proventia network active bypassn
TRANSCRIPT
IBM Proventia Network Active Bypass
C'8O
���
f(yw
© Copyright IBM Corporation 2009.
U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
vfUZ:2009 j 11 B
?<
|0Z]. . . . . . . . . . . . . . . v
XZ>vfo . . . . . . . . . . . . vii`Xvfo . . . . . . . . . . . . . . vii<u'V*5== . . . . . . . . . . . . viii
Z 1 B Proventia Network ActiveBypass %*ri . . . . . . . . . . . 1&\ . . . . . . . . . . . . . . . . . 1XZ Proventia Network Active Bypass %* . . . . 3y>Yw . . . . . . . . . . . . . . . . 4
Z 2 B hC Proventia Network ActiveBypass %* . . . . . . . . . . . . . 7dCM?p Proventia Network Active Bypass %* . . 7EC Proventia Network Active Bypass %*MProventia Network IPS h8 . . . . . . . . 8,Sg4_ . . . . . . . . . . . . . . 8G<=\mgf . . . . . . . . . . . . 9hCgSJ~(* . . . . . . . . . . . . 9hCVN . . . . . . . . . . . . . . 10
Z 3 B Z\mgfPdC ProventiaNetwork Active Bypass %* . . . . . 11XZ\mgf . . . . . . . . . . . . . . 12
CJ\mgf . . . . . . . . . . . . . . 13`X Proventia Network Active Bypass %*D4, 14\m Proventia Network Active Bypass %*DhC 15hCVNdC . . . . . . . . . . . . . 15dC\mKZhC . . . . . . . . . . . 17hCgSJ~(* . . . . . . . . . . . 18dC SNMP ]e . . . . . . . . . . . 19,=1dMhC1x . . . . . . . . . . 19\mC'J'hC . . . . . . . . . . . 208]rV4hC . . . . . . . . . . . . 20&CL~|B . . . . . . . . . . . . . 21tC53U>G< . . . . . . . . . . . 21XBt/ Proventia Network Active Bypass %* 22dC6LO$ . . . . . . . . . . . . . 22
Z 4 B 9C|nPgfdC ProventiaNetwork Active Bypass %* . . . . . 23CJ|nPgf . . . . . . . . . . . . . 24|nPN}Do( . . . . . . . . . . . . 25|nPN} . . . . . . . . . . . . . . 25
yw . . . . . . . . . . . . . . . . 31Lj . . . . . . . . . . . . . . . . . 32
w} . . . . . . . . . . . . . . . . 33
© Copyright IBM Corp. 2009 iii
iv Proventia Network Active Bypass: C'8O
|0Z]
li Proventia Network Active Bypass %*D|0,i4Gq1YNN+w#
|0PZ
li|0P,7#|0PP|,TBo7:
v ;v Proventia Network Active Bypass %*
v Ey-B(L+)
v ;yXF(gB(6+)
v =v@fg4#i
v g4_
v ;E CD
© Copyright IBM Corp. 2009 v
vi Proventia Network Active Bypass: C'8O
XZ>vfo
>8O<Zozz,SMdC Proventia Network Active Bypass %*#
JC6'
>8O|( Proventia Network Active Bypass %*Dy>E"M+d,S=xgT0d
Cy>hCyhD=h#
?jTs
>8OkT:p20MdCxgM53h8Dxg53\m1#9C_&C_8PX
xg_TM IP xgdCDy>*6#
`Xvfo
>8O5wKgNhCMdC Proventia Network Active Bypass %*TCZ IBM
Proventia® Network Intrusion Prevention System(IPS)h8#
iRd{D5
PX IBM® ISS z7Dd{D5IZ IBM ISS Web >c(http://www.iss.net/support/
documentation/)OR=#
`Xvfo
kNDBPD5q!PX Proventia Network Active Bypass %*'VD Proventia Net-
work IPS h8D|`E":
D5 Z]
IBM Proventia GX5000 Series Getting Started
Card
,SMdC GX5000 5P IPS h8D5w
IBM Proventia GX6000 Series Getting Started
Card
,SMdC GX6000 5P IPS h8D5w
IBM Proventia Network Intrusion Prevention Sys-
tem G and GX Appliance User Guide
PX4(M\m_TMl&,T0,$h8h
CDEvM}L#
*6b
IBM ISS 'V*6bG+_[5DE"44#IS http://www.iss.net/support/
knowledgebase/ CJ*6b#IT9CX|Vrp4j6Qw*6b#
a>:kNDp4j6 3321,TKb Proventia Network IPS h8DnB<IMQ*J
b#
© Copyright IBM Corp. 2009 vii
mI$-i
*q! IBM Internet Security System z7DmI$E",kS http://www.ibm.com/
services/us/iss/html/contracts_landing.html BX IBM mI$-i#mb,Proventia Net-
work Active Bypass %*f=D CD-ROM O2|,KmI$E"#
<u'V*5==
IBM Internet Security Systems™(IBM ISS)(}d Web >cT0gSJ~{"rg
0==a)<u'V#
IBM ISS 'V>c
