passwords for Local Users, page 99. The initial password can be a default password (see Table 6 - User Management Settings, page 80) or a personal password configured for the specific user (see Table 11 - User: Password Parameters, page 86).

Table 8: User: General Parameters

Parameter DescriptionUser Name The username used for login. This field is mandatory.

The name should start with a letter or an underscore.The remaining characters can be letters, numbers, underscores, hyphens, or periods (dots).APSolute Vision usernames are not case sensitive when logging in to APSolute Vision WBM. APSolute Vision usernames are case sensitive when logging in to the APSolute Vision CLI. APSolute Vision user passwords are case sensitive.

User Full Name The user’s full name. This field is optional.

Language The default display language for the user.

Notes: • The Default Display Language parameter (see Configuring

APSolute Vision Display Parameters, page 153) determines the default value.

• The user can change his/her own display language, by using the

(globe) icon at the upper-right corner of the main screen.




To configure the DefensePro Network Protection policies whose security data the user can access in the Security Monitoring perspective and APSolute Vision Reporter


2. In the Permissions tab, under the title Authorized Network Policies for Security Monitoring, configure the Selected table with the Network Protection policies whose security data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.

Table 9: User: Permissions Parameters

Parameter DescriptionUser Roles and Scopes The specified role for the user on the specified device or devices for

which the user has credentials.

Note: For information, see Role and Scope in Table 7 - Local User Table Parameters, page 83, and Role-Based Access Control (RBAC), page 68.

Authorized Network Policies for Security Monitoring

The DefensePro Network Protection policies that the user is authorized to monitor in the Security Monitoring perspective.

Note: For more information, see the procedure below, To configure the DefensePro Network Protection policies whose security data the user can access in the Security Monitoring perspective and APSolute Vision Reporter, page 86.

Table 10: User: Contact Info Parameters

Parameter DescriptionThese fields are optional.

Organization The user’s organization.

Address The user’s address.

Phone Number The user’s phone number.

Table 11: User: Password Parameters

Parameter DescriptionThese fields are optional.If you specify no password, APSolute Vision uses the default password for new users.

Note: For more information, see Default Password for Other Users in Table 6 - User Management Settings, page 80.Password The initial password for the new user.

Confirm Password The value for confirmation of Password, when you specify the initial password for the new user.




Notes

• By default, users have access to all policies of all devices in their scope.

• When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in the Policy Name column. This signifies that the user can access all policies for each permitted device. A user must be authorized for all network policies of a device ([ALL]) or for selected network policies of a device. When you move a policy from the Available table to the Selected table, [ALL] values move automatically from the Selected table to the Available table.

• A change to Authorized Network Policies for Security Monitoring takes effect the next time the user logs in, and does not affect current ongoing sessions.

Deleting UsersDeleting a user removes the user from the Local Users table.

Notes

• The radware, defenseflow, msspportal, and reporter users cannot be deleted.

• You can suspend a user without removing the user from the table. For more information, see Revoking and Enabling Users, page 88.

To delete a user


2. In the Local Users table, select the username, and click the (Delete) button in the tab toolbar.

3. Click Yes in the confirmation box.

Releasing User LockoutWhen a user performs more than the permitted number of unsuccessful logins (User Management > User Management Settings > Maximum Password Challenges), the user is locked out and cannot log in again until the user administrator releases the lock and resets the password.

To release a user lockout


2. In the Local Users table, select the usernames that you want to unlock, and click (Unlock Selected Users).

3. Reset the user password to the default, see Resetting User Passwords to the Default, page 88.




Resetting User Passwords to the DefaultFollowing a user lockout, a user administrator can reset a local user’s password to the default user password. When the user next logs into APSolute Vision, that user will be prompted to change the default password according to APSolute Vision Password Requirements, page 91.

Notes

• You cannot reset the password of the radware user. If the radware user is locked out for any reason, contact Radware Technical Support.

• You cannot reset the password of the reporter user.

To reset a user’s password to the default


2. In the Local Users table, select the usernames whose password you want to reset, and click (Reset Selected User Password).

Revoking and Enabling UsersRevoking a user suspends the user, but does not delete the user from the Users table.

Caution: If you revoke the defenseflow user, DefenseFlow version 2.5 and later cannot communicate with APSolute Vision.

Note: For information on how to delete a user from the Users table, see Deleting Users, page 87.

To revoke a user


2. In the Local Users table, select the usernames, and click (Revoke Selected Users). The value in the Active User column of the user in the Local Users table changes from Yes to No.

To enable a revoked user


2. In the Users table, select the usernames, and click (Enable Selected Users). The value in the Active User column of the user in the Local Users table changes from No to Yes.




Viewing the Predefined RolesAPSolute Vision provides predefined roles, which you cannot delete or modify.

Note: For the list of predefined roles, see Table 2 - Predefined Roles, page 72.

To view the table of predefined roles

> In the APSolute Vision Settings view System perspective, select User Management > Roles.

Managing LDAP Object Class PermissionsUse the LDAP Object Class Permissions tab to manage APSolute Vision permissions for LDAP object classes.

To add or edit an LDAP Object Class Permission

1. In the APSolute Vision Settings view System perspective, select User Management > LDAP Object Class Permission.


— To add a permission, click the (Add) button in the tab toolbar.— To edit a permission, double-click the entry.

3. Configure the following parameters:

— Object Class Name—The name of the object class in the LDAP server that includes the Attribute and Value for the permission. In most cases, the name of the object class is user.Example: user

— Attribute—The Attribute field to match for the permission in the LDAP server.Example: memberof

— Value—The value of the Attribute.Example: CN=financeTeam,OU=finance,DC=company,DC=com

4. In the Permissions section, do one of the following:

— To add a new role-scope pair, click the (Add) button in the tab toolbar.

— To edit a role-scope pair, click (Edit) in the tab toolbar.5. Do the following:

— From the Role drop-down list, select the role for the selected scope.— From the Scope drop-down list, select the scope containing the devices that the user can

access.Note: For information on roles, see Role-Based Access Control (RBAC), page 68.

6. Click Submit.

7. Repeat step 4 through step 6 to configure all the role-scope pairs for the permission.




8. (Optional) If you are using DefensePro, under the title Authorized Network Policies for Security Monitoring, configure the Selected table with the Network Protection policies whose security data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.

Note: A change to Authorized Network Policies for Security Monitoring takes effect the next time the user logs in, and does not affect current ongoing sessions.

9. Click Submit.

Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is populated with the values from the selected row, except for the indexes.

Example Using the examples in step 3 in the procedure above, if some user who is a member of the financeTeam group successfully logs in to the LDAP server, that user is assigned the role-scope pair as described in step 4 and step 5.

Viewing User StatisticsUse the User Statistics tab to view user statistics.The User Statistics tab includes the following tables:• Currently Connected Users—The users who are currently connected to APSolute Vision

through the local user table or an authentication server. The table contains the following columns:— Name— Login Date and Time—The date and time of last login. The date/time format is configurable

according to your preferences (APSolute Vision Settings view Settings perspective, General Settings > Display).

• User Statistics—A table, which you can filter, and which contains the following columns:— User Name— Date— Successful Logins— Failed Authentication Attempts— Password Changes— Lock-Outs

To display user statistics

> In the APSolute Vision Settings view System perspective, select User Management > User Statistics.




APSolute Vision Password RequirementsAll personal and default passwords required by the Administrator user and other local users must conform to the following rules:• A password must be at least eight (8) characters in length.• A password must include characters from at least two (2) of the following character types: text

character, number, special character—except for characters that may have command functions.• A password must not be the same as the username with which they are associated.• A new password must not contain a sequence of three (3) or more characters from the previous

password.

For information about changing individual and default passwords, see the following:• Changing Passwords for Local Users, page 99• Configuring General User-Management Settings, page 79


CHAPTER 3 – GETTING STARTED WITH APSOLUTE VISION

The following topics describe how to get started and set up APSolute Vision before configuring and monitoring your Radware devices:• Initializing the APSolute Vision Server, page 93• Recommended Basic Security Procedures, page 95• APSolute Vision WBM Requirements, page 96• Logging In to and Out of APSolute Vision, page 97• Changing Passwords for Local Users, page 99• Selecting Your Landing Page, page 100• After Initial Configuration of APSolute Vision, page 100• Using Common GUI Elements in APSolute Vision, page 101

Notes

• For information about installing the APSolute Vision server, see the APSolute Vision Installation and Maintenance Guide.

• For information on managing APSolute Vision users, see Managing APSolute Vision Users, page 67.

Initializing the APSolute Vision ServerOn a physical appliance, access the APSolute Vision CLI using a serial cable and terminal emulation application, or from an SSH client.

Note: APSolute Vision CLI uses Control-? (127) for the Backspace key. Terminal settings for the APSolute Vision server are as follows:• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform• Data bits: 8• Parity: None• Stop bits: 1• Flow control: None

Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute Vision terminates the session.


Getting Started with APSolute Vision


To initialize the APSolute Vision server

1. Ensure that an ASCII console is connected to the device through the RJ-45–to–DE-9 cable and that console computer is turned on.

2. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.

3. Wait for the login prompt, vision login:.

4. Type the default username radware, and then, press Enter.

5. Type the default password radware, and then, press Enter.

6. Type the IP address for the APSolute Vision server, and then, press Enter.

7. Type the value for the network mask for the APSolute Vision server, and then, press Enter.

8. Type the value for the default gateway for the APSolute Vision server, and then, press Enter.

9. Type the value for the primary DNS server for the APSolute Vision server, and then, press Enter.

10. If applicable, type the value for the secondary DNS server for the APSolute Vision server, and then, press Enter.

Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter without typing anything, the installation will proceed.

11. Type the interface identifier—for example, G1 or G2 (case sensitive)—that is, the interface that the APSolute Vision clients access, and then, press Enter.

Notes

— When APSolute Vision is running on the OnDemand Switch VL2 (ODS-VL2) platform, the relevant identifiers are G3 and G5 (case sensitive).

— The installation program checks whether there are connected interfaces, and it displays their identifiers. If there are no connected interfaces, a “No link detected” message is displayed.

— The interface identifiers that are supported depend on the APSolute Vision form factor. 12. Review the values.

13. Type one of the following values:

— y—yes, that is, you accept the values.

— N—no, that is, you need to go back and change one or more values.

The initialization script asks whether you want to change the root user password.14. Change the root user password if required.

Note: For information on how to change the default passwords, see Using vDirect with APSolute Vision, page 657.




Recommended Basic Security ProceduresThis section describes the basic procedures that Radware recommends for the security of the APSolute Vision system.

Restricting Root AccessThe APSolute Vision server runs on a Linux shell.The APSolute Vision server supports root access to the operating system. The default password is radware, which can be modified during the initial setup of the APSolute Vision server. Additionally, user radware can modify the password using the CLI command system user password root.

Radware recommends that the root user password be kept secret from other administrators, and retained for troubleshooting by Radware Technical Support.If you require recovery of the root password, contact Radware Technical Support.

Note: For more information on the APSolute Vision CLI, see Using vDirect with APSolute Vision, page 657.

Restricting APSolute Vision CLI AccessThe default username/password for the APSolute Vision CLI is radware/radware.As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is operating properly, Radware recommends that you change the default password of the radware user, using the CLI command system user password change radware.

Change the password with the relevant CLI command.Access to the APSolute Vision CLI is available only to users with the Administrator or Vision Administrator role.


Restricting Web Access to the APSolute Vision ServerYou install of APSolute Vision client software by accessing an APSolute Vision appliance using a Web browser.The APSolute Vision installation includes one default user, radware, with the password radware. The radware user has access to all APSolute Vision interfaces. Radware recommends that you change the password of the radware user. Change the password with the relevant CLI command.As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is operating properly.





Restricting Web Access by Radware Technical SupportRadware Technical Support can access an APSolute Vision appliance using a Web browser.As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is operating properly, Radware recommends that you change the default password.Change the password with the relevant CLI command.


APSolute Vision WBM RequirementsAPSolute Vision supports a Web-based management interface, which is called Web Based Management (WBM). This section describes the basic requirements with the following topics:• APSolute Vision WBM Requirements, page 96• Application Performance Monitoring Requirements, page 97• APSolute Vision Reporter Requirements, page 97• Device Performance Monitor Requirements, page 97

Notes

• For more information, see APSolute Vision Specifications and Requirements, page 765.

• For the list of required UDP/TCP ports, see UDP/TCP Ports and IP Protocols, page 765.

APSolute Vision WBM RequirementsThis section includes the following topics:• APSolute Vision Client Supported Operating Systems, page 96• APSolute Vision WBM Supported Browsers, page 96

APSolute Vision Client Supported Operating SystemsThe following operating systems support APSolute Vision WBM:• Windows Server 2008 R2 64-bit• Windows 8 64-bit• Windows 7 SP1 32-bit and 64-bit• Windows Server 2012 R2 64-bit• Linux Ubuntu (Desktop)• Mac OS X

APSolute Vision WBM Supported BrowsersYou can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device Performance Monitor, and the APM server Web interface) using a Web browser. For the list of supported browsers, please refer to the release notes.




Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision WBM, there is sometimes a problem when downloading files. You can fix the problem by updating the Windows registry. The update tells IE to open JSON documents in the browser. In the update, the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the “Browse in place” action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00 and update the Windows registry with the following:

[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]

"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"

"Encoding"=hex:08,00,00,00

[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]

"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"

"Encoding"=hex:08,00,00,00

Application Performance Monitoring RequirementsAPSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor (APM). The APM is a process that runs on the APSolute Vision server with APM server VA offering. APSolute Vision WBM includes an option to open the APM Web interface. You access the APM via a browser on your PC. APSolute Vision WBM includes an option to open the APM Web interface.For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and Maintenance Guide.

APSolute Vision Reporter RequirementsAPSolute Vision WBM can connect to the APSolute Vision Reporter (AVR). APSolute Vision WBM includes a button that opens the AVR in a separate browser tab.Java client version 1.6.0_22 or later must be installed to run the APSolute Vision Reporter.The Java client must be 32-bit.

Device Performance Monitor RequirementsAPSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser tab.

Logging In to and Out of APSolute VisionTo start working with APSolute Vision, you log in to the APSolute Vision Web application, which is referred to as Web Based Management (WBM).The first login to APSolute Vision WBM requires an APSolute Vision Activation License (which has a vision-activation prefix). When APSolute Vision is running as a virtual appliance (VA), the license is based on the MAC address of the APSolute Vision G1 or G2 port. When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the license is based on the MAC address of the APSolute Vision G3 or G5 port.




Note: The CLI command net ip get displays the ports and the MAC addresses.

You can request the license from Radware Technical Support. The license is also available using the license generator at radware.com. Up to 50 users can access the APSolute Vision server concurrently.

Note: Users with the Administrator role can manage APSolute Vision users. For information on managing APSolute Vision users, see Managing APSolute Vision Users, page 67.APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your credentials and privileges may be managed through an authentication server or through the local APSolute Vision user database.After successful authentication, the user’s role is assigned. The role determines the devices that the user is authorized to manage. Furthermore, the role determines which content panes, menus, and operations the user can access. The assigned role remains fixed throughout the user session. If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a globally defined number of consecutive failures, the user is locked out of the system. If the user uses local user credentials, an administrator can release the lockout by resetting the password to the global default password (see Releasing User Lockout, page 87). If the user uses credentials from an authentication server (for example, a RADIUS server), you must contact the administrator of that authentication server.There are special properties and procedures for the user who first logs into the APSolute Vision server. For more information, see Managing APSolute Vision Users, page 67.

To log in to APSolute Vision as an existing user

1. In a Web browser, enter the hostname or IP address of the APSolute Vision server.2. In the login dialog box, specify the following:

— User Name—Your user name.— Password—Your user password. Depending on the configuration of the server, you may be

required to change your password immediately. Default: radware.

— The language of the APSolute Vision graphical user interface. Click the (globe) icon to set the value.

3. Click Log In.

Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System perspective, General Settings > Connectivity > Timeout).




To log out of APSolute Vision

1. In the APSolute Vision toolbar, in the User ribbon at the at the far right, click the arrow. A drop-down dialog box opens.

2. Click Log Out.

Changing Passwords for Local UsersIf your user credentials are managed through the APSolute Vision Local Users table (not through an authentication server, such as RADIUS or TACACS+), you can change your user password at the login or in the APSolute Vision Settings view Preferences perspective. If your password has expired, you must change it in the APSolute Vision Login dialog box.

Notes

• For information about password requirements, see APSolute Vision Password Requirements, page 91.

• For more information on managing APSolute Vision users, see Managing APSolute Vision Users, page 67.

To change a password for a local user

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences > User Password Settings.

2. Configure the parameters, and click Update Password.

Table 12: User Password Settings Parameters

Parameter DescriptionCurrent Username (Read-only) The current username.

Current Password Your current password.

New Password Your new password.

Confirm New Password Your new password.




Selecting Your Landing PageYou can select the page that APSolute Vision displays when you open APSolute Vision WBM.

To select your landing page

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences > Display.

2. Configure the parameter, and click Submit.

After Initial Configuration of APSolute VisionAfter initial configuration of the APSolute Vision server, continue with the following (as permitted by your RBAC role):• If required, configure local APSolute Vision users and global user settings in the APSolute Vision

Settings view System perspective, under User Management. For more information, see Managing APSolute Vision Users, page 67.

• Add the devices that you want to manage using APSolute Vision. For more information, see Managing Devices, Sites, and Logical Groups, page 161. To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more information, see Using vDirect with APSolute Vision, page 657.

Table 13: Display Parameter

Parameter DescriptionDefault Landing Page The page that APSolute Vision displays when you open APSolute

Vision WBM.Values: • None—When you open APSolute Vision WBM, you land in the

default page configured on the APSolute Vision server (see Configuring APSolute Vision Display Parameters, page 153).

• Application SLA Dashboard—When you open APSolute Vision WBM, you land on the Application SLA Dashboard (see Using the Application SLA Dashboard, page 573).

• Security Control Center—When you open APSolute Vision WBM, you land on the Security Control Center (see Using the Security Control Center, page 576).

• Operator Toolbox—When you open APSolute Vision WBM, you land on the Toolbox (see Using the Toolbox, page 211).

• Service Status Dashboard—When you open APSolute Vision WBM, you land on the Service Status Dashboard (see Using the Service Status Dashboard, page 582).

Default: None

Note: Your user role and scope determines the available options. If you do not have permission to view the default page configured on the APSolute Vision server, you land in the first permitted tab of the APSolute Vision Settings view. For information on user roles and scopes, see Managing APSolute Vision Users, page 67.




• Configure the Radware devices that APSolute Vision manages. For more information, see the APSolute Vision online help.

• Manage device operations and maintenance.• Monitor the managed devices using APSolute Vision. For more information, see the APSolute

Vision online help.

Note: For more information about the Radware products that APSolute Vision supports, see the relevant product user guides and related documentation.

Using Common GUI Elements in APSolute VisionThis section contains the following:• Icons/Buttons and Commands for Managing Table Entries, page 101• Filtering Table Rows, page 102

Icons/Buttons and Commands for Managing Table EntriesThe following table describes icons/buttons and corresponding commands that are available when you manage table entries (rows) using APSolute Vision Web Based Management. The commands that are available depend on the feature. The icons/buttons are always above a table on the left side. When the mouse cursor (pointer) hovers over an icon/button, the display changes from monochrome (gray) to colored.

Notes

• You can configure and control a managed device only when the device is locked (see Locking and Unlocking Devices, page 179).

• The APSolute Vision documentation shows icons/buttons in their colored state.

Table 14: Icons/Buttons and Commands for Managing Table Entries

Icon/Button Command DescriptionAdd Opens an “Add New...” tab to configure a new entry.

Edit Opens an “Edit...” tab to modify the selected existing entry.

Duplicate Opens an “Add New...” tab, which is populated with the values from the selected entry, except for the indexes.

Delete Deletes the selection.

Export Exports the selected entry.

View Opens a “View...” tab to view the values of the selected entry.




Filtering Table RowsFor many tables in APSolute Vision and managed devices, you can filter table rows according to values in the table columns.The filter uses a Boolean AND operator for the filter criteria that you specify. That is, the filtered table displays the rows that match all the search parameters, not any of the search parameters. For example, if the table includes the columns Policy and Port, and you filter for the policy value ser, and the port value 80, the filtered table displays rows where the value of the Policy parameter includes ser AND the value of the Port parameter includes 80.

To filter table rows

1. Do the following:

— If a table column displays a drop-down list (with an arrow, like this, ), click the arrow and select the value to filter by.

— If the table column displays a white, text box (like this, ), type the value to filter by.

Notes

— For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a match if the string that you enter is merely contained in a value. For example, if you enter ser in the text box, the filter returns rows with the values ser, service1, and service2.

— If the box at the top of a column is gray (like this, ), you cannot filter according to that parameter.

2. Click the (Filter) button or press Enter.


CHAPTER 4 – MANAGING AND MONITORING THE APSOLUTE VISION SYSTEM

APSolute Vision monitors and controls the APSolute Vision server and platform, and the associated database.This chapter contains the following main sections:• Monitoring APSolute Vision—Overview, page 104• Managing APSolute Vision Basic Information and Properties, page 104• Configuring Connectivity Parameters for Server Connections, page 109• Configuring Settings for the Alerts Pane, page 112• Managing APSolute Vision Analytics Settings, page 125• Configuring Monitoring Settings, page 126• Configuring APSolute Vision Server Alarm Thresholds, page 127• Configuring Connections to Authentication Servers, page 128• Managing Device Drivers, page 139• Configuring APSolute Vision Reporter Parameters, page 143• Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 143• Managing APM in APSolute Vision, page 147• Configuring the Radware Cloud DDoS Protection Setting, page 151• Configuring APSolute Vision Server Advanced Parameters, page 151• Configuring APSolute Vision Display Parameters, page 153• Managing APSolute Vision Maintenance Files, page 155• Managing Operator Toolbox Settings, page 156• Managing Stored Device Configuration/Backup Files, page 156• Viewing Device Subscriptions, page 158• Controlling APSolute Vision Operations, page 160

Notes

• The labels of mandatory APSolute Vision parameters are bold.

• When the value of a parameter has changed, before the value is submitted, the label is in italics.

• In the English language display, when a value of a parameter has changed, before the value is submitted, the tab label is in italics and has an asterisk (*).

• In the Chinese language display, when a value of a parameter has changed, before the value is submitted, the tab label has a dashed underline.


Managing and Monitoring the APSolute Vision System


Monitoring APSolute Vision—OverviewAPSolute Vision monitors the APSolute Vision server and platform, and the associated database. The system monitors performance and operational status, and stores the processed monitoring information in the APSolute Vision database. When a problem is identified, an alert is issued, and displayed in the Alerts pane.

Managing APSolute Vision Basic Information and PropertiesThis section contains the following topics:• Displaying Basic Information About the APSolute Vision Server, page 104• Managing APSolute Vision Server Software, page 106• Displaying APSolute Vision Server Hardware Information, page 107• Managing and Updating the Attack Descriptions File for DefensePro, page 108

Displaying Basic Information About the APSolute Vision ServerYou can view the basic information about the APSolute Vision server. You can also verify that the date and time on the APSolute Vision server is synchronized with the date and time on the client PC.

To display the basic information about the APSolute Vision server

> In the APSolute Vision Settings view System perspective, select General Settings > Basic Parameters.

Table 15: Basic Parameters: General Parameters—When Running as a VA or on an OnDemand Switch VL (ODS-VL) Platform

Parameter DescriptionManagement IP Address The IP address of the of the APSolute Vision server used for

management.

Hardware Platform The type of hardware platform of the APSolute Vision server.

Vision Server Uptime The up time of the APSolute Vision server, in days, hours, minutes, and seconds.

APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision server.

Note: APSolute Vision requires that the date and time settings of the server be configured correctly, relative to the real time—taking into consideration their defined timezones. Upon logging into APSolute Vision from your browser, an alert is generated if a discrepancy of more than 5 minutes is found between the date and time settings of the server and local host.

MAC Address of Port G1 The MAC address of the APSolute Vision server G1 port.





To verify the date and time settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Basic Parameters.

2. Click Verify Time Settings.


Note: If the port is not supported, the field displays the value Unsupported.


Note: If the port is not supported, the field displays the value Unsupported.

Table 16: Basic Parameters: General Parameters—When Running on an OnDemand Switch VL2 (ODS-VL2) Platform

Parameter DescriptionManagement IP Address The IP address of the of the APSolute Vision server used for

management.

Hardware Platform The type of hardware platform of the APSolute Vision server: ODS-VL2 for OnDemand Switch VL2.

Vision Server Uptime The up time of the APSolute Vision server, in days, hours, minutes, and seconds.

APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision server.

Note: APSolute Vision requires that the date and time settings of the server be configured correctly, relative to the real time—taking into consideration their defined timezones. Upon logging into APSolute Vision from your browser, an alert is generated if a discrepancy of more than 5 minutes is found between the date and time settings of the server and local host.


MAC Address of Port G4 This port is not supported, and the field displays the value Unsupported.



Table 15: Basic Parameters: General Parameters—When Running as a VA or on an OnDemand Switch VL (ODS-VL) Platform (cont.)





Managing APSolute Vision Server SoftwareYou can view information about the APSolute Vision server software. You can also update the software, and you can download a log of the upgrades to the server.

Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade Commands, page 650.

To display APSolute Vision server software information


2. Select the Software tab.

To update the APSolute Vision server software



3. Click Update.

4. Click Browse, navigate to the upgrade file, and click Open.

5. If you are upgrading to a major version, do one of the following:

— Select the Generate Password Automatically checkbox to have APSolute Vision generate the password automatically—after verifying that the device has a valid support agreement. Default: Enabled.

Table 17: APSolute Vision Server Software Parameters

Parameter DescriptionSoftware Version The version of the APSolute Vision server and the following associated

modules:• APSolute Vision Reporter (AVR)• Device Performance Monitor (DPM)• Application Performance Monitor (APM)—The Software Version

box displays the APM row only when APM is installed.• vDirect

Build The date and build number of the current software version.

Last Upgrade The date and time of the last upgrade.

Upgrade Status The upgrade status.Values:• Fresh install• In progress• OK• Failed




Caution: The functionality of the Generate Password Automatically button requires connectivity to radware.com or the proxy server that is configured in the APSolute Vision settings (APSolute Vision Settings view System perspective, General Settings > Connectivity > Proxy Server Parameters).

— In the Password text box, enter the password.

Notes

— A password is required for upgrade to all major versions. Upgrade without a password is allowed when upgrading to minor versions.

— When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL (ODS-VL) platform, the password is based on the size of the upgrade file and the MAC address of the APSolute Vision G1 or G2 port, which the Basic Parameters pane displays.

— When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the password is based on the size of the upgrade file and the MAC address of the APSolute Vision G3 or G5 port, which the Basic Parameters pane displays.

— Migrating APSolute Vision on the OnDemand Switch VL (ODS-VL) platform to the OnDemand Switch VL2 (ODS-VL2) platform uses a special procedure, which requires the Administrator or the Vision Administrator role and root access to the ODS-VL2 operating system. For information about the migration procedure, see Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2 Platform, page 655.

— You can request the password from Radware Technical Support. The password is also available using the password generator at radware.com.

6. Click Upload.

To download the upgrade log of the APSolute Vision server



3. Click Download Upgrade Log. You can open the file with a selected application, or you can save the file to a specified location.

Displaying APSolute Vision Server Hardware InformationYou can view information about the APSolute Vision server hardware.

To display APSolute Vision server hardware information


2. Select the Hardware tab.

Table 18: APSolute Vision Server Hardware Parameters

Parameter DescriptionRAM Size The amount of RAM, in gigabytes.




Managing and Updating the Attack Descriptions File for DefenseProYou can view the time of the latest update of the Attack Description file on the APSolute Vision server, and you can update the file.The Attack Description file contains descriptions of all the different attacks that DefensePro can handle. You can view a specific description by entering the attack name. When you first configure APSolute Vision, you should download the latest Attack Description file to the APSolute Vision server. The file is used for real-time and historical reports to show attack descriptions for attacks coming from DefensePro devices. The file versions on APSolute Vision and on the DefensePro devices should be identical. Radware recommends synchronizing regular updates of the file at regular intervals on APSolute Vision and on the individual devices.

Note: Radware also recommends updating the Attack Description file each time you update the Signature files on DefensePro devices. When you update the Attack Description file, APSolute Vision downloads the file directly from Radware.com or from the enabled proxy file server.

To view the date and time of the last update of the Attack Description file


2. Select the Attack Descriptions File tab. The Attack Descriptions Last Update text box displays the time of the latest update of the Attack Description file on the APSolute Vision server.

To update the Attack Description file



— To update the Attack Description file from Radware, select the Radware.com radio button.— To update the files from the APSolute Vision client host:

a. Select the Client radio button.b. In the File Name text box, enter the file path of the Attack Description file or click

Browse to navigate to and select the file.3. Click Update. The Alerts pane displays a success or failure notification and whether the

operation was performed using a proxy server.




Configuring Connectivity Parameters for Server ConnectionsThese settings define how the APSolute Vision server communicates with the APSolute Vision clients, external servers, and Radware devices.

To configure the connections to and from the APSolute Vision server

1. In the APSolute Vision Settings view System perspective, select General Settings > Connectivity.


Table 19: Connectivity: SNMP Parameters Toward Devices Parameters

Parameter DescriptionTimeout The time, in seconds, that APSolute Vision waits for a reply before

retrying to connect to other Radware devices. If the device does not respond after the configured number of retries, APSolute Vision notifies the user that the connection failed. Values: 1–180Default: 3

Caution: For DefensePro 7.x versions and in networks with high latency, Radware recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System perspective, General Settings > Connectivity > Timeout).

Retries The number of connection retries to another Radware device, when the device does not respond.Values: 1–100Default: 3

Port The port used to communicate with Radware devices.Values: 1–65,535Default: 161

Table 20: APSolute Vision Connectivity HTTP/S Parameters Toward Devices

Parameter DescriptionDefault HTTP Port The default HTTP port that APSolute Vision uses to communicate

with Radware devices. This value is displayed in the HTTP Port text box in the Device Properties dialog box. Values: 1–65,535Default: 80

Default HTTPS Port The default HTTPS port that APSolute Vision uses to communicate with Radware devices. This value is displayed in the HTTPS Port text box in the Device Properties dialog box.Values: 1–65,535Default: 443




Connection Timeout The time, in seconds, that the HTTP client waits for a response from the remote host—during the handshake for device configuration— before disconnecting the socket and returning an exception. Values: 1–60Default: 20

Socket Timeout The time, in seconds, that the HTTP client waits for a response from the remote host—during the data transfer for device configuration—before disconnecting the socket and returning an exception. Values: 1–60Default: 20

Long Operation Connection Timeout

The time, in seconds, that the HTTP client waits for a response from the remote host—during the handshake for certain long file operations—before disconnecting the socket and returning an exception.1

Values: 1–1200Default: 180

Long Operation Socket Timeout

The time, in seconds, that the HTTP client waits for a response from the remote host—during the data transfer for certain long file operations—before disconnecting the socket and returning an exception.Values: 1–1200Default: 180

1 – This parameter applies to the following operations: • Import/export configuration file operations.• Export of the quarantined-addresses file (for DefensePro).• DefensePro-template import/export operations.• Import/export of Radware-devices log files.• Import/export of certificate files.• Import/export of DNSSEC files.• Import/export AppShape script files (for Alteon or LinkProof NG).• fraud signature update (for DefensePro).• Attack signatures updates (for DefensePro).• Download of the Attack Description file (for DefensePro).

Table 21: APSolute Vision Connectivity Event Notification Parameters

Parameter DescriptionVision Management Port Specifies the management port on the APSolute Vision server to

which the managed Radware devices send events. Any change of this parameter takes effect only when you click Register This APSolute Vision Server for Device Events button. Clicking Submit in this pane has no effect on this parameter.

Caution: This parameter overwrites the Register APSolute Vision Server IP parameter.

Table 20: APSolute Vision Connectivity HTTP/S Parameters Toward Devices (cont.)





Remove All Other Targets of Device Events

Specifies whether—when you click Register This APSolute Vision Server for Device Events—the APSolute Vision server removes (from all the managed devices) all recipients of device events except for its own address.Default: Disabled

Note: For related information, see APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG, page 178 and APSolute Vision Server Registered for Device Events—DefensePro, page 178.

Register This APSolute Vision Server for Device Events(button)

Registers the APSolute Vision server as a target of the device events (for example, traps, alerts, IRP messages, and packet-reporting data) on all the managed devices.In Alteon or LinkProof NG, when you click the button and run the Apply command, APSolute Vision configures itself as a target of the device events and ensures that the device also sends traps for authentication-failure events. Alteon or LinkProof NG, by default, does not send traps for authentication-failure events.When multiple APSolute Vision servers manage the same DefensePro device, the device sends the following:• Traps to all the APSolute Vision servers that manage it. The

Target Address table and the Target Parameters table contain entries for all APSolute Vision servers.

• Packet-reporting data only to the last APSolute Vision server that registered on the device.

Note: For related information, see APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG, page 178 and APSolute Vision Server Registered for Device Events—DefensePro, page 178.

Table 22: Connectivity: Proxy Server Parameters

Parameter DescriptionThese connection settings are for the proxy server that the APSolute Vision server uses to download files from Radware.com. The Alerts pane displays a success or failure notification and whether the operation was performed using a proxy server.

Enable Proxy Server Specifies whether the APSolute Vision server uses a proxy server to download files from Radware.com.

IP Address The IP address of the proxy server.

Port The port of the proxy server.

Use Authentication Specifies whether authentication is required for a successful connection between the APSolute Vision server and the proxy server.

Username The username for the proxy server.

Password The password for the proxy-server user.

Verify Password The password for the proxy-server user.

Table 21: APSolute Vision Connectivity Event Notification Parameters (cont.)





Configuring Settings for AlertsConfiguring settings for alerts comprises the following topics:• Configuring Settings for the Alerts Pane, page 112• Selecting Parameters to Include in Security Alerts, page 124

Configuring Settings for the Alerts PaneAPSolute Vision displays alerts for APSolute Vision and all the managed Radware devices. The Alerts pane is available in all APSolute Vision perspectives. APSolute Vision saves all alert information in its database. You can configure APSolute Vision to send alert reports to a syslog server, via e-mail to defined recipients, and to SNMP targets. You can also configure default settings for the Alerts pane per client.For more information about the Alerts pane, see Managing Auditing and Alerts, page 309.

To configure Alerts pane settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Alert Settings > Alert Browser.


Table 23: Connectivity: Inactivity Timeouts Parameters

Parameter DescriptionThese settings define when to close the user session if there is no activity on either side.

Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a poll from the WBM within 30 seconds, the server closes the user session.

Inactivity Timeout for Configuration and Monitoring Perspectives

The time, in minutes, of inactivity after which the server logs the user out of the Configuration or Monitoring perspectives of a managed device, or the APSolute Vision Settings view System perspective.If the connection has not yet timed out, any activity in the Security Monitoring perspective, APM, or DPM also resets the timer.Values: 1–60Default: 20

Inactivity Timeout for Security Monitoring Perspective, APM, and DPM

The time, in minutes, of inactivity in the Security Monitoring perspective, APM, or DPM, after which the server logs the user out of the Security Monitoring perspective, APM, and DPM.Values: 1–4320Default: 1440




Table 24: Alert Browser: Auditing Settings Parameters

Parameter DescriptionEnable Detailed Auditing of APSolute Vision Activity

Specifies whether the messages that APSolute Vision issues regarding APSolute Vision activity include additional information, such as the new value for a parameter. For example: • When an administrator changes a value for a parameter (such as

Device Lock Timeout):— When the option is disabled, the message gives the name of

the parameter and says that the value was changed. — When the option is enabled, the message gives the name of

the parameter and the new value. • When a user administrator changes the contact information of

another user:— When the option is disabled, the message gives the name of

the user and says that the user’s properties were changed. — When the option is enabled, the message gives the name of

the user, says that the user’s properties were changed, and gives the new contact information.

Default: Disabled

Notes: • When a message refers to a change that a user initiated, the

message includes the username (even when the option is disabled).

• For a list of log messages corresponding to when this option is disabled, see Appendix B - APSolute Vision Log Messages and Alerts, page 671.




Enable Detailed Auditing of Device Configuration Changes

Specifies whether the messages that APSolute Vision issues regarding configuration changes made on managed devices—from APSolute Vision—include additional information. When a user changes a value for a scalar parameter:• When the option is disabled, the message gives the name of the

scalar and says that the value was changed. • When the option is enabled, the message gives the name of the

scalar and the new value. When a user adds or edits an entry to a table:• When the option is disabled, the message gives the name of the

table and says that a row was added or edited. • When the option is enabled, the message gives the name of the

table, the table parameters, and the value for each parameter. When a user deletes an entry in a table:• When the option is disabled, the message gives the name of the

table and says that a row was deleted. • When the option is enabled, the message gives the name of the

table and the indexes of the deleted row. Default: Disabled

Notes: • When a message refers to a change that a user initiated, the

message includes the username (even when the option is disabled).

• This parameter does not affect audit messages that the managed device generates, which APSolute Vision displays in the Alerts pane. This parameter only affects alerts that APSolute Vision generates itself.

Table 25: Alert Browser: Syslog Reporting Parameters

Parameter DescriptionThese settings determine how APSolute Vision forwards the events in the Alerts table to the configured syslog servers. For more information, see Configuring Syslog Servers for Alerts from APSolute Vision, page 118.

Enable Syslog Reporting Specifies whether APSolute Vision sends reports and logs to the configured syslog servers.Default: Disabled

Enable Encryption Specifies whether APSolute Vision sends the syslog messages encrypted over TLS.1

Default: Disabled

Table 24: Alert Browser: Auditing Settings Parameters (cont.)





CA Certificate(This parameter is available only when the Enable Encryption checkbox is selected.)

The filepath of the CA certificate.1

To update the certificate1. Click the Update button next to this text field. A file browser

dialog box opens.2. Browse to the certificate file, and click Open. The field displays

Pending. 3. Click Submit. If successful, the field displays Installed.

Enable Authentication (This parameter is available only when the Enable Encryption checkbox is selected.)

Specifies whether the certificate must be authenticated with a private key and a public key.1

Default: Disabled

Authentication Type (This parameter is available only when the Enable Encryption checkbox is selected.)

Values:1

• Certificate Validation (certvalid)—APSolute Vision checks with the syslog server that the certificate is valid.

• Name—APSolute Vision checks with the syslog server that the certificate is valid and includes the specified Permitted Peer in the certificate subject.

Permitted Peer (This parameter is available only when the Authentication Type is Name.)

The string that the certificate subject must include for authentication.1

Private Key (This parameter is available only when the Enable Authentication checkbox is selected.)

The filepath of the private key.1


dialog box opens. 2. Browse to the certificate file, and click Open. The field displays


Public Key (This parameter is available only when the Enable Authentication checkbox is selected.)

The filepath of the public key.1


dialog box opens. 2. Browse to the certificate file, and click Open. The field displays


The configured syslog servers.For more information, see Configuring Syslog Servers for Alerts from APSolute Vision, page 118.

1 – This parameter applies to all the configured servers (see Configuring Syslog Servers for Alerts from APSolute Vision, page 118).

Table 25: Alert Browser: Syslog Reporting Parameters (cont.)





Table 26: Alert Browser: Email Reporting Configuration Parameters

Parameter DescriptionThese settings determine how APSolute Vision forwards the events in the Alerts pane via e-mail to the defined recipients.

Enable Specifies whether APSolute Vision sends reports and logs via e-mail.Default: Disabled

Note: This parameter relates to reports and logs from the Alerts pane. This parameter is independent of the APSolute Vision Analytics settings.

SMTP Server Address The name or IP address of the SMTP e-mail server.This value of this parameter is shared with the SMTP Server Address parameter under General Settings > APSolute Vision Analytics Settings > Email Reporting Configuration.

Caution: If you change this value and click Submit, the SMTP Server Address under General Settings > APSolute Vision Analytics Settings > Email Reporting Configuration changes accordingly.

SMTP User Name The account name used to send e-mail notifications—for example, [email protected].

Note: This value of this parameter is not shared with the SMTP User Name parameter under General Settings > APSolute Vision Analytics Settings > Email Reporting Configuration.

Subject Header The text that appears in the Subject header of the e-mail.Default: Alert Notification Message.

From Header The text that appears in the From header of the e-mail. Default: APSolute Vision

Recipient Email Address The e-mail addresses of the intended recipients. When there are multiple e-mail addresses, use comma (,), or semi-colon (;) separators.

Email Sending Interval The interval, in seconds, between successive e-mail messages.Values: 30–3600Default: 30

Alerts per Email The maximum number of alerts to include in an e-mail message. When there are more than the maximum number of alerts, multiple e-mail messages are sent.Values: 1–60Default: 30

DevicesClick to select a subset of managed devices for which to send alerts. If no devices are specified, APSolute Vision forwards alerts from all the devices to the defined recipients.Move the required devices from the Available list to the Selected list.

Severity

Critical Specifies whether to include alerts of this severity in e-mail messages.

Major Specifies whether to include alerts of this severity in e-mail messages.




Minor Specifies whether to include alerts of this severity in e-mail messages.

Warning Specifies whether to include alerts of this severity in e-mail messages.

Information Specifies whether to include alerts of this severity in e-mail messages.

Module

Device Security Specifies whether to include alerts regarding this module in e-mail messages.

Device General Specifies whether to include alerts regarding this module in e-mail messages.

Vision General Specifies whether to include alerts regarding this module in e-mail messages.

Vision Configuration Specifies whether to include alerts regarding this module in e-mail messages.

Vision Control Specifies whether to include alerts regarding this module in e-mail messages.

Security Reporting Specifies whether to include alerts regarding this module in e-mail messages.

Trouble Ticket Specifies whether to include alerts regarding this module in e-mail messages.

Operator Toolbox Specifies whether to include alerts regarding this module in e-mail messages.

Table 27: Alert Browser: SNMP Reporting Configuration

Parameter DescriptionThe SNMP Reporting Configuration comprises the following:• A name• An Alert Profile (see Configuring SNMP Alert Rules, page 120)• An Alert Target (see Configuring SNMP Alert Targets, page 121)—that is, an SNMP listener• Specifying whether the rule is enabled

Table 28: Alert Browser: Alert Profiles

Parameter DescriptionThese settings determine which events in the in the Alerts table APSolute Vision forwards to the configured SNMP listeners (targets). For more information, see Managing Alert Profiles, page 122.

Table 26: Alert Browser: Email Reporting Configuration Parameters (cont.)





Configuring Syslog Servers for Alerts from APSolute VisionYou can configure up to ten syslog servers that receive alerts from APSolute Vision and selected managed devices.

To configure a syslog server that receive alerts from APSolute Vision


2. In the Syslog Reporting tab, do one of the following:

— To add an entry, click the (Add) button.— To edit an entry, double-click the row.


Table 29: Alert Browser: Display Parameter

Parameter DescriptionRefresh Interval The interval, in seconds, that APSolute Vision refreshes the Alerts

Table with the latest messages.Values: 5–300Default: 5

Table 30: Syslog Server Parameters

Parameter DescriptionEnable Server Specifies whether the server is enabled.

Default: Disabled

Report(This parameter is available only when the Enable Server checkbox is selected.)

Specifies whether APSolute Vision reports all messages received by the Alerts pane or only audit messages.Values: All Messages, Audit MessagesDefault: All Messages

Syslog Server Address(This parameter is available only when the Enable Server checkbox is selected.)

The IP address of the device running the syslog service.

L4 Destination Port(This parameter is available only when the Enable Server checkbox is selected.)

Values: 1–65,535Default: 514




Syslog Facility(This parameter is available only when the Enable Server checkbox is selected.)

The facility for all APSolute Vision syslog reporting. The list includes facilities as defined in RFC 3164.Values:• Local Use 0• Local Use 1• Local Use 2• Local Use 3• Local Use 4• Local Use 5• Local Use 6• Local Use 6• Local Use 7• Log Audit• User-Level MessagesDefault: Log Audit

Note: Change the default if the syslog server uses this facility for reports from another system.

DevicesClick to select a subset of managed devices for which to send alerts. If no devices are specified, APSolute Vision forwards alerts from all the devices to the syslog server.Move the required devices from the Available list to the Selected list.

SeverityBy default, all the checkboxes are selected.

Critical Specifies whether to include alerts of this severity in syslog messages.

Major Specifies whether to include alerts of this severity in syslog messages.

Minor Specifies whether to include alerts of this severity in syslog messages.

Warning Specifies whether to include alerts of this severity in syslog messages.

Information Specifies whether to include alerts of this severity in syslog messages.

ModuleBy default, all the checkboxes are selected.

Device Security Specifies whether to include alerts regarding this module in syslog messages.

Device General Specifies whether to include alerts regarding this module in syslog messages.

Vision General Specifies whether to include alerts regarding this module in syslog messages.

Vision Configuration Specifies whether to include alerts regarding this module in syslog messages.

Table 30: Syslog Server Parameters (cont.)





Managing the SNMP Reporting ConfigurationUse the SNMP Reporting Configuration tab to doing the following:• Configuring SNMP Alert Rules, page 120• Configuring SNMP Alert Targets, page 121

Configuring SNMP Alert RulesYou can configure APSolute Vision to send SNMP alerts (traps) to external NMS systems. NMS systems may be referred to as SNMP servers. In the context of the APSolute Vision alert configuration, an SNMP server is referred to as an SNMP Alert Target. The APSolute Vision server can contain multiple SNMP Alert Rules. The configuration of an SNMP Alert Rule includes one Alert Profile and one SNMP Alert Target. So, before you can configure a rule, there must be at least one Alert Profile and one SNMP Target. For more information, see Managing Alert Profiles, page 122 and Configuring SNMP Alert Targets, page 121.

To configure an SNMP Alert Rule


2. In the SNMP Reporting Configuration tab, do one of the following:



Vision Control Specifies whether to include alerts regarding this module in syslog messages.

Security Reporting Specifies whether to include alerts regarding this module in syslog messages.

Trouble Ticket Specifies whether to include alerts regarding this module in syslog messages.

Operator Toolbox Specifies whether to include alerts regarding this module in syslog messages.

Table 31: SNMP Alert Rule Parameters

Parameter DescriptionName The name of the Alert Rule.

Maximum characters: 32

Profile The Alert Profile of the Alert Rule. (See the procedure To configure an Alert Profile, page 122.)

Targets The SNMP Target of the Alert Rule. (See the procedure To configure an SNMP Alert Target, page 121.)

Enabled Specifies whether the Alert Rule is enabled.Default: Disabled

Table 30: Syslog Server Parameters (cont.)





Configuring SNMP Alert TargetsUse the SNMP Reporting Configuration tab to configure SNMP Alert Targets for alerts from APSolute Vision. An SNMP Alert Target, which is a parameter of an SNMP Alert Rule, (see Managing the SNMP Reporting Configuration, page 120) can determine the destination of each alert.

To configure an SNMP Alert Target


2. In the SNMP Reporting Configuration tab, at the top of the SNMP Alert Targets table, do one of the following:



Table 32: SNMP Alert Target Parameters

Parameter DescriptionName The name of the Alert Rule.


SNMP Server IP Address The IP address of the SNMP server.

Port The Layer 4 port on the SNMP server.Values: 1–65535Default: 162

SNMP Version The SNMP version that APSolute Vision uses for the connection.Values: SNMPv2c, SNMPv3Default: SNMPv3

SNMP Community(This parameter is displayed only when SNMP Version is SNMPv2c.)

The SNMP community name.

User Name(This parameter is displayed only when SNMP Version is SNMPv3.)

The username for the SNMP connection.Maximum characters: 32

Use Authentication(This parameter is displayed only when SNMP Version is SNMPv3.)

Specifies whether APSolute Vision authenticates the user for a successful connection.Values: Enabled, DisabledDefault: Disabled

Authentication Protocol(This parameter is available only when the Use Authentication value is Enabled.)

The protocol that APSolute Vision uses for authentication.Values: MD5, SHADefault: SHA




Managing Alert ProfilesYou can configure Alert Profiles for alerts from APSolute Vision. An Alert Profile, which is a parameter of an SNMP Alert Rule, (see Managing the SNMP Reporting Configuration, page 120) determines the content filtering of each alert.

To configure an Alert Profile


2. In the Alert Profiles tab, do one of the following:



Authentication Password(This parameter is available only when the Use Authentication value is Enabled.)

The password that APSolute Vision uses for authentication.

Caution: The password should be at least eight characters. vDirect requires that password be at least eight characters.

Confirm Authentication Password(This parameter is available only when the Use Authentication value is Enabled.)

The password that APSolute Vision uses for authentication.


Use Privacy(This parameter is displayed only when SNMP Version is SNMPv3.)

Specifies whether APSolute Vision encrypts SNMPv3 traffic for additional security.Default: Disabled

Privacy Protocol(This parameter is available only when and the Use Privacy checkbox is selected.)

The privacy protocol that APSolute Vision uses for the Privacy facility.Value: DES, AES128Default: DES

Privacy Password(This parameter is available only when the Use Privacy checkbox is selected.)

The password used for the Privacy facility.


Confirm Privacy Password(This parameter is available only when the Use Privacy checkbox is selected.)



Table 32: SNMP Alert Target Parameters (cont.)





Table 33: Alert Profiles Parameters

Parameter DescriptionName The name of the Alert Profile.


DevicesThe Available lists and the Selected lists of devices and Logical Groups (of devices of the appropriate type). The Available lists display the available devices and available Logical Groups. The Selected device list displays the managed devices for which to send alerts. The Selected Logical Group list displays the Logical Groups with the devices for which to send alerts.Select entries from the Available lists and the Selected lists of devices and Logical Groups (of devices). Use the arrows to move the entries to the other lists as required.If no devices are specified, APSolute Vision forwards alerts from all the devices to the SNMP targets (see Configuring SNMP Alert Targets, page 121).

Note: When a Logical Group is selected, the effective Selected device list dynamically updates—according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Selected device list changes accordingly. For more information, see Using Logical Groups of Devices, page 190.

SeverityBy default, all the checkboxes are selected.

Critical Specifies whether to include alerts of this severity in SNMP traps.

Major Specifies whether to include alerts of this severity in SNMP traps.

Minor Specifies whether to include alerts of this severity in SNMP traps.

Warning Specifies whether to include alerts of this severity in SNMP traps.

Information Specifies whether to include alerts of this severity in SNMP traps.

ModuleBy default, all the checkboxes are selected.

Device Security Specifies whether to include alerts regarding this module in SNMP traps.

Device General Specifies whether to include alerts regarding this module in SNMP traps.

Vision General Specifies whether to include alerts regarding this module in SNMP traps.

Vision Configuration Specifies whether to include alerts regarding this module in SNMP traps.

Vision Control Specifies whether to include alerts regarding this module in SNMP traps.

Security Reporting Specifies whether to include alerts regarding this module in SNMP traps.

Trouble Ticket Specifies whether to include alerts regarding this module in SNMP traps.

Operator Toolbox Specifies whether to include alerts regarding this module in SNMP traps.

Attack CategoryBy default, all the checkboxes are selected.

ACL Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Anti-Scanning Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Behavioral DoS Specifies whether to include alerts regarding this Attack Category in SNMP traps.

DoS Specifies whether to include alerts regarding this Attack Category in SNMP traps.




Selecting Parameters to Include in Security AlertsYou can limit the parameters that are included in security alerts. This option enables you to customize the alerts to provide the relevant information according to your administrative requirements.

To select parameters to include in security alerts

1. In the APSolute Vision Settings view System perspective, select General Settings > Alert Settings > Security Alerts.

2. Select the check box next to each parameter you want to include in the alerts.

You can choose any combination of the following parameters:— Policy Name— Attack Name— Source IP Address— Destination IP Address— Destination Port— ActionBy default, all the checkboxes are selected.

3. Click Submit.

Note: Changes to the settings take effect on alerts generated from the time of the change and onward.

HTTP Flood Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Intrusions Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Server Cracking Specifies whether to include alerts regarding this Attack Category in SNMP traps.

SYN Flood Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Anomalies Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Stateful ACL Specifies whether to include alerts regarding this Attack Category in SNMP traps.

DNS Flood Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Bandwidth Management Specifies whether to include alerts regarding this Attack Category in SNMP traps.

Table 33: Alert Profiles Parameters (cont.)





Managing APSolute Vision Analytics SettingsAPSolute Vision Analytics supports real-time and historical reporting in APSolute Vision. Managing APSolute Vision Analytics settings includes one sub-topic: Managing the Email Reporting Configuration for APSolute Vision Analytics, page 125.

Managing the Email Reporting Configuration for APSolute Vision AnalyticsUse the Email Reporting Configuration pane to configure the general, e-mail settings for the APSolute Vision Analytics.

Note: APSolute Vision Analytics in APSolute Vision version 4.0 supports APSolute Vision Analytics for DefensePro version-8.x devices and Alteon SSL Inspection Monitoring. For more information, see the APSolute Vision Analytics User Guide and Monitoring Outbound SSL Inspection, page 513, respectively.

To configure APSolute Vision Analytics Reporting Settings

1. In the APSolute Vision Settings view System perspective, select General Settings > APSolute Vision Analytics Settings > Email Reporting Configuration.


Table 34: Email Reporting Configuration Parameters

Parameter DescriptionEnable Specifies whether APSolute Vision sends reports via e-mail.

Default: Disabled

Note: This parameter relates to APSolute Vision Analytics reports only. This parameter is independent of the reports from the Alerts pane.

SMTP Server Address The name or IP address of the SMTP e-mail server.This value of this parameter is shared with the SMTP Server Address parameter under General Settings > Alert Settings > Alert Browser > Email Reporting Configuration.

Caution: If you change this value and click Submit, the SMTP Server Address under General Settings > Alert Settings > Alert Browser > Email Reporting Configuration changes accordingly.

SMTP User Name The account name used to send e-mail notifications—for example, [email protected].

Note: This value of this parameter is not shared with the SMTP User Name parameter under General Settings > Alert Settings > Alert Browser > Email Reporting Configuration.

Password The password of the SMTP e-mail server.

Confirm Password The password of the SMTP e-mail server.




Configuring Monitoring SettingsAPSolute Vision can perform online monitoring of all the managed Radware devices. It also collects information for online security reports for DefensePro. You can configure general global settings about how APSolute Vision obtains data for online monitoring and reports.

To configure APSolute Vision monitoring parameters

1. In the APSolute Vision Settings view System perspective, select General Settings > Monitoring.


Table 35: Monitoring Parameters

Parameter DescriptionThese settings configure APSolute Vision online monitoring for all managed devices.

Polling Interval for On-line Monitoring

The interval, in seconds, between data collections for online monitoring of a managed device. A shorter interval provides more up-to-date data, but uses more network and device resources.Values: 15–3600Default: 15

Polling Interval for Device Status

The number of seconds between polls of a device to determine the up or down status of the device and its elements.Values: 10–3600Default: 15

Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for a response of a device-status poll before considering a device to be down.Default: 300

Note: If the network has latency longer than the Timeout for Device Status Poll, devices will appear up and down or always down, and therefore unmanageable. If you encounter such behavior, increase the value accordingly.

ReportsThis setting configures APSolute Vision monitoring for real-time reports for DefensePro.

Polling Interval for Reports The time, in seconds, between data collections for reports. A smaller interval provides more up-to-date information at the expense of network resources.Values: 15–3600Default: 15




Configuring APSolute Vision Server Alarm ThresholdsYou can configure the following server-alarm thresholds for specific alarms:• Two threshold values for rising alarms to issue warning and error alerts respectively—

The rising server-alarm threshold value must always be lower than the rising error threshold. When the parameter value exceeds the rising server-alarm threshold value but is less than the error threshold value, a warning alert is issued. When the parameter value exceeds the rising error threshold, an error alert is issued.

• Two threshold values for falling alarms to clear warning and error alerts respectively—The falling alarm values must be less than their respective rising alarm values.

Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines threshold limits based on a moving average calculation.

To configure APSolute Vision server-alarm thresholds

1. In the APSolute Vision Settings view System perspective, select General Settings > Server Alarm.

2. To edit the thresholds for a specific parameter, double-click the parameter name.


Table 36: Server-Alarm Threshold Parameters

Parameter DescriptionParameter (Read-only) The parameter name.

Enabled Specifies whether the threshold parameter is used for the corresponding alarm. Default: Enabled

RisingConfigure rising alarms to issue warning and error alerts respectively.

Warning The rising threshold value must always be lower than the rising error threshold. When the parameter value exceeds the rising threshold value but is less than the error threshold value, a warning alert is issued.

Error The rising error threshold value must always be greater than the rising threshold value. When the parameter value exceeds the rising error threshold, an error alert is issued.

FallingConfigure falling alarms to clear warning and error alerts respectively.

Warning The falling warning alarm value must be less than the rising warning alarm value.

Error The falling error alarm value must be less than the rising error alarm value.




Configuring Connections to Authentication ServersBesides the Local Users table (see Configuring Local Users for APSolute Vision, page 82), APSolute Vision users can be authenticated through LDAP, RADIUS, or TACACS+.This section contains the following topics:• Configuring RADIUS Server Connections, page 128• Configuring TACACS+ Server Connections, page 132• Configuring LDAP Server Connections, page 138

Configuring RADIUS Server ConnectionsAPSolute Vision can authenticate users using its role-based access control (RBAC) through a Remote Authentication Dial In User Service (RADIUS) server connection.

Caution: Users defined through a RADIUS server with the Administrator, User Administrator, or Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).

Caution: If the name of an APSolute Vision site or device changes and a RADIUS server authenticates users, the user scopes on the RADIUS server must be reconfigured manually.

Caution: When users defined through a RADIUS server must access DefensePro devices, those passwords must not exceed 15 characters. Using RADIUS, when a password exceeds 15 characters, APSolute Vision cannot log in to DefensePro devices over HTTP, HTTPS, or SSH.


Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access Control (RBAC), page 68.

Authentication Process with RADIUSIf the APSolute Vision server is configured to use RADIUS for authentication, the user-authentication process is as follows:

1. The user connects to APSolute Vision WBM, and enters the username and password given by the RADIUS administrator.

2. The APSolute Vision server sends the authentication request to the specified port of the RADIUS server.

3. If the RADIUS server recognizes and authorizes the APSolute Vision server, the RADIUS server processes the request for the user and password.

Note: If a RADIUS server does not recognize a request source (in this case, the APSolute Vision server), the RADIUS server ignores the request.




4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept message with the username and its associated IDM-string–scope combination to the APSolute Vision server. The Access-Accept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy attribute (for more information, see Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the following:, page 129). If the RADIUS server does not authenticate the user, the RADIUS server sends an Access-Reject message.

Note: The identity-management (IDM) string defines the role of user. For more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68.

5. If the user is authenticated, the APSolute Vision server grants access according to the user’s IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.

Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the following:• The RADIUS server must use the port specified on the APSolute Vision server.• The RADIUS server must authorize the APSolute Vision server.• The RADIUS server must use the authentication type (for example, PAP) that is specified in the

APSolute Vision server.• Your RADIUS server and/or RADIUS Authentication system and your dictionary file must include

the following: — Attribute ID 26—To specify a Vendor-Specific Attribute (VSA).

— Vendor ID 89—To specify Radware (as assigned by Internet Assigned Numbers Authority, IANA). Vendor ID 89 will need to be configured on the RADIUS server.

— Vendor Attribute ID 100—To specify the Radware-Role attribute. The RADIUS server can use this attribute to return the IDM-string–scope combination to the APSolute Vision serer.

— Vendor Attribute ID 101—To specify the Radware-Policy attribute. The Radware-Policy attribute is used to limit what DefensePro security data the user sees in the Security Monitoring perspective and APSolute Vision Reporter according to specified DefensePro Network Protection policies.

• The RADIUS server Access-Accept response must include an IDM-string–scope combination, for the Radware-Role attribute, in the following format:

<IDM string>:<Scope>

where:

— <IDM string> is the identity-management (IDM) string, which defines the role of user. For more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68. The list of the available RADIUS attribute IDs and corresponding attribute names is available at http://www.iana.org/assignments/radius-types/radius-types.xhtml.

— <Scope> is the scope of the user. The scope [ALL] (including the square brackets) specifies all sites and managed devices. You define a limited scope using one or more rows specifying a site or managed-device name.

Examples:

ADMINISTRATOR:[ALL]ADC_OPERATOR:MyADCSiteADC_OPERATOR:MyADCSiteADC_OPERATOR:MyDevice1ADC_OPERATOR:MyDevice2

Caution: Users defined through a RADIUS server with the Administrator, User Administrator, or Vision Administrator roles role must be configured with the scope [ALL] (including the square brackets).

http://www.iana.org/assignments/radius-types/radius-types.xhtml




• If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy attribute, in the following format:

<SecurityMonitoringScope>:<ProtectionPolicyName>

where:

— <SecurityMonitoringScope> is the scope of the user in the context of DefensePro security monitoring. The scope [ALL] (including the square brackets) specifies all supported DefensePro devices under the corresponding role. If the value for SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be [ALL]. You define a limited scope using one or more rows specifying an IP address of a supported DefensePro device.

— <ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value [ALL] (including the square brackets) specifies all Network Protection policies for the corresponding SecurityMonitoringScope. You define Network Protection policies for the SecurityMonitoringScope using one or more rows.

Examples:

— [ALL]:[ALL]—The user has security-monitoring access to all the supported DefensePro devices for the corresponding scope and all the associated Network Protection policies.

— 10.202.199.36:[ALL]—The user has security-monitoring access to all the Network Protection Policies for the DefensePro device with the IP address 10.202.199.36.

— 10.202.199.36:MyNetProtPolicy—The user has security-monitoring access to data related to the Network Protection Policy named MyNetProtPolicy that is configured in the DefensePro device with the IP address 10.202.199.36.

— 10.202.199.36:MyNetProtPolicy110.202.199.36:MyNetProtPolicy210.202.199.36:MyNetProtPolicy3—The user has security-monitoring access to data related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured in the DefensePro device with the IP address 10.202.199.36.

Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for <ProtectionPolicy> must be [ALL].

Configuring the RADIUS Server ConnectionsUse the following procedure to configure your RADIUS server connections.

To configure a RADIUS-server connection

1. In the APSolute Vision Settings view System perspective, select General Settings > Authentication Protocols > RADIUS Settings.


Table 37: RADIUS Settings

Parameter DescriptionPrimary RADIUS Configuration Parameters

IP Address The IP address of the primary RADIUS server for authentication.




Port The Layer 4 port on the primary RADIUS server.Values: 1812, 1645Default: 1812

Shared Secret The RADIUS shared secret used for communication between the primary RADIUS server and APSolute Vision. Maximum characters: 64

Verify Shared Secret The RADIUS shared secret used for communication between the primary RADIUS server and APSolute Vision. Maximum characters: 64

Secondary RADIUS Configuration Parameters

IP The IP address of the secondary RADIUS server for authentication.

Authenticate Port The Layer 4 port on the secondary RADIUS server.Values: 1812, 1645Default: 1812

Shared Secret The shared secret used for communication between the secondary RADIUS server and APSolute Vision. Maximum characters: 64

Verify Shared Secret The shared secret used for communication between the secondary RADIUS server and APSolute Vision.Maximum characters: 64

Shared RADIUS Configuration Parameters

Timeout The time, in seconds, between retransmissions to the RADIUS servers.Values: 1–100Default: 5

Note: If connectivity is too slow, increase the value.

Retries The number of authentication retries before a second RADIUS server (if configured) is contacted.Values: 1–10Default: 3

Note: If connectivity is too slow, increase the value.

Attribute ID The RADIUS attribute used in the RADIUS profile.Values: 1–255Default: 26—that is, Vendor Specific Attribute

Vendor ID(This parameter is displayed only if the specified Attribute ID is 26.)

The vendor ID for the vendor-specific attribute (VSAs).Default: 89—Specifies Radware (as assigned by IANA)

Table 37: RADIUS Settings (cont.)





Configuring TACACS+ Server ConnectionsAPSolute Vision can authenticate users using its role-based access control (RBAC) through a Terminal Access Controller Access-Control System Plus (TACACS+) server connection.

Caution: Users defined through a TACACS+ server with the Administrator, User Administrator, or Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).

Caution: If the name of an APSolute Vision site or device changes and a TACACS+ server authenticates users, the user scopes on the TACACS+ server must be reconfigured manually.



Authentication Process with TACACS+If the APSolute Vision server is configured to use TACACS+ for authentication, the user-authentication process is as follows:

1. The user connects to APSolute Vision WBM, and enters the username and password given by the TACACS+ administrator.

2. The APSolute Vision server sends the authentication request to the specified port of the TACACS+ server.

Vendor Attribute ID(This parameter is displayed only if the specified Attribute ID is 26.)

The vendor-specific-attribute ID to hold the <IDM string>:<Scope> values.Default: 100—Specifies the Radware Radware-Role.

Note: Names of vendor-specific attributes are decided on by the vendor.

Authentication Type The method of authentication to be used.Values: • PAP• CHAP• EAP-MD5• EAP-MSCHAP v1• MSCHAP v1• MSCHAP v2Default: PAP

Table 37: RADIUS Settings (cont.)





3. If the TACACS+ server recognizes and authorizes the APSolute Vision server, the TACACS+ server processes the request for the user and password.

Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute Vision server), the TACACS+ server ignores the request.

4. If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept message with the username and its associated IDM-string–scope combination to the APSolute Vision server. The Access-Accept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy attribute (for more information, see TACACS+ Server Requirements, page 133). If the TACACS+ server does not authenticate the user, the TACACS+ server sends an Access-Reject message.

Note: The identity-management (IDM) string defines the role of user. For more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68.

5. If the user is authenticated, the APSolute Vision server grants access according to the user’s IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.

TACACS+ Server RequirementsThe TACACS+ implementation in APSolute Vision supports standard ASCII inbound login to the device. PAP, CHAP, ARAP, and MSCHAP login methods are not supported. TACACS+ change password requests are not supported. One-time password authentication is not supported. APSolute Vision performs encryption of body packets by concatenating a series of MD-5 hashes. Setting the TAC_PLUS_UNENCRYPTED_FLAG, which allows the exchange of clear text TACACS+ packets, is not allowed. Each TACACS+ server (primary and secondary) for APSolute Vision user authentication requires the following:• The TACACS+ server must use the port specified on the APSolute Vision server.• The TACACS+ server must authorize the APSolute Vision server.• The TACACS+ server configuration file must use the following structure, which is also case-

sensitive:

user = <user> {

login = <login>

member = <user group>

}

group = <user group>{

service = <service> {

radware-role = <IDM string>:<Scope>

radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>

priv-lvl = <privilege level>

}

}




where:

— <user> is the user’s name.

— <login> is the login type and the user’s password. The login type can be cleartext, where the user’s password is exposed in the configuration file, or may use encryption such as des. If the password includes a space, the password must be enclosed in quotation marks (").

Examples:

• cleartext mypassword

• cleartext "my password"

• des l5c2fHiF21uZ6

— <user group> is the group of which the user is a member.

— <service> is the Service Name configured for the TACACS+ connection in APSolute Vision.

— <IDM string> is the identity-management (IDM) string, which defines the role of user. For more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68.

— <Scope> is the scope of the user. The scope [ALL] (including the square brackets) specifies all sites and managed devices. You define a limited scope using one or more entries specifying a site or managed-device name—delimited by plus signs (+).

Caution: Users defined through a TACACS+ server with the Administrator, User Administrator, or Vision Administrator role must be configured with the scope [ALL] (including the square brackets).

— The radware-policy row defines DefensePro security monitoring.

The radware-policy row is optional if the managed device does not support DefensePro security monitoring.

— <SecurityMonitoringScope> is the scope of the user in the context of DefensePro security monitoring. The scope [ALL] (including the square brackets) specifies all supported DefensePro devices under the corresponding role. If the value for SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be [ALL]. You define a limited scope using one or more entries specifying a DefensePro-device name or APSolute Vision site name—delimited by plus signs (+).

and

— <ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value [ALL] (including the square brackets) specifies all Network Protection policies for the corresponding SecurityMonitoringScope. You define Network Protection policies for the SecurityMonitoringScope using one or more entries—delimited by plus signs (+).

Examples:

• [ALL]:[ALL]—The user has security-monitoring access to all the supported DefensePro devices for the corresponding scope and all the associated Network Protection policies.

• dp1:[ALL]—The user has security-monitoring access to all the Network Protection policies for the DefensePro device named dp1.

• dp2:Syn_ACK_V21_Policy—The user has security-monitoring access to data related to the Network Protection Policy named Syn_ACK_V21_Policy that is configured in the DefensePro device named dp2.

• dp3:MyNetProtPolicy1+dp3:MyNetProtPolicy2+dp3:MyNetProtPolicy3—The user has security-monitoring access to data related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured in the DefensePro device named dp3.




Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for <ProtectionPolicy> must be [ALL].

— <privilege level> is the Minimal Required Privilege Level configured for the TACACS+ connection in APSolute Vision. TACACS+ indicates the privilege level at which the user is authenticating.

Note: Privilege levels are ordered values from 0 to 15 with each level representing a privilege level that is a superset of the next lower value. If a NAS client uses a different privilege level scheme, mapping must be provided.

The predefined values are as follows:

— TAC_PLUS_PRIV_LVL_MAX := 0x0f

— TAC_PLUS_PRIV_LVL_ROOT := 0x0f

— TAC_PLUS_PRIV_LVL_USER := 0x01

— TAC_PLUS_PRIV_LVL_MIN := 0x00

Example The following is an example of a TACACS+ configuration file.The file includes definitions of the user testuser who belongs to the group testgroup.

dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.

The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.

RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.

user = testuser {

login = cleartext "radware"

member = testgroup

}

group = testgroup {

service = connection {

radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4

radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]

priv-lvl = 2

}

}




Configuring the TACACS+ Server ConnectionsUse the following procedure to configure your TACACS+ server connections.

To configure a TACACS+ server connection

1. In the APSolute Vision Settings view System perspective, select General Settings > Authentication Protocols > TACACS+ Settings.


Table 38: TACACS+ Settings

Parameter DescriptionPrimary TACACS+ Configuration Parameters

IP Address The IP address of the primary TACACS+ server for authentication.

Port The Layer 4 port on the primary TACACS+ server.Values: 49 Default: 49

Shared Secret The TACACS+ shared secret used for communication between the primary TACACS+ server and APSolute Vision. The value can contain special characters. Maximum characters: 255

Confirm Shared Secret The TACACS+ shared secret used for communication between the primary TACACS+ server and APSolute Vision. The value can contain special characters.Maximum characters: 255

Secondary TACACS+ Configuration Parameters

IP Address The IP address of the secondary TACACS+ server for authentication.

Port The Layer 4 port on the secondary TACACS+ server.Values: 49Default: 49

Shared Secret The shared secret used for communication between the secondary TACACS+ server and APSolute Vision. The value can contain special characters. Maximum characters: 255

Confirm Shared Secret The shared secret used for communication between the secondary TACACS+ server and APSolute Vision. The value can contain special characters. Maximum characters: 255




Configuring LDAP Server ConnectionsAPSolute Vision can authenticate users using its role-based access control (RBAC) through a Lightweight Directory Access Protocol (LDAP) server connection. APSolute Vision is tested to work with Microsoft Active Directory; APSolute Vision is not tested with other LDAP implementations.

Caution: Users defined through a LDAP server with the Administrator, User Administrator, or Vision Administrator roles must be configured with the scope [ALL].



Authentication with LDAPIf the APSolute Vision server is configured to use LDAP for authentication, the user-authentication process is as follows:

1. The user connects to APSolute Vision WBM, and enters the username and password given by the LDAP administrator.

2. The APSolute Vision server sends the authentication request (that is, the bind request) to the LDAP server (see Configuring LDAP Server Connections, page 138).

Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in the bind request includes the FQDN (that is, <username>@<FQDN>).

3. If the authentication with the LDAP server fails, the user receives an appropriate message.

Shared TACACS+ Configuration Parameters

Minimal Required Privilege Level

The minimum TACACS+ privilege level specified for a user that will allow access to APSolute Vision. A user can successfully be authorized by the TACACS+ server but have a privilege level that is too low to access APSolute Vision. 0 (zero) is the lowest privilege level, meaning: all users can access APSolute Vision. 15 is the highest level. For example, if the Minimal Required Privilege Level is defined as 1, all users with access level of 1 or higher can access APSolute Vision; and users with level 0 (zero) will not have access to APSolute Vision.Values: 0–15Default: 0

Service Name The name of the service as defined in the TACACS+ server configuration file.

Table 38: TACACS+ Settings (cont.)





4. If the authentication with the LDAP server succeeds:

a. APSolute Vision sends a search request to the LDAP server for the user whose sAMAccountName value matches the login name, using a specified distinguished name as the root for the search.

b. If the LDAP server finds the requested user, APSolute Vision gives permissions to the authenticated user according to the matching LDAP object-class–permission entry that is configured on the APSolute Vision server (see Managing LDAP Object Class Permissions, page 89).Note: If the LDAP server does not find the requested user, APSolute Vision displays an appropriate message and does not grant the user access.

Radware recommends the following for each LDAP server (primary and secondary) for APSolute Vision user authentication:• Specify the Fully Qualified Domain Name (FQDN) parameter.

Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in the bind request includes the FQDN (that is, <username>@<FQDN>).

• For optimal login time, configure distinguished names using the most specific values that you can.

Configuring LDAP Server ConnectionsUse the following procedure to configure your LDAP server connections.

To configure a LDAP-server connection

1. In the APSolute Vision Settings view System perspective, select General Settings > Authentication Protocols > LDAP Settings.


Table 39: LDAP Settings

Parameter DescriptionGeneral LDAP Settings

Warning The rising threshold value must always be lower than the rising error threshold. When the parameter value exceeds the rising threshold value but is less than the error threshold value, a warning alert is issued.

Fully Qualified Domain Name The Fully Qualified Domain Name of the LDAP server.

Primary LDAP Configuration Parameters

IP Address / Host The IP address of the primary LDAP server for authentication.

Port The Layer 4 port on the primary LDAP server.Values: 1–65535Default: 636

Note: If the Encrypted checkbox is not selected, the (port) value is typically 389.

Encrypted Specifies whether authentication communication between APSolute Vision and the primary LDAP server is encrypted using SSL.Default: Enabled




Managing Device DriversA device driver in APSolute Vision defines the GUI and configuration of the software version of a managed device. The software version of a managed device defines the baseline driver version. There may be multiple device-driver versions for a single software version of a device, but there can be only one device-driver version in use on any single APSolute Vision server. That is, each device driver applies to all devices in the system that use the same device-software version. Typically, subsequent versions of device drivers include only fixes for GUI and configuration bugs. You can install a newer version of the device driver, and you can revert to the baseline version.When you upgrade device software, you need to reboot the device. However, when you install a new version of a device driver or revert to the baseline version, you do not need to reboot the device.

Secondary LDAP Configuration Parameter

IP Address / Host The IP address of the secondary LDAP server for authentication.

Authenticate Port The Layer 4 port on the secondary LDAP server.Values: 1–65535Default: 636

Note: If the Encrypted checkbox is not selected, the (port) value is typically 389.

Encrypted Specifies whether authentication communication between APSolute Vision and the secondary LDAP server is encrypted using SSL.Default: Enabled

Distinguished Names for SearchesThe list of each distinguished name (DN) on the LDAP server that may include the APSolute Vision user accounts.To add a name to the list

1. Click the (Add) button.2. In the Name box, type the DN.3. Click Submit. To edit a name in the list1. Double-click the entry.2. In the Name box, type the DN.3. Click Submit. To delete a name from the list1. Select the entry.

2. Click the (Delete) button and confirm your action.

Table 39: LDAP Settings (cont.)





Caution: Device drivers do not include changes to the online help. Depending on the configuration of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute Vision server (the default option) or radware.com. The online-help files at radware.com are always the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute Vision clients get online help from the APSolute Vision server, after updating a device driver, the online-help files on the server should be updated. It is the responsibility of the APSolute Vision administrator to make sure that the help files on the server are updated as necessary. For more information, see Appendix A - Managing the Online-Help Package on the Server, page 669.

Note: The device driver includes the minimum APSolute Vision version.When an APSolute Vision server detects that a new device has been installed or that a new device software version has been installed on an existing device, the server retrieves the driver version from the device. The server checks whether it already has a driver version that corresponds to the device software version, and uses the newest device driver. If the driver version on the device is newer than the device version on the server, the server downloads the new driver from the device, but does not apply it. The table in the Device Drivers node (in the APSolute Vision Settings view System perspective) displays the device-version row shaded gray. If the device driver is incompatible or not found, APSolute Vision behaves as follows:• Issues an appropriate error message, but displays the device in the tree of the device pane with

a special icon (?) on top of it.• When you click the device in the tree, no screen is displayed, but the following information is

displayed in the device-properties pane: Device Name (from Vision), Device Type (if known), Status: Unsupported, and Software Version: <SW_version>

The device-properties pane includes the name of the device driver.You can do the following:• Update the drivers of the devices of a particular software version. • Update all the device drivers that are not updated in the APSolute Vision server.• Revert the driver to the baseline driver version.

If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or not. If you change the driver version when a device is locked by other users, you may lose the changes for those users.

Table 40: Driver Parameters

Column DescriptionProduct Name The device type.

Values: • Alteon• AppWall• DefensePro• LinkProof NG

Product Version The device software version.

Instances The number of devices that use the same device software version.

Driver Baseline The baseline version of the driver used for this device software version.




To update a device driver

1. In the APSolute Vision Settings view System perspective, select General Settings > Device Drivers.

2. Select the row with the relevant device and device version.

3. Click the (Update Device Driver) button.

4. Click Browse, navigate to the driver, and click Open.

5. Click Update. APSolute Vision verifies that the device driver version is relevant for the device software.

6. Read the confirmation message, and then, accept or abort the action.

The version of the driver that you install cannot be the same version or an older version of the driver baseline version. If the driver version that you install is newer than the baseline version but older than the driver version in use, APSolute Vision prompts you for confirmation to change the current driver. If the driver version that you install is newer than the baseline version and newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade the current driver.

To apply a driver version to a specific device when there is a newer version in the server



3. Select the (Update to Latest Driver) button.

To revert to baseline driver version that resides on the APSolute Vision server



3. Select (Revert to Baseline Driver) button.

Note: This option is displayed only when the driver version in use is different from the baseline driver release.

Driver in Use The driver version in use for this device software version.

Latest Driver The latest driver version for this device software version that is stored in the APSolute Vision server.

Supported Languages The languages that the device driver supports.

Table 40: Driver Parameters (cont.)

Column Description




To update all the device drivers to the latest ones that are stored in the APSolute Vision server


2. Click the (Update All Drivers to Latest) button.

Note: This command is available only when the APSolute Vision server has device driver version that is later than one of the device drivers in use.

The following procedure is for troubleshooting a situation such as the following: • A driver for the device you want to add to the APSolute Vision configuration does not exist in the

APSolute Vision server or does not exist as part of the device software.• The driver for the device you want to add to the APSolute Vision configuration is corrupt in the

APSolute Vision server.• The driver for the device you want to add to the APSolute Vision configuration does not exist in

the APSolute Vision server and is corrupt in device software.

Note: The APSolute Vision CLI includes a command for troubleshooting problems related to device drivers. For more information, see system database maintenance driver_table delete, page 625.

To load a driver for a software version that does not exist in the Device Drivers table (that is, APSolute Vision has never managed a device using this software version)


2. Click the (Upload Device Driver) button.

3. Click Browse, navigate to the driver, and click Open.

4. Click Upload. The action loads a driver into the APSolute Vision server. The driver version is displayed in the Device Driver table, in the Latest Driver column, if there is a managed device of the corresponding software version. The driver is available when you add a new device to the APSolute Vision configuration.




Configuring APSolute Vision Reporter ParametersYou can view historical security reports in the APSolute Vision Reporter (AVR).The AVR client supports only a single timezone, which is the timezone configured on the APSolute Vision server.

Notes

• To open AVR, click > in the APSolute Vision toolbar.

• AVR does not support Alteon or LinkProof NG.

To configure APSolute Vision Reporter settings

1. In the APSolute Vision Settings view System perspective, select General Settings > APSolute Vision Reporter.


Managing APSolute Vision Licenses and Viewing Capacity UtilizationUse the License Management pane for doing the following:• Managing Licenses for APSolute Vision, page 144• Viewing Details of the RTU Licenses, page 146• Viewing Details on the Current Utilization of the APSolute Vision Server, page 146

To open the License Management pane

> In the APSolute Vision Settings view System perspective, select General Settings > License Management.

Table 41: APSolute Vision Reporter Parameters

Parameter DescriptionAttack Polling Interval (Read-only) The interval for polling security attack data, which is 5

minutes.

Data Retention Interval The time, in months, that APSolute Vision retains AVR data.Values: • 1–48• UnlimitedDefault: 12

Note: After upgrade from an APSolute Vision version prior to 2.30, the value is Unlimited. You can modify this value if you require.

Upload Logo(button)

You can upload a logo to display on reports. Click the button and enter the name of the file to upload.




Note: For your convenience, the License Management pane includes a link to the Device Subscriptions pane (see Viewing Device Subscriptions, page 158).

Managing Licenses for APSolute VisionIn addition to the existing perpetual licenses, APSolute Vision accepts and enforces time-based right-to-use (RTU) licenses and time-based licenses for various features, such as AVR, APM, and DPM. APSolute Vision denies access to a feature if the license is not installed or the license has expired.When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL (ODS-VL) platform, licenses for APSolute Vision are generated based on the MAC address of the APSolute Vision port G1 or G2. APSolute Vision displays the MAC address of port G1 in the License Management pane above the License table.When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, licenses for APSolute Vision are generated based on the MAC address of the APSolute Vision port G3 or G5. APSolute Vision displays the MAC address of port G3 in the License Management pane above the License table.APSolute Vision has capacity limitations and limitations based on the RTU license. The total number of licenses is called the RTU license pool. The RTU license pool determines the maximum number of supported physical and virtual devices that the APSolute Vision server can manage.When a system is in violation of the RTU license:• APSolute Vision allows you to manage only the number of devices corresponding to the RTU

license pool. • The RTU License status of the devices that are not covered by the RTU license pool is Invalid.• APSolute Vision randomly selects which managed devices have the Invalid status. • You cannot configure devices whose RTU License status is Invalid. In this context, configure

includes: Scheduler tasks, Operator Toolbox scripts, multi-device configuration, and multi-device configuration with Logical Groups.

Notes

• When you install a new license over a license (of the same type) that has already expired, the new license automatically overwrites the expired one. APSolute Vision enforces licenses according to the start date to the expiration date. You can replace an existing valid license with a new license if the starting day is before the installation date.

• If you try to install a new license over a valid active license, and the starting date of the new license is after the day of installation, APSolute Vision does not allow the action and displays an appropriate message.

• If there is no active license and you try to install a license with a future start date, APSolute Vision allows the action but displays an appropriate message.

• When removing a device from APSolute Vision that is covered by the RTU license pool, the license portion returns to the pool. If there are managed devices that are not covered by the pool, APSolute Vision randomly selects one of those devices, and allocates the license portion to that device.

APSolute Vision starts generating license-expiration alerts 90 days before the expiration date.




When APSolute Vision generates an license-expiration alert:• The APSolute Vision toolbar displays the License Alert button. The button displays only to users

with the Administrator or Vision Administrator roles. If a license expires within 90 days up to 30 days, the button background is blue. If a license expires within 29 days up to one day, the button background is amber. The last day before the license expires and after the license is expired, the button background is red. When there are multiple license alerts, the button displays the lowest number of remaining days. Hovering on the button opens a tooltip with additional information. When there are multiple alerts, the bell shows the number of alerts. Clicking the License Alert button opens the License Management pane.

Figure 31: License Alert Button and Tooltip

• A pop-up notification is displayed to users with the Administrator or Vision Administrator roles.• The alert is displayed in the Alerts Table.• The alert is included in the technical-support (tech-support) package. For information on tech-

support packages, see System Backup Technical-Support Commands, page 616.

Caution: After upgrading from APSolute Vision versions earlier than 3.80, if there is an RTU-license alert, there will be a grace period of 30 days. This grace period is intended to grant you time to contact Radware Technical Support and purchase additional RTU licenses, as required. After the grace period, APSolute Vision will support only the number of devices covered by the RTU license pool.

To add a license for APSolute Vision

1. In the APSolute Vision Settings view System perspective, select General Settings > License Management.

2. In the License table, click the (Add) button.

3. In the License String text box, enter the license string.

4. Click Submit.

Use the Licenses table to view information on the installed licenses. If a license is expired or is soon to expire, the text in the corresponding row is red. If a license is going to be active in the future, text in the row is blue. When you click on a license in the License Management table, the View License tab opens. If the license is expired or about to expire, the View License tab includes a link to the Radware portal, which provides purchasing options.

Table 42: License Table Parameters

Parameter DescriptionItem The license type.

License String The license string that Radware supplied.




Viewing Details of the RTU LicensesUse the RTU Licenses table to help determine whether you exceed scale/capacity specifications and whether you need to purchase additional RTU licenses.

Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the relevant APSolute Vision version.

Viewing Details on the Current Utilization of the APSolute Vision ServerThe Current Utilization table displays various Item parameters and the number of each item.

Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the relevant APSolute Vision version.

Expiration Date The date that the license expires.

Note: The date format is according to the configuration of the APSolute Vision server (see Configuring APSolute Vision Display Parameters, page 153).

Days to Expiration The number of days before the license expires.

Activation Date The date that the license was activated.

Note: The date format is according to the configuration of the APSolute Vision server (see Configuring APSolute Vision Display Parameters, page 153).

Table 43: RTU Licenses Table Parameters

Parameter DescriptionType Values:

• Managed Physical Devices—The number of physical devices (of any supported device type) that the APSolute Vision is managing. DefenseFlow is not counted.

• Managed Virtual Devices—The number of virtual devices (of any supported device type) that the APSolute Vision is managing. DefenseFlow is not counted.

Number of Devices The number of devices of the specific type that APSolute Vision is managing.

Devices with No License The number of devices of the specific type that have no RTU license.

Allocated Licenses The number of devices of the specific type from the license pool that are allocated (used).

License Pool The total number of licenses in the pool.

Table 42: License Table Parameters (cont.)





Managing APM in APSolute VisionApplication Performance Monitoring (APM) monitors traffic through Alteon and LinkProof NG devices. APM can continuously monitor all transactions and provide visibility into the true end-user experience in the data center, network, or online application.The APM server is part of the APSolute Vision server with APM server VA offering. One APM server per APSolute Vision server supports the APM functionality. The APM server is an OVA installation in a VMware vSphere environment. You specify the connection details of the APM server in the APSolute Vision Settings view System perspective, under General Settings > APM Settings.From the APM Settings node, you can view information related to the virtual services of the managed devices that have APM enabled. There, you can also directly access the service in APM Web interface.

Notes

• The term “APM server” may also be referred to as “SharePath server”.

• APM requires a proper license, which you can manage in the License Management tab (APSolute Vision Settings view System perspective, General Settings > License Management).

• For information on the installation of the APM server, see the APSolute Vision Installation and Maintenance Guide.

• For information on how to configure Alteon or LinkProof NG with APM, see the sections “Configuring the Application Performance Monitoring (APM) Server in Alteon” and “Managing Virtual Services Settings” in the online help.

• For information on using APM, see the Application Performance Monitoring User Guide.

• For information on how to use the APM Web interface, click the (Help) button in the APM Web interface.

Table 44: Current Utilization Table Parameters

Parameter DescriptionItem Values:

• Managed DefensePro Devices—The number of DefensePro devices of any deployment type (virtual or physical appliance) that the APSolute Vision is managing.

• Unavailable Devices—The number of devices that the APSolute Vision is managing whose status is not Up. That is, devices whose status is Down, Maintenance, Unknown, and so on.

• Total Enabled DefensePro Policies—The sum of enabled Network Protection policies and Server Protection policies on the DefensePro devices that the APSolute Vision is managing.

• Total Profiles Assigned to Enabled Policies—The number of profiles in both the Network Protection policies and Server Protection policies on the DefensePro devices that the APSolute Vision is managing. If a profile is associated with multiple policies, it is counted multiple times.

Quantity The number of the specific item.




To open the APM Web interface

> Do one of the following:

— In the APSolute Vision toolbar, click > .— Do the following:

a. In the APSolute Vision Settings view System perspective, select General Settings > APM Settings.

b. In the table, in the APM Server column, click the hyperlink.

Considerations and Constraints Using APM with Alteon Version 29.5The following lists describes the considerations and constraints using APM with Alteon version 29.5: • The Alteon must be managed by the same APSolute Vision that hosts the APM server.• If the instance of the APM server is replaced without restoring the previous database, the

system administrator must reapply the APM configuration on each virtual service.

Managing the APM ServerThis section describes how to manage the APM server.Use the APM-Enabled Services table to view information related to the virtual services of the managed Alteon or LinkProof NG devices that have APM enabled. There, you can also directly access the service in the APM Web interface.

To manage the APM server

1. In the APSolute Vision Settings view System perspective, select General Settings > APM Settings. The APM Settings tab displays the APM Server State field and a table with information about the APM server. The APM Server State field can display the following values:— Initializing—The APM server is initializing.— Running—The APM server is running.— Down—The APM server is down. Typically, this is because the APM server is not yet

configured in the table or the APM license is not yet installed.2. Do one of the following:


3. Configure the parameters, and then, click Submit.




Table 45: APM Server Parameters

Parameter DescriptionUse the APM Server Installed on this APSolute Vision Server(This parameter is available only with the APSolute Vision server with APM server VA offering.)

Specifies whether APSolute Vision uses the APM server associated with the APSolute Vision server with APM server VA installation. Values:• Disabled—APSolute Vision uses an external APM server.• Enabled—APSolute Vision uses the APM server associated

with the APSolute Vision installation, and populates the following fields with read-only values:— Management IP Address—The IP address of the APSolute

Vision management port (G1 or G2), which is the management port for both APM and APSolute Vision server.

— Data IP Address—The IP address of the G4 port.— Backup IP Address—The IP address of the G3 port. This

value is not mandatory.Default: Disabled

Notes: • For information on configuring the IP address for each port,

see Network IP Interface Commands, page 596.• For information on configuring the routing for each port, see

Network Routing Commands, page 599.

Management IP Address The IP address of the port on the SharePath/APM server that APSolute Vision uses for APM management traffic.In the APSolute Vision server with APM server VA offering, this address is typically the management IP address of the APSolute Vision server too. By default, this is the IP address of the G1 port on the APSolute Vision server VA.

Port The management interface TCP port. Values: 1–65535Default: 443

Caution: Specifying a non-default port involves modifying the APM server configuration. For more information, in the Application Performance Monitoring Troubleshooting and Technical Guide, see the appendix “Configuring a Non-Default APM Port for APM Reports.”

Note: You can specify the port only when you add a new APM server to the APSolute Vision configuration. You cannot modify the port on an APM server that is already configured in APSolute Vision. To modify the port, you need to remove the APM server from the APSolute Vision configuration, and then, add the APM server with the required port to the APSolute Vision configuration again.




Viewing Information on the APM-Enabled DevicesUse the APM Enabled-Devices pane to view information on the devices managed by the APSolute Vision server that have at least one virtual service with APM enabled.

To view information on the APM-enabled devices

> In the APSolute Vision Settings view System perspective, select General Settings > APM Settings > APM-Enabled Devices.

Data IP Address The IP address of the port on the SharePath/APM server that APSolute Vision uses for APM data traffic. In the APSolute Vision server with APM server VA offering, this address is typically the IP address of the APSolute Vision G4 port. This field is significant only for older Alteon versions 29.5, 30.0.0, 30.0.1, 30.0.2, 30.0.3, and 30.1. New versions use the configuration on the device and ignore the Data IP Address field. The default is set to G4, assuming that APM must support the device sending beacons from the Alteon data interface.

Backup IP Address The IP address of the port on the SharePath/APM server that APSolute Vision uses for APM backup traffic.

Note: This value is not mandatory.

Performance Limit The maximum events (performance reports for an HTML page) per second that the APM server can process.Values: 10–1000Default: 500

Table 46: APM-Enabled Services Table

Parameter DescriptionDevice Name The name of the device with the APM-enabled service.

Virtual Server Index The index of the APM-enabled service.

Virtual Server IP The IP address of the APM-enabled service.

Port The port of the APM-enabled service.

Description The description of the APM-enabled service.

APM Application Link A hyperlink to the APM-enabled service in the APM interface.

Table 47: APM-Enabled Devices Table

Parameter DescriptionDevice Name The name of the device with an APM-enabled service.

Device Management IP The IP address of the device.

Software Version The software version of the device.

APM License (PgPM) The APM license currently installed on the device.

Form Factor The form factor of the device.

Table 45: APM Server Parameters (cont.)





Configuring the Radware Cloud DDoS Protection SettingUse the Radware Cloud DDoS Protection pane to specify the Radware Cloud DDoS Protection URL. APSolute Vision uses the URL to connect to the Radware Cloud DDoS Protection service when you

click > in the APSolute Vision menu bar.

Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS Protection Services User Guide.

To specify the Radware Cloud DDoS Protection URL

1. In the APSolute Vision Settings view System perspective, select General Settings > Radware Cloud DDoS Protection.

2. In the Radware Cloud DDoS Protection URL text box, type the URL, and click Submit.

Configuring APSolute Vision Server Advanced ParametersUse the following procedure to configure additional advanced parameters and online-help parameters for the APSolute Vision server.

To configure advanced parameters for the APSolute Vision server

1. In the APSolute Vision Settings view System perspective, select General Settings > Advanced.


Hardware Platform The platform of the device.

APM Server Management IP The IP address of the management port of the APM server. For the APSolute Vision server with APM server VA offering, this is the IP address of the management port of the APSolute Vision server.

Table 47: APM-Enabled Devices Table (cont.)





Table 48: APSolute Vision Advanced: General Parameters

Parameter DescriptionMaximum Configuration Files for Device

The maximum number of configuration files per managed device that you can store on the APSolute Vision server for backup. When the limit is reached, you are prompted to delete the oldest file.Values: 1–10Default: 5

Note: If you change the maximum value to less than the number of existing configuration files, none of the existing files will be deleted. For example, the configured maximum value is 10 and there are 8 configuration files, if you then change the configured maximum value to 4, no files are deleted.

Minimal Log Level The lowest severity of messages that will be logged for debugging purposes. Values:• Fatal• Error• Warning• Info • Debug• TraceDefault: Error

Caution: Lowering the value of the Minimal Log Level parameter may negatively affect the performance of the APSolute Vision server. Radware recommends using the default value, Error, except when there are specific troubleshooting requirements.

Device Lock Timeout The time, in minutes, that a device remains locked. If you have the appropriate permissions to configure a device, you can lock the device so that other user cannot configure the device at the same time.Values: 5–180Default: 10

Results per Page The number of rows that are displayed per table page.Values: 10–100Default: 50




Configuring APSolute Vision Display ParametersYou can configure display parameters for APSolute Vision clients, which also affect certain other APSolute Vision functionalities.

To configure APSolute Vision display parameters

1. In the APSolute Vision Settings view System perspective, select General Settings > Display.2. Configure the parameters, and click Submit.

Table 49: APSolute Vision Advanced: Online Help Parameters

Parameter DescriptionNote: For changes to existing online help content to display properly, you may need to refresh your browser display or clear the browser cache.

Online Help URL The source of the online help that clients request.Values:• APSolute Vision Server—The server provides the client with

online-help files stored on the server. Installation of the APSolute Vision server includes online-help files, but if managed devices are somehow upgraded later (with a new device, new device version, or new device driver), the online-help files on the server should be updated. It is the responsibility of the APSolute Vision administrator to make sure that the help files on the server are updated as necessary. For more information, see Appendix A - Managing the Online-Help Package on the Server, page 669.

• Radware.com—The client sends online-help requests to the radware.com Web site and receives files from there. The online-help files at radware.com are always the most up-to-date, but you may encounter latency or connectivity problems.

Default: APSolute Vision Server

Update(button)

Opens the dialog box to update the online-help package that resides in the APSolute Vision server.

Note: For more information, see Appendix A - Managing the Online-Help Package on the Server, page 669.

Revert to Default Help(button)

The online help currently on the server reverts to the online help package that was included with the installation of the APSolute Vision server.

Note: For more information, see Appendix A - Managing the Online-Help Package on the Server, page 669.




Table 50: Display: General Parameters

Parameter DescriptionDefault Display Language The default display language for new users in the APSolute Vision

system.

Notes: • If you change the value, the change affects only users created

after the change.• Each user can change his/her own display language, by opening

the User drop-down dialog box (from the APSolute Vision toolbar, in the User ribbon at the at the far right) and selecting

the language from the drop-down list next to the (globe) icon.

• An Administrator can specify the default language for each specific user (see Configuring Local Users for APSolute Vision, page 82).

Default Landing Page The page that APSolute Vision displays by default for new users in the APSolute Vision system.Values: • First Device in the Tree—New users land on the Device pane

with the first available device selected, and the Configuration perspective.

• Application SLA Dashboard—New users land on the Application SLA Dashboard (see Using the Application SLA Dashboard, page 573).

• Security Control Center—New users land on the Security Control Center (see Using the Security Control Center, page 576).

• Operator Toolbox—New users land on the Toolbox (see Using the Toolbox, page 211).

• Service Status Dashboard—New users land on the Service Status Dashboard (see Using the Service Status Dashboard, page 582).

Default: First Device in the Tree

Notes: • User roles and scopes determine whether the selected option is

relevant. If a user does not have permission to view the selected option, he/she lands on the first permitted tab in the APSolute Vision Settings view. For information on user roles and scopes, see Managing APSolute Vision Users, page 67.

• Each user can change his/her own landing page (APSolute Vision Settings view Preferences perspective, User Preferences > Display).

• If you change the value, the change affects only users created after the change.




Managing APSolute Vision Maintenance FilesYou can open and save the maintenance files and upgrade log files of the APSolute Vision server.

To open or save a maintenance file or upgrade log file

1. In the APSolute Vision Settings view System perspective, select General Settings > Maintenance Files.

2. Double-click the row with the relevant file.

3. Use the dialog box to open the file with a selected application or save the file to a selected location.

Table 51: Display: Date and Time Format Parameters

Parameter DescriptionDate Format The date format for information that includes date and time

displayed in the APSolute Vision Web client.Values:• dd.MM.yyyy• MM.dd.yyyy• dd/MM/yyyy• MM/dd/yyyyDefault: dd.MM.yyyy

Time Format The time format for information that includes date and time displayed in the APSolute Vision Web client.Values:• HH:mm:ss• HH:mm:ss z• h:mm:ss aa• h:mm:ss aa zDefault: HH:mm:ss




Managing Operator Toolbox SettingsUse the Operator Toolbox Settings tab to manage the graphic files for the Toolbox dashboard (see Using and Managing Toolbox Scripts, page 211).The file must have the PNG, SVG, or JPG extension and be no larger than 200 KB.The table in the Operator Toolbox Settings tab comprises the following columns: • File Name—The filename of the graphic file.• Used by Script—The filename of the script that is associated with this graphic file (Toolbox >

Advanced > Operator Toolbox > Assign to Dashboard).• Icon Preview—The image that the Operator Toolbox dashboard uses—or can use—to run a

script.• Upload Date—The date the file was uploaded to APSolute Vision.• Uploaded By—The username who uploaded the file to APSolute Vision.

Note: To replace a file with the same name, you must first delete the old file.

To upload an image file for the Toolbox dashboard

1. In the APSolute Vision Settings view System perspective, select General Settings > Operator Toolbox Settings.

2. Click the (Add) button.

3. Click Browse and browse to the file.

4. Click Upload.

Related Topics • Using and Managing Toolbox Scripts, page 211• Managing Toolbox Scripts, page 233

Managing Stored Device Configuration/Backup FilesYou can manage configuration files of managed devices that are stored on the APSolute Vision server. You can do the following:• View details of the configuration files of managed devices • Save configuration files from the server to your PC• Delete configuration files from the server• Edit configuration file descriptions

For information about configuring the maximum number of configuration files per device that can be stored, see Configuring APSolute Vision Server Advanced Parameters, page 151.




To access the device backups

> In the APSolute Vision Settings view System perspective, select Device Resources > Device Backups.

To edit the description of a configuration file

1. In the APSolute Vision Settings view System perspective, select Device Resources > Device Backups.

2. Double-click the relevant entry.

3. In the Description text box, add or edit the text, up to 50 characters.

To delete a configuration file from the server


2. Select the relevant entry.

3. Click the (Delete) button.

To get the configuration file of the device from the APSolute Vision server and download the file to the local PC



3. Click the (Download Selected File) button.

4. Open or save the file as you require.

Table 52: Device Configuration File Parameters

Parameter DescriptionFile Name The name of the stored configuration file.

File Type This field always displays Regular.

SW Version The software version of the device.

Backup Date The date and time that the file was saved on the APSolute Vision server.

Description A description of the file. You can enter and edit text in this field.




To compare a device-backup file—of an Alteon, DefensePro, or LinkProof NG device—from the APSolute Vision server to another object



3. Click the (Compare Backup File) button.

4. From the Compare... With drop-down list, select one of the following:

— Other Device Running Configuration— Backup File from System— Backup File from Local File System

5. Select the device, configuration, or file.

6. Click OK.

Viewing Device SubscriptionsUse the Device Subscriptions pane to view information on the devices that APSolute Vision manages, the associated support agreements, and the associated subscriptions. The table in the Device Subscriptions tab displays all managed devices of most device types—including Alteon VX devices. The table retrieves information on the devices from Radware, and displays the information even when a device is unavailable to APSolute Vision. You can sort and filter the table according to your needs. You can also export the contents of the table in the pane to a CSV file—according to any filter that is applied.

Caution: The functionality of the Device Subscriptions pane requires connectivity to radware.com or the proxy server that is configured in the APSolute Vision settings (APSolute Vision Settings view System perspective, General Settings > Connectivity > Proxy Server Parameters).




Notes

• Columns in the Device Subscriptions table display N/A when there is no connectivity to radware.com or the proxy server that is configured in the APSolute Vision settings.

• Radware’s Security Update Service (SUS) is a subscription service for security advisories and signature updates, which delivers rapid and continuous updates.

• The Fraud Signature Protection subscription provides protection against fraud and phishing attacks using the DefensePro Fraud Protection module.

• The ERT Active Attackers Feed is a subscription service that updates DefensePro devices with IP addresses of known attackers that were recently active. The feed is generated by Radware’s Threat Research Center.

• The Device Subscriptions table does not display DefenseFlow devices.

• The Device Subscriptions table does not display vADC devices that APSolute Vision does not manage.

• Except for AppWall devices, all of the subscriptions are based on the device MAC address.

• For your convenience, the Device Subscriptions pane includes a link to the APSolute Vision License Management tab (see Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 143).

You can use the Device Subscriptions to help you manage your device repository, and make sure you have all of the required subscriptions, prior to updating your devices. For example, when you want to upgrade device software, you can first check the Device Subscriptions table, and verify that all devices have a support agreement. You can filter the table for Support Agreement: No and locate devices that do not have a support agreement. If there are no such devices, you can continue and upgrade the devices. If there are devices that do not have a valid support agreement, you can export the table to a CSV file and use the file to send Radware the list of MAC addresses lacking a support agreement. Radware will check whether there’s is an error in the database or the device MAC addresses are not registered. After handling errors and purchases and refreshing the Device Subscriptions table, all relevant rows will show Support Agreement: Yes. You can then continue with the device upgrade.

To open the Device Subscriptions pane

> In the APSolute Vision Settings view System perspective, select Device Resources > Device Subscriptions.

The following table describes the Device Subscriptions table.

Table 53: Device Subscriptions Table Parameters

Parameter DescriptionDevice Name The name of the device.

Device Type The type of the device.

MAC Address The MAC address of the device.

Note: AppWall devices do not use the MAC address for to register agreements. Instead, AppWall devices use the host ID to register agreements.

Software Version The software version of the device.

Valid Support Agreement

Specifies whether there is a valid Support Agreement for the device.Values: N/A, Yes, No




To export a CSV file with the information in the Device Subscriptions table

1. In the APSolute Vision Settings view System perspective, select Device Resources > Device Subscriptions.

2. Click (Export Table to CSV File).

3. View the file or specify the location and file name, and then, click Save.

Controlling APSolute Vision OperationsYou can perform the following operations on APSolute Vision:• Back up the APSolute Vision data—You can back up the configuration tables and other APSolute

Vision data. To back up the database including real-time and historical reports, you must use CLI commands. For more information, see Using vDirect with APSolute Vision, page 657.

• Update the Attack Description file.

You can perform the following operations using APSolute Vision CLI:• Restoring the appliance configuration.• Restoring the server configuration.• Restarting the APSolute Vision server.

For more information about APSolute Vision CLI commands, see Using vDirect with APSolute Vision, page 657.

Support Agreement Expiration Date

The expiration date of the Support agreement.

