IBM Proventia Network Active Bypass

C'8O

���

f(yw

© Copyright IBM Corporation 2009.

U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM

Corp.

vfUZ:2009 j 11 B

?<

|0Z]. . . . . . . . . . . . . . . v

XZ>vfo . . . . . . . . . . . . vii`Xvfo . . . . . . . . . . . . . . vii<u'V*5== . . . . . . . . . . . . viii

Z 1 B Proventia Network ActiveBypass %*ri . . . . . . . . . . . 1&\ . . . . . . . . . . . . . . . . . 1XZ Proventia Network Active Bypass %* . . . . 3y>Yw . . . . . . . . . . . . . . . . 4

Z 2 B hC Proventia Network ActiveBypass %* . . . . . . . . . . . . . 7dCM?p Proventia Network Active Bypass %* . . 7EC Proventia Network Active Bypass %*MProventia Network IPS h8 . . . . . . . . 8,Sg4_ . . . . . . . . . . . . . . 8G<=\mgf . . . . . . . . . . . . 9hCgSJ~(* . . . . . . . . . . . . 9hCVN . . . . . . . . . . . . . . 10

Z 3 B Z\mgfPdC ProventiaNetwork Active Bypass %* . . . . . 11XZ\mgf . . . . . . . . . . . . . . 12

CJ\mgf . . . . . . . . . . . . . . 13`X Proventia Network Active Bypass %*D4, 14\m Proventia Network Active Bypass %*DhC 15hCVNdC . . . . . . . . . . . . . 15dC\mKZhC . . . . . . . . . . . 17hCgSJ~(* . . . . . . . . . . . 18dC SNMP ]e . . . . . . . . . . . 19,=1dMhC1x . . . . . . . . . . 19\mC'J'hC . . . . . . . . . . . 208]rV4hC . . . . . . . . . . . . 20&CL~|B . . . . . . . . . . . . . 21tC53U>G< . . . . . . . . . . . 21XBt/ Proventia Network Active Bypass %* 22dC6LO$ . . . . . . . . . . . . . 22

Z 4 B 9C|nPgfdC ProventiaNetwork Active Bypass %* . . . . . 23CJ|nPgf . . . . . . . . . . . . . 24|nPN}Do( . . . . . . . . . . . . 25|nPN} . . . . . . . . . . . . . . 25

yw . . . . . . . . . . . . . . . . 31Lj . . . . . . . . . . . . . . . . . 32

w} . . . . . . . . . . . . . . . . 33

© Copyright IBM Corp. 2009 iii

iv Proventia Network Active Bypass: C'8O

|0Z]

li Proventia Network Active Bypass %*D|0,i4Gq1YNN+w#

|0PZ

li|0P,7#|0PP|,TBo7:

v ;v Proventia Network Active Bypass %*

v Ey-B(L+)

v ;yXF(gB(6+)

v =v@fg4#i

v g4_

v ;E CD

© Copyright IBM Corp. 2009 v

vi Proventia Network Active Bypass: C'8O

XZ>vfo

>8O<Zozz,SMdC Proventia Network Active Bypass %*#

JC6'

>8O|( Proventia Network Active Bypass %*Dy>E"M+d,S=xgT0d

Cy>hCyhD=h#

?jTs

>8OkT:p20MdCxgM53h8Dxg53\m1#9C_&C_8PX

xg_TM IP xgdCDy>*6#

`Xvfo

>8O5wKgNhCMdC Proventia Network Active Bypass %*TCZ IBM

Proventia® Network Intrusion Prevention System(IPS)h8#

iRd{D5

PX IBM® ISS z7Dd{D5IZ IBM ISS Web >c(http://www.iss.net/support/

documentation/)OR=#

`Xvfo

kNDBPD5q!PX Proventia Network Active Bypass %*'VD Proventia Net-

work IPS h8D|`E":

D5 Z]

IBM Proventia GX5000 Series Getting Started

Card

,SMdC GX5000 5P IPS h8D5w

IBM Proventia GX6000 Series Getting Started

Card

,SMdC GX6000 5P IPS h8D5w

IBM Proventia Network Intrusion Prevention Sys-

tem G and GX Appliance User Guide

PX4(M\m_TMl&,T0,$h8h

CDEvM}L#

*6b

IBM ISS 'V*6bG+_[5DE"44#IS http://www.iss.net/support/

knowledgebase/ CJ*6b#IT9CX|Vrp4j6Qw*6b#

a>:kNDp4j6 3321,TKb Proventia Network IPS h8DnB<IMQ*J

b#

© Copyright IBM Corp. 2009 vii

mI$-i

*q! IBM Internet Security System z7DmI$E",kS http://www.ibm.com/

services/us/iss/html/contracts_landing.html BX IBM mI$-i#mb,Proventia Net-

work Active Bypass %*f=D CD-ROM O2|,KmI$E"#

<u'V*5==

IBM Internet Security Systems™(IBM ISS)(}d Web >cT0gSJ~{"rg

0==a)<u'V#

IBM ISS 'V>c

(} IBM ISS 'V Web 3f(http://www.ibm.com/services/us/iss/support/),IT1

SCJ*zC'D5"10f>Pm"j8Dz7JO"W$iM<u'V*6b#

'V1d

Bma)K@zMd{XxD<u'V1d:

Xx 1d

@z +l 24 !1

yPd{Xx 1X1d\;A\e,Og 9 c - Bg 6 c,IBM ISS +<DZ

YU}b

":TZ@zTbDXx,g{ZG$w1d0s<u'V,ITr

@zD<u'VPDBgr"MgSJ~#

*5E"

*q!*5E",k*A IBM ISS 'V Web 3f:http://www.ibm.com/services/us/iss/

support/#

viii Proventia Network Active Bypass: C'8O

Z 1 B Proventia Network Active Bypass %*ri

Proventia Network Active Bypass %*G;VbSh8,|9Cn/T7&\,IZh

8"zJOrOg17#xgw?;PO#Proventia Network Active Bypass %*a)

K^lDJO*F"s?D\m&\M 4 v@"D'WT+xSZVN(I,Sw`i

J)#>Bi\ Proventia Network Active Bypass %*D&\MKP-m#

wb

Z 33D:XZ Proventia Network Active Bypass %*;

:&\;

Z 43D:y>Yw;

Z v3D:|0Z];

&\

>wbhv Proventia Network Active Bypass %*D&\#

&\Pm

v }]wDn/;;,T@53JO

v ;/T7,OgZdX;IY

v 4e4C - Z*h8O^hd{}/Lr

v CZ;/}]w`XD TAP &\

v 10/100/1000 TX(-B)"SX(`#)M LX(%#)'V

v inD?p!n,|(-B"`#bK"%#bKT0-B=bK*;

v _`g4,Ia)nsLHDI?T

v yZ)9D CLI M WEB D\m

v CZ2+\mD SSH M HTTPS

v PX53B~DgSJ~(*

v TACACS+ O$

v 53U>'V

v j+{O RoHS

)9T7dC

v T7 - ^(r*r^(XU

v T7v/EE(FdC|(:

– v/EE#=

– v/EE5J

v kT47PODT7

v $nT7047PON}DdC

© Copyright IBM Corp. 2009 1

v {CT70v/EEN}DdC

2+D Web \m

Proventia Network Active Bypass %*a)K2+D Web \mgf,dP|,:

v )9D CLI gf

v \mKZOD SSH ,S

v kT(eB~D SNMP ]x

v kT(eB~DgSJ~(*

v TACACS+ O$

v 53U>'V

ITSNb;v Web /@w(}\mgf4\mM`X Proventia Network Active

Bypass %*#Proventia Network Active Bypass %*D\mKZ_P;vVdD IP X

7#I9C|nPN}4lwr|DC IP X7#

*CJ\mgf,kr* Web /@w"dk https://,sz\mKZD IP X7#\

mKZD1! IP X7* 192.168.0.111#1!\mKZ Web X7* https://

192.168.0.111#

\mgfZZ 113DZ 3 B, :Z\mgfPdC Proventia Network Active Bypass

%*;PPyG<#

g4JO#$

Proventia Network Active Bypass %*IC=v_`g4,Ia)nsLHDI?T#

g{g4"zJO,G4=vb'*Xa+ Proventia Network Active Bypass %*Sx

gPKv,by Proventia Network Active Bypass %*D&\M`1Z=y1,gB#

2 Proventia Network Active Bypass: C'8O

XZ Proventia Network Active Bypass %*Z+ Proventia Network Active Bypass %*mS=xg.0,kWHl$C%*D&\

?~#

0fe<

B<5wK Proventia Network Active Bypass %*D0fe:

":VNSRAsEP,3r*:VN 4"VN 3"VN 2 MVN 1#

1. xgKZ:1G(SR"LR r-B)N1 M N2 KZ,,SAkZxgMvZxg

2. h8KZ:1G(SR"LR r-B)A1 M A2 KZ,,SA IPS h8

3. LCD T>A

":LCD 4%;pwC#

4. 8>F

v 1 Gb KZD47/n/8>F

v 8>T74,Dl+8>F

v 8>Z*4,DL+8>F

5. XF(KZ(.Z)

6. \mKZ(T+x)

7. TAP KZ

g4Jdw

zXk9C UL PvDg4,g4dv*1wg,n(dvg9* 12 |,n(dvg

w* 5 2`,"Ro=K LPS r NEC 2 `j<#

Z 1 B Proventia Network Active Bypass %*ri 3

y>Yw

>wbhv Proventia Network Active Bypass %*Dy>Yw-m#

dM?p

B<T>K}]gN(} Proventia Network Active Bypass %*Sxg+d= Proventia

Network IPS,"R;vT>KZT7;;DwWNyf0=D`X&\#

;;#=

Proventia Network Active Bypass %*a)=V;;#=:

;;#= hv

n/ n/#=(} Proventia Network IPS h8Z+

CxgM(Cxg.d("T+x!(@#4

T+CxgD}]w(#=oKZ N1(xgk

Z)#Proventia Network Active Bypass %*+

}]+M=KZ A1(h8dkZ),;s(}

Proventia Network IPS h8+}]7I=KZ

A2(h8dvZ)#SE,n/;;(}KZ

N2 7I}]"R+}]dv=(Cxg#

n/#=2ITfrYw,I+}]S(Cx

g7I=+Cxg#

4 Proventia Network Active Bypass: C'8O

;;#= hv

T7 T7#=("+Cxg=KZ N1(xgkZ)