(} IBM ISS 'V Web 3f(http://www.ibm.com/services/us/iss/support/),IT1
SCJ*zC'D5"10f>Pm"j8Dz7JO"W$iM<u'V*6b#
'V1d
Bma)K@zMd{XxD<u'V1d:
Xx 1d
@z +l 24 !1
yPd{Xx 1X1d\;A\e,Og 9 c - Bg 6 c,IBM ISS +<DZ
YU}b
":TZ@zTbDXx,g{ZG$w1d0s<u'V,ITr
@zD<u'VPDBgr"MgSJ~#
*5E"
*q!*5E",k*A IBM ISS 'V Web 3f:http://www.ibm.com/services/us/iss/
support/#
viii Proventia Network Active Bypass: C'8O
Z 1 B Proventia Network Active Bypass %*ri
Proventia Network Active Bypass %*G;VbSh8,|9Cn/T7&\,IZh
8"zJOrOg17#xgw?;PO#Proventia Network Active Bypass %*a)
K^lDJO*F"s?D\m&\M 4 v@"D'WT+xSZVN(I,Sw`i
J)#>Bi\ Proventia Network Active Bypass %*D&\MKP-m#
wb
Z 33D:XZ Proventia Network Active Bypass %*;
:&\;
Z 43D:y>Yw;
Z v3D:|0Z];
&\
>wbhv Proventia Network Active Bypass %*D&\#
&\Pm
v }]wDn/;;,T@53JO
v ;/T7,OgZdX;IY
v 4e4C - Z*h8O^hd{}/Lr
v CZ;/}]w`XD TAP &\
v 10/100/1000 TX(-B)"SX(`#)M LX(%#)'V
v inD?p!n,|(-B"`#bK"%#bKT0-B=bK*;
v _`g4,Ia)nsLHDI?T
v yZ)9D CLI M WEB D\m
v CZ2+\mD SSH M HTTPS
v PX53B~DgSJ~(*
v TACACS+ O$
v 53U>'V
v j+{O RoHS
)9T7dC
v T7 - ^(r*r^(XU
v T7v/EE(FdC|(:
– v/EE#=
– v/EE5J
v kT47PODT7
v $nT7047PON}DdC
© Copyright IBM Corp. 2009 1
v {CT70v/EEN}DdC
2+D Web \m
Proventia Network Active Bypass %*a)K2+D Web \mgf,dP|,:
v )9D CLI gf
v \mKZOD SSH ,S
v kT(eB~D SNMP ]x
v kT(eB~DgSJ~(*
v TACACS+ O$
v 53U>'V
ITSNb;v Web /@w(}\mgf4\mM`X Proventia Network Active
Bypass %*#Proventia Network Active Bypass %*D\mKZ_P;vVdD IP X
7#I9C|nPN}4lwr|DC IP X7#
*CJ\mgf,kr* Web /@w"dk https://,sz\mKZD IP X7#\
mKZD1! IP X7* 192.168.0.111#1!\mKZ Web X7* https://
192.168.0.111#
\mgfZZ 113DZ 3 B, :Z\mgfPdC Proventia Network Active Bypass
%*;PPyG<#
g4JO#$
Proventia Network Active Bypass %*IC=v_`g4,Ia)nsLHDI?T#
g{g4"zJO,G4=vb'*Xa+ Proventia Network Active Bypass %*Sx
gPKv,by Proventia Network Active Bypass %*D&\M`1Z=y1,gB#
2 Proventia Network Active Bypass: C'8O
XZ Proventia Network Active Bypass %*Z+ Proventia Network Active Bypass %*mS=xg.0,kWHl$C%*D&\
?~#
0fe<
B<5wK Proventia Network Active Bypass %*D0fe:
":VNSRAsEP,3r*:VN 4"VN 3"VN 2 MVN 1#
1. xgKZ:1G(SR"LR r-B)N1 M N2 KZ,,SAkZxgMvZxg
2. h8KZ:1G(SR"LR r-B)A1 M A2 KZ,,SA IPS h8
3. LCD T>A
":LCD 4%;pwC#
4. 8>F
v 1 Gb KZD47/n/8>F
v 8>T74,Dl+8>F
v 8>Z*4,DL+8>F
5. XF(KZ(.Z)
6. \mKZ(T+x)
7. TAP KZ
g4Jdw
zXk9C UL PvDg4,g4dv*1wg,n(dvg9* 12 |,n(dvg
w* 5 2`,"Ro=K LPS r NEC 2 `j<#
Z 1 B Proventia Network Active Bypass %*ri 3
y>Yw
>wbhv Proventia Network Active Bypass %*Dy>Yw-m#
dM?p
B<T>K}]gN(} Proventia Network Active Bypass %*Sxg+d= Proventia
Network IPS,"R;vT>KZT7;;DwWNyf0=D`X&\#
;;#=
Proventia Network Active Bypass %*a)=V;;#=:
;;#= hv
n/ n/#=(} Proventia Network IPS h8Z+
CxgM(Cxg.d("T+x!(@#4
T+CxgD}]w(#=oKZ N1(xgk
Z)#Proventia Network Active Bypass %*+
}]+M=KZ A1(h8dkZ),;s(}
Proventia Network IPS h8+}]7I=KZ
A2(h8dvZ)#SE,n/;;(}KZ
N2 7I}]"R+}]dv=(Cxg#
n/#=2ITfrYw,I+}]S(Cx
g7I=+Cxg#
4 Proventia Network Active Bypass: C'8O
;;#= hv
T7 T7#=("+Cxg=KZ N1(xgkZ)
DT+x!(@#}](}SKZ N1(xgk
Z)=KZ N2(xgvZ)bvUO77xP
7I,F}K Proventia Network IPS h8,S
x9!IT1SS+Cxg=o(Cxg#
T7#=2ITfrYw,+}]S(Cxg
7I=+Cxg#
v/EE#=
Proventia Network Active Bypass %*IT(}"MMSUv/EE4Vx`X Proventia
Network IPS h8DKP4v#byI7#}]wD512+TM+7T#zIT9C
Z Timeout 5P(eDh(1d(kNDZ 253D:|nPN};i4,15D5w)
4dCv/EE!,b)!S Proventia Network Active Bypass %*D;vh8KZ"
v"Zm;vKZSU#
Proventia Network Active Bypass %*a)TBv/EE#=:
v/EE#= hv
Z?v/EE!XM#= ;vC'(eDT+xv/EE!,I