Valid SUS Agreement Specifies whether there is a valid SUS agreement for the device.Values: N/A, Yes, No

SUS Expiration Date The expiration date of the SUS agreement.

Valid Fraud Updates Agreement

Specifies whether there is a valid Fraud Updates agreement for the device.Values: N/A, Yes, No

Fraud Expiration Date The expiration date of the Fraud agreement.

ERT Active Attackers Feed Subscription

Specifies whether there is a valid ERT Active Attackers Feed subscription for the device.Values: N/A, Yes, No

ERT Active Attackers Feed Expiration Date

The expiration date of the ERT Active Attackers Feed subscription.

Table 53: Device Subscriptions Table Parameters (cont.)



CHAPTER 5 – MANAGING DEVICES, SITES, AND LOGICAL GROUPS

Before you can configure Radware devices through APSolute Vision, you add devices to the APSolute Vision server configuration. You can group devices into Sites and/or Logical Groups.The following topics describe how to set up your network of APSolute Vision Sites and Radware devices:• Using the Device Pane, page 161• Configuring Sites, page 162• Managing Individual Devices, page 164• Locking and Unlocking Devices, page 179• Managing DefensePro Clusters for High Availability, page 181• Using the Multi-Device View and the Multiple Devices Summary, page 187• Using Logical Groups of Devices, page 190• After You Set Up Your Managed Devices, page 194

Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more information, see Using vDirect with APSolute Vision, page 657.

Using the Device PaneYou organize the devices that APSolute Vision manages in the device pane.The following topics describe using the device pane: • Device Pane Trees, page 162• Icons for High Availability, page 162• Configuring Sites, page 162• Tree Nodes, page 164• Exporting a CSV File with the Devices in the Sites and Devices Tree, page 164• Filtering Entities in the Device Pane, page 164

Note: For a picture of the device pane, see Figure 22 - Device Pane (Not Docked)—Showing the Sites and Devices Tree, page 58.


Managing Devices, Sites, and Logical Groups


Device Pane TreesTo organize and manage devices, the device pane includes the following three different trees: • Sites and Devices—The Sites and Devices tree can contain:

— Alteon standalone, VA, and vADC devices and clusters of Alteon devices for high availability — AppWall devices and clusters of AppWall devices for high availability— DefensePro devices and clusters of DefensePro devices for high availability

Note: You can configure DefensePro high-availability clusters only on DefensePro version 6.x and 7.x devices.

— LinkProof NG devices• Physical Containers—The Physical Containers tree can contain the managed ADC-VX

instances, and Sites with ADC-VX instances. After you add an ADC-VX to the Physical Containers tree, you can configure the vADCs that the ADC-VX hosts. The vADCs that the ADC-VX is hosting are displayed as child nodes of the ADC-VX. Once a vADC is managed in the Physical Containers tree, you can only configure the corresponding vADC entity in the Sites and Devices tree.

• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical Group is a group of devices of the same type, which you manage as a single entity. For more information on Logical Groups, see Using Logical Groups of Devices, page 190.

To display another tree, click the button, and select the name of the tree that you require.

Icons for High AvailabilityIn the Sites and Devices tree, you can create clusters of devices for high availability. APSolute Vision displays DefensePro primary devices and AppWall cluster managers with a green border.

Figure 32: Icon for a Primary Device in a DefensePro Cluster

Figure 33: Icon for an AppWall Cluster Manager

Configuring SitesYou can configure Sites in the Sites and Devices tree and in the Physical Containers tree. You may configure Sites according to a geographical location, administrative function, or device type. You can nest Sites; that is, each Site can contain child Sites and devices. By default, the root Site is called Default. You can rename this Site, and add nested Sites and devices. You can add, rename, and delete Sites. When you delete a Site, you must first remove all its child Sites and devices.When you manage a vADC hosted by an ADC-VX in the Physical Containers tree, you specify the Site under which that vADC is displayed in the Sites and Devices tree.You can also display real-time security monitoring for multiple devices. You can select a Site or select multiple devices (using standard, mouse click/keyboard combinations) even if the devices are in the same Site.




Notes

• To move a device between Sites, you must first delete the device from the tree and then add the device in the required Site.

• A Site cannot have the same name as a device, and Sites nested under different parent Sites cannot have the same name.

• You cannot delete the Default Site, but you can rename it.

To add a new Site

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. In the device pane Sites and Devices tree or Physical Containers tree, select the Site node in

which you want to create the new Site.

3. Click the (Add) button in the tab toolbar.

4. From the Type drop-down list, select Site.

5. In the Name text box, type the name of the Site.

6. Click Submit.

Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name of a Site and the Site name changes, the user definition in the RADIUS or TACACS+ server must be updated accordingly.

If the name of an APSolute Vision Site changes and APSolute Vision authenticates the users locally, APSolute Vision updates the relevant scopes for the users.

To rename a Site

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the Site.

3. Click the (Edit) button.

4. In the Name text box, type the name of the Site.

5. Click Submit.

To delete a Site

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the Site.

3. Click the (Delete) button and confirm your action.




Tree NodesTree nodes are arranged alphabetically in the tree within each level. For example, a Site called Alteon_Site appears before a Site at the same level called DefensePro_Site.All nested Sites appear before devices at the same level, regardless of their alphanumerical order.All node names in a tree must be unique. For example, you cannot give a Site and a device the same name, and you cannot give devices in different Sites the same name.Node names are case-sensitive.

Exporting a CSV File with the Devices in the Sites and Devices Tree You can export a CSV file with the devices in the Sites and Devices tree. The CSV file includes information on each device. The file does not include information regarding associated Sites. For more information, see the procedure To export a CSV file with the devices in the Sites and Devices tree, page 177.

Filtering Entities in the Device PaneYou can filter the Sites, devices, and Logical Groups that APSolute Vision displays. The filter applies to all the Sites, devices, and Logical Groups in the tree. The filter does not change the contents of the tree, only how APSolute Vision displays the tree to you. By default, APSolute Vision displays all the Sites, devices, and Logical Groups that you have permission to view. To each node in the tree, APSolute Vision appends the number of devices matching the filter at that level according to your RBAC permissions.You can filter the Sites, devices, and Logical Groups that APSolute Vision displays according to the following criteria:• Status—Up, Down, Maintenance, or Unknown. The Logical Groups tab includes the criteria

Valid and Invalid.• Type—Alteon, AppWall, DefensePro, or LinkProof NG. The Physical Containers tab does

not display this field.• Name—The name of a device, Site, Logical Group, or string contained in the name (for

example, the value aRy matches an element named Primary1 and SecondaryABC). • IP Address—The IP address or portion of the IP address.

After you configure the filter criteria, to apply the filter, click the button to apply the filter.

Click the button to cancel the filter.

Managing Individual Devices Before you can manage a Radware device in APSolute Vision, you need to add the device to the appropriate Site tree in the device pane.The number of Radware devices that APSolute Vision can manage depends on the Right to Use (RTU) license. For information on managing licenses in APSolute Vision, see Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 143.When you add a device, you can define a name for it. You also provide the device-connection information, including authentication parameters (credentials) for communication between the device and the APSolute Vision server.After APSolute Vision connects to the device, basic device information is displayed in the content pane, and device properties information is displayed in the device-properties pane.




After submitting device-connection information, the APSolute Vision server verifies that it can connect to the device. APSolute Vision then retrieves and stores the device information and licensing information.After the connection has been established, you can modify some of the connection information and configure the device.When you add a device or modify device properties, you can specify whether the APSolute Vision server configures itself as a target of the device events and whether the APSolute Vision server removes from the device all recipients of device events except for its own address. For more, important information, see APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG, page 178, APSolute Vision Server Registered for Device Events—DefensePro, page 178, or APSolute Vision Server Registered for Device Events—AppWall, page 179.After adding devices, you can create clusters of the main and backup devices, or the primary and secondary devices (according to the device type).

Notes

• A device cannot have the same name as a Site.

• Devices in different Sites cannot have the same name.

• You can change the name of a device after you have added it to the APSolute Vision configuration.

• To move a device between Sites, you must first delete the device from the tree and then add it to the required target Site.

• If you replace a device with a new device to which you want to assign the same management IP address, you must delete the device from the Site and then recreate it for the replacement.

• When you delete a device, you can no longer view historical reports for that device.

• When you delete a device, the device alarms and security monitoring information are removed also.

• You can export a CSV file with the devices in the Sites and Devices tab. The CSV file includes information on each device. The file does not include information regarding associated Sites. For more information, see the procedure To export a CSV file with the devices in the Sites and Devices tree, page 177.

• HTTPS is used for downloading/uploading various files from/to managed devices, including: configuration files, certificate and key files, attack-signature files, device-software files, and so on. APSolute Vision uses Transport Layer Security (TLS) protocol version 1.1 or later for DefensePro 6.x versions 6.14.05 and later, 7.x versions 7.42.07 and later, and 8.x versions 8.13 and later.

• You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX managed by the same APSolute Vision server.

Caution: If a DefensePro device was added to APSolute Vision using vDirect (that is, registered on APSolute Vision), and the device Web (HTTPS) credentials are different from the CLI (SSH) credentials, you must update the Web credentials of the device in the APSolute Vision Device Properties dialog box. For the procedure, see To add a new device or edit device-connection information, page 166. For more information on vDirect, see Using vDirect with APSolute Vision, page 657 and Registering a DefensePro Instance, page 665.

This section includes the procedures to do the following:• To add a new device or edit device-connection information, page 166—Relevant for the

following device types:— Alteon standalone— Alteon VA




— Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server— AppWall— DefensePro— LinkProof NG

• To add an ADC-VX or edit ADC-VX connection information, page 170• To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by

the same APSolute Vision server, page 173• To delete a device, page 177—Relevant for the following device types:

— Alteon standalone— Alteon VA— Alteon vADC displayed in the Sites and Devices tree— AppWall— DefensePro— LinkProof NG

• To delete an ADC-VX, page 177

To add a new device or edit device-connection information

1. In the device pane, click the icon, and select Sites and Devices.2. In the device pane Sites and Devices tree, do one of the following:

— To add a new device:a. Navigate to and select the Site name to which you want to add the device.

b. Click the (Add) button in the tab toolbar.c. From the Type drop-down list, select the device type that you require.

— To edit device-connection information:a. Select the device name.

b. Click the (Edit) button.3. Configure the parameters, and click Submit.

After APSolute Vision connects to the device, basic device information is displayed in the content pane, and device properties information is displayed in the device-properties pane.

Table 54: Device Properties: General Parameters

Parameter DescriptionType The type of the object.

Values: • Site• Alteon• AppWall• DefensePro• LinkProof NG




Name The name of the device.

Notes: • There are some reserved words (for example,

DefenseFlow) that APSolute Vision does not allow as names.


Table 55: Device Properties: SNMP Parameters

Parameter Description(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)

Management IP The management IP address as it is defined on the managed device.

Note: Once you add the device to the APSolute Vision configuration, you cannot change its IP address.

SNMP Version The SNMP version used for the connection.

SNMP Read Community(This parameter is displayed only when SNMP Version is SNMPv1 or SNMPv2.)

The SNMP read community name.

SNMP Write Community(This parameter is displayed only when SNMP Version is SNMPv1 or SNMPv2.)

The SNMP write community name.




Specifies whether the device authenticates the user for a successful connection.Default: Disabled

Authentication Protocol(This parameter is available only when the Use Authentication checkbox is selected.)

The protocol used for authentication.Values: MD5, SHADefault: SHA

Authentication Password(This parameter is available only when the Use Authentication checkbox is selected.)

The password used for authentication.


Use Privacy(This parameter is available only when and the Use Authentication checkbox is selected.)

Specifies whether the device encrypts SNMPv3 traffic for additional security.Default: Disabled

Table 54: Device Properties: General Parameters (cont.)






Value: DES, AES128Default: DES

Caution: AES128 is supported only in Alteon version 30.5 and later, and in DefensePro 7.x versions 7.42.06 and later. If you select AES128 and the device software version does not support AES128, APSolute Vision will fail to connect to the device.




Table 56: Device Properties: HTTP/S Access Parameters

Parameter DescriptionVerify HTTP Access(This option is not available for AppWall.)

Specifies whether APSolute Vision verifies HTTP access to the managed device.Default: Enabled

Note: This option is not used for Alteon versions 29.5 and later.

Verify HTTPS Access(This option is not available for AppWall.)

Specifies whether APSolute Vision verifies HTTPS access to the managed device.Default: Enabled

Management IP (This option is available only for AppWall.)

The management IP address as it is defined on the managed device.


User Name The username for HTTP and HTTPS communication. Maximum characters: 18

Password The password used for HTTP and HTTPS communication.

HTTP Port The port for HTTP communication with the device. Default: 80

HTTPS Port The port for HTTPS communication with the device. Default: 443

Table 57: Device Properties: SSH Access Parameters

Parameter Description(This tab is available only for Alteon, DefensePro, LinkProof NG devices.)

Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI commands on the Alteon device.

User Name The username for SSH access to the device.Maximum characters: 32Default: admin

Table 55: Device Properties: SNMP Parameters (cont.)





Password The password for SSH access to the device.Maximum characters: 32 Default: admin

SSH Port The port for SSH communication with the device.Default: 22

Note: This value should be the same as the value for the SSH port configured in the device (Configuration perspective, System> Management Access > Management Protocols > SSH).

Table 58: Device Properties: Event Notification Parameters

Parameter DescriptionRegister This APSolute Vision Server for Device Events

Specifies whether the APSolute Vision server configures itself as a target of the device events.Values:• Enabled—The APSolute Vision server configures itself as

a target of the device events (for example, traps, alerts, IRP messages, and packet-reporting data).

• Disabled—For a new device, the APSolute Vision server adds the device without registering itself as a target for events.For an existing device, the APSolute Vision removes itself as a target of the device events.

Default: Enabled

Notes: • APSolute Vision runs this action each time you click

Submit in the dialog box. • For more, important information, see the following

relevant section:— APSolute Vision Server Registered for Device

Events—Alteon and LinkProof NG, page 178— APSolute Vision Server Registered for Device

Events—DefensePro, page 178— APSolute Vision Server Registered for Device

Events—AppWall, page 179

Register APSolute Vision Server IP(This parameter is available only when the Register This APSolute Vision Server for Device Events checkbox is selected.)

The port and IP address of the APSolute Vision server to which the managed device sends events.Select an APSolute Vision server interface that is used as the APSolute Vision server data port, and is configured to have a route to the managed devices.

Table 57: Device Properties: SSH Access Parameters (cont.)





To add an ADC-VX or edit ADC-VX connection information

1. In the device pane, click the icon, and select Physical Containers.2. Do one of the following:

— To add a new device:a. Navigate to and select the Site name to which you want to add the ADC-VX.

b. Click the (Add) button in the tab toolbar.c. From the Type drop-down list, select Alteon.

— To edit device-connection information:a. Select the device name.

b. Click the (Edit) button.3. Configure the parameters, and click Submit.

After APSolute Vision connects to the device, basic device information is displayed in the content pane, and device properties information is displayed in the device-properties pane. The vADCs that the ADC-VX is hosting are displayed as child nodes of the ADC-VX. The name format in the vADC child nodes is <ADC-VX Name>_vADC-<vADC ID>.

Remove All Other Targets of Device Events(This parameter is available only when the Register This APSolute Vision Server for Device Events checkbox is selected.)

Specifies whether the APSolute Vision server removes from the device all recipients of device events (for example, traps, and IRP messages) except for its own address.Default: Disabled

Note: APSolute Vision runs this action each time you click Submit in the dialog box. For example, if you select the checkbox and click Submit—and later, a trap target is added to the trap target-address table—APSolute Vision removes the additional address the next time you click Submit in the dialog box.

Table 59: ADC-VX Device Properties: General Parameters

Parameter DescriptionType The type of the object.

Values: Site, Alteon

Name The name of the device.




Table 58: Device Properties: Event Notification Parameters (cont.)





Table 60: ADC-VX Device: SNMP Properties

Parameter DescriptionManagement IP The management IP address as it is defined on the managed

device.



SNMP Community(This parameter is displayed only when SNMP Version is SNMPv1 or SNMPv2.)





Specifies whether the device authenticates the user for a successful connection.Default: disabled

Authentication Protocol(This parameter is available only when the Use Authentication checkbox is selected.)


Authentication Password(This parameter is available only when the Use Authentication checkbox is selected.)


Use Privacy(This parameter is available only when and the Use Authentication checkbox is selected.)

Specifies whether the device encrypts SNMPv3 traffic for additional security.Default: Disabled


Values: DES, AES128Default: DES

Note: AES128 is supported in Alteon only on version 30.5 and later. If the device software version does not support AES128, APSolute Vision will fail to connect to the device.






Table 61: ADC-VX Device: HTTP/S Access Properties

Parameter DescriptionVerify HTTP Access Specifies whether APSolute Vision verifies HTTP access to the

managed device.Default: Enabled


Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to the managed device.Default: Enabled

User Name The username for HTTP and HTTPS communication.Default: adminMaximum characters: 18

Password The password used for HTTP and HTTPS communication.Default: admin

HTTP Port The port for HTTP communication with the device.Default: 80

HTTPS Port The port for HTTPS communication with the device.Default: 443

Table 62: ADC-VX Device: Event Notification Properties


Specifies whether the APSolute Vision server configures itself as a target of the device events.Values:• Enabled—The APSolute Vision server configures itself as a

target of the device events (for example, traps, alerts, IRP messages, and packet-reporting data).


Default: Enabled


Submit in the dialog box. • For more, important information, see APSolute Vision

Server Registered for Device Events—Alteon and LinkProof NG, page 178.


The port and IP address of the APSolute Vision server to which the managed device sends events.




To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by the same APSolute Vision server

1. In the device pane, click the icon, and select Physical Containers.2. Expand the node of the ADC-VX that hosts the vADC.

3. Select the vADCs and click the (Manage vADC) button.

4. In the Device Properties dialog box, configure the parameters, and click Submit.

After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and Devices tree. The device information is displayed in the content pane, and device properties information is displayed in the device-properties pane. Once you add the vADC to the device pane Sites and Devices tree, you cannot change its location or configure any of its properties from the Physical Containers tree.


Specifies whether the APSolute Vision server removes from the device all recipients of device events (for example, traps, and IRP messages) except for its own address.Default: DisabledAPSolute Vision runs this action each time you click Submit in the dialog box. For example, if you select the checkbox and click Submit—and later, a trap target is added to the trap target-address table—APSolute Vision removes the additional address the next time you click Submit in the dialog box.

Table 63: vADC Device Properties: General Parameters

Parameter DescriptionName(This parameter is not available when configuring APSolute Vision to manage multiple vADCs.)

The name of the device. You can change the default.




Location The Site in the device pane Sites and Devices tree where APSolute Vision locates the vADC.

Table 64: vADC Device Properties: SNMP Parameters

Parameter DescriptionManagement IP The management IP address as it is defined on the

managed device.



Table 62: ADC-VX Device: Event Notification Properties (cont.)





SNMP Community(This parameter is displayed only when SNMP Version is SNMPv1 or SNMPv2.)





Specifies whether the device authenticates the user for a successful connection.Default: disabled

Authentication Protocol(This parameter is displayed only when the Use Authentication checkbox is selected.)


Authentication Password(This parameter is displayed only when the Use Authentication checkbox is selected.)


Use Privacy(This parameter is displayed only when and the Use Authentication checkbox is selected.)

Specifies whether the device encrypts SNMPv3 traffic for additional security.Default: disabled


Values: DES, AES128Default: DES

Note: AES128 is supported only on Alteon version 30.5 and later, and on a future Defense version. If the device software version does not support AES128, APSolute Vision will fail to connect to the device.

Privacy Password(This parameter is displayed only when the Use Privacy checkbox is selected.)


Table 65: vADC Device Properties: HTTP/S Access Parameters

Parameter DescriptionVerify HTTP Access Specifies whether APSolute Vision verifies HTTP access to

the managed device.Default: Enabled


Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to the managed device.Default: Enabled

Table 64: vADC Device Properties: SNMP Parameters (cont.)





User Name The username for HTTP and HTTPS communication. Default: adminMaximum characters: 18

Password The password used for HTTP and HTTPS communication.Default: admin

HTTP Port The port for HTTP communication with the device. Default: 80

HTTPS Port The port for HTTPS communication with the device. Default: 443

Table 66: vADC Device Properties: SSH Access Parameters

Parameter DescriptionNote: To configure and apply certain features, APSolute Vision requires SSH access to run CLI commands on the Alteon device.

User Name The username for SSH access to the device.Maximum characters: 32Default: admin

Password The username for SSH access to the device.Maximum characters: 32Default: admin

SSH Port The port for SSH communication with the device.Default: 22

Note: This value should be the same as the value for the SSH port configured in the device (Configuration perspective, System > Management Access > Management Protocols > SSH).

Table 65: vADC Device Properties: HTTP/S Access Parameters (cont.)





Table 67: vADC Device Properties: Event Notification Parameters


Specifies whether the APSolute Vision server configures itself as a target of the device events.Values:• Enabled—The APSolute Vision server configures itself

as a target of the device events (for example, traps, alerts, IRP messages, and packet-reporting data).


Default: Enabled


Submit in the dialog box. • For more, important information, see APSolute Vision

Server Registered for Device Events—Alteon and LinkProof NG, page 178.


The port and IP address of the APSolute Vision server to which the managed device sends events.


Specifies whether the APSolute Vision server removes from the device all recipients of device events (for example, traps, and IRP messages) except for its own address.Default: Disabled


Submit in the dialog box. For example, if you select the checkbox and click Submit and later, a trap target is added to the trap target-address table—APSolute Vision removes the additional address the next time you click Submit in the dialog box.

• For more, important information, see APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG, page 178.




The following procedure, To delete a device, page 177, is relevant for the following device types:• Alteon standalone• Alteon VA• Alteon vADC displayed in the Sites and Devices tree • AppWall• DefensePro• LinkProof NG

To delete a device

1. In the device pane, click the icon, and select Sites and Devices.

2. Select the device name, and click the (Delete) button.

3. Click Yes in the confirmation box. The device is deleted from the list of managed devices.

To delete an ADC-VX

1. In the device pane Physical Containers tree, select the device name and click the (Delete) button.

2. Click Yes in the confirmation box. The device is deleted from the list.

To export a CSV file with the devices in the Sites and Devices tree

1. In the device pane, click the icon, and select Sites and Devices.

2. Click (Export Device List to CSV).

3. View the file or specify the location and file name, and then, click Save.

The CSV file includes the following columns: — Device Name— Device Type— Status— Management IP Address— Software Version— MAC Address— License— Platform— Form Factor— HA Status— Device Driver

Note: The file does not include information regarding Sites or Logical Groups.




APSolute Vision Server Registered for Device Events—Alteon and LinkProof NGIn the Device Properties dialog box, you can specify the following actions—which APSolute Vision runs each time you click Submit in the dialog box:• Whether the APSolute Vision server configures itself as a target of the device events (Register

This APSolute Vision Server for Device Events checkbox)• Whether the APSolute Vision server removes from the device all recipients of device events

except for its own address (Remove All Other Targets of Device Events checkbox)

In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run the Apply command, APSolute Vision configures itself as a target of the device events and ensures that the device also sends traps for authentication-failure events.Alteon, by default, does not send traps for authentication-failure events.Use the following CLI command to enabling sending traps for these events:/cfg/sys/ssnmp/auth

You can view the APSolute Vision address target with the following CLI commands:

• /cfg/sys/ssnmp/trap1

• /cfg/sys/ssnmp/trap2

APSolute Vision Server Registered for Device Events—DefenseProIn the Device Properties dialog box, you can specify the following actions—which APSolute Vision runs each time you click Submit in the dialog box:• Whether the APSolute Vision server configures itself as a target of the device events (Register



Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared, the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and display information about the device.

DefensePro supports a device being managed by multiple APSolute Vision servers.When multiple APSolute Vision servers manage the same DefensePro device, the device sends the following:• Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target

Parameters table contain entries for all APSolute Vision servers.• Packet-reporting data only to the last APSolute Vision server that registered on the device.




APSolute Vision Server Registered for Device Events—AppWallIn the Device Properties dialog box, you can specify the following actions—which APSolute Vision runs each time you click Submit in the dialog box:• Whether the APSolute Vision server configures itself as a target of the device events (Register



Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared, the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and display information about the device. If the checkbox is cleared, and you want AppWall to send security events to APSolute Vision and/or AVR, you need to manually configure AppWall to send security events to APSolute Vision and/or AVR.

With AppWall version 6.6.1 and later, and for Alteon version 30.5 with embedded AppWall—or a future version of AppWall for Alteon, when APSolute Vision server configures itself as a target of the device events (Register This APSolute Vision Server for Device Events checkbox):• AppWall sends the device events (that is, the syslog security events) to port 2215 on the

APSolute Vision server.• APSolute Vision displays the events in the Security Monitoring perspective.• APSolute Vision forwards the events to AVR for historical security reporting.

With AppWall versions earlier than 6.6.1—or AppWall for Alteon earlier than version 30.5, APSolute Vision server cannot configure itself as a target of the device events. Rather, in the configuration of the AppWall or AppWall for Alteon device, you must manually configure the APSolute Vision management IP address as a syslog server. If you specify port 2214 for the syslog server, AppWall security events are displayed (only) in AVR. If you specify port 2215 for the syslog server, AppWall security events are displayed in AVR and in the Security Monitoring perspective.

Locking and Unlocking DevicesWhen you have permission to perform device configuration on a specific device, you must lock the device before you can configure it. Locking the device ensures that other users cannot make configuration changes at the same time. The device remains locked until you unlock the device, you disconnect, until the Device Lock Timeout elapses, or an Administrator unlocks it. Locking a device does not apply to the same device that is configured on another APSolute Vision server, using Web Based Management, or using the CLI.

Note: Only one APSolute Vision server should manage any one Radware device.




While the device is locked:

• The device icon in the device pane includes a small lock symbol— for Alteon and

LinkProof NG, for AppWall, and for DefensePro.• Configuration panes are displayed in read-only mode to other users with configuration

permissions for the device.• If applicable, the Submit button is available.

• If applicable, the (Add) button is displayed.

To lock a single device

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the device.

3. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left

corner of the device drawing). The drawing changes to (a picture of a locked padlock).

To unlock a single device

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the device.

3. In the device-properties pane, click (the drawing of the locked padlock at the lower-left

corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).

To lock multiple devices

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the devices to lock. You can select a Site or select multiple devices (using standard,

mouse click/keyboard combinations) whether or not the devices are in the same Site.

3. Click the (View) button.

4. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left

corner of the device drawing). The drawing changes to (a picture of a locked padlock).




To unlock multiple devices

1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.2. Select the devices to unlock. You can select a Site or select multiple devices (using standard,

mouse click/keyboard combinations) whether or not the devices are in the same Site.


4. In the device-properties pane, click (the drawing of the locked padlock at the lower-left

corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).

Tip: If you APSolute Vision setup uses Logical Groups, you can select a Logical Group to lock or unlock the devices in it.

Managing DefensePro Clusters for High AvailabilityRadware recommends installing DefensePro devices in pairs to provide high availability (HA)—that is, fault tolerance in the case of a single device failure.

Note: DefensePro does not support this feature when the Device Operation Mode is IP (see Configuring the Device Operation Mode for DefensePro, page 224).This section contains the following topics:• High-Availability in DefensePro—Overview, page 181• Configuring DefensePro High-Availability Clusters, page 184• Monitoring DefensePro Clusters, page 185• Synchronizing High-Availability Devices and Switching the Device States, page 186

High-Availability in DefensePro—OverviewTo support high availability (HA), you can configure two compatible DefensePro devices to operate in a two-node cluster. One member of the cluster is configured as the primary; the other member of the cluster assumes the role of secondary. Both cluster members must meet the following requirements:• Must use the same:

— Platform— Software version— Software license— Throughput license— Radware signature file

• Must be on the same network. • Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,

or both MNG-1 and MNG-2 on both devices).




When you configure a cluster and submit the configuration, the newly designated primary device configures the required parameters on the designated secondary device.You can configure a DefensePro high-availability cluster in the following ways:• To configure the primary device of the cluster, the failover parameters, and the advanced

parameters, you can use the High Availability pane (Configuration perspective, Setup > High Availability). When you specify the primary device, you specify the peer device, which becomes the secondary member of the cluster.

• To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and Associated Management Ports), you can use the Create Cluster pane. The following graphic shows the Create Cluster pane and the device pane.

Figure 34: Create Cluster Pane

The members of a cluster work in an active-passive architecture.When a cluster is created:• The primary device becomes the active member.• The secondary device becomes the passive member.• The primary device transfers the relevant configuration objects to the secondary device.

A secondary device maintains its own configuration for the device users, IP interfaces, routing, and the port-pair Failure Mode. A primary device immediately transfers each relevant change to its secondary device. For example, after you make a change to a Network Protection policy, the primary device immediately transfers the change to the secondary device. However, if you change the list of device users on the primary device, the primary device transfers nothing (because the secondary device maintains its own list of device users).The passive device periodically updates the baselines for BDoS and HTTP Mitigator protections with the values from the active device.




The following situations trigger the active device and the passive device to switch states (active to passive and passive to active):• The passive device does not detect the active device according to the specified Heartbeat

Timeout. • All links are identified as down on the active device according to the specified Link Down

Timeout.• Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the

specified Idle Line Timeout.• You issue the Switch Over command. To switch the device states, select the cluster node, and

then select Switch Over.

The actions that you can perform on a secondary device is limited.You can perform only the following actions on a secondary device:• Switch the device state (that is, switch over active to passive and passive to active).• Break the cluster if the primary device is unavailable.• Configure management IP addresses and routing.• Configure the port-pair Failure Mode. • Manage device users.• Download a device configuration.• Upload a signature file.• Download the device log file.• Download the support log file.• Reboot.• Shut down.• Change the device name.• Change the device time.• Initiate a baseline synchronization if the device is passive, using the CLI or Web Based

Management.

Notes

• To create a cluster, the devices must not be locked by another user.

• By design, an active device does not fail over during a user-initiated reboot. Before you reboot an active device, you can manually switch to the other device in the cluster.

• You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web Based Management.

• When you upgrade the device software, you need to break the cluster (that is, ungroup the two devices). Then, you can upgrade the software and reconfigure the cluster as you require.

• In an existing cluster, you cannot change the role of a device (primary to secondary or vice versa). To change the role of a device, you need to break the cluster (that is, ungroup the two devices), and then, reconfigure the cluster as you require.

• If the devices of a cluster belong to different Sites, APSolute Vision creates the cluster node under the Site where the primary device resides; and APSolute Vision removes the secondary device from the Site where it was configured.

• APSolute Vision issues an alert if the state of the cluster members is ambiguous—for example, if there has been no trigger for switchover and both cluster members detect traffic. However, during the initial synchronization process, the state of the cluster members is momentarily ambiguous, and this situation is normal.




• When a passive device becomes active, any grace time resets to 0 (for example, the time of the Graceful Startup Mode Startup Timer).

• You can monitor high-availability operation in the High Availability pane of the Monitoring perspective (Monitoring perspective, Operational Status > High Availability).

• The Properties pane displays the high-availability information of the selected device.

Configuring DefensePro High-Availability ClustersYou can configure DefensePro high-availability clusters from the APSolute Vision device pane Sites and Devices tree.

To create a DefensePro high-availability cluster

1. In the device pane Sites and Devices tree, select the two DefensePro devices for the cluster (select one device and press Ctrl and click the other device).

2. Click the (Create Cluster) button.


To break a DefensePro high-availability cluster

1. In the device pane Sites and Devices tree, select the cluster node.

2. Click the (Break Cluster) button.

After your confirmation, the cluster node is removed from the tree, and the DefensePro devices are displayed under the parent node.

To rename a DefensePro high-availability cluster



Table 68: Cluster Setup Parameters

Parameter DescriptionCluster Name The name for the cluster (up to 32 characters).

Primary Device Specifies which of the cluster members is the primary device.

Associated Management Ports Specifies the management (MNG) port or ports through which the primary and secondary devices communicate.Values: MNG1, MNG2, MNG1+2

Note: You cannot change the value if the currently specified management port is being used by the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you cannot change the value to MNG2.




3. In the Cluster Name text box, type the new name (up to 32 characters).

4. Click Submit.

To change the associated management ports of a DefensePro high-availability cluster



3. Configure the parameters, and then click Submit.

Note: You cannot change the value if the currently specified management port is being used by the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you cannot change the value to MNG2.

Monitoring DefensePro ClustersIn the device pane, APSolute Vision identifies the high-availability cluster elements, roles, modes, and states using various combinations of icons and icon elements.The following table describes the icons that APSolute Vision displays in the device pane for DefensePro high-availability clusters.

The following table describes the icon elements that APSolute Vision displays in the device pane for DefensePro high-availability clusters.

The following table describes some icons that APSolute Vision can display in the device pane for DefensePro high-availability clusters.

Table 69: Icons for DefensePro High-Availability Clusters

Icon DescriptionCluster

Primary device

Secondary device

Table 70: Icons Elements for DefensePro High-Availability Clusters

Icon Element DescriptionActive device

Synchronizing

Unavailable

Table 71: Icons for DefensePro High-Availability Clusters—Examples

Icon DescriptionThe cluster is operating normally.




Synchronizing High-Availability Devices and Switching the Device StatesUse the Synchronize button to synchronize the members of a high-availability cluster. Use the Switch Over button to switch the state of the members of a high-availability cluster.

To synchronize the members of a high-availability cluster

1. In the device pane, select the cluster node.2. Lock the devices.

3. Click Synchronize ( ).

To switch the state of the members of a high-availability cluster

1. In the device pane, select the cluster node.2. Lock the devices.

3. Click Switch Over ( ).

The primary device is active, unlocked, and operating normally.

The primary device is passive, unlocked, and operating normally.

The secondary device is active, locked, and operating normally.

The secondary device is passive, unlocked, and operating normally.

The device is unavailable.

Table 71: Icons for DefensePro High-Availability Clusters—Examples (cont.)

Icon Description




Using the Multi-Device View and the Multiple Devices SummaryAPSolute Vision displays the multi-device view when you do one of the following:• Select a Logical Group in the Logical Groups tree in the device pane. For information about

managing and configuring Logical Groups, see Using Logical Groups of Devices, page 190.• Select multiple devices in the Sites and Devices tree or the Physical Containers tree in the device

pane and then click the (View) button.

Use the multi-device view to do the following: • Lock multiple devices to configure them.• View the Multiple Devices Summary table. The table contains all the relevant devices and

comprises the following columns: Lock State, Device Type, Device Name, IP Address, Locked by User, and Status.

• Run configuration-management actions for the relevant devices—You can run the Apply or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on multiple DefensePro devices.

• Use a Logical Group to configure the devices in it—For more about configuring multiple devices simultaneously, see Configuring Multiple Devices, page 196.

• Open the Multi-Device Configuration dialog box to configure simultaneously multiple devices of the same type and major version—For more about configuring multiple devices simultaneously, see Configuring Multiple Devices, page 196.

• Open the Security Monitoring perspective—In the multi-device view, the Security Monitoring perspective displays the Dashboard View and Traffic Utilization tabs—with the data aggregated for all the selected devices. For more information, see Using Real-Time Security Monitoring, page 507.




Figure 35: Multi-Device View from the Site and Devices Tree

The relevant configuration-management buttons display for the selected devices.

Multiple Devices Summary pane.

Multiple devices are selected. You can select a site or select multiple devices (using standard, mouse click/keyboard combinations) whether or not the devices are in the same site.

View button.

Configuration button—Opens the Multi-Device Configuration dialog box.





Figure 36: Multi-Device View from the Logical Groups Tree

To open the multi-device view from the Sites and Devices tree

1. In the device pane, click the button, and select Sites and Devices.2. Select the devices. You can select a Site or select multiple devices (using standard, mouse click/

keyboard combinations) whether or not the devices are in the same site.


To open the multi-device view from the Logical Groups tree

1. In the device pane, click the button, and select Logical Groups.2. Select the Logical Group.

Multiple Devices Summary pane.

Configuration button—Opens the Multi-Device Configuration dialog box.


The relevant configuration-management buttons display for the selected devices.

A Logical Group is selected, which automatically opens the multi-device view. APSolute Vision displays the name of the lead device with bold lettering. APSolute Vision dynamically chooses the lead device of the Logical Group. The lead device is always the device in the group that is available and running the earliest software version.




Using Logical Groups of DevicesThis section contains the following main topics: • Logical Groups—General Information, page 190• Logical Group User Interface, page 191• Managing Logical Groups, page 192

Logical Groups—General InformationA Logical Group is a user-defined group of one or more devices of the same device type.To be valid, a Logical Device group must contain at least one accessible device, and all the devices in the group must be the same device type.The devices in a Logical Group do not need to be running the same software version.The same device can exist in more than one Logical Group.You can use a Logical Group to help you perform the following:• Define the scope of APSolute Vision users—The Scope value of a user’s RBAC role/scope

pair can be a Logical Group. The user’s scope dynamically updates, according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the user’s scope changes accordingly. For more information, see Role-Based Access Control (RBAC), page 68 and Rules for RBAC Permission Conflicts with Logical Groups, page 77.

• Manage multiple devices simultaneously—When you configure the devices in a Logical Group, you use the multi-device view (see Using the Multi-Device View and the Multiple Devices Summary, page 187) to do the following:— View the Multiple Devices Summary table. The table contains all the relevant devices

and comprises the following columns: Lock State, Device Type, Device Name, IP Address, Locked by User, and Status.

— Lock multiple devices to configure them.— Make configuration changes to the lead device and apply the changes to the other

devices in the Logical Group—APSolute Vision dynamically chooses the lead device of the Logical Group. The lead device is always the device in the group that is available, and running the earliest software version. APSolute Vision displays the name of the lead device with bold lettering. After you make a valid change and click Submit All, APSolute Vision attempts to change the value for the submitted parameters on the lead device and all the other devices in the Logical Group. APSolute Vision submits only modified values; APSolute Vision does not submit values that were not modified. For more information, see Configuring Multiple Devices, page 196.

— Run configuration-management actions for the relevant devices—You can run the Apply or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on multiple DefensePro devices.

— Open the Security Monitoring perspective—In the multi-device view, the Security Monitoring perspective displays the Dashboard View and Traffic Utilization tabs—with the data aggregated for all the selected devices.

• Specify devices for scheduled tasks—In addition to selecting individual devices, you can specify one or more relevant Logical Groups. For more information on scheduled tasks, see Scheduling APSolute Vision and Device Tasks, page 287.

• Specify devices for Operator Toolbox scripts—In addition to selecting individual devices, you can specify one or more relevant Logical Groups. For more information, see Using and Managing Toolbox Scripts, page 211.

• Specify devices for sending or deleting DefensePro configuration templates—In addition to selecting individual devices, you can specify one or more Logical Groups of DefensePro devices. For more information on DefensePro configuration templates, see Using DefensePro Templates, page 240.




• Specify devices for Alert Profile—In addition to selecting individual devices, you can specify one or more relevant Logical Groups. For more information on the Alert Profiles, see Managing Alert Profiles, page 122.

• Specify devices for the Alerts Table Filter—In addition to selecting individual devices, you can specify one or more relevant Logical Groups. For more information on the Alerts Filter, see Filtering Alerts, page 316.

• Specify devices for REST API operations—For information on the REST API, see the APSolute Vision REST API documentation.

Logical Group User InterfaceThe user interface for existing Logical Groups comprises the following: • The Logical Groups tree in the device pane and the popup displays information for each Logical

Group node.• The multi-device view, which is displayed when you click a Logical Group node in the Logical

Groups tree. For more information, see Using the Multi-Device View and the Multiple Devices Summary, page 187.

Figure 37: Device Pane (Not Docked)—Showing the Logical Groups Tree

Note: For information on filtering the display of the tree, see Filtering Entities in the Device Pane, page 7.

Docks the device pane.

Minimizes the docked device pane.

APSolute Vision displays the name of the lead device with bold lettering. APSolute Vision dynamically chooses the lead device of the Logical Group. The lead device is always the device in the group that is available and running the earliest software version.

Controls for filtering the devices that the pane displays. APSolute Vision appends the number of devices matching the filter.

The button that selects the device-pane tree (Sites and Devices, Physical Containers, or Logical Groups) and the name of the tree that is displayed now.

Identifies an invalid Logical Group.

Identifies a valid Logical Group.




When you hover over a Logical Group node in the device pane, a popup displays the following parameters:• Group Name—The user-defined name of the Logical Group.• Status—The status of the group: Valid or Invalid. • Invalid Reason (displayed only when Status is Invalid)—The reason that the Logical Group is

invalid.• Type—The device type of the group, that is: Alteon, AppWall, DefensePro, or LinkProof

NG.• Lead Device Name—The name of the lead device of the Logical Group, select the lead device—

that is, the device whose configuration changes will be applied to the select devices.• Description—The user-defined description of the Logical Group.

Figure 38: Popup for Logical Group Node in the Device Pane

Managing Logical GroupsOnly users with a proper RBAC roles can manage Logical Groups (Administrator, Vision Administrator, and System User).To be valid, a Logical Device group must contain at least one accessible device, and all the devices in the group must be the same device type.You can create a new Logical Group in any of the three trees that the device pane can display. However, you cannot modify Logical Groups in the device pane Sites and Devices tree or Physical Containers tree.

Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name of a Logical Group and the Logical Group name changes, the user definition in the RADIUS or TACACS+ server must be updated accordingly.

If the name of Logical Group changes and APSolute Vision authenticates the users locally, APSolute Vision updates the relevant scopes for the users.In the device pane Logical Groups tree, you can configure and modify Logical Groups.

To configure a Logical Group from the Logical Groups tree

1. In the device pane, click the button, and select Logical Groups.2. Do one of the following:

— To create a new Logical Group, click the (Add) button.

— To edit a Logical Group, select the Logical Group node and click the (Edit) button.3. Configure the parameters, and click Submit.




In the device pane Sites and Devices tree and Physical Containers tree, you can select devices and create a new Logical Group.

To create a new Logical Group from the Sites and Devices tree or Physical Containers tree

1. In the device pane, click the button, and select Sites and Devices or Physical Containers.

2. In the Sites and Devices or Physical Containers tree, select the devices, which must be of the same type. You can select multiple devices (using standard, mouse click/keyboard combinations) whether or not the devices are in the same Site.

3. Click the (Add Group) button.


Table 72: Logical Groups Parameters

Parameter DescriptionType The device type. When you are creating a new Logical Group, the Type value

determines the devices that the Device lists display. When you are editing a Logical Group, the Type value is read-only.Values: • Alteon• AppWall• DefensePro• LinkProof NGDefault: Alteon

Name The name of the Logical Group.Maximum characters: 255

Devices The Available list and the Selected list. The Available list displays the available devices. The Selected list displays the devices in the Logical Group.

Description The description of the Logical Group.Maximum characters: 255

Table 73: Logical Groups Parameters

Parameter DescriptionType (Read-only) The device type.

Name The name of the Logical Group.Maximum characters: 255

Devices The Available list and the Selected list. The Available list displays the available devices. The Selected list displays the devices in the Logical Group.

Description The description of the Logical Group.Maximum characters: 255




You cannot delete a Logical Group if it is the used in a user role-scope pair.

To delete a Logical Group

1. In the device pane, click the button, and select Logical Groups.

2. In the device pane Logical Groups tree, click the Logical Group node, and click the (Delete) button.

3. Click Yes in the confirmation box. The Logical Group is deleted from the Logical Groups tree.

After You Set Up Your Managed DevicesAfter you set up your network of managed devices, and establish a connection to the devices, APSolute Vision obtains the network configuration and displays the settings in the device configuration tabs.You can then do the following:• Set and change the device configuration through APSolute Vision.• Perform administration and maintenance tasks on managed devices such as scheduling tasks,

making backups, and so on.• Monitor managed devices through APSolute Vision.

Note: For information about configuring Radware devices through APSolute Vision, see the APSolute Vision online help.


CHAPTER 6 – MANAGING DEVICE OPERATIONS AND MAINTENANCE

This section describes the following: • Rebooting and Shutting Down Managed Devices, page 195• Configuring Multiple Devices, page 196• Using the Diff Feature, page 198• Device-Configuration Management (Global Commands) for Alteon and LinkProof NG, page 199• Upgrading DefensePro Device Software, page 202• Downloading a DefensePro Log File to the APSolute Vision Client, page 203• Managing a Radware Signature File or Fraud Signature File in DefensePro Devices, page 204• Downloading a DefensePro Technical Support File, page 206• Managing DefensePro Configurations, page 206• Updating DefensePro Policy Configurations, page 209

Note: For information about other topics that are related to managing device operations, see the chapter Using the Toolbox, page 211, which contains the following:• Using and Managing Toolbox Scripts, page 211• Using DefensePro Templates, page 240• Using AppShape Templates and Instances, page 248

Rebooting and Shutting Down Managed DevicesYou can activate a device reboot (reset) or device shutdown from APSolute Vision.Some configuration changes on the device require a device reboot for the configuration to take effect. You can activate the device reboot from APSolute Vision.

Caution: For Alteon and LinkProof NG:

• Reset causes failover of the ADC, which might cause an interruption in network service.• If possible, synchronize the configuration before you reset the system.

• Configuration changes that have not been applied will be lost. Run the Diff command to view the changes that have not been applied, and then, run the Apply command as needed.

• Configuration changes that have not been saved will be lost. Run the Diff Flash command to view the changes that have not been saved, and then, run the Save command as needed.

• The spanning tree will be restarted, which will likely cause an interruption in network service.

Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see Managing Tasks in the Scheduler, page 288.


Managing Device Operations and Maintenance


To reboot a device

1. Lock the device.

2. In the Properties pane, click the (On-Off) button, which is part of the device picture.

3. Select Reset.

To shut down a device

1. Lock the device.

2. In the Properties pane, click the (On-Off) button, which is part of the device picture.

3. Select Shut Down.

Configuring Multiple DevicesUse the Multi-Device Configuration feature to make changes to multiple devices.You can use the Multi-Device Configuration feature in the following ways:• Using a Logical Group. The devices in Logical Group are of the same type, but may run different

software versions. For more information on Logical Groups, see Using Logical Groups of Devices, page 190.

• Selecting a site or multiple devices from the Sites and Clusters tree or the Physical Containers tree. The devices must be of the same type and same major version. You can select devices from different Sites. For more information, see Configuring Sites, page 162.

To configure multiple devices using a Logical Group

1. In the device pane, open the Logical Groups tree, and click the Logical Group. The Multi-Device View opens.

Note: For more information, see Using the Multi-Device View and the Multiple Devices Summary, page 187.

2. Click the (Configuration) button. The configuration GUI of the lead device opens.

Notes

— The tabs of the configuration GUI include the Summary tab, which comprises the Multi-Device View.

— The lead device is the device whose configuration changes will be applied to the selected additional devices. For more information on the lead device of a Logical Group, see Using Logical Groups of Devices, page 190.

3. Lock the devices if necessary.




4. Make a required change in the GUI of the lead device.

5. After you make a valid change, click Submit All. APSolute Vision attempts to change the value for the submitted parameter on the lead device and all the other devices in the Logical Group.

Notes

— APSolute Vision submits only modified values. APSolute Vision does not submit values that were not modified.

— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a parameter on other devices in the Logical Group.

6. Repeat step 4 and step 5 as necessary.

To configure the multiple devices by selecting a site or multiple devices

1. In the device pane, open the Sites and Clusters tree or the Physical Containers tree, and select the devices. You can select a site or select multiple devices (using standard, mouse click/keyboard combinations) whether or not the devices are in the same site.


3. Click the (Configuration) button. The Multi-Device Configuration dialog box opens.

Note: The top table, which you can filter, contains all the selected devices and comprises the following columns: Device Type, Device Name, IP Address, and Version.

4. From the top table, select the lead device—that is, the device whose configuration changes will be applied to the selected additional devices. The bottom table, which you can filter, displays the selected devices of the same type and major version.

5. From the bottom table, select the checkbox next to each device that the lead device will try to change.

6. Click Go. The GUI of the lead device opens. The device pane shows the lead device and the selected additional devices as selected.

7. Lock the devices if necessary.

8. Make a required change in the GUI of the lead device.

9. After you make a valid change, click Submit All. APSolute Vision attempts to change the value for the submitted parameter on the lead device and all the selected additional devices.

Notes

— APSolute Vision submits only modified values. APSolute Vision does not submit values that were not modified.

— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a parameter on selected additional devices.

10. Repeat step 8 and step 9 as necessary.




Using the Diff Feature

Click the (Diff) button to run the following commands on a single selected device:• Compare (Alteon, DefensePro, and LinkProof NG only)—Compares the configuration of the

selected device with one of the following: — Other Device Running Configuration—That is, another device of the same type and

major version— Backup File from System—That is, a device-configuration backup file stored on the

APSolute Vision server— Backup File from Local File System—That is, a device-configuration backup file stored on

the local file systemThe Compare action displays differences in the configurations using a green background for the configuration of the first device and red background for the configuration of the other device.

• Diff (Alteon and LinkProof NG only)—Collects the pending configuration changes.• Diff Flash (Alteon and LinkProof NG only)—Collects the pending configuration changes and the

affected configuration stored in flash memory on the device.

Figure 39: Diff Feature (Displaying Options for Alteon)

Click the (Save to File) button to save the results to a specified location.




Device-Configuration Management (Global Commands) for Alteon and LinkProof NGAlteon and LinkProof NG devices support the following configuration-management actions—also referred to as global commands.

Table 74: Alteon and LinkProof-NG Device Configuration Management Actions

Role DescriptionApply Applies any changes that have been made to the device configuration.

If the new configuration is different from the current configuration, to indicate that the Apply command is required to take effect, the Apply Required button is displayed with an orange icon.The Apply operation requires the device to be locked. When you select a single device, the Apply option is available only if the device is locked. When you select multiple devices, the Apply option is always available. When you select the Apply option for multiple devices, APSolute Vision tries to lock all the selected devices. If APSolute Vision is able to lock all the devices, APSolute Vision performs the Apply operation. When the operation completes, APSolute Vision unlocks the devices that were unlocked prior to the operation. If APSolute Vision is not able to lock all the devices because some of the devices are locked by another user, a pop-up message is displayed, asking you whether to continue the Apply operation on the remaining devices (that is, the devices are locked by you or not locked at all). If you confirm the action, APSolute Vision performs the Apply operation. When the operation completes, APSolute Vision unlocks the devices that were unlocked prior to the operation.

Note: During the Apply operation, the device icon in the device

pane may momentarily change from “locked” to

“maintenance” , and the value of the Status parameter in the device-properties pane may momentarily change from Up to Maintenance.

Save Saves the current configuration in backup memory and saves the active configuration by overwriting the current configuration. TW Note that there is also Save Configuration (no back up), which saves the current configuration to the flash memory.When you select a single device, this option is available only if the device is locked. When you select multiple devices, this option is always available.

Revert Reverts the device to the current active configuration.When you select a single device, this option is displayed only if the device is locked and the new configuration settings were not applied. When you select multiple devices, this option is always available.

Revert Apply Reverts the device to the current saved configuration.When you select a single device, this option is displayed only if the device is locked and the new configuration settings were applied but not saved. When you select multiple devices, this option is always available.




To perform a configuration-management action on a single device

1. From the device pane, select the device name.2. Click the required button. The Diff Flash option is available when you click the Diff button. The

Revert Apply option is available when you click the arrow next to the Revert icon.

Figure 40: Apply (Required) and Save (Required) Buttons

Figure 41: Revert Button—Arrow Clicked Shows Revert and Revert Apply Options

Diff Collects the pending configuration changes. You can view, save, and copy the text when you double-click the associated message in the Alerts tab in the Alerts pane.When you select multiple devices, this option is not supported.

Note: For more information, see Using the Diff Feature, page 198.

Diff Flash Collects the pending configuration changes and the affected configuration stored in flash memory on the device. You can view, save, and copy the text when you double-click the associated message in the Alerts tab in the Alerts pane. When you select multiple devices, this option is not supported.

Note: For more information, see Using the Diff Feature, page 198.

Dump Collects a dump of the current device configuration. You can view, save, and copy the text when you double-click the associated message in the Alerts tab in the Alerts pane.When you select multiple devices, this option is not supported.

Table 74: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)

Role Description




Figure 42: Diff Button—Clicked Displays Compare, Diff, and Diff Flash Options

Figure 43: Dump Button—Clicked




Upgrading DefensePro Device SoftwareYou can upgrade the software version on DefensePro devices from APSolute Vision.A device upgrade enables the new features and functions on the device without altering the existing configuration. In exceptional circumstances, new software versions are incompatible with legacy configuration files from earlier software versions. This most often occurs when attempting to upgrade from a very old version to the most recently available version.The software version file must be located on the APSolute Vision client system. APSolute Vision transfers the file, over HTTPS, to the APSolute Vision server and uploads it to the device.For a maintenance-only upgrade, a password is not required.New software versions require a password. APSolute Vision can generate a new password automatically, if the device has a valid support agreement. Alternatively, you can obtain the password from the Radware corporate Web site and enter the password manually.After the device upgrade is complete, you must reboot the device.

Caution: Before upgrading to a newer software version, do the following:

• Back up the existing configuration file. For more information, see Downloading a Device-Configuration File, page 627.

• Ensure that you have configured on the device the authentication details for the protocol used to upload the file.

Note: If the DefensePro platform is very far away from the machine with the upgrade file, software upgrade may take a very long time. Besides distance, the line quality may further increase the upgrade time. Long upgrade time may be more common in DefensePro version-8.x platforms, because of the significantly larger size of the upgrade file.

To update the device software version

1. In the device pane, select the device.

2. Click the arrow next to the Operations icon ( ).

3. Select Update Software Versions.

4. Configure software upgrade parameters, and click Update.

5. When the device upgrade is complete, reboot the device.

Table 75: Software Upgrade Parameters

Parameter DescriptionBrowse for File The name of the file to upload.

Software Version The software version number as specified in the new software documentation.




Downloading a DefensePro Log File to the APSolute Vision ClientYou can download a log file to the APSolute Vision system. DefensePro automatically generates a log file, which contains a report of configuration errors.

To download a device log file



3. Click Export Configuration Log File.

4. Configure the download parameters, and click Submit.

Generate Password Automatically Specifies whether APSolute Vision generates the password automatically—after verifying that the device has a valid support agreement.Default: Enabled

Caution: The functionality of the Generate Password Automatically button requires connectivity to radware.com or the proxy server that is configured in the APSolute Vision settings (APSolute Vision Settings view System perspective, General Settings > Connectivity > Proxy Server Parameters).

Password(This parameter is available only when the Generate Password Automatically checkbox is cleared.)

The password received with the new software version. The password is case sensitive.

Confirm Password(This parameter is available only when the Generate Password Automatically checkbox is cleared.)

The password received with the new software version. The password is case sensitive.

Browse for File The name of the file to upload.

Caution: You must use the original filename.

Table 75: Software Upgrade Parameters (cont.)





Managing a Radware Signature File or Fraud Signature File in DefensePro DevicesYou can upload an updated Radware signature file or fraud signature file to a DefensePro device.Uploading an updated fraud signature file is relevant only for DefensePro 6.x versions and 7.x versions 7.42.09 and later.In DefensePro 6.x versions 6.14.07 and later and 7.x versions 7.42.08 and later, you can also roll the signature file back to the previous version that was loaded on the device.

Note: A signature file on a DefensePro device may also be referred to as the attack database.You can upload an updated Radware signature file to a DefensePro device from the following sources:• Radware.com or the proxy file server that is configured in the APSolute Vision

settings—The Alerts pane displays a success or failure notification and whether the operation was performed using a proxy server. The configuration of the proxy server in the APSolute Vision Settings view System perspective, under General Settings > Connectivity > Proxy Server Parameters.

• APSolute Vision client system—The name of the signature file must be one of the following:

— <Device-MAC-address>.sig—For DefensePro physical platforms.

— <Device-IP-address>.sig—For DefensePro virtual platforms.

Caution: Updating the signature file consumes large amounts of resources, which may cause the device to go temporarily into an overload state. Radware recommends updating the signature file during hours of low activity.

Tip: You can schedule signature-file updates in the APSolute Vision scheduler. For more information, see Managing Tasks in the Scheduler, page 288.

To update the signature file of a device



3. Select Update Security Signatures.

4. Configure the parameters, and click Update.




Rolling Back the Signature FileThis feature is supported only in DefensePro 6.x versions 6.14.07 and later and 7.x versions 7.42.08 and later.When the signature file on a DefensePro device gets updated, DefensePro stores the previous version. Use the Roll Back command to roll the signature file back to the previous version that was loaded on the device. You may require this command if you encounter an error after a signature-file update, a corrupted signature file, and so on.

Note: A signature file on a DefensePro device may also be referred to as the attack database.

To roll the signature file on the device back to the previous version



3. Select Update Security Signatures.

4. Click Roll Back.

Table 76: Update Device Signature File Parameters for DefensePro

Parameter DescriptionSignature Type The type of the signature file to upload to the device.

Values:• Radware Signatures• Fraud Signatures

Note: You can select Fraud Signatures only on DefensePro version-6.x devices that have Fraud Protection enabled, and version-7.x devices with version 7.42.09 and later that have Fraud Protection enabled.

Update From The location of the signature file to upload.Values:• Radware.com—APSolute Vision uploads the signature file directly

from Radware.com or from the proxy server that is configured in the Vision Server Connection configuration.

• Client—APSolute Vision uploads the signature file from the APSolute Vision client system. This option is only available for Radware signatures.

File Name (This parameter is displayed only when Update From Client is selected)

Name of the signature file on the client system.




Downloading a DefensePro Technical Support FileFor debugging purposes, a DefensePro device can generate a TAR file containing the technical information that Radware Technical Support requires. The file includes output of various CLI commands, for example, a printout of the Client table.You can download a DefensePro technical support file and send it to Radware Technical Support.

Note: You can also download a DefensePro technical support file using the DefensePro CLI. For more information, see the DefensePro User Guide.Use the following procedure to download a technical support file using APSolute Vision.

To download a technical support file using APSolute Vision



3. Select Export Technical Support File.

4. Configure the download parameters, and click Submit.

Managing DefensePro ConfigurationsThis section describes how to manage configurations of the DefensePro devices that are managed on the APSolute Vision server.

DefensePro Configuration File ContentThe configuration file content is divided into two sections:• Commands that require rebooting the device—These include BWM Application

Classification Mode, Application Security status, Operation Mode, tuning parameters, and so on. Copying and pasting a command from this section takes effect only after the device is rebooted. The section has the heading: The following commands will take effect only once the device has been rebooted!

• Commands that do not require rebooting the device—Copying and pasting a command from this section takes effect immediately after pasting. The commands in the section are not bound to SNMP. The section has the heading: The following commands take effect immediately upon execution!

The commands are printed within each section—in the order of implementation.

Table 77: Device Technical Support File Download Parameters

Parameter DescriptionDownload Via (Read-only) The protocol used to download the technical support file.

Value: HTTPS

Save As Save the downloaded technical support file as a text file on the APSolute Vision system. Enter or browse to the location of the saved file, and select or enter a file name.




At the end of the file, the device prints the signature of the configuration file. This signature is used to verify the authenticity of the file and that it has not been corrupted. The signature is validated each time the configuration file is uploaded to the device. If the validity check fails, the device accepts the configuration, but a notification is sent to the user that the configuration file has been tampered with and there is no guarantee that it works. The signature looks like File Signature: 063390ed2ce0e9dfc98c78266a90a7e4.

Downloading a Device-Configuration FileYou can download a configuration file from a managed device to APSolute Vision, for backup. If you choose to download to the APSolute Vision server, a copy is always saved in the APSolute Vision database.By default, you can save up to five (5) configuration files per device on the APSolute Vision server. You can change this number in the APSolute Vision Setup page—up to a maximum of 10. When the limit is reached, you are prompted to delete the oldest file. For more information, see Configuring APSolute Vision Server Advanced Parameters, page 151.

Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more information, see Managing Tasks in the Scheduler, page 288.

To download a device-configuration file



3. Select Export Configuration File.

4. Configure the download parameters, and then, click OK.

Table 78: Device Configuration File Download Parameters

Parameter DescriptionDestination The destination of the device configuration file.

Values: Client, Server

Include Private Keys Specifies whether the certificate private key information is included in the downloaded file.Default: Disabled

Passphrase(This parameter is available only in DefensePro 8.x versions 8.14 and later and only when the Include Private Keys checkbox is selected.)

The user-defined passphrase for the encryption of the private keys.Minimum characters: 4Maximum characters: 64




Restoring a Device ConfigurationYou can restore a DefensePro or DefenseFlow configuration from a backup configuration file on the APSolute Vision server or client system to the DefensePro or DefenseFlow device. When you upload the configuration file to the device, it overwrites the existing device configuration.After the restore operation is complete, you must reboot the device.

Caution: Importing a configuration file that has been edited is not supported.

Caution: Importing a configuration file from a different version is not supported.

To restore a device’s configuration



3. Click Import Configuration File.

4. Configure upload parameters, and then, do one of the following:

— If you select Upload From Client, click Import.— If you select Upload From Server, click Update.

5. When the upload completes, reboot the device.

Confirm Passphrase(This parameter is available only in DefensePro 8.x versions 8.14 and later and only when the Include Private Keys checkbox is selected.)

The user-defined passphrase for the encryption of the private keys.Minimum characters: 4Maximum characters: 64

Save As(This parameter is displayed only when Destination is Server.)

On the server, the default name is a combination of the device name and backup date and time. You can change the default name.

Table 79: Device Configuration File Upload Parameters

Parameter DescriptionUpload From The location of the backup device-configuration file to send.

Values: Client, Server

Table 78: Device Configuration File Download Parameters (cont.)





Updating DefensePro Policy ConfigurationsYou can apply the following configuration changes to a DefensePro device in a single operation:• Network Protection policy• Server Protection policy • ACL policy• White list• Black list• Classes

To update policy configurations on a DefensePro device

> In the device pane, select the device, and then, click Update Policies ( ).

File Name (This parameter is available only when Upload From is Client.)

When uploading from the computer running the APSolute Vision client— that is, the browser, enter or browse to the name of the configuration file to upload.

File for Upload(This parameter is available only when Upload From is Server.)

When uploading from the APSolute Vision server, select the configuration to upload.

Passphrase(This parameter is available only in DefensePro 8.x versions 8.14 and later.)

The passphrase for the decryption of the private keys—if a passphrase was used to encrypt the file when it was exported (see Downloading a Device-Configuration File, page 207).Minimum characters: 4Maximum characters: 64

Table 79: Device Configuration File Upload Parameters (cont.)



CHAPTER 7 – USING THE TOOLBOX

This chapter contains the following main sections:• Using and Managing Toolbox Scripts, page 211• Using DefensePro Templates, page 240• Using AppShape Templates and Instances, page 248

Using and Managing Toolbox ScriptsThe following sections describe using and managing Toolbox scripts:• Toolbox Scripts—Basics, page 211• Managing and Customizing Panels in the Toolbox Dashboard, page 214• User Roles and Toolbox Scripts, page 216• vDirect and vDirect Access to Devices, page 216• Prerequisites for Target Devices of Toolbox Scripts, page 216• Predefined Toolbox Scripts, page 217• Device Locking and Toolbox Scripts, page 227• Running Scripts, page 227• Managing Toolbox Scripts, page 233• Writing and Editing Toolbox Scripts, page 237

Toolbox Scripts—BasicsUse Toolbox scripts to automate common tasks on managed Alteon, DefensePro, and LinkProof NG devices.When you run a script, you configure the target devices and, if required, configure parameters.When you specify the target devices for a script—that is, configure the Target Device List, you can select individual devices or Logical Groups of devices. When you select a Logical Group, the effective Target Device List dynamically updates, according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Target Device List changes accordingly. For more information, see Using Logical Groups of Devices, page 190.You can run a Toolbox script in the following ways:• From the Toolbox dashboard• From a device toolbar• From the Operator Toolbox pane from the Advanced Toolbox tree• Using an Operator Toolbox scheduled task.

The APSolute Vision installation includes many predefined Toolbox scripts, which are for routine tasks on managed devices. By default, the Toolbox dashboard contains most of the predefined Toolbox scripts and displays the scripts that are relevant to your role. For more information, see Predefined Toolbox Scripts, page 217.The configuration of each script includes the RBAC roles that are permitted to run the script. For more information, see User Roles and Toolbox Scripts, page 216.


Using the Toolbox


Caution: Target devices need to be accessible, must have SSH and SNMP access enabled, and there are some other issues. If a target device is inaccessible, the operation will fail for the remaining devices. For more information, see Prerequisites for Target Devices of Toolbox Scripts, page 216.

Figure 44: Toolbox Dashboard

Tip: If most of your work with APSolute Vision involves using a Toolbox script, set your landing page to it (APSolute Vision Settings view Preferences perspective, User Preferences > Display).

You can hover over a script icon to perform several basic actions—for example, to run the script.

Clicking here displays buttons to customize the panel. You can select a script from another panel and move it to the currently selected panel. You can maximize the panel. You can remove the panel from the dashboard.

Here is an example of a user-defined icon for a user-defined script.

You can customize your view of the dashboard. You can drag and drop a script from one category panel to another category panel. You can add scripts to the Favorites panel. You can resize panels and drag panels where you want.

Toolbox icon—Displays the Toolbox dashboard. Clicking the Advanced icon displays the advanced features of the Toolbox.

Clicking here restores the default view of the Toolbox.

Clicking here opens the Categories Repository.


Using the Toolbox


Hovering over a script icon displays buttons to do the following:• Configure a scheduled task to run the script. For more information, see the procedure To

configure a scheduled task for a script from the Toolbox dashboard, page 231.• Remove the script from your view of the dashboard.• Run the script. For more information, see the procedure To run a Toolbox script from the

Toolbox dashboard, page 228.• Run the script the last configuration.

Figure 45: Hovering Over a Script Icon

Clicking the button in the top-right corner of a category panel displays buttons to do the following:• Select a script in another panel and move it to the currently selected panel• Maximize the panel• Remove the panel from the dashboard

Note: You can return the category panel to the dashboard display using the Categories Repository. Clicking Restore Default View restores all the panels and removes all other modifications to the dashboard.

Figure 46: Category-Panel-Display Buttons

In the Categories Repository, you can select which category panels the Toolbox dashboard displays.

Figure 47: Categories Repository


Using the Toolbox


Managing and Customizing Panels in the Toolbox DashboardYou can manage and customize contents of the panels in the Toolbox dashboard.The Toolbox dashboard displays the following panels:• Recently Used• Favorites • The following category panels:

— Configuration— Data Export— Emergency— High Availability— Monitoring— Operations

The Recently Used panel contains up to six scripts that you have used most recently. APSolute Vision populates the panel on a first-in-first-out basis but with weight on the number of uses. For example, if you used a script, Script_A, 10 times and other scripts fewer times, Script_A will be the last one that APSolute Vision removes, even if Script_A was the first one that APSolute Vision added to the panel.The Favorites panel contains your favorite scripts. You can drag and drop a script from a category panel to the Favorites panel. You can add one or multiple scripts from category panels to the Favorites panel. You can delete scripts from the Favorites panel as you wish.The contents of the Recently Used and Favorites panels in the Toolbox dashboard are per user, per browser, and per machine.

Caution: If you delete the data from the browser, the contents of the Recently Used and Favorites panels revert to the default display.

You can manage the contents of the category panels, but there are some logical restrictions. You can drag and drop a script from one category panel to another category panel or to the Favorites panel. You can also select a script in another category panel, or an Unassigned script, and move it to the currently selected panel (see the procedure To add one or multiple scripts to a panel in the Toolbox dashboard, page 215). A Toolbox script can exist in only one category panel. The Toolbox dashboard can, however, display a script in a category panel and also in the Recently Used and/or Favorites panels.

Caution: The contents of the category panels in the Toolbox dashboard are stored on the APSolute Vision server. If you move a script to another category panel, the Category field changes accordingly (see Category in Configuring a Toolbox Script in APSolute Vision, page 235), and other users will see that script in the panel to which you moved that script. If you delete a script from a category panel, the Category field changes to Unassigned, and users will not see that script in the Toolbox dashboard anymore. However, it is possible to return the script to the Toolbox dashboard using the Add Script dialog box.

Use the Add Scripts dialog box to add one or multiple scripts to a panel in the Toolbox dashboard.


Using the Toolbox


Figure 48: Add Scripts Dialog Box

To add one or multiple scripts to a panel in the Toolbox dashboard

1. Click Toolbox ( ). The Toolbox dashboard opens.

2. In the top-right corner of a panel to which you want to add scripts, click the button and then

the button. The Add Scripts dialog box opens.

3. Do the following as convenient:

— Expand or collapse the category headings.— Type a string in text box to show only the matching script names.

4. Select the required scripts (using standard Windows key combinations), and click Select.

To delete a script from the Toolbox dashboard


2. Hover over the required script and click the button.

The Unassigned category contains the scripts in the APSolute Vision server with the Category value Unassigned. Here, the category list is expanded, and it contains an example of a user-defined icon for a user-defined script.

Type a string in this box to show only the matching script names.

The Add Scripts dialog box displays only the categories that are populated. Here, the category lists are collapsed.


Using the Toolbox


User Roles and Toolbox ScriptsThe configuration of each script includes the RBAC roles that are permitted to run the script. Users may run a script from the Toolbox dashboard or a device toolbar. The Operator Toolbox node in the Advanced Toolbox tree (for managing scripts) is available only to users with the Administrator or Vision Administrator roles. For more information, see Role-Based Access Control (RBAC), page 68.Users with the Administrator, Vision Administrator, or System User roles can run and manage Toolbox scripts in APSolute Vision. This includes adding scripts to the APSolute Vision server, modifying script properties, exporting scripts, and deleting scripts from the APSolute Vision server. For example, an administrator can upload a script, specify the roles that can run a script, expose a script in the Toolbox dashboard, and display an icon for a script in the toolbar of the managed devices. For more information, see Managing Toolbox Scripts, page 233.

vDirect and vDirect Access to DevicesToolbox scripts use the vDirect infrastructure. Toolbox scripts are text files with the .vm extension, which use vDirect syntax. There is a vDirect repository in the APSolute Vision server for Toolbox scripts, which is called Configuration Templates. Users with the Administrator or Vision Administrator, roles can access vDirect to add and edit scripts. For more information, see Writing and Editing Toolbox Scripts, page 237 and Using vDirect with APSolute Vision, page 657.

Prerequisites for Target Devices of Toolbox ScriptsThis section contains the following topics:• Device Connectivity for Target Devices of Toolbox Scripts, page 216• DefensePro Traps that Must Be Disabled for Target Devices of Toolbox Scripts, page 216

Device Connectivity for Target Devices of Toolbox ScriptsTarget Alteon and LinkProof NG devices must have SSH enabled and SNMP access enabled on the management interface (/c/sys/mmgmt/snmp mgmt, /c/sys/access/snmp w, and /c/sys/access/sshd/on).

Target DefensePro devices must have SSH and SNMP access enabled (manage ssh status set enable and manage snmp status set enable).

DefensePro Traps that Must Be Disabled for Target Devices of Toolbox ScriptsCertain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled by default, and they are used primarily only for troubleshooting. When these traps are disabled, traps can still, however, go to the syslog and to APSolute Vision.

To check whether the traps are disabled, as required

> In the DefensePro CLI, run the following commands:

— services auditing status—Required result: Auditing Status: Disabled

— manage terminal trap-echo—Required result: Traps Echo Disabled

— manage terminal traps-output get—Required result: Trap output: off

Perform the following procedure for each trap type that is not disabled as required.


Using the Toolbox


To disable the traps, as required


— services auditing status set 2

— manage terminal trap-echo set 2

— manage terminal traps-output set 3

Predefined Toolbox ScriptsThe following tables describe the default configuration of predefined Toolbox scripts that are exposed in theAPSolute Vision Operator Toolbox tab:• Table 80 - ADC and Alteon Predefined Toolbox Scripts, page 218• Table 81 - DefensePro Predefined Toolbox Scripts, page 221• Table 82 - Miscellaneous Predefined Toolbox Scripts, page 226

Caution: If you intend to run a predefined script often, you may want to modify its default configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts, which overwrite any script modifications that you have made to the predefined scripts. If you modify a predefined script, Radware recommends downloading the file, renaming it, and uploading it to APSolute Vision as a new script with your modifications.

Notes

• Almost all the predefined Toolbox scripts that are exposed in the Operator Toolbox tab are displayed with an icon (a .svg file) in the Toolbox dashboard. In the following tables, if the Icon column in contains a value, the Toolbox scripts is displayed in the Toolbox dashboard.

• The vDirect repository (Configuration Templates) includes some predefined scripts, which, by default, are not exposed in the Toolbox dashboard or Operator Toolbox tab. The predefined scripts that are not exposed in the Operator Toolbox tab are mostly for internal use.


Using the Toolbox


Table 80: ADC and Alteon Predefined Toolbox Scripts

Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)ADC Check Certificate Validity

Finds Alteon and LinkProof NG devices that have a certificate that expires within a specified number of days.

• Administrator• Vision Administrator• System User• Certificate Administrator• ADC + Certificate

Administrator• Device Administrator

Alteon_Check_Certificate_Validity

certificate_alteon

ADC Check Policy Compliance

Finds SSL policies in Alteon and LinkProof NG devices whose selected parameters do not match specified values.

• Administrator• Vision Administrator• System User• Device Viewer• ADC Administrator• ADC + Certificate


Alteon_Check_Policy_Compliance

check_policy_alteon

ADC Create Users Creates a user in ADC devices. • Administrator• Vision Administrator• System User• Device Administrator

ADC_Create_Users add_user_alteon

ADC Delete Users Deletes a user from ADC devices. • Administrator• Vision Administrator• System User• Device Administrator

ADC_Delete_Users delete_user_alteon


Using the Toolbox


ADC Find Apply Pending Finds Alteon and LinkProof NG devices that have a configuration that has not been applied yet.

• Administrator• Vision Administrator• System User• Device Viewer• ADC Operator• ADC Administrator• ADC + Certificate


Alteon_Find_Apply_Pending

find_apply_pending_alteon

ADC Find Save Pending Finds Alteon and LinkProof NG devices that have a configuration that has not been saved yet.



Alteon_Find_Save_Pending

find_save_pending_alteon

ADC Setup Device Implements a basic configuration on Alteon and LinkProof NG devices (including NTP, syslog, SSH, and SMTP settings).

• Administrator• Vision Administrator• System User• Device Administrator

Alteon_Setup_Device

setup_alteon

ADC Update Users Updates user credentials in ADC devices.


ADC_Update_Users edit_user_alteon

Table 80: ADC and Alteon Predefined Toolbox Scripts (cont.)

Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)


Using the Toolbox


Alteon Enable/Disable Real Servers

Enables or disables multiple real servers across multiple ADC devices based on their IP addresses.

• Administrator• Vision Administrator• System User• ADC Administrator• ADC + Certificate


ADC_TurnOffOn_All_Real_Servers

disable-enable-multiple-real-servers_alteon

Alteon Enable/Disable Virtual Servers

Enables or disables all virtual servers, including the VRRP virtual routers that are linked to them.



Alteon_TurnOffOn_All_Virtual_Servers

enable_policy_alteon

Alteon Execute CLI Command on All Entities

Executes any CLI command on all entities of one of the following types: real servers, groups, virtual servers, VLANs, interfaces, VRRP virtual routers, ports, and filters.


Alteon_Execute_Cmd_On_All_Objects

deploy_policy_alteon

Alteon Find Unused Entities Finds Alteon entities that are currently not in use (real servers that are not used by any group, groups with no real servers, groups with no session statistics, virtual servers with no session statistics).



Alteon_Find_Unused_Entities

find_unused_alteon




Using the Toolbox


Alteon High-Availability Configuration

Configures a High Availability service/switch on Alteon devices.

• Administrator• Vision Administrator• System User• ADC Operator• ADC Administrator• ADC + Certificate


Alteon_HA_Configuration

high_availability_alteon

Alteon Specify ERT IP Reputation Feed Source

Configures Alteon devices to fetch the ERT IP Reputation Feed via a specified source.

• Administrator• Vision Administrator• System User

Alteon_Set_TOR_Feed

N/A

Table 81: DefensePro Predefined Toolbox Scripts

Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)DefensePro 6.x Deploy Network Protection Policy for Enterprise

Deploys a new Network Protection policy on DefensePro version-6.x devices. The operator needs to enter the full range for the network to protect and the bandwidth. Then, the operator can add services from a predefined list.

• Administrator• Vision Administrator• System User• Security Administrator• Device Administrator

DefensePro_Deploy_Network_Policy_6_x

deploy_policy_dp

DefensePro 6.x Setup Device

Implements a basic configuration on DefensePro version-6.x devices (including NTP, syslog, SSH, and SMTP settings).


DefensePro_6_x_Setup_Device

setup_dp




Using the Toolbox


DefensePro Add Network Classes by Mask

Creates a DefensePro Network Class object using a subnet mask.


DefensePro_Add_Network_Classes_by_Mask

add_network_dp

DefensePro Add Network Classes by Range

Creates a DefensePro Network Class object using an IP range.


DefensePro_Add_Network_Classes_by_Range

add_network_dp

DefensePro Add Network Classes with Common Mask

Creates a DefensePro Network Class object with a subnet mask and multiple IP addresses (for quick updates).


DefensePro_Add_Network_Classes_with_Common_Mask

add_network_dp

DefensePro Check Network Policy Compliance

Finds the DefensePro Network Protection policies that differ from one specified policy.


DefensePro_Check_Network_Policy_Compliance

check_policy_dp

DefensePro Create Users Creates a user in DefensePro devices.


DefensePro_Create_Users

add_user_dp

Table 81: DefensePro Predefined Toolbox Scripts (cont.)



Using the Toolbox


DefensePro Delete Active Attackers Feed Entries from Blacklist Rules

Deletes the Black List rules from the ERT Active Attackers Feed from DefensePro devices.


DefensePro_Delete_ERTActiveDDoSFeed_ACLRules

N/A

DefensePro Delete Users Deletes a user from DefensePro devices.


DefensePro_Delete_Users

delete_user_dp

DefensePro Deploy Network Protection Policy for MSSP

Deploys a new Network Protection policy. It deploys the policies per service for an MSSP environment.


DefensePro_Deploy_Policies_for_MSSP

edit_policy_dp

DefensePro Enable/Disable Policies

Toggles the state (enabled/disabled) of a specified Network Protection policy on selected DefensePro devices. The policy name can be specified using a regular expression.


DefensePro_Toggle_Policy_State_Based_On_Policy-regex

enable_policy_dp

DefensePro Export/Import Policies

Exports policies from a selected DefensePro device and imports the policies to one or more target devices.For more information on the feature, see Using DefensePro Templates, page 240.


DefensePro_Export_And_Import_Policy

check_policy_dp




Using the Toolbox


DefensePro Find Update Policy Pending

Finds DefensePro devices that have a configuration that is pending an Update Policies action.


DefensePro_Find_Update_Policy_Pending

find_upsate_policy_pending_dp

DefensePro Locate Policies and Profiles with Specified Signature

Finds the policies and profiles that use a specified Signature ID.

• Administrator• Device Administrator• Security Monitor• Security Administrator

DefensePro_Search_Signature

tune_BDoS_profiles_DP

DefensePro Reset BDoS Policy Baselines

Resets the BDoS baselines of specified policies on DefensePro devices.


DefensePro_Reset_BDoS_Policy_Baselines

reset_policy_bdos

DefensePro Reset DNS Policy Baselines

Resets the DNS baselines of specified policies on DefensePro devices.


DefensePro_Reset_DNS_Policy_Baselines

reset_policy_dns

DefensePro Tune BDoS Profiles

Provides options for tuning existing BDoS profiles.


DefensePro_Tune_BDos_Profile

tune_BDoS_profiles_DP




Using the Toolbox


DefensePro Update Users Updates user credentials in DefensePro devices.


DefensePro_Update_Users

edit_user_dp




Using the Toolbox


Table 82: Miscellaneous Predefined Toolbox Scripts

Action Title Description/Remark Permitted Roles vDirect Filename (.vm)

Icon Filename (.svg)

DefenseSSL Quick Setup

Configures a DefensePro version-8.x device with SYN Flood Protection and SSL Mitigation, and configures an Alteon device that acts as the SSL Decryption Unit.The Alteon device that acts as the SSL Decryption Unit must be an Alteon standalone or VA platform of version 30.0 and later.In DefensePro versions 8.14 and later, before you can run the script, you must select the option Enabled, Using an External Device.

Notes: • For information on the SSL Mitigation feature, see

the relevant sections in the DefensePro User Guide or the APSolute Vision online help.

• After the Toolbox script configures the DefensePro and Alteon devices, you can modify the configuration on the devices. Be aware, however, that modifying the configuration of the DefensePro device may require modifying the configuration of the Alteon device or vice versa.


DefenseSSL_DPv8_Alteon_Quick_Setup

N/A

Validate All APM Services

Validates the APM configuration for all APM-enabled services.For more information on APM, see the Application Performance Monitoring User Guide and other related documentation.


Administrator• Device Configurator• Device Administrator

Validate_All_Apm_Services

apm_alteon.svg


Using the Toolbox


Device Locking and Toolbox ScriptsThe Toolbox script determines whether the target devices must be locked for the script to run.If the script does not require device locking, any Toolbox mechanism can run the script (whether or not the device is locked by any user).If the script requires device locking:• When an Operator Toolbox scheduled task runs the script, APSolute Vision tries to lock the

device. If the locking action is successful, the script runs, and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox scheduled task fails.

• When a user runs the script, and the device is already locked by the user, the script runs.• When a user runs the script, and the device is not locked by the user, the APSolute Vision tries to

lock the device for the user. If the locking action is successful, the script runs, and then, APSolute Vision unlocks the device. If the locking action fails, APSolute Vision issues an error message and stops trying to run the script.

The following predefined scripts do not require device locking:• DefensePro Check Network Policy Compliance• DefensePro Find Update Policy Pending• ADC Check Certificate Validity• ADC Check SSL Policy Compliance• ADC Find Apply Pending• ADC Find Save Pending

Running ScriptsYou can run a script in the following ways:• From the Toolbox dashboard• From a device toolbar• From the Operator Toolbox tab in the Advanced tree

Caution: Before you try running a script, see Prerequisites for Target Devices of Toolbox Scripts, page 216.

Note: You cannot specify a high-availability cluster as a target device of a Toolbox script.

Tip: If you select devices in the device pane Sites and Devices tree or Physical Containers tree and then run a Toolbox script, the Selected list of target devices is populated automatically.

Tip: Once you have run a Toolbox script from the Toolbox dashboard, you can run the script again using the same configuration as the last time. All you need to do is hover over the required script and click the button.


Using the Toolbox


Figure 49: Button to Run a Script Using the Last Configuration

To run a Toolbox script from the Toolbox dashboard


2. Hover over the required script and click the button. The Run Script: <script name> tab opens.


— In the Target Device List tab, specify the target devices. That is, select entries from the lists and use the arrows to move the entries to the other lists as required. The Target Device List tab contains the Available lists and the Selected lists of devices and Logical Groups (of devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices that the script runs on. The Selected Logical Group list displays the Logical Groups with the devices that the script runs on.

— In the Parameters tab, configure the script-specific parameters.Note: When a Logical Group is selected, the effective Target Device List dynamically updates, according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Target Device List changes accordingly. For more information, see Using Logical Groups of Devices, page 190.

4. Click Submit. The Output Script: <script name> tab opens.

The Output Script: <script name> tab contains the following three fields: — Status—The short status of the script, for example, Operation Completed.— Output—The output that the script returned after a successful run. — CLI Output—The full CLI output of the script.

Notes

— You can leave the Output Script: <script name> tab open and rerun the script. Having multiple instances of the Output Script: <script name> tab enables you to compare the results of multiple runs.

— The Run Script: <script name> tab open after a run, so you can go back and look at the script parameters and compare them to the output. You can also rerun the same script, or change parameters and then rerun it.

— Only one Run Script: <script name> tab can be open concurrently. If you want to run another script, you need to close the Run Script: <script name> tab.


Using the Toolbox


A device toolbar may display one or more icons that enable a device user to run a script. For more information, see Configuring a Toolbox Script in APSolute Vision, page 235.

To run a script from a device toolbar

1. Open the device and click the relevant icon in the device toolbar. The Run Script: <script name> tab opens.






Notes



— Only one Run Script: <script name> tab can be open at any one time. If you want to run another script, you need to close the Run Script: <script name> tab.

To run a Toolbox script from the Operator Toolbox tab in the Advanced tree

1. Click Toolbox ( ) and select Advanced > Operator Toolbox.

2. Select the script, and click the (Run Script) button. The Run Script: <script name> tab opens.


Using the Toolbox







Notes



— Only one Run Script: <script name> tab can be open at any one time. If you want to run another script, you need to close the Run Script: <script name> tab.

Configuring a Scheduled Task for a Script in the Toolbox DashboardYou can configure a new scheduled task for a script from the Toolbox dashboard. The task type is Operator Toolbox. If your configuration is successful, the Scheduler’s Task List table displays your new task.

Notes

• For more information on scheduled tasks, including modifying Operator Toolbox tasks, see Scheduling APSolute Vision and Device Tasks, page 287.

• APSolute Vision issues a failure message if any task action is not successful. The failure message includes the result of each action—that is, whether the action succeeded or failed for each target device.

• The configuration of the Toolbox script determines whether the target device must be locked for the script to run. If the script requires device locking, when an Operator Toolbox task runs the script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs, and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox task fails.

• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes the device from the Target Device List and continues running the task.

• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision disables the task.


Using the Toolbox


To configure a scheduled task for a script from the Toolbox dashboard


2. Hover over the required script and click the button. The Add Toolbox Script tab opens. The Task Type value is Operator Toolbox, and in the Configuration Template tab, the Selected Script text box displays the filename of the selected script.

3. Configure the remaining parameters, which are described in Operator Toolbox Task—Parameters, page 302, and click Submit.

Table 83: Operator Toolbox: General Parameters

Parameter DescriptionName The name of the task.

Description A user-defined description of the task.

Enabled When selected, the task runs according to the defined schedule. Disabled tasks are not activated, but the task configuration is saved in the database.

Table 84: Operator Toolbox: Schedule Parameters

Parameter DescriptionRun The frequency at which the task runs.

Select a frequency, then configure the related time and day/date parameters. Values:• Once—The task runs one time only at the specified date and time.• Minutes—The task runs at intervals of the specified number of

minutes between task starts.• Daily—The task runs daily at the specified time.• Weekly—The task runs every week on the specified day or days, at

the specified time.

Note: Tasks run according to the time as configured on the APSolute Vision client.

Time1 The time at which the task runs.

Date2 The date on which the task runs.

Minutes3 The interval, in minutes, at which the task runs.

Run Always4 Specifies whether the task always runs or only during the defined period.Values:• Enabled—The task is activated immediately and runs indefinitely, with

no start or end time. It runs at the first Time configured with the Frequency in the Schedule tab.

• Disabled—The task runs (at the time and frequency specified in the Schedule tab) from the specified Start Date at the Start Time until the End Date at the End Time.

Default: Enabled


Using the Toolbox


Start Date5 The date and time at which the task is activated.

Start Time

End Date The date and time after which the task no longer runs.

End Time

1 – This parameter is available only when the specified Run value is Once, Daily, or Weekly.

2 – This parameter is available only when the specified Run value is Once.3 – This parameter is available only when the specified Run value is Minutes.4 – This parameter is available only when the specified Run value is Minutes, Daily, or

Weekly.5 – This parameter is available only when the Run Always checkbox is cleared.

Table 85: Operator Toolbox: Configuration Template

Parameter DescriptionSelected Script (Read-only) The script that is selected in the table—with the file name.

To select the script, click the script from the Action Title column.The table contains all the Toolbox scripts that you have permission to run. The table comprises the following columns: Action Title, File Name, and Category.

Note: When you change a selection, the parameters in the Parameters tab change accordingly.

Table 86: Operator Toolbox: Parameters Parameters

Parameter DescriptionNote: This tab is available only when the script that is selected in the Configuration Template tab includes configuration parameters.

The parameters for the selected script.

Table 87: Operator Toolbox: Target Device List


The Available lists and the Selected lists of devices and Logical Groups (of devices of the appropriate type). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical Group list displays the Logical Groups that the Toolbox script runs on.Select entries from the lists and use the arrows to move the entries to the other lists as required.

Note: When a Logical Group is selected, the effective Target Device List dynamically updates— according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Target Device List changes accordingly. For more information, see Using Logical Groups of Devices, page 190.

Table 84: Operator Toolbox: Schedule Parameters (cont.)



Using the Toolbox


Managing Toolbox ScriptsUsers with the Administrator or Vision Administrator roles can access the Operator Toolbox pane from the Advanced Toolbox tree and manage Toolbox scripts.Managing Toolbox scripts comprises the following:• Using the Operator Toolbox Pane, page 233• Configuring a Toolbox Script in APSolute Vision, page 235• Deleting a Toolbox Script from APSolute Vision, page 237• Downloading a Toolbox Script, page 237

Using the Operator Toolbox Pane Use the Operator Toolbox pane from the Advanced Toolbox tree to manage Toolbox scripts.

To open the Operator Toolbox pane

> Click Toolbox ( ) and select Advanced > Operator Toolbox.

Figure 50: Operator Toolbox Pane in the Advanced Toolbox Tree

Buttons for managing a script: Add, Edit (that is, its properties not the script itself), Delete, and Download.

Run button—Runs the selected script and opens the Run Script tab, where you specify the target devices and script-specific values.

Categories—You can define a category for each script, organizing your scripts into meaningful groups, to make it easier to locate relevant scripts. When you click on a category node, the Operator Toolbox tab displays only the scripts belonging to that category.

Advanced icon—Displays the advanced features of the toolbox.


Using the Toolbox


The table in the Operator Toolbox tab, which contains most of the default scripts configured in the APSolute Vision server, comprises the following columns:• Action Title—The title for the script.• File Name—The file name of the script, which is a hyperlink to the script in the vDirect module.

You can edit the script in the user interface of the vDirect module.• Description—The user-defined description of the script.• Category—The category assigned to sort the script. When you click on the category node, the

Operator Toolbox tab displays only the scripts belonging to the category.• Toolbar Icon—The icon that runs the script from the toolbar of a managed device. This is

relevant only when the Assign to Toolbar parameter is set in the script configuration.• Device Toolbar—The device types whose toolbar displays an icon to run the script.• Uploaded By—The username who uploaded the script to APSolute Vision.• Upload Date—The date the script was uploaded to APSolute Vision.

In the Operator Toolbox tab, you can load the scripts from APSolute Vision or from vDirect. You can run scripts from the Toolbox or from vDirect. Any change you to make to a script is reflected in both locations. The vDirect module in APSolute Vision validates the scripts and hosts them in the vDirect Configuration Templates tab. You can use vDirect to write new Toolbox scripts and then configure them in APSolute Vision. If a script is already configured in APSolute Vision, you can click on its link, which opens the script in vDirect—for you to view or modify as you require.

Note: For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect with APSolute Vision, page 657, and the Radware vDirect documentation that corresponds to the vDirect version in the APSolute Vision server. To find out the vDirect version, in the APSolute Vision Settings view System perspective, select General Settings > Basic Parameters and look in the Software tab.

Caution: See before you try running a script, see Prerequisites for Target Devices of Toolbox Scripts, page 216.

To run a Toolbox script from the Operator Toolbox tab


2. Select the script, and click the (Run Script) button. The Run Script: <script name> tab opens.




Using the Toolbox



4. Click Submit.

Configuring a Toolbox Script in APSolute VisionUse the Operator Toolbox tab to configure a Toolbox script in APSolute Vision.

Note: For information on writing and editing Toolbox scripts (for example, setting default values), see Writing and Editing Toolbox Scripts, page 237.

To configure a Toolbox script in APSolute Vision

1. Click Toolbox ( ) and select Advanced > Operator Toolbox.2. Do one of the following:

— To add an entry to the table, click the (Add) button.

— To edit an entry in the table, select the entry and click the (Edit) button.3. Configure the parameters, and then click Submit.

Table 88: Operator Toolbox Parameters

Parameter DescriptionAction Title The title for the script.


File Name The .vm file. Browse to the file and select it.

Description The description of the script.Maximum characters: 1000

Tooltip The tooltip that displays when you hover over the specified icon in the device toolbar.Maximum characters: 255


Using the Toolbox


Category The category that determines which node (under the parent Operator Toolbox node) contains the script. Specify a category for a script to organize the script into a meaningful group, and make it easier to locate. When you click on a category node, the Operator Toolbox tab displays only the scripts belonging to that category. Values: • Configuration• Data Export• Emergency• High Availability• Monitoring• Operations• UnassignedDefault: Unassigned

Assign to Toolbar Specifies whether you can run the script from the toolbar of a managed device.Default: Disabled

Toolbar Icon(This button is available only when the Assign to Toolbar checkbox is selected.)

The icon that you click to run the script from the toolbar of a managed device.

Device Toolbar The device type whose toolbar displays the icon to click to run the script.Values: Alteon, LinkProof NG, DefensePro, AllDefault: All

Assign to Dashboard Specifies whether you can run the script from the Toolbox dashboard.Default: Disabled

Dashboard Icon(This parameter is available only when the Assign to Dashboard checkbox is selected.)

The icon that you click to run the script from the Toolbar dashboard.

Note: The table in the Operator Toolbox Settings tab manages the icons for the Toolbox dashboard (APSolute Vision Settings view System perspective, General Settings > Operator Toolbox Settings). For more information, see Managing Operator Toolbox Settings, page 156.

RolesConfigure the Selected list with the RBAC roles that are allowed to run the script.The Selected list always includes the roles Administrator, Vision Administrator, and System User, and you cannot remove them.

Notes: • The predefined roles are configured with the appropriate RBAC roles, by default. • For more information on RBAC roles, see Role-Based Access Control (RBAC), page 68.

Table 88: Operator Toolbox Parameters (cont.)



Using the Toolbox


Deleting a Toolbox Script from APSolute VisionUse the Operator Toolbox tab to delete a Toolbox script from APSolute Vision.

To delete a Toolbox script from APSolute Vision


2. Select the script, and click the (Delete) button.

Downloading a Toolbox ScriptUse the Operator Toolbox tab to download or view a Toolbox script in APSolute Vision.

To download or view a Toolbox script

1. Click Toolbox ( ) and select Advanced > Operator Toolbox.2. Configure the filter as necessary (see the procedure To filter the display of the template list,

page 244).

3. Select the rows with the required scripts (using standard Windows key combinations).


5. In the Save As text box, type the path to the target directory or click Browse to browse to the directory.

6. Click Save.

Writing and Editing Toolbox ScriptsThis section contains the following topics:• Allowing a Script To Run on an Unlocked Device, page 238• Guidelines for Setting a Default Value for a Parameter, page 238• Recommended vDirect Elements to Include in Scripts, page 238

Toolbox scripts are text files with the .vm extension, which use vDirect syntax. You can write new scripts, and you can edit existing scripts according to your requirements. For example, if you need to run a script repeatedly with the same values, you can edit the script and define default values for parameters.

Caution: If you intend to run a predefined script often, you may want to modify its default configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts, which overwrite any script modifications that you have made to the predefined scripts. If you modify a predefined script, Radware recommends downloading the file, renaming it, and uploading it to APSolute Vision as a new script.


Using the Toolbox


Notes

• The predefined scripts incorporate the guidelines as appropriate. For example, using #haltOnDeviceError is not incorporated in a script that uses a GET command, and #require_device_lock=false is included in script that makes no change to a device configuration.

• For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect with APSolute Vision, page 657, and the Radware vDirect documentation that corresponds to the vDirect version in the APSolute Vision server. (To identify the vDirect version, in the APSolute Vision Settings view System perspective, select General Settings > Basic Parameters and look in the Software tab.)

Allowing a Script To Run on an Unlocked DeviceBy default, Toolbox scripts cannot run on an unlocked device. For more information, see Device Locking and Toolbox Scripts, page 227.To allow a script to run on unlocked devices, include the following row in the script:

#param($require_device_lock, 'bool', 'out', 'defaultValue=false')

Guidelines for Setting a Default Value for a ParameterYou can set a default value for a script parameter.Here are some snippets showing how to set a default value for a parameter:

• #param($activate, 'type=string', 'prompt=Enable User', 'values=Enable,Disable', 'defaultValue=Enable')

• #param($crtmng, 'type=string', 'prompt=Certificate Management', 'values=Enable,Disable', 'defaultValue=Disable')

• #param($name, 'type=string', 'prompt=Server Name', 'properties={"maxCharLength" : "24"}', 'defaultValue="My Server"')

• #param($privsrc, 'type=ip', 'prompt=Primary Source Address', 'required=false', 'defaultValue=0.0.0.0')

Recommended vDirect Elements to Include in ScriptsWhen you write a vDirect script to use as a Toolbox script in APSolute Vision, Radware recommends using the following elements:

• #haltOnDeviceError(true|false) ... #end—This block directive surrounds a block of commands.When you use the true argument, every command is automatically tested for errors and, if an error response is detected, the script is halted with an exception. The drawback to this is that when you run a Toolbox script on multiple devices, the first exception causes the script to halt.When you use the false argument, no command is tested for errors, and the script is not halted.

• An output parameter, so that the APSolute Vision alert message displays the output of the script formatted well and clearly.


Using the Toolbox


Figure 51: Example Output that Is Not Formatted Well

Figure 52: Example Output that Is Formatted Well

The following is an excerpt of a script that includes an output parameter, so that the APSolute Vision alert message displays the output of the script formatted well and clearly.

#device($alteons, 'type=alteon[]', 'prompt=Alteon/LinkProof NG')

#param($output, 'type=string','out')

#set($output = 'The following devices are pending apply:<br>')

#set($negOutput = 'There are no devices pending apply.')

#set($tempOutput = '')

#foreach($alteon in $alteons)

#select($alteon)

#set($applyTable = $alteon.readAllBeans("AgApply"))

#foreach($applyRow in $applyTable)

#if($applyRow.agApplyPending == 'APPLYNEEDED')

#set($tempOutput = $tempOutput + $alteon.ip + '<br>')

#end

#end

#end

#if($tempOutput.isEmpty())

#set($output = $negOutput)

#else

#set($output = $output + $tempOutput)

#end


Using the Toolbox


Using DefensePro TemplatesThis feature is available only in DefensePro 6.x versions 6.11 and later, 7.x versions, and 8.x versions 8.10 and later.You can export and import DefensePro configuration templates.A DefensePro configuration template can include the configuration (the definitions and security settings) and/or baselines of a Network Protection policy and/or Server Protection policy.A template from a Network Protection policy can include the baselines from the associated DNS and/or BDoS profiles.A template from a Server Protection policy can include learned baselines from the associated HTTP Flood profiles.DefensePro configuration templates do not include the following information:• DefensePro setup and network configuration—For example, device time, physical ports,

and so on.• DefensePro security settings—The protections that a policy template uses must be

supported and enabled globally in the target DefensePro device (that is, the target DefensePro device into which you are importing the policy template). For example, if you export a Network Protection policy that includes a BDoS Protection profile, the DefensePro device into which you are importing the policy template must have BDoS Protection enabled globally (Configuration perspective, Setup > Security Settings > BDoS Protection > Enable BDoS Protection).

• User-defined signatures.• SYN Protection profiles with a user-defined SYN Protection.• User-defined/custom Signature Protection profiles in certain earlier DefensePro

versions—The following versions can include the user-defined/custom Signature Protection profile: 6.x versions 6.13 and later, 7.x versions 7.42.03 and later, and 8.x versions 8.10 and later.

Caution: If the imported BDoS baseline or DNS baseline is below the minimum value in the configuration of the corresponding profile, after an Update Policies action, DefensePro recalculates the baseline or baselines according to the configuration of the profile. (For information on the configuration of profiles, see Configuring BDoS Profiles, page 32 and Configuring DNS Protection Profiles, page 48.)

Notes

• The terms Network Protection policy, and network policy may be used interchangeably in APSolute Vision and in the documentation.

• You can import Network Protection policies from DefensePro platforms running supported 6.x versions into platforms running supported 6.x or 7.x versions.

• You can import Network Protection policies from DefensePro platforms running supported 7.x versions only into other platforms running supported 7.x versions.

• You can import Network Protection policies from DefensePro platforms running supported 8.x versions only into other platforms running supported 8.x versions.

• You can import Server Protection policies from DefensePro platforms running supported 6.x versions into platforms running supported 6.x versions.


Using the Toolbox


• You can import Server Protection policies from DefensePro platforms running supported 7.x versions into platforms running supported 7.x versions.

• APSolute Vision provides a predefined Toolbox script for exporting and importing DefensePro configurations, DefensePro Export/Import Policies. For more information, see Using and Managing Toolbox Scripts, page 211.

Exporting a Network Protection Policy as a TemplateUse the following procedure to export a Network Protection policy as a template.

To export a Network Protection policy as a template

1. In the Configuration perspective, select Network Protection > Network Protection Policies.

2. Select the Network Protection policy that you want to export, and click (Export).


Table 89: Export Network Protection Parameters

Parameter DescriptionDownload To Values:

• Client—DefensePro exports the template to the location specified in the filepath or by browsing to the location with the Browse button.

• Server—DefensePro exports the template to the APSolute Vision database.

Default: Server

Download Via (Read-only) The transport method.Value: HTTPS

Configuration Specifies whether DefensePro exports the template with the configuration of the policy. Default: Enabled

DNS Baseline Specifies whether DefensePro exports the template with the current DNS baseline of the policy. Default: Enabled

BDoS Baseline Specifies whether DefensePro exports the template with the current BDoS baseline of the policy. Default: Enabled

Custom Signature Profile

Specifies whether DefensePro exports the template with the current custom (user-defined) Signature Protection profile of the policy.Default: Enabled

Traffic Filters Profile Specifies whether DefensePro exports the template with the current Traffic Filters profile of the policy.Default: Enabled

Anti-Scanning Whitelisted Objects

Specifies whether DefensePro exports the template with the current whitelisted objects of the Anti-Scanning profile of the policy.Default: Enabled


Using the Toolbox


Exporting a Server Protection Policy as a TemplateUse the following procedure to export a Server Protection policy as a template.

To export a Server Protection policy as a template

1. In the Configuration perspective, select Server Protection > Server Protection Policy.

2. Select the policy that you want to export, and click (Export).


Save As The filepath when Download To is Client or the filename when Download To is Server.The default filename uses the following format (with no extension):<DeviceName>_<PolicyName>_<date>_<time>

Example:

MyDefensePro_MyPolicy_2016.03.19_13.45.59

The date-time format is determined in the APSolute Vision Settings view Preferences perspective, under General Settings > Display.The file is saved on the server as a ZIP file; and on the local host, the file is saved as a TXT file.

Table 90: Export Server Protection Parameters

Parameter DescriptionDownload To Values:

• Client—DefensePro exports the template to the location specified in the filepath or by browsing to the location with the Browse button.

• Server—DefensePro exports the template to the APSolute Vision database.

Default: Server

Download Via (Read-only) The transport method.Value: HTTPS

Configuration Specifies whether DefensePro exports the template with the configuration of the policy.Default: Enabled

HTTP Baseline Specifies whether DefensePro exports the template with the current HTTP baseline of the policy.Default: Enabled

Table 89: Export Network Protection Parameters (cont.)



Using the Toolbox


Managing DefensePro Configuration TemplatesUse the DefensePro Configuration Templates pane to manage security-protection templates.The DefensePro Configuration Templates pane contains the table of templates, which comprises the following columns:• Source Device Name—Displays one of the following:

— The name of the device from which the template was exported.— Local—The template was uploaded from the local PC.— System—The template is a predefined template.

• File Name—Displays the filename of the template.• File Type—Displays Server Protection for a template from a Server Protection policy or

Network Protection for a template from a Network Protection policy.• Export Date—Displays the date and time that the template was added to the Template List.

The date-time format is determined in the APSolute Vision Settings view Preferences perspective, under General Settings > Date and Time Format.

The template table can contain up to 2000 entries.You can filter the display of the list for convenience and efficiency, and clear the filter as necessary.You can select one or multiple rows, using standard key combinations.You can do the following:• Send the templates to one or more DefensePro devices.• Delete the templates from one or more DefensePro devices—The delete command does

the following:— Removes the selected templates from the table. — Removes, from the DefensePro devices, the policy definitions and all other policy-related

configurations (Network Classes, VLAN Tag Classes, profile definitions) as long as the other policies on the devices are not using those objects.

• Add (upload) templates from another location to the template table.• Download the templates to another location.• Delete the rows—This action deletes the policy or policies, without the related objects.

Save As The filepath when Download To is Client or the filename when Download To is Server.The default filename uses the following format (with no extension):<DeviceName>__<PolicyName>_<date>_<time>

Example:

MyDefensePro__MyPolicy_2015.03.19_13.45.59

The date-time format is determined in the APSolute Vision Settings view Preferences perspective, under General Settings > Date and Time Format.The file is saved in the server as a ZIP file, and in the local host, the file is saved as a TXT file.