DT+x!(@#}](}SKZ N1(xgk

Z)=KZ N2(xgvZ)bvUO77xP

7I,F}K Proventia Network IPS h8,S

x9!IT1SS+Cxg=o(Cxg#

T7#=2ITfrYw,+}]S(Cxg

7I=+Cxg#

v/EE#=

Proventia Network Active Bypass %*IT(}"MMSUv/EE4Vx`X Proventia

Network IPS h8DKP4v#byI7#}]wD512+TM+7T#zIT9C

Z Timeout 5P(eDh(1d(kNDZ 253D:|nPN};i4,15D5w)

4dCv/EE!,b)!S Proventia Network Active Bypass %*D;vh8KZ"

v"Zm;vKZSU#

Proventia Network Active Bypass %*a)TBv/EE#=:

v/EE#= hv

Z?v/EE!XM#= ;vC'(eDT+xv/EE!,I

Proventia Network Active Bypass %*zI,S

KZ A1 "v#Proventia Network Active Bypass

%*T+xKZ A2 XkS Proventia Network

IPS h8SU=,;vv/EE!#

":1!ivB? 100 Ak(ms)"M;vv

/EE,CdtITvsA 25500 Ak#

C#=CZw*xED Proventia Network IPS

h8#7#Th8xPK}7DdC,byC

h8M;a}Ktv/EE#C#=;h*

Proventia Network IPS h8D}/Lr#

1!5:1

474,v/EE#= v/EEw* Proventia Network Active Bypass

%*T+xKZ A1 M A2 D474,8>

w#g{KZ A1 r A2 D47O*,Proventia

Network Active Bypass %*+#9v/EED

+d"$nT7#=#

Z 1 B Proventia Network Active Bypass %*ri 5

KP#=

Proventia Network Active Bypass %*_PTBKP#=:

KP#= hv

#= 0:}#n/Z* g{ Proventia Network Active Bypass %*Z

,1Z^ZSU=v/EE,G4;;#=+

#V*rd*“n/;;”#=#

g{ Proventia Network Active Bypass %*Z

,1Z^Z4SU=v/EE,G4|+d*

r#V*“T7;;”#=#

1!ivB(^v/EE),Proventia Net-

work Active Bypass %*T“T7;;”#=K

P#

#= 1:}#Z* g{ Proventia Network Active Bypass %*Z

,1Z^ZSU=v/EE,G4;;#=+

#V;drd*“T7;;”#=#

g{ Proventia Network Active Bypass %*Z

,1Z^Z4SU=v/EE,G4|+d*

r#V*“n/;;”#=#

1!ivB(^v/EE),Proventia Net-

work Active Bypass %*#V*“n/;;”#

=#

#= 2:V$n/Z* Proventia Network Active Bypass %*<U&Z

“n/;;”#=#

#= 3:V$n/T7 Proventia Network Active Bypass %*<U&Z

“T7;;”#=#

#= 4:V$;/T7 Proventia Network Active Bypass %*&Z;/

T74,,bb6ET7#=PDb'*XQ

“XU”#

6 Proventia Network Active Bypass: C'8O

Z 2 B hC Proventia Network Active Bypass %*

>B2vK,SMdC Proventia Network Active Bypass %*#

wb

}LEv:dCM?p Proventia Network Active Bypass %*

:dCM?p Proventia Network Active Bypass %*;

dCM?p Proventia Network Active Bypass %*>wbj8hvKdCM?p Proventia Network Active Bypass %*D=h#

XZKNq

TB}LGdCM?p Proventia Network Active Bypass %*yXhD#

}L

1. + Proventia Network Active Bypass %*M Proventia Network IPS h8ECZz

\O#

2. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg

B"TCh8xPdC#

3. + Proventia Network Active Bypass %*Dg4_Vp,S==v;,Dg4(T

a__`H)#

4. (}/@wCJ\mgf"G<#

5. li Proventia Network Active Bypass %*Gq}Z+]}]w#

6. (}\mgfhCVNdC#(C}La3dh8ODKZ"hC$@TT7#)