Proventia Network Active Bypass %*zI,S
KZ A1 "v#Proventia Network Active Bypass
%*T+xKZ A2 XkS Proventia Network
IPS h8SU=,;vv/EE!#
":1!ivB? 100 Ak(ms)"M;vv
/EE,CdtITvsA 25500 Ak#
C#=CZw*xED Proventia Network IPS
h8#7#Th8xPK}7DdC,byC
h8M;a}Ktv/EE#C#=;h*
Proventia Network IPS h8D}/Lr#
1!5:1
474,v/EE#= v/EEw* Proventia Network Active Bypass
%*T+xKZ A1 M A2 D474,8>
w#g{KZ A1 r A2 D47O*,Proventia
Network Active Bypass %*+#9v/EED
+d"$nT7#=#
Z 1 B Proventia Network Active Bypass %*ri 5
KP#=
Proventia Network Active Bypass %*_PTBKP#=:
KP#= hv
#= 0:}#n/Z* g{ Proventia Network Active Bypass %*Z
,1Z^ZSU=v/EE,G4;;#=+
#V*rd*“n/;;”#=#
g{ Proventia Network Active Bypass %*Z
,1Z^Z4SU=v/EE,G4|+d*
r#V*“T7;;”#=#
1!ivB(^v/EE),Proventia Net-
work Active Bypass %*T“T7;;”#=K
P#
#= 1:}#Z* g{ Proventia Network Active Bypass %*Z
,1Z^ZSU=v/EE,G4;;#=+
#V;drd*“T7;;”#=#
g{ Proventia Network Active Bypass %*Z
,1Z^Z4SU=v/EE,G4|+d*
r#V*“n/;;”#=#
1!ivB(^v/EE),Proventia Net-
work Active Bypass %*#V*“n/;;”#
=#
#= 2:V$n/Z* Proventia Network Active Bypass %*<U&Z
“n/;;”#=#
#= 3:V$n/T7 Proventia Network Active Bypass %*<U&Z
“T7;;”#=#
#= 4:V$;/T7 Proventia Network Active Bypass %*&Z;/
T74,,bb6ET7#=PDb'*XQ
“XU”#
6 Proventia Network Active Bypass: C'8O
Z 2 B hC Proventia Network Active Bypass %*
>B2vK,SMdC Proventia Network Active Bypass %*#
wb
}LEv:dCM?p Proventia Network Active Bypass %*
:dCM?p Proventia Network Active Bypass %*;
dCM?p Proventia Network Active Bypass %*>wbj8hvKdCM?p Proventia Network Active Bypass %*D=h#
XZKNq
TB}LGdCM?p Proventia Network Active Bypass %*yXhD#
}L
1. + Proventia Network Active Bypass %*M Proventia Network IPS h8ECZz
\O#
2. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg
B"TCh8xPdC#
3. + Proventia Network Active Bypass %*Dg4_Vp,S==v;,Dg4(T
a__`H)#
4. (}/@wCJ\mgf"G<#
5. li Proventia Network Active Bypass %*Gq}Z+]}]w#
6. (}\mgfhCVNdC#(C}La3dh8ODKZ"hC$@TT7#)
© Copyright IBM Corp. 2009 7
EC Proventia Network Active Bypass %*M ProventiaNetwork IPS h8
}L
1. v( Proventia Network Active Bypass %*M Proventia Network IPS h8DEC
;C#
2. + Proventia Network Active Bypass %*M Proventia Network IPS h8EC=z
\O#
3. y] Proventia GX kE8OPa)D5w,,S Proventia Network IPS h8Dg
B#
":Proventia Network Active Bypass %*9CDv 1Gb VN#
,Sg4_
}L
1. +?v;wg4JdwD1wS7ek Proventia Network Active Bypass %*#
2. +dP;yg4_ek;wg4ey#+m;yg4_ek4Tm;v;wg4D
;wg4ey#
a>:9C@"D;wg4,ITZ3v;wg4"zPODivB,T\7#a
)g&,ns/g4_`T#
3. lig48>F,7O Proventia Network Active Bypass %*QS(g4#
8 Proventia Network Active Bypass: C'8O
G<=\mgf
}L
1. 9C\mgB(j"*“CAT5E”),+Fcz,S= Proventia Network Active Bypass
%*OD\mKZ#
*c:7#z4UP5nQv(4#$T:DX*xgy!h)#kp+\mKZ
,S=Tb?w?*EDNNxg#\mKZ;&,S=(CZ\m Proventia Net-
work Active Bypass %*M Proventia Network IPS h8D\^xg#
2. t/ Internet Explorer#
3. dk https://192.168.0.111#
":\mKZD1! IP X7* 192.168.0.111#g{|DK\mKZ IP X7,G4
CJ\mKZD Web X72&f.|D*|(bvBD IP X7#
4. G<=\mgf#WN,S=\mgf1,k9C1!C'{M\k#
VN 1!hC
C'{ admin
\k admin
":g{Z\mgfDC'3fO|DK1!DG<hC,G4zhCD5aZf
sYN"TG<1z'#
hCgSJ~(*
XZKNq
dCgSJ~(*,TcZ Proventia Network Active Bypass %*D4,"zd/1I
TSU4,gSJ~#ZdCVN.0,XkhCgSJ~(*#
Z 2 B hC Proventia Network Active Bypass %* 9
hCVN
}L
1. Z\mgfP,kTz*dCDVN!qVN3f#
2. dkr!q`&DhC,;s%w#f
10 Proventia Network Active Bypass: C'8O
Z 3 B Z\mgfPdC Proventia Network Active Bypass%*
zIT9C\mgfr|nPgf4hC Proventia Network Active Bypass %*Ds?