Table 90: Export Server Protection Parameters (cont.)



Using the Toolbox


To filter the display of the template list

1. Click the Toolbox ( ) button.

2. Click the Advanced ( ) button to open the DefensePro Configuration Templates pane.

3. Configure the parameters, and then, click the (Search) button.

To clear the template-list filter and show all of the stored templates



3. Click Clear.

To send templates to DefensePro devices



3. Configure the filter as necessary (see the procedure To filter the display of the template list, page 244).

Table 91: Template-List Filter Parameters

Parameter DescriptionSource Device Name Values:

• Device name—Shows only the templates downloaded from the selected device.

• Local—Shows only the templates uploaded from the local PC.• System—Shows only the predefined templates.Default: All

File Type Values:• Server Protection (not relevant for DefensePro 8.x versions)—

Shows the templates from Server Protection policies.• Network Protection—Shows the templates from Network Protection

policies.

File Name The filename that the filter uses. The value supports one or two wildcards (*).Examples:

• *pol*—Shows any filename containing the string pol.

• *pol—Shows any filename ending with the string pol.

• pol*—Shows any filename starting with the string pol.


Using the Toolbox


4. Select the rows with the required templates (using standard Windows key combinations).

5. Select Send to Devices.


Table 92: Send to Devices: Select Devices to Update Parameters

Parameter DescriptionThe Available lists and the Selected lists of DefensePro devices and Logical Groups (of DefensePro devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices to update. The Selected Logical Group list displays the Logical Groups with the devices to update.Select entries from the lists and use the arrows to move the entries to the other lists as required.

Notes: • The Available device list can contain only the devices that support the templates features.• When a Logical Group is selected, the effective Target Device List dynamically updates,

according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Target Device List changes accordingly. For more information, see Using Logical Groups of Devices, page 190.

Update Method Values:• Append to Existing Configuration—The template adds the policy

and profile configurations, and any baselines, to the devices in the Selected lists. The template does not overwrite any existing configuration. For example, if a policy name exists in a target device, the policy on the target device does not get changed.

• Overwrite Existing Configuration—The template adds the policy and profile configurations, and any baselines, to the devices in the Selected lists. If a policy or profile with the same name exists in a target device, the template overwrites it.

Default: Overwrite Existing Configuration

Caution: For the update behavior when the policy template includes a user-defined profile (User-Defined Signature Protection Profile, Custom Signature Profile, or Traffic Filters Profile), see Update Behavior Using DefensePro Configuration Templates with User-Defined Profiles, page 246.

Install on Instance(This parameter is relevant only for DefensePro x420 platforms.)

The identifier or the DefensePro hardware instance onto which to add the template. Values: 0, 1Default: 0

Update Policies After Sending Configuration

Values: • Enabled—After successfully uploading a template to a device, an

Update Policies (activate latest changes) action is automatically initiated.

• Disabled—After successfully uploading a template to a device, an Update Policies (activate latest changes) action is required for the configuration to take effect.

Default: Disabled


Using the Toolbox


Update Behavior Using DefensePro Configuration Templates with User-Defined ProfilesThis section describes the update behavior when one of the following Export options was enabled when a security-protection policy template was created:• Custom Signature Profile—Available only in DefensePro 8.x versions• User-Defined Signature Protection Profile—Available only in DefensePro 6.x versions 6.13

and later, and 7.x versions 7.42.03 and later• Traffic Filters Profile—Available only in DefensePro 8.x versions 8.15 and later

• When the Update Method is Append to Existing Configuration and the policy does not exist, but a user-defined profile name exists in the target device, the policy is created in the target device using the existing profile.

• When the Update Method is Overwrite Existing Configuration and the user-defined profile name exists in the target device, the policy is created or modified (if it exists already), but the template does not modify the rules or attributes of the existing profile—the template only extends the profile with new rules and attributes on the target device.

To delete templates and associated configuration objects from DefensePro devices





5. Select Delete from Devices.


Table 93: Delete from Devices: Select Devices to Update Parameters

Parameter DescriptionThe Available lists and the Selected lists of DefensePro devices and Logical Groups (of DefensePro devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices to update. The Selected Logical Group list displays the Logical Groups with the devices to update.Select entries from the lists and use the arrows to move the entries to the other lists as required.

Notes: • The Available device list can contain only the devices that support the templates features.• The Selected device list can contain only DefensePro devices running 6.x versions 6.14 and

later, 7.x versions 7.41.02 and later, or 8.x versions 8.10 and later.• When a Logical Group is selected, the effective Target Device List dynamically updates,

according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the effective Target Device List changes accordingly. For more information, see Using Logical Groups of Devices, page 190.


Using the Toolbox


To add (upload) templates from another location to the template list



3. Click the (Add) button.


To download templates to another location






6. In the Save As text box, type the path to the target directory or click Browse to browse to the directory.

7. Click Save.

Update Policies After Sending Configuration

Values:• Enabled—After successfully deleting the templates and associated

configuration objects from a device, an Update Policies (activate latest changes) action is automatically initiated.

• Disabled—After successfully deleting the templates and associated configuration objects from the devices, an Update Policies (activate latest changes) action is required for the configuration to take effect.

Default: Disabled

Table 94: Upload File to Server Parameters

Parameter DescriptionFile Type Values:

• Server Protection—The template defines a Server Protection policy.• Network Protection—The template defines a Network Protection policy.

Upload From The filepath of the template. Click Browse to browse to the directory and select the file.

Table 93: Delete from Devices: Select Devices to Update Parameters (cont.)



Using the Toolbox


To delete stored templates





5. Click the (Delete) button in the pane.

Using AppShape Templates and InstancesUse AppShape™ templates to accelerate, simplify, and optimize the configuration of Alteon ADC devices for deployments of the following applications:• Common Web Applications• Citrix XenDesktop• DefenseSSL• Microsoft Exchange 2010• Microsoft Exchange 2013• Microsoft Lync External• Microsoft Lync Internal• Oracle E Business• Oracle SOA Suite 11g• Oracle WebLogic 12c• SharePoint 2010• SharePoint 2013• VMware View 5.1• Zimbra

AppShape templates configure all the required ADC options tailored and optimized for the selected business application. With APSolute Vision, you can create instances of AppShape templates from one single configuration pane with a small set of parameters.AppShape configures the full, optimal Server Load Balancing (SLB) configuration for the selected business application, which comprises:• Real servers• Server groups• Virtual servers• Virtual services• Application services—such as (depending on the selected business application) health check,

FastView optimized caching, compression, connection management, or acceleration


Using the Toolbox


Users with the Administrator role can manage the AppShape templates.Users with following roles can create AppShape instances on Alteon devices:• Administrator• ADC + Certificate Administrator• ADC Administrator• Device Administrator• System User• Vision Administrator

To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH must be enabled in the Management Protocols pane (Configuration perspective, System > Management Access > Management Protocols). And, the SSH port configured in the Management Protocols pane must be the same as the value in the SSH Port text box in the Device Properties pane. (The Device Properties pane opens from the Sites and Devices tree when you add a new device or edit device properties.)

To view the basic parameters of AppShape instances that the APSolute Vision server is managing

> Click the Toolbox ( ) button, and then, select Advanced ( ) and AppShapes.

You can filter the display of the AppShapes Service table according to the values in any column. The filter is either a drop-down list or a text box. If the filter is a text box, the result is a case-insensitive match of a string that the specified string in the value. After you configure the filter criteria, to apply

the filter, click the button to apply the filter. Click Clear to cancel the filter.The nodes under the AppShapes node display, by default, the instances of the corresponding AppShape type.

Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the default of most AppShape types), configure the SSL certificate before you configure the AppShape instance (Configuration perspective, Application Delivery > Application Services > SSL > Certificate Repository).

Table 95: Basic Parameters of AppShape Instances in APSolute Vision

Parameter DescriptionAppShape Type The AppShape type.

Name The name of the AppShape instance.

Note: You can change the name in the configuration of the instance on the device.

Device Name The name of the device on which the AppShape instance is deployed.

Virtual Address The virtual IP address of the service.

Valid Configuration The latest-known status that specifies whether the AppShape instance is synchronized with the AppShape template.

Last Validation The last time that the configuration of the device was synchronized with the AppShape template.


Using the Toolbox


To create an AppShape instance on a device

1. Lock the Alteon device on which you intend to configure the AppShape instance.

2. Click the Toolbox ( ) button, and then, select Advanced ( ) and AppShapes.

3. Click the (Add) button in the AppShape Service pane.


— From the AppShape Type drop-down list, select the AppShape type that you require. — From the Device Name drop-down list, select the Alteon instance on which to configure the

AppShape instance. 5. Configure the mandatory parameters, make changes to non-mandatory parameters as required,

and click Submit.

For information on the various AppShape types and associated parameters, see the relevant section:— Configuring a Common Web Application AppShape Instance, page 251— Configuring a Citrix XenDesktop AppShape Instance, page 253— Configuring a DefenseSSL AppShape Instance, page 256— Configuring a Microsoft Exchange 2010 AppShape Instance, page 258— Configuring a Microsoft Exchange 2013 AppShape Instance, page 262— Configuring a Microsoft Lync External AppShape Instance, page 266— Configuring a Microsoft Lync Internal AppShape Instance, page 269— Configuring an Oracle E-Business AppShape Instance, page 272 — Configuring an Oracle SOA Suite 11g AppShape Instance, page 274— Configuring an Oracle WebLogic 12c AppShape Instance, page 276 — Configuring a SharePoint 2010 AppShape Instance, page 278— Configuring a SharePoint 2013 AppShape Instance, page 280— Configuring an VMware View 5.1 AppShape Instance, page 282 — Configuring a Zimbra AppShape Instance, page 284

To validate an AppShape instance

> Select the row with the AppShape instance and click (Validate AppShape Instance).

To view or modify the configuration of an existing AppShape instance on a specific device

1. Click the Toolbox ( ) button, and then, select Advanced ( ) and AppShapes.2. Select the row with the instance whose configuration you want to view or modify, and then, click

the (Edit) button.

3. View or modify the configuration as required.


Using the Toolbox


Uploading a New AppShape Template Type to the APSolute Vision ServerYou can upload a new AppShape template type to the APSolute Vision server. When you upload a new AppShape template type to the APSolute Vision server, you do not need to change or even restart the APSolute Vision server. All you need is the AppShape-template ZIP file, that you receive from Radware.

Caution: If you upload an AppShape template type that already exists in the APSolute Vision server, before proceeding, and overwriting the existing template, Radware strongly recommends that you remove existing instances of the template. If you overwrite the existing template and there are existing instances of this template, unexpected results may occur.

Note: The online help that includes the description of the new AppShape template type will be in the online-help files at radware.com and the latest online-help package. The APSolute Vision administrator can configure whether the online help comes from the APSolute Vision server or from radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help files on the server are updated as necessary with the latest online-help package.

To upload a new AppShape template type to the APSolute Vision server


2. Click the (Upload AppShape) button at the top-left of the pane.

3. Navigate to the AppShape-template ZIP file, and then, click Open.

Configuring a Common Web Application AppShape InstanceUse the Common Web Application AppShape to configure an Alteon ADC device to work in a network architecture with a generic HTTP-based application.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Common Web Application—AppShape-generated Configuration, page 701.

• The template configures some parameters automatically, which the template GUI does not expose. After you finish the following procedure, you can use the Diff command to view the entire configuration.

To configure a Common Web Application AppShape instance on a device



3. Select Common Web Application.


Using the Toolbox




— To edit an entry in the table, select the entry and click the (Edit) button.5. Configure the parameters, and click Submit.

Table 96: Common Web Application: General Parameters

Parameter DescriptionAppShape Type The specified AppShape type.


Table 97: Common Web Application: Web Application Instance Parameters

Parameter DescriptionLast Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that

the configuration device was synchronized with the AppShape template.

Valid Configuration (Read-only) Specifies whether the configuration is valid.

Instance Name The name of the AppShape instance. Maximum characters: 100


Table 98: Common Web Application: Application Servers Parameters

Parameter DescriptionAddress/Port table Contains the addresses and ports of each real server configured for the

service.

To add an entry to the table, click the (Add) button.

To edit an entry in the table, select the entry and click the (Edit) button.

Table 99: Common Web Application: Load Balancing Settings Parameters

Parameter DescriptionSLB Metric The SLB metric used to select next server in the group.

Default: Round Robin

Note: If you choose a value other than the default, the AppShape always uses the default value for any additional, specifically related parameter. For example, if the value of SLB Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.

Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: http


Using the Toolbox


Configuring a Citrix XenDesktop AppShape InstanceUse the Citrix XenDesktop AppShape to configure an Alteon ADC device to work in a network architecture with Citrix XenDesktop.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Citrix XenDesktop—AppShape-generated Configuration, page 703.


To configure a Citrix XenDesktop AppShape instance on a device



3. Select Citrix XenDesktop.

Table 100: Common Web Application: HTTP Parameters

Parameter DescriptionCaching Specifies whether the HTTP profile uses caching.

Default: Enabled

Compression Specifies whether the HTTP profile uses compression.Default: Enabled

Connection Management Specifies whether the HTTP profile uses connection management.If enabled, you must configure the proxy IP address. Default: Enabled

Proxy IP(This button is displayed only when the Connection Management checkbox is selected.)

Opens the Proxy IP pane.

Table 101: Common Web Application: SSL Parameters

Parameter DescriptionSSL Acceleration Specifies whether SSL offloading is enabled for acceleration.

Default: Enabled

Server Certificate(This parameter is displayed only when the SSL Acceleration checkbox is selected.)

The name of the SSL certificate, selected from the drop-down list.To edit the selected SSL certificate, click Server Certificate.


Using the Toolbox





Table 102: Citrix XenDesktop: General Parameters



Table 103: Citrix XenDesktop: Web Application Instance Parameters





StoreFront Virtual Address The virtual IP address of the StoreFront service.

DDC Virtual Address The virtual IP address of the DDC service.

Table 104: Citrix XenDesktop: Application Servers Parameters

Parameter DescriptionCitrix StoreFront Servers

Address/Port table Contains the addresses and ports of each real server configured for the service.



Citrix DDC Servers





Using the Toolbox


Table 105: Citrix XenDesktop: Load Balancing Settings Parameters

Parameter DescriptionStoreFront

SLB Metric The SLB metric used to select next server in the group.Default: Round Robin


Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: tcp

DDC



Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: tcp

Table 106: Citrix XenDesktop: HTTP Parameters

Parameter DescriptionCompression Specifies whether the HTTP profile uses compression.

Default: Enabled

Connection Management Specifies whether the HTTP profile uses connection management.If enabled, you must configure the proxy IP address.Default: Disabled

PIP Table(This button is displayed only when the Connection Management checkbox is selected.)


Table 107: Citrix XenDesktop: SSL Parameters


Default: Enabled


Using the Toolbox


Configuring a DefenseSSL AppShape InstanceUse the DefenseSSL AppShape to configure an Alteon ADC device to work in a network architecture with DefenseSSL. DefenseSSL mitigates SSL encrypted flood attacks at the network perimeter.

Tip: If you are using DefensePro version 8.x, use the DefenseSSL Quick Setup Operator Toolbox script. For more information, see Using and Managing Toolbox Scripts, page 211.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see DefenseSSL—AppShape-generated Configuration, page 705.


To configure a DefenseSSL AppShape instance on a device



3. Select DefenseSSL.






Table 108: DefenseSSL: General Parameters



Table 107: Citrix XenDesktop: SSL Parameters (cont.)



Using the Toolbox


Table 109: DefenseSSL: DefenseSSL Instance Parameters






Table 110: DefenseSSL: Application Servers Parameters


service.



Table 111: DefenseSSL: SSL Parameters


Default: Enabled



Table 112: DefenseSSL: Static ARP Parameters

Parameter DescriptionAddress The IP address for the ARP entry.

MAC Address The MAC address for the ARP entry.

VLAN The VLAN for the ARP entry.Values: 1–4090

Port The port for the ARP entry.The range of valid values depends on the device on which you are deploying the AppShape instance.


Using the Toolbox


Configuring a Microsoft Exchange 2010 AppShape InstanceUse the Microsoft Exchange 2010 AppShape to configure an Alteon ADC device to work in a network architecture with MS Exchange 2010. Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft Exchange 2010 joint solution provides a highly scalable and highly available unified messaging and communication infrastructure, with fast response time. Using advanced health monitoring of each of the client access servers (CASs), Alteon can validate the availability and response time of those resources, as well as deliver seamless load-balancing, redundancy, and persistency features. Furthermore, Alteon provides service acceleration through compression, caching, and SSL termination to the Exchange users, offloading critical resources from the client access servers, enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.

Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic to be passed to the Client Access servers on a large number of ports, Radware recommends that you use a firewall to permit only internal networks to access the RPC Client Access virtual server IP address.

Figure 53: Alteon and Microsoft Exchange 2010 Architecture

Eth

ern

et

Ethernet

Ethernet

Exchange CAS application servers(client access servers)

Mail Box Servers DAG(not part of the AppShape configuration )

Exchange SMTP application servers (HUB transport)

FirewallInternal Clients

External Clients

192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.35

RST

Alteon 4416

PWR

USB MNG 2

MNG 1

CONSOLE

PWR

FAN

SYS OK

1000

10/100

1

13 14 15 16

3 5 7 9 11

2 4 6 8 10 12

ACT LINKACT LINK

ACT LINK ACT LINK ACT LINK ACT LINK

ACT LINKACT LINK

RST

Alteon 4416

PWR

USB MNG 2

MNG 1

CONSOLE

PWR

FAN

SYS OK

1000

10/100

1

13 14 15 16

3 5 7 9 11

2 4 6 8 10 12

ACT LINKACT LINK


ACT LINKACT LINK

Alteon.active.device

192.168.1.1/24

Alteon.backup.device

192.168.1.2/24

DMZ

192.168.2.254/24

192.168.1.254/24

192.168.1.36

Active Directory(not part of the AppShape configuration )

192.168.1.10

Edge Transport Server


Using the Toolbox


Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft Exchange 2010—AppShape-generated Configuration, page 706.


To configure a Microsoft Exchange 2010 AppShape instance on a device



3. Select Microsoft Exchange 2010.




Table 113: Microsoft Exchange 2010: General Parameters



Table 114: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters






Table 115: Microsoft Exchange 2010: Protocols Parameters

Parameter DescriptionRPC Client Access The static port for the RPC Client Access Service.

Values: 10–65535Default: 135


Using the Toolbox


RPC Endpoint Mapper The port for the RPC Endpoint Mapper.Values: 10–65535Default: 59532

Exchange Address Book The port for the Exchange Address Book.Values: 10–65535Default: 59533

POP3 The port for the associated POP3 server. This parameter is optional.Values: 10–65535Default with the Secured checkbox selected: 993Default with the Secured checkbox cleared: 110

Secured Specifies whether the POP3 server uses a secured port.Default: Enabled

IMAP4 (Optional) The port for the associated IMAP4 server.This parameter is optional.Values: 10–65535Default with the Secured checkbox selected: 993Default with the Secured checkbox cleared: 143

Secured Specifies whether the IMAP4 server uses a secured port.Default: Enabled

Table 116: Microsoft Exchange 2010: Application Servers Parameters

Parameter DescriptionExchange CAS Application Servers




Exchange SMTP Application Servers




Table 115: Microsoft Exchange 2010: Protocols Parameters (cont.)



Using the Toolbox


Table 117: Microsoft Exchange 2010: Load Balancing Settings Parameters

Parameter DescriptionCAS

SLB Metric The SLB metric used to select next server in the group.1

Default: Least Connections

1 – If you choose a value other than the default, the AppShape always uses the default value for any additional, specifically related parameter. For example, if the value of SLB Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.


SMTP Settings



Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: smtp

Table 118: Microsoft Exchange 2010: HTTP Parameters


Default: Enabled


Connection Management Specifies whether the HTTP profile uses connection management.If enabled, you must configure the proxy IP address. Default: Disabled



Table 119: Microsoft Exchange 2010: SSL Parameters


Default: Enabled


Using the Toolbox


Configuring a Microsoft Exchange 2013 AppShape InstanceUse the Microsoft Exchange 2013 AppShape to configure an Alteon ADC device to work in a network architecture with MS Exchange 2013. Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft Exchange 2013 joint solution provides a highly scalable and highly available unified messaging and communication infrastructure, with fast response time. Using advanced health monitoring of each of the client access servers (CASs), Alteon can validate the availability and response time of those resources, as well as deliver seamless load-balancing, redundancy, and persistency features. Furthermore, Alteon provides service acceleration through compression, caching, and SSL termination to the Exchange users, offloading critical resources from the client access servers, enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.

Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic to be passed to the Client Access servers on a large number of ports, Radware recommends that you use a firewall to permit only internal networks to access the RPC Client Access virtual server IP address.



Table 119: Microsoft Exchange 2010: SSL Parameters (cont.)



Using the Toolbox


Figure 54: Alteon and Microsoft Exchange 2013 Architecture

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft Exchange 2013—AppShape-generated Configuration, page 709.


To configure a Microsoft Exchange 2013 AppShape instance on a device



3. Select Microsoft Exchange 2013.




Eth

ern

et

Ethernet

Ethernet

Exchange CAS application servers(client access servers)

Mail Box Servers DAG(not part of the AppShape configuration )

Exchange POP3 application servers

FirewallInternal Clients

External Clients

192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.37

RST

Alteon 4416

PWR

USB MNG 2

MNG 1

CONSOLE

PWR

FAN

SYS OK

1000

10/100

1

13 14 15 16

3 5 7 9 11

2 4 6 8 10 12

ACT LINKACT LINK


ACT LINKACT LINK

RST

Alteon 4416

PWR

USB MNG 2

MNG 1

CONSOLE

PWR

FAN

SYS OK

1000

10/100

1

13 14 15 16

3 5 7 9 11

2 4 6 8 10 12

ACT LINKACT LINK


ACT LINKACT LINK

Alteon.active.device

192.168.1.1/24

Alteon.backup.device

192.168.1.2/24

DMZ

192.168.2.254/24

192.168.1.254/24

192.168.1.38

Active Directory(not part of the AppShape configuration )

192.168.1.10

Edge Transport Server

Exchange IMAP application servers

192.168.1.35 192.168.1.36


Using the Toolbox


Table 120: Microsoft Exchange 2013: General Parameters



Table 121: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters






Table 122: Microsoft Exchange 2013: Application Servers Parameters

Parameter DescriptionExchange CAS Application Servers




Exchange IMAP Application Servers




Exchange POP3 Application Servers





Using the Toolbox


Table 123: Microsoft Exchange 2013: Load Balancing Settings Parameters

Parameter DescriptionCAS




IMAP Settings




Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: imap

POP3 Settings



Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: pop3

Table 124: Microsoft Exchange 2013: HTTP Parameter


Default: Enabled

Table 125: Microsoft Exchange 2013: SSL Parameters


Default: Enabled




Using the Toolbox


Configuring a Microsoft Lync External AppShape InstanceUse the Microsoft Lync External AppShape to configure an Alteon ADC device to work in a network architecture with Microsoft Lync External.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft Link External—AppShape-generated Configuration, page 711.


To configure a Microsoft Lync External AppShape instance on a device



3. Select Microsoft Lync External.




Table 126: Microsoft Lync External: General Parameters



Table 127: Microsoft Lync External: Microsoft Lync External Instance Parameters

Parameter DescriptionLast Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f

format, that the configuration device was synchronized with the AppShape template.


Instance Name The name of the AppShape instance.Maximum characters: 100

Edge AV HTTPS Virtual Address The text box contains the virtual IP address of the edge audio-visual service, and the checkbox specifies whether the service is enabled.

Edge Meeting HTTPS Virtual Address The text box contains the virtual IP address of the edge Meeting service, and the checkbox specifies whether the service is enabled.


Using the Toolbox


Edge IM HTTPS Virtual Address The text box contains the virtual IP address of the edge instant-messaging service, and the checkbox specifies whether the service is enabled.

Edge SIP HTTPS Virtual Address The text box contains the virtual IP address of the edge SIP service, and the checkbox specifies whether the service is enabled.

CWA Virtual Address The text box contains the virtual IP address of the Communicator Web Access (CWA) server, and the checkbox specifies whether the service is enabled.

Table 128: Microsoft Lync External: Application Servers Parameters

Parameter DescriptionSIP Servers




IM Servers




CWA Servers




Meeting Servers




Table 127: Microsoft Lync External: Microsoft Lync External Instance Parameters (cont.)



Using the Toolbox


AV Servers




Table 129: Microsoft Lync External: Load Balancing Settings Parameters

Parameter DescriptionEach pair of load-balancing parameters (the SLB Metric and the Health Check) is available only when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync External Instance Parameters, page 266 table.

Edge HTTPS SIP (443) Settings



Health Check The type of content that is examined during health checks. The content depends on the type of health check.Default: TCP

Edge IM (443) Settings




Edge Meeting (443) Settings




Edge CWA Settings




Edge AV (443) Settings



Table 128: Microsoft Lync External: Application Servers Parameters (cont.)



Using the Toolbox


Configuring a Microsoft Lync Internal AppShape InstanceUse the Microsoft Lync Internal AppShape to configure an Alteon ADC device to work in a network architecture with Microsoft Lync Internal.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft Link Internal—AppShape-generated Configuration, page 714.


To configure a Microsoft Lync Internal AppShape instance on a device



3. Select Microsoft Lync Internal.






Table 130: Microsoft Lync Internal: General Parameters



Table 129: Microsoft Lync External: Load Balancing Settings Parameters (cont.)



Using the Toolbox


Table 131: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters

Parameter DescriptionLast Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format,

that the configuration device was synchronized with the AppShape template.



Front-End Virtual Address The text box contains the virtual IP address of the front end, and the checkbox specifies whether the address is used.

Edge Internal Virtual Address The text box contains the virtual IP address of the internal edge, and the checkbox specifies whether the address is used.

Directors Virtual Address The text box contains the virtual IP address of the directors, and the checkbox specifies whether the address is used.

CWA Virtual Address The text box contains the virtual IP address of the Communicator Web Access (CWA) server, and the checkbox specifies whether the address is used.

Table 132: Microsoft Lync Internal: Application Servers Parameters

Parameter DescriptionReal Servers




Edge Internal Servers




Director Servers





Using the Toolbox


CWA Servers




Table 133: Microsoft Lync Internal: Load Balancing Settings Parameters

Parameter DescriptionEach pair of load-balancing parameters (the SLB Metric and the Health Check) is available only when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters, page 270 table.

Front-End Settings





Edge Settings




Directors Settings




Edge CWA Settings




Table 132: Microsoft Lync Internal: Application Servers Parameters (cont.)



Using the Toolbox


Configuring an Oracle E-Business AppShape InstanceUse the Oracle E-Business AppShape to configure an Alteon ADC device to work in a network architecture with Oracle E-Business.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle E-Business—AppShape-generated Configuration, page 723.


To configure an Oracle E-Business instance on a device



3. Select Oracle E-Business.

Table 134: Microsoft Lync Internal: CWA HTTP Configuration Parameters

Parameter DescriptionCompression Specifies whether compression is enabled on the Communicator Web

Access (CWA) servers.Default: Enabled

Domain Name The CWA domain name.Example: https://cwa.lyncmycompany.com

Note: Internally, APSolute Vision forces the prefix of the domain name to be https. For example, if you enter http://cwa.lyncmycompany.com or just cwa.lyncmycompany.com, APSolute Vision configures the value in Alteon as https://cwa.lyncmycompany.com.

Table 135: Microsoft Lync Internal: SSL Parameters


Default: Enabled




Using the Toolbox





Table 136: Oracle E-Business: General Parameters



Table 137: Oracle E-Business: Oracle E-Business Instance Parameters






Table 138: Oracle E-Business: Application Servers Parameters


Oracle E-Business server.



Table 139: Oracle E-Business: Load Balancing Settings Parameters





Using the Toolbox


Configuring an Oracle SOA Suite 11g AppShape InstanceUse the Oracle SOA Suite 11g AppShape to configure an Alteon ADC device to work in a network architecture with Oracle SOA Suite 11g.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle SOA Suite 11g—AppShape-generated Configuration, page 724.


To configure a Oracle SOA Suite 11g instance on a device



3. Select Oracle SOA Suite 11g.




Table 140: Oracle E-Business: HTTP Parameters


Default: Enabled


Table 141: Oracle E-Business: SSL Parameters


Default: Enabled




Using the Toolbox


Table 142: Oracle SOA Suite 11g: General Parameters



Table 143: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters





Customer VIP The virtual IP address of the customer.

Internal SOA Services VIP The virtual IP address of the internal SOA services.

Management Access VIP The virtual IP address of the management access.

Table 144: Oracle SOA Suite 11g: Application Servers Parameters


Oracle SOA Suite 11g server.



Table 145: Oracle SOA Suite 11g: Load Balancing Settings Parameters






Using the Toolbox


Configuring an Oracle WebLogic 12c AppShape InstanceUse the Oracle WebLogic 12c AppShape to configure an Alteon ADC device to work in a network architecture with Oracle WebLogic 12c.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle WebLogic 12c—AppShape-generated Configuration, page 726.


To configure a Oracle WebLogic 12c instance on a device



3. Select Oracle WebLogic 12c.



— To edit an entry in the table, select the entry and click the (Edit) button.

Table 146: Oracle SOA Suite 11g: HTTP Parameters


Default: Enabled



Table 147: Oracle SOA Suite 11g: SSL Parameters


Default: Enabled




Using the Toolbox



Table 148: Oracle WebLogic 12c: General Parameters



Table 149: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters






Table 150: Oracle WebLogic 12c: Application Servers Parameters


Oracle WebLogic 12c server.



Table 151: Oracle WebLogic 12c: Load Balancing Settings Parameters




Table 152: Oracle WebLogic 12c: HTTP Parameters


Default: Enabled


Using the Toolbox


Configuring a SharePoint 2010 AppShape InstanceUse the SharePoint 2010 AppShape to configure an Alteon ADC device to work in a network architecture with SharePoint 2010.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint 2010—AppShape-generated Configuration, page 727.


To configure a SharePoint 2010 AppShape instance on a device



3. Select SharePoint 2010.




Table 153: Oracle WebLogic 12c: SSL Parameters


Default: Enabled



Table 154: SharePoint 2010: General Parameters




Using the Toolbox


Table 155: SharePoint 2010: SharePoint 2010 Instance Parameters






Table 156: SharePoint 2010: Application Servers Parameters


SharePoint 2010 server.



Table 157: SharePoint 2010: Load Balancing Settings Parameters





Table 158: SharePoint 2010: HTTP Parameters


Default: Enabled



Domain Name The domain for of the SharePoint 2010 server. Maximum characters: 34


Using the Toolbox


Configuring a SharePoint 2013 AppShape InstanceUse the SharePoint 2013 AppShape to configure an Alteon ADC device to work in a network architecture with SharePoint 2013.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint 2013—AppShape-generated Configuration, page 729.


To configure a SharePoint 2013 AppShape instance on a device



3. Select SharePoint 2013.






Table 159: SharePoint 2010: SSL Parameters


Default: Enabled



Table 158: SharePoint 2010: HTTP Parameters (cont.)



Using the Toolbox


Table 160: SharePoint 2013: General Parameters



Table 161: SharePoint 2013: SharePoint 2013 Instance Parameters






Table 162: SharePoint 2013: Application Servers Parameters


SharePoint 2013 server.



Table 163: SharePoint 2013: Load Balancing Settings Parameters




Table 164: SharePoint 2013: HTTP Parameters


Default: Enabled

Domain Name The domain for of the SharePoint 2013 server. Maximum characters: 34


Using the Toolbox


Configuring an VMware View 5.1 AppShape InstanceUse the VMware View 5.1 AppShape to configure an Alteon ADC device to work in a network architecture with VMware View 5.1.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware View 5.1—AppShape-generated Configuration, page 731.


To configure a VMware View 5.1 instance on a device



3. Select VMware View 5.1.




Table 165: SharePoint 2013: SSL Parameters


Default: Enabled



Table 166: VMware View 5.1: General Parameters




Using the Toolbox


Table 167: VMware View 5.1: VMware View 5.1 Instance Parameters






Table 168: VMware View 5.1: Application Servers Parameters


VMware View 5.1 server.



Table 169: VMware View 5.1: Load Balancing Settings Parameters


Default: Persistent Hash


Table 170: VMware View 5.1: HTTP Parameters


Default: Enabled

Table 171: VMware View 5.1: SSL Parameters


Default: Enabled




Using the Toolbox


Configuring a Zimbra AppShape InstanceUse the Zimbra AppShape to configure an Alteon ADC device to work in a network architecture with Zimbra.

Notes

• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra—AppShape-generated Configuration, page 732.


To configure a Zimbra instance on a device



3. Select Zimbra.




Table 172: Zimbra: General Parameters



Table 173: Zimbra: Zimbra Instance Parameters







Using the Toolbox


Table 174: Zimbra: Application Servers Parameters


Zimbra server.



Table 175: Zimbra: Load Balancing Settings Parameters


Default: Persistent Hash


Table 176: Zimbra: HTTP Parameters


Default: Enabled

Table 177: Zimbra: SSL Parameters


Default: Enabled




Using the Toolbox



CHAPTER 8 – SCHEDULING APSOLUTE VISION AND DEVICE TASKS

The following topics describe how to schedule APSolute Vision and device operations in the APSolute Vision Scheduler:• Overview of Scheduling, page 287• Managing Tasks in the Scheduler, page 288• Task Parameters, page 290

Overview of SchedulingYou can schedule various operations for the APSolute Vision server and managed devices. Scheduled operations are called tasks.The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be performed next. When you configure a task for multiple devices, the task runs on each device sequentially. After the task completes on one device, it begins on the next. If the task fails to complete on a device, the Scheduler will activate the task on the next listed device.When you create a task and specify the time to run it, the time is according to your local OS. APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server, and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute Vision time settings, disregarding any changes made to the local OS time settings.

Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision server or the managed device, take the time offset into consideration.

When you define a task, you can choose whether to enable or disable the task. All configured tasks are stored in the APSolute Vision database.You can define the following types of scheduled tasks:• Back up the APSolute Vision server configuration• Back up a device configuration• Back up the APSolute Vision Reporter data• Reboot a device• Update the Radware security signature file onto a DefensePro device from Radware.com or the

proxy server• Update the fraud signature file onto a DefensePro device from Radware.com or the proxy server• Update the APSolute Vision Attack Description file from Radware.com or the proxy server• Run an Operator Toolbox script• Retrieve the ERT IP Reputation Feed file for Alteon from the Radware domain• Retrieve the ERT Active Attackers Feed file for DefensePro from the Radware domain


Scheduling APSolute Vision and Device Tasks


Note: You can perform some of the operations manually, for example, from the APSolute Vision Settings view System perspective, or from the Operations options

( ).

Managing Tasks in the SchedulerThe Task List table is the starting point for viewing and configuring tasks, which are scheduled operations. The table displays the information for each configured task. You can sort and filter the table rows according to your needs. You can also drag the bottom of Task List pane to lengthen the table.

Figure 55: Sorting Rows in the Task List

Note: For more information on filtering table rows, see Filtering Table Rows, page 102.

Table 178: Tasks Table Parameters

Parameter DescriptionTask Type The type of task to be performed.

Name The name of the configured task.

Description The user-defined description of the task.

Current Status The current status of the task.Values: Waiting, In progress

Enabled When selected, the task runs according to the defined schedule. Disabled tasks are not activated, but the task is saved in the database.

Last Execution Status Whether the last task run was successful. When the task is disabled or has not yet started, the status is Never Executed.Values:• Failure• Never Executed• Success• Warning

Last Execution Time The date and time of the last task run. When the task is disabled or has not yet started, this field is empty.

Next Execution Time The date and time of the next task run. When the task is disabled, this field is empty.

Click the far-right side of the title of the column with the values to sort by. Then, select the option that you require, for example, Sort Ascending or Sort Descending.




To configure a scheduled task

1. In the APSolute Vision toolbar, click the (Scheduler) button. The Tasks table displays information for each scheduled task.


— To add an entry to the table, click the (Add) button. Then, select the type of task, and click Submit. The dialog box for the selected task type is displayed.

— To edit an entry in the table, select the entry and click the (Edit) button.3. Configure task parameters, and click Submit. All task configurations include basic parameters

and scheduling parameters. Other parameters depend on the task type that you select. Some tasks that APSolute Vision exposes are non-operational/irrelevant for certain products and/or versions. For more information, see the description of the relevant task parameters in Task Parameters, page 290

To run an existing task

1. In the APSolute Vision toolbar, click the (Scheduler) button. The Tasks table displays information for each scheduled task.

2. Select the required task, and click the (Run Now) button.

Run The frequency at which the task runs; for example, daily or weekly. The schedule start date is displayed, if it has been defined.Values:• Daily • Minutes• Once• Weekly

Table 178: Tasks Table Parameters (cont.)





Task ParametersThe following sections describe the parameters for Scheduler tasks:• APSolute Vision Configuration Backup—Parameters, page 290• APSolute Vision Reporter Backup—Parameters, page 293• Update Security Signature Files—Parameters, page 295• Update Fraud Security Signatures—Parameters, page 296• Update Attack Description File—Parameters, page 297• Device Configuration Backup—Parameters, page 299• Device Reboot Task—Parameters, page 301• Operator Toolbox Task—Parameters, page 302• ERT Active Attackers Feed for DefensePro—Parameters, page 305• ERT IP Reputation Feed for Alteon—Parameters, page 307

Note: Some tasks that APSolute Vision exposes are non-operational and/or irrelevant for certain DefensePro versions.

APSolute Vision Configuration Backup—ParametersThe APSolute Vision Configuration Backup task creates a backup of the APSolute Vision configuration in the storage location and exports the backup to a specified destination.Each backup includes the following:• The APSolute Vision system configuration• The local users• The managed devices• The host IP addresses in the database-viewer list

The task does not back up the following:

• The password of the radware user of the APSolute Vision server appliance

• The IP address(es) of the APSolute Vision server• The DNS address(es) of the APSolute Vision server • The network routes of the APSolute Vision server • Attack data

Notes

• The storage location is, by default, a hard-coded location in the APSolute Vision server.

• For information on managing the backups using the CLI, see System Commands, page 602.

• Restoring the configuration is performed using the CLI. For more information, see system backup config restore, page 608.

• APSolute Vision stores up to five configuration-backup iterations in the storage location. After the fifth configuration-backup, APSolute Vision deletes the oldest one.




• The backup filenames in the storage location are the first five characters of the specified filename plus a 10-character timestamp. When the task exports the backup file, the filename is as specified in the task configuration.

• The backup file in the storage location includes the hard-coded description Scheduler-generated.

Table 179: APSolute Vision Configuration Backup: General Parameters

Parameter DescriptionName A name for the task.



Current Status (Read-only) The current status of the task.Values: Waiting, In progress

Table 180: APSolute Vision Configuration Backup: Schedule Parameters



minutes between task starts. • Daily—The task runs daily at the specified time.• Weekly—The task runs every week on the specified day or days, at

the specified time.








Default: Enabled


Start Time





End Time




Table 181: APSolute Vision Configuration Backup: Destination Parameters

Parameter DescriptionBackup Configuration To The destination of the backup configuration files.

Values:• APSolute Vision Server• APSolute Vision and External Location Default: APSolute Vision Server

Protocol1

1 – This parameter is available only when Backup Configuration To is APSolute Vision Server and External Location.

The protocol that APSolute Vision uses for this task.Values:• FTP• SCP• SFTP• SSH

IP Address The IP address of the external location.

Directory The path to the export directory with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Backup File Name The name of the backup, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

User The username.

Password The user password.

Confirm Password The user password.

Table 180: APSolute Vision Configuration Backup: Schedule Parameters (cont.)





APSolute Vision Reporter Backup—ParametersThe APSolute Vision Reporter Backup task creates a backup of the APSolute Vision Reporter data in the storage location and exports the date to a specified destination. The backup includes all the APSolute Vision Reporter data.

Notes

• For information on managing the backups using the CLI, see System Commands, page 602.

• Restoring the data is performed using the CLI. For more information, see system backup config restore, page 608.

• APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage location. After the third reporter-backup, the system deletes the oldest one.

• The backup filenames in the storage location are the first five characters of the specified filename plus a 10-character timestamp. When the task exports the backup file, the filename is as specified in the task configuration.

• The backup file in the storage location includes the hard-coded description Scheduler-generated.

Table 182: APSolute Vision Reporter Backup: General Parameters




Table 183: APSolute Vision Reporter Backup: Schedule Parameters




the specified time.











Default: Enabled


Start Time


End Time




Table 184: APSolute Vision Reporter Backup: Destination Parameters

Parameter DescriptionBackup Configuration To The destination of the backup configuration files.

Values:• APSolute Vision Server• APSolute Vision and External LocationDefault: APSolute Vision Server

Protocol1 The protocol that APSolute Vision uses for this task.Values:• FTP• SCP• SFTP• SSH




User The username.



Table 183: APSolute Vision Reporter Backup: Schedule Parameters (cont.)





Update Security Signature Files—ParametersThe Update Security Signature Files task updates the Radware security signature files on the selected DefensePro devices.

1 – This parameter is available only when Backup Configuration To is APSolute Vision Server and External Location.

Table 185: Update Security Signature Files: General Parameters




Table 186: Update Security Signature Files: Schedule Parameters




the specified time.








Default: Enabled


Start Time




Update Fraud Security Signatures—ParametersThe Update Fraud Security Signatures task updates the fraud security signatures on the selected DefensePro devices.

Caution: This feature is operational only in DefensePro 6.x versions and 7.x versions 7.42.09 and later.

Note: The frequency range for the Update Fraud Security Signatures task is 10–60 minutes. The default interval is 60 minutes.


End Time




Table 187: Update Security Signature Files: Target Device List

Parameter DescriptionThe Available lists and the Selected lists of DefensePro devices and Logical Groups (of DefensePro devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices whose Radware signature files this task updates. The Selected Logical Group list displays the Logical Groups with the devices whose Radware signature files this task updates.Select entries from the lists and use the arrows to move the entries to the other lists as required.


Table 188: Update Fraud Security Signatures: General Parameters




Table 186: Update Security Signature Files: Schedule Parameters (cont.)





Update Attack Description File—ParametersThe Update Attack Description File task updates the attack description file on the APSolute Vision server.

Caution: In Radware DefensePro DDoS Mitigation for Cisco Firepower, this feature is non-operational.

Table 189: Update Fraud Security Signatures: Schedule Parameters

Parameter DescriptionRun (Read-only) The frequency unit at which the task runs.

Value: Minutes


Minutes The frequency, in minutes, at which the task runs.Values: 10–60Default: 60


Run Always Specifies whether the task always runs or only during the defined period.Values:• Enabled—The task is activated immediately and runs indefinitely,

with no start or end time. It runs at the first Time configured with the Frequency in the Schedule tab.


Default: Enabled

Table 190: Update Fraud Security Signatures: Target Device List

Parameter DescriptionThe Available lists and the Selected lists of DefensePro devices and Logical Groups (of DefensePro devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices whose fraud signature files this task updates. The Selected Logical Group list displays the Logical Groups with the devices whose fraud signature files this task updates.Select entries from the lists and use the arrows to move the entries to the other lists as required.


Table 191: Update Attack Description File: General Parameters







Table 192: Update Vision's Attack Description File: Schedule Parameters


Select a frequency, then configure the related time and day/date parameters.Values:• Once—The task runs one time only at the specified date and time.• Minutes—The task runs at intervals of the specified number of


the specified time.


Time1


The time at which the task runs.

Date2

2 – This parameter is available only when the specified Run value is Once.

The date on which the task runs.

Minutes3

3 – This parameter is available only when the specified Run value is Minutes.

The interval, in minutes, at which the task runs.

Run Always4

4 – This parameter is available only when the specified Run value is Minutes, Daily, or Weekly.

Specifies whether the task always runs or only during the defined period.Values:• Enabled—The task is activated immediately and runs indefinitely, with



Default: Enabled

Start Date5

5 – This parameter is available only when the Run Always checkbox is cleared.

The date and time at which the task is activated.

Start Time


End Time

Table 191: Update Attack Description File: General Parameters (cont.)





Device Configuration Backup—ParametersThe Device Configuration Backup task saves a configuration backup of the specified devices.

Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision server. You can change this parameter in the APSolute Vision Setup tab.

Table 193: Device Configuration Backup: General Parameters




Table 194: Device Configuration Backup: Schedule Parameters




the specified time.








Default: Enabled


Start Time





End Time




Table 195: Device Configuration Backup: Parameters Parameters

Parameter DescriptionInclude Private Keys Specifies whether to include the certificate private key information in the

configuration file in devices that support private keys.Default: Disabled

Table 196: Device Configuration Backup: Destination Parameters

Parameter DescriptionBackup Configuration To

The destination of the backup configuration files.Values:• APSolute Vision Server• External Location Default: APSolute Vision Server

Protocol1

1 – This parameter is available only when Backup Configuration To is External Location.

The protocol that APSolute Vision uses for this task.Values:• FTP• SCP• SFTP• SSH




User The username.



Table 194: Device Configuration Backup: Schedule Parameters (cont.)





Device Reboot Task—ParametersThe Device Reboot task reboots the specified devices.

Table 197: Device Configuration Backup: Target Device List

Parameter DescriptionThe Available lists and the Selected lists of devices and Logical Groups (of devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices whose configurations this task backs up. The Selected Logical Group list displays the Logical Groups with the devices whose configurations this task backs up.Select entries from the lists and use the arrows to move the entries to the other lists as required.


Table 198: Device Reboot: General Parameters




Table 199: Device Reboot: Schedule Parameters




the specified time.








Operator Toolbox Task—ParametersThe Operator Toolbox task can run a Toolbox script on selected devices.

Notes

• For more information on Toolbox scripts, see Using and Managing Toolbox Scripts, page 211.

• The scope configured for an APSolute Vision user determines the managed devices that the Operator Toolbox task displays. (For more information, see Managing APSolute Vision Users, page 67.)

• APSolute Vision issues a failure message if any task action is not successful. The failure message includes the result of each action—that is, whether the action succeeded or failed for each target device.




Default: Enabled


Start Time


End Time




Table 200: Device Reboot: Target Device List

Parameter DescriptionThe Available lists and the Selected lists of devices and Logical Groups (of devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices that this task reboots. The Selected Logical Group list displays the Logical Groups with the devices that this task reboots.Select entries from the lists and use the arrows to move the entries to the other lists as required.


Table 199: Device Reboot: Schedule Parameters (cont.)





• The configuration of the Toolbox script determines whether the target device must be locked for the script to run. If the script requires device locking, when an Operator Toolbox task runs the script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs, and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox task fails.

• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes the device from the Target Device List and continues running the task.

• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision disables the task.

Table 201: Operator Toolbox: General Parameters

Parameter DescriptionName The name of the task.



Table 202: Operator Toolbox: Schedule Parameters




the specified time.








Default: Enabled


Start Time





End Time




Table 203: Operator Toolbox: Configuration Template

Parameter DescriptionSelected Script (Read-only) The script that is selected in the table—with the file name.

To select the script, click the script from the Action Title column.The table contains all the Toolbox scripts that you have permission to run. The table comprises the following columns: Action Title, File Name, and Category.

Note: When you change a selection, the parameters in the Parameters tab change accordingly.

Table 204: Operator Toolbox: Parameters Parameters


The parameters for the selected script.

Table 205: Operator Toolbox: Target Device List


The Available lists and the Selected lists of devices and Logical Groups (of devices of the appropriate type). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical Group list displays the Logical Groups that the Toolbox script runs on.Select entries from the lists and use the arrows to move the entries to the other lists as required.


Table 202: Operator Toolbox: Schedule Parameters (cont.)





ERT Active Attackers Feed for DefensePro—ParametersThe ERT Active Attackers Feed for DefensePro task updates the entries in the Black List module in the selected DefensePro devices with the ERT Active Attackers Feed.

Caution: SSH must be enabled on the selected DefensePro devices for the ERT Active Attackers Feed for DefensePro task to run. (You can enable SSH on DefensePro in the Configuration perspective, under Setup > Device Security > Access Protocols> SSH Parameters > Enable SSH.)

Caution: The task updates the entries in the Black List module in each selected DefensePro device sequentially, and if the task fails on one device, the task-run does not continue. For example, suppose the task is configured with three selected DefensePro devices, A, B, and C. The task succeeds on device A. The task fails on device B, and stops. The task does not try to update device C.

Note: DefensePro parses only the first IP addresses from the feed—according to current available capacity on the device. The current available capacity is the platform capacity minus the number of manual entries.

Caution: ] On DefensePro devices running 6.x and 7.x versions and version 8.16, the task fails if there is not enough space in the Black List module for the IP address in the feed.

Caution: If a device on which the task is running is near maximum capacity (for example, more than 90% capacity for Black List rules) and an Update Policies action is initiated, the task does not complete the update.

Table 206: ERT Active Attackers Feed for DefensePro: General Parameters







Table 207: ERT Active Attackers Feed for DefensePro: Schedule Parameters


Select a frequency, then configure the related time and day/date parameters. Values: 1 Hour, 3 Hours, 6 HoursDefault: 3 Hours


Run Always Specifies whether the task always runs or only during the defined period.Values:• Enabled—The task is activated immediately and runs indefinitely,

with no start or end time, at the frequency specified in Run box.• Disabled—The task runs (at the frequency specified in the Run box

tab) from the specified Start Date at the Start Time until the End Date at the End Time.

Default: Enabled

Start Date1

1 – This parameter is available only when the Run Always checkbox is cleared.

The date and time at which the task is activated.

Start Time


End Time

Table 208: ERT Active Attackers Feed for DefensePro: Target Device List

Parameter DescriptionAllow Device Updates During Attacks Specifies whether the task tries to update a device also

when the device is mitigating an attack.Default: Disabled

Caution: Updating a device with the ERT Active Attackers Feed includes running the Update Policies action. Therefore, updating a device with the ERT Active Attackers Feed when DefensePro is handling an attack may cause attack leakage.

The Available lists and the Selected lists of DefensePro devices and Logical Groups (of DefensePro devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices whose Black List rules this task updates. The Selected Logical Group list displays the Logical Groups with the devices whose Black List rule files this task updates.Select entries from the lists and use the arrows to move the entries to the other lists as required.





ERT IP Reputation Feed for Alteon—ParametersThe ERT IP Reputation Feed for Alteon task makes the ERT IP Reputation Feed service to be available for the Alteon devices that the APSolute Vision manages.

Caution: Port 443 must be open on the APSolute Vision server and Alteon devices for this task to run successfully.

Table 209: ERT IP Reputation Feed for Alteon: General Parameters



Enabled When selected, the task runs every five minutes after the first request by an Alteon for the ERT IP Reputation Feed. Disabled tasks are not activated, but the task configuration is saved in the database.


CHAPTER 9 – MANAGING AUDITING AND ALERTS

APSolute Vision logs all alerts and actions for APSolute Vision and, optionally, for the managed devices. You can view auditing information and other alerts in the Alerts Table pane.The following topics describe APSolute Vision auditing and the Alerts Table pane:• APSolute Vision Auditing, page 309• Enabling Configuration Auditing for Managed Devices, page 310• Managing Alerts, page 310

Note: APSolute Vision server alerts are added to the Alerts Table, and added to the audit table and forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on the underlying operating system is down, alerts triggered by the operating system are sent to the Alerts Table only.

APSolute Vision AuditingAPSolute Vision auditing meets compliance requirements by automatically logging the following:• All APSolute Vision alerts and user actions• All configuration changes made to managed devices via APSolute Vision

This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the network. In APSolute Vision, you can also configure the managed devices to log all configuration changes on the device.The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts Table, and can be displayed in the Alerts Table pane depending on the alerts filter configuration. APSolute Vision allows read-only access to the Auditing log. You can extract the data and store it remotely, as you require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the oldest entries after the maximum number of entries is reached and also ages entries that are older than six months.The following information is logged to the audit log:• All user management events and user activities—for example, access attempts, successful

login, password change by user, password reset by admin, and so on.• Actions performed on the device—for example, uploading or downloading a file to a device,

device reboot and shutdown, log file retrieval, and so on.• APSolute Vision activities, including:

— APSolute Vision upgrade— User management events (for example, creating or deleting a user, activating or

deactivating a user, and so on)• Device changes through CLI or WBM (if device auditing is enabled).• Alarms received from the device (if device auditing is enabled).• Device configuration activities (if device auditing is enabled). The audit log records all

configuration changes applied to the managed devices.• Device addition and deletion.


Managing Auditing and Alerts


To manage APSolute Vision auditing

1. Enable or disable configuration auditing for devices. For more information, see Enabling Configuration Auditing for Managed Devices, page 310.

2. Enable and configure syslog and e-mail settings for sending audit information from the Alerts Table pane. For more information, see Configuring Settings for the Alerts Pane, page 112.

Enabling Configuration Auditing for Managed DevicesWhen configuration auditing for devices is enabled on the APSolute Vision server and on the device, any configuration change on a device using APSolute Vision creates two records in the Audit database, one from the APSolute Vision server, and one from the device audit message.

Note: To prevent overloading the managed device and prevent degraded performance, the feature is disabled by default.

To enable configuration auditing for a managed device

1. In the Configuration perspective, select Setup > Advanced Parameters > Configuration Audit.

2. Select the Enable Configuration Auditing checkbox, and click Submit.

Managing AlertsThe Alerts Table pane stores and displays alerts.The alerts are based on events that are received from:• SNMP traps sent by managed Radware devices.• Auditing messages from all APSolute Vision modules.• APSolute Vision server events.• Configuration auditing messages for managed devices, if enabled on the device.

All alert information is stored in the APSolute Vision database in a table separate from the audit information. Alert information can be sent to a central audit repository via syslog, and to a configured recipient via e-mail.

Figure 56: Alert Displayed on the APSolute Vision Main Screen

Events Handled in the Alerts Table PaneThe following types of events are handled in the Alerts Table pane: • SNMP Traps, page 311• Auditing Messages, page 311




• APSolute Vision Server Events, page 311• Alerts for New Security Attacks, page 311

SNMP TrapsThe Alerts Table handles all traps generated by APSolute Vision and the managed devices, including: • Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.• Radware traps common to all Radware devices.• Device-specific Radware traps.

Auditing MessagesAPSolute Vision forwards all logged audit events from all APSolute Vision modules and managed devices to the Alerts Table pane, including:• Successful and failed login attempts• Backup and restore operations• Configuration changes to APSolute Vision and the managed devices• Monitoring and control changes• Successful and failed task scheduling changes• User management configuration changes

APSolute Vision Server Events APSolute Vision server events include events from:• Server and database monitoring processes• The APSolute Vision appliance• The watchdog process, which monitors APSolute Vision server processes

Alerts for New Security AttacksAPSolute Vision triggers an alert when a new attack is displayed in the Current Attacks table (which is part of the Security Monitoring perspective).The value in the Module column in the Alerts Table pane is Security Reporting.Each DefensePro device triggers separate security alerts. The security alerts are either for a single security event (that is, a single attack event) or aggregated from multiple security events. The format is similar for alerts for single attacks and multiple attacks.

Table 210: Information in Security Alerts

String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack Information

An attack of type: <attack category>1 started. <quantity of attacks> attacks of type: <attack category>1 started between <start time of first attack> and <start time of last attack>.2

Detected by policy: <policy>; Detected by policy: <policy>;3

Attack name: <attack name>; Attack name: <attack name>;

Source IP: <attacker IP address>; Source IP: <attacker IP address>;4

Destination IP: <attacked IP address>; Destination IP: <attacked IP address>;

Destination port: <attacked port>; Destination port: <attacked port>;




Alert InformationAll alert information is stored in the APSolute Vision database. Double-click on an alert in the Alerts Table tab to open the Alert Details dialog box, which displays all the information with the expanded alert message. The following table describes the fields of the APSolute Vision alerts.

Action: <action>5 . Action: <action>.

1 – Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions, Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM

2 – Times are in the format dd.MM.yy hh:mm.3 – When there are differences in the field values for the attacks, the values are comma-

separated.4 – When there are differences in the field values for the attacks, the value is multiple.5 – Action values: forward, proxy, drop, source-reset, dest-reset, source-dest-reset,

bypass, challenge, quarantine, drop-and-quarantine

Table 211: APSolute Vision Alert Fields

Alert Information Description Displayed in Alerts Table Pane?

Ack A check box indicating whether the alert has been acknowledged. Alerts of Info severity are acknowledged automatically when raised. Alerts of severity higher than Info require user acknowledgment. Acknowledging an alert indicates that it has been seen by the user and remains in the Alerts Table pane display. You can select or clear the check box to acknowledge or un-acknowledge alerts.

Yes, by default

Severity The APSolute Vision severity of the event: Critical, Major, Minor, Warning, Info. SNMP trap severities are mapped as shown in SNMP Trap Severity Mapped to APSolute Vision Severity, page 313 and APSolute Vision Alerts Mapped to Syslog Severity, page 314.

Yes, by default

Date and Time The date and GMT time at which the event occurred.In the Alert Details dialog box, this value is displayed with the label Raised Time.

Yes, by default

Device Name The values differ according to the alert type, as follows: • SNMP traps—The value is the name of the device

that generated them.• APSolute Vision auditing events, which have device

context (configuration, monitoring). The value is the name of the device to which the event relates.

When the alert is generated by the APSolute Vision server, no device name is displayed.

Yes, by default

Table 210: Information in Security Alerts (cont.)

String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack Information




The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered the Alert key.

Device IP address The IP address of the device to which the message relates. No value is provided for alerts generated by APSolute Vision.

Yes, by default

Message The description of the event. Yes, by default

Module The source module of the event. Values:• Vision Configuration—APSolute Vision configuration

auditing messages• Vision General—Includes general APSolute Vision

auditing messages and APSolute Vision server events• Vision Control—APSolute Vision Monitoring auditing

messages• Device General—For all other device alerts• Device Security—For network security alerts• Security Reporting—For security alerts

Yes, by default

User Name For APSolute Vision auditing, the name of the user whose action was audited. If no user is associated with the action, the user APSolute_Vision is displayed.

Yes, if configured

Device Type The type of device that generated the alert:• The APSolute Vision server—for auditing, appliance,

server and database monitoring, and watchdog alerts• Any AppDirector device• Any Alteon device• Any AppWall device• Any DefensePro device• Any LinkProof NG device

Yes, by default

Trap SID The trap SID for SNMP traps. There is no value for events that are not SNMP traps.

Yes, if configured

Port The port number included in the alert information, if it exists (for example, when a port link goes up or down).

Yes, by default

Table 212: SNMP Trap Severity Mapped to APSolute Vision Severity

Trap Severity APSolute Vision Severity Severity DescriptionFatal Critical Indicates a severe problem, which prevents

or disrupts normal use of the object.

Table 211: APSolute Vision Alert Fields (cont.)

Alert Information Description Displayed in Alerts Table Pane?




Displaying Alert InformationAPSolute Vision displays alert information in the Alerts Table pane. The Alerts Table table displays APSolute Vision alerts, device alerts, DefensePro security alerts, and device-configuration messages.

Figure 57: Alerts icon/button

For more information about the information displayed, see Alert Information, page 312.By default, alert information is displayed for one hour after the alert is raised. The information is then cleared from the display, but remains in the Alerts database. You can change the default in the Filtering dialog box. For more information, see Filtering Alerts, page 316.

Caution: The Alerts Table can display up to 10,000 entries. Refine your filter settings to get better results.

To view the Alert Table pane

> Click the (alert bell) button.

Error(APSolute Vision uses predefined criteria to assign Major or Minor severity.)

Major Indicates a problem of relatively high severity, which is likely to prevent normal use of the object.

Minor Indicates a problem of relatively low severity, which should not prevent normal use of the object.

Warning Warning While the managed object is functioning as it is intended to function, conditions exist that could potentially cause a problem.

Info Information Information only. There are no problems and the object is functioning normally.

Table 213: APSolute Vision Alerts Mapped to Syslog Severity

Severity in APSolute Vision Alerts Table Pane Level in Syslog1 - CRITICAL 3 - CRITICAL

2 - MAJOR 4 - ERROR

3 - MINOR 5 - WARNING

4 - WARNING 6 - NOTICE

5 - INFO 7 - INFORMATIONAL

Table 212: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)

Trap Severity APSolute Vision Severity Severity Description

Alerts icon/button. Orange indicates that you have new alerts. Click the button to open the Alerts Table pane.




For more information about Alerts Table pane navigation features, see APSolute Vision Interface Navigation, page 53. The information in the alert table is refreshed according to your configured preferences.In the Alerts Table pane, you can:• Show and hide columns.• Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require

user acknowledgment to indicate that they have been seen by the user. The alert remains in the Alerts pane display.

• Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering Alerts, page 316.

• Clear individual alerts from the alert table display.• Clear all the alerts in APSolute Vision database that match the current filter, whether or not the

alerts are visible in the Alerts pane.• Turn off automatic refresh of alert information.

To view details of an alert

> Double-click the alert row that you want to view. The alert details are displayed in the Alert Details dialog box.For more information about the information displayed, see Alert Information, page 312.

To clear all the alerts in APSolute Vision database that match the current filter, whether or not the alerts are visible in the Alerts pane

> Click the (Clear All Alerts) button.

To acknowledge alerts

> Do one of the following:— To acknowledge one or more alerts, select the alert row in the table, and click the

(Acknowledge Selected Alerts) button.

— To acknowledge all alerts in the alert table, click the (Acknowledge All Alerts) button.

To unacknowledge alerts

> Select the alert rows in the table and select click the (Unacknowledge Selected Alerts) button.




To clear alerts from the display

> To clear alerts, select the alert rows in the table and select the (Clear Selected Alerts) button.

Notes

• Cleared alerts remain in the database, but cannot be viewed.

• Clearing an unacknowledged alert automatically acknowledges the alert.

Automatic refresh is indicated by the selected (Pause) button.

To pause automatic refresh of alert information

> Click the (Pause) button.

To resume automatic refresh of alert information

> Click the (Resume) button.

Note: Radware recommends pausing automatic refresh while you are analyzing alert information—to prevent alerts disappearing from the display.

To close the Alert Table pane

> At the bottom of the Alerts Table pane, click Minimize.

Filtering AlertsYou can display a subset of the currently displayed alerts by filtering the alerts according to various alert information criteria.The criteria are organized according to categories, for example, alert severity, device module, and so on. Criteria from the same category are combined with a logical OR. Criteria from different categories are combined with a logical AND.The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in the last hour are displayed.Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.

Note: Regardless of the filter defined, the configured number of most recent critical alerts are always displayed at the top of the table on a colored background. This means that critical alerts that match the filter criteria are displayed twice.




To filter alerts in the alert table

1. Click the (alert bell) button to display the Alerts Table.

2. Click the (Alert Filter) button.

3. Configure the filtering criteria, and click Submit. The table is updated at the next automatic refresh.

Note: To restore the default filtering criteria, click Restore Defaults, then click Submit.

For more information about the filtering criteria, see Alert Information, page 312.

Table 214: Filtering Criteria Parameters

Parameter DescriptionThe Available lists and the Selected lists of devices and Logical Groups (of devices). The Available lists display the available devices and available Logical Groups. The Selected device list displays the devices whose alerts the Alerts Browser displays. The Selected Logical Group list displays the Logical Groups with the devices whose alerts the Alerts Browser displays.Select entries from the lists and use the arrows to move the entries to the other lists as required.

Note: When a Logical Group is selected, the devices whose alerts the Alerts Browser displays dynamically updates, according to the devices in the Logical Group. That is, when the device-set of a Logical Group changes, the set of devices whose alerts the Alerts Browser displays changes accordingly. For more information, see Using Logical Groups of Devices, page 190.

Select All Devices Specifies whether matching alerts for all devices are displayed.Default: Enabled

Raised Time The time period that includes the alerts’ raised-time that the Alerts Browser displays. For example, if you define 1 hour, alerts raised in the last hour are displayed. After the defined time, alerts are cleared from the display (not from the Alerts database).Values: 1 minute–24 hours Default: 1 hour

Severity The severities that the Alerts Browser displays.

Module The modules that the Alerts Browser displays.

Device Type The device types that the Alerts Browser displays.

Acknowledgment Specifies whether the Alerts Browser displays acknowledged alerts, unacknowledged alerts, or both.




Configuring Preferences for the Alerts PaneYou can configure the following preferences for the Alerts pane:• Client preferences—Define how many critical alerts to display and how often the client polls

the server for alert information. For more information, see Configuring Settings for the Alerts Pane, page 112.

• Server preferences—Define how the APSolute Vision server handles alerts. You can enable and configure reporting and logging events from the Alerts pane to a syslog server. You can configure sending alert information via e-mail to a defined recipient. For more information, see Configuring Settings for the Alerts Pane, page 112.


CHAPTER 10 – MONITORING ALTEON WITH THE DASHBOARD AND SERVICE STATUS VIEW

This chapter describes the monitoring Alteon using the Dashboard and Service Status View.This feature is available only in Alteon version 30.0 and later.

Note: For information on monitoring Alteon device performance using the Device Performance Monitor, see Using the Device Performance Monitor, page 403.This chapter contains the following main topics:• Monitoring Alteon with the Dashboard, page 319• Monitoring Alteon with the Application Delivery View, page 326• Monitoring Alteon with the Service Status View, page 327

Monitoring Alteon with the DashboardEvery 15 seconds, Alteon polls the following information for the dashboard: • CPU utilization• System usage• License capacity utilization• License capacity• Temperature and fans (physical platforms only)

The top row of the dashboard includes the following:• The device IP address or device name if configured• The current date and time on the client• The role of the user who opened the dashboard• The name of the user who opened the dashboard• Log Out to log out of the session

The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA, vADC, or ADC-VX).

Dashboard Features and UsageThe following dashboard features and usage are common to all form factors:• The dashboard opens in a new browser tab. Each click on the Dashboard opens a new browser

tab, which does not affect the display of any other opened browser tabs. • To change the display in the frame from a chart/graph to a table and from a table to a chart/

graph, click the icon in the upper right of any frame.


Monitoring Alteon with the Dashboard and Service Status View


• To change the sorting from ascending to descending and descending to ascending, click in a table heading.

• When the dashboard is visible, it displays runtime information.• To pause or resume the display, click the icon in the upper right of any frame. When you pause

the display, the timestamp is displayed. The timestamp is according to the timezone of the client.

• To pause or resume the display of all the displays in the current dashboard, click the Pause button or Resume button the top of the dashboard.

In a some charts, hovering over a point opens a box with details of the specific point.

To view the dashboard

> In the Configuration perspective or Monitoring perspective, select Overview > Dashboard.

System View Dashboard of the Alteon Standalone and Alteon VA PlatformsThe following table describes the frames in the System View dashboard for the Alteon standalone and VA platforms.

Table 215: System View Dashboard for Alteon Standalone and VA

Component DescriptionCPU Utilization The chart view displays a line graph showing the average SP CPU

utilization (%) and MP CPU utilization (%) on the platform over time. The X-axis displays the time (hh:mm:ss). The Y-axis displays the utilization percentage.The table view displays the current MP CPU utilization (%) on the platform and the CPU utilization (%) for each SP.




Temperature and Fans (The dashboard displays this frame only for physical standalone platforms.)

This frame contains two sections: the temperature and status of the critical fans.The chart view for temperature displays the following: • A thermometer, per sensor, with a color indicator for

temperature status: green—for nominal, and red—for not operating/not operating properly.

• A table with the sensor number and the temperature status (for example: Normal).

The table view for temperature displays a table with the following columns: • Sensor ID.• State—For example, Normal.• Temperature—In Celsius and Fahrenheit.The chart view for fans displays the following: • A fan with a color indicator for the current temperature status:

green—for nominal, and red—for not operating/not operating properly.

• A table with the number of fans and the current operational status (for example: Up).

The table view for fans displays a table with the following columns: • Fan ID—Only the critical fans.• State—For example, Up.

System Usage The chart view contains bar graphs—Session Table, Hard Disk (displayed only for physical standalone platforms), and Caching—showing the current utilization value (percentage). The Y-axis displays the current utilization percentage.The table view displays a table with the following columns:• Name—Hard Disk (displayed only for physical standalone

platforms), Capacity Units, and ADC Allocation.• Utilization—The current utilization value (percentage).• Current—The current utilization absolute value—for example,

in KB.• Maximum—The maximum available absolute value—for

example, in KB.

License Capacity Utilization The chart view contains bar graphs—one bar for each license type showing the current utilization value (percentage) of each capacity license. The Y-axis displays the current utilization percentage.The table view displays a table with the following columns:• Name—The name of the license type and the units (for

example, Mbps).• Utilization—The current utilization value (percentage).• License—The license capacity.• Current—The current utilization absolute value.• Peak—The peak utilization absolute value.

Table 215: System View Dashboard for Alteon Standalone and VA (cont.)

Component Description




System View Dashboard of the vADC PlatformThe following table describes the frames in the System View dashboard for the vADC platform.

License Capacity The chart view for this frame contains two tabs:• Throughput—A solid line for the Alteon, displaying the

throughput usage (Mbps) over time. A dotted line indicates the maximum throughput that the license allows. The scale of the Y-axis is logarithmic.

• SSL—A line for each selected vADC displaying the SSL usage (CPS) over time. A dotted line indicates the maximum throughput that the license allows.

To reset the peak values for the chart, click Reset All Peak Values.

Table 216: System View Dashboard for vADC

Component DescriptionCPU Utilization The chart view displays a line graph showing the average SP CPU

utilization (%) and MP CPU utilization (%) on the platform over time. The X-axis displays the time (hh:mm:ss). The Y-axis displays the utilization percentage.The table view displays the current MP CPU utilization (%) on the platform and the CPU utilization (%) for each SP.

System Usage The chart view contains bar graphs—Session Table, Hard Disk (relating to the physical ADC-VX), and Caching—showing the current utilization value (percentage). The Y-axis displays the current utilization percentage.The table view displays a table with the following columns:• Name—Hard Disk (relating to the physical ADC-VX), Capacity

Units, and ADC Allocation.• Utilization—The current utilization value (percentage).• Current—The current utilization absolute value—for example,

in KB.• Maximum—The maximum available absolute value—for

example, in KB.

License Capacity Utilization The chart view contains bar graphs—one bar for each license type showing the current utilization value (percentage) of each capacity license. The Y-axis displays the current utilization percentage.The table view displays a table with the following columns:• Name—The name of the license type and the units (for

example, Mbps).• Utilization—The current utilization value (percentage).• License—The license capacity.• Current—The current utilization absolute value.• Peak—The peak utilization absolute value.

Table 215: System View Dashboard for Alteon Standalone and VA (cont.)





System View Dashboard for the ADC-VX PlatformThe following table describes the frames in the System View dashboard for the ADC-VX platform.

License Capacity The chart view for this frame contains two tabs:• Throughput—A solid colored line for the Alteon, displaying the

throughput usage (Mbps) over time. A solid gray line for the Alteon, displaying the latest peak throughput usage (Mbps) over time. A dotted line indicates the maximum throughput that the license allows. The scale of the Y-axis is logarithmic.

• SSL—A line for each selected vADC displaying the SSL usage (CPS) over time. A dotted line indicates the maximum throughput that the license allows.

To reset the peak values for the chart, click Reset All Peak Values.

Table 217: System View Dashboard for Dashboard for ADC-VX

Component DescriptionCPU Utilization The chart view displays a line graph showing the MP CPU utilization

(%) on the platform over time. The X-axis displays the time (hh:mm:ss). The Y-axis displays the utilization percentage.The table view displays the current MP CPU utilization (%) on the platform.

Table 216: System View Dashboard for vADC (cont.)





Temperature and Fans This frame contains two sections: the temperature and status of the critical fans.The chart view for temperature displays the following: • A thermometer, per sensor, with a color indicator for

temperature status: green—for nominal, and red—for not operating/not operating properly.

• A table with the sensor number and the temperature status (for example: Normal).

The table view for temperature displays a table with the following columns: • Sensor ID.• State—For example, Normal.• Temperature—In Celsius and Fahrenheit.The chart view for fans displays the following: • A fan with a color indicator for the current temperature status:

green—for nominal, and red—for not operating/not operating properly.

• A table with the number of fans and the current operational status (for example: Up).

The table view for fans displays a table with the following columns: • Fan ID—Only the critical fans.• State—For example, Up.

System Usage The chart view contains three bar graphs—Hard Disk, Capacity Units, and ADC Allocation—showing the current utilization value (percentage). The Y-axis displays the current utilization percentage. The table view displays a table with the following columns: • Name—Hard Disk, Capacity Units, and ADC Allocation.• Utilization—The current utilization value (percentage).• Current—The current utilization absolute value (for Hard disk,

in gigabytes, for Capacity Units and ADC Allocation, the number).

• Maximum—The maximum available absolute value (for Hard disk, in gigabytes, for Capacity Units and ADC Allocation, the number).

Table 217: System View Dashboard for Dashboard for ADC-VX (cont.)





vADCs View Dashboard for ADC-VXYou can select up to five vADCs to monitor.The following table describes the frames in the vADCs View dashboard for the ADC-VX platform.

Table 218: vADCs View Dashboard for ADC-VX

Component DescriptionvADC Summary and Selection This frame contains two sections: vADC Utilization Summary and

vADC Selection.There is no table view for this frame.vADC Utilization Summary shows a status indicator (High, Medium, Low) for SP CPU Utilization and Throughput Utilization.Use the vADC Selection table to select the vADC to monitor in the dashboard (up to five). The table contains the following columns: ID, Name, and CU (which displays the number of allocated CUs).

CPU Utilization The chart view displays two bar graphs for each selected vADC. One bar shows the current MP CPU utilization (%). One bar shows the current SP CPU utilization (%). The Y-axis displays the utilization percentage. If more than one vADC is operating at the same utilization, only the top line is displayed.The table view displays a table with the following columns: • vADC—The vADC ID.• Name—The vADC name, if configured.• MP utilization (%).• SP CPU (%).

License Capacity Utilization The chart view for this frame contains two tabs:• Throughput—A line for each selected vADC displaying the

throughput utilization percentage over time. If more than one vADC is operating at the same utilization, only the top line is displayed.

• SSL—A line for each selected vADC displaying the SSL utilization percentage over time. If more than one vADC is operating at the same utilization, only the top line is displayed.

The table view displays a table with the following columns:• vADC—The vADC ID.• Name—The vADC name, if configured.• Throughput (%).• SSL (%).




Monitoring Alteon with the Application Delivery ViewThe Application Delivery View is available for Alteon standalone and vADC.This feature is available only in Alteon version 30.2 and later. The following table describes the frames in the Application Delivery View dashboard for the Alteon standalone and vADC platforms.

Note: You must globally enable virtual service statistics reporting to display information in the Application Delivery View.

To configure virtual service statistics settings

1. Select Configuration > Application Delivery > Virtual Services > Settings.2. Select the Statistics tab.

3. In the Statistics Measuring Period field, type a value in seconds in the range 1–3600.

4. Set the Per Service Statistics option to Enable.

5. Click Submit.

Table 219: Application Delivery View Dashboard for Alteon Standalone and vADC

Component DescriptionVirtual Service Selection The table view displays a table with the following columns:

• Status—The operational status of the virtual service.• Virtual Server—The identifier of the virtual server for the

virtual service.• Application—Values: http, ftp, dns• Port—The virtual service port.• Protocol—The virtual service protocol. Values: tcp, udp

Virtual Service Performance The chart view displays the following for each entry selected in the Virtual Service Selection frame: • Throughput (Mbps)• Connections per Second• Concurrent ConnectionsThe chart contains tool tips displaying a timestamp, a colored virtual service identifier, and virtual service performance statistics.The table view displays a table with the following columns: • Virtual Server• Port• Throughput (Mbps)• Connections per Second• Concurrent Connections




Monitoring Alteon with the Service Status ViewThis feature is available only in Alteon version 30.0 and later. The Service Status View is available for Alteon standalone, VA, and vADC.The Service Status View, which refreshes every 15 seconds, can display configuration information and status information on all the virtual services and the following associated Alteon objects: • AppShape++ scripts• Content rules• Server groups• Real servers

Note: For information on the statuses, see Status Criteria, page 329 below.

To view the Service Status View

> In the Configuration perspective or Monitoring perspective, select Overview > Service Status View.The Service Status View comprises two frames: Status Summary and Detailed Status.The Status Summary shows a summary of the following:— Virtual services—The total number of virtual services configured on the platform and a pie

chart that shows the percentage of each status.For Alteon version 29.5—Up, Warning, Down, and Admin Down.For Alteon version 30.0 and later—Up, Warning, Down, Admin Down, and Shutdown.

— Server groups—The total number of server groups configured on the platform and a pie chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed). Mixed indicates that the group is associated with multiple virtual services, and the statuses are not the same.

— Real servers—The total number of real servers configured on the platform and a pie chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed). Mixed indicates that the real server is associated with multiple server groups, and the statuses are not the same.

Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status frame.

The Detailed Status frame comprises:• Detailed Status tree—A tree with all the virtual services on the devices• Detailed Status filter—A filter with which you can filter the services

The status of each node in the tree is identified with an icon—

.




By default, all the parent nodes in the tree—the Virtual Service nodes—are collapsed. Each Virtual Service node is in the following format:

Virtual Service ID: <ID>, (<Port> <TCP|UDP>), Action: < Action>

where:

• <ID> is the specified ID of the virtual service.

• <Port> is the specified port number of the of the virtual service.

• <TCP|UDP> is the relevant protocol of the virtual service.

• < Action> is either the specified Action when the Application is HTTP or HTTPS (Group, Redirect, or Discard) or Group for all other Application values.

Example Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group

Expanding a Virtual Service node displays the following:

• AppShape++ Script(s) Associated—The Service Status View displays this node only if the virtual service is configured with one or more AppShape++ scripts.

• Content Rules—This node is displayed only if the virtual service is configured with one or more content rules. The Service Status View displays content rules numerically, each in the following format:

<Rule ID>, Action: <Action>, Group: <Group name>

• Group ID: <ID>—The ID of the server group, and includes the following node(s) sorted alphanumerically, each in the following format:

<Real server ID>: <IP address>

Note: Backup real servers and backup groups appear in the tree only when they are active.

Detailed Status FilterApplying a filter refreshes the tree view and shows the updated statuses and objects based on the filter criteria. The filter uses a Boolean AND operator on the data.By default, the child objects of each virtual service node are collapsed. After you run the filter, the tree view displays the relevant object expanded.

To filter the Detailed Status tree

> Configure the filter parameters and click GO.




Status CriteriaThis section describes the following status options:• Real Server Status, page 329• Server Group status, page 330• Content Rules per Virtual Service Status, page 330• Virtual Service Status, page 330

Real Server StatusThe real server status is calculated according to the following order:• Admin Down—Configuration disabled (either globally or in the group).• Shutdown—Operationally disabled (either globally or in the group).• Down—The real server health check failed.• Warning—The real server is in the No-new-sessions state or the Recovery state.• Up—The real server health check state is UP.

Table 220: System View Dashboard for Alteon Standalone and VA

Parameter DescriptionStatus Values:

• All—Show the specified object types with all statuses.• Up—Show only the specified object types with the Up status.• Warning—Show only the specified object types with the Warning status.• Down—Show only the specified object types with the Down status.• Warning + Down—Show the specified object types with the Down status and

the Warning status.• Admin Down—Show only the specified object types with the Down status.• Shutdown—Show only the specified object types with the Shutdown status.

Available in Alteon version 30.2.3 and later.Default: All

Note: For more status information, see Status Criteria, page 329.

Type Values:• All—Show all object types.• Virtual Service—Show only the virtual services that match the other criteria.• Server Group—Show only the server groups that match the other criteria.• Real Server—Show only the real servers that match the other criteria.• Content Rule—Show only the content rules that match the other criteria.Default: All

Free Text Free text that filters the results according to ID or other identifier.For example:• You can filter for a real server by entering its IP address. • You can filter for a group by entering the suffix of its ID.




Server Group statusThe server group status is calculated according to the status of its real servers.

Note: A group is considered to be in the Warning state if:• At least one real server is in the Warning state, or • Some of the real servers in the group are in Down and some are in the UP state.

Content Rules per Virtual Service StatusThe content rule status is defined as follows:• If the content rule is disabled, its status is Admin Down.• For a group action, the content rule status is the group status.• For a redirect or discard action, the content rule is considered to be up.

Virtual Service StatusThe virtual service status is calculated according to the following statuses:• The content rule status.• If at least one enabled AppShape++ script is associated to this service.• The service-action status, as follows:

— For an HTTP or HTTPS service, you can specify Group, Redirect, or Discard actions. — For a non-HTTP/S services, the action is always (implicitly) Group.

Note: When the action is Group, the service-action status is the Group status. When the Action is Redirect or Discard, the service-action status is always Up.


CHAPTER 11 – MONITORING THE ALTEON SYSTEM

This chapter describes monitoring Alteon system operations.

Note: For information on monitoring Alteon device performance using the Device Performance Monitor, see Using the Device Performance Monitor, page 403.The Alteon operations that you can monitor depend on the Alteon form factor and/or platform: standalone, VA, vADC, or ADC-VX.This chapter contains the following main topics:• Monitoring General Information, page 331• CPU Utilization and Memory Statistics, page 333• Monitoring Capacity, page 334• Unlocking Users, page 339• Maintenance, page 339• Azure, page 344

Monitoring General InformationThe Alteon parameters that Alteon displays depend on the Alteon form factor and/or platform: standalone, VA, vADC, or ADC-VX.

To monitor general system information

> In the Monitoring perspective, select System > General Information.

Table 221: General Information: General Parameters

Table 222: General Information: System Memory Parameters

Parameter DescriptionSwitch Name The name of the switch.

System Time The system time.

System Date The system date.

Last Apply The time and date of the last Apply action.

Last Save The time and date of the last Save action.

Last Boot The time and date of the last boot.

Switch Uptime The amount of time the switch has been up.

Parameter DescriptionThis group box is displayed only in standalone mode and ADC-VX mode.

Free The memory resources (in bytes) currently free in the system.


Monitoring the Alteon System


Table 223: General Information: System Hardware Parameters

Total The total memory resources (in bytes) in the system.

Parameter DescriptionMAC Address The MAC address.

Serial Number(Alteon VX and standalone only)

The serial number.

Mainboard Hardware No(Alteon VX and standalone only)

The mainboard hardware number.

Mainboard Hardware Rev The mainboard hardware revision.

Ethernet Board Hardware No

The Ethernet board hardware number.

Ethernet Board Hardware Rev

The Ethernet board hardware revision.

Temperature Sensors(Alteon VX and standalone only)

The number of temperature sensors.

Hard Disk The capacity, in GBs, of the hard disk.

Used Disk Space The used space, in GBs, of the hard disk.

Total RAM The capacity, in GBs, of RAM.

Power Supply(Alteon VX and standalone only)

The number of power supplies.

Fan Status(Alteon VX and standalone only)

The fan status.

SSL Chip Displays the following parameters regarding the SSL chips:• SSL Chip Status—Values: Active Initialized, and so on. • Type—For example:

Cavium HSM; Model NITROX XL CN16XX-NFBE;

• Amount—The quantity of HSM card on the platform, which is typically 1.

HSM State The state of the HSM card. Values: trusted, and so on.

Note: Initialization of the HSM card is done using the Alteon CLI. For more information, see the Alteon Web Based Management Application Guide and Alteon Command Line Interface Reference Guide.

Current capacity units (Alteon VX only)

The current capacity units configured on the platform.





CPU Utilization and Memory Statistics

To monitor CPU utilization and memory statistics

> In the Monitoring perspective, select System > CPU Utilization and Memory Statistics.

Max capacity units (Alteon VX only)

The maximum capacity units configured on the platform.

Current throughput (Alteon VX only)

The current throughput.

Max throughput (Alteon VX only)

The maximum throughput configured on the platform.

Table 224: CPU Utilization: Management Processor Parameters

Parameter DescriptionAdmin Context CPU UtilizationThis group box is displayed only in ADC-VX mode.

Last Second The CPU utilization of the admin context in the last second.

Last 4 Seconds The CPU utilization of the admin context in the last four seconds.

Last 64 Seconds The CPU utilization of the admin context in the last 64 seconds.

CPU Utilization

Last Second The CPU utilization of the management processor in the last second.

Last 4 Seconds The CPU utilization of the management processor in the last four seconds.

Last 64 Seconds The CPU utilization of the management processor in the last 64 seconds.

MemoryThis group box is displayed only in standalone mode and ADC-VX mode and standalone mode.

Free The memory resources currently free on the management processor.

Total The total memory resources of the management processor.

Table 225: CPU Utilization: Switch Processor Parameters (not available in Alteon VX)

Parameter DescriptionSP Number The switch-processor number.

Last Second The CPU utilization of the switch processor in the last second.

Last 4 Seconds The CPU utilization of the switch processor in the last four seconds.

Last 64 Seconds The CPU utilization of the switch processor in the last 64 seconds.

Dynamic Memory StatisticsThis group box is not displayed in ADC-VX mode.





Monitoring CapacityThis feature is available only in Alteon standalone, VA, and ADC-VX. Monitoring capacity comprises the following:• Monitoring System Capacity, page 335• Monitoring Network Capacity, page 335• Monitoring Application Delivery Capacity, page 337

SP Number The switch-processor number.

Total Memory The total memory resources of the switch processor.

Current Memory The memory resources, in KB, currently used on the switch processor.

Hi water mark The peak memory resources, in KB, used on the switch processor.

Allowed Max The allowed maximum memory usage, in KB.

Table 226: Memory Statistics: Memory Statistics Parameters

Parameter DescriptionThis tab is available only in Alteon versions 30.5.2.0 and later.This tab is not displayed in ADC-VX mode.

Total RAM The total RAM memory resources of the switch processor in MB.

Initial Configured Memory The initial configured memory of the switch processor in MB.

Safety Margin 1st Watermark

The percentage of memory allocated to the first watermark.

Safety Margin 2nd Watermark

The percentage of memory allocated to the second watermark.

SP Number The switch-processor number.

Initial Size: 1st Watermark

The amount of memory given until pressure starts (in MB): Initial configured memory / Number of SPs x 75%.

Initial Size: 2nd Watermark

The amount of memory given to the growing phase (in MB): Initial configured memory / Number of SPs x 90%.

Current Process Size The size of the current process (in MB).

Memory Pressure The memory pressure.Values: On, Off

Memory Pressure Active Time

The memory pressure active time (in seconds).

Memory used from 1st Watermark

The percentage of memory used from the first watermark.

Table 225: CPU Utilization: Switch Processor Parameters (not available in Alteon VX) (cont.)





Monitoring System CapacityThis feature is available only in version 30.0 and later.

To monitor system capacity

> In the Monitoring perspective, select System > Capacity > System.

Monitoring Network CapacityThis feature is available only in version 30.0 and later.

To monitor network capacity

> In the Monitoring perspective, select System > Capacity > Network.

Table 227: System Capacity Parameters in Alteon Standalone, VA, and vADC

Parameter DescriptionCache Usage (MB) Comprises the following two values:

• Maximum—The maximum cache usage, in MB, that the device can support.

• Current—The current cache usage, in MB.

Hard Disk (GB) Comprises the following two values:• Maximum—The hard-disk size, in GB, that the device can support. • Current—The current hard-disk usage, in GB. • In Use—The amount of hard-disk space in use, in MB.

RAM (GB) Comprises the following two values:• Maximum—The maximum RAM, in GB, that the device can

support.

Table 228: System Capacity Parameters in ADC-VX

Parameter DescriptionvADCs Comprises the following two values:

• Maximum—The maximum number of vADCs that the device can support.

• Current—The current number of vADCs configured on the device and, in parentheses, the number of enabled vADCs on the device.

Capacity Units Comprises the following two values:• Maximum—The maximum number of capacity units that the device

can support. • Current—The current number of capacity units configured on the

device.




Table 229: Network Capacity Parameters in Alteon Standalone and VA

Table 230: Network Capacity Parameters in Alteon vADC

Parameter DescriptionFDB Comprises the following two values:

• Maximum—The maximum Forwarding Database usage that the device can support.

• Current—The current Forwarding Database usage.

VLANs Comprises the following two values:• Maximum—The maximum number of VLANs that the device can

support. • Current—The current number of VLANs configured on the device

and, in parentheses, the number of enabled VLANs on the device.

ARP Entries Comprises the following two values:• Maximum—The maximum ARP entries that the device can support. • Current—The current number of ARP entries configured on the

device and, in parentheses, the number of enabled ARP entries on the device.

IP Interfaces Comprises the following two values:• Maximum—The maximum number of IP interfaces that the device

can support. • Current—The current number of IP interfaces configured on the

device and, in parentheses, the number of enabled IP interfaces on the device.

IP Routes Comprises the following two values:• Maximum—The maximum number of IP routes that the device can

support. • Current—The current number of IP routes configured on the

device.

VRRP Routers Comprises the following two values:• Maximum—The maximum number of VRRP routers that the device

can support. • Current—The current number of VRRP routers configured on the

device and, in parentheses, the number of enabled VRRP routers on the device.

Parameter DescriptionFDB Comprises the following two values:

• Maximum—The maximum Forwarding Database usage that the device can support.

• Current—The current Forwarding Database usage.

ARP Entries Comprises the following two values:• Maximum—The maximum ARP entries that the device can support. • Current—The current number of ARP entries configured on the

device and, in parentheses, the number of enabled ARP entries on the device.




Table 231: Network Capacity Parameters in ADC-VX

Monitoring Application Delivery CapacityThis feature is available only in Alteon standalone, VA, and vADC.

To monitor application delivery capacity

> In the Monitoring perspective, select System > Capacity > Application Delivery.

IP Interfaces Comprises the following two values:• Maximum—The maximum number of IP interfaces that the device

can support. • Current—The current number of IP interfaces configured on the

device and, in parentheses, the number of enabled IP interfaces on the device.

IP Routes Comprises the following two values:• Maximum—The maximum number of IP routes that the device can

support. • Current—The current number of IP routes configured on the device.

VRRP Routers Comprises the following two values:• Maximum—The maximum number of VRRP routers that the device

can support. • Current—The current number of VRRP routers configured on the

device and, in parentheses, the number of enabled VRRP routers on the device.

Parameter DescriptionVLANs Comprises the following two values:

• Maximum—The maximum number of VLANs that the device can support.

• Current—The current number of VLANs configured on the device and, in parentheses, the number of enabled VLANs on the device.

Table 232: Application Delivery Capacity Parameters

Parameter DescriptionReal Servers Comprises the following two values:

• Maximum—The maximum number of real servers that the device can support.

• Current—The current number of real servers configured on the device and, in parentheses, the number of enabled real servers on the device.





Server Groups Comprises the following two values:• Maximum—The maximum number of server groups that

the device can support. • Current—The current number of server groups configured

on the device.

Virtual Servers Comprises the following two values:• Maximum—The maximum number of virtual servers that

the device can support. • Current—The current number of virtual servers configured

on the device and, in parentheses, the number of enabled virtual servers on the device.

Virtual Services The maximum number of virtual services that the device can support.

Real Services The maximum number of real services that the device can support.

Filters(This parameter is available only in version 30.0 and later.)

Comprises the following two values:• Maximum—The maximum number of filters that the device

can support. • Current—The current number of filters currently used and,

in parentheses, the number of enabled filters on the device.

Session Table Entries (This parameter is available only in version 30.0 and later.)

Comprises the following two values:• Maximum—The maximum number of Session table entries

that the device can support. • Current—The current number of Session table entries

currently used and, in parentheses, the number of enabled Session table entries on the device.

Dynamic Data Store Comprises the following two values:• Maximum—The maximum number of 512-byte blocks that

the device can support in the dynamic data store. • Current—The current number of 512-byte blocks currently

used in the dynamic data store. Note that each persistence and user-defined entry can occupy one or more 512 byte blocks.

Keys (This parameter is available only in version 30.0 and later.)

Comprises the following two values:• Maximum—The maximum number of keys that the device

can support. • Current—The current number of keys configured on the

device.

Certificate Signing Requests (This parameter is available only in version 30.0 and later.)

Comprises the following two values:• Maximum—The maximum number of certificate signing

requests that the device can support. • Current—The current number of certificate signing requests

configured on the device.

Table 232: Application Delivery Capacity Parameters (cont.)





Unlocking Users The administrator can monitor all currently locked-out users, viewing the remaining lockout time, and can unlock any locked-out user. For more details regarding the user lockout feature, see the relevant Alteon section in the APSolute Vision online help.

To unlock users

1. In the Monitoring perspective, select System > Locked Users.The table lists all currently locked-out users, detailing the User ID, User Name and User Role. The table shows the date and time the user was locked out and the amount of remaining lockout time (in minutes).

2. Select the row detailing the specific locked-out user and click Unlock.

3. Click OK to confirm.

MaintenanceUse the Maintenance tab to manage technical support data, packet capture, and trace logging of application services.

Technical Support DataThis procedure describes how manage technical support data.

Note: The Technical Support File (tsdump) is a text file containing Alteon statistics, information and configuration output. The Tech Data Log File is a zipped archive that includes, in addition to the tsdump file, other log files (for example, core dump files) to help R&D with debugging. All passwords in the technical support files are encrypted.

Server Certificates (This parameter is available only in version 30.0 and later.)

Comprises the following two values:• Maximum—The maximum number of server certificates

that the device can support. • Current—The current number of server certificates

configured on the device.

Table 232: Application Delivery Capacity Parameters (cont.)





To manage technical support data

1. In the Monitoring perspective, select System > Maintenance.2. In the Technical Support Data tab, select the technical support data to be included, and click

Generate to generate the technical support file.

3. Click Export to export the technical support file.

4. To export the full technical support data, click Export Tech Data Log to export the Tech Data log file.

Note: Generating the technical support data file may take up to a few minutes. Only after you receive the note stating that the file generation has ended, can you operate the export option.

Core File Management This feature is available only in Alteon standalone, VA, and VX.Alteon allows you to export the core dump files in a compressed .tgz file to your local disk. You can select to export all the core dump files in a single zipped file, or you can select a single core dump file to be exported.You can also delete all core dump files.

Note: The core files compress and export operation will take few minutes. During this time, the WEB GUI will be blocked. The files will be available when the operation ends.

Table 233: Technical Support Data Parameters

Parameter DescriptionInclude Private Keys Specifies whether to include private keys in the technical support file.

Passphrase(Available when Include Private Keys is selected.)

The passphrase, which must be at least four characters long.

Confirm Passphrase(Available when Include Private Keys is selected.)

The passphrase, which must be at least four characters long.

Include DNSSEC information(This parameter is available only in version 31.0 and later.)

Specifies whether to include DNSSEC information in the technical support file.

Include Persistency Entries(This parameter is available only in version 31.0 and later.)

Specifies whether to include persistency entries in the technical support file.

Include UDP Listen Ports(This parameter is available only in version 31.0 and later.)

Specifies whether to include UDP listening ports in the technical support file.




To export core files

1. In the Monitoring perspective, select System > Maintenance.2. In the Core File Management tab, do one the following:

— Select Export All Core Files (enabled by default).— Select Export Selected Core File, and enter the core ID to be exported. The Core Files are listed in a table, detailing the Core ID, File Name, Time and date, and file size.

3. Click Export to export the (selected) Core File(s).

4. Click Delete to delete all Core Files.

Packet Capture

Notes

• Live capture is not enabled when you are connected using a serial connection.

• For Alteon standalone and ADC-VX platforms: The capture file size is limited to 500 MB. For Alteon VA platforms, the capture file size is limited to 50 MB.

• The output displays GMT time and not the local time.

• If you transform the back-end flow to port 80, you will see clear text in the capture file.

Note: Alteon VA translates the MAC address for virtual servers and interfaces assigned by VMware to its own internal MAC address for internal processing. It switches the Alteon VA MAC address back to the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the internal Alteon VA MAC address is displayed in some of the tables and dumps displayed on the console.

Note: Service interruptions may occur when using packet capture in certain situations; for example, with high traffic volume and only one CU allocated for the vADC. Radware recommends that you use packet capture sparingly (for troubleshooting purposes), during a maintenance window, or only in periods of low traffic volume.

To manage packet capture

1. In the Monitoring perspective, select System > Maintenance.2. In the Packet Capture tab, configure the parameters, and do one the following:

— Click Start to start the packet capture.— Click Stop to stop the packet capture.— Click Export to export the packet capture.— Click Clear Capture File to clear the packet capture file.




Application Services Trace LogThis feature is available only in Alteon standalone, VA, and vADC.If a service is specified, messages generated by that service are enabled for logging and routed to the syslog server.Enabling Application Services Trace Logging may impact performance on Alteon traffic processing capabilities. Make sure that you disable trace logging when you are done.

To manage application services trace log

1. In the Monitoring perspective, select System > Maintenance.2. In the Application Services Trace Log tab, configure the parameters, and do one the following:

3. Click Clear to clear the trace log.

4. Click Export to export the trace log.

5. Click Submit to submit the configuration.

Table 234: Packet Capture Parameters

Parameter DescriptionPacket Count The maximum number of captured packets.

Range: 0-1000000000

Packet Length The length of packets to capture, in bytes. Range: 0-9100

Port Range The port range.The valid range depends on the Alteon platform. Refer to the Alteon Installation and Maintenance Guide for details of the port range for each supported platform.

VLAN The VLAN range. Range: 1-4090

Packet Filter String The packet capture filter string field is used to set the capture filter parameters. It accepts the same filter criteria (syntax) as the tcpdump format. The following parameters can be set with an “and” or an “or” operator between them, or using parentheses: • dst host <host>—Filters the output on the specified destination host IP.• src host <host>—Filters the output on the specified source host IP

address.• dst port <port>—Filters the output on the specified destination port.• src port <port>—Filters the output on the specified source port.• port—Filters the output on the specified port.• tcp—Filters the output for TCP traffic only.• udp—Filters the output for UDP traffic only• icmp—Filters the output for ICMP traffic only.• ip multicast—Filters the output for multicast traffic only.• ip broadcast—Filters the output for broadcast traffic only.Example: (dst host 6.6.6.6 or src host 6.6.3.3) and port 80Maximum characters: 1024




FastView LogsThis procedure describes how access the FastView log files.

To manage technical support data

1. In the Monitoring perspective, select System > Maintenance.2. In the FastView Logs tab, select one of the following FastView log files to display:

— SMF Hub— Configuration Manager— Compiler

View the FastView logs for SMF Hub, Config Manager, and the Compiler. Each button launches a new pane for you to see the details in the log.

Table 235: Application Services Trace Log Parameters

Parameter DescriptionAppShape++ Specifies whether to enable logging of AppShape++ activities.

Default: Disabled

Caching Specifies whether to enable logging of caching activities.Default: Disabled

Compression Specifies whether to enable logging of compression activities.Default: Disabled

Content Class Specifies whether to enable logging of Content Class activities.Default: Disabled

HTTP Specifies whether to enable logging of HTTP activities.Default: Disabled

HTTP Modification Specifies whether to enable logging of HTTP Modification activities. Default: Disabled

SSL Specifies whether to enable logging of SSL activities. Default: Disabled

TCP Specifies whether to enable logging of TCP activities. Default: Disabled

Data Table Specifies whether to enable logging of data table activities. Default: Disabled

Memory Specifies whether to enable logging of memory activities. Default: Disabled

FastView Specifies whether to enable logging of FastView activities. Default: Disabled

FastView SMF Specifies whether to enable logging of FastView SMF activities. Default: Disabled

Fetcher Specifies whether to enable logging of Fetcher activities. Default: Disabled




Azure Displays the Azure VM public IP information. If GSLB is configured, the NIC resource name and public IP address are presented. If HA is configured the public IP address, the NIC resource name, the peer public IP address, and the peer NIC resource name are presented.

To monitor azure information

> In the Monitoring perspective, select System > Azure.

Table 236: Application Services Trace Log Parameters

Parameter DescriptionFastView Specifies whether to enable logging of FastView activities.

FastView SMF Specifies whether to enable logging of FastView SMF activities.

Table 237: Azure Parameters

Parameter DescriptionPublic IP Address The public IP address.

NIC Resource Name The NIC resource name.

Peer Public IP Address The peer public IP address.

Peer NIC Resource Name The peer NIC resource address.


CHAPTER 12 – MONITORING THE ALTEON NETWORK

This chapter describes monitoring Alteon network operations.

Note: For information on monitoring Alteon device performance using the Device Performance Monitor, see Using the Device Performance Monitor, page 403.The Alteon operations that you can monitor depend on the Alteon form factor and/or platform: standalone, VA, vADC, or ADC-VX.This chapter contains the following main topics:• Monitoring and Controlling Physical Ports, page 345• Monitoring Layer 2, page 346• Monitoring Layer 3, page 348• Monitoring High Availability, page 355

Monitoring and Controlling Physical PortsThis feature is available only in Alteon standalone, VA, and ADC-VX.

To monitor physical ports

> In the Monitoring perspective, select Network > Physical Ports.

Table 238: Physical Port Parameters

Parameter DescriptionPort ID The port identifier.

Status Specifies whether the port is enabled or disabled.Values: Enable, Disable

Operational Status Specifies whether the port is online or offline.Values: Online, Offline

Octets

In The number of inbound octets.

Out The number of outbound octets.

Unicast Packets

In The number of inbound unicast packets.

Out The number of outbound unicast packets.

Broadcast Packets

In The number of inbound broadcast packets.

Out The number of outbound broadcast packets.


Monitoring the Alteon Network


To enable physical ports

1. In the Monitoring perspective, select Network > Physical Ports.2. Select the row in the table for the required port.

3. Click Enable.

To disable physical ports


3. Click Disable.

To clear statistics for physical ports


3. Click Clear Statistics.

Monitoring Layer 2This feature is available only in version 30.0 and later.Monitoring Layer 2 comprises the following topics:• Monitoring FDB, page 346• Monitoring STG, page 348

Monitoring FDBThis feature is available only in Alteon standalone, VA, and vADC.

Multicast Packets

In The number of inbound multicast packets.

Out The number of outbound multicast packets.

Discards

In The number of inbound discarded packets.

Out The number of outbound discarded packets.

Errors

In The number of inbound errored packets.

Out The number of outbound errored packets.

Table 238: Physical Port Parameters (cont.)





The forwarding database (FDB) contains information that maps the media access control (MAC) address to the port from which the Alteon address was learned.

Note: The forwarding database supports up to 16K MAC address entries on the MP per Alteon. Each SP supports up to 8K entries.

To display FDB monitoring parameters

> In the Monitoring perspective, select Network > Layer 2 > FDB.

To clear the entire FDB

1. In the Monitoring perspective, select Network > Layer 2 > FDB.2. Click Clear Entire FDB.

Table 239: FDB Monitoring Parameters

Parameter Description MAC Address The MAC address in the FDB.

VLAN The VLAN. Values: 1–4090

Port The port number. 0 specifies unknown.

Trunk The trunk-group number. The FDB entries on a single trunk. Values: 1–4090

State Values:• Forward—The address has been learned by Alteon.• Trunk—The Port field represents the trunk group number. • Unknown—The MAC address has not yet been learned by Alteon,

but has only been seen as a destination address. When an address is in the Unknown state, no outbound port is indicated, although ports which reference the address as a destination are listed under reference ports.

• Vir—The MAC address is for a standard VRRP virtual router.• Virtual server (VIP)—The MAC address is for a virtual server

router, a virtual router with the same IP address as a virtual server.

Referenced SPs The SP number.

Learned Port The learned port number.




Monitoring STGThis feature is available only in Alteon standalone, VA, and ADC-VX.When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so that Alteon uses only the most efficient path.

Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.

To display Spanning Tree Group monitoring parameters

> In the Monitoring perspective, select Network > Layer 2 > STG.

Monitoring Layer 3This feature is available only in Alteon standalone, VA, and vADC.Monitoring Layer 3 comprises the following topics:• Monitoring Gateways, page 349• Monitoring Routes, page 349• Monitoring Learned MACs (or IP FDB), page 350• Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 353• Monitoring Interfaces, page 354

Table 240: STG Monitoring Parameters

Parameter Description Spanning Tree Group The Spanning Tree Group number.

Number Of Topology changes The number of topology changes.

Time Since Last Changes The time since the last changes.

Table 241: Spanning Tree Group BPDU Statistics Parameters

Statistic DescriptionPort The port number.

Status The status of the port.

BPDUs Received

Configuration The number of configuration BPDUs received.

TCN The number of TCN (Topology Change Notification) messages received.

RSTP/MST The number of MST or RST BPDUs received.

BPDUs Transmitted

Configuration The number of configuration BPDUs transmitted.

TCN The number of TCN (Topology Change Notification) messages transmitted.

RSTP/MST The number of MST or RST BPDUs transmitted.




Monitoring GatewaysThis feature is available only in version 30.0 and later.Alteon can be configured with up to 255 gateways. Gateways 1 to 4 are reserved for default gateway load balancing. Gateways 5 to 259 are used for load-balancing of VLAN-based gateways.Alteon needs an IP interface for each default gateway to which it is connected. Each interface needs to be placed in the appropriate VLAN. These interfaces are used as the primary and secondary default gateways for Alteon.

