Fluke Recording Equipment manual Management Portal Access Control Parameters, Secret, Null

Page 54

User’s Guide – version 3.1.3

NetFlow Tracker

Management Portal Access Control Parameters

NetFlow Tracker allows management portals to set up restricted access to the system for multiple users. So long as it is possible to conceal the initial URL sent to NetFlow Tracker it is possible for the user to fully interact with the resulting report while being prevented from accessing certain data.

Portal access requires that the restricted users can only access NetFlow Tracker via the portal’s proxy server. You can use your firewall to hide the NetFlow Tracker server from the Internet, or you can simply configure password protection. The management portal must also be registered with NetFlow Tracker using the Management Portal Settings page.

Access restrictions are set up by including the management portal’s secret value in the URL along with a set of allowed devices, interfaces, reports, filters and interactive features. If no restrictions of a particular type are set, then all elements of that type are allowed, with the exception that if no device restrictions are set they are implied from the interface restrictions. Since this URL contains the management portal’s secret value, it is important that it is not visible to the user; most management portals have a way to provide access through their proxy while concealing the actual URL being sent to the underlying server.

Note that requests from a management portal are authenticated automatically so a username and password does not need to be included in the URL.

When NetFlow Tracker creates a report in response to a request from a management portal, any interaction with that report will cause a cryptographically secure identifier to be included in the URL sent to the server. If a request from a management portal contains neither the correct secret value nor a valid identifier, or attempts to access a resource forbidden by the access restrictions originally supplied by the management portal, it will be rejected.

portalsecret – specifies the secret value assigned to the management portal in Management Portal Settings.

<secret>

The secret value

acldevice – specifies the address of a permitted NetFlow-exporting device. Format as for device above.

aclif – specifies a permitted interface. Format as for inif above.

aclvpn – specifies a permitted VPN. Format as for invpn above.

acltemplid – specifies a permitted report template.

null

No report templates are permitted

<id>

A permitted report template; see templid in Report Format

 

Parameters above for permitted values

54

Page 53 Page 55
Image 54
Page 53 Page 55
Contents NetFlow Tracker Software License Agreement Grant of Licence and Payment of FeesCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Undertakings by You Support ServicesSupport Charges Supplier’s UndertakingsLimitation of Liability and indemnity Intellectual Property RightsTermination Confidential Information and Security MiscellaneousExceptions to Support Services Support HoursResponse Times Contents LONG-TERM Reports Appendix 2 CSV File Format Features and Benefits What is NetFlow?What is NetFlow Tracker? IntroductionUser’s Guide version NetFlow Tracker Minimum System Requirements InstallationPre-installation Checks Operating System SupportInstallation on Microsoft Windows Installation on Solaris and Linux Post-installation Tasks Configure your routers and switches Set up Snmp community stringsSet up web front-end security Add listener portsUsing NetFlow Tracker Device traffic meters InterfacesChart legend Working with ChartsChanging the displayed chart Per-AS dataZooming View a standard chart as a pie chartView a standard chart as a tabular report Zooming outWorking with Pie Charts Working with Tabular Reports User’s Guide version NetFlow Tracker Report Templates Address ReportsSession Reports QoS Reports Network ReportsInterface Reports Other Reports Creating Filtered ReportsTraffic Identification Reports Report TemplateStart Time Sample SizeSource Data End TimeVPN Out InterfaceIn/Out Interface Out VPNToS Recognised ApplicationIdentified Application DiffServSource Mask Destination SubnetSource/Destination Subnet Destination MaskPer-device and Per-interface Long-term Reports Long-term ReportsDevices and Interfaces Filter EditorUser’s Guide version NetFlow Tracker Executive Reports Report URL Format General FormReport Format Parameters 0024 Chart0023 0025False NumberTrue Heading128 FeaturesSections 256Time Range Parameters Week HourDay MonCalendar-based advanced HHmm Applying a time-of-day mask to the time rangeDay1-day2/time1-time2 100 110105 113140 115120 125Minute 285300 DailyFilter Parameters Name Port/namePort/number Prec Tos Prec%20tos Code ByteAddr/mask Password PasswordSecurity Parameters Management Portal Access Control Parameters SecretNull Aclid specifies a permitted long-term report Features Disk Speed Performance TuningDatabase Server Settings Query SizeLicensing Configuration GuideSnmp Settings Listener PortsDevice Settings Device SettingsDevice List Archiving Traffic ClassesIdentified Applications Security Settings VPNsDeleting a Device Management Portal Settings Report Settings Saved Filters Long-term ReportsExecutive Reports Span class=repdesctextTest/span Nelements=5 and chartWidth=400 ContentSub-reports User’s Guide version NetFlow Tracker Hostname Resolution Settings IP Application NamesDiffServ Names Database Settings AS NamesSubnet Names User’s Guide version NetFlow Tracker Backup ArchivingMemory Settings Performance CountersMissed Flows Unprocessed FlowsetsInterface Scans Missed ExportsIp cef Appendix 1 Device ConfigurationEnabling Netflow Export on an IOS Device Ip flow-export destination addressShow ip flow export Ip flow-cache timeout activeIp flow-cache timeout inactive Show ip cache flow Show ip cache verbose flowMls nde sender version Ip route-cache flow infer-fieldsMls netflow Mls aging longUser’s Guide version NetFlow Tracker Set system name name Set mls bridged-flow-statistics enable vlanlistSet mls nde enable Set mls nde addressFlow-sampler-map allflows mode random one-out-of 1 exit Enabling Flow Detail Records on a Packeteer DeviceEnabling NetFlow on an Enterasys Device Using sflowtool to Convert sFlow Records to NetFlow AddressChart CSV format Appendix 2 CSV File FormatTabular report CSV format Appendix 3 Third Party Software Components
Top Page Image Contents