VdC!n#>BPvKZC'gfPICDdC!n,"hvKgNTdxPh
C#
wb
Z 123D:XZ\mgf;
Z 133D:CJ\mgf;
Z 143D:`X Proventia Network Active Bypass %*D4,;
Z 153D:\m Proventia Network Active Bypass %*DhC;
© Copyright IBM Corp. 2009 11
XZ\mgf
Proventia Network Active Bypass %*a)K;v2+D Web \mgf#
\m3f
\mgfI;5P3fiI,b)3fgBmy>#
\m3f hv
4, PX Proventia Network Active Bypass %*D
4,E"
\mKZ \mKZD IP hC
VN 1 TCVNPh8DKZhCMv/EEhC,
T$nT7rxkn/#=#
VN 2 TCVNPh8DKZhCMv/EEhC,
T$nT7rxkn/#=#
VN 3 TCVNPh8DKZhCMv/EEhC,
T$nT7rxkn/#=#
VN 4 TCVNPh8DKZhCMv/EEhC,
T$nT7rxkn/#=#
gSJ~(* gSJ~(*yhDhC,nggSJ~J'
MJ~~qwE"
SNMP hC CZr SNMP ]e~qw"M SNMP ]eD
hC
NTP hC 9xg1d-i(NTP)+ Proventia Network
Active Bypass %*1dkxg1d~qw,=
DhC
1dhC Proventia Network Active Bypass %*D1xh
C
8]/V4 8]"V4T04;=v'1!&\
L~|B +L~|BD~OX= Proventia Network Active
Bypass %*
U>hC 53U>D~DhC
XBt/ XBt/ Proventia Network Active Bypass %
*
C' |D admin \k
6LO$ Jm6LCJ~qwkO$~qwxP(ET
7OC'GqP(CJxgDhC
12 Proventia Network Active Bypass: C'8O
CJ\mgf
IT(}Nb;v Web /@w4\mM`X Proventia Network Active Bypass %*#
Hvu~
7# Proventia Network Active Bypass %*DT+x\mKZQ,S=>Xxgrwz#
1!\mKZ IP X7M Web X7
Proventia Network Active Bypass %*P;vVdx\mKZD1! IP X7#BmP
T>K1! IP X7M URL:
n 1!5
\mKZ IP X7 192.168.0.111
\mKZ Web X7 https://192.168.0.111
b)1!5Z|D.0<UP'#zIT9C|nPN}r9C\mgfD\mKZ
3f4|D\mKZD IP X7#
*c:T\mKZxP|D+PO\mgfD,S#ZxPNN|D.0,k7#I
TCJBD IP X7#|D IP X7s,\mKZD Web X72f.|D#
\mgfD Web X7
zIT9CI https:// sz\mKZD IP X7iID Web X74CJ\mgf#C
Web X7Dq=gB:
https://xxx.xxx.xxx.xxx
Zdk Web X71,CVdx\mKZD IP X7f; xxx.xxx.xxx.xxx#
}g,1! Web X7* https://192.168.0.111
":Zdk Web X7s,+a4=;uPX Web >c2+O$D{"#%w“LxC
JC Web >c(;Fv)”TLx#
G<
xk\m Web >cs,+4=G<A;#4UBmPD5wjITBVN#
VN hv
C' dkC'{
":1!C'* admin#
\k dk\k
":1!\k* admin#
1!5Z|D.0<UP'#g{h*|DC'{r\k,IT9C\mgfDC'
3fr|nPgf#
Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 13
`X Proventia Network Active Bypass %*D4,>wbhvK(}\mgf4`X Proventia Network Active Bypass %*D4,#
li{e4,
4,3fGG<=\mgf14=DZ;v3f#9C4,3f4i4PX Proventia
Network Active Bypass %*DE"#4,3fV8v?Va)E",b)?VgBmy
>#
?V hv
53 a)PX Proventia Network Active Bypass %
*D#fE"
g4 mwg4*t9GXU
VN 1 T>VN 1 Dn//T74,
VN 2 T>VN 2 Dn//T74,
VN 3 T>VN 3 Dn//T74,
VN 4 T>VN 4 Dn//T74,
X!hC T>10DKZdC
i4534,
53?Va)#fD534,,b)4,gBmy>#
VN hv
z7{F T> Proventia Network Active Bypass %*D
{F:
:Proventia® NAB;
z7j6 T> Proventia Network Active Bypass %*D
z7j6:
:Proventia NAB rev 1;
2~^)f T> Proventia Network Active Bypass %*D
2~f>
L~f> T> Proventia Network Active Bypass %*D
10L~f>
\m IP T>\mKZD IP X7
a>:g{*|D\mKZD IP hC,k9C