To monitor gateways

> In the Monitoring perspective, select Network > Layer 3 > Gateways.

Monitoring RoutesThis feature is available only in version 30.0 and later.Alteon uses a combination of configurable IP interfaces and IP routing options. Alteon IP routing capabilities provide the following benefits:• Connects the server IP subnets to the rest of the backbone network.• Performs Server Load Balancing (using both Layer 3 and Layer 4 in combination) to server

subnets that are separate from backbone subnets.• Introduces Jumbo frame technology into the server-switched network by fragmenting UDP

Jumbo frames when routing to non-Jumbo frame VLANs or subnets.• Routing IP traffic between multiple Virtual Local Area Networks (VLANs) configured on Alteon.

To monitor routes

> In the Monitoring perspective, select Network > Layer 3 > Routes.

Table 243: IPv4 Routes Monitoring Parameters

Table 242: Gateway Monitoring Parameters

Parameter Description Status The status of the gateway.

Gateway ID The gateway number to which the information is related.Values: 1–259

IP Address The IP address of the default gateway.

VLAN The VLAN identifier of the gateway.

Parameter DescriptionEntry The entry number of the route in the routing table.

Destination The destination IP address of this route.

Mask The subnet mask of this route.

Gateway The IP address of the destination gateway for this route.




The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each interface to avoid too many network entries in the table.

Table 244: IPv6 Routes Monitoring Parameters

Monitoring Learned MACs (or IP FDB)This feature is available only in Alteon standalone, VA, and vADC. The name of this node in Alteon version 30.1 and earlier is IP FDB. The name of this node in Alteon version 30.2 and later is Learned MACs.

Type The route type.Values:• Indirect—The next hop to the host or subnet destination are forwarded

through a router at the gateway address.• Direct—Packets are delivered to a destination host or subnet attached to

Alteon.• Local—Indicates a route to one of the Alteon IP interfaces.• Broadcast—Indicates a broadcast route.• Martian—The destination belongs to a host or subnet that is filtered out.

Packets to this destination are discarded.

Tag The tag that indicates the origin of the route.Values:• Fixed—The address belongs to a host or subnet attached to Alteon.• Static—The address is a static route which has been configured on Alteon.• Addr—The address belongs to one of the Alteon IP interfaces.• RIP—The address was learned by the Routing Information Protocol (RIP).• OSPF—The address was learned by Open Shortest Path First (OSPF).• BGP—The address was learned via the Border Gateway Protocol (BGP)• Broadcast—Indicates a broadcast address.• Martian—The address belongs to a filtered group.• Multicast—Indicates a multicast address.• VIP—Indicates a route destination that is a virtual server IP address. VIP

routes are needed to advertise virtual server IP addresses via BGP.

Metric The metric for RIP tagged routes, specifying the number of hops to the destination (1 through 15 hops, or 16 for infinite hops).

Interface The IP interface that the route uses.

Parameter DescriptionEntry The entry number of the route in the routing table.

Destination The destination IP address of this route.

VLAN The VLAN of the route.

Next Hop The next hop of the route.

Protocol The route protocol.Values: Local, Static





Monitoring learned MACs (or IP FDB) comprises the following topics:• ARP, page 351—Displaying ARP monitoring parameters and clearing the ARP cache• Neighbor Cache, page 352—Includes displaying Neighbor Cache monitoring parameters and

summary information and clearing the Neighbor Cache

ARPThis procedure describes how to display the ARP monitoring parameters.Static ARP entries reside permanently in the ARP cache and do not age out like the ARP entries that are learned dynamically. Static ARP entries enable Alteon to reach hosts without sending an ARP broadcast request to the network. Static ARPs are also useful in communicating with devices that do not respond to ARP requests. Static ARPs can also be configured on some gateways as protection against malicious ARP cache corruption and possible DoS attacks.

Note: Alteon allows the static ARP configuration to be retained over reboots.

To display ARP monitoring parameters

> In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).

To clear the ARP cache

1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).2. Select the relevant row in the table.

3. Click Clear ARP Cache.

Table 245: ARP Monitoring Parameters

Parameter Description IP Address The IP address for the ARP entry.

Flags The flag associated with the entry.Examples:• clear• permanent—Not obtained via an ARP request (for example, IP interface and

VIP) • R—Indirect ARP (cache) entry for IP address reachable via indirect routes

(static/dynamic)• layer4—Layer 4 IP address (VIP) • u—Unresolved ARP entry. The MAC address has not been learned.

MAC Address The MAC address for the ARP entry.

VLAN The VLAN for the ARP entry.Values: 1–4090

Port The physical port where the IP address owner for this ARP entry is connected.

Referenced SPs The number of SPs on which this ARP entry is present.




Neighbor CacheIPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors’ link layer addresses and reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables routers to advertise their presence and address prefixes, and to inform hosts of a better next hop address to forward packets.

Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is replaced by a new one. During this period, no new entries are used to sort for display.The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains information about each neighbor. Neighbor Cache entries are added in the following situations:• Entries are added when an IPv6 interface or virtual IP is operational.• Reception of ND messages from neighbor.• A device sends ND packets to resolve a link layer address to which it is attempting to send

packets.

To display Neighbor Cache monitoring parameters and summary information

> In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).

Table 246: Neighbor Cache Monitoring Parameters

Parameter DescriptionIPv6 Address The IPv6 address for the Neighbor Cache entry.

MAC Address The MAC address for the Neighbor Cache entry.

VLAN The VLAN for the Neighbor Cache entry.Values: 1–4090

Port The physical port for the Neighbor Cache entry.

State The the reachability state of the Neighbor Cache entry. Values:• INCPM—Incomplete. The link-layer address of the neighbor has not yet been

determined.• REACH—Reachable. The neighbor is known to have been reachable recently.• Stale—The neighbor is no longer known to be reachable, but until traffic is

sent to the neighbor, no attempt should be made to verify its reachability.• Delay—The neighbor is no longer known to be reachable, and traffic has

recently been sent to the neighbor.• Probe—The neighbor is no longer known to be reachable, and ND messages

are sent to the neighbor to verify reachability.

Type The type of the Neighbor Cache entry.Values:• LOCAL—The entry is a predefined address on Alteon.• DYNAMIC—The entry is a neighbor address learned from ND.




To clear the Neighbor Cache

1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).2. Select the relevant row in the table.

3. Click Clear Neighbor Cache.

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and EarlierThis feature is available only in Alteon standalone, VA, and vADC.

To monitor VRRP virtual routers

> In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.

Table 247: Neighbor Cache Summary Information Parameters

Parameter DescriptionTotal dynamic Neighbor Cache entries The total number of dynamic Neighbor Cache entries.

Total local Neighbor Cache entries The total number of local Neighbor Cache entries.

Other Neighbor Cache entries The number of other Neighbor Cache entries.

Table 248: Legacy VRRP Virtual Router Parameters

Parameter DescriptionStatus The VRRP status.

Values: • Init—If there is no port in the virtual router’s VLAN with an active

link, the interface for the VLAN fails, thus placing the virtual router into the INIT state. The INIT state identifies that the virtual router is waiting for a startup event. If it receives a startup event, it will either transition to master if its priority is 255 (the IP address owner), or transition to the backup state if it is not the IP address owner.

• Master—The virtual router is the master.• Backup—The virtual router is a backup.• Holdoff—VRRP operation is globally suspended for the specified

interval. When a device becomes the VRRP master at power up or after a failover operation, it may begin to forward data traffic before the connected gateways or real servers are operational. Alteon may create empty session entries for the coming data packets and the traffic cannot be forwarded to any gateway or real server.

Router ID The router identifier.

VR ID The virtual router identifier.

IP Address The IP address of the virtual router.




To switch over a VRRP virtual router

1. In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.2. Select an entry and click Backup.

Monitoring InterfacesAlteon needs an IP interface for each subnet to which it is connected so it can communicate with the real servers and other devices attached to it that receive switching services. Alteon can be configured with up to 256 IP interfaces. Each IP interface represents Alteon on an IP subnet on your network. The interface option is disabled by default.This feature is available only in version 30.0 and later.

To monitor interfaces

> In the Monitoring perspective, select Network > Layer 3 > Interfaces.

Interface The IP interface of the device. If the IP interface has the same IP address as the IP address, this device is considered the owner of the defined virtual router.

Priority The election priority bias for this virtual server.During the master router election process, the routing device with the highest virtual router priority number wins. If there is a tie, the device with the highest IP interface address wins. If this virtual router’s IP address (addr) is the same as the one used by the IP interface, the priority for this virtual router is set to 255 (highest).When priority tracking is used, this base priority value can be modified according to a number of performance and operational criteria.Values: 1–254Default: 100

Note: When you enable hot-standby for a vrgroup, the currently set priority for the vrgroup is increased by 2.

Ownership The owner of the VRRP IP address.Values:• Owner—If the IP interface has the same IP address as the virtual

address IP, this device is considered the owner of the defined virtual router. An owner has a special priority of 255 (highest) and always assumes the role of the master router, even if it must preempt another virtual router that has assumed master routing authority.

• Renter—The virtual router that is not owned by the device.

Table 248: Legacy VRRP Virtual Router Parameters (cont.)





Monitoring High AvailabilityThis section comprises the following topics:• Monitoring High Availability in Alteon Version 30.1, page 355• Monitoring High Availability for Alteon Version 30.2 and Later, page 358

Monitoring High Availability in Alteon Version 30.1This feature is available only in Alteon standalone, VA, and vADC.

Note: You can configure the values for the High Availability feature in the Configuration perspective, under Network > High Availability.For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do the following:• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon

version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode. Typically, you do this when you need to perform maintenance on the active Alteon and not affect the service.

• When the High Availability Mode on the device is Service HA: — Monitor high-availability information.— Switch an active service group to backup mode. Typically, you select all the services and

switch to backup mode when you need to perform maintenance on the active Alteon and not affect the services.

• When the High Availability Mode on the device is Legacy VRRP:— Monitor high-availability information.— Switch an active device to backup mode when the High Availability Mode on the device is

Legacy VRRP. Typically, you do this when you need to perform maintenance on the active Alteon and not affect the services or for passing master control back to a primary Alteon after it has been returned to service after a failure.

Table 249: Interface Monitoring Parameters

Parameter Description State The state of the interface.

Interface ID The identifier of the interface.

IP Address The IP address of the interface.

Mask The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields displays 0.0.0.0.

Prefix The prefix of the interface if the interface is IPv6. If the interface is IPv4, the fields displays 0.

VLAN The VLAN identifier of the interface.

BFD The status of the Bidirectional Forwarding Detection (BFD) peer on this interface.Values: Disabled, Enabled




To view High Availability mode and state

> In the Monitoring perspective, select Network > High Availability.The High Availability Mode field displays one of the following: Disabled, Switch HA, Service HA, Extended HA, Legacy VRRPThe Status field displays master or backup.

To monitor Service HA information in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability.

To monitor Switch HA information in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability

To monitor legacy VRRP virtual routers in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability.

Table 250:

Parameter DescriptionStatus The Service HA status.

HA Group ID The HA Group identifier.

Table 251: Switch HA Monitoring Parameters

Parameter DescriptionPeer Switch ID The identifier of the peer.

Peer Switch Address The IP address of the advertisement IP interface associated with the peer.

Last Sync The type (manual or automatic), status, timestamp, and failure reason of the last configuration synchronization attempt.

Last Successful Sync The type (manual or automatic) and timestamp of the last successful configuration synchronization.




Forcing FailoverYou can force a specified master Alteon, or a specified master service group, into backup mode. This is generally used for passing master control back to a preferred Alteon (or service group) once the preferred Alteon (or service group) has been returned to service after a failure.If failback mode is Always when you force failover, the Alteon with preferred state Active (the “preferred master”) briefly becomes the backup and then reverts to the master.

To force a master Alteon into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.2. Click Backup.

To force a master service group into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.2. Select the required service group or service groups.

3. Click Backup.

Monitoring High Availability for Alteon Version 30.2 and LaterThis feature is available only in Alteon standalone, VA, and vADC.

Note: You can configure the values for the High Availability feature in the Configuration perspective, under Network > High Availability.• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon

version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode. Typically, you do this when you need to perform maintenance on the active Alteon and not affect the service.

• When the High Availability Mode on the device is Service HA: — Monitor high-availability information.— Switch an active service group to backup mode. Typically, you select all the services and

switch to backup mode when you need to perform maintenance on the active Alteon and not affect the services.

• When the High Availability Mode on the device is Legacy VRRP:— Monitor high-availability information.— Switch an active device to backup mode when the High Availability Mode on the device is

Legacy VRRP. Typically, you do this when you need to perform maintenance on the active Alteon and not affect the services or for passing master control back to a primary Alteon after it has been returned to service after a failure.

To view High Availability mode and state

> In the Monitoring perspective, select Network > High Availability.The High Availability Mode field displays one of the following: Disabled, Switch HA, Service HA, Extended HA, Legacy VRRP




The Status field displays master or backup.

To monitor Service HA information

> In the Monitoring perspective, select Network > High Availability > Sync Status.

To monitor Switch HA information


To monitor Extended HA information

This option is available only in Alteon version 30.5.4 and later, and in version 31.0.1 and later.> In the Monitoring perspective, select Network > High Availability > Sync Status.

Table 253: Service HA Monitoring Parameters

Parameter DescriptionStatus The Service HA status.

HA Group ID The HA Group identifier.

Table 254:

Parameter DescriptionPeer Switch ID The identifier of the peer.

Peer Switch Address The IP address of the advertisement IP interface associated with the peer.

Last Sync The type (manual or automatic), status, timestamp, and failure reason of the last configuration synchronization attempt.

Last Successful Sync The type (manual or automatic) and timestamp of the last successful configuration synchronization.

Table 255: Extended HA Monitoring Parameters

Parameter DescriptionState The Extended HA status.



• Master—The virtual router is the master.• Backup—The virtual router is a backup.




To monitor legacy VRRP virtual routers

















Forcing FailoverYou can force a specified master Alteon, or a specified master service group, into backup mode. This is generally used for passing master control back to a preferred Alteon (or service group) once the preferred Alteon (or service group) has been returned to service after a failure.If failback mode is Always when you force failover, the Alteon with preferred state Active (the “preferred master”) briefly becomes the backup and then reverts to the master.

To force a master Alteon into backup mode

1. In the Monitoring perspective, select Network > High Availability.2. Click Backup.

To force a master service group into backup mode

1. In the Monitoring perspective, select Network > High Availability.2. Select the required service group or service groups.

3. Click Backup.




Table 256: Legacy VRRP Virtual Router Parameters (cont.)



CHAPTER 13 – MONITORING ALTEON APPLICATION DELIVERY

This chapter describes monitoring Alteon application delivery operations.

Note: For information on monitoring Alteon device performance using the Device Performance Monitor, see Using the Device Performance Monitor, page 403.This section contains the following main topics:• Clearing Non-operating SLB Statistics, page 363• Clearing SLB Statistics from the HA Peer, page 364• Monitoring and Controlling Virtual Servers, page 364• Monitoring and Managing Filters, page 369• Monitoring and Controlling Server Resources, page 372• View a FastView Web Application, page 377• Monitoring and Controlling APM, page 378• Monitoring and Controlling SSL, page 379• Monitoring Traffic Match Criteria, page 382• Monitoring and Controlling Application Services, page 383• Monitoring LinkProof, page 389• Monitoring Global Traffic Redirection Statistics, page 392• Monitoring AppShape++ Statistics, page 396

Clearing Non-operating SLB StatisticsIn Alteon version 30.1 and later, you can clear all non-operating SLB statistics, resetting them to zero. The action, Clear All SLB Statistics, does not reset Alteon and does not affect the following counters:• Counters required for Layer 4 and Layer 7 operations (such as current real server sessions)• All related SNMP counters

To clear all non-operating SLB statistics

1. (In Alteon version 30.1 and later, and 30.2 and later) In the Monitoring perspective, select Application Delivery > Virtual Service.

2. (In Alteon version 30.5 and later, version 31.0 and later, and version 32.0 and later) In the Monitoring perspective, select Application Delivery > Server Resources.

3. Click Clear All SLB Statistics.


Monitoring Alteon Application Delivery


Clearing SLB Statistics from the HA PeerIn Alteon version 31.0.6.0 and later, and version 32.1.0.0 and later, you can clear all SLB statistics from the HA peer when both the following conditions are met:When both the following conditions are met, you can clear all SLB statistics from the HA peer:• The Configuration > Network > High Availability > High Availability Mode parameter is

set to Service HA.• Session mirroring is enabled for at least one service.

To clear all SLB statistics from the HA peer

1. In the Monitoring perspective, select Application Delivery > Server Resources.2. Select Also clear SLB statistics on peer.

3. Click Clear All SLB Statistics.

Monitoring and Controlling Virtual ServersThis feature is available only in Alteon standalone, VA, and vADC.

To monitor virtual servers, virtual services, and content-based rules

> In the Monitoring perspective, select Application Delivery > Virtual Service > Virtual Servers.The following parameters display in the Virtual Servers table:


> In the Monitoring perspective, select Application Delivery > Server Resources > Virtual Servers.The following parameters display in the Virtual Servers table:


> In the Monitoring perspective, select Application Delivery > Virtual Servers.The following parameters display in the Virtual Servers table:

Table 257: Virtual Servers Statistics

Parameter DescriptionStatus The status of the virtual server.

Virtual Server ID The ID of the virtual server.




Click on an entry in the Virtual Services of Selected Virtual Server table to view the following detailed virtual service statistics:

Description(This parameter is available only in version 31.0 and later, and 32.0 and later.)

The description of the virtual server.

Name(This parameter is available only in version 29.5.x, 30.0.x, 30.1.x, 30.2.x, and 30.5.x.)

A name for the virtual server

IP Address(This parameter is available only in version 31.0 and later, and 32.0 and later.)

The IP address of the virtual server.

Connection per Second(This parameter is available only in version 30.5.x and later, 31.0.2 and later, and 32.0 and later.)

The number of connections per second for the virtual server.

Throughput per Second(This parameter is available only in version 30.5.x and later, 31.0.2 and later, and 32.0 and later.)

The throughput, in Mbps, for the virtual server.

Current Sessions The number of sessions currently open on the virtual server.

Total Sessions The total number of sessions handled by the virtual server.

Highest Sessions The highest number of concurrent sessions recorded on the virtual server.

Total Octets The total number of octets sent and received by the virtual server.

Table 258: Virtual Services: General Statistics (Alteon Version 31.0 and Later)

Parameter DescriptionVirtual Server ID The ID of the virtual server associated with the selected virtual service.

Application The name of the application associated with the virtual service.

Service Port The service port associated with the selected virtual service.

Protocol The Layer 4 protocol for the specified application.

Action The action of the virtual service.

Group ID The identifier of the server group to which this virtual service redirects the traffic.

Table 257: Virtual Servers Statistics (cont.)





Total Octets(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The total number of octets sent and received by the virtual service.

Connections per Second(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The number of connections per second for the virtual service.

Throughput per Second(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The throughput, in bytes per second, for the virtual service.

Current Sessions(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The number of sessions currently open on the virtual service.

Total Sessions(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The total number of sessions handled by the virtual service.

Highest Sessions(This parameter is available only in version 31.0.2 and later, and version 32.0 and later.)

The highest number of concurrent sessions recorded on the virtual service.

Table 259: Virtual Service: Traffic Statistics per Real Server (Alteon Version 30.1 and Later)

Parameter DescriptionRuntime Status(Available only in Alteon version 31.0 and later, and version 32.0 and later.)

The run-time status of the real server per service based on the configuration, operational status, health check status, and traffic of the real server.Available statuses: Up, Down, Admin-Down, Warning, or Shutdown.

Real ID The identifier of a real server associated with the virtual service.

Current Sessions The number of current sessions to the virtual service on the real server.

Total Sessions The total number of sessions to the virtual service on the real server.

Highest Sessions The highest number of concurrent sessions to the virtual service on the real server.

Table 258: Virtual Services: General Statistics (Alteon Version 31.0 and Later) (cont.)





Failure Reason(This parameter is available only in version 31.0.3 and later, and version 32.0 and later)

Displays the reason for which the real server associated with the virtual service is considered Down. The failure reason displays when the runtime status of the server is Down, otherwise the failure reason is empty.

Time since last device reset / clear statistics

The time since the device was last reset and traffic statistics were cleared.

Table 260: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later)

Parameter DescriptionHTTP 2.0 Displays the following statistics for HTTP 2.0 traffic:

• Connection Count—Number of connections within the statistics measuring period.

• Connection Peak—The peak number of concurrent connections within the statistics measuring period.

• Requests Count—Number of requests within the statistics measuring period.

HTTP 1.1 Displays the following statistics for HTTP 1.1 traffic:• Connection Count—Number of connections within the statistics

measuring period.• Connection Peak—The peak number of concurrent connections

within the statistics measuring period.• Requests Count—Number of requests within the statistics

measuring period.




measuring period.

HTTP/2 Connection Statistics(These statistics are displayed only when an HTTP/2 policy is associated with the selected virtual service)

Displays the value for the last measuring period (Current) and the highest value recorded in a measuring period (Peak) for each of the following statistics:• Backend Connections used by HTTP/2 Proxy• Client Streams—Average number of client streams per connection.• PUSH Streams—Average number of PUSH stream connections sent

by Alteon to clients.• Canceled PUSH Requests—Average number of cancel PUSH

requests received from a client per connection.

• Session Duration Average—In mm:ss format.

Table 259: Virtual Service: Traffic Statistics per Real Server (Alteon Version 30.1 and Later)





HTTP/2 Header Compression Statistics(These statistics are displayed only when an HTTP/2 policy is associated with the selected virtual service)

Displays the value for the last measuring period (Current) and the highest value recorded in a measuring period (Peak) for each of the following header compression statistics:• Requests—Average Compression Ratio (%)• Responses—Average Compression Ratio (%)• Average de facto HPACK Table Size—Average size of the dynamic

HPACK table.• Big Headers Count—The number of Big Headers handled. A Big

Header is a header whose size is more than half of the maximum dynamic table size. Such headers usually cause eviction of older headers from the table.

• Average Evicted Bytes Per Connection

Statistics Measuring Period

Period, in seconds, for which statistics are measured and displayed.You configure this parameter in the Statistics tab at Configuration > Application Delivery > Virtual Services.



Table 261: Virtual Services Monitoring: Caching and Compression Statistics (Alteon Version 30.2 and Later)

Parameter DescriptionObjects Served from Cache

The number of objects served from cache.

Cache Hits Percentage of cache hits.

Cache Requests Number of cache requests per second.

Total Cached Objects Total number of cached objects.

New Cached Objects Number of new cached objects per second.

Peak New Cached Objects Number of peak new cached objects per second.

Compression Statistics Compression-specific statistics:• Throughput (KB)—Amount of compressed and uncompressed

throughput, and compression ratio.• Average Object Size (KB)—Average compressed and

uncompressed object size, and compression ratio.• Total Bytes Saved—Since last reboot or statistics clear.• Bytes Saved—Bytes saved per second.• Peak Bytes Saved—Highest number of bytes saved per second

since last reboot or statistics clear.





Table 260: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later) (cont.)





Monitoring and Managing Filters

To monitor filters

1. In the Monitoring perspective, select Application Delivery > Filters.

2. In the Filters table, select the required row(s) and click the button to view the filter details.

Table 262: Virtual Services: FastView Statistics (Alteon Version 30.2 and Later)

Parameter DescriptionTransactions Number of current, total, and peak transactions.

HTML Pages Number of current, total, and peak HTML pages.

Optimized Pages Number of current, total, and peak optimized pages.

Tokens Rewritten Number of current, total, and peak tokens rewritten.

Compiled Pages Number of current, total, and peak compiled pages.

Bytes Saved with Image Reduction

Number of bytes saved with image reduction for current traffic, and for traffic since the last clear of statistics.

% Bytes Saved with Image Reduction

Percentage of bytes saved with image reduction for current traffic, and for traffic since the last clear of statistics.

Responses with Expiry Modified

Number of responses with expiry modified for current traffic, and for traffic since the last clear of statistics.

% Responses with Expiry Modified

Percentage of responses with expiry modified for current traffic, and for traffic since the last clear of statistics.





Table 263: Content-Based Rules Statistics

Parameter DescriptionVirtual Server ID The ID of the virtual server associated with the selected content-based

rule.

Service ID The ID of the virtual service associated with the selected content-based rule.

Content Rule ID The ID of the content-based rule.

Action The action of the content-based rule.

Current Sessions The number of current sessions that match the content-based rule.

Total Sessions The total number of sessions that match the content-based rule.

Highest Sessions The highest number of concurrent sessions that matched the content-based rule.

Total Octets The total number of bytes/octets that matched the content-based rule.




The statistics in the following tabs are relevant for redirect filters. They displays the statistics of the real servers that participate in this redirect group.

Note: The counters display accumulative data from all filters that redirect to each real server.

Table 264: Filter Parameters

Parameter DescriptionStatus The configurational status of the filter.

Filter ID The filter ID of the filter.

Name The name of the filter.

Action The configurational action of the filter.

Table 265: Statistics Parameters

Parameter DescriptionThis tab is available only in version 32.0 and later

Connections per Second The number of connections per second currently processed by this filter.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore

the session counter is incremented per request.• For non-cached filters and Layer 2 filters with non-IP traffic, the

match is packets based, and therefore the session counter is not incremented.

Current Sessions The current number of sessions processed by this filter.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore


match is packets-based, and therefore the session counter is not incremented.

Highest Sessions The highest number of sessions processed by this filter since the last reboot of reset statistics.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore



Total Sessions The total number of sessions processed by this filter since the last reboot of reset statistics.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore






Current Throughput The current throughput, in Kbps, processed by this filter.

Highest Throughput The highest throughput, in Kbps, processed by this filter.

Total Bandwidth The total bandwidth, in Mb, processed by this filter.

Total Hits The number of total hits, in packets, connections, or Requests, depending on the type of filter.Special cases:• For HTTP Layer 7 filters, the match is request based, and therefore


match is packets based, and therefore the session counter is not incremented.

Table 266: Real Server Traffic Parameters

Parameter DescriptionThis tab is available only in version 32.0 and later

Runtime Status The runtime status of the real server.Values: Disabled, Failed, Running

Real IDs The real server ID.

Current Sessions The current number of sessions processed by the real server connected to this filter.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore



Highest Sessions The highest number of sessions processed by this real server since the last reboot of reset statistics. Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore



Total Sessions The total number of sessions processed by this real server since the last reboot of reset statistics. Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore



Current Throughput [Kbps]

The current throughput, in Kbps, processed by this real server.

Table 265: Statistics Parameters (cont.)





Monitoring and Controlling Server ResourcesAlteon displays the following connections per second (CPS) statistics for the entire Alteon platform: current connections per second, current throughput (in Mbps), and current SSL connections per second.Monitoring and controlling virtual services comprises the following: • Monitoring and Controlling Real Servers, page 373• Monitoring and Controlling Server Groups, page 375• Monitoring and Controlling Virtual Servers, page 364• Monitoring and Controlling APM, page 378

Highest Throughput [Kbps]

The highest throughput, in Kbps, processed by this real server.

Total BW [Mb] The total bandwidth, in Mb, processed by this real server.

CPS The number of connections per second currently processed by this real server.Special cases:• For HTTP Layer 7 filters, the match is request-based, and therefore



Table 267: SSL Parameters

Parameter DescriptionNew SSL handshakes The number of new SSL handshakes per second.

Reused SSL handshakes The number of reused SSL handshakes per second.

Reuse rate The reuse rate in percentage.

Rejected SSL handshakes The number of rejected SSL handshakes per second.

SSL v3 handshakes The percentage of SSL v3 handshakes.

TLS 1.0 handshakes The percentage of TLS 1.0 handshakes.




HTTP to HTTPS redirections

The number of HTTP to HTTPS redirections.





Table 266: Real Server Traffic Parameters (cont.)





To monitor device summary statistics

> In the Monitoring perspective, select Application Delivery > Server Resources. The device statistics table displays the following statistics:

Related Topics • Clearing Non-operating SLB Statistics, page 363• Clearing SLB Statistics from the HA Peer, page 364

Monitoring and Controlling Real ServersThis feature is available only in Alteon standalone, VA, and vADC.You can view monitoring information of the real servers and change their operational status.

Note: Changing the operational status of a real server is typically performed for maintenance purposes. If you execute a change to the operational status of a real server, the change takes effect without an Apply or Save command. When the Alteon resets, the real server reverts to its configuration status (that is, enabled or disabled).

To change the operation status or one or more real servers

1. In the Monitoring perspective, select Application Delivery > Virtual Service Server Resources > Real Servers.

2. In the table, select the rows of the real server whose operational statue you want to change.

3. From the Real Server Operations drop-down list, select the required option, and then click Execute.

Default: Disable.

Table 268: Device Summary Statistics

Parameter DescriptionCurrent Connection Per Second

The number of current connections per second.

Current Throughput The amount of current throughput (in Mbps).

Current SSL CPS The number of current SSL connections per second.

Table 269: Real Server Operations—Options

Parameter DescriptionDisable Disables the selected real server(s) immediately and close existing

connections.

Disable & Fastage Existing Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Fast-ages existing sessions.3. Disables the real server when there are no connections on it.




To view monitoring information for the real servers

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers. The table in the Real Servers tab displays information for all the real servers.

Note: Users with CoS type User can see the statistics and status of all real servers, but they can only perform operations on the real servers that are assigned to them.

2. To view the monitoring information for one specific real server, click the button.

Disable & Keep Persistency

Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Keeps persistent data until session expiration.3. Disables the real server when there are no connections including

the persistent data for the real server.

Disable & Keep Persistency and Fastage

Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Keeps persistent data until session expiration.3. Fast-ages existing sessions.4. Disables the real server when there are no connections including


Enable Enables the selected real server(s).

Table 270: Real Server Monitoring: Status Information

Parameter DescriptionStatus The administrative status of the real server.

Values (Alteon version 30.2.7 and later, version 30.5.6 and later, and version 31.0.3 and later):• Disable—Disables the server and removes the existing sessions

using disabled-with-fastage option.• Enable—Enables the server.• Connections Shutdown—Continues sending to the server traffic

belonging to active connections but denies any new connections.• Sessions Shutdown—Continues sending to the server traffic

belonging to active connections and accepts new connections if they belong to persistent session entry.

Values (all other versions): • Enabled—The real server is enabled.• Disabled—The real server is disabled.• Disable-with-fastage—The real server was disabled and fastaged

the existing sessions.

Table 269: Real Server Operations—Options (cont.)





Monitoring and Controlling Server GroupsThis feature is available only in Alteon standalone, VA, and vADC.

Server State The run-time state of the real server (which is, the result of the real-server health check).Values: Disabled, Failed, Running

Operational Status The operational status of the real server. For more information, see Real Server Operations—Options, page 373.

Real Server ID The identifier of the real server.

Description The description of the real server.

IP Address The IP address of the real server.

MAC Address The MAC address of the real server.

Table 271: Real Server Monitoring: Sessions Statistics

Parameter DescriptionCurrent Sessions The number of sessions currently open on the real server.

Total Sessions The total number of sessions the real server handled.

Highest Sessions The highest number of concurrent sessions handled by the real server.

Table 272: Real Server Monitoring: Octets Statistics

Parameter DescriptionTotal Bytes The total number of bytes handled by the real server (transmit and

receive).

Table 273: Real Server Monitoring: Failures Statistics

Parameter DescriptionServer Failures The number of times the real server has failed since the last reboot.

Table 274: Real Server Monitoring: Health Check Information

Parameter Description(These parameters are displayed only when monitoring a specific real server.)

Last Failure The time of the last failure.

Up Time The time that the server has been up.

Down Time The time that the server has been down

Table 270: Real Server Monitoring: Status Information (cont.)





To monitor basic information of the server groups

> In the Monitoring perspective, select Application Delivery > Virtual Service Server Resources > Server Groups.The Server Groups table shows the following statistics:

To operationally enable selected servers in a group

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server Groups.

2. In the Real Servers per Group table, select the required row(s) and click the (Edit) button.

3. From the Real Server per Group Operation drop-down list, select Enable.

4. Click Enable.

To operationally disable selected servers in a group


2. In the Server Groups table, select the required server group and click the (Edit) button.

3. In the Real Servers per Group table, select the required row(s).

4. (In Alteon version 30.0.12 and earlier, version 30.2.7 and earlier, version 30.5.5 and earlier, and version 31.0.2 and earlier) From the Real Server per Group Operation drop-down list, select Disable.

5. (In Alteon version 30.2.8 and later, version 30.5.6 and later, and version 31.0.3 and later) From the Real Server per Group Operation drop-down list, select from the following options how to shut down the selected real servers in the server group:

— Disable—Disables the server and removes the existing sessions using disabled-with-fastage option.

Table 275: Server Groups Statistics

Parameter DescriptionServer Group ID The identifier of the server group.

Description The description of the server group.

SLB Metric The load balancing metric for the server group.

Health Check The health check used to monitor the server group.

Current Sessions The current number of sessions that the server group is handling.

Total Sessions The total number of sessions that the server group has handled.

Highest Sessions The highest number of concurrent sessions that the server group has handled.

Total Octets The total number of octets that the server group has handled.




— Connections Shutdown—Continues sending to the server traffic belonging to active connections but denies any new connections.

— Sessions Shutdown—Continues sending to the server traffic belonging to active connections and accepts new connections if they belong to persistent session entry.

6. Click the button next to the Real Server per Group Operation drop-down list.

To monitor information of the real servers in a server group


2. Double-click the relevant server group.

The Real Servers per Group table shows the following statistics:

View a FastView Web ApplicationYou can view details about any FastView Web applications from the Monitoring section.

To access monitoring details for FastView Web applications

1. Navigate to Monitoring > Application Delivery > Virtual Service > Virtual Servers.

Note: You can also access this information directly from the Content Rule pane or the FastView Web Application pane.

Table 276: Real Servers per Group Statistics

Parameter DescriptionStatus The real server configuration status in the group.

Values: Enable, Disable, Connection Shutdown, Sessions Shutdown

Server State The run-time state of the real server in the group. Values: Running, Failed, Overloaded.(The Overloaded status is available only in version 30.2.10.0 and later, version 30.5.8.0 and later, version 31.0.5.0 and later, and version 32.0.1.0 and later.)

Operational Status The operational status of the server.Values: Enable, Disable, Connection Shutdown, Sessions Shutdown

Real Server ID The ID of the real server.

IP Address The IP address of the real server.

Description The description of the real server.

Current (Sessions) The current number of sessions that the real server is handling.

Total (Sessions) The total number of sessions that the real server has handled.

Highest (Sessions) The highest number of concurrent sessions that the real server has handled.

Bytes The total number of bytes that the real server has handled.




2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server pane.

3. Select the FastView tab on the View Virtual Service pane.

4. View the information available for each virtual service:

Monitoring and Controlling APMThis feature is available only in version 30.0 and later on Alteon standalone, VA, and vADC.

To monitor APM

> In the Monitoring perspective, select (depending on the Alteon version) Application Delivery > Virtual Service > APM or Application Delivery > Server Resources > APM or Application Delivery > Virtual Servers > APM.

Table 277: Virtual Service

Parameter DescriptionTransactions The counter of HTTP GET requests served by FastView for this virtual

service within the measured period.

HTML Pages The number of HTML pages served by FastView. Some of them may not be optimized, for example if they are excluded in the configuration.

Optimized Pages The number of HTML pages optimized and rewritten by FastView.

Tokens Rewritten The number of substitution performed by FastView.

Compiled Pages The number of compiled or learned pages.

Bytes Saved with Image Reduction

Displays the number of bytes saved by the image reduction treatments on a resource.

% Bytes Saved with Image Reduction

Displays the percentage of bytes saved by the image reductions treatments on a resource.

Responses with Expiry Modified

Displays the number of responses that have a modified expiry.

% Responses with Expiry Modified

Displays the percentage of responses with a modified expiry.





Table 278: Virtual Servers Monitoring Parameters

Parameter DescriptionVirtual Server ID The ID of the virtual server.

Service The service identifier.




Monitoring and Controlling SSLYou can view and monitor the SSL filter parameters (read only).

To monitor SSL filters

> In the Monitoring perspective, select Application Delivery > SSL.

Monitoring SSL Client Authentication and the OCSP /CDP CacheThis feature is available only in Alteon standalone, VA, and vADC.When the OCSP or CDP cache is filled with stale responses, you may want to purge the cache.

To monitor SSL client authentication and purge the OCSP/CDP cache

> In the Monitoring perspective, select Application Delivery > SSL > SSL Client Authentication.

Table 279: SSL Filter Parameters

Parameter DescriptionNew SSL handshakes The number of new SSL handshakes per second.

Reused SSL handshakes The number of reused SSL handshakes per second.

Reuse rate The reuse rate in percentage.

Rejected SSL handshakes The number of rejected SSL handshakes per second.

SSL v3 handshakes The percentage of SSL v3 handshakes.





HTTP to HTTPS redirections

The number of HTTP to HTTPS redirections.





Table 280: SSL Client Authentication Parameters

Parameter DescriptionClient Authentication Policy ID The Client Authentication Policy ID.

OCSP Cache Purge Purges the cached content of the relevant OCSP responses.

CDP Cache Purge Purges the cached content of the relevant CDP responses.




Monitoring SSL Inspection You can purge the SSL Certificate Cache.

To purge the SSL certificate cache

1. In the Monitoring perspective, select Application Delivery > SSL> SSL Inspection.2. Click Certificate Cache Purge.

Monitoring Security Device Groups You can view the security device group parameters.

To monitor Security Device Group parameters

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > Security Device Groups

Security device parameters include:• Group Name• Security Device Type• Health Check• Current Sessions• Total Sessions• Highest Sessions• Total Bytes

Monitoring Security Devices You can set the real server operation and monitor and view the security device parameters.

To set the real server operation

1. In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > Security Devices

2. For the Real Server Operation parameter, select an option from the drop-down list and click Enable/Disable (as applicable)

Table 281: Real Server Operations—Options

Parameter DescriptionEnable Enables the selected real server(s).

Disable Disables the selected real server(s) immediately and close existing connections.




To monitor Security Device parameters

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > Security Devices

Security device parameters include:• Status• Server State• Operational State• Real server ID• security Device Type• Description• IP Address• MAC Address• Current Sessions• Total Sessions• Highest Sessions• Total Bytes • Server Failures

Monitoring CDP Group Status You can view (read-only) the status of the latest successful or failed CRL downloads.

Disable & Keep Persistency

Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Keeps persistent data until session expiration.3. Disables the real server when there are no connections including


Disable & Fastage Existing Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Fastages existing sessions.3. Disables the real server when there are no connections on it.

Disable & Keep Persistency and Fastage

Gracefully disables the real server, having the server do the following:1. Does not accept new connections.2. Keeps persistent data until session expiration.3. Fastages existing sessions.4. Disables the real server when there are no connections including


Table 281: Real Server Operations—Options (cont.)





To view the CRL download status

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > CDP Group

Monitoring Traffic Match CriteriaTraffic Match Criteria comprises the following topic:• Monitoring URL Filtering, page 382

Monitoring URL Filtering This feature lets you view the URL filtering information for a selected URL filter.This feature is available only in version 30.5 and later.

To monitor URL filtering

1. In the Monitoring perspective, select Application Delivery > Traffic Match Criteria > URL Filtering.

2. Select a row and click the button to view the URL filtering information for the selected URL filter.

3. If you want to clear the URL filtering statistics, click Clear Statistics.

4. If you want to purge the URL filtering cache, click URLF Cache Purge.

Table 282: CDP Group up Monitoring Parameters

Parameter DescriptionID The CDP group identifier.

Last Successful Download Shows the day, date, and time of the last successful CRL download per CDP group.

Last Failed Download Shows the day, date, and time of the last failed CRL download per CDP group.

Table 283: URL Filtering Parameters

Parameter DescriptionSubcategory The URL filter subcategory hits status.

Category The URL filter category hits status.

Count The URL filter count statistics.




Monitoring and Controlling Application ServicesMonitoring and controlling application services comprises:• Monitoring and Controlling HTTP, page 383

Monitoring and Controlling HTTP Monitoring and controlling HTTP includes the following features on the HTTP Services pane:• In Alteon version 30.2 and later, HTTP Statistics• Cache Purge of HTTP Content• Flushing Learned FastView Optimizations

HTTP ServicesThis feature is available only in Alteon standalone, VA, and vADC.HTTP services include:• Viewing HTTP Statistics, page 383• Purging Cached Content of HTTP Responses, page 384• Flushing Learned FastView Optimizations, page 384

Viewing HTTP StatisticsThis feature is available only in Alteon version 30.2 and later.You can view statistics for supported versions of HTTP.

To view HTTP statistics

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.2. Select the HTTP tab.

Table 284: HTTP Statistics Parameters

Parameter DescriptionHTTP 2.0 Displays the following statistics for HTTP 2.0 traffic:

• Connection Count—Number of connections within the statistics measuring period.

• Connection Peak—The peak number of concurrent connections within the statistics measuring period.

• Requests Count—Number of requests within the statistics measuring period.




measuring period.




Purging Cached Content of HTTP ResponsesWhen the caching criteria or the server content has changed, you may want to purge the cached content of HTTP responses.

To purge cached content of HTTP responses

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.2. Select the Cache Purge tab.

3. Configure the following parameters, and then, click Purge.

Flushing Learned FastView OptimizationsIf you are using FastView, you can flush learned FastView optimizations.This feature is available only in Alteon version 30.2 and later.

To flush learned FastView optimizations

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.2. Select the FastView tab.


— To flush selected learned FastView Web applications, filter the FastView Web Applications table by Web Application ID or State, select the required entries, and then click the

button.




measuring period.





Table 285: HTTP Cache Parameters

Parameter DescriptionVirtual Server The virtual server or all virtual servers.

Service Port The port of the virtual service or all virtual-service ports.

Object URL The specific object URL or a URL with wildcard (*) in it.

Table 284: HTTP Statistics Parameters (cont.)





— In Alteon version 30.2 and later, this option is no longer available. To flush all the learned

FastView Web applications, click the button.

Viewing FastView DiagnosticsThis feature is available only in Alteon version 30.1 and later.Diagnostics provide runtime information on your selected Web application, providing you a better understanding of the internal optimization process and its outputs, including instructions sets and resources. There are a few actions that you can perform in response, but primarily the diagnostics provide a summary of the selected Web application’s configuration and where this information is stored.You can view various diagnostics for your FastView Web applications including:• Optimization Status• Workload Monitor• Resource Library• Instruction List

To view diagnostics for FastView Web applications.

1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.2. Select the appropriate Web application.

3. Select Diagnostics.

Note: The FastView Web Applications tab stays active once you launch it. If you want to view diagnostics for another Web application, you can navigate from the FastView Web Applications tab or close the tab and reopen from the HTTP page, with another Web application selected.

Resource LibraryThe Resource Library tab displays a list of all modified resources for a Web application.By selecting any resource on the list, you can find out more details about it, including its treated name, if it is in a preload list, and so on.The following information is listed for each resource.• ID• Name• Size• Created (date is displayed)• Accessed (date is displayed)

Note: It can be very difficult to find individual treated resources using the Resource Library, as the list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware recommends that you use the ?printcompileinfo parameter, which specifically displays information about treated resources for a specific page.




Instruction ListsEach time a page is optimized for a client browser, it is called an instruction. Instructions are a representation of a treated HTML document and the manner in which it is rewritten to call treated resources. It does not represent the treated resources themselves, except when those resources have been inlined into the page as part of a treatment.This section includes the following topics:• Working with Instruction Lists, page 386• Instruction Details, page 386• Substitution Lists, page 386• Treatment Information, page 386

Working with Instruction ListsUse the following procedure to access the instruction lists.

To access the instruction list

1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.2. Select the Web application for which you want the instruction list.

3. Select Diagnostics.

4. Select the Instruction List tab.

The instruction list contains a list of all the compiled pages for the Web Application, including which page URL it is for, which Client Group it is part of, and if it is a landing page. Each of these individual values create a unique page instruction. FiltersUse the following procedure to filter the instruction set.

To filter the instruction set

1. Select the filter options: URL contents, client groups, landing page, rows per page.2. Click Refresh Instruction List.

Instruction DetailsYou can drill down into each instruction to get more details about it.Parameters that indicate the health of the instruction include: Recompiling?, Requires Compile?, and At Threshold?.Substitution ListsThe details page also includes both primary and secondary substitution lists. These display what was the original text on a compiled text or HTML page, and what is now being provided to a user.Treatment InformationSome types of treatment information is also provided on this page. The details of these vary between treatments, however the common information includes:• Is the treatment enabled?• Has the treatment reached its threshold?




• Does it require compilation?

Note: The treatment information here does not necessarily align with the actual FastView for Alteon NG treatments. These are representative of the processes that are applied to a page when they undergo acceleration treatment.

Dashboard TabThe Dashboard tab includes details on:• Optimization Status, page 387• Workload Monitor, page 388

From the Dashboard tab, you can: • Navigate to different Web applications using the Selected WebApp drop-down.• Refresh the results with the Refresh icon in the top right corner of the Dashboard tab.

Optimization StatusThe Optimization Status displays the following information:• Optimization by Instruction, page 387• Optimization by Page View, page 387• Settings, page 388

Optimization by InstructionThis displays the various instructions that are being treated by FastView. An instruction is a unique view of a Web page (based on Web browser client and page compile type). For example, /home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single instruction.Each instruction can be in one of the following states:• Queued—The instruction is being served as untreated. FastView is ready to process the

instruction for treating, but it is currently in a queue.• First Compile—The instruction has been served as treated, but FastView has only viewed the

page once. FastView still needs to process the page to learn how to provide instructions.• Learning—The instruction is being served as treated, but FastView is still learning how to treat

the instruction. The next time FastView serves the page, it may be treated differently depending on how the next few unique browsers request the instruction. This continues until the Compiled threshold (number of same unique views) occurs.

• Compiled—The instruction has been requested enough times (defined by unique page views that are the same) to consider the page as Compiled. FastView does not continue to process the page until it goes through a touch-up or recompile.

• Touchup—The percentage of instructions that are in the Touchup state. This indicates that the instruction will still be served, but FastView will examine the next request to the instruction to ensure that everything is still valid.

• Recompile—Instructions in the Recompile state have expired. A request to the instruction causes it to go into a Learning state again.

The graph indicates, by percentage, where the instructions are located in the system. For detailed information on a specific instruction, see Instruction Lists, page 386.Optimization by Page View




This displays the status of unique views rather than instruction states. It contains the following:• Unaccelerated—The viewed page was unaccelerated.• Learning—The viewed page displayed to the client as accelerated, but FastView is still learning

the best way to treat the page.• Accelerated—The page served to the client was accelerated by FastView.

The Optimization by Page View is a cumulative view of each unique request to a page. The following workflow illustrates how values display in this section:

1. Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.2. Person B and Person C now browse to the same page. Each of these users add to the Learning

state. This results in 33% Unaccelerated and 66% Learning.

3. Person D now browses to the same page. The page has a compile threshold set to three unique views which has been reached by Persons A, B and C. Because of this, the request is set to the Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25% Accelerated.

SettingsThis section displays the current FastView settings. These values are generally not configurable:• Compile Threshold—The number of unique page views that must be requested of an

instruction before it can go into the Compiled state. The default unique views is three. • Touch-Up Interval—The number of minutes that FastView waits per compiled instruction

before it re-examines it for the next request. This value is the starting value for the Touch-Up Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up interval takes. The default Touch-Up Interval is five minutes.

• Recompile Interval—The number of minutes that FastView waits per compiled instruction before it discards the instruction and performs full recompile. The default recompile time is 1440 minutes or one day.

The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize changing data on your Web server after the initial instruction compilation has occurred.

Workload MonitorThe Workload Monitor displays the amount of processing FastView is currently performing.The Peak, Current, Average, and Total values for the following rates are displayed with the following values:• Request Rate—The number of unique pages requested through FastView. This provides a

Pages Per Second (PPS) view of your traffic.• Parse Rate—The amount of information that FastView has looked at for potential replacement

in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and displayed in tokens per second/minute (tkps/tkpm).

• Rewrite Rate—The amount of information that FastView actually acts upon when replacing data in Web content that is served. This is also displayed in number of tokens per second/minute (tkps/tkpm).

• Compile Rate—The number of instructions compiled by FastView. As pages eventually stop being compiled after they pass the Learning state, this number should increase greatly when your site is first started or modified, and slowly as FastView learns how to provide the treated pages.




Monitoring LinkProofMonitoring LinkProof services comprises:• Monitoring WAN Links, page 389• Monitoring WAN Link Groups, page 390• Monitoring Proximity, page 391• Monitoring Smart NAT, page 391

Monitoring WAN Links This feature is available only in Alteon version 30.2 and later.

To monitor WAN link statistics

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.2. Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.

3. If you want to clear all WAN link data, click Clear All.

Table 286: WAN Link Parameters

Parameter DescriptionStatus (Per WAN Link ID)

The WAN link status, per WAN link ID.

ID(Per WAN Link ID)

The WAN link ID

IP Address The WAN link IP address.

Download Bandwidth - Current [Mbps]

The current download bandwidth, in Mbps, of the WAN link.

Download Bandwidth - Utilization

The utilization of the download bandwidth, of the WAN link.

Upload Bandwidth - Current [Mbps]

The current download upload, in Mbps, of the WAN link.

Upload Bandwidth - Utilization

The utilization of the upload bandwidth, of the WAN link.

Total Bandwidth - Current [Mbps]

The current total (download and upload) bandwidth, in Mbps, of the WAN link.

Total Bandwidth - Utilization

The utilization of the total (download and upload) bandwidth, of the WAN link.

Concurrent Connections The number of concurrent connections of the WAN link.




Viewing Statistics of a WAN LinkThis feature is available only in Alteon version 30.2 and later.

To view statistics of a WAN link

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.2. Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.

3. Select a row and click the button to view the WAN Link measurements for the selected WAN link.

Monitoring WAN Link GroupsThis feature is available only in Alteon version 30.2 and later.

To monitor WAN link group statistics

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Link Groups.

2. Select a row and click the button to view the WAN Link Group measurements for the selected WAN link group.

3. If you want to clear all WAN Link Group data, click Clear All.

Table 287: Statistics of a WAN Link Parameters

Parameter DescriptionWAN Link Status The WAN link status, per WAN link ID.

WAN Link ID The WAN link ID

IP Address The WAN link IP address.

Connections The number of concurrent connections of the WAN link.

Time Since Device Reset/Statistics Clear

The time and date of last device reset or clearing the statistics

Current Bandwidth Mbps The current download, upload, and total bandwidth, in Mbps, of the WAN link.

Peak Bandwidth Mbps The peak download, upload, and total bandwidth, in Mbps, of the WAN link.

Utilization The utilization of the download, upload, and total bandwidth, of the WAN link.

Timestamp The timestamp of the download, upload, and total bandwidth, of the WAN link.

Byte Transfered MB The number of bytes transfered, in MB, of the download, upload, and total bandwidth, of the WAN link.

Table 288: WAN Link Group Parameters

Parameter DescriptionWAN Link Group ID The WAN link group ID.




Monitoring ProximityThis feature is available only in Alteon version 30.1 and later.

To monitor proximity

1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.

2. Select a row and click the button to view the proximity measurements for the selected WAN link (see Smart NAT Parameters).

3. If you want to clear all proximity data, click Clear Proximity Table.

Monitoring Smart NAT

To monitor Smart NAT

1. In the Monitoring perspective, select Application Delivery > LinkProof > Smart NAT.2. If you want to clear Smart NAT data from the Smart NAT table, select one of the following

options: Clear All, No NAT, Static NAT, or Dynamic NAT, and then click Clear Smart NAT Table.

3. Select a row and click the button to view the Smart NAT parameters.

Download The download bandwidth of the WAN link group.

Upload The upload bandwidth of the WAN link group.

Total The total (download and upload) bandwidth of the WAN link group.

Concurrent Connections The number of concurrent connections of the WAN link group.

Table 289: Proximity Parameters

Parameter DescriptionSubnet The network subnet for which proximity data is available. For each

subnet, proximity data is available for up to three (the best three) WAN Links.

For each WAN Link

WAN Link IP The IP address of the WAN link.

Round Trip Time The time, in seconds, required for the round trip to the specified subnet via this WAN link.

Hops The number of hops to the specified subnet via this WAN link.

For the entire entry

Time to Live (min) The time, in minutes, after which the entry is cleared. Once the entry is cleared, if new requests arrive for this subnet, proximity is checked and a new entry is created.

Table 288: WAN Link Group Parameters (cont.)





Monitoring Global Traffic Redirection StatisticsIn Alteon version 30.2.3.0 and later, you can view statistics for the traffic that was globally redirected. The following data is available:• Monitoring Global DNS and HTTP Redirection Statistics, page 392• Monitoring Remote Real And Virtual Server Statistics, page 393• Monitoring Client Network Rule Statistics, page 394• Monitoring DNS Redirection Rule Statistics, page 394• Monitoring DNS Zone Statistics, page 395

Monitoring Global DNS and HTTP Redirection Statistics

To view global DNS and HTTP traffic redirection statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection.

Table 290: Smart NAT Parameters

Parameter DescriptionSmart NAT ID Specifies the identifier for this NAT address.

Current Sessions The number of current NAT sessions.

Total Sessions The number of total NAT sessions

Table 291: Global Traffic Redirection: DNS Statistics

Parameter DescriptionTotal DNS requests The total number of DNS queries received.

Total DNSSEC requests The total number of DNSSEC requests received.

Current DNS requests The number of DNS requests currently being processed.

Current DNSSEC requests The number of DNSSEC requests currently being processed.

Current DNS requests per second The number of DNS requests received per second.

Current DNSSEC requests per second The number of DNSSEC requests received per second.

Total DNS responses The total number of DNS responses sent by Alteon (includes DNS records and DNS error responses).

Total NSEC record answers The number of NSEC records answered since boot time.

Total UDP DNS requests The total number of DNS queries received over UDP transport.

DNSSEC requests percentage The number of DNSSEC requests received per second.

Total TCP DNS requests The total number of DNS queries received over TCP transport.

Total invalid DNS requests The total number of malformed DNS queries received.




Monitoring Remote Real And Virtual Server StatisticsIn Alteon version 30.2.3.0 and later, you can view statistics for remote real servers and local virtual servers that participate in a global solution.

To view remote real and virtual server statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection > Remote Real And Virtual Servers.

Total domain parse errors The total number of DNS queries with short or invalid domain names received.

No matching domain occurrences The number of times the DNS queries received did not match the hostname or configured domain name.

Threshold exceeded occurrences The number of times the threshold was exceeded.

Last source IP The source IP address of the last DNS query or HTTP request received.

Last no result domain The last domain received that did not match the hostname, domain name, or the network domain configured.

Table 292: Global Traffic Redirection: HTTP Statistics

Parameter DescriptionTotal HTTP Requests The total number of HTTP requests received.

Total HTTP Responses The total number of HTTP responses sent by Alteon that redirects traffic to a different site.

Bad HTTP Requests The number of bad/dropped client HTTP requests. Client HTTP GET request packets that do not contain the entire URL are considered bad and are dropped.

Table 293: Global Traffic Redirection: DNS Persistence Cache Statistics

Parameter DescriptionCurrent The number of persistent DNS entries currently active.

Highwater The highest number of persistent DNS entries ever recorded.

Maximum The maximum number of entries in the persistent DNS cache.

Table 294: Remote Real Server Statistics

Parameter DescriptionReal Server ID The remote real server ID.

Server IP Address The IP address of the virtual server.

Table 291: Global Traffic Redirection: DNS Statistics (cont.)





Monitoring Client Network Rule StatisticsIn Alteon version 30.2.3.0 and later, you can view statistics per client network.

To view client network rule statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection > Network Preference.

Monitoring DNS Redirection Rule StatisticsIn Alteon version 30.2.3.0 and later, you can view statistics per DNS redirection rule. When a different DNS rule is configured for each domain, these statistics provide a view per domain.

To view DNS rule statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection > Rules.

Threshold Exceeded Hits The number of times the threshold was exceeded.

DNS Redirects The number of DNS responses that return the IP address of this server.

HTTP Redirects The number of HTTP requests redirected to this server.

Table 295: Virtual Server Statistics

Parameter DescriptionVirtual Server ID The local virtual server ID.

IP Version The IP version of the virtual server.

Server IP Address The IP address of the virtual server.

Threshold Exceeded Hits The number of times the threshold was exceeded.

DNS Redirects The number of DNS responses that return the IP address of this server.

Table 296: Client Network Rule Statistics

Parameter DescriptionNetwork ID The client network ID.

IP Address The client network IP address.

Hits The number of times DNS queries were received from clients belonging to this network.

Table 294: Remote Real Server Statistics (cont.)





Monitoring DNS Zone StatisticsIn Alteon version 30.2.3.0 and later, you can view statistics for the DNS zones defined under DNSSEC capability.

To view DNZ zone statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection > DNS Zones.

Table 297: DNS Rule Statistics

Parameter DescriptionRule ID The DNS rule ID.

Total Hits The number of times the DNS queries received matched the specific DNS redirection rule ID.

Table 298: DNS Zones: DNS Zone Statistics

Parameter DescriptionDNS Zone ID The DNS zone ID.

Total DNS Requests The total number of DNS queries received.

UDP DNS Requests The total number of DNS queries received over UDP transport.

TCP DNS Requests The total number of DNS queries received over TCP transport.

Total DNSSEC Requests The total number of DNSSEC requests received.

Table 299: DNS Zones: View Detailed Zone Statistics

Parameter DescriptionTotal DNS requests The total number of DNS queries received.

Total DNSSEC requests The total number of DNSSEC requests received.

DNSSEC requests percentage The number of DNSSEC requests received per second.

Current DNS requests per second The number of DNS requests received per second.

Total UDP DNS requests The total number of DNS queries received over UDP transport.

Total TCP DNS requests The total number of DNS queries received over TCP transport.

Total invalid DNS requests The total number of malformed DNS queries received.

Total NSEC record answers The number of NSEC records answered since boot time.




Monitoring AppShape++ Statistics

To monitor AppShape++ statistics

1. In the Monitoring perspective, select Application Delivery > AppShape++.2. Select the required row, and click Edit Row.

3. View the parameters, and click OK.

AppShape++ statistics are described in the following table:

Table 300: AppShape++ Statistics

Statistic DescriptionScript ID The identifier for the AppShape++ script.

Event The event name that appears in the AppShape++ script ID.

Activation The number of times that the AppShape++ script or script event was activated.

Failures The number of times that the AppShape++ script failed, and the failure distribution between the script events (how many of the failures occurred during treatment of each event).

Aborts The number of times that the AppShape++ script was aborted, and the abort distribution between the script events (how many of the aborts occurred during treatment of each event).


CHAPTER 14 – MONITORING AND CONTROLLING VADC

This chapter describes monitoring vADC operations.This feature is available only in ADC-VX mode.

Notes

• For information on monitoring Alteon device performance using the Device Performance Monitor, see Using the Device Performance Monitor, page 403.

• For more information on this feature, see the Alteon Web Based Management Application Guide.

Monitoring and Rebooting vADCsFor more information on this feature, see the Alteon Web Based Management Application Guide.

To monitor vADCs

> In the Monitoring perspective, select vADC > vADC.

To reboot a vADC

1. In the Monitoring perspective, select vADC > vADC. 2. Select the row with the relevant vADC and click Reset vADC.

Table 301: vADC Parameters

Parameter DescriptionStatus The status of the vADC.

vADC ID The vADC ID.

Boot Action The boot action.

vADC Name The vADC name.

Capacity Units The number of capacity units associated with this vADC.

SP Utilization The percentage of SP utilization.

vMP Utilization The percentage of vMP utilization.

Throughput Utilization The percentage of throughput utilization.

Up Time The length of time this vADC has been running (in <days>D<hours>H<minutes>M<seconds>S format) since its last reboot.


Monitoring and Controlling vADC



CHAPTER 15 – MONITORING ALTEON IP REPUTATION SECURITY

This chapter describes monitoring Alteon IP reputation.IP reputation is a security feature that protects Alteon from known malicious IP addresses. Using a dynamic list of IP addresses list, the Alteon security administrator can easily and effectively stop network-based IP threats that are targeting the network.The administrator can define whether to allow, block, or alert malicious IP addresses based on region, category (Tor Exit Nodes or Malicious IPs in Alteon version 31.0.5 and later, SPAM or MALWARE in Alteon version 32.0.1), or risk severity level.An IP reputation license is required for IP reputation functionality. You can enable IP reputation for each vADC from the ADC-VX Web Based Management interface.

Note: Applying IP reputation to a vADC requires a vADC reboot.This chapter contains the following main topics:• Monitoring IP Reputation Database Connections, page 399• Monitoring Hits per Action, page 400• Monitoring White List Hits, page 400• Monitoring the IP Reputation Activity Log, page 400

Monitoring IP Reputation Database ConnectionsYou can view the status of Alteon connections to IP reputation databases, and reset database counters.

To view the status of connections to IP reputation databases

> In the Monitoring perspective, select Security > IP Reputation.

Table 302: IP Reputation Status Parameters

Parameter DescriptionStatus The status of the connection to the IP reputation database.

Reason The reason for a database connection failure.

Baseline DB Update

Last Attempt The last time an update was received from the database.

Last Attempt Status The status of the last attempted connection to the database.

Delta DB Update

Last Attempt The last time an update was received from the database.

Last Attempt Status The status of the last attempted connection to the database.


Monitoring Alteon IP Reputation Security


To clear IP reputation counters

1. In the Monitoring perspective, select Security > IP Reputation.2. Click Clear All Counters.

Monitoring Hits per ActionYou can view the number of IP reputation activities for traffic from blocked, reported, and allowed IP addresses based on the category (Tor Exit Nodes or Malicious IPs in Alteon version 31.0.5 and later, SPAM or MALWARE in Alteon version 32.0.1), and risk severity level (High, Medium, or Low) of the traffic.

To view the hits per action

1. In the Monitoring perspective, select Security > IP Reputation.2. Select the Hits per Action tab.

Monitoring White List HitsYou can view the total number of hits on the IP addresses added to the IP reputation white list.

To view total white list hits

1. In the Monitoring perspective, select Security > IP Reputation.2. Select the White List hits tab.

Monitoring the IP Reputation Activity LogAlteon logs the activities of the IP reputation module. The IP reputation activity log displays the last 1000 activities.

To view the IP reputation activity log

1. In the Monitoring perspective, select Security > IP Reputation > Activity Log.

2. To view an entry in the table, select the entry and click the (View) button.

Table 303: IP Reputation Activity Log Parameters

Parameter DescriptionSource IP Source IP address of logged traffic.

Country Source country of logged traffic.

Destination IP Destination IP address of logged traffic.

Source Port Source port of logged traffic.

Destination Port Destination port of logged traffic.




Direction Direction of logged traffic—Inbound or Outbound.

Category Category of logged traffic—Spam or Malware.

Risk Risk severity level of logged traffic—High, Medium, or Low.

Action Alteon processing of logged traffic—Alarm, Allow, or Block.

Table 303: IP Reputation Activity Log Parameters (cont.)



CHAPTER 16 – USING THE DEVICE PERFORMANCE MONITOR

This chapter contains the following main sections:• DPM Overview, page 403• Opening the Device Performance Monitor, page 404• Device Performance Monitor Main Interface, page 404• Displaying and Filtering Sites and Devices, page 406• Viewing and Managing Reports, page 406• Exporting Reports, page 407• Supported Report Categories, page 408• Viewing Dashboards for Single Standalone and vADC Devices, page 423• Viewing the Dashboard for ADC-VX Devices, page 426• Viewing Dashboards for Multiple Standalone and vADC Devices, page 428

DPM OverviewDPM requires a valid license installed on the associated APSolute Vision server.When DPM is enabled in an Alteon or LinkProof NG device, the device sends its performance data to APSolute Vision. APSolute Vision processes the data and can display the information in the Device Performance Monitoring Web interface.The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with historical data.Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that sends data to DPM.Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list of supported browsers.The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC scope.Users with the following roles can launch the DPM Web interface:• ADC Administrator• ADC Operator• ADC + Certificate Administrator• Administrator• Device Administrator• Device Configurator• Device Operator• Device Viewer


Using the Device Performance Monitor


Notes

• For requirements, limitations, and information on configuring DPM parameters in the Alteon or LinkProof NG device, see the section “Configuring Device Performance Monitoring” in the APSolute Vision online help.

• For information on roles, see Role-Based Access Control (RBAC), page 68.

• One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk space in the course of a year.

• For information on managing the DPM database and DPM technical-support files, see Using vDirect with APSolute Vision, page 657.

Opening the Device Performance MonitorThe following procedure describes how to open the DPM Web interface.

To open the DPM Web interface

> In the APSolute Vision toolbar, click the icon.

Device Performance Monitor Main InterfaceThe following figure describes the Device Performance Monitor screen.




Figure 58: Device Performance Monitor Screen

Content area—Contains the Report and Dashboard tabs. The Server Time Difference value (near the Modify Filter button) displays the timezone difference between the PC and the APSolute Vision server.

Devices pane Organization tab—Displays, according to your filter, the configured sites and or LinkProof NG, Alteon standalone, vADC, and VA devices. The Deleted Devices node shows deleted devices on which DPM can show historical reports.

Devices pane Physical tab—Displays, according to your filter, configured sites and Alteon ADC-VXs.

Report tab—Displays a report according to report category and type.

Dashboard tab—Displays current alerts and the System, Network, and Application dashboards for one selected device in the Devices pane Organization tab.

Devices pane

VX Dashboard tab—Displays the current alerts and status of various parameters of one selected VX device in the Devices pane Physical tab.

Multi-Device Dashboard tab—Displays current alerts and the status of multiple devices selected in the Devices pane Organization tab.

Properties pane—Displays, according to the configuration in the Devices pane, and the properties of devices.




Displaying and Filtering Sites and DevicesThe Devices pane displays the all sites and Alteon or LinkProof NG devices of the APSolute Vision (according to your RBAC scope).You can filter the sites and devices that the DPM displays. The filter does not change the contents of the tree, only how the DPM displays the tree to you.The Properties pane displays information about the currently selected devices.

Viewing and Managing ReportsUse the Report tab in the content area to view reports. Reports display static, historical Alteon-device or LinkProof-NG-device data in various formats (line graph, bar graph, pie-chart, or table).In addition, you can export reports in many different file formats, for example, PDF, Excel, and so on.DPM aggregates historical statistics data to bigger time frames as the time passes, up to one year back.

Viewing ReportsThe tab that you select in the Devices pane (Organization or Physical) determines which reports you can view in the Report tab of the content area. You specify the Report Category and Report Type and configure a filter. Some Report Types are available for more than one Report Category. A Report Category with the same name displays the same report. For more information on the reports, see Supported Report Categories, page 408.

To view a report

1. In the Devices pane, select the required tab (Organization or Physical).2. In the Report tab, from the Report Category drop-down list, select the category, and then,

from the Report Type drop-down list, select the required type. The category determines the available report types.

3. Configure the filter or filters. The set of filters that you can configure depends on the selected Report Category.

4. Click Display Report.

Table 304: Aggregation of Historical Data

Sampling Period Time Number of Samples15 seconds 15 minutes 60

2 minute 1 hour 30

15 minutes 24 hours 96

1 hour 72 hours 72

1 day 3 months 93

1 week 1 year 52




To modify a filter when the DPM is displaying a report

1. Click Modify Filter.2. Configure the filter or filters.

The set of filters that you can configure depends on the selected Report Category, which may include:— Filter Time Period—Includes last hour, day, week, month, year, and Custom, with start date/

time and end date/time.— Filter Scope—In the filter, you can select the object on which to perform the report,

depending on the report type. — Group By—In the filter configuration, you can specify to display the data per selected object

or grouped by ADC.3. Click Display Report.

Opening the Filter WindowUse the Filter window to configure Boolean expressions and apply them to selected report components.

To open the Filter window

> In the content area, click the Filter button ( ).

Exporting ReportsYou can export a report in any of the following formats:• PDF• HTML• Excel• Text• RTF• XML• PostScript

To export a report

1. In the content area, click the Export button ( ), and then, click OK.2. Do the following:

— From the Export File Format drop-down list, select the required format.— Select the checkboxes next to the name or each report component to include in the report.— If you require, in the File Name text box, modify the file name.




Supported Report CategoriesThe DPM supports the following report categories:• ADC/vADC Reports, page 408• Application Reports, page 413• Real Server Reports, page 417• Port Reports, page 419• VX Reports, page 421

ADC/vADC ReportsThe following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with Report Category ADC/vADC:• Table 305 - ADC CPU Capacity Utilization Report, page 408• Table 306 - ADC Memory Utilization Report, page 409• Table 307 - ADC Throughput License Utilization Report, page 410• Table 308 - ADC System Resources Utilization Report, page 411• Table 309 - Total Network Statistics per Port Report, page 412• Table 310 - Network Performance per ADC Report, page 413

The ADC names in the reports correspond to the selected objects in the Devices pane.

Table 305: ADC CPU Capacity Utilization Report

Supported Filter Type/s Component Component DescriptionThis report supports the following filter type: Filter Time Period—Includes last hour, day, week, month, year, and Custom, with start date/time and end date/time.

MP CPU Utilization graph Displays the MP CPU utilization (%) according to time. For vADCs, DPM bases the values on the allocated CUs.

MP CPU Utilization Peak Usage graph

Displays the peak MP CPU utilization (%) in the selected time period. For vADCs, DPM bases the values on the allocated CUs.

Maximum SP CPU Utilization graph

Displays, according to time, the maximum SP CPU utilization (%) from all SPs. For vADCs, DPM bases the values on the allocated CUs.

Maximum SP CPU Utilization Peak Usage graph

Displays the peak SP CPU utilization (%) from all the SPs in the selected time period. For vADCs, DPM bases the values on the allocated CUs.

ADC CPU Capacity Utilization table

Columns:• ADC Name• Type—MP and SPs• CPU Utilization (%)

• Time—In dd/MMM/yyyy hh:mm:ss T format (for example: 31/Jan/2012 03:10 PM)

To sort or filter the table, right-click in a row and select the option that you require.




Table 306: ADC Memory Utilization Report


MP Memory Utilization graph

Displays, according to time, the MP-memory utilization (%). For vADCs, DPM bases the values on the allocated CUs.

MP Memory Utilization Peak Usage graph

Displays the peak MP-memory utilization (%) in the selected time period. For vADCs, DPM bases the values on the allocated CUs.

Maximum SP Memory Utilization graph

Displays, according to time, the maximum SP-memory utilization (%) from all the SPs. For vADCs, DPM bases the values on the allocated CUs.

Maximum SP Memory Utilization Peak Usage graph

Displays the peak SP-memory utilization (%) from all the SPs in the selected time period. For vADCs, DPM bases the values on the allocated CUs.

ADC Memory Capacity Utilization table

Columns:• ADC Name• Type—MP and SPs• Memory Utilization (%)


To sort or filter the table, select a row and select the option that you require.




Table 307: ADC Throughput License Utilization Report


Throughput License Utilization graph

Displays the device throughput utilization according to time. DPM measures the traffic entering all the data ports, and calculates the values based on the installed throughput license (for ADC) or allocated throughput limit (for vADC).

Throughput License Peak Usage graph

Displays the peak throughput utilization (%) in the selected time period. DPM measures the traffic entering all the data ports, and calculates the values based on the installed throughput license (for ADC) or allocated throughput limit (for vADC).

License ADC/vADC table Columns:• ADC Name• Throughput License (Mb)• Throughput Peak utilization (%)To sort or filter the table, select a row and select the option that you require.

ADC Throughput License Utilization table

Columns:• ADC Name• Throughput Utilization (%)


To sort or filter the table, select a row and select the option that you require.




Table 308: ADC System Resources Utilization Report


Session Utilization graph Displays the session utilization (%) according to time. DPM calculates the values based on the maximum session-table size available on the ADC/vADC.

Session Utilization Peak Usage graph

Displays the peak session utilization (%) in the selected time period. DPM calculates the values based on the maximum session-table size available on the ADC/vADC.

Cache Memory Utilization graph

Displays the memory utilization (%) according to time. DPM calculates the values based on the memory allocated for caching on the ADC/vADC.

Cache Memory Utilization Peak Usage graph

Displays the peak memory utilization (%) in the selected time period. DPM calculates the values based on the memory allocated for caching on the ADC/vADC.

Hard Disk Utilization graph

Displays hard-disk utilization (%) according to time. DPM calculates the values based on the installed/allocated hard disk on the ADC/vADC.

Hard Disk Utilization Peak Usage graph

Displays the peak utilization (%) in the selected time period. DPM calculates the values based on the installed/allocated hard disk on the ADC/vADC.

PIP Allocation graph Displays utilization according to time. DPM calculates the values based on the maximum PIP addresses available on the ADC/vADC.

PIP Allocation Peak Usage graph

Displays the peak utilization (%) in the selected time period. DPM calculates the values based on the maximum PIP addresses available on the ADC/vADC.

ADC System Resources Utilization table

Columns:• ADC Name• Session (%)• Cache Memory (%)• Hard Disk (%)• PIP Allocation (%)


The last row is Average for Session (%), Cache Memory (%), Hard Disk (%), and PIP Allocation (%).To sort or filter the table, select a row and select the option that you require.




Table 309: Total Network Statistics per Port Report


ADC Port Filter list Lists the ports of the selected ADCs.Select one or more rows to filter the results.

Click (erase) in the list title bar to clear the filter.

Total RX per Port (Packets) graph

Displays, for the specified (filter) time period, the total received packets per port.

Total TX per Port (Packets) graph

Displays, for the specified (filter) time period, the total transmitted packets per port.

Total Dropped RX per Port (Packets) graph

Displays, for the specified (filter) time period, the total dropped received packets per port.

Total Dropped TX per Port (Packets) graph

Displays, for the specified (filter) time period, the total dropped transmitted packets per port.

Total Error RX per Port (Packets) graph

Displays, for the specified (filter) time period, the total errored received packets per port.

Total Error TX per Port (Packets) graph

Displays, for the specified (filter) time period, the total errored transmitted packets per port.

Total Bandwidth per Port (Mbit) graph

Displays, for the specified (filter) time period, the total bandwidth per port.

Total Network Statistics per Port table

Columns: • ADC Name• Port• RX (Packets)• TX (Packets)• Dropped RX (Packets)• Dropped TX (Packets)• Error RX (Packets)• Error TX (Packets)• Bandwidth (Mbit)The last two rows are Total per ADC and Total for RX (Packets), TX (Packets), and Bandwidth (Mbit).To sort or filter the table, select a row and select the option that you require.




Application ReportsThe following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with Report Category Application:• Table 311 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,

VA, or vADC, page 414• Table 312 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon

Standalone, VA, or vADC, page 415

Table 310: Network Performance per ADC Report


Connections per Second graph

Displays, per ADC/vADC, the connections per second according to time. This value counts only the connections established based on the configuration of the virtual service. The value does not count connections established based on the Alteon-filter or LinkProof-NG-filter configuration.

Packets per Second graph

Displays, per ADC/vADC, the packets-per- second rate, for traffic entering and exiting all ADC/vADC data ports, according to time.

Caution: For this version of APSolute Vision, the values include traffic that enters and exits the data ports, so therefore may seem to be double the traffic.

Throughput graph Displays, per ADC/vADC, the throughput, in Mbps, for traffic entering all ADC/vADC data ports, according to time.

Network Performance per ADC table

Columns: • Name • Packets/second• Connections/second• Throughput (Mbps)


The last row is Average for Packets/second, Connections/second, and Throughput (Mbps).To sort or filter the table, select a row and select the option that you require.

License per ADC table Columns:• ADC Name• Throughput License (Mbps)To sort or filter the table, select a row and select the option that you require.




• Table 313 - Total Usage of Resources per Application per Network Class Report for Alteon Standalone, VA, or vADC, page 416

• Table 314 - Total Usage of Resources per Network Class per Application Report for LinkProof NG, Alteon Standalone, VA, or vADC, page 416

An application is a virtual service, which is identified in one of the following ways:• The specified virtual-service Description is set in the configuration (Configuration perspective

Application Delivery tab navigation pane > Virtual Services > Virtual Servers > Virtual Services > Description/Virtual Service Name).

• The virtual-service identifier in the following format:<VirtualServerAddress>:<protocol>:<port>[:NetworkClass].

Table 311: Network Performance per Application Report for LinkProof NG, Alteon Standalone, VA, or vADC

Supported Filter Type/s Component Component DescriptionThis report supports the following filter types:• Filter Time Period—

Includes last hour, day, week, month, year, and Custom, with start date/time and end date/time.

• Filter Scope—In the filter, you can select up to 10 applications.

• Group By—In the filter configuration, you can specify to group the data by application or ADC.

Filter by Application Name list Select one or more applications names to filter the results.


Connections per Second graph Displays the connections per second per application according to time.

Packets per Second graph Displays the packets per second per application according to time.

Throughput graph Displays the throughput, in Mbps, per application according to time.

Throughput License/Limit per ADC/vADC table

Columns:• ADC Name• Throughput License Limit (Mbps)To sort or filter the table, select a row and select the option that you require.

Network Performance per Application table

Columns: • App Name • ADC Name • Connections/second• Packets/second • Throughput (Mbps)

• Time—In dd/MMM/yyyy hh:mm:ss T format (for example: 31/Jan/2012 03:10 PM

The last two rows are Average per ADC, and Average for Connections/second, Packets/second, and Throughput (Mbps).To sort or filter the table, select a row and select the option that you require.




Table 312: Network Performance of Application per Real Server Report for LinkProof NG, Alteon Standalone, VA, or vADC

Notes and Supported Filter Type/s

Component Component Description

You can view this report this report only on services where the granularity level is set to Real Server.This report supports only a single selected device.This report supports the following filter types:• Filter Time Period—


• Filter Scope—In the filter, you can select up to 10 real servers.

Filter by Application Name:Real Server list

Select one or more real servers to filter the results.


Connections per Second graph Displays the connections per second per application per real server according to time.

Packets per Second graph Displays the packets per second per application per real server according to time.

Throughput graph Displays the throughput, in Mbps, per application per real server according to time.

Network Performance of Application per Real Server table

Columns: • ADC Name • APP Name • Real Identifier• Real Name • Connections/second• Packets/second • Throughput (Mbps)

• Time—In dd/MMM/yyyy hh:mm:ss T format (for example: 31/Jan/2012 03:10 PM

The last two rows are Average/Real and Average for Connections/second, Packets/second, and Throughput (Mbps).To sort or filter the table, select a row and select the option that you require.




Table 313: Total Usage of Resources per Application per Network Class Report for Alteon Standalone, VA, or vADC

Note and Supported Filter Type/s


Note: This report supports only a single selected device. This report supports the following filter types:• Filter Time Period—


• Filter Scope—In the filter, you can select up to 10 applications.

Total Bandwidth (Mbits) Usage of Application per Network graph

Displays the total bandwidth usage, in Mbits, per network class per application.

Total Connections (K) of Application per Network graph

Displays the total connections, in 1000s, per network class per application.

Total Usage of Resources per Application table

Columns: • Application • Network Class• Bandwidth (Mbits)• Total Connections (K)The last two rows are Total per Application and Grand Total for Bandwidth (Mbits) and Total Connections (K).To sort or filter the table, select a row and select the option that you require.

Table 314: Total Usage of Resources per Network Class per Application Report for LinkProof NG, Alteon Standalone, VA, or vADC

Supported Filter Type/s Component Component DescriptionThis report supports the following filter types:• Filter Time Period—


• Filter Scope—In the filter, you can select up to 10 network classes.

Total Bandwidth (Mbits) Usage of Network per Applications graph

Displays the total bandwidth, in Mbits, per applications per network class.

Total Connections (K) Usage of Network per Applications graph

Displays the total usage of connections, in 1000s, per network class per application.

Total Usage of Resources per Network Class per Application table

Columns: • Network Class• Application • Bandwidth (Mbits)• Total Connections (K)The last two rows are Total per Client Subnet and Grand Total for Bandwidth (Mbits) and Total Connections (K).To sort or filter the table, select a row and select the option that you require.




Real Server ReportsThe following tables describe the DPM Reports for LinkProof NG, Alteon Standalone, VA, or vADC with Report Category Real Server:• Table 315 - Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,

VA, or vADC, page 417• Table 316 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon

Standalone, VA, or vADC, page 418• Table 317 - Total Usage of Resources per Real Server Report for LinkProof NG, Alteon

Standalone, VA, or vADC, page 419

Table 315: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone, VA, or vADC

Supported Filter Type/s


This report supports the following filter types:• Filter Time Period—



Filter by ADC Name:Real Server list Lists the real servers.Select one or more rows to filter the results.


Connections per Second graph Displays the connections per second per real server according to time.

Packets per Second graph Displays the packets per second per real server according to time.

Throughput graph Displays the throughput, in Mbps, per real server according to time.

Network Performance per Real Server table

Columns: • ADC Name • Real Identifier• Real Name • Connections/second• Packets/second • Throughput (Mbps)


The last two rows are Average per ADC and Average for Connections/second, Packets/second, and Throughput (Mbps).To sort or filter the table, select a row and select the option that you require.




Table 316: Network Performance of Application per Real Server Report for LinkProof NG, Alteon Standalone, VA, or vADC

Notes and Supported Filter Type/s


You can view this report this report only on services where the granularity level is set to Real Server.This report supports only a single selected device.This report supports the following filter types:• Filter Time Period—



Filter by Application Name:Real Server list

Lists the real servers.Select one or more rows to filter the results.


Connections per Second graph Displays the connections per second per real server according to time.

Packets per Second graph Displays the packets per second per real server according to time.

Throughput graph Displays the throughput, in Mbps, per real server according to time.

Network Performance per Real Server table

Columns: • ADC Name • APP Name • Real Identifier• Real Name • Connections/second• Packets/second • Throughput (Mbps)


The last row is Average for Connections/second, Packets/second, and Throughput (Mbps).To sort or filter the table, right-click in a row and select the option that you require.




Port ReportsThe following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC with Report Category Port:• Table 318 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or

vADC, page 420• Table 319 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or

vADC, page 421

Table 317: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon Standalone, VA, or vADC



This report supports the following filter types:• Filter Time Period—



Filter by ADC Name:Real Server list Lists the real servers.Select one or more rows to filter the results.


Total Connections graph Displays the total connections per real server.

Total Bandwidth graph Displays the total bandwidth, in Mbits, per real server.

Total Usage of Resources per Real Server table

Columns: • ADC Name • Real Identifier• Real Name • Connections • Bandwidth (Mbit)The last row is Total for Connections and Bandwidth (Mbit).To sort or filter the table, select a row and select the option that you require.




Table 318: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or vADC



This report supports the following filter type: Filter Time Period—Includes last hour, day, week, month, year, and Custom, with start date/time and end date/time.

Filter by ADC Name:Port list Lists the ports of the selected ADCs.Select rows to filter the results.


Total RX per Port (Packets) graph

Displays the total received packets per port.

Total TX per Port (Packets) graph

Displays the total transmitted packets per port.

Total Dropped RX per Port (Packets) graph

Displays the total received dropped packets per port.

Total Dropped TX per Port (Packets) graph

Displays the total transmitted dropped packets per port.

Total Error RX per Port (Packets) graph

Displays the total received errored packets per port.

Total Error TX per Port (Packets) graph

Displays the total transmitted errored packets per port.

Total Bandwidth per Port (Mbit) graph

Displays the total bandwidth, in Mbits, per port.

Total Network Statistics per Port table

Columns:• ADC Name• Port• RX (Packets)• TX (Packets)• Dropped RX (Packets)• Dropped TX (Packets)• Error RX (Packets)• Error TX (Packets)• Bandwidth (Mbit)The last rows are Total per ADC and Total for RX (Packets), TX (Packets), and Bandwidth (Mbit).To sort or filter the table, select a row and select the option that you require.




VX ReportsThe following tables describe the DPM Report for Alteon VX with Report Category VX:• Table 320 - CPU Utilization per vADC Report for Alteon VX, page 422• Table 321 - Throughput Limit Utilization per vADC Report for Alteon VX, page 423

Table 319: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or vADC




Filter by ADC Name:Port list Lists the ports of the selected ADCs.Select rows to filter the results.


RX Port Rate graph Displays the rates, in Mbps, of received traffic per port according to time.

TX Port Rate graph Displays the rates, in Mbps, of transmitted traffic per port according to time.

Packets per Second per Port graph

Displays the packets per second per port according to time.

Throughput per Port graph Displays the throughput, in Mbps, per port according to time.

Network Performance per Port table

Columns: • ADC Name• Port• RX (bps)• TX (bps)• Packets/second• Throughput (Mbps)The last rows are Average per ADC and Average for RX (bps), TX (bps), and Packets/second. To sort or filter the table, select a row and select the option that you require.




Table 320: CPU Utilization per vADC Report for Alteon VX




Filter by vADC list Lists the vADCs of the selected VXs.Select rows to filter the results.


vMP CPU Utilization graph Displays the CPU utilization (%) per vADC vMP according to time.

Peak vMP CPU Utilization graph

Displays the peak CPU utilization (%) per vADC vMP in the selected time period.

vSP CPU Utilization graph Displays the CPU utilization (%) per vADC vSP according to time.

Peak vSP CPU Utilization graph

Displays the peak CPU utilization (%) er vADC vSP in the selected time period.

CPU Utilization per vADC table

Columns:• vADC Name• CPU Type—vSP, vMP or the SPs (for

example, SP # 1)• CPU Utilization (%)


The last rows are Total per ADC and Total for RX (Packets), TX (Packets), and Bandwidth (Mbit).To sort or filter the table, select a row and select the option that you require.




Viewing Dashboards for Single Standalone and vADC DevicesUse the Dashboard tab in the content area to view the dashboards with the current data for one selected device in the Devices pane Organization tab. The contents of the dashboards differ according to whether the selected device is a standalone or vADC. For example, the dashboard tab for a vADC does not display temperature.You will always see the alerts for all the devices you have in the Organization and Physical trees—according to your role and scope.This section contains the following topics:• Displaying the Dashboard and Managing the Display, page 424• Dashboard Components for Single Standalone and vADC Devices, page 424

Table 321: Throughput Limit Utilization per vADC Report for Alteon VX




Filter by vADC list Lists the vADCs of the selected VXs.Select rows to filter the results.


vADC Throughput Limit Utilization graph

Displays the vADC throughput-limit utilization (%) according to time. DPM measures the vADC throughput of the traffic entering all the data ports, and calculates the values based on the allocated throughput limit of each vADC.

Peak vADC Throughput Limit Utilization graph

Displays the peak vADC throughput-limit utilization (%) in the selected time period. DPM measures the vADC throughput of the traffic entering all the data ports, and calculates the values based on the allocated throughput limit of each vADC.

Throughput Limit Utilization per vADC table

Columns:• vADC • Throughput Limit Utilization (%)


The last two rows Grand Total Average Throughput and Grand Total Maximum Throughput for Throughput Limit Utilization (%). To sort or filter the table, select a row and select the option that you require.




Displaying the Dashboard and Managing the DisplayThe following procedure describes how to display the dashboard.

To display the dashboard

1. In the Devices pane, select the Organization tab.2. In the Organization tab, select one device.

3. In the content area (on the right, by default), select the Dashboard tab.

Use the buttons, which are described in the following table, to manage the dashboard display.

Dashboard Components for Single Standalone and vADC DevicesThe following table describes the dashboard components for single standalone and vADC devices.

Table 322: Dashboard-Display Buttons

Button DescriptionOpens the dialog box to select the temperature scale (Celsius or Fahrenheit) for monitoring the temperature sensors on physical devices.

Note: This setting applies to all DPM interfaces.

Refreshes the dashboard display.

Maximizes and floats the currently displayed dashboard tab.




Table 323: Dashboard Components for Single Standalone and vADC Devices

Dashboard Component DescriptionSystem CPU Utilization graph The utilization per SP and MP CPU.

Fans Status graph(This graph is displayed only for physical devices.)

The status of each ADC fan: nominal or not operating.

Note: Each fan icon is displayed with its corresponding ID number. The fan ID numbers might not be sequential.

Capacity Utilization graph

Bars: • Cache—Cache memory utilization (%). DPM

calculates the value based on the memory allocated for caching on the ADC/vADC.

• HD—Hard disk utilization (%). DPM calculates the value based on the installed/allocated hard disk on the ADC/vADC.

• PIP—PIP allocation utilization (%). DPM calculates the value based on the maximum PIP addresses available on the ADC/vADC.

• Session—Session utilization (%). DPM calculates the value based on the maximum session-table size available on the ADC/vADC.

Temperature chart The temperature, according to the selected scale (Celsius or Fahrenheit), for each temperature sensor.

Throughput graph The throughput, in Mbps, of the traffic entering all the data ports, polled every 30 seconds.

Throughput Usage graph

Bars:• The peak throughput in Mbps, of the traffic entering

all the data ports, since the last reboot.• The throughput-license limit in Mbps.

Network Port Status table Columns:• Port ID—The ADC port ID• Status—Values: Up, Warning, Admin Down, DownTo sort or filter the table, select a row and select the option that you require.

Port Status Summary pie chart

The proportion and number of ports per status: Up, Warning, Admin Down, and Down.

Port Bandwidth graph The received and sent bandwidth, in Mbps, per port.




Viewing the Dashboard for ADC-VX DevicesUse the VX Dashboard tab in the content area to view the current alerts for the selected Alteon VX devices in the Devices pane Physical tab. This section contains the following topics:• Displaying the VX Dashboard and Managing the Display, page 426• Dashboard Components for VX Devices, page 427

Displaying the VX Dashboard and Managing the DisplayThe following procedure describes how to display the VX dashboard.

To display the VX dashboard

1. In the Devices pane, select the Physical tab.2. In the Physical tab, select one device.

3. In the content area (on the right, by default), select the VX Dashboard tab.


ApplicationTo display the Application dashboard, select a single device in the Organization tab and up to 10 services from the Filter table.

Virtual Service Status table

Lists the virtual services configured for the device with the corresponding Content Rule, Status, and Action. The Virtual Service Identifier is either:• The specified Description or Virtual Service Name

(depending on the Alteon version)—if it is set in the configuration (Configuration perspective Application Delivery tab navigation pane > Virtual Services > Virtual Servers > Virtual Services > Description).

• The virtual-service identifier in the following format:<VirtualServerAddress>:<protocol>:<port>[:NetworkClass].


Selected Virtual Services Status pie chart

The proportion and number of the selected virtual services per status level.Values: Up, Warning, Admin Down, Down

Real Servers Status of the Selected Services pie chart

The proportion and number of real servers per status level for the selected services. Values: Up, Warning, Admin Down, Down

Virtual Service Throughput graph

The Virtual Service Throughput, in Mbps.

Virtual Service Connections per Second graph

The Virtual Service connections, in CPS.

Table 323: Dashboard Components for Single Standalone and vADC Devices (cont.)

Dashboard Component Description




Dashboard Components for VX DevicesThe following table describes the dashboard components for VX devices.

Table 324: VX Dashboard-Display Buttons




Maximizes and floats the VX Dashboard tab.

Table 325: Dashboard Components for VX Devices

Component DescriptionTemperature chart The temperature, according to the selected scale (Celsius or

Fahrenheit), for each temperature sensor in the VX device.When relating to an Alteon 10000 platform, the temperatures that the monitor displays show the average temperature of the blade sensors. The ID numbers represent the slot numbers. Slot 1 supports the Switch Blade. Slot 2 supports the Switch Extension Blade. Slots 3–6 support Payload Blades. Slot 7–8 support Shelf Managers. Some blades are optional.

Fan Status indicators The status of each fan: nominal or not operating. Green—for nominal. Red—for not operating/not operating properly.Each fan icon is displayed with its corresponding ID number. The fan ID numbers might not be sequential and might be repeated.When relating to an Alteon 10000 non-NEBS platform, the ID number represents the fan blade. If all fans in the blade are working properly, the status is green. If one or more fans in the blade are not working properly, the status is red.

vADC CPU Distribution graph The proportion and number of vADCs per maximum utilization level of vSP and vMP.Values: • Low• Medium• High

vADC Throughput Limit Utilization Distribution graph

The proportion and number of vADCs per maximum throughput-limit utilization.Values: • Low• Medium• High




Viewing Dashboards for Multiple Standalone and vADC DevicesUse the Multi-Device Dashboard tab in the content area to view the information about the selected devices in the Devices pane Organization tab. This section contains the following topics:• Displaying the Multi-Device Dashboard and Managing the Display, page 428• Multi-Device Dashboard Components, page 429

Displaying the Multi-Device Dashboard and Managing the DisplayThe following procedure describes how to display the multi-device dashboard.

To display the multi-device dashboard

1. In the Devices pane, select the Organization tab.2. In the Organization tab, select the devices.

3. In the content area (on the right, by default), select the Multi-Dashboard tab.


vADC Identifier Lists the vADCs of the VX. Select rows to filter the results of the CPU Utilization per vADC graph and Throughput Limit Utilization per vADC graph.


CPU Utilization per vADC graph

The maximum vSP or vMP CPU utilization (%) per vADC, polled every two minutes. If more than one vADC is operating at the same utilization, only the top line is displayed.

Throughput Limit Utilization per vADC graph

The utilization (%) of the allocated throughput limit per vADC, polled every two minutes. If more than one vADC is operating at the same utilization, only the top line is displayed.

Table 326: Multi-Device Dashboard-Display Buttons




Maximizes and floats the Multi-Device Dashboard tab.

Table 325: Dashboard Components for VX Devices (cont.)





Multi-Device Dashboard ComponentsThe following table describes the multi-device dashboard components.

Table 327: Multi-Device Dashboard Components

Component DescriptionOverall Status pie chart The proportion and number of devices per highest-severity status

level.Values: OK, Warning, Error

Throughput Utilization Distribution pie chart

The proportion and number of devices per throughput-utilization level.Values: Low, Medium, High

Max. CPU Utilization Distribution pie chart

The proportion and number of devices per maximum-CPU-utilization level. Values: Low, Medium, High

Session Table Utilization Distribution pie chart

The proportion and number of devices per session-table-utilization level. Values: Low, Medium, High

Max. Temperature Distribution pie chart

The proportion and number of devices per maximum-temperature level. Values: Low, Medium, High, NA (vADC)

Monitoring Parameters per Device

Columns:• Device—Displays the device name.• Overall Status—Displays the highest-severity status level on

the device except for Virtual Services Down. Values: OK, Warning, Error.

• Virtual Services Down—Displays the number of virtual services that are down on the device.

• Throughput Util. (%)—Displays the utilization (%) of the throughput license (for standalone devices) or the allocated throughput limit (for vADCs).

• Max. CPU Util. (%)—Displays the highest current CPU utilization (%) of all the SP/MPs.

• Session Table Util. (%)—Displays the current Session-table utilization (%) of all the SP/MPs.

• Max. Temperature—Displays the highest current temperature of the sensors on the device. This value is not applicable for virtual devices. For a vADC, NA (vADC) is displayed.


CHAPTER 17 – MONITORING AND CONTROLLING THE DEFENSEPRO OPERATIONAL STATUS

APSolute Vision’s online monitoring for DefensePro can serve as part of a Network Operating Center (NOC) that monitors and analyzes the network and connected devices for changes in conditions that may impact network performance.This section contains the following topics:• Monitoring the General DefensePro Device Information, page 431• Monitoring and Controlling DefensePro Device Ports and Trunks, page 433• Monitoring DefensePro High Availability, page 435• Monitoring DefensePro Resource Utilization, page 436• Monitoring Cisco Security Group Tags (SGTs), page 441

Monitoring the General DefensePro Device InformationThe Overview tab displays general device information, including the information about the software version on the device and the hardware version of the device.

To display general device information for a selected device

> In the Monitoring perspective, select Operational Status > Overview.

Table 328: Overview: Basic Parameters

Parameter DescriptionHardware Platform The type of hardware platform for this device.

Uptime The system up time in days, hours, minutes, and seconds.

Base MAC Address The MAC address of the first port on the device.

Device Serial Number(This parameter is exposed only in 6.x versions 6.12 and later, 7.x versions, and 8.x versions.)

The serial number of the device.Virtual devices do not have a serial number. For virtual devices, the field displays 0000000000.

Table 329: Overview: Signature Update Parameters

Parameter DescriptionRadware Signature File Version

The version of the Radware Signature File installed on the device.


Monitoring and Controlling the DefensePro Operational Status


Fraud Signatures Last Update(This parameter is available only in 6.x versions and 7.x versions 7.42.09 and later.)

When Fraud Protection is enabled, this parameter can display the timestamp of the last update of fraud signatures, received from Radware.com and downloaded to the DefensePro device.Values:

• The timestamp, in DDD MMM DD hh:mm:ss yyyy z format—displayed according to the timezone of your APSolute Vision client.

• No Feeds Received Since Device Boot

Table 330: Overview: Software Parameters

Parameter DescriptionSoftware Version The version of the product software installed on the device.

APSolute OS Version The version of the APSolute OS installed on the device—for example, 10.31-03.01:2.06.08.

Build The build number of the current software version.

Version Status The state of this software version.Values:• Open—Not yet released• Final—Released version

Throughput License(This parameter displays only in 8.x versions.)

Values:• The maximum throughput that the license allows.• Unlimited

Table 331: Overview: Hardware Parameters

Parameter DescriptionHardware Version(This parameter displays only in 6.x and 7.x versions.)

The hardware version; for example, B.5.

RAM Size The amount of RAM, in megabytes.

Flash Size The size of flash (permanent) memory, in megabytes.

Cores(This parameter is available only in 8.x versions.)

The number of CPUs/cores that the device uses for processing traffic. That is, the value does not include the CPUs/cores for DefensePro management.

Note: On virtual DefensePro platforms—but not Radware DefensePro DDoS Mitigation for Cisco Firepower, you can specify the number of virtual cores in the initial setup of the virtual instance.

CPU Speed (This parameter is available only in 8.x versions.)

The CPU speed, in GHz.

Table 329: Overview: Signature Update Parameters (cont.)





Monitoring and Controlling DefensePro Device Ports and TrunksA Layer 2 interface is defined as any interface that has its own MAC address, physical port, trunk, and VLAN. You can monitor status and interface statistics for ports and trunks on DefensePro version 6.x–8.x platforms.You can also change the administrative status of a port, from Up to Down or vice versa.

Caution: If the administrative status of a QSFP+ 40-Gigabit Ethernet (40GbE) port is Down, the port does not issue traps or alerts, and does not show information for system hardware transceiver-info commands.

To change the administrative status of a port or trunk

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.

2. Select the rows with the relevant ports, and click the (Disable Selected Ports) button (for a port currently Up) or the (Enable Selected Ports) button (for a port that is currently Down).

To display L2 interface statistics for a selected device

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.2. To view the statistics for a specific port all in one dialog box, double-click the row.

Table 332: L2 Interface Statistics Basic Parameters

Parameter DescriptionPort Name The interface name or index number.

Port Family (This parameter displays only in DefensePro 7.x and 8.x versions.)

A hard-coded description of the interface.

Port Description For 6.x versions—A hard-coded description of the interface.For DefensePro 7.x and 8.x versions—A user-defined description of the interface. Maximum characters: 64.

Port Speed The current bandwidth of the interface. On DefensePro 6, 20, 60, 200, 400, x420, and x4420 platforms, the value is in megabits per second. On all platforms except for DefensePro 6, 20, 60, 200, 400, x420, and x4420, the value is in bits per second.

MAC Address The MAC address of the interface.

Admin Status The administrative status of the interface, Up or Down.

Operational Status The operational status of the interface, Up or Down.




Last Change Time The value of System Up time at the time the interface entered its current operational state. If the current state was entered prior to the last re-initialization of the local network management subsystem, then this value is zero (0).

Table 333: L2 Interface Statistics Parameters

Parameter DescriptionIncoming Bytes The number of incoming octets (bytes) through the interface

including framing characters.

Incoming Unicast Packets The number of packets delivered by this sub-layer to a higher sub-layer, which were not addressed to a multicast or broadcast address at this sub-layer.

Incoming Non-Unicast Packets

The number of packets delivered by this sub-layer to a higher sub-layer, which were addressed to a multicast or broadcast address at this sub-layer.

Incoming Discards The number of inbound packets chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.

Incoming Errors For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.

Outgoing Bytes The total number of octets (bytes) transmitted out of the interface, including framing characters.

Outgoing Unicast Packets The total number of packets that higher-level protocols requested be transmitted, and which were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent.

Outgoing Non-Unicast Packets

The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast or broadcast address at this sub-layer, including those discarded or not sent.

Outgoing Discards The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.

Outgoing Errors For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors.

Table 332: L2 Interface Statistics Basic Parameters (cont.)





Monitoring DefensePro High AvailabilityYou can view the status of parameters related to the high availability of a selected DefensePro device.

Note: When you issue the Switch Over command on the cluster node, the active device switches over. To switch modes, select the cluster node, and then select Switch Over.)

To view the parameters related to the high availability of a selected DefensePro device

> In the Monitoring perspective, select Operational Status > High Availability.

Table 334: DefensePro High-Availability Monitoring Parameters

Parameter DescriptionDevice Role Values:

• Stand Alone—The device is not configured as a member of a high-availability cluster.

• Primary—The device is configured as the primary member of a high-availability cluster.

• Secondary—This device is configured as the secondary member of a high-availability cluster.

Device State Values: • Active—The device is in the active state. The device may be a

standalone device (not part of a high-availability cluster) or the active member of a high-availability cluster.

• Passive—The device is the passive member of a high-availability cluster.

Last Baseline Sync. Values:• Base-Line still not synched on this device—Either high availability is

not enabled on the device or high availability is enabled on the device but the baselines for security protections are still not synchronized.

• The timestamp, in DDD MMM DD hh:mm:ss yyyy format, of the last synchronization of the baseline between the active and passive device.

Cluster State Values:• Pair not defined—The device is not configured as a member of a high-

availability cluster.• Disconnected—The device is disconnected from the other member of

the high-availability cluster. • Negotiate—The device is negotiating with the other member of the

high-availability cluster.• Synchronizing—The device is synchronizing with the other member of

the high-availability cluster.• In Sync—The members of the high-availability cluster are

synchronized. • Hold on—The device is waiting for information from the other member

of the high-availability cluster.




Monitoring DefensePro Resource UtilizationThis section contains the following topics:• Monitoring DefensePro CPU Utilization, page 436• Monitoring and Clearing DefensePro Authentication Tables, page 439• Monitoring DME Utilization According to Configured Policies, page 440• Monitoring DefensePro Syslog Information, page 441

Monitoring DefensePro CPU UtilizationYou can view statistics for the device’s average resource utilization and the utilization for each accelerator.

To monitor device utilization for a selected DefensePro device in 8.x versions

> In the Monitoring perspective, select Operational Status > Resource Utilization > CPU Utilization.

Cluster Node in Use The IP address of the selected device.

Peer Clustered Node in Use

The IP address of the other cluster member.

Table 335: CPU Utilization: Controller Utilization Parameters—Versions 8.14 and Later

Parameter DescriptionController Utilization The percentage of the controller’s resources currently utilized.

Average Controller Utilization - Last 5 Seconds

The average utilization of controller’s resources in the last 5 seconds.

Average Controller Utilization - Last 60 Seconds

The average utilization of controller’s resources in the last 60 seconds.

Table 336: CPU Utilization: Engines Utilization Parameters—Versions 8.14 and Later

Parameter DescriptionEngine ID The name of the flow engine.

Forwarding Task The percentage of CPU cycles used for traffic processing.

Other Tasks The percentage of CPU resources used for other tasks such as aging and so on.

Idle Task The percentage of free CPU resources.

Table 334: DefensePro High-Availability Monitoring Parameters (cont.)







Table 337: CPU Utilization: General Parameters—8.x Versions Earlier than 8.14

Parameter DescriptionResource Utilization The percentage of the device’s CPU currently utilized.

Last 5 sec. Average Utilization

The average utilization of resources in the last 5 seconds.



Table 338: CPU Utilization: Engine Utilization Parameters—8.x Versions Earlier than 8.14

Parameter DescriptionEngine ID The name of the flow engine.




Table 339: CPU-Utilization: General Parameters

Parameter DescriptionNote: DefensePro 7.x versions running on the x420 platform contains internal logic of two DefensePro software instances—using the DoS Mitigation Engine (DME) and physical ports as shared resources. For more information, see the DefensePro User Guide.

Resource Utilization Instance 0 The percentage of the device’s instance-0 CPU currently utilized.

Resource Utilization Instance 1 The percentage of the device’s instance-1 CPU currently utilized.

RS Resource Utilization Instance 0

The percentage of the device’s instance-0 routing services (RS) resource currently utilized.

RS Resource Utilization Instance 1

The percentage of the device’s instance-1 routing services (RS) resource currently utilized.

RE Resource Utilization Instance 0

The percentage of the device’s instance-0 routing engine (RE) resource currently utilized.

