HP X Unified Security Platform User Manual

3Com® X Family Local Security Manager User’s Guide

Version 2.5.1
Part Number TECHD-176 Rev B01 Published April 2007
http://www.3com.com/
3Com Corporation 350 Campus Drive Marlborough, MA 01752­3064
Copyright © 2005–2007, 3Com Corporation and its subsidiaries. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms, or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hardcopy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
United States Government Legend: All technical data and computer software is commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR
1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com, the 3Com logo, TippingPoint, the TippingPoint logo, and Digital Vaccine are registered trademarks of 3Com Corporation or one of its subsidiaries.
Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
2.101(a) and as such is provided
52.227-14 (June

Contents

About This Guide xi
Target Audience xi
Knowledge, Skills, and Abilities xi
Conventions xii
Cross References xii
Internal Cross References xii
External Cross References xii Typeface xii Procedures xii
Menu Navigation xiii
Sample Procedure xiii Screen Captures xiii Messages xiii
Warning xiii
Caution xiii
Note xiv
Tip xiv
Related Documentation xiv
Online Help xiv
Customer Support xiv
Contact Information xv
Contents
Chapter 1. System Overview 1
Overview 1 X Family Device 1
Core Functionality 2 X Family Environment 3 Local Clients 4 System Requirements 4 SMS Configuration 4
Chapter 2. LSM Navigation 5
Overview 5 Security Notes 5 Logging In 6 LSM Screen Layout 8
Main Menu Bar 9 Navigation 10 Content and Functionality 11
Title Bar 11
X Family LSM User’s Guide V 2.5.1 iii
Contents
Tabbed Menu Options 11
System Summary 12
System Status 12
Health 12
Packet Stats 13
Network DHCP 13
Reboot Device 13 Log Summary 13 Product Specifications 14
Chapter 3. IPS Filtering 15
Overview 15 Using the IPS 16 Security Profiles 17
Managing Security Profiles 19
Security Profile Details 20
IPS Digital Vaccine (DV) Filters 23
Configuring DV Filters 25
View DV Filters 26
Filter Search 27
Filters List (All Filters) 27
View Filter Overrides and Custom Settings 29
Edit DV Filter Category Settings 29 Configure Filter Limits/Exceptions based on IP Address 34
Reset an Individual Filter 35
Port Scan/Host Sweep Filters 35
Traffic Threshold Filters 38
Managing Traffic Threshold Filters 39
Create or Edit a Traffic Threshold Filter 41
Action Sets 44
Managing Actions 47
Rate Limit Action Set 49
Quarantine Action Set 49
Notification Contacts 52
Alert Aggregation and the Aggregation Period 52
IPS Services 55 Preferences 57
Reset Filters 57 Configure Threat Suppression Engine (TSE) 58 Adaptive Filter Configuration 60
How Adaptive Filtering Works 60
Chapter 4. Firewall 63
Overview 63 How Firewall Rule Enforcement Works 64
iv X Family LSM User’s Guide V 2.5.1
Default Firewall Rules 67
Managing Firewall Rules 68
Configuring Firewall Rules 71 Firewall Services 75
Firewall Services Page Field Descriptions 77 Configuring Service Groups 78
Schedules 79
Firewall Schedules Page Field Descriptions 80 Managing Schedules 81
Virtual Servers 82
Virtual Servers page 83
Virtual Servers Summary Information 83 Configuring Virtual Servers 84
Web Filtering 85
How Web Filtering Works 86 Setting Up Web Filtering 87 Web Filtering Page 88
Web Filtering General Configuration Parameters 89 Web Filter Service 90 Custom Filter List 92
Custom Filter List Configuration Parameters and Functions 93
Configure URL Patterns 94 URL Test 96
Contents
Chapter 5. Events: Logs, Traffic Streams, Reports 97
Overview 98 Logs 98
Alert Log 99 Audit Log 100 IPS Block Log 101 Firewall Block Log 102 Firewall Session Log 103 VPN Log 104
Configuration 104 System Log 105 Configuring Remote System Logs 105 Managing Logs 106
Viewing Logs 107
Downloading a Log 107 Resetting a log 108 Searching a Log 109
Managed Streams 110
Blocked Streams 110 Rate Limited Streams 112 Quarantined Addresses 113
Health 116
Device Health 117
X Family LSM User’s Guide V 2.5.1 v
Contents
Memory and Disk Usage 117 Module Health 118 Performance/Throughput 120 Port Health 120
Reports 121
Attack Reports 122
Rate Limit Reports 123
Traffic Reports 123