\mKZ3f#
1!5:192.168.0.111
gSJ~(* m>gSJ~(*tC9G{C
a>:g{*|DgSJ~hC,k9CgS
J~(*3f#
1!5:{C(;"M)
14 Proventia Network Active Bypass: C'8O
\m Proventia Network Active Bypass %*DhC9C\mgf4i4r|D Proventia Network Active Bypass %*DhC#
hCVNdC
}L
1. Z\mgfP,!qVNdC3f#
2. jIDvVN(A - D)PnJOzX(xg73DVNDVN:
VN hv
v/EESUZdJmDn$1d(100 Ak- 25500 Ak)
8(I Proventia Network Active Bypass %*
zIDC'(eDT+xv/EE!#
v/EE!?t 100 Ak(ms)S Proventia
Network Active Bypass %* T+xKZ A1 "
v,Proventia Network Active Bypass %*T+
xKZ A2 XkS Proventia Network IPS h8
SU=,;vv/EE!#
*$nT7x*'Dv/EE}(1-10) 8(Cw Proventia Network Active Bypass %
*T+xKZ A1 M A2 D47,S4,8>
wDv/EE#
g{KZ A 1 r A 2 D47PO,G4
Proventia Network Active Bypass %*a#9v
/EED+d"$nT7#=#
*xkn/==xSU=Dv/EE}
(1-10)8(I Proventia Network IPS h8zIDC'
(eDT+xv/EE!#bG Proventia Net-
work Active Bypass %**KST7#=d*n
/#=xXkSUDv/EE}#
1!5:1
Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 15
VN hv
KP#= 8( Proventia Network Active Bypass %*D
KP#=:
v #= 0:}#n/T7(1!#=)- g{
Proventia Network Active Bypass %*Z,1
Z^ZSU=v/EE,G4C;;#=#
V;drd*“n/;;”#=#
g{ Proventia Network Active Bypass %*
Z,1Z^Z4SU=v/EE,G4|+
d*r#V*“T7;;”#=#
1!ivB(;Pv/EE), Proventia
Network Active Bypass %*#V*“T7;;
”#=#
v #= 1:}#n/Z* - g{ Proventia
Network Active Bypass %* Z,1Z^ZS
Uv/EE,G4C;;#=#V;dr|
DI“T7;;”#=#
g{ Proventia Network Active Bypass %*
Z,1Z^Z4SU=v/EE,G4|+
d*r#V*“n/;;”#=#
1!ivB(;Pv/EE),Proventia Net-
work Active Bypass %* #V*“n/;;”
#=#
v #= 2:V$n/ - Proventia Network
Active Bypass %*<U&Z“n/;;”#
=#
v #= 3:V$n/T7 - Proventia Net-
work Active Bypass %*<U&Z“T7;;
”#=#
v #= 4:V$;/T7 - Proventia Net-
work Active Bypass %*&Z;/T7#=,
dPT7#=PDb'*X*“XU”#
47JOlb g{xgKZ#9$w,G4azI SNMP ]
e#
v 0:{953lb“47JOlb”
v 1:953\;lb"$n“47JOlb”
1!5:QtC
16 Proventia Network Active Bypass: C'8O
VN hv
X!hC Z“T7;;”#=M“n/;;”#=B*}]
w8( Proventia Network Active Bypass %*
ODKZ:
v KZ N1:xgkZ
v KZ N2:xgvZ
v KZ A1:h8dkZ
v KZ A2:h8dvZ
X!hCD!nP:
v RX
v TX
v RX/TX
dC\mKZhC}L
(}\mKZ3fdC\mKZD IP hC#
VN hv
IP X7 \mKZD IP X7
1!5:192.168.0.111
xgZk xgrSxZkD IP X7
1!5:255.255.255.0
xX xXD IP X7
1!5:192.168.0.1
DNS 1 wr{53~qwD IP X7
1!5:192.168.0.1
DNS 2 (zr{53~qwD IP X7
1!5:0.0.0.0
Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 17
hCgSJ~(*
XZKNq
Proventia Network Active Bypass %*a)KgSJ~(*&\,IdCC&\,Tc
1VND;;#="zd/1"MgSJ~{"#(}gSJ~(*3fdCgSJ
~~qwMJ',T0tCr{C(*#
}L
4Bmyv4hC5#
VN hv
gSJ~(* tCr{CgSJ~(*
1!5:Q{C(;"M)
b"J~~qw(SMTP) `&Db" SMTP J~~qwDX7
b"J~~qw(SMTP)KZ b" SMTP J~~qwDKZE
1!5:25
SMTP C'{ b" SMTP J~~qwDC'{
SMTP \k b" SMTP J~~qwD\k(g{JC)
