3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or
change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms, or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hardcopy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
United States Government Legend: All technical data and computer software is commercial in nature and
developed solely at private expense. Software is delivered as Commercial Computer Software as defined in
DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR
with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data
is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR
1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any
licensed program or documentation contained in, or delivered to you in conjunction with guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com, the 3Com logo, TippingPoint, the TippingPoint logo, and Digital Vaccine are registered trademarks of
3Com Corporation or one of its subsidiaries.
Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. Oracle is a registered trademark of Oracle Corporation.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
2.101(a) and as such is provided
52.227-14 (June
Contents
About This Guide xi
Target Audience xi
Knowledge, Skills, and Abilities xi
Conventions xii
Cross References xii
Internal Cross References xii
External Cross References xii
Typeface xii
Procedures xii
Menu Navigation xiii
Sample Procedure xiii
Screen Captures xiii
Messages xiii
Warning xiii
Caution xiii
Note xiv
Tip xiv
Related Documentation xiv
Online Help xiv
Customer Support xiv
Contact Information xv
Contents
Chapter 1. System Overview 1
Overview 1
X Family Device 1
Core Functionality 2
X Family Environment 3
Local Clients 4
System Requirements 4
SMS Configuration 4
Port Configuration Tasks 133
Troubleshoot Port Link-Down errors 134
Security Zone Configuration 135
Creating, Editing and Configuring Security Zones 136
IP Interfaces 140
Configuration Overview 140
Managing IP Interfaces 141
IP Addresses: Configuration Overview 142
Internal Interface: Static IP Address 143
External Interface: Static IP Address Configuration 144
External Interface: DHCP Configuration 145
External Interface: PPTP Client Configuration 145
External Interface: L2TP Client Configuration 146
External Interface: PPPoE Client Configuration 147
Configuring a GRE Tunnel 148
Manage Security Zones for IP Interfaces 149
Configuring Routing for IP Interfaces 150
Bridge Mode for IP Interfaces 150
RIP for IP Interfaces 150
Multicast Routing for IP Interfaces 152
IP Address Groups 153
DNS 155
Default Gateway 156
Routing 157
Available Productivity Categories 284
Purchasing a Web Filter License 289
Appendix C. Log Formats and System Messages 291
Overview 291
Log Formats 292
Alert and IPS Block Log Formats 292
Audit Log Format 294
Firewall Block Log Format 296
Firewall Session Log Format 298
VPN Log Format 299
System Log Format 300
Remote Syslog Log Format 301
High Availability Log Messages 302
System Update Status Messages 303
Appendix D. Device Maximum Values 305
Glossary 307
Index 315
X Family LSM User’s Guide V 2.5.1ix
Contents
x X FamilyLSM User’s Guide V 2.5.1
About This Guide
Explains who this guide is intended for, how the information is organized, where information
updates can be found, and how to obtain customer support if you cannot resolve a problem.
Welcome to the Local Security Manager (LSM). The LSM is the control center from which you can
configure, monitor, and report on the X family devices in your network.
This section covers the following topics:
• “Target Audience” on page xi
• “Conventions” on page xii
• “Related Documentation” on page xiv
• “Customer Support” on page xiv
Target Audience
This guide is intended for administrators who manage one or more X family devices.
Knowledge, Skills, and Abilities
This guide assumes you, the reader, are familiar with general networking concepts and the following
standards and protocols:
•TCP/IP
•UDP
•ICMP
•Ethernet
• Simple Network Time Protocol (SNTP)
• Simple Mail Transport Protocol (SMTP)
• Simple Network Management Protocol (SNMP)
X Family LSM User’s Guide V 2.5.1xi
About This Guide
Conventions
This guide follows several procedural and typographical conventions to better provide clear and
understandable instructions and descriptions. These conventions are described in the following
sections.
This book uses the following conventions for structuring information:
• Cross References
• Ty p e f a ce
• Procedures
• Messages
Cross References
When a topic is covered in depth elsewhere in this guide, or in another guide in this series, a cross
reference to the additional information is provided. Cross references help you find related topics and
information quickly.
