Amer-networks E5Web GUI Manual de usuario Pagina 539
- Pagina / 777
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
HTTP authentication cannot operate unless a rule is added to the IP rule set to explicitly allow
authentication to take place. This is also true with HTTPS.
If we consider the example of a number of clients on the local network lan_net who would like
access to the public Internet through the wan interface then the IP rule set would contain the
following rules:
# Action Src Interface Src Network Dest Interface Dest Network Service
1 Allow lan lan_net core lan_ip http-all
2 NAT lan trusted_users wan all-nets http-all
3 NAT lan lan_net wan all-nets dns-all
The first rule allows the authentication process to take place and assumes the client is trying to
access the lan_ip IP address, which is the IP address of the interface on the Clavister Security
Gateway where the local network connects.
The second rule allows normal surfing activity but we cannot just use lan_net as the source
network since the rule would trigger for any unauthenticated client from that network. Instead,
the source network is an administrator defined IP object called trusted_users which is the same
network as lan_net but has additionally either the Authentication option No Defined
Credentials enabled or has an Authentication Group assigned to it (which is the same group as
that assigned to the users).
The third rule allows DNS lookup of URLs.
Note
Do not modify the default http-all service in the IP rules above. This can cause
authentication to fail.
Forcing Users to a Login Page
With this setup, when users that are not authenticated try to surf to any IP except lan_ip they will
fall through the rules and their packets will be dropped. To always have these users come to the
authentication page, a SAT rule and its associated Allow rule must be added. The rule set will now
look like this:
# Action Src Interface Src Network Dest Interface Dest Network Service
1 Allow lan lan_net core lan_ip http-all
2 NAT lan trusted_users wan all-nets http-all
3 NAT lan lan_net wan all-nets dns-all
4 SAT lan lan_net wan all-nets
all-to-one
127.0.0.1
http-all
5 Allow lan lan_net wan all-nets http-all
The SAT rule catches all unauthenticated requests and must be set up with an all-to-one address
mapping that directs them to the address 127.0.0.1 which corresponds to core (cOS Core itself).
Example 8.3. User Authentication Setup for Web Access
The configurations below shows how to enable HTTP user authentication for the user group
lan_group on lan_net. Only users that belong to the group users can get Web browsing service
Chapter 8: User Authentication
539
- Clavister cOS Core 1
- Administration Guide 1
- Table of Contents 3
- List of Figures 9
- List of Examples 11
- Intended Audience 14
- Screenshots 14
- Examples 14
- Highlighted Content 15
- Important 16
- Chapter 1: cOS Core Overview 17
- 1.2. cOS Core Architecture 22
- 1.2.3. Basic Packet Flow 23
- Note: Additional actions 24
- Apply Rules 29
- 2.1. Managing cOS Core 31
- Remote Management Policies 32
- 2.1.3. The Web Interface 33
- Lynx X8 G1 34
- Eagle E5/E7 gesw 34
- Wolf W3/W5 M1 34
- Virtual Series If1 34
- Multi-language Support 35
- The Web Browser Interface 35
- Interface Layout 36
- Using CA Signed Certificates 37
- HTTPSCertificate=HostA 38
