APSVision Admin Guide

APSolute Vision Administrator Guide
Software Version 1.30

Document ID: RDWR-APSV-V0130_AG1205
May, 2012
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 20062012. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 20062012. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Copyright Radware Ltd. 20062012. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
This product contains code developed by the OpenSSL Project
This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit.
(http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This code is hereby placed in the public domain.
This product contains code developed by the OpenBSD Project
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.
Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3.
Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This product includes software developed by Markus Friedl

This product includes software developed by Theo de Raadt
This product includes software developed by Niels Provos
This product includes software developed by Dug Song
This product includes software developed by Aaron Campbell
This product includes software developed by Damien Miller
This product includes software developed by Kevin Steves
This product includes software developed by Daniel Kouril
This product includes software developed by Wesley Griffin
This product includes software developed by Per Allansson
This product includes software developed by Nils Nordman
This product includes software developed by Simon Wilkinson
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
ALL THE SOFTWARE MENTIONED ABOVE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided as is without express or implied warranty of any kind.
Notice traitant du copyright

Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Ce produit inclut un logiciel dvelopp dans le cadre du projet OpenSSL. Pour un usage dans la bote
outils OpenSSL (http://www.openssl.org/).
Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits rservs. Ce produit inclut la catgorie de
chiffre Rijndael.
Limplmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribue sous les termes de la licence suivante:
@version 3.0 (Dcembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur:
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright (c) 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3.
Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
Ce produit inclut un logiciel dvelopp par Markus Friedl

Ce produit inclut un logiciel dvelopp par Theo de Raadt Ce produit inclut un logiciel dvelopp par
Niels Provos
Ce produit inclut un logiciel dvelopp par Dug Song
Ce produit inclut un logiciel dvelopp par Aaron Campbell Ce produit inclut un logiciel dvelopp
par Damien Miller
Ce produit inclut un logiciel dvelopp par Kevin Steves
Ce produit inclut un logiciel dvelopp par Daniel Kouril
Ce produit inclut un logiciel dvelopp par Wesley Griffin
Ce produit inclut un logiciel dvelopp par Per Allansson
Ce produit inclut un logiciel dvelopp par Nils Nordman
Ce produit inclut un logiciel dvelopp par Simon Wilkinson.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1.
La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2.
La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.
Copyrightvermerke
Dieses Produkt enthlt einen vom OpenSSL-Projekt entwickelten Code
Dieses Produkt enthlt vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL
Toolkit. (http://www.openssl.org/).
Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthlt die
Rijndael cipher
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter:
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3. Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthlt von Markus Friedl entwickelte Software Dieses Produkt enthlt von Theo de
Raadt entwickelte Software Dieses Produkt enthlt von Niels Provos entwickelte Software Dieses
Produkt enthlt von Dug Song entwickelte Software
Dieses Produkt enthlt von Aaron Campbell entwickelte Software Dieses Produkt enthlt von Damien
Miller entwickelte Software Dieses Produkt enthlt von Kevin Steves entwickelte Software Dieses
Produkt enthlt von Daniel Kouril entwickelte Software Dieses Produkt enthlt von Wesley Griffin
entwickelte Software Dieses Produkt enthlt von Per Allansson entwickelte Software Dieses Produkt
enthlt von Nils Nordman entwickelte Software
Dieses Produkt enthlt von Simon Wilkinson entwickelte Software
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)
BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH,
DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER
ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.
UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR
BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR
SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH
NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN
NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE
ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE,
GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT
ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST
WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
Figure 1: Electrical Shock Hazard Label
DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

The following figure is the warning for Radware platforms with dual power supplies.
Figure 2: Dual-Power-Supply-System Safety Warning in Chinese
Translation of Dual-Power-Supply-System Safety Warning in Chinese:

This unit has more than one power supply. Disconnect all power supplies before maintenance to
avoid electric shock.
SERVICING
Do not perform any servicing other than that contained in the operating instructions unless you are
qualified to do so. There are no serviceable parts inside the unit.
HIGH VOLTAGE
Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided
as much as possible and, when inevitable, must be carried out only by a skilled person who is aware
of the hazard involved.
Capacitors inside the instrument may still be charged even if the instrument has been disconnected
from its source of supply.
GROUNDING
Before connecting this device to the power line, the protective earth terminal screws of this device
must be connected to the protective earth in the building installation.
LASER
This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 +
A2:2001 Standard.
FUSES
Make sure that only fuses with the required rated current and of the specified type are used for
replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided.
Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be
made inoperative and be secured against any unintended operation.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN
61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-411For CE MARK Compliance. These limits are designed to provide reasonable protection
against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses and can radiate radio frequency energy
and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required
to correct the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
Figure 3: Statement for Class A VCCI-certified Equipment
Translation of Statement for Class A VCCI-certified Equipment:

This is a Class A product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this equipment is used in a domestic environment,
radio disturbance may occur, in which case, the user may be required to take corrective action.
Figure 4: Statement for Class B VCCI-certified Equipment
Translation of Statement for Class B VCCI-certified Equipment:

This is a Class B product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this is used near a radio or television receiver in a
domestic environment, it may cause radio interference.
Install and use the equipment according to the instruction manual.
KCC KOREA
Figure 5: KCCKorea Communications Commission Certificate of Broadcasting and

Communication Equipment
Figure 6: Statement For Class A KCC-certified Equipment in Korean
Translation of Statement For Class A KCC-certified Equipment in Korean:

This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user
should take notice of it, and this equipment is to be used in the places except for home.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
10
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
This marking or statement includes the following text warning:

CAUTION
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Caution To Reduce the Risk of Electrical Shock and Fire
1. This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2. All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.
4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6. Do not operate the device in a location where the maximum ambient temperature exceeds
40C/104F.
7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
AC units for Denmark, Finland, Norway, Sweden (marked on product):
Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!
Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

varustettuun pistorasiaan
Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt
Unit is intended for connection to IT power systems for Norway only.
Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.
To connect the power connection:

1. Connect the power cable to the main socket, located on the rear panel of the device.
2. Connect the power cable to the grounded AC outlet.
11
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.
Figure 7: tiquette davertissement de danger de chocs lectriques
AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

LECTRIQUE (EN CHINOIS)
La figure suivante reprsente ltiquette davertissement pour les plateformes Radware dotes de
deux sources dalimentation lectrique.
Figure 8: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)
Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
12
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI
Figure 9: Dclaration pour lquipement de classe A certifi VCCI
Traduction de la Dclaration pour lquipement de classe A certifi VCCI:

Il sagit dun produit de classe A, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement
domestique, des perturbations radiolectriques sont susceptibles dapparatre. Si tel est le cas,
lutilisateur sera tenu de prendre des mesures correctives.
13
Figure 10: Dclaration pour lquipement de classe B certifi VCCI
Traduction de la Dclaration pour lquipement de classe B certifi VCCI:

Il sagit dun produit de classe B, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Sil est utilis proximit dun poste de radio ou dune
tlvision dans un environnement domestique, il peut entraner des interfrences radio.
Installez et utilisez lquipement selon le manuel dinstructions.
KCC Core
Figure 11: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.
Figure 12: Dclaration pour lquipement de classe A certifi KCC en langue corenne
Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:

Cet quipement est un matriel (classe A) en adquation aux ondes lectromagntiques et le
vendeur ou lutilisateur doit prendre cela en compte. Ce matriel est donc fait pour tre utilis
ailleurs qu la maison.
NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS
Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon dalimentation
homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni dune prise moule son extrmit,
de 125 V, [10 A], dune longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion europenne, choisissez un cordon dalimentation mondialement homologu et marqu
<HAR>, 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La
prise lextrmit du cordon, sera dote dun sceau moul indiquant: 250 V, 3 A.
ZONE A ACCS RESTREINT
Lquipement aliment en CC ne pourra tre install que dans une zone accs restreint. CODES
DINSTALLATION
Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du
Nord, lquipement sera install en conformit avec le code lectrique national amricain, articles
110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12. INTERCONNEXION DES
UNTES.
14
Les cbles de connexion lunit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou
DP-2. (Remarque- sils ne rsident pas dans un circuit LPS) PROTECTION CONTRE LES
SURCHARGES.
Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
tre intgr au cblage du btiment pour chaque puissance consomme.
BATTERIES REMPLAABLES
Si lquipement est fourni avec une batterie, et quelle est remplace par un type de batterie
incorrect, elle est susceptible dexploser. Cest le cas pour certaines batteries au lithium, les
lments suivants sont donc applicables:
Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.
Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.
Cette marque ou remarque inclut lavertissement textuel suivant:

AVERTISSEMENT
RISQUE DEXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT. METTRE AU
REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS.
Attention - Pour rduire les risques de chocs lectriques et dincendie
1. Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.
2. Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.
3. NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.
4. Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.
5. Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.
6. Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la
valeur maximale autorise. 40C/104F.
7. Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.
PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):
Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!
Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt
Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).
Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Pour brancher lalimentation lectrique:

1. Branchez le cble dalimentation la prise principale, situe sur le panneau arrire de lunit.
2. Connectez le cble dalimentation la prise CA mise la terre.
15
AVERTISSEMENT
Risque de choc lectrique et danger nergtique. La dconnexion dune source dalimentation
lectrique ne dbranche quun seul module lectrique. Pour isoler compltement lunit, dbranchez
toutes les sources dalimentation lectrique.
ATTENTION
Risque de choc et de danger lectriques. Le dbranchement dune seule alimentation stabilise ne
dbranche quun module Alimentation Stabilise. Pour Isoler compltement le module en cause, il
faut dbrancher toutes les alimentations stabilises.
Attention: Pour Rduire Les Risques dlectrocution et dIncendie
1.
Toutes les oprations dentretien seront effectues UNIQUEMENT par du personnel dentretien
qualifi. Aucun composant ne peut tre entretenu ou remplace par lutilisateur.
2.
NE PAS connecter, mettre sous tension ou essayer dutiliser une unit visiblement dfectueuse.
3.
Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES.
4.
Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme
capacit, comme indiqu sur ltiquette de scurit proche de lentre de lalimentation qui
contient le fusible.
5.
NE PAS UTILISER lquipement dans des locaux dont la temprature maximale dpasse 40
degrs Centigrades.
6.
Assurez vous que le cordon dalimentation a t dconnect AVANT dessayer de lenlever et/ou
vrifier le fusible de lalimentation gnrale.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
Figure 13: Warnetikett Stromschlaggefahr
16
SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG

Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.
Figure 14: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung
bersetzung von Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung:

Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von
Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab.
WARTUNG
Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei
denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile.
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter
Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie
ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn
das Gert von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der
Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.
LASER
Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der
angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das
Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der
Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben
bezglich der korrekten elektrischen Werte des Gertes.
Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC. NDERUNGEN DER
TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
17
ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ
Figure 15: Erklrung zu VCCI-zertifizierten Gerten der Klasse A
bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse A:

Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer
verpflichtet, korrigierend einzugreifen.
Figure 16: Erklrung zu VCCI-zertifizierten Gerten der Klasse B
bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse B:

Dies ist ein Produkt der Klasse B gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten.
Montieren und benutzen Sie das Gert laut Anweisungen im Benutzerhandbuch.
KCC KOREA
Figure 17: KCCKorea Communications Commission Zertifikat fr Rundfunk-und

Nachrichtentechnik
Figure 18: Erklrung zu KCC-zertifizierten Gerten der Klasse A
18
bersetzung von Erklrung zu KCC-zertifizierten Gerten der Klasse A:

Verkufer oder Nutzer sollten davon Kenntnis nehmen, da dieses Gert der Klasse A fr industriell
elektromagnetische Wellen geeignete Gerten angehrt und dass diese Gerte nicht fr den
heimischen Gebrauch bestimmt sind.
BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA
Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [10 A],
mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische
Anschlsse verwenden Sie ein international harmonisiertes, mit <HAR> markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker fr 250 V, 3 A enden.
BEREICH MIT EINGESCHRNKTEM ZUGANG
Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
BERSTROMSCHUTZ
Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr
jede Stromeingabe in der Gebudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen
falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.
Diese Markierung oder Erklrung enthlt den folgenden Warntext: VORSICHT

EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT WIRD.
GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.
Denmark - Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in

Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine
geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!
Finland - (Markierungsetikett und im Handbuch) - Laite on liitettv

suojamaadoituskoskettimilla varustettuun pistorasiaan
Norway - (Markierungsetikett und im Handbuch) - Apparatet m tilkoples jordet stikkontakt

Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen
Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Anschluss des Stromkabels:

1. Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.
2. Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
19
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr

1.
Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.
2.
Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt

werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile.
3.
Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.
4.
Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.
5.
Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.
6.
Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.
7.
Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item
Description
Description (French)
Beschreibung (German)
An example scenario
Un scnario dexemple
Ein Beispielszenarium
Possible damage to
equipment, software, or
data
Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel
Additional information
Informations
complmentaires
Zustzliche
Informationen
A statement and
instructions
Rfrences et
instructions
Eine Erklrung und

Anweisungen
A suggestion or
workaround
Une suggestion ou
solution
Ein Vorschlag oder eine

Umgehung
Example
Caution:
Note:
To
Tip:
Possible physical harm to Blessure possible de
the operator
loprateur
Verletzungsgefahr des
Bedieners
Warning:
20
Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Safety Instructions ......................................................................................................... 8
Document Conventions ............................................................................................... 20
Chapter 1 Introduction to APSolute Vision ....................................................... 25

What is APSolute Vision? ............................................................................................ 25
APSolute Vision Three-Tier Architecture ..................................................................... 27
Overview of APSolute Vision Features ........................................................................ 27
Online Device Configuration ................................................................................................ 28
Monitoring of Managed Devices and Services .................................................................... 28
Operation Control and Maintenance .................................................................................... 28
Device Drivers ..................................................................................................................... 28
Scheduling ........................................................................................................................... 29
Auditing and Alerts ............................................................................................................... 29
User Management and Role-based Access Control (RBAC) .............................................. 30
APSolute Vision Platform Security ....................................................................................... 30
APSolute Vision Platform Management ............................................................................... 30
Supported Alteon Environments .......................................................................................... 30
DefensePro Security Groups ............................................................................................... 31
Real-Time Security Reporting .............................................................................................. 31
Historical Security ReportingAPSolute Vision Reporter .................................................. 31
Online Help .......................................................................................................................... 31
APSolute Vision Interface Navigation .......................................................................... 31

Configuration Perspective .................................................................................................... 32
Monitoring Perspective ........................................................................................................ 36
Security Monitoring Perspective .......................................................................................... 40
Asset Management Perspective .......................................................................................... 41
APSolute Vision Sites .......................................................................................................... 42
Chapter 2 Getting Started with APSolute Vision............................................... 43

Initializing the APSolute Vision Server ........................................................................ 43
Recommended Basic Security Procedures ................................................................. 45
Restricting Root Access .......................................................................................................
Restricting APSolute Vision CLI Access ..............................................................................
Restricting Web Access to the APSolute Vision Server ......................................................
Restricting Web Access by Radware Technical Support .....................................................
45
45
45
45
APSolute Vision Client Installation .............................................................................. 46

APSolute Vision Client Requirements ................................................................................. 46
APSolute Vision Reporter Requirements ............................................................................. 47
Installing the APSolute Vision Client .................................................................................... 47
21

Table of Contents
Logging into APSolute Vision ..................................................................................... 48

Changing Passwords for Local Users ........................................................................ 49
Configuring the APSolute Vision Server ..................................................................... 49
Configuring Server Connections .........................................................................................
Configuring Settings for the Alerts Pane .............................................................................
Configuring Monitoring Settings ..........................................................................................
Configuring APSolute Vision Server Alarm Thresholds ......................................................
Configuring RADIUS Server Connections ...........................................................................
Configuring APSolute Vision Server Advanced Parameters ...............................................
Configuring APSolute Vision Reporter Parameters .............................................................
49
51
53
54
55
58
60
Configuring Client Preferences ................................................................................... 60

Configuring the Default Perspective .................................................................................... 60
Configuring Default Client Settings for the Alerts Pane ....................................................... 61
Configuring Default Display Settings for Monitoring and Reports ....................................... 61
Filtering the Display of Tree Elements in the System Tabs ........................................ 62

Updating the Attack Description File .......................................................................... 65
After Initial Configuration of APSolute Vision ............................................................. 66
Chapter 3 Managing APSolute Vision Users..................................................... 67

Logging In as the Default Administrator Userradware User ................................... 67
Role-Based Access Control (RBAC) .......................................................................... 68
Configuring Local Users ............................................................................................. 71
Adding and Editing Users ....................................................................................................
Deleting Users .....................................................................................................................
Releasing User Lockout ......................................................................................................
Resetting User Passwords to the Default ............................................................................
Resetting the radware Administrator Password ................................................................
Revoking and Enabling Users .............................................................................................
Exporting User Information ..................................................................................................
72
73
74
74
74
75
75
Viewing Predefined Roles .......................................................................................... 76

Viewing User Statistics ............................................................................................... 76
Configuring User Management General Settings ....................................................... 77
APSolute Vision Password Requirements .................................................................. 78
Chapter 4 Setting Up Your Network ................................................................... 79

APSolute Vision Sites ................................................................................................. 79
Site Trees ............................................................................................................................ 79
Default Site and Device Names .......................................................................................... 80
System PaneOrganization Tab and Physical Tab .................................................. 80

Organization Tab ................................................................................................................. 80
Physical Tab ........................................................................................................................ 81
Configuring Sites ........................................................................................................ 81
22

Table of Contents
Adding and Removing Devices ................................................................................... 82

Configuring APSolute Vision to Manage Multiple Alteon vADCs ......................................... 92
APSolute Vision Server Registered for Device EventsAlteon ......................................... 92
APSolute Vision Server Registered for Device EventsDefensePro ................................. 92
Locking and Unlocking Devices ................................................................................... 93

Alteon Device Configuration ManagementGlobal Commands ................................ 94
Creating AppDirector Clusters for High Availability ..................................................... 95
Creating DefensePro Clusters for High Availability ..................................................... 96
Finding Site Nodes ...................................................................................................... 98
Next Steps ................................................................................................................... 98
Chapter 5 APSolute Vision CLI Commands ...................................................... 99

Command Syntax Conventions ................................................................................... 99
Accessing APSolute Vision CLI ................................................................................ 100
Main CLI Menu ......................................................................................................... 101
General CLI Commands ........................................................................................... 101
Network Configuration Commands ........................................................................... 103
DNS Commands ...............................................................................................................
Network Interface Commands ..........................................................................................
Physical Interface Commands ..........................................................................................
Routing Commands ..........................................................................................................
103
105
106
107
System Commands .................................................................................................. 108

Miscellaneous System Commands ...................................................................................
System APSolute Vision Server Commands ....................................................................
System Backup Commands .............................................................................................
System confBackup Commands .......................................................................................
System Database Commands ..........................................................................................
System Date Commands ..................................................................................................
System NTP Commands ..................................................................................................
System SSL Commands ...................................................................................................
System Storage Commands .............................................................................................
System reporterBackup Commands .................................................................................
System TCP Capture Commands ....................................................................................
System techSupport Commands ......................................................................................
System Timezone Commands ..........................................................................................
109
110
111
113
116
118
119
120
123
124
127
129
131
Appendix A Managing the Online-Help Package on the Server .................... 133

Appendix B Technical-Support Packages ....................................................... 137
23

Table of Contents
Appendix C APSolute Vision Specifications and Requirements .................. 139

System Capacity ....................................................................................................... 139
UDP/TCP Ports ........................................................................................................ 139
APSolute Vision Client Requirements ...................................................................... 141
APSolute Vision Client Hardware Requirements .............................................................. 141
APSolute Vision Client Supported Operating Systems ..................................................... 141
APSolute Vision Client Software Requirements ................................................................ 141
APSolute Vision Reporter Requirements ................................................................. 142
Radware Ltd. End User License Agreement ...................................................... 143
24
Chapter 1 Introduction to APSolute Vision

This guide is intended for administrators of APSolute Vision. The guide describes the relevant
aspects of APSolute Vision and how to use it.
Notes:
>> For information about installing the APSolute Vision server and client, initial settings on
the APSolute Vision platform, and connecting the client to the server, see the Radware
Installation and Maintenance Guide.
>> For information about general-user operations, see the APSolute Vision User Guide.
>> For information about the required workflows for configuring application delivery with
Alteon, see the Alteon Application Switch Operating System Application Guide.
>> For information about the required workflows for configuring application delivery with
AppDirector, see the AppDirector User Guide.
>> For information about the required workflows for configuring network security with
DefensePro, see the DefensePro User Guide.
>> For information about APSolute Vision Reporter and how to use it, see its online help and
the APSolute Vision Reporter User Guide.
The following topics introduce APSolute Vision:
What is APSolute Vision?, page 25
APSolute Vision Three-Tier Architecture, page 27
Overview of APSolute Vision Features, page 27
APSolute Vision Interface Navigation, page 31
What is APSolute Vision?