b"J~~qw(SMTP)2+T SMTP J~~qwkJ~M'z.d9CD
SSL S\
1!5:tC(2+)
"~K("~KDgSJ~X7) &CT>Zb"gSJ~{""~KVNPD
{FrX7
U~K(U~KPm,T:EVt) (*"MADDU~KgSJ~X7Pm
wb T>Zb"gSJ~{"wbPPDwb
>}::Proventia NAB status report;
18 Proventia Network Active Bypass: C'8O
dC SNMP ]eXZKNq
Proventia Network Active Bypass %*a)K SNMP ]e&\,(}C&\IZVN
4,rg44,"zd/1r]e~qw"M{"#(} SNMP hC3fdC SNMP
?j IP M SNMPv2 xr{F,T0tCr{C SNMP ]e&\#
}L
4UBmPD5wjITBVN#
VN hv
"M SNMP ]e tCr{C SNMP ]eD"M
1!5:Q{C
SNMP h]?j IP SNMP ]e~qwD?j IP
1!5:localhost
SNMPv2 gx SNMP ]e~qwDxr{F
1!5:+2
N<:kND IBM ISS MIB D~}C#
,=1dMhC1x}L
(} NTP Setting 3ftCxg1d-i(NTP),9 Proventia Network Active Bypass
%* 1dkxg1d~qw,=#(} Time Setting 3fhC Proventia Network Active
Bypass %*D1x#4BmyvhCTB5#
VN hv
NTP 9 Proventia Network Active Bypass %*1d
kxg1d~qw,=D-i
1!5:Q{C
NTP ~qw 9C NTP a)1dD;iFczD+2r
1x Proventia Network Active Bypass %*9CD1
x
1!5:@z\&<
Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 19
\mC'J'hC
}L
(}C'3f|DCJ Web \mgfyhDC'{M\k#
VN hv
\k (} Web /@wCJ\mgfyhD\k
7O\k (} Web /@wCJ\mgfyh\kD7O
8]rV4hC
}L
(}8]/V43fFw8]D~r9 Proventia Network Active Bypass %*5XAd
1!hC#4UBmPD5wjITBVN#
VN hv
8] + Proventia Network Active Bypass %*O1
0hCD1>#fZ{* config.txt DD~P
V4T Qf"D8]D~D;C#dkD~;Cr/
@ACD~,;s%wV4T#
V4=v'1!dC 9 Proventia Network Active Bypass %*Dh
CV4*1!dC,;sXBt/#
*c:\mgfD IP X7;a4;#
20 Proventia Network Active Bypass: C'8O
&CL~|B
XZKNq
(}L~|B3f,TV$==+L~|BOX= Proventia Network Active Bypass %
*#/@A|BD~D;C,;s%w%wL~#
":jIC}Ln`h* 5 VS#
kl4,3fTi$Gq20KBDL~f>#
tC53U>G<
XZKNq
(}U>hC3f,+w53PDU>}]O"=Pkf"bP#53U>|,rC
';%(g53XBt/rV/&\dC)r53Yw(gL~|BsDT/XBt
/)<B Proventia Network Active Bypass %*yI!YwDX*E"#
}L
4UBmPD5wjITBVN#
VN hv
U>G< hCU>}]DO"
1!5:Q{C
Syslog ~qwwz U>}]Pkf"bD IP X7
1!5:localhost
Syslog ~qwKZ 53U>~qw}Z`XDKZE
1!5:514
Syslog ~qwj6 53U>~qwDwz{
1!5:NAB
Z 3 B Z\mgfPdC Proventia Network Active Bypass %* 21
XBt/ Proventia Network Active Bypass %*XZKNq
(}XBt/3fXBt/ Proventia Network Active Bypass %*#
dC6LO$
XZKNq
(}6LO$3fdC TACACS+ -iDhC#TACACS+(Terminal Access Control-
ler Access Control System Plus,v?DUKCJXFwCJXF53)-i*4T;
vr`v~qwD Proventia Network Active Bypass %*a)CJXF(@"O$"Z
(MJ'~q)#
}L
4UBmPD5wjITBVN#
VN hv
TACACS+ Jm TACACS+ -ixPCJXF
1!5:Q{C
~qw a)CJ~qD~qwD IP X7
1!5:0.0.0.0
S\ T TACACS+ |DweS\,9(E|2+
1!5:q
\? *M'zMX$Lry*DCZS\D2m\
?5
1!5:^
~q ksO$D~q
1!5:+?
22 Proventia Network Active Bypass: C'8O
Z 4 B 9C|nPgfdC Proventia Network ActiveBypass %*
zIT9C\mgfr|nPgf4hC Proventia Network Active Bypass %*Ds?
VdC!n#>BPvK|nPN},"hvKgN(}|nPgf4hCdC!
