Vous êtes sur la page 1sur 615

APSolute Vision

User Guide
Software Version 3.40.00
Document ID: RDWR-APSV-V034000_UG1512

December 2015

APSolute Vision User Guide

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Important Notices
The following important notices are presented in English, French, and German.

Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 2015. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.

Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 2015. Tous droits rservs.
Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels
contenus dans ce guide sont la proprit de Radware Ltd.
Ce guide dinformations est fourni nos clients dans le cadre de linstallation et de lusage des
produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui
pour lequel il a t conu.
Les informations rpertories dans ce document restent la proprit de Radware et doivent tre
conserves de manire confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement pralable crit de Radware.

Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert:
Copyright Radware Ltd. 2015. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Copyright Notices
The following copyright notices are presented in English, French, and German.

Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and
the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL,
please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.

Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.

2.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.

3.

All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)

4.

The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote
products derived from this software without prior written permission. For written permission,
please contact openssl-core@openssl.org.

5.

Products derived from this software may not be called OpenSSL nor may OpenSSL appear in
their names without prior written permission of the OpenSSL Project.

6.

Redistributions of any form whatsoever must retain the following acknowledgment:


This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

This library is free for commercial and non-commercial use as long as the following conditions are
aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution
is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts
of the library used.
This can be in the form of a textual message at program startup or in documentation (online or
textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not
cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgment:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code
cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
This code is hereby placed in the public domain.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

This product contains code developed by the OpenBSD Project


Copyright 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.

Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.

2.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.

3.

Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.

This product includes software developed by Markus Friedl.


This product includes software developed by Theo de Raadt.
This product includes software developed by Niels Provos
This product includes software developed by Dug Song
This product includes software developed by Aaron Campbell
This product includes software developed by Damien Miller
This product includes software developed by Kevin Steves
This product includes software developed by Daniel Kouril
This product includes software developed by Wesley Griffin
This product includes software developed by Per Allansson
This product includes software developed by Nils Nordman
This product includes software developed by Simon Wilkinson
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1.

Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.

2.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.

This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided as is without express or implied warranty of any kind.
This product includes the DB2 Express-C database, the copyrights of which are owned IBM.

Notice traitant du copyright


Les programmes intgrs dans ce produit sont soumis une licence dutilisation limite et ne
peuvent tre utiliss quen lien avec cette application.
Limplmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribue sous les termes de la licence suivante:
@version 3.0 (Dcembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprs de Radware. Une copie de la licence est rpertorie sur: http://www.gnu.org/licenses/oldlicenses/gpl-2.0.html.
Ce code est galement plac dans le domaine public.
Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.
Copyright 1983, 1990, 1992, 1993, 1995
Les membres du conseil de lUniversit de Californie. Tous droits rservs.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
3. Le nom de luniversit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour
approuver ou promouvoir un produit driv de ce programme sans lobtention pralable dune
autorisation crite.
Ce produit inclut un logiciel dvelopp par Markus Friedl.
Ce produit inclut un logiciel dvelopp par Theo de Raadt.
Ce produit inclut un logiciel dvelopp par Niels Provos.
Ce produit inclut un logiciel dvelopp par Dug Song.
Ce produit inclut un logiciel dvelopp par Aaron Campbell.
Ce produit inclut un logiciel dvelopp par Damien Miller.
Ce produit inclut un logiciel dvelopp par Kevin Steves.
Ce produit inclut un logiciel dvelopp par Daniel Kouril.
Ce produit inclut un logiciel dvelopp par Wesley Griffin.
Ce produit inclut un logiciel dvelopp par Per Allansson.
Ce produit inclut un logiciel dvelopp par Nils Nordman.
Ce produit inclut un logiciel dvelopp par Simon Wilkinson.
La distribution et lusage sous une forme source et binaire, avec ou sans modifications, est autorise
pour autant que les conditions suivantes soient remplies:
1. La distribution dun code source doit inclure la notice de copyright mentionne ci-dessus, cette
liste de conditions et lavis de non-responsabilit suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et
lavis de non-responsabilit suivant.
LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS SY LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALIT MARCHANDE ET DADQUATION UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS LAUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS
SY LIMITER, LACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE DUSAGE,
DE DONNES OU DE PROFITS OU LINTERRUPTION DES AFFAIRES), QUELLE QUEN SOIT LA CAUSE
ET LA THORIE DE RESPONSABILIT, QUIL SAGISSE DUN CONTRAT, DE RESPONSABILIT
STRICTE OU DUN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE
QUELLE QUE FAON QUE CE SOIT DE LUSAGE DE CE LOGICIEL, MME SIL A T AVERTI DE LA
POSSIBILIT DUN TEL DOMMAGE.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschrnkten Nutzungslizenz und
knnen nur in Verbindung mit dieser Anwendung benutzt werden.
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
ffentlich zugnglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine
ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/
gpl-2.0.html.
Dieser Code wird hiermit allgemein zugnglich gemacht.
Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code
Copyright 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.

Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.

2.

Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.

3.

Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.

Dieses Produkt enthlt von Markus Friedl entwickelte Software.


Dieses Produkt enthlt von Theo de Raadt entwickelte Software.
Dieses Produkt enthlt von Niels Provos entwickelte Software.
Dieses Produkt enthlt von Dug Song entwickelte Software.
Dieses Produkt enthlt von Aaron Campbell entwickelte Software.
Dieses Produkt enthlt von Damien Miller entwickelte Software.
Dieses Produkt enthlt von Kevin Steves entwickelte Software.
Dieses Produkt enthlt von Daniel Kouril entwickelte Software.
Dieses Produkt enthlt von Wesley Griffin entwickelte Software.
Dieses Produkt enthlt von Per Allansson entwickelte Software.
Dieses Produkt enthlt von Nils Nordman entwickelte Software.
Dieses Produkt enthlt von Simon Wilkinson entwickelte Software.
Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind
unter folgenden Bedingungen erlaubt:
1.

Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.

2.

Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (AS IS)


BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH,
DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER
ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.
UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR
BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR
SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH
NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN
NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE
ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE,
GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT
ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST
WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.

Standard Warranty
The following standard warranty is presented in English, French, and German.

Standard Warranty
Radware offers a limited warranty for all its products (Products). Radware hardware products are
warranted against defects in material and workmanship for a period of one year from date of
shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days
after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at
its discretion, repair or replace the Product.
For hardware warranty service or repair, the product must be returned to a service facility
designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay
the shipping charges in returning the product to the customer. Please see specific details outlined in
the Standard Warranty section of the customers purchase order.
Radware shall be released from all obligations under its Standard Warranty in the event that the
Product and/or the defective component has been subjected to misuse, neglect, accident or
improper installation, or if repairs or modifications were made by persons other than Radware
authorized service personnel, unless such repairs by others were made with the written consent of
Radware.
EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE
PROVIDED BY AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.

Garantie standard
Radware octroie une garantie limite pour lensemble de ses produits (Produits). Le matriel
informatique (hardware) Radware est garanti contre tout dfaut matriel et de fabrication pendant
une dure dun an compter de la date dexpdition. Les logiciels (software) Radware sont fournis
avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du
logiciels (bugs) pendant une dure maximum de 90 jours compter de la date dachat. Dans
lhypothse o un Produit prsenterait un dfaut pendant ladite (lesdites) priode(s), Radware
procdera, sa discrtion, la rparation ou lchange du Produit.
Sagissant de la garantie dchange ou de rparation du matriel informatique, le Produit doit tre
retourn chez un rparateur dsign par Radware. Le Client aura sa charge les frais denvoi du
Produit Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter
les conditions spcifiques dcrites dans la partie Garantie Standard du bon de commande client.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Radware est libre de toutes obligations lies la Garantie Standard dans lhypothse o le Produit
et/ou le composant dfectueux a fait lobjet dun mauvais usage, dune ngligence, dun accident ou
dune installation non conforme, ou si les rparations ou les modifications quil a subi ont t
effectues par dautres personnes que le personnel de maintenance autoris par Radware, sauf si
Radware a donn son consentement crit ce que de telles rparations soient effectues par ces
personnes.
SAUF DANS LES CAS PREVUS CI-DESSUS, LENSEMBLE DES PRODUITS RADWARE (MATERIELS ET
LOGICIELS) SONT FOURNIS TELS QUELS ET TOUTES GARANTIES EXPRESSES OU IMPLICITES
SONT EXCLUES, EN CE COMPRIS, MAIS SANS SY RESTREINDRE, LES GARANTIES IMPLICITES DE
QUALITE MARCHANDE ET DADQUATION UNE UTILISATION PARTICULIRE.

Limitations on Warranty and Liability


The following limitations on warranty and liability are presented in English, French, and German.

Limitations on Warranty and Liability


IN NO EVENT SHALL RADWARE LTD. OR ANY OF ITS AFFILIATED ENTITIES BE LIABLE FOR ANY
DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDWARE AND
SOFTWARE) DESCRIBED IN THIS USER GUIDE, OR BY ANY DEFECT OR INACCURACY IN THIS USER
GUIDE ITSELF. THIS INCLUDES BUT IS NOT LIMITED TO ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION). THE ABOVE LIMITATIONS WILL APPLY EVEN IF RADWARE HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.

Limitations de la Garantie et Responsabilit


RADWARE LTD. OU SES ENTITIES AFFILIES NE POURRONT EN AUCUN CAS ETRE TENUES
RESPONSABLES DES DOMMAGES SUBIS DU FAIT DE LUTILISATION DES PRODUITS (EN CE
COMPRIS LES MATERIELS ET LES LOGICIELS) DECRITS DANS CE MANUEL DUTILISATION, OU DU
FAIT DE DEFAUT OU DIMPRECISIONS DANS CE MANUEL DUTILISATION, EN CE COMPRIS, SANS
TOUTEFOIS QUE CETTE ENUMERATION SOIT CONSIDEREE COMME LIMITATIVE, TOUS DOMMAGES
DIRECTS, INDIRECTS, ACCIDENTELS, SPECIAUX, EXEMPLAIRES, OU ACCESSOIRES (INCLUANT,
MAIS SANS SY RESTREINDRE, LA FOURNITURE DE PRODUITS OU DE SERVICES DE
REMPLACEMENT; LA PERTE DUTILISATION, DE DONNEES OU DE PROFITS; OU LINTERRUPTION
DES AFFAIRES). LES LIMITATIONS CI-DESSUS SAPPLIQUERONT QUAND BIEN MEME RADWARE A
ETE INFORMEE DE LA POSSIBLE EXISTENCE DE CES DOMMAGES. CERTAINES JURIDICTIONS
NADMETTANT PAS LES EXCLUSIONS OU LIMITATIONS DE GARANTIES IMPLICITES OU DE
RESPONSABILITE EN CAS DE DOMMAGES ACCESSOIRES OU INDIRECTS, LESDITES LIMITATIONS
OU EXCLUSIONS POURRAIENT NE PAS ETRE APPLICABLE DANS VOTRE CAS.

