H3C SecCenter UTM Manager User Manual

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Document version: 5PW104-20110413

H3C SecCenter UTM Manager

Configuration Guide

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

Notice

H3C,

, Aolynk, , H3Care,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C SecCenter UTM Manager Configuration Guide describes Installation and uninstallation, Integration with iMC, System management, Bandwidth management, Behavior auditing, IPS management, Firewall management and Configuration example, and so on.

This preface includes:

•

Audience

Conventions

•

Obtaining documentation

•

Technical support

•

Documentation feedback

•

Audience

This documentation is intended for:

• Network planners

• Field technical support and servicing engineers

• Network administrators working with the SecCenter UTM Manager

Conventions

This section describes the conventions used in this documentation set.

GUI conventions

Convention Description

Boldface

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Symbols

Convention Description

WARNING

CAUTION

IMPORTANT

NOTE

Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK.

An alert that calls attention to important information that if not understood or followed can result in personal injury.

An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.

An alert that calls attention to essential information.

An alert that contains additional or supplementary information.

TIP

An alert that provides helpful information.

Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Obtaining documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download] – Provides the documentation released with the

software version.

Technical support

customer_service@h3c.com

http://www.h3c.com

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

Overview ······································································································································································ 1

Introduction to H3C SecCenter UTM Manager ·············································································································1 What H3C SecCenter UTM Manager can do···············································································································1

Installation and uninstallation······································································································································ 2

Installing H3C SecCenter ·················································································································································2 Registering the UTM Manager·········································································································································4 Uninstalling the UTM Manager ·······································································································································5

Integration with iMC···················································································································································· 7

Using SCMTOOL to integrate SecCenter into iMC ·······································································································7 Removing SCMTOOL ·······················································································································································9

System management··················································································································································10

Device management ······················································································································································ 10

Managing device groups ····································································································································· 10 Managing device access templates ···················································································································· 12 Managing devices················································································································································· 15 Managing device software ·································································································································· 20 Managing the device configuration ···················································································································· 24 Managing the device software database··········································································································· 30 Managing deployment tasks ································································································································ 32 Managing events··················································································································································· 33 Configuring device interface alarming ··············································································································· 35

Operator management·················································································································································· 35

Managing Operators············································································································································ 35 Managing operation logs····································································································································· 38 Changing your password····································································································································· 39

System configuration······················································································································································ 40

Configuring service parameters··························································································································· 40 Configuring system parameters ··························································································································· 41 Configuring management ports ··························································································································· 41 Configuring the mail server·································································································································· 43 Configuring SMS alarming ··································································································································44 Managing filters ···················································································································································· 45 Managing LDAP servers ······································································································································· 47 Configuring SMS alarming ··································································································································49 Configuring segments ··········································································································································· 50 Monitoring the disk space ···································································································································· 51 Managing subsystems··········································································································································· 53

Bandwidth management············································································································································56

Traffic snapshot······················································································································································ 56 Segment traffic comparison·································································································································· 58 Traffic anomaly alarm··········································································································································· 59

Service traffic analysis by device group······················································································································ 61

Service traffic trend ··············································································································································· 61 Service traffic distribution ····································································································································· 65 Generic service analysis······································································································································· 68

Service traffic analysis by user ····································································································································· 69

Top users' traffic statistics ····································································································································· 69 Realtime traffic monitoring of a single user ········································································································ 71 Service traffic trend of a single user···················································································································· 72 Service traffic distribution of a single user·········································································································· 75 Detailed session statistics······································································································································ 77

Service traffic analysis by IP group······························································································································ 78

Managing IP groups ············································································································································· 78 Realtime traffic snapshots of an IP group············································································································ 81 Service traffic trend of an IP group······················································································································ 82 Service traffic distribution of an IP group ··········································································································· 85 Traffic statistics of top users in an IP group ········································································································ 87

Behavior auditing·······················································································································································89

User behavior analysis ·················································································································································· 89

Website analysis ··················································································································································· 89 Email application analysis···································································································································· 91

User behavior auditing·················································································································································· 92

Web application auditing ···································································································································· 92 FTP application auditing ······································································································································· 93 Email application auditing ···································································································································94 Instant message application auditing·················································································································· 95 Telnet application auditing··································································································································· 96 SQL application auditing······································································································································ 97 NAT logs auditing ················································································································································· 98 Quick auditing ······················································································································································· 99 User details ··························································································································································100 User behavior alarm ···········································································································································101

Database auditing and analysis·································································································································103

Viewing database access snapshot ··················································································································103 Viewing database access trend analysis··········································································································105 Viewing database access details ······················································································································109 Managing SQL statement filtering conditions ··································································································111 Managing database access alarms ··················································································································113

URL analysis··································································································································································118

Event snapshot ·····················································································································································118 Aggregate analysis ·············································································································································119 User action analysis ············································································································································120 Category auditing ···············································································································································121

Audit logs backup ························································································································································122

Backing up manually ··········································································································································122 Scheduling auto backup ·····································································································································124 Importing backed up logs···································································································································125

IPS management······················································································································································ 128

Managing UTM devices ·····································································································································128 Managing signature files····································································································································131 Rule list··································································································································································133 Displaying device statistics·································································································································134

Realtime monitoring ·····················································································································································135

Displaying event snapshots ································································································································135 Displaying attack/virus/DDoS snapshot list·····································································································139 Monitoring devices··············································································································································141

Event analysis ·······························································································································································142

Displaying attack/virus/DDoS attack event analysis reports ·········································································142

Attack event details ·············································································································································146 Displaying virus event details·····························································································································149 Displaying DDoS event details···························································································································151 Configuring the alarming function·····················································································································152 Managing report export tasks····························································································································155

Policy management······················································································································································157

Configuring attack protection policies ··············································································································158 Configuring anti-virus policies····························································································································162 Configuring policy applications ························································································································165 Displaying attack signatures ······························································································································168 Displaying virus category list ·····························································································································170 Configuring custom events ·································································································································171 Importing and exporting policies·······················································································································179

Firewall management ············································································································································· 182

Firewall device management ······································································································································182

Managing firewall devices·································································································································182 Viewing device statistics ·····································································································································184 Managing the device configuration database·································································································184 Managing deployment tasks ······························································································································191

Attack events monitoring ·············································································································································192

Snapshot of events ··············································································································································192 Recent events list··················································································································································194 Device monitoring ···············································································································································195

Event overview·····················································································································································195 Viewing event details··········································································································································197 Managing report export tasks····························································································································199

Event auditing·······························································································································································201

Auditing traffic anomaly logs·····························································································································201 Auditing operation logs ······································································································································202 Auditing blacklist logs·········································································································································203 Auditing NAT logs···············································································································································204 Auditing interzone access logs ··························································································································204 Auditing MPLS logs ·············································································································································205 Auditing other logs··············································································································································205

Security policy management·······································································································································206

Managing security zones ···································································································································206 Managing time ranges ·······································································································································208 Managing services··············································································································································210 Managing IP addresses ······································································································································215 Managing interzone rules ··································································································································222 Managing interzone policies ·····························································································································226 Managing interzone policy applications··········································································································229

Configuration example 1 ······································································································································· 233

Network requirements ·················································································································································233 Configuring the UTM devices ·····································································································································233 Adding the UTM devices to the UTM Manager········································································································233

Configuration example 2 ······································································································································· 235

Network requirements ·················································································································································235 Configuration procedures ···········································································································································235

Configuring the UTM device ······························································································································235 Configuring the SecCenter ·································································································································238 Configuring intrusion detection on the UTM and specifying sending logs to the SecCenter······················238

iii

Configuring the advanced detection policies and specifying sending logs to the SecCenter····················241

Verification····································································································································································247

Firewall logs and SecCenter analysis ···············································································································247

Index ········································································································································································ 254

Overview

Introduction to H3C SecCenter UTM Manager

H3C SecCenter Unified Threat Management (UTM) Manager is a powerful system for comprehensive analysis and centralized management of UTM devices. It is an important component of the H3C Security Management Center (SecCenter).

The UTM Manager allows you to manage and control all UTM devices in your network. It features great scalability, visual realtime event monitoring, comprehensive security event analysis such as attack, virus, worm, and DDoS event analysis, and rich reports, enabling you to learn the network security status at any time. Together with UTM devices, the UTM Manager provides you with visual, all-around, powerful network security protection.