- 2.1.4. The CLI 39
- Tip: Getting help about help 40
- Tab Completion 41
- Appending Property Values 42
- Object Categories 42
- Selecting Object Categories 43
- Inserting into Rule Lists 43
- Referencing by Name 43
- Using Unique Names 44
- Using Hostnames in the CLI 44
- InControl Domains 44
- Serial Console CLI Access 44
- Device:/> shutdown 45
- SSH (Secure Shell) CLI Access 46
- Logging on to the CLI 46
- Changing the CLI Prompt 47
- Device:/> commit 48
- Device:/> reconf 48
- Logging off from the CLI 49
- 2.1.5. CLI Scripts 50
- Executing Scripts 51
- Script Variables 51
- Error Handling 52
- Script Output 52
- Saving Scripts 52
- Removing Scripts 53
- Listing Scripts 53
- 2.1.6. Secure Copy 55
- 2.1.7. The Console Boot Menu 57
- The Reset Menu 58
- Device:/> activate 61
- IP=192.168.1.2 62
- Changing a Remote Access Rule 63
- Object Organization 67
- Listing Modified Objects 71
- 2.2. Events and Logging 73
- 2.2.3. Creating Log Receivers 74
- Memory for Logging is Limited 75
- Memlog Timestamps 75
- Disabling Memory Logging 75
- Message Format 75
- RFC 5424 Compliance 77
- Setting the Hostname 77
- The Severity Filter 78
- Log Message Exceptions 78
- 2.2.8. SNMP Traps 79
- 2.2.9. Advanced Log Settings 80
- 2.3. RADIUS Accounting 82
- STOP Message Parameters 83
- Messages are Snapshots 84
- Message Frequency 84
- Source IP Selection 85
- Further RADIUS Considerations 85
- Special Accounting Events 86
- 2.3.9. Limitations with NAT 87
- Maximum Radius Contexts 88
- 2.4. Monitoring 89
- TCP Buffer Statistics 90
- Rule Usage Statistics 90
- Interface/VLAN/VPN Statistics 90
- Pipe Statistics 91
- DHCP Server Statistics 91
- DHCP Relay Statistics 92
- General ALG Statistics 92
- SMTP ALG DNSBL Statistics 92
- Link Monitor Statistics 93
- Packet Reassembly Statistics 93
- IP Pools Statistics 93
- 2.4.3. The Link Monitor 94
- Link Monitor Actions 95
- Monitoring Multiple Hosts 95
- Link Monitor Uses 95
- IPsec Tunnels and HA Clusters 96
- 2.4.4. SNMP Monitoring 98
- The Community String 99
- Enabling an IP Rule for SNMP 99
- Remote Access Encryption 99
- Preventing SNMP Overload 99
- SNMP Advanced Settings 100
- SNMP Before RulesLimit 100
- SNMP Request Limit 100
- System Contact 100
- System Name 100
- 2.4.5. Hardware Monitoring 101
- Using the hwm CLI Command 102
- Note: Values for the W5 PSUs 104
- 2.5. Diagnostic Tools 106
- A Simple Example 107
- Re-using Capture Files 108
- Filter Expressions 108
- Downloading the Output File 108
- Combining Filters 109
- Compatibility with Wireshark 109
- Preparing Hardware 109
- Throughput Testing 110
- The -burnin Option 110
- 2.6. Maintenance 112
- The Upgrade Procedure 113
- 2.6.2. Auto-Update Mechanism 114
- Version Compatibility 115
- Operation Interruption 116
- Backup and Restore using SCP 116
- Device:/> reset -unit 117
- End of Life Procedures 118
- Checking Ethernet Interfaces 119
- Automatic Reconfiguration 119
- Forcing the Choice of Driver 119
- 2.7. Licensing 121
- Device:/> shutdown -reboot 122
- Lockdown Mode 123
- Causes of Lockdown Mode 123
- Ending Lockdown Mode 123
- SCP License Uploading 124
- Replacing Licenses 124
- Replacing Hardware 124
- HA Cluster Licensing 125
- Licensing with VMware 125
- Chapter 3: Fundamentals 127
- 3.1.2. IP Addresses 128
- 3.1.3. Ethernet Addresses 130
- 3.1.4. Address Groups 131