APSolute Vision is Radwares next-generation management system. APSolute Vision simplifies and
standardizes the management of Radware application delivery control (ADC) and security solutions.
Use APSolute Vision to manage and track Radware hardware devices, virtual devices, and software
components in IP-based enterprise networks.
APSolute Vision provides:
Online configuration per device, including support for templates as well as AppShape, which
automates/streamlines ADC configuration for common applications, such as SAP Portal and
Microsoft SharePoint Server.
Monitoring and control of multiple devices, including enabling and disabling entities within a
device. APSolute Vision can monitor multiple devices in a single view.
DefensePro Security Groups, which enable DefensePro devices to share threat information and
block malicious sources as a group.
Reporting and statistics at the device level, and on logical entities within a device. For real-time
and historical security reporting, APSolute Vision can also provide site and network-level reports
for immediate problem isolation, convenient attack and status visibility and information drilldown.
A highly customized Role-Based Access Control system that allows granular control and
monitoring of various security aspects for different users.
25

Introduction to APSolute Vision
Management capabilities, including:
Scheduling device control and maintenance tasks, such as, backup and restore, and so on.
Auditing
Viewing alerts and Alteon configuration messages (Alerts pane)
Device software management
APSolute Vision includes a database for administrative, operational, and security events to facilitate
the creation of long and short-term reports.
APSolute Vision provides stability, capacity, and usability, due to its:
Scalable, three-tier architecture
Optimized device access
Reduced client-to-server traffic
Operational use cases focus
Figure 19: APSolute Vision Solution Model

Email/Syslog/SQL client
APSolute Vision clients
SSL
LAN/WAN
hb
or t
ou
nd
Firewall
APSolute Vision Server
(physical appliance or virtual appliance)
Customer Management Network
Alteon devices
26
AppDirector devices
SNMP V1/V2c/V3
IRP real-time statistics
HTTP(S)/TFTP
DefensePro devices

APSolute Vision Three-Tier Architecture

APSolute Vision is a three-tier management system with client, server and device tiers. APSolute
Vision server can run as a standalone physical appliance or as a virtual appliance (VA). The client
tier does not connect to devices directly.
The client tier does the following:
Runs as a Windows application on a PC and provides a Windows-based graphical user interface

with separate perspectives for configuration, monitoring and control, and reports.
Transmits user requests to the server tier and displays the results in the APSolute Vision
interface in an intuitive and easy-to-read format.
The server tier does the following:
Runs on the APSolute Vision platform
Processes user commands
Transmits and stores data from other tiers
Makes logical decisions and performs calculations
Performs user authentication and authorization
Collects statistics and generates reports
Collects alerts from the devices
Communicates with the managed devices
The network physical device tier enables management of the collection of network elements
connected to APSolute Vision. This includes devices that provide server load-balancing, security,
intrusion prevention and denial-of-service (DoS) protection.
Overview of APSolute Vision Features

This section provides an overview of APSolute Visions main features:
Online Device Configuration, page 28
Monitoring of Managed Devices and Services, page 28
Operation Control and Maintenance, page 28
Device Drivers, page 28
Scheduling, page 29
Auditing and Alerts, page 29
User Management and Role-based Access Control (RBAC), page 30
APSolute Vision Platform Security, page 30
APSolute Vision Platform Management, page 30
Supported Alteon Environments, page 30
DefensePro Security Groups, page 31
Real-Time Security Reporting, page 31
Historical Security ReportingAPSolute Vision Reporter, page 31
Online Help, page 31
27

Online Device Configuration

Online device configuration supports the following:
Easy access for all device configuration topics
Hierarchical logical element grouping
Graphical change notation
Drill-down configuration topics
Inline filtering
Online configuration per device, including support for templates as well as AppShape, which
automates/streamlines ADC configuration for common applications, such as SAP Portal and
Microsoft SharePoint Server.
Configuration and propagation of templates for specific configuration elements in supported

AppDirector and DefensePro device versions
Monitoring of Managed Devices and Services

Monitoring of managed devices and services in APSolute Vision supports the following:
Easy access for device monitoring topics
Logical-element grouping
Hierarchical browsing
Propertiesstatus, management IP address, software version, device-driver version, hardware

platform, license information, and the time of the last configuration change
Routing table
IP Statisticsreceived and discarded
Information on ports, VLANs, and trunks, such as:
General status
Statistics
Presents device statistics tables for device level and logical level
Operation Control and Maintenance

Control and maintenance operations include:
Enabling and disabling all relevant entities on a device
Managing configuration templates for AppDirector and DefensePro devices. These configuration
templates
Managing DefensePro Security Groups, which enable DefensePro devices to share threat
information and block malicious sources as a group. Managing DefensePro Security Groups is
done in the Asset Management perspective.
Managing pairs of devices for high availability (HA)
Performing file transfers
Managing configuration backups
Rebooting devices
Device Drivers
APSolute Vision device drivers enable you to install or upgrade Radware devices without the need to
upgrade your APSolute Vision server.
28

A device driver in APSolute Vision defines the graphical user interface and configuration for the
software version of a managed device. The software version of a managed device defines the
baseline driver version. You can install a newer version of the device driver, and you can revert to
the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server (but, there
may be multiple device-driver versions released for a single software version of a device). Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.
Notes:
>> When you upgrade device software, you need to reboot the device. However, when you
install a new version of a device driver or revert to the baseline version, you do not need
to reboot the device.
>> Device drivers do not include the online help. If the APSolute Vision server is configure
so that the clients get help from the server (the default option), the APSolute Vision
administrator should make sure that the APSolute Vision server has the latest version of
the online-help package.
>> The Properties pane that is displayed for a device of includes the name of the device
driver.
Scheduling
Scheduling in APSolute Vision supports various operations for the APSolute Vision server and
managed devices, which enable you to automate the tasks and to run repeated tasks.
Scheduled tasks run according to the time as configured on the APSolute Vision client.
Auditing and Alerts

Auditing and alerts in APSolute Vision logs all alerts and actions for APSolute Vision and, optionally,
for the managed devices. You can view auditing information and other alerts in the APSolute Vision
Alerts pane.
Alerts are created with the time at which the APSolute Vision server processed them, but the time
displayed in the Alerts pane is the time of the APSolute Vision client with the proper time offset.
APSolute Vision provides the audit trail for system messages and modifications to the configuration
of managed devices.
APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute
Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications
can be sent via SMTP. Notifications can be sent to a syslog server.
The Alerts tab in the Alerts pane provides fault management by supporting the following system and
audit alarms:
APSolute Vision server alarms
General device alarms (fan, CPU, and so on)
Audit trail messages
29

User Management and Role-based Access Control (RBAC)

The APSolute Vision server supports multi-user access and role-based access control (RBAC).
RBAC provides the following:
Predefined basic roles and permissions
Customized permissions per role and device
Access-control configuration and management in a local user table or using an external RADIUS
server (using RADIUS vendor attributes)
APSolute Vision Platform Security

APSolute Vision supports user security with user-account options for the following parameters:
Password expirationspecified in days
Inactivity timeoutauto logout
Forbidding use of old passwords
Password challenge configuration
Password constraints
Administrative actions to create users, reset user passwords, and locking out users
Tracking user statistics for successful logins, failed logins, account locks, and so on
APSolute Vision Platform Management

The APSolute Vision Server supports the following management interfaces:
CLI shell commandsFor installation, first-time configuration, and special maintenance

activities
APSolute Vision clientFor APSolute Vision server options, such as, timeouts, connectivity,
event forwarding, and so on, and for server monitoring
Supported Alteon Environments

APSolute Vision supports the following Alteon environments (or modes):
StandaloneThe traditional Alteon hardware Application Delivery Controller (ADC).
Alteon VAA software-based ADC supporting AlteonOS functionality and running on the
VMware virtual infrastructure.
ADC-VXA specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated
ADC hardware, Radwares OnDemand Switch platforms.
vADCA virtualized instance of the Alteon operating system (AlteonOS).
Notes:
>> For more information, see the Alteon Application Switch Operating System Application
Guide.
>> The Messages tab in the Alerts pane displays Alteon configuration messages. A message
is displayed in the Messages tab after each Alteon configuration-management action
(Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump). If the Alerts pane is
collapsed, it automatically expands immediately after the configuration-management
action. When you double-click a message, APSolute Vision opens an autonomous
window. The window contains the full message text, which you can copy to the
clipboard.
30

DefensePro Security Groups

APSolute Vision enables DefensePro devices to share and act upon detected security threats.
Real-Time Security Reporting

APSolute Vision provides real-time attack views and security service alarms for managed devices.
Historical Security ReportingAPSolute Vision Reporter

APSolute Vision Reporter is a historical security reporting engine, which provides the following:
Customizable dashboards, reports, and notifications
Advanced incident handling for security operating centers (SOCs) and network operating centers
(NOCs)
Standard security reports
In-depth forensics capabilities
Ticket workflow management
Note: For information on the products and versions that APSolute Vision Reporter supports,
see the APSolute Vision Release Notes.
Online Help
By default, APSolute Vision clients get online help from the APSolute Vision server. Installation of the
APSolute Vision server includes online-help files.
Depending on the APSolute Vision server configuration, the clients get online help from one of the
following locations:
An internal, hard-coded, location on the serverInstallation of the APSolute Vision server

includes online-help files, but if managed devices are somehow upgraded later (with a new
device, new device version, or new device driver), the online-help files on the server should be
updated. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary. For more information, see Appendix A - Managing
the Online-Help Package on the Server, page 133.
radware.comThe online-help files at radware.com are always the most up-to-date, but
clients may encounter latency or connectivity problems.
APSolute Vision Interface Navigation

The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.
Each high-level function, such as device configuration, monitoring, or viewing real-time reports, is
accessible from a separate perspective.
31

APSolute Vision supports the following perspectives:
Configuration Perspective, page 32
Monitoring Perspective, page 36
Security Monitoring Perspective, page 40
Asset Management Perspective, page 41
Note: You can configure which perspective is displayed by default when you start an APSolute
Vision client session.
Configuration Perspective
Use the Configuration perspective to configure Radware devices. Typically, you choose the device to
configure in the Configuration perspective system pane Organization tab. You can view and modify
device settings in the content pane tabs, which have their own navigation panes for easier
navigation through configuration tasks.
You can filter the sites and devices that APSolute Vision displays. The filter does not change the
contents of the tree, only how APSolute Vision displays the tree to you.
The Configuration perspective also includes the Properties pane, which displays information about
the currently selected device.
When APSolute Vision manages Alteon, you choose the standalone, vADC or VA device to configure
in the Configuration perspective system pane Organization tab. You manage ADC-VXs and the
hosted vADCs in the Configuration perspective system pane Physical tab.
32

Figure 20: Configuration PerspectiveAlteon

System pane Organization tabDisplays, according to your filter, the
configured sites and Alteon standalone, vADC, and VA devices
System pane Physical tabDisplays, according to your filter,
configured sites and Alteon ADC-VXs with the hosted vADCs
AppShape tab
Alteon configurationmanagement buttons
Configuration buttonOpens
the Configuration perspective
Navigation area for the tab
Content area
Properties pane
Alerts paneDisplays the Alerts tab and the Messages tab.
The Alerts tab displays APSolute Vision and device alerts.
The Messages tab displays Alteon configuration messages.
33

Figure 21: Configuration PerspectiveAppDirector

System pane Organization tabDisplays,
according to your filter, the site tree,
configured sites, and configured devices
Button that
opens the
APSolute Vision
Reporter
Navigation are for the tab
Content area
Properties pane
The Messages tab is not relevant for AppDirector.
34

Figure 22: Configuration PerspectiveDefensePro

System pane Organization tabDisplays,
according to your filter, the site tree,
configured sites, and configured devices
Button that opens
the APSolute
Vision Reporter
Navigation area for the tab
Content area
Properties pane
The Messages tab is not relevant for DefensePro.
35

The following points apply to all configuration tasks in the Configuration perspective:
To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 93.
When you change a field value, the field label is displayed in italics.
Mandatory fields are displayed in red. You must enter data, or select an option in these fields.
After setting a mandatory field, the field label changes to black.
By default, tables display up to 20 rows per table page. You can change the number of rows per
table up to a maximum of 100 rows.
You can perform one or more of the following operations on table entries:
Add a new entry to the table, and define its parameters.
Edit one or more parameters of an existing table entry.
Delete a table entry.
Device configuration information is saved only on the managed device, not in the APSolute
Vision database. To commit information to the device, you must do the following:
Click OK when you modify settings in a configuration dialog box.
Click
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the
change without an immediate reboot. When you submit a change without a reboot, the
Properties pane displays a Reboot Required notification until you reboot the device.
For AppDirector and DefensePro, click Update Policies to implement policy-configuration

changes if necessary. Policy-configuration changes for a device are saved on the managed
device, but the device does not apply the changes until you perform a device configuration
update.
For Alteon, APSolute Vision supports the configuration-management options: Apply, Save,
Diff, Diff Flash, Revert, Revert Apply, and Dump.
(Submit) when you modify settings in a configuration page.
Example Device selection in the Configuration perspective

The following example shows the selections you would make to view or change configuration
parameters for a Radware device:
1.
Open the Configuration perspective by clicking
at the top of the window.
2.
Select the required device in the system pane by drilling down through the sites and subsites.
3.
Right-click the device name, and select Lock Device.
4.
Select the required configuration tab in the content pane. Each tab displays a tab navigation
pane and configuration options.
5.
Select an option in the navigation pane.
6.
You can now view and change configuration parameters.
Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects,
such as farms and servers. The Monitoring perspective navigation pane contains two navigation
tabs. The System tab contains the physical devices and interfaces. The Application Delivery tab
contains the logical entities for AppDirector. The Properties pane displays information about the
currently selected device. The content pane for each type of entity contains tabs in which you can
view different types of information. Some tabs contain a navigation pane.
36

Figure 23: Monitoring PerspectiveAlteon

System paneIncludes the Organization,
Application Delivery, and Physical tabs
Monitoring buttonOpens the

Monitoring perspective
Navigation area for tab

Content area
Properties pane
Alerts paneDisplays the Alerts tab and the Messages tab. The
Alerts tab displays APSolute Vision and device alerts. The
Messages tab displays Alteon configuration messages.
37

Figure 24: Monitoring PerspectiveAppDirector

Application Delivery, and Physical tabs. The
Organization and Application Delivery tabs are
relevant for AppDirector.
Monitoring buttonOpens the

Content area

The Messages tab is not relevant for AppDirector.
38

Figure 25: Monitoring PerspectiveDefensePro

Application Delivery, and Physical tabs. The
Organization tabs is relevant for DefensePro.
Monitoring buttonopens
Content area
Properties pane
The Messages tab is not relevant for DefensePro.
39

Security Monitoring Perspective

The Security Monitoring perspective is displayed only for devices that support the relevant Security
module.
In the Security Monitoring perspective, you can access a collection of real-time security-monitoring
tools that provide visibility regarding current attacks that the managed device has detected. The
Properties pane displays information about the currently selected device.
The Security Monitoring perspective includes the following tabs:
Security DashboardA graphical summary view of all current active attacks in the network
with color-coded attack-category identification, graphical threat-level indication, and instant
drill-down to attack details.
Current AttacksA view of the current attacks in a tabular format with graphical notations of
attack categories, threat-level indication, drill-down to attack details, and easy access to the
protecting rules for immediate fine-tuning.
Traffic MonitoringA real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.
Geo MapA graphical map view that displays threats by origin with hierarchical drill-down to IP
level.
Protection MonitoringReal-time graphs and tables with statistics on rules, protections

according to specified traffic direction and protocol, along with learned traffic baselines.
HTTP ReportsReal-time graphs and tables with statistics on rules, protections according to
specified traffic direction and protocol, along with learned traffic baselines.
Figure 26: Security Monitoring PerspectiveShowing the Security Dashboard
40

Asset Management Perspective

The Asset Management perspective is displayed only to users with the Administrator or User
Administrator role. A user with the User Administrator role can only view and configure local users.
For more information, on roles, see Role-Based Access Control (RBAC), page 68 and Configuring
Local Users, page 71.
In the Asset Management perspective, you can do the following:
Monitor or manage the general settings of the APSolute Vision server, which comprise the
following:
General properties, details, and statistics of the APSolute Vision server, such as
management IP address, uptime, software, and hardware properties
Statistics of the APSolute Vision server
Connectivity
Alert Browser
Monitoring
Server Alarm Thresholds
RADIUS Settings
Advanced general parameters
Device drivers
APSolute Vision Reporter
Manage and monitor multiple users who, in turn, can manage multiple devices concurrently.
Using APSolute Vision RBAC, you can allow the users various access control levels on devices.
RBAC provides a set of predefined roles, which can be assigned per user and per working scope
(device or group of devices). RBAC definition is supported both internally (in APSolute Vision)
and through remote authentication (via RADIUS).
Manage device backups.
Manage configuration templates for AppDirector and DefensePro devices.
41

Figure 27: Asset Management Perspective

Asset Management buttonOpens
the Asset Management perspective
System pane
Content area

The Messages tab displays Alteon configuration messages.
APSolute Vision Sites

You can organize the Radware devices that APSolute Vision manages according to sites. APSolute
Vision displays the sites and managed devices in the system tab. Typically, a site is a group of
devices that share properties, such as location, services, or device type. You can nest sites; that is,
each site can contain subsites and devices.
In the context of RBAC, sites enable administrators to define the scope of each user.
Sites also play a role in the context of vADCs and ADC-VXs. When you manage a vADC hosted by an
ADC-VX in the Physical tab, you specify the site under which that vADC is displayed in the
Organization tab.
42
Chapter 2 Getting Started with APSolute

Vision
The following topics describe how to get started and set up APSolute Vision before configuring and
monitoring your Radware devices:
Initializing the APSolute Vision Server, page 43
Recommended Basic Security Procedures, page 45
APSolute Vision Client Installation, page 46
Changing Passwords for Local Users, page 49
Configuring the APSolute Vision Server, page 49
Configuring Client Preferences, page 60
Filtering the Display of Tree Elements in the System Tabs, page 62
Updating the Attack Description File, page 65
After Initial Configuration of APSolute Vision, page 66
Note: For information about installing the APSolute Vision server physical platform, see the
Radware Installation and Maintenance Guide.
Initializing the APSolute Vision Server

Access the APSolute Vision CLI using a serial cable and terminal emulation application, or from an
SSH client.
Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:
Bits per second: 19200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None
Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for five minutes, APSolute
Vision terminates the session.
43

Getting Started with APSolute Vision
To initialize the APSolute Vision server

1.
Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and
that console computer is turned on.
2.
Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.
3.
Wait for the login prompt, vision login:.
4.
Type the default username radware; and then, press Enter.
5.
Type the default password radware; and then, press Enter.
6.
Type the IP address for the APSolute Vision server; and then, press Enter.
7.
Type the value for the network mask for the APSolute Vision server; and then, press Enter.
8.
Type the value for the default gateway for the APSolute Vision server; and then, press Enter.
9.
Type the value for the primary DNS server for the APSolute Vision server; and then, press Enter.
10. If applicable, type the value for the secondary DNS server for the APSolute Vision server; and
then, press Enter.
Note: Configuring a secondary DNS server is not mandatory. That is, if you Enter without
typing anything, the installation will proceed.
11. Type the physical-interface identifier, G1 or G2 (case sensitive)that is, the interface the
APSolute Vision clients access; and then, press Enter.
Note: The installation program checks whether there are connected physical interfaces,
and it displays their identifiers. If there are no connected physical interfaces, a No
link detected message is displayed.
12. Review the values.
13. Type one of the following values:
y yes, that is, you accept the values.
N no, that is, you need to go back and change one or more values.
Note: For information on how to change the default passwords, see the APSolute Vision
Administrator Guide.
44

Recommended Basic Security Procedures

This section describes the basic procedures that Radware recommends for the security of the
APSolute Vision system.
Restricting Root Access

The APSolute Vision server runs on a Linux shell.
The APSolute Vision server supports access to its root directory with the password, radware.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly, Radware recommends that you change the root password.
Change the root password using the normal Linux commands.
Restricting APSolute Vision CLI Access

The default username/password for the APSolute Vision CLI is radware/radware.
operating properly, Radware recommends that you change the default password.
Change the password with the relevant CLI command.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 99.
Restricting Web Access to the APSolute Vision Server

You install of APSolute Vision client software by accessing an APSolute Vision appliance using a Web
browser.
The default username/password for Web access to the APSolute Vision server is visionweb/radware.
page 99.
Restricting Web Access by Radware Technical Support

Radware Technical Support can access an APSolute Vision appliance using a Web browser.
page 99.
45

APSolute Vision Client Installation

The APSolute Vision client is installed on a PC.
This section includes the following topics:
APSolute Vision Client Requirements, page 46
APSolute Vision Reporter Requirements, page 47
Installing the APSolute Vision Client, page 47
APSolute Vision Client Requirements

Before you install the APSolute Vision client, ensure your computer meets the hardware and
software requirements.
Caution: You install the APSolute Vision client by first accessing the APSolute Vision appliance
using a Web browser. Therefore, APSolute Vision appliance must have a proper IP
address installed already. For information on configuring the IP address of the
APSolute Vision appliance, see Configuring the APSolute Vision Server, page 49.
APSolute Vision Client Hardware Requirements, page 46
APSolute Vision Client Supported Operating Systems, page 46
APSolute Vision Client Software Requirements, page 47
APSolute Vision Client Hardware Requirements

The PC on which APSolute Vision client runs requires the following hardware:
2.66 GHz or faster
2 GB RAM or more recommended
300 MB free disk space
CD-ROM
Network interface card (NIC)
768X1024 minimum recommended screen resolution
APSolute Vision Client Supported Operating Systems

The following operating systems support APSolute Vision client:
Windows XP SP3 32-bit
Windows Server 2008R2 64-bit
Windows 7 32-bit and 64-bit
Windows 7 SP1 32-bit and 64-bit
Caution: There are certain compatibility issues with Windows 7. For more information, see
the APSolute Vision Release Notes.
46

APSolute Vision Client Software Requirements

The PC that APSolute Vision client runs on requires the following:
Any Web browser that has a Java plug-in installed. The browser is needed only for downloading
the APSolute Vision client to the PC.
Java client version 1.6.0_17 or later must be installed to run the APSolute Vision Reporter.
APSolute Vision Reporter Requirements

APSolute Vision Reporter is a separate process that runs with the APSolute Vision client. After
installing the APSolute Vision client, you can connect to APSolute Vision Reporter.
You can run APSolute Vision Reporter on the following browsers:
Windows Internet Explorer 6 and 7.x and later
Mozilla Firefox 3.5 and 3.6
Google Chrome unofficially supported
Installing the APSolute Vision Client
To install APSolute Vision client

1. Open your browser and enter the IP address of the APSolute Vision server. An Authentication
Required dialog box is displayed.
2. Do the following:
In the User Name field, type, visionweb.
In the Password field, type the password. Use the password that you receive from your
system administrator. The initial default password is radware.
3. Click OK. The following Web page opens.
4. Click the Download Client icon.