© Copyright IBM Corp. 2009 7

EC Proventia Network Active Bypass %*M ProventiaNetwork IPS h8

}L

1. v( Proventia Network Active Bypass %*M Proventia Network IPS h8DEC

;C#

2. + Proventia Network Active Bypass %*M Proventia Network IPS h8EC=z

\O#

3. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg

B#

":Proventia Network Active Bypass %*9CDv 1Gb VN#

,Sg4_

}L

1. +?v;wg4JdwD1wS7ek Proventia Network Active Bypass %*#

2. +dP;yg4_ek;wg4ey#+m;yg4_ek4Tm;v;wg4D

;wg4ey#

a>:9C@"D;wg4,ITZ3v;wg4"zPODivB,T\7#a

)g&,ns/g4_`T#

3. lig48>F,7O Proventia Network Active Bypass %*QS(g4#

8 Proventia Network Active Bypass: C'8O

G<=\mgf

}L

1. 9C\mgB(j"*“CAT5E”),+Fcz,S= Proventia Network Active Bypass

%*OD\mKZ#

*c:7#z4UP5nQv(4#$T:DX*xgy!h)#kp+\mKZ

,S=Tb?w?*EDNNxg#\mKZ;&,S=(CZ\m Proventia Net-

work Active Bypass %*M Proventia Network IPS h8D\^xg#

2. t/ Internet Explorer#

3. dk https://192.168.0.111#

":\mKZD1! IP X7* 192.168.0.111#g{|DK\mKZ IP X7,G4

CJ\mKZD Web X72&f.|D*|(bvBD IP X7#

4. G<=\mgf#WN,S=\mgf1,k9C1!C'{M\k#

VN 1!hC

C'{ admin

\k admin

":g{Z\mgfDC'3fO|DK1!DG<hC,G4zhCD5aZf

sYN"TG<1z'#

hCgSJ~(*

XZKNq

dCgSJ~(*,TcZ Proventia Network Active Bypass %*D4,"zd/1I

TSU4,gSJ~#ZdCVN.0,XkhCgSJ~(*#

Z 2 B hC Proventia Network Active Bypass %* 9

hCVN

}L

1. Z\mgfP,kTz*dCDVN!qVN3f#

2. dkr!q`&DhC,;s%w#f

10 Proventia Network Active Bypass: C'8O

Z 3 B Z\mgfPdC Proventia Network Active Bypass%*

zIT9C\mgfr|nPgf4hC Proventia Network Active Bypass %*Ds?

VdC!n#>BPvKZC'gfPICDdC!n,"hvKgNTdxPh

C#

wb

Z 123D:XZ\mgf;

Z 133D:CJ\mgf;

Z 143D:`X Proventia Network Active Bypass %*D4,;

Z 153D:\m Proventia Network Active Bypass %*DhC;

© Copyright IBM Corp. 2009 11

XZ\mgf

Proventia Network Active Bypass %*a)K;v2+D Web \mgf#

\m3f

\mgfI;5P3fiI,b)3fgBmy>#

\m3f hv

4, PX Proventia Network Active Bypass %*D

4,E"

\mKZ \mKZD IP hC

VN 1 TCVNPh8DKZhCMv/EEhC,

T$nT7rxkn/#=#

VN 2 TCVNPh8DKZhCMv/EEhC,

T$nT7rxkn/#=#

VN 3 TCVNPh8DKZhCMv/EEhC,

T$nT7rxkn/#=#

VN 4 TCVNPh8DKZhCMv/EEhC,

T$nT7rxkn/#=#

gSJ~(* gSJ~(*yhDhC,nggSJ~J'

MJ~~qwE"

SNMP hC CZr SNMP ]e~qw"M SNMP ]eD

hC

NTP hC 9xg1d-i(NTP)+ Proventia Network

Active Bypass %*1dkxg1d~qw,=

DhC

1dhC Proventia Network Active Bypass %*D1xh

C

8]/V4 8]"V4T04;=v'1!&\

L~|B +L~|BD~OX= Proventia Network Active

Bypass %*

U>hC 53U>D~DhC

XBt/ XBt/ Proventia Network Active Bypass %

*

C' |D admin \k

6LO$ Jm6LCJ~qwkO$~qwxP(ET

7OC'GqP(CJxgDhC

12 Proventia Network Active Bypass: C'8O

CJ\mgf

IT(}Nb;v Web /@w4\mM`X Proventia Network Active Bypass %*#

Hvu~

7# Proventia Network Active Bypass %*DT+x\mKZQ,S=>Xxgrwz#

1!\mKZ IP X7M Web X7

Proventia Network Active Bypass %*P;vVdx\mKZD1! IP X7#BmP

T>K1! IP X7M URL:

n 1!5

\mKZ IP X7 192.168.0.111

\mKZ Web X7 https://192.168.0.111

b)1!5Z|D.0<UP'#zIT9C|nPN}r9C\mgfD\mKZ

3f4|D\mKZD IP X7#

*c:T\mKZxP|D+PO\mgfD,S#ZxPNN|D.0,k7#I

TCJBD IP X7#|D IP X7s,\mKZD Web X72f.|D#

\mgfD Web X7

zIT9CI https:// sz\mKZD IP X7iID Web X74CJ\mgf#C

Web X7Dq=gB:

https://xxx.xxx.xxx.xxx

Zdk Web X71,CVdx\mKZD IP X7f; xxx.xxx.xxx.xxx#

}g,1! Web X7* https://192.168.0.111

":Zdk Web X7s,+a4=;uPX Web >c2+O$D{"#%w“LxC

JC Web >c(;Fv)”TLx#

G<

xk\m Web >cs,+4=G<A;#4UBmPD5wjITBVN#

VN hv

C' dkC'{

":1!C'* admin#

\k dk\k

":1!\k* admin#

1!5Z|D.0<UP'#g{h*|DC'{r\k,IT9C\mgfDC'

3fr|nPgf#

Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 13

`X Proventia Network Active Bypass %*D4,>wbhvK(}\mgf4`X Proventia Network Active Bypass %*D4,#

li{e4,

4,3fGG<=\mgf14=DZ;v3f#9C4,3f4i4PX Proventia

Network Active Bypass %*DE"#4,3fV8v?Va)E",b)?VgBmy

>#

?V hv

53 a)PX Proventia Network Active Bypass %

*D#fE"

g4 mwg4*t9GXU

VN 1 T>VN 1 Dn//T74,

VN 2 T>VN 2 Dn//T74,

VN 3 T>VN 3 Dn//T74,

VN 4 T>VN 4 Dn//T74,

X!hC T>10DKZdC

i4534,

53?Va)#fD534,,b)4,gBmy>#

VN hv

z7{F T> Proventia Network Active Bypass %*D

{F:

:Proventia® NAB;

z7j6 T> Proventia Network Active Bypass %*D

z7j6:

:Proventia NAB rev 1;

2~^)f T> Proventia Network Active Bypass %*D

2~f>

L~f> T> Proventia Network Active Bypass %*D

10L~f>

\m IP T>\mKZD IP X7

a>:g{*|D\mKZD IP hC,k9C

\mKZ3f#

1!5:192.168.0.111

gSJ~(* m>gSJ~(*tC9G{C

a>:g{*|DgSJ~hC,k9CgS

J~(*3f#

1!5:{C(;"M)

14 Proventia Network Active Bypass: C'8O

\m Proventia Network Active Bypass %*DhC9C\mgf4i4r|D Proventia Network Active Bypass %*DhC#

hCVNdC

}L

1. Z\mgfP,!qVNdC3f#

2. jIDvVN(A - D)PnJOzX(xg73DVNDVN:

VN hv

v/EESUZdJmDn$1d(100 Ak- 25500 Ak)

8(I Proventia Network Active Bypass %*

zIDC'(eDT+xv/EE!#

v/EE!?t 100 Ak(ms)S Proventia

Network Active Bypass %* T+xKZ A1 "

v,Proventia Network Active Bypass %*T+

xKZ A2 XkS Proventia Network IPS h8

SU=,;vv/EE!#

*$nT7x*'Dv/EE}(1-10) 8(Cw Proventia Network Active Bypass %

*T+xKZ A1 M A2 D47,S4,8>

wDv/EE#

g{KZ A 1 r A 2 D47PO,G4

Proventia Network Active Bypass %*a#9v

/EED+d"$nT7#=#

*xkn/==xSU=Dv/EE}

(1-10)8(I Proventia Network IPS h8zIDC'

(eDT+xv/EE!#bG Proventia Net-

work Active Bypass %**KST7#=d*n

/#=xXkSUDv/EE}#

1!5:1

Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 15

VN hv

KP#= 8( Proventia Network Active Bypass %*D

KP#=:

v #= 0:}#n/T7(1!#=)- g{

Proventia Network Active Bypass %*Z,1

Z^ZSU=v/EE,G4C;;#=#

V;drd*“n/;;”#=#

g{ Proventia Network Active Bypass %*

Z,1Z^Z4SU=v/EE,G4|+

d*r#V*“T7;;”#=#

1!ivB(;Pv/EE), Proventia

Network Active Bypass %*#V*“T7;;

”#=#

v #= 1:}#n/Z* - g{ Proventia

Network Active Bypass %* Z,1Z^ZS

Uv/EE,G4C;;#=#V;dr|

DI“T7;;”#=#

g{ Proventia Network Active Bypass %*

Z,1Z^Z4SU=v/EE,G4|+

d*r#V*“n/;;”#=#

1!ivB(;Pv/EE),Proventia Net-

work Active Bypass %* #V*“n/;;”

#=#

v #= 2:V$n/ - Proventia Network

Active Bypass %*<U&Z“n/;;”#

=#

v #= 3:V$n/T7 - Proventia Net-

work Active Bypass %*<U&Z“T7;;

”#=#

v #= 4:V$;/T7 - Proventia Net-

work Active Bypass %*&Z;/T7#=,

dPT7#=PDb'*X*“XU”#

47JOlb g{xgKZ#9$w,G4azI SNMP ]

e#

v 0:{953lb“47JOlb”

v 1:953\;lb"$n“47JOlb”

1!5:QtC

16 Proventia Network Active Bypass: C'8O

VN hv

X!hC Z“T7;;”#=M“n/;;”#=B*}]

w8( Proventia Network Active Bypass %*

ODKZ:

v KZ N1:xgkZ

v KZ N2:xgvZ

v KZ A1:h8dkZ

v KZ A2:h8dvZ

X!hCD!nP:

v RX

v TX

v RX/TX

dC\mKZhC}L

(}\mKZ3fdC\mKZD IP hC#

VN hv

IP X7 \mKZD IP X7

1!5:192.168.0.111

xgZk xgrSxZkD IP X7

1!5:255.255.255.0

xX xXD IP X7

1!5:192.168.0.1

DNS 1 wr{53~qwD IP X7

1!5:192.168.0.1

DNS 2 (zr{53~qwD IP X7

1!5:0.0.0.0

Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 17

hCgSJ~(*

XZKNq

Proventia Network Active Bypass %*a)KgSJ~(*&\,IdCC&\,Tc

1VND;;#="zd/1"MgSJ~{"#(}gSJ~(*3fdCgSJ

~~qwMJ',T0tCr{C(*#

}L

4Bmyv4hC5#

VN hv

gSJ~(* tCr{CgSJ~(*

1!5:Q{C(;"M)

b"J~~qw(SMTP) `&Db" SMTP J~~qwDX7

b"J~~qw(SMTP)KZ b" SMTP J~~qwDKZE

1!5:25

SMTP C'{ b" SMTP J~~qwDC'{

SMTP \k b" SMTP J~~qwD\k(g{JC)

b"J~~qw(SMTP)2+T SMTP J~~qwkJ~M'z.d9CD

SSL S\

1!5:tC(2+)