- 3.1.6. Address Book Folders 132
- 3.2. IPv6 Support 134
- EnableIPv6=Yes 136
- IPv6IP=wan_ip6 136
- IPv6Network=wan_net6 136
- The all-nets6 Address Object 137
- IPv6 Neighbor Discovery 138
- Proxy Neighbor Discovery 138
- IPv6 Usage Restrictions 140
- IPv6 and High Availability 140
- IPv6 and Transparent Mode 140
- 3.3. Services 143
- TCP and UDP Based Services 145
- UDP Orientated Applications 145
- Specifying Port Numbers 145
- Tip: Specifying source ports 146
- Specifying All Services 147
- 3.3.3. ICMP Services 148
- ICMP Message Types 149
- 3.3.5. Service Groups 150
- 3.4. Interfaces 152
- Interfaces have Unique Names 153
- 3.4.2. Ethernet Interfaces 154
- Note: Interface naming 155
- Address=10.1.1.2 159
- Showing Assigned Interfaces 160
- Setting Interface Addresses 161
- Enabling DHCP 161
- Ethernet Device Commands 161
- DHCP Settings 162
- DHCP_AllowGlobalBcast 162
- DHCP_DisableArpOnOffer 162
- DHCP_UseLinkLocalIP 162
- DHCP_ValidateBcast 162
- 3.4.3. Link Aggregation 165
- Distribution Methods 166
- Physical Switch Connections 166
- Setup with High Availability 167
- Setting the MTU Value 167
- 3.4.4. VLAN 168
- Port Based VLAN 170
- 3.4.5. PPPoE 171
- The PPP Protocol 172
- PPP Authentication 172
- PPPoE Client Configuration 172
- IP address information 172
- Dial-on-demand 173
- Unnumbered PPPoE 173
- PPPoE cannot be used with HA 173
- User authentication 173
- 3.4.6. GRE Tunnels 174
- GRE Security and Performance 175
- Setting Up GRE 175
- GRE and the IP Rule Set 176
- An Example GRE Scenario 176
- 3.4.7. Loopback Interfaces 178
- 3.4.8. Interface Groups 182
- Members=exampleIf1,exampleIf2 183
- 3.5. ARP 184
- The Expires Column 185
- Flushing the ARP Cache 185
- 3.5.3. ARP Publish 186
- ARP Object Properties 187
- Static Mode ARP Objects 187
- Publish and XPublish Modes 187
- ARP and Neighbor Discovery 188
- Multicast and Broadcast 189
- Unsolicited ARP Replies 189
- ARP Requests 190
- Changes to the ARP Cache 190
- Sender IP 0.0.0.0 190
- Matching Ethernet Addresses 190
- 3.6. IP Rules and IP Policies 191
- The Default main IP Rule Set 192
- Creating a Drop All Rule 193
- 3.6.2. IP Rule Set Evaluation 194
- 3.6.3. IP Rule Actions 195
- Bi-directional Connections 196
- 3.6.4. Multiple IP Rule Sets 197
- Loop Avoidance 198
- A Usage Example 198
- The main IP rule set 198
- The ExtraRules IP rule set 198
- 3.6.5. IP Rule Set Folders 199
- Object Groups and the CLI 201
- Editing Group Properties 202
- Adding Additional Objects 203
- Adding Preceding Objects 203
- 3.6.7. IP Policies 204
- Creating IP Policies 205
- 3.6.8. Application Control 207
- Enabling Application Control 208
- Using an Application Rule Set 209
- Application Content Control 212
- Extended Logging 214
- Data Leakage Can Occur 215
- Managing Filters 216
- Selecting All Signatures 217
- Signature Inheritance 217
- Risk Guidelines 217
- Application Control Licensing 218
- 3.7. Schedules 219
- 3.8. Certificates 222
- The Type Property 223
- The NoCRLs Property 223
- Certificates with VPN Tunnels 224
- Certificate Authorities 224
- Certificate Chains 224
- Validity Time 224
- Trusting Certificates 225
- 3.8.2. Uploading Certificates 226
- Graphical Interface Uploading 227
- Uploading Remote Certificates 227
- Using Uploaded Certificates 228
- 3.9. Date and Time 229
- Time Zones 230
- Daylight Saving Time 230