5. Save the EXE file to a directory on your hard drive.
47

6.
Start the startup EXE file. The startup EXE file is named in the format
APSoluteVision_<major version>.<minor version>_Setup.exe.

7.
Follow the instructions, enter the appropriate information, and accept the terms of the license
agreement.
Logging into APSolute Vision

To start working with APSolute Vision, the user logs into the APSolute Vision client.
After successfully logging in with a username and authenticated password, the APSolute Vision client
application opens. The APSolute Vision client connects to the specified APSolute Vision server. The
user always works online with APSolute Vision and its managed network elements.
Up to 10 users can access the APSolute Vision server simultaneously.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. User
credentials and privileges can be managed through RADIUS or through the local APSolute Vision
user database.
For RBAC users, after successful authentication of username and password, the users role is
determined together with the devices that the user is authorized to manage. The assigned role
remains fixed throughout the user session, and the user can access only the content panes, menus,
and operations that the role allows.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 74). If the user uses RADIUS
credentials, you must contact the RADIUS administrator.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 67.
To log into APSolute Vision as an existing user

1.
Click the APSolute Vision Client program icon.
2.
In the login dialog box, specify the following:
3.
48
User NameThe name of the user.
PasswordThe password for the user. Depending on the configuration of the server, you
may be required to change your password immediately. Default: radware.
Vision ServerThe name or IP address of the APSolute Vision server. This parameter is
displayed if you click Options. Otherwise, the login procedure tries to connect to the
APSolute Vision server that was specified previously.
AuthenticationThe method to authenticate the user: Local or RADIUS. That is, select
whether to use the credential stored in the APSolute Vision server or the credentials
managed by the specified RADIUS Authentication server. This parameter is displayed if you
click Options. Otherwise, the login procedure tries to connect to the APSolute Vision server
using the authentication method that was specified previously.
Click OK.

Changing Passwords for Local Users

If your user credentials are managed through the local APSolute Vision Users table (not RADIUS),
you can change your user password at the login. For information about password requirements, see
APSolute Vision Password Requirements, page 78.
To change a password for a local user

1. Click the APSolute Vision Client program icon.
2. Click Options.
3. Click Change Password.
4. In the Change Password dialog box, enter your username, old password, new password, and
confirm the new password.
5. Click OK. Your new password is saved and the APSolute Vision dialog box is displayed.
Configuring the APSolute Vision Server

Before you start to configure Radware devices using APSolute Vision, you can change the APSolute
Vision server configuration settings:
Configuring Server Connections, page 49
Configuring Settings for the Alerts Pane, page 51
Configuring Monitoring Settings, page 53
Configuring APSolute Vision Server Alarm Thresholds, page 54
Configuring RADIUS Server Connections, page 55
Configuring APSolute Vision Server Advanced Parameters, page 58
Configuring APSolute Vision Reporter Parameters, page 60
Note: Mandatory settings are displayed in red.
Configuring Server Connections

These settings define how the APSolute Vision server communicates with the APSolute Vision client,
external servers, and Radware devices.
To configure the connections to and from the APSolute Vision server

1. In the Asset Management perspective system pane, select General Settings > Connectivity.
2. Configure the parameters; and then, click
(Submit) to submit the changes.
49

Table 1: APSolute Vision Connectivity Parameters
Parameter
Description
SNMP Parameters Toward Devices
These settings are for SNMP connections between APSolute Vision and other Radware devices. All
fields in this section are mandatory.
Timeout
The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect. If the device does not respond after the configured
number of retries, APSolute Vision notifies the user that the connection
failed.
Values: 1180
Default: 3
Number of Retries
The number of connection retries to the device, when the device does
not respond.
Values: 1100
Default: 3
Port
The port used to communicate with Radware devices.

Values: 165,535
Default: 161
HTTP Parameters Toward Devices

These settings are for HTTP connections between APSolute Vision and other Radware devices.
Port

Values: 165,535
Default: 80
HTTPS Parameters Toward Devices

These settings are for HTTPS connections between APSolute Vision and other Radware devices.
Port

Values: 165,535
Default: 443
Proxy Server Parameters

These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
Enable Proxy Server
Specifies whether the APSolute Vision server uses a proxy server to

download files from Radware.com.
IP Address
The IP address of the proxy server.
Port
The port of the proxy server.
Use Authentication
Specifies whether authentication is required for a successful connection

between the APSolute Vision server and the proxy server.
Username
The user name for the proxy server.
Password
The password for the proxy-server user.
Verify Password
The password for the proxy-server user.
50

Table 1: APSolute Vision Connectivity Parameters
Parameter
Description
APSolute Vision Client to Server
These settings define when to close the connection between the server and client if there is no
activity on either side.
Note: The client polls the server at regular intervals. If the server does not receive a poll from
the client within 30 seconds, the server closes the connection to the client.
Enable Session Inactivity The default is selected, which means that the connection between the
Timeout
client and user is closed after the specified timeout periods.
Session Inactivity
Timeout
The time, in minutes, of session inactivity after which the server logs the
user out.
(This field is displayed

only when session
inactivity timeout is
enabled.)
Values: 160
Default: 20
No Server Reply Timeout The number of minutes the client waits for a server reply before closing
the connection to the server. Using this feature lets the user know when
the server has gone down.
Configuring Settings for the Alerts Pane

APSolute Vision displays alerts for APSolute Vision and all the managed Radware devices. The Alerts
pane is available in all APSolute Vision perspectives. All alert information is saved in the APSolute
Vision database. You can configure Alerts-pane settings to send alert reports to a syslog server and
via e-mail to defined recipients. You can also configure default settings for the Alerts pane per client
(see the procedure To change default Alerts-pane settings, page 61).
To configure Alerts-pane settings

1. In the Asset Management perspective system pane, select General Settings > Alert Browser.
Table 2: Alert Browser Parameters
Parameter
Description
Syslog Reporting
These settings configure how APSolute Vision reports and logs events from the Alerts pane to a
syslog server.
Enable
Select to enable APSolute Vision to send reports and logs to a syslog server.
Default: Disabled
Report
Select whether to report all messages received by the Alerts pane or only
audit messages.
Default: all messages.
Syslog Server
Address
The IP address of the device running the syslog service.
51

Table 2: Alert Browser Parameters
Parameter
Description
L4 Source Port
Values: 165,535
Default: 514
L4 Destination Port
Values: 165,535
Default: 514
Syslog Facility
The facility for all APSolute Vision syslog reporting. The list includes facilities
as defined in the RFC 3164. The default is Log Audit. Change the default if
the syslog server uses this facility for reports from another system.
Email Reporting Configuration

These settings configure how APSolute Vision sends events from the Alerts pane via e-mail to
defined recipients.
Enable
Select to enable APSolute Vision to send reports and logs via e-mail.
Default: Disabled
SMTP Server
Address
The name or IP address of the SMTP e-mail server.
SMTP User Name
The account name used to send e-mail notifications; for example,

Vision@MyCompany.com.
Subject Header
The text that appears in the Subject header of the e-mail.

Default: Alert Notification Message.
From Header
The text that appears in the From header of the e-mail.

Default: APSolute Vision
Recipient Email
Address
The e-mail addresses of the intended recipients. When there are multiple email addresses, use comma (,) or semi-colon (;) separators.
Email Sending
Interval
The interval, in seconds, between successive e-mail messages.

Values: 160
Default: 10
Number of Alerts per The maximum number of alerts to include in an e-mail message. When there
Email
are more than the maximum number of alerts, multiple e-mail messages are
sent.
Values: 1100
Default: 30
Sending Rule
These settings configure which alerts to include in e-mail messages.
Select Devices
Click to select a subset of managed devices for which to send alerts.

In the Select Devices dialog box, move the required devices from the
Available list to the Selected list.
Severity
Alerts of the selected severities are sent.
Module
Alerts for the selected modules are sent.
52

Configuring Monitoring Settings

APSolute Vision can perform online monitoring of all the managed Radware devices. It also collects
information for online security reports for DefensePro. You can configure general global settings
about how APSolute Vision obtains data for online monitoring and reports.
To configure APSolute Vision monitoring settings

1. In the Asset Management perspective system pane, select General Settings > Monitoring.
Table 3: APSolute Vision Monitoring Parameters
Parameter
Description
On-line Monitoring
These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for
On-line Monitoring
Number of seconds between data collections for monitoring. A shorter

interval provides more up-to-date data, but uses more network and device
resources.
Values: 53600
Default: 15
Enable On-line
When selected, APSolute Vision starts to bring in data from a selected device
Monitoring Pre-fetch before a specific device element is selected in the Monitoring perspective.
This option enables APSolute Vision to present data more quickly once the
device element is selected, although it uses more network resources to do
so.
Default: Enabled
System
Configuration
The interval, in minutes, at which APSolute Vision refreshes the device tree
display in the Monitoring perspective system pane. A smaller interval
provides more up-to-date information at the expense of network resources.
Default: 60
Note: This synchronization is in addition to the periodic real-time updates
of the device tree display.

Device Status
The number of seconds between polls of the device to determine the up or

down status of the device and its elements.
Values: 103600
Default: 30
Reports
These settings configure APSolute Vision monitoring for real-time reports for DefensePro.
Reports
The time, in seconds, between data collections for reports. A smaller interval
provides more up-to-date information at the expense of network resources.
Values: 153600
Default: 15
53

Configuring APSolute Vision Server Alarm Thresholds

You can configure the following server-alarm thresholds for specific alarms:
Two threshold values for rising alarms to issue warning and error alerts respectively. The rising
server-alarm threshold value must always be lower than the rising error threshold. When the
parameter value exceeds the rising server-alarm threshold value but is less than the error
threshold value, a warning alert is issued. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Two threshold values for falling alarms to clear warning and error alerts respectively. The falling
alarm values must be less than their respective rising alarm values.
Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.
To configure APSolute Vision server-alarm thresholds

1.
In the Asset Management perspective system pane, select General Settings > Server Alarm
Threshold.
2.
To edit the thresholds for a specific parameter, double-click the parameter name, or right-click
and select Edit Warning Thresholds Entry.
3.
Configure the parameters; and then, click
Table 4: Server-Alarm Threshold Parameters
Parameter
Description
Parameter
(Read-only) The parameter name.
Enabled
When enabled, the threshold parameter is used for the corresponding alarm.
Default: Enabled
Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning
The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.
Error
The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning
The falling warning alarm value must be less than the rising warning alarm
value.
Error
The falling error alarm value must be less than the rising error alarm value.
54

Configuring RADIUS Server Connections

When role-based access control (RBAC) is implemented for APSolute Vision users, you can use
Remote Authentication Dial In User Service (RADIUS) for user authentication. For more information
on RBAC and RBAC roles and scopes, see Role-Based Access Control (RBAC), page 68.
Caution: Users defined through a RADIUS server with the Administrator or User Administrator
role must be configured with the scope [ALL] (including the square brackets).
Caution: If the name of an APSolute Vision site changes and a RADIUS server authenticates
users, the user scopes on the RADIUS server must be reconfigured manually.
Authentication Process with RADIUS

If the APSolute Vision server is configured to use RADIUS for authentication, the user-authentication
process is as follows:
1. The user starts the APSolute Vision client, enters the username and password given by the
RADIUS administrator, and chooses RADIUS (instead of Local) from the Authentication dropdown list.
2. The APSolute Vision server sends the authentication request to the specified port of the RADIUS
server.
3. If the RADIUS server recognizes and authorizes the APSolute Vision server, the RADIUS server
processes the request for the user and password.
Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.
4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the user name and its associated IDM-stringscope combination to the APSolute
Vision server. If the RADIUS server does not authenticate the user, the RADIUS server sends an
Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information
on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68.
5. If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
55

RADIUS Server Requirements

Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the
following:
The RADIUS server must use the port specified on the APSolute Vision server.
The RADIUS server must authorize the APSolute Vision server.
The RADIUS server must use the authentication type (for example, PAP) that is specified in the
APSolute Vision server.
The RADIUS server Access-Accept response must include an IDM-stringscope combination in

the following format:
<IDM string>:<Scope>
Example: ADMINISTRATOR:[ALL]
Example: ADC_OPERATOR:MyADCSite
Notes:
>> The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 68.
>> The list of the available RADIUS attribute IDs and corresponding attribute names is
available at
http://www.iana.org/assignments/radius-types/radius-types.xhtml.
Tip: To use the default settings, the configuration of your RADIUS server and/or RADIUS
Authentication system can use the following:
Attribute ID 26to specify a Vendor-Specific Attribute (VSA).

Vendor ID 89to specify Radware (as assigned by Internet Assigned Numbers
Authority, IANA). Vendor ID 89 will need to be configured on the RADIUS server.
Vendor Attribute ID 100to specify the Radware-Role attribute. The RADIUS server can
use this attribute to return the IDM-stringscope combination to the APSolute Vision
serer.
Vendor Attribute ID 100 will need to be configured on the RADIUS server.
Configuring the RADIUS Server Connections
To configure a RADIUS server connection

1.
In the Asset Management perspective system pane, select General Settings > RADIUS
Settings.
2.
Table 5: RADIUS Configuration Parameters
Parameter
Description
Primary RADIUS
IP Address
56
The IP address of the primary RADIUS server for authentication.

Parameter
Description
Port
The Layer 4 port on the primary RADIUS server.

Values: 1812, 1645
Default: 1812
Shared Secret
The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
Verify Shared Secret
The RADIUS shared secret used for communication between the primary
Secondary RADIUS
IP
Authenticate Port
The IP address of the secondary RADIUS server for authentication.

The Layer 4 port on the secondary RADIUS server.
Values: 1812, 1645
Default: 1812
Shared Secret
The shared secret used for communication between the secondary

Verify Shared Secret
The shared secret used for communication between the secondary

Shared Parameters
Timeout
The time, in seconds, between retransmissions to the RADIUS servers.

Values: 1100
Default: 5
Note: If connectivity is too slow, increase the value.
Retries
The number of authentication retries before a second RADIUS server (if

configured) is contacted.
Values: 110
Default: 3
Note: If connectivity is too slow, increase the value.
Attribute ID
The RADIUS attribute used in the RADIUS profile.

Values: 1255
Default: 26that is, Vendor Specific Attribute
Vendor ID
The vendor ID for the vendor-specific attribute (VSAs).
(This parameter is
Default: 89Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
57

Parameter
Description
Vendor Attribute ID
The vendor-specific-attribute ID to hold the <IDM string>:<Scope>

values.
(This parameter is
displayed only if the
Default: 100Specifies Radware Radware-Role.
specified Attribute ID is
Note: Names of vendor-specific attributes are decided on by the
26.)
vendor.
Authentication Type
The method of authentication to be used.

Values:
PAP
CHAP
EAP-MD5
EAP-MSCHAP v1
MSCHAP v1
MSCHAP v2
Default: PAP
Configuring APSolute Vision Server Advanced Parameters

You can configure additional advanced parameters for the APSolute Vision server.
To configure advanced parameters for the APSolute Vision server

1.
In the Asset Management perspective system pane, select General Settings > Advanced.
2.
Table 6: APSolute Vision Advanced Parameters
Parameter
Description
Maximum Configuration Files

for Device
The maximum number of configuration files per managed device

that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 110
Default: 5
Note: If you change the maximum value to less than the
number of existing configuration files, none of the
existing files will be deleted. For example, the configured
maximum value is 10 and there are 8 configuration files,
if you then change the configured maximum value to 4,
no files are deleted.
58

Table 6: APSolute Vision Advanced Parameters
Parameter
Description
Minimal Log Level
The lowest level of messages that will be logged for debugging

purposes.
Values:
ErrorsCritical and Fatal errors will be logged.
WarningsWarnings, and Critical and Fatal errors will be
logged.
InfoAll messages will be logged including Trace, Debug,
Info, Warnings, and Critical and Fatal errors.
Default: Warnings
Caution: Radware recommends that you contact Radware
Technical Support before you change the value for
this parameter.
Device Lock Timeout
The time, in minutes, that a device remains locked. If you have

the appropriate permissions to configure a device, you can lock
the device so that other user cannot configure the device at the
same time.
Values: 5180
Default: 10
Results per Page
The number of rows that are displayed per table page.

If you change this setting after retrieving information into a table
in the current session, the table information will be lost and
APSolute Vision will need to obtain the device information again.
Radware recommends changing this setting at the beginning of a
session before obtaining information from a managed device.
Values: 10100
Default: 20
Online Help URL
The source of the online help that clients request.

Values:
APSolute Vision ServerThe server provides the client with
online-help files stored on the server. Installation of the
APSolute Vision server includes online-help files, but if
managed devices are somehow upgraded later (with a new
device, new device version, or new device driver), the onlinehelp files on the server should be updated. It is the
responsibility of the APSolute Vision administrator to make
sure that the help files on the server are updated as
necessary. For more information, see Appendix A - Managing
the Online-Help Package on the Server, page 133.
Radware.comThe client sends online-help requests to the
radware.com Web site and receives files from there. The
online-help files at radware.com are always the most up-todate, but clients may encounter latency or connectivity
problems.
Default: APSolute Vision Server
59

Configuring APSolute Vision Reporter Parameters

You can view historical security reports in the APSolute Vision Reporter.
Note: To open the APSolute Vision Reporter, click the Vision Reporter icon in the APSolute
Vision toolbar.
To configure APSolute Vision Reporter settings

1.
In the Asset Management perspective system pane, select General Settings > APSolute
Vision Reporter.
2.
Table 7: APSolute Vision Reporter Parameters
Parameter
Description
Attack Polling Interval
(Read-only) The interval for polling security attack data, which is 5

minutes.
Enable DNS Resolution
When enabled, the threshold parameter is used for the corresponding

alarm.
Default: Enabled
Upload Logo
(Button)
You can upload a logo to display on reports. Click the button and enter
the name of the file to upload.
Configuring Client Preferences

You can configure the following preferences for an individual client installation:
Configuring Default Client Settings for the Alerts Pane, page 61
Configuring the Default Perspective, page 60
Configuring Default Display Settings for Monitoring and Reports, page 61
Configuring the Default Perspective

By default, the Configuration perspective is displayed when you log in to the APSolute Vision client.
You can change the default perspective.
To change the default perspective

1.
In the main menu bar, choose Options > Preferences. The Preferences dialog box is displayed.
2.
In the left pane, select Perspectives. The predefined default is the Configuration perspective.
60

3. Do one of the following:
To change the default, select the perspective that you always want to appear when you log
into APSolute Vision; then, click Apply or OK.
To restore the default settings, click Restore Defaults.
Configuring Default Client Settings for the Alerts Pane

The default settings for the Alerts pane define how often the client polls the server for alert
information, and the number of critical alerts that are displayed in the Alerts pane.
To change default Alerts-pane settings

1. In the main menu bar, choose Options > Preferences. The Preferences dialog box is displayed.
2. In the left pane, select Alert Browser.
3. To restore the default settings, click Restore Defaults.
4. To change the settings, set the parameters and click Apply or OK.
Table 8: Default Alert Browser Settings
Parameter
Description
Latest Critical Alerts Displayed
The number of critical alerts to display.