10

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Haftungs- und Gewhrleistungsausschluss


IN KEINEM FALL IST RADWARE LTD. ODER EIN IHR VERBUNDENES UNTERNEHMEN HAFTBAR FR
SCHDEN, WELCHE BEIM GEBRAUCH DES PRODUKTES (HARDWARE UND SOFTWARE) WIE IM
BENUTZERHANDBUCH BESCHRIEBEN, ODER AUFGRUND EINES FEHLERS ODER EINER
UNGENAUIGKEIT IN DIESEM BENUTZERHANDBUCH SELBST ENTSTANDEN SIND. DAZU GEHREN
UNTER ANDEREM (OHNE DARAUF BEGRENZT ZU SEIN) JEGLICHE DIREKTEN; IDIREKTEN; NEBEN;
SPEZIELLEN, BELEGTEN ODER FOLGESCHDEN (EINSCHLIESSLICH ABER NICHT BEGRENZT AUF
BESCHAFFUNG ODER ERSATZ VON WAREN ODER DIENSTEN, NUTZUNGSAUSFALL, DATEN- ODER
GEWINNVERLUST ODER BETRIEBSUNTERBRECHUNGEN). DIE OBEN GENANNTEN BEGRENZUNGEN
GREIFEN AUCH, SOFERN RADWARE AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS
HINGEWIESEN WORDEN SEIN SOLLTE. EINIGE RECHTSORDNUNGEN LASSEN EINEN AUSSCHLUSS
ODER EINE BEGRENZUNG STILLSCHWEIGENDER GARANTIEN ODER HAFTUNGEN BEZGLICH
NEBEN- ODER FOLGESCHDEN NICHT ZU, SO DASS DIE OBEN DARGESTELLTE BEGRENZUNG ODER
DER AUSSCHLUSS SIE UNTER UMSTNDEN NICHT BETREFFEN WIRD.

Safety Instructions
The following safety instructions are presented in English, French, and German.

Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE


The following figure is the warning for Radware platforms with dual power supplies.

Document ID: RDWR-APSV-V034000_UG1512

11

APSolute Vision User Guide

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:


This unit has more than one power supply. Disconnect all power supplies before maintenance to
avoid electric shock.
SERVICING
Do not perform any servicing other than that contained in the operating instructions unless you are
qualified to do so. There are no serviceable parts inside the unit.
HIGH VOLTAGE
Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided
as much as possible and, when inevitable, must be carried out only by a skilled person who is aware
of the hazard involved.
Capacitors inside the instrument may still be charged even if the instrument has been disconnected
from its source of supply.
GROUNDING
Before connecting this device to the power line, the protective earth terminal screws of this device
must be connected to the protective earth in the building installation.
LASER
This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 +
A2:2001 Standard.
FUSES
Make sure that only fuses with the required rated current and of the specified type are used for
replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided.
Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be
made inoperative and be secured against any unintended operation.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.
SPECIFICATION CHANGES
Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
SPECIAL NOTICE FOR NORTH AMERICAN USERS

12

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:

If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.

If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.

This marking or statement includes the following text warning:


CAUTION
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Caution To Reduce the Risk of Electrical Shock and Fire
1. This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2. All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.
4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6. Do not operate the device in a location where the maximum ambient temperature exceeds
40C/104F.
7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001

Document ID: RDWR-APSV-V034000_UG1512

13

APSolute Vision User Guide

AC units for Denmark, Finland, Norway, Sweden (marked on product):

Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!

Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla


varustettuun pistorasiaan

Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt

Unit is intended for connection to IT power systems for Norway only.

Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.

To connect the power connection:


1.

Connect the power cable to the main socket, located on the rear panel of the device.

2.

Connect the power cable to the grounded AC outlet.

CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.

Instructions de scurit
AVERTISSEMENT
Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.
En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et dincendie,
chaque procdure impliquant louverture des panneaux ou le remplacement de composants sera
excute par du personnel qualifi.
Pour rduire les risques dincendie et de chocs lectriques, dconnectez le dispositif du bloc
dalimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre ltiquette davertissement appose sur les plateformes Radware dotes
de plus dune source dalimentation lectrique.

Figure 3: tiquette davertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES DALIMENTATION


LECTRIQUE (EN CHINOIS)
La figure suivante reprsente ltiquette davertissement pour les plateformes Radware dotes de
deux sources dalimentation lectrique.

14

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Figure 4: Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois)

Traduction de la Avertissement de scurit pour les systmes dotes de deux sources dalimentation
lectrique (en chinois):
Cette unit est dote de plus dune source dalimentation lectrique. Dconnectez toutes les sources
dalimentation lectrique avant dentretenir lappareil ceci pour viter tout choc lectrique.
ENTRETIEN
Neffectuez aucun entretien autre que ceux rpertoris dans le manuel dinstructions, moins dtre
qualifi en la matire. Aucune pice lintrieur de lunit ne peut tre remplace ou rpare.
HAUTE TENSION
Tout rglage, opration dentretien et rparation de linstrument ouvert sous tension doit tre vit.
Si cela savre indispensable, confiez cette opration une personne qualifie et consciente des
dangers impliqus.
Les condensateurs au sein de lunit risquent dtre chargs mme si lunit a t dconnecte de la
source dalimentation lectrique.
MISE A LA TERRE
Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de
cette unit doivent tre relies au systme de mise la terre du btiment.
LASER
Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en
remplacement. Lusage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre
vits. Lorsquil est pratiquement certain que la protection offerte par les fusibles a t dtriore,
linstrument doit tre dsactiv et scuris contre toute opration involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source
dalimentation correspond aux exigences de linstrument. Consultez les spcifications propres
lalimentation nominale correcte du dispositif.
Les plateformes alimentes en 48 CC ont une tolrance dentre comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.
Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS

Document ID: RDWR-APSV-V034000_UG1512

15

APSolute Vision User Guide

Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon dalimentation


homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni dune prise moule son extrmit,
de 125 V, [10 A], dune longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion europenne, choisissez un cordon dalimentation mondialement homologu et marqu
<HAR>, 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La
prise lextrmit du cordon, sera dote dun sceau moul indiquant: 250 V, 3 A.
ZONE A ACCS RESTREINT
Lquipement aliment en CC ne pourra tre install que dans une zone accs restreint.
CODES DINSTALLATION
Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du
Nord, lquipement sera install en conformit avec le code lectrique national amricain, articles
110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12.
INTERCONNEXION DES UNTES
Les cbles de connexion lunit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou
DP-2. (Remarque- sils ne rsident pas dans un circuit LPS).
PROTECTION CONTRE LES SURCHARGES
Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
tre intgr au cblage du btiment pour chaque puissance consomme.
BATTERIES REMPLAABLES
Si lquipement est fourni avec une batterie, et quelle est remplace par un type de batterie
incorrect, elle est susceptible dexploser. Cest le cas pour certaines batteries au lithium, les
lments suivants sont donc applicables:

Si la batterie est place dans une zone daccs oprateur, une marque est indique sur la
batterie ou une remarque est insre, aussi bien dans les instructions dexploitation que
dentretien.

Si la batterie est place ailleurs dans lquipement, une marque est indique sur la batterie ou
une remarque est insre dans les instructions dentretien.

Cette marque ou remarque inclut lavertissement textuel suivant:


AVERTISSEMENT
RISQUE DEXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT.
METTRE AU REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS.
Attention - Pour rduire les risques de chocs lectriques et dincendie
1.

Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du
circuit lectrique CC et lquipement de mise la terre. Voir les instructions dinstallation.

2.

Tout entretien sera entrepris par du personnel qualifi. Aucune pice lintrieur de lunit ne
peut tre remplace ou rpare.

3.

NE branchez pas, nallumez pas ou nessayez pas dutiliser une unit manifestement
endommage.

4.

Vrifiez que lorifice de ventilation du chssis dans lunit nest PAS OBSTRUE.

5.

Remplacez le fusible endommag par un modle similaire de mme puissance, tel quindiqu sur
ltiquette de scurit adjacente larrive lectrique hbergeant le fusible.

6.

Ne faites pas fonctionner lappareil dans un endroit, o la temprature ambiante dpasse la


valeur maximale autorise. 40C/104F.

7.

Dbranchez le cordon lectrique de la prise murale AVANT dessayer de retirer et/ou de vrifier
le fusible dalimentation principal.

PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001

16

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit):

Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les
dviations du Danemark. Le cordon inclut un conducteur de mise la terre. Lunit sera
branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas
utilises!

Finlande (tiquette et inscription dans le manuel) - Laite on liitettv


suojamaadoituskoskettimilla varustettuun pistorasiaan

Norvge (tiquette et inscription dans le manuel) - Apparatet m tilkoples jordet stikkontakt

Lunit peut tre connecte un systme lectrique IT (en Norvge uniquement).

Sude (tiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.

Pour brancher lalimentation lectrique:


1. Branchez le cble dalimentation la prise principale, situe sur le panneau arrire de lunit.
2. Connectez le cble dalimentation la prise CA mise la terre.
AVERTISSEMENT
Risque de choc lectrique et danger nergtique. La dconnexion dune source dalimentation
lectrique ne dbranche quun seul module lectrique. Pour isoler compltement lunit, dbranchez
toutes les sources dalimentation lectrique.
ATTENTION
Risque de choc et de danger lectriques. Le dbranchement dune seule alimentation stabilise ne
dbranche quun module Alimentation Stabilise. Pour Isoler compltement le module en cause, il
faut dbrancher toutes les alimentations stabilises.
Attention: Pour Rduire Les Risques dlectrocution et dIncendie
1. Toutes les oprations dentretien seront effectues UNIQUEMENT par du personnel dentretien
qualifi. Aucun composant ne peut tre entretenu ou remplace par lutilisateur.
2. NE PAS connecter, mettre sous tension ou essayer dutiliser une unit visiblement dfectueuse.
3. Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES.
4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme
capacit, comme indiqu sur ltiquette de scurit proche de lentre de lalimentation qui
contient le fusible.
5. NE PAS UTILISER lquipement dans des locaux dont la temprature maximale dpasse 40
degrs Centigrades.
6. Assurez vous que le cordon dalimentation a t dconnect AVANT dessayer de lenlever et/ou
vrifier le fusible de lalimentation gnrale.

Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von
qualifiziertem Servicepersonal durchgefhrt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.

Document ID: RDWR-APSV-V034000_UG1512

17

APSolute Vision User Guide

Figure 5: Warnetikett Stromschlaggefahr

SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG


Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.

Figure 6: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung

bersetzung von Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung:


Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von
Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab.
WARTUNG
Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei
denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile.
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter
Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie
ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn
das Gert von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der
Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.
LASER
Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der
angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das
Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der
Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben
bezglich der korrekten elektrischen Werte des Gertes.

18

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC.


NDERUNGEN DER TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA
Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [10 A],
mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische
Anschlsse verwenden Sie ein international harmonisiertes, mit <HAR> markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker fr 250 V, 3 A enden.
BEREICH MIT EINGESCHRNKTEM ZUGANG
Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
BERSTROMSCHUTZ
Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr
jede Stromeingabe in der Gebudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen
falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:

Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.

Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie
eine Markierung oder einer Erklrung in der Wartungsanleitung.

Diese Markierung oder Erklrung enthlt den folgenden Warntext:


VORSICHT
EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT
WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.