RE Resource Utilization Instance 1

The percentage of the device’s instance-1 routing engine (RE) resource currently utilized.

Last 5 sec. Average Utilization Instance 0

The average utilization of instance-0 resources in the last 5 seconds.












Table 340: CPU Utilization: Accelerator Utilization Parameters

Parameter DescriptionInstance The internal hardware instance of the device.

Accelerator Type The name of the accelerator. The accelerator named Flow_Accelerator_0 is one logical accelerator that uses several CPU cores. The accelerator named HW Classifier is the string-matching engine (SME).

CPU ID The CPU number for the accelerator.




Table 341: CPU Utilization: General Parameters

Parameter DescriptionResource Utilization The percentage of the device’s CPU currently utilized.

RS Resource Utilization The percentage of the device’s routing services (RS) resource currently utilized.

RE Resource Utilization The percentage of the device’s routing engine (RE) resource currently utilized.





Table 342: CPU-Utilization: Accelerator Utilization Parameters

Parameter DescriptionAccelerator Type The name of the accelerator. The accelerator named Flow_Accelerator_0

is one logical accelerator that uses several CPU cores. The accelerator named HW Classifier is the string-matching engine (SME). OnDemand Switch 3 S1 has no SME.

CPU ID The CPU number for the accelerator. OnDemand Switch 2 and OnDemand Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has three CPU cores.







Monitoring and Clearing DefensePro Authentication TablesYou can view statistics for the device’s Authentication Tables. You can also clear the contents of each table.

To monitor Authentication Tables for a selected DefensePro device

> In the Monitoring perspective, select Operational Status > Resource Utilization > Authentication Tables.

To clean an Authentication Table for a selected DefensePro device

1. In the Monitoring perspective, select Operational Status > Resource Utilization > Authentication Tables.

2. In the relevant tab (that is, TCP Authentication Table, HTTP Authentication Table, or DNS Authentication Table), click Clean Table.

Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table action can take up to 10 seconds.

Table 343: TCP Authentication Table: Monitoring Parameters

Parameter DescriptionTable Size The number of source addresses that the table can hold.

Table Utilization Percent of the table that is currently utilized.

Aging Time The aging time, in seconds, for the table.

Table 344: DefensePro HTTP Authentication Table: Monitoring Parameters

Parameter DescriptionTable Size The number of source-destination couples for protected HTTP servers.

For example, if there are two attacks towards two HTTP servers and the source addresses are the same, for those two servers, there will be two entries for the source in the table.


Aging Time The aging time, in seconds, for the table.Values: 60–3600Default: 1200

Table 345: DNS Authentication Table: Monitoring Parameters

Parameter Description(This tab is not displayed in DefensePro 8.x versions.)

Table Size The number of source addresses that the table can hold.


Aging Time The aging time, in minutes, for the table.




Monitoring DME Utilization According to Configured PoliciesThe contents of this tab are irrelevant for Radware DefensePro DDoS Mitigation for Cisco Firepower. This tab is functional only on DefensePro 20, 60, 200, 400, x420, and x4420 devices, and x412 devices with the DME.You can view statistics relating the user-defined policies to the utilization of the DoS Mitigation Engine (DME).The values that the device exposes are the calculated according to the configured values—even before running the Update Policies command.

Note: If the device is not equipped with the DME, 0 (zero) values are displayed.

To monitor DME utilization according to configured policies

> In the Monitoring perspective, select Operational Status > Resource Utilization > Policies.

Table 346: Policies: General Resource Utilization Monitoring Parameters

Parameter DescriptionNote: If a value in this tab is close to the maximum, the resources for the device are exhausted.

Total Policies The total number of policies in the context of the DME, which is double the number of network policies configured in the device. OnDemand Switch 3 S2 supports 50 configured network policies. x420 supports 50 configured network policies.

HW Entries Utilization The percentage of resource utilization from the HW entries in the context of the DME.

Sub-Policies Utilization The percentage of DME resource utilization from the entries of sub-policies.In the context of the DME, a sub-policy is a combination of the following:• Source-IP-address range• Destination-IP-address range• VLAN-tag range

Concurrent Active BDoS Attacks (This parameter is available only in 7.x versions.)

The number of concurrent active BDoS attacks.

Table 347: Policies: Per-Policy Resource Utilization Monitoring Parameters

Parameter DescriptionPolicy Name The name of the policy.

Direction The direction of the policy.Values:• Inbound• Outbound

HW Entries The number of DME hardware entries that the policy uses.




Monitoring DefensePro Syslog InformationYou can view information relating to the syslog mechanism.

To monitor DefensePro syslog information

> In the Monitoring perspective, select Operational Status > Resource Utilization > Syslog Monitor.

Monitoring Cisco Security Group Tags (SGTs)You can monitor the name and value of the enabled SGT, if one exists.

Note: For more information on SGTs in DefensePro, see Managing SGT Classes, page 29.

To monitor SGTs

> In the Monitoring perspective, select Operational Status > SGT.

Sub-Policies The number of DME sub-policy entries that the policy uses.

Table 348: DefensePro Syslog Monitoring Parameters

Parameter DescriptionSyslog Server The name of the syslog server.

Status The status of the syslog server.Values: • Reachable—The server is reachable.• Unreachable—The server is unreachable.• N/R—Specifies not relevant, because traffic towards the

Syslog server is over UDP—as specified (Configuration perspective, Setup > Syslog Server > Protocol > UDP).

Messages in Backlog The number of messages in the backlog to the syslog server.

Table 349: SGT Monitoring Parameters

Parameter DescriptionName The name of the SGT.

Value The value of the SGT.

Table 347: Policies: Per-Policy Resource Utilization Monitoring Parameters (cont.)



CHAPTER 18 – MONITORING DEFENSEPRO STATISTICS

Monitoring DefensePro statistics comprises the following topics:• Monitoring DefensePro SNMP Statistics, page 443• Monitoring DefensePro Bandwidth Management Statistics, page 444• Monitoring DefensePro IP Statistics, page 446

Monitoring DefensePro SNMP StatisticsYou can view statistics for the SNMP layer of the device.

To monitor DefensePro SNMP statistics

> In the Monitoring perspective, select Statistics > SNMP Statistics.

Table 350: DefensePro SNMP Statistics

Parameter DescriptionNumber of SNMP Received Packets The total number of messages delivered to the SNMP entity

from the transport service.

Number of SNMP Sent Packets The total number of SNMP messages passed from the SNMP protocol entity to the transport service.

Number of SNMP Successful 'GET' Requests

The total number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP GET-Request and GET-Next PDUs.

Number of SNMP Successful 'SET' Requests

The total number of MIB objects modified successfully by the SNMP protocol entity as the result of receiving valid SNMP SET-Request PDUs.

Number of SNMP 'GET' Requests The total number of SNMP GET-Request PDUs accepted and processed by the SNMP protocol entity.

Number of SNMP 'GET-Next' Requests

The total number of SNMP GET-Next Request PDUs accepted and processed by the SNMP protocol entity.

Number of SNMP 'SET' Requests The total number of SNMP SET-Request PDUs accepted and processed by the SNMP protocol entity.

Number of SNMP Error “Too Big” Received

The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ‘tooBig.’

Number of SNMP Error “No Such Name” Received

The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status is ‘noSuchName’.

Number of SNMP Error “Bad Value” Received

The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ‘badValue’.


Monitoring DefensePro Statistics


Monitoring DefensePro Bandwidth Management StatisticsThis feature is available only in DefensePro 6.x versions. You can monitor the Bandwidth Management (BWM) statistics for a DefensePro device.

Displaying the Last-Second BWM Statistics for a Selected DefensePro DeviceThis feature is available only in DefensePro 6.x versions. To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global Settings > Enable Policy Statistics Monitoring).

To display the last-second BWM statistics for a selected DefensePro device

1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last Second). The Policy Statistics (Last Second) table is displayed.

2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry dialog box is displayed with all the BWM statistics.

Number of SNMP Error “Generic Error” Received

The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ‘genErr’.

Number of SNMP 'GET' Responses Sent

The total number of SNMP Get-Response PDUs generated by the SNMP protocol entity.

Number of SNMP Traps Sent The total number of SNMP Trap PDUs generated by the SNMP protocol entity.

Table 351: DefensePro BWM Last-Second Statistics Parameters

Parameter DescriptionPolicy Name The name of the displayed policy.

Matched Packets The number of packets matching the policy during the last second.

Matched Bandwidth The traffic bandwidth, in Kbits, matching the policy during the last second.

Sent Bandwidth The volume of sent traffic, in Kbits, in any direction, in the last second.

Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached during the last second.

Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during the last second.

New TCP Sessions The number of new TCP sessions the device detected in the last second.

Table 350: DefensePro SNMP Statistics (cont.)





Displaying the Last-Period BWM Statistics for a Selected DefensePro DeviceThis feature is available only in DefensePro 6.x versions.To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global Settings > Enable Policy Statistics Monitoring). The Policy Statistics Reporting Period parameter determines the period (Configuration perspective, BWM > Global Settings > Policy Statistics Reporting Period).

To display the last-period BWM statistics for a selected DefensePro device

1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last Period). The Policy Statistics (Last Period) table is displayed.

2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry dialog box is displayed with all the BWM statistics.

New UDP Sessions The number of new UDP sessions the device detected in the last second.

Queued Bandwidth The bandwidth, in Kilobits, during the last second.

Full Queue Bandwidth The bandwidth, in Kilobits, discarded during the last second, due to a full queue.

Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, during the last second, due to the aging of packets in the queue.

Inbound Packets The number of inbound packets in the last second.

Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last second that matched the policy.

Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last second.

Outbound Packets The number of outbound packets in the last second.

Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last second that matched the policy.

Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last second.

Table 352: DefensePro BWM Last-Period Statistics Parameters

Parameter DescriptionPolicy Name The name of the displayed policy.

Matched Packets The number of packets matching the policy during the last specified period.

Matched Bandwidth The traffic bandwidth, in Kilobits, matching the policy during the last specified period.

Sent Bandwidth The volume of sent traffic, in Kilobits, in any direction, in the last specified period.

Table 351: DefensePro BWM Last-Second Statistics Parameters (cont.)





Monitoring DefensePro IP StatisticsYou can monitor statistics for the IP layer of the device, including the number of packets discarded and ignored. This enables you to quickly summarize the state of network congestion from a given interface.

To display IP statistics information for a selected DefensePro device

> In the Monitoring perspective, select Statistics > IP Statistics.

Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached during the last specified period.

Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during the last specified period.

New TCP Sessions The number of new TCP sessions the device detected in the last specified period.

New UDP Sessions The number of new UDP sessions the device detected in the last specified period.

Queued Bandwidth The volume of queued traffic, in Kilobits, during the last second.

Full Queue Bandwidth The bandwidth, in Kilobits, discarded in the last specified period, due to a full queue.

Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, in the last specified period, due to the aging of packets in the queue.

Inbound Packets The number of inbound packets in the last specified period.

Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last specified period that matched the policy.

Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last specified period.

Outbound Packets The number of outbound packets in the last specified period.

Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last specified period that matched the policy.

Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last specified period.

Table 353: IP Statistics Parameters

Parameter DescriptionNumber of IP Packets Received

The total number of input datagrams received from interfaces, including those received in error.

Number of IP Header Errors The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, and so on.

Table 352: DefensePro BWM Last-Period Statistics Parameters (cont.)





Number of Discarded IP Packets

The total number of input datagrams for management that were discarded. This counter does not include any datagrams discarded while awaiting re-assembly.

Number of Valid IP Packets Received

The total number of input datagrams successfully delivered to IP user-protocols (including ICMP).

Number of Transmitted Packets (Inc. Discards)

The total number of IP datagrams which local IP user-protocols, including ICMP supplied to IP in requests for transmission. This counter does not include any datagrams counted in the Number of IP Packets Forwarded.

Number of Discarded Packets on TX

The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded, for example, the lack of buffer space. This counter includes any datagrams counted in the Number of IP Packets Forwarded if those packets meet this (discretionary) discard criterion.

Table 354: Router Statistics Parameters

Parameter DescriptionNumber of IP Packets Forwarded

The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities that do not act as IP Gateways, this counter includes only those packets which were Source - Routed via this entity, and the Source - Route option processing was successful.

Number of IP Packets Discarded Due to ‘Unknown Protocol’

The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.

Number of IP Packets Discarded Due to ‘No Route’

The number of IP datagrams discarded because no route could be found to transmit them to their destination.

Note: This counter includes any packets counted in the Number of IP Packets Forwarded that meet the no-route criterion. This includes any datagrams which a host cannot route because all of its default gateways are down.

Number of IP Fragments Received

The number of IP fragments received which needed to be reassembled at this entity.

Number of IP Fragments Successfully Reassembled

The number of IP datagrams successfully re-assembled.

Number of IP Fragments Failed Reassembly

The number of failures detected by the IP re-assembly algorithm, such as timed out, errors, and so on. Note: This is not necessarily a count of discarded IP fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.

Number of IP Datagrams Successfully Reassembled

The number of IP datagrams that have been successfully re-assembled at this entity.

Table 353: IP Statistics Parameters (cont.)





Number of IP Datagrams Discarded Due to Fragmentation Failure

The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be, for example, because their Don’t Fragment flag was set.

Number of IP Datagrams Fragments Generated

The number of IP datagram fragments that have been generated as a result of fragmentation at this entity.

Valid Routing Entries Discarded

Number of valid routing entries discarded.

Table 354: Router Statistics Parameters (cont.)



CHAPTER 19 – MONITORING AND MANAGING DEFENSEPRO DIAGNOSTICS

Monitoring and managing DefensePro diagnostics comprises the following topics:• Configuring the Diagnostic Tool Parameters• Configuring Diagnostics Policies• Managing Capture Files

You can monitor and manage DefensePro diagnostics using in APSolute Vision in DefensePro 6.x versions 6.12 and later, 7.x versions, and 8.x versions 8.10 and later. The feature described in Configuring Diagnostics Policies is relevant only to DefensePro 6.x and 7.x versions.

Note: In DefensePro 6.x versions earlier than 6.12, you can monitor and manage DefensePro diagnostics using DefensePro CLI or WBM.

Configuring the Diagnostic Tool ParametersThis feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, 7.x versions, and 8.x versions 8.10 and later.The diagnostic packet-capture tool can capture packets that enter the device, leave the device, or both. The captured traffic is stored in CAP files. You can download the files with the captured packets using the Capture Files pane (Monitoring perspective, Diagnostics > Capture Files). You can analyze the traffic Unix snoop, or various other tools.

Caution: Enabling this feature may cause severe performance degradation.

Notes

• For information on managing the files that diagnostic packet-capture tool generates, see Managing Capture Files.

• To see the actual timestamp of the packets in the files that the diagnostic packet-capture tool produces, in the packet analyzer (for example, Wireshark), you may need to modify the format of the time display. The timestamp in the packets in the files that the diagnostic packet-capture tool produces is always UTC.

• The diagnostic packet-capture tool does not capture packets that pass through the device as the result of Traffic Exclusion. Traffic Exclusion is when DefensePro passes through all traffic that matches no network policy configured on the device.

• The diagnostic packet-capture tool does not capture GRE-encapsulated packets.


Monitoring and Managing DefensePro Diagnostics


• In DefensePro 6.x versions, the diagnostic packet-capture tool truncates packets longer than 1619 bytes (regardless of the configuration for jumbo frames).

• In DefensePro 7.x and 8.x versions, the diagnostic packet-capture tool does not handle jumbo frames. DefensePro 7.x and 8.x versions either pass through jumbo-frame traffic or drop jumbo-frame traffic.

To configure diagnostic packet-capture tool in DefensePro 8.x versions

1. In the Monitoring perspective, select Diagnostics > Diagnostic Tool Parameters.2. Configure the parameters, and then, click Submit.

Table 355: Diagnostic Tool Parameters in DefensePro 8.x Versions

Parameter DescriptionStatus Specifies whether the diagnostic packet-capture tool is enabled.

Values: Enabled, DisabledDefault: Disabled

Note: When the device reboots, the status of the diagnostic packet-capture tool reverts to Disabled.




Capture Point The location where the device captures the data.Values for devices running version 8.14 or later configured with the SSL Decryption and Encryption option Enabled, Using the On-Device Component (see Configuring the DefensePro SSL-Settings Setup, page 108):• On Packet Arrive—The device captures packets when they enter the

device.• On Packet Send—The device captures packets when they leave the

device.• On Both Packet Arrive and Packet Send—The device captures packets

when they enter the device and when they leave the device.• On Packet Arrive, Including To and From On-device Decryption Unit—

The device captures packets when they enter the device, and captures packets to and from the on-device SSL component.

• On Packet Send, Including To and From On-device Decryption Unit—The device captures packets when they leave the device, and captures packets to and from the on-device SSL component.

• On Both Packet Arrive and Packet Send, Including To and From On-device Decryption Unit—The device captures packets when they enter the device and when they leave the device, and captures packets to and from the on-device SSL component.

• To and From On-device Decryption Unit—The device captures packets to and from the on-device SSL component.

Values for devices running version 8.10–8.13 and running version 8.14 or later configured without the SSL Decryption and Encryption option Enabled, Using the On-Device Component (see Configuring the DefensePro SSL-Settings Setup, page 108):• On Packet Arrive—The device captures packets when they enter the


device.• On Both Packet Arrive and Packet Send—The device captures packets

when they enter the device and when they leave the device.Default: On Packet Arrive

Capture Port Group(This parameter is available only in DefensePro version 8.11 and later.)

The ports where the device captures the data.Values:• On Data Ports• On Management and Data Ports• On Management PortsDefault: On Management and Data Ports

Capture Rate(This parameter is not available in DefensePro version 8.10.)

The per-packet capture rate per core (also referred to as a DefensePro engine). For example, if the value is 10, the device captures every tenth packet from each core.Values: 1–10,000Default: 1

Note: When the device reboots, the value reverts to 1.

Table 355: Diagnostic Tool Parameters in DefensePro 8.x Versions (cont.)





To configure diagnostic packet-capture tool in DefensePro 6.x and 7.x versions

1. In the Monitoring perspective, select Diagnostics > Diagnostic Tool Parameters.2. Configure the parameters, and then, click Submit.

Table 356: Diagnostic Tool Parameters in DefensePro 6.x and 7.x Versions

Parameter DescriptionStatus Specifies whether the diagnostic packet-capture tool is enabled.

Values: Enabled, DisabledDefault: Disabled

Note: When the device reboots, the status of the diagnostic packet-capture tool reverts to Disabled.

Output to File The location of the stored captured data.Values:• RAM Drive and Flash—The device stores the data in RAM and appends

the data to the file on the CompactFlash drive. Due to limits on CompactFlash size, DefensePro uses two files. When the first file becomes full, the device switches to the second, until it is full, and then it overwrites the first file, and so on.

• RAM Drive—The device stores the data in RAM.• None—The device does not store the data in RAM or flash, but you can

view the data using a terminal.

Output to Terminal Specifies whether the device sends captured data to a terminal.Values: Enabled, DisabledDefault: Disabled

Capture Point The location where the device captures the data.Values:• On Packet Arrive—The device captures packets when they enter the


device.• Both—The device captures packets when they enter the device and

when they leave the device.Default: On Packet Arrive




Configuring Diagnostics PoliciesThis feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, and 7.x versions.In most cases, there is no need to capture all the traffic passing through the device. Using diagnostic policies, the device can classify the traffic, and store only the required information.

To configure a diagnostics policy

1. In the Monitoring perspective, select Diagnostics > Diagnostic Policies. 2. Do one of the following:



Table 357: Diagnostics Policies Parameters

Parameter DescriptionName The user-defined name of the policy.


Index The number of the policy in the order in which the diagnostic packet-capture tool classifies (that is, captures) the packets.Default: 1

Description The user-defined description of the policy.Maximum characters: 20

VLAN Tag Group The VLAN tag value or predefined class object whose packets the policy classifies (that is, captures).

Destination The destination IP address or predefined class object whose packets the policy classifies (that is, captures).

Source The source IP address or predefined class object whose packets the policy classifies (that is, captures).

Service Type The service type whose packets the policy classifies (that is, captures).Values:• None• Basic Filter• AND Group• OR GroupDefault: None

Service The service whose packets the policy classifies (that is, captures).

Outbound Port Group The Physical Port class whose outbound packets the policy classifies (that is, captures). You cannot set the this parameter when the Trace-Log Status parameter is enabled in the DefensePro CLI or Web Based Management,

Inbound Port Group The Physical Port class whose inbound packets the policy classifies (that is, captures).




Managing Capture FilesThis feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, 7.x versions, and 8.x versions 8.10 and later.

Managing Capture Files in DefensePro 8.x VersionsUse the Capture Files pane to download or delete diagnostic packet-capture files from RAM.

Note: You configure the creation process of the diagnostic packet-capture files in the Diagnostic Tool Parameters tab. The configuration includes enabling or disabling packet capture, and specifying the Capture Port Group (On Data Ports, On Management and Data Ports, or On Management Ports). For more information, see Configuring the Diagnostic Tool Parameters, page 449.

Destination MAC Group The destination MAC group whose packets the policy classifies (that is, captures).

Source MAC Group The source MAC group whose packets the policy classifies (that is, captures).

Maximal Number of Packets

The maximal number of packets that the policy captures. Once the policy captures the specified number of packets, it stops capturing traffic. In some cases, the policy captures fewer packets than the configured value. This happens when the device is configured to drop packets.

Note: For DefensePro 7.x versions, which run on the x420 platform, the Maximal Number of Packets is counted per software instance.

Maximal Packet Length The maximal length for a packet the policy captures.

Trace-Log Status Specifies whether the Trace-Log feature is enabled in the policy.Values: Enabled, DisabledDefault: Disabled

Note: You cannot set the Outbound Port Group when the value of the Trace-Log Status parameter is Enabled.

Capture Status Specifies whether the packet-capture feature is enabled in the policy.Values: Enabled, DisabledDefault: Disabled

Table 357: Diagnostics Policies Parameters (cont.)





In DefensePro 8.x version 8.17 and later, the diagnostic packet-capture tool does the following—according to the value of the of the Capture Port Group parameter:• When the Status of the diagnostic packet-capture tool is Enabled (Monitoring perspective,

Diagnostics > Diagnostic Tool Parameters > Status), the diagnostic packet-capture tool writes the following: — Files from the data (traffic) ports per core (also referred to as a “DefensePro

engine”)—Compressed, in the following format: CapturedOnEngine_<engine ID>.cap.bz2.

DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap.bz2 file (per core)—before compression—to 300 MB. When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the specific core stops (but the tool will remain enabled to allow other cores to continue capturing). To resume packet capture on the specific core, you must delete the file.Note: When packet capture is disabled and re-enabled, the tool appends data to the existing files from the data (traffic) ports.

— Files from management ports 1 and 2—Compressed, in the following format:CapturedOnManagement_<1|2>.cap.bz2.

DefensePro limits the size of each CapturedOnManagement_<1|2>.cap.bz2 file (per management interface)—before compression—to 300 MB. When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the specific interface, the file rolls over, restarting with an empty file. To resume packet capture on the specific core, you must delete the file.Note: When packet capture is disabled and re-enabled, the tool starts a new file for the management ports.

• When the Status of the diagnostic packet-capture tool changes from Enabled to Disabled (Monitoring perspective, Diagnostics > Diagnostic Tool Parameters > Status), the diagnostic packet-capture tool writes the following: — A merged file of the data (traffic) ports, interleaved from all the

CapturedOnEngine_<engine ID>.cap.bz2 files (per core)—Compressed, in the following format:AllEnginesCombined.cap.bz2.

DefensePro limits the size of each AllEnginesCombined.cap.bz2 file—before compression—to 300 MB.DefensePro merges the first 300 MB of data—starting from the earliest packet.

— A merged file, interleaved from the CapturedOnManagement_<1|2>.cap.bz2 files (per management interface)—Compressed, in the following format:AllManagementCombined.cap.bz2.

DefensePro limits the size of each AllManagementCombined.cap.bz2 file—before compression—to 300 MB.DefensePro merges the first 300 MB of data—starting from the earliest packet.

In DefensePro versions 8.11–8.16, the diagnostic packet-capture tool does the following:• Writes the files per core (also referred to as a DefensePro engine), compressed, in the following

format:CapturedOnEngine_<engine ID>.cap.bz2

• Limits the size of each file (per core)—before compression—to 300 MB. When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the specific core stops (but the tool will remain enabled to allow other cores to continue capturing). To resume packet capture on the specific core, you must delete the file.




In DefensePro version 8.10, the diagnostic packet-capture tool does the following:• Writes the files per core (also referred to as a DefensePro engine) in the following format:

CapturedOnEngine_<engine ID>.cap

• Limits the size of each file (per core) to 300 MB. When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the specific core stops (but the tool will remain enabled to allow other cores to continue capturing). To resume packet capture on the specific core, you must delete the file.

To download or delete capture files in DefensePro 8.x versions

1. In the Monitoring perspective, select Diagnostics > Capture Files.The table comprises the following columns:— File Name—The name of the file.— Uncompressed File Size—The size of the file, in bytes, before compression.

2. Select the required row.

3. Click one of the following:

— (Delete Row)—Deletes the selected file.— Download—Starts the download process of the selected data. Follow the on-screen

instructions.Note: The download may take a several minutes.

Managing Capture Files in DefensePro 6.x and 7.x VersionsUse the Capture Files pane to download or delete diagnostic packet-capture files from the RAM or CompactFlash.In DefensePro 6.x and 7.x versions, the capture tool names the files using the following format:capture_<Device Name>_<ddMMyyyy>_<hhmmss>_<file number>.cap

If the device is configured to store the output in the CompactFlash, when the data size in RAM reaches its limit, the device appends the data chunk from RAM to the file on the CompactFlash drive. For each enabled diagnostic tool, DefensePro uses two temporary files. When one temporary file reaches the limit (1 MB), DefensePro stores the information in the second temporary file. When the second temporary file reaches the limit (1 MB), DefensePro overwrites the first file, and so on. When you download a CompactFlash file, the file contains both temporary files.

To download or delete capture files in DefensePro 6.x and 7.x versions

1. In the Monitoring perspective, select Diagnostics > Capture Files.The pane contains two tables, Files On RAM Drive and Files On Main Flash.Each table comprises the following columns:— File Name—The name of the file.— File Size—The file size, in bytes.

2. Select the required row.




3. Click one of the following:

— (Delete Row)—Deletes the selected file.— Download—Starts the download process of the selected data. Follow the on-screen

instructions.


CHAPTER 20 – MONITORING AND CONTROLLING DEFENSEPRO NETWORKING

Monitoring and controlling DefensePro networking comprises the following topics:• Monitoring and Controlling the DefensePro Session Table, page 459• Monitoring Routing Table Information, page 461• Monitoring DefensePro ARP Table Information, page 462• Monitoring MPLS RD Information, page 463• Monitoring the DefensePro Suspend Table, page 464• Monitoring Tunnel Interfaces, page 465• Monitoring BGP Peers, page 465

Monitoring and Controlling the DefensePro Session TableMonitoring and controlling DefensePro Session table comprises the following topics:• Monitoring Session Table Information, page 459• Configuring DefensePro Session Table Filters, page 461

Monitoring Session Table InformationEach DefensePro device includes a Session table to keep track of sessions bridged and forwarded by the device. In DefensePro 6.x and 7.x versions, the Session table is enabled by default. In DefensePro 8.x versions, the Session table is always enabled.The size of the table makes it difficult to view. To generate reliable and useful reports and prevent system failures, in DefensePro 6.x and 7.x versions, you can use filters to define the Session table information to display. The Session Table pane displays information that matches any enabled Session table filter.

Notes

• The filtered Session table does not automatically refresh. The information loads when you display the Session Table pane and when you manually refresh the display.

• DefensePro issues alerts for high utilization alerts of the Session table. DefensePro sends alerts to APSolute Vision when table utilization reaches 90% and 100%.

To view Session table information

> In the Monitoring perspective, select Networking > Session Table > Session Table.


Monitoring and Controlling DefensePro Networking


Table 358: Session-Table Monitoring Parameters

Parameter DescriptionSource IP The source IP address within the defined subnet.

Destination IP The destination IP address within the defined subnet.

Source L4 Port The session source port.

Destination L4 Port The session destination port.

Context Group Tag(This parameter is available only in DefensePro 8.x versions.)

The Tag value of the Context Group class associated with the entry.

Protocol The session protocol.

Physical Interface(This parameter is available only in DefensePro 6.x and 7.x versions.)

The physical port on the device at which the request arrives from the client.

Lifetime (Sec.) The time, in seconds, following the arrival of the last packet, that the entry remains in the table before it is deleted.

Aging Type(This parameter is available only in DefensePro 6.x and 7.x versions.)

The reason for the Lifetime value. Values:• Default—A lifetime per protocol. The default value is 100 seconds.• End—Session end. A FIN/RST arrived, and the session ended. The

value depends on the protocol defaults. The default value is 5 seconds.

• SYN—SYN Protection. The Lifetime was set after DefensePro received a SYN that may be an attack. The default value is 10 seconds.

• App—An application changed the lifetime for an application-specific reason. Note that the host table can change this lifetime only to the Lifetime type End (for example, ACL rules).

• Initial—The initial lifetime of the session, which later (probably after the arrival of the second packet) will be modified to the Lifetime type Default. The default value is 5 seconds.

• Unknown—If none of the above options are used.

SYN Flood Status(This parameter is available only in DefensePro 6.x and 7.x versions.)

Indicates whether the entry is currently protected against SYN attacks.Values:• Not Protected—The SYN Flood Protection module is disabled.• Protected (No Attack)—No trigger is found for the protected server,

thus there is no attack.• Protected (Under Attack)—There is an ongoing attack on the

protected server, and DefensePro is mitigating the attack

Policy Name(This parameter is available only in DefensePro 7.x versions 7.42 and later.)

The name of the Network Protection policy.




Configuring DefensePro Session Table FiltersThe full Session table is very large; therefore, it is recommended to filter the information. Use Session table filters to define the information you want to display.

To configure Session table filters

1. In the Monitoring perspective, select Networking > Session Table > Session Table Filters.2. To add or modify a filter, do one of the following:

— To add a filter, click the (Add) button.— To edit a filter, double-click the entry in the table.

3. Configure filter parameters and click Submit.

Monitoring Routing Table InformationThe Routing table stores information about destinations and how they can be reached.By default, all networks directly attached to the DefensePro device are registered in this table. Other entries can be statically configured or dynamically created through the routing protocol.

Note: The Routing table is not automatically refreshed periodically. The information is loaded when you select to display the Routing Table pane, and when you manually refresh the display.

Table 359: Session-Table Filter Monitoring Parameters

Parameter DescriptionFilter Name The unique name of the filter.

Physical Interface The physical port on the device at which the request arrives from the client. Default: Any

Source IP Address The source IP address within the defined subnet.Select IPv4 or IPv6, and then, enter the address.

Source IP Mask The source IP address used to define the subnet that you want to present in the Session table.Select IPv4 or IPv6, and then, enter the mask.

Destination IP Address The destination IP address within the defined subnet.Select IPv4 or IPv6, and then, enter the address.

Destination IP Mask The destination IP address used to define the subnet that you want to present in the Session table.Select IPv4 or IPv6, and then, enter the mask.

Source L4 Port The session source Layer 4 port.

Destination L4 Port The session destination Layer 4 port.




To display Routing Table information for a selected device

> In the Monitoring perspective, select Networking > Routing.

Monitoring DefensePro ARP Table InformationYou can view the device’s ARP table, which contains both static and dynamic entries. You can change an entry type from dynamic to static.

Note: The ARP table is not automatically refreshed periodically. The information is loaded when you select to display the ARP Table pane, and when you manually refresh the display.

To display ARP Table information for a selected DefensePro device

> In the Monitoring perspective, select Networking > ARP.

Table 360: Routing-Table Monitoring Parameters

Parameter DescriptionDestination Network The destination network to which the route is defined.

Netmask The network mask of the destination subnet.

Next Hop The IP address of the next hop toward the Destination subnet. (The next hop always resides on the subnet local to the device.)

Via Interface In DefensePro 6.x–8.x versions, this is the local interface or VLAN through which the next hop of this route is reached. This can be the port name, trunk name, or VLAN ID.In Radware DefensePro DDoS Mitigation for Cisco Firepower, the value is MNG-1 (read-only), which is the value of the management interface.

Type This field is displayed only in the Static Routes table.The type of routing.Values:• Local—The subnet is directly reachable from the device.• Remote—The subnet is not directly reachable from the device.

Metric The metric value defined or calculated for this route.

Table 361: DefensePro ARP-Table Monitoring Parameters

Parameter HeadingPort The interface number where the station resides.

IP Address The station’s IP address.

MAC Address The station’s MAC address.




To change an entry type from dynamic to static

1. In the Monitoring perspective, select Networking > ARP.2. Select the entry, and select Change Entry to Static.

Monitoring MPLS RD InformationThis feature is supported only in DefensePro 6.x versions and 7.x versions prior to 7.40.You can monitor MPLS RD information and configure an MPLS RD. Each MPLS RD is assigned two tags for the link on which the device is installed, an upper tag and a lower tag. On a different link, the same MPLS RD can be assigned with different tags.

To display MPLS RD information for a selected DefensePro device

1. In the Monitoring perspective, select Networking > MPLS RD.The MPLS RD table displays current MPLS RD information.

2. To add an MPLS RD, click the (Add) button.


Type The entry type.Values:• Other—Not Dynamic or Static.• Dynamic—Entry is learned from ARP protocol. If the entry is not active

for a predetermined time, the node is deleted from the table.• Static—Entry has been configured by the network management station

and is permanent.

Table 362: MPLS RD Parameters

Parameter DescriptionMPLS RD The MPLS RD name.

Type Describes the MPLS RD format.Values:• 2 Bytes : 4 Bytes—AS (16 bit): Number (32 bit)• 4 Bytes : 2 Bytes—AS (32 bit): Number (16 bit)• IP Address : 2 Bytes—IP: Number (16 bit)

Upper Tag The upper tag for the link on which the device is installed.

Lower Tag The lower tag for the link on which the device is installed.

Table 361: DefensePro ARP-Table Monitoring Parameters (cont.)

Parameter Heading




Monitoring the DefensePro Suspend TableWhen certain security modules—such as Anti-Scanning, Server Cracking, and Connection Limit—detect an attack, DefensePro can suspend attack traffic. The Suspend table stores the entries that define the suspended traffic.

To view the real-time Suspend table for a selected DefensePro device

> In the Monitoring perspective, select Networking > Suspend Table.

Table 363: DefensePro Suspend-Table Monitoring Parameters

Parameter DescriptionSource IP The IP address from which traffic was suspended.

Destination IP The IP address to which traffic was suspended. The value 0.0.0.0 specifies all destinations.

Destination Port The application port to which traffic was suspended. The value 0 specifies all ports.

Protocol The network protocol of the suspended traffic.

Module The security module that activated the traffic suspension.Value for DefensePro 8.x versions: Connection LimitValues for DefensePro 6.x and 7.x versions: Signatures, Anti Scanning, Syn Protection

Note: The Signatures value encompasses the Signature Protection module and the Connection Limit module.

Classification Type Value for DefensePro 8.x versions: Policy—A Network Protection policy suspended the trafficValues for DefensePro 6.x and 7.x versions: • Policy—A Network Protection policy suspended the traffic• Server—A Server Protection policy suspended the traffic

Policy / Server Name(This column is displayed only in DefensePro 6.x and 7.x versions.)

The name of the policy that suspended the traffic.

Policy Name(This column is displayed only in DefensePro 8.x versions.)

The name of the Network Protection policy that suspended the traffic.

Expiration Type The method of determining the expiration. Value for DefensePro 8.x versions: Dynamic TimeoutValues for DefensePro 6.x and 7.x versions: On Request, Fixed Timeout, Dynamic Timeout

Expiration Time The number of seconds until the entry is aged from the Suspend table.




Monitoring Tunnel InterfacesThis feature is available only in DefensePro 7.x versions.You can monitor tunnel interfaces that are configured in the Tunnel Interfaces pane (Configuration perspective, Setup > Networking > IP Management > Tunnel Interfaces).

Notes

• For more information on the Device Operation Mode, see Configuring the Device Operation Mode for DefensePro, page 224).

• For more information on the tunnels in the context of the IP Device Operation Mode, see Managing Tunnel Interfaces, page 64.

To display tunnel interface information for a selected DefensePro device

> In the Monitoring perspective, select Networking > Tunnel Interfaces.

Monitoring BGP PeersThis feature is available only in DefensePro 7.x versions.You can monitor statistics regarding the BGP peers configured on the device.

Note: The routing tables managed by a Border Gateway Protocol (BGP) implementation are adjusted continually to reflect changes in the network, such as links breaking and being restored, or routers going down and coming back up. In the network as a whole, these changes happen almost continuously, but for any particular router or link, changes should be relatively infrequent.

To display BGP information for a selected DefensePro device

> In the Monitoring perspective, select Networking > BGP Peers.

Table 364: Tunnel Interfaces: Table Parameters

Parameter DescriptionTunnel IP Address The IP address of the tunnel.

Primary Tunnel Status The status of the primary tunnel.

Secondary Tunnel Status The status of the secondary tunnel.

Table 365: Tunnel Interfaces: Total Tunnel Status Parameter

Parameter DescriptionTotal Tunnels Status The number of reachable tunnels of the total configured tunnels,

using a slash (/) as the separator. For example, the value 10/11 signifies that there are 10 reachable tunnels of the 11 total configured tunnels.




Table 366: BGP Information for DefensePro

Parameter DescriptionPeer IP Address The IP address of the remote peer.

Admin Status Indicates whether the peer is enabled.

Connection State The state of the connection. Values: • Idle—The peer is stopped.• Connect—DefensePro initiated a TCP connection to remote

peer.• Active—The peer is waiting during a connect retry interval,

after failing to establish TCP connection to a remote peer. In this state, DefensePro also listens on port 179 for potential incoming connections from the remote peer.

• OpenSent—A TCP connection is established with the remote peer. DefensePro sent a BGP OPEN message to the remote peer and expects to receive an OPEN message from it.

• OpenConfirm—DefensePro received an OPEN message from the remote peer. DefensePro responds with a KEEPALIVE message and expects a KEEPALIVE message from the remote peer.

• Established—A BGP connection is established with a remote peer. DefensePro can now exchange UPDATE messages with it.

Remote AS The remote autonomous system number.

Peer Identifier The IP address that identifies the remote peer for the current BGP connection.

Local Address The DefensePro IP interface address used as the source IP address for a BGP connection.

Local Port (Source) The TCP source port number used by DefensePro for a BGP connection to the remote peer.

Remote Port (Destination) The TCP destination port number used by DefensePro for a BGP connection to the remote peer.

In Updates The number of BGP UPDATE messages transmitted on the connection.

Out Updates The number of BGP UPDATE messages transmitted on the connection.

In Total Messages The total number of messages received from to the remote peer on the connection.

Out Total Messages The total number of messages transmitted to the remote peer on the connection.

Last Error The last error code and subcode seen by the peer on the connection. If no error has occurred, the value for this field is zero (0). Otherwise, the first byte of this two-byte OCTET STRING contains the error code, and the second byte contains the subcode.

FSM Established Time How long, in seconds, the peer has been in the established state, or how long since the peer was last in the established state. It is set to zero when a new peer is configured or the router is booted.

FSM Established Transitions The total number of times the BGP FSM transitioned into the established state.




Connect Retry Interval The Connect Retry Interval value specified in the configuration of the peer.

Hold Time The time, in seconds, the Hold Timer established with the peer. The value of this object is calculated by the BGP speaker by using the smaller of the value by the specified Hold Time and the Hold Time received in the OPEN message. The value zero (0) indicates that the Hold Timer has not been established with the peer, or, the specified Hold Time is zero (0).

Keep Alive Time The interval, in seconds, for the keepalive timer established with the peer. The value of this object is calculated by the BGP speaker. The value zero (0) indicates that the keepalive timer has not been established with the peer, or, the specified Keep-Alive Time is zero (0).

Hold Time Configured The Hold Time value specified in the configuration of the peer.

Keep Alive Configured The Keep-Alive Time value specified in the configuration of the peer.

In Update Elapsed Time The elapsed time, in seconds, since the last BGP UPDATE message was received from the peer.

Table 366: BGP Information for DefensePro (cont.)



CHAPTER 21 – MONITORING AND CONTROLLING DEFENSEFLOW OPERATION

The Monitoring pane lets you view system information and statistics and the operation of protected objects in real-time, including protected objects for:• Operation, page 469• System, page 503

Note: In DefenseFlow version 2.1, the order of the Operation and System tabs are switched.

OperationThe Operation pane lets you manage protected objects and manually activate them using the Protected Objects pane, including:• Attack Mitigation Operations, page 469• Pending Actions, page 475• Mitigation Devices, page 482• Protected Objects, page 483• Ongoing Protections, page 491• BGP, page 496

Attack Mitigation OperationsThis feature is only available starting with version 3.0.The Attack Mitigation Operations dashboard graphically displays all the ongoing attacks and their associated protections, and displays a log of all the history attacks.

To view and modify attack mitigation operations from the Attack Mitigation Operations dashboard

1. To access the Attack Mitigation Operations dashboard, do one of the following:— From APSolute Vision,

a. In the Monitoring perspective, select Operation > Attack Mitigation Operations.b. To open the Attack Mitigation Operations dashboard, click Click here to access Attack

Mitigation Operations. A separate browser page opens with the DefenseFlow login prompt.

— To directly access the DefenseFlow dashboard, go to the following URL: https://DefenseFlow-IP/login


Monitoring and Controlling DefenseFlow Operation


2. At the DefenseFlow login prompt, log in to the DefenseFlow device using the DefenseFlow username and password. The Attack Mitigation Operations dashboard displays all the ongoing attacks and their associated protections, and displays a log of all the history attacks.

Notes

— To return to the main DefenseFlow UI in APSolute Vision, switch to that browser page.— To log out from the Attack Mitigation Operations dashboard, at the top-right in the title bar,

click the username icon, then click Logout.— If you do not log out of the Attack Mitigation Operations dashboard and you close the

browser page, you will still be logged into the dashboard. The login session times out after one hour.

3. By default, the attack table is sorted in the following order:

— Unprotected attacks sorted by volume bytes per second (BPS) in descending order— Protected attacks sorted by volume bytes per second (BPS) in descending order— Historical attacks sorted by attack end-time in descending order

Historical attack data is saved. You can delete an historical attack record after the attack has

ended by highlighting the attack and clicking .Note: Up to 3000 historical attacks are saved for three months. Any attacks older than three months are deleted. Any attacks beyond the 3000 attacks limit are deleted, starting with the oldest attack.

— You can sort the attack table by any of the columns in the table in ascending or descending order by clicking on the relevant column header.

— You can search for records in the Search field above the Attack Operations table based on strings in the Attack ID, PO Name, Source Network, Destination Network, Protocol, Attack Start, and Attack End parameters. Begin the search by entering characters, one at a time, until you find the records that include the string you entered. If no records include the string you entered, the table will display with no records.

— You can start protections for all unprotected attacks by clicking the Protect All button at the top right corner of the Attack Mitigation Operations dashboard pane.

—4. Highlight the attack and review and/or set the attack operation parameters as required:




Table 367: Attack Operations Parameters

Parameter DescriptionOverall Attack Operation Status

A colored indicator to the left of the Attack ID that indicates the overall attack operation status. It is related to the protection Status, as described here and as described later in this table.Overall Status Indicators:• Red—Displays under one the following conditions:

— The status icon is (Protection is not activated), where none of the protections are activated.

— The status icon is (Protection is activated on some of the networks), where only some of the protections are activated.

— The status icon is (Protection activation has failed), where the protection was not activated.

• Green—Displays under of the following conditions:

— The status icon is (Protection activated successfully), where all the protections have been activated automatically but the attack has not yet ended.

• Orange—Displays under one of the following conditions:

— The status icon is (Protection activated successfully), where all the protections have been activated manually, but no attack has been detected.

— This status icon is (In progress), where is the protections are either being activated or deactivated.

— The status icon is (Attack has terminated), where the unprotected attack has terminated.

• Gray—Displays under one of the following conditions:

— The status icon is (Protection has terminated), where all protections have been activated automatically and the attack has ended.

Attack ID The unique attack ID for the attack operation. This ID remains with the attack record for the record’s entire lifetime. This attack ID is internal to DefenseFlow and not related to any external IDs associated with the attack.

PO Name The protected object associated with the attack.




Source Network The attack operation source network IP addresses and ranges (CIDRs).Up to three CIDRs are displayed. If there are more than three CIDRs for an attack, the total number of CIDRs is displayed within parentheses (round brackets).

To view the list of source CIDRs, click the (Edit) icon to the right of the displayed CIDRs. From the Networks dialog box, you can:• View the full list of source CIDRs.

• Click the (Destination Networks) icon and

— Change the protection statuses of any of the destination CIDRs.— Add a new network to protect in the Protect New Network field.

After making any changes, click Submit.

Destination Network

The attack operation destination network IP addresses and ranges (CIDRs).Up to three CIDRs are displayed. If there are more than three CIDRs for an attack, the total number of CIDRs is displayed within parentheses (round brackets).

To view the list of destination CIDRs, click the (Edit) icon to the right of the displayed CIDRs. From the Networks dialog box, you can:• Change the protection statuses of any of the destination CIDRs.• Add a new network to protect in the Protect New Network field.

• Click the (Source Networks) icon and view the full list of the source CIDRs.

After making any changes, click Submit.

Table 367: Attack Operations Parameters (cont.)





Volume Number of packets per seconds (PPS) and bytes per seconds (BPS) for the attack operation, respectively.The PPS and BPS volumes are graphically represented as a percentage interval on the PPS and BPS volume gauges, respectively, per the defined volume range.The following are the default PPS gauge representations and their associated volume ranges:• 0%-25%—0k < value < 100k• 25%-50%—100k < value < 500k• 50%-75%—500k < value < 1m• 75%-100%—1m < valueThe following are the default BPS gauge representations and their associated volume ranges:• 0%-25%—0m < value < 50m• 25%-50%—50m < value < 250m• 50%-75%—250m < value < 500m• 75%-100%—value < 500m

You can change the volume ranges for the gauges using the CLI command dfc-core-configuration.

For example, if you want to change the top limit of the PPS volume range for 75% of the gauge from 500m to 70m, run the following CLI command:

dfc-core:configuration-set -name dfc.attack.dashboard.volume.pps.level075 -value 70m

Protocol Protocols used by the attack operation.

Detection The detection control element.

Status An icon indicating of the status of the attack operation. To view the status icon description, hover over the status icon.

Note: The overall attack operation status is represented by a color indicator to the left of the Attack ID. Earlier in this table, see the description of this indicator and its relationship to the attack operation statuses. Statuses:

• (Protection is not activated)—None of the protections have yet been activated by the attack operation.

• (Protection has terminated)—All protections have been activated and the attack has ended.

• (Protection activation has failed) —The protection was not activated.

• (Protection is activated)—All protections have been activated by the attack operation, but the attack has not yet ended.

• (In progress)—The protection activation or deactivation is in progress.

• (Protection is activated on some of the networks)—Some, but not all, of the protections have been activated.

• (Attack has terminated)—The unprotected attack has terminated.






To view the attack operation background processes

You can view the all attack background operation details.

1. To view the Operation Background Processes pane, at the far top-right in the title bar, click the

icon.

2. On the menu, click Operation Background Processes. The Operation Background Processes table includes the following parameters:

Protection Manually start or stop a protection operation for the attack based on the current status of the protection.Click one of the following buttons as relevant:• CONFIRM ALL—Confirm starting or stopping multiple protection operations

for a given attack ID.• CONFIRM START—Confirm starting a single protection operation for a given

attack ID.• CONFIRM STOP—Confirm stopping a single protection operation for a given

attack ID.• START—Start a single protection operation for a given attack ID.• STOP—Stop a single protection operation for a given attack ID.• STOP ALL—Stop all protections for multiple operations for a given attack ID.

Notes: • You can start protections for all unprotected attacks by clicking the Protect

All button at the top right corner of the Attack Mitigation Operations dashboard pane.

• While a protection operation is in process, you can hover over the Protection button to view the protection status and to see more details of the operation by clicking the Details link.

Attack Start Attack operation start time and end time of the attack or the protection.

Attack End Attack operation end time of the attack or the protection.

Table 368: Operation Background Processes Parameters

Parameter DescriptionPROCESS DESCRIPTION

Description of the operation background process, including the associated PO name where relevant.

DATE STARTED Date and time the process started.

DATE MODIFIED Last date and time the process was modified.






3. Perform one of the following actions, as required:

— You can search for processes by typing a search string in the Search field. The table is filtered according to all processes that include the string. To undo the filter, clear the text in the Search field.

— If you want to clear all of the records from the table, click Clear All.

— To return to the Attack Mitigation Operations dashboard, click the icon and click Attack Operations.

Pending ActionsThis feature is only available starting with version 2.2.The Pending Actions pane lets you manage pending actions to be performed for protected objects in User Confirmation mode.

Notes

• Starting with APSolute Vision version 3.60, the DefenseFlow icon on the APSolute Vision toolbar is highlighted in yellow if there are any pending actions.

• If there are any pending actions, the number of pending actions is indicated on the Pending

Actions button on the APSolute Vision toolbar. To go directly to the Pending Actions

monitoring and management pane from the APSolute Vision toolbar, click the Pending Actions button.

To monitor pending actions

1. In the Monitoring perspective, select Operation > Pending Actions.2. Highlight the pending action or search for the pending action by typing a string in one of the

pending action search fields and clicking the (Search) button:

STATUS Current status of the process:

• —Process started

• —Process running

• —Process completed

• —Process failed

Table 368: Operation Background Processes Parameters (cont.)





Table 369: Pending Actions View/Search Parameters

Parameter DescriptionName(From versions 2.3 through 2.6, the Name and IP Address parameters were together in one column. In versions earlier than 2.7, Name was PO Name)

The name of the protected object awaiting action confirmation.Starting with version 2.7, to view and/or edit a protected object associated with a pending action, select the link in the Name column, and the Edit Protected Object pane for that protected object displays. For more information on protected objects, see the DefenseFlow Installation and User Guide.

Note: If the protected object is under protection, and you modify an attribute that conflicts with the ongoing protection, the change is performed only at the next activation of the protected object.Starting with version 2.8.1, if you want a modification that affects an ongoing protection to take effect immediately, you can make this modification from Operation > Ongoing Protections > Edit Protection. For more information, see To edit ongoing protections, page 495.

IP Address(In versions earlier than 2.3, IP Address was Detected IP Address)

The IP address of the attacked destination as detected by the selected detection device.

Operation(This parameter is only available starting with version 2.3. In versions earlier than 2.4, it displays in the last column)

String within the operation name.Starting with version 2.7, to view and/or edit an operation associated with a pending action, select the link in the Operation column, and the Edit Operation pane for that operation displays. For more information on operations, see the DefenseFlow Installation and User Guide.


Attack ID The ID of the detected attack as reported by the detection device.

Pending Action The pending action waiting for confirmation.Values:• Start—An attack was detected for the protected object. The user can confirm

activation of the configured actions.• End—The attack was terminated. The user can confirm deactivation of the

active actions.

Configured Action(This parameter is only available in versions prior to 2.8.1)

The configured action for the protected object.




To clear the filter and perform a new search, click Clear next to the (Search) button.

To confirm or ignore a pending action

1. In the Monitoring perspective, select Operation > Pending Actions.


The following parameters display:— IP Address (starting with version 2.7; read-only)—The IP address of the attacked

destination as detected by the selected detection device.— Configured Action (starting with version 2.7; read-only)—The configured action for the

protected object.— Workflow (starting with version 2.7; read-only)—Workflow associated with the protected

object— Action—Action to take on the pending action: Ignore, Confirm Start, Confirm End


— To ignore a pending action and remove it from the pending actions table, select Ignore.— To confirm start of a pending action, for the Action, select Confirm Start. The Action

parameters display and can be modified:• Attack Destination (this option is only available in versions earlier than 2.3)— Select

Activate Entire PO to protect the entire protected object or select Activate Specific IP to protect a specific IP address or set of addresses within the protected object.

Workflow(This parameter is only available starting with version 2.7)

Workflow associated with the protected object.Starting with version 2.8.1, to view and/or edit a workflow associated with a pending action, select the link in the Workflow column, and the Edit Workflow pane for that operation displays. For more information on operations, see the DefenseFlow Installation and User Guide.

Criteria(This parameter is only available starting with version 2.7)

The criteria associated with the pending action.

External Attack URI(This parameter is only available starting with version 2.7)

Link to the third-party detector management system that handles the external attack associated with the pending action.

External PO URI(This parameter is only available starting with version 2.7)

Link to the third-party detector management system that handles the external protected object associated with the pending action.

Table 369: Pending Actions View/Search Parameters (cont.)





• Protected IP Address (in versions earlier than 2.3, Protected IP)—Starting with version 2.3, select one of the following options:—Activate (in versions earlier than 2.4, Divert) Entire Networks—This activates (in versions earlier than 2.4, diverts) the entire protected object.—Activate (in versions earlier than 2.4, Divert) Specific IP Address—This activates (in versions earlier than 2.4, diverts) only a specified IP address, which you change to any IP address or subnet as required.Starting with version 2.3, this option displays the Attack Destination IP Address parameter is the specific IP address attack target to be protected (this displays only if you selected Activate Specific IP). This must be within the network classification of the protected object.In versions earlier than 2.3, this option (Protected IP) is the specific IP address attack target to be protected (this displays only if you selected Activate Specific IP). This must be within the network classification of the protected object.

• Attack Destination IP Address (starting with version 2.3)—The IP address of the attack destination. This field only displays if the Activate Specific IP Address option is selected.

• Operation—The operation to use for diversion and mitigation groups preferences. Starting with version 2.3, select from the list of configured operations. The fields related to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth and Ignore mitigation devices capacity units parameters are available.• If the operation you selected is a Mitigation operation, the mitigation and BGP

parameters (starting in version 2.4) display:

Table 370: Mitigation Parameters

Parameter DescriptionAttack Bandwidth

In versions earlier than 2.3, the peak attack level to use as a basis for configuring the DefensePro device if the information is missing from the detection signals.Starting with version 2.3, specify the attack bandwidth (bits per second). You can also specify units (for example, 100M). This is used for verifying that the mitigation devices can handle the related attack bandwidth. This is also used to set the DefensePro policy bandwidth if there is not any BDoS bandwidth ready yet.

Use busy mitigation devices(In versions earlier than 2.3, Ignore mitigation devices capacity units)

If checked, DefenseFlow uses the selected DefensePro devices regardless of their monitored capacity.

BGP

Operation BGP Community(In versions earlier than 2.4, BGP Community.)

The BGP community values to be sent to the diversion groups that should receive them per the operation. Multiple communities can be configured separated by a space. In addition, well-known communities can be also defined, including: NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER




Use Protected Object Community(In versions earlier than 2.4, Use Community, and displays above the BGP Community parameter.)

Whether to add the protected object’s defined community in the announcement to the blocking group.When you select this parameter, the Protected Object Community parameter displays.

Protected Object BGP Community(This parameter is only available starting with version 2.4)(This parameter displays only when the Use Protected Object Community parameter is selected.)

The protected object’s BGP community values to be sent to the diversion groups that should receive them per the operation. Multiple communities can be configured separated by a space. In addition, well-known communities can be also defined, including: NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER

Advanced (This section is only available starting with version 2.8.1)

Minimum IPv4 Advertised Subnet(This parameter is only available starting with version 2.8.1)

The minimum IPv4 Advertised Subnet. Default: 32

Minimum IPv6 Advertised Subnet(This parameter is only available starting with version 2.8.1)

The minimum IPv6 Advertised Subnet. Default: 128

Override IPv4 Next Hop(This field is only available starting with version 2.10)

Override the IPv4 Next Hop IP address.

Table 370: Mitigation Parameters (cont.)





• If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic Blocking) operation, the FlowSpec parameters display (for more information on defining FlowSpec operations, see the DefenseFlow Installation and User Guide):



Mitigation Route Name(This field is only available starting with version 2.10)

The route name for this mitigation. Select one of the routes that you defined for mitigation devices. For more information on configuring routes, see the DefenseFlow Installation and User Guide.

Table 371: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters

Parameter DescriptionDestination Prefix

The destination prefix to block as defined in the Flow rule.Values:• Attacked IP—The actual destination IP addresses are inherited from the

protected object’s networks or IP addresses under attack or manually activated.

• Entire Networks—The actual destination IP addresses are inherited from the protected object that uses this rule for its various operations or manual actions.

• Specific prefix—The Prefix to Block field displays, letting you define a set of IP prefixes for the destination prefix.

Default: Attacked IP

Prefix to Block(This field is only available starting with version 2.4)(This field displays only if you have selected Specific prefix as the Destination Prefix.)

Defines one or more IPv4 destination prefixes, each IP prefix separated by a space.Values: IPv4 address in the format n1.n2.n3.n4/5Maximum number of networks: 100

Source Prefix The source prefix to block as defined in the Flow rule.

Port The port to block as defined in the Flow rule.

Destination Port The destination port to block as defined in the Flow rule.

Protocol The protocol to block as defined in the Flow rule.

Source Port The source port to block as defined in the Flow rule.

Table 370: Mitigation Parameters (cont.)





ICMP Type The ICMP type to block as defined in the Flow rule.

ICMP Code The ICMP code to block as defined in the Flow rule.

TCP Flag The TCP flag to block as defined in the Flow rule.

Packet Length The packet length to block as defined in the Flow rule.

DSCP The DSCP to block as defined in the Flow rule.

Fragment The fragment to block as defined in the Flow rule.

Redirect to VRF(This field is only available starting with version 2.4)

The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic. Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you have defined a route target. For more information, see the DefenseFlow Installation and User Guide.

Redirect to Mitigation(This field is only available starting with version 2.4)

Enables or disables redirection to the operation’s mitigation group. The next hop IP addresses are inherited from the mitigation group of the protected object that uses this rule for its various operations or manual actions.

Block(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

Enables or disables traffic blocking (drop all matching packets).

Rate Limit(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

The rate limit in MB/s or GB/s.Values:• Example for MB/s: 103M• Example for GB/s: 1G

Set DSCP(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

Defines how to update the DSCP header of the matching packets.Values: 0–63

Table 371: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)





— To confirm ending a protection, for the Action, select Confirm End. Do this if after you have started an action with Confirm Start by clicking Submit and the exit criteria for the action has been met (usually after an attack has ended). A confirmation message displays. Click OK to confirm.

4. Click Submit.

Mitigation DevicesThis feature is only available starting with version 2.2.The Mitigation Devices pane lets you monitor the status of mitigation devices.

To monitor mitigation devices

1. In the Monitoring perspective, select Operation > Mitigation Devices.2. Highlight the mitigation device or search for the mitigation device by typing a string in one of the

mitigation device search fields and clicking the (Search) button:

Action(This parameter is only available in version 2.3. Starting with version 2.4, the options are now separate parameters.)

The FlowSpec action to perform.Available actions:• Block—Drop all matching packets.• Rate Limit—Drop all matching packets above this rate (see the Rate

parameter in this table).• Set DSCP—Update the DSCP header of the matching packets.

Rate(This parameter is only available in version 2.3.)

This field displays when you select the Action as Rate Limit. Set the rate limit to block in bytes per second.

Table 372: Mitigation Devices View/Search Parameters

Parameter DescriptionName The name of the mitigation device.

Starting with version 2.7, to view and/or edit a mitigation device, select the link in the Name column, and the Edit Mitigation Device pane for that mitigation device displays. For more information on mitigation devices, see the DefenseFlow Installation and User Guide.

Note: Any modification you make is deployed immediately on the mitigation device.

Instance(This parameter is only available starting with version 2.9)

For DefensePro version 7.x mitigation devices, the DefensePro internal hardware instance that handles BDoS attacks in the DME when there are more than 32 such attacks. Values: 0, 1







Protected ObjectsThe Protected Objects pane lets you monitor protected objects and manually activate them.

To monitor protected objects

1. In the Monitoring perspective, select Operation > Protected Objects.2. Highlight the protected object or search for the protected object by typing a string in one of the

protected object search fields and clicking the (Search) button:

Operational Status

The operational status of the mitigation device.

CPU Utilization CPU utilization of the mitigation device.

BW Utilization (Gbps)

Bandwidth utilization of the mitigation device.

Policies Utilization

The policies table utilization of the mitigation device.

Filter List Utilization(This parameter is only available starting with version 2.8.1)

The filter list utilization of the mitigation device.

Managed(This parameter is only available starting with version 2.4.1)

Whether the mitigation device is managed.Values: true, false

Update Time Last monitored update time.

Last Error(This parameter is only available starting with version 2.4.1)

The last device access error that was issued.

Examples A Authentication error

B Unable to connect to the mitigation device

Table 372: Mitigation Devices View/Search Parameters (cont.)





Table 373: Protected Object View/Search Parameters

Parameter DescriptionName The name of the protected object.

Starting with version 2.7, to view and/or edit a protected object, select the link in the Name column, and the Edit Protected Object pane for that protected object displays. For more information on protected objects, see the DefenseFlow Installation and User Guide.


Detection Status

The detection status of the protected object.Values:• Learning—DefenseFlow learns protected object baselines.• Normal—No attack is currently detected for the protected object.• Attacked—The protected object is under attack.

Action Status The action status of the protected object.Values:• Active—The configured actions are active. This means that the action

specified for the protected object is now enabled. The action can be enabled automatically or manually.

• Not Active—The configured actions are currently not active.

Mitigation Device/ Mitigation Group(This parameter is only available in version 2.1)

The list of mitigation devices that are currently performing mitigation for the protected object.

Action Mode(This parameter is only available in versions earlier than 2.7. Starting with version 2.7, it is now configured as one of the Workflow Rules parameters.)

The action mode configured for the protected object.Values:• Automatic—Configured actions are automatically activated upon detection of

an attack.• Manual—Configured actions can only be activated manually.• User confirmation—The user is prompted to confirm activation of the

configured actions upon attack.

Pending Action The pending action waiting for confirmation for a protected object that is in User Confirmation mode.Values:• Activate —An attack was detected for the protected object. The user can

confirm activation of the configured actions.• Deactivate—The attack was terminated. The user can confirm deactivation of

the active actions.





To activate a protected object

1. In the Monitoring perspective, select Operation > Protected Objects.

2. Starting with version 2.2, click the (Edit) button.


— To activate the configured action on a protected object (Manual mode), for the Action select Activate.Performing this action on a protected object that is not in Manual mode changes the protected object’s configuration to Manual.Do one of the following:• In version 2.9 and later, do the following:

a. Select one of the following:• Activate Entire Networks, to protect the entire protected object.• Activate Specific IP, to protect a specific IP address or set of addresses within

the protected object. In the Protected IP(s) text field, specify the specific IP address attack targets. They must be within the network classification of the protected object. Maximum number of protected IP addresses: 64

b. If you want to configure an individual operation, select Advanced and edit the Advanced parameters as described in step 4.

Configured Action(This parameter is only available for versions earlier than 2.3)

The configured action for the protected object.

Protected Destination(This parameter is only available in version 2.2)

A list of currently activated destinations for the protected object.


Workflow associated with the protected object.Starting with version 2.7, to view and/or edit a workflow associated with a protected object, select the link in the Workflow column, and the Edit Workflow pane for that workflow displays. For more information on workflows, see the DefenseFlow Installation and User Guide.

Criteria(This parameter is only available in version 2.7)

The configured criteria for the protected object.

Table 373: Protected Object View/Search Parameters (cont.)





• In versions 2.2 through 2.8.1, do the following:a. Configure the activation parameters:

• Attack Destination— Select Activate Entire Networks (in versions earlier than 2.3, Activate Entire POs) to protect the entire protected object, or select Activate Specific IP to protect a specific IP address or set of addresses within the protected object.

• Protected IP—The specific IP address attack target to be protected (this displays only if you selected Activate Specific IP). This must be within the network classification of the protected object.

• Operation—The operation to use for diversion and mitigation groups preferences. Starting with version 2.3, select from the list of configured operations. The fields related to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth and Ignore mitigation devices capacity units parameters are available.

b. Configure the Mitigation or FlowSpec parameters, as required (see Table 374 - Advanced (in versions earlier than 2.9, Mitigation) Parameters, page 486 and Table 375 - FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters, page 489, respectively).

— To deactivate a protected object (in version 2.1, for a protected object that is in Manual mode), for the Action, select Deactivate.In version 2.1, performing this action on a protected object that is not in Manual mode changes the protected object’s configuration to Manual.Starting with version 2.2, delete all the entries that should be deactivated from the list of activated destinations.

— In version 2.1, to confirm the pending action for a protected object in User Confirmation mode that has a Pending Action, click Confirm.

— In versions 2.2 through 2.8.1, to cancel all active protections and move the protected object to Manual mode in one operation, for the Action, select Cancel all protection and move to manual protection.

4. Configure the activation parameters, as required:

— Starting with version 2.9, the activation parameters display only if you have selected Advanced (see step 3).

— In versions earlier than 2.9, if you selected the Activate Action, activation parameters display.

Table 374: Advanced (in versions earlier than 2.9, Mitigation) Parameters

Parameter DescriptionOperation(In versions earlier than 2.9, this parameter is required and displays with the Action and the Attack Destination options.)

The operation to use for diversion and mitigation groups preferences. Starting with version 2.3, select from the list of configured operations. The fields related to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth and Ignore mitigation devices capacity units parameters are available.




Attack Source IP

This displays only if you selected a Mitigation operation. This is the specific IP address attack target to be protected. This must be within the network classification of the protected object.The operation to use for diversion and mitigation groups preferences. Starting with version 2.3, select from the list of configured operations. The fields related to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth and Ignore mitigation devices capacity units parameters are available.

Attack Bandwidth

In versions earlier than 2.3, the peak attack level to use as a basis for configuring the DefensePro device if the information is missing from the detection signals. Starting with version 2.3, specify the attack bandwidth (bits per second) (this displays only if you selected a Mitigation operation). You can also specify units (for example, 100M). This is used for verifying that the mitigation devices can handle the related attack bandwidth. This is also used to set the DefensePro policy bandwidth if there is not any BDoS bandwidth ready yet.

Use busy mitigation devices(In versions earlier than 2.3, Ignore mitigation devices capacity units)

This displays only if you selected a Mitigation operation. If selected, DefenseFlow uses the selected DefensePro devices regardless of their monitored capacity.

BGP Communities

Operation BGP Community(In versions earlier than 2.4, BGP Community.)

The BGP community values to be sent to the diversion groups that should receive them per the operation. Multiple communities can be configured separated by a space. In addition, well-known communities can be also defined, including: NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER

Use Protected Object Community(In versions earlier than 2.4, Use Community, and displays above the BGP Community parameter.)

Whether to add the protected object’s defined community in the announcement to the blocking group.When you select this parameter, the Protected Object Community parameter displays.

Table 374: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)





— If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic Blocking) operation, the FlowSpec parameters display (for more information on defining FlowSpec operations, and starting with version 2.4, for mitigation with BGP FlowSpec rules, see the DefenseFlow Installation and User Guide):

Protected Object BGP Community(This parameter is only available starting with version 2.4)(This parameter displays only when the Use Protected Object Community parameter is selected.)

The protected object’s BGP community values to be sent to the diversion groups that should receive them per the operation. Multiple communities can be configured separated by a space. In addition, well-known communities can be also defined, including: NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER

Advanced (In version 2.9, this section is no longer referred to as Advanced.)Starting with version 2.7, the following parameters let you advertise BGP announcements following a predefined operation prefix size. This is useful for an advertisement over the WAN or any other network where the router restricts the advertisement for certain classes.For example, if DefenseFlow receives an attack alert for IP address 204.1.1.3/32 and the network allows only an advertisement of /24 or lower, you can set the DefenseFlow prefix size to 24.

Minimum IPv4 Advertised Subnet

Minimum IPv4 advertised BGP announcement subnet.Default: 32

Minimum IPv6 Advertised Subnet

Minimum IPv6 advertised BGP announcement subnet.Default: 128





Mitigation Route Name(This field is only available starting with version 2.10)

The route name for this mitigation. Select one of the routes that you defined for mitigation devices. For more information on configuring routes, see the DefenseFlow Installation and User Guide.

Table 374: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)





Table 375: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters

Parameter DescriptionFlow Rules(Starting in version 2.4, the FlowSpec rules display only if you have selected a BGP FlowSpec operation to activate the protected object).

Destination Prefix

The destination prefix to block as defined in the Flow rule.Values:• Attacked IP—The actual destination IP addresses are inherited from the

protected object’s networks or IP addresses under attack or manually activated.

• Entire Networks—The actual destination IP addresses are inherited from the protected object that uses this rule for its various operations or manual actions.

• Specific prefix—The Prefix to Block field displays, letting you define a set of IP prefixes for the destination prefix.

Default: Attacked IP

Prefix to Block(This field is only available starting with version 2.4)(This field displays only if you have selected Specific prefix as the Destination Prefix.)

Defines one or more IP destination prefixes, each IP prefix separated by a space.Values: IP addressMaximum number of networks: 100

Source Prefix The source prefix to block as defined in the Flow rule.

Port The port to block as defined in the Flow rule.

Destination Port The destination port to block as defined in the Flow rule.

Protocol The protocol to block as defined in the Flow rule.

Source Port The source port to block as defined in the Flow rule.

ICMP Type The ICMP type to block as defined in the Flow rule.

ICMP Code The ICMP code to block as defined in the Flow rule.

TCP Flag The TCP flag to block as defined in the Flow rule.

Packet Length The packet length to block as defined in the Flow rule.

DSCP The DSCP to block as defined in the Flow rule.

Fragment The fragment to block as defined in the Flow rule.

Redirect to VRF(This parameter is only available starting with version 2.4)

The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic. Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you have defined a route target. For more information, see the DefenseFlow Installation and User Guide.




Redirect to Mitigation(This parameter is only available starting with version 2.4)

Enables or disables redirection to the operation’s mitigation group. The next hop IP addresses are inherited from the mitigation group of the protected object that uses this rule for its various operations or manual actions.

Block(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

Enables or disables traffic blocking (drop all matching packets).

Rate Limit(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

The rate limit in MB/s or GB/s.Values:• Example for MB/s: 103M• Example for GB/s: 1G

Set DSCP(This parameter is only available starting with version 2.4. In version 2.3, this was an Action option.)

Defines how to update the DSCP header of the matching packets.

Action(This parameter is only available in version 2.3. Starting with version 2.4, the options are now separate parameters.)

The FlowSpec action to perform.Available actions:• Block—Drop all matching packets.• Rate Limit—Drop all matching packets above this rate (see the Rate

parameter in this table).• Set DSCP—Update the DSCP header of the matching packets.

Rate(This parameter is only available in version 2.3.)

This field displays when you select the Action as Rate Limit. Set the rate limit to block in bytes per second.






5. In version 2.1, a confirmation message displays; click Yes to perform the action. In version 2.2, click Submit.

Ongoing ProtectionsThis feature is only available starting with version 2.2.The Ongoing Protections pane lets you monitor the status of currently active protections.

To monitor ongoing protections

1. In the Monitoring perspective, select Operation > Ongoing Protections.2. Select the ongoing protection to edit and by typing a string in one of the ongoing protection

search fields and clicking the (Search) button.

Use busy mitigation devices(In versions earlier than 2.3, Ignore mitigation devices capacity units.)

If checked, DefenseFlow uses the selected DefensePro devices regardless of their monitored capacity.

Table 376: Ongoing Protections View/Search Parameters

Parameter DescriptionNote: In version 2.8.1, the placement of many of the parameters was shifted. This table reflects the order of the parameters in version 2.8.1.

ID(This parameter is only available in version 2.8.1)

The ID of the protected object.

Protected Object(In versions earlier than 2.4.1, this parameter is named Name. From version 2.4.1 through version 2.7, this parameter is named PO Name.)

The name of the protected object.Starting with version 2.7, to view and/or edit a protected object associated with an ongoing protection, select the link in the Name column, and the Edit Protected Object pane for that protected object displays. For more information on protected objects, see the DefenseFlow Installation and User Guide.







IP Address(This parameter does not display in version 2.8.1)In versions earlier than 2.7, PO Name and IP Address are in the same column, In versions earlier than 2.3, the IP Address parameter displays after the Origin parameter.)

The Destination IP address that was activated.

Networks(This parameter is only available starting with version 2.8.1. In version 2.8.1, it was named Network.)

The destination networks that were activated.

Operation(In versions earlier than 2.3, this is named the Strategy parameter)

The operation used for the protection.Starting with version 2.7, to view and/or edit an operation associated with an ongoing protection, select the link in the Operation column, and the Edit Operation pane for that operation displays. For more information on operations, see the DefenseFlow Installation and User Guide.


Policy Name(This parameter is only available starting with version 2.4.1)

The policy name for this protection activation.

Table 376: Ongoing Protections View/Search Parameters (cont.)





Activated Black List(This parameter is only available from version 2.7 through 2.8.1. In version 2.7 it is named Black List.)

Black list associated with the protection activation.

Activated White List(This parameter is only available from version 2.7 through 2.8.1. In version 2.7 it is named White List.)

White list associated with the protection activation.

Origin Origin of the detection for this protection activation.


The configured workflow for the protection activation.

Criteria(This parameter is only available starting with version 2.7)

The configured criteria for the protection activation.

Mitigation Devices, Instance(In versions earlier than 2.6 and starting with version 2.4.1, this is named the Mitigation Device parameter. In versions earlier than 2.4.1, this is named the Mitigation Device/Mitigation Group parameter)

The list of mitigation devices that are currently performing mitigation for this protection, and (starting with version 2.9) the DefensePro 7.x instance.






Mitigation Status(This parameter is only available starting with version 2.4.1)

The mitigation status for this protection.A BGP announcement is not sent if the mitigation status is not SUCCESS.Values: RUNNING, SUCCESS, FAILED

Signature Source IP Addresses(This parameter is only available starting with version 2.8.1)

The protected object’s signature source IP addresses.

Network Elements(In versions 2.3 and 2.4, this is named the Diversion Blocking/Network Elements parameter. In versions earlier than 2.3, this is named the Diversion Group parameter)

The network elements for the protection.In versions 2.3 and 2.4, the diversion and blocking network elements for the protection. In versions earlier than 2.3, the diversion group for this protection.

Attack ID Attack ID as received from the detection origin.

Start Time The time that the protection has started.

Configured Type(This parameter does not display in version 2.8.1)(In versions earlier than 2.3, this is named the Configured Action parameter)

The configured operation type (in versions earlier than 2.3, the action) for the protected object.

External Attack URI(This parameter is only available starting with version 2.7)

Link to the third-party detector management system that handles the external attack associated with the ongoing protection.







To edit ongoing protections

This feature is only available starting with version 2.8.1.

1. In the Monitoring perspective, select Operation > Ongoing Protections.

2. Select the ongoing protection to edit and click the (Edit) button.

External PO URI(This parameter is only available starting with version 2.7)

Link to the third-party detector management system that handles the external protected object associated with the ongoing protection.

Table 377: Ongoing Protections Edit Parameters

Parameter DescriptionID (read-only) The ID of the protected object.

Protected Object

(read-only) The name of the protected object.

Operation (read-only) The operation used for the protection.

Networks Tab(This tab is only available starting with version 2.9)

The networks to be activated in the mitigation group (scrubbing center DefensePro devices):• Protected Networks Policy—The networks that are diverted to the scrubbing

center (mitigation group).You can resize the text box as required by dragging the icon at the bottom right-hand corner of the scroll bar.

• Diverted Networks (read-only)—The diversion networks for this ongoing protection.

• Clean Traffic Injection Networks (read-only)—The injection networks from the scrubbing center going to the protected object.

Policy Tab The policy text for this protection activation.You can resize the text box as required by dragging the icon at the bottom right-hand corner of the scroll bar.

Filters Tab Filter lists associated with this ongoing protection:• Blacklist—Select a black list to associate with the protection activation.• Whitelist—Select a white list to associate with the protection activation.






To terminate an ongoing protection

1. In the Monitoring perspective, select Operation > Ongoing Protections.

2. To terminate an ongoing protection, click the (Edit) button.

The following parameters display:— Operation (starting with version 2.7; read-only)—The operation used by the ongoing

protection.— Workflow (starting with version 2.7; read-only)—Workflow associated with the ongoing

protection.3. At the prompt Do you want to terminate the activation?, click Yes to terminate the ongoing

protection, or No not to terminate the ongoing protection.

4. Click Submit.

BGPThis feature is only available starting with version 2.2.The BGP pane lets you monitor the status of BGP peers and announcements, including:• Peers, page 496• Announcements, page 498• FlowSpecs, page 499

PeersThe Peers pane lets you monitor the status of BGP peers.

To monitor the status of BGP peers

1. In the Monitoring perspective, select Operation > BGP > Peers.2. Highlight the BGP peer or search for the BGP peer by typing a string in one of the BGP peer

search fields and clicking the (Search) button:

Advanced Filters Tab

Black list and white list IP addresses associated with this ongoing protection:• Blacklist Addresses—Add, delete, modify individual IP addresses in the

associated black list.• Auto-generated Blacklist Addresses—These addresses are automatically

generated upon detection of an attacker’s source address.• Whitelist Addresses—Add, delete, modify individual IP addresses in the

associated white list.You can resize the text boxes as required by dragging the icon at the bottom right-hand corner of the text box scroll bar.Maximum number of characters: 50,000,000

Table 377: Ongoing Protections Edit Parameters (cont.)






Table 378: BGP Peers View/Search Parameters

Parameter DescriptionPeer Name The name of the network element.

Starting with version 2.7, to view and/or edit a BGP peer, select the link in the Peer Name column, and the Edit Network Element pane for that peer displays. For more information on network elements, see the DefenseFlow Installation and User Guide.

IP Address The IP address of the BGP peer.

Peering State Peering state of the BGP peer.Values:• ACTIVE (in versions earlier than 2.9, Down)—The router did not receive

agreement for peer establishment.• ESTABLISHED (in versions earlier than 2.9, Up)—Peering is established and

routing begins.

Last Connectivity Time

The last connectivity time of the BGP peer.

Local Router ID(In versions earlier than 2.6, this is named the ID parameter)

The DefenseFlow BGP peer ID.The local peer ID in an HA installation is the IPv4 address of the HA Node control interface.

Local IP Address(This parameter is only available starting with version 2.5 and was named Local Node IP)

The local IP address of the DefenseFlow device used to communicate with the BGP peer. This is the control interface IP address.In a High Availability (HA) installation, you can use this to distinguish between the connections opened by the Active and the Standby HA nodes. As a result, in such an installation there are two node entries per single network element. For more information, see the DefenseFlow Installation and User Guide.The local IP address in an HA installation is the IPv4 address of the HA Node control interface.

Local AS The local Autonomous System number.

Peer AS The peer Autonomous System number.

Announcements Number of BGP active announcements.

Withdrawals Number of withdrawals.

BGP FlowSpec State(This parameter is only available starting with version 2.3)

The Flow Specification state of the BGP peer.




AnnouncementsThe Announcements pane lets you monitor the status of currently active BGP announcements.

Note: In a High Availability (HA) installation, per announcement, there are two entries representing the two HA nodes.

To monitor the status of BGP announcements

1. In the Monitoring perspective, select Operation > BGP > Announcements.2. Highlight the BGP announcement or search for the BGP announcement by typing a string in one

of the BGP announcement search fields and clicking the (Search) button:

Table 379: BGP Announcements View/Search Parameters

Parameter DescriptionProtected Object

The name of the protected object for which that the announcement was sent.Starting with version 2.7, to view and/or edit a protected object associated with a BGP announcement, select the link in the Name column, and the Edit Protected Object pane for that protected object displays. For more information on protected objects, see the DefenseFlow Installation and User Guide.


Operation(This parameter is only available starting with version 2.6)

The operation of the protected object for which that the announcement was sent.Starting with version 2.7, to view and/or edit an operation associated with a BGP announcement, select the link in the Operation column, and the Edit Operation pane for that operation displays. For more information on operations, see the DefenseFlow Installation and User Guide.


Local IP Address(This parameter is only available starting with version 2.6)

The local IP address of the protected object for which that the announcement was sent.





FlowSpecsThis feature is only available starting with version 2.3.The FlowSpecs pane lets you monitor the status of currently advertised FlowSpec rules.Starting with version 2.6, you can edit the advertised FlowSpec rules “on-the-fly” in real-time. When you edit a rule on-the-fly, DefenseFlow withdraws the ongoing rule and advertises the new modified rule. This on-the-fly modification is one-time and does not affect the regular configuration of the ongoing rule.

To monitor the status of FlowSpec rules and (starting with version 2.6) edit them

1. In the Monitoring perspective, select Operation > BGP > FlowSpecs.2. Highlight the FlowSpec announcement or search for the FlowSpec announcement by typing a

string in one of the FlowSpec announcement search fields and clicking the (Search) button:

3. To edit the FlowSpec rule, click the (Edit) button, and click Submit:

Peer Name The name of network element to which the announcement was sent.Starting with version 2.7, to view and/or edit a BGP peer associated with a BGP announcement, select the link in the Peer Name column, and the Edit Network Element pane for that network element displays. For more information on network elements, see the DefenseFlow Installation and User Guide.

Peer IP Address The IP address of the DefenseFlow BGP peer.

Network The destination network of the BGP announcement.

Next Hop The next hop address used for the BGP announcement.

Type(This parameter is only available in versions earlier than 2.6)

The type of announcement.

Communities(In versions earlier than 2.3, this is named the Community parameter)

The BGP communities in the announcement.

Status The status of the announcement.

Time The time the announcement was sent.

Table 379: BGP Announcements View/Search Parameters (cont.)





Table 380: FlowSpec View/Search and Edit Parameters

Parameter DescriptionID(This parameter is only available starting with version 2.6)

(Starting with version 2.6, in the Edit pane, read-only) The ID to block as defined in the FlowSpec rule.

Protected Object(This parameter is only available starting with version 2.6)

(Starting with version 2.6, in the Edit pane, read-only) The protected object to block as defined in the FlowSpec rule.Starting with version 2.7, to view and/or edit a protected object associated with a FlowSpec rule, select the link in the Name column, and the Edit Protected Object pane for that protected object displays. For more information on protected objects, see the DefenseFlow Installation and User Guide.


Operation(This parameter is only available starting with version 2.6)

(Starting with version 2.6, in the Edit pane, read-only) The operation to block as defined in the FlowSpec rule.Starting with version 2.7, to view and/or edit an operation associated with a FlowSpec rule, select the link in the Operation column, and the Edit Operation pane for that operation displays. For more information on operations, see the DefenseFlow Installation and User Guide.


Activated Rule Name(This parameter is only available starting with version 2.6)

The activated rule name to block as defined in the FlowSpec rule.Starting with version 2.7, to view and/or edit a FlowSpec rule, select the link in the Activated Rule Name column, and the Edit GP FlowSpec pane for that rule displays. For more information on BGP FlowSpec rules, see the DefenseFlow Installation and User Guide.





Peer IP Address(Starting with version 2.6, this parameter is not available in the in the Edit pane)

The IP address to block as defined in the FlowSpec rule.

Community(This parameter is only available starting with version 2.4)

(Starting with version 2.6, in the Edit pane, read-only) The community to block as defined in the FlowSpec rule.

Destination (Starting with version 2.6, in the Edit pane, read-only) The destination prefix to block as defined in the FlowSpec rule.

Source The source prefix to block as defined in the FlowSpec rule.

Port The port to block as defined in the FlowSpec rule.

Destination Port The destination port to block as defined in the FlowSpec rule.

Source Port The source port to block as defined in the FlowSpec rule.

Protocol The protocol to block as defined in the FlowSpec rule.

ICMP Type The ICMP type to block as defined in the FlowSpec rule.

ICMP Code The ICMP code to block as defined in the FlowSpec rule.

TCP Flag The TCP flag to block as defined in the FlowSpec rule.

Packet Length The packet length to block as defined in the FlowSpec rule.

DSCP The DSCP to block as defined in the FlowSpec rule.

Fragment The fragment to block as defined in the FlowSpec rule.

Route Tag Name(This parameter is only available starting with version 2.4. In versions 2.6 and 2.7, it is named VPN Name. Before version 2.6, it is named Redirect VPN.)

The name of the route tag (VPN prior to version 2.8.1) to which to redirect as defined in the FlowSpec rule.

Table 380: FlowSpec View/Search and Edit Parameters (cont.)





Route Tag Route(This parameter is only available starting with version 2.6. In versions 2.6 and 2.7, it is named VPN Route.))(Starting with version 2.6, this parameter is not available in the in the Edit pane)

The route tag route (VPN prior to version 2.8.1) to which to redirect as defined in the FlowSpec rule.

Redirect Mitigation Enabled(This parameter is only available starting with version 2.4. Before version 2.6, it is named Redirect Mitigation.)

The mitigation redirection status (enabled or disabled) for the FlowSpec rule.

Redirect Mitigation NextHop(This parameter is only available starting with version 2.6)(Starting with version 2.6, this parameter is not available in the in the Edit pane)

The device to which to redirect for mitigation as defined in the FlowSpec rule.

Block(This parameter is only available starting with version 2.4)

The blocking status (enabled or disabled) for the FlowSpec rule.

Action(This parameter is only available in versions earlier than 2.3)

The FlowSpec action to perform as defined in the Flow rule.






SystemThe System pane lets you view system information and utilization statistics, including:• General Information, page 503• System Utilization, page 504• Background Processes, page 504• High Availability, page 504

General InformationThe General Information pane lets you view DefenseFlow general system information.

To view DefenseFlow general information

> In the Monitoring perspective, select System > General Information.

Rate Limit (bytes per second)(In versions earlier than 2.9, it is named Rate Limit)

The rate limit to block as defined in the Flow rule.

Set DSCP(This parameter is only available starting with version 2.4)

The update setting for DSCP header in the FlowSpec rule.

Table 381: General Information Parameters

Parameter DescriptionUptime Time since the last reboot of the system in the format hh:mm:ss (hours:

minutes, seconds).

Software Version

Currently installed DefenseFlow software version.

Build Currently installed DefenseFlow software build.






System UtilizationThe System Utilization pane lets you view the current DefenseFlow utilization statistics and set alert levels.

To view DefenseFlow general information and set alert levels

> In the Monitoring perspective, select System > System Utilization.

Background ProcessesThe Background Process pane lets you view the status of background processes running in DefenseFlow to determine if an unsynchronized task is completed or still running.

To view the status DefenseFlow background processes

1. In the Monitoring perspective, select System > Background Processes.2. Highlight the background process or search for the background process by typing a string in one

of the background process search fields and clicking the (Search) button:


High AvailabilityThis feature is only available starting with version 2.5.The High Availability pane lets you monitor the status of High Availability nodes.

Table 382: System Utilization Parameters

Parameter DescriptionCPU Utilization Percent of CPU currently being utilized.

Alert Level Set the CPU utilization percentage when an alert is issued.

Memory Utilization

Memory Utilization

Memory percentage currently being utilized.

Free Amount of free memory in kilobytes.

Total Total memory in kilobytes

Alert Level Set the memory utilization percentage when an alert is issued.

Table 383: Background Processes Parameters

Parameter DescriptionDescription Description of the background process.

Status Status of the background process.

Update Time Date and time of the status update for the background process.

Error Message Error message related to the status update.




APSolute Vision supports high availability for a DefenseFlow-instance pair that is associated with the APSolute Vision server, by allowing a seamless automatic failover from the active DefenseFlow instance to the stand-by instance.All APSolute Vision DefenseFlow functionality relates to the active instance only.Upon a DefenseFlow failover, APSolute Vision will maintain all data of the failed DefenseFlow instance to avoid any data loss or discrepancies due to the failover.The signaling between the DefenseFlow instances and APSolute Vision is done through the defenseflow system user, by default.

Notes

• The default password of the defenseflow system user is defenseflow. For more information, see Role-Based Access Control (RBAC), page 68.

• For communication between a DefenseFlow instance version 2.5 or later and APSolute Vision, the user and password must match on both sides.

To monitor the status of High Availability nodes

1. In the Monitoring perspective, select System > High Availability.2. Highlight the High Availability node or search for the High Availability node by typing a string in

one of the High Availability search fields and clicking the (Search) button:


Table 384: High Availability View/Search Parameters

Parameter DescriptionDefenseFlow Node IP Address

The IP address of the node.

Node Role The role of the node.Values: ACTIVE, STANDBY, STANDALONE

Operational Status

The operational status.Values: up, down

Automatic Failover

The automatic failover state.Values: ENABLED, DISABLED


CHAPTER 22 – USING REAL-TIME SECURITY MONITORING

Use the Security Monitoring perspective to view and analyze real-time security information of managed devices, which include the following platform types:• Alteon with embedded AppWall module• AppWall standalone• DefenseFlow mitigation devices• DefensePro

The following main topics describe security monitoring in APSolute Vision:• Using Real-Time Security Monitoring with AppWall and Alteon, page 508• Using Real-Time Security Monitoring with DefensePro and DefenseFlow, page 520

Notes

• The contents of the Security Monitoring perspective are customized for the specific monitored device. The reporting information for DefensePro and DefenseFlow mitigation devices is different from the reporting information for AppWall and Alteon devices.

• When selecting multiple devices, the Security Monitoring perspective display reports that are relevant across devices, with the same reporting information. When selecting multiple devices including DefensePro and other device types (AppWall or Alteon), the Security Monitoring perspective shows reports only for the DefensePro devices.

• You can use APSolute Vision Analytics to view and analyze real-time and historical security information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics capabilities. Full functionality of APSolute Vision Analytics requires a license. For more information, see the online help or the APSolute Vision Analytics User Guide.

• You can use APSolute Vision Reporter (AVR) to view and analyze historical security information. For information on the products and versions that APSolute Vision Reporter supports, see the APSolute Vision Release Notes. For information about APSolute Vision Reporter and how to use it, see its online help and the APSolute Vision Reporter User Guide.

• Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event records from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The event exporter lets you integrate with a Security Information Event Management (SIEM) system, which you may be using as your main analytics-and-reporting system. For more information, see System Exporter Commands (Event Exporter), page 632.


Using Real-Time Security Monitoring


Using Real-Time Security Monitoring with AppWall and AlteonWhen an attack is detected, Alteon creates and reports a security event that includes the information relevant to the specific attack. The Security Monitoring perspective displays information relevant to the specific attack along with real-time network traffic and statistical parameters. Use the Security Monitoring perspective to observe and analyze the attacks that the device detected and the countermeasures that the device implemented.This section describes using real-time security monitoring with AppWall and Alteon.• Monitoring Security Events, page 508• Monitoring Attack Distribution, page 512• Monitoring Outbound SSL Inspection, page 513

Monitoring Security EventsUse the Dashboard View in the Security Monitoring perspective to analyze security events in the network, identify security trends, and analyze risks.You can view information for individual devices, all devices in a site, or all devices in the network. The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of the system.

To view the security event list

1. In the Security Monitoring perspective, select Dashboard View > Security Events.2. Click on a line to expand the security event to show all the parameter values for the selected

event.

3. If you want to set which parameters are shown in the Security Events table (eight parameters are show as default, as listed it the Security Events Parameters (Default) table below), click the

Columns icon, , and select or clear any parameter to be shown or removed from the Security Events table. (All the non-default Security Events parameters are listed in the Create Filter: Basic or Advanced Parameters table below.)

4. If you want to define a filter to display the security events in the table according to selected

parameter values, click the Create Filter icon, , and enter the required parameters (listed in the Create Filter: Basic or Advanced Parameters table below), and click Submit.

5. Click the Enable Auto-Refresh icon, , to enable auto-refresh of the Security Events table.

Table 385: Security Events Parameters (Default)

Parameter DescriptionSeverity The severity of the security event.

Values: • Critical• High• Low• Info• Warning




Time The date and time that the security event occurred.

Source IP The source IP address of the security event.

Source Port The source port number of the security event.

Action The action taken regarding the security event.Values: • Blocked• Modified• Reported

Device IP The device IP address of the security event.

Server Name The server name of the security event.

Transaction ID The transaction ID number of the security event.

Table 386: Security Events: Create Filter: Display Period Parameters

Parameter DescriptionDisplay Last Select Display Last to filter the Security Event table to only list

the events that occurred during the last specified amount of time.Values:• 10 Minutes• 20 Minutes• 30 Minutes• 1 Hour• 2 Hours• 6 Hours• 12 Hours• 24 HoursDefault: 10 Minutes

Date and Time Range Select Date and Time Range to filter the Security Event table to only list the events that occurred during the specified date and time range.

Note: The default time is 12:00:00 on each date selected. The time can be changed manually within the field.

Table 387: Security Events: Create Filter: Basic Parameters

Parameter DescriptionTime The time that the security event occurred, in HH:mm:ss format.

Table 385: Security Events Parameters (Default) (cont.)





Severity The severity of the security event.Values (Equals or Not Equals):• Critical• High• Low• Info• Warning

Web Application The Web application of the security event.Values: Contains or Not Contains the entered value

External IP The external IP address of the security event.Values: Contains or Not Contains the entered value

Action The action taken regarding the security event.Values (Equals or Not Equals): • Blocked• Modified• Reported

Violation Type The violation type of the security event.Values: Equals or Not Equals the violation type from the drop-down list

Source IP The source IP address of the security event. Values: Contains or Not Contains the entered value

Table 388: Security Events: Create Filter: Advanced Parameters

Parameter DescriptionUser The user of the security event.

Values: Contains or Not Contains the entered value

AppWall Version The AppWall version of the security event. Values: Contains or Not Contains the entered value

Target Module The target module of the security event. Values: Contains or Not Contains the entered value

Host The host of the security event. Values: Contains or Not Contains the entered value

Tunnel The tunnel of the security event. Values: Contains or Not Contains the entered value

Tunnel Listen Port The tunnel listening port of the security event. Values: Contains or Not Contains the entered value

Table 387: Security Events: Create Filter: Basic Parameters (cont.)





Device Type The device type of the security event. Values (Equals or Not Equals): • Stand-Alone Gateway• Stand-Alone Monitor• Cluster Manager• Cluster Gateway Node• Cluster Monitor Mode

vHost The virtual host of the security event. Values: Contains or Not Contains the entered value

Source Port The source port of the security event. Values: Contains or Not Contains the entered value

Destination Port The destination port of the security event. Values: Contains or Not Contains the entered value

Protocol The protocol of the security event. Values (Equals or Not Equals): • TCP• HTTP• HTTPS

Parameter Name The parameter name of the security event. Values: Contains or Not Contains the entered value

Transaction ID The transaction ID number of the security event. Values: Contains or Not Contains the entered value

Request The request of the security event. Values: Contains or Not Contains the entered value

Role The role of the security event. Values: Contains or Not Contains the entered value

Module The module of the security event. Values: Contains or Not Contains the entered value

Event Type The event type of the security event. Values: Contains or Not Contains the entered value

Directory The directory of the security event. Values: Contains or Not Contains the entered value

Tunnel Listen IP The tunnel listening IP address of the security event. Values: Contains or Not Contains the entered value

URI The URI of the security event. Values: Contains or Not Contains the entered value

Violation Category The violation category of the security event. Values: Equals or Not Equals the violation category from the drop-down list

Table 388: Security Events: Create Filter: Advanced Parameters (cont.)





Monitoring Attack DistributionYou can monitor the attacks, listed by various distribution parameters. This section contains the following main topics:• Monitoring Top Attacks by Violation Type, page 512• Monitoring Top Attacks by Source IP Address, page 513

Monitoring Top Attacks by Violation TypeYou can monitor the top attacks, graphically presented by their violation type.

To view the top attacks by violation type

1. In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top Attacks by Violation Type.

2. In the Display Last option, you can filter the display to only show the events that occurred during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1 hour.

appPath The application path of the security event. Values: Contains or Not Contains the entered value

Destination IP The destination IP address of the security event. Values: Contains or Not Contains the entered value

Refine CRC The refine CRC of the security event. Values: Contains or Not Contains the entered value

Method The method of the security event. Values (Equals or Not Equals): • GET• POST

Parameter Type The parameter type of the security event. Values: Contains or Not Contains the entered value

Rule ID The rule ID of the security event. Values: Contains or Not Contains the entered value

Title The title of the security event. Values: Contains or Not Contains the entered value

Table 388: Security Events: Create Filter: Advanced Parameters (cont.)





Monitoring Top Attacks by Source IP AddressYou can monitor the top attacks, graphically presented by the source IP address of the attack.

To view the top attacks by source IP address

1. In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top Attacks by Source.

2. In the Display Last option, you can filter the display to only show the events that occurred during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1 hour.

Monitoring Outbound SSL InspectionYou can monitor statistics of SSL Inspection from Alteon version 32.0 and later. The SSL Inspection node in the Security Monitoring perspective Dashboard View uses the APSolute Vision Analytics infrastructure.The SSL Inspection node displays a widget-based dashboard that can show outbound SSL-inspection data information for bypassed and inspected HTTP/S traffic. Using the APSolute Vision Analytics infrastructure, you can configure e-mail reports.The SSL inspection statistics are collected on the front-end and back-end filters participating in the solution, and sent to APSolute Vision Analytics upon request (at one-minute intervals). To collect statistics for sending to APSolute Vision Analytics, the filter must first be tagged according to its purpose, application, direction, and location.For information about configuring SSL inspection in Alteon, see Viewing the APSolute Vision Analytics Identifier, page 93 and Table 370 - Filter: Logging and Reporting Parameters in Alteon Version 32.0 and Later, page 377.For information about general e-mail settings for APSolute Vision Analytics, see Managing the Email Reporting Configuration for APSolute Vision Analytics, page 125.

Caution: To view the SSL Inspection statistics in the Security Monitoring perspective, the relevant services must be enabled on the APSolute Vision server, using the CLI. By default, the services are disabled. Users with the Administrator or the Vision Administrator role can use the APSolute Vision CLI. For more information, see System VRM Commands, page 654.

To enable the services for monitoring outbound SSL Inspection

> In the APSolute Vision CLI, run the following command:

system vrm ssl-inspection state enable

To view the SSL Inspection statistics

1. In the Sites and Devices panel, select the Alteon device(s) or logical group of Alteons that you

require, and click .

2. In the Security Monitoring perspective, select Dashboard View > SSL Inspection > Dashboard.




3. By default the dashboard displays reporting information for the last hour. To change the time period for which you want to display data, click the clock icon indicated and select a new time period, or set a specific time range. Then, click Apply.

Time period options:— Last 15 minutes— Last 30 minutes— Last hour— Last day— Last week— Last month— Last 3 months

The following information is displayed:

Table 389: SSL Inspection Dashboard Parameters

Chart Name Information DisplayedTraffic Displays the bypassed and inspected traffic (in Kbps) for the

selected Alteon(s).

Bandwidth by Application Displays the distribution between the HTTP and HTTPS traffic (in Mbit units) for the selected Alteon(s).

Concurrent Established Connections

Displays the bypassed and inspected concurrent established connections for the selected Alteon(s).

Connections per Second Displays the bypassed and inspected connections per second for the selected Alteon(s).

Key Exchange Displays the used key exchange algorithm distribution over the selected time frame for client-side and server-side connections for the selected Alteon(s) for HTTPS inspected traffic.

SSL Versions Displays the used SSL version distribution over the selected time frame for client-side and server-side connections for the selected Alteon(s) for HTTPS inspected traffic.

SSL Handshakes per Second Displays the number of SSL handshakes per second calculated on both new and reused connections for client-side and server-side connections for the selected Alteon(s) for HTTPS inspected traffic.

SSL Handshakes Failures (%) Displays the percentage of SSL handshake failures for client-side and server-side connections over time for the selected Alteon(s) for HTTPS inspected traffic.




SSL Handshake Failures - Client Side

Displays the distribution of the client-side SSL handshake failures by reasons over the selected time frame by top-down order of the selected Alteon(s) for HTTPS inspected traffic.Possible reasons:• Bad or Unsupported SSL Version• No Shared Cipher• Server Certificate Verification Failure• Server Certificate Hostname Mismatch• Untrusted Server Certificate • Expired Server Certificate• Client Certificate Verification Failure• Missing Client Certificate• OCSP Revoked Certificate• OCSP Time DeviationFor more information, see Understanding and Fixing SSL Handshake Rejection Errors, page 517.

SSL Handshake Failures - Server Side

Displays the distribution of the server-side SSL handshake failures by reasons over the selected time frame by top-down order of the selected Alteon(s) for HTTPS inspected traffic.Possible reasons:• SSL Version or Cipher Mismatch• Server Certificate Verification Failure• Server Certificate Hostname Mismatch• Untrusted Server Certificate • Expired Server Certificate• Client Certificate Verification Failure• Missing Client Certificate• OCSP Revoked Certificate• OCSP Time DeviationFor more information, see Understanding and Fixing SSL Handshake Rejection Errors, page 517.

Table 389: SSL Inspection Dashboard Parameters (cont.)

Chart Name Information Displayed




Top Bypassed Categories Displays the bypassed domains/URLs sorted by URL categories.URL categorization is performed for all traffic that was bypassed by either URL filtering or content class classification.

Notes: • This chart requires a URL filtering license, and URL filtering

configuration on at least one of the filters.• Bypassed actions based on URL filtering are performed only on

the filters that are configured with a URL filtering policy.• A specific URL category may appear in both the Top Bypassed

Categories and Top Inspected Categories charts. For example:Office365 URLs can be marked for bypass based on content class configuration. These connections will be listed in the Top Bypassed Categories chart under the “Computer and Technology” category. All other domains/URLs that are not marked for bypass, but still categorized by Cyren under “Computer and Technology” will appear in the Top Inspected Categories chart.

Top Inspected Categories Displays the inspected domains/URLs sorted by URL categories.URL categorization is performed for all traffic that was inspected.

Notes: • This chart requires a URL filtering license, and URL filtering

configuration on at least one of the filters.• A specific URL category may appear in both the Top Bypassed

Categories and Top Inspected Categories charts. For example:Office365 URLs can be marked for bypass based on content class configuration. These connections will be listed in the Top Bypassed Categories chart under the “Computer and Technology” category. All other domains/URLs that are not marked for bypass, but still categorized by Cyren under “Computer and Technology” will appear in the Top Inspected Categories chart.

Dynamic Certificate Storage Displays dynamic certificate store usage over time. When multiple devices are selected, the maximum usage is displayed.Radware recommends that the table capacity does not exceed 80 percent.

CPU Utilization Displays the average SP CPU usage over time for the selected devices.

Memory Utilization Displays the average SP memory usage over time for the selected devices.

Table 389: SSL Inspection Dashboard Parameters (cont.)

Chart Name Information Displayed




Understanding and Fixing SSL Handshake Rejection ErrorsThis section describes the reasons for SSL handshake rejections and how to fix them, when possible.

Table 390: Rejected Handshake Reason Descriptions

# Alteon Error Message

Reason for Error/Flow

Solution Front-end/Back-end

1 Bad or unsupported SSL version

Client sends SSLv2 handshake.Client sends SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 handshake while it is disabled in Alteon.Alteon sends SSLv3/TLSv1.0/TLSv1.1/TLSv1.2 handshake while it is not supported by the server.Server expects TLSv1.0/TLSv1.1/TLSv1.2 handshake while it is disabled in Alteon.The client version in the Client hello message is lower than the minimal version in the client hello.

• Verify client handshake version.• Verify the front-end and back-end

enabled versions in Alteon configuration using:

/cfg/slb/ssl/sslpol/frver

/cfg/slb/ssl/sslpol/backend/ver

• Verify server supported versions.

Note: This error message may also occur when Alteon sends a handshake with a cipher not supported by the server, since the server may be obscuring the real reason.

Both

2 No shared ciphers found

Client sends handshake with unsupported cipher in Alteon.

Verify that Alteon and client have at least one shared supported cipher in front-end policy using:

• /cfg/slb/ssl/sslpol/cipher

• /info/slb/ssl/ciphpol

Front-end connection

3 Server Certificate Verification Failure

Alteon as client is missing CA in the certificate chain.

Reconfigure intermediate/CA certificates in Alteon to match with server cert using:

/cfg/slb/ssl/authpol/trustca

Back-end connection

4 Server Certificate Hostname Mismatch

Alteon receives a certificate with hostname mismatch from the server.

Verify SNI sent by client and compare to CN of server certificate.Can ignore by using:

/cfg/slb/ssl/authpol/seract/mismatch

Back-end connection




Adding FiltersFor each chart, you can perform advanced filtering over the displayed data.

5 Untrusted Server Certificate

Alteon receives an untrusted certificate from the server.

• Add signer of server certificate to configuration of back-end authorization policy in Alteon using:


• Can ignore by using:

/cfg/slb/ssl/authpol/seract/untrust

Back-end connection

6 Expired Server Certificate

Alteon receives an expired certificate from the server.

• Renew server certificate.• Can ignore by using:

/cfg/slb/ssl/authpol/seract/expired

Back-end connection

7 Client Certificate Verification Failure

Alteon as server dynamically signs a certificate with a configured root CA which does not exist in the client.Alteon requests the client to send a certificate signed by a CA which is not supported by the client.