Values: 020
Default: 10
Table Refresh Rate
The interval, in seconds, at which the client polls the server for
alert information.
Values: 22,147,483,647
Default: 5
Configuring Default Display Settings for Monitoring and Reports

These default settings define how often the client polls the server for monitoring and reports and
other display settings for real-time security monitoring.
To change default settings for monitoring and reports

1. In the main menu bar, choose Options > Preferences. The Preferences dialog box is displayed.
2. Select Statistics Settings in the left pane.
3. To restore the default settings, click Restore Defaults.
4. To change the settings, set the parameters and click Apply or OK.
61

Table 9: Default Display Settings
Parameter
Description
Statistics Refresh Interval for Monitoring

Perspective
The interval, in seconds, at which the client polls the

server for information that is displayed in the
content area of the Monitoring perspective.
Default: 15
Statistics Refresh Interval for Real-Time

Security Monitoring Perspective
The interval, in seconds, at which the client polls the

server for information that is displayed in the
content area of the Security Monitoring perspective.
Default: 15
Number of Records for Top Reports
The number of reports included in a Top N reports

category. For example, a value of 10 will yield the
top 10 items.
Values: 1100
Default: 10
Duration to Keep Attack in View (Min.)
The time, in minutes, to continue displaying an

attack in real-time reports after the attack has
ended or been terminated.
Values: 11400
Default: 10
Note: The attack is displayed all the time that it
continues.
Filtering the Display of Tree Elements in the System Tabs

contents of the tree, only how APSolute Vision displays the tree to you. By default, APSolute Vision
displays all the sites and devices that you have permission to view. The selected filter configuration
applies across all relevant perspectives and trees. The filters and/or filter categories that APSolute
Vision displays are contextual. That is, which filters and/or filter categories APSolute Vision displays
is based on whether the Organization, Physical, or Application Delivery tab is displayed.
APSolute Vision can store and display up to 10 filter configurations. The Filter label includes the filter
criteria. When you open an APSolute Vision client session, APSolute Vision displays the last filter
configuration that you applied.
To each node in the tree, APSolute Vision appends the number of elements (that is, sites and/or
devices) matching the filter at that level and the total number of elements at that level. The total
number of elements is the number of elements that you can see according to your RBAC
permissions.
62

Example Filter Result Showing Two Sites

Figure 28 - Filter Result Showing Two Sites, page 63 shows a small portion of a tree in the
Organization tab on which you have applied a filter named MyFilter2. The root of the tree is
named MyRootSite. APSolute Vision has appended (1/5) to the label MyRootSite. This
indicates that there is only one element (in this case, the element is a site) that matches the
filter at the level immediately below MyRootSite; and MyRootSite contains five child elements for
which you have permission to view. APSolute Vision has appended (13/28) to the label
MyDeviceSite1. This indicates that there are 13 elements that match the filter at the level
immediately below MyDeviceSite1; and MyDeviceSite1 contains 28 child elements for which you
have permission to view.
Figure 28: Filter Result Showing Two Sites
To create a new filter

1. Click Filter to expand the Filter group box.
2. From the Filter drop-down list, select New. The contents of Filter Name drop-down list
disappear.
3. In the Filter drop-down list, specify a name for the filter.
63

4.
Configure the filter criteria.
5.
Click Save.
To modify a filter
1.
Click Filter to expand the Filter group box.
2.
From the Filter drop-down list, select the filter.
3.
Configure the filter criteria.
4.
Click Save.
To apply an existing filter

1.
Click Filter to expand the Filter group box.
2.
From the Filter drop-down list, select the filter.
Note: To disable filtering (that is, show all the elements in the tree), select None.
3.
Click Apply.
To display all the sites and devices

Click Reset.
To delete a filter
From the Filter drop-down list, select the filter; and then, click Delete.
Table 10: Filter Criteria Parameters
Category
Description
Device Name
The name of device or regular expression. This criterion is useful if

device names indicate device features, organizational location, or
geographical location.
This field supports a wildcard (*) character.
Device IP Address
The device IP address, IP range, or IP mask.
Device Type
The type of device.

Values: Alteon, AppDirector, DefensePro
64

Table 10: Filter Criteria Parameters
Category
Description
Property
Values:
StatusExposes the Up and Down checkboxes. You can
specify whether the filter displays only devices that are up or
only devices that are down.
Software VersionExposes the Software Version drop-down
list with the options corresponding to the selected Device Type.
Device Driver VersionExposes the Device Driver Version
drop-down list with the options corresponding to the selected
Device Type.
Form FactorWhen the selected Device Type is Alteon,
exposes Standalone, VX, vADC, and VA checkboxes.
Licensing InformationExposes the Licensing Information
drop-down list with the options corresponding to the selected
Device Type.
Last Configuration Backup

Date
The timestamp, in yyyy-MM-dd hh:mm:ss format, of the last

APSolute Vision configuration backup.
Last Software Version

Upgrade Date
The timestamp, in yyyy-MM-dd hh:mm:ss format, of the last

device software upgrade. This criterion is useful to help you plan an
upgrade process. For example, with the Alteon vADC form factor,
you can filter all the vADCs whose software was updated at same
time.
AppShape
The Alteon devices with the specified AppShape deployed.
Organization Site
The site in the Organization tab.

Note: This filter criterion applies only in the Organization tab.
Physical Container
Values:
Physical ContainerThe ADC-VX in the Physical tab.
Payload BladeSpecifies a specific payload blade, or any
payload blade when the field is empty.
Enabled vADCsSpecifies whether the enabled vADCs are
displayed.
Disabled vADCsSpecifies whether the disabled vADCs are
displayed.
Note: This filter criterion applies only in the Physical tab.
Updating the Attack Description File

The Attack Description file contains descriptions of all the different attacks. You can view a specific
description by entering the attack name. When you first configure APSolute Vision, you should
download the latest Attack Description file to the APSolute Vision server. The file is used for realtime and historical reports to show attack descriptions for attacks coming from managed devices.
65

The file versions on APSolute Vision and on the managed devices should be identical; Radware
recommends synchronizing regular updates of the file at regular intervals on APSolute Vision and on
the individual devices.
When you update the Attack Description file, APSolute Vision downloads the file directly from
Radware.com or from the enabled proxy file server.
To update the Attack Description file

1.
2.
Do one of the following:
In the Asset Management perspective system pane, select General Settings; and then, in
the content pane, select the Overview tab and click Update in the Attack Description group
box.
In the Asset Management perspective system pane, right-click General Settings; and then,
select Update Attack Description File.
To update the Attack Description file from Radware, select the Radware.com radio button.
To update the files from the APSolute Vision client host:

a. Select the Client radio button.
b. In the File Name text box, enter the file path of the Attack Description file or click
Browse to navigate to and select the file.
3.
Click Send and OK.
4.
The Alerts pane displays a success or failure notification and whether the operation was
performed using a proxy server.
After Initial Configuration of APSolute Vision

After initial configuration of the APSolute Vision server and APSolute Vision client preferences,
continue with the following:
If required, configure local APSolute Vision users and global user settings in the Asset
Management perspective. Only the Admin user can access this perspective. For more
information, see Managing APSolute Vision Users, page 67.
Set up your network in the Configuration perspective system pane. Add the devices that you
want to manage using APSolute Vision. For more information, see Setting Up Your Network,
page 79.
Configure your managed Radware devices using APSolute Vision.

For more information about configuring a devices basic setup and security settings, see the
APSolute Vision User Guide.
For information about configuring application delivery in AppDirector, and server and network
security in DefensePro, see the APSolute Vision online help.
Manage device operations and maintenance. For more information, see the APSolute Vision User
Guide.
Monitor the managed devices using APSolute Vision. For more information, see the APSolute
Vision online help.
For more information about AppDirector and DefensePro, see the relevant product user guides.
66
Chapter 3 Managing APSolute Vision Users

APSolute Vision supports concurrent access to up to 10 users. Each user has individual credentials
and privileges. APSolute Vision supports role-based access control (RBAC) to manage user
privileges. RBAC users can be defined and managed in the local APSolute Vision user database or
through a RADIUS server.
RBAC does not apply to APSolute Vision CLI users.
All user credentials for local users are encrypted and stored in the APSolute Vision database. All
actions and events on local users are stored in the Audit log.
Users with the appropriate privileges can lock a device on an APSolute Vision server and modify its
configuration. Locking the device prevents other users from performing configuration tasks on that
device at the same time.
The following topics describe role-based access control, and how to configure and monitor local
APSolute Vision users:
Logging In as the Default Administrator Userradware User, page 67
Role-Based Access Control (RBAC), page 68
Configuring Local Users, page 71
Viewing User Statistics, page 76
Configuring User Management General Settings, page 77
APSolute Vision Password Requirements, page 78
Logging In as the Default Administrator Userradware

User
A new APSolute Vision server (one that no one has yet logged into) contains a single predefined
Administrator user, which is called radware. This user is defined with the Administrator role.
The radware user can then create and manage additional local users and their individual and global
user settings, except for personal, local-user passwords.
You cannot delete the radware user.
Caution: The password for the radware user never needs to change, but Radware recommends
doing so.
If you are the radware user and you forget the password for it, you must follow a special procedure
to reset the password to the default. For more information, see Resetting the radware
Administrator Password, page 74.
67

Managing APSolute Vision Users
To log into APSolute Vision for the first time as the default administrator user radware
1.
2.
In the login dialog box, specify the following:
User NameThe name of the user, radware.
PasswordThe password for the user, radware.
Vision ServerThe name or IP address of the APSolute Vision server.
AuthenticationThe method to authenticate the user: Local or RADIUS. That is, select
whether to use the credential stored in the APSolute Vision server or the credentials
managed by the specified RADIUS Authentication server.
Note: For information on using a RADIUS Authentication server, see Configuring RADIUS
Server Connections, page 55.
3.
Click OK.
Role-Based Access Control (RBAC)

You can determine the functionality and managed devices available to each user in APSolute Vision
by using RBAC to associate users with roles and scopes of devices.
RBAC users can also be defined and managed through a RADIUS server.
A user administrator with the Administrator or User Administrator role can create, edit, and manage
local APSolute Vision users. User management includes assigning scopes and roles. A scope defines
the devices that the user can access. A role defines the set of permissions for the corresponding
scope.
Scopes of devices correspond to the hierarchy in the system pane. A scope can contain an individual
device or all the devices in a site (and its child sites). Scopes are named according to the
corresponding site or device name. The All scope contains all devices and the APSolute Vision server.
users, you must manually reconfigure the user scopes on the RADIUS server.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role
defines a set of privileges. All roles, except Administrator and User Administrator, must be assigned
a scope. APSolute Vision always configures users with the Administrator or User Administrator role
with the All scope.
Caution: Users defined through a RADIUS server with the Administrator or User Administrator
role must be configured with the scope [ALL] (including the square brackets).
68

A user sees the APSolute Vision GUI displayed according to that users role:
When a user has full read and write permissions, all Add, Edit, and Delete buttons are displayed.
When a user has update permissions only, Add buttons are not displayed.
When a user does not have any configuration permissions, Add, Delete, and Submit buttons are
not displayed.
The Asset Management perspective is displayed only to users with the Administrator or User
Administrator role. A user with the User Administrator role can only view and configure local
users. A user with the User Administrator role cannot view other elements in the Asset
Management perspective.
The tree in the system pane displays only those devices that belong to scope associated with the
user.
The Security Monitoring perspective displays visible attacks only of those devices that belong to
scope associated with the user.
All users can see the Alerts browser, but the alerts displayed are limited according to device
permissions.
The relevance and descriptions for the predefined roles may depend on the device type (Alteon,
AppDirector, or DefensePro).
Each role has an associated identity-management (IDM) string. You use the IDM strings in a
RADIUS-server configuration, for example. If the user is authenticated, the APSolute Vision server
grants access according to the users IDM string and scope. The RADIUS server Access-Accept
response must include an IDM-stringscope combination.
The following table describes the predefined roles that APSolute Vision provides.
Table 11: Predefined Roles
Role
Description
IDM String
ADC Administrator
Has full control over ADC configuration,

can configure and manage farms, traffic
redirection, and health checks.
ADC_ADMIN
Can perform all Monitoring perspective

right-click functions of the devices for
which the user has credentials.
ADC Operator
Has full control to disable farms and

servers, and switch the logical-server
state from regular to backup, and so on.
Has read-only permission on the
configuration of ADC devices and general
device control.
ADC_OPERATOR
ADC + Certificate
Administrator
The union of ADC Administrator and

Certificate Administrator roles.
ADC_AND_CERTIF_ADMIN
Has full control over ADC configuration,

can configure and manage farms, traffic
redirection, and health checks.
Can perform all Monitoring perspective
right-click functions of the devices for
which the user has credentials.
Has control over the Certificate Repository
and the Client Authentication Policy in the
Configuration perspective.
Can perform all Alteon-related right-click
functions.
69

Table 11: Predefined Roles
Role
Description
IDM String
Administrator
Can perform all actions and access all

functionality.
SYS_ADMIN
Certificate Administrator
Has control over the Certificate Repository CERTIF_ADMIN

and the Client Authentication Policy in the
Can access the Monitoring perspective.
Can perform all Alteon-related right-click
functions.
Device Administrator
Has full control over devices for which the DEV_ADMIN

user has credentials.
Device Configurator
Can access all Configuration-perspective

panes and Monitoring-perspective panes
and has full control over the Setup,
Networking, Device Security and
Advanced parameter tabs of the
Configuration perspective of the devices
for which the user has credentials.
CONFIG
Can perform all Configuration and

Monitoring pane perspective right-click
functions of the devices for which the user
has credentials.
Device Operator
Has full control over all Monitoring

perspective panes and can access the
DEVICE_OPERATOR
Can perform all Alteon related right-click

functions.
Device Viewer
Can access all devices for which the user

has credentials.
VIEWER
Security Administrator
Can configure and manage network and

server security, ACL policies, and so on.
SEC_ADMIN
Security Monitor
Has full control over Security Monitoring

and APSolute Vision Reporter.
SEC_MON
User Administrator
Can access the Asset Management

perspective, and in it, can create and
manage users. Cannot view other
elements in the Asset Management
perspective.
USR_ADMIN
Vision Reporter
Has full control over APSolute Vision

Reporter.
REPORTER
To view the list of predefined roles

In the Asset Management perspective system pane, select Roles.
70

Configuring Local Users

A user administrator can set and change the following individual local APSolute Vision user
configurations:
Add, edit, and delete users
Revoke and enable users
Release user lockout and reset user passwords
For information about setting global user configurations, see Configuring User Management General
Settings, page 77.
To set individual user configurations

1. In the Asset Management perspective system pane, select Local Users. The Users table displays
information for all currently defined users.
2. From the Users table you can perform the following:
Adding and Editing Users, page 72
Deleting Users, page 73
Releasing User Lockout, page 74
Resetting User Passwords to the Default, page 74
Resetting the radware Administrator Password, page 74
Revoking and Enabling Users, page 75
Exporting User Information, page 75
Table 12: User Table Parameters
Parameter
Description
User Name
The username used for login.
Full Name
The users full name.
Scope
Scopes of devices organized according to the site tree in the system

pane. A scope can contain an individual device or all the devices in
a site. The All scope contains all devices and the APSolute Vision
server.
The displayed scopes for each user represent the devices that the
user can access. Each scope in the list is associated with a
corresponding role that defines the permissions for the user on
those devices.
Caution: Users defined through a RADIUS server with the
Administrator or User Administrator role must be
configured with the scope [ALL] (including the square
brackets).
Role
The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.
Contact Information
The users contact informationorganization, address, and phone

number.
Password Expiration Date
The date on which the current password expires.
71

Table 12: User Table Parameters
Parameter
Description
Enabled State
Whether the user is currently enabled. If the checkbox is cleared,

the user is currently suspended and cannot log in.
Locked
Whether the user is currently locked out.
Created On
The date on which the user was created.
Last Password Change
The date on which the user password was last changed.
Last Lockout
The date on which the user was last locked out.
Adding and Editing Users

When you add a user, you associate the user with role and scope pairs to define the users privileges
and the managed devices to which the privileges apply. Scopes represent the devices for which the
user has credentials. The corresponding role for each scope in the list defines the permissions for
the user on those devices.
When you modify the role and/or scope assignment for a user who is logged into APSolute Vision,
the user must log out and log in again for the changes to take effect.
By default, a new user is not associated with any scope or role.
You can only add a scope once for each user. You cannot add a scope that contains devices that are
already in a scope associated with the user.
To add or edit a user

1.
In the Asset Management perspective system pane, select Local Users.
2.
3.
To add a user, click the
(Add) button in the tab toolbar.
To edit a user, double-click the user name.
Set the user parameters including the users role and scope assignments, and click OK.
To add or modify a role-scope pair

1. In the Permissions table, right-click and select Add New User Role Group Pair or Edit User
Role Group Pair.
2. Do the following:
From the Scope list, select the scope containing the devices that the user can access.
From the Role list, select the role for the selected scope.
3. Click OK.
72

Table 13: User Parameters
Parameter
Description
Identification
User Name
The username used for login. This field is mandatory.
Full Name
The users full name. This field is optional.
Permissions
Scope
The device or devices for which the user has credentials.
Role
The role for the user on those devices.
Contact Information
These fields are optional.
Organization
The users organization.
Address
The users address.
Phone Number
The users phone number.
Note: The Administrator user does not define a personal password for a new user. At initial
login, a new user enters the global default password and is then prompted to create a
new password. Users can always change their own passwords at login. For more
information, see Changing Passwords for Local Users, page 49.
Deleting Users
Deleting a user removes the user from the Users table.
Notes:
>> The Administrator user cannot be deleted.
>> You can suspend a user without removing the user from the table. For more information,
see Revoking and Enabling Users, page 75.
To delete a user
1. In the Asset Management perspective system pane, select Local Users.
2. In the Users table, select the user name and click the
(Delete) button in the tab toolbar.
3. Click Continue in the confirmation box.
73

Releasing User Lockout

When a user performs more than the permitted number of unsuccessful logins as defined in the
Global User Settings page, the user is locked out and cannot log in again until the user administrator
releases the lock, and resets the password.
Note: If the Administrator user is locked out for any reason, see Resetting the radware
Administrator Password, page 74.
To release a user lockout

1.
2.
In the Users table, right-click the user name that you want to unlock, and select Unlock User.
3.
Reset the user password to the default, see Resetting User Passwords to the Default, page 74.
Resetting User Passwords to the Default

Following a user lockout, a user administrator can reset a local users password to the default user
password. When the user next logs into APSolute Vision, that user will be prompted to change the
default password according to APSolute Vision Password Requirements, page 78.
Note: You cannot reset the default administrator password. If the Administrator user is locked
out for any reason, contact Radware Technical Support to release the lockout.
To reset a users password to the default

1.
2.
In the Users table, right-click the username whose password you want to reset, and select
Reset User Password.
Resetting the radware Administrator Password
To reset the password for the radware user

1.
2.
Click Options.
3.
In the User Name text box, type radware.
4.
Click the
5.
From the Vision Identifier text box, copy the value, which is the Vision identifier code.
74
(Reset Password) button.