Denmark - Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in


Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine
geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!

Finland - (Markierungsetikett und im Handbuch) - Laite on liitettv


suojamaadoituskoskettimilla varustettuun pistorasiaan

Document ID: RDWR-APSV-V034000_UG1512

19

APSolute Vision User Guide

Norway - (Markierungsetikett und im Handbuch) - Apparatet m tilkoples jordet stikkontakt


Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen

Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.

Anschluss des Stromkabels:


1.

Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.

2.

Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.

VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1.

Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe
Montageanleitung.

2.

Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt


werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile.

3.

Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen,
einzuschalten oder zu betreiben.

4.

Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT
SIND.

5.

Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der
selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehuse.

6.

Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung
40C berschreitet.

7.

Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prfen.

Electromagnetic-Interference Statements
The following statements are presented in English, French, and German.

Electromagnetic-Interference Statements
SPECIFICATION CHANGES
Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS

20

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Figure 7: Statement for Class A VCCI-certified Equipment

Translation of Statement for Class A VCCI-certified Equipment:


This is a Class A product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this equipment is used in a domestic environment,
radio disturbance may occur, in which case, the user may be required to take corrective actions.
KCC KOREA

Figure 8: KCCKorea Communications Commission Certificate of Broadcasting and


Communication Equipment

Figure 9: Statement For Class A KCC-certified Equipment in Korean

Translation of Statement For Class A KCC-certified Equipment in Korean:


This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user
should take notice of it, and this equipment is to be used in the places except for home.
BSMI

Figure 10: Statement for Class A BSMI-certified Equipment

Translation of Statement for Class A BSMI-certified Equipment:


This is a Class A product, in use in a residential environment, it may cause radio interference in
which case the user will be required to take adequate measures.

Dclarations sur les Interfrences lectromagntiques


MODIFICATIONS DES SPCIFICATIONS
Les spcifications sont sujettes changement sans notice pralable.

Document ID: RDWR-APSV-V034000_UG1512

21

APSolute Vision User Guide

Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil
numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une
protection raisonnable contre les interfrences nuisibles, lorsque lquipement est utilis dans un
environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et,
sil nest pas install et utilis conformment au manuel dinstructions, peut entraner des
interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une
zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas lutilisateur
devra corriger le problme ses propres frais.
DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI

Figure 11: Dclaration pour lquipement de classe A certifi VCCI

Traduction de la Dclaration pour lquipement de classe A certifi VCCI:


Il sagit dun produit de classe A, bas sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement
domestique, des perturbations radiolectriques sont susceptibles dapparatre. Si tel est le cas,
lutilisateur sera tenu de prendre des mesures correctives.
KCC Core

Figure 12: KCCCertificat de la commission des communications de Core pour les equipements de
radiodiffusion et communication.

Figure 13: Dclaration pour lquipement de classe A certifi KCC en langue corenne

Translation de la Dclaration pour lquipement de classe A certifi KCC en langue corenne:


Cet quipement est un matriel (classe A) en adquation aux ondes lectromagntiques et le
vendeur ou lutilisateur doit prendre cela en compte. Ce matriel est donc fait pour tre utilis
ailleurs qu la maison.
BSMI

22

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

Figure 14: Dclaration pour lquipement de classe A certifi BSMI

Translation de la Dclaration pour lquipement de classe A certifi BSMI:


Il sagit dun produit de Classe A; utilis dans un environnement rsidentiel il peut provoquer des
interfrences, lutilisateur devra alors prendre les mesures adquates.

Erklrungen zu Elektromagnetischer Interferenz


NDERUNGEN DER TECHNISCHEN ANGABEN
nderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der
Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung.
Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb
des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn
beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu
schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ

Figure 15: Erklrung zu VCCI-zertifizierten Gerten der Klasse A

bersetzung von Erklrung zu VCCI-zertifizierten Gerten der Klasse A:


Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt,
knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer
verpflichtet, korrigierend einzugreifen.
KCC KOREA

Figure 16: KCCKorea Communications Commission Zertifikat fr Rundfunk-und


Nachrichtentechnik

Document ID: RDWR-APSV-V034000_UG1512

23

APSolute Vision User Guide

Figure 17: Erklrung zu KCC-zertifizierten Gerten der Klasse A

bersetzung von Erklrung zu KCC-zertifizierten Gerten der Klasse A:


Verkufer oder Nutzer sollten davon Kenntnis nehmen, da dieses Gert der Klasse A fr industriell
elektromagnetische Wellen geeignete Gerten angehrt und dass diese Gerte nicht fr den
heimischen Gebrauch bestimmt sind.
BSMI

Figure 18: Erklrung zu BSMI-zertifizierten Gerten der Klasse A

bersetzung von Erklrung zu BSMI-zertifizierten Gerten der Klasse A:


Dies ist ein Class A Produkt, bei Gebrauch in einer Wohnumgebung kann es zu Funkstrungen
kommen, in diesem Fall ist der Benutzer verpflichtet, angemessene Manahmen zu ergreifen.

Altitude and Climate Warning


This warning only applies to The Peoples Republic of China.
1.

Tma 25C

2.