"~K("~KDgSJ~X7) &CT>Zb"gSJ~{""~KVNPD

{FrX7

U~K(U~KPm,T:EVt) (*"MADDU~KgSJ~X7Pm

wb T>Zb"gSJ~{"wbPPDwb

>}::Proventia NAB status report;

18 Proventia Network Active Bypass: C'8O

dC SNMP ]eXZKNq

Proventia Network Active Bypass %*a)K SNMP ]e&\,(}C&\IZVN

4,rg44,"zd/1r]e~qw"M{"#(} SNMP hC3fdC SNMP

?j IP M SNMPv2 xr{F,T0tCr{C SNMP ]e&\#

}L

4UBmPD5wjITBVN#

VN hv

"M SNMP ]e tCr{C SNMP ]eD"M

1!5:Q{C

SNMP h]?j IP SNMP ]e~qwD?j IP

1!5:localhost

SNMPv2 gx SNMP ]e~qwDxr{F

1!5:+2

N<:kND IBM ISS MIB D~}C#

,=1dMhC1x}L

(} NTP Setting 3ftCxg1d-i(NTP),9 Proventia Network Active Bypass

%* 1dkxg1d~qw,=#(} Time Setting 3fhC Proventia Network Active

Bypass %*D1x#4BmyvhCTB5#

VN hv

NTP 9 Proventia Network Active Bypass %*1d

kxg1d~qw,=D-i

1!5:Q{C

NTP ~qw 9C NTP a)1dD;iFczD+2r

1x Proventia Network Active Bypass %*9CD1

x

1!5:@z\&<

Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 19

\mC'J'hC

}L

(}C'3f|DCJ Web \mgfyhDC'{M\k#

VN hv

\k (} Web /@wCJ\mgfyhD\k

7O\k (} Web /@wCJ\mgfyh\kD7O

8]rV4hC

}L

(}8]/V43fFw8]D~r9 Proventia Network Active Bypass %*5XAd

1!hC#4UBmPD5wjITBVN#

VN hv

8] + Proventia Network Active Bypass %*O1

0hCD1>#fZ{* config.txt DD~P

V4T Qf"D8]D~D;C#dkD~;Cr/

@ACD~,;s%wV4T#

V4=v'1!dC 9 Proventia Network Active Bypass %*Dh

CV4*1!dC,;sXBt/#

*c:\mgfD IP X7;a4;#

20 Proventia Network Active Bypass: C'8O

&CL~|B

XZKNq

(}L~|B3f,TV$==+L~|BOX= Proventia Network Active Bypass %

*#/@A|BD~D;C,;s%w%wL~#

":jIC}Ln`h* 5 VS#

kl4,3fTi$Gq20KBDL~f>#

tC53U>G<

XZKNq

(}U>hC3f,+w53PDU>}]O"=Pkf"bP#53U>|,rC

';%(g53XBt/rV/&\dC)r53Yw(gL~|BsDT/XBt

/)<B Proventia Network Active Bypass %*yI!YwDX*E"#

}L

4UBmPD5wjITBVN#

VN hv

U>G< hCU>}]DO"

1!5:Q{C

Syslog ~qwwz U>}]Pkf"bD IP X7

1!5:localhost

Syslog ~qwKZ 53U>~qw}Z`XDKZE

1!5:514

Syslog ~qwj6 53U>~qwDwz{

1!5:NAB

Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 21

XBt/ Proventia Network Active Bypass %*XZKNq

(}XBt/3fXBt/ Proventia Network Active Bypass %*#

dC6LO$

XZKNq

(}6LO$3fdC TACACS+ -iDhC#TACACS+(Terminal Access Control-

ler Access Control System Plus,v?DUKCJXFwCJXF53)-i*4T;

vr`v~qwD Proventia Network Active Bypass %*a)CJXF(@"O$"Z

(MJ'~q)#

}L

4UBmPD5wjITBVN#

VN hv

TACACS+ Jm TACACS+ -ixPCJXF

1!5:Q{C

~qw a)CJ~qD~qwD IP X7

1!5:0.0.0.0

S\ T TACACS+ |DweS\,9(E|2+

1!5:q

\? *M'zMX$Lry*DCZS\D2m\

?5

1!5:^

~q ksO$D~q

1!5:+?

22 Proventia Network Active Bypass: C'8O

Z 4 B 9C|nPgfdC Proventia Network ActiveBypass %*

zIT9C\mgfr|nPgf4hC Proventia Network Active Bypass %*Ds?

VdC!n#>BPvK|nPN},"hvKgN(}|nPgf4hCdC!

n#

wb

Z 243D:CJ|nPgf;

Z 253D:|nPN}Do(;

Z 253D:|nPN};

© Copyright IBM Corp. 2009 23

CJ|nPgf

>wb2vKPXCJ|nPgf=fDZ]#

,S`M

zIT(}TB=V==.;4CJ Proventia Network Active Bypass %*D|nPg

f:

v (}.PUKBfw

v (} SSH 6L shell Bfw

,S*s

BmT>KTZ=V,S`My&_8Du~#

,S`M

Proventia Network ActiveBypass %*ODKZ gB

.PUKBfw XF(KZ XF(gB

SSH 6L shell Bfw \mKZ \mgB

.PUKhC

9C.PUKBfwMTBUKhC:

hC 5

(EKZ (#* COM1(!vZFczhC)