Internal Cross References
This guide is designed to be used as an electronic document. It contains cross references to other
sections of the document that act as hyperlinks when you view the document online. The following text
is a hyperlink: Procedures
.
External Cross References
Cross references to other publications are not hyperlinked. These cross references will take the form:
see <chapter name > in the Publication Name.
Typeface
This guide uses the following typeface conventions:
Boldused for the names of screen elements like buttons, drop-down lists, or fields. For
example, when you are done with a dialog, you would click the OK button. See
Procedures
Code
Itali cused for guide titles, variables, and important terms
Hype rli nk
used for text a user must type to use the product
used for cross references in a document or links to web site
below for an example.
Procedures
This guide contains several step-by-step procedures that tell you how to perform a specific task. These
procedures always begin with a phrase that describes the task goal, followed by numbered steps that
describe what you must do to complete the task.
The beginning of every chapter has cross references to the procedures that it contains. These cross
references, like all cross references in this guide, are hyperlinked.
xii X FamilyLSM User’s Guide V 2.5.1
Conventions
Menu Navigation
The LSM provides drop-down menu lists to navigate and choose items in the user interface. Each
instruction that requires moving through the menus uses an arrow (>) to indicate the movement. For
example, Edit > Details means, select the Edit menu item. Then, click the Details option.
Sample Procedure
STEP 1
STEP 2
Click the Filters tab.
Place your mouse cursor over the Open menu.
Screen Captures
The instructions and descriptions in this document include images of screens. These screen captures
may be cropped, focusing on specific sections of the application, such as a pane, list, or tab. Refer to the
application for full displays of the application.
Messages
Messages are special text that are emphasized by font, format, and icons. There are four types of
messages in this guide:
• Wa r n i n g
• Caution
• Note
• Tip
A description of each message type with an example message follows.
Warning
Warnings tell you how to avoid physical injury to people or equipment. For example:
WARNING The push-button on/off power switch on the front panel of the server does
not turn off the AC power. To remove AC power from the server, you must unplug the AC
power cord from either the power supply or the wall outlet.
Caution
Cautions tell you how to avoid a serious loss of data, time, or security. You should carefully consider
this information when determining a course of action or procedure. For example:
CAUTION You should disable password caching in the browser you use to access the
LSM. If you do not disable password caching in your browser, and your workstation is not
secured, your system security may be compromised.
X Family LSM User’s Guide V 2.5.1xiii
About This Guide
Note
Notes tell you about information that might not be obvious or that does not relate directly to the
current topic, but that may affect relevant behavior. For example:
Note If the device is not currently under SMS control, you can find out the IP
address of the last SMS that was in control by checking SMS & NMS page
(System > Configuration > SMS/NMS).
Tip
Tips are suggestions about how you can perform a task more easily or more efficiently. For example:
TIP
You can see what percentage of disk space you are using by checking the
Monitor page (Events > Health > Monitor).
Related Documentation
The X family products have a full set of documentation. These publications are available in electronic
format on your CD. For the most recent updates, check the Threat Management Center (TMC) web site
at https://tmc.tippingpoint.com
.
Online Help
In the Launch Bar of the application, the Help button opens the main welcome page to the online help.
Opens the online help at the opening page.
If you have problems finding help on a particular subject, you can review the Index or use the Search
tab in the navigation pane. Each page also includes related topic links to find more information on
particular subjects and functions.
Customer Support
We are committed to providing quality customer support to all customers. A customer is provided with
detailed customer and support contact information. For the most efficient resolution of your problem,
xiv X FamilyLSM User’s Guide V 2.5.1
Customer Support
please take a moment to gather some basic information from your records and from your system before
contacting customer support.
InformationLocation
Your X family device serial
number
Your TOS version numberYou can find this information in the LSM in the Device Summary
Your X family device boot
time
You can find this number in the LSM in the System Summary page,
on the shipping invoice that came with the device, or on the bottom
of the device.
page, or by using the CLI
You can find this information in the LSM in the System Summary
page.
show version
command.
Contact Information
Please address all questions regarding the software to your authorized representative.
X Family LSM User’s Guide V 2.5.1xv
About This Guide
xvi X FamilyLSM User’s Guide V 2.5.1
1
System Overview
The X family device is a high-speed, comprehensive security system with a browser-based manager
called the Local Security Manager (LSM). The Overview section provides an overview of the LSM
functions and use in the X family device.