n#
wb
Z 243D:CJ|nPgf;
Z 253D:|nPN}Do(;
Z 253D:|nPN};
© Copyright IBM Corp. 2009 23
CJ|nPgf
>wb2vKPXCJ|nPgf=fDZ]#
,S`M
zIT(}TB=V==.;4CJ Proventia Network Active Bypass %*D|nPg
f:
v (}.PUKBfw
v (} SSH 6L shell Bfw
,S*s
BmT>KTZ=V,S`My&_8Du~#
,S`M
Proventia Network ActiveBypass %*ODKZ gB
.PUKBfw XF(KZ XF(gB
SSH 6L shell Bfw \mKZ \mgB
.PUKhC
9C.PUKBfwMTBUKhC:
hC 5
(EKZ (#* COM1(!vZFczhC)
Bf VT100
HX/k 115200
}]; 8
f<T#i ^
#9; 1
w?XF ^
SSH KZ
Proventia Network Active Bypass %* SSH ~qw9Cj<KZ 22#
C'{M\k
9C\m1J'4dCN}"`X Proventia Network Active Bypass %*D4,#Bm
PvK1!C'{M\k#
VN hv
C' dkC'{
":1!C'* admin#
\k dk\k
":1!C'* admin#
24 Proventia Network Active Bypass: C'8O
":zIT(}|nPgfr(}\mgf4|D\k#
|nPN}Do(
>wbEvK9C|nPN}hCrlw51yhDo(#
(^*s
;P Admin J'_PhCMlw53N}D(^#
|nPo(
9CTB|nPo(4hCrlwN}5#
|n Yw
cli get |more dvyPN}D5
cli get parameter_ name *N}8(5
}g:dk cli get timeout +T>.xFq
=D,15
cli set parameter_name parameter_value *8(DN}hC5
}g:dk cli set timeout 20 a+,15h
C* 20
|nPN}
>wbPvKICZ Proventia Network Active Bypass %*D|nPN}#
N}V*TB8`:
v \mKZ
v (E
v gSJ~(*
v SNMP
v KP
ww9CN}
kww9Cb)|nPN},r*|GXFE Proventia Network Active Bypass %*D
P*#}GIT7(|D1!5sTxgzzDa{,qrkp|D1!5#3)N
};PZ IBM ISS M''VzmD8<BEITxP|D#
\mKZN}
BmPDN}XF\mKZD IP hC#
N} hv
ip Proventia Network Active Bypass %*\mKZ
D10 IP X7
1!5:172.16.124.17
Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 25
N} hv
mask \mKZDSxZk
1!5:255.255.255.0
gw \mKZDxX IP X7
1!5:172.16.124.1
current_ip \mKZD10 IP X7
":current_ip N}*;AN}#
(EN}
BmPDN}XFE Proventia Network Active Bypass %*D(E&\#9C cli get
4lwN}D105#9C cli set SB54|DN}5#}g,cli set ip
127.0.0.1#
N} hv
dns DNS ~qw IP X7
":CN}T&ZC'gfPD DNS 1#
dns2 Z~v DNS ~qw IP X7
domain >XwzDr{
1!5:local
dhcp DHCP M'z
dhcp:+CN}hC* dhcp TtC Proventia
Network Active Bypass %*\mKZOD
DHCP M'z#
Static:+CN}hC* static T{C Proventia
Network Active Bypass %*\mKZOD
DHCP M'z
host C%*Dwz{
CN}*;AN}#
1!5:Proventia_NAB
username \m1J'{
1!5:admin
\k \m1\k
1!5:admin
https tCr{C HTTPS ~qw
v 0:{C2+ Web \mgf
v 1:tCT2+ Web \mgfDCJ
1!5:1(tC)
26 Proventia Network Active Bypass: C'8O
gSJ~(*N}
BmPDN}XFEgSJ~(*&\#
N} hv
email tCr{CgSJ~(*&\
v 0:{CgSJ~(*
v 1:tCgSJ~(*
1!5:1
email_from T>ZgSJ~(*“"~K”VNPD{Fr
gSJ~X7
email_security tCr{CgSJ~2+&\
v 0:{CgSJ~2+&\
v 1:tCgSJ~2+&\
1!5:1
email_username S Proventia Network Active Bypass %*"M
gSJ~(*yCDgSJ~J'DC'{
email_password S Proventia Network Active Bypass %*"M
gSJ~(*yCDgSJ~J'D\k
email_server J~~qwD SMTP ~qwX7
email_subject Z(*gSJ~{"DwbPPT>DD>
y>:“Notice: PNAB segment(s) have switched
modes”
email_to +rd"M(*DgSJ~X7Pm
SNMP N}
BmPDN}XFE SNMP ]eD"M#
N} hv
snmp tCr{C SNMP &\
v 0:{C SNMP &\
v 1:tC SNMP &\
1!5:0({C)
snmp_community SNMP xr{F
1!5:+2
snmp_destination SNMP ?j
1!5:localhost
LFD g{xgKZPO,cazI“47JOlb”
v 0:{953lb“47JOlb”
v 1:953\;lb"$n“47JOlb”
1!5:QtC
Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 27
KPN}
BmPDN}XFE Proventia Network Active Bypass %*DP*#
N} hv
timeout Proventia Network Active Bypass %*D,15
?v,1%** 100 Ak#(,16'* 100
Ak= 25.5 k#)
Z1!T7KP#=B,g{ Proventia Net-
work Active Bypass %*Zh(D,15Z;P
lb=v/EE!,G4CVN+Sn/#=
P;AT7#=#
1!5:1
force kT?v I/O %*D?F(wT)#=
v 0:{C?F(wT)#=
v 2:?FVN&Z“n/;;”#=
v 4:?FVN&Z“T7;;”#=
1!5:0({C)
op_mode Proventia Network Active Bypass %*D1!K
P#=
v 0:}#n/T7
g{SU=v/EE,G453+&ZZ*
4,#
v 1:}#Z*
g{U=v/EE,G453+&ZT74
,#
v 2:<UZ*
v 4:<Un/T7
v 5:V$;/T7(T7#=PD“T7;;
”;XU)
1!5:0(}#n/T7)
hb_mode Proventia Network Active Bypass %*Dv/E
E#=
v hb_mode 1:53}ZzIv/EE
v hb_mode 2:b?4}ZzIv/EE
v hb_mode 3:53y]h8OD47lb$n
T7
1!5:hb_mode 1
state Proventia Network Active Bypass %*D4,
CN}*;AN}#
v 0:“T7;;”4,
v 1:“n//Z*;;”4,
28 Proventia Network Active Bypass: C'8O
N} hv
active_hb_cnt f"n/v/EEF}
;PZVNSU= active_hb_cnt v,xv/E
EsEaP;*“n/;;”#=#
1!5:2(6':1 = 10)
bypass_hb_cnt f"T7v/EEF}
;PZVN*' bypass_hb_cnt vv/EEsE
aP;*“T7;;”#=#
1!5:3(6':1 = 10)
TACACS+ N}
(} CLI CTBN}4dC TACACS+:
N} hv
tacacs 5:
v 0:{C
v 1:tC
tacacs_encryption 5:
v 0:{C
v 1:tC
tacacs_protocol TACACS+ -i
1!5:+?