Bf VT100

HX/k 115200

}]; 8

f<T#i ^

#9; 1

w?XF ^

SSH KZ

Proventia Network Active Bypass %* SSH ~qw9Cj<KZ 22#

C'{M\k

9C\m1J'4dCN}"`X Proventia Network Active Bypass %*D4,#Bm

PvK1!C'{M\k#

VN hv

C' dkC'{

":1!C'* admin#

\k dk\k

":1!C'* admin#

24 Proventia Network Active Bypass: C'8O

":zIT(}|nPgfr(}\mgf4|D\k#

|nPN}Do(

>wbEvK9C|nPN}hCrlw51yhDo(#

(^*s

;P Admin J'_PhCMlw53N}D(^#

|nPo(

9CTB|nPo(4hCrlwN}5#

|n Yw

cli get |more dvyPN}D5

cli get parameter_ name *N}8(5

}g:dk cli get timeout +T>.xFq

=D,15

cli set parameter_name parameter_value *8(DN}hC5

}g:dk cli set timeout 20 a+,15h

C* 20

|nPN}

>wbPvKICZ Proventia Network Active Bypass %*D|nPN}#

N}V*TB8`:

v \mKZ

v (E

v gSJ~(*

v SNMP

v KP

ww9CN}

kww9Cb)|nPN},r*|GXFE Proventia Network Active Bypass %*D

P*#}GIT7(|D1!5sTxgzzDa{,qrkp|D1!5#3)N

};PZ IBM ISS M''VzmD8<BEITxP|D#

\mKZN}

BmPDN}XF\mKZD IP hC#

N} hv

ip Proventia Network Active Bypass %*\mKZ

D10 IP X7

1!5:172.16.124.17

Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 25

N} hv

mask \mKZDSxZk

1!5:255.255.255.0

gw \mKZDxX IP X7

1!5:172.16.124.1

current_ip \mKZD10 IP X7

":current_ip N}*;AN}#

(EN}

BmPDN}XFE Proventia Network Active Bypass %*D(E&\#9C cli get

4lwN}D105#9C cli set SB54|DN}5#}g,cli set ip

127.0.0.1#

N} hv

dns DNS ~qw IP X7

":CN}T&ZC'gfPD DNS 1#

dns2 Z~v DNS ~qw IP X7

domain >XwzDr{

1!5:local

dhcp DHCP M'z

dhcp:+CN}hC* dhcp TtC Proventia

Network Active Bypass %*\mKZOD

DHCP M'z#

Static:+CN}hC* static T{C Proventia

Network Active Bypass %*\mKZOD

DHCP M'z

host C%*Dwz{

CN}*;AN}#

1!5:Proventia_NAB

username \m1J'{

1!5:admin

\k \m1\k

1!5:admin

https tCr{C HTTPS ~qw

v 0:{C2+ Web \mgf

v 1:tCT2+ Web \mgfDCJ

1!5:1(tC)

26 Proventia Network Active Bypass: C'8O

gSJ~(*N}

BmPDN}XFEgSJ~(*&\#

N} hv

email tCr{CgSJ~(*&\

v 0:{CgSJ~(*

v 1:tCgSJ~(*

1!5:1

email_from T>ZgSJ~(*“"~K”VNPD{Fr

gSJ~X7

email_security tCr{CgSJ~2+&\

v 0:{CgSJ~2+&\

v 1:tCgSJ~2+&\

1!5:1

email_username S Proventia Network Active Bypass %*"M

gSJ~(*yCDgSJ~J'DC'{

email_password S Proventia Network Active Bypass %*"M

gSJ~(*yCDgSJ~J'D\k

email_server J~~qwD SMTP ~qwX7

email_subject Z(*gSJ~{"DwbPPT>DD>

y>:“Notice: PNAB segment(s) have switched

modes”

email_to +rd"M(*DgSJ~X7Pm

SNMP N}

BmPDN}XFE SNMP ]eD"M#

N} hv

snmp tCr{C SNMP &\

v 0:{C SNMP &\

v 1:tC SNMP &\

1!5:0({C)

snmp_community SNMP xr{F

1!5:+2

snmp_destination SNMP ?j

1!5:localhost

LFD g{xgKZPO,cazI“47JOlb”

v 0:{953lb“47JOlb”

v 1:953\;lb"$n“47JOlb”

1!5:QtC

Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 27

KPN}

BmPDN}XFE Proventia Network Active Bypass %*DP*#

N} hv

timeout Proventia Network Active Bypass %*D,15

?v,1%** 100 Ak#(,16'* 100

Ak= 25.5 k#)

Z1!T7KP#=B,g{ Proventia Net-

work Active Bypass %*Zh(D,15Z;P

lb=v/EE!,G4CVN+Sn/#=

P;AT7#=#

1!5:1

force kT?v I/O %*D?F(wT)#=

v 0:{C?F(wT)#=

v 2:?FVN&Z“n/;;”#=

v 4:?FVN&Z“T7;;”#=

1!5:0({C)

op_mode Proventia Network Active Bypass %*D1!K

P#=

v 0:}#n/T7

g{SU=v/EE,G453+&ZZ*

4,#

v 1:}#Z*

g{U=v/EE,G453+&ZT74

,#

v 2:<UZ*

v 4:<Un/T7

v 5:V$;/T7(T7#=PD“T7;;