2000m

2000m
DD
2000m

DD
DD.1

24

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide

2000m 2000m

DD.2

Document Conventions
The following describes the conventions and symbols that this guide uses:

Item

Description

Description

Beschreibung

An example scenario

Un scnario dexemple

Ein Beispielszenarium

Possible damage to
equipment, software, or
data

Endommagement
Mgliche Schden an
possible de lquipement, Gert, Software oder
des donnes ou du
Daten
logiciel

Additional information

Informations
complmentaires

Zustzliche
Informationen

A statement and
instructions

Rfrences et
instructions

Eine Erklrung und


Anweisungen

A suggestion or
workaround

Une suggestion ou
solution

Ein Vorschlag oder eine


Umgehung

Example

Caution:

Note:

To

Tip:
Possible physical harm to Blessure possible de
the operator
loprateur

Verletzungsgefahr des
Bedieners

Warning:

Document ID: RDWR-APSV-V034000_UG1512

25

APSolute Vision User Guide

26

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

Table of Contents
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Standard Warranty ........................................................................................................ 9
Limitations on Warranty and Liability ........................................................................... 10
Safety Instructions ....................................................................................................... 11
Electromagnetic-Interference Statements ................................................................... 20
Altitude and Climate Warning ...................................................................................... 24
Document Conventions ............................................................................................... 25

Chapter 1 Introduction to APSolute Vision ....................................................... 39


What is APSolute Vision? ............................................................................................ 39
APSolute Vision Three-Tier Architecture ..................................................................... 40
Overview of APSolute Vision Features ........................................................................ 41
Online Device Configuration ................................................................................................
Monitoring of Managed Devices and Services ....................................................................
Operation Control and Maintenance ....................................................................................
Device Drivers .....................................................................................................................
Scheduled Tasks .................................................................................................................
Auditing and Alerts ...............................................................................................................
User Management and Role-based Access Control (RBAC) ..............................................
APSolute Vision Platform Security .......................................................................................
APSolute Vision Platform Management ...............................................................................
Supported Form Factors for Alteon and LinkProof NG ........................................................
Device Performance Monitoring for Alteon and LinkProof NG ............................................
Application Performance Monitor for Alteon and LinkProof NG ...........................................
Application SLA Dashboard .................................................................................................
vDirect with APSolute Vision ...............................................................................................
DefensePro Configuration Templates ..................................................................................
Real-Time Security Reporting for DefensePro ....................................................................
Historical Security Reporting for DefensePro and AppWallAPSolute Vision Reporter ....
DefensePipe Access ............................................................................................................
DefenseFlow Access ...........................................................................................................
Security Control Center .......................................................................................................
APSolute Vision Online Help ...............................................................................................
Language Support (Localization) .........................................................................................

42
42
42
43
43
43
44
44
44
44
45
45
45
45
46
46
46
47
47
47
47
48

APSolute Vision Interface Navigation .......................................................................... 48


APSolute Vision Settings View ............................................................................................
Device-Properties Hover Popup ..........................................................................................
Settings ViewPreferences Perspective ............................................................................
Settings ViewDashboards Perspective ............................................................................
Settings ViewSystem Perspective ...................................................................................

Document ID: RDWR-APSV-V034000_UG1512

48
50
50
50
51

27

APSolute Vision User Guide


Table of Contents

Device Pane ........................................................................................................................


Configuration Perspective ...................................................................................................
Monitoring Perspective ........................................................................................................
Security Monitoring Perspective ..........................................................................................

51
53
55
56

Chapter 2 Getting Started with APSolute Vision .............................................. 59


Initializing the APSolute Vision Server ....................................................................... 59
Recommended Basic Security Procedures ................................................................ 61
Restricting Root Access ......................................................................................................
Restricting APSolute Vision CLI Access .............................................................................
Restricting Web Access to the APSolute Vision Server ......................................................
Restricting Web Access by Radware Technical Support ....................................................

61
61
61
62

APSolute Vision WBM Requirements ......................................................................... 62


APSolute Vision WBM Requirements .................................................................................
Application Performance Monitoring Requirements ............................................................
APSolute Vision Reporter Requirements ............................................................................
Device Performance Monitor Requirements .......................................................................

62
63
63
63

Logging into APSolute Vision ..................................................................................... 63


Changing Passwords for Local Users ........................................................................ 64
Selecting Your Landing Page ..................................................................................... 65
After Initial Configuration of APSolute Vision ............................................................. 66
Using Common GUI Elements in APSolute Vision ..................................................... 66
Icons/Buttons and Commands for Managing Table Entries ................................................ 66
Filtering Table Rows ............................................................................................................ 67

Chapter 3 Managing APSolute Vision Users..................................................... 69


Logging In as the Default Administrator Userradware User ................................... 69
Role-Based Access Control (RBAC) .......................................................................... 70
Configuring General User Settings ............................................................................. 77
Configuring Local Users for APSolute Vision ............................................................. 79
Adding and Editing Users ....................................................................................................
Deleting Users .....................................................................................................................
Releasing User Lockout ......................................................................................................
Resetting User Passwords to the Default ............................................................................
Revoking and Enabling Users .............................................................................................

81
84
84
84
85

Viewing Predefined Roles .......................................................................................... 85


Viewing User Statistics ............................................................................................... 86
APSolute Vision Password Requirements .................................................................. 86

Chapter 4 Managing and Monitoring the APSolute Vision System................. 87


Monitoring APSolute VisionOverview ..................................................................... 87
Managing APSolute Vision Basic Information and Properties .................................... 88

28

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

Configuring Connectivity Parameters for Server Connections .................................... 91


Configuring Settings for Alerts ..................................................................................... 95
Configuring Settings for the Alerts Pane .............................................................................. 95
Selecting Parameters to Include in Security Alerts ........................................................... 100

Configuring Monitoring Settings ............................................................................... 101


Configuring APSolute Vision Server Alarm Thresholds ............................................ 102
Configuring Connections to Authentication Servers ................................................. 103
Configuring RADIUS Server Connections ........................................................................ 103
Configuring TACACS+ Server Connections ..................................................................... 107

Managing Device Drivers ......................................................................................... 112