• Either—Update Radware as a CA on the client,

• Or—Configure on Alteon a trustCA known to the client by using


• Or—Disable the front-end authorization policy in Alteon by using:

/cfg/slb/ssl/authpol/


8 Missing Client Certificate

The client authorization policy is configured on Alteon, but no certificate is returned by the client.

• Either—Install a certificate on the client, • Or—Disable the front-end authorization

policy in Alteon by using:

/cfg/slb/ssl/authpol/


9 OCSP Revoked Certificate

OCSP failure due to revoked or unsupported algorithm.

• Use another server.• Can ignore by disabling OCSP using

/cfg/slb/ssl/authpol/validity/method none

Back-end connection

10 OCSP Time Deviation

Alteon sends OCSP a certificate with a future date.Alteon sends OCSP a certificate with an old date.

• Verify that the date and time are updated on Alteon and the server.

• Consider using NTP.

Back-end connection

Table 390: Rejected Handshake Reason Descriptions (cont.)

# Alteon Error Message

Reason for Error/Flow

Solution Front-end/Back-end




Configuring ReportsThis section describes how to configure the SSL Inspection monitoring module to send e-mail reports for selected managed devices. Reports are included in the e-mail as PDF files.

To configure APSolute Vision Analytics e-mail reports

1. In the Security Monitoring perspective, select Dashboard View > SSL Inspection > Report Settings.

2. Click .

3. Configure the following parameters, then click Save.

Viewing ReportsYou can view or download a list of the reports sent as follows:

To view a list of e-mail reports sent

1. In the Security Monitoring perspective, select Dashboard View > SSL Inspection > Reports.2. Click the clock icon indicated to set the time period for which you want to display reporting

information.

Options:— Last 15 minutes— Last 30 minutes— Last hour

Table 391: SSL Inspection Report Settings Parameters

Parameter DescriptionReport Title Specifies a name for the report.

Sender Specifies the name or e-mail address of the sender.

Recipients Specifies the recipients of the e-mail containing the report.

Subject Specifies the subject line of the e-mail containing the report.

Message Body (Optional) Specifies the body of the e-mail containing the report.

Report Period Specifies the period covered by the report.Options:• Last 1 Day• Last 1 Week• Last 1 Month• Last 3 Months• Last 6 Months• Last 1 YearDefault: Last 3 Months

Send Every Specifies the frequency, in hours, with which APSolute Vision Analytics sends the e-mail containing the report.




— Last day— Last week— Last month— Last 3 months

3. From the list of reports, select the report you require.

An image of the report displays on the right of the screen.You can print the report or download it as a PDF file.

Using Real-Time Security Monitoring with DefensePro and DefenseFlowThis section describes using real-time security monitoring with DefensePro and DefenseFlow.When an attack is detected, the DefensePro device or DefenseFlow mitigation device creates and reports a security event, which includes the information relevant to the specific attack.The Security Monitoring perspective displays information relevant to the specific attack along with real-time network traffic and statistical parameters. Use the Security Monitoring perspective to observe and analyze the attacks that the device detected and the countermeasures that the device implemented.The following main topics describe security monitoring in APSolute Vision:• Risk Levels, page 521• Using the Dashboard Views for Real-Time Security Monitoring, page 521• Viewing Real-Time Traffic Reports, page 549• Protection Monitoring, page 560• HTTP Reports, page 568

Notes

• Your user permissions (your RBAC user definition) determine the DefensePro devices and policies, or DefenseFlow protected objects, that the Security Monitoring perspective displays to you. You can view and monitor only the attacks blocked by the DefensePro devices and policies, or DefenseFlow mitigation devices and protected objects that are available to you.

• APSolute Vision also manages and issues alerts for new security attacks.

• DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic levels.

• When calculating the real-time network traffic and statistical parameters, DefensePro or DefenseFlow version 2.1 do not include traffic that exceeded the throughput license.




• You can use APSolute Vision Analytics to view and analyze real-time and historical security information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics capabilities. Full functionality of APSolute Vision Analytics requires a license. For more information, see the online help or the APSolute Vision Analytics User Guide.

• You can use the APSolute Vision REST API to view security events from DefenseFlow mitigation devices or DefensePro devices. For more information, see the APSolute Vision REST API documentation.

• You can use the APSolute Vision CLI to export security events from DefenseFlow mitigation devices or DefensePro devices. For more information, see System Exporter Commands (Event Exporter), page 632.

Risk LevelsThe following table describes the risk levels that DefensePro supports to classify security events.

Note: For some protections, the user can specify the risk level for an event. For these protections, the descriptions in the following table are recommendations, and specifying the risk level is the user’s responsibility.

Using the Dashboard Views for Real-Time Security MonitoringThis section is relevant to both DefensePro and DefenseFlow.This section includes the following topics:• Configuring the Display Parameters of a Dashboard View, page 522• Using the Current Attacks Table, page 524• Using the Ongoing Attacks Monitor, page 530• Attack Details, page 531• Sampled Data Tab, page 547• Viewing Real-Time Traffic Reports, page 549• Viewing the Traffic Utilization Report, page 549

Use a Dashboard View in the Security Monitoring perspective to analyze activity and security events in the network, identify security trends, and analyze risks.You can view information for individual devices, all devices in a Site, all devices in a Logical Group, or all devices in the network. The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of the system.

Table 392: Risk Levels

Risk Level DescriptionInfo The risk does not pose a threat to normal service operation.

Low The risk does not pose a threat to normal service operation, but may be part of a preliminary action for malicious behavior.

Medium The risk may pose a threat to normal service operation, but is not likely to cause complete service outage, remote code execution, or unauthorized access.

High The risk is very likely to pose a threat to normal service availability, and may cause complete service outage, remote code execution, or unauthorized access.




The Dashboard View node comprises the following tabs, which display the same summary information:• Current Attacks Table—which is a table display (see Figure 59 - Current Attacks Table—

DefensePro, page 525).• Ongoing Attacks Monitor—which includes a graphical, chart display (see Figure 60 - Ongoing

Attacks Monitor, page 530).

The Scope and other display parameters that you configure apply to the Current Attacks Table and to the Ongoing Attacks Monitor. For more information, see Configuring the Display Parameters of a Dashboard View, page 522.When you double-click an attack in the Current Attacks Table or Ongoing Attacks Monitor, APSolute Vision displays the details in an Attack Details tab. There, you can display the Sampled Data dialog box for the all attack types that support sampled data.By default, the display of the Dashboard View refreshes every 15 seconds. Administrators can configure the refresh rate (APSolute Vision Settings view System perspective, General Settings > Monitoring > Polling Interval for Reports).

Configuring the Display Parameters of a Dashboard ViewThe following table describes the display parameters of the Dashboard View in the Security Monitoring perspective. The Scope and Display Last parameters that you configure in the Current Attacks Table applies to the Ongoing Attacks Monitor and vice versa.

Table 393: Security Monitor Dashboard View—Display Parameters

Parameter DescriptionScope The Scope depends on whether you are monitoring using DefensePro or

DefenseFlow. Using DefensePro, this parameter defines the physical ports and the Network Protection policies that the dashboard displays. Using DefenseFlow, this parameter defines the Protected Object, ports, and policies that the dashboard displays.Using DefensePro, by default, the Scope is Any Port; Any Policy. That is, by default, the dashboard displays all the information.Using DefenseFlow, by default, the Scope is Any Protected Object; Any Port; Any Policy. That is, by default, the dashboard displays all the information.To control the scope of the information that the dashboard displays in DefensePro, see the procedure To control the scope of the information that the Dashboard View displays for DefensePro, page 523.To control the scope of the information that the dashboard displays in DefenseFlow, see the procedure To control the scope of the information that the Dashboard View displays for DefenseFlow, page 524.




To control the scope of the information that the Dashboard View displays for DefensePro

1. Click . Two tables open. One table has the Device Name and Port columns, and the other table has the Device Name and Policy columns.


— To limit the physical ports or Network Protection policies that the dashboard displays, select the corresponding checkboxes.

— To display the information for all the currently relevant physical ports or Network Protection policies, click in the top-left table cell, and then, select Select All.

— To display all the information in the database, even information that is not associated with a specific port or specific Network Protection policy, click in the top-left table cell, and then, select Select None.

Display Last How long the dashboard displays attacks after the attack terminates. That is, the dashboard displays all attacks that are currently ongoing or that terminated within the selected period.Values:• 10 Minutes• 20 Minutes• 30 Minutes• 1 Hour• 2 Hours• 6 Hours• 12 Hours• 24 HoursDefault: 10 Minutes

Top Attacks to Display(This parameter is available only in the Ongoing Attacks Monitor.)

The number of attacks that the Ongoing Attacks Monitor displays.Values: 1–50Default: 20

Sort By(This parameter is available only in the Ongoing Attacks Monitor.)

Values:• Top Total Packet Count—The Ongoing Attacks Monitor displays the

attacks with the highest number of packets.• Top Volume—The Ongoing Attacks Monitor displays the attacks with

the highest volume. • Most Recent—The Ongoing Attacks Monitor displays the most recent

attacks. • Attack Risk—The Ongoing Attacks Monitor displays the attacks

according to attack risk. Default: Top Packet Count

Table 393: Security Monitor Dashboard View—Display Parameters (cont.)





To control the scope of the information that the Dashboard View displays for DefenseFlow

1. Click . Three tables open. One table has the Protected Object, one table has the Device Name and Port columns, and the third table has the Device Name and Policy columns.

2. To toggle the sort order of the information in any of the columns, hover over the column heading until you see an arrow, and then, click the arrow.

Using the Current Attacks TableThe Current Attacks Table displays information on current and recent attacks. The configuration of the display parameters determine the information that the Current Attacks Table displays (see Configuring the Display Parameters of a Dashboard View, page 522).

Note: Once DefensePro reports a Packet Anomaly attack of a certain Radware ID, the Status value Occurred and the Start Time value remain indefinitely. For example, suppose a new DefensePro device starts identifying and handling a Packet Anomaly attack with Radware ID 105 with the start time 20.02.2017 15:19:09. The attack subsides. One month later, the DefensePro device starts identifying and handling another Packet Anomaly attack with Radware ID 105. The Start Time value 20.02.2017 15:19:09 is reported. (For more information on Packet Anomaly protection, see Configuring Global Packet Anomaly Protection, page 183.)

To display the Current Attacks Table

1. In the Security Monitoring perspective, select the DefensePro device, Site, or Logical Group for which to display data.

2. Select Dashboard View > Current Attacks Table.

You can do the following in the Current Attacks Table: • Filter the rows—You can filter table rows according to values in the table columns. For more

information on filtering table rows, see Filtering Table Rows, page 102.• Sort the rows—You can change the row order from ascending to descending or vice versa. To

do this, hover the mouse over the column to display the arrow and change the order.• View additional information for a specific attack—To do this, select the relevant row, and

click (View Attack Details). For more information, see Attack Details, page 531.

• Go to the policy that handled attack—To do this, click (Go to Policy).

• Export the information in the table to a CSV file—To do this, click (CSV). Then, you can view the file or specify the location and file name.

• Pause the refresh of the table display—To do this, click (Pause). When the table display is not paused, it refreshes approximately every 15 seconds.




Figure 59: Current Attacks Table—DefensePro

Table 394: Current Attacks Table Parameters

Parameter DescriptionSource Type(This parameter is available only in DefenseFlow.)

The source of the signal entry.Values:• DP—DefensePro• DF—DefenseFlow

Start Time The date and time that the attack started.1

The Scope summary.

Scope—Displays the tables to select the physical ports and Network Protection policies that the Dashboard View displays.

Function buttons:● View Attack Details● Go to Policy● Export Table to CSV● Pause

Arrow for sorting ascending or descending.




Attack Category The threat type to which this attack belongs.Values:• ACL (not in DefenseFlow)

• Anomalies1 (in DefenseFlow, detection was performed by an external detector)

• Anti-Scanning (not in DefenseFlow)• Bandwidth Management (not in DefenseFlow)• Behavioral DoS (in DefenseFlow, detection was performed by

DefenseFlow BDoS)• DNS Flood (not in DefenseFlow)• DoS (not in DefenseFlow)• HTTP Flood (not in DefenseFlow)• Intrusions (not in DefenseFlow)• Server Cracking (not in DefenseFlow)• Stateful ACL (not in DefenseFlow)• SYN Flood (not in DefenseFlow)• Traffic Filters

Status The last-reported status of the attack.Values:• Started—An attack containing more than one security event has been

detected. (Some attacks contain multiple security events, such as DoS, Scans, and so on.)

• Occurred (Signature-based attacks)—Each packet matched with signatures was reported as an attack and dropped.•

• Sampled (available only in DefenseFlow)—The last reading for each protocol and the totals for all protocols, for a single device. This information is only available when viewing a single device.

• Ongoing—The attack is currently taking place, that is, the time between Started and Terminated (for attacks that contain multiple security events, such as DoS, Scans, and so on).

• Terminated—There are no more packets matching the characteristics of the attack, and the device reports that the attack has ended.

Risk The predefined attack severity level (see Risk Levels, page 521).Values:

• —High

• —Medium

• —Low

• —Info

Attack Name The name of the detected attack.

Table 394: Current Attacks Table Parameters (cont.)





Source Address The source IP address of the attack. If there are multiple IP sources for an attack, this field displays Multiple. The multiple IP addresses are displayed in the Attack Details window. Multiple may also refer to cases when DefensePro or DefenseFlow cannot report a specific value.The Search string can be any legal IPv4 or IPv6 address, and can include a wildcard (*).

Destination Address The destination IP address of the attack. If there are multiple IP sources for an attack, this field displays Multiple. The multiple IP addresses are displayed in the Attack Details window. Multiple may also refer to cases when DefensePro or DefenseFlow cannot report a specific value.

Policy In DefensePro, the name of the configured Network Protection policy or Server Protection policy that was violated by this attack.To view or edit the policy for a specific attack, select the attack entry and click the (Go to Policy) button.In DefenseFlow, the name of the configured Security Policy that was set to mitigate this attack. The default policy name is the name of the protected object. Policies in DefenseFlow cannot be edited.

Radware ID The DefensePro Attack-Protection identifier issued by the device. For more information, see DefensePro Attack-Protection IDs, page 751. For more information, see DefensePro Attack-Protection IDs, page 801.

Direction The direction of the attack, inbound or outbound. Values: in, out






Action Type(This parameter is available only in DefensePro.)

The reported action against the attack. The actions are specified in the protection profile, which may or may not be available or relevant for your system.Values:• Bypass—DefensePro does not protect against this attack, but rather,

sends its data out of the device, and may report it. • Challenge—DefensePro challenges the packet.• Destination Reset—DefensePro sends a TCP-Reset packet to the

destination IP address and port.• Drop—DefensePro discards the packet.• Drop & Quarantine—DefensePro discards the traffic and adds the

destination to the Web quarantine.• Forward—DefensePro continues to process the traffic and eventually

forwards the packet to its destination.• Proxy• Quarantine—DefensePro adds the destination to the Web quarantine.• Source Destination Reset—DefensePro sends a TCP-Reset packet to

both the packet source IP and the packet destination IP address.• Source Reset—DefensePro sends a TCP-Reset packet to the packet

source IP address.• Http 200 Ok—DefensePro sends a 200 OK response using a predefined

page and leaves the server-side connection open.• Http 200 Ok Reset Dest—DefensePro sends a 200 OK response using a

predefined page and sends a TCP-Reset packet to the server side to close the connection.

• Http 403 Forbidden—DefensePro sends a 403 Forbidden response using a predefined page and leaves the server-side connection open.

• Http 403 Forbidden Reset Dest—DefensePro sends a 403 Forbidden response using a predefined page and sends a TCP-Reset packet to the server side to close the connection.

Total Packet Count The number of identified attack packets from the beginning of the attack.

Volume For most protections, this value is the volume of the attack, in kilobits, from when the attack started.In DefensePro, for SYN protection (SYN cookies), this value is the number of SYN packets dropped, multiplied by 60 bytes (the SYN packet size).

Device IP(This parameter is available only in DefensePro.)

The IP address of the attacked device.

Protected Object(This parameter is available only in DefenseFlow.)

The name of the protected object that was attacked.






Application Protocol The transmission protocol used to send the attack:Values:• TCP• UDP• ICMP• IP

MPLS RD The Multi-protocol Label Switching Route Distinguisher in the policy that handled the attack. The value N/A or 0 (zero) in this field indicates that the MPLS RD is not available.

VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the attack. The value N/A or 0 (zero) in this field indicates that the VLAN tag or Context Group is not available.

Note: The VLAN tag or Context Group identifies similar information in this field. DefensePro 6.x and 7.x versions support VLAN tags. DefensePro 8.x versions support Context Groups.

Source Port2 The Layer 4 source port of the attack.

Destination Port The Layer 4 destination port of the attack. If there are multiple destination L4 ports, this field displays Multiple. In cases when DefensePro cannot report a specific value, the field displays 0 (zero).

Physical Port The port on the device at which the attack packets arrived. In cases when DefensePro cannot report a specific value, the field displays 0 (zero) or Multiple.

Source MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and later.

Destination MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and later.

1 – Once DefensePro reports a Packet Anomaly attack of a certain Radware ID, the Status value Occurred and the Start Time value remain indefinitely. For example, suppose a new DefensePro device starts identifying and handling a Packet Anomaly attack with Radware ID 105 with the start time 20.02.2017 15:19:09. The attack subsides. One month later, the DefensePro device starts identifying and handling another Packet Anomaly attack with Radware ID 105. The Start Time value 20.02.2017 15:19:09 is reported. (For more information on Packet Anomaly protection, see Configuring Global Packet Anomaly Protection, page 183.)

2 – This column is not displayed by default in the Current Attacks tab.

To display the column, click the (Table Settings) button and then select the relevant checkbox. Click the button again to close the Table Settings list.






Using the Ongoing Attacks MonitorThe Ongoing Attacks Monitor comprises two charts: the Ongoing Attacks Monitor and Drop Intensity gauges. The information that the charts display is according to the configuration of the display parameters (see Configuring the Display Parameters of a Dashboard View, page 522).

To display the Ongoing Attacks Monitor


2. Select Dashboard View > Ongoing Attacks Monitor.

The Ongoing Attacks Monitor is a graphical representation of current and recent attacks. Each icon in the monitor represents a separate attack. The icon type (see the legend) represents the type of protection that the attack violates. A flashing icon represents an ongoing attack. The horizontal position of each icon in the chart indicates the attack risk (see Risk Levels, page 521). The vertical position of the icon in the chart indicates the attack duration; the higher in the chart, the longer the attack has existed. Attacks that have started recently are lower in the monitor. The icon size indicates the amount of dropped data for the attack type relative to other attacks of the same type. Hover the mouse over an icon to display summary information for the attack. Double-click an icon to display detailed information for the attack. For more information, see Attack Details, page 531.There are two Drop Intensity gauges: Packets and Bandwidth. The Packets gauge indicates the proportion of dropped packets relative to the total packets. The Bandwidth gauge indicates the proportion of dropped bandwidth relative to the total bandwidth (according to the license). The gauges show the calculated ranges Low (up to 30% dropped), Medium (up to 70% dropped), and High (more than 70% dropped).

Figure 60: Ongoing Attacks Monitor

The Scope summary. Hover the mouse over an icon to display summary information for the attack.

Scope—Displays the tables to select the physical ports and Network Protection policies that the dashboard displays.




Attack DetailsAPSolute Vision displays an Attack Details tab when you double-click an attack in a Security Monitoring Dashboard View. APSolute Vision displays attack details for the following attacks:• ACL (Black List) Details, page 532• Anti-Scanning Details, page 532• Bandwidth Management Details, page 535• BDoS Attack Details, page 535• DNS Flood Attack Details, page 538• DoS Attack Details, page 540• HTTP Flood Attack Details, page 540• Intrusions Attack Details, page 543• Packet Anomalies Attack Details, page 543• Server Cracking Attack Details, page 544• Stateful ACL Details, page 545• SYN Flood Attack Details, page 545• Traffic Filters Attack Details, page 546

For DefenseFlow Attack Details, only the Attack Details tab displays.Each Attack Details tab includes two or more sub-tabs, which provide details on the attack. All Attack Details tabs include the sub-tabs Attack Characteristics and the Attack Description. The Attack Characteristics tab displays information that is also available in the hidden columns of the Current Attacks Table. The Attack Description tab displays the information from the Attack Descriptions file. An attack description is displayed only if the Attacks Description file has been uploaded on the APSolute Vision server.

Notes

• To display hidden columns of the Current Attacks Table, click the (Table Settings) button and then select the relevant checkbox. Click the button again to close the Table Settings list.

• For information about uploading the Attack Description file, see Managing and Updating the Attack Descriptions File for DefensePro, page 108.

In addition to viewing the details of the attack, in each Attack Details tab, you can do the following:

• View sampled data from the attack—To do this, click the (View Sampled Data) button. For more information, see Sampled Data Tab, page 547.

• Go to the policy that handled attack— To do this, click the (Go to Policy) button.• Export the information in the in the Attack Details tab to a CSV file—To do this, click

the (CSV) button. Then, you can view the file or specify the location and file name.• In DefensePro 8.x versions 8.13 and later, for DNS recursive attacks, view the list of

relevant whitelisted subdomains—To do this, click the (View Subdomains Whitelist) button.

• Export the capture files related to the selected attack to a ZIP file—To do this, click

the (Export Attack Capture Files) button, and enter a file name in the file selection dialog box.




Notes

— You can send the CAP file to a packet analyzer.— Up to 255 bytes of packet information is saved in the CAP file. That is, DefensePro and/or

DefenseFlow export full packets but APSolute Vision trims them to 255 bytes.— The file is available only as long as it is displayed in the Current Attacks table.— The file is created only if packet reporting is enabled in the protection configuration for the

profile that was violated.— DefensePro exports only the last packet in a sequence that matches the filter. Furthermore,

if traffic matches a signature that consists of more than one packet, the reported packet will not include the whole expression in the filter.

— For DoS attacks of very short duration, there might be no sampling or ongoing traps. Consequently, for such attacks, there might be no sampled data or capture files. (For more information, see DoS Attack Details, page 540.)

ACL (Black List) Details

Anti-Scanning DetailsThe set of Anti-Scanning Attack Details parameters and their location differs slightly depending on the DefensePro version.

Anti-Scanning Attack Details in DefensePro 8.x Versions

Table 395: ACL Attack Details: Characteristics Parameters

Parameter DescriptionProtocol The protocol that the attack uses or used.

Physical Port1

1 – This parameter is not resolved, and the value Multiple is always displayed.

The physical port that the attack uses or used.

Packet Count The packet count of the attack.

VLAN The VLAN that the attack uses or used.

MPLS RD The MPLS RD that the attack uses or used.

Device IP The device IP address that the attack uses or used.

Table 396: ACL Attack Details: Attack Description

Parameter DescriptionThe description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute Vision server.

Table 397: Anti-Scanning Attack Details: Characteristics Parameters

Parameter DescriptionSource L4 Port The source L4 port that the attack uses or used.

Protocol The protocol that the attack uses or used.

Physical Port The physical port that the attack uses or used.

Total Packet Count The packet count that the attack uses or used.




VLAN Tag / Context The Context Group that the attack uses or used.

MPLS RD N/A

Device IP Address The device IP address that the attack uses or used.

Avg. Time Between Probes The average time, in seconds, between scan events.

Number of Probes The number of scan events from the time the attack started.

Volume (Kbits) The volume, in Kbits, that the attack uses or used.

Table 398: Anti-Scanning Attack Details: Info Parameters

Parameter DescriptionAction The protection Action taken.

Action Reason Values:• Configuration—The action is (or was) according to the

value in the Action field in the Anti-Scanning profile. • Footprint-accuracy-level—There is (or was) insufficient

data for a footprint, because the Include in the Footprint More than Source IP Address and Protocol option is enabled in the Anti-Scanning profile.

• Multiple-probed-ports—Port scans are (or were) monitored only (not blocked), because the Monitor but Do Not Block Port Scans option is enabled in the Anti-Scanning profile.

Blocking Duration The blocking duration, in seconds, of the attacker source IP address.

Estimated Release Time (Local) The estimated release time of attacker in local time.

Table 399: Anti-Scanning Attack Details: Scan Details Parameters

Parameter DescriptionDST IP The destination IP address of the scan.

DST L4 Port The destination port of the scan.

TCP Flag / Protocol Values: • The TCP flag, for example, “ACK”—Displayed for TCP

scans.• UDP—Displayed for UDP scans.• ICMP—Displayed for ICMP scans.

Table 400: Anti-Scanning Attack Details: Footprint

Parameter DescriptionThe footprint blocking rule generated by the Anti-Scanning protection, which provides the narrowest effective blocking rule against the scanning attack.

Table 397: Anti-Scanning Attack Details: Characteristics Parameters (cont.)





Anti-Scanning Attack Details in DefensePro 6.x and 7.x Versions

Table 401: Anti-Scanning Attack Details: Attack Description


Table 402: Anti-Scanning Attack Details: Characteristics Parameters

Parameter DescriptionSource L4 Port The source L4 port that the attack uses or used.



Total Packet Count The packet count that the attack uses or used.


VLAN Tag / Context The VLAN Tag class that the attack uses or used.


Device IP Address The device IP address that the attack uses or used.

Table 403: Anti-Scanning Attack Details: Info Parameters

Parameter DescriptionAction The protection Action taken.

Action Reason Describes the difference between the configured action and the actual action.

Blocking Duration The blocking duration, in seconds, of the attacker source IP address.

Estimated Release Time (Local) The estimated release time of attacker in local time.

Avg. Time Between Probes The average time, in seconds, between scan events.


Table 404: Anti-Scanning Attack Details: Scan Details Parameters

Parameter DescriptionDST IP The destination IP address of the scan.

DST L4 Port The destination port of the scan.

TCP Flag / Protocol Values:• The TCP flag, for example, “ACK”—Displayed for TCP

scans.• UDP—Displayed for UDP scans.• ICMP—Displayed for ICMP scans.




Bandwidth Management Details

BDoS Attack Details

Table 405: Anti-Scanning Attack Details: Footprint

Parameter DescriptionThe footprint blocking rule generated by the Anti-Scanning protection, which provides the narrowest effective blocking rule against the scanning attack.

Table 406: Anti-Scanning Attack Details: Attack Description


Table 407: Bandwidth Management Attack Details: Characteristics Parameters


Physical Port1








Table 408: Bandwidth Management Attack Details: Attack Description


Table 409: BDoS Attack Details: Characteristics Parameters

Parameter DescriptionNote: Some fields can display multiple values, when relevant and available. The values that these field display depend on the current stage of the attack. If a field is part of the dynamic signature (that is, a specific value or values appear in all the attack traffic), the field displays the relevant value or values.


Source L4 Port The source L4 port that the attack uses or used.







VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the attack.




TTL The TTL that the attack uses or used.

L4 Checksum The L4 checksum that the attack uses or used.

TCP Sequence Number The TCP sequence number that the attack uses or used.

IP ID Number The IP ID number that the attack uses or used.

Fragmentation Offset The fragmentation offset that the attack uses or used.

Fragmentation Flag The fragmentation flag that the attack uses or used. 0 indicates that fragmentation is allowed. 1 indicates that fragmentation is not allowed.

Flow Label (IPv6 only) The flow label that the attack uses or used.

ToS The ToS that the attack uses or used.

Packet Size The packet size that the attack uses or used.

ICMP Message Type(This is displayed only if the protocol is ICMP.)

The ICMP message type that the attack uses or used.

Source IP The source IP address that the attack uses or used.

Destination IP The destination IP address that the attack uses or used.

Source Ports The source ports that the attack uses or used.

Destination Ports The destination port that the attack uses or used.

DNS ID The DNS ID that the attack uses or used.

DNS Query The DNS query that the attack uses or used.

DNS Query Count The DNS query count that the attack uses or used.

Table 410: BDoS Attack Details: Info Parameters

Parameter DescriptionPacket Size Anomaly Region

The statistical region of the attack packets. The formula for the packet-size baseline for a policy is as follows:

{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/NormalPPS)}

Values:• Large Packets—The attack packets are approximately 15% larger

than the normal packet-size baseline for the policy.• Normal Packets—The attack packets are within approximately 15%

either side of the normal packet-size baseline for the policy.• Small Packets—The attack packets are approximately 15% smaller

than the normal packet-size baseline for the policy.

Table 409: BDoS Attack Details: Characteristics Parameters (cont.)





State The state of the protection process.Values:• footprint analysis—BDoS protection has detected an attack and is

currently generating an attack footprint.• footprint-applied—BDoS protection is blocking the attack based on

the generated footprint. Through a closed-feedback loop operation, BDoS protection optimizes the footprint rule, achieving the narrowest effective mitigation rule.

• burst-footprint blocking (available only in 8.x versions 8.15 and later)—BDoS protection is blocking the burst attack based on the footprint generated by the previous states. This state remains until the burst attack terminates or the specified Maximum Burst-Attack Period is reached.

• non-attack—Nothing was blocked because the traffic was not an attack. That is, no footprint was detected or the blocking strictness level was not met.

Table 411: BDoS Attack Details: Footprint Parameters

Parameter DescriptionThe footprint blocking rule generated by the Behavioral DoS Protection, which provides the narrowest effective blocking rule against the flood attack.

Table 412: BDoS Attack Details: Attack-Identification Statistics Table

Parameter DescriptionThis table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black indicates the learned normal traffic baselines. Table columns are displayed according to the protocols: TCP (includes all flags), UDP, or ICMP.

Table 413: BDoS Attack Details: Attack-Identification Statistics Graph

Parameter DescriptionThe graph displays a snapshot of the relevant traffic type for the 15-second period during which the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line represents the normal adapted traffic baseline.

Table 414: BDoS Attack Details: Burst Attack Statistics

Parameter DescriptionThis tab displays data only for DefensePro 8.x versions 8.15 and later, and only when the value of the State parameter in the Info tab (see above) is burst-footprint blocking.

Note: For information on burst-attacks protection, see the DefensePro documentation.

Burst Occurring Now Values: Yes, No

Current Burst Number The number of bursts since start of the attack.

Average Burst Duration The average duration, in hh:mm:ss format, of the bursts.

Table 410: BDoS Attack Details: Info Parameters (cont.)





DNS Flood Attack Details

Note: In DefensePro 8.x versions 8.13 and later, the Attack Details tab includes the (View Subdomains Whitelist) button. When the attack is a recursive attack, clicking the button opens a table with the subdomains that match the attack footprint but DefensePro identifies as legitimate. DefensePro can identify a subdomain as legitimate through automatic learning and by using manual entries in the Subdomains Whitelist. For more information, see the section “Configuring DNS Protection Profiles for Network Protection” in the APSolute Vision online help.

Average Time Between Bursts The average time, in hh:mm:ss format, between separate bursts.

Average Burst Rate The average rate, in Kbps, of the bursts.

Max. Burst Rate The rate, in Kbps, of the biggest burst in this attack.

Table 415: BDoS Attack Details: Attack Description


Table 416: DNS Flood Attack Details: Characteristics Parameters











TTL The TTL that the attack uses or used.

L4 Checksum The L4 checksum that the attack uses or used.

IP ID Number The IP ID number that the attack uses or used.

Packet Size The packet size that the attack uses or used.

Table 414: BDoS Attack Details: Burst Attack Statistics (cont.)





Destination IP The destination IP address that the attack uses or used.

Destination Ports The destination ports that the attack uses or used.

DNS ID The DNS ID that the attack uses or used.

DNS Query The DNS query that the attack uses or used.

DNS Query Count The DNS query count that the attack uses or used.

DNS An Query Count The DNS An query count that the attack uses or used.

Table 417: DNS Flood Attack Details: Info Parameters

Parameter DescriptionState The state of the protection process.

Mitigation Action The mitigation action. Values:• Signature Challenge• Signature Rate Limit• Collective Challenge • Collective Rate Limit

Table 418: DNS Flood Attack: Footprint

Parameter DescriptionThe footprint blocking rule that the Behavioral DoS Protection generated. The footprint blocking rule provides the narrowest effective blocking rule against the flood attack.

Table 419: DNS Flood Attack Details: Attack-Identification Statistics Table

Parameter DescriptionThis table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black indicates the learned normal traffic baselines. Table columns are displayed according to the DNS query types: A, MX, PTR, AAAA, Text, SOA, NAPTR, SRV, Other.

Table 420: DNS Flood Attack Details: Attack-Identification Statistics Graph

Parameter DescriptionThe graph displays a snapshot of the relevant traffic type for the 15-second period during which the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line represents the normal adapted traffic baseline.

Table 421: DNS Flood Attack Details: Attack Description


Table 416: DNS Flood Attack Details: Characteristics Parameters (cont.)





DoS Attack Details

Note: For DoS attacks of very short duration, there might be no sampling or ongoing traps. Consequently, for such attacks, there might be no sampled data or capture files.

HTTP Flood Attack Details

Table 422: DoS Attack Details: Characteristics Parameters








Table 423: DoS Attack Details: Info Parameters

Parameter DescriptionAction The Action that the protection took for the attack traffic, for example:

Drop.

Attacker IP The IP address of the attacker.

Protected Host The protected host.

Protected Port The protected port.

Attack Duration The duration of the attack.

Current Packet Rate The current packet rate.

Average Packet Rate The average packet rate.

Table 424: DoS Attack Details: Attack Description


Table 425: HTTP Flood Attack Details: Characteristics Parameters








Packet Count The dropped packet count of the attack.





Table 426: HTTP Flood Attack Details: Info Parameters

Parameter DescriptionProtection State The state of the protection process.

Values:• Characterization—The protection module is analyzing the

attack footprint.• Mitigation—The protection module is mitigating the attack

according to the profile configuration.• Suspicious Activities—The protection module identified the

attack but cannot mitigate it.

Mitigation Flow The configuration of the mitigation flow for the profile.Values:• Default—The mitigation flow for the profile is configured to

use all three mitigation actions, which are selected by default: 1-Challenge Suspects, 2-Challenge All, 3-Block Suspects.

• Customized—The mitigation flow for the profile is not configured to use all three mitigation actions.

Action The current action that protection module is using to mitigate the attack.Values: • Challenge Suspected Attackers—The protection module is

challenging HTTP sources that match the real-time signature.• Challenge All Sources—The protection module is challenging

all HTTP traffic toward the protected server.• Block Suspected Attackers—The protection module is

blocking all HTTP traffic from the suspect sources (that is, sources that match the signature).

• No Mitigation—The protection module is in the Suspicious Activities state and is not mitigating the attack.

Challenge Method The user-specified Challenge Mode: 302 Redirect or JavaScript.

Suspicious Sources The number of sources that the protection module suspects as being malicious.

Challenged Sources The number of sources that the protection module has identified as being attackers and is now challenging them.

Table 425: HTTP Flood Attack Details: Characteristics Parameters (cont.)





Blocked Sources The number of sources that the protection module has identified as being attackers and is now blocking them.

HTTP Authentication Table Utilization [%]

The percentage of HTTP Authentication Table that is full.

Table 427: HTTP Flood Attack Details: Blocked Users Parameters

Parameter DescriptionSource IP address The source IP addresses mitigated as attackers. Up to 40

different IP addresses can be viewed.

Note: When the HTTP flood attack is widely distributed, meaning more than 1000 source IP addresses, the system does not use any source IP addresses in the blocking rule. This mitigation occurs only if the URI Only blocking mode option is enabled.

Request URI The HTTP request URIs that took part in the HTTP flood attack and were mitigated.

Bypassed / Blocked Usually, the value that is displayed is Blocked. Only when one of HTTP request URIs was configured to be bypassed, is the value Bypassed.

Table 428: HTTP Flood Attack Details: Attack-Identification Statistics Table

Parameter DescriptionThis table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black indicates the learned normal traffic baselines. Table columns:• Statistic Type—Anomaly or Normal• Get and Post Requests/sec • Other HTTP Requests/sec • Outbound Kbps• GET and POST per source/sec • GET and POST per connection

Table 429: HTTP Flood Attack Details: Attack-Identification Statistics Graph

Parameter DescriptionThe graph displays the HTTP request URI size distribution. The y-axis shows the number of HTTP requests per second that refers to GET and POST request methods, and the x-axis shows the Request URI size in bytes. The blue line represents the normal expected HTTP request rates and the orange line represents the real-time rate values identified when the attack was triggered.

Table 426: HTTP Flood Attack Details: Info Parameters (cont.)





Intrusions Attack Details

Packet Anomalies Attack Details

Table 430: HTTP Flood Attack Details: Attack Description


Table 431: Intrusions Attack Details: Characteristics Parameters


Physical Port1








Table 432: Intrusions Attack Details: Attack Description


Table 433: Packet Anomalies Attack Details: Characteristics Parameters


Physical Port1








Attack DescriptionThe description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute Vision server.




Server Cracking Attack Details

Caution: Server Cracking attack details do not include information for DNS brute-force attacks.

Table 434: Packet Anomalies Attack Details: Attack Description


Table 435: Server Cracking Attack Details: Characteristics Parameters


Source L4 Port The Source L4 Port that the attack uses or used.

Physical Port The Physical Port that the attack uses or used.

Packet Count The Packet Count that the attack uses or used.




Device IP The Device IP that the attack uses or used.

Table 436: Server Cracking Attack Details: Info Parameters

Parameter DescriptionBlocking Duration The blocking duration, in seconds, of the attacker source IP

address.

Estimated Release Time The estimated release time of attacker in local time.

Avg. Time Between Probes The average time between scan events in seconds.


Table 437: Server Cracking Attack Details: Scan Details Parameters

Parameter DescriptionRequests Details When a server-cracking attack is detected, DefensePro sends, to

the management system, sample suspicious “attacker” requests in order to provide more information on the nature of the attack.The sample requests are sent for the protocols or attacks.Values:• Web Scan—Sample HTTP requests.• Web Cracking—Username and Password.• SIP—SIP user (SIP URI).• FTP—Username (if sent in the same request) and Password.• POP3—Username (if sent in the same request) and Password.




Stateful ACL Details

SYN Flood Attack Details

Table 438: Server Cracking Attack Details: Attack Description


Table 439: Stateful ACL Attack Details: Characteristics Parameters


Physical Port1







Table 440: Stateful ACL Attack Details: Attack Description


Table 441: SYN Flood Attack Details: Characteristics Parameters


Physical Port The physical port that the attack uses or used. If the configuration of the Network Protection policy includes no value for Port Group, the field displays Multiple.









Traffic Filters Attack DetailsThis feature is available only in DefensePro 7.x versions 7.42.11 and later, and 8.x versions 8.15 and later.

Note: For information on Traffic Filters, see the section “Configuring DNS Protection Profiles for Network Protection” in the APSolute Vision online help.

Table 442: SYN Flood Attack Details: Info Parameters

Parameter DescriptionThe information is displayed when the protection action is blocking mode.

Caution: If SYN Protection is configured with report-only mode, the fields Average Attack Rate, Attack Threshold, and Attack Volume display 0 (zero).

Average Attack Rate The average rate of spoofed SYNs and data connection attempts per second, calculated every 10 seconds.

Attack Threshold The configured attack trigger threshold, in half connections per second.

Attack Volume The number of packets from spoofed TCP connections during the attack life cycle (aggregated). These packets are from the sessions that were established through the SYN-cookies mechanism or were passed through the SYN protection trusted list.

Attack Duration The duration, in hh:mm:ss format, of the attack on the protected port.

TCP Challenge The Authentication Method that identified the attack: Transparent Proxy or Safe-Reset.

HTTP Challenge The HTTP Authentication Method that identified the attack: 302-Redirect or JavaScript.

Table 443: SYN Flood Attack Details: Authentication Lists Utilization Parameters

Parameter DescriptionTCP Auth. List The current utilization, in percent, of the TCP Authentication

table.

HTTP Auth. List The current utilization, in percent, of the Table Authentication table.

Table 444: SYN Flood Attack Details: Attack Description


Table 445: Traffic Filters Attack Details: Characteristics Parameters

Parameter DescriptionFilter Name The name of the Traffic Filter that matched the traffic.




Sampled Data TabYou can display the Sampled Data dialog box for the all attack types that support sampled data.The Sampled Data tab contains a table with data on sampled attack packets. Each row in the table displays the data for one sampled attack packet. The title bar includes the category of the data—for example, Behavioral DoS.

Notes

• This feature is not supported on OnDemand Switch 2 S2 (DefensePro 1016 IPS & Behavioral Protection - DME).

• APSolute Vision stores sampled attack data, which includes the source and destination addresses of the sampled packets. This information reflects a sampling of the attack packets; it does not reflect the full attack data. For example, it is possible that the source IP addresses of the sampled data do not include all of the source addresses of the attack.

Filter ID The Radware ID of the Traffic Filter that matched the traffic.

Note: The ID is a hyperlink to the configuration of the Traffic Filter.

Protocol The protocol of the traffic that the Traffic Filter matched.

Source Network The source network of the traffic that the Traffic Filter matched.

Source Port The source port of the traffic that the Traffic Filter matched.

Destination Network The destination network of the traffic that the Traffic Filter matched.

Destination Port The destination port of the traffic that the Traffic Filter matched.

Device IP The IP address of the DefensePro device with the Traffic Filter that matched the traffic.

Table 446: Traffic Filters Attack Details: Info Parameters

Parameter DescriptionTotal Attack Packets The total number of packets that match or matched the Traffic

Filter.

Attack Packets Rate (pps) The rate, in packets/second, of packets that match or matched the Traffic Filter.

Total Attack Data (Kbits) The total volume, in Kbits, of traffic that matches or matched the Traffic Filter.

Attack Bandwidth (Kbps) The bandwidth, in Kbits/second, of traffic that matches or matched the Traffic Filter.

Table 447: Traffic Filters Attack Details: Attack Description


Table 445: Traffic Filters Attack Details: Characteristics Parameters (cont.)





The table in the Sampled Data tab comprises the following columns:• Time• Source Address• Source L4 Port• Destination Address• Destination L4 Port• Protocol• VLAN / Context• MPLS RD• Physical Port

To display the Sampled Data tab


2. Select Dashboard View.

3. Do one of the following to open the Attack Details tab:

— Select Current Attacks Table, and then, double-click the relevant row.— Select Ongoing Attacks Monitor, and then, double-click the icon.

4. Click the (View Sampled Data) button.

You can export some rows of the table in the Sampled Data dialog box to a CSV file.

To save sampled data to a CSV file


2. Select Dashboard View.

3. Do one of the following to open the Attack Details tab:

— Select Current Attacks Table, and then, double-click the relevant row.— Select Ongoing Attacks Monitor, and then, double-click the icon.

4. Click the (View Sampled Data) button.

5. Select the row with which you want the data rows in the file to start.

6. Click the (CSV) button.

7. View the file or specify the location and file name.




Viewing Real-Time Traffic ReportsYou can view real-time traffic reports over time for the IP traffic passing through the DefensePro devices. The information includes data on overall IP traffic, protocol mix, and packet discards. You can display the data in graph or table format.

Notes

• On DefensePro devices that do not support the Device Operation Mode feature, the traffic is calculated according to the selected port pairs.

• For DefensePro devices that support the Device Operation Mode feature:

— When Device Operation Mode is Transparent, the traffic is calculated according to the selected port pairs.

— When Device Operation Mode is IP, the traffic is calculated according to the selected ports.

— When you are viewing multiple DefensePro devices in the Security Monitoring perspective, the table displays both port pairs and single ports as appropriate.

You can also view graphs of connection rates and concurrent connections based on data from the Session table.By default, all traffic is presented in these graphs and tables. In each graph, you can filter the display by protocol or traffic direction, but not for concurrent connections.The Connection Statistics are displayed only when the device is operating in Full Layer 4 Session Table Lookup mode (relevant only for 6.x and 7.x versions).You can monitor the following traffic information in the Traffic Monitoring tab:• Viewing the Traffic Utilization Report, page 549• Viewing the Connection Rate Report, page 556• Viewing the Concurrent Connections Report, page 558• Viewing the Top Queried Domain Names Report, page 558

Viewing the Traffic Utilization ReportThe Traffic Utilization Report displays statistics for the following:• Traffic Statistics—Displays information for the selected port pairs in DefensePro, and

protected object in DefenseFlow, as a graph. The graph contains information for a selected protocol or the total for all protocols over a period of time. There is a curve on the graph for each the following:— Inbound IP traffic in DefensePro, Inbound traffic in DefenseFlow— Dropped inbound traffic (DefenseFlow only)— Diverted inbound traffic (DefenseFlow only)— Outbound IP traffic— Discarded inbound traffic— Discarded outbound traffic— Excluded inbound traffic (DefensePro only)— Clean inbound traffic (DefenseFlow only)— Excluded outbound trafficTo hide or show a curve for a particular traffic type, click the corresponding colored square in the legend.




Excluded inbound traffic and Excluded outbound traffic are related to the Traffic Exclusion implementation. Traffic Exclusion is when DefensePro passes through all traffic that matches no Network Protection policy configured on the device. In DefensePro 7.x versions, Traffic Exclusion is always enabled, and the graph always displays excluded inbound traffic and excluded outbound traffic. DefensePro x412 platforms with the DME, running 6.x versions display excluded inbound traffic and excluded outbound traffic when the Traffic Exclusion checkbox is selected. For other configurations, versions, or platforms, the graph does not display excluded inbound traffic and excluded outbound traffic. For more information, see the relevant section in the APSolute Vision online help.

Caution: When the value of the Scope parameter is Devices/Policies (see Table 448 - Traffic Utilization Report: Display Parameters for Graph and Table, page 551), during the Update Policies process, the Statistics Graph momentarily displays Traffic Utilization as 0 (zero).

• Traffic Authentication Statistics (Challenge/Response)—Displays statistics for the Challenge-Response mechanism when the relevant option is enabled in the protection modules that support the Challenge-Response mechanism. For more information, see Configuring Global DNS Flood Protection, page 143 and Configuring HTTP Flood Protection Profiles for Server Protection, page 27.

• Last Sample Statistics—Displays the last reading for each protocol and provides totals for all protocols, for a single device. (This information is only available when viewing a single device.)

To view or save a CSV file, click (CSV).

Tip: To get the current traffic rate in packets or bytes per second (calculated as the average rate in 15 seconds), you can use the following CLI command on the DefensePro device:dp rtm-stats get [port number]

Caution: When the Scope is Devices/Policies, the Traffic Utilization Report does not include inbound traffic that the Black List module blocked. This is because the Black List module processes traffic before the classification of a Network Protection policy.

Caution: In DefensePro 6.x and 7.x versions, when traffic-utilization rates are above 13M PPS, the Traffic Utilization Report may show less traffic than DefensePro actually received.

Notes

• For packets received through the 1G, 10G, or 40G ports, packet-size information and counters do not account for the CRC.

• The Traffic Utilization Report and the statistical traffic information that Protection Monitoring provides are based on different counters. (For information on the statistical traffic information that Protection Monitoring provides, see Protection Monitoring, page 560.)




To view the Traffic Utilization Report


2. Select Traffic Monitoring > Traffic Utilization Report.

3. Change display settings for the graph and table, as required.

4. For the Statistics Graph and Last Sample Statistics, set filter options for the displayed traffic data, as required. The displayed information refreshes automatically.

Table 448: Traffic Utilization Report: Display Parameters for Graph and Table

Parameter DescriptionScope(link, which displays the table)

Using DefensePro, the Scope table displays the physical ports or the Network Protection policies that the Traffic Utilization Report displays. By default, the Scope is Any Port or Any Policy—depending on the specified value in the Scope drop-down list. That is, by default, the Traffic Utilization Report displays all the information.Using DefenseFlow, the Scope table displays the Protected Objects or the Security policies that the Traffic Utilization Report displays. By default, the Scope is Any Protected Object.To control the scope of the information that the report shows for DefensePro, see the procedure To control the scope of the information that the report shows for DefensePro, page 552.

Caution: The scope for DefensePro platforms without the DME can be only according to physical ports, not Network Protection policies.

Display Last How long the graph displays attacks after the attack terminates. That is, the graph displays all attacks that are currently ongoing or that terminated within the selected period.Values:• 10 Minutes• 20 Minutes• 30 Minutes• 1 HourDefault: 10 Minutes

Scope(drop-down list)(This parameter is not available in DefenseFlow and is not available in DefensePro version 6.x and 7.x platforms without the DME.)

The scope of the graph view.Values:• Devices/Physical Ports—The graph shows traffic according to physical

ports on the specified device.• Devices/Policies—The graph shows traffic according to Network

Protection policies on the specified device.Default: Devices/Physical Ports

Units The units for the traffic rate.Values:• Kbps—Kilobits per second• Packet/Sec—Packets per second




To control the scope of the information that the report shows for DefensePro

1. Click . A table opens. The table has either the Device Name and Port columns or the Device Name and Policy columns—according to the specified value in the Scope drop-down list: Devices/Physical Ports or Devices/Policies.


— To limit the physical ports or Network Protection policies that the report displays, select the corresponding checkboxes.



Table 449: Traffic Utilization Report: Filter Parameters for the Traffic Statistics Graph

Parameter DescriptionDirection The traffic that the graph shows.

Values:• Inbound—Show inbound traffic.• Outbound—Show outbound traffic.• Both—Show inbound and outbound traffic. Data for inbound and

outbound are displayed as separate lines, not as totals.

Note: The direction of traffic between a pair of ports is defined by the In Port setting in the port pair configuration.

Protocol The traffic protocol to display.Values:• TCP—Show the statistics of the TCP traffic.• UDP—Show the statistics of the UDP traffic.• ICMP—Show the statistics of the ICMP traffic.• IGMP—Show the statistics of the IGMP traffic.• SCTP—Show the statistics of the SCTP traffic.• Other—Show the statistics of the traffic that is not TCP, UDP, ICMP,

IGMP, or SCTP.• All—Show total traffic statistics.

Caution: When the Scope is Devices/Policies, the Other traffic does not include IPsec traffic.




Table 450: Traffic Utilization Report: Traffic Authentication Statistics (Challenge/Response) Parameters

Parameter DescriptionProtocol The protocol of the statistics displayed in the row.

Values: HTTP, TCP, DNS

Note: The HTTP row is not relevant for DefensePro 8.x versions earlier than 8.10.

Current Attacks The number of attacks currently in the device.

Authentication Table Utilization % The percentage of the Authentication Table that is full.

Challenges Rate The rate, in PPS, that the device is sending challenges.

Table 451: Traffic Utilization Report: Last Sample Statistics Parameters

Parameter DescriptionProtocol The traffic protocol.

Values:• TCP• UDP• ICMP• IGMP• SCTP• Other—The statistics of the traffic that is not TCP, UDP, ICMP, IGMP, or

SCTP.• All—Total traffic statistics.

Caution: When the Scope is Devices/Policies, the Other traffic does not include IPsec traffic.

Inbound The amount of inbound traffic for the protocol identified in the row.

Outbound(This parameter is available only in DefensePro.)

The amount of outbound traffic for the protocol identified in the row.

Discarded Inbound The amount of discarded inbound traffic for the protocol identified in the row.

Discarded Outbound(This parameter is available only in DefensePro.)

The amount of discarded outbound traffic for the protocol identified in the row.

Clean(This parameter is available only in DefenseFlow.)

The amount of clean traffic for the protocol identified in the row.

Dropped(This parameter is available only in DefenseFlow.)

The amount of traffic dropped traffic for the protocol identified in the row.




Diverted(This parameter is available only in DefenseFlow.)

The amount of traffic diverted traffic for the protocol identified in the row.

Discard % The percentage of discarded traffic for the protocol identified in the row.

Excluded Inbound The amount of excluded inbound traffic for the protocol identified in the row.

Excluded Outbound(This parameter is available only in DefensePro.)

The amount of excluded outbound traffic for the protocol identified in the row.

Table 451: Traffic Utilization Report: Last Sample Statistics Parameters (cont.)





MIB Support for Traffic-Monitoring DataThis feature is available on DefensePro 7.x versions and 6.x versions with the DME. When the device configuration includes a Network Protection policy, DefensePro exposes MIBs with traffic-monitoring data for the policies. In addition to APSolute Vision, you can use third-party SNMP readers to access the MIB data. DefensePro issues the data at 15-second intervals.

Table 452: Network-Protection-policy Monitoring OIDs and Corresponding MIBs

OID MIB Comment1.3.6.1.4.1.89.35.1.65.188.4 rsTrafficUtilizationPerPolicy

1.3.6.1.4.1.89.35.1.65.188.4.1 rsTrafficUtilizationPerPolicyTableUDP Index for the UDP statistics table.

1.3.6.1.4.1.89.35.1.65.188.4.2 rsTrafficUtilizationPerPolicyTableTCP Index for the TCP statistics table.

1.3.6.1.4.1.89.35.1.65.188.4.3 rsTrafficUtilizationPerPolicyTableICMP Index for the ICMP statistics table.

1.3.6.1.4.1.89.35.1.65.188.4.4 rsTrafficUtilizationPerPolicyTableOTHER Index for the statistics table for other protocols.

1.3.6.1.4.1.89.35.1.65.188.4.5 rsTrafficUtilizationPerPolicyTableSCTP Index for the SCTP statistics table.

1.3.6.1.4.1.89.35.1.65.188.4.6 rsTrafficUtilizationPerPolicyTableIGMP Index for the IGMP statistics table.

1.3.6.1.4.1.89.35.1.65.188.4.<X>.1 rsPolicyNamePerPolicy<Y> <X> refers to one of the indexing tables detailed above. <Y> refers to the protocol according to the <X> value. 1.3.6.1.4.1.89.35.1.65.188.4.<X>.2 rsNewConnectionsPerPolicy<Y>

1.3.6.1.4.1.89.35.1.65.188.4.<X>.3 rsConcurConnections<Y>1

1 – A placeholder (zeros) is displayed here.

1.3.6.1.4.1.89.35.1.65.188.4.<X>.4 rsDroppedPacketsPerPolicy<Y>

1.3.6.1.4.1.89.35.1.65.188.4.<X>.5 rsDroppedBytesPerPolicy<Y>

1.3.6.1.4.1.89.35.1.65.188.4.<X>.6 rsReceivedPacketsPerPolicy<Y>

1.3.6.1.4.1.89.35.1.65.188.4.<X>.7 rsReceivedBytesPerPolicy<Y>




Viewing the Connection Rate ReportThis feature is functional only in DefensePro 6.x and 7.x versions, and 8.x versions 8.10 and later.The Connection Rate Report displays a graph showing connection rate statistics of inbound and outbound traffic.

To view the Connection Rate Report


2. Select Traffic Monitoring > Connections Rate Report.

3. Change display settings for the graph, as required.

Table 453: Connection Rate Report: Display Parameters

Parameter DescriptionScope(link, which displays the table)

The physical ports and the Network Protection policies that the Connection Rate Report shows. By default, the Scope is Any Port or Any Policy (depending on the specified value in the Scope drop-down list). That is, by default, the Connection Rate Report displays all the information.To control the scope of the information that the report shows, see the procedure To control the scope of the information that the report shows, page 557.

Caution: The scope for DefensePro platforms without the DME can be only according to physical ports, not Network Protection policies.


Scope(link, which displays the table)

The scope of the graph view.Values:• Devices/Physical Ports—The graph shows traffic according to physical

ports on the specified device.• Devices/Network Policies—The graph shows traffic according to Network

Protection policies on the specified device. This graph is available only on DefensePro 20, 60, 200, 400, x420, and x4420 devices, and x412 devices with the DME.

Default: Devices/Physical Ports

Caution: In 8.x versions, the Connection Rate Report works only when the Scope is Devices/Network Policies.




To control the scope of the information that the report shows

1. Click . A table opens. The table has either the Device Name and Port columns or the Device Name and Policy columns—according to the specified value in the Scope drop-down list: Devices/Physical Ports or Devices/Policies.


— To limit the physical ports or Network Protection policies that the report displays, select the corresponding checkboxes.



Direction Values:• Both—Show both inbound traffic and outbound traffic. Data for inbound

and outbound are displayed as separate lines, not as totals.• Inbound—Show only inbound traffic.• Outbound—Show only outbound traffic.


Protocol The traffic protocol to display.When you select All, total traffic statistics are displayed.

Select Port Pair(button)(This button is displayed only when the Scope is Devices/Physical Ports.)

Opens the Select Port Pairs dialog box. Select the port pairs relevant for the network topology by moving the required port pairs to the Selected Port Pairs list. All other port pairs should be in the Available Port Pairs list.

Note: You can select port pairs for each direction; however, Radware recommends that you select a port pair in one direction only, and display traffic for both directions, if required. If you select port pairs in both directions, and traffic for both directions, the graph will display the same traffic twice.

Select Policies(This button is displayed only when the Scope is Devices/Policies.)

Opens the Select Policies dialog box. Select the Network Protection policies relevant for the network topology by moving the required policies the Selected Policies list.

Table 453: Connection Rate Report: Display Parameters (cont.)





Viewing the Concurrent Connections ReportThis feature is functional only in DefensePro 6.x and 7.x versions, and 8.x versions 8.10 and later.The Concurrent Connections Report displays a graph showing the rate of current connections for selected port pairs. You can display the information for a selected protocol or the total for all protocols over the last 10, 20, 30, or 60 minutes.

Note: For packets received through the 1G, 10G, or 40G ports, packet-size information and counters do not account for the CRC.

To view the Concurrent Connections Report

1. In the Security Monitoring perspective, select the device, Site, or Logical Group for which to display data.

2. Select Traffic Monitoring > Concurrent Connections Report.


Viewing the Top Queried Domain Names ReportThis feature is available only when viewing a single device running DefensePro 8.x versions 8.13 and later.The Top Queried Domain Names Report displays content only when the selected Scope value is a Network Protection policy with a DNS profile that is configured with a Query Name Monitoring Sensitivity value other than None.

Note: For more information, see the section “Configuring DNS Protection Profiles for Network Protection” in the APSolute Vision online help.Every 10 minutes, DefensePro sends APSolute Vision data about sampled DNS packets, and APSolute Vision recalculates the values and the display of the Top Queried Domain Names Report.

Table 454: Concurrent Connections Report: Display Parameters

Parameter DescriptionDisplay Last How long the graph displays attacks after the attack terminates. That is, the

graph displays all attacks that are currently ongoing or that terminated within the selected period.Values:• 10 Minutes• 20 Minutes• 30 Minutes• 1 HourDefault: 10 Minutes

Protocol The traffic protocol to display. When you select All, total traffic statistics are displayed.




The Top Queried Domain Names Report shows the following:• The 10 most-queried DNS domain names under the specified Network Protection

policy—The list is in descending order; that is, the most-queried domain name is at the top of the list.

• A colored bar beneath each domain name—The width of the colored bar represents the ranking of the domain name. The most-queried domain name is at the top of the list and the colored bar always fills the box. The sequence of the colors of the bars is static; that is, the actual colors have no significance. Inside each colored bar, a number displays the approximate total number of queries from the samples, for the specified period (according to the selected Display Last option). The displayed value is based on a sampling of up to 1000 DNS queries per second.

• A line graph for a selected domain—The graph shows the number of queries—and trend—for the specified period (according to the selected Display Last option). Hovering the mouse on the line opens a popup that shows the sample time (hh:mm:ss) and a Score with the number of queries for that domain name, for that sample.

Figure 61: Top Queried Domain Names Report

To view the Top Queried Domain Names Report

1. In the Security Monitoring perspective, select the device for which to display data.2. Select Traffic Monitoring > Top Queried Domain Names Report.

3. Change display settings, as required.

Table 455: Top Queried Domain Names Report: Display Parameters

Parameter DescriptionScope(drop-down list)

The Network Protection policy whose 10 most-queried DNS domain names the tab displays.




Protection MonitoringProtection Monitoring provides the real-time traffic monitoring per network policy, either for the network as a whole—if BDoS Protection is configured, or for DNS traffic—if DNS Flood Protection is configured. The statistical traffic information that Protection Monitoring provides can help you better understand the traffic that flows through the protected network, how the configured protection is working, and, most importantly, how anomalous traffic is detected.For information about displaying protection information for a selected device, see the following:• Displaying Attack Status Information, page 560• Monitoring the Traffic Under BDoS Protection, page 561• Monitoring the Traffic Under DNS Flood Protection, page 564

Note: The statistical traffic information that Protection Monitoring provides and Traffic Utilization Report are based on different counters. (For information on the Traffic Utilization Report, see Viewing the Traffic Utilization Report, page 549.)

Displaying Attack Status InformationYou can display summary status information for attacks for each configured and enabled protection policy. When there is an attack that violates a Network Protection policy, the table displays an icon indicating the status of the attack in the corresponding row for the relevant attack traffic.

To display attack status information

1. In the Security Monitoring perspective, select the DefensePro device to monitor.2. Select Protection Monitoring > Attack Status Report.

The table comprises the following columns:— Policy Name— IPv4-TCP— IPv4-UDP— IPv4-ICMP— IPv4-DNS

Display Last Determines the following: • The period for the calculation of the 10 most-queried DNS domain

names (the bar graphs and the displayed values)• The time range of the x-axis in the line graph (for a selected domain)Values:• 10 Minutes• 1 Hour• 12 Hours• 24 HourDefault: 10 Minutes

Table 455: Top Queried Domain Names Report: Display Parameters (cont.)





— IPv6-TCP— IPv6-UDP— IPv6-ICMP— IPv6-DNS

3. When an attack icon is displayed in the table, click the icon to display the corresponding attack traffic information.

Monitoring the Traffic Under BDoS ProtectionYou can monitor the traffic for a Network Protection policy that includes BDoS protection.Traffic information is displayed in the following tabs: • BDoS Traffic Statistics, page 562• Last Sample Statistics, page 563

Caution: When traffic matches multiple Network Protection policies with Out-of-State protection, the value that APSolute Vision displays for the total dropped traffic represents the sum of all dropped traffic for all relevant Network Protection policies. This is because when traffic matches multiple Network Protection policies with Out-of-State protection, all those Network Protection policies count the same dropped traffic.

Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and therefore, points on the curves might diverge from the exact values.

To display traffic information for a Network Policy that includes BDoS protection

1. In the Security Monitoring perspective, select the device to monitor.2. Select Protection Monitoring > BDoS Traffic Monitoring Reports.

3. Configure the general parameters for the display of the BDoS Traffic Statistics graph and Last Sample Statistics table.

Table 456: BDoS Traffic Monitoring Reports: General Parameters

Parameter DescriptionScope The Network Protection policy. The list only displays policies that are

configured with a BDoS profile.





BDoS Traffic StatisticsThe graph displays the traffic rates for the selected Network Protection policy according to the specified parameters.

Direction The direction of the traffic that the Statistics Graph and Last Sample Statistics table display.Values: Inbound, Outbound

Units The unit according to which the Statistics Graph and Last Sample Statistics table display the traffic. Values: • Kbps—Kilobits per second• Packets/Sec—Packets per second

Table 457: BDoS Traffic Statistics Parameters

Parameter DescriptionIP Version The IP version of the traffic that the graph displays.

Values: IPv4, IPv6

Protection Type The protection type to monitor.Values:

• TCP ACK FIN• TCP FRAG• TCP RST• TCP SYN• TCP SYN ACK• UDP• ICMP• IGMP• UDP FRAG• TCP

• TCP SYN• SYN ACK• TCP FRAG• TCP RST• TCP ACK FIN• UDP• UDP FRAG• ICMP• Other IP

For DefenseFlow, only the following protection types are available:• UDP• ICMP• TCP• Other

Scale The scale for the presentation of the information along the Y-axis.Values: Linear, Logarithmic

Attack Status (Read-only) The status of the attack.

Table 456: BDoS Traffic Monitoring Reports: General Parameters (cont.)





Last Sample StatisticsUse the Last Sample Statistics table to view information about last relevant sample.

Table 458: Statistics Graph Legend

Line DescriptionTotal Traffic( dark blue)

The total traffic that the device sees for the specific protection type and direction.

Legitimate Traffic( light blue)

The actual forwarded traffic rate, after DefensePro managed to block the attack. When there is no attack, the Total Traffic and Legitimate Traffic are equal.

Normal Edge( dashed green)

The statistically calculated baseline traffic rate.

Suspected Edge( dashed orange)

The traffic rate that indicates a change in traffic that might be an attack.

Caution: DefensePro reports the Suspected Edge in Kbps only. The graph displays the Suspected Edge only when the Scope parameter Units is Kbps (see Table 460 - DNS Traffic Monitoring Reports: General Parameters, page 564). When the Scope parameter Units is Packets/Sec, the graph does not display the Suspected Edge.

Attack Edge( dashed red)

The traffic rate that indicates an attack.

Caution: DefensePro reports the Attack Edge in Kbps only. The graph displays the Attack Edge only when the Scope parameter Units is Kbps (see Table 460 - DNS Traffic Monitoring Reports: General Parameters, page 564). When the Scope parameter Units is Packets/Sec, the graph does not display the Attack Edge.

Table 459: Last Sample Statistics Parameters

Parameter DescriptionTraffic Type The protection type. Each specific traffic type and direction has a baseline

that the device learns automatically.

Baseline The normal traffic rate expected by the device.

Total Traffic The total traffic rate that the DefensePro device sees for the specific traffic type and direction.

Baseline Portion % An indication for the rate invariant baseline—that is, the normal percentage of the specific traffic type to all other traffic in the same direction.

RT Portion % The actual percentage of the specific traffic type relative to all other traffic in the same direction.

Legitimate Traffic (This parameter is not available in DefenseFlow.)

The actual forwarded traffic rate, after the device blocked the attack.When there is no attack, the RT Rate and Legitimate Rate are equal.

Legitimate Portion %(This parameter is not available in DefenseFlow.)

The actual percentage of the forwarded traffic rate of the specified type relative to other types of traffic, after the device blocked the attack.




Monitoring the Traffic Under DNS Flood ProtectionYou can monitor the traffic for a Network Protection policy that includes DNS Flood protection.APSolute Vision displays traffic information in the following tabs: • DNS Traffic Statistics, page 565• Last Sample Statistics, page 565

Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and therefore, points on the curves might diverge from the exact values.

To display traffic information for a Network Protection policy that includes DNS protection

1. In the Security Monitoring perspective, select the device to monitor.2. Select Protection Monitoring > DNS Traffic Monitoring Reports.

3. Configure the general parameters for the display of the Statistics Graph and Last Sample Statistics table.

Traffic Peak(This parameter is available only in DefenseFlow.)

Peak traffic value, in bps, to use in case of a manual action without attack volume information available.

Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or greater signifies an attack.

Table 460: DNS Traffic Monitoring Reports: General Parameters

Parameter DescriptionScope The Network Protection policy. The list only displays rules configured with a

DNS profile.

Direction (Read-only) The direction of the traffic that the Statistics Graph and Last Sample Statistics table display. Values: Inbound

Units (Read-only) The unit according to which the Statistics Graph and Last Sample Statistics table display the traffic.Value: QPS—Queries per second

Table 459: Last Sample Statistics Parameters (cont.)





DNS Traffic StatisticsThe graph displays the traffic rates for the selected Network Protection policy according to the specified parameters.

Last Sample StatisticsUse the Last Sample Statistics tab to view information about the last relevant sample of DNS query statistics. The DefensePro version determines the contents and display of the Last Sample Statistics tab.

Table 461: DNS Traffic Statistics Graph Parameters

Parameter DescriptionIP Version The IP version of the traffic that the graph displays.

Values: IPv4, IPv6

Protection Type The DNS query type to monitor.Values:• Other• Text• A• AAAA• MX• NAPTR• PTR• SOA• SRV


Attack Status (Read-only) The status of the attack.

Table 462: Statistics Graph Legend

Line DescriptionTotal Traffic( dark blue)

The total traffic that the device sees for the specific protection type and direction.

Legitimate Traffic( light blue)

The actual forwarded traffic rate, after DefensePro managed to block the attack. When there is no attack, the Total Traffic and Legitimate Traffic are equal.

Normal Edge1

( dashed green)

1 – This line is not displayed if the protection is configured to use a footprint bypass or manual triggers.

The statistically calculated baseline traffic rate.

Suspected Edge( dashed orange)

The traffic rate that indicates a change in traffic that might be an attack.

Attack Edge( dashed red)

The traffic rate that indicates an attack.




DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and LaterThe Last Sample Statistics tab for DefensePro 8.x versions 8.13 and later is divided into panels for each of the DNS query types.

Note: For more information, see the section “Configuring DNS Protection Profiles for Network Protection” in the APSolute Vision online help.

Figure 62: DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and Later—Example Showing the “A” Panel

Table 463: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later

Parameter DescriptionQuery Type The DNS query type.

Values: • A• AAAA• MX• NAPTR• Other• PTR• SOA• SRV• Text

Degree of Attack(gauge)

A gauge with a color representation of the DefensePro Degree of Attack (DoA) value for the specific query type. Green represents the Normal status. Orange represents the Suspect status. Red represents the Attack status.

General rate statistics

Total Traffic The total rate of traffic, in QPS, that the DefensePro device sees for the specific query type.

The Degree of Attack gauge displays a color representation for the DefensePro Degree of Attack value.

The query type whose information the panel shows.

General rate statistics.

Rate-invariant statistics showing the FQDN-randomization level in the DNS queries.

Rate-invariant statistics showing the query-type distribution.




DNS Last Sample Statistics—for all Versions Other than 8.x Versions 8.13 and LaterThe following table describes the parameters of the Last Sample Statistics tab for all DefensePro versions other than DefensePro 8.x versions 8.13 and later.

Legitimate Traffic The actual forwarded traffic rate, in QPS, for the specific query type, after the device blocked the attack.

Note: When there is no attack, the Total Traffic and Legitimate Traffic values are equal.

Baseline The normal rate of traffic, in QPS, expected by the DefensePro device for the specific query type. Each query type has a baseline that the device learns automatically.

Rate-invariant statistics—query-type distribution (on the left side of the panel)

Baseline Portion % An indication of the rate-invariant baseline—that is, the normal percentage of the specific query type out of all other DNS traffic in the same direction.

Current Portion % The actual percentage of the specific traffic type relative to all other DNS traffic in the same direction.

Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified query type relative to other types of queries, after the device blocked the attack.

Rate-invariant statistics—FQDN Randomization Level (on the right side of the panel)

Baseline Portion % An indication of the FQDN Randomization Level baseline—that is, the normal randomness level, in percent, of FQDNs i the DNS queries of the specific query type.

Current Portion % The actual percentage, representing the FQDN Randomization Level within the DNS queries of the specific query type.

Legitimate Portion % The actual FQDN Randomization Level, in the forwarded traffic after the device blocked the attack.

Table 464: Last Sample Statistics Parameters for All DefensePro Versions Other than DefensePro 8.x Versions 8.13 and Later

Parameter DescriptionTraffic Type The query type. Each specific query type and direction has a baseline that

the device learns automatically.

Baseline The normal traffic rate expected by the device.

Total Traffic The total traffic rate that the DefensePro device sees for the specific query type and direction.

Baseline Portion % An indication for the rate-invariant baseline—that is, the normal percentage of the specific query type out of all other traffic in the same direction.

RT Portion % The actual percentage of the specific query type relative to all other traffic in the same direction.

Legitimate Traffic The actual forwarded traffic rate, after the device blocked the attack. When there is no attack, the RT Rate and Legitimate Rate are equal.

Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type relative to other types of queries, after the device blocked the attack.

Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or greater signifies an attack.

Table 463: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later (cont.)





HTTP ReportsThis feature is functional only in DefensePro 6.x and 7.x versions.This feature is not functional in DefensePro 8.x versions.HTTP Mitigator protection monitors rate-based and rate-invariant HTTP traffic parameters, learns them, and generates normal behavior baselines accordingly.

Note: DefensePro examines the number and rate of HTTP requests. Thus, when HTTP pipelining is used, the detection mechanism remains accurate.You can monitor real-time and historical (normal baseline) values, and analyze HTTP traffic anomalies using the following reports:• Monitoring Continuous Learning Statistics, page 568• Monitoring Hour-Specific Learning Statistics, page 569• HTTP Request Size Distribution, page 570

Monitoring Continuous Learning StatisticsThis feature is functional only in DefensePro 6.x and 7.x versions.This feature is not functional in DefensePro 8.x versions.You can generate and display normal HTTP traffic baselines based on continuous traffic statistics. Continuous learning statistics are based on recent traffic, irrespective of time of day, or day of the week. The learning response period (that is, the exponential sliding-window period on which statistics measurements are based) is set based on the HTTP Mitigator learning sensitivity settings (default: 1 week).To build a comprehensive picture of the traffic of a protected site, the device monitors various HTTP attack statistics. Continuous learning reports display normal HTTP traffic baselines (blue) and real-time HTTP traffic statistics (orange) over the specified recent time period.

Table 465: Continuous Learning Statistics Reports

Channel DescriptionGET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the

protected server.

Other Requests Rate The rate of HTTP requests that are not POST or GET sent per second to the protected server. Other HTTP request methods can be used, but are used less frequently.

Requests Rate per Source The maximum rate of HTTP GET and POST requests per second per source IP address.This parameter characterizes the site users’ behavior, enabling you to recognize abnormal activities, such as scanning or bots. Legitimate users may generate many requests per second, but automatic devices such as bots or scanners generate many more.




Note: Normal Requests per Source and Requests per Connection baseline parameters show the highest number of HTTP requests generated by a single source IP address and TCP connection respectively. This number fades out, unless a higher value is observed, within about 30 seconds.

To display continuous learning HTTP reports

1. In the Security Monitoring perspective, select the device to monitor.2. Select HTTP Reports > Continuous Learning Statistics.

3. Select a report:

— GET and POST Request Rate— Other Requests Rate— Requests Rate per Source— Requests Rate per Connection— Outbound Bandwidth

4. Configure the filter parameters for the graph.

Monitoring Hour-Specific Learning StatisticsThis feature is functional only in DefensePro 6.x and 7.x versions.This feature is not functional in DefensePro 8.x versions.

Requests per Connection The maximum number of HTTP GET and POST requests per TCP connection.This parameter characterizes the site users’ behavior, enabling you to recognize abnormal activities, such as scanning or bots.Many requests over a single TCP connection may indicate bot or scanner activity.

Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP servers sending the responses.

Table 466: HTTP Report Filter Parameters

Parameter DescriptionServer The name of the protected Web server for which to display HTTP traffic

statistics.

Display Last The last number of hours for which the graph displays information.Values: 1, 2, 3, 6, 12, 24Default: 1

Table 465: Continuous Learning Statistics Reports (cont.)

Channel Description




The Hour-Specific Learning Statistics reports display normal traffic baselines for the last week. You can view the hourly distribution of the site requests and outbound HTTP traffic for each day in the past week and for each hour in a day.The normal baseline for each hour in the week is calculated based on historical information for the specific hour in the day and the specific day of the week over the past 12 weeks. The graph is updated every hour.The HTTP Mitigator learns the baseline traffic, and, based on these statistics, reports attacks based on abnormal traffic.

To display hour-specific learning HTTP reports

1. In the Security Monitoring perspective, select the DefensePro device to monitor.2. Select HTTP Reports > Hour-Specific Learning Statistics.

3. Select a report:

— GET and POST Request Rate— Other Requests Rate— Outbound Bandwidth

4. In the Server list, select the protected Web server for which to display information.

HTTP Request Size DistributionThis feature is functional only in DefensePro 6.x and 7.x versions.This feature is not functional in DefensePro 8.x versions.The HTTP Request Size Distribution graph displays the URI size distribution, which shows how server resources are used, and helps you to analyze resource distribution. A large deviation from the normal probability distribution of one or more HTTP request sizes indicates that relative usage of these server resources has increased. The HTTP Request Size Distribution graph x-axis values are request sizes in 10-byte increments. The y-axis values are percentages of requests. The probability reflects the level of usage of each Request size for the protected Web server. In the graph, the blue bars represent normal probability distribution, and the orange bars represent real-time probability (short-term probability) as calculated in intervals of a few seconds.

To display the HTTP request size distribution

1. In the Security Monitoring perspective, select the DefensePro device to monitor.2. Select HTTP Reports > HTTP Request Size Distribution.


Table 467: Hour-Specific Learning Statistics Reports

Channel DescriptionGET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the

protected server.

Other Requests Rate The rate of HTTP requests that are not POST or GET sent per second to the protected server. Other HTTP request methods can be used, but are used less frequently.

Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP pages sent as responses.




Table 468: HTTP Request Size Distribution Settings

Parameter DescriptionServer The protected server for which to display information.



CHAPTER 23 – USING THE APSOLUTE VISION DASHBOARDS

The following topics describe the APSolute Vision dashboards and how to use them:• Using the Application SLA Dashboard, page 573• Using the Security Control Center, page 576• Using the Service Status Dashboard, page 582

Tip: You can select one of the APSolute Vision dashboards as your landing page. APSolute Vision administrators can select one of the APSolute Vision dashboards as the landing page for new users. For more information, see Selecting Your Landing Page, page 100 or Configuring APSolute Vision Display Parameters, page 153.

Using the Application SLA DashboardThis feature requires an APM license.Users whose RBAC role supports Alteon and LinkProof NG can access the Application SLA Dashboard.Use the Application SLA Dashboard to do the following:• View the high-level status of each APM-enabled ADC (Alteon or LinkProof NG) service, which use

the following indicators:

— OK—The status is OK according to the corresponding module.

— Warning—The status is Warning according to the corresponding module is nominal.

— Critical—The status is Critical according to the corresponding module is nominal.

— Not Available—The Application SLA Dashboard cannot display the status because the feature is not supported on the Alteon platform or the required license is not installed.

— No Data—The Application SLA Dashboard cannot display the status because no traffic transactions were generated in the collection interval.

— Communication Error—The Application SLA Dashboard cannot display the status because of a problem with the Alteon or server.

• Hover over an icon in the dashboard to view additional information.• Click an icon on the dashboard to go to the related APM dashboard, Alteon dashboard, or

Application Delivery View dashboard. For more information on APM, see the Application Performance Monitor User Guide.


Using the APSolute Vision Dashboards


Figure 63: Application SLA Dashboard

To view the Application SLA Dashboard

> In the APSolute Vision Settings view Dashboards perspective, select Application SLA Dashboard.

Table 469: Application SLA Dashboard Parameters

Name Display Hover Display (Tooltip) Click ActionApplication Name The application

name in APM. None None

User Experience SLA The User Experience (UE) SLA status—green (acceptable), orange (warning), and red (critical alert)—during the last 15 minutes.1

Parameters:• UE SLA %• Avg UE Time• Rendering Time• Network Time

Opens APM and goes to the related User Experience Application Dashboard.

Data Center SLA The Data Center (DC) Experience SLA status—green (acceptable), orange (warning), and red (critical alert)—during the last 15 minutes.

Parameters: DC SLA %, Avg DC Time

Opens APM and goes to the related Data Center Application Dashboard.




Service Availability(The Application SLA Dashboard resolves this parameter only for Alteon version 30.0 and later.)

The indicator for the availability of the application —green (acceptable), orange (warning), and red (critical alert)—during the last 15 minutes.2

Parameters:• Status• Successful/Total

Opens the Service Status View dashboard of the Alteon that manages the service.

Service Throughput (Mbps)(The Application SLA Dashboard resolves this parameter only for Alteon version 30.2 and later.)

The throughput, in Mbps, for the application.

The throughput, in Mbps, for the application.

Opens the Application Delivery View dashboard of the Alteon that manages the service.

Infrastructure The indicator for the health of the Alteon hardware and software resources.

Parameters:• Device Name• Management IP• Device Status• CPU SP (Avg)• CPU MP• Cache• Hard drive• Session• Throughput License• SSL LicenseAdditional parameters for physical devices:• Fan Info (curr/max)• Temperature (Critical

/ High / Normal)

Opens the System View dashboard of the Alteon that manages the service.

1 – The status is the same as that in APM. The dashboard displays the status only if the service has generated transactions and APM data is available.

2 – This is based on one poll per minute for the last 15 minutes—Green (OK): 0 (zero) service-down records. Amber (Warning): 1–2 service-down records. Red (Critical): 3 or more service-down records.

Table 469: Application SLA Dashboard Parameters (cont.)

Name Display Hover Display (Tooltip) Click Action




Using the Security Control CenterThe Security Control Center enables users with the proper roles (see Role-Based Access Control (RBAC), page 68) to view and monitor the following:• Radware security products and modules:

— DefensePro®—DefensePro is a real-time attack-mitigation device that protects organizations against emerging network and application cyber-attacks. For Security Control Center information, see DefensePro Information in the Security Control Center, page 577.

— DefenseFlow®—DefenseFlow is a network-wide attack detection and cyber command and control application designed to protect networks against known and emerging network attacks that threaten network resources availability. For Security Control Center information, see DefenseFlow Information in the Security Control Center, page 578.

— AppWall®—AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure delivery of mission-critical Web applications. For Security Control Center information, see AppWall Information in the Security Control Center, page 578.

— APSolute Vision Reporter—APSolute Vision Reporter (AVR) provides historical reporting of security information. For Security Control Center information, see APSolute Vision Reporter Information in the Security Control Center, page 578.

— APSolute Vision Analytics—APSolute Vision Analytics provides real-time and historical reports of information from DefensePro version-8.x devices. For Security Control Center information, see APSolute Vision Analytics Information in the Security Control Center, page 579.

• Radware subscription security services:— Emergency Response Team—Radware’s ERT premium service is an extended set of

services that includes 24/7 monitoring and blocking of DDoS attacks, provided by a group of dedicated security experts. For Security Control Center information, see Emergency Response Team Information in the Security Control Center, page 579.

— Radware Cloud DDoS Protection—Radware Cloud DDoS Protection is a cloud-based DDoS scrubbing service that provides volumetric DDoS attack mitigation and Internet pipe saturation defense measures. For Security Control Center information, see Radware Cloud DDoS Protection Information in the Security Control Center, page 579.

— Radware Security Signatures (SUS)—Radware’s Security Update Service (SUS) is a subscription service for security advisories and signature updates, which delivers rapid and continuous updates. For Security Control Center information, see Radware Signature-Update-Service (SUS) Information in the Security Control Center, page 579.

— Fraud Security Signatures—The Fraud Signature Protection subscription provides protection against fraud and phishing attacks using the DefensePro Fraud Protection module. For Security Control Center information, see Fraud Security Signatures Information in the Security Control Center, page 580.

— ERT Active Attackers Feed—The ERT Active Attackers Feed is a subscription service that updates DefensePro devices with IP addresses of known attackers that were recently active. The feed is generated by Radware’s Threat Research Center. For Security Control Center information, see ERT Active Attackers Feed Information in the Security Control Center, page 581.




Each tab displays one of the following global-status indicators, in addition to the label (for example, DefensePro):

• —OK.

• —Mixed results.

• —Warning or Fail.

• —Not enough data, polling data, or the Security Control Center cannot determine the status.

To open the Security Control Center

> Do one of the following:— In the APSolute Vision Settings view Dashboards perspective, select Security Control

Center.

— Click the (Security Control Center) button in the APSolute Vision toolbar.

DefensePro Information in the Security Control CenterThe DefensePro node of the Security Control Center can show the following global-status indicators:

• —The APSolute Vision server is managing one or more DefensePro devices with enabled policies.

• —The APSolute Vision server is managing one or more DefensePro devices, but none have any enabled policy.

• —The APSolute Vision server is managing no DefensePro devices.

• —The Security Control Center has not yet determined the status.

When the global status is OK or mixed-results, the DefensePro node of the Security Control Center displays the parameters described in the following table.

Table 470: Security Control Center: DefensePro Parameters

Parameter DescriptionTotal managed DefensePro devices The number of DefensePro device that the APSolute Vision

server is managing.

Total Policies The number of DefensePro Network Protection policies and Server Protection policies.

Enabled Policies The number of enabled DefensePro Network Protection policies and Server Protection policies.

Disabled Policies The number of disabled DefensePro Network Protection policies and Server Protection policies.




DefenseFlow Information in the Security Control CenterThe DefenseFlow node of the Security Control Center can show the following global-status indicators:

• —DefenseFlow is available.

• —DefenseFlow is not available.

• —The Security Control Center cannot determine the status.

AppWall Information in the Security Control CenterThe AppWall node of the Security Control Center can show the following global-status indicators:

• —The APSolute Vision server is managing one or more AppWall devices, which is reporting to the associated APSolute Vision Reporter.

• —The APSolute Vision server is managing s or more AppWall devices, but one or more of the AppWall devices is not reporting to the APSolute Vision Reporter that is associated with this APSolute Vision server.

• —The APSolute Vision server is managing no AppWall devices.


When the global status is OK or mixed-results, the AppWall node of the Security Control Center displays the parameters described in the following table.

Table 471: Security Control Center: AppWall Parameters

APSolute Vision Reporter Information in the Security Control CenterThe APSolute Vision Reporter node of the Security Control Center can show the following global-status indicators:

• —The APSolute Vision server has a license for AVR, and AVR is available.

• —The APSolute Vision server has no license for AVR, or AVR is unavailable.

• —The Security Control Center cannot determine the AVR status.

Parameter DescriptionAppWall devices Managed by APSolute Vision

The number of AppWall devices that the APSolute Vision server is managing.

AppWall devices Monitored by APSolute Vision Reporter

The number of AppWall devices that APSolute Vision Reporter is monitoring.




APSolute Vision Analytics Information in the Security Control CenterThe APSolute Vision Analytics node of the Security Control Center can show the following global-status indicators:

• —The APSolute Vision server has a license for the APSolute Vision Analytics, and APSolute Vision Analytics is available.

• —The APSolute Vision server has no license for APSolute Vision Analytics, or APSolute Vision Analytics is unavailable.

• —The Security Control Center cannot determine the APSolute Vision Analytics status.

Emergency Response Team Information in the Security Control CenterThe Emergency Response Team (ERT) node of the Security Control Center shows whether you have the Radware ERT Premium service.

Radware Cloud DDoS Protection Information in the Security Control CenterThe Radware Cloud DDoS Protection node of the Security Control Center can show the following global-status indicators:

• —The Radware Cloud DDoS Protection service is configured in the system.

• —The Radware Cloud DDoS Protection service is not configured in the system.


Tip: Users with a proper role can click the (Settings) icon to specify the Radware Cloud DDoS Protection URL (see Configuring the Radware Cloud DDoS Protection Setting, page 151).

Radware Signature-Update-Service (SUS) Information in the Security Control CenterThe Radware Security Signatures (SUS) node of the Security Control Center can show the following global-status indicators:

• —All the DefensePro devices are using the latest signature file.

• —Only some of the DefensePro devices are using the latest signature file version.

• —No DefensePro devices are using the latest signature file (whether or not they have a subscription).





Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and configure an Update Security Signature Files task (see Update Security Signature Files—Parameters, page 295).

When the global status is OK or mixed-results, the Radware Security Signatures (SUS) node of the Security Control Center displays the parameters described in the following table.

Table 472: Security Control Center: Radware Security Signatures (SUS) Parameters

Fraud Security Signatures Information in the Security Control CenterThe Fraud Security Signatures node of the Security Control Center can show the following global-status indicators:

• —All of the DefensePro devices were updated with fraud signatures in the last hour.

• —Only some of the DefensePro devices were updated with fraud signatures in the last hour.

• —No DefensePro devices were updated with fraud signatures in the last hour.


Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and configure an Update Security Signature Files task (see Update Fraud Security Signatures—Parameters, page 296).

When the global status is OK or mixed-results, the Fraud Security Signatures node of the Security Control Center displays the parameters described in the following table.

Table 473: Security Control Center: Fraud Security Signatures Parameters

Parameter DescriptionLatest Signature Release The identifier or the Signature file.

Total DefensePro Devices The number of DefensePro devices that the APSolute Vision server is managing.

DefensePro Devices Using Latest Signature File Release

The number of DefensePro devices using the latest signature-file release.

DefensePro Devices Requiring Signature File Update

The number of DefensePro devices not using the latest signature-file release.

DefensePro Devices Without Signature File Update Subscription

The number of DefensePro devices that do not have a subscription for Signature File updates.

Parameter DescriptionDefensePro Devices Updated in Last Hour

The number of DefensePro devices (managed by the APSolute Vision server) that were updated in the last hour.

DefensePro Devices Not Updated in Last Hour

The number of DefensePro devices (managed by the APSolute Vision server) that were not updated in the last hour.




ERT Active Attackers Feed Information in the Security Control CenterThe ERT Active Attackers Feed node of the Security Control Center can show the following global-status indicators:

• —All of the DefensePro devices were updated with the ERT Active Attackers Feed in the last run of the ERT Active Attackers Feed for DefensePro scheduled task.

• —Only some of the DefensePro devices were updated with the ERT Active Attackers Feed in the last run of the ERT Active Attackers Feed for DefensePro scheduled task.

• —No DefensePro devices were updated with the ERT Active Attackers Feed in the last run of the ERT Active Attackers Feed for DefensePro scheduled task.


Note: For information on the ERT Active Attackers Feed for DefensePro scheduled task, see ERT Active Attackers Feed for DefensePro—Parameters, page 305.

Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and configure an ERT Active Attackers Feed for DefensePro task.

When the global status is OK or mixed-results, the ERT Active Attackers Feed node of the Security Control Center displays the parameters described in the following table.

Table 474: Security Control Center: ERT Active Attackers Feed Parameters

DefensePro Devices Not Using fraud Subscription

The number of DefensePro devices (managed by the APSolute Vision server) without a Fraud Signature Protection subscription.

Parameter DescriptionLast ERT Active Attackers Feed The time that APSolute Vision received the last feed.

Note: The time format is according to the configuration (see Configuring APSolute Vision Display Parameters, page 153).

Last Run The time that APSolute Vision last ran an ERT Active Attackers Feed for DefensePro task.

Note: The time format is according to the configuration (see Configuring APSolute Vision Display Parameters, page 153).

DefensePro Devices Updated in Last Run

The number of DefensePro devices (managed by the APSolute Vision server) that were updated in the last run of the ERT Active Attackers Feed for DefensePro scheduled task.

DefensePro Devices Not Updated in Last Run

The number of DefensePro devices (managed by the APSolute Vision server) that were not updated in the last run of the ERT Active Attackers Feed for DefensePro scheduled task.





Using the Service Status DashboardThis feature is operational only in standalone, VA, and vADC. This feature is available only with Alteon and LinkProof NG version 30.0 and later.The Service Status Dashboard enables users with the proper roles to view configuration and status information about the following ADC objects of up to 10 managed ADC devices:• Virtual services• AppShape++ scripts• Content rules• Server groups• Real servers• WAN links

The Service Status Dashboard includes doughnut charts that show summary information and a tree view with more detailed information. For information on the different statuses, see Status Criteria, page 586.You can manage the set of devices that the Service Status Dashboard shows and filter objects in the tree view using the filter dialog box. For more information, see Managing Set of Devices that the Service Status Dashboard Shows and the Objects in the Tree View, page 584.

Figure 64: Filter Dialog Box

You can pause and resume the refresh of Service Status Dashboard display.

Figure 65: Use the Slider to Pause or Refresh the Display of the Service Status Dashboard

DefensePro Devices Not Using ERT Active Attackers Feed Subscription

The number of DefensePro devices (managed by the APSolute Vision server) without an ERT Active Attackers Feed subscription.





Notes

• For information about roles in APSolute Vision, see Role-Based Access Control (RBAC), page 68.

• By default, the information in the Service Status Dashboard refreshes every 15 seconds. You can modify the rate by modifying the value for the APSolute Vision Polling Interval for Reports parameter (see Configuring Monitoring Settings, page 126).

• The Service Status Dashboard may not be able to fetch data from the ADC for several reasons, for example:

— The ADC statistics are not ready.— The ADC is unavailable.— There is some exception on the APSolute Vision side or the ADC side.

To view the Service Status Dashboard

> In the APSolute Vision Settings view Dashboards perspective, select Service Status Dashboard.

Service Status Dashboard Doughnut ChartsThe Service Status Dashboard shows the following doughnut charts:• Virtual services—The total number of virtual services configured on the managed devices and

the percentage in each status (Up, Warning, Down, Admin Down, and Shutdown). • Server groups—The total number of server groups configured on the managed devices and the

percentage in each status (Up, Warning, Down, and Admin Down). • Real servers—The total number of real servers configured on the managed devices and the

percentage in each status (Up, Warning, Down, Admin Down, and Mixed). The Mixed status indicates that the real server is associated with multiple server groups, and the statuses are not the same.

Tip: Click a segment in a doughnut chart to apply a filter to the corresponding objects in the status tree.

Tip: Hover over a segment in a doughnut chart to display more exact values.

Service Status Dashboard-Status TreeThe status tree displays detailed status information for up to 10 Alteon and LinkProof NG devices that the APSolute Vision server manages.The status of each node in the tree is identified with an icon. For information on the different statuses, see Status Criteria, page 586.

Figure 66: Service Status Legend




Under each device node, all the second-level nodes in the tree—the virtual-service nodes—are collapsed.Expanding a device node displays the following:• Virtual Service ID: <ID>, <Application> (<port> <tcp|udp>), Action: <action>

where: — <ID> is the specified ID of the virtual service.

— <Application> is the specified Application of the virtual service, for example: basic-slb, http, or https. For information on the Application parameter, see the APSolute Vision online help.

— <Port> is the specified port number of the of the virtual service.— <tcp|udp> is the relevant protocol of the virtual service.— <action> is either the specified Action (Group, Redirect, or Discard) when the

Application is HTTP or HTTPS (group, redirect, discard) or group for all other Application values.

• AppShape++ Script (Always Up)—Specifies that a virtual service is always be available, even if all servers are down, when an AppShape++ script is attached to the service.The Service Status Dashboard displays this node only under the following conditions: — In version 30.2.5 and later, version 30.5.3 and later, and version 31.0 and later—

The virtual service is configured with one or more AppShape++ scripts and the Service Always Up options is Enable. For more information on the Service Always Up parameter, see the APSolute Vision online help.

— In versions earlier than 30.2.5, earlier than 30.5.3, and earlier than 31.0—The virtual service is configured with one or more AppShape++ scripts.

• Content Rules—This node is displayed only if the virtual service is configured with one or more content rules. The Service Status Dashboard displays content rules numerically, each in the format <Rule ID>, Action: <Action>, Group: <Group name>.

• Group ID: <ID>—The ID of the server group, and includes the following nodes sorted alphanumerically, each in the format <Real server ID>,<IP address>.

• WAN Link ID: <ID>, <WAN Link Router IP address>—This node is displayed only if the virtual service is configured with a WAN link.

Note: Backup real servers and backup groups appear in the tree only when they are active.

Managing Set of Devices that the Service Status Dashboard Shows and the Objects in the Tree ViewUse the following procedure to modify the set of managed ADC devices that the Service Status Dashboard shows. The Service Status Dashboard can show up to 10 managed ADC devices. If there are more than 10 managed ADC devices, by default, the Service Status Dashboard shows the first 10 devices.




Applying a filter refreshes the tree view (not the doughnut charts) and shows the updated statuses and objects based on the filter criteria.

To manage the set of devices that the Service Status Dashboard Shows and the objects in the tree view

1. In the APSolute Vision Settings view Dashboards perspective, select Service Status Dashboard.

2. Click the filter funnel icon ( ) at the top-left of the Service Status Dashboard.

3. Configure the filter parameters and click APPLY.

Table 475: Filter Parameters of the Service Status Dashboard

Filter Category DescriptionFREE TEXT Free text that filters the results according to ID or other identifier.

For example:• You can filter for a real server by entering its IP address.• You can filter for a group by entering the suffix of its ID.Default: Empty

STATUS Values:• Up—Shows the selected object types with the Up status.• Down—Shows the selected object types with the Down status.• Admin Down—Shows the selected object types with the Down status.• Warning—Shows the selected object types with the Warning status.• Shutdown—Shows the specified object types with the Shutdown status. This

value is available only in version 30.2.3 and later.• Mixed—Shows the selected object types with the Down status and the

Warning status.Default: All items are selected.

Note: For more status information, see Status Criteria, page 586.

TYPE Values:• Virtual Service—Shows the virtual services that match the other criteria.• Server Group—Shows the server groups that match the other criteria.• Real Server—Shows the real servers that match the other criteria.• Content Rule—Shows the content rules that match the other criteria.• WAN Link—Shows the WAN links that match the other criteria.Default: All items are selected.

DEVICES The ADC devices that are configured on the APSolute Vision server. The selected lines indicate the devices that Service Status Dashboard can shows. The Service Status Dashboard can show only 10 devices.Click in a highlighted line to remove the device from the set of devices that the Service Status Dashboard shows. Click in a unlighted line to add the device to the set of devices that the Service Status Dashboard shows. Default: The first 10 devices are selected.




To cancel the filter application of the status tree, but retain the filter configuration



3. Configure the filter parameters and click CANCEL.

To cancel the filter application of the status tree and revert the filter configuration to the default



3. Configure the filter parameters and click CLEAR.

Status CriteriaThis section describes the status criteria for the items in the Service Status Dashboard, and contains the following:• Device Status Criteria, page 586• Real Server Status, page 586• Server Group Status, page 587• Content Rules per Virtual Service Status, page 587• Virtual Service Status, page 587• WAN Link Status, page 587

Device Status CriteriaThe status of a device that is shown in the Service Status Dashboard can be one of the following:• Down—One or more virtual services on the device has the status Down, Admin Down or

Shutdown.• Up—The device and its services are up.

Real Server StatusThe status of a real server that is shown in the Service Status Dashboard can be one of the following:• Admin Down—Configuration disabled (either globally or in the group).• Shutdown—Operationally disabled (either globally or in the group).• Down—The real server health check failed.• Warning—The real server is in the No-new-sessions state or the Recovery state.• Up—The real server health check state is UP.




Server Group StatusThe the Service Status Dashboard determines the status of a server group status according to the status of its real servers.A group is considered to be in the Warning state in the following conditions:• At least one real server is in the Warning state.• Some of the real servers in the group are in Down and some are in the UP state.

Content Rules per Virtual Service StatusThe status of a content rule that is shown in the Service Status Dashboard can be one of the following:• Admin Down—The content rule is disabled.• Up—For a redirect or discard action.• The status of the group—For a group action.

Virtual Service StatusThe Service Status Dashboard calculates the status of a virtual service according to the following:• The content rule status.• If at least one enabled AppShape++ script is associated to the service.• The service-action status, as follows:

— For an HTTP or HTTPS service, you can specify Group, Redirect, or Discard actions. — For a non-HTTP/S services, the action is always (implicitly) Group.

Note: When the specified Action is Group, the service-action status is the Group status. When the Action is Redirect or Discard, the service-action status is always Up.

WAN Link StatusThe status of a WAN link service that is shown in the Service Status Dashboard can be one of the following:• Admin Down—Configuration disabled (either globally or in the group).• Shutdown—Operationally disabled (either globally or in the group).• Down—The WAN link health check failed.• Warning—The WAN link is in the No-new-sessions state or the Recovery state.• Up—The WAN link health-check state is Up.


CHAPTER 24 – APSOLUTE VISION CLI COMMANDS

Users with the Administrator or the Vision Administrator role can use APSolute Vision CLI commands to manage the APSolute Vision server.

Caution: Radware strongly recommends that the system administrator follow the recommended basic security procedures. The basic security procedure use the APSolute Vision CLI and affect access to the APSolute Vision CLI. For more information, see Recommended Basic Security Procedures, page 95 and System User Password Commands, page 652.

APSolute Vision CLI includes the following capabilities:• Consistent, logically structured and intuitive command syntax• Command completion using the TAB key • Paging and selection commands.• Command history• Short and long help for every menu and command

All configuration changes that are made using CLI commands are sent to the APSolute Vision server audit log.This chapter contains the following sections:• Accessing APSolute Vision CLI, page 589• Command Syntax Conventions, page 590• Main CLI Menu, page 591• General CLI Commands, page 591• Network Configuration Commands, page 593• System Commands, page 602• Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2

Platform, page 655• Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute Vision,

page 656

Accessing APSolute Vision CLIAccess to the APSolute Vision CLI is available only to users with the Administrator or Vision Administrator role. If your user account is defined through an external authentication server:• To access the CLI, you need to first log in to the APSolute Vision WBM.• There is a 60-day inactivity timeout. That is, if you have not logged in to APSolute Vision server

for 60 days, you must again log in to the APSolute Vision WBM before you can log in to the APSolute Vision CLI.

The CLI login username and password is case sensitive.APSolute Vision supports up to 15 concurrent CLI users.


APSolute Vision CLI Commands


You can access the APSolute Vision CLI using a serial cable and terminal emulation application, or from an SSH client. Terminal settings for the APSolute Vision server are as follows:• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform• Data bits: 8• Parity: None• Stop bits: 1• Flow control: None• APSolute Vision CLI uses Control-? (127) for the Backspace key.• When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes

for idle connections. If an SSH connection is idle for five minutes, APSolute Vision terminates the session.

• Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that your SSH client does not attempt GSSAPI authentication.

Command Syntax ConventionsThe following table describes the command syntax conventions used in this chapter.

Syntax Convention Description Example Bold Bold text designates information that must be

entered on the command line exactly as shown. This applies to command names and non-variable options.

net dns get

Angle Brackets (<>) The information enclosed in brackets (<>) is variable and must be replaced by whatever it represents. In the example shown, you must replace <filename> with the name of the specific file.

<filename>

Brackets ([ ]) The information enclosed in square brackets ([ ]) is optional. Anything not enclosed in brackets must be specified.

[-s <size>]

Curly brackets containing vertical bar or bars({ | })

Curly brackets ({ }), also called braces, identify a set of mutually exclusive options, which are separated by a pipe ( | ). You can enter only one of the options in a single use of the command. Each option within the braces can be optional or required, and variable or non-variable.In the example shown, you can specify a value for the variable <host_ip>, or use the non-variable option, default.

{<host_ip>|default}




Main CLI MenuThe following table describes the main CLI menu commands:

General CLI CommandsThis section describes the following APSolute Vision CLI commands:• exit• help• history• ping• reboot• shutdown• grep• more

exitLogs out of the APSolute Vision CLI session.Syntax

exit

Command Description

exit Logs out of the APSolute Vision CLI session. For more information, see exit, page 591.

help Displays help for menus and commands. You can also use the ? key. For more information, see help, page 592.

history Displays a history of previously run commands. For more information, see history, page 592.

net Commands to display and configure network interface settings and IP routing. For more information, see Network Configuration Commands, page 593.

ping Pings a host on the network to test its availability. For more information, see ping, page 592.

reboot Stops all processes and then reboots the APSolute Vision server. For more information, see reboot, page 592.

shutdown Stops all processes and then shuts down the APSolute Vision server. For more information, see shutdown, page 593.

system System commands for the APSolute Vision server. For more information, see System Commands, page 602.

grep Selects lines containing a match for the specified regular expression. For more information, see grep, page 593.

more Paginates command output. For more information, see more, page 593.




helpDisplays help for a command or menu. You can also use the ? key.

Examples A net? displays help for the net menu.

B net management-ip? displays help for the net management-ip command.

Tip: To display the list of commands for a menu, enter the menu name and press Enter.

historyDisplays a history of the previously run commands.Syntax

history [-<num>]

Tip: To paginate results, use history | more.To view command history for specific commands or menus, use |grep.

Example history | grep sys

Displays the history of commands containing the string sys.

pingPings a host on the network to test its availability.Syntax

ping <IP_address> <N>

rebootStops all processes and then reboots the APSolute Vision server.Syntax

reboot

<num> The number of previous commands to display, starting from the current command. The default is the last 50 commands.

Optional

<IP_address> IP address of the host to ping. Required

<N> Number of packets to send.If N is 0, the device will ping indefinitely. Use Ctrl-C to stop.

Required




shutdownStops all processes and then shuts down the APSolute Vision server.Syntax

shutdown

grepSelects lines containing a match for the specified regular expression. You can use this command only concatenated to other commands that produce output.Syntax

| grep <regexp>

Tip: Use this command with history and timezone list commands to filter output.

morePaginates command output. You can use this command only concatenated to other commands that produce output.Syntax

| more

Tip: Use this command with history and timezone list commands to paginate output.

Network Configuration CommandsThe net menu includes the following command types to display and configure network interface settings and IP routing:• Network DNS Commands, page 593• Net Firewall Commands, page 595• Network IP Interface Commands, page 596• Network NAT Commands, page 597• Network Physical Interface Commands, page 598• Network Routing Commands, page 599

Network DNS CommandsUse net dns commands to display and configure DNS server settings.

