Manuals / Force10 Networks / Computer Equipment / Network Card

Force10 Networks 100-00055-01 manual Rule Management, Deploying the P-Series

Models: 100-00055-01

1 132
Download 132 pages 61.04 Kb
Page 19
Image 19
Firewall Deployment” on page 77).

Firmware is a set of rules that has been transformed—using a compiler—from Snort syntax into a form suitable for uploading to the FPGA. Two sets of sample rules files have been compiled into firmware and are available to be uploaded to the FPGA using either of two firmware management methods (see “Rule Management” on page 19). Table 2 describes each sample rules file.

Table 2 Sample Rules Files

Rule Set

Description

 

 

evasion.rules

The rules in this file help detect attacks which are using strategic TCP segmentation to avoid

 

detection.

 

 

fw.rules

This file contains rules written in Snort syntax for a firewall application (see “Writing Rules for a

 

Firewall Deployment” on page 77).

meta.rules

The rules in this file report on flow information and provide compatibility with Snort.

 

 

null.rules

This file contains no rules; the firmware created from these files are empty images that maximize

 

the dynamic rule capacity (see “Rules Capacity” on page 55).

 

 

sample.rules

This file contains rules written in Snort syntax that were derived from publicly available IDS rules.

 

 

The firmware based on the sample rules files follow the naming convention described in “Selecting Firmware with the GUI” on page 30.

Note: Force 10 recommends not using the sample firmware for production IDS/IPS use. The sample firmware requires considerable site-specific customization in order to be effective; they are included only for you to become more familiar with the functionality of the appliance.

Rule Management

The P-Series software provides three methods by which you can manage the rules and functionality of the appliance:

Graphical User Interface: The graphical user interface (GUI) is a menu-based method for managing the appliance.

Web-based GUI: Manage the appliance and graphically plot performance online.

Command Line Interface: The command line interface (CLI) uses a script called pnic through which you can manually perform the same management tasks as the GUI by entering commands at the command prompt.

Force10 recommends using the GUI or web-based GUI if no programmatic interface is required.

Deploying the P-Series

The flexible architecture of the P-Series lends itself to various deployments.

P-Series Installation and Operation Guide, version 2.3.1.2

19

Page 18 Page 20
Page 19
Image 19
Force10 Networks 100-00055-01 manual Rule Management, Deploying the P-Series, Firewall Deployment” on page
Page 18 Page 20