6. Send the Vision identifier code to Radware Technical Support and identify yourself using your
company name and Vision Identifier. After your credentials have been approved, Radware
Technical Support will send you the necessary password-reset file.
7. When you receive the password-reset file, save it to your local computer.
8. In the Select Password Reset File text box, enter the path to the password-reset file or click
Browse to navigate to the file and click Open. The password resets to the default; radware.
9. In the Enter New Password dialog box, enter your new password in the New Password and
Confirm New Password fields and click OK.
10. In the initial login dialog box, enter your user name and new password.
11. Click OK.
Revoking and Enabling Users

Revoking a user suspends the user, but does not delete the user from the Users table. To delete a
user from the Users table, see Deleting Users, page 73.
To revoke and enable a user

2. To revoke a user, in the Users table, right-click the user name, and select Revoke User. The
state of the user in the Users table changes from Enabled to Disabled.
3. To enable a revoked user, right-click the user name, and select Enable. The state of the user in
the Users table changes from Disabled to Enabled.
Exporting User Information

You can export the information in the Users table to a CSV file.
Note: User passwords are not exposed or exported.
To export the information in the Users table

2. In the tab toolbar, click the
(Export
to CSV) button.
3. Save the file in the desired location.
75

Viewing Predefined Roles

APSolute Vision provides the predefined roles, which you cannot delete or modify.
Note: For the list of predefined roles, see Predefined Roles, page 69.
To view the table of predefined roles

In the Asset Management perspective system pane, select Roles.
Viewing User Statistics

You can view and save the following user statistics broken down by user and date:
Number of successful logins
Number of failed login attempts
Number of password changes
Number of lockouts
To display user statistics

1.
In the Asset Management perspective system pane, select User Statistics. By default, the User
Statistics table displays information for all users for the current day.
2.
To display statistics for a specific user, select a user name from the User Name list, and click
Go.
3.
To display statistics for a specific date range, set the Start Date and End Date, and click Go.
To export the displayed user statistics

1.
In the User Statistics tab toolbar, click the
2.
Save the file in the desired location.
76
(Export
to CSV) button.

Configuring User Management General Settings

The Administrator user can change general user-management settings.
Note: Radware recommends that the Administrator user change the default Administrator
password after initial login.
To configure general user-management settings

1. In the Asset Management perspective system pane, select Global Settings.
Table 14: User Management Global Settings
Parameter
Description
Number of Password Challenges
The number of consecutive unsuccessful password entries

before a user is locked out.
Values: 0100
Default: 3
Default Password for radware User The password that the radware user enters on initial login or
after password reset. The radware user can change it at any
time or on expiration.
Verify Default Password for
radware User
When you change the default password, re-enter the

password for verification.
Default Password for Other Users
The password that new users enter on initial login or after

password reset.
Note: The radware user can change the password at any
time or on expiration.
Verify Default Password for Other

Users
When you change the default password, re-enter the

password for verification.
Password Validity Period
The number of days from password creation until that

password expires. When you change this value, the new value
is applied to any subsequently created passwords; current
passwords are not affected by the change.
Default: 30
User Statistic Storage Period
The number of days the user statistics information is stored

before being deleted.
Default: 30
77

Table 14: User Management Global Settings
Parameter
Description
Number of Last Passwords Saved
A user cannot reuse a saved password.

Default: 3
User Must Change Password at

First Login
Specifies whether all users must change their password when

logging in for the first time to the APSolute Vision server.
Note: The value for this parameter applies to when the
user is created, and does not change. For example, if
the value for this parameter is true when the user is
created, and then the value changes to falsebut
the user has not yet logged in, the user will be
required to change his/her password when he/she
first logs in.
APSolute Vision Password Requirements

All personal and default passwords required by the Administrator user and other local users to log
into APSolute Vision must contain:
Between eight and 12 characters.
At least two non-alphabetic characters.
For information about changing individual and default passwords, see the following:
Changing Passwords for Local Users, page 49
Configuring User Management General Settings, page 77
78
Chapter 4 Setting Up Your Network

Before you can configure managed devices through APSolute Vision, you configure the sites and
their devices to the APSolute Vision sever configuration. The sites and devices are displayed in the
system pane, which is the pane in the upper-left corner of the APSolute Vision main screen.
The following topics describe how to set up your network of managed Radware devices:
APSolute Vision Sites, page 79
System PaneOrganization Tab and Physical Tab, page 80
Configuring Sites, page 81
Adding and Removing Devices, page 82
Locking and Unlocking Devices, page 93
Alteon Device Configuration ManagementGlobal Commands, page 94
Creating AppDirector Clusters for High Availability, page 95
Creating DefensePro Clusters for High Availability, page 96
Finding Site Nodes, page 98
Next Steps, page 98
APSolute Vision Sites

You can organize the devices that APSolute Vision manages into logical groups, referred to as sites.
Sites are displayed in the system pane, which is the pane in the upper-left corner of the APSolute
Vision main screen. The system pane contains the Organization tab and the Physical tab. You can
configure sites in both tabs. You can configure sites according to a geographical location,
administrative function, or device type. Each site can contain nested sites and devices. You can
create clusters of devices for high availability. You can also display real-time reports for multiple
devices according to sites.
This section contains the following:
Site Trees, page 79
Default Site and Device Names, page 80
Site Trees
The tree in the Organization tab or Physical tab can contain sites and devices. A tree node can
represent a logical site or a device. A site can contain nested sites, devices, or both.
Nodes are organized alphabetically in the tree within each level. For example, a site called
AppDirectors appears before a site at the same level called DefensePros.
All nested sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a site and a device the same
name, and you cannot give devices in different sites the same name.
Node names are case-sensitive.
79

Setting Up Your Network
Default Site and Device Names

The default name of a new node depends on the node type, Site, Alteon, AppDirector, or
DefensePro. The first instance of a node type is given the default name node_type. If you do not
change the default names, subsequent new nodes will be given the default name node_type(n),
where n is the first available number for nodes of the same type.
For example:
The first site that you create will be given the default name Site.
The next site will be given the default name Site(2).
If you rename the first site to MySite, the third site that you create will be given the default
name Site.
The next site will be given the default name Site(3).
System PaneOrganization Tab and Physical Tab

The system pane (the pane in the upper-left corner of the APSolute Vision main screen) contains the
Organization tab and the Physical tab.
Organization Tab
The Organization tab can display the following managed device types:
Alteon standalone
Alteon VA
Alteon vADC
AppDirector
DefensePro
After you add devices, you can configure and monitor each device through APSolute Vision.
The following figure shows an example of the organization of a global system. In this example, the
global site for the network has been organized primarily according to geographic location. Each
network location contains nested sites, organized according to device type. In a large network, you
might require a further set of location child-sites, or you might want to organize devices in a specific
location according to administrative functions.
Figure 29: Global System Tree Organization
80

Physical Tab
The Physical tab displays the managed ADC-VX instances. After you add an ADC-VX to the Physical
tab, you can configure the vADCs that the ADC-VX hosts. The vADCs that the ADC-VX is hosting are
displayed as child nodes of the ADC-VX.
Once a vADC is managed in the Physical tab, you can only configure the corresponding vADC entity
in the Organization tab. You can, however, right-click the vADC node in the Physical tab and select
Find vADC in Organization Tree to switch to the Organization tab with relevant vADC node
selected.
Configuring Sites
By default, the root site is called Default. You can rename this site, and add nested sites and
devices.
You can add, rename, and delete sites. When you delete a site, you must first remove all its child
sites and devices.
Notes:
>> To move a device between sites, you must first delete the device from the sites tree and
then add it in the required target site.
>> A site cannot have the same name as a device, and sites nested under different parent
sites cannot have the same name.
>> You cannot delete the Default site.
To add a new site

1. In the Configuration perspective system pane, right-click the site name in which you want to
create a new site.
2. Choose New > Site. A new site is displayed in the tree with a default name.
3. Rename the new site, if required, and press Enter.
users, you must manually reconfigure the user scopes on the RADIUS server.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
To rename a site
1. In the Configuration perspective system pane, right-click the site name, and choose
Rename <SiteName>.
2. Rename the site, and press Enter.
81

To delete a site
1.
In the Configuration perspective system pane, right-click the site name, and choose
Delete <SiteName>.
2.
Click OK in the confirmation box.
Adding and Removing Devices

Before you can manage a Radware device in APSolute Vision, you need to add the device to the
appropriate site tree in the system pane.
When you add a device, you can define a name for it. You also provide the device-connection
information, including authentication parameters (credentials) for communication between the
device and the APSolute Vision server.
After submitting device-connection information, the APSolute Vision server verifies that it can
connect to the device. APSolute Vision then retrieves and stores the device information and licensing
information.
After the connection has been established, you can modify some of the connection information and
configure the device.
When you add a device or modify device properties, you can specify whether the APSolute Vision
server configures itself as a target of the device events and whether the APSolute Vision server
removes from the device all recipients of device events except for its own address. For more
important information, see APSolute Vision Server Registered for Device EventsAlteon, page 92
and APSolute Vision Server Registered for Device EventsDefensePro, page 92.
After adding devices, you can create clusters of the main and backup devices, or the primary and
secondary devices (according to the device type).
Notes:
>> A device cannot have the same name as a site.
>> Devices in different sites cannot have the same name.
>> To change the name of a device, you must first delete the device from the site tree and
then add it to the required target site.
>> To move a device between sites, you must first delete the device from the sites tree and
then add it to the required target site.
>> If you replace a device with a new device to which you want to assign the same
management IP address, you must delete the device from the site and then recreate it
for the replacement.
>> When you delete a device, you can no longer view historical reports for that device.
>> When you delete a device, the device alarms and security monitoring information will be
removed as well.
>> When you delete a DefensePro device that is a Sender or a Receiver in a Defense Pro
Security Group, the configuration of the Security Group changes accordingly.
>> HTTP and HTTPS are used for downloading/uploading various files from/to managed
devices, including: configuration files, certificates and key files (HTTPS only), attack
signature files, device software files, and so on.
82

>> You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADCVX managed by the same APSolute Vision server. For more information, see Configuring
APSolute Vision to Manage Multiple Alteon vADCs, page 92.
This section includes the procedures to do the following:
To add a new device, page 83Relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
AppDirector
DefensePro
To add an ADC-VX, page 86
To configure APSolute Vision to manage an Alteon vADC hosted by an ADC-VX managed by the
same APSolute Vision server, page 88
To go from an vADC under an ADC-VX to the corresponding vADC node in the Organization tab,
page 90
To edit device connection information, page 91Relevant for the following device types:
Alteon standalone
Alteon VA
Alteon vADC displayed in the Organization tab
AppDirector
DefensePro
To edit ADC-VX connection information, page 91
To delete a device, page 91Relevant for the following device types:
Alteon standalone
Alteon VA
AppDirector
DefensePro
To delete an ADC-VX, page 91
To add a new device

1. In the Configuration perspective system pane Organization tab, right-click the site name to
which you want to add a device, and select New > Device Type. A new device node is
displayed with a default name.
2. Configure the parameters; and then, click OK.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the Properties pane.
83

Table 15: Device Properties
Parameter
Description
Name
The name of the device. You can change the default.

Note: Once you add the device to the APSolute Vision
configuration, you cannot change its name.
SNMP
Management IP
The management IP address as it is defined on the managed

device.
configuration, you cannot change its IP address.
SNMP Version
The SNMP version used for the connection.
SNMP Read Community
The SNMP read community name.
(This parameter is displayed only

when SNMP Version is SNMPv1 or
SNMPv2.)
SNMP Write Community
The SNMP write community name.

SNMPv2.)
User Name
The user name for the SNMP connection.

when SNMP Version is SNMPv3.)
Use Authentication
Specifies whether the device authenticates the user for a

successful connection.

Default: Disabled
Authentication Protocol
The protocol used for authentication.

when the Use Authentication
checkbox is selected.)
Values: MD5, SHA
Authentication Password
The password used for authentication.
Default: MD5

Use Privacy
when and the Use Authentication
Privacy Password
Specifies whether the device encrypts SNMPv3 traffic for

additional security.
Default: Disabled
The password used for the Privacy facility.

when the Use Privacy checkbox is
selected.)
HTTP/S Access
Verify HTTP Access
Specifies whether APSolute Vision verifies HTTP access to the

managed device.
Default: Enabled
84

Parameter
Description
Verify HTTPS Access
Specifies whether APSolute Vision verifies HTTPS access to

the managed device.
Default: Enabled
HTTP Username
The username for HTTP and HTTPS communication.

HTTP Password
The password used for HTTP and HTTPS communication.
Event Notification
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures itself
for Device Events
as a target of the device events.
Values:
EnabledThe APSolute Vision server configures itself as
a target of the device events (for example, traps, alerts,
IRP messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Notes:
>> APSolute Vision runs this action each time you click
OK in the dialog box.
>> For more important information, see APSolute Vision
Server Registered for Device EventsAlteon,
page 92 and APSolute Vision Server Registered for
Device EventsDefensePro, page 92.
Remove All Other Targets of Device
Events
Specifies whether the APSolute Vision server removes from

the device all recipients of device events (for example, traps,
and IRP messages) except for its own address.
Default: Disabled
Notes:
>> APSolute Vision runs this action each time you click
OK in the dialog box. For example, if you select the
checkbox and click OKand later, a trap target is
added to the trap target-address tableAPSolute
Vision removes the additional address the next time
you click OK in the dialog box.
Server Registered for Device EventsAlteon,
page 92 and APSolute Vision Server Registered for
Device EventsDefensePro, page 92.
85

To add an ADC-VX
1.
In the Configuration perspective system pane Physical tab, right-click the site name to which
you want to add the ADC-VX.
2.
Select New > Alteon. A new device node is displayed with a default name.
3.
In the Device Properties dialog box, configure the parameters; and then, click OK.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the Properties pane. The vADCs that the
ADC-VX is hosting are displayed as child nodes of the ADC-VX. The name format in the vADC
child nodes is <ADC-VX Name>_vADC-<vADC ID>.
Table 16: ADC-VX Device Properties
Parameter
Description
Name

configuration, you cannot change its name.
SNMP
Management IP
The management IP address as it is defined on the managed

device.
SNMP Version
SNMP Community
The SNMP community name.

SNMPv2.)
User Name

Use Authentication

successful connection.

Default: disabled

Values: MD5, SHA
Default: MD5

Use Privacy
when and the Use
Authentication checkbox is
selected.)
86

additional security.
Default: disabled

Table 16: ADC-VX Device Properties
Parameter
Description
Privacy Password

when the Use Privacy checkbox is
selected.)
HTTP
HTTP Username
The username for HTTP communication.

HTTP Password
The password used for HTTP communication.
HTTPS
HTTPS Username
The username for HTTPS communication.

HTTPS Password
The password used for HTTPS communication.
Event Notification
Register This APSolute Vision
Server for Device Events
Specifies whether the APSolute Vision server configures itself

Values:
EnabledThe APSolute Vision server configures itself as a
target of the device events (for example, traps, alerts, IRP
messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes itself
Default: Enabled
Notes:
>> APSolute Vision runs this action each time you click OK
in the dialog box.
Server Registered for Device EventsAlteon, page 92.
Remove All Other Targets of

Device Events
Specifies whether the APSolute Vision server removes from the

device all recipients of device events (for example, traps, and
IRP messages) except for its own address.
Default: Disabled
Notes:
>> APSolute Vision runs this action each time you click OK
in the dialog box. For example, if you select the
checkbox and click OKand later, a trap target is
added to the trap target-address tableAPSolute
Vision removes the additional address the next time
you click OK in the dialog box.
Server Registered for Device EventsAlteon, page 92.
87

To configure APSolute Vision to manage an Alteon vADC hosted by an ADC-VX

managed by the same APSolute Vision server
1.
In the Configuration perspective system pane Physical tab, expand the node of the ADC-VX that
hosts the vADC.
2.
Right-click the vADC and select Manage vADC.
3.
In the Device Properties dialog box, configure the parameters; and then, click OK.
After APSolute Vision connects to the vADC, the vADC is displayed in the system pane
Organization tab. The device information is displayed in the content pane, and device properties
information is displayed in the Properties pane. Once you add the vADC to the system pane
Organization tab, you cannot change its location or configure any of its properties from the
Physical tab.
Table 17: vADC Device Properties
Parameter
Description
Name
Location
The site in the system pane Organization tab where

APSolute Vision locates the vADC.
SNMP
Management IP
The management IP address as it is defined on the

managed device.
SNMP Version
SNMP Community
The SNMP community name.
(This parameter is displayed only when

SNMP Version is SNMPv1 or SNMPv2.)
User Name
(This parameter is displayed only when Maximum characters: 18

SNMP Version is SNMPv3.)
Use Authentication

(This parameter is displayed only when successful connection.
SNMP Version is SNMPv3.)
Default: disabled
(This parameter is displayed only when Values: MD5, SHA

the Use Authentication checkbox is
Default: MD5
selected.)

the Use Authentication checkbox is
selected.)
Use Privacy

(This parameter is displayed only when additional security.
and the Use Authentication checkbox Default: disabled
is selected.)
88

Parameter
Description
Privacy Password

the Use Privacy checkbox is selected.)
HTTP
HTTP Username
The username for HTTP communication.

HTTP Password
The password used for HTTP communication.
HTTPS
HTTPS Username
The username for HTTPS communication.

HTTPS Password
The password used for HTTPS communication.
Event Notification
Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events
Values:
EnabledThe APSolute Vision server configures itself
as a target of the device events (for example, traps,
alerts, IRP messages, and packet-reporting data).
DisabledFor a new device, the APSolute Vision
server adds the device without registering itself as a
target for events.
For an existing device, the APSolute Vision removes
Default: Enabled
Notes:
>> APSolute Vision runs this action each time you
click OK in the dialog box.
>> For more important information, see APSolute
Vision Server Registered for Device Events
Alteon, page 92.
89

Parameter
Description
Remove All Other Targets of Device

Events
Specifies whether the APSolute Vision server removes

from the device all recipients of device events (for
example, traps, and IRP messages) except for its own
address.
Default: Disabled
Notes:
>> APSolute Vision runs this action each time you
click OK in the dialog box. For example, if you
select the checkbox and click OKand later, a
trap target is added to the trap target-address
tableAPSolute Vision removes the additional
address the next time you click OK in the dialog
box.
>> For more important information, see APSolute
Vision Server Registered for Device Events
Alteon, page 92.
To go from an vADC under an ADC-VX to the corresponding vADC node in the

Organization tab
1.
hosts the vADC.
2.
Right-click the vADC and select Find vADC in Organization Tree. The view switches to the
Organization tab with the relevant vADC node selected.
The following procedure, To edit device connection information, page 91, is relevant for the
following device types:
Alteon standalone
Alteon VA
AppDirector
DefensePro
90

To edit device connection information

1. In the Configuration perspective system pane Organization tab, right-click the device name, and
select Device Properties.
2. Modify the parameters as described in Device Properties, page 84; and then, click OK.
To edit ADC-VX connection information

1. In the Configuration perspective system pane Physical tab, right-click the device name, and
select Device Properties.
2. Modify the parameters as described in Device Properties, page 84; and then, click OK.
The following procedure, To delete a device, page 91, is relevant for the following device types:
Alteon standalone
Alteon VA
AppDirector
DefensePro
To delete a device
1. In the Configuration perspective system pane Organization tab, right-click the device name, and
select Delete <DeviceName>.
2. Click OK in the confirmation box. The device is deleted from the list of managed devices.
To delete an ADC-VX
1. In the Configuration perspective system pane Physical tab, right-click the device name and
select Delete <DeviceName>.
2. Click OK in the confirmation box. The device is deleted from the list.
91

Configuring APSolute Vision to Manage Multiple Alteon vADCs

When you configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server, you specify only the site under which APSolute Vision
will display the vADCs in the Organization tab. For the rest of the parameters, APSolute Vision uses
the default values.
To configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX

managed by the same APSolute Vision server
1.
hosts the vADC.
2.
Select the vADCs that you want APSolute Vision to manage (control-click or select + shift-click).
3.
Right-click the selected elements and select Manage Selected Devices.
4.
In the Device Properties dialog box, from the Location drop-down listselect the site under which
APSolute Vision will display the vADCs in the Organization tab.
APSolute Vision Server Registered for Device EventsAlteon

In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click OK in the dialog box.
In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run
the Apply command, APSolute Vision configures itself as a target of the device events and ensures
that the device also sends traps for authentication-failure events.
Alteon, by default, does not send traps for authentication-failure events.
The CLI command for enabling sending traps for these events is
/cfg/sys/ssnmp/auth.
You can view the APSolute Vision address target with the CLI commands
/cfg/sys/ssnmp/trap1 or /cfg/sys/ssnmp/trap2.
APSolute Vision Server Registered for Device EventsDefensePro

In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click OK in the dialog box.
DefensePro versions 6.02 and later support a device being managed by multiple APSolute Vision
servers.
When multiple APSolute Vision servers manage the same DefensePro device, the device sends the
following:
Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target
Parameters table contain entries for all APSolute Vision servers.
Notification to all the APSolute Vision servers that manage it for each device-configuration
change within a maximum of 15 seconds of the change.
Packet-reporting data only to the last APSolute Vision server that registered on the device.
92

If the Register This APSolute Vision Server for Device Events checkbox is cleared, security
reporting and APSolute Vision Reporter might not collect and display information about the device.
Locking and Unlocking Devices

When you have permissions to perform device configuration on a specific device, you must lock the
device before you can configure it. Locking the device ensures that other users cannot make
configuration changes at the same time. The device remains locked until you unlock the device, you
disconnect, until the Device Lock Timeout elapses, or an Administrator unlocks it. Locking a device
applies only to the device on the specific APSolute Vision server. Locking a device does not apply to
the same device that is configured on another APSolute Vision server, using WBM, or using CLI.
Note: Only one APSolute Vision server should manage any one Radware device.
While the device is locked:
The device icon in the system pane includes a small lock symbol
AppDirector,
for Alteon,
for
for DefensePro.
Configuration panes are displayed in read-only mode to other users with configuration
permissions for the device.
If applicable, the
(Submit) button is displayed.
If applicable, the
(Add) button is displayed.
To lock a device
In the Configuration perspective system pane, right-click the device name, and select Lock
Device.
To unlock a device
In the Configuration perspective system pane, right-click the device name, and select Unlock
Device.
93

Alteon Device Configuration ManagementGlobal

Commands
Alteon devices support the following configuration-management actionsalso referred to as global
commands.
Table 18: Alteon Device Configuration Management Actions
Action
Description
Apply
Applies any changes that have been made to the device configuration.
This option is available only if the device is locked.
Save
Saves the current configuration in backup memory and saves the active
configuration by overwriting the current configuration.
This option is displayed only if the device is locked.
Revert
Reverts the device to the current active configuration.

This option is displayed only if the device is locked and the new
configuration settings were not applied.
Revert Apply
Reverts the device to the current saved configuration.

This option is displayed only if the device is locked and the new
configuration settings were applied but not saved.
Diff
Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Messages tab in the Alerts pane.
Diff Flash
Collects the pending configuration changes and the affected

configuration stored in flash memory on the device. You can view, save,
and copy the text when you double-click the associated message in the
Dump
Collects a dump of the current device configuration. You can view, save,
and copy the text when you double-click the associated message in the
When an Alteon device is selected in the site tree, APSolute Vision exposes the configurationmanagement options in the device shortcut menu and in the main toolbar.
To perform an Alteon configuration-management action

94
In the Configuration perspective system pane, right-click the device name; and then, select
the required option.
In the Configuration perspective system pane, select the device name; and then, from the
main toolbar, click the required button. The Diff Flash button is displayed when you click
the arrow of the Diff button. The Revert Apply button is displayed when you click the
arrow of the Revert button.

Figure 30: Alteon Configuration Management Options in the Shortcut MenuDevice Is Locked
Figure 31: Alteon Configuration Management Options in the Shortcut MenuDevice Is Not Locked
Figure 32: Alteon Configuration Management Options in the ToolbarDevice Is Locked
Figure 33: Alteon Configuration Management Options in the Toolbar MenuDevice Is Locked
Creating AppDirector Clusters for High Availability

After you add AppDirector devices in the sites tree, you can create AppDirector device clusters to
group a main AppDirector with its backup devices. In each cluster, APSolute Vision indicates which
device is the main and which devices are the backup devices.
When AppDirector devices are organized in a cluster, you can synchronize the active device
configuration on the main device with backup devices in the cluster.
For successful synchronization, all the AppDirector devices in a cluster must be of the same
platform, version, and license.
95

To create an AppDirector cluster

1.
In the Configuration perspective system pane, select an AppDirector device.
2.
To select additional AppDirector devices for the cluster, press Ctrl and click the required devices.
3.
Right-click a selected device and select Group to Cluster.
4.
Enter the cluster name and press Enter. A new cluster node is displayed containing the selected
devices.
To ungroup an AppDirector cluster

In the Configuration perspective system pane, right-click the cluster name and select Ungroup
Cluster.
The cluster node is removed from the tree, and the AppDirector devices are displayed under the
clusters parent node.
To rename an AppDirector cluster

1.
In the Configuration perspective system pane, right-click the cluster name, and select Rename
<ClusterName>.
2.
Rename the cluster, and press Enter.
To delete an empty cluster

1.
In the Configuration perspective system pane, right-click the cluster name, and select Delete
<ClusterName>.
2.
Click OK in the confirmation box. The cluster node is deleted from the tree.
Creating DefensePro Clusters for High Availability

This feature is available in DefensePro 5.10 and later.
After you add DefensePro devices to the sites tree, you can create two-node clusters of compatible
DefensePro devices. To be compatible, both cluster members must be of the same platform,
software version, and software license, bandwidth license, and Radware signature file.
A cluster consists of a primary DefensePro device and a secondary device.
You can configure only the basic parameters of a high-availability cluster in the System pane
(Cluster Name, Primary Device, and Associated Management Ports).
96

To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, use the High Availability pane (Configuration perspective, Setup > High Availability).
Notes:
>> Before you can configure a cluster, the devices must be locked.
>> By design, an active device does not to fail over during a user-initiated reboot. Before
you reboot an active device, you can manually switch to the other device in the cluster.
>> When you upgrade the device software, you need to break the cluster (that is, ungroup
the two devices). Then, you can upgrade the software and reconfigure the cluster as you
require.
To create a DefensePro high-availability cluster

1. In the Configuration perspective system pane, select a DefensePro device.
2. Press Ctrl and click the other device for the cluster.
3. Right-click one of the selected devices and select Create Cluster.
4. Configure the parameters; and then click OK.
Cluster Setup Parameters
Parameter
Description
Cluster Name
The name for the cluster (up to 32 characters).
Primary Device
Specifies which of the cluster members is the primary device.
Associated Management
Ports
Specifies the management (MNG) port or ports through which the

primary and secondary devices communicate.
Values: MNG1, MNG2, MNG1+2
Note: You cannot change the value if the currently specified
management port is being used by the cluster. For example, if
the cluster is configured with MNG1+2, and MNG1 is in use,
you cannot change the value to MNG2.
To break a DefensePro high-availability cluster

In the Configuration perspective system pane, right-click the cluster node and select Break
Cluster.
After your confirmation, the cluster node is removed from the tree, and the DefensePro devices
are displayed under the parent node.
To rename an DefensePro high-availability cluster

1. In the Configuration perspective system pane, right-click the cluster node, and select Rename
<Cluster Name>.
2. Rename the cluster (up to 32 characters); and then, click outside the cluster node.
97

To change the associated management ports of a DefensePro high-availability cluster

1.
In the Configuration perspective system pane, select the cluster node and click Edit Cluster.
2.
Configure the parameters; and then click OK.
Note: You cannot change the value if the currently specified management port is being
used by the cluster. For example, if the cluster is configured with MNG1+2, and
MNG1 is in use, you cannot change the value to MNG2.
Finding Site Nodes

You can perform simple searches for site nodes. All nodes that contain the search string will be
highlighted. If the first match is within a collapsed node, the node opens to display the matching
node name. Subsequent matches in collapsed nodes remain hidden; however when you open the
node, the matching node name will appear highlighted.
To find a site node

1.
In the Configuration perspective system pane, in the Find field above the site tree, enter the
name or part of the name that you want to find.
2.
Click Go. All matching node names are highlighted.
Next Steps
After you set up your network of managed devices, and establish a connection to the devices,
APSolute Vision obtains the network configuration and displays the settings in the device
configuration tabs.
You can then do the following:
Set and change the device configuration through APSolute Vision.

For information about configuring AppDirectors and DefensePros associated services, see the
APSolute Vision online help.
Perform administration and maintenance tasks on managed devices such as scheduling tasks,
making backups, and so on.
Monitor managed devices through APSolute Vision.

For more information, see the APSolute Vision online help.
98
Chapter 5 APSolute Vision CLI Commands

Use APSolute Vision CLI commands to manage the APSolute Vision server.
Caution: Radware strongly recommends that the system administrator follow the
recommended basic security procedures. The basic security procedure use the
APSolute Vision CLI and affect access to the APSolute Vision CLI. For more
information, see Recommended Basic Security Procedures, page 45, system user
change-password, page 109, system vision-web-password set, page 110, and system
user change-password, page 109.
APSolute Vision CLI includes the following capabilities:
Consistent, logically structured and intuitive command syntax.
Command completion using the TAB key.
Paging and selection commands.
Command history.
Short and long help for every menu and command.
All configuration changes that are made using CLI commands are sent to the APSolute Vision server
audit log.
This chapter contains the following sections:
Command Syntax Conventions, page 99
Accessing APSolute Vision CLI, page 100
Main CLI Menu, page 101
General CLI Commands, page 101
Network Configuration Commands, page 103
System Commands, page 108
Command Syntax Conventions

The following table describes the command syntax conventions used in this chapter.
Syntax Convention
Description
Example
Bold
Bold text designates information that must be

entered on the command line exactly as shown.
This applies to command names and nonvariable options.
net dns get
Angle Brackets (<>)
The information enclosed in brackets (<>) is

<filename>
variable and must be replaced by whatever it
represents. In the example shown, you must
replace <filename> with the name of the specific
file.
99

APSolute Vision CLI Commands
Syntax Convention
Description
Example
Brackets ([ ])
The information enclosed in square brackets ([ ]) [-s <size>]

is optional. Anything not enclosed in brackets
must be specified.
Curly brackets
containing vertical
bar(s)
({ | })
Curly brackets ({ }), also called braces, identify

a set of mutually exclusive options, which are
separated by a vertical bar ( | ). You can enter
only one of the options in a single use of the
command. Each option within the braces can be
optional or required, and variable or nonvariable.
{<host_ip>|default}
In the example shown, you can specify a value

for the variable <host_ip>, or use the nonvariable option, default.
Accessing APSolute Vision CLI

Access the APSolute Vision CLI using a serial cable and terminal emulation application, or from an
SSH client.
Terminal settings for the APSolute Vision server are as follows:
Bits per second: 19200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None
Notes:
>> APSolute Vision CLI uses Control-? (127) for the Backspace key.
>> When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for five minutes, APSolute
Vision terminates the session.
>> Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that
your SSH client does not attempt GSSAPI authentication.
The default username/password for the APSolute Vision CLI is radware/radware. You can change the
password using the change-password command. For more information, see system user changepassword, page 109.
100

Main CLI Menu

The following table describes the main CLI menu commands:
Command
Description
exit
Logs out of the APSolute Vision CLI session. For more information, see exit,
page 101.
help
Displays help for menus and commands. You can also use the ? key. For more
information, see help, page 102.
history
Displays a history of previously run commands. For more information, see

history, page 102.
net
Commands to display and configure network interface settings and IP routing.

For more information, see Network Configuration Commands, page 103.
ping
Pings a host on the network to test its availability. For more information, see
ping, page 102.
reboot
Stops all processes and then reboots the APSolute Vision server. For more
information, see reboot, page 102.
shutdown
Stops all processes and then shuts down the APSolute Vision server. For more
information, see shutdown, page 103.
system
System commands for the APSolute Vision server. For more information, see
System Commands, page 108.
|grep
Selects lines containing a match for the specified regular expression. For more
information, see grep, page 103.
|more
Paginates command output. For more information, see |more, page 103.
General CLI Commands

This section describes the following APSolute Vision CLI commands:
exit
help
history
ping
reboot
shutdown
grep
|more
exit
Logs out of the APSolute Vision CLI session.
Syntax
exit
101

help
Displays help for a command or menu. You can also use the ? key.
Examples
A
net? displays help for the net menu.
net management-ip? displays help for the net management-ip command.
Tip: To display the list of commands for a menu, enter the menu name and press Enter.
history
Displays a history of the previously run commands.
Syntax
history [-<num>]
<num>
The number of previous commands to display, starting from

the current command. The default is the last 50 commands.
Optional
Tip: To paginate results, use history | more.

To view command history for specific commands or menus, use |grep.
Example
history | grep sys
Displays the history of commands containing the string sys.
ping
Pings a host on the network to test its availability.
Syntax
ping <IP_address> <N>
<IP_address>
IP address of the host to ping.
Required
<N>
Number of packets to send.

If N is 0, the device will ping indefinitely. Use Ctrl-C to stop.
Required
reboot
Stops all processes and then reboots the APSolute Vision server.
Syntax
reboot
102

shutdown
Stops all processes and then shuts down the APSolute Vision server.
Syntax
shutdown
grep
Selects lines containing a match for the specified regular expression. You can use this command only
concatenated to other commands that produce output.
Syntax
| grep <regexp>
<regexp>
The regular expression string to match.
Required
Tip: Use this command with history and timezone list commands to filter output.
|more
Paginates command output. You can use this command only concatenated to other commands that
produce output.
Syntax
| more
Tip: Use this command with history and timezone list commands to paginate output.
Network Configuration Commands

The net menu includes the following command types to display and configure network interface
settings and IP routing:
DNS Commands, page 103
Network Interface Commands, page 105
Physical Interface Commands, page 106
Routing Commands, page 107
DNS Commands
Use net dns commands to display and configure DNS server settings.
The net dns commands comprise the following:
net dns get
net dns set primary
net dns set secondary
net dns set tertiary
net dns delete primary
103

net dns delete secondary
net dns delete tertiary
net dns get

Displays the IP address for each configured DNS server.
Syntax
net dns get
net dns set primary

Adds a primary DNS server to the DNS server table. If a primary DNS server already exists, the new
configuration overwrite the old one.
Syntax
net dns set primary <IP_address>
<IP_address>
The IP address of the primary DNS server.
Required
net dns set secondary

Adds a secondary DNS server to the DNS server table if there is an existing configuration of a
primary DNS server. If there is no primary DNS server, APSolute Vision defines the secondary server
as the primary. If a secondary DNS server already exists, the new configuration overwrite the old
one.
Syntax
net dns set secondary <IP_address>
<IP_address>
The IP address of the secondary DNS server.
Required
net dns set tertiary

Adds a tertiary DNS server to the DNS server table if there is an existing configuration of a primary
and secondary DNS server. If there is no primary and secondary DNS server, APSolute Vision defines
the tertiary server as the next-higher-level server (primary or secondary). If a tertiary DNS server
already exists, the new configuration overwrite the old one.
Syntax
net dns set tertiary <IP_address>
<IP_address>
The IP address of the tertiary DNS server.
Required

Deletes the primary DNS server.
Syntax

Deletes the secondary DNS server.
Syntax
104


Deletes the tertiary DNS server.
Syntax
Network Interface Commands

Use net ip commands to display and configure APSolute Vision server network-interface settings
and define the physical, management port (G1 or G2) on the APSolute Vision server. The physical,
management port is not bound to the IP address.
Note: After changing the configuration of a physical, management port (G1 or G2), you must
restart the APSolute Vision server.
The net ip commands comprise the following:
net ip set
net ip delete
net ip get
net ip management set
net ip set
Configures an IP address for APSolute Vision server network interface on the physical port G1 or G2.
Syntax
net ip set <IP_address> <netmask> {G1|G2}
<IP_address>
The IP address of the network interface.
Required
<netmask>
The subnet for the network interface.
Required
G1|G2
Specifies whether the interface is on G1 or G2.
Required
net ip delete
Deletes an IP address from a physical port on the APSolute Vision server.
Syntax
net ip delete {G1|G2}
G1|G2
The physical port on the APSolute Vision server to delete.
Required
net ip get
Displays the MAC addresses for LAN1 and LAN2, and information about the configured network
interfaces.
Syntax
net ip get
105

net ip management set

Sets the network interface on which APSolute Vision listens for incoming traps and messages from
managed devices. Managed devices must be able to reach the APSolute Vision management IP
address. The management port can be either G1 or G2, but not both simultaneously.
This is the interface that APSolute Vision registers in the event-target table on managed devices.
Note: You can connect to the APSolute Vision server (with the client, SSH/Telnet, and so on)
through both ports (management and non-management).
Syntax
net ip management set {G1|G2}
G1|G2
The physical port on the APSolute Vision server.
Required
Physical Interface Commands

Use net physical-interface commands to display and configure network physical interface
settings on the APSolute Vision server.
The net physical commands comprise the following:
net physical-interface get
net physical-interface set

Displays speed and duplex mode for each accessible network physical interface on the APSolute
Vision server. Displays whether a physical interface is down, and whether auto-negotiation mode is
set.
Syntax
net physical-interface set

Configures speed and duplex mode for a network physical interface using manual settings or by
setting auto-negotiation. The speed and duplex arguments take precedence over the
autonegotiation setting. That is, if you change the speed and/or duplex setting, APSolute Vision sets
autonegotiation to OFF automatically.
Syntax
net physical-interface set {G1|G2} autoneg {on|off} speed {10|100|1000}

duplex {half|full}
G1|G2
The physical interface to configure, G1 or G2.
Required
autoneg {on|off}
The autonegotiation mode. Enter autoneg on to

set speed and duplex mode by auto-negotiation.
Optional
speed {10|100|1000}
The speed setting (Mbps).
Optional
duplex {half|full}
The duplex-mode setting.
Optional
106

Examples
A
net physical-interface set G1 autoneg on
net physical-interface set G2 speed 1000 autoneg off
net physical-interface set G1 duplex half speed 10 autoneg off
Routing Commands
Use net route commands to display and configure IP routing settings. APSolute Vision saves
configured routes by retrieving them directly from the kernels active routing table. Routes are be
deleted when deleting an IP address from a specific device interface.
The net route commands comprise the following:
net route set host
net route set net
net route set default
net route delete
net route get
net route set host

Sets a route to a destination host.
Syntax
net route set host <host_ip> <gateway_ip> [dev <G1|G2>]
<host_ip>
The IP address of the destination host to which the route is

defined.
Required
<gateway_ip>
The IP address of the next hop toward the destination host.
Required
[dev <G1|G2>]
Optional
net route set net

Sets a route to a destination network or subnet.
Syntax
net route set net <net_ip> <netmask> <gateway_ip> [dev <G1|G2>]
<net_ip>
The IP address of the destination network to which the route is

defined.
Required
<netmask>
The destination subnet.
Required
<gateway_ip>
The IP address of the next hop toward the destination

network.
Required
[dev <G1|G2>]
Optional
107

net route set default

Sets a default gateway route.
Syntax
net route set default <gateway_ip> [dev <G1|G2>]
<gateway_ip>
The IP address of the default gateway (next hop).
Required
[dev <G1|G2>]
Optional
net route delete

Deletes a route entry from the routing table.
Syntax
net route delete <net_ip> <netmask> <gateway_ip> [dev <G1|G2>]
<net_ip>
To delete a network route, enter the IP address of the

corresponding destination network.
Required
<netmask>
The destination subnet.
Required
<gateway_ip>
The IP address of the default gateway (next hop).
Required
[dev <G1|G2>]
Optional
net route get

Displays routing information for active routes and statically-configured host routes, network routes,
and default routes.
Syntax
net route get
System Commands
The system menu includes the following system command types for the APSolute Vision server:
Miscellaneous System Commands, page 109
System APSolute Vision Server Commands, page 110
System Backup Commands, page 111
System confBackup Commands, page 113
System Database Commands, page 116
System Date Commands, page 118
System NTP Commands, page 119
System SSL Commands, page 120
System Storage Commands, page 123
System TCP Capture Commands, page 127
System techSupport Commands, page 129
System Timezone Commands, page 131
108

Miscellaneous System Commands

The miscellaneous system commands comprise the following:
system cleanup, page 109
system hostname get, page 109
system statistics, page 109
system user change-password, page 109
system version, page 110
system vision-tech-password set, page 110
system vision-web-password set, page 110
system cleanup
Cleans all the data on the APSolute Vision server, or, with the optional argument without-serverip, cleans all the data on the APSolute Vision server except for the APSolute Vision server
management IP addresses and routes. After you run the command without the argument withoutserver-ip, the initial configuration script launches automatically.
Syntax
system cleanup [without-server-ip]

without-server-ip Retains the APSolute Vision server management IP addresses
Optional
and routes.
system hostname get

Displays the hostname of the APSolute Vision server.
Syntax
system hostname get
system statistics
Displays system resources statistics, including CPU utilization, uptime, system disk usage, database
disk usage, RAM utilization, and network throughput.
Syntax
system statistics
system user change-password

Changes the user password for access to the APSolute Vision CLI.
Note: The default password for username radware is radware.

When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.

Syntax
system user change-password
109

system version
Shows the version of the APSolute Vision server software.
Syntax
system version
system vision-tech-password set

Runs a script to set a new password for Web access by APSolute Vision Technical Support. The script
prompts you for the new password. For security reasons, the characters of the password are not
displayed. The default password is radware.
Syntax
system vision-tech-password set
system vision-web-password set

Runs a script to set a new password for Web access to the APSolute Vision server. The script
prompts you for the new password. For security reasons, the characters of the password are not
displayed. The default password is radware.
Syntax
system vision-web-password set
System APSolute Vision Server Commands

Use system vision-server commands to manage the APSolute Vision server.
The system vision-server commands comprise the following:
system vision-server start, page 110
system vision-server status, page 110
system vision-server stop, page 110
system vision-server start

Starts the APSolute Vision server.
Syntax
system vision-server start
system vision-server status

Shows the status of the APSolute Vision server, Server running or Server stopped.
Syntax
system vision-server status
system vision-server stop

Stops the APSolute Vision server.
Syntax
system vision-server stop
110

System Backup Commands

Use system backup commands to manage APSolute Vision system backups.
The system backup commands comprise the following:
system backup create, page 111
system backup delete, page 111
system backup export, page 111
system backup import, page 112
system backup info, page 113
system backup list, page 113
system backup restore, page 113
system backup create

Creates a system backup in the storage location. Each system backup includes all the data
necessary to restore the entire system.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
system backup create <backupName> <description>
<backupName>
The name of the backup, up to 15 characters with no spaces.

Only alphanumeric characters and underscores (_) are
allowed.
Required
<description>
The description of the backup.
Optional
system backup delete

Deletes the specified system backup from the storage location.
Syntax
system backup delete <backupName>
<backupName>
The name of the backup.
Required
system backup export

Exports the specified system backup from the storage location to a specified location.
Syntax
system backup export <backupName> <protocol>://<user>@<server>:/<path/to/

directory>/<filename>
111

<backupName>
Required
<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required
Note: If a password is required, you are prompted for it

after the connection is initiated.
<server>
The IP address or DNS name of the server.
<path/to/directory> The path to the export directory.

<filename>
Required
Required
The filename of the backup in the export directory, which

may be different from the backupName.
Required
system backup import

Imports the specified system backup from the specified location to the storage location.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
system backup import <protocol>://<user>@<server>:/<path/to/

directory><filename>
<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required

<server>

<filename>
Required
Required
The name of the backup in the export directory, which may

be different from the backupName.
Required
When the file is imported, the filename reverts to the

backupName, that is, the name that was used when the
backup was created.
112

system backup info

Displays the following information about the specified system backup:
NameThe name of the backup.
Disk SizeThe size of the backup on the disk.
DateThe time and date that the backup was created.
VersionThe APSolute Vision version and build number.
DescriptionThe user-defined description of the backup.
Syntax
system backup info <backupName>
<backupName>
Required
system backup list

Lists the system backups in the storage location in a table with the following columns:
NameThe name of the backup.
Size(K)The size of the backup on the disk.
DateThe time and date that the backup was created.
DescriptionThe user-defined description of the backup, which is truncated as necessary to fit

the table.
Syntax
system backup list
system backup restore

Restores the system using the specified system backup. The version of the current system and the
version of the system that created the backup must be the same.
Note: The restore process stops APSolute Vision and its associated services, and when it
finishes, restarts them.
Syntax
system backup restore <backupName>
<backupName>
Required
System confBackup Commands

Use system confBackup commands to manage APSolute Vision system-configuration backups.
The system confBackup commands comprise the following:
system confBackup create, page 114
system confBackup delete, page 114
system confBackup export, page 114
system confBackup import, page 115
system confBackup info, page 116
113

system confBackup list, page 116
system confBackup restore, page 116
system confBackup create

Creates a backup of the system configuration in the storage location.
Each backup includes the following:
The APSolute Vision system configuration
The local users
The managed devices
The host IP addresses in the database-viewer list
The confBackup create command does not back up the following:
The password of the radware user of the APSolute Vision server appliance
The IP address/es of the APSolute Vision server appliance
The DNS address/es of the APSolute Vision server appliance
The network routes of the APSolute Vision server appliance
Attack data
The system stores up to five configuration-backup iterations. After the fifth configuration-backup,
the system deletes the oldest one.
Syntax
system confBackup create <confBackupName> <description>
<confBackupName>
The name of the system-configuration backup, up to 15

characters, with no spaces. Only alphanumeric characters and
underscores (_) are allowed.
Required
<description>
The description of the system-configuration backup.
Optional
system confBackup delete

Deletes the specified system-configuration backup from the storage location.
Syntax
system confBackup delete <confBackupName>
<confBackupName>
The name of the system-configuration backup.
Required
system confBackup export

Exports the specified system-configuration backup from the storage location to a specified location.
Syntax
system confBackup export <confBackupName> <protocol>://<user>@<server>:/

<path/to/directory>/<filename>
114

<confBackupName>
Required
<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required

<server>

<filename>
The filename of the system-configuration backup in the

export directory, which may be different from the
confBackupName.
Required
Required
Required
system confBackup import

Imports the specified system-configuration backup from the specified location to the storage
location.
Syntax
system confBackup import <protocol>://<user>@<server>:/<path/to/

<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required

<server>

<filename>
The name of the system-configuration backup in the export

directory, which may be different from the
confBackupName.
Required
Required
Required

confBackupName, that is, the name that was used when
the system-configuration backup was created.
115

system confBackup info

Displays the following information about the specified system-configuration backup:
NameThe name of the system-configuration backup.
Disk SizeThe size of the system-configuration backup on the disk.
DateThe time and date that the system-configuration backup was created.
DescriptionThe user-defined description of the system-configuration backup.
Syntax
system confBackup info <confBackupName>
<confBackupName>
Required
system confBackup list

Lists the system-configuration backups in the storage location in a table with the following columns:
NameThe name of the system-configuration backup.
Size(K)The size of the system-configuration backup on the disk.
DateThe time and date that the system-configuration backup was created.
DescriptionThe user-defined description of the system-configuration backup, which is

truncated as necessary to fit the table.
Syntax
system confBackup list
system confBackup restore

Restores the system using the specified system-configuration backup. The version of the current
system and the version of the system that created the system-configuration backup must be the
same.
Syntax
system confBackup restore <confBackupName>
<confBackupName>
Required
System Database Commands

Use system database commands to manage the APSolute Vision database.
The system database commands comprise the following:
system database access Commands, page 117
system database clear, page 118
system database start, page 118
116

system database status, page 118
system database stop, page 118
system database access Commands

Manages the database-viewer list, that is, the list of viewers of the following database tables:
security_attacks_viewThe table with the attacks identified by DefensePro devices.
audit_table_viewThe table containing audit events.
alert_viewThe table containing the alerts that the APSolute Vision stores.
The system database access commands comprise the following:
system database access display, page 117
system database access grant, page 117
system database access revoke, page 117
A user from a specified host IP address with the following credentials can read (SELECT) the
database tables with a MySQL connection:
User: external
Password: viewer
Default schema: vision
Hostname: The IP address of the APSolute Vision server
Notes:
>> The system backup and configuration backup commands back up the databaseviewer list.
>> The system cleanup command deletes the database-viewer list.
system database access display

Displays the database-viewer list.
Syntax
system database access display
system database access grant

Adds an IP address to the database-viewer list.
Syntax
system database access grant <host_IP_address>
host_IP_address
The host IP address of the user in the database-viewer list.
Required
system database access revoke

Removes an IP address or all IP addresses from the database-viewer list. Use the all argument to
remove all IP addresses from the database-viewer list.
Syntax
system database access revoke {<host_IP_address>|all}
host_IP_address
The host IP address of the user in the database-viewer list.
Required
117

system database clear

Clears and initializes the APSolute Vision database.
Syntax
system database clear
system database start

Restarts the APSolute Vision database, making it available for access.
Syntax
system database start
system database status

Shows the database status. For example, the output:
MySQL running (2688) [OK]

shows the database is up and running with process ID 2688.
Syntax
system database status
system database stop

Stops the APSolute Vision database, making it unavailable for access.
Syntax
system database stop
System Date Commands

Use system date commands to display and set date and time on the APSolute Vision server.
The system date commands comprise the following:
system date get, page 118
system date set, page 118
system date get

Displays the APSolute Vision server date and time.
Syntax
system date get
system date set

Sets the date and time on the APSolute Vision server.
Notes:
>> Setting the system date stops the NTP service.
>> Setting the system date requires restarting the APSolute Vision server, the APSolute
Vision Reporter, and MySQL.
Syntax
system date set <date_and_time>
118

date_and_time
The date and time in yyyy/MM/dd hh:mm:ss format.
Required
Example
system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.
System NTP Commands

Use system ntp commands to manage Network Time Protocol (NTP) settings to synchronize time
and date across the network.
The system ntp commands comprise the following:
system ntp servers add, page 119
system ntp servers del, page 119
system ntp servers get, page 120
system ntp service, page 120
system ntp servers add

Adds an NTP server to the list of NTP servers.
Syntax
system ntp servers add <server> [minpoll <minpoll>] [maxpoll <maxpoll>]

[prefer]
server
The URL or IP address of the NTP server.
Required
minpoll <minpoll>
The minimum poll interval for NTP messages, as a power

of 2 in seconds.
Optional
Minimum: 4That is, 16 seconds.

Default: 6That is, 64 seconds.
maxpoll <maxpoll>
The maximum poll interval for NTP messages, as a power

of 2 in seconds.
Optional
Maximum: 17That is, approximately 36.4 hours.

Default: 10That is, 1024 seconds, approximately 17
minutes.
prefer
Specifies that this host will be chosen for

synchronization, all other things being equal. For more
information, go to
http://www.ntp.org/.
Optional
system ntp servers del

Deletes the specifies NTP server.
Syntax
system ntp servers del <server>
server
The URL or IP address of the NTP server.
Required
119

system ntp servers get

Displays the list of the NTP servers with the specified arguments (minpoll, maxpoll, and
prefer).
Syntax
system ntp servers get
system ntp service

Starts and stops the NTP service (ntpd).
Syntax
system ntp service {start | stop | status}

start | stop | status Use one of the following commands:
Required
start Starts the NTP service, which starts to send

query messages to the external NTP servers to
synchronize time and date.
stop Stops the NTP service.
status Displays the status of the NTP service
(running or stopped) and the following additional
information in table form when the service is
running:
remoteServer name or IP number
refidAssociation ID
stServer stratum level
tType:
uUnicast or manycast client

bBroadcast or multicast client
lLocal (reference clock)
sSymmetric (peer)
AManycast server
BBroadcast server
MMulticast server
whenSec/min/hr since last received packet
pollPoll interval (log2(sec))
reachReach shift register (octal)
delayRound-trip delay
offsetOffset of server relative to this host
jitterJitter
System SSL Commands

Use system ssl commands to create, import, and show SSL certificates.
The system ssl commands comprise the following:
system ssl create, page 121
system ssl import, page 121
system ssl show, page 122
120

system ssl create

Creates a new self-signed certificate with the information you provide.
The system stores one SSL certificate.
The system asks you for information that will be incorporated into the certificate request. The
default value is APSolute Vision Server. To leave a field blank, press ENTER.
The system asks you for the following information:
Common NameThe server hostname or the IP address. Default: APSolute Vision Server.
Country NameThe two-letter code. Default: NA.
State or Province NameDefault: NA.
Locality NameFor example, the city. Default: NA.
Organization NameFor example, the company name. Default: NA.
Organizational Unit NameFor example, the company department. Default: NA.
Email AddressDefault: NA.
Caution: Every certificate includes a validity period, which is defined by a start date and an end
date. To prevent certificate-validity conflicts, before creating certificates, make sure
that the correct time is configured on the APSolute Vision servereither manually or
using an NTP server.
Note: Replacing the SSL certificate reboots the AVR web server. You will need to log in again to
AVR.
Syntax
system ssl create
system ssl import

Imports a private key and certificate in PEM or PKCS12 format.
system ssl import pem

Imports a private key and certificate in PEM format.
Syntax
system ssl import pem <protocol>://<user>@<server>:/<path/to/directory> key <key_filename> -cert <certificate_filename> [-pass <key_passphrase>]
<protocol>
Values:
Required
sftp
scp
<user>@
The username.
Required
Note: If a password is required, you are prompted

for it after the connection is initiated.
<server>
Required
<path/to/directory>
The path to the directory.
Required
121

<key_filename>
The name of the key in the remote directory.
<certificate_filename> The name of the certificate in the remote directory.

<key_passphrase>
The passphrase of the key file in the remote directory.
Required
Required
Optional
For PEM, the key passphrase is optional. Supply the key

passphrase if the private key is encrypted with a
passphrase.
Example
sftp://radware@1.1.1.1:/tmp -key key.pem -cert cert.pem -pass 12345
system ssl import pkcs12

Imports a private key and certificate in PKCS12 format.
Syntax
system ssl import pkcs12 <protocol>://<user>@<server>:/<path/to/directory>/

<PKCS12_filename> -pass <pkcs12_passphrase>
<protocol>
Values:
Required
sftp
scp
<user>@
The username.
Required
Note: If a password is required, you are prompted

for it after the connection is initiated.
<server>
Required
<path/to/directory>
The path to the directory.
Required
<PKCS12_filename>
The name of the PKCS12 file in the remote directory.
Required
<pkcs12_passphrase>
The name of the passphrase in the remote directory.
Required
Example
sftp://radware@1.1.1.1:/tmp/file.p12 -pass 12345
system ssl show

Displays the following certificate details:
Subject:
Common Name
Country
State
Locality
122

Organization
Organization Unit
Email Address
Issuer:
Common Name
Country
State
Locality
Organization
Organization Unit
Email Address
Serial Number
Validity:
Start DateIn MMM DD hh:mm:ss yyyy GMT format
End DateIn MMM DD hh:mm:ss yyyy GMT format
Public Key Info:
Public Key AlgorithmFor example, rsaEncryption
RSA Public KeyFor example, (2048 bit)
Syntax
system ssl show
System Storage Commands

Use system storage commands to manage the storage locations of the following:
APSolute Vision system backups
APSolute Vision system-configuration backups
APSolute Vision Reporter data backups
Tech-support packages
The system storage commands comprise the following:
system storage backup local, page 123
system storage backup remote, page 123
system storage backup info, page 124
system storage backup local

Sets the storage location to the hard-coded local directory.
Syntax
system storage backup local
system storage backup remote

Sets the storage location to a remote directory using either NFS or CIFS (Samba).
Syntax
system storage backup remote <protocol>://<server>:/<path/to/store>
123

<protocol>
Values: nfs, cifs
Required
<server>
Required
<path/to/store>
The path to the storage directory.
Required
system storage backup info

Lists the storage location.
Syntax
system storage backup info
System reporterBackup Commands

Use system reporterBackup commands to manage APSolute Vision Reporter data backups.
The system reporterBackup commands comprise the following:
system reporterBackup create, page 124
system reporterBackup delete, page 124
system reporterBackup export, page 125
system reporterBackup import, page 125
system reporterBackup info, page 126
system reporterBackup list, page 126
system reporterBackup restore, page 126
system reporterBackup create

The system stores up to three reporter-backup iterations backups. After the third reporter-backup,
the system deletes the oldest one.
The backup includes all the APSolute Vision Reporter data.
Syntax
system reporterBackup create <reporterBackupName> <description>
<reporterBackupName>
The name of the reporter-backup, up to 15 characters,

with no spaces. Only alphanumeric characters and
Required
<description>
The description of the reporter-backup.
Optional
system reporterBackup delete

Deletes the specified reporter-backup from the storage location.
Syntax
system reporterBackup delete <reporterBackupName>
124
The name of the reporter-backup.
Required

system reporterBackup export

Exports the specified reporter-backup from the storage location to a specified location.
Syntax
system reporterBackup export <reporterBackupName> <protocol>://

<user>@<server>:/<path/to/directory>/<filename>
The name of the reporter-backup.
Required
<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required
Note: If a password is required, you are prompted for

it after the connection is initiated.
<server>
Required
<path/to/directory>
The path to the export directory.
Required
<filename>
The filename of the reporter-backup in the export

reporterBackupName.
Required
system reporterBackup import

Imports the specified reporter-backup from the specified location to the storage location.
Syntax
system reporterBackup import <protocol>://<user>@<server>:/<path/to/

<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required

<server>
Required
125


<filename>
Required
The name of the reporter-backup in the export directory,

which may be different from the reporterBackupName.
Required

reporterBackupName, that is, the name that was used
when the reporter-backup was created.
system reporterBackup info

Displays the following information about the specified reporter-backup:
NameThe name of the reporter-backup.
Disk SizeThe size of the reporter-backup on the disk.
DateThe time and date that the reporter-backup was created.
DescriptionThe user-defined description of the reporter-backup.
Syntax
system reporterBackup info <reporterBackupName>

<reporterBackupName> The name of the reporter-backup.
Required
system reporterBackup list

Lists the reporter-backups in the storage location in a table with the following columns:
NameThe name of the reporter-backup.
Size(K)The size of the reporter-backup on the disk.
DateThe time and date that the reporter-backup was created.
DescriptionThe user-defined description of the reporter-backup, which is truncated as

necessary to fit the table.
Syntax
system reporterBackup list
system reporterBackup restore

Restores the APSolute Vision Reporter data using the specified reporter-backup. The version of the
current system and the version of the system that created the reporter-backup must be the same.
Syntax
system reporterBackup restore <reporterBackupName>

<reporterBackupName> The name of the reporter-backup.
126
Required

System TCP Capture Commands

Use system tcpdump commands to dump a TCP capture for debugging.
The system tcpdump commands comprise the following:
system tcpdump export, page 127
system tcpdump print, page 128
system tcpdump export

Exports the TCP capture file by SSH. The capture file, dump.cap, is created locally, on the server.
When the TCP capture ends, you are prompted to download the capture file using the link to the
APSolute Vision server Web page. (For the procedure, see To download the TCP capture file,
page 128.)
The file is overwritten each time you run the tcpdump export command.
After entering the system tcpdump export command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.
Filter-expression examples:
port 80 Filter packets with source port 80.
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Caution: The dump to the capture file (dump.cap) stops when the first condition is reached:
timeout_sec, max_packets, or size. To ensure that each dump includes as much
data as possible when you configure a timeout_sec condition, Radware
recommends that you set max_packets to the maximum (-c 0). To ensure that
each dump includes as much data as possible when you configure a max_packets
condition, Radware recommends that you set timeout_sec to the maximum
(-t 0).
Syntax
system tcpdump export [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
-t <timeout_sec>
The timeout, in seconds.
Optional
Enter 0 for no timeout.

Default: 60
-c <max_packets>
The maximum number of packets.
Optional
Enter 0 for no maximum.

Default: 10,000
-s <size>
The size to truncate packets to.
Optional
Default: 0Specifies no truncation
127

To download the TCP capture file

1.
Open your browser and enter the IP address of the APSolute Vision server. An Authentication
2.
Do the following:
In the User Name field, type, visionweb.
system administrator.
3.
Click OK. The following Web page opens.
4.
Click the Maintenance Files icon. The maintenance page opens.
5.
Click the link to the capture file.
system tcpdump print

Dumps a TCP capture directly to the console.
After entering the system tcpdump print command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.
Filter-expression examples:
port 80 Filter packets with source port 80.
tcp src port 443 Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Syntax
system tcpdump print [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
128

t
-t <timeout_sec>
The timeout in seconds. Enter 0 for no timeout.
Optional
Default: 60
-c <max_packets>
The maximum number of packets. Enter 0 for no maximum.
Optional
Default: 10000
-s <size>
The size to truncate packets to.
Optional
Default: 0Specifies no truncation
System techSupport Commands

Use techSupport commands to manage tech-support packages for the APSolute Vision server.
Note: You can create a tech-support package for an APSolute Vision client. For more
information, see Technical-Support Packages, page 137.
The system techSupport commands comprise the following:
system techSupport create, page 129
system techSupport export, page 130
system techSupport info, page 130
system techSupport list, page 131
system techSupport delete, page 131
system techSupport create

Creates a tech-support package.
The system stores up to three tech-support packages. After the third tech-support package, the
system deletes the oldest one.
Each tech-support package includes the following:
The current system time in millis
The APSolute Vision version and build number
APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
Running processes
The status of each APSolute Vision service
APSolute Vision system logs
APSolute Vision Reporter logs
Disk usage
Additional internal-resource information
Note: The tech-support package contain no database information and no collected

information.
Syntax
system techSupport create <techSupportName> <description>
129

<techSupportName> The name of the tech-support package, up to 15 characters,
Required
with no spaces. Only alphanumeric characters and

<description>
The description of the tech-support package.
Optional
system techSupport export

Exports the specified tech-support package from the storage location to a specified location.
Syntax
system techSupport export <techSupportName> <protocol>://

<user>@<server>:/<path/to/directory>/<filename>
<techSupportName>
The name of the tech-support package.
Required
<protocol>
Values:
Required
file
ssh
sftp
ftp
scp
<user>@
The username.
Required

<server>

<filename>
Required
Required
The filename of the tech-support package in the export

techSupportName.
Required
system techSupport info

Displays the following information about the specified tech-support package:
NameThe name of the tech-support package.
Disk SizeThe size of the tech-support package on the disk.
DateThe time and date that the tech-support package was created.
DescriptionThe user-defined description of the tech-support package.
Syntax
system techSupport info <techSupportName>
<techSupportName>
130
Required

system techSupport list

Lists the tech-support packages in the storage location in a table with the following columns:
NameThe name of the tech-support package.
Size(K)The size of the tech-support package on the disk.
DateThe time and date that the tech-support package was created.
DescriptionThe user-defined description of the tech-support package, which is truncated as

necessary to fit the table.
Syntax
system techSupport list
system techSupport delete

Deletes the specified tech-support package in the storage location.
Syntax
system techSupport delete <techSupportName>
<techSupportName>
Required
System Timezone Commands