Overview
Enterprise security schemes once consisted of a conglomeration of disparate, static devices from
multiple vendors. Today, the X family device provides the advantages of a single, integrated, highly
adaptive security system that includes powerful hardware and an intuitive management interface.
This section describes the X family device and the LSM client application, Command Line Interface
(CLI), and Security Management System (SMS) used to interact with and manage the device.
The Overview chapter includes the following topics:
• “X Family Device” on page 1
• “System Requirements” on page 4
• “SMS Configuration” on page 4
o
“Core Functionality” on page 2
o
“X Family Environment” on page 3
o
“Local Clients” on page 4
Note Check the Release Notes for specific limitations and known issues
regarding the current release.
X Family Device
The X family device offers an integrated system that includes a stateful packet inspection firewall,
IPSec virtual private network (VPN) management, bandwidth management, and web content filtering
functions along with TippingPoint Intrusion Prevention System (IPS) functionality.
X Family LSM User’s Guide V 2.5.11
Chapter 1 System Overview
The X family firewall functionality provides service-level, stateful inspection of network traffic. It
incorporates filtering functionality to protect mission-critical applications. An administrator can use
firewalls and content filters to determine how the device handles traffic to and from a particular
service. These filters are specified by the source, destination, and service or protocol of the traffic. The
device maintains an inventory of the active hosts and services on those hosts.
IPSec VPN management provides the ability to apply all X family functionality across the enterprise,
monitoring network traffic at the enterprise level and also traffic between main office and branch
locations.
Bandwidth management, or policy-based traffic shaping, allows the X family device to control both
inbound and outbound traffic streams as well as inside and outside IPSec VPN tunnels. Using these
policies, the device allows users to prioritize real-time business critical applications including video
and conferencing, IP telephony, and interactive distance-learning over non-essential traffic, such as
peer-to-peer file sharing.
Web content filtering provides the tools to enforce network policy by prohibiting the download of nonwork related web sites and offensive or illegal web content.
The IPS functionality provides total packet inspection and intrusion prevention to detect and block
malicious traffic such as worms, viruses, Trojans, Phishing attempts, Spyware, and VoIP threats. Using
filters defined by the Digital Vaccine security team, the X family device scans traffic to recognize
header or data content that signals an attack along with the protocol, service, and the operating system
or software the attack affects. Each filter includes an action set, which determines how the device
responds when it detects packets that match filter parameters. In a broad sense, the device either drops
matching packets or permits them. The Digital Vaccine security team continually develops new attack
filters to preemptively protect against the exploit of new and zero day vulnerabilities. To ensure up-todate network protection, you can configure the device to automatically check for and install DV
updates.
Core Functionality
The X family device provides the following core functionality:
• Stateful packet inspection firewall — flexible configuration of object-based firewall rules and unified
control of multiple services, virtual servers, network address translation (NAT), and routing.
• Security Zones — logically section your network for the purposes of applying firewall rules and IPS
filters between internal sections of your network, between your network and the internet, and
between your network and remote office locations (VPN).
hardware-accelerated encryption DES, 3DES, and AES encryption protocols
o
feature-rich client VPN capability using PPTP or L2TP protocols
o
ability to inspect and control traffic both inside and outside of all VPN tunnel types using
firewalls or IPS to ensure secure VPN connectivity.
• Flexible user authentication — control access to the device and the internet, authenticating via the
device itself, or through an external RADIUS database.
• Web filtering — URL filtering with configurable permit/block lists and regular-expression URL
matching as well as a web content filtering subscription service to enforce network security and
2 X FamilyLSM User’s Guide V 2.5.1
X Family Device
usage policy by prohibiting the download of non-work related web sites and offensive or illegal Web
content.
• Bandwidth management — enforce network usage policy by rate-limiting applications such as peerto-peer file sharing and instant messaging applications.
• Prioritization of traffic inside and outside VPN tunnels with flexible, policy-based controls.
• IP multicast routing (PIM-DIM) over IPSec, supporting next-generation IP conferencing
applications — prioritizes real-time traffic and provides secure connectivity for IP multicast traffic.