- 3.9.3. Time Servers 231
- Configuring Time Servers 232
- Maximum Time Adjustment 233
- 3.10. DNS 236
- DNS Lookup and IP Rules 237
- Dynamic DNS and HTTP Poster 237
- HTTP Poster Has Other Uses 238
- 3.11. Internet Access Setup 239
- 3.11.2. DHCP Setup 240
- 3.11.4. Creating a Route 242
- 3.11.6. Defining DNS Servers 245
- Device:/> dhcp -show wan 246
- 3.12. ICMP Ping 247
- Using the -verbose Option 248
- Specifying the Source IP 249
- Combining -srcif with -srcip 250
- Ping with IPv6 250
- Chapter 4: Routing 252
- 4.2. Static Routing 253
- A Typical Routing Scenario 254
- 1 lan 192.168.0.0/24 255
- 2 dmz 10.4.0.0/16 255
- 3 wan 195.66.77.0/24 255
- 4 wan all-nets 195.66.77.4 255
- 4.2.2. Static Routing 257
- Displaying Routing Tables 259
- The all-nets Route 260
- Routes to the Core Interface 261
- 1 core 192.168.0.10 262
- 2 core 193.55.66.77 262
- 1 core 224.0.0.0/4 262
- Setting the Route Metric 264
- Multiple Failover Routes 264
- Failover Processing 264
- Re-enabling Routes 265
- Route Interface Grouping 265
- Gratuitous ARP Generation 266
- Overview 266
- Enabling Host Monitoring 266
- Specifying Hosts 267
- HTTP Parameters 268
- Iface poll interval 268
- 4.2.6. Proxy ARP 269
- A Typical Scenario 270
- Setting Up Proxy ARP 270
- Automatically Added Routes 271
- 4.3. Policy-based Routing 272
- Routing Tables 273
- Routing Rules 274
- The Ordering parameter 277
- 4.4. Route Load Balancing 280
- RLB Resets 283
- RLB Limitations 283
- An RLB Scenario 283
- RLB with VPN 286
- 4.5. Virtual Routing 288
- Reusing Private IP Addresses 289
- VPN Tunnels are Interfaces 289
- Using Loopback Interfaces 289
- Routing Table pbr1 290
- Routing Table pbr2 290
- Routing Table main 292
- Routing Table vs1 292
- Routing Table vs2 292
- Ethernet Interfaces 292
- Loopback Interfaces 292
- Interface Groups 293
- IP Rules 293
- 4.5.5. Multiple IP rule sets 294
- 4.5.6. Trouble Shooting 294
- 4.6. OSPF 296
- The OSPF Solution 297
- A Simple OSPF Scenario 297
- A Look at Routing Metrics 298
- 4.6.2. OSPF Concepts 299
- OSPF Areas 300
- OSPF Area Components 300
- The Designated Router 300
- Neighbors 301
- Aggregates 301
- Virtual Links 301
- Using OSPF with cOS Core 303
- 4.6.3. OSPF Components 304
- Authentication 305
- 4.6.3.2. OSPF Area 306
- 4.6.3.3. OSPF Interface 307
- 4.6.3.4. OSPF Neighbors 309
- 4.6.3.5. OSPF Aggregates 309
- 4.6.4. Dynamic Routing Rules 310
- Usage with OSPF 311
- Specifying a Filter 311
- When to Use Export Rules 311
- Dynamic Routing Rule Objects 311
- 4.6.4.2. Dynamic Routing Rule 312
- 4.6.5. Setting Up OSPF 313
- Confirming OSPF Deployment 316
- 4.6.6. An OSPF Example 318
- Device:/as_0> cc area_0 320
- Device:/as_0/area_0> cc 320
- Device:/> 320
- 4.6.7. OSPF Troubleshooting 323
- The OSPF CLI command 325
- 4.7. Multicast Routing 326
- 4.7.3. IGMP Configuration 332
- 4.7.4. Advanced IGMP Settings 337
- IGMP Query Response Interval 339
- IGMP Robustness Variable 339
- IGMP Startup Query Count 339
- IGMP Startup Query Interval 339
- Enabling Transparent Mode 342
- Transparent Mode with VLANs 344
- Transparent Mode with DHCP 344
- Non-switch if1 all-nets gw-ip 345
- Scenario 1 347
- Scenario 2 349
- 4.8.5. MPLS Pass Through 354
- Note: Optimal ATS handling 356
- Relay Spanning-tree BPDUs 357
- Relay MPLS 357
- Chapter 5: DHCP Services 359