tacacs_secret TACACS+ \?
1!5:^
tacacs_server TACACS+ ~qwD IP X7
tacacs_service TACACS+ ~q
1!5:+?
Z 4 B 9C|nPgfdC Proventia Network Active Bypass %* 29
30 Proventia Network Active Bypass: C'8O
yw
>E"G*Z@za)Dz7M~q`4D#
IBM I\Zd{zRrXx;a)>D5PV[Dz7"~qr&\XT#PXz10
yZxrDz7M~qDE",krz1XD IBM zmI/#NNT IBM z7"L
rr~qD}C"GbZw>r5>;\9C IBM Dz7"Lrr~q#;*;V8
IBM D*6z(,NN,H&\Dz7"Lrr~q,<ITzf IBM z7"Lrr
~q#+G,@@Mi$NNG IBM z7"Lrr~q,+IC'TP:p#
IBM I\Q5Pr}Zjkk>D5Z]PXDwn({#a)>D5"4ZhC'N
N9Cb)({DNNmI#zITCif==+mIi/Dy:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
PX+VZ(DBCS)E"DmIi/,kkzyZzRrXxD IBM 6z(?E*
5,rCif==+i/Dy:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
>un;JC"zrNNbyDunk1X(I;;BDzRrXx:INTERNA-
TIONAL BUSINESS MACHINES CORPORATION “4V4”a)>vfo,;=PN
NV`D(^[Gw>D9G5,D)#$,|((+;^Z)5,DPXGV("
JzMJCZ3X(C>DP^#$#3)zRrXxZ3);WP;Jmb}w>
r5,D#$#rK>unI\;JCZz#
>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b
)|D+`k>JODBf>P#IBM ITf1T>JOPhvDz7M/rLrxPD
xM/r|D,x;mP(*#
>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==
d1TG) Web >cD#$#G) Web >cPDJO;G IBM z7JOD;?V,
9CG) Web >cx4DgU+IzTPP##
IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN
pN#
>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(
DLrMd{Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE
"xP`%9C,kkBPX7*5:
© Copyright IBM Corp. 2009 31
IBM Corporation
Project Management
C55A/74KB
6303 Barfield Rd.,
Atlanta, GA 30328
U.S.A
;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD
E"#
>D5PhvDmILr0dyPICDmIJOyI IBM @] IBM M'-i"IBM
zJm~mI-irNN,H-iPDuna)#
yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv
m>K?jMb8xQ#
Lj
IBM"IBM UjM ibm.com G International Business Machines Corp., Z+rm`>(
xrDLjr"aLj#d{z7M~q{FI\G IBM rd{+>DLj#Web >
c www.ibm.com/legal/copytrade.shtml O“f(MLjE"”?VP|,K IBM LjD
nBPm#
Linux® G Linus Torvalds Z@zM/rd{zRrXxD"aLj#
UNIX® G The Open Group Z@zMd{zRrXxD"aLj#
Microsoft® M Windows® G Microsoft Corporation Z@zM/rd{zRrXxD"a
Lj#
d{+>"z7r~q{FI\Gd{+>DLjr~qjG#
32 Proventia Network Active Bypass: C'8O
w}
[B]|0Z] v
8]/V4 20
[C]XBt/ 22
[D]g4 3
g4JO#$ 2
gSJ~(* 18
[F]VNdC 15
[G]|BL~ 21
L~|B 21
\mKZhC 17
\mgf 11
[J]<u'V, IBM Internet Security
Systems viii
;;#= 4
[M]|nPgf
N} 25
CJ 24
|nPo( 25
[W]D5 vii
[X]534, 14
mI$-i viii
[Y]C'gf 11
C'J'hC 20
o(, |nP 25
[Z]v?DUKCJXFwCJXF53 22
*6b vii
UKCJXFwCJXF53 22
4, 14
IIBM Internet Security Systems
<u'V viii
Web >c viii
IBM ISS 'V*6b vii
SSSH KZ 24
syslog 21
TTACACS
kND UKCJXFwCJXF53
TACACS+
kND v?DUKCJXFwCJXF
53
WWeb >c, IBM Internet Security
Systems viii
© Copyright IBM Corp. 2009 33
34 Proventia Network Active Bypass: C'8O
����
Printed in China