• Device management — option to configure, monitor, and manage the device using either the webbased client application (the Local Security Manager) or the command line interface (CLI).
• Centralized Management — option to configure, monitor, and manage individual or multiple X
family devices using the Security Management System (SMS).
• The TippingPoint Intrusion Prevention System (IPS) — identify and stop malicious traffic on the
edge of the network using filters that detect and block malicious traffic. Customize default filters to
meet the specific needs of your enterprise.
• Digital Vaccine real-time protection — the Threat Management Center monitors global network
security threats and continually develops new attack filters which are automatically distributed to
preemptively protect against the exploit of new and zero day vulnerabilities.
The following sections describe the X family environment and system components in more detail.
X Family Environment
An X family device can be installed at the perimeter of your network, in your remote offices, on your
intranet, or in all three locations. The following diagram shows an example of a corporate network with
X family devices deployed in a variety of locations.
X Family LSM User’s Guide V 2.5.13
Chapter 1 System Overview
When the X family device is installed and configured, it protects your network zones (LAN, WAN, and
VPN, for example) using firewall rules and IPS filters. The device scans and reacts to network traffic
according to the actions configured in the firewall rule or IPS filter. Each security zone and device can
use a different set of firewall rules and IPS filters. Actions configured on the firewall rules and IPS
filters provide the instructions for the device and can include blocking, rate limiting, or permitting the
traffic and sending a notification about the action to a device or e-mail address. Options are also
available to block traffic and quarantine the source IP address for the traffic.
For users who will deploy multiple X family devices across the enterprise, TippingPoint provides the
Security Management System (SMS). The SMS allows you to coordinate the management of multiple
devices for administration, configuration, and monitoring. Most importantly, the SMS includes
enterprise-wide reporting and trend analysis.
Local Clients
You can access the X family device for monitoring, management, and configuration from any of the
following three client applications:
• Local Security Manager (LSM) — Web-based GUI for managing one IPS device. The LSM provides
HTTP and HTTPS (secure management) access. This access requires Microsoft Internet Explorer 6.0
or later, Firefox 1.5+, Mozilla 1.7+, or Netscape 8.1+. Using the LSM, you have a graphical display for
reviewing, searching, and modifying settings. The GUI interface also provides graphical reports for
monitoring the device traffic, triggered filters, and packet statistics.
• Command Line Interface (CLI) — Command line interface for reviewing and modifying settings
on the device. The CLI is accessible through Telnet and SSH (secure access).
• Secure Management System (SMS) — the SMS allows you to remotely manage multiple X family
devices. You can configure security zones, profiles and policy (firewall rules and IPS filters) from the
SMS and distribute the configuration to multiple devices. The SMS also allows you to view, manage
and edit device configuration, and review logs and reports for all devices under SMS management.
Note The device allows for 10 web client connections, 10 telnet/SSH (for CLI)
connections, and one console connection at once.
System Requirements
The LSM is software accessed using a web browser. The browser’s hardware and software requirements
are not as technical as systems loading the software locally. To access the LSM, you need the following:
• Microsoft Internet Explorer (MSIE) v 6.0 or greater with 128-bit encryption and support for
JavaScript and cookies, Firefox 1.5+, Mozilla 1.7+, or Netscape 8.1+
SMS Configuration
If you will maintain your device using the Security Management System (SMS) or you will no longer
use the SMS, you need to configure a setting on the device. This setting identifies if the device is
controlled by the SMS.
For more information, see “SMS/NMS” on page 232.
4 X FamilyLSM User’s Guide V 2.5.1
2
LSM Navigation
LSM Navigation describes the LSM interface, how to log in, and the general sections of the
application.
Overview
The Local Security Manager (LSM) is a graphical user interface (GUI) that makes configuring and
monitoring your X family device easy by providing a user-friendly interface to help accomplish
administrative activities. You access the LSM through a browser. See “
more information.
This chapter details the login and navigation procedures of the LSM user interface. It includes the
following information:
• “Security Notes” on page 5
• “Logging In” on page 6
• “LSM Screen Layout” on page 8
• “System Summary” on page 12
Log in to the LSM” on page 6 for
Security Notes
The LSM enables you to manage your X family device using a Web browser. It is important to note that
some browser features, such as password caching, are inappropriate for security use and should be
turned off.