”;XU)

1!5:0(}#n/T7)

hb_mode Proventia Network Active Bypass %*Dv/E

E#=

v hb_mode 1:53}ZzIv/EE

v hb_mode 2:b?4}ZzIv/EE

v hb_mode 3:53y]h8OD47lb$n

T7

1!5:hb_mode 1

state Proventia Network Active Bypass %*D4,

CN}*;AN}#

v 0:“T7;;”4,

v 1:“n//Z*;;”4,

28 Proventia Network Active Bypass: C'8O

N} hv

active_hb_cnt f"n/v/EEF}

;PZVNSU= active_hb_cnt v,xv/E

EsEaP;*“n/;;”#=#

1!5:2(6':1 = 10)

bypass_hb_cnt f"T7v/EEF}

;PZVN*' bypass_hb_cnt vv/EEsE

aP;*“T7;;”#=#

1!5:3(6':1 = 10)

TACACS+ N}

(} CLI CTBN}4dC TACACS+:

N} hv

tacacs 5:

v 0:{C

v 1:tC

tacacs_encryption 5:

v 0:{C

v 1:tC

tacacs_protocol TACACS+ -i

1!5:+?

tacacs_secret TACACS+ \?

1!5:^

tacacs_server TACACS+ ~qwD IP X7

tacacs_service TACACS+ ~q

1!5:+?

Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 29

30 Proventia Network Active Bypass: C'8O

yw

>E"G*Z@za)Dz7M~q`4D#

IBM I\Zd{zRrXx;a)>D5PV[Dz7"~qr&\XT#PXz10

yZxrDz7M~qDE",krz1XD IBM zmI/#NNT IBM z7"L

rr~qD}C"GbZw>r5>;\9C IBM Dz7"Lrr~q#;*;V8

IBM D*6z(,NN,H&\Dz7"Lrr~q,<ITzf IBM z7"Lrr

~q#+G,@@Mi$NNG IBM z7"Lrr~q,+IC'TP:p#

IBM I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'N

N9Cb)({DNNmI#zITCif==+mIi/Dy:

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY 10504-1785

U.S.A.

PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM 6z(?E*

5,rCif==+i/Dy:

Intellectual Property Licensing

Legal and Intellectual Property Law

IBM Japan Ltd.

1623-14, Shimotsuruma, Yamato-shi

Kanagawa 242-8502 Japan

>un;JC"zrNNbyDunk1X(I;;BDzRrXx:INTERNA-

TIONAL BUSINESS MACHINES CORPORATION “4V4”a)>vfo,;=PN

NV`D(^[Gw>D9G5,D)#$,|((+;^Z)5,DPXGV("

JzMJCZ3X(C>DP^#$#3)zRrXxZ3);WP;Jmb}w>

r5,D#$#rK>unI\;JCZz#

>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b

)|D+`k>JODBf>P#IBM ITf1T>JOPhvDz7M/rLrxPD

xM/r|D,x;mP(*#

>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==

d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V,

9CG) Web >cx4DgU+IzTPP##

IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN

pN#

>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(

DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE

"xP`%9C,kkBPX7*5:

© Copyright IBM Corp. 2009 31

IBM Corporation

Project Management

C55A/74KB

6303 Barfield Rd.,

Atlanta, GA 30328

U.S.A

;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD

E"#

>D5PhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM

zJm~mI-irNN,H-iPDuna)#

yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv

m>K?jMb8xQ#

Lj

IBM"IBM UjM ibm.com G International Business Machines Corp., Z+rm`>(

xrDLjr"aLj#d{z7M~q{FI\G IBM rd{+>DLj#Web >

c www.ibm.com/legal/copytrade.shtml O“f(MLjE"”?VP|,K IBM LjD

nBPm#

Linux® G Linus Torvalds Z@zM/rd{zRrXxD"aLj#

UNIX® G The Open Group Z@zMd{zRrXxD"aLj#

Microsoft® M Windows® G Microsoft Corporation Z@zM/rd{zRrXxD"a

Lj#

d{+>"z7r~q{FI\Gd{+>DLjr~qjG#

32 Proventia Network Active Bypass: C'8O

w}

[B]|0Z] v

8]/V4 20

[C]XBt/ 22

[D]g4 3

g4JO#$ 2

gSJ~(* 18

[F]VNdC 15

[G]|BL~ 21

L~|B 21

\mKZhC 17

\mgf 11

[J]<u'V, IBM Internet Security

Systems viii

;;#= 4

[M]|nPgf

N} 25

CJ 24

|nPo( 25

[W]D5 vii

[X]534, 14

mI$-i viii

[Y]C'gf 11

C'J'hC 20

o(, |nP 25

[Z]v?DUKCJXFwCJXF53 22

*6b vii

UKCJXFwCJXF53 22

4, 14

IIBM Internet Security Systems

<u'V viii

Web >c viii

IBM ISS 'V*6b vii

SSSH KZ 24

syslog 21

TTACACS

kND UKCJXFwCJXF53

TACACS+

kND v?DUKCJXFwCJXF

53

WWeb >c, IBM Internet Security

Systems viii

© Copyright IBM Corp. 2009 33

34 Proventia Network Active Bypass: C'8O

����

Printed in China