Manuals / Force10 Networks / Computer Equipment / Network Card

Force10 Networks 100-00055-01 Getting Started, Returning to the Default Configuration, Chapter

Models: 100-00055-01

1 132

Download 132 pages 61.04 Kb

Page 15

Getting Started

Chapter 2	Getting Started

To begin inspecting and filtering traffic you must:

1.Select firmware and dynamic rules

2.Set capture/forward policies

3.Check for proper operation by generating traffic across the appliance.

Step Task

1As root, enter the command pnic gui from the Unix command line to invoke a graphical user interface (GUI).

2Enter the command m from the GUI command line.

3Select Manage Firmware from the Rule Management GUI, then select “null” firmware and confirm. The sample firmware and rules files are testing examples only. Force 10 recommends not employing the sample firmware for production IDS/IPS use.

4Select Edit Rules from the Rule Management GUI.

5Uncomment the rule alert on all icmp any any -> any any (msg:"@icmp";) by removing the # symbol before the rule.

•Enter the command i to enter insert mode.

•Navigate to the character using the arrow keys, and delete the character.

6Enter the command :wq to exit the vi editor, and confirm your changes.

7Confirm to reload the Forward/Block settings.

8Run a packet sniffer such as tcpdump on the network interface associated with the appliance.

9Generate some ICMP traffic to be exchanged between endpoints.

•Endpoints are two network nodes on opposite sides of the appliance such that traffic between those nodes passes through the appliance.

•For example, enter ping destaddress, where destaddress is the IP address of the endpoint on the opposite end of the appliance.

10If you are using tcpdump, enter the command tcpdump -i pnic0 -nfrom the Unix command line.

•This prints to standard output all of the packets captured by the DPI.

•If the appliance is operating correctly, you will see the ICMP packets.

Returning to the Default Configuration

Return to the factory default settings using the command pnic resetconf. See the Command Line Reference, on page 79.

P-Series Installation and Operation Guide, version 2.3.1.2

15

Image 15

Force10 Networks 100-00055-01 manual Getting Started, Returning to the Default Configuration, Chapter