Use system timezone commands to display the timezone, with or without daylight saving time, on
the APSolute Vision server.
The system timezone commands comprise the following:
system timezone get, page 131
system timezone list, page 131
system timezone set, page 132
system timezone get

Displays the timezone set on the APSolute Vision server.
Syntax
system timezone get
system timezone list

Lists the timezones that are supported on the APSolute Vision server.
Syntax
system timezone list
Tip:
To paginate output, use system timezone list | more.
To find a specific timezone, use |grep. For example, to find the timezone for London, use
system timezone list | grep Lon to display all time-zone names containing Lon.
131

system timezone set

Sets the timezone on the APSolute Vision server, and implements daylight saving time, if required.
You can use any timezone from the list of supported timezones. Timezones for named locations, for
example, Europe/London, set the GMT value and daylight saving time parameters for those areas.
To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for
example, Etc/GMT+2.
For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and
the zones east of GMT have a negative (-) sign in the timezone name. For example,
Etc/GMT-2 is 2 hours ahead/east of GMT.
Syntax
system timezone set <timezone_name>
<timezone_name>
The name of the timezone, selected from the list of supported

timezones. The time-zone name is case insensitive, for
example, system timezone set Europe/London.
Required
Tip:
To view the list of supported timezones, use system timezone list.
To prevent incorrect timezone configuration, use the country name listed in the
timezone list, not timezones beginning with Etc/GMT.
132
Appendix A Managing the Online-Help

Package on the Server
This appendix describes the following procedures:
Upgrading the online-help package that resides in the APSolute Vision server.
Reverting the online help to the original versionthat is, the online help that came with the
installation of the APSolute Vision server.
Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute
Vision Server Advanced Parameters, page 58), APSolute Vision clients access onlinehelp pages from the server itself or from radware.com. The online help at radware.com
is always the latest, but the files on the server might be obsolete if a managed device
was upgraded or a new device driver is used.
The help-upgrade procedure requires a valid online-helpupgrade package. To get an online-help
upgrade package, contact Radware Technical Support. The online-helpupgrade package may also
be included in the product CD.
The online-help package is named using the following format:
APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade
To upgrade the APSolute Vision help on the server

1.
2.
Do the following:
In the User Name field, type the Web user name.
133

Managing the Online-Help Package on the Server
3.
Click OK. The following Web page opens.
4.
Click the Upgrade APSolute Vision Online Help link. The APSolute Vision Upgrade page is
displayed.
5.
In the text box, enter the filepath or browse to the online-helpupgrade package.
6.
Press Enter. The upgrade utility uploads the package and places the online-help files in the
location in the APSolute Vision server.
To revert the online help to the original version

1.
2.
Do the following:
In the User Name field, type the Web user name.
134

3. Click OK. The following Web page opens.
4. Click the Revert to Original Online Help link.
135

136
Appendix B Technical-Support Packages

If you encounter problems with APSolute Vision, you can create a technical-support package and
send it to Radware Technical Support for assistance.
There are two types of technical-support packages, one type for APSolute Vision server and another
type for APSolute Vision client.
For information on managing technical-support packages for APSolute Vision server, see System
techSupport Commands, page 129.
Each time you create a technical-support package for an APSolute Vision client, the oldest package
gets overwritten.
To create a technical-support package for an APSolute Vision client

1.
Open the Tech-Support folder in the folder that contains the APSolute Vision client files.
Notes: The default path of the Tech-Support folder is
C:\Program Files\Radware\Tech-Support.
2.
Double-click the ClientTechSupport.bat file. The system creates a compressed folder

named TechSupport.zip, which contains the files the Radware Technical Support may require
to resolve the problem you have with the APSolute Vision client.
137

Technical-Support Packages
138
Appendix C APSolute Vision Specifications

and Requirements
This section contains various specifications and requirements for APSolute Vision.
Notes:
>> APSolute Vision server can run as a physical or virtual appliance called APSolute Vision
server. For hardware and virtual-appliance (VA) specifications, see the Radware
Installation and Maintenance Guide.
>> APSolute Vision supports multiple device types and versions. For the supported devices
and versions, see the APSolute Vision Release Notes for the required version.
System Capacity
The following table lists the capacity of a single APSolute Vision system.
Table 19: APSolute Vision System Capacity
Topic
Capacity
User accounts
Unlimited
Concurrent users
10
Total managed devices
401
Managed DefensePro devices
401
Managed AppDirector devices
401
Attacks stored in APSolute Vision Reporter
100M
1 This number applies for the APSolute Vision server physical appliance and the virtual appliance
(VA) large-scale version. The VA medium-scale and small-scale versions support fewer devices.
Medium-scale VA capacity: 20. Small-scale VA capacity: 2.
UDP/TCP Ports
Radware management interfaces communicate with various UDP/TCP ports using HTTPS, HTTP,
Telnet, and SSH. If you intend to use these interfaces, ensure they are accessible and not blocked by
your firewall.
139

APSolute Vision Specifications and Requirements
The following table lists the ports for APSolute Vision server-client communication.
Table 20: Ports for APSolute Vision Server-Client Communication and Operating System
Port
Protocol
Type
Usage
22
SSH, SFTP, SCP
TCP
Terminal client to server

Server CLI management, file transfer Server to
northbound
Push backups, reports, and so on
25
SMTP
TCP
Server to external e-mail server
443
SSL
TCP
APSolute Vision client to server
514
Syslog
UDP
Server to external syslog server
631
TCP UDP
TCP UDP
Used by the operating system and configured by default in

iptables.
2214
Syslog
TCP UDP
Syslog devices (AppWall servers only) to APSolute Vision

server
3306
TCP UDP
TCP UDP
Remote MySQL connections for read-only access to certain

APSolute Vision database-table views. This port is open
only when the APSolute Vision server is configured to
allow remote access to its MySQL database. For more
information, see system database access Commands,
page 117.
5353
TCP UDP
TCP UDP
Used for multicast DNS by the operating system and

configured by default in iptables.
9216
HTTPS
TCP
APSolute Vision Reporter client to APSolute Vision

Reporter server
General management (APSolute Vision Reporter)
The following table lists the ports for communication between APSolute Vision server and Radware
devices.
Table 21: Communication Ports for APSolute Vision Server with Radware Devices
Port
Protocol
Type
Usage
69
TFTP
UDP
Server to device, file transfer
80
HTTP
TCP
161
SNMP
UDP
Server to devices
SNMP management
162
SNMP
UDP
Devices to server, traps
443
SSL
TCP
2088
IRP
UDP
Devices to server, statistics
2093
SRP
UDP
Devices to server, statistics
8200
8270
8300
SSL
TCP
Server to AppWall devices (AppWall servers only)
140

APSolute Vision Client Requirements

Before you install the APSolute Vision client, ensure your computer meets the hardware and
software requirements.
Caution: You install the APSolute Vision client by first accessing the APSolute Vision appliance
using a Web browser. Therefore, APSolute Vision appliance must have a proper IP
address installed already. For information on configuring the IP address of the
APSolute Vision appliance, see Configuring the APSolute Vision Server, page 49.
APSolute Vision Client Hardware Requirements, page 141
APSolute Vision Client Supported Operating Systems, page 141
APSolute Vision Client Software Requirements, page 141
APSolute Vision Client Hardware Requirements

The PC on which APSolute Vision client runs requires the following hardware:
2.66 GHz or faster
2 GB RAM or more recommended
300 MB free disk space
CD-ROM
Network interface card (NIC)
768X1024 minimum recommended screen resolution
APSolute Vision Client Supported Operating Systems

The following operating systems support APSolute Vision client:
Windows XP SP3 32-bit
Windows Server 2008R2 64-bit
Windows 7 32-bit and 64-bit
Windows 7 SP1 32-bit and 64-bit
Caution: There are certain compatibility issues with Windows 7. For more information, see
the APSolute Vision Release Notes.
APSolute Vision Client Software Requirements

The PC that APSolute Vision client runs on requires the following:
Any Web browser that has a Java plug-in installed. The browser is needed only for downloading
the APSolute Vision client to the PC.
Java client version 1.6.0_17 or later must be installed to run the APSolute Vision Reporter.
For the list of UDP/TCP ports that must be accessible when installing APSolute Vision client, see
UDP/TCP Ports, page 139.
141

APSolute Vision Reporter Requirements

After installing the APSolute Vision client, you can connect to APSolute Vision Reporter. APSolute
Vision Reporter is a separate process that runs on the APSolute Vision server. You access APSolute
Vision Reporter via a browser on your PC. The APSolute Vision client interface includes a button that
is a link to the APSolute Vision Reporter process.
You can run APSolute Vision Reporter on the following browsers:
Windows Internet Explorer 6 and 7.x and later
Mozilla Firefox 3.5 and 3.6
Google Chrome unofficially supported
142
Radware Ltd. End User License Agreement

By accepting this End User License Agreement (this License Agreement) you agree to be contacted
by Radware Ltd.s (Radware) sales personnel.
If you would like to receive license rights different from the rights granted below or if you wish to
acquire warranty or support services beyond the scope provided herein (if any), please contact
Radwares sales team.
THIS LICENSE AGREEMENT GOVERNS YOUR USE OF ANY SOFTWARE DEVELOPED AND/OR
DISTRIBUTED BY RADWARE AND ANY UPGRADES, MODIFIED VERSIONS, UPDATES, ADDITIONS,
AND COPIES OF THE SOFTWARE FURNISHED TO YOU DURING THE TERM OF THE LICENSE
GRANTED HEREIN (THE SOFTWARE). THIS LICENSE AGREEMENT APPLIES REGARDLESS OF
WHETHER THE SOFTWARE IS DELIVERED TO YOU AS AN EMBEDDED COMPONENT OF A RADWARE
PRODUCT (PRODUCT), OR WHETHER IT IS DELIVERED AS A STANDALONE SOFTWARE PRODUCT.
FOR THE AVOIDANCE OF DOUBT IT IS HEREBY CLARIFIED THAT THIS LICENSE AGREEMENT
APPLIES TO PLUG-INS, CONNECTORS, EXTENSIONS AND SIMILAR SOFTWARE COMPONENTS
DEVELOPED BY RADWARE THAT CONNECT OR INTEGRATE A RADWARE PRODUCT WITH THE
PRODUCT OF A THIRD PARTY (COLLECTIVELY, CONNECTORS) FOR PROVISIONING,
DECOMMISSIONING, MANAGING, CONFIGURING OR MONITORING RADWARE PRODUCTS. THE
APPLICABILITY OF THIS LICENSE AGREEMENT TO CONNECTORS IS REGARDLESS OF WHETHER
SUCH CONNECTORS ARE DISTRIBUTED TO YOU BY RADWARE OR BY A THIRD PARTY PRODUCT
VENDOR. IN CASE A CONNECTOR IS DISTRIBUTED TO YOU BY A THIRD PARTY PRODUCT VENDOR
PURSUANT TO THE TERMS OF AN AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT
VENDOR, THEN, AS BETWEEN RADWARE AND YOURSELF, TO THE EXTENT THERE IS ANY
DISCREPANCY OR INCONSISTENCY BETWEEN THE TERMS OF THIS LICENSE AGREEMENT AND THE
TERMS OF THE AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THE TERMS
OF THIS LICENSE AGREEMENT WILL GOVERN AND PREVAIL. PLEASE READ THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE
CONTAINING RADWARES PRODUCT, OR BEFORE DOWNLOADING, INSTALLING, COPYING OR
OTHERWISE USING RADWARE'S STANDALONE SOFTWARE (AS APPLICABLE). THE SOFTWARE IS
LICENSED (NOT SOLD). BY OPENING THE PACKAGE CONTAINING RADWARE'S PRODUCT, OR BY
DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE (AS APPLICABLE), YOU
CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS LICENSE AGREEMENT AND YOU AGREE
TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. FURTHERMORE, YOU HEREBY WAIVE
ANY CLAIM OR RIGHT THAT YOU MAY HAVE TO ASSERT THAT YOUR ACCEPTANCE AS STATED
HEREINABOVE IS NOT THE EQUIVALENT OF, OR DEEMED AS, A VALID SIGNATURE TO THIS LICENSE
AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THE TERMS OF THIS LICENSE
AGREEMENT, YOU SHOULD PROMPTLY RETURN THE UNOPENED PRODUCT PACKAGE OR YOU
SHOULD NOT DOWNLOAD, INSTALL, COPY OR OTHERWISE USE THE SOFTWARE (AS APPLICABLE).
THIS LICENSE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SOFTWARE
BETWEEN YOU AND RADWARE, AND SUPERSEDES ANY AND ALL PRIOR PROPOSALS,
REPRESENTATIONS, OR UNDERSTANDINGS BETWEEN THE PARTIES. YOU MEANS THE NATURAL
PERSON OR THE ENTITY THAT IS AGREEING TO BE BOUND BY THIS LICENSE AGREEMENT, THEIR
EMPLOYEES AND THIRD PARTY CONTRACTORS. YOU SHALL BE LIABLE FOR ANY FAILURE BY SUCH
EMPLOYEES AND THIRD PARTY CONTRACTORS TO COMPLY WITH THE TERMS OF THIS LICENSE
AGREEMENT.
1.
License Grant. Subject to Section 2 below (if applicable), Radware hereby grants to you, and
you accept, a nonexclusive, nontransferable license to install and use the Software in machinereadable, object code form only and solely for your internal purposes (Commercial License).
You further agree that you will not assign, sublicense, transfer, pledge, lease, rent or share your
rights under this License Agreement nor will you distribute copies of the Software.
2.
Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which You download the Software, as inferred from any timelimited evaluation license keys that You are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (Evaluation Use) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
143

discretion (the Evaluation Period). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, You agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and You agree to pay Radware any amounts due for any
applicable license fees at Radwares then-current list prices.
3.
Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt, or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble, decompile,
reverse engineer or otherwise attempt to derive source code (or the underlying ideas,
algorithms, structure or organization) from the Software; or (c) remove any copyright notices,
identification or any other proprietary notices from the Software (including any notices of Third
Party Software (as defined below); or (d) copy the Software onto any public or distributed
network or use the Software to operate in or as a time-sharing, outsourcing, service bureau,
application service provider, or managed service provider environment. Notwithstanding Section
3(d), if you provide hosting or cloud computing services to your customers, you are entitled to
use and include the Software in your IT infrastructure on which you provide your services.
4.
Intellectual Property Rights. You acknowledge and agree that this License Agreement does
not convey to you any interest in the Software except for the limited right to use the Software,
and that all right, title, and interest in and to the Software, including any and all associated
intellectual property rights, are and shall remain with Radware or its third party licensors. You
further acknowledge and agree that the Software is a proprietary product of Radware and/or its
licensors and is protected under applicable copyright law.
5.
No Warranty. The Software, and any and all accompanying software, files, libraries, data and
materials, are distributed and provided AS IS by Radware or by its third party licensors (as
applicable) and with no warranty of any kind, whether express or implied, including, without
limitation, any non-infringement warranty or warranty of merchantability or fitness for a
particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or
makes any representation regarding the title in the Software, the use of, or the results of the
use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the
operation of the Software will be uninterrupted or error-free, or that the use of any passwords,
license keys and/or encryption features will be effective in preventing the unintentional
disclosure of information contained in any file. You acknowledge that good data processing
procedure dictates that any program, including the Software, must be thoroughly tested with
non-critical data before there is any reliance on it, and you hereby assume the entire risk of all
use of the copies of the Software covered by this License. This disclaimer of warranty constitutes
an essential and material part of this License.
In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable
under any warranty provision, Radware shall be released from all such obligations in the event
that the Software shall have been subject to misuse, neglect, accident or improper installation,
or if repairs or modifications were made by persons other than by Radwares authorized service
personnel.
6.
Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no

event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors,
contractors, subsidiaries, or parent organizations (together, the Radware Parties), be liable for
any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating
to the use of, or the inability to use, the Software, or to your relationship with, Radware or any
of the Radware Parties (including, without limitation, loss or disclosure of data or information,
and/or loss of profit, revenue, business opportunity or business advantage, and/or business
interruption), whether based upon a claim or action of contract, warranty, negligence, strict
liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of
144

the possibility of such damages. If any Radware Party is found to be liable to You or to any thirdparty under any applicable law despite the explicit disclaimers and limitations under these
terms, then any liability of such Radware Party, will be limited exclusively to refund of any
license or registration or subscription fees paid by you to Radware.
7. Third Party Software. The Software includes software portions developed and owned by third
parties (the Third Party Software). Third Party Software shall be deemed part of the Software
for all intents and purposes of this License Agreement; provided, however, that in the event that
a Third Party Software is a software for which the source code is made available under an open
source software license agreement, then, to the extent there is any discrepancy or inconsistency
between the terms of this License Agreement and the terms of any such open source license
agreement (including, for example, license rights in the open source license agreement that are
broader than the license rights set forth in Section 1 above and/or no limitation in the open
source license agreement on the actions set forth in Section 3 above), the terms of any such
open source license agreement will govern and prevail. The terms of open source license
agreements and copyright notices under which Third Party Software is being licensed to
Radware or a link thereto, are included with the Software documentation or in the header or
readme files of the Software. Third Party licensors and suppliers retain all right, title and interest
in and to the Third Party Software and all copies thereof, including all copyright and other
intellectual property associated therewith. In addition to the use limitations applicable to Third
Party Software pursuant to Section 3 above, you agree and undertake not to use the Third Party
Software as a general SQL server, as a stand-alone application or with applications other than
the Software under this License Agreement.
8. Term and Termination. This License Agreement is effective upon the first to occur of your
opening the package of the Product, purchasing, downloading, installing, copying or using the
Software or any portion thereof, and shall continue until terminated. However, sections 3-11
shall survive any termination of this License Agreement. The License under this License
Agreement is not transferable and will terminate upon transfer of the Software.
9. Export. The Software or any part thereof may be subject to export or import controls under the
laws and regulations of the United States and/or Israel. You agree to comply with such laws and
regulations, and, agree not to knowingly export, re-export, import or re-import, or transfer
products without first obtaining all required Government authorizations or licenses therefor.
10. Governing Law. This License Agreement shall be construed and governed in accordance with
the laws of the State of Israel.
11. Miscellaneous. If a judicial determination is made that any of the provisions contained in this
License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or
provisions shall be rendered void or invalid only to the extent that such judicial determination
finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder
of this License Agreement shall remain operative and in full force and effect. In any event a
party breaches or threatens to commit a breach of this License Agreement, the other party will,
in addition to any other remedies available to, be entitled to injunction relief. This License
Agreement constitutes the entire agreement between the parties hereto and supersedes all prior
agreements between the parties hereto with respect to the subject matter hereof. The failure of
any party hereto to require the performance of any provisions of this License Agreement shall in
no manner affect the right to enforce the same. No waiver by any party hereto of any provisions
or of any breach of any provisions of this License Agreement shall be deemed or construed
either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of
any other provision or breach of any other provision of this License Agreement.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE, YOU MUST REMOVE THE
SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMIDIATELY CEASE USING THE
SOFTWARE.
COPYRIGHT 2012, Radware Ltd. All Rights Reserved.
145

APSVision Admin Guide

Transféré par

Informations du document

Description :

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Description :

Droits d'auteur :

Formats disponibles

APSVision Admin Guide

Transféré par

Description :

Droits d'auteur :

Formats disponibles

APSolute Vision Administrator Guide

Software Version 1.30

APSolute Vision Administrator Guide

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

This product includes software developed by Markus Friedl

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Notice traitant du copyright

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Ce produit inclut un logiciel dvelopp par Markus Friedl

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 3: Statement for Class A VCCI-certified Equipment

Translation of Statement for Class A VCCI-certified Equipment:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 4: Statement for Class B VCCI-certified Equipment

Translation of Statement for Class B VCCI-certified Equipment:

Figure 5: KCCKorea Communications Commission Certificate of Broadcasting and

Figure 6: Statement For Class A KCC-certified Equipment in Korean

Translation of Statement For Class A KCC-certified Equipment in Korean:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

This marking or statement includes the following text warning:

Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla

Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt

Unit is intended for connection to IT power systems for Norway only.

To connect the power connection:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 7: tiquette davertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 9: Dclaration pour lquipement de classe A certifi VCCI

Traduction de la Dclaration pour lquipement de classe A certifi VCCI:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Figure 10: Dclaration pour lquipement de classe B certifi VCCI

Traduction de la Dclaration pour lquipement de classe B certifi VCCI:

Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:

Document ID: RDWR-APSV-V0130_AG1205

APSolute Vision Administrator Guide

Cette marque ou remarque inclut lavertissement textuel suivant:

Finlande (tiquette et inscription dans le manuel) - Laite on liitettv

Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt

Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).

Pour brancher lalimentation lectrique:

Document ID: RDWR-APSV-V0130_AG1205