The net dns commands comprise the following:

• net dns get• net dns set primary

<regexp> The regular expression string to match. Required




• net dns set secondary• net dns set tertiary• net dns delete primary• net dns delete secondary• net dns delete tertiary

net dns getDisplays the IP address for each configured DNS server.Syntax

net dns get

net dns set primaryAdds a primary DNS server to the DNS server table. If a primary DNS server already exists, the new configuration overwrite the old one.Syntax

net dns set primary <IP_address>

net dns set secondaryAdds a secondary DNS server to the DNS server table if there is an existing configuration of a primary DNS server. If there is no primary DNS server, APSolute Vision defines the secondary server as the primary. If a secondary DNS server already exists, the new configuration overwrite the old one.Syntax

net dns set secondary <IP_address>

net dns set tertiaryAdds a tertiary DNS server to the DNS server table if there is an existing configuration of a primary and secondary DNS server. If there is no primary and secondary DNS server, APSolute Vision defines the tertiary server as the next-higher-level server (primary or secondary). If a tertiary DNS server already exists, the new configuration overwrite the old one.Syntax

net dns set tertiary <IP_address>

net dns delete primaryDeletes the primary DNS server.Syntax

net dns delete primary

<IP_address> The IP address of the primary DNS server. Required

<IP_address> The IP address of the secondary DNS server. Required

<IP_address> The IP address of the tertiary DNS server. Required




net dns delete secondaryDeletes the secondary DNS server.Syntax

net dns delete secondary

net dns delete tertiaryDeletes the tertiary DNS server.Syntax

net dns delete tertiary

Net Firewall CommandsUse net firewall commands to manage L4 ports other than the ports that are opened by the APSolute Vision installation.

Note: For information on the ports opened by the APSolute Vision installation, see UDP/TCP Ports and IP Protocols, page 765.

The net firewall commands comprise the following:

• net firewall open-port set• net firewall open-port list

net firewall open-port set Opens or closes a specified port in the firewall other than a port opened by the APSolute Vision installation (see UDP/TCP Ports and IP Protocols, page 765). Syntax

net firewall open-port set <port_number> {open|close}

net firewall open-port list Lists the currently open ports in the firewall that were opened using the net firewall open-port set <port_number> open command.

Syntax

net firewall open-port list

<port_number> The L4 TCP port in the firewall. Required

{open|close} The open argument in the command opens the port in the firewall.

The close argument in the command closes a port that was opened with the net firewall open-port set <port_number> open command.

Required




Network IP Interface CommandsUse net ip commands to display and configure APSolute Vision server network-interface settings and define the following ports on the APSolute Vision server:• G1, G2, G3, and G4—When running as a virtual appliance (VA)• G1 and G2—When running on an OnDemand Switch VL (ODS-VL) platform• G3, G5, and G7—When running on an OnDemand Switch VL2 (ODS-VL2) platform

Note: After changing the configuration of a management port, G1 or G2—or G3 or G5, you must restart the APSolute Vision server.

The net ip commands comprise the following:

• net ip set• net ip delete• net ip get• net ip management set

net ip setConfigures an IP address for APSolute Vision server network interfaces.

Notes

• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.

• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and G2.

• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3, G5, and G7.

Syntax

net ip set <IP_address> <netmask> {G1|G2|G3|G4|G5|G7}

net ip deleteDeletes an IP address from a port on the APSolute Vision server.

Notes




<IP_address> The IP address of the network interface. Required

<netmask> The subnet for the network interface. Required

{G1|G2|G3|G4|G5|G7} Specifies whether the interface is on port G1, G2, G3, G4, G5, or G7.

Required




Syntax

net ip delete {G1|G2|G3|G4|G5|G7}

net ip getDisplays the MAC addresses and other information about the configured network interfaces. Syntax

net ip get

net ip management setSets the network interface on which APSolute Vision listens for incoming traps and messages from managed devices. Managed devices must be able to reach the APSolute Vision management IP address. When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL (ODS-VL) platform, the management port can be either G1 or G2, but not both simultaneously. When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the management port can be either G3 or G5, but not both simultaneously.This is the interface that APSolute Vision registers in the event-target table on managed devices.

Notes

• When APSolute Vision is running as a virtual appliance (VA), you can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G1, G2, and G3.

• When APSolute Vision is running on an OnDemand Switch VL (ODS-VL) platform, you can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G1 and G2.

• When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, you can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G3, G5, and G7.

Syntax

net ip management set {G1|G2|G3|G5}

Network NAT CommandsTo access APM or DPM from an APSolute Vision server that is deployed behind a network address translation (NAT), use the net nat commands described in this section.

The net nat commands comprise the following:

• net nat get• net nat set hostname• net nat set ip• net nat set none

net nat getGets the NAT-host configuration for the server.

{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server whose IP address will be deleted.

Required

{G1|G2|G3|G5} The port on the APSolute Vision server. Required




Syntax

net nat get

net nat set hostnameSets a hostname for the APSolute Vision server. Use this option when the APSolute Vision server is deployed behind a NAT to enable APSolute Vision clients to access the server both from the internal and external network. With this option, all clients must be configured to resolve the specified hostname—for example, using a DNS server or modifying the hosts file. Clients behind the NAT of the APSolute Vision server local IP address must be configured to resolve the hostname to the external NAT IP address. Clients inside the local subnet of the APSolute Vision server must be configured to resolve the hostname to the internal IP address.Syntax

net nat set hostname <hostname>

net nat set ipSets the external NAT IP address of the APSolute Vision server. Use this option when access is required only from an external IP address.

Caution: The specified IP address must be routable from the client machine.

Syntax

net nat set ip <IP address>

net nat set noneRemoves the server-NAT configuration. The APSolute Vision server will be accessible to clients only using the internal Management IP address.Syntax

net nat set none

Network Physical Interface CommandsUse net physical-interface commands to display and configure network physical interface settings on the APSolute Vision server.

The net physical commands comprise the following:

• net physical-interface get• net physical-interface set

<hostname> The hostname used for APSolute Vision server-client communication when NAT is used. The hostname must conform to RFC 952.

A period (.) is allowed only if the specified nat hostname is the same as the system hostname. To set the system hostname (see System Hostname Commands, page 637).

Required

<IP address> The IP address of the APSolute Vision server from an external network.

Required




net physical-interface getDisplays speed and duplex mode for each accessible network physical interface on the APSolute Vision server. Displays whether a physical interface is down, and whether auto-negotiation mode is set.Syntax

net physical-interface get

net physical-interface setConfigures the speed and duplex mode for a network physical interface using manual settings or by setting auto-negotiation. The speed and duplex arguments take precedence over the auto-negotiation setting. That is, if you change the speed and/or duplex setting, APSolute Vision sets auto-negotiation to OFF automatically.On APSolute Vision VA platforms, this command is not supported. The values, which apply to the virtual NIC card, are static—with auto-negotiation OFF, the speed 10,000 Mbps (10 Gbps), and full duplex mode ON. Syntax

net physical-interface set {G1|G2|G3|G5} autoneg {on|off} speed {10|100|1000} duplex {half|full}

Examples A net physical-interface set G1 autoneg on

B net physical-interface set G2 speed 1000 autoneg off

C net physical-interface set G1 duplex half speed 10 autoneg off

Network Routing CommandsUse net route commands to display and configure IP routing settings. APSolute Vision saves configured routes by retrieving them directly from the kernel’s active routing table. Routes are be deleted when deleting an IP address from a specific device interface.

{G1|G2|G3|G5} The physical interface to configure.Values:

• G1 or G2—When running on an OnDemand Switch VL (ODS-VL) platform

• G3 or G5—When running on an OnDemand Switch VL2 (ODS-VL2) platform

Required

{on|off} The auto-negotiation mode. Enter autoneg on to set speed and duplex mode by auto-negotiation.

Optional

{10|100|1000} The speed setting, in Mbps. Optional

{half|full} The duplex-mode setting. Optional




The net route commands comprise the following:

• net route set host• net route set net• net route set default• net route delete• net route get

net route set hostSets a route to a destination host.

Notes




Syntax

net route set host <host_ip> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]

net route set netSets a route to a destination network or subnet.Syntax

net route set net <net_ip> <netmask> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]

<host_ip> The IP address of the destination host to which the route is defined.

Required

<gateway_ip> The IP address of the next hop toward the destination host.

Required

{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant only for APSolute Vision VA). Optional for all ports except G4.

<net_ip> The IP address of the destination network to which the route is defined.

Required

<netmask> The destination subnet. Required




net route set defaultSets a default gateway route.

Notes

• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4. G4 is not relevant for the net route set default command.



Syntax

net route set default <gateway_ip> [dev {G1|G2|G3|G5|G7}]

net route deleteDeletes a route entry from the routing table.

Notes




Syntax

net route delete <net_ip> <netmask> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]

<gateway_ip> The IP address of the next hop toward the destination network.

Required

{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant only for APSolute Vision VA). Optional for all ports except G4.

<gateway_ip> The IP address of the default gateway (next hop). Required

{G1|G2|G3|G5|G7} The port on the APSolute Vision server. Optional

<net_ip> To delete a network route, enter the IP address of the corresponding destination network.

Required

<netmask> The destination subnet. Required




net route getDisplays routing information for active routes and statically-configured host routes, network routes, and default routes.Syntax

net route get

System CommandsThe system menu includes the following system commands and command types for the APSolute Vision server:• System APM Commands, page 603• system audit-log export, page 603• System APSolute Vision Server Commands, page 604• System Backup Commands, page 604• system cleanup, page 620• System Configuration-Synchronization Commands, page 620• System Database Commands, page 624• System Date Commands, page 625• System DF Commands, page 626• System DPM Commands, page 628• System Exporter Commands (Event Exporter), page 632• system hardware status get, page 637• System Hostname Commands, page 637• System NTP Commands, page 638• system rpm list, page 640• System SNMP Commands, page 640• System SSL Commands, page 642• system statistics, page 645• System Storage Commands, page 645• System TCP Capture Commands, page 646• System Backup Technical-Support Commands, page 616• System Terminal Commands, page 648• System Timezone Commands, page 649• System Upgrade Commands, page 650• System User Authentication-Mode Commands, page 651

<gateway_ip> The IP address of the default gateway (next hop).

Required

{G1|G2|G3|G4|G5|G7} The physical port on the APSolute Vision server. Required for G4 (relevant only for APSolute Vision VA). Optional for all ports except G4.




• System User Password Commands, page 652• system version, page 654

System APM CommandsUse system apm commands to manage aspects of an APSolute Vision server with APM server VA.

Note: For more information on APSolute Vision server with APM server VA, see the APSolute Vision Installation and Maintenance Guide and the Application Performance Monitoring Troubleshooting and Technical Guide.

The system apm commands comprise the following:

• system apm clear, page 603• system apm shell, page 603

system apm clearDeletes all APM data files, including raw data.Syntax

system apm clear

system apm shellLaunches the APM shell in an APSolute Vision server with APM server VA.

Note: From the APM shell, the exit command returns the CLI session to the APSolute Vision shell.

Syntax

system apm shell

system audit-log exportExports the audit-log to the location specified in the command.Syntax

system audit-log export <protocol>://<user>@<server>:/<path/to/directory>/<filename> {all|<yyyy-MM-dd>}

<protocol> Values: • ssh• sftp• ftp• scp

Required

<user> The username.

Note: If a password is required, you are prompted for it after the connection is initiated.

Required

<server> The IP address or DNS name of the server. Required




System APSolute Vision Server CommandsUse system vision-server commands to manage the APSolute Vision server.

The system vision-server commands comprise the following:

• system vision-server start, page 604• system vision-server status, page 604• system vision-server stop, page 604

system vision-server startStarts the APSolute Vision server.Syntax

system vision-server start

system vision-server statusShows the status of the APSolute Vision server, Server running or Server stopped.

Syntax

system vision-server status

system vision-server stopStops the APSolute Vision server.Syntax

system vision-server stop

System Backup CommandsUse system backup commands to manage APSolute Vision system backups.

The system backup commands comprise the following:

• System Backup Configuration Commands, page 605• System Backup Full Commands, page 608• System Backup SecurityReporter Commands, page 612• System Backup Technical-Support Commands, page 616

<path/to/directory> The path to the export directory. Required

<filename> The filename of the audit-log in the export directory. Required

{all|<yyyy-MM-dd>} Specify all to export all entries, or specify the start date of records to export. The start date must be in yyyy-MM-dd format.

Required




System Backup Configuration CommandsUse system backup config commands to manage APSolute Vision system-configuration backups.

The system backup config commands comprise the following:

• system backup config create, page 605• system backup config delete, page 605• system backup config export, page 606• system backup config import, page 607• system backup config info, page 607• system backup config list, page 608• system backup config restore, page 608

system backup config createCreates a backup of the system configuration in the storage location.

Note: For information on the storage location, see System Storage Commands, page 645.Each backup includes the following:• The APSolute Vision system configuration• The local users• The managed devices• The host IP addresses in the database-viewer list• The vDirect database file

The backup config create command does not back up the following:

• The password of the radware user of the APSolute Vision server appliance • The IP address/es of the APSolute Vision server appliance• The DNS address/es of the APSolute Vision server appliance• The network routes of the APSolute Vision server appliance• Attack data

The system stores up to five configuration-backup iterations. After the fifth configuration-backup, the system deletes the oldest one.Syntax

system backup config create <configName> [description]

system backup config deleteDeletes the specified system-configuration backup from the storage location.

Note: For information on the storage location, see System Storage Commands, page 645.

<configName> The name of the system-configuration backup, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required

[description] The description of the system-configuration backup. Optional




Syntax

system backup config delete <configName>

system backup config exportExports the specified system-configuration backup.

Note: For information on the storage location, see System Storage Commands, page 645.Syntax

system backup config export <configName> <protocol>://<user>@<server>:/<path/to/directory>/<filename>

<configName> The name of the system-configuration backup. Required


<protocol> Values:• ssh• sftp• ftp• scp• file—This option exports the backup locally to the

location specified in the command.

Caution: Only root users have access to the local directory and can delete the file. You can, however, use the system backup config import command on the same machine with the file parameter to retrieve the exported backup. If you use the file option, Radware recommends that you place the file in the Maintenance Files folder, which you can access from the APSolute Vision server Web interface. For example:

system backup config export MyBackupName file:///opt/radware/storage/maintenance/MyBackupTargetName

Required

<user>@ The username.


Required



<filename> The filename of the system-configuration backup in the export directory, which may be different from the configName.

Required




system backup config importImports the specified system-configuration backup from the specified location to the storage location.


system backup config import <protocol>://<user>@<server>:/<path/to/directory><filename>

system backup config infoDisplays the following information about the specified system-configuration backup:• Name—The name of the system-configuration backup.• Disk Size—The size of the system-configuration backup on the disk.• Date—The time and date that the system-configuration backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the system-configuration backup.

Syntax

system backup config info <configName>

<protocol> Values: • ssh• sftp• ftp• scp• file—Uses the backup file on the local machine, which

was made using the system backup config export command with the file option.

Required



Required


<path/to/directory> The path to the remote directory. Required

<filename> The name of the system-configuration backup in the remote directory, which may be different from the configName.

When the file is imported, the filename reverts to the configName, that is, the name that was used when the system-configuration backup was created.

Required





system backup config listLists the system-configuration backups in the storage location in a table with the following columns:• Name—The name of the system-configuration backup.• Size(K)—The size of the system-configuration backup on the disk.• Date—The time and date that the system-configuration backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the system-configuration backup, which is

truncated as necessary to fit the table.


system backup config list

system backup config restoreRestores the system using the specified system-configuration backup. The version and build number of the current system and the version and build number of the system that created the system-configuration backup must be the same.

Note: The restore process stops APSolute Vision and its associated services, and when it finishes, restarts them. Syntax

system backup config restore <configName> [-retainlicenses]

System Backup Full CommandsThe system backup full commands comprise the following:

• system backup full create, page 608• system backup full delete, page 609• system backup full export, page 609• system backup full import, page 610• system backup full info, page 611• system backup full list, page 611• system backup full restore, page 612

system backup full createCreates a system backup in the storage location. Each system backup includes all the data necessary to restore the entire system—but not the data of APSolute Vision Reporter (AVR) or the Device Performance Monitor (DPM).


-retainlicenses Retains the currently installed licenses. Otherwise, the restore process overwrites existing licenses with the licenses from the backup file.

Optional




Note: For information on the storage location, see System Storage Commands, page 645.The system stores up to five system backups. After the fifth system backup, the system deletes the oldest one.

Caution: The system backup does not include AVR or DPM data.

Syntax

system backup full create <backupName> [description]

system backup full deleteDeletes the specified system backup from the storage location.


system backup full delete <backupName>

system backup full exportExports the specified system backup from the storage location to the location specified in the command.


system backup full export <backupName> <protocol>://<user>@<server>:/<path/to/directory>/<filename>

<backupName> The name of the backup, up to 15 characters with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required

[description] The description of the backup. Optional

<backupName> The name of the backup. Required




system backup full importImports the specified system backup from the specified location to the storage location.

Note: For information on the storage location, see System Storage Commands, page 645.The system stores up to five system backups. After the fifth system backup, the system deletes the oldest one. Syntax

system full backup import <protocol>://<user>@<server>:/<path/to/directory><filename>


<protocol> Values: • ssh• sftp• ftp• scp• file—This option exports the backup locally to the


Caution: Only root users have access to the local directory and can delete the file. You can, however, use the system backup import command on the same machine with the file parameter to retrieve the exported backup.If you use the file option, Radware recommends that you place the file in the Maintenance Files folder, which you can access from the APSolute Vision server Web interface.For example:

system backup full export MyBackupName file:///opt/radware/storage/maintenance/MyBackupTargetName

Required



Required



<filename> The filename of the backup in the export directory, which may be different from the backupName.

Required




system backup full infoDisplays the following information about the specified system backup:• Name—The name of the backup.• Disk Size—The size of the backup on the disk.• Date—The time and date that the backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the backup.

Syntax

system backup full info <backupName>

system backup full listLists the system backups in the storage location in a table with the following columns:• Name—The name of the backup.• Size(K)—The size of the backup on the disk.• Date—The time and date that the backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the backup, which is truncated as necessary to fit

the table.



was made using the system backup full export command with the file option.

Required



Required



<filename> The name of the backup in the export directory, which may be different from the backupName.

When the file is imported, the filename reverts to the backupName, that is, the name that was used when the backup was created.

Required





Syntax

system backup full list

system backup full restoreRestores the system using the specified system backup. The version and build number of the current system and the version and build number of the system that created the backup must be the same.

Caution: The system backup does not include the data of APSolute Vision Reporter (AVR) or the Device Performance Monitor (DPM). If you use AVR or DPM, you must restore the system before you restore the AVR and/or DPM data.

Caution: If the password of the reporter user (used for the Vision Reporting Module) changed after running system backup full create, before you run the system backup full restore command, you must update the password on the APSolute Vision server

Note: The restore process stops APSolute Vision and its associated services, and when it finishes, restarts them.Syntax

system backup full restore <backupName> [-retainlicenses]

System Backup SecurityReporter CommandsUse system backup securityReporter commands to manage backups of APSolute Vision Reporter data.

The system backup securityReporter commands comprise the following:

• system backup securityReporter create, page 613• system backup securityReporter delete, page 613• system backup securityReporter export, page 613• system backup securityReporter import, page 614• system backup securityReporter info, page 615• system backup securityReporter list, page 615• system backup securityReporter restore, page 616


-retainlicenses Retains the currently installed licenses. Otherwise, the restore process overwrites existing licenses with the licenses from the backup file.

Optional




system backup securityReporter createCreates a APSolute Vision Reporter data backup in the storage location. The system stores up to three reporter-backup iterations backups. After the third reporter-backup, the system deletes the oldest one.The backup includes all the APSolute Vision Reporter data.


system backup securityReporter create <securityReporterName> <description>

system backup securityReporter deleteDeletes the specified reporter-backup from the storage location.


system backup securityReporter delete <securityReporterName>

system backup securityReporter exportExports the specified reporter-backup from the storage location to a specified location.


system backup securityReporter export <securityReporterName> <protocol>://<user>@<server>:/<path/to/directory>/<filename>

<securityReporterName> The name of the reporter-backup, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required

<description> The description of the reporter-backup. Optional

<securityReporterName> The name of the reporter-backup. Required




system backup securityReporter importImports the specified reporter-backup from the specified location to the storage location.


system backup securityReporter import <protocol>://<user>@<server>:/<path/to/directory><filename>


<protocol> Values: • ssh• sftp• ftp• scp• file—This option exports the backup locally to the


Caution: Only root users have access to the local directory and can delete the file. You can, however, use the system backup securityReporter import command on the same machine with the file parameter to retrieve the exported backup. If you use the file option, Radware recommends that you place the file in the Maintenance Files folder, which you can access from the APSolute Vision server Web interface. For example:

system backup securityReporter export MyBackupName file:///opt/radware/storage/maintenance/MyBackupTargetName

Required



Required



<filename> The filename of the reporter-backup in the export directory, which may be different from the securityReporterName.

Required




system backup securityReporter infoDisplays the following information about the specified reporter-backup:• Name—The name of the reporter-backup.• Disk Size—The size of the reporter-backup on the disk.• Date—The time and date that the reporter-backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the reporter-backup.

Syntax

system backup securityReporter info <securityReporterName>

system backup securityReporter listLists the reporter-backups in the storage location in a table with the following columns:• Name—The name of the reporter-backup.• Size(K)—The size of the reporter-backup on the disk.• Date—The time and date that the reporter-backup was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the reporter-backup, which is truncated as

necessary to fit the table.



was made using the system backup securityReporter export command with the file option.

Required



Required



<filename> The name of the reporter-backup in the export directory, which may be different from the securityReporterName.

When the file is imported, the filename reverts to the securityReporterName, that is, the name that was used when the reporter-backup was created.

Required





Syntax

system backup securityReporter list

system backup securityReporter restoreRestores the APSolute Vision Reporter (AVR) data using the specified reporter-backup. The version and build number of the current system and the version and build number of the system that created the reporter-backup must be the same.

Caution: When you are restoring the system backup also, you must restore the system before you restore AVR data.

Caution: After the restore process is complete, verify that AVR is successfully collecting data for new attacks and traffic events. To do this, in AVR, select Setup > Admin Messages.

Note: The restore process stops APSolute Vision and its associated services, and when it finishes, restarts them. Syntax

system backup securityReporter restore <securityReporterName>

System Backup Technical-Support CommandsIf you encounter problems with APSolute Vision, you can create a technical-support package and send it to Radware Technical Support for assistance.

Use system backup techSupport commands to manage technical-support packages for the APSolute Vision server.

The system backup techSupport commands comprise the following:

• system backup techSupport local, page 616• system backup techSupport create, page 617• system backup techSupport export, page 618• system backup techSupport info, page 619• system backup techSupport list, page 619• system backup techSupport delete, page 619

system backup techSupport local Creates a tech-support package that you can access in the APSolute Vision Web interface (APSolute Vision Settings mode System perspective, General Settings > Maintenance Files). When the process finishes, the CLI message includes the hard-coded filepath and name of the package, which is a .tar file.





Notes

• This command is an alternative to using the two separate commands, system backup techSupport create and system backup techSupport export.

• You can delete the .tar file using system backup techSupport delete (without the .tar extension).

APSolute Vision generates each package in a .tar file using the following format:

vision_support_<IPAddress>_<MM-dd-yy-hhmm>.tar

where:

• <IPAddress> is the IP address of the APSolute Vision server.

• <MM-dd-yy-hhmm> is the date and time.

Each tech-support package includes the following:• The current system time in millis (from Unix epoch)• The APSolute Vision version and build number• APSolute Vision system configuration, which includes the network IP addresses, DNS address,

routes, and so on• Running processes• The status of each APSolute Vision service• APSolute Vision system logs• APSolute Vision Reporter logs• APSolute Vision debug logs• Disk usage• Additional internal-resource information

Syntax

system backup techSupport local

system backup techSupport createCreates a tech-support package.The system stores up to three tech-support packages in the storage location. After the third tech-support package, the system deletes the oldest one.

Note: For information on the storage location, see System Storage Commands, page 645.Each tech-support package includes the following:• The current system time in millis• The APSolute Vision version and build number• APSolute Vision system configuration, which includes the network IP addresses, DNS address,

routes, and so on• Running processes• The status of each APSolute Vision service• APSolute Vision system logs• APSolute Vision Reporter logs• APSolute Vision debug logs




• Disk usage• Additional internal-resource information

Syntax

system backup techSupport create <techSupportName> [<description>]

system backup techSupport exportExports the specified tech-support package from the storage location to the specified location.


system backup techSupport export <techSupportName> <protocol>://<user>@<server>:/<path/to/directory>/<filename>

<techSupportName> The name of the tech-support package, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required

<description> The description of the tech-support package. Optional

<techSupportName> The name of the tech-support package. Required

<protocol> Values:• ssh• sftp• ftp• scp• file—This option exports the backup locally to the


Caution: Only root users have access to the local directory and can delete the file. If you use the file option, Radware recommends that you place the file in the Maintenance Files folder, which you can access from the APSolute Vision server Web interface. For example:

system backup techSupport export MyTechSupportName file:///opt/radware/storage/maintenance/MyBackupTargetName

Required



Required





system backup techSupport infoDisplays the following information about the specified tech-support package:• Name—The name of the tech-support package.• Disk Size—The size of the tech-support package on the disk.• Date—The time and date that the tech-support package was created. • Version—The APSolute Vision version and build number. • Description—The user-defined description of the tech-support package.

Syntax

system backup techSupport info <techSupportName>

system backup techSupport listLists the tech-support packages in the storage location in a table with the following columns:• Name—The name of the tech-support package.• Size(K)—The size of the tech-support package on the disk.• Date—The time and date that the tech-support package was created.• Version—The APSolute Vision version and build number.• Description—The user-defined description of the tech-support package, which is truncated as

necessary to fit the table.


system backup techSupport list

system backup techSupport delete

Deletes the specified tech-support package. For a package that system techSupport create created, system backup techSupport delete deletes the package in the storage location. For a package that system backup techSupport local created, system backup techSupport delete deletes the package in the hard-coded local location.

Notes

• For information on the storage location, see System Storage Commands, page 645.

• For information on system backup techSupport local, see system backup techSupport local, page 616.

Syntax

system backup techSupport delete <techSupportName>


<filename> The filename of the tech-support package in the export directory, which may be different from the techSupportName.

Required





system cleanupCleans all the data on the APSolute Vision server, or cleans all the data on the APSolute Vision server except for the following:• APSolute Vision server management IP addresses and routes• Installed licenses

Syntax

system cleanup {full|without-server-ip}

System Configuration-Synchronization CommandsUse system config-sync commands to deploy and manage a configuration-synchronization pair of APSolute Vision server instances in an active/standby topology, so that all the configuration on the active instance is automatically synched to the standby instance. The system config-sync commands are part of the APSolute Vision configuration-synchronization feature. When the configuration-synchronization mode of an APSolute Vision server is active, at the specified interval, that server notifies the standby server (the configured peer) to fetch the configuration.

Caution: It is the responsibility of the APSolute Vision administrator to register the APSolute Vision servers as a target of the device events (for example, traps, alerts, IRP messages, and packet-reporting data) on the managed devices. For related information, see APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG, page 178, APSolute Vision Server Registered for Device Events—DefensePro, page 178, and APSolute Vision Server Registered for Device Events—AppWall, page 179.


{full|without-server-ip} The command with the full argument restores the APSolute Vision server to the factory defaults. After you run the command with the full argument, the initial configuration script launches automatically.

The command with the without-server-ip argument cleans all the data on the APSolute Vision server but retains the APSolute Vision server management IP addresses and routes.

Required




Requirements of the configuration-synchronization feature:• The APSolute Vision version and build number must be the same for both members of a

configuration-synchronization setup.• The DefensePro devices that the members of a configuration-synchronization setup manage

must be configured with the same connectivity settings.• Ports 443 and 5672 on both members of a configuration-synchronization setup must be

accessible and not blocked by your firewall—in both directions.

Limitations of the configuration-synchronization feature:• The APSolute Vision server instance in the configuration-synchronization setup are not aware of

one another. It is possible—but not recommended—that both peers of a configuration-synchronization setup are in the active mode.

• There is no detection and/or alert in the event of a failure of an APSolute Vision server.• There is no automatic failover mechanism. It is the responsibility of the APSolute Vision

administrator to change the role of the standby server to active, when required.• The configuration-synchronization is encrypted, but the connection is not.• The configuration-synchronization feature does not support APM, DPM, or vDirect.• APSolute Vision Reporter (AVR) limitations:

— Configuration-synchronization for historical reports covers downtime up to one hour for Traffic Utilization and Baselines data, and up to 24 hours of Attack data. A longer downtime requires manual backup and restore.

— If the AVR is down, there is a 20-minute window for the AVR to synchronize the database before APSolute Vision cleans it up and the data is lost.

The system config-sync commands comprise the following:

• system config-sync mode Commands, page 621• system config-sync peer Commands, page 622• system config-sync interval Commands, page 623• system config-sync status, page 623• system config-sync manual, page 624

system config-sync mode CommandsUse system config-sync mode commands to manage the configuration-synchronization mode of the APSolute Vision server.

The system config-sync mode commands comprise the following:

• system config-sync mode set, page 621• system config-sync mode get, page 622

system config-sync mode setManages the status of the configuration-sync feature on the APSolute Vision server.Syntax

system config-sync mode set {active|disabled|standby}




system config-sync mode getDisplays the configuration-synchronization mode of the APSolute Vision server: active, disabled, or standby.Syntax

system config-sync mode get

system config-sync peer CommandsUse system config-sync peer commands to manage the peer IP address or hostname.

The system config-sync peer commands comprise the following:

• system config-sync peer set, page 622• system config-sync peer get, page 623

system config-sync peer setSets the IP address or hostname for the peer APSolute Vision server.Syntax

system config-sync peer set <IP address or hostname>

{active|disabled|standby} Values:

• active—Sets the server as the active instance of a configuration-synchronization pair.

• disabled—Disables the configuration-synchronization feature.

• standby—Sets the server as the standby instance of a configuration-synchronization pair.

Default: disabled

Notes: • Setting the mode to standby stops the

configuration service on the APSolute Vision server.

• An APSolute Vision server in the standby mode cannot lock or configure devices, or execute scheduled tasks or scripts.

• An APSolute Vision server in the standby mode is not accessible through Web or REST interfaces.

• If the mode was standby, setting the mode to active or disabled starts the configuration service on the APSolute Vision server.

Required

<IP address or hostname> The IP address or hostname for the peer APSolute Vision server.

Required




system config-sync peer getDisplays the peer IP address or hostname.Syntax

system config-sync peer get

system config-sync interval CommandsUse system config-sync interval commands to manage the interval at which the APSolute Vision server with the active role notifies the server with the standby role to fetch the configuration.

The system config-sync interval commands comprise the following:

• system config-sync interval set, page 623• system config-sync interval get, page 623

system config-sync interval setSets the interval, in minutes, at which the APSolute Vision server with the active role notifies the server with the standby role to fetch the configuration.Syntax

system config-sync interval set <interval>

system config-sync interval getDisplays the configuration-synchronization interval, in minutes.Syntax

system config-sync interval get

system config-sync statusDisplays the following configuration-synchronization information:

• Mode—The configuration-synchronization mode of the APSolute Vision server instance: active or disabled.

• Interval—The configuration-synchronization interval, in minutes, that is configured on the APSolute Vision server instance.

Note: The configuration-synchronization actions are according to the interval that is configured on the active server.

• Peer Address—Displays the IP address or hostname of the peer.• Last Configuration Sync Date—Displays the date of the last configuration-synchronization

action in the format MM/dd/yyyy hh:mm:ss.

• Last Configuration Sync Timestamp—Displays the time of the last configuration-synchronization action in millis (from Unix epoch).

Syntax

system config-sync status

<interval> Values: 1–1440 (24 hours)Default: 5

Required




system config-sync manualManually starts a configuration-synchronization action. Invoking a manual configuration-synchronization action is possible only on the server with the active role.Syntax

system config-sync manual

System Database CommandsUse system database commands to manage the APSolute Vision database.

The system database commands comprise the following:

• system database clear, page 624• system database start, page 624• system database status, page 624• system database stop, page 624

system database clearClears and initializes the APSolute Vision database.Syntax

system database clear

system database startRestarts the APSolute Vision database, making it available for access.Syntax

system database start

system database statusShows the database status. For example, the output:MySQL running (2688) [OK]shows the database is up and running with process ID 2688.Syntax

system database status

system database stopStops the APSolute Vision database, making it unavailable for access.Syntax

system database stop

system database maintenance CommandsThe system database maintenance commands comprise the following:

• system database maintenance optimize, page 625• system database maintenance check, page 625• system database maintenance driver_table delete, page 625




system database maintenance optimizeOptimizes the relevant tables.Syntax

system database maintenance optimize

system database maintenance checkChecks whether the database needs optimization.Syntax

system database maintenance check

system database maintenance driver_table deleteStops the APSolute Vision server, deletes all device drivers from the Device Drivers table, and starts the server. This command permanently deletes all device drivers that were manually uploaded to the Device Drivers table (Asset Management perspective > General Settings > Device Drivers).When APSolute Vision restarts:• For managed devices of product versions created before the introduction of the

device-driver feature—APSolute Vision reloads the device drivers from the APSolute Vision file system. (APSolute Vision persistently maintains the device drivers of product versions created before the introduction of the device-driver feature.)

• For managed devices of product versions created with the device-driver feature—APSolute Vision retrieves and loads the device driver from each managed device.

Caution: If you require functionality that relies on a manually uploaded device driver (for example, as is the case with configuration templates), you must upload the relevant device driver again.

Note: For more information on device drivers, see Managing Device Drivers, page 139. Syntax

system database maintenance driver_table delete

System Date CommandsUse system date commands to display and set date and time on the APSolute Vision server.

The system date commands comprise the following:

• system date get, page 625• system date set, page 626

system date getDisplays the APSolute Vision server date and time.Syntax

system date get




system date setSets the date and time on the APSolute Vision server.

Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more information on this issue, refer to the VMware knowledge article Timekeeping best practices for Linux guests (1006427) at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427).

Notes

• Setting the system date stops the NTP service.

• Setting the system date requires restarting the APSolute Vision server, the APSolute Vision Reporter, and MySQL.

• The APSolute Vision Reporter client supports only a single timezone, which is the timezone configured in APSolute Vision server.

Syntax

system date set <date_and_time>

Example system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.

System DF CommandsUse df commands to manage the DefenseFlow device associated with the APSolute Vision server.

Note: APSolute Vision allows only one DefenseFlow device to be associated with it.

The system df commands comprise the following:

• system df management-ip get, page 626• system df management-ip set, page 627• system df management-ip delete, page 627• system df shell, page 627

system df management-ip getDisplays the IP address of the DefenseFlow associated with the APSolute Vision server.Syntax

system df management-ip get

<date_and_time> The date and time in yyyy/MM/dd hh:mm:ss format. Required

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427





system df management-ip setSets the IP address of an external DefenseFlow device to be associated with the APSolute Vision server.

Caution: APSolute Vision automatically restarts after running this command.

Notes

• If the APSolute Vision server includes an embedded DefenseFlow device, this command is not required.

• If the APSolute Vision server includes an embedded DefenseFlow device, you can set a different (external) DefenseFlow device to be associated with the APSolute Vision server.

Syntax

system df management-ip set <IP_address>

system df management-ip deleteUnregisters the specified IP address of the external DefenseFlow device associated with the APSolute Vision server.

Caution: APSolute Vision automatically restarts after running this command.

Syntax

system df management-ip delete <IP_address>

system df shellLaunches the DefenseFlow shell.Syntax

system df shell

IP_address The IP address of the DefenseFlow associated with the APSolute Vision server.

Required

IP_address The IP address of the DefenseFlow associated with the APSolute Vision server to be unregistered.

Required




System DPM CommandsUse dpm commands to manage the Device Performance Monitor (DPM).

The system dpm commands comprise the following:

• system dpm database clear, page 628• system backup dpm create, page 628• system dpm backup delete, page 628• system dpm backup export, page 629• system dpm backup import, page 629• system dpm backup list, page 629• system dpm backup restore, page 630• system dpm techSupport Commands, page 630• system dpm debug Commands, page 631

system dpm database clearClears the Device Performance Monitor database.

Caution: This command deletes all the data for the Device Performance Monitor.

Syntax

system dpm database clear

system backup dpm createCreates a Device Performance Monitor backup in the storage location.

Note: For information on the storage location, see System Storage Commands, page 645.The system stores up to three DPM backups. After the third tech-support package, the system deletes the oldest one.Syntax

system dpm backup create <dpm_bu_name>

system dpm backup deleteDeletes the specified Device Performance Monitor backup.Syntax

system dpm backup delete <dpm_bu_name>

<dpm_bu_name> The name of the DPM backup, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required


Required




system dpm backup exportExports the specified Device Performance Monitor backup from the storage location to the specified target.


system dpm backup export <dpm_bu_name> <protocol>://<user>@<ip>://<path/to/directory><RemoteFolder>

system dpm backup importImports the specified Device Performance Monitor backup to the storage location.


system dpm backup import <protocol>://<user>@<ip>://<path/to/directory><BackupFilename>

system dpm backup listLists the available Device Performance Monitor backups.Syntax

system dpm backup list

<dpm_bu_name> The name of the DPM backup. Required

<protocol> Value: ftp Required



Required



<RemoteFolder> The remote folder for the file in the export directory. Required




Required


<path/to/directory> The path to the remote directory. Required

<BackupFilename> The filename of the backup in the remote directory. Required




system dpm backup restoreRestores the Device Performance Monitor with the data of the specified backup.

Caution: When you are restoring the system backup also, you must restore the system before you restore DPM data. Otherwise, the devices in DPM will be marked as deleted.

Note: This action also stops and restarts the Device Performance Monitor process.Syntax

system dpm backup restore <dpm_bu_name>

system dpm techSupport CommandsAPSolute Vision supports commands for to help Radware Technical Support solve problems with the Device Performance Monitor. Use the commands under the instructions of Radware Technical Support.

The system dpm techSupport commands comprise the following:

• system dpm techSupport create, page 630• system dpm techSupport export, page 630• system dpm techSupport list, page 631• system dpm techSupport delete, page 631

system dpm techSupport createCreates a DPM tech-support package in the storage location.

Note: For information on the storage location, see System Storage Commands, page 645.The system stores up to three DPM tech-support packages. After the third tech-support package, the system deletes the oldest one.Syntax

system dpm techSupport create <techSupportName> [description]

system dpm techSupport exportExports the specified Device Performance Monitor tech-support file to the specified target.Syntax

system dpm techSupport export <dpm_techsupport_name> <protocol>://<user>@<ip>://<path/to/directory><RemoteFolder>


Required

<techSupportName> The name of the tech-support package, up to 15 characters, with no spaces. Only alphanumeric characters and underscores (_) are allowed.

Required

[description] The description of the tech-support package. Optional




system dpm techSupport listLists the DPM tech-support packages in the storage location.


system dpm techSupport list

system dpm techSupport deleteDeletes the specified DPM tech-support package in the storage location.


system dpm techSupport delete <techSupportName>

system dpm debug CommandsAPSolute Vision supports commands for debugging the Device Performance Monitor. Use the commands under the instructions of Radware Technical Support.

system dpm debug commands:

• system dpm debug start

• system dpm debug stop

• system dpm debug status

• system dpm debug version

• system dpm debug database

• system dpm debug database count

• system dpm debug database devices

• system dpm debug database connections

• system dpm debug database query

• system dpm debug sample

<dpm_techsupport_name> The name of the tech-support file. Required




Required



<RemoteFolder> The remote folder for the file in the export directory. Required





• system dpm debug sample create

• system dpm debug sample delete

• system dpm debug sample list

• system dpm debug sample export

• system dpm debug install

Caution: The system dpm debug install command performs a fresh installation of the DPM service, and all existing DPM data is deleted.

System Exporter Commands (Event Exporter)Use the system exporter commands to configure the APSolute Vision event exporter. The event exporter can export security-event records from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The event exporter lets you integrate with a Security Information Event Management (SIEM) system, which you may be using as your main analytics-and-reporting system.

Notes

• For information about the records from the event exporter, see Appendix E - Using the Event Exporter, page 737.

• When you use the event exporter within an active/standby topology, only the active instance exports the security-event information. (For more information, see System Configuration-Synchronization Commands, page 620.)

• The event exporter can export to the specified syslog server only over UDP.

The system exporter commands comprise the following:

• system exporter configuration get, page 632• System Exporter Event-Type Commands, page 633• System Exporter History Commands, page 634• System Exporter State Commands, page 635• System Exporter Syslog-Host Commands, page 636• System Exporter Syslog-Port Commands, page 636

system exporter configuration getDisplays the full configuration of the event exporter.Syntax

system exporter configuration get




Example output Exporter disabled

type: syslog

syslogHost:

syslogPort: 514

rabbitHost: rabbit-rabbitPort: 5672-rabbitUserName: radware-rabbitPassword: radware-rabbitQueueName: event.exporter

DPTrafficUtilization: true

DPSecurityAttack: true

DFSecurityAttack: true

DFTrafficUtilization: true

DFBdosBaseline: true

System Exporter Event-Type CommandsUse system exporter event-type commands to manage the event types that the event exporter exports.

The system exporter event-type commands comprise the following:

• system exporter event-type disable, page 633• system exporter event-type enable, page 634• system exporter event-type get, page 634

system exporter event-type disableDisables exporting events per event type. full configuration of the event exporter.Syntax

system exporter event-type disable <event-type>

<event-type> The type of the event to disable export.Values:

• all—Disables all event-types exporting.

• DFBdosBaseline—Disables DefenseFlow BDoS Baseline exporting.

• DFSecurityAttack—Disables DefenseFlow Security Attack exporting.

• DFTrafficUtilization—Disables DefenseFlow Traffic Utilization exporting.

• DPSecurityAttack—Disables DefensePro Security Attack exporting.

• DPTrafficUtilization—Disables DefensePro Traffic Utilization exporting.

Required




system exporter event-type enableEnables exporting events per event type. Syntax

system exporter event-type enable <event-type>

system exporter event-type getDisplays the configuration of exporting events per event type.Syntax

system exporter event-type get <event-type>

System Exporter History CommandsUse system exporter history commands to export previous records, which are stored on APSolute Vision.

The system exporter event-type commands comprise the following:

• system exporter history last, page 635• system exporter history period, page 635

<event-type> The type of the event to enable export.Values:

• all—Enables all event-types exporting.

• DFBdosBaseline—Enables DefenseFlow BDoS Baseline exporting.

• DFSecurityAttack—Enables DefenseFlow Security Attack exporting.

• DFTrafficUtilization—Enables DefenseFlow Traffic Utilization exporting.

• DPSecurityAttack—Enables DefensePro Security Attack exporting.

• DPTrafficUtilization—Enables DefensePro Traffic Utilization exporting.

Required

<event-type> The type of the event to enable export.Values:

• all—Displays the configuration of all event-types exporting.

• DFBdosBaseline—Displays the configuration of DefenseFlow BDoS Baseline exporting.

• DFSecurityAttack—Displays the configuration of DefenseFlow Security Attack exporting.

• DFTrafficUtilization—Displays the configuration of DefenseFlow Traffic Utilization exporting.

• DPSecurityAttack—Displays the configuration of DefensePro Security Attack exporting.

• DPTrafficUtilization—Displays the configuration of the configuration of DefensePro Traffic Utilization exporting.

Required




system exporter history lastExports all the export events of the last 30 days. Syntax

ssystem exporter history last

system exporter history periodExports all the event-exporter records, which are stored on APSolute Vision, for any specified period, which can be up to thirty days long.Syntax

system exporter history period <from> <to>

System Exporter State CommandsUse system exporter state commands to manage the state of the exporter.

The system exporter state commands comprise the following:

• system exporter configuration state disable, page 635• system exporter configuration state enable, page 635• system exporter configuration state get, page 636

system exporter configuration state disableDisables the event exporter.Syntax

system exporter state disable

system exporter configuration state enableEnables the event exporter and displays the current configuration, which includes the following parameters:• syslogHost—For more information, see System Exporter Syslog-Host Commands, page 636.• syslogPort—For more information, see System Exporter Syslog-Port Commands, page 636.• DPTrafficUtilization—true or false; that is, enabled or disabled. For more information, see

System Exporter Event-Type Commands, page 633.• DPSecurityAttack—true or false; that is, enabled or disabled. For more information, see

System Exporter Event-Type Commands, page 633.• DFSecurityAttack—true or false; that is, enabled or disabled. For more information, see

System Exporter Event-Type Commands, page 633.• DFTrafficUtilization—true or false; that is, enabled or disabled. For more information, see

System Exporter Event-Type Commands, page 633.• DFBdosBaseline—true or false; that is, enabled or disabled. For more information, see System

Exporter Event-Type Commands, page 633.

Note: Some values are for future use.

<from> The start day and time, in yyyy/MM/dd:HH:mm:ss format. Required

<to> The end day and time, in yyyy/MM/dd:HH:mm:ss format. Required




Syntax

system exporter state get

system exporter configuration state getDisplays the state of the event exporter: enabled, or disabled.Syntax

system exporter state get

System Exporter Syslog-Host CommandsThe system exporter syslog-host commands comprise the following:

• System exporter syslog-host get, page 636• system exporter syslog-host set, page 636

System exporter syslog-host getDisplays the host name or IP address of the syslog server, which is the target of the event exporter.Syntax

system exporter syslog-host get

system exporter syslog-host setSets the host name or IP address of the syslog server, which is the target of the event exporter.Syntax

system exporter syslog-host set <host>

System Exporter Syslog-Port Commands The system exporter syslog-port commands comprise the following:

• System exporter syslog-port get, page 636• system exporter syslog-port set, page 636

System exporter syslog-port getDisplays the port number of the syslog server, which is the target of the event exporter.Syntax

system system exporter syslog-port get

system exporter syslog-port setSets the port number syslog server, which is the target of the event exporter.Syntax

system system exporter syslog-port set <port>

<host> The host name or IP address. Required

<port> The port number. Default: 514

Required




system hardware status getReturns a table showing each of the APSolute Vision physical server fans and its status: OK/Failed and the device temperature. The temperature is displayed in Celsius and Fahrenheit.Syntax

system hardware status get

System Hostname CommandsThe system hostname commands comprise the following:

• system hostname get, page 637• system hostname set, page 637

system hostname getDisplays the hostname of the APSolute Vision server.Syntax

system hostname get

system hostname set Sets the system hostname. The hostname will be included in the system backup, configuration backup, and restored following system restore. The hostname reverts to the default (vision.radware) in system cleanup.

Following a hostname update, the system prompts you whether to allow or deny regenerating the certificate, which will use the new hostname. It does not matter whether the system is using a default self-signed certificate or a non-default certificate.Syntax

system hostname set <hostname>

System Java Security CommandsUse system java security commands to control the allowed certificate algorithm that APSolute Vision uses to communicate with managed devices.

The system java security commands comprise the following:

• system java certificate-algorithm set, page 638• system java certificate-algorithm get, page 638

<hostname> The hostname. The hostname must conform to RFC 952.

If a nat hostname is configured (see net nat set hostname, page 598), and the nat hostname is the same as the system hostname before running system hostname set, this command overwrites the nat hostname.


Note: A period (.) is expected to delimit components (for example, vision.radware.com), however, APSolute Vision does not enforce fully qualified domain names.

Optional




system java certificate-algorithm setSpecifies the security level for certificates that APSolute Vision allows to be used to communicate with managed devices.Syntax

system java certificate-algorithm set {tolerant|strict}

system java certificate-algorithm getDisplays the security level for certificates that APSolute Vision allows to be used to communicate with managed devices.Syntax

system java certificate-algorithm get

System NTP CommandsUse system ntp commands to manage Network Time Protocol (NTP) settings to synchronize time and date across the network.

The system ntp commands comprise the following:

• system ntp servers add, page 638• system ntp servers del, page 639• system ntp servers get, page 639• system ntp service, page 639

system ntp servers addAdds an NTP server to the list of NTP servers.Syntax

system ntp servers add <server> [minpoll <minpoll>] [maxpoll <maxpoll>] [prefer]

tolerant Default. APSolute Vision allows the use of certificates signed with an MD5 signature.

Required

strict APSolute Vision prohibits the use of certificates signed with an MD5 signature within X.509 certificates used by SSL/TLS and code-signing. This option prevents APSolute Vision from communicating with devices using MD5 signatures.

Required

<server> The URL or IP address of the NTP server. Required

<minpoll> The minimum poll interval for NTP messages, as a power of 2 in seconds.Minimum: 4—That is, 16 seconds.Default: 6—That is, 64 seconds.

Optional




system ntp servers delDeletes the specified NTP server.Syntax

system ntp servers del <server>

system ntp servers getDisplays the list of the NTP servers with the specified arguments (minpoll, maxpoll, and prefer).

Syntax

system ntp servers get

system ntp serviceStarts and stops the NTP service (ntpd).

Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more information on this issue, refer to the VMware knowledge article Timekeeping best practices for Linux guests (1006427) at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427).

Syntax

system ntp service {start|stop|status}

<maxpoll> The maximum poll interval for NTP messages, as a power of 2 in seconds.Maximum: 17—That is, approximately 36.4 hours.Default: 10—That is, 1024 seconds, approximately 17 minutes.

Optional

prefer Specifies that this host will be chosen for synchronization, all other things being equal. For more information, go tohttp://www.ntp.org/.

Optional

<server> The URL or IP address of the NTP server. Required

http://www.ntp.org/






system rpm listLists the RPM Package Manager (RPM) packages used by the APSolute Vision server. Syntax

system rpm list

System SNMP CommandsUse system snmp commands to manage the settings of the Simple Network Management Protocol (SNMP) interface for APSolute Vision monitoring. By default, the SNMP service in APSolute Vision is not started.

Access to the system snmp service commands is available to users with the Administrator and the Vision Administrator role.

Access to the system snmp community commands and to the system snmp trap target commands is available only to users with the Administrator role.

Note: For information on the MIBs that the SNMP interface exposes, see Appendix C - MIBs for Monitoring APSolute Vision, page 693.

{start|stop|status} Use one of the following commands:

• start—Starts the NTP service, which starts to send query messages to the external NTP servers to synchronize time and date.

• stop—Stops the NTP service.

• status—Displays the status of the NTP service (running or stopped) and the following additional information in table form when the service is running:

— remote—Server name or IP address— refid—Association ID— st—Server stratum level— t—Type:

• u—Unicast or manycast client• b—Broadcast or multicast client• l—Local (reference clock)• s—Symmetric (peer)• A—Manycast server• B—Broadcast server• M—Multicast server

— when—Sec/min/hr since last received packet— poll—Poll interval (log2(sec))— reach—Reach shift register (octal)— delay—Round-trip delay— offset—Offset of server relative to this host— jitter—Jitter

Required




The system snmp commands comprise the following:

• system snmp service start, page 641• system snmp service status, page 641• system snmp service stop, page 641• system snmp community add, page 641• system snmp community delete, page 641• system snmp community list, page 642• system snmp trap target add, page 642• system snmp trap target delete, page 642• system snmp trap target list, page 642

system snmp service startStarts the SNMP interface for APSolute Vision monitoring.

Note: By default, the SNMP service in APSolute Vision is not started.Syntax

system snmp service start

system snmp service statusShows the status of the SNMP interface for APSolute Vision monitoring: snmpd (pid <pid>) is running or snmpd is stopped.

Syntax

system snmp service status

system snmp service stopStops the SNMP interface for APSolute Vision monitoring.Syntax

system snmp service stop

system snmp community addAdds a community to the SNMP interface for APSolute Vision monitoring.Syntax

system snmp community add <community>

system snmp community deleteDeletes a community from the SNMP interface for APSolute Vision monitoring.Syntax

system snmp community delete <community>

<community> The community name. Required





system snmp community listLists the communities of the SNMP interface for APSolute Vision monitoring, with the columns: Security Name, Source, and Community. Syntax

system snmp community list

system snmp trap target addAdds a trap target to the SNMP interface for APSolute Vision monitoring.Syntax

system snmp trap target add <host> <community> [port]

system snmp trap target deleteDeletes a trap target from the SNMP interface for APSolute Vision monitoring.Syntax

system snmp target delete <host> <community>

system snmp trap target listLists the trap targets of the of SNMP interface for APSolute Vision monitoring, with the columns Destination and Community.Syntax

system snmp target list

System SSL CommandsUse system ssl commands to create, import, and show SSL certificates.

The system ssl commands comprise the following:

• system ssl create, page 642• system ssl import, page 643• system ssl show, page 645

system ssl createCreates a new self-signed certificate, according to SHA-2 (SHA-256), with the information you provide.The system stores one SSL certificate.The system asks you for information that will be incorporated into the certificate request. The default value is APSolute Vision Server. To leave a field blank, press ENTER.



[port] The port number. Optional






The system asks you for the following information: • Common Name—The server hostname or the IP address. Default: APSolute Vision Server.• Country Name—The two-letter code. Default: NA.• State or Province Name—Default: NA.• Locality Name—For example, the city. Default: NA.• Organization Name—For example, the company name. Default: NA.• Organizational Unit Name—For example, the company department. Default: NA.• Email Address—Default: NA.

Caution: Every certificate includes a validity period, which is defined by a start date and an end date. To prevent certificate-validity conflicts, before creating certificates, make sure that the correct time is configured on the APSolute Vision server—either manually or using an NTP server.

Note: Replacing the SSL certificate reboots the AVR Web server. You will need to log in again to AVR.Syntax

system ssl create

system ssl importImports a private key and certificate in PEM or PKCS #12 format.

system ssl import pemImports a private key and certificate in PEM format.Syntax

system ssl import pem <protocol>://<user>@<server>:/<path/to/directory> -key <key_filename> -cert <certificate_filename>[-pass <key_passphrase>] [-interm <intermediate_certifcate_filename>]

<protocol> Values:• sftp• scp

Required



Required


<path/to/directory> The path to the directory. Required

<key_filename> The name of the key in the remote directory. Required

<certificate_filename> The name of the certificate in the remote directory. Required




Example sftp://[email protected]:/tmp -key key.pem -cert cert.pem -pass 12345

system ssl import pkcs12Imports a private key and certificate in PKCS #12 format.Syntax

system ssl import pkcs12 <protocol>://<user>@<server>:/<path/to/directory>/<PKCS12_filename> -pass <pkcs12_passphrase> [<intermediate_certifcate_filename>]

Example sftp://[email protected]:/tmp/file.p12 -pass 12345

<key_passphrase> The passphrase of the key file in the remote directory.For PEM, the key passphrase is optional. Supply the key passphrase if the private key is encrypted with a passphrase.

Optional

<intermediate_certifcate_filename>

The name of the intermediate certificate in the remote directory.

Optional

<protocol> Values:• sftp• scp

Required



Required


<path/to/directory> The path to the directory. Required

<PKCS12_filename> The name of the PKCS #12 file in the remote directory. Required

<pkcs12_passphrase> The name of the passphrase in the remote directory. Required

<intermediate_certifcate_filename>

The name of the intermediate certificate in the remote directory.

Optional




system ssl showDisplays the following certificate details:• Subject:

— Common Name— Country— State— Locality— Organization— Organization Unit— Email Address

• Issuer:— Common Name— Country— State— Locality— Organization— Organization Unit— Email Address

• Serial Number• Validity:

— Start Date—In MMM DD hh:mm:ss yyyy GMT format

— End Date—In MMM DD hh:mm:ss yyyy GMT format

• Public Key Info:

— Public Key Algorithm—For example, rsaEncryption

— RSA Public Key—For example, (2048 bit)

Syntax

system ssl show

system statisticsDisplays system resources statistics, including CPU utilization, uptime, system disk usage, database disk usage, RAM utilization, and network throughput.Syntax

system statistics

System Storage CommandsUse system storage commands to manage the storage locations of the following:

• APSolute Vision system backups• APSolute Vision system-configuration backups• APSolute Vision Reporter data backups• Tech-support packages




The system storage commands comprise the following:

• system storage backup local, page 646• system storage backup remote, page 646• system storage backup info, page 646

system storage backup local Sets the storage location to the hard-coded local directory.

Note: Only root users can manually manage files in the hard-coded local directory. Syntax

system storage backup local

system storage backup remote Sets the storage location to a remote directory using either NFS or CIFS (Samba).Syntax

system storage backup remote <protocol>://<server>:/<path/to/store>

system storage backup infoLists the storage location.Syntax

system storage backup info

System TCP Capture CommandsUse system tcpdump commands to dump a TCP capture for debugging.

The system tcpdump commands comprise the following:

• system tcpdump export, page 646• system tcpdump print, page 647

system tcpdump exportExports the TCP capture file by SSH. The capture file, dump.cap, is created locally, on the server. When the TCP capture ends, you are prompted to download the capture file from the APSolute Vision Web interface. (For the procedure, see Managing APSolute Vision Maintenance Files, page 155.)

The file is overwritten each time you run the tcpdump export command.

After entering the system tcpdump export command, you are prompted to enter a filter. You can enter a filter expression to select which packets to include in the dump. Alternatively, you can press Enter to dump all the packets.

<protocol> Values: nfs, cifs Required


<path/to/store> The path to the storage directory. Required




Filter-expression examples:

• port 80—Filter packets with source port 80.

• tcp src port 443—Filter TCP packets with source port 443.

Note: For more information on filter expressions, refer to the relevant Linux man pages.

Caution: The dump to the capture file (dump.cap) stops when the first condition is reached: timeout_sec, max_packets, or size. To ensure that each dump includes as much data as possible when you configure a timeout_sec condition, Radware recommends that you set max_packets to the maximum (-c 0). To ensure that each dump includes as much data as possible when you configure a max_packets condition, Radware recommends that you set timeout_sec to the maximum (-t 0).

Syntax

system tcpdump export [-t <timeout_sec>] [-c <max_packets>] [-s <size>]

system tcpdump printDumps a TCP capture directly to the console.

After entering the system tcpdump print command, you are prompted to enter a filter. You can enter a filter expression to select which packets to include in the dump. Alternatively, you can press Enter to dump all the packets.Filter-expression examples:

• port 80—Filter packets with source port 80.

• tcp src port 443—Filter TCP packets with source port 443.

Note: For more information on filter expressions, refer to the relevant Linux man pages.Syntax

system tcpdump print [-t <timeout_sec>] [-c <max_packets>] [-s <size>]

<timeout_sec> The timeout, in seconds.Enter 0 for no timeout.Default: 60

Optional

<max_packets> The maximum number of packets.Enter 0 for no maximum.Default: 10,000

Optional

<size> The size to truncate packets to.Default: 0—Specifies no truncation

Optional

<timeout_sec> The timeout in seconds. Enter 0 for no timeout.Default: 60

Optional




System Terminal CommandsUse CLI system terminal commands to manage the terminal prompt and banner displayed in the APSolute Vision console. The settings are global settings common to all users who access the APSolute Vision CLI shell.

Note: The settings are persistent and are included in the APSolute Vision configuration backup and restore operations.

The system terminal commands comprise the following:

• System Terminal Prompt Commands, page 648• System Terminal Banner Commands, page 648

System Terminal Prompt CommandsThe system terminal prompt commands comprise the following:

• system terminal prompt set, page 648• system terminal prompt get, page 648

system terminal prompt setSpecifies the string to be used as the terminal prompt.Syntax

system terminal prompt set

system terminal prompt getRetrieves the string currently used as the terminal prompt.Syntax

system terminal prompt get

System Terminal Banner CommandsBy default there is an empty banner—that is, no banner.At startup, the following is printed to the console:

1. The banner, if defined.2. The system version information.

3. The MAC addresses of the available ports.

The system terminal banner commands comprise the following:

• system terminal banner update, page 649• system terminal banner get, page 649

<max_packets> The maximum number of packets. Enter 0 for no maximum.Default: 10000

Optional

<size> The size to truncate packets to. Default: 0—Specifies no truncation

Optional




system terminal banner updateLaunches a vi shell to edit the string to be used as start-up banner.Syntax

system terminal banner update

system terminal banner getRetrieves the string currently used as start-up banner.Syntax

system terminal banner get

System Timezone CommandsUse system timezone commands to display and set the timezone, with or without daylight saving time, on the APSolute Vision server.

The system timezone commands comprise the following:

• system timezone get, page 649• system timezone list, page 649• system timezone set, page 649

system timezone getDisplays the timezone set on the APSolute Vision server.Syntax

system timezone get

system timezone listLists the timezones that are supported on the APSolute Vision server.Syntax

system timezone list

Tip: To paginate output, use system timezone list | more. To find a specific timezone, use |grep. For example, to find the timezone for London, use system timezone list | grep Lon to display all time-zone names containing Lon.

system timezone setSets the timezone on the APSolute Vision server, and implements daylight saving time, if required. You can use any timezone from the list of supported timezones.

Note: In an APSolute Vision server with APM server VA installation, this command affects the APSolute Vision server and the APM module. That is, in an APSolute Vision server with APM server VA installation, changing the timezone in the APM Linux shell, has no effect. Timezones for named locations, for example, Europe/London, set the GMT value and daylight saving time parameters for those areas. To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for example, Etc/GMT+2.




For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and the zones east of GMT have a negative (-) sign in the timezone name. For example, Etc/GMT-2 is 2 hours ahead/east of GMT.

To prevent incorrect timezone configuration, use the country name listed in the timezone list, not timezones beginning with Etc/GMT.

Tip: To view the list of supported timezones, use system timezone list.

Syntax

system timezone set <timezone_name>

System Upgrade CommandsUse System Upgrade commands to upgrade the APSolute Vision software version or the APSolute Vision online help stored on the APSolute Vision server.

Note: You can also use the APSolute Vision WBM to upgrade the APSolute Vision software version or the APSolute Vision online help stored on the APSolute Vision server.

system upgrade fullLaunches the upgrade process of APSolute Vision software, using an upgrade file in the <APSolute Vision server IP address>/temp directory.

Copying the file is performed using the vision-files user. Only the vision-files user has SCP access to copy and delete files from the <APSoluteVisionIPAddress>/temp directory.

Before you initiate the upgrade, you should copy the upgrade file to the <APSolute Vision server IP address>/temp directory.

The procedure requires a valid upgrade file. Syntax

system upgrade full <filename> <password>

system upgrade helpStarts a script to upgrade the APSolute Vision online help using an upgrade file in the <APSolute Vision server IP address>/temp directory.

Only a vision-files user has SCP access to copy and delete files from the <APSoluteVisionIPAddress>/temp directory.

This procedure requires a valid online-help–upgrade package. For more information on the online-help package, see Managing the Online-Help Package on the Server, page 669.

<timezone_name> The name of the timezone, selected from the list of supported timezones. The timezone name is case sensitive, for example, system timezone set Europe/London.

Required

<filename> The name of the upgrade file, including the extension. Required

<password> The password of the upgrade file. Required only for major version




Syntax

system upgrade help <filename>

System User Authentication-Mode CommandsThe system user authentication-mode commands comprise the following:

• system user authentication-mode set, page 651• system user authentication-mode get, page 652

system user authentication-mode setSets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).

Note: The setting is retained after reboot of the APSolute Vision server, and it is included in the APSolute Vision configuration backup and restore operations.Syntax

system user authentication-mode set {Local|RADIUS|TACACS+|LDAP}

<filename> The name of the upgrade file, including the extension. Required




system user authentication-mode getThis command is available only to users with the Administrator role.Gets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).Syntax

system user authentication-mode get

System User Password CommandsUse system user password commands to reset or set passwords.

The system user password commands comprise the following:

• system user password change, page 653• system user password root, page 653

{Local|RADIUS|TACACS+|LDAP} The user-authentication method APSolute Vision client users.Values:

• Local—The Local Users table stores the credentials of and authenticates the APSolute Vision users (see Configuring Local Users for APSolute Vision, page 82).

• RADIUS—A RADIUS server stores the credentials of and authenticates the APSolute Vision users (see Configuring RADIUS Server Connections, page 128). If the RADIUS server and, if defined, secondary RADIUS server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

• TACACS+—A TACACS+ server stores the credentials of and authenticates the APSolute Vision users (see Configuring TACACS+ Server Connections, page 132). If the TACACS+ server and, if defined, secondary TACACS+ server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

• LDAP—An LDAP server stores the credentials of and authenticates the APSolute Vision users (see Configuring LDAP Server Connections, page 138). If the primary LDAP server and, if defined, secondary LDAP server is down, user authentication fails over to the Local Users table (see Configuring Local Users for APSolute Vision, page 82).

Default: Local

Required




• system user password vision-files, page 653• system user password vision-tech, page 654

system user password change Changes the password of the radware user or an Administrator user of the same account. That is, this command is available only to the radware user or an Administrator user to change his/her own password.

Caution: Radware recommends using the radware only for disaster recovery, and keeping the details of the radware user secret from all except special administrators.

Notes

• The default password is radware.

• This command is not available to Vision Administrator users.

When you use this command, you will be prompted to enter a new password at the New UNIX Password prompt; then, retype the password for verification.

Syntax

system user password change <user>

system user password rootChanges the root user password for access to the APSolute Vision operating system. This command is available only to the radware user and the root user.

Note: The default password for username root is radware.

When you use this command, you will be prompted to enter a new password at the New UNIX Password prompt; then, retype the password for verification.

Syntax

system user password root

system user password vision-filesRuns a script to set a new password for SCP access by vision-files users. The script prompts you for the new password. For security reasons, the characters of the password are not displayed. The default password is radware.The vision-files user has SCP access only to copy and delete files from the <APSoluteVisionIPAddress>\temp directory.

The vision-files users are authenticated locally by APSolute Vision server, regardless of whether the system is configured to use a different authentication method. That is, vision-files users cannot be overridden by the configuration of an authentication server.This command is available only to the radware user and Administrator users.Syntax

system user password vision-files

<user> The username. Required




system user password vision-techRuns a script to set a new password for Web access by Radware Technical Support. The script prompts you for the new password. For security reasons, the characters of the password are not displayed. The default password is radware. This command is available only to the radware user and Administrator users.Syntax

system user password vision-tech

system versionDisplays the current APSolute Vision version and the versions of its components.Syntax

system version

System VRM CommandsUse system vrm commands to manage the state of the services for VRM outbound SSL-inspection monitoring.

The system vrm commands comprise the following:

• system vrm outbound-ssl-inspection state enable, page 654• system vrm outbound-ssl-inspection state disable, page 654• system vrm outbound-ssl-inspection state get, page 654

Note: For more information on outbound SSL-inspection monitoring, see Monitoring Outbound SSL Inspection, page 8.

system vrm outbound-ssl-inspection state enableEnables the services for monitoring outbound SSL Inspection.Syntax

system vrm ssl-inspection state enable

system vrm outbound-ssl-inspection state disableDisables the services for monitoring outbound SSL Inspection.Syntax

system vrm ssl-inspection state disable

system vrm outbound-ssl-inspection state getGets the state of the services for monitoring outbound SSL Inspection.Syntax

system vrm ssl-inspection state get




Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2 PlatformThis section describes the procedure required for migrating APSolute Vision on the OnDemand Switch VL (ODS-VL) platform to the OnDemand Switch VL2 (ODS-VL2) platform.The procedure requires root access to the ODS-VL2 operating system.You can migrate to the ODS-VL2 platform with only the system-configuration backup of the ODS-VL platform or with the full system backup of the ODS-VL platform. For information on what each backup includes, see System Backup Configuration Commands, page 605 and System Backup Full Commands, page 608.

To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with only the system-configuration backup

1. Install APSolute Vision on the ODS-VL2 platform.

Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the APSolute Vision Installation and Maintenance Guide.

2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on the ODS-VL2 platform that you installed in the previous step. For more information, see Managing APSolute Vision Basic Information and Properties, page 104.

3. Create a system-configuration backup of the APSolute Vision on the ODS-VL platform. For more information, see system backup config create, page 605.

4. Export the system-configuration backup from the storage location on the ODS-VL platform to a specified location (for example, your computer). For more information, see system backup config export, page 606.

5. Import the system-configuration backup from the specified location to the storage location on the ODS-VL2 platform. For more information, see system backup config import, page 607.

6. Restore the system on the ODS-VL2 platform using the specified system-configuration backup. For more information, see system backup config restore, page 608.

7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following command:system_post_restore.sh

8. Run the following command to restart APSolute Vision:reboot

To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with the full system backup

1. Install APSolute Vision on the ODS-VL2 platform.

Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the APSolute Vision Installation and Maintenance Guide.

2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on the ODS-VL2 platform that you installed in the previous step. For more information, see Managing APSolute Vision Basic Information and Properties, page 104.




3. Create a full system backup of the APSolute Vision on the ODS-VL platform. For more information, see system backup full create, page 608.

4. Export the full system backup from the storage location on the ODS-VL platform to a specified location (for example, your computer). For more information, see system backup full export, page 609.

5. Import the full system backup from the specified location to the storage location on the ODS-VL2 platform. For more information, see system backup full import, page 610.

6. Restore the system on the ODS-VL2 platform using the specified full system backup. For more information, see system backup full restore, page 612.

7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following command:system_post_restore.sh


Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute VisionProtection against the Meltdown and Spectre exploit vulnerabilities in APSolute Vision is enabled by default. If you are sure that your system does not require the protection, you can disable the protection, and APSolute Vision may benefit from improved performance. You can re-enable the protection later.The following procedures require root access to the operating system.

To disable protection against the Meltdown and Spectre exploit vulnerabilities

1. As a root user, from the opt/radware/box/bin directory, run the following command:disable_meltdown.sh


To enable protection against the Meltdown and Spectre exploit vulnerabilities

1. As a root user, from the opt/radware/box/bin directory, run the following command:enable_meltdown.sh



CHAPTER 25 – USING VDIRECT WITH APSOLUTE VISION

The following topics describe using vDirect with APSolute Vision:• vDirect-APSolute Vision Integration—Overview, page 657• Accessing the vDirect Configuration Interface of the APSolute Vision Server, page 657• Managing Devices in APSolute Vision with vDirect, page 658

Note: If you need to refer to the Radware vDirect documentation, use the documentation that corresponds to the vDirect version in the APSolute Vision server. To find out the vDirect version, in the APSolute Vision Settings view System perspective, select General Settings > Basic Parameters and look in the Software tab.

vDirect-APSolute Vision Integration—OverviewThe APSolute Vision installation includes vDirect.Users with a proper role can use vDirect with APSolute Vision to do the following:• Add Alteon, DefensePro, and LinkProof NG devices to the APSolute Vision configuration• Delete Alteon, DefensePro, and LinkProof NG devices from the APSolute Vision configuration• Modify Alteon, DefensePro, and LinkProof NG devices that APSolute Vision manages• Use the Toolbox scripts feature

Caution: An upgrade of APSolute Vision may include changes to vDirect objects included in the APSolute Vision installation—that is, system scripts. Examples of system scripts are predefined Toolbox scripts (see Predefined Toolbox Scripts, page 217) and some AppShape templates. If you modify a system script, Radware recommends downloading the file, renaming it, and uploading it to APSolute Vision as a new script with your modifications.

Accessing the vDirect Configuration Interface of the APSolute Vision ServerThe role-based access control (RBAC) configurations of both the APSolute Vision server and APSolute Vision vDirect manage the access to the APSolute Vision vDirect configuration interface. Users defined only in vDirect cannot log in to APSolute Vision. APSolute Vision users who are defined with the Administrator or Vision Administrator role can access vDirect. vDirect uses the identity-management (IDM) strings of the Administrator and Vision Administrator roles to map to an Administrator role in vDirect. The IDM string for the APSolute Vision Administrator role is SYS_ADMIN. The IDM string for the APSolute Vision Vision Administrator role is VISION_ADMIN.


Using vDirect with APSolute Vision


Other than Administrator and Vision Administrator, no other APSolute Vision roles can access vDirect. vDirect maps all other APSolute Vision roles to a vDirect role called defaultRole. The defaultRole role has no permissions in vDirect, including viewing vDirect.vDirect supports the following special users: admin, root, and vDirect, which are all mapped to the vDirect Administrator role.It is possible that the same username is defined both in APSolute Vision RBAC and vDirect access control.

You can access vDirect from the main APSolute Vision menu, by clicking vDirect (You can access vDirect explicitly through the APSolute Vision RBAC by entering vision: before the username—for example, vision:john for a user named john.You can access vDirect explicitly through the vDirect access control by entering pam: before the username—for example, pam:john for a user named john.

Note: For more information on APSolute Vision RBAC, see Role-Based Access Control (RBAC), page 68.

To log in to the vDirect configuration interface of the APSolute Vision server

1. From the main APSolute Vision menu, click vDirect ( )2. In the login dialog box, enter you user name and password.

3. Click Login.

Managing Devices in APSolute Vision with vDirectThis section contains the following topics:• APSolute Vision and vDirect Terminology, page 658• APSolute Vision vDirect Sites, page 659• APSolute-Vision–vDirect Limitations, page 659• APSolute-Vision–vDirect Prerequisites and Recommendations, page 659• Configuring a Container in vDirect, page 660• Managing DefensePro Instances in APSolute Vision vDirect, page 664

APSolute Vision and vDirect TerminologyThe terminology for managing Radware devices differs for APSolute Vision and vDirect as follows:• In APSolute Vision, you add a device; whereas in vDirect, you register a device.• A device that you added to APSolute Vision is referred to as a managed device; whereas in

vDirect, the device is referred to as registered.• APSolute Vision categorizes Alteon devices by form factor (standalone, VX, or vADC) and

platform (platform model, VA, or hosting VX-platform model).




• vDirect calls all Alteon and LinkProof NG devices containers. vDirect calls standalone/VA and vADC devices dedicated containers. vDirect calls VX devices partitioned containers.

Note: vDirect recognizes LinkProof NG devices as Alteon devices.

APSolute Vision vDirect SitesWhen you register an Alteon or DefensePro device, adding the device to the associated APSolute Vision server, vDirect adds the device under a Site in the APSolute Vision device pane called vDirect. A vDirect Site in the Sites and Devices tree displays the Alteon standalone, vADC, and VA devices and DefensePro devices. A vDirect Site in the Physical Containers tab displays ADC-VXs.

Caution: If you change the name of a vDirect Site in the APSolute Vision device pane, vDirect does not recognize it later. That is, if you change the name of a vDirect Site in the APSolute Vision device pane, and you register a new Radware device with APSolute Vision, vDirect will create a new a vDirect Site.

APSolute-Vision–vDirect LimitationsvDirect in APSolute Vision includes the following limitations:• For Radware devices that are added to APSolute Vision using APSolute Vision WBM, vDirect

displays IP address of each device, not the specified name.• You cannot register multiple vADCs from multiple VXs in the same operation.• vDirect recognizes LinkProof NG devices as Alteon devices.• DefensePro high-availability (HA) clusters defined in APSolute Vision are not supported with

vDirect.• Alteon HA clusters defined in APSolute Vision are not synchronized with vDirect.• ADC Services (a type of HA cluster of Alteon devices) defined in vDirect are not supported with

APSolute Vision.• There are differences in the set of device-access parameters that vDirect and APSolute Vision

expose. For example, APSolute Vision exposes the HTTP and HTTPS parameters, and event- notification parameters. If a DefensePro device is registered on APSolute Vision using vDirect, and the device Web (HTTPS) credentials are different from the CLI (SSH) credentials, you must update the Web credentials of the device in the APSolute Vision Device Properties dialog box (see the procedure To add a new device or edit device-connection information, page 166).

• If a device managed by APSolute Vision is in Maintenance status, device-synchronization messages from vDirect do not update APSolute Vision.

• The APSolute Vision Lock operation on a device is not enforced on vDirect. That is, the APSolute Vision and APSolute Vision vDirect can modify a device configuration in parallel. This may cause conflicting configurations.

APSolute-Vision–vDirect Prerequisites and RecommendationsThis section describes the prerequisites and recommendations for managing Radware devices in APSolute Vision with vDirect.Target Alteon and LinkProof NG devices must have SSH enabled and SNMP access enabled on the management interface (/c/sys/mmgmt/snmp mgmt, /c/sys/access/snmp w, and /c/sys/access/sshd/on).




Target DefensePro devices must have SSH and SNMP access enabled (manage ssh status set enable and manage snmp status set enable).

Certain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled by default, and they are used primarily only for troubleshooting. When these traps are disabled, traps can still, however, go to the syslog and to APSolute Vision.












Configuring a Container in vDirectThis section comprises the following:• Registering an Alteon Dedicated or Alteon VX Partitioned Container, page 660• Viewing the Resources Related to a Container, page 662• Viewing the vADCs Related to a Partitioned Container (VX), page 663• Registering an ADC of a Partitioned Container, page 663• Modifying a Registered Container, page 664• Unregistering a Container, page 664

Registering an Alteon Dedicated or Alteon VX Partitioned ContainerThis section describes how to register an Alteon dedicated or Alteon partitioned container.When you register an Alteon dedicated container, vDirect / APSolute Vision adds the Alteon in the vDirect Site of the Sites and Devices tree in the APSolute Vision device pane.When you register an Alteon partitioned container, vDirect / APSolute Vision adds the Alteon VX in the vDirect Site of the Physical Containers tree of the in the APSolute Vision device pane.

To configure an Alteon Dedicated or Alteon VX Partitioned container

1. Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the vDirect Configuration Interface of the APSolute Vision Server, page 657).

2. From the upper menu options, select Configuration.




3. Select Containers.

4. Click Register.

5. Select Alteon Dedicated or Alteon VX Partitioned.

6. Configure the parameters, and then, do the following:

a. Click Validate to check that your settings are valid.b. Click Register to complete the registration process.

Table 476: Alteon Dedicated or Alteon VX Partitioned Parameters

Parameter DescriptionName The container name.

Note: There are some reserved words (for example, DefenseFlow) that APSolute Vision does not allow as names.

Tenants Assigns the container to one or more tenants. For more information, see the vDirect documentation.

Address The IP address where the dedicated ADC container resides. This is the management IP address as it is defined on the managed device.

CLI User Name The username for CLI and HTTPS access to the device.Maximum characters: 32Default: admin

CLI Password The password for CLI and HTTPS access to the device.Maximum characters: 32Default: admin

CLI Use SSH Specifies whether the device uses SSH.Default: Enabled

CLI Port The port for SSH communication with the device.Default: 22

Note: This value should be the same as the value for the SSH port configured in the device (Configuration perspective System tab > Management Access > Management Protocols > SSH).


SNMP Port The SNMP port.Default: 161

User Name(This parameter is displayed only when SNMP Version is VersionThree.)


Authentication Protocol(This parameter is displayed only when SNMP Version is VersionThree.)

The protocol used for authentication.Values: MD5, SHA, NoneDefault: SHA




Viewing the Resources Related to a ContainervDirect displays a list of the resources that are related to the vDirect object you are configuring. You access the list of related resources as follows:

To view resources related to a container




4. In the Name column, click the link to the relevant container. The Resources Referencing box displays the list of resources related to the container.

5. In the Name column, click the link to a resource to view configuration details for that resource.

Authentication Password(This parameter is displayed only when SNMP Version is VersionThree.)


Privacy Password(This parameter is displayed only when SNMP Version is VersionThree.)


Privacy Protocol(This parameter is displayed only when SNMP Version is VersionThree.)

The SNMPv3 privacy protocol to use.Values: DES, NoneDefault: DES

SNMP Read Community(This parameter is displayed only when SNMP Version is VersionOne or VersionTwo.)

The SNMP read community name authorized to access the dedicated ADC.

SNMP Write Community(This parameter is displayed only when SNMP Version is VersionOne or VersionTwo.)

The SNMP write community name authorized to access the dedicated ADC.

Table 476: Alteon Dedicated or Alteon VX Partitioned Parameters





Viewing the vADCs Related to a Partitioned Container (VX)You can view a list of all vADCs in a container that vDirect / APSolute Vision manages. Managed vADCs are called registered ADCs. You can also view a list of all vADCs in a container that are not managed by vDirect. These are called unregistered ADCs.

To view registered vADCs in a container




4. In the Name column, click the link to the relevant container.

The Registered ADCs box displays the list of vADCs in the container.

To view unregistered ADCs in a container





5. In the Unregistered ADCs box, click Query Unregistered ADCs.

Registering an ADC of a Partitioned ContainerWhen you register an ADC of a partitioned container, vDirect / APSolute Vision adds an Alteon vADC in the vDirect Site of the Sites and Devices tree in the APSolute Vision device pane.Registering an ADC of a partitioned container is similar to configuring APSolute Vision to manage a vADC hosted by an ADC-VX managed by the same APSolute Vision server (see To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by the same APSolute Vision server, page 173).

To register an ADC of a partitioned container





5. In the Unregistered ADCs box, click Query Unregistered ADCs.

6. Select an ADC from the list, and click Register Selected.




Modifying a Registered Container This section describes how to modify a container already defined in the vDirect system.

To modify a registered container instance




4. In the Name column, click the link to the container you want to modify.

5. Make your changes.

6. Click Validate to check that your settings are valid.

7. Click Save to complete the process.

Unregistering a ContainerThis section describes how to remove a container from the vDirect system.

To unregister a container




4. Click the box to the left of the name of the container you want to unregister.

5. Click Unregister.

6. Click Unregister again to confirm the removal.

Managing DefensePro Instances in APSolute Vision vDirectThis section comprises the following:• Registering a DefensePro Instance, page 665• Modifying a Registered DefensePro Instance, page 667• Unregistering a DefensePro Instance, page 667

Certain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled by default, and they are used primarily only for troubleshooting. When these traps are disabled, traps can still, however, go to the syslog and to APSolute Vision.















Registering a DefensePro InstanceWhen you register an DefensePro instance in the vDirect / APSolute Vision system, vDirect / APSolute Vision adds the DefensePro device in the vDirect Site of the Sites and Devices tree in the APSolute Vision device pane.

Caution: If you use vDirect to register a DefensePro device, and the device Web (HTTPS) credentials are different from the CLI (SSH) credentials, you must update the Web credentials of the device in the APSolute Vision Device Properties dialog box (see the procedure To add a new device or edit device-connection information, page 166).

To register a DefensePro instance



3. Select DefensePro.

4. Click Register.

5. Configure the parameters, and then, do the following:

a. Click Validate to check that your settings are valid.b. Click Register to complete the registration process.

Table 477: DefensePro Instance Parameters

Parameter DescriptionName The name of the DefensePro instance.

Note: There are some reserved words (for example, DefenseFlow) that APSolute Vision does not allow as names.

Tenants Configures and adds new tenants to the DefensePro instance. For more information, see the vDirect documentation.

Address The management IP address of the DefensePro instance.

CLI User Name The username for CLI, HTTP, and HTTPS access to the device.Maximum characters: 32Default: radware




CLI Password The password for CLI, HTTP, and HTTPS access to the device.Maximum characters: 32Default: radware

CLI Use SSH Specifies whether the device uses SSH.Default: Enabled

CLI Port The port for SSH or telnet communication with the device.When SSH is enabled, the default SSH port is 22.When SSH is disabled, the default Telnet port is 23.

Note: This value should be the same as the value for the SSH port configured in the device (Configuration perspective System tab > Management Access > Management Protocols > SSH).

SNMP Version The SNMP version used for the connection.Default: VersionThree

SNMP Port The SNMP port.

User Name(This parameter is displayed only when SNMP Version is VersionThree.)


Authentication Protocol(This parameter is displayed only when SNMP Version is VersionThree.)

The protocol used for authentication.Values: MD5, SHA, NoneDefault: SHA

Authentication Password(This parameter is displayed only when SNMP Version is VersionThree.)


Privacy Password(This parameter is displayed only when SNMP Version is VersionThree.)


Privacy Protocol(This parameter is displayed only when SNMP Version is VersionThree.)

The SNMPv3 privacy protocol to use.Values: DES, NoneDefault: DES

SNMP Read Community(This parameter is displayed only when SNMP Version is VersionOne or VersionTwo.)

The SNMP read community name authorized to access the DefensePro.






Modifying a Registered DefensePro Instance This section describes how to modify a DefensePro instance already defined in the vDirect system.

To modify a registered DefensePro instance




4. In the Name column, click the link to the DefensePro instance you want to modify.

5. Make your changes.

6. Click Validate to check that your settings are valid.

7. Click Save to complete the process.

Unregistering a DefensePro InstanceThis section describes how to remove a DefensePro instance from the vDirect system.

To unregister a DefensePro instance




4. Click the box to the left of the name of the DefensePro instance you want to unregister.

5. Click Unregister.

6. Click Unregister again to confirm the removal.

SNMP Write Community(This parameter is displayed only when SNMP Version is VersionOne or VersionTwo.)

The SNMP write community name authorized to access the DefensePro.




APPENDIX A – MANAGING THE ONLINE-HELP PACKAGE ON THE SERVERThis appendix describes managing the online-help package on the APSolute Vision server.Managing the online-help package is available only to users with the Administrator or Vision Administrator role.Managing the online-help package comprises the following:• Upgrading the online-help package that resides in the APSolute Vision server.• Reverting the online help to the original version—that is, the online help that came with the

installation of the APSolute Vision server.

You can upgrade the online-help package that resides in the APSolute Vision server using the procedure below (To update the APSolute Vision help on the server, page 670) or using the CLI. For information on the CLI command, see System Upgrade Commands, page 650.

Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute Vision Server Advanced Parameters, page 151), APSolute Vision clients access online-help pages from the server itself or from radware.com. The online help at radware.com is always the latest, but the files on your APSolute Vision server might be out-of-date if a managed device was upgraded or a new device driver is used.The help-upgrade procedure requires a valid online-help–upgrade package.You can download the software upgrade file from the Radware customer portal. The online-help–upgrade package may also be included in the product CD.The name format of the online-help package is as follows:APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade

To download the software upgrade file from the Radware customer portal

1. Open your browser and go to www.radware.com.2. At the top right of the window, click My Account, and log in.

3. At the upper right of the window, click Customer.


Managing the Online-Help Package on the Server


4. Hover over Products, navigate to the relevant product type, and click the relevant product—as shown in the following example.

5. In the Software Releases tab, click (Download Software) for the relevant item.

6. In the Help Software Upgrade row, click .

7. Save the UPGRADE file to the appropriate location.

To update the APSolute Vision help on the server

1. In the APSolute Vision Settings mode System perspective, select General Settings > Advanced.

2. In the Online Help section, click the Update. The Upgrade APSolute Vision Help Version dialog box opens.

3. Click Browse and navigate to the online-help–upgrade package, and then, click Open.

4. Click Send. The upgrade utility uploads the package and places the online-help files in the location in the APSolute Vision server.

To revert the online help to the original version on the APSolute Vision server

1. In the APSolute Vision Settings mode System perspective, select General Settings > Advanced.

2. In the Online Help section, click Revert to Default Help.


APPENDIX B – APSOLUTE VISION LOG MESSAGES AND ALERTSThis appendix lists log messages and alerts that APSolute Vision may issue.Many of the log messages and alerts also include a unique numeric ID. The tables in the following sections display the ID when available.When APSolute Vision receives a log message or alert that a managed device issues, APSolute Vision displays the log message or alert with the ID 20000 or 30000.Some messages or alerts comprise two versions, depending on whether the detailed auditing is enabled (Enable Detailed Auditing of APSolute Vision Activity and Enable Detailed Auditing of Device Configuration Changes). For more information, see Configuring Settings for the Alerts Pane, page 112.This appendix comprises the following sections:• Global Parameters, page 672• Advanced Parameters, page 672• Alert Browser Settings, page 673• Connection Settings, page 674• Monitoring Settings, page 675• RADIUS Configuration, page 676• Security Alert Settings, page 677• TACACS+ Configuration Settings, page 678• Warning Threshold Settings, page 678• SharePath Settings, page 679• APSolute Vision License Settings, page 679• Upload Logo Settings, page 680• Device Operation Alerts, page 680• Audit Message Type Enum, page 683• HTTPS Communication Check, page 684• Anti-Fraud Update on the Device, page 684• SUS Updates, page 685• ERT Active Attackers Feed, page 685• Operation Constant, page 686• Audit Messages, page 686• Alert Mail Notifier, page 687• Scheduled Task Alerts, page 688• General, page 690• Alerts from CLI, page 690• Device Configuration Audit Messages, page 692


APSolute Vision Log Messages and Alerts


Global ParametersThe following table lists the messages that are triggered by actions performed on global parameters. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

Advanced ParametersThe following table lists the messages that are triggered by actions performed on advanced parameters. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

Table 478: Global Parameters

ID Type Message- R User <username> has changed the default password for other users.

- R User <username> has changed the default Password for the user radware.

- R User <username> has changed the User Statistics Storage

- D User <username> has changed the User Statistics Storage to <value>.

- R User <username> has changed the Number of Password Challenges.

- D User <username> has changed the Number of Password Challenges to <value>.

- R User <username> has changed the Number of Last Passwords Saved.

- D User <username> has changed the Number of Last Passwords Saved to value <value>.

- R User <username> has changed the Password Validity Period

- R User <username> changed the setting that users must change their password at first login.

- D User <username> changed the setting that users must change their password at first login to <value>.

Table 479: Advanced Parameters

ID Type Message- R User <username> has changed the Online Help URL.

- D User <username> has changed the Online Help URL to APSolute Vision Server.

- D User <username> has changed the Online Help URL to Radware.com.

- R User <username> has changed the Results per Page.

- D User <username> has changed the Results per Page to <value>.

- R User <username> has changed the Device Lock Timeout.

- D User <username> has changed the Device Lock Timeout to <value>.

- R User <username> User <username> User <username> has changed the Minimal Log Level.

- D User <username> has changed the Minimal Log Level to <value>.




Alert Browser SettingsThe following table lists the messages that are triggered by actions performed on Alert Browser settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

- R User <username> has changed the Max. Number of Configuration Files per Device.

- D User <username> has changed the Max. Number of Configuration Files per Device to <value>.

Table 480: Alert Browser Settings

ID Type Message- R User <username> has changed the Syslog Facility.

- D User <username> has changed the Syslog Facility to <value>.

- R User <username> has changed the L4 Destination Port for Syslog Reporting.

- D User <username> has changed the L4 Destination Port for Syslog Reporting to Port <value>.

- R User <username> changed the Syslog server address.

- D User <username> changed the Syslog server address to <value>.

- R User <username> has changed the Syslog Reporting report (scope).

- D User <username> has changed the Syslog Reporting report (scope) to <value>.

- R User <username> changed the Syslog reporting status.

- D User <username> changed the Syslog reporting status to <value>.

- R User <username> changed the Syslog reporting encryption status.

- D User <username> changed the Syslog reporting encryption status to <value>.

- R User <username> changed the Syslog reporting encryption certificate.

- D User <username> changed the Syslog reporting encryption certificate to <value>.

- R User <username> changed the Syslog reporting authentication status.

- D User <username> changed the Syslog reporting authentication status to <value>.

- R User <username> changed the Syslog reporting authentication type.

- D User <username> changed the Syslog reporting authentication type to <value>.

- R User <username> changed the Syslog reporting encryption authentication permitted peer was changed.

- D User <username> changed the Syslog reporting encryption authentication permitted peer was changed to <value>.

- R User <username> changed the Syslog reporting encryption authentication private key was changed.

- D User <username> changed the Syslog reporting encryption authentication private key was changed to <value>.

Table 479: Advanced Parameters (cont.)

ID Type Message




Connection SettingsThe following table lists the messages that are triggered by actions performed on connection settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

- R User <username> changed the Syslog reporting encryption authentication public key was changed.

- D User <username> changed the Syslog reporting encryption authentication public key was changed to value>.

- R User <username> changed the detailed APSolute Vision activity auditing alerts feature to <value>

- D User <username> changed the detailed APSolute Vision activity auditing alerts feature.

- R User <username> changed the detailed Device Configuration auditing alerts feature.

- D User <username> changed the detailed Device Configuration auditing alerts feature to <value>.

Table 481: Connection Settings

ID Type Message00986 R User <username> has changed the password for authentication with the proxy

server.

00987 R User <username> has changed the user name for authentication with the proxy server.

00988 R User <username> changed the proxy-server authentication status.

00988 D User <username> changed the proxy-server authentication status to <value>.

00989 R User <username> has changed the port of the proxy server.

00989 D User <username> has changed the port of the proxy server to port <value>.

00990 R User <username> has changed the IP address of the proxy server.

00991 R User <username> changed the proxy-server status.

00991 D User <username> changed the proxy-server status to <value>.

00992 R User <username> has changed the timeout for connecting to a device using SNMP.

00992 D User <username> has changed the timeout for connecting to a device using SNMP to <value>.

00993 R User <username> has changed the number of retries for connecting to a device using SNMP.

00993 D User <username> has changed the number of retries for connecting to a device using SNMP to <value>.

00994 R User <username> has changed the port for accessing a device using SNMP.

00994 D User <username> has changed the port for accessing a device using SNMP to port <value>.

Table 480: Alert Browser Settings (cont.)

ID Type Message




Monitoring SettingsThe following table lists the messages that are triggered by actions performed on monitoring settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

00995 R User <username> has changed the value of the 'Session Inactivity Timeout' parameter.

00995 D User <username> has changed the value of the 'Session Inactivity Timeout' parameter to <value>.

00996 R User <username> has changed the default HTTPS port toward devices.

00996 D User <username> has changed the default HTTPS port toward devices to port <value>.

00997 R User <username> has changed the default HTTP port toward devices.

00997 D User <username> has changed the default HTTP port toward devices to port <value>.

00998 D User <username> has changed the IP address of the proxy server to IP Address <value>.

00999 D User <username> has changed the user name for authentication with the proxy server to proxy-username <value>.

Table 482: Monitoring Settings

ID Type Message01000 R User <username> has changed the Polling Interval for Reports.

01000 D User <username> has changed the Polling Interval for Reports to <value>.

01001 R User <username> has changed the Timeout for Device Status Poll.

01001 D User <username> has changed the Timeout for Device Status Poll to <value>.

01002 R User <username> has changed the polling interval for device status.

01002 D User <username> has changed the polling interval for device status to <value>.

01003 R User <username> has changed the Polling Interval for System Configuration.

01003 D User <username> has changed the Polling Interval for System Configuration to <value>.

01004 R User <username> has changed the Polling Interval for On-line Monitoring.

01004 D User <username> has changed the Polling Interval for On-line Monitoring to <value>.

01005 R User <username> changed the status of the MSISDN resolution feature.1

01006 D User <username> changed the status of the MSISDN resolution feature to <value>.1

01007 R User <username> changed the MSISDN IP address.1

01007 D User <username> changed the MSISDN IP address to <value>.1

01008 R User <username> changed the MSISDN Port address.1

Table 481: Connection Settings (cont.)

ID Type Message




RADIUS ConfigurationThe following table lists the messages that are triggered by actions performed on the RADIUS configuration. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

01008 D User <username> changed the MSISDN Port address to <value>.1

01009 R User <username> changed the MSISDN user name.1

01009 D User <username> changed the MSISDN user name to <value>.1

01010 R User <username> changed the MSISDN password.1

1 – The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and later.

Table 483: RADIUS Configuration

ID Type Message- R User <username> has changed the Timeout for the RADIUS servers.

- D User <username> has changed the Timeout for the RADIUS servers to <value>.

- R User <username> has changed the Retries for the RADIUS servers.

- D User <username> has changed the Retries for the RADIUS servers to <value>.

- R User <username> has changed the Authentication Type for the RADIUS servers.

- D User <username> has changed the Authentication Type for the RADIUS servers to <value>.

- R User <username> has changed the Attribute ID for the RADIUS servers.

- D User <username> has changed the Attribute ID for the RADIUS servers to <value>.

- R User <username> has changed the Vendor ID for the RADIUS servers.

- D User <username> has changed the Vendor ID for the RADIUS servers to <value>.

- R User <username> has changed the Vendor Role Attribute ID for the RADIUS servers.

- D User <username> has changed the Vendor Role Attribute ID for the RADIUS servers to <value>.

- R User <username> has changed the Vendor Policy Attribute ID for the RADIUS servers.

- D User <username> has changed the Vendor Policy Attribute ID for the RADIUS servers to <value>.

- R User <username> has changed the Shared Secret for the Secondary RADIUS server.

- R User <username> has changed the Shared Secret for the Primary RADIUS server.

Table 482: Monitoring Settings (cont.)

ID Type Message




Security Alert SettingsThe following table lists the messages that are triggered by actions performed on the security alert settings.

- R User <username> has changed the Port for the Secondary RADIUS server.

- D User <username> has changed the Port for the Secondary RADIUS server to <value>.

- R User <username> has changed the Port for the Primary RADIUS server.

- D User <username> has changed the Port for the Primary RADIUS server to <value>.

- R User <username> has changed the IP Address for the Secondary RADIUS server.

- D User <username> has changed the IP Address for the Secondary RADIUS server to <value>.

- R User <username> has changed the IP Address for the Primary RADIUS server.

- D User <username> has changed the IP Address for the Primary RADIUS server to <value>.

Table 484: Security Alert Settings

ID Type Message01012 R Security alert fields were modified: Rule Name was enabled.

01013 R Security alert fields were modified: Rule Name was disabled.

01014 R Security alert fields were modified: Source IP was enabled.

01015 R Security alert fields were modified: Source IP was disabled.

01016 R Security alert fields were modified: Destination port was enabled.

01017 R Security alert fields were modified: Destination port was disabled.

01018 R Security alert fields were modified: Attack Name was enabled.

01019 R Security alert fields were modified: Attack Name was disabled.

01020 R Security alert fields were modified: Action was enabled.

01021 R Security alert fields were modified: Action was disabled.

01022 R Security alert fields were modified: Destination IP was enabled.

01023 R Security alert fields were modified: Destination IP was disabled.

Table 483: RADIUS Configuration (cont.)

ID Type Message




TACACS+ Configuration SettingsThe following table lists the messages that are triggered by actions performed on the TACACS+ configuration settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

Warning Threshold SettingsThe following table lists the messages that are triggered by actions performed on warning threshold settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

Table 485: TACACS+ Configuration Settings

ID Type Message- R User <username> changed TACACS+ service name.

- D User <username> changed TACACS+ service name to <value>.

- R User <username> changed TACACS+ timeout.

- D User <username> changed TACACS+ timeout to <value>.

- R User <username> changed TACACS+ retries.

- D User <username> changed TACACS+ retries to <value>.

- R User <username> changed TACACS+ minimal required privilege level.

- D User <username> changed TACACS+ minimal required privilege level to <value>.

- R The Authentication Type for the TACACS+ servers was changed.

- R User <username> changed TACACS+ secondary server shared secret.

- R User <username> changed TACACS+ primary server shared secret.

- R User <username> changed TACACS+ secondary server port.

- D User <username> changed TACACS+ secondary server port to <value>.

- R User <username> changed TACACS+ primary server port.

- D User <username> changed TACACS+ primary server port to <value>.

- R User <username> changed TACACS+ secondary server IP address.

- D User <username> changed TACACS+ secondary server IP address to <value>.

- R User <username> changed TACACS+ primary server IP address.

- D User <username> changed TACACS+ primary server IP address to <value>.

Table 486: Warning Threshold Settings

ID Type Message00980 R User <username> has changed the threshold for Warning Falling CPU

Utilization.

00980 D User <username> has changed the threshold for Warning Falling CPU Utilization to <value>.

00982 R User <username> has changed the threshold for Error Falling CPU Utilization.




SharePath SettingsThe following table lists the messages that are triggered by actions performed on SharePath settings.

APSolute Vision License SettingsThe following table lists the messages that are triggered by actions performed APSolute Vision license settings.

00982 D User <username> has changed the threshold for Error Falling CPU Utilization to <value>.

00983 R User <username> has changed the threshold for Error Rising CPU Utilization.

00983 D User <username> has changed the threshold for Error Rising CPU Utilization to <value>.

00981 R User <username> has changed the threshold for Warning Rising CPU Utilization.

00981 D User <username> has changed the threshold for Warning Rising CPU Utilization to <value>.

00984 R User <username> disabled alarms for server CPU utilization.

00985 R User <username> enabled alarms for server CPU utilization.

Table 487: SharePath Settings

ID Type Message- R The management IP of a SharePath server instance was updated.

- R The data IP of a SharePath server instance was updated.

- R The backup server IP of a SharePath server instance was updated.

- R The Performance Limit of a SharePath server instance was updated.

00585 R A SharePath server instance was added to the configuration of the APSolute Vision server.

00586 R A SharePath server instance was removed from the configuration of the APSolute Vision server.

Table 488: Upload Logo Settings

ID Type Message- R A license of type <feature Name> was deleted from APSolute Vision.

00852 R A new license of type <license type> was provided for APSolute Vision.

Table 486: Warning Threshold Settings (cont.)

ID Type Message




Upload Logo SettingsThe following table lists the message that is triggered by actions performed on APSolute Vision Reporter logo settings.

Security Group SettingsThe following table lists the messages that are triggered by actions performed on Security Group settings.

Device Operation AlertsThe following table lists the messages that are device operation alerts.

Table 489: Upload Logo Settings

ID Type Message- R A new logo for Vision Reporter uploaded, filename: <file name>.

Table 490: Security Group Settings

ID Type Message- R A DefensePro Security Group's senders list was updated.

- R A DefensePro Security Group's receivers list was updated.

- R Blocking Rule parameters of a DefensePro Security Group were updated.

- R Security modules of a DefensePro Security Group were updated.

- R A DefensePro Security Group was disabled.

- R A DefensePro Security Group was enabled.

- R A DefensePro Security Group's blocking period was updated.

- R A new DefensePro Security Group was created.

Table 491: Device Operation Alerts

ID Type Message- R User <username> backed up a configuration file for device <device name> -

<Device IP>.

- R User <username> restored a configuration file to device <device name> - <device IP>.

- R User <username> uploaded an attack signatures file to device <device name> - <device IP>.

- R User <username> updated the attack signatures file to device <device name>.

- R User <username> failed uploading the attack signatures file to device <device name>.

- R <device name>, <device IP> is locked by other user.

- R User <username> failed to unlock <device name>, <device IP>.




- R <device name>, <device IP> cannot be unlocked by user <username> because it already locked by user <username>

- R <Operation Name> action finished successfully for device <device name>. <Operation Output>

- R <Operation Name> action failed for device <device name> due to: <reason>

- R Send Signature File From Website To Device

- R Send File To Device

- R Send Attack Signatures File To Device

- R For more information, see the Messages tab.

- R The device type or version is not compatible with DefensePro Configuration Template feature.

00699, 00971

R Devices <device name> and <device name> have identical SNMP engine IDs. To prevent connection problems, change the engine ID on one of the devices.

00723 R Failed to retrieve the Device Driver from <device name>. Please enable HTTPS or HTTP communication on the device.

00908 R <Operation Name> action failed for device <device name>. <Operation Output>

00910, 00952

R User <username> failed uploading a quarantine file to device <device name> - <device IP>.

00912 R User <username> failed downloading a quarantine file from device <device name> - <device IP>.

00915 R User <username> uploaded a configuration file to device <device name> - <device IP> successfully.

00915, 00944

R User <username> uploaded a configuration file to device <device name> - <device IP> successfully.

00916, 00945

R User <username> failed uploading a configuration file to device <device name> - <device IP>.

00920 R User <username> upgraded the software for device <device name> - <device IP> successfully.

00921 R The signature file is up-to-date. No download is required.

00926 R <device name>, <device IP> unlocked due to inactivity.

00927, 00938, 01098

R <device name>, <device IP> unlocked by user <username>.

00933 R User <username> rebooted device <device name> - <device IP>.

00934 R User <username> shutdown device <device name> - <device IP>.

00935 R <device name>, <device IP> locked by user <username>.

00936 R <device name>, <device IP> is already locked.

00937 R <device name>, <device IP> forcibly locked by user <username>.

00939 R <device name>, <device IP> is already unlocked.

00941 R User <username> failed to update Anti-Fraud signatures for device <device name>.

00942, 01047

R User <username> uploaded file <file name> to device <device name> - <device IP> successfully.

Table 491: Device Operation Alerts (cont.)

ID Type Message




00947 R Failed to retrieve the <file type> file <file name> from device <device name> - <Device IP>.

00948 R User <username> downloaded a certificate file from device <device name> - <Device IP> successfully.

00949 R User <username> failed downloading a certificate file from device <device name> - <device IP>.

00950 R User <username> failed uploading a certificate file to device <device name> - <device IP>.

00951 R User <username> uploaded a certificate file to device <device name> - <device IP> successfully.

00954 R User <username> failed uploading a file to device <device name> - <device IP>.

00955 R User <username> uploaded a file to device <device name> - <device IP> successfully.

00956 R User <username> downloaded a file from device <device name> - <device IP> successfully.

00957 R User <username> failed downloading a file from device <device name> - <device IP>.

00958 R User <username> uploaded a certificate revocation list file to device <device name> - <device IP> successfully.

00959 R User <username> failed uploading a certificate revocation list file to device <device name> - <device IP>.

00961 R User <username> failed upgrading software for device <device name> - <device IP>.

00964, 00965

R Wrong parameters are passed from client.

00967 R Device <device name>, <device IP> deleted successfully.

00968 R Device <device name>, <device IP> deletion failed.

01048, 01105

R User <username> failed uploading file <file name> to device <device name> - <Device IP>.

01049 R User <username> downloaded <file type> file from device <device name> - <Device IP> successfully.

01050 R Failed to retrieve the <file type> file from device <device name> - <device IP>. Check your HTTP/HTTPS configuration and try again.

01051, 00940

R User <username> failed downloading file <file name> from device <device name> - <device IP>.

01052 R Restore Device Driver for device <device name> succeeded.

01053 R Restore Device Driver failed for device <device name>.

01099 R A newer device driver is available for {0} {1}: {2}. You can manage device drivers in the Settings view.

01100 R Failed to retrieve the Device Driver from <device name>. Please check status of HTTPS or HTTP communication on the device and specified credentials.