Configuring APSolute Vision Reporter Parameters .................................................. 116
Managing APSolute Vision Licenses and Viewing Capacity Utilization .................... 117
Managing APM in APSolute Vision .......................................................................... 118
Viewing Information on the APM-Enabled Devices .......................................................... 121

Configuring DefensePipe Settings ............................................................................ 122


Configuring APSolute Vision Server Advanced Parameters .................................... 122
Configuring APSolute Vision Display Parameters .................................................... 124
Managing APSolute Vision Maintenance Files ......................................................... 126
Managing Stored Device Configuration/Backup Files .............................................. 126
Controlling APSolute Vision Operations ................................................................... 128

Chapter 5 Setting Up Your Network and Basic Device Configuration .......... 129
Device PaneSites, Clusters, and Physical Containers ......................................... 129
Configuring Sites ...................................................................................................... 130
Adding and Removing Devices ................................................................................ 131
Managing Devices and Device Properties ................................................................ 133
APSolute Vision Server Registered for Device EventsAlteon and LinkProof NG . 144
APSolute Vision Server Registered for Device EventsDefensePro ..................... 145
Locking and Unlocking Devices ................................................................................ 145
Managing DefensePro Clusters for High Availability ................................................ 146
High-Availability in DefenseProOverview .....................................................................
Configuring High-Availability Clusters ...............................................................................
Monitoring DefensePro Clusters .......................................................................................
Synchronizing High-Availability Devices and Switching the Device States ......................

147
149
150
151

Using the Multi-Device View and the Multiple Devices Summary ............................ 152
After You Set Up Your Managed Devices ................................................................ 153

Chapter 6 Managing Device Operations and Maintenance ............................ 155


Rebooting and Shutting Down Managed Devices .................................................... 155
Configuring Multiple Devices .................................................................................... 156

Document ID: RDWR-APSV-V034000_UG1512

29

APSolute Vision User Guide


Table of Contents

Using the Diff Feature ............................................................................................... 157


Device-Configuration Management (Global Commands) for Alteon and LinkProof NG ...
158

Upgrading DefensePro Device Software .................................................................. 161


Downloading a DefensePro Log File to the APSolute Vision Client ......................... 162
Updating a Radware Signature File or RSA Signature File in DefensePro Devices

162

Downloading a DefensePro Technical Support File ................................................. 164


Managing DefensePro Configurations ...................................................................... 164
DefensePro Configuration File Content ............................................................................. 164
Downloading a Device-Configuration File ......................................................................... 165
Restoring a Device Configuration ...................................................................................... 166

Updating DefensePro Policy Configurations ............................................................ 166

Chapter 7 Using Templates in APSolute Vision.............................................. 169


Using DefensePro Templates ................................................................................... 169
Using AppShape Templates and Instances ............................................................. 176
Configuring a Common Web Application AppShape Instance ..........................................
Configuring a DefenseSSL AppShape Instance ...............................................................
Configuring a Microsoft Exchange 2010 AppShape Instance ...........................................
Configuring a Microsoft Exchange 2013 AppShape Instance ...........................................
Configuring a Microsoft Lync External AppShape Instance ..............................................
Configuring a Microsoft Lync Internal AppShape Instance ...............................................
Configuring an Oracle E-Business AppShape Instance ....................................................
Configuring an Oracle SOA Suite 11g AppShape Instance ..............................................
Configuring an Oracle WebLogic 12c AppShape Instance ...............................................
Configuring a SharePoint 2010 AppShape Instance .........................................................
Configuring a SharePoint 2013 AppShape Instance .........................................................
Configuring an VMware View 5.1 AppShape Instance ......................................................
Configuring a Zimbra AppShape Instance ........................................................................

180
182
184
188
192
196
199
201
204
206
208
210
212

Using Administrative Scripts ..................................................................................... 214


Guidelines for Writing Administrative Scripts .................................................................... 216
Running an Administrative Script from the Administrative Scripts Tab ............................. 220

Chapter 8 Scheduling APSolute Vision and Device Tasks ............................ 221


Overview of Scheduling ............................................................................................ 221
Managing Tasks in the Scheduler ............................................................................ 222
Task Parameters ...................................................................................................... 223
APSolute Vision Configuration BackupParameters ......................................................
APSolute Vision Reporter BackupParameters ..............................................................
Update Security Signature FilesParameters .................................................................
Update RSA Security SignatureParameters .................................................................
Update Attack Description FileParameters ...................................................................
Device Configuration BackupParameters .....................................................................

30

224
226
228
230
231
232

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

Device Reboot TaskParameters ................................................................................... 234


DefensePro Configuration Templates TaskParameters ............................................... 236

Chapter 9 Managing Auditing and Alerts......................................................... 241


APSolute Vision Auditing .......................................................................................... 241
Enabling Configuration Auditing for Managed Devices ............................................ 242
Managing Alerts ....................................................................................................... 242
Events Handled in the Alerts Pane ...................................................................................
Alert Information ...............................................................................................................
Displaying Alert Information ..............................................................................................
Filtering Alerts ...................................................................................................................
Configuring Preferences for the Alerts Pane ....................................................................

242
244
246
248
249

Chapter 10 Monitoring Alteon with the Dashboard and Service Status View .....
251

Monitoring Alteon with the Dashboard ...................................................................... 251


System View Dashboard of the Alteon Standalone and Alteon VA Platforms ..................
System View Dashboard of the Alteon vADC Platform ....................................................
System View Dashboard for the Alteon ADC-VX Platform ...............................................
vADCs View Dashboard for Alteon ADC-VX ....................................................................