CAUTION Some browsers offer a feature that stores your user login and password for
future use. We recommend that you turn this feature off in your browser. It is counter to
standard security practices to store login names and passwords, especially those for
sensitive network equipment, on or near a workstation.
X Family LSM User’s Guide V 2.5.15
Chapter 2 LSM Navigation
In addition, you can configure the LSM to communicate using either an HTTP or an HTTPS server. The
default configuration is to use an HTTPS server.Whenever the device is connected to your network,
you should run the HTTPS server, not the HTTP server. HTTP servers are not secure because your user
name and password travel over your network unencrypted. You should only use the HTTP server when
you are sure that communications between the device and the workstation from which you access the
LSM cannot be intercepted.
Logging In
When you log in to the LSM, you are prompted for your username and your password. This login gives
you access to the areas of the LSM permitted by your user role. For information on user roles and
accesses, see Chapter 9‚ “
Note You can modify the server configuration using the conf t server command.
For details, see the Command Line Interface Reference Guide.
Aut hen tic atio n”.
TIP
Most Web browsers will not treat addresses beginning with HTTP and
HTTPS interchangeably. If your browser cannot find your LSM, make sure that you
are using
running.
http://
or
https://
depending on which Web server you are
Note The device supports up to 10 Web client connections, 10 telnet/SSH (for
CLI) connections, and 1 console connection at once.
Depending on your security settings, warnings may display when accessing the
client. To access the device without warnings, refer to Appendix A‚ “
Certificates”.
You will be presented with the login screen under the following situations:
• When you first log in to the LSM
• After the LSM web session times out
Log in to the LSM
STEP 1
Enter the IP address or hostname of your IPS device in your browser Address bar. For
example:
https://123.45.67.89
The LSM displays a login page. The page provides the name and model of your device.
Browser
6 X FamilyLSM User’s Guide V 2.5.1
Figure 2–1: LSM Logon Page
Logging In
STEP 2
STEP 3
STEP 4
Enter your Userna me.
Enter your Password
Click Log On.
The LSM validates your account information against the permitted users of the software. If the
information is valid, the LSM software opens. If the account information is not valid, the Login page is
redisplayed.
Note Only 10 Web client and 10 SSH (for CLI) connections are allowed to
connect to a device at once.
X Family LSM User’s Guide V 2.5.17
Chapter 2 LSM Navigation
LSM Screen Layout
The LSM provides features in two main areas of the browser window:
• Main Menu Bar — Located at the top of the browser window (see item 1 in the figure). This area
provides quick access to the System Summary page, online help, and current user and device status.
• Navigation — Located on the left side bar of the browser window (see item 2 in the figure). The
Navigation bar provides access to the LSM menu functions. To view all the options available for a
main menu item (IPS for example), click the menu label. On an expanded menu, options with a +
indicate that additional sub-menu are available. When you select a menu item, the content and
functionality area displays the content and available options. If you click the << icon in the upper
right corner of the Navigation menu, the menu collapses to provide more screen space for the current
page displayed in the Content and Functionality area. Click >> to re-open the menu.
• Content and Functionality — Located on the right side of the browser window (see item 3 in the
figure). This area displays pages from which you can monitor the device operation and performance,
view current configuration settings, and modify configuration. The content updates when you click a
link in the LSM menu, or when you select buttons or links within a page. Links may display new
content or open dialog boxes. When you first log onto the LSM, the System Summary
automatically displays in this area.
page
Figure 2–2: LSM Screen Layout
8 X FamilyLSM User’s Guide V 2.5.1
LSM Screen Layout
Main Menu Bar
The dark blue bar at the top of the LSM screen provides quick access to basic logon information. The
following table lists the available options in the Main Menu Bar:
Table 2–1: Main Menu Bar Options
OptionDescription
System SummaryTo display the System Summary, click the System Summary icon.
For information about this page, see “
page 12.
Online HelpTo access the X family online help, click the Launch Help Window
icon.
Current UserDisplays the login name for the current user.