01102 R The software version from the device driver metadata ({0}) does not match the software version from the driver name ({1}).

01103 R The driver file for device {0} is invalid.


ID Type Message




Audit Message Type EnumThe following table lists the enum audit messages.

01106 R Failed <file type> file verification on device <device name> - <device IP>.

01107 R An operation was performed using a proxy server.

01110 R User <username> failed to lock <device name>, <device IP>.

Table 492: Audit Message Type Enum

ID Type Message- R Added user <username>.

- R User <username> changed password.

- R Deleted user <username>.

- R Enabled user <username>.

- R Disabled user <username>.

- R User <username> was locked.

- R User <username> was unlocked.

- R User <username> successfully logged in.

- R User <username> failed to log in.

- R Password for user <username> was reset.

- R Changed properties for user <username>.

- R User <username> logged out.

- R Updating Configuration template <template> failed because <reason>.

- R Updated role-scope pair for user <username>.

- R Removed role-scope pair for user <username>.

- R User <username> changed the scheduled task name.

00855 R Changed password expiration date for user <username>.

00866 R Changed name for user <username> to <username>.

00873 R User <username> has credentials error.

00874 R The configuration template <template> was added to the APSolute Vision server.

00875 R The configuration template <template> was updated to the APSolute Vision server.

00876 R The configuration template <template> was deleted to sic the APSolute Vision server.

00877 R Propagated Configuration template <template>.

00878 R Failed to propagate Configuration template <template>.


ID Type Message




HTTPS Communication CheckThe following table lists the messages that are triggered by actions performed on HTTPS communication.

Anti-Fraud Update on the DeviceThe following table lists the messages that are triggered by Anti-Fraud update actions.

Table 493: HTTPS Communication Check

ID Type Message- R The specified HTTPS user <username> does not exist on the device.

00180 R Secure-Web-server operation on the device is disabled.

00182 R The specified HTTPS password is incorrect, or you have exceeded the maximum allowed login attempts.

00184 R APSolute Vision has encountered an error communicating with the device over HTTPS.

Table 494: Anti-Fraud Update

ID Type Message- R Synchronize Device Configuration (for cluster)

- R Synchronization Task (<task name>) failed: Skipping unmatching device: <name> (Version: <Version>, Redundancy Status: <Status>, Parent: <name>.

- R Synchronization Task (<task name>) failed: Skipping device: <name> (backup device was not found).

00062 R Task <task name> failed.

00070 R Anti-Fraud update failed: unable to retrieve Anti-Fraud signatures.

00071 R Anti-Fraud signature update failed for some of devices.

00072 R The Anti-Fraud update task is not applicable to device <device name>.

00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures update for following devices: <device list>.

00076 R The Update Anti-Fraud Security Signature task failed. No device configured for the task has Fraud Protection enabled.

00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.

00097 R Anti-Fraud Update is not required for any subscribed device from the task.

00106 R Fraud Protection is disabled for device <device name>.

00482 R Not authorized operation launched by the user: <name> on screen <screen ID>

00815 R Scheduled Task <task name> executed successfully

01088 R Failed to run task logic for task <task name>.

01623 R The Radware site cannot be reached to download the update. Please check DNS and Proxy settings in APSolute Vision configuration.

01625 R Scheduled Task <task name> is completed.

01628 R The Anti-Fraud Update succeeded for device <device name>.




SUS UpdatesThe following table lists the messages that are triggered by SUS update actions.

ERT Active Attackers FeedThe following table lists the messages that are triggered by the ERT Active Attackers Feed for DefensePro task. This task updates the entries in the Black List module in the selected DefensePro devices.

Table 495: SUS Updates

ID Type Message01088 R Failed to run task logic for task <task name>.

01482 R User <user name> failed to download the file <file name> for the device <device IP>. The device does not have a subscription for SUS updates.

01483 R User <user name> failed to download the file <file name> from Radware.com.

01484 R User <user name> failed to send the file <file name> to the device at IP address <device IP>.


01624 R Device <device name> does not have a valid subscription for Attack Signatures update.

01657, 01658

R User <user name> failed to upload the file <file name> to the device <device name> (IP address: <device IP>).

Table 496: ERT Active Attackers Feed Updates

ID Type Message01902 R The ERT Active Attackers Feed task updated the following DefensePro devices:

<device list>.

01903 R The ERT Active Attackers Feed task failed.

01904 R The following DefensePro devices are not available: <device list>.

01905 R The following DefensePro devices are not subscribed to the ERT Active Attackers Feed service: <device list>.

01906 R Updating the following DefensePro devices with the ERT Active Attackers Feed failed: <device list>.

01908 R Skipping device update. The content of the ERT Active Attackers Feed is the same as the previous run.

01912 R Filtered ERT Active Attackers Feed is empty. Deleting previous feed from devices.

01914 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed information from Radware.

01915 R ERT Active Attackers Feed task was aborted. A communication problem caused a failure in loading feed information from Radware.

01916 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed from Radware.

01917 R ERT Active Attackers Feed task was aborted. A communication problem caused a failure in loading the feed from Radware.




Operation ConstantThe following table lists the messages that are triggered by operation constants.

Audit MessagesThe following table lists the audit messages.

01918 R ERT Active Attackers Feed task was aborted. There are no devices with a valid subscription.

01919 R Update failed with the following error on the device <device>: <error>

01920 R ERT Active Attackers Feed task failed to update the device <device>. No specific error.

Table 497: Operation Constant

ID Type Message- R Anti-Fraud Security Signature Update from Radware Site failed.

- R Anti-Fraud Security Signature Update from Radware Site succeeded.

- R Anti-Fraud Security Signature Update was downloaded from Radware Site

- R Anti-Fraud Security Signature Update is not required.

00917 R Backup Vision DB failed.

00918 R Backup Vision DB succeeded.

01041 R Updating the Attack Description file from Radware site succeeded.

01042 R Updating the Attack Description file from Radware site failed.

01043 R Updating the Attack Description file from Remote Server succeeded.

01044 R Update the Attack Description file from Remote Server failed.

01045 R Updating the Attack Description file from client succeeded.

01046 R Updating the Attack Description file from client failed.

Table 498: Audit Messages

ID Type Message- R User <username> added account <account> ,with Scope <scope>, Role <role>

and Network Policy <policy>

- R User <username> changed password expiration Date for user <user name>, to expiration Date <date>

00857 R User <username> changed his/her password.

00858 R User <username> deleted account <account>

00859 R User <username> enabled account <account>

00860 R User <username> disabled the account <account>

Table 496: ERT Active Attackers Feed Updates (cont.)

ID Type Message




Alert Mail NotifierThe following table lists the messages that are triggered by actions performed on alert mail settings. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

00861 R Account <account> was locked

00862 R User <username> has unlocked account <account>

00863 R Account <account> successfully logged in

00864 R Account <account> failed to log in

00865 R User <username> reset password for account <account>

00866 R User <username> changed name for user <name>, to <name>

00868 R User <username> update the Full Name of account <account>, to Full Name: <value>

00870 R User <username> update the Contact Information of account <account>, to Contact Information: <value>.

00872 R Account <account> logged out.

00874 R The configuration template <template> was added to the APSolute Vision server

00875 R The configuration template <template> was updated to the APSolute Vision server

00876 R The configuration template <template> was deleted to the APSolute Vision server

00877 R Propagated Configuration template <template>

00878 R Failed to propagate Configuration template <value>

- R Updating Configuration template <value> failed because <reason>

00880 R User <username> added or modified the Role-scope pair for account <account> , to Role-scope pair <pair>

00882 R User <username> removed the Role-scope pair <pair> of account <account>

00883 R User <username> changed his/her password on the APSolute Vision server machine.

00884 R User <username> deleted device backup file <file name>

Table 499: Alert Mail Notifier

ID Type Message- D User <username> has changed the Subject Header in the Email Reporting

Configuration to <value>.

01026 R Email reporting settings were changed.

01028 R User <username> has changed the Email Sending Interval.

01028 D User <username> has changed the Email Sending Interval to <value>.

01029 R User <user name> has changed the From Header in the Email Reporting Configuration.

Table 498: Audit Messages (cont.)

ID Type Message




Scheduled Task AlertsThe following table lists the messages that are triggered by actions performed on scheduled tasks. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

01029 D User <user name> has changed the From Header in the Email Reporting Configuration to <value>.

01030 R User <username> has changed the Number of Alerts per Email.

01030 D User <username> has changed the Number of Alerts per Email to <value>.

01031 R User <username> has changed the Recipient Email Address.

01032 R User <username> has changed the SMTP Server Address.

01032 D User <username> has changed the SMTP Server Address to IP Address <value>.

01033 R User <username> has changed the SMTP User Name.

01034 R User <username> has changed the Subject Header in the Email Reporting Configuration.

01024 D User <username> has changed the Recipient Email Address to email-address <value>.

01025 D User <username> has changed the SMTP User Name to smtp-username <value>.

Table 500: Scheduled Task Alerts

ID Type Message- R User <username> changed the scheduled task backup file name.

- D User <username> changed the scheduled task backup file name to <value>.

- R User <username> changed the scheduled task destination IP address.

- D User <username> changed the scheduled task destination IP address to <value>.

- R User <username> has changed the password for authentication with the backup device during a scheduled task.

- D User <username> has changed the password for authentication with the backup device during a scheduled task.

- R User <username> changed the scheduled task backup directory.

- D User <username> changed the scheduled task backup directory to <value>.

- R User <username> changed the protocol to communicate with the backup device during a scheduled task.

- D User <username> changed the protocol to communicate with the backup device during a scheduled task to protocol <value>.

- R User <username> has changed the user name for authentication with the backup device during a scheduled task.

- D User <username> has changed the user name for authentication with the backup device during a scheduled task to username <value>.

Table 499: Alert Mail Notifier (cont.)

ID Type Message




- R User <username> added Devices to a scheduled task's list of devices.

- D User <username> changed scheduled task name to <value>.

- R User <username> updated the date (day) of a scheduled task.

- D User <username> updated the date (day) of a scheduled task to <value>.

- R User <username> updated the date (month) of a scheduled task.

- D User <username> updated the date (month) of a scheduled task to <value>.

- R User <username> updated the date (year) of a scheduled task.

- D User <username> updated the date (year) of a scheduled task to <value>.

- R User <username> updated the time (hour) of a scheduled task.

- D User <username> updated the time (hour) of a scheduled task to <value>.

- R User <username> updated the time (minutes) of a scheduled task.

- D User <username> updated the time (minutes) of a scheduled task to <value>.

- R User <username> updated the time (seconds) of a scheduled task.

- D User <username> updated the time (seconds) of a scheduled task to <value>.

- R User <username> updated the frequency of a scheduled task.

- D User <username> updated the frequency of a scheduled task to <value>.

- R User <username> updated the quantity of minutes between two executions of a scheduled task.

- D User <username> updated the quantity of minutes between two executions of a scheduled task to <value>.

- R User <username> set run always to a scheduled task.

- R User <username> updated the start date of the scheduled period of a scheduled task.

- D User <username> updated the start date of the scheduled period of a scheduled task to <value>.

- R User <username> updated the end date of the scheduled period of a scheduled task.

- D User <username> updated the end date of the scheduled period of a scheduled task to <value>.

- R User <username> removed Devices from a scheduled task's list of devices.

- R User <username> changed scheduled task name.

00072 R The Anti-Fraud update task is not applicable to device <device name>.

00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures update for following devices: <device list>.

00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.

00097 R Anti-Fraud Update is not required for any subscribed device from the task.

00106 R Fraud Protection is disabled for device <device name>.

00972 R User <username> changed scheduled task to enabled.

00973 R User <username> changed scheduled task to disabled.

00976 R User <username> changed scheduled task file type.

00976 D User <username> changed scheduled task file type to <value>.

Table 500: Scheduled Task Alerts (cont.)

ID Type Message




GeneralThe following table lists the message that is triggered when the APSolute Vision server is up.

Alerts from CLIThe following table lists the messages that are triggered by actions performed in the APSolute Vision CLI.

00977 R User <username> created a scheduled task.

00978 R User <username> removed a scheduled task.

01088 R Failed to run task logic for task <task name>.


01624 R Device <device name> does not have a valid subscription for Attack Signatures update.

01625 R Scheduled Task <task name> is completed.

01628 R The Anti-Fraud Update succeeded for device <device name>.

Table 501: General

ID Type Message00810 R The APSolute Vision server is now up.

Table 502: Alerts from CLI

ID Type Message60000 R User <username> has created a system backup.

60001 R User <username> has failed to create a system backup with error message: <error message>.

60004 R User <username> has restored a system backup.

60005 R User <username> has failed to restore a system backup with error message: <error message>.

60006 R User <username> exported a system backup successfully.

60007 R User <username> failed to export a system backup with error message: <error message>.

60008 R User <username> has created a new system configuration backup.

60009 R User <username> failed to create a new system configuration backup with error message: <error message>.

60012 R User <username> successfully restored a system configuration Backup.

60013 R User <username> failed to restore a system configuration backup with error message: <error message>.

Table 500: Scheduled Task Alerts (cont.)

ID Type Message




60014 R User <username> successfully exported a system configuration backup.

60015 R User <username> failed to export a system configuration backup with error message: <error message>.

60016 R User <username> has created a new Vision Reporter backup.

60017 R User <username> failed to create a new Vision Reporter backup with error message: <error message>.

60020 R User <username> successfully restore a Vision Reporter Backup.

60021 R User <username> failed to restore a Vision Reporter backup with error message: <error message>.

60022 R User <username> successfully exported a Vision Reporter Backup.

60023 R User <username> failed to export a Vision Reporter backup with error message: <error message>.

60024 R User <username> created a tech-support file.

60025 R User <username> failed to create a tech-support file with error message: <error message>.

60028 R User <username> successfully restore a tech-support file.

60029 R User <username> failed to restore a tech-support file with error message: <error message>.

60030 R User <username> successfully exported a tech-support file.

60031 R User <username> failed to export a tech-support file with error message: <error message>.

60032 R User <username> changed the date and time on the APSolute Vision server to Date and Time <value>.

60033 R User <username> changed the timezone of the APSolute Vision server to Timezone <value>.

60034 R User <username> started the Vision server.

60035 R User <username> failed to started the Vision server.

60036 R User <username> stopped the Vision server.

60037 R User <username> failed to stop the Vision server.

60038 R User <username> changed the IP address for the <value> port of the APSolute Vision server to IP Address <value>.

60039 R User <username> changed the tech-support password of the APSolute Vision server.

60040 R User <username> changed the web-access password of the APSolute Vision server.

60041 R The <username> user password of the APSolute Vision system was changed.

60042 R User <username> changed the root user password of the APSolute Vision system.

60043 R User <username> changed the vision-files user password of the APSolute Vision system.

60044 R User <username> started the database server.

60045 R User <username> stopped the database server.

60046 R User <username> failed to stop the database server.

Table 502: Alerts from CLI (cont.)

ID Type Message




Device Configuration Audit MessagesThe following table lists the messages that are triggered by actions performed on device configurations. The value in the Type column identifies whether the message is regular (R), or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Pane, page 112).

Hardware AlertsThe following table lists the messages that APSolute Vision issues the following alerts related to hardware issues.

60047 R User <username> added CLI-Access for external user: <name>.

60048 R User <username> deleted CLI-Access for external user: <name>.

Table 503: Device Configuration Audit Messages

ID Type Message- R User <username> set value to scalar '<name>'

- D User <username> set value to scalar '<name>': <value>.

- R User <username> added a row to table '<name>':

- D User <username> added a row to table '<name>', indexes:

- R User <username> deleted row from table '<name>':

- D User <username> deleted row from table '<name>', indexes:

- R User <username> edited a row of table '<name>':

- D User <username> edited a row of table '<name>', indexes:

- R User <username> Propagated template '<template>' in table '<name>':

- D User <username> Propagated template '<template>' in table '<name>',

Table 504: Hardware Alerts

ID Type Message- R APM server disk space and usage exceeding the <number> percent threshold -

usage is <number> percent

00889 R Fan number <number> is not working.

00890 R Temperature above critical threshold: temperature sensor number <number> is reporting <temperature C>°C / <temperature F>°F.

00892 R Rising: CPU utilization is high for core <<number>>

01901 R The APSolute Vision disk utilization of "<filesystemPath>" is now <percent>%.

Table 502: Alerts from CLI (cont.)

ID Type Message


APPENDIX C – MIBS FOR MONITORING APSOLUTE VISION This appendix contains the following sections, which describe the MIBs that APSolute Vision exposes for monitoring APSolute Vision:• RFC1213 MIB Objects for Monitoring APSolute Vision, page 694• Host Resources MIB Objects for Monitoring APSolute Vision, page 696• UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision, page 696• Trap Objects for Monitoring APSolute Vision, page 697• Trap Objects for APSolute Vision Alerts, page 698

Note: For information on managing the settings of the SNMP interface, see System SNMP Commands, page 640.


MIBs for Monitoring APSolute Vision


RFC1213 MIB Objects for Monitoring APSolute VisionThe following table describes the supported objects from the RFC1213 MIB for monitoring APSolute Vision.

Table 505: RFC1213 MIB Objects for Monitoring APSolute Vision

Object OID Data Type Descriptionsystem

sysDescr 1.3.6.1.2.1.1.1 DisplayString (SIZE (0..255))

A textual description of the entity. This value should include the full name and version identification of the system’s hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters.

sysUptime 1.3.6.1.2.1.1.3 TimeTicks The time (in hundredths of a second) since the network management portion of the system was last re-initialized.

sysContact 1.3.6.1.2.1.1.4 DisplayString (SIZE (0..255))

The textual identification of the contact person for this managed node, together with information on how to contact this person.

sysName 1.3.6.1.2.1.1.5 DisplayString (SIZE (0..255))

An administratively assigned name for this managed node. By convention, this is the node's fully-qualified domain name.

Interface

ifTable 1.3.6.1.2.1.2.2 A list of interface entries. The number of entries is given by the value of ifNumber.

ifIndex 1.3.6.1.2.1.2.2.1.1 INTEGER32 A unique value, greater than zero, for each interface.

ifDescr 1.3.6.1.2.1.2.2.1.2 DisplayString (SIZE (0..255))

A textual string containing information about the interface.

ifPhysAddress 1.3.6.1.2.1.2.2.1.6 OCTETSTR The interface’s address at its protocol sub-layer. For example, for an 802.x interface, this object normally contains a MAC address.




ifOperStatus 1.3.6.1.2.1.2.2.1.8 INTEGER The current operational state of the interface.Values: • 1—Up• 2—Down• 3—Testing• 4—Unknown• 5—Dormant• 6—Not present• 7—Lower layer down

Ip

ipAddrTable 1.3.6.1.2.1.4.20 The table of addressing information relevant to this entity’s IP addresses.

ipAdEntAddr 1.3.6.1.2.1.4.20.1.1 IpAddress The IP address to which this entry’s addressing information pertains.

ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2 INTEGER The index value which uniquely identifies the interface to which this entry is applicable. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.

ipAdEntNetMask 1.3.6.1.2.1.4.20.1.3 IpAddress The subnet mask associated with the IPv4 address of this entry. The value of the mask is an IPv4 address with all the network bits set to 1 and all the hosts bits set to 0.

ipRouteTable 1.3.6.1.2.1.4.21 This entity’s IP Routing table.

ipRouteDest 1.3.6.1.2.1.4.21.1.1 IpAddress The destination IP address of this route. An entry with a value of 0.0.0.0 is considered a default route. Multiple routes to a single destination can appear in the table, but access to such multiple entries is dependent on the table-access mechanisms defined by the network management protocol in use.

ipRouteIfIndex 1.3.6.1.2.1.4.21.1.2 INTEGER The index value which uniquely identifies the local interface through which the next hop of this route should be reached. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex.

Table 505: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)

Object OID Data Type Description




Host Resources MIB Objects for Monitoring APSolute VisionThe following table describes the supported objects from the Host Resources MIB for monitoring APSolute Vision.

UCD-SNMP-MIB MIB Objects for Monitoring APSolute VisionThe following table describes the supported objects from the UCD-SNMP-MIB MIB for monitoring APSolute Vision.

ipRouteNextHop 1.3.6.1.2.1.4.21.1.7 IpAddress The IP address of the next hop of this route. (In the case of a route bound to an interface which is realized via a broadcast media, the value of this field is the agent’s IP address on that interface.)

ipRouteMask 1.3.6.1.2.1.4.21.1.11 IpAddress Indicate the mask to be logical-ANDed with the destination address before being compared to the value in the ipRouteDest field.

Table 506: Host Resources MIB Objects for Monitoring APSolute Vision

Object OID Data Type DescriptionhrSystem

hrSystemDate 1.3.6.1.2.1.25.1.2 DateAndTime The host’s notion of the local date and time of day.

hrSystemUptime 1.3.6.1.2.1.25.1.1 TimeTicks The amount of time since this host was last initialized. Note that this is different from sysUpTime in the SNMPv2-MIB [RFC 1907] because sysUpTime is the uptime of the network management portion of the system.

Table 507: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision

Object OID Data Type DescriptionMemory

memTotalSwap 1.3.6.1.4.1.2021.4.3 INTEGER32 The total amount of swap space configured for this host.

Table 505: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)





Trap Objects for Monitoring APSolute VisionThe following table describes the supported trap objects for monitoring APSolute Vision.

memAvailSwap 1.3.6.1.4.1.2021.4.4 INTEGER32 The amount of swap space currently unused or available.

memTotalReal 1.3.6.1.4.1.2021.4.5 INTEGER32 The total amount of real/physical memory installed on this host.

memAvailReal 1.3.6.1.4.1.2021.4.6 INTEGER32 The amount of real/physical memory currently unused or available.

memTotalFree 1.3.6.1.4.1.2021.4.11 INTEGER32 The total amount of memory free or available for use on this host. This value typically covers both real memory and swap space or virtual memory.

Table 508: Trap Objects for Monitoring APSolute Vision

Object OID Type DescriptioncoldStart 1.3.6.1.6.3.1.1.5.1 Trap A coldStart trap signifies that the SNMP entity, supporting a notification

originator application, is reinitializing itself and that its configuration may have been altered. This trap, in SNMPv2-MIB, is generated at the following times:• At APSolute Vision machine startup (which starts the SNMP service).• At APSolute Vision application startup (for example, after running the CLI

command system vision-server start). This occurs after the shutdown trap.

nsNotifyShutdown 1.3.6.1.4.1.8072.4.0.2 Trap An indication that the agent is in the process of being shut down. This trap, in NET-SNMP-AGENT-MIB, is generated at the following times:• At APSolute Vision machine shutdown (which stops the SNMP service).• At APSolute Vision startup (for example, after running the CLI command

system vision-server start). This occurs before the startup trap.

Table 507: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision (cont.)





Trap Objects for APSolute Vision AlertsThe following table describes the supported trap objects for SNMP alerts from APSolute Vision. For information on configuring APSolute Vision to send SNMP alerts, see Managing the SNMP Reporting Configuration, page 120 and Managing Alert Profiles, page 122.

Table 509: Trap Objects for Monitoring APSolute Vision

Object OID Type DescriptionSNMPv1 TRAPs

alertTrap 1.3.6.1.4.1.89.35.10.1.0.200 The attributes in the alerts from APSolute Vision.

alerts

alertId 1.3.6.1.4.1.89.35.10.1.1 INTEGER The alert identifier. There is no value for events that are not SNMP traps.

alertMessage 1.3.6.1.4.1.89.35.10.1.2 DisplayString The description of the event.

alertUser 1.3.6.1.4.1.89.35.10.1.3 DisplayString The user who triggered the event. If no user is associated with the action, the user APSolute_Vision is displayed.

alertSeverity 1.3.6.1.4.1.89.35.10.1.4 DisplayString The severity of the alert.

alertModule 1.3.6.1.4.1.89.35.10.1.5 DisplayString The source module of the event. Values: • Vision Configuration• Vision General• Vision Control• Device General• Device Security• Security Reporting.

alertCategory 1.3.6.1.4.1.89.35.10.1.6 DisplayString The attack category of the event.

alertTimeString 1.3.6.1.4.1.89.35.10.1.7 DisplayString The time that event was triggered. The time format is according to the configuration on the APSolute Vision server.

alertTimeMillis 1.3.6.1.4.1.89.35.10.1.8 Counter64 The time that event was issued, in milliseconds since Epoch.




alertSourceDeviceName 1.3.6.1.4.1.89.35.10.1.9 DisplayString The values differ according to the alert type. For SNMP traps, the value is the name of the device that generated them. For APSolute Vision auditing events, which have device context (configuration, monitoring), the value is the name of the device to which the event relates. When the alert is generated by the APSolute Vision server, no device name is displayed.

alertSourceDeviceIp 1.3.6.1.4.1.89.35.10.1.10 DisplayString The IP address of the device to which the message relates. No value is provided for alerts generated by APSolute Vision.

Table 509: Trap Objects for Monitoring APSolute Vision (cont.)

Object OID Type Description


APPENDIX D – APPSHAPE-GENERATED CONFIGURATIONSThis appendix contains the configurations that the various AppShape templates generate. The sections include values that the templates explicitly configure—as the result of the hard-coded AppShape pattern or as the result of a value that you specify in the AppShape Instance tab.This appendix contains the following sections:• Common Web Application—AppShape-generated Configuration, page 701• Citrix XenDesktop—AppShape-generated Configuration, page 703• DefenseSSL—AppShape-generated Configuration, page 705• Microsoft Exchange 2010—AppShape-generated Configuration, page 706• Microsoft Exchange 2013—AppShape-generated Configuration, page 709• Microsoft Link External—AppShape-generated Configuration, page 711• Oracle E-Business—AppShape-generated Configuration, page 723• Oracle SOA Suite 11g—AppShape-generated Configuration, page 724• Oracle WebLogic 12c—AppShape-generated Configuration, page 726• Microsoft Link Internal—AppShape-generated Configuration, page 714• SharePoint 2010—AppShape-generated Configuration, page 727• SharePoint 2013—AppShape-generated Configuration, page 729• VMware View 5.1—AppShape-generated Configuration, page 731• Zimbra—AppShape-generated Configuration, page 732

Common Web Application—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Common Web Application AppShape generates.

Note: For more information on the Common Web Application AppShape type, see Configuring a Common Web Application AppShape Instance, page 251.

/c/slb/accel/compress/comppol <generated index number>

name "WebApplication.<generated index number>"

minsize 1024

ena

/c/slb/ssl/sslpol <generated index number>


ena

/c/slb/accel/caching/cachepol <generated index number>



AppShape-Generated Configurations


ena

/c/slb/real <user-specified virtual-server name>_<generated suffix>

ena

ipver v4

rip <user-specified IP address>

name "CommonWebApp.<user-specified IP address>"


ena

ipver v4


name "CommonWebApp.<user-specified IP address>"

/c/slb/group <user-specified virtual-server name>_grp

ipver v4

metric <user-specified metric>

health <user-specified type>

add <user-specified virtual-server name>_<generated suffix>

add <user-specified virtual-server name>_<generated suffix>

name "WebApplication.servers"

/c/slb/virt <user-specified virtual-server name>

ena

ipver v4

vip <user-specified IP address>

vname "WebApp.<user-specified virtual-server name>"

/c/slb/virt <user-specified virtual-server name>/service 80 http

group <user-specified virtual-server name>_grp

rport 0

dbind forceproxy

report real

/c/slb/virt <user-specified virtual-server name>/service 80 http/http

comppol <generated index number>

cachepol <generated index number>

connmgt ena 10

/c/slb/virt <user-specified virtual-server name>/service 443 https


rport 0

dbind forceproxy

report real

/c/slb/virt <user-specified virtual-server name>/service 443 https/http





Citrix XenDesktop—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Citrix XenDesktop AppShape generates.

Note: For more information on the Citrix XenDesktop AppShape type, see Configuring a Citrix XenDesktop AppShape Instance, page 253.


connmgt ena 10 [disabled by default]

/c/slb/virt <user-specified virtual-server name>/service 443 https/ssl

srvrcert cert <user-specified certificate>

sslpol <generated index number>

/c/slb/accel/compress/comppol <user-specified instance name>Citrix

minsize 1

ena

/c/slb/ssl/certs/key <user-specified certificate ID>

/c/slb/ssl/certs/import key "<user-specified certificate ID>" text

<RSA PRIVATE KEY>

/c/slb/ssl/certs/key <user-specified certificate name>

/c/slb/ssl/certs/import key "<user-specified certificate name>" text

<RSA PRIVATE KEY>

/c/slb/ssl/certs/request <user-specified certificate ID>

/c/slb/ssl/certs/import request "<user-specified certificate ID>" text

<CERTIFICATE REQUEST>

/c/slb/ssl/certs/request <user-specified certificate name>

/c/slb/ssl/certs/import request "<user-specified certificate name>" text

<CERTIFICATE REQUEST>

/c/slb/ssl/certs/cert <user-specified certificate ID>

/c/slb/ssl/certs/import cert "<user-specified certificate ID>" text

<CERTIFICATE>

/c/slb/ssl/certs/cert <user-specified certificate name>

/c/slb/ssl/certs/import cert "<user-specified certificate name>" text

<CERTIFICATE>

/c/slb/ssl/sslpol <user-specified instance name>Citrix

name "SSL.Citrix"

ena

/c/slb/group <user-specified instance name>_grpDDC

ipver v4




metric roundrobin

name "Citrix_DDC.group"

/c/slb/virt <user-specified instance name>DDC

ena

ipver v4


vname "Citrix.<user-specified instance name>DDC"

/c/slb/virt <user-specified instance name>DDC/service <user-specified port and service>p

group <user-specified instance name>_grpDDC

rport <user-specified port>

pbind clientip norport

dbind forceproxy

tmout 20

ptmout 20

/c/slb/virt <user-specified instance name>StoreFront

ena

ipver v4


/c/slb/virt <user-specified instance name>StoreFront/service <user-specified IP address and service>

group <generated index number>


dbind forceproxy

tmout 20

ptmout 20

/c/slb/virt <user-specified instance name>StoreFront/service <user-specified port and service>

comppol <user-specified instance name>Citrix

xforward ena

/c/slb/virt <user-specified instance name>StoreFront/service <user-specified port and service>/ssl

srvrcert cert MyCertID

sslpol <user-specified instance name>Citrix




DefenseSSL—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the DefenseSSL AppShape generates.

Note: For more information on the DefenseSSL AppShape type, see Configuring a DefenseSSL AppShape Instance, page 256.

c/slb/ssl/certs/key <user-specified certificate>

/c/slb/ssl/certs/request <user-specified certificate>

/c/slb/ssl/certs/srvrcert <user-specified certificate>


name "DefSSL. <generated index number>"

ena

/c/slb/real <user-specified instance name>_<generated index number>

ena

ipver v4


maxcon 0 physical

name "defenseSsl. <user-specified IP address>"

addport <user-specified port>


ena

ipver v4


maxcon 0 physical

name "defenseSsl. <user-specified IP address>"


/c/slb/group <user-specified instance name>_grp

ipver v4

health link

add <user-specified instance name>_<generated index number>


name "DefenseSSL.srv"

/c/slb/virt <user-specified instance name>

ena

ipver v4


vname "secureservice.<user-specified instance name>"

/c/slb/virt <user-specified instance name>/service 80 http

group <user-specified instance name>_grp




Microsoft Exchange 2010—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Microsoft Exchange 2010 AppShape generates.

Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft Exchange 2010 AppShape Instance, page 258.


/c/slb/virt <user-specified instance name>/service 443 https



dbind ena

/c/slb/virt <user-specified instance name>/service 443 https/ssl


sslpol 1

/c/l3/arp/static

add <user-specified IP address> <user-specified MAC address> <user-specified VLAN> <user-specified port>


name "MicrosoftExchange.<generated index number>"

ena


name "SSL.Exchange.2010"

ena


name "Exchange.<generated index number>"

ena

/c/slb/real <user-specified virtual-server name>_<generated index number>

ena

ipver v4


name "Exchange. <user-specified IP address>"


ena

ipver v4







ena

ipver v4




ena

ipver v4



/c/slb/group <user-specified virtual-server name>_grpCAS

ipver v4

health http

add <user-specified virtual-server name>_<generated index number>


name "Exchange_CAS.group"

/c/slb/group <user-specified virtual-server name>_grpSMTP

ipver v4

health smtp



name "Exchange_SMTP.group"

/c/slb/pip/type vlan [Specified by user because connection management was enabled]

/c/slb/pip/type port [Specified by user because connection management was enabled]

/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by user because connection management was enabled]


ena

ipver v4



group <user-specified virtual-server name>_grpCAS

rport 80


dbind ena

tmout 60







connmgt ena 20

/c/slb/virt <user-specified virtual-server name>/service 25 smtp

group <user-specified virtual-server name>_grpSMTP

rport 25


tmout 60

/c/slb/virt <user-specified virtual-server name>/service 135 basic-slb


rport 135


tmout 60



rport 59532



rport 59531



rport 80


dbind ena

tmout 60






srvrcert <user-specified certificate>




rport 143


dbind ena

tmout 60






Microsoft Exchange 2013—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Microsoft Exchange 2013 AppShape generates.

Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft Exchange 2013 AppShape Instance, page 262.




rport 110


dbind ena

tmout 60





name "WebApplication. <generated index number>"

minsize 1

ena

/c/slb/ssl/certs/key <user-specified certificate>


/c/slb/ssl/certs/cert <user-specified certificate>


name "Exchange_2013. <generated index number>"

cipher "all"

convert disabled

ena

/c/slb/ssl/sslpol <generated index number>/backend

ssl enabled


ena

ipver v4


name "Exchange2013.<user-specified IP address>"






ena

ipver v4


name "Exchange2013.<user-specified IP address>"



ena

ipver v4


name "Exchange2013. <user-specified IP address>"


/c/slb/group <user-specified instance name>_grpCAS

ipver v4

metric roundrobin

health https


name "CAS.443.Group"

/c/slb/group <user-specified instance name>_grpIMAP

ipver v4

metric roundrobin

health imap


name "IMAP"

/c/slb/group <user-specified instance name>_grpPOP3

ipver v4

metric roundrobin

health pop3


name "POP3"


ena

ipver v4


vname "CAS.HTTPS"


group <user-specified instance name>_grpCAS

rport 443





Microsoft Link External—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Microsoft Link External AppShape generates.

Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft Lync External AppShape Instance, page 266.

dbind forceproxy

/c/slb/virt <user-specified instance name>/service 443 https/http

comppol 1



sslpol 1

/c/slb/virt <user-specified instance name>/service 110 pop3

group <user-specified instance name>_grpPOP3

rport 110


/c/slb/virt <user-specified instance name>/service 143 imap

group <user-specified instance name>_grpIMAP

rport 143


/c/slb/virt <user-specified instance name>/service 993 basic-slb

group <user-specified instance name>_grpIMAP

rport 993


/c/slb/virt <user-specified instance name>/service 995 basic-slb

group <user-specified instance name>_grpPOP3

rport 995


/c/slb/virt <user-specified instance name>/service 25 smtp

group <user-specified instance name>_grpCAS

rport 25


/c/slb/real <user-specified instance name>_AV_<generated index number>

ena

ipver v4






/c/slb/real <user-specified instance name>_CWA_<generated index number>

ena

ipver v4



/c/slb/real <user-specified instance name>_SIP_<generated index number>

ena

ipver v4



/c/slb/group <user-specified instance name>_AV

ipver v4

add <user-specified instance name>_AV_<generated index number>

name "Lync.edge.av.443"

/c/slb/group <user-specified instance name>_CWA

ipver v4

add <user-specified instance name>_CWA_<generated index number>

name "CWA.Service.group"

/c/slb/group <user-specified instance name>_IM

ipver v4

name "Lync.edge.im.443"

/c/slb/group <user-specified instance name>_MEETING

ipver v4

name "Lync.edge.meeting.HTTPS.443"

/c/slb/group <user-specified instance name>_SIP

ipver v4

add <user-specified instance name>_SIP_<generated index number>

name "Lync.edge.HTTPS.SIP.443"

/c/slb/virt <user-specified instance name>_AV

ena

ipver v4


/c/slb/virt <user-specified instance name>_AV/service 443 https

group <user-specified instance name>_AV

rport 443


tmout 30

/c/slb/virt <user-specified instance name>_CWA




ena

ipver v4


/c/slb/virt <user-specified instance name>_CWA/service 443 https

group <user-specified instance name>_CWA

rport 443


tmout 30

/c/slb/virt <user-specified instance name>_MEETING

ena

ipver v4


/c/slb/virt <user-specified instance name>_MEETING/service 443 https

group <user-specified instance name>_MEETING

rport 443


tmout 30

/c/slb/virt <user-specified instance name>_PROXY

ena

ipver v4


vname "lm.Proxy_<user-specified instance name>_PROXY"

/c/slb/virt <user-specified instance name>_PROXY/service 443 https

group <user-specified instance name>_IM

rport 4443


tmout 30

/c/slb/virt <user-specified instance name>_SIP

ena

ipver v4


/c/slb/virt <user-specified instance name>_SIP/service 443 https

group <user-specified instance name>_SIP

rport 443


tmout 30

/c/slb/virt <user-specified instance name>_STUN

ena

ipver v4




Microsoft Link Internal—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Microsoft Link Internal AppShape generates.

Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft Lync Internal AppShape Instance, page 269.


/c/slb/virt <user-specified instance name>_STUN/service 3478 basic-slb

group <user-specified instance name>_AV

rport 3478

protocol udp


tmout 30

/c/slb/accel/compress/comppol 1

name "cwa"

minsize 1

ena





name "Lync.SSL.policy"

ena

/c/slb/real <user-specified instance name>_CWA_<generated index number>

ena

ipver v4



/c/slb/group <user-specified instance name>_CWA

ipver v4

content "<user-specified port>"

add <user-specified instance name>_CWA_<generated index number>

name "Lync.CWA.Group"

/c/slb/group <user-specified instance name>_Directors_1

ipver v4

content "5061"




name "Lync.Directors"

/c/slb/group <user-specified instance name>_Directors_2

ipver v4

name "Lync.Director.5060"

/c/slb/group <user-specified instance name>_EDGE_1

ipver v4

name "EDGE.Replication.4443"


ipver v4

name "EDGE.INT.443"


ipver v4

name "EDGE.INT.5061"


ipver v4



ipver v4

name "GE.INT.UDP.STUN.3478"


ipver v4


/c/slb/group <user-specified instance name>_Fronted_1 TBD 3.40, Nir is fixing all to “Frontend_x”.

ipver v4

content "5060"

name "Lync.frontend.SIP.5060"

/c/slb/group <user-specified instance name>_Fronted_2

ipver v4

content "444"

name "Lync.frontend.HTTPS.conf.444"


ipver v4

content "443"

name "Lync.frontend.HTTPS.443"


ipver v4

content "5061"

name "Lync.frontend.MTLS.5061"





ipver v4

content "135"

name "Lync.frontend.DCOM.135"


ipver v4

name "Proxy.to.FE.4443"


ipver v4

name "FE.IM.REQ.8057"


ipver v4

name "fe.web.service.8080"


ipver v4

name "FE.CALL.ADM.448"


ipver v4

name "FE.App.Share.5065"


ipver v4

name "FE.monitoring.5069"


ipver v4

name "FE.RES.GROUP.5071"


ipver v4

name "FE.SIP.REQ.5072"


ipver v4

name "FE.CONF.ANOUN.5073"


ipver v4

name "FE.SIP.REQ.CALL.PRK.5075"


ipver v4

name "FE.AUDIO.TEST.5076"


ipver v4

name "FE.AV.AGE.TURN.TRAFF.5080"




/c/slb/virt <user-specified instance name>_CWA

ena

ipver v4


/c/slb/virt <user-specified instance name>_CWA/service 443 https

group <user-specified instance name>_CWA


dbind ena

/c/slb/virt <user-specified instance name>_CWA/service 443 https/http

comppol 1

httpmod 1

/c/slb/virt <user-specified instance name>_CWA/service 443 https/ssl

srvrcert cert cer

sslpol 1

/c/slb/virt <user-specified instance name>_Directors

ena

ipver v4


/c/slb/virt <user-specified instance name>_Directors/service 5061 basic-slb

group <user-specified instance name>_Directors_1

rport 5061


tmout 20

/c/slb/virt <user-specified instance name>_Directors/service 5060 sip

group <user-specified instance name>_Directors_2

rport 5060


tmout 20

/c/slb/virt <user-specified instance name>_EDGE_1

ena

ipver v4


/c/slb/virt <user-specified instance name>_EDGE_1/service 3478 basic-slb

group <user-specified instance name>_EDGE_5

rport 3478

protocol udp


tmout 30





ena

ipver v4


/c/slb/virt <user-specified instance name>_EDGE_2/service 443 https


rport 443


tmout 30


ena

ipver v4




rport 5062


tmout 30


ena

ipver v4




rport 8057


tmout 30


ena

ipver v4




rport 5061


tmout 30


ena

ipver v4







rport 4443


/c/slb/virt <user-specified instance name>_Fronted_1

ena

ipver v4


/c/slb/virt <user-specified instance name>_Fronted_1/service 135 basic-slb

group <user-specified instance name>_Fronted_5

rport 135


tmout 30


ena

ipver v4


/c/slb/virt <user-specified instance name>_Fronted_2/service 443 https


rport 443


tmout 30

direct dis


ena

ipver v4




rport 444


tmout 30


ena

ipver v4


/c/slb/virt <user-specified instance name>_Fronted_4/service 5060 sip


rport 5060





tmout 30


ena

ipver v4




rport 5061


tmout 30


ena

ipver v4




rport 5065


tmout 30


ena

ipver v4




rport 4443



ena

ipver v4




rport 5069



ena

ipver v4







rport 8057


tmout 30


ena

ipver v4




rport 448


tmout 30


ena

ipver v4




rport 5071



ena

ipver v4




rport 5072



ena

ipver v4




rport 5073





tmout 30


ena

ipver v4




rport 5075



ena

ipver v4




rport 5076



ena

ipver v4




rport 5080



ena

ipver v4


/c/slb/virt <user-specified instance name>_Fronted_17/service 8080 http


rport 8080


/c/slb/layer7/httpmod <generated index number>

ena

name "htto.to.https.lync.cwa"

/c/slb/layer7/httpmod <generated index number>/rule <generated index number> text

name "htto.to.https.cwa"

directn resp




Oracle E-Business—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Oracle E-Business AppShape generates.

Note: For more information on the Oracle E-Business AppShape type, see Configuring an Oracle E-Business AppShape Instance, page 272.

body include

action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https:// <user-specified domain>"


name "oracle.<generated index number>"

minsize 1024

ena





name "Oracle.SSL.offloading.<generated index number>"

ena


name "oracle.cache.<generated index number>"

ena


ena

ipver v4


name "Oracle.app<user-specified IP address>"



ipver v4


name "oracle.app"


ena

ipver v4


vname "Oracle.e-buiss.<user-specified instance name>"





Oracle SOA Suite 11g—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Oracle SOA Suite 11g AppShape generates.

Note: For more information on the Oracle SOA Suite 11g AppShape type, see Configuring an Oracle SOA Suite 11g AppShape Instance, page 274.

action redirect


rport 0

redirect "https://$HOST/$PATH/"

dbind forceproxy

/c/slb/virt <user-specified instance name>/service 80 http/http




rport 8000

dbind forceproxy

ptmout 720





srvrcert cert <user-specified certificate ID>



name "oracle.comp_<generated index number>"

ena





name "webtierssl_<generated index number>"

ena


ena





ipver v4

health http

slowstr 180

name "webtier"

/c/slb/virt <user-specified instance name>_<generated index number>

ena

ipver v4


/c/slb/virt <user-specified instance name>_<generated index number>/service 80 http


rport 7777

dbind ena

/c/slb/virt <user-specified instance name>_<generated index number>/service 80 http/http

cachepol 1

/c/slb/virt <user-specified instance name>_<generated index number>/service 443 https


rport 7777

pbind clientip

dbind ena

/c/slb/virt <user-specified instance name>_<generated index number>/service 443 https/http



/c/slb/virt <user-specified instance name>_<generated index number>/service 443 https/ssl




ena

ipver v4




rport 7777

dbind forceproxy





Oracle WebLogic 12c—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Oracle WebLogic 12c AppShape generates.

Note: For more information on the Oracle WebLogic 12c AppShape type, see Configuring an Oracle WebLogic 12c AppShape Instance, page 276.



ena

ipver v4



group MyOracleSOASuite11gIn_grp

rport 7777

dbind forceproxy




name "compression.<generated index number>"

minsize 1024

ena




/c/slb/ssl/sslpol<generated index number>

name "SSL.<generated index number>"

ena


ena

ipver v4


name "Weblogic.<user-specified IP address>"






SharePoint 2010—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the SharePoint 2010 AppShape generates.

Note: For more information on the SharePoint 2010 AppShape type, see Configuring a SharePoint 2010 AppShape Instance, page 278.

ipver v4

metric roundrobin


name "weblogic.group"


ena

ipver v4


vname "Weblogic.<user-specified instance name>"


action redirect


rport 0

redirect "https://$HOST/$PATH/"

dbind ena



rport 7001

dbind forceproxy






User specified enable disable.


name "SharePoint.<index number>"

ena

User specified enable disable

/c/slb/ssl/sslpol <index number>

name "SharePoint. < generated index number>"




ena

/c/slb/ssl/sslpol < generated index number>/passinfo

frontend enabled

User specified enable disable


name "SharePoint. <generated index number>"

minsize 1024

ena


ena

ipver v4


name "SharePoint. <user-specified IP address>"


ena

ipver v4


name "SharePoint.<user-specified IP address>"

/c/slb/group <user-specified virtual-server name>_grp

ipver v4

metric <user-specified metric>

health <user-specified type>

add <user-specified virtual-server name>_<generated suffix first>

add <user-specified virtual-server name>_<generated suffix next>

name "SharePoint.group"

/c/slb/pip/type vlan [Specified by user because connection management was enabled]

/c/slb/pip/type port [Specified by user because connection management was enabled]

/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by user because connection management was enabled.]


ena

ipver v4


vname "SharePoint.<user-specified virtual-server name>"


group .<user-specified virtual-server name>_grp

rport 80





SharePoint 2013—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the SharePoint 2013 AppShape generates.

Note: For more information on the SharePoint 2013 AppShape type, see Configuring a SharePoint 2013 AppShape Instance, page 280.

dbind forceproxy

report real







rport 80

dbind forceproxy

report real




connmgt ena 10

httpmod <generated index number>

/c/slb/virt <user-specified virtual-server name>/service 443 https/<generated index number>




ena

name "http.to.https.sharepoint"

/c/slb/layer7/httpmod <generated index number>/rule 1 text

ena


directn resp

body include

action replace "FROMTEXT=http://<user-specified domain>" "TOTEXT=https:// <user-specified domain>"


name "comp<generated index number>"




minsize 1

ena




/c/slb/ssl/sslpol 1

name "SharePoint_2013. <generated index number>"

ena


ena

ipver v4


name "SP2013.<user-specified IP address>"



ipver v4

metric roundrobin


name "sp.group"


ena

ipver v4


vname "SP.<user-specified instance name>"




dbind ena



httpmod <generated index number>




/c/slb/real <user-specified instance name>_<generated index number>/layer7

addlb <generated index number>

/c/slb/virt <user-specified instance name>/service 443 https/pbind cookie insert

/c/slb/virt <user-specified instance name>/service 443 https/http/rcount <generated index number>




VMware View 5.1—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the VMware View 5.1 AppShape generates.

Note: For more information on the VMware View 5.1 AppShape type, see Configuring an VMware View 5.1 AppShape Instance, page 282.


ena


/c/slb/layer7/httpmod 1/rule <generated index number> text

ena

name "http.to.https.sharepoint2013"

directn resp

body include

action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https:// <user-specified domain>"


name "comp.<generated index number>"

minsize 1024

ena





name "View.<generated index number>"

convert disabled

ena

/c/slb/ssl/sslpol <generated index number>/backend

ssl enabled


ena

ipver v4


name "View.Connector.<user-specified IP address>"



ipver v4

metric phash 255.255.255.255




Zimbra—AppShape-generated ConfigurationThe following is the Alteon CLI configuration that the Zimbra AppShape generates.

Note: For more information on the Zimbra AppShape type, see Configuring a Zimbra AppShape Instance, page 284.


name "View.connectors"


ena

ipver v4


vname "View.<user-specified instance name>"



rport 443

dbind forceproxy







name "Zimbra.<generated index number>"

minsize 1024

ena



/c/slb/ssl/certs/request <user-specified certificate >


/c/slb/ssl/certs/cert <user-specified certificate >


/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>

name "Zimbra.<user-specified instance name>_ssl<generated index number>"

ena

/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>

cipher "all"




convert disabled

ena


ena

ipver v4


name "Zimbra.<user-specified IP address>"


/c/slb/group <user-specified instance name>_grp<generated index number>

ipver v4

metric phash 255.255.255.255


name "zimbra.HTTP.servers"


ipver v4

metric phash 255.255.255.255


name "zimbra.pop3.servers"


ipver v4

metric phash 255.255.255.255


name "zimbra.ldap.servers"

/c/slb/group MyZimbraInstance_grp<generated index number>

ipver v4

metric phash 255.255.255.255


name "zimbra.imap.servers"


ipver v4

metric phash 255.255.255.255


name "zimbra.smtp.servers"


ena

ipver v4


vname "zimbra.servers.MyZimbraInstance"





group <user-specified instance name>_grp<generated index number>

rport 80

dbind forceproxy



xforward ena



sslpol <user-specified instance name>_ssl<generated index number>

/c/slb/virt <user-specified instance name>/service 993 ssl

name "Secure.IMAP"


rport 143

dbind forceproxy

/c/slb/virt <user-specified instance name>/service 993 ssl/ssl




name "Secure.POP3"


rport 110

dbind forceproxy





name "Secure.SMTP"


rport 25

dbind forceproxy




/c/slb/virt <user-specified instance name>/service 389 ldap


rport 389

/c/slb/virt <user-specified instance name>/service 25 smtp


rport 25





/c/slb/virt <user-specified instance name>/service 110 pop3


rport 110

/c/slb/virt <user-specified instance name>/service 143 imap


rport 143


APPENDIX E – USING THE EVENT EXPORTERThis appendix contains the following sections, which describe the output of the event exporter:• Event-Record Structure and Content, page 737• DFBdosBaseline (DefenseFlow BDoS Baseline) Records, page 737• DFSecurityAttack (DefenseFlow Security Attack) Records, page 739• DFTrafficUtilization (DefenseFlow Traffic Utilization) Records, page 742• DPSecurityAttack (DefensePro Security Attack) Records, page 744• DPTrafficUtilization (DefensePro Traffic Utilization) Records, page 749

Note: For information on managing the event exporter, see System Exporter Commands (Event Exporter), page 632.

Event-Record Structure and ContentThe records from the event exporter are structured to provide all available information on occurring security events. Each field is separated by a single space character. Fields that may contain spaces are enclosed between double quotation marks.Security events can last from seconds to hours, and even days. Many of the DefensePro protection modules can identify continuous ongoing events, and generate a series of records for the events. In such cases, DefensePro uses the same unique ID for all the events.

DFBdosBaseline (DefenseFlow BDoS Baseline) Records The following table describes the fields of the DFBdosBaseline (DefenseFlow BDoS Baseline) records from the event exporter.

Table 510: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields

Field Description Example or Static ValuesDFBDosRealTimeEdgeEntity

The entity type of the record. There is no value attached to this field.

DFBDosRealTimeEdgeEntity

tcp Specifies whether the protected object includes TCP in the BDoS Protection Settings.

false

normal The legitimate traffic. 0.8

normalEdge The statistically calculated baseline traffic rate.

792.0064


Using the Event Exporter


policyName The name of the configured Security Policy that was set to mitigate the attack. The default policy name is the name of the protected object. Policies in DefenseFlow cannot be edited.

PO_John

enrichmentContainer This field is for internal use.

{}

protection The traffic type of the attack.

icmp

units The unit of measurement for the traffic rate.

bps

totalTraffic The total traffic that the device sees for the specific protection type and direction.

4800.2705

timeStamp The time, in 13-digit Unix format, that the DefenseFlow device record was generated.

1504185750104

suspectedAttack The traffic rate that indicates a change in traffic that might be an attack.

3200.0017

legitimateTraffic The actual forwarded traffic rate, after the mitigation device managed to block the attack. When there is no attack, the totalTraffic and legitimateTraffic are equal.

885.60565

ipVersion The IP version of the traffic on which the record reports.

IPv6

doa Degree of Attack. A numeric value that evaluates the current level of attack. A value of 8 or greater signifies an attack.

5

partial The legitimate traffic. 0.13

protectedObjectName

The name of the protected object that was attacked.

PO_John

direction The direction of the attack, inbound or outbound.

Values: In, Out

Table 510: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields (cont.)

Field Description Example or Static Values




DFSecurityAttack (DefenseFlow Security Attack) RecordsThe following table describes the fields of the DFSecurityAttack (DefenseFlow Security Attack) records from the event exporter.

suspectedEdge The traffic rate that indicates a change in traffic that might be an attack.

1600.0065

full The actual overall traffic. 0.19

Table 511: DFSecurityAttack (DefenseFlow Security Attack) Fields

Field Description Example or Static ValuesDFAttackEntity The entity type of the

record. There is no value attached to this field.

DFAttackEntity

sourcePort The source L4 port that the attack uses or used.

29100

vlanTag The VLAN tag value or Context Group in the policy that handled the attack. The VLAN tag or Context Group identifies similar information in this field. DefensePro 6.x and 7.x versions support VLAN tags. DefensePro 8.x versions support Context Groups.

172

packetCount The packet count of the attack.

2000

destMsisdn The MSISDN Resolution feature is not supported currently.

Unknown

protocol The protocol that the attack uses or used.

NonIP

destPort The destination port that the attack uses or used.

443

threatGroup This field is for internal use.

DDoSGroup

destAddress The destination IP address that the attack uses or used.

10.0.0.2

ruleName The name of the user-defined protected object.

PO_John_1

Table 510: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields (cont.)





startTime The time, in 13-digit Unix notation, that the attack started.

1504186486428

radwareId The Radware DefensePro Attack-Protection identifier issued by the device. For more information, see DefensePro Attack-Protection IDs, page 751.

-1

Note: The value -1 signifies N⁄A.

direction The direction of the attack, inbound or outbound. Values: In, Out

In

mplsRd The Multi-protocol Label Switching Route Distinguisher in the policy that handled the attack.

211

attackIpsId The unique identifier of the attack, issued from the mitigation device.

2455492_10.0.0.2/32_null_null_EXTERNAL_DETECTOR

sourceAddress The source IP address of the attack. If there are multiple IP sources for an attack, this field displays Multiple. The multiple IP addresses are displayed in the Attack Details window. Multiple may also refer to cases when DefensePro cannot report a specific value.

192.168.172.1

srcMsisdn The MSISDN Resolution feature is not supported currently.

Unknown


{}

physicalPort The port on the device to which the attack packets arrived.

0


Table 511: DFSecurityAttack (DefenseFlow Security Attack) Fields (cont.)





actionType The reported action against the attack. The actions are specified in the protection profile, which may or may not be available or relevant for your system.

Values:• Bypass—DefensePro does not protect

against this attack, but rather, sends its data out of the device, and may report it.

• Challenge—DefensePro challenges the packet.

• Destination Reset—DefensePro sends a TCP-Reset packet to the destination IP address and port.

• Drop—DefensePro discards the packet.• Drop & Quarantine—DefensePro discards

the traffic and adds the destination to the Web quarantine.

• Forward—DefensePro continues to process the traffic and eventually forwards the packet to its destination.

• Proxy• Quarantine—DefensePro adds the

destination to the Web quarantine.• Source Destination Reset—DefensePro

sends a TCP-Reset packet to both the packet source IP and the packet destination IP address.

• Source Reset—DefensePro sends a TCP-Reset packet to the packet source IP address.

• Http 200 Ok—DefensePro sends a 200 OK response using a predefined page and leaves the server-side connection open.

• Http 200 Ok Reset Dest—DefensePro sends a 200 OK response using a predefined page and sends a TCP-Reset packet to the server side to close the connection.


packetBandwidth The attack bandwidth in kbit⁄s.

256

name The attack name. Unknown






DFTrafficUtilization (DefenseFlow Traffic Utilization) RecordsThe following table describes the fields of the DFTrafficUtilization (DefenseFlow Traffic Utilization) records from the event exporter.

risk The risk level that DefensePro classifies the security event.

Values:• Info—The risk does not pose a threat to

normal service operation.• Low—The risk does not pose a threat to

normal service operation, but may be part of a preliminary action for malicious behavior.

• Medium—The risk may pose a threat to normal service operation, but is not likely to cause complete service outage, remote code execution, or unauthorized access.High—The risk is very likely to pose a threat to normal service availability, and may cause complete service outage, remote code execution, or unauthorized access.

endTime The time, in 13-digit Unix notation, that the attack ended.

1504185481240

category The threat type to which this attack belongs.

Values:

• Anomalies1 (in DefenseFlow, detection was performed by an external detector)

• BehavioralDoS (in DefenseFlow, detection was performed by DefenseFlow BDoS)

status The attack status. Terminated

protectedObjectName

The name of the protected object.

PO_John

1 – Once DefensePro reports a Packet Anomaly attack of a certain radwareId, the status value Occurred and the startTime value remain indefinitely. For example, suppose a new DefensePro device starts identifying and handling a Packet Anomaly attack with radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One month later, the DefensePro device starts identifying and handling another Packet Anomaly attack with radwareId 105. The startTime value 20.02.2017 15:19:09 is reported. (For more information on Packet Anomaly protection, see the APSolute Vision online help or the DefensePro User Guide.)

Table 512: DFTrafficUtilization (DefenseFlow Traffic Utilization) Fields

Field Description Example or Static ValuesDFTrafficUtilizationRawEntity

The entity type of the record. There is no value attached to this field.

DFTrafficUtilizationRawEntity






discarded The discarded traffic for the specified protocol.

0.0

monitoringProtocol The traffic protocol. Values:• tcp• udp• icmp• igmp• sctp• other—The statistics of the traffic that is

not TCP, UDP, ICMP, IGMP, or SCTP• all—Total traffic statistics

policyName The name of the configured Security Policy.

PO_John_1

inbound The rate of inbound traffic for the protocol identified in the record.

933.0

dropped The rate of traffic dropped for the protocol identified in the record.

0.0

enrichmentContainer This field is for internal use. {}

cleanAmount This field is for future use. 27990.0

clean This field is for future use. 933.0

discardedAmount This field is for future use. 0.0

physicalPort The physical port of the mitigation device.

-1


timeStamp The time, in 13-digit Unix notation, that the DefenseFlow device sent the record.

1504186700069

diverted The rate of diverted traffic for the protocol identified in the record.

0.0

droppedAmount This field is for future use. 0.0

unit The unit of measurement for the traffic rate.

Values:• Kbps—Kilobits per second• pps—Packets per second

divertedAmount This field is for future use. 0.0

id N⁄A null

inboundAmount This field is for future use. 27990.0

protectedObjectName

The name of the protected object.

PO_John

Table 512: DFTrafficUtilization (DefenseFlow Traffic Utilization) Fields (cont.)





DPSecurityAttack (DefensePro Security Attack) RecordsThe following table describes the fields of the DPSecurityAttack (DefensePro Security Attack) records from the event exporter.

Table 513: DPSecurityAttack (DefensePro Security Attack) Fields

Field Description Example or Static ValuesEntity Type The entity type of the

record. There is no value attached to this field.

Values: • AclAttackEntity• AntiScanEntity• BwmAttackEntity• BDosAttackEntity• DnsAttackEntity• DosShieldAttackEntity• IntrusionsAttackEntity• AnomaliesAttackEntity• StatefulACLAttackEntity• SynFloodAttackEntity

deviceIp The device IP address that the attack uses or used.

172.16.22.47

sourcePort The source L4 port that the attack uses or used.

Multiple

vlanTag The VLAN tag value or Context Group in the policy that handled the attack. The VLAN tag or Context Group identifies similar information in this field. DefensePro 6.x and 7.x versions support VLAN tags. DefensePro 8.x versions support Context Groups.

Multiple

packetCount The packet count of the attack.

37859

destMsisdn The MSISDN Resolution feature is not supported currently.

N⁄A

protocol The protocol that the attack uses or used.

IP

destPort The destination port that the attack uses or used.

Multiple

destAddress The destination IP address that the attack uses or used.

Multiple




ruleName The name of the Network Protection policy or the Server Protection policy associated with the record.

Black List

radwareId The unique attack identifier issued by the device.

8

startTime The time, in millis, that the attack started.

1504181689804

direction The direction of the attack, inbound or outbound. Values: In, Out

In

mplsRd The Multi-protocol Label Switching Route Distinguisher in the policy that handled the attack.

Multiple

attackIpsId The unique ID of the attack from DefensePro.

3383-1402580209

sourceAddress The source IP address of the attack. If there are multiple IP sources for an attack, this field displays Multiple. The multiple IP addresses are displayed in the Attack Details window. Multiple may also refer to cases when DefensePro cannot report a specific value.

Multiple

srcMsisdn The MSISDN Resolution feature is not supported currently.

N⁄A

physicalPort The port on the device to which the attack packets arrived.

Multiple


Table 513: DPSecurityAttack (DefensePro Security Attack) Fields (cont.)





actionType The reported action against the attack. The actions are specified in the protection profile, which may or may not be available or relevant for your system.

Values:• Bypass—DefensePro does not protect

against this attack, but rather, sends its data out of the device, and may report it.

• Challenge—DefensePro challenges the packet.

• Destination Reset—DefensePro sends a TCP-Reset packet to the destination IP address and port.

• Drop—DefensePro discards the packet.• Drop & Quarantine—DefensePro discards

the traffic and adds the destination to the Web quarantine.

• Forward—DefensePro continues to process the traffic and eventually forwards the packet to its destination.

• Proxy• Quarantine—DefensePro adds the

destination to the Web quarantine.• Source Destination Reset—DefensePro

sends a TCP-Reset packet to both the packet source IP and the packet destination IP address.

• Source Reset—DefensePro sends a TCP-Reset packet to the packet source IP address.

• Http 200 Ok—DefensePro sends a 200 OK response using a predefined page and leaves the server-side connection open.

• Http 200 Ok Reset Dest—DefensePro sends a 200 OK response using a predefined page and sends a TCP-Reset packet to the server side to close the connection.


• Http 403 Forbidden Reset Dest—DefensePro sends a 403 Forbidden response using a predefined page and sends a TCP-Reset packet to the server side to close the connection.

packetBandwidth The attack bandwidth in kbit⁄s.

0

name The attack name. BL






risk The risk level that DefensePro classifies the security event.

Values:• Info—The risk does not pose a threat to

normal service operation.• Low—The risk does not pose a threat to

normal service operation, but may be part of a preliminary action for malicious behavior.

• Medium—The risk may pose a threat to normal service operation, but is not likely to cause complete service outage, remote code execution, or unauthorized access.High—The risk is very likely to pose a threat to normal service availability, and may cause complete service outage, remote code execution, or unauthorized access.

endTime The time, in 13-digit Unix notation, that the attack ended.

1504181694709

category The threat type to which this attack belongs.

Values:• ACL

• Anomalies1

• Anti-Scanning • Bandwidth Management• BehavioralDoS• DNS Flood • DoS• HTTP Flood• Intrusions• Server Cracking• Stateful ACL• SYN Flood






status The last-reported status of the attack.

Values:• Started—An attack containing more than

one security event has been detected. (Some attacks contain multiple security events, such as DoS, Scans, and so on.)

• Occurred—Only for signature-based attacks. Each packet matched with signatures was reported as an attack and dropped.

• Ongoing—The attack is currently taking place, that is, the time between Started and Terminated (for attacks that contain multiple security events, such as DoS, Scans, and so on).

• Terminated—There are no more packets matching the characteristics of the attack, and the device reports that the attack has ended.

• sampled—Along with messages that have the status value Ongoing, some DefensePro protection modules can send additional records with the status value Sampled. These records provide Layer 4 parameters of specific packets that were classified as part of the security event. Each of these records includes the same unique ID that is used for other messages (Started/Ongoing/Terminated). The packetBandwidth value in these records may contain the value for bandwidth or packet size. DefensePro normalizes the measured bandwidth or packet size. The normalization function always rounds down the value. For example, in such records, DefensePro reports values of 1–127 as 0, values of 128–255 as 1, and so on.

1 – Once DefensePro reports a Packet Anomaly attack of a certain Radware ID, the status value Occurred and the startTime value remain indefinitely. For example, suppose a new DefensePro device starts identifying and handling a Packet Anomaly attack with radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One month later, the DefensePro device starts identifying and handling another Packet Anomaly attack with radwareId 105. The Start Time value 20.02.2017 15:19:09 is reported. (For more information on Packet Anomaly protection, see the APSolute Vision online help or the DefensePro User Guide.)






DPTrafficUtilization (DefensePro Traffic Utilization) RecordsThe following table describes the fields of the DPTrafficUtilization (DefensePro Traffic Utilization) records from the event exporter.

Table 514: DPTrafficUtilization (DefensePro Traffic Utilization) Fields

Field Description Example or Static ValuesDPTrafficUtilizationRawEntity The entity type of

the record. There is no value attached to this field.

DPTrafficUtilizationRawEntity

discardsAmount This field is for future use.

0

deviceIp The device IP address that the attack uses or used.

172.16.22.47

monitoringProtocol The traffic protocol. Values:• tcp• udp• icmp• igmp• sctp• other—The statistics of the traffic that is

not TCP, UDP, ICMP, IGMP, or SCTP• all—Total traffic statistics

policyName The name of the Network Protection policy or the Server Protection policy associated with the record.

5-Y0LK7XK0_BDHJ5939_Green_Cloud

trafficValueAmount This field is for future use.

0

excludedAmount This field is for future use.

null


{}

physicalPort The physical port of the DefensePro device.

-1


excluded The rate of excluded traffic, which is related to the Traffic Exclusion implementation.1

null




timeStamp The time, in 13-digit Unix notation, of the APSolute Visionserver.

1504181395664

unit The unit of measure for the traffic rate.

Values: pps, kbps

minuteOfDay This field is for future use.

729

discards The rate of dropped traffic.

0

trafficValue The rate of inbound traffic.

0

id This field is for future use.

null

direction The traffic direction to which the record relates.

Values: Inbound, Outbound


1 – Traffic Exclusion is when DefensePro passes through all traffic that matches no Network Protection policy configured on the device. In DefensePro 7.x and 8.x versions, Traffic Exclusion is always enabled. DefensePro x412 platforms with the DME, running 6.x versions generate records with an excluded value when the Traffic Exclusion checkbox is selected. For more information on Traffic Exclusion, see the relevant section in the APSolute Vision online help.

Table 514: DPTrafficUtilization (DefensePro Traffic Utilization) Fields (cont.)



APPENDIX F – DEFENSEPRO ATTACK-PROTECTION IDSThis appendix describes the DefensePro Attack-Protection IDs.

Note: Some DefensePro versions do not support all the attack-protections listed in the following table.


DefensePro Attack-Protection IDs


Table 515: DefensePro Attack-Protection IDs

ID Number or Range

Attack-Protection Name Category(for Reporting)

Default Risk

Default Action

Report Action

Description

8 White List N/A White-list encounters are not reported as security events.

9 Black List Access Black-list access violation.

70 Network flood IPv4 UDP Behavioral-DoS Network flood IPv4 UDP.

71 Network flood IPv4 ICMP Behavioral-DoS Network flood IPv4 ICMP.

72 Network flood IPv4 IGMP Behavioral-DoS Network flood IPv4 IGMP.

73 Network flood IPv4 TCP-SYN

Behavioral-DoS Network flood IPv4 TCP with SYN flag.

74 Network flood IPv4 TCP-RST

Behavioral-DoS Network flood IPv4 TCP with RST flag.

75 Network flood IPv4 TCP-ACK

Behavioral-DoS Network flood IPv4 TCP with ACK flag.

76 Network flood IPv4 TCP-PSH

Behavioral-DoS Network flood IPv4 TCP with PSH flag.

77 Network flood IPv4 TCP-FIN

Behavioral-DoS Network flood IPv4 TCP with FIN flag.

78 Network flood IPv4 TCP-SYN-ACK

Behavioral-DoS Network flood IPv4 TCP with SYN and ACK flags

79 Network flood IPv4 TCP-FRAG

Behavioral-DoS Network flood IPv4 TCP with FRAG flag.

80 Network flood IPv6 UDP Behavioral-DoS Network flood IPv6 UDP.

81 Network flood IPv6 ICMP Behavioral-DoS Network flood IPv6 ICMP.

82 Network flood IPv6 IGMP Behavioral-DoS Network flood IPv6 IGMP.

83 Network flood IPv6 TCP-SYN

Behavioral-DoS Network flood IPv6 TCP with SYN flag.

84 Network flood IPv6 TCP-RST

Behavioral-DoS Network flood IPv6 TCP with RST flag.




85 Network flood IPv6 TCP-ACK

Behavioral-DoS Network flood IPv6 TCP with ACK flag.

86 Network flood IPv6 TCP-PSH

Behavioral-DoS Network flood IPv6 TCP with PSH flag.

87 Network flood IPv6 TCP-FIN

Behavioral-DoS Network flood IPv6 TCP with FIN flag.

88 Network flood IPv6 TCP-SYN-ACK

Behavioral-DoS Network flood IPv6 TCP with SYN and ACK flags.

89 Network flood IPv6 TCP-FRAG

Behavioral-DoS Network flood IPv6 TCP with FRAG flag.

100 Unrecognized L2 Format Anomalies Low No-report Process Unrecognized L2 format.

103 Incorrect IPv4 checksum Anomalies Low Block Bypass Incorrect IPv4 checksum.

104 Invalid IPv4 Header or Total Length

Anomalies Low Block Bypass Invalid IPv4 header or total length.

105 TTL Less Than or Equal to 1 Anomalies Low Report Process TTL less than or equal to 1.

107 Inconsistent IPv6 Headers Anomalies Low Block Bypass Inconsistent IPv6 headers.

108 IPv6 Hop Limit Reached Anomalies Low Report Process IPv6 hop limit reached.

110 Unsupported L4 Protocol Anomalies Low No-report Process Unsupported L4 protocol.

112 Invalid TCP Header Length Anomalies (This anomaly protection is available only in DefensePro 5.11 and 5.12.) Invalid TCP header length.

113 Invalid TCP Flags Anomalies Low Block Bypass Invalid TCP flags.

116 Invalid UDP Header Length Anomalies Invalid UDP header length.

119 Source or Dest Address same as Local Host

Anomalies Low Block Bypass Source or destination IP address same as local host.

Table 515: DefensePro Attack-Protection IDs (cont.)

ID Number or Range


Default Risk

Default Action

Report Action

Description




120 Source Address same as Dest Address (Land Attack)

Anomalies Low Block Bypass Source IP address same as destination IP address (Land Attack).The common vulnerability enumerator (CVE) for this signature is CVE-1999-0016.

125 L4 Source or Dest Port Zero Anomalies Low Block Bypass Layer 4 source or destination port are zero.

131 Invalid L4 Header Length Anomalies Low Block Bypass Invalid L4 header length

132 Broadcast Destination MAC Address

Anomalies Low No Report Process The L2 destination MAC is all F values — that is, 0xFFFFFFFFFFFF.

150 HTTP Page Flood Attack HttpFlood HTTP page flood attack.

240 TCP Out-of-State Anomalies TCP Out-of-State floods.

350 SCAN_TCP_SCAN Anti Scan TCP scanning attempt.

351 SCAN_UDP_SCAN Anti Scan UDP scanning attempt.

352 SCAN_ICMP_SCAN Anti Scan ICMP scanning attempt.

400 Brute Force Web A Brute Force Web attack is an attempt to break into a restricted area on a site that is protected by native HTTP authentication.

401 Web Scan A Web-vulnerability scan is an information-gathering attack that is usually launched as a prequel to an intrusion attack on the scanned Web server. The attacker is trying to gather the information on the Web server by sending different types of HTTP requests and analyzing the server responses. Automatic tools are often used in this case.


ID Number or Range


Default Risk

Default Action

Report Action

Description




402 Brute Force SMTP A Brute Force SMTP attack is an attempt to break into restricted accounts on the SMTP mail server that is protected by username and password authentication.

403 Brute Force FTP A Brute Force FTP attack is an attempt to break into a restricted account on the FTP server that is protected by username and password authentication.

404 Brute Force POP3 A Brute Force POP3 attack is an attempt to break into restricted accounts on the POP3 mail server that is protected by username and password authentication.

405 Brute Force SIP (UDP) A Brute Force SIP (UDP) attack is an attempt to break into restricted accounts on the SIP server, over UDP, which is protected by username and password authentication. This type of attack can also cause a Register flood on the SIP server.

406 Brute Force SIP (TCP) A Brute Force SIP (TCP) attack is an attempt to break into restricted accounts on the SIP server, over TCP, which is protected by username and password authentication. This type of attack can also cause a Register flood on the SIP server.


ID Number or Range


Default Risk

Default Action

Report Action

Description




407 Brute Force MySQL A Brute Force MySQL attack is an attempt to break into restricted Database accounts on the MySQL database server that is protected by username and password authentication.

408 Brute Force MSSQL A Brute Force MSSQL attack is an attempt to break into a restricted database accounts on the MSSQL database server that is protected by username and password authentication.

409 SIP Scan (UDP) SIP scan attacks intend to identify the SIP server in order to find vulnerabilities or to harvest the server for existing subscriber phone numbers (also known as SIP users or SIP URI). The phone numbers can be used later to launch a SPIT (SPAM over IP Telephony) attack.

410 SIP Scan (TCP) SIP scan attacks intend to identify the SIP server in order to find vulnerabilities or to harvest the server for existing subscriber phone numbers (also known as SIP users or SIP URI). The phone numbers can be used later to launch a SPIT (SPAM over IP Telephony) attack.


ID Number or Range


Default Risk

Default Action

Report Action

Description




414 SIP Scan DST (TCP) SIP scan attacks intend to identify the SIP server in order to find vulnerabilities or to harvest the server for existing subscriber phone numbers (also known as SIP users or SIP URI). The phone numbers can be used later to launch a SPIT (SPAM over IP Telephony) attack.

416 Brute Force SIP DST (TCP) A Brute Force SIP DST (TCP) attack is an attempt to break into restricted accounts on the SIP server, over TCP, which is protected by username and password authentication. The specific attack was detected from error responses that were found on sessions that originated from the server. This type of attack can also cause a Register flood on the SIP server.

417 Brute Force SMB A Brute Force SMB attack is an attempt to break into restricted accounts on the SMB (file share) server that is protected by username and password authentication.

418 Brute Force SIP DST (UDP) A Brute Force SIP DST (UDP) attack is an attempt to break into restricted accounts on the SIP server, over UDP, which is protected by username and password authentication. The specific attack was detected from error responses that were found on sessions that originated from the server. This type of attack can also cause a Register flood on the SIP server.


ID Number or Range


Default Risk

Default Action

Report Action

Description




419 SIP Scan DST (UDP) SIP scan attacks intend to identify the SIP server in order to find vulnerabilities or to harvest the server for existing subscriber phone numbers (also known as SIP users or SIP URI). The phone numbers can be used later to launch a SPIT (SPAM over IP Telephony) attack.

450 DNS flood IPv4 DNS-A DNS-Protection DNS A query flood over IPv4.

451 DNS flood IPv4 DNS-MX DNS-Protection DNS MX query flood over IPv4.

452 DNS flood IPv4 DNS-PTR DNS-Protection DNS PTR query flood over IPv4.

453 DNS flood IPv4 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv4.

454 DNS flood IPv4 DNS-Text DNS-Protection DNS Text query flood over IPv4.

455 DNS flood IPv4 DNS-SOA DNS-Protection DNS SOA query flood over IPv4.

456 DNS flood IPv4 DNS-NAPTR DNS-Protection DNS NAPTR query flood over IPv4.

457 DNS flood IPv4 DNS-SRV DNS-Protection DNS SRV query flood over IPv4.

458 DNS flood IPv4 DNS-Other DNS-Protection DNS Other queries flood over IPv4.

459 DNS flood IPv4 DNS-ALL DNS-Protection DNS query flood over IPv4.

460 DNS flood IPv6 DNS-A DNS-Protection DNS A query flood over IPv6.

461 DNS flood IPv6 DNS-MX DNS-Protection DNS MX query flood over IPv6.

462 DNS flood IPv6 DNS-PTR DNS-Protection DNS PTR query flood over IPv6.

463 DNS flood IPv6 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv6.

464 DNS flood IPv6 DNS-Text DNS-Protection DNS Text query flood over IPv6.

465 DNS flood IPv6 DNS-SOA DNS-Protection DNS SOA query flood over IPv6.

466 DNS flood IPv6 DNS-NAPTR DNS-Protection DNS NAPTR query flood over IPv6.

467 DNS flood IPv6 DNS-SRV DNS-Protection DNS SRV query flood over IPv6.

468 DNS flood IPv6 DNS-Other DNS-Protection DNS Other queries flood over IPv6.


ID Number or Range


Default Risk

Default Action

Report Action

Description




469 DNS flood IPv6 DNS-ALL DNS-Protection DNS query flood over IPv6.

700 BWM N/A Bandwidth-management operations are not reported as security events.

720 SYN Flood protection High According to policy Action

Start, ongoing, and termination of attacks per protection policy.

721 SYN Flood enabled protection

High According to policy Action

Ongoing message when the SYN rate relative to the first ACK/Data packet rate is above 1000 packets per second.

722 SYN Flood protect full table Medium According to policy Action

(This event is not generated in version 5.10 and later.) Used for DefensePro's session table protection.

723 SYN ACK Reflection protection

High According to policy Action

(This event is not generated in version 5.10 and later.) Used for SARP (SYN ACK Reflection Protection).

724 SYN Protect delete frag Info According to policy Action

Used when a fragmented packet arrives during the authentication process. The packet will be discarded.

725 SYN Protect delete reset Info According to policy Action

Used when a RESET packet that does not match an existing session arrives during the authentication process. The packet will be discarded.


ID Number or Range


Default Risk

Default Action

Report Action

Description




726 SYN Protect out of context Info According to policy Action

(This event is not generated in version 5.10 and later.) Used when a packet that does not match an existing session arrives during the authentication process. The packet will be deleted and a RESET will be sent to the source.

727 SYN Protect full table Medium According to policy Action

Used when the SYN Protection table is full and the module cannot handle more concurrent authentication processes. New verified ACK (or data) packets will be discarded as long as the table is full.

729 SYN Protect out of context Info According to policy Action

Used when a packet that does not match an existing session arrives during the authentication process. The packet will be deleted and a RESET will be sent to the source.

730 SYN Protect unverified cookie

Info Drop Used when a ACK packet arrives with a SYN cookie that does not match the one sent by the DefensePro device. This error is generated only when the policy is configured with Block and Report.

731 SYN Protect incompleteness

Info Drop (This event is not relevant before version 5.1x.) Used when a new session is aged during the authentication process before the first data packet has arrived.


ID Number or Range


Default Risk

Default Action

Report Action

Description




732 SYN Protect delete wrong tcp

Info Drop Used when an unexpected packet or one with illegal TCP flags arrives during the authentication process. The packet will be discarded.

740 TCP session dropped Stateful-ACL High Drop Reports on traffic that matched an ACL policy.

741 TCP session allowed Stateful-ACL Info Forward Reports on traffic that matched an ACL policy.

742 UDP session dropped Stateful-ACL High Drop Reports on traffic that matched an ACL policy.

743 UDP session allowed Stateful-ACL Info Forward policy on traffic that matched an ACL rule.

744 ICMP session dropped Stateful-ACL High Drop Reports on traffic that matched an ACL policy.

745 ICMP session allowed Stateful-ACL Info Forward Reports on traffic that matched an ACL policy.

746 IP session dropped Stateful-ACL High Drop Reports on IP traffic that matched an ACL policy that is not supported explicitly in the ACL (that is, traffic that is not, for example, TCP, UDP, ICMP, IGMP, SCTP, or supported tunneling protocols).

747 IP session allowed Stateful-ACL Info Forward Reports on IP traffic that matched an ACL policy that is not supported explicitly in the ACL (that is, traffic that is not, for example, TCP, UDP, ICMP, IGMP, SCTP, or supported tunneling protocols).

748 TCP Mid Flow packet Stateful-ACL Medium Drop Reports on traffic that matched an ACL policy.


ID Number or Range


Default Risk

Default Action

Report Action

Description




749 TCP Invalid reset Stateful-ACL Medium Drop Reports on traffic that matched an ACL policy.

750 TCP handshake violation Stateful-ACL Medium Drop Reports on traffic that matched an ACL policy.

751 ICMP Smurf packet Stateful-ACL Medium Drop Reports on traffic that matched an ACL policy.

752 ICMP packet anomaly Stateful-ACL Medium Drop Reports on traffic that matched an ACL policy.

753 GRE session dropped Stateful-ACL High Drop Reports on traffic that matched an ACL policy.

754 GRE session allowed Stateful-ACL Info Forward Reports on traffic that matched an ACL policy.

755 SCTP session dropped Stateful-ACL High Drop Reports on traffic that matched an ACL policy.

756 SCTP session allowed Stateful-ACL Info Forward Reports on traffic that matched an ACL policy.

1,000–100,000 DoS Shield signatures or intrusion-protection signatures

DoS Range for signatures, from the Security Operations Center (SOC) signature file. Odd ID numbers are DoS shield signatures. Even ID numbers are Intrusion signatures.

200,000 HTTP SynFlood Medium According to policy Action

Predefined HTTP-SYN-flood attack protection.

200,001 HTTPS SynFlood Medium According to policy Action

Predefined HTTPS-SYN-flood attack protection.

200,002 RTSP SynFlood Medium According to policy Action

Predefined RTSP-SYN-flood attack protection.


ID Number or Range


Default Risk

Default Action

Report Action

Description




200,003 FTP_CTRL SynFlood Medium According to policy Action

Predefined FTP_CTRL-SYN-flood attack protection.

200,004 POP3 SynFlood Medium According to policy Action

Predefined POP3-SYN-flood attack protection.

200,005 IMAP SynFlood Medium According to policy Action

Predefined IMAP-SYN-flood attack protection.

200,006 SMTP SynFlood Medium According to policy Action

Predefined SMTP-SYN-flood attack protection.

200,007 TELNET SynFlood Medium According to policy Action

Predefined TELNET-SYN-flood attack protection.

200,008 RPC SynFlood Medium According to policy Action

Predefined RPC-SYN-flood attack protection.

300,000–449,999 User-defined custom signatures

DoS Range for user-defined protections. The device generates the ID number sequentially when the user creates the signature.

450,000–475,000 User-defined Connection Limit protections

DoS Range for user-defined Connection Limit protections. The device generates the ID number sequentially when the user creates the protection.

500,000–599,999 User-defined SYN-flood protections

SYNFlood Low According to policy Action

Range for user-defined SYN-flood protections device generates the ID number sequentially when the user creates the protection.


ID Number or Range


Default Risk

Default Action

Report Action

Description




600,000–675,000 User-defined Connection PPS Limit protections

DoS Range for user-defined Connection PPS Limit protections device generates the ID number sequentially when the user creates the protection.

700,000–1,000,000 User-defined Traffic Filters Traffic Filters High Drop Range for user-defined Traffic Filters. The device generates the ID number sequentially when the user creates the Traffic Filter.


ID Number or Range


Default Risk

Default Action

Report Action

Description


APPENDIX G – APSOLUTE VISION SPECIFICATIONS AND REQUIREMENTSThis section contains various specifications and requirements for APSolute Vision, which comprise the following:• UDP/TCP Ports and IP Protocols, page 765• APSolute Vision Web Based Management Interface Requirements, page 768• Application Performance Monitoring Requirements, page 768• Device Performance Monitoring Requirements, page 769• APSolute Vision Reporter Requirements, page 769

Notes

• APSolute Vision server can run as a physical or virtual appliance called APSolute Vision server. For hardware and virtual-appliance (VA) specifications, see the APSolute Vision Installation and Maintenance Guide.

• APSolute Vision supports a Web-based management interface, which is called Web Based Management (WBM).

• APSolute Vision supports multiple device types and versions. For the most up-to-date lists of supported devices and versions, see the APSolute Vision Release Notes for the required version.

UDP/TCP Ports and IP ProtocolsRadware management interfaces communicate with various UDP/TCP ports using various protocols—including HTTPS, HTTP, Telnet, and SSH. If you intend to use these interfaces, ensure they are accessible and not blocked by your firewall.The following table lists the ports for APSolute Vision server-client communication.

Table 516: Ports for APSolute Vision Server-WBM Communication and Operating System

Port Protocol Type Usage Opened on APSolute Vision Server Firewall by Default

22 SSH, SFTP, SCP

TCP • Terminal client to server.• Server CLI management, file

transfer.• Server to northbound.• Push backups, reports, and so

on.• Used for communication with

vDirect.

Yes

25 SMTP TCP Server to external e-mail server. No


APSolute Vision Specifications and Requirements


80 HTTP TCP • Web browser to APSolute Vision server.

• APSolute Vision server to APM server (over the APM Management interface), for Application Performance Monitoring (APM). Port 80 is the default port for this functionality, but you can configure another port. For more information, see the Application Performance Monitoring Troubleshooting and Technical Guide.1

Yes

443 HTTPS TCP • APSolute Vision WBM to server.

• Used for communication between APSolute Vision server instances in configuration-synchronization setups.

Yes

514 Syslog UDP Server to external syslog server. No

2189 Proprietary TCP UDP Used for communication with vDirect.

Yes

5602 HTTPS TCP Used for communication with the Vision Reporting Module (VRM) server.

N/A. This port is opened on the VRM server.

5672 TCP TCP Used for communication between APSolute Vision server instances in configuration-synchronization setups.

Yes

9216 HTTPS TCP APSolute Vision Reporter client to APSolute Vision Reporter server.

Yes

9443 TCP TCP WBM Web browser to APSolute Vision server, for Device Performance Monitoring (DPM).

Yes

1 – Alteon also uses port 80 to communicate with the APM server (over the APM Data interface).

Table 516: Ports for APSolute Vision Server-WBM Communication and Operating System





The following table lists the ports for communication between APSolute Vision server and Radware devices.

Table 517: Communication Ports for APSolute Vision Server with Radware Devices and Radware Services


7 TCP TCP Used by vDirect to determine if a device (for example, DefensePro) is reachable.

Yes

221

1 – This is the default port. The value is configurable.

SSH TCP APSolute Vision server to Alteon, DefensePro, and LinkProof NG devices, to run CLI commands on the device.

Yes

80 HTTP TCP APSolute Vision server to Radware services.Such services include SUS updates and ERT Active DDoS Feed updates.

Yes

161 SNMP UDP APSolute Vision server to devices, for SNMP management.

No

162 SNMP UDP Devices to APSolute Vision server, for traps.

Yes

443 HTTPS TCP APSolute Vision server to devices and Radware services, and devices and services to APSolute Vision server for REST calls and file transfer.Such services include SUS updates and ERT Active DDoS Feed updates.

Yes

2088 IRP UDP Devices to APSolute Vision server, for statistics.

Yes

2214 Syslog TCP UDP AppWall devices—and AppWall for Alteon—to APSolute Vision server for AVR reporting only.

Yes

2215 Syslog TCP UDP AppWall devices—and AppWall for Alteon—to APSolute Vision server for AVR reporting and APSolute Vision real-time Security Monitoring.

Yes

3030 TCP TCP APSolute Vision server to Alteon device, for Device Performance Monitoring (DPM).

Note: APSolute Vision pulls the data from Alteon.

No

8200 8270 8300

SSL TCP APSolute Vision server to AppWall devices (AppWall servers only).

No




The following IP protocols are opened on the APSolute Vision server firewall by default:• ICMP—Internet Control Message Protocol. All types (an ICMP term) are opened except

Timestamp (type 13) and Timestamp Reply (type 14).• ESP—Encapsulating Security Payload part of the IPsec (Internet Protocol Security).• AH—Authentication Header part of the IPsec (Internet Protocol Security).

APSolute Vision Web Based Management Interface RequirementsBefore you use the APSolute Vision client, ensure your computer meets the hardware and software requirements.This section includes the following topics:• APSolute Vision WBM Supported Operating Systems, page 768• APSolute Vision WBM Supported Browsers, page 768

APSolute Vision WBM Supported Operating SystemsThe following operating systems support APSolute Vision WBM:• Windows Server 2008 R2 64-bit• Windows 8 64-bit• Windows 7 SP1 32-bit and 64-bit• Windows Server 2012 R2 64-bit• Linux Ubuntu (Desktop)• Mac OS X

APSolute Vision WBM Supported BrowsersYou can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device Performance Monitor, and the APM server Web interface) using the following browsers:• Mozilla Firefox build 31• Chrome 37

Application Performance Monitoring RequirementsThe APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor (APM). The APM is a process that runs on the APSolute Vision server with APM server VA offering. APSolute Vision WBM includes an option to open the APM Web interface.For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and Maintenance Guide.




Device Performance Monitoring RequirementsAPSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser tab.

APSolute Vision Reporter RequirementsAPSolute Vision WBM can connect to the APSolute Vision Reporter (AVR). APSolute Vision WBM includes a button that opens the AVR in a separate browser tab.Java client version 1.6.0_22 or later must be installed to run the APSolute Vision Reporter.The Java client must be 32-bit.


RADWARE LTD. END USER LICENSE AGREEMENTBy accepting this End User License Agreement (this “License Agreement”) you agree to be contacted by Radware Ltd.'s (“Radware”) sales personnel.If you would like to receive license rights different from the rights granted below or if you wish to acquire warranty or support services beyond the scope provided herein (if any), please contact Radware's sales team.THIS LICENSE AGREEMENT GOVERNS YOUR USE OF ANY SOFTWARE DEVELOPED AND/OR DISTRIBUTED BY RADWARE AND ANY UPGRADES, MODIFIED VERSIONS, UPDATES, ADDITIONS, AND COPIES OF THE SOFTWARE FURNISHED TO YOU DURING THE TERM OF THE LICENSE GRANTED HEREIN (THE “SOFTWARE”). THIS LICENSE AGREEMENT APPLIES REGARDLESS OF WHETHER THE SOFTWARE IS DELIVERED TO YOU AS AN EMBEDDED COMPONENT OF A RADWARE PRODUCT (“PRODUCT”), OR WHETHER IT IS DELIVERED AS A STANDALONE SOFTWARE PRODUCT. FOR THE AVOIDANCE OF DOUBT IT IS HEREBY CLARIFIED THAT THIS LICENSE AGREEMENT APPLIES TO PLUG-INS, CONNECTORS, EXTENSIONS AND SIMILAR SOFTWARE COMPONENTS DEVELOPED BY RADWARE THAT CONNECT OR INTEGRATE A RADWARE PRODUCT WITH THE PRODUCT OF A THIRD PARTY (COLLECTIVELY, “CONNECTORS”) FOR PROVISIONING, DECOMMISSIONING, MANAGING, CONFIGURING OR MONITORING RADWARE PRODUCTS. THE APPLICABILITY OF THIS LICENSE AGREEMENT TO CONNECTORS IS REGARDLESS OF WHETHER SUCH CONNECTORS ARE DISTRIBUTED TO YOU BY RADWARE OR BY A THIRD PARTY PRODUCT VENDOR. IN CASE A CONNECTOR IS DISTRIBUTED TO YOU BY A THIRD PARTY PRODUCT VENDOR PURSUANT TO THE TERMS OF AN AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THEN, AS BETWEEN RADWARE AND YOURSELF, TO THE EXTENT THERE IS ANY DISCREPANCY OR INCONSISTENCY BETWEEN THE TERMS OF THIS LICENSE AGREEMENT AND THE TERMS OF THE AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THE TERMS OF THIS LICENSE AGREEMENT WILL GOVERN AND PREVAIL. PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE CONTAINING RADWARE'S PRODUCT, OR BEFORE DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING RADWARE'S STANDALONE SOFTWARE (AS APPLICABLE). THE SOFTWARE IS LICENSED (NOT SOLD). BY OPENING THE PACKAGE CONTAINING RADWARE'S PRODUCT, OR BY DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE (AS APPLICABLE), YOU CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS LICENSE AGREEMENT AND YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. FURTHERMORE, YOU HEREBY WAIVE ANY CLAIM OR RIGHT THAT YOU MAY HAVE TO ASSERT THAT YOUR ACCEPTANCE AS STATED HEREINABOVE IS NOT THE EQUIVALENT OF, OR DEEMED AS, A VALID SIGNATURE TO THIS LICENSE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT, YOU SHOULD PROMPTLY RETURN THE UNOPENED PRODUCT PACKAGE OR YOU SHOULD NOT DOWNLOAD, INSTALL, COPY OR OTHERWISE USE THE SOFTWARE (AS APPLICABLE). THIS LICENSE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SOFTWARE BETWEEN YOU AND RADWARE, AND SUPERSEDES ANY AND ALL PRIOR PROPOSALS, REPRESENTATIONS, OR UNDERSTANDINGS BETWEEN THE PARTIES. “YOU” MEANS THE NATURAL PERSON OR THE ENTITY THAT IS AGREEING TO BE BOUND BY THIS LICENSE AGREEMENT, THEIR EMPLOYEES AND THIRD PARTY CONTRACTORS. YOU SHALL BE LIABLE FOR ANY FAILURE BY SUCH EMPLOYEES AND THIRD PARTY CONTRACTORS TO COMPLY WITH THE TERMS OF THIS LICENSE AGREEMENT.

1. License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you accept, a limited, nonexclusive, nontransferable license to install and use the Software in machine-readable, object code form only and solely for your internal business purposes (“Commercial License”). If the Software is distributed to you with a software development kit (the “SDK”), then, solely with regard to the SDK, the Commercial License above also includes a limited, nonexclusive, nontransferable license to install and use the SDK solely on computers within your organization, and solely for your internal development of an integration or interoperation of the Software and/or other Radware Products with software or hardware products owned, licensed and/or controlled by you (the “SDK Purpose”). To the extent an SDK is


Radware Ltd. End User License Agreement


distributed to you together with code samples in source code format (the “Code Samples”) that are meant to illustrate and teach you how to configure, monitor and/or control the Software and/or any other Radware Products, the Commercial License above further includes a limited, nonexclusive, nontransferable license to copy and modify the Code Samples and create derivative works based thereon solely for the SDK Purpose and solely on computers within your organization. The SDK shall be considered part of the term “Software” for all purposes of this License Agreement. You agree that you will not sell, assign, license, sublicense, transfer, pledge, lease, rent or share your rights under this License Agreement nor will you distribute copies of the Software or any parts thereof. Rights not specifically granted herein, are specifically prohibited.

2. Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the Software is provided to you for evaluation purposes, as indicated in your purchase order or sales receipt, on the website from which you download the Software, as inferred from any time-limited evaluation license keys that you are provided with to activate the Software, or otherwise, then You may use the Software only for internal evaluation purposes (“Evaluation Use”) for a maximum of 30 days or such other duration as may specified by Radware in writing at its sole discretion (the “Evaluation Period”). The evaluation copy of the Software contains a feature that will automatically disable it after expiration of the Evaluation Period. You agree not to disable, destroy, or remove this feature of the Software, and any attempt to do so will be a material breach of this License Agreement. During or at the end of the evaluation period, you may contact Radware sales team to purchase a Commercial License to continue using the Software pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial License, you agree to stop using the Software and to delete the evaluation copy received hereunder from all computers under your possession or control at the end of the Evaluation Period. In any event, your continued use of the Software beyond the Evaluation Period (if possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to the terms of this License Agreement, and you agree to pay Radware any amounts due for any applicable license fees at Radware's then-current list prices.

3. Lab/Development License. Notwithstanding anything to the contrary in this License Agreement, if the Software is provided to you for use in your lab or for development purposes, as indicated in your purchase order, sales receipt, the part number description for the Software, the Web page from which you download the Software, or otherwise, then You may use the Software only in your lab and only in connection with Radware Products that you purchased or will purchase (in case of a lab license) or for internal testing and development purposes (in case of a development license) but not for any production use purposes.

4. Subscription Software. If you licensed the Software on a subscription basis, your rights to use the Software are limited to the subscription period. You have the option to extend your subscription. If you extend your subscription, you may continue using the Software until the end of your extended subscription period. If you do not extend your subscription, after the expiration of your subscription, you are legally obligated to discontinue your use of the Software and completely remove the Software from your system.

5. Feedback. Any feedback concerning the Software including, without limitation, identifying potential errors and improvements, recommended changes or suggestions (“Feedback”), provided by you to Radware will be owned exclusively by Radware and considered Radware's confidential information. By providing Feedback to Radware, you hereby assign to Radware all of your right, title and interest in any such Feedback, including all intellectual property rights therein. With regard to any rights in such Feedback that cannot, under applicable law, be assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable, sub-licensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make, have made, distribute, sell, offer for sale, display, perform, create derivative works of and otherwise exploit the Feedback without restriction. The provisions of this Section 5 will survive the termination or expiration of this Agreement.

6. Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create any derivative works based on the Software; or (b) sublicense or transfer the Software, or include the Software or any portion thereof in any product; or (b) reverse assemble, disassemble, decompile, reverse engineer or otherwise attempt to derive source code (or the




underlying ideas, algorithms, structure or organization) from the Software, in whole or in part, except and only to the extent: (i) applicable law expressly permits any such action despite this limitation, in which case you agree to provide Radware at least ninety (90) days advance written notice of your belief that such action is warranted and permitted and to provide Radware with an opportunity to evaluate if the law's requirements necessitate such action, or (ii) required to debug changes to any third party LGPL-libraries linked to by the Software; or (c) create, develop, license, install, use, or deploy any software or services to circumvent, enable, modify or provide access, permissions or rights which violate the technical restrictions of the Software; (d) in the event the Software is provided as an embedded or bundled component of another Radware Product, you shall not use the Software other than as part of the combined Product and for the purposes for which the combined Product is intended; (e) remove any copyright notices, identification or any other proprietary notices from the Software (including any notices of Third Party Software (as defined below); or (f) copy the Software onto any public or distributed network or use the Software to operate in or as a time-sharing, outsourcing, service bureau, application service provider, or managed service provider environment. Notwithstanding the foregoing, if you provide hosting or cloud computing services to your customers, you are entitled to use and include the Software in your IT infrastructure on which you provide your services. It is hereby clarified that the prohibitions on modifying, or creating derivative works based on, any Software provided by Radware, apply whether the Software is provided in a machine or in a human readable form. Human readable Software to which this prohibition applies includes (without limitation) “Radware AppShape++ Script Files” that contain “Special License Terms”. It is acknowledged that examples provided in a human readable form may be modified by a user.

7. Intellectual Property Rights. You acknowledge and agree that this License Agreement does not convey to you any interest in the Software except for the limited right to use the Software, and that all right, title, and interest in and to the Software, including any and all associated intellectual property rights, are and shall remain with Radware or its third party licensors. You further acknowledge and agree that the Software is a proprietary product of Radware and/or its licensors and is protected under applicable copyright law.

8. No Warranty. The Software, and any and all accompanying software, files, libraries, data and materials, are distributed and provided “AS IS” by Radware or by its third party licensors (as applicable) and with no warranty of any kind, whether express or implied, including, without limitation, any non-infringement warranty or warranty of merchantability or fitness for a particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or makes any representation regarding the title in the Software, the use of, or the results of the use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the operation of the Software will be uninterrupted or error-free, or that the use of any passwords, license keys and/or encryption features will be effective in preventing the unintentional disclosure of information contained in any file. You acknowledge that good data processing procedure dictates that any program, including the Software, must be thoroughly tested with non-critical data before there is any reliance on it, and you hereby assume the entire risk of all use of the copies of the Software covered by this License. Radware does not make any representation or warranty, nor does Radware assume any responsibility or liability or provide any license or technical maintenance and support for any operating systems, databases, migration tools or any other software component provided by a third party supplier and with which the Software is meant to interoperate.

This disclaimer of warranty constitutes an essential and material part of this License. In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable under any warranty provision, Radware shall be released from all such obligations in the event that the Software shall have been subject to misuse, neglect, accident or improper installation, or if repairs or modifications were made by persons other than by Radware's authorized service personnel.

9. Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors, contractors, subsidiaries, or parent organizations (together, the “Radware Parties”), be liable for any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating to the use of, or the inability to use, the Software, or to your relationship with, Radware or any of the Radware Parties (including, without limitation, loss or disclosure of data or information,




and/or loss of profit, revenue, business opportunity or business advantage, and/or business interruption), whether based upon a claim or action of contract, warranty, negligence, strict liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of the possibility of such damages. If any Radware Party is found to be liable to You or to any third-party under any applicable law despite the explicit disclaimers and limitations under these terms, then any liability of such Radware Party, will be limited exclusively to refund of any license or registration or subscription fees paid by you to Radware.

10. Third Party Software. The Software includes software portions developed and owned by third parties (the “Third Party Software”). Third Party Software shall be deemed part of the Software for all intents and purposes of this License Agreement; provided, however, that in the event that a Third Party Software is a software for which the source code is made available under an open source software license agreement, then, to the extent there is any discrepancy or inconsistency between the terms of this License Agreement and the terms of any such open source license agreement (including, for example, license rights in the open source license agreement that are broader than the license rights set forth in Section 1 above and/or no limitation in the open source license agreement on the actions set forth in Section 6 above), the terms of any such open source license agreement will govern and prevail. The terms of open source license agreements and copyright notices under which Third Party Software is being licensed to Radware or a link thereto, are included with the Software documentation or in the header or readme files of the Software. Third Party licensors and suppliers retain all right, title and interest in and to the Third Party Software and all copies thereof, including all copyright and other intellectual property associated therewith. In addition to the use limitations applicable to Third Party Software pursuant to Section 6 above, you agree and undertake not to use the Third Party Software as a general SQL server, as a stand-alone application or with applications other than the Software under this License Agreement.

11. Term and Termination. This License Agreement is effective upon the first to occur of your opening the package of the Product, purchasing, downloading, installing, copying or using the Software or any portion thereof, and shall continue until terminated. However, sections 5-15 shall survive any termination of this License Agreement. The Licenses granted under this License Agreement are not transferable and will terminate upon: (i) termination of this License Agreement, or (ii) transfer of the Software, or (iii) in the event the Software is provided as an embedded or bundled component of another Radware Product, when the Software is unbundled from such Product or otherwise used other than as part of such Product. If the Software is licensed on subscription basis, this Agreement will automatically terminate upon the termination of your subscription period if it is not extended.

12. Export. The Software or any part thereof may be subject to export or import controls under applicable export/import control laws and regulations including such laws and regulations of the United States and/or Israel. You agree to comply with such laws and regulations, and, agree not to knowingly export, re-export, import or re-import, or transfer products without first obtaining all required Government authorizations or licenses therefor. Furthermore, You hereby covenant and agree to ensure that your use of the Software is in compliance with all other foreign, federal, state, and local laws and regulations, including without limitation all laws and regulations relating to privacy rights, and data protection. You shall have in place a privacy policy and obtain all of the permissions, authorizations and consents required by applicable law for use of cookies and processing of users' data (including without limitation pursuant to Directives 95/46/EC, 2002/58/EC and 2009/136/EC of the EU if applicable) for the purpose of provision of any services.

13. US Government. To the extent you are the U.S. government or any agency or instrumentality thereof, you acknowledge and agree that the Software is a “commercial computer software” and “commercial computer software documentation” pursuant to applicable regulations and your use of the Software is subject to the terms of this License Agreement.

14. Federal Acquisition Regulation (FAR)/Data Rights Notice. Radware's commercial computer software is created solely at private expense and is subject to Radware's commercial license rights.




15. Governing Law. This License Agreement shall be construed and governed in accordance with the laws of the State of Israel.

16. Miscellaneous. If a judicial determination is made that any of the provisions contained in this License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or provisions shall be rendered void or invalid only to the extent that such judicial determination finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder of this License Agreement shall remain operative and in full force and effect. In any event a party breaches or threatens to commit a breach of this License Agreement, the other party will, in addition to any other remedies available to, be entitled to injunction relief. This License Agreement constitutes the entire agreement between the parties hereto and supersedes all prior agreements between the parties hereto with respect to the subject matter hereof. The failure of any party hereto to require the performance of any provisions of this License Agreement shall in no manner affect the right to enforce the same. No waiver by any party hereto of any provisions or of any breach of any provisions of this License Agreement shall be deemed or construed either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of any other provision or breach of any other provision of this License Agreement.

IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE YOU MUST REMOVE THE SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMEDIATELY CEASE USING THE SOFTWARE. COPYRIGHT © 2018, Radware Ltd. All Rights Reserved.

APSolute Vision - USER GUIDE - Check Point Software

Documents

Transcript of APSolute Vision - USER GUIDE - Check Point Software