Meanwhile, the UTM Manager supports control and auditing based on Layer 7 applications. It provides traffic analysis and management based on service, user, and IP group, enables peer to peer (P2P) service monitoring and management, and allows for user behavior auditing and service control policies, satisfying the requirements of service providers for granular data support and traffic/service control, and virtually implementing visual control and management of network applications.

What H3C SecCenter UTM Manager can do

As a powerful, efficient UTM device management system, the UTM Manager allows for centralized management of UTM devices, unified traffic and service monitoring, centralized collection and analysis of security events, exact analysis of network traffic, and rich network resource usage reports. From the all-around reports, you can learn the history security status as well as the security trends of the network easily.

The UTM Manager presents the following key features:

• Exact application traffic analysis, allowing you to know the network resources usage thoroughly.

• Realtime traffic abnormality and service abnormality detection, helping you prevent overuse of

bandwidth.

• All-around attack/virus event monitoring, helping you discover security problems in time.

• Automatic, periodic report exporting, releasing you from manual export of reports.

• Visual realtime monitoring, helping you detect network attacks in time.

• Perfect comprehensive analysis and rich statistics reports, reducing your analysis time.

• Fine log and behavior auditing, allowing you to track events easily.

• Centralized upgrade of signature files, ensuring identification of new attack behaviors.

• Friendly and easy-to-use interface, allowing easy deployment.

Installation and uninstallation

Installing H3C SecCenter

Installing H3C SecCenter installs all H3C SecCenter components at the same time.

H3C SecCenter runs on Windows. The detailed software and hardware requirements are as follows:

• Hardware: P4 2.0 CPU or above, 1.5G memory or more, 80G disk or more.

• Operating system: Windows 2003 Server (recommended) or Windows XP, installed with the

up-to-date patches.

• Browser: IE 6.0 or above

To install H3C SecCenter, run the executable file install.exe, which is under the installation directory, and proceed as prompted. During installation, pay attention to the following steps:

1. On the language selection page, select English from the language dropdown list as shown in

Figure 1, and click OK to continue.

Figure 1 Select the language for SecCenter

2. On the SecCenter server port page, type a port number or leave the default port number 80

unchanged and click Next to continue, as shown in

Figure 2.

Figure 2 Specify the SecCenter server port

3. At the end of the installation, select Yes, restart my system and click Done to restart your system

and complete the installation, as shown in

Figure 3.

Figure 3 Restart the system to complete the installation

CAUTION:

• At the end of the installation, you must restart the operating system to complete the installation.

• Installing H3C SecCenter installs all H3C SecCenter components at the same time. However, to use a

component, you must individually register the component by using a license for the component. For more information about registration, see “

Registering the UTM Manager.”

Registering the UTM Manager

Open the login page by entering http://localhost/ or http://localhost:port number/ (if you modified the server port number during installation) In the address bar of the browser. The default login username and password are admin and admin1 respectively.

CAUTION:

The last character of the password is digit 1.

When you log in to the UTM Manager for the first time, you will see the license information page and the message “You haven’t registered. Please register to use the system normally.“ To register the UTM Manager, follow these steps:

1. From the navigation tree, select License Application under License Management to enter the user

information page, as shown in

Figure 4 Input user information

Figure 4.

2. Type your information as required and click Apply. The acknowledgement page appears, as

shown in

Figure 5.

Figure 5 Download the host information to apply for a license

3. Click Download to download the host information and save it to a file.

4. Visit the website at www.h3c.com, choose Technical Support & Documents > Product Licensing.

5. From the navigation tree, select License Registration under License Management to enter the

license registration page, as shown in

Figure 6. Select the license file and then click Apply.

Figure 6 Register your license

After the acknowledgement page appears, you can use the UTM Manager to configure devices and perform other operations.

CAUTION:

H3C SecCenter UTM Manager is shipped with a trial license file named SecCenter UTM Manager Evaluation License.lic. The license is effective within one month. Before you use the trial license to register.

Uninstalling the UTM Manager

To uninstall H3C SecCenter UTM Manager, follow these steps:

et a formal license, you can

1. On the Windows desktop, click Start and then select All Programs > SecCenter > Uninstall

SecCenter to enter the page shown in

2. Click Uninstall, and proceed as prompted. After the uninstallation completes, click Done.

Figure 7.

Figure 7 Uninstall the UTM Manager

3. Restart the operating system.

4. Remove all files and subdirectories under the SecCenter installation directory (C:\Program

Files\SecCenter, for example) and the installation directory itself, if any.

CAUTION:

During the uninstallation process, no system data backup operation is performed and all data will also be removed. If you need the system data, please backup the data before uninstalling the UTM Manager.

Integration with iMC

H3C SecCenter can be integrated into H3C Intelligent Management Center (iMC). After being integrated into iMC, SecCenter becomes a component of iMC and appears as a menu of iMC. You can access all SecCenter functions from the menu. This means that you can manage all devices in your network, including security devices, from a single place.

To integrate H3C SecCenter into H3C iMC, use the integration tool called SCMTOOL. You may obtain the tool from your iMC supplier.

When installing H3C SecCenter on the same host as iMC, note the following:

• By default, iMC uses 8080 and 8443 as the HTTP and HTTPS port numbers and SecCenter uses 80

and 443. If you changed these settings during installation, ensure that there are no port conflicts.

• The iMC Alarm Manager and SecCenter both use port 162 to receive traps. To deploy them on the

same host, disable SecCenter from receiving SNMP traps.

• To access SecCenter integrated in iMC, you must use HTTP. HTTPS is not supported in this case.

Using SCMTOOL to integrate SecCenter into iMC

You can install SCMTOOL on iMC PLAT 3.20-R2606H10. Follow these steps to install SCMTOOL and use it to integrate SecCenter into iMC:

1. In Intelligent Deployment Monitoring Agent, select the Monitor tab and click the Stop iMC button to

stop all iMC processes.

2. Click the Install button to open the component installation page.

Figure 8 Install a new component

3. Click Browse, locate the components directory in the SCMTOOL installation path, and click OK.

The SCMTOOL installation starts.

4. After SCMTOOL is installed, select the Deploy tab, right-click SecCenter Management, and select

Deploy the Component from the shortcut menu.

5. Set SecCenter parameters. Be sure to type the actual IP address or full name of the server in Server

Address, and never use 127.0.0.1.

Figure 9 Set SecCenter parameters

6. After the deployment completes, select the Monitor tab and click Start iMC. All iMC processes start.

Note that SCMTOOL can be deployed on primary servers only.

Removing SCMTOOL

Launch the Intelligent Deployment Monitoring Agent and remove SCMTOOL on the Deploy tab.

System management

The system management component of the UTM Manager comprises four modules: “Device

management”, “

management is covered in “ modules.

The device management module allows you to add devices to be managed, assign devices to device groups, configure the IP addresses, SNMP parameters, and other necessary management information, and manage devices based on device groups. It also enables you to track and monitor the operation of managed devices. To manage a device through SecCenter, you must add the device to SecCenter first.

The operator management module allows you to add operators, specify passwords, assign different rights to different operators, authorize different operators to manage different devices, monitor operators’ operations by viewing operation logs.

The system configuration module allows you to configure SecCenter management parameters, such as the ports for receiving various logs from managed devices, centralized policy deployment, signature synchronization configuration, and alarm configuration.

Operator management”, “System configuration”, and license management. License

Registering the UTM Manager.” This chapter discusses the other three

Device management

The device management module allows you to perform the following tasks:

Managing device groups

•

Managing device access templates

•

Managing devices

•

Managing device software

•

Managing the device configuration

•

Managing the device software database

•

Managing deployment tasks

•

Managing events

•

Configuring device interface alarming

•

Managing device groups

A device group represents a group of devices. You can group devices into device groups to manage devices easily. For example, you can configure device groups based on the architecture of your organization and name them Headquarters, Branch 1, Branch 2, and so on. Later, when adding an operator, you can specify the device groups that the operator can manage and the operations the operator can perform, so as to allow different operators to manage different devices and perform different operations.

The device group management function allows you to add, modify, and delete device groups. When you add devices later, you can assign devices to device groups so that you can manage and collect statistics on users, devices, and IP addresses by device group.

Configuration guide

From the navigation tree of the system management component, select Device Group List under Device Management. The device group management page appears, as shown in

the device group management functions.

Figure 10 Device group management page

Table 1 Device Group management functions

Function Description

Figure 10. Table 1 describes

Device group list

Adding a device group

Device group list

From the navigation tree of the system management component, select Device Group List under Device Management. The device group management page appears, as shown in

groups are displayed on the page.

Table 2 Fields of the Device Group List

Field Description

Device Group Name

Description

Operation

Return to Device Group management functions.

Adding a device group

Allows you to view details about device groups and modify and delete device groups.

Allows you to add a device group and configure the device group name and description.

Figure 10. Details of all device

Table 2 describes the fields of the device group list.

Name for the device group

Description of the device group

• Click the icon of a device group to modify the device group.

• Click the icon of a device group to delete the device group.

Follow these steps:

1. From the navigation tree of the system management component, select Device Group List under

Device Management.

2. Click Add to enter the device group configuration page.

3. Configure the device group, as shown in Figure 11. Table 3 describes the device group

configuration items.

4. Click Apply.

Figure 11 Add a device group

Table 3 Device group configuration items

Item Description

Required

Device Group Name

Description

Type the name for the device group.

The device group name can comprise up to 100 characters and must not contain these characters: ” < > ’ & % : ; /

Optional

Type a description for the device group.

The description can comprise up to 100 characters.

Return to Device Group management functions.

Managing device access templates

The device access template management function allows you to configure information needed for logging in to the device, such as the login password.

Configuration guide

From the navigation tree of the system management component, select Access Template List under Device Management. The access template management page appears, as shown in

describes the template management functions.

Figure 12 Access template management page

Table 4 Template management functions

Figure 12. Table 4

Function Description

Template list Allows you to view details about access templates and modify and delete templates.

Adding a template Allows you to add templates.

Template list

From the navigation tree of the system management component, select Access Template List under Device Management. The access template management page appears, as shown in

access templates are displayed on the page.

Table 5 Fields of the template list

Field Description

Figure 12. Details of all

Table 5 describes the fields of the template list.

Template

Version No. SNMP version of the template

Web Username

Web Port

Web Password

Telnet Username

Telnet Password

Operation

Return to Template management functions.

Adding a template

Follow these steps:

1. From the navigation tree of the system management component, select Access Template List under

Device Management.

2. Click Add to enter the template configuration page.

Name of the template

Username for managing the device through web

Port of the device providing web access service

Password for managing the device through web, displayed as a string of asterisks (*)

Username for telnetting to the device

Password for telnetting to the device, displayed as a string of asterisks (*)

• Click the icon of a template to modify the template.

• Click the icon of a template to delete the template.

3. Configure the template, as shown in Figure 13. Table 6 describes the template configuration

items.

4. Click Apply.

Figure 13 Add a template

Table 6 Template configuration items

Item Description

Required

Template Name

Web Username

Web Password

Web Port

Telnet Username

Type a name for the template.

The template name can comprise up to 20 characters and must not contain these characters: ” < > % & : ; /

Required

Specify the username for managing the device through web.

The username can comprise up to 20 characters.

Required

Specify the password for managing the device through web.

IMPORTANT:

The strength of the password must meet the password strength requirements of the device.

Required

Specify the port of the device providing web access service.

The default is 80.

Optional

Specify the username for telnetting to the device.

The username can comprise up to 20 characters.

Telnet Password

Optional

Specify the password for telnetting to the device.

IMPORTANT:

The strength of the password must meet the password strength requirements of the device.

Item Description

Required

SNMP Version

Community String for Reading

Community String for Writing

Select an SNMP version from the dropdown list. The options include SNMPv1, SNMPv2C, and SNMPv3.

Required

Specify the SNMP read community string to be used for communication with the device.

The string can comprise up to 20 characters.

Required

Specify the SNMP write community string to be used for communication with the device.

The string can comprise up to 20 characters.

Authentication Username

Authentication Protocol

Return to Template management functions.

Managing devices

After completing device group and template configuration, you can add devices to be managed. Only after you add devices to the system component successfully, can you add the devices to components such as the firewall component and IPS component to collect statistics on and analyze attack and virus information. The device management page allows you to add and delete devices. The device list shows the details of all managed devices, and provides the links for you to export configurations and connect to the devices through web or Telnet.

Configuration guide

From the navigation tree of the system management component, select Device List under Device Management. The device management page appears, showing the basic information of all managed

devices, as shown in device management page.

Figure 14. Table 7 describes the device management functions provided on the

Required when SNMP version is SNMPv3.

Type the username for authentication.

Required when SNMP version is SNMPv3.

Select a protocol for authentication.

Figure 14 Device management page

Table 7 Device management functions

Function Description

Device list

Adding a device Allows you to add devices to be managed.

Deleting devices

Refreshing device information Allows you to obtain the up-to-date device information.

Allows you to view details about devices, import service definitions, and connect to the devices through web or Telnet.

Allows you to delete devices from the list of managed devices.

Follow these steps:

1. Select the check boxes before the devices to be deleted.

2. Click Delete.

From the navigation tree of the system management component, select Device List under Device Management. The device management page appears, as shown in

device query option in the query section and

Table 9 describes the fields of the device list.

Figure 14. Table 8 describes the

Table 8 Device query option

Option Description

Device Group

Select a device group to list all devices in the device group.

Table 9 Fields of the device list

Field Description

Running Status

Device Label

Device Group

Device Model

IP Address

Status of the device. You can click the link to view the event list of the device. For more information, see “

Name and IP address of the device. You can click the link to view the details of the device and modify the relevant information. For more information, see “

Device group to which the device belongs

Model of the device

IP address of the device

Managing events.”

Device information.”

Field Description

• Click the icon of a device to open the web console of the device.

• Click the icon of a device to telnet to the device.

• Click the icon of a device to import the bandwidth management

service definitions for the device, so that the service definitions of the SecCenter are the same as those of the UTM device. Generally, this operation is required whenever the service definitions are upgraded on the UTM device.

Operation

Return to Device management functions.

Adding a device

Follow these steps:

1. From the navigation tree of the system management component, select Device List under Device

Management. The device management page appears, as shown in

2. Click Add to enter the device configuration page.

3. Configure the device, as shown in Figure 15. Table 10 describes the device configuration items.

4. Click Add.

• Click the icon of a device to import the IPS attack signatures for

the device, so that the IPS attack signatures of the device in the SecCenter are the same as those of the UTM device. Generally, this operation is required whenever an IPS attack signature upgrade is performed on the UTM device.

• Click the icon of a device to import the IPS virus signatures for the

device, so that the IPS virus signatures of the device in the SecCenter are the same as those of the UTM device. Generally, this operation is required whenever an IPS virus signature upgrade is performed on the UTM device.

Figure 14.

Figure 15 Add a device

Table 10 Device configuration items

Item Description

Required

Host Name/IP

Device Label

Device Group

Time Calibration

Type the name or IP address of the device to uniquely identify the device in the SecCenter system.

Required

Type a label for the device, which can be used as an alias of the device.

IMPORTANT:

The device label can comprise up to 20 characters.

Select a device group for the device. By default, the device group named default is selected.

Required

Configure the system to process and display traffic information based on the GWT or local time zone.

Item Description

Required. Select either of them.

Select access template

Specify access parameters

Web Username

Web Password

Web Port

• If you select Select access template, select a template from the

dropdown list. By default, the template named default is selected.

• If you select Specify access parameters, specify the access

parameters.

Required

Specify the username for managing the device through web.

The username can comprise up to 20 characters.

Required

Specify the password for managing the device through web.

IMPORTANT:

The strength of the password must meet the password strength requirements of the device.

Optional

Specify the port of the device providing web access service.

The port number must be an integer in the range from 0 to 65534.

Telnet Username

Telnet Password

SNMP Version

Community String For Reading

Community String For Writing

Authentication Username

Authentication Protocol

Optional

Specify the username for telnetting to the device.

The username can comprise up to 20 characters.

Optional

Specify the password for telnetting to the device.

IMPORTANT:

The strength of the password must meet the password strength requirements of the device.

Required

Select a version, which can be SNMPv1, SNMPv2C, or SNMPv3.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP read community string to be used for communication with the device.

The string can comprise up to 20 characters.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP write community string to be used for communication with the device.

The string can comprise up to 20 characters.

Required when SNMP version is SNMPv3.

Type the username for authentication.

Required when SNMP version is SNMPv3.

Select a protocol for authentication.

Multi-Card Device

Optional

Type the IP addresses of interface cards that are on the device. The IP address must be in dotted decimal notation.

Return to Device management functions.

Device information

From the navigation tree of the system management component, select Device List under Device Management. The device management page appears, as shown in

device label link of a device to display the details of the device and modify the information of the device, as shown in

Figure 16 Device information

Figure 14. Then, you can click the

Figure 16.

Managing device software

Device software refers to the software that a UTM device runs to provide services. It can be regarded as the operating system of the device.

The device software management function provides you with the software information of the UTM devices and allows you to perform a series of operations to the software of UTM devices, including deploying software to devices and backing up the software of devices. The device software list also displays the device type, the current software version, and the latest available new software version.

Configuration Guide

From the navigation tree of the system management component, select Device List under Device Management. The device management page appears, as shown in SW Management tab to bring up the device software management page, as shown in

11 describes the device software management functions and

software list.

Figure 14. Then, select the Device

Figure 17. Table

Table 12 describes the fields of the device

Figure 17 Device software management page

Table 11 Device software management functions

Function Description

Deploying software to devices Allows you to deploy software to devices as required.

Backing up the software of devices

Refreshing device information Allows you to obtain the up-to-date device information.

Table 12 Fields of the device software list

Field Description

Device Label

Device Group

Device Type

Current Version

Latest Version

Deploying software to devices

This software deployment function allows you to deploy main boot file to devices. On t he d evice soft ware management page, click Deploy Device Software to enter the software deployment page, as shown in

Figure 18. Table 13 describes the software deployment configuration items. You can deploy software to

multiple devices at a time. You can specify deployment parameters, such as the deployment sequence, policy, time, and error handling mode. A successfully created software deployment task is listed in the deployment task management module.

Allows you to backup the software of selected devices to the device software database.

Device name and IP address. You can click the link to view details about the device and modify the configuration.

Device group to which the device belongs

Model of the device

Current software version of the device

Latest software version available for the device. This version information comes from the software database.

How many boot files can be stored on a device depends on the device's disk space. Generally, two files, one main boot file and one backup boot file, are stored on the device.

Figure 18 Deploy software to devices

Table 13 Software deployment configuration items

Item Description

Required

Task Name

Description

Add Device

Deploy Software Version

Deployment Sequence

Type the name of the deployment task. By default, it consists of the word Task, a string indicating the current time, and a space in between.

Required

Type a description for the task.

The description must not contain these characters: ' " < > & %

Click this button to add a device to which you want to deploy a software version. You can add multiple devices.

You can click the

Select a location from the Device Storage Path dropdown list to specify where the software should be saved on the device. Generally, the root directory of the CF card is selected.

Required

Click the link in this column to select the software version to be deployed.

Required

Select a deployment mode to deploy the software to the devices in parallel (Parallel) or one by one (Serial).

icon of a device to remove it from the list.

When the deployment sequence is serial, the icons adjusting the sequence.

are configurable for

+ 232 hidden pages

H3C SecCenter UTM Manager User Manual

Preface

Audience

Conventions

GUI conventions

Symbols

Network topology icons

Obtaining documentation

Technical support

Documentation feedback

Contents

Overview

Introduction to H3C SecCenter UTM Manager

What H3C SecCenter UTM Manager can do

Installation and uninstallation

Installing H3C SecCenter

Registering the UTM Manager

Uninstalling the UTM Manager

Integration with iMC

Using SCMTOOL to integrate SecCenter into iMC

Removing SCMTOOL

System management

Device management

Managing device groups

Configuration guide

Device group list

Adding a device group

Managing device access templates

Configuration guide

Template list

Adding a template

Managing devices

Configuration guide

Device list

Adding a device

Device information

Managing device software

Configuration Guide

Deploying software to devices