Current date and timeDisplays the current date and time on the X family device. The date
and time settings on the device are determined by the time
synchronization method and time zone configured for the device.
For details, see “
Time Options” on page 229.
System Summary” on
Auto Log OffTo log off of the LSM, click the Log Off link.
For security purposes, LSM sessions have a timeout period. This
timeout period determines how long the LSM can remain idle
before automatically ending the session/ logging off the user. The
default timeout period is 60 minutes. LSM administrators with
super-user access can change the default timeout period from the
Preferences page (Authentication > Preferences). For details, see
“
Preferences” on page 266.
X Family LSM User’s Guide V 2.5.19
Chapter 2 LSM Navigation
Navigation
You can access the available features of the LSM by selecting an option from the navigation area. The
LSM displays the page you select in the content and functionality area of the browser. Each option list
displays a tier of links and features for maintaining and monitoring the device
The following table lists the available options in the navigation area:
Table 2–2: Navigation Options
OptionDescription
IPS• Create and manage security profiles used to monitor traffic between security
zones. This includes reviewing category settings, creating filter overrides, and
specifying limits and exceptions for user-specified IP address.
• Create and manage traffic threshold filters, action sets, and ports for IPS
services.
• Manage and configure settings for IPS filters, the Threat Suppression Engine
(TSE), and global Adaptive Filter.
See “Chapter 3‚ “
IPS Filtering” for more information.
Firewall• View and configure settings for the firewall.
• View and configure web filtering for the web filter service and create a custom
filter list to permit or block traffic based on user-specified URLs.
See Chapter 4‚ “
VPNView, configure and manage settings for site-to-site and/or client-to-site VPN
connections. See Chapter 7‚ “
Events• View, download, print, and reset Alert, Audit, Block, and System logs.
• View graphs reporting on traffic flow, traffic-related events, and statistics on
firewall hit counts and triggered filters (attack, rate limit, traffic threshold,
quarantine and adaptive filter).
• Monitor, search, and maintain traffic streams for adaptive filtering, blocked
streams, and rate-limited streams. Manually quarantine an IP address or
release a quarantined IP address.
• View reports on traffic flow, traffic-related events, and statistics on firewall hit
counts and triggered filters (attack, rate limit, traffic threshold, quarantine and
adaptive filter).
• View the status of hardware components, performance (throughput), and
system health.
See Chapter 5‚ “
Firewall” for more information.
VPN” for more information.
Events: Logs, Traffic Streams, Reports” for more information.
System• Configure system controls such as time options, SMS/NMS interaction, and
High Availability.
• Download and install software and Digital Vaccine (filter) updates.
See Chapter 8‚ “
10 X FamilyLSM User’s Guide V 2.5.1
System” for more information.
LSM Screen Layout
Table 2–2: Navigation Options (Continued)
OptionDescription
Network• Configure network ports, security zones, IP interfaces, IP Address Groups, the
DNS server, the default gateway, routing, and DHCP server information.
• Access network tools for DNS lookup, find network path, traffic capture, ping,
and trace route functionality.
See Chapter 6‚ “
AuthenticationCreate, modify, and manage user accounts. Configure authentication.
See Chapter 9‚ “
Network” for more information.
Authentication” for more information.
Content and Functionality
The LSM displays all data in the central area of the browser window. As you browse and select linked
options from the navigation area, pages display allowing you to review information, configure options,
or search data. Links selected on these pages may display additional pages or dialog boxes depending
on the feature selected.
Title Bar
On each page, you can see the position of the page in the menu hierarchy provided in the title bar. For
example, on the Alert Log page, the menu hierarchy indicates that the page is located off the
EVENTS > LOGS sub-menu. On tabbed menu pages, you can navigate up the hierarchy from the
current location by clicking on the link in the hierarchy listing.
Auto Refresh
Some pages (such as System Summary) automatically refresh themselves periodically.
• To disable the auto refresh function, deselect the Auto Refresh check box.
• To manually refresh: click the Refresh link.
•To reconfigure the Page Refresh Time, see “Preferences” on page 266.
Tabbed Menu Options
Some sub-menu options previously available in the left-hand navigation menu are now accessible as a
tab on the main page for the menu. For example, from the Tools page, the following tabs are available:
DNS Lookup, Find Network Path, Traffic Capture, Ping, and Tr ac e r ou t e.
X Family LSM User’s Guide V 2.5.111
Chapter 2 LSM Navigation
System Summary
The System Summary page automatically displays when you first log onto the LSM. To redisplay the
System Summary page at any time, click the System Summary icon, in the Main Menu Bar
The System Summary page includes the following:
• System Status — Displays summary information about the device health, packet statistics, and
network DHCP. Also provides access to the Reboot Device function.
• Log Summary — Displays summary information about all the Event Logs.
• Product Specifications — Displays product, version, time, and encryption information.
System Status
Health
The Health section of the Statistics frame displays a color indicator of the hardware health of the
device. For detailed information about each of the health indicators, click on the corresponding link
above the color indicator. The Health section includes indicators for the following components:
.
• System Log
• Traf f ic T hres hold
• Per for ma nce
• Disk Space
• Memory
• Web Fi lt er i ng
• HA Status
The colors indicate the current state of each component:
• Green if there are no problems
• Yellow if there is a major warning
• Red if there is a critical warning
• Grey if the service is disabled
You can set the thresholds for warnings. This defines when the indicator color will change based on the
usage of those components. For more information, see “
Usage” on page 239, and select System > Thresholds in the Navigation area.
If the System Log is other than green, you can click on the indicator to view the error that caused the
condition.
Thresholds to Monitor Memory and Disk
Note When you view the logged error, the indicator resets and changes to green
under System Summary.
12 X FamilyLSM User’s Guide V 2.5.1
System Summary
Packet Stats
The Packet Stats section provides basic traffic statistics including the following:
• Received — Total number of packets received and scanned by the Threat Suppression Engine
• Blocked — Total number of packets that have been blocked by the Threat Suppression Engine
• Rate Limited — The number of packets that matched a filter configured to a permit action set
• Dropped — Total number of packets that have been dropped because they are not properly formed
or formatted
To reset the counters, click the Reset link.
Packet counters provide a snapshot of the traffic going through your network. The packet totals give a
partial account of blocked activity according to the filters. All other filter results affect the packet totals.
Note The counters are not synchronized with each other; packets may be
counted more than once in some situations.
The counters display the amount of packets tracked. If the number is less than 1M, the Packet Statistics
section displays the full amount. If the amount is greater than 999,999 K, the information is
abbreviated with a unit factor. For example, 734,123K would display fully whereas 4,004,876,543
displays as 4.00B. When the number reaches the million and billion mark, the number displays as a
decimal amount with a letter (such as G for gigabytes). The unit factors include, M for mega, G for giga,
and T for tera. To view the full amount, hover your mouse over the displayed amount. A Tool Tip pops
up, displaying the full packet amount.
Network DHCP
The Network DHCP section displays the following information:
• Current Leases
• Available Leases
Reboot Device
To reboot the device, click the Reboot Device link
Log Summary
The Log Summary section displays the number of entries and events for each type of Event Log. In
addition, it allows you to perform functions on those logs.
• System Log
• Audit Log. This log is only available to those with Super User access.
• Alert Log
• Block Log
• Firewall Block Log
• Firewall Session Log
• VPN Log
X Family LSM User’s Guide V 2.5.113
Chapter 2 LSM Navigation
For more detailed information about these logs, select Events > Logs.
Product Specifications
The Product Specification section displays the following information:
• Model Number — Model number of the device.
• Product Code — The device product code.
• Serial Number — Serial number of the device.
• TOS Version — Version number of the TOS software.
• Digital Vaccine — Version number of the Digital Vaccine.
• Boot Time — Time when the device was last started.
• Up Time — How long the device has been operating continuously.
• Encryption — Current encryption method being used. By default all new X family devices are
supplied with 56-bit DES encryption only. To enable strong encryption functionality (3DES, 128AES, 192-AES, 256-AES), install the correct Strong Encryption Service Pack for your device. You can
download encryption service packs from the TMC Web site.
14 X FamilyLSM User’s Guide V 2.5.1
Loading...
+ 303 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.