252
254
255
257

Monitoring Alteon with the Application Delivery View ............................................... 258


Monitoring Alteon with the Service Status View ....................................................... 259

Chapter 11 Monitoring the Alteon System....................................................... 265


Monitoring General Information ................................................................................ 265
CPU Utilization ......................................................................................................... 266
Monitoring Capacity .................................................................................................. 268
Monitoring System Capacity ............................................................................................. 268
Monitoring Network Capacity ............................................................................................ 269
Monitoring Application Delivery Capacity ......................................................................... 270

Maintenance ............................................................................................................. 272

Chapter 12 Monitoring the Alteon Network ..................................................... 277


Monitoring and Controlling Physical Ports ................................................................ 277
Monitoring Layer 2 .................................................................................................... 278
Monitoring FDB ................................................................................................................. 278
Monitoring STG ................................................................................................................. 280

Monitoring Layer 3 .................................................................................................... 280


Monitoring Gateways ........................................................................................................ 281
Monitoring Routes ............................................................................................................. 281
Monitoring Learned MACs (or IP FDB) ............................................................................. 282

Document ID: RDWR-APSV-V034000_UG1512

31

APSolute Vision User Guide


Table of Contents

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier ............................... 285
Monitoring Interfaces ......................................................................................................... 286

Monitoring High Availability ...................................................................................... 286


Monitoring High Availability in Alteon Version 30.1 ........................................................... 287
Monitoring High Availability for Alteon Version 30.2 and Later ......................................... 289

Chapter 13 Monitoring Alteon Application Delivery ....................................... 293


Clearing Non-operating SLB Statistics ..................................................................... 293
Monitoring and Controlling Virtual Service ............................................................... 293
Monitoring and Controlling Real Servers ........................................................................... 294

Monitoring and Controlling Server Groups ............................................................... 296


Monitoring and Controlling Virtual Servers ............................................................... 298
View a FastView Web Application ............................................................................ 301
Monitoring and Controlling APM ............................................................................... 302
Monitoring AppShape++ Statistics ........................................................................... 302
Monitoring and Controlling Application Services ...................................................... 303
Monitoring and Controlling HTTP ..................................................................................... 303

Monitoring and Controlling SSL ................................................................................ 309


Managing SSL Client Authentication and the OCSP /CDP Cache .................................... 309

Monitoring and Managing Filters .............................................................................. 309


Monitoring LinkProof ................................................................................................. 310
Monitoring WAN Links ...................................................................................................... 310
Monitoring WAN Link Groups ............................................................................................ 311
Monitoring Proximity .......................................................................................................... 311

Chapter 14 Monitoring and Controlling Alteon vADC .................................... 313


Chapter 15 Using the Device Performance Monitor ....................................... 315
DPM Overview .......................................................................................................... 315
Opening the Device Performance Monitor ............................................................... 316
Device Performance Monitor Main Interface ............................................................ 316
Displaying and Filtering Sites and Devices .............................................................. 318
Viewing and Managing Reports ................................................................................ 318
Viewing Reports ................................................................................................................ 318
Opening the Filter Window ................................................................................................ 319

Exporting Reports ..................................................................................................... 319


Supported Report Categories ................................................................................... 320
ADC/vADC Reports ........................................................................................................... 320
Application Reports ........................................................................................................... 325
Real Server Reports .......................................................................................................... 329

32

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

Port Reports ...................................................................................................................... 331


VX Reports ....................................................................................................................... 333

Viewing Dashboards for Single Standalone and vADC Devices .............................. 335
Displaying the Dashboard and Managing the Display ...................................................... 336

Dashboard Components for Single Standalone and vADC Devices ........................ 336
Viewing the Dashboard for ADC-VX Devices ........................................................... 338
Displaying the VX Dashboard and Managing the Display ................................................ 338

Dashboard Components for VX Devices .................................................................. 339


Viewing Dashboards for Multiple Standalone and vADC Devices ............................ 340
Displaying the Multi-Device Dashboard and Managing the Display ................................. 340

Multi-Device Dashboard Components ...................................................................... 341

Chapter 16 Monitoring and Controlling the DefensePro Operational Status 343


Monitoring the General DefensePro Device Information .......................................... 343
Monitoring and Controlling DefensePro Device Ports and Trunks ........................... 344
Monitoring DefensePro High Availability .................................................................. 346
Monitoring DefensePro Resource Utilization ............................................................ 348
Monitoring DefensePro CPU Utilization ............................................................................
Monitoring and Clearing DefensePro Authentication Tables ............................................
Monitoring DME Utilization According to Configured Policies ..........................................
Monitoring DefensePro Syslog Information ......................................................................

348
350
351
352

Monitoring Cisco Security Group Tags (SGTs) ........................................................ 353

Chapter 17 Monitoring DefensePro Statistics ................................................. 355


Monitoring DefensePro SNMP Statistics .................................................................. 355
Monitoring DefensePro Bandwidth Management Statistics ...................................... 356
Displaying the Last-Second BWM Statistics for a Selected DefensePro Device .............. 356
Displaying the Last-Period BWM Statistics for a Selected DefensePro Device ............... 357

Monitoring DefensePro IP Statistics ......................................................................... 358

Chapter 18 Monitoring and Managing DefensePro Diagnostics ................... 361


Configuring Diagnostic Tool Parameters .................................................................. 361
Configuring Diagnostics Policies .............................................................................. 362
Managing Capture Files ........................................................................................... 363

Chapter 19 Monitoring and Controlling DefensePro Networking.................. 365


Monitoring and Controlling the DefensePro Session Table ...................................... 365
Monitoring Session Table Information .............................................................................. 365
Configuring DefensePro Session Table Filters ................................................................ 366

Monitoring Routing Table Information