- 5.2. cOS Core DHCP Servers 361
- IPv4 DHCP Options 362
- DHCP Server Advanced Settings 362
- The DHCP Server Blacklist 364
- Additional Server Settings 364
- 5.2.1. Static IPv4 DHCP Hosts 365
- 5.2.2. Custom IPv4 Options 366
- 5.3. IPv4 DHCP Relay 368
- Max Transactions 369
- 5.4. IP Pools 371
- Advanced IP Pool Options 372
- Listing IP Pool Status 372
- DHCPServerType=ServerIP 373
- ServerIP=ippool_dhcp 373
- PrefetchLeases=10 373
- 5.5. DHCPv6 Servers 374
- DHCPv6 Server Setup 375
- Static DHCPv6 Hosts 378
- 6.1. Access Rules 380
- 6.1.2. IP Spoofing 381
- 6.1.3. Access Rule Settings 381
- Note: Enabling logging 382
- 6.2. ALGs 384
- 6.2.2. The HTTP ALG 385
- 6.2.3. The FTP ALG 388
- FTP Connections 389
- FTP Connection Modes 389
- The cOS Core ALG Solution 389
- Hybrid Mode 390
- Predefined FTP ALGs 391
- FTP ALG Command Restrictions 391
- Control Channel Restrictions 391
- Filetype Checking 392
- Anti-Virus Scanning 392
- 6.2.4. The TFTP ALG 398
- 6.2.5. The SMTP ALG 399
- Enhanced SMTP and Extensions 401
- 6.2.5.1. Anti-Spam Filtering 402
- Creating a DNSBL Consensus 403
- Tagging Spam 404
- Adding X-Spam Information 404
- Verifying the Sender Email 405
- Setup Summary 405
- Real-time Monitoring 406
- The dnsbl CLI Command 407
- 6.2.6. The POP3 ALG 408
- 6.2.7. The PPTP ALG 408
- PPTP ALG Setup 409
- 6.2.8. The SIP ALG 410
- Traffic Shaping with SIP 411
- SIP Components 411
- SIP Media-related Protocols 412
- SIP ALG Options 412
- IP Rules for Media Data 413
- SIP and Virtual Routing 413
- SIP Usage Scenarios 413
- Scenario 3 419
- 6.2.9. The H.323 ALG 423
- H.323 ALG features 424
- H.323 ALG Configuration 424
- 6.2.10. The TLS ALG 439
- Enabling TLS 440
- URLs Delivered by Servers 441
- 6.3. Web Content Filtering 443
- RemoveActiveX=Yes 444
- RemoveApplets=Yes 444
- Wildcarding 445
- URL=www.Clavister.com/*.exe 446
- Action=Whitelist 446
- 6.3.4.1. Overview 447
- Dynamic WCF Databases 448
- Dynamic WCF Processing Flow 448
- Dynamic WCF and Whitelisting 449
- Tip: Using a schedule 450
- DestinationPorts=80 451
- ALG=content_filtering 451
- Audit Mode 452
- Allowing Override 453
- AllowReclassification=Yes 454
- Event Messages 455
- Category 1: Adult Content 455
- Category 2: News 455
- Category 29: Computing/IT 459
- Category 31: Spam 459
- Category 32: Non-Managed 459
- Available Banner Files 459
- HTML Page Parameters 460
- Customizing Banner Files 460
- Tip: Saving changes 461
- 6.4. Anti-Virus Scanning 462
- Types of Data Scanned 463
- Simultaneous Scans 463
- Protocol Specific behavior 464
- Relationship with IDP 464
- The Signature Database 464
- Database Updates 464
- 6.4.4. Anti-Virus Options 466
- 3. Compression Ratio Limit 467
- Verifying the MIME Type 467
- 6.5.1. Overview 469
- Automatic Updating 470
- 6.5.3. IDP Rules 471
- HTTP Normalization 472
- Initial Packet Processing 473
- Insertion Attacks 473
- 6.5.5. IDP Pattern Matching 474
- 6.5.6. IDP Signature Groups 475
- Listing of IDP Groups 476
- Processing Multiple Actions 476
- IDP Signature Wildcarding 476
- 6.5.7. Setting Up IDP 477
- Using Individual Signatures 479
- IDP Traffic Shaping 479
- IDP Database Updating 480
- 6.6.1. Overview 481
- 6.6.2. DoS Attack Mechanisms 481
- 6.6.3. Ping of Death Attacks 481
- 6.6.6. The WinNuke attack 482
- 6.6.7. Amplification Attacks 483
- 6.6.8. TCP SYN Flood Attacks 484