Contents

P-Series Installation and Operation Guide VersionMay 27 USA Federal Communications Commission FCC Statement Copyright 2008 Force10 NetworksTrademarks Statement of ConditionsPreface ContentsContents InstallationWeb-based Management Command Line InterfaceGraphical User Interface ChapterWriting Rules Command Line ReferenceBasic Unix Commands Compiling RulesTechnical Support Appendix EGlossary Appendix FAudience PrefaceAbout this Guide ObjectivesP-Series Release Notes Information SymbolsRelated Documents Additional ResourcesChapter InstallationSystem Specifications Physical ConnectionsPB-10GE-2P Step Task Upgrading Software BootingConfiguration Security Checkscp username@serverabsolutepath mkdir ~/upgradedirectoryfilename ~/upgradedirectory cd upgradedirectorygmake install Commandcd upgradedirectory/pnic-compiler cd upgradedirectory/firmwareTo begin inspecting and filtering traffic you must Returning to the Default ConfigurationGetting Started ChapterGetting Started Introduction Hardware Architecture OverviewChapter Sample Rules and Firmware Types of RulesRule Management Deploying the P-SeriesFirewall Deployment” on page Optical Bypass 10-Gigabit Inline DeploymentFail-safe Deployment 10-Gigabit10-Gigabit Highly-available DeploymentPassive Deployment P1P0P-Series P10 Capturing Matched TrafficNetwork Switch with SPAN port Network Tap 10-Gigabit 10-GigabitCapturing to a Host CPU Traffic to Monitor Mirroring to Another DevicePB-10GE-2P M1 P1 P0 M0Chapter 4 Graphical User Interface Command Description GUI CommandsPNIC0 Not Active Managing Rules, Policies, and FirmwareTo manage firmware, see “Selecting Firmware with the GUI” on page Editing Dynamic Rules with the GUIdirectory see “Editing Dynamic Rules with the GUI” on page GUI” on pageManaging Capture/Forward Policies with the GUI To modify dynamic rulesTo change capture/forward policies Selecting Firmware with the GUI fn9000013fn9000014 Runtime Statistics Graphical User Interface Figure 19 Runtime Statistics for Channel 0 and 1-FPGA LoadedReloading Firmware Graphical User Interface Chapter 5 Web-based Management Launching the P-Series Node ManagerTo launch the P-Series Node Manager Web-based Management Figure 21 Lauching the P-Series Node ManagerManaging Firmware Images on page Managing the P-Series using Node ManagerWeb-browser Security Certificates Monitoring System Performance on pageMonitoring System Performance Managing the Network Interface Card Managing Firmware ImagesWeb-based Management Figure 25 P-Series Node Manager Card Management PanelManaging Policies Web-based Management Figure 26 P-Series Node Manager Policy Managment PanelSguil Client Chapter 6 Network Security MonitoringP-Series Sensors Sguil ServerHardware and Software Requirements Installing the Sguil SystemInstalling the Sguil Sensor Installing the Sguil ServerInstalling the Sguil Client Uninstalling the Sguil ServerWireshark # win32 example set TLSPATH c/progra~1/Tcl/lib/tls1.4.1/tls14.dll Installation FilesRunning the Sguil System Running the Sguil SensorWriting New Rules Running the Sguil Server To run the Sguil Client Running the Sguil Clientfn90027mp fn90028mpEditing Dynamic Rules with the CLI Chapter 7 Command Line InterfaceCLI Commands CLI commands are given in Command Line Reference on pageTo enable MAC rewriting In FigureRemoving VLAN Tags Command Line Interface Compiling Rules Compiling RulesCreating Rules Files Rules Capacity3 Match Fragmented IPv4 Packets or IPv4 Packets w/ Options Target DeviceMatch non-IP Traffic pagesee Figure 37 on page Segmentation Evasion Rulessee Figure 36 on page Maximum StringEnter command gmake from pnic-compiler directory Figure 36 pnic-Compiler Option P-Series Installation and Operation Guide, versionStarting and Stopping the pnic-Compiler Summary of configurationConfiguration and Generated Files which the .bit files in /usr/local/pnic/0 areto which the .mapping files in /usr/local/pnic Firmware Filenames Compiler ErrorsAction Writing RulesSnort Rule Syntax Snort Rule HeadersSource Addresses ProtocolDirection Operator PortsDestination Address and Port P-Series Rule SyntaxP-Series Supported Snort Keywords Snort Rule Optionsprotocol KeywordStatic DynamicStateful Matching Writing Stateful Rulesthen cpi Equation∧ si = si ⎬In Table Stateful Rule ExamplesSupport for Snorts flow Keyword Handling Segmentation EvasionThe meta.rules File Support for Snorts within Keyword Anomalous TCP Flags Writing Rules Firewall Deploying the P-Series as a FirewallChapter Figure 39 Enabling and Disabling Drop Mode Enabling the FirewallDrop mode Disabled Drop mode Enabled Verify Drop mode is EnabledWriting Rules for a Firewall Deployment Allowing Traffic through the Firewall#permit let through and do not log to the host pnic default-drop-disable on page pnic default-drop-enable on page Appendix A Command Line Referencepnic aggregate-mode-disable on page pnic aggregate-mode-enable on page pnic apply-firmware on pagepnic vlan-remove-enable on page pnic web-gui-start on page pnic aggregate-mode-disablepnic temp-mem-disable on page pnic temp-mem-enable on page pnic updatemacvalue on page pnic vlan-remove-disable on pagepnic apply-firmware pnic aggregate-mode-enableDisplay the available firmware Parameters Command History ExampleCommands pnic show-firmwaresSyntax Parameters Command History Example pnic capture-offpnic capture-on Enable the capturing of packets via direct memory accessCommands pnic cardstatusCommands Syntax Parameters Command History Examplepnic compilerules pnic default-drop-disableParameters Command History Example pnic default-drop-enableTemporary memory is disabled while the firewall is enabled pnic diagParameters Command History Example Usage InformationVersion PMAIN2.3.0.014 root@localhost SW# pnic flow-teardown-enable pnic flow-teardown-disablepnic flow-teardown-enable pnic flow-teardown-disablevalue for an IP address pairs pnic getmachashindexpnic updatemacvalue pnic guiEnable MAC rewriting Disable MAC rewritingpnic gui Command Example P-Series Installation and Operation Guide, versionExample output omitted pnic helpSyntax Command History Example pnic helpCommands pnic linkdownpnic linkup Syntax Parameters Command History ExampleSyntax Parameters Command History pnic loadconfParameters Command History Example CommandsCorresponding Parameter Addresspnic loadparams number pnic loadepromspnic loadparams deprecated pnic loadeproms numberCorresponding Parameter Addresspnic loadrules Command History Example Usage InformationSyntax Parameters pnic macrewrite-on pnic macrewrite-offSyntax pnic off pnic off deprecatedpnic on deprecated pnic on deprecatedUsage Information Related Commands Syntax Parameters Command History Examplepnic params pnic passive-mode-disableCommands pnic passive-mode-enablepnic passive-mode-enable CommandStop capturing and matching pnic resetconfpnic restart Syntax Parameters Command History ExampleSyntax Command History Example pnic sguil-sensor-startDisable the network interface Enable the network interfacepnic sguil-sensor-start -f Stop the Sguil sensor using the command pnic sguil-sensor-stopSyntax Parameters Command History Example Commandspnic sguil-sensor-start Start the Sguil sensor pnic sguil-sensor-stopSyntax Parameters Command History Example CommandsCommands pnic showconfpnic show-firmwares Syntax Parameters Command History ExampleSyntax Parameters Command History pnic showtechCommand History Example CommandsDisable the network interface using the command pnic stop pnic startLoad the capture/block configuration Load the runtime parameters Enable the network interfaceSyntax Parameters Command History Example pnic stopEnable the network interface Commandspnic temp-mem-enable pnic temp-mem-disableEnable MAC rewriting pnic updatemacvalueUse this command with the MAC rewrite feature pnic temp-mem-disablepnic vlan-remove-enable pnic vlan-remove-disablepnic vlan-remove-enable pnic vlan-remove-disableDisplay the driver version pnic versionpnic web-gui-start Disable the web server using the command pnic web-gui-stopCommand Enable the web server using the command pnic web-gui-startpnic web-gui-stop CommandsRelated Commandspnic web-gui-start ExampleAppendix A dsize number number Appendix BSnort Keywords ack numberKeyword Rule Syntax uricontent ! “datastring”Keyword DescriptionAppendix B Appendix C Meta and Evasion Rules meta RulesEvasion Rules Appendix C Description Appendix D Basic Unix CommandsUnix Commands Command? text vi CommandsCommand DescriptionGlossary Appendix EStatic Rules SnortSPAN Port StateManual Pages Accessing iSupport ServicesAppendix F Technical SupportContacting the Technical Assistance Center Locating P-Series Serial NumbersSerial Number see Locating P-Series Serial Numbers on page To request replacement hardware, follow these steps Requesting a Hardware ReplacementTechnical Support