Traffic Threshold Report 125
Quarantine Report 125
Configure Adaptive Filter Events Report 125
Firewall Reports 126
Chapter 6. Network 129
Overview 129 Configuration Overview 130 Deployment Modes 131 Network Port Configuration 132
Port Configuration Tasks 133 Troubleshoot Port Link-Down errors 134
Security Zone Configuration 135
Creating, Editing and Configuring Security Zones 136
IP Interfaces 140
Configuration Overview 140 Managing IP Interfaces 141 IP Addresses: Configuration Overview 142
Internal Interface: Static IP Address 143
External Interface: Static IP Address Configuration 144
External Interface: DHCP Configuration 145
External Interface: PPTP Client Configuration 145
External Interface: L2TP Client Configuration 146
External Interface: PPPoE Client Configuration 147 Configuring a GRE Tunnel 148 Manage Security Zones for IP Interfaces 149 Configuring Routing for IP Interfaces 150
Bridge Mode for IP Interfaces 150
RIP for IP Interfaces 150
Multicast Routing for IP Interfaces 152
IP Address Groups 153 DNS 155 Default Gateway 156 Routing 157
Overview 157 Routing Table 157 Static Routes 159 RIP Setup 160
vi X Family LSM User’s Guide V 2.5.1
Multicast (IGMP and PIM-DM) 163
IGMP Setup 163 PIM-DM Setup 165
Default Gateway 167 DHCP Server 167
Overview 167 DHCP Server Page 168 Configure DHCP Server 169 DHCP Relay 171
Configuring DHCP Relay 172 Static Reservations 174
Network Tools 176
DNS Lookup 177 Find Network Path 177 Traffic Capture 177 Ping 178 Traceroute 179
Chapter 7. VPN 181
Contents
Overview 181 About VPN 182
VPN Connection Security Features 182 VPN Configuration Overview 183
IPSec Configuration 184
IPSec Status Details 185 IPSec Configuration 187
Configure an IPSec Security Association 189
IKE Proposal 198
Manage IKE Proposals 198
Configuring IKE Proposals 200
L2TP Configuration 208
Overview 208 L2TP Status 208
L2TP Server Configuration 210
PPTP Configuration 212
Overview 212 PPTP Status 212
PPTP Server Configuration 213
Chapter 8. System 217
Overview 217 Update TOS and Digital Vaccine Software 218
Viewing and Managing Current TOS and DV Software 219
Rolling Back to a Previous TOS Version 220 Download and Install a TOS or Digital Vaccine Update 221
Updating the Digital Vaccine (Filters) 222
X Family LSM User’s Guide V 2.5.1 vii
Contents
Updating the TOS Software 224 System Snapshots 227
Time Options 229
Internal CMOS Clock 231 NTP Server 231 Time Zones 232
SMS/NMS 232 High Availability 235
How High Availability Works 236
Failover Operation 236
Standby Operation 236
Polling 237 Configuration Overview 237
Configuring High Availability with AutoDV 239
Troubleshooting High Availability with AutoDV 239
Thresholds to Monitor Memory and Disk Usage 239 Email Server 241 Syslog Servers 242 Setup Wizard 242
Chapter 9. Authentication 245
Overview 246 User List 246
Overview 246
TOS and Local User Accounts 247
TOS User Security Level 247
Username and Password Requirements 248 Managing User Accounts 249
How Local User Authentication Works: RADIUS, Privilege Groups and X.509 Certificates 251
Overview 251 RADIUS 252 Privilege Groups 253 X.509 Certificates 255
Overview 255
Configuring X.509 Certificates 256
CA Certificates 257
Certificate Revocation List (CRL) for a CA Certificate 258
Certificate Requests 260
Managing Certificate Requests 262
Local Certificates 263
Preferences 266
Appendix A. Browser Certificates 271
Overview 271 Client Authentication Message 272
viii X Family LSM User’s Guide V 2.5.1
Contents
Security Alert 273
Certificate Authority 274 Invalid Certificate Name 277
Example - Creating Personal Certificate 279
Appendix B. Web Filter Service 281
Overview 281 Core Categories 282 Productivity Categories 284
Available Productivity Categories 284 Purchasing a Web Filter License 289
Appendix C. Log Formats and System Messages 291
Overview 291 Log Formats 292
Alert and IPS Block Log Formats 292 Audit Log Format 294 Firewall Block Log Format 296 Firewall Session Log Format 298 VPN Log Format 299 System Log Format 300
Remote Syslog Log Format 301 High Availability Log Messages 302 System Update Status Messages 303
Appendix D. Device Maximum Values 305
Glossary 307
Index 315
X Family LSM User’s Guide V 2.5.1 ix
Contents
x X Family LSM User’s Guide V 2.5.1

About This Guide

Explains who this guide is intended for, how the information is organized, where information updates can be found, and how to obtain customer support if you cannot resolve a problem.
Welcome to the Local Security Manager (LSM). The LSM is the control center from which you can configure, monitor, and report on the X family devices in your network.
This section covers the following topics:
“Target Audience” on page xi
“Conventions” on page xii
“Related Documentation” on page xiv
“Customer Support” on page xiv

Target Audience

This guide is intended for administrators who manage one or more X family devices.

Knowledge, Skills, and Abilities

This guide assumes you, the reader, are familiar with general networking concepts and the following standards and protocols:
•TCP/IP
•UDP
•ICMP
•Ethernet
• Simple Network Time Protocol (SNTP)
• Simple Mail Transport Protocol (SMTP)
• Simple Network Management Protocol (SNMP)
X Family LSM User’s Guide V 2.5.1 xi
About This Guide

Conventions

This guide follows several procedural and typographical conventions to better provide clear and understandable instructions and descriptions. These conventions are described in the following sections.
This book uses the following conventions for structuring information:
Cross References
Ty p e f a ce
Procedures
Messages

Cross References

When a topic is covered in depth elsewhere in this guide, or in another guide in this series, a cross reference to the additional information is provided. Cross references help you find related topics and information quickly.
Internal Cross References
This guide is designed to be used as an electronic document. It contains cross references to other sections of the document that act as hyperlinks when you view the document online. The following text is a hyperlink: Procedures
.
External Cross References
Cross references to other publications are not hyperlinked. These cross references will take the form: see <chapter name > in the Publication Name.

Typeface

This guide uses the following typeface conventions:
Bold used for the names of screen elements like buttons, drop-down lists, or fields. For
example, when you are done with a dialog, you would click the OK button. See

Procedures

Code
Itali c used for guide titles, variables, and important terms
Hype rli nk
used for text a user must type to use the product
used for cross references in a document or links to web site
below for an example.
Procedures
This guide contains several step-by-step procedures that tell you how to perform a specific task. These procedures always begin with a phrase that describes the task goal, followed by numbered steps that describe what you must do to complete the task.
The beginning of every chapter has cross references to the procedures that it contains. These cross references, like all cross references in this guide, are hyperlinked.
xii X Family LSM User’s Guide V 2.5.1
Conventions
Menu Navigation
The LSM provides drop-down menu lists to navigate and choose items in the user interface. Each instruction that requires moving through the menus uses an arrow (>) to indicate the movement. For example, Edit > Details means, select the Edit menu item. Then, click the Details option.
Sample Procedure
STEP 1
STEP 2
Click the Filters tab.
Place your mouse cursor over the Open menu.

Screen Captures

The instructions and descriptions in this document include images of screens. These screen captures may be cropped, focusing on specific sections of the application, such as a pane, list, or tab. Refer to the application for full displays of the application.

Messages

Messages are special text that are emphasized by font, format, and icons. There are four types of messages in this guide:
Wa r n i n g
Caution
Note
Tip
A description of each message type with an example message follows.
Warning
Warnings tell you how to avoid physical injury to people or equipment. For example:
WARNING The push-button on/off power switch on the front panel of the server does
not turn off the AC power. To remove AC power from the server, you must unplug the AC power cord from either the power supply or the wall outlet.
Caution
Cautions tell you how to avoid a serious loss of data, time, or security. You should carefully consider this information when determining a course of action or procedure. For example:
CAUTION You should disable password caching in the browser you use to access the
LSM. If you do not disable password caching in your browser, and your workstation is not secured, your system security may be compromised.
X Family LSM User’s Guide V 2.5.1 xiii
About This Guide
Note
Notes tell you about information that might not be obvious or that does not relate directly to the current topic, but that may affect relevant behavior. For example:
Note If the device is not currently under SMS control, you can find out the IP address of the last SMS that was in control by checking SMS & NMS page (System > Configuration > SMS/NMS).
Tip
Tips are suggestions about how you can perform a task more easily or more efficiently. For example:
TIP
You can see what percentage of disk space you are using by checking the
Monitor page (Events > Health > Monitor).

Related Documentation

The X family products have a full set of documentation. These publications are available in electronic format on your CD. For the most recent updates, check the Threat Management Center (TMC) web site at https://tmc.tippingpoint.com
.

Online Help

In the Launch Bar of the application, the Help button opens the main welcome page to the online help.
Opens the online help at the opening page.
If you have problems finding help on a particular subject, you can review the Index or use the Search tab in the navigation pane. Each page also includes related topic links to find more information on particular subjects and functions.

Customer Support

We are committed to providing quality customer support to all customers. A customer is provided with detailed customer and support contact information. For the most efficient resolution of your problem,
xiv X Family LSM User’s Guide V 2.5.1
Customer Support
please take a moment to gather some basic information from your records and from your system before contacting customer support.
Information Location
Your X family device serial number
Your TOS version number You can find this information in the LSM in the Device Summary
Your X family device boot time
You can find this number in the LSM in the System Summary page, on the shipping invoice that came with the device, or on the bottom of the device.
page, or by using the CLI
You can find this information in the LSM in the System Summary page.
show version
command.

Contact Information

Please address all questions regarding the software to your authorized representative.
X Family LSM User’s Guide V 2.5.1 xv
About This Guide
xvi X Family LSM User’s Guide V 2.5.1
1

System Overview

The X family device is a high-speed, comprehensive security system with a browser-based manager called the Local Security Manager (LSM). The Overview section provides an overview of the LSM functions and use in the X family device.

Overview

Enterprise security schemes once consisted of a conglomeration of disparate, static devices from multiple vendors. Today, the X family device provides the advantages of a single, integrated, highly adaptive security system that includes powerful hardware and an intuitive management interface.
This section describes the X family device and the LSM client application, Command Line Interface (CLI), and Security Management System (SMS) used to interact with and manage the device.
The Overview chapter includes the following topics:
“X Family Device” on page 1
“System Requirements” on page 4
“SMS Configuration” on page 4
o
“Core Functionality” on page 2
o
“X Family Environment” on page 3
o
“Local Clients” on page 4
Note Check the Release Notes for specific limitations and known issues regarding the current release.

X Family Device

The X family device offers an integrated system that includes a stateful packet inspection firewall, IPSec virtual private network (VPN) management, bandwidth management, and web content filtering functions along with TippingPoint Intrusion Prevention System (IPS) functionality.
X Family LSM User’s Guide V 2.5.1 1
Chapter 1 System Overview
The X family firewall functionality provides service-level, stateful inspection of network traffic. It incorporates filtering functionality to protect mission-critical applications. An administrator can use firewalls and content filters to determine how the device handles traffic to and from a particular service. These filters are specified by the source, destination, and service or protocol of the traffic. The device maintains an inventory of the active hosts and services on those hosts.
IPSec VPN management provides the ability to apply all X family functionality across the enterprise, monitoring network traffic at the enterprise level and also traffic between main office and branch locations.
Bandwidth management, or policy-based traffic shaping, allows the X family device to control both inbound and outbound traffic streams as well as inside and outside IPSec VPN tunnels. Using these policies, the device allows users to prioritize real-time business critical applications including video and conferencing, IP telephony, and interactive distance-learning over non-essential traffic, such as peer-to-peer file sharing.
Web content filtering provides the tools to enforce network policy by prohibiting the download of non­work related web sites and offensive or illegal web content.
The IPS functionality provides total packet inspection and intrusion prevention to detect and block malicious traffic such as worms, viruses, Trojans, Phishing attempts, Spyware, and VoIP threats. Using filters defined by the Digital Vaccine security team, the X family device scans traffic to recognize header or data content that signals an attack along with the protocol, service, and the operating system or software the attack affects. Each filter includes an action set, which determines how the device responds when it detects packets that match filter parameters. In a broad sense, the device either drops matching packets or permits them. The Digital Vaccine security team continually develops new attack filters to preemptively protect against the exploit of new and zero day vulnerabilities. To ensure up-to­date network protection, you can configure the device to automatically check for and install DV updates.

Core Functionality

The X family device provides the following core functionality:
• Stateful packet inspection firewall — flexible configuration of object-based firewall rules and unified control of multiple services, virtual servers, network address translation (NAT), and routing.
• Security Zones — logically section your network for the purposes of applying firewall rules and IPS filters between internal sections of your network, between your network and the internet, and between your network and remote office locations (VPN).
• Standards-based IPSec Virtual Private Networks including:
o
hardware-accelerated encryption DES, 3DES, and AES encryption protocols
o
feature-rich client VPN capability using PPTP or L2TP protocols
o
ability to inspect and control traffic both inside and outside of all VPN tunnel types using firewalls or IPS to ensure secure VPN connectivity.
• Flexible user authentication — control access to the device and the internet, authenticating via the device itself, or through an external RADIUS database.
• Web filtering — URL filtering with configurable permit/block lists and regular-expression URL matching as well as a web content filtering subscription service to enforce network security and
2 X Family LSM User’s Guide V 2.5.1
X Family Device
usage policy by prohibiting the download of non-work related web sites and offensive or illegal Web content.
• Bandwidth management — enforce network usage policy by rate-limiting applications such as peer­to-peer file sharing and instant messaging applications.
• Prioritization of traffic inside and outside VPN tunnels with flexible, policy-based controls.
• IP multicast routing (PIM-DIM) over IPSec, supporting next-generation IP conferencing applications — prioritizes real-time traffic and provides secure connectivity for IP multicast traffic.
• Device management — option to configure, monitor, and manage the device using either the web­based client application (the Local Security Manager) or the command line interface (CLI).
• Centralized Management — option to configure, monitor, and manage individual or multiple X family devices using the Security Management System (SMS).
• The TippingPoint Intrusion Prevention System (IPS) — identify and stop malicious traffic on the edge of the network using filters that detect and block malicious traffic. Customize default filters to meet the specific needs of your enterprise.
• Digital Vaccine real-time protection — the Threat Management Center monitors global network security threats and continually develops new attack filters which are automatically distributed to preemptively protect against the exploit of new and zero day vulnerabilities.
The following sections describe the X family environment and system components in more detail.

X Family Environment

An X family device can be installed at the perimeter of your network, in your remote offices, on your intranet, or in all three locations. The following diagram shows an example of a corporate network with X family devices deployed in a variety of locations.
X Family LSM User’s Guide V 2.5.1 3
Chapter 1 System Overview
When the X family device is installed and configured, it protects your network zones (LAN, WAN, and VPN, for example) using firewall rules and IPS filters. The device scans and reacts to network traffic according to the actions configured in the firewall rule or IPS filter. Each security zone and device can use a different set of firewall rules and IPS filters. Actions configured on the firewall rules and IPS filters provide the instructions for the device and can include blocking, rate limiting, or permitting the traffic and sending a notification about the action to a device or e-mail address. Options are also available to block traffic and quarantine the source IP address for the traffic.
For users who will deploy multiple X family devices across the enterprise, TippingPoint provides the Security Management System (SMS). The SMS allows you to coordinate the management of multiple devices for administration, configuration, and monitoring. Most importantly, the SMS includes enterprise-wide reporting and trend analysis.

Local Clients

You can access the X family device for monitoring, management, and configuration from any of the following three client applications:
Local Security Manager (LSM) — Web-based GUI for managing one IPS device. The LSM provides HTTP and HTTPS (secure management) access. This access requires Microsoft Internet Explorer 6.0 or later, Firefox 1.5+, Mozilla 1.7+, or Netscape 8.1+. Using the LSM, you have a graphical display for reviewing, searching, and modifying settings. The GUI interface also provides graphical reports for monitoring the device traffic, triggered filters, and packet statistics.
Command Line Interface (CLI) — Command line interface for reviewing and modifying settings on the device. The CLI is accessible through Telnet and SSH (secure access).
Secure Management System (SMS) — the SMS allows you to remotely manage multiple X family devices. You can configure security zones, profiles and policy (firewall rules and IPS filters) from the SMS and distribute the configuration to multiple devices. The SMS also allows you to view, manage and edit device configuration, and review logs and reports for all devices under SMS management.
Note The device allows for 10 web client connections, 10 telnet/SSH (for CLI) connections, and one console connection at once.

System Requirements

The LSM is software accessed using a web browser. The browser’s hardware and software requirements are not as technical as systems loading the software locally. To access the LSM, you need the following:
• Microsoft Internet Explorer (MSIE) v 6.0 or greater with 128-bit encryption and support for JavaScript and cookies, Firefox 1.5+, Mozilla 1.7+, or Netscape 8.1+

SMS Configuration

If you will maintain your device using the Security Management System (SMS) or you will no longer use the SMS, you need to configure a setting on the device. This setting identifies if the device is controlled by the SMS.
For more information, see “SMS/NMS” on page 232.
4 X Family LSM User’s Guide V 2.5.1
2

LSM Navigation

LSM Navigation describes the LSM interface, how to log in, and the general sections of the application.

Overview

The Local Security Manager (LSM) is a graphical user interface (GUI) that makes configuring and monitoring your X family device easy by providing a user-friendly interface to help accomplish administrative activities. You access the LSM through a browser. See more information.
This chapter details the login and navigation procedures of the LSM user interface. It includes the following information:
“Security Notes” on page 5
“Logging In” on page 6
“LSM Screen Layout” on page 8
“System Summary” on page 12
Log in to the LSM” on page 6 for

Security Notes

The LSM enables you to manage your X family device using a Web browser. It is important to note that some browser features, such as password caching, are inappropriate for security use and should be turned off.
CAUTION Some browsers offer a feature that stores your user login and password for
future use. We recommend that you turn this feature off in your browser. It is counter to standard security practices to store login names and passwords, especially those for sensitive network equipment, on or near a workstation.
X Family LSM User’s Guide V 2.5.1 5
Chapter 2 LSM Navigation
In addition, you can configure the LSM to communicate using either an HTTP or an HTTPS server. The default configuration is to use an HTTPS server.Whenever the device is connected to your network, you should run the HTTPS server, not the HTTP server. HTTP servers are not secure because your user name and password travel over your network unencrypted. You should only use the HTTP server when you are sure that communications between the device and the workstation from which you access the LSM cannot be intercepted.

Logging In

When you log in to the LSM, you are prompted for your username and your password. This login gives you access to the areas of the LSM permitted by your user role. For information on user roles and accesses, see Chapter 9‚ “
Note You can modify the server configuration using the conf t server command. For details, see the Command Line Interface Reference Guide.
Aut hen tic atio n”.
TIP
Most Web browsers will not treat addresses beginning with HTTP and HTTPS interchangeably. If your browser cannot find your LSM, make sure that you are using running.
http://
or
https://
depending on which Web server you are
Note The device supports up to 10 Web client connections, 10 telnet/SSH (for CLI) connections, and 1 console connection at once.
Depending on your security settings, warnings may display when accessing the client. To access the device without warnings, refer to Appendix A‚ “
Certificates”.
You will be presented with the login screen under the following situations:
• When you first log in to the LSM
• After the LSM web session times out

Log in to the LSM

STEP 1
Enter the IP address or hostname of your IPS device in your browser Address bar. For example:
https://123.45.67.89
The LSM displays a login page. The page provides the name and model of your device.
Browser
6 X Family LSM User’s Guide V 2.5.1
Figure 2–1: LSM Logon Page
Logging In
STEP 2
STEP 3
STEP 4
Enter your Userna me.
Enter your Password
Click Log On.
The LSM validates your account information against the permitted users of the software. If the information is valid, the LSM software opens. If the account information is not valid, the Login page is redisplayed.
Note Only 10 Web client and 10 SSH (for CLI) connections are allowed to connect to a device at once.
X Family LSM User’s Guide V 2.5.1 7
Chapter 2 LSM Navigation

LSM Screen Layout

The LSM provides features in two main areas of the browser window:
Main Menu Bar — Located at the top of the browser window (see item 1 in the figure). This area provides quick access to the System Summary page, online help, and current user and device status.
Navigation — Located on the left side bar of the browser window (see item 2 in the figure). The Navigation bar provides access to the LSM menu functions. To view all the options available for a main menu item (IPS for example), click the menu label. On an expanded menu, options with a + indicate that additional sub-menu are available. When you select a menu item, the content and functionality area displays the content and available options. If you click the << icon in the upper right corner of the Navigation menu, the menu collapses to provide more screen space for the current page displayed in the Content and Functionality area. Click >> to re-open the menu.
Content and Functionality — Located on the right side of the browser window (see item 3 in the figure). This area displays pages from which you can monitor the device operation and performance, view current configuration settings, and modify configuration. The content updates when you click a link in the LSM menu, or when you select buttons or links within a page. Links may display new content or open dialog boxes. When you first log onto the LSM, the System Summary automatically displays in this area.
page
Figure 2–2: LSM Screen Layout
8 X Family LSM User’s Guide V 2.5.1
LSM Screen Layout

Main Menu Bar

The dark blue bar at the top of the LSM screen provides quick access to basic logon information. The following table lists the available options in the Main Menu Bar:
Table 2–1: Main Menu Bar Options
Option Description
System Summary To display the System Summary, click the System Summary icon.
For information about this page, see
page 12.
Online Help To access the X family online help, click the Launch Help Window
icon.
Current User Displays the login name for the current user.
Current date and time Displays the current date and time on the X family device. The date
and time settings on the device are determined by the time synchronization method and time zone configured for the device. For details, see
Time Options” on page 229.
System Summary” on
Auto Log Off To log off of the LSM, click the Log Off link.
For security purposes, LSM sessions have a timeout period. This timeout period determines how long the LSM can remain idle before automatically ending the session/ logging off the user. The default timeout period is 60 minutes. LSM administrators with super-user access can change the default timeout period from the Preferences page (Authentication > Preferences). For details, see
Preferences” on page 266.
X Family LSM User’s Guide V 2.5.1 9
Chapter 2 LSM Navigation

Navigation

You can access the available features of the LSM by selecting an option from the navigation area. The LSM displays the page you select in the content and functionality area of the browser. Each option list displays a tier of links and features for maintaining and monitoring the device
The following table lists the available options in the navigation area:
Table 2–2: Navigation Options
Option Description
IPS • Create and manage security profiles used to monitor traffic between security
zones. This includes reviewing category settings, creating filter overrides, and specifying limits and exceptions for user-specified IP address.
• Create and manage traffic threshold filters, action sets, and ports for IPS services.
• Manage and configure settings for IPS filters, the Threat Suppression Engine (TSE), and global Adaptive Filter.
See “Chapter 3‚ “
IPS Filtering” for more information.
Firewall • View and configure settings for the firewall.
• View and configure web filtering for the web filter service and create a custom filter list to permit or block traffic based on user-specified URLs.
See Chapter 4‚ “
VPN View, configure and manage settings for site-to-site and/or client-to-site VPN
connections. See Chapter 7‚ “
Events • View, download, print, and reset Alert, Audit, Block, and System logs.
• View graphs reporting on traffic flow, traffic-related events, and statistics on firewall hit counts and triggered filters (attack, rate limit, traffic threshold, quarantine and adaptive filter).
• Monitor, search, and maintain traffic streams for adaptive filtering, blocked streams, and rate-limited streams. Manually quarantine an IP address or release a quarantined IP address.
• View reports on traffic flow, traffic-related events, and statistics on firewall hit counts and triggered filters (attack, rate limit, traffic threshold, quarantine and adaptive filter).
• View the status of hardware components, performance (throughput), and system health.
See Chapter 5‚ “
Firewall” for more information.
VPN” for more information.
Events: Logs, Traffic Streams, Reports” for more information.
System • Configure system controls such as time options, SMS/NMS interaction, and
High Availability.
• Download and install software and Digital Vaccine (filter) updates.
See Chapter 8‚ “
10 X Family LSM User’s Guide V 2.5.1
System” for more information.
LSM Screen Layout
Table 2–2: Navigation Options (Continued)
Option Description
Network • Configure network ports, security zones, IP interfaces, IP Address Groups, the
DNS server, the default gateway, routing, and DHCP server information.
• Access network tools for DNS lookup, find network path, traffic capture, ping, and trace route functionality.
See Chapter 6‚ “
Authentication Create, modify, and manage user accounts. Configure authentication.
See Chapter 9‚ “
Network” for more information.
Authentication” for more information.

Content and Functionality

The LSM displays all data in the central area of the browser window. As you browse and select linked options from the navigation area, pages display allowing you to review information, configure options, or search data. Links selected on these pages may display additional pages or dialog boxes depending on the feature selected.
Title Bar
On each page, you can see the position of the page in the menu hierarchy provided in the title bar. For example, on the Alert Log page, the menu hierarchy indicates that the page is located off the EVENTS > LOGS sub-menu. On tabbed menu pages, you can navigate up the hierarchy from the current location by clicking on the link in the hierarchy listing.
Auto Refresh
Some pages (such as System Summary) automatically refresh themselves periodically.
• To disable the auto refresh function, deselect the Auto Refresh check box.
• To manually refresh: click the Refresh link.
•To reconfigure the Page Refresh Time, see “Preferences” on page 266.
Tabbed Menu Options
Some sub-menu options previously available in the left-hand navigation menu are now accessible as a tab on the main page for the menu. For example, from the Tools page, the following tabs are available: DNS Lookup, Find Network Path, Traffic Capture, Ping, and Tr ac e r ou t e.
X Family LSM User’s Guide V 2.5.1 11
Chapter 2 LSM Navigation

System Summary

The System Summary page automatically displays when you first log onto the LSM. To redisplay the System Summary page at any time, click the System Summary icon, in the Main Menu Bar
The System Summary page includes the following:
System Status — Displays summary information about the device health, packet statistics, and network DHCP. Also provides access to the Reboot Device function.
Log Summary — Displays summary information about all the Event Logs.
Product Specifications — Displays product, version, time, and encryption information.

System Status

Health
The Health section of the Statistics frame displays a color indicator of the hardware health of the device. For detailed information about each of the health indicators, click on the corresponding link above the color indicator. The Health section includes indicators for the following components:
.
System Log
Traf f ic T hres hold
Per for ma nce
Disk Space
Memory
Web Fi lt er i ng
HA Status
The colors indicate the current state of each component:
• Green if there are no problems
• Yellow if there is a major warning
• Red if there is a critical warning
• Grey if the service is disabled
You can set the thresholds for warnings. This defines when the indicator color will change based on the usage of those components. For more information, see
Usage” on page 239, and select System > Thresholds in the Navigation area.
If the System Log is other than green, you can click on the indicator to view the error that caused the condition.
Thresholds to Monitor Memory and Disk
Note When you view the logged error, the indicator resets and changes to green under System Summary.
12 X Family LSM User’s Guide V 2.5.1
System Summary
Packet Stats
The Packet Stats section provides basic traffic statistics including the following:
Received — Total number of packets received and scanned by the Threat Suppression Engine
Blocked — Total number of packets that have been blocked by the Threat Suppression Engine
Rate Limited — The number of packets that matched a filter configured to a permit action set
Dropped — Total number of packets that have been dropped because they are not properly formed or formatted
To reset the counters, click the Reset link.
Packet counters provide a snapshot of the traffic going through your network. The packet totals give a partial account of blocked activity according to the filters. All other filter results affect the packet totals.
Note The counters are not synchronized with each other; packets may be counted more than once in some situations.
The counters display the amount of packets tracked. If the number is less than 1M, the Packet Statistics section displays the full amount. If the amount is greater than 999,999 K, the information is abbreviated with a unit factor. For example, 734,123K would display fully whereas 4,004,876,543 displays as 4.00B. When the number reaches the million and billion mark, the number displays as a decimal amount with a letter (such as G for gigabytes). The unit factors include, M for mega, G for giga, and T for tera. To view the full amount, hover your mouse over the displayed amount. A Tool Tip pops up, displaying the full packet amount.
Network DHCP
The Network DHCP section displays the following information:
• Current Leases
• Available Leases
Reboot Device
To reboot the device, click the Reboot Device link

Log Summary

The Log Summary section displays the number of entries and events for each type of Event Log. In addition, it allows you to perform functions on those logs.
System Log
Audit Log. This log is only available to those with Super User access.
Alert Log
Block Log
Firewall Block Log
Firewall Session Log
VPN Log
X Family LSM User’s Guide V 2.5.1 13
Chapter 2 LSM Navigation
For more detailed information about these logs, select Events > Logs.

Product Specifications

The Product Specification section displays the following information:
Model Number — Model number of the device.
Product Code — The device product code.
Serial Number — Serial number of the device.
TOS Version — Version number of the TOS software.
Digital Vaccine — Version number of the Digital Vaccine.
Boot Time — Time when the device was last started.
Up Time — How long the device has been operating continuously.
Encryption — Current encryption method being used. By default all new X family devices are supplied with 56-bit DES encryption only. To enable strong encryption functionality (3DES, 128­AES, 192-AES, 256-AES), install the correct Strong Encryption Service Pack for your device. You can download encryption service packs from the TMC Web site.
14 X Family LSM User’s Guide V 2.5.1
Loading...
+ 303 hidden pages