- 6.6.9. The Jolt2 Attack 484
- Blacklisting Options 486
- Whitelisting 486
- The CLI blacklist Command 487
- 7.1. Overview 489
- 7.2. NAT 491
- Applying NAT Translation 492
- Protocols Handled by NAT 495
- 7.3. NAT Pools 498
- Stateless NAT Pools 499
- Fixed NAT Pools 499
- IP Pool Usage 499
- Proxy ARP Usage 499
- Using NAT Pools 499
- 7.4. SAT 502
- SAT IP Rule Properties 503
- The Role of a DMZ 504
- 194.1.2.20 512
- 194.1.2.30 512
- 7.4.5. Port Translation 514
- 7.4.6. SAT with FwdFast Rules 515
- 8.1. Overview 520
- 8.2. Authentication Setup 522
- PPTP/L2TP Configuration 523
- Specifying an SSH Public Key 524
- RADIUS Usage with cOS Core 525
- RADIUS Security 526
- The Primary Retry Interval 526
- Setting the Source IP 526
- Support for Groups 526
- 8.2.4. External LDAP Servers 527
- LDAP Issues 528
- Defining an LDAP Server 528
- LDAP Attributes 528
- General Settings 528
- Database Settings 530
- Optional Settings 531
- Bind Request Authentication 532
- LDAP Server Responses 532
- Usernames may need the Domain 532
- LDAP Authentication and PPP 533
- 8.2.5. Authentication Rules 535
- Connection Timeouts 536
- Multiple Logins 537
- 8.2.7. HTTP Authentication 538
- Forcing Users to a Login Page 539
- 8.3. ARP Authentication 542
- 00-0c-19-f9-14-6f 543
- HTTP Banner Files 544
- Uploading with SCP 546
- 8.6. User Identity Awareness 550
- Setting Up Identity Awareness 551
- Device:/> authagent 555
- Device:/> userauth -list 555
- Device:/> authagentsnoop 555
- Processing Sequence 556
- 8.8. Radius Relay 558
- Chapter 9: VPN 565
- 9.1.2. VPN Encryption 566
- 9.1.3. VPN Planning 567
- 9.1.4. Key Distribution 567
- 9.2. VPN Quick Start 569
- Interface Network Gateway 571
- Configuring IPsec Clients 574
- 9.2.7. PPTP Roaming Clients 578
- 9.2.8. iOS Setup 579
- 9.3. IPsec Components 581
- IKE Negotiation 582
- IKE and IPsec Lifetimes 582
- Lifetime Recommendations 582
- IKE Algorithm Proposals 582
- IPsec Tunnel Properties 583
- 9.3.3. IKE Authentication 587
- Disadvantages of Certificates 589
- AH (Authentication Header) 589
- 9.3.5. NAT Traversal 590
- UDP Encapsulation 591
- NAT Traversal Configuration 591
- 9.3.7. Pre-shared Keys 593
- 9.3.8. Identification Lists 594
- 9.4. IPsec Tunnels 597
- Returning Traffic 598
- Dead Peer Detection 598
- Using Autoestablish 599
- IPsec Tunnel Quick Start 599
- 9.4.3. Roaming Clients 600
- Using Config Mode 604
- IP Validation 606
- Local Gateway 606
- VPN Tunnel Negotiation 607
- Using ikesnoop 607
- The Client and the Server 608
- Explanation of Values 609
- Explanation of Above Values 612
- Step 6. Server ID Response 612
- IPsec Max Rules 614
- IPsec Cert Cache Max Certs 616
- IPsec Gateway Name Cache Time 616
- Enable AES-NI acceleration 616
- IPsec Hardware Acceleration 616
- DPD Metric 617
- DPD Keep Time 617
- DPD Expire Time 617
- Default: 15 seconds 618
- 9.5. PPTP/L2TP 619
- Troubleshooting PPTP 620
- 9.5.2. L2TP Servers 621
- L2TP Before Rules 626
- 9.5.4. PPTP/L2TP Clients 627
- 9.5.5. L2TP Version 3 628
- 9.5.5.1. L2TPv3 Server 629
- Using IPsec for Encryption 631
- Setup With VLANs 632
- IP=If3_ip 633
- LocalNetwork=If3 633
- Interface=If2 633
- ServerIP=If2_ip 633
- 9.6. SSL VPN 636
- SSL VPN with PPPoE 637
- Custom Server Connection 641
- Client Transfer Statistics 641
- SSL VPN Client Operation 642
- Client Cleanup 642
- 9.6.4. SSL VPN Setup Example 643
- 9.7. CA Server Access 646
- CA Server Access by Clients 647
- Turning Off validation 648
- 9.8. VPN Troubleshooting 649
- The ipsecstat console command 650
- The ikesnoop console command 651
- 2. Incorrect pre-shared key 652
- 4. Payload_Malformed 653
- 5. No public key found 653
- 9.8.6. Specific Symptoms 654
- 10.1. Traffic Shaping 657
- The Traffic Shaping Solution 658
- Traffic Shaping Objectives 658
- Pipe Rules 659
- Pipe Rule Chains 659
- The Incorrect Solution 664
- The Correct Solution 664
- 10.1.6. Precedences 665
- Tip: Specifying bandwidth 667
- Lowest Precedence Limits 668
- Applying Precedences 668
- The Need for Guarantees 668
- Differentiated Guarantees 669
- 10.1.7. Pipe Groups 670
- Another Simple Groups Example 671
- Dynamic Balancing 672
- VPN Pipe Limits 673
- Relying on the Group Limit 673
- Attacks on Bandwidth 674
- Watching for Leaks 674
- Troubleshooting 674
- 10.1.10. More Pipe Examples 675
- Using Several Precedences 676
- Pipe Chaining 676
- A VPN Scenario 677
- SAT with Pipes 678
- 10.2. IDP Traffic Shaping 679
- 10.2.3. Processing Flow 680
- 10.2.5. A P2P Scenario 681
- Viewing Hosts 682
- Viewing Pipes 682
- 10.2.8. Logging 683
- 10.3. Threshold Rules 684
- Rule Actions 685
- Multiple Triggered Actions 685
- Exempted Connections 685
- Threshold Rule Blacklisting 685
- 10.4. Server Load Balancing 687
- SLB Deployment Considerations 688
- Identifying the Servers 688
- 10.4.3. Selecting Stickiness 689
- 10.4.5. SLB Server Monitoring 691
- Monitoring Methods 692
- Polling Options 692
- Chapter 11: High Availability 699
- Licensing 701
- 11.2. HA Mechanisms 702
- Failover Time 703
- Shared IP Addresses and ARP 703
- HA with Anti-Virus and IDP 703
- Dealing with Sync Failure 704
- 11.3. Setting Up HA 705
- Installing a New Master Unit 708
- Problem Diagnosis 711
- 11.4. HA Issues 712
- Both Units Going Active 714
- IPv6 Support 714
- 11.5. Upgrading an HA Cluster 715
- Device:/> ha -deactivate 716
- HA Was: ACTIVE 716
- HA going INACTIVE 716
- 11.6. Link Monitoring and HA 717
- 11.7. HA Advanced Settings 718
- Chapter 12: Advanced Settings 720
- 12.2. TCP Level Settings 724
- TCP Sequence Numbers 728
- Allow TCP Reopen 728
- 12.3. ICMP Level Settings 729
- 12.4. State Settings 730
- Log Connection Usage 731
- Dynamic Max Connections 731
- Max Connections 731
- Other Idle Lifetime 733
- 12.6. Length Limit Settings 734
- Default: Enabled 736
- 12.7. Fragmentation Settings 737
- Failed Fragment Reassembly 738
- Dropped Fragments 738
- Duplicate Fragments 738
- Fragmented ICMP 739
- Minimum Fragment Length 739
- Reassembly Timeout 739
- Max Reassembly Time Limit 739
- Reassembly Done Limit 739
- Reassembly Illegal Limit 740
- Max Concurrent 741
- Max Size 741
- Large Buffers 741
- 12.9. SSL Settings 742
- TLS RSA EXPORT NULL MD5 743
- 12.10. Miscellaneous Settings 744
- Default: 512 746
- Subscription renewal 748
- Database Console Commands 749
- Querying Server Status 750
- Deleting Local Databases 750
- Appendix D: The OSI Framework 759
- Open Source Code Requests 765
- Alphabetical Index 766
Relacionado con productos y manuales para Accesorios De Computador Amer-networks E5Web GUI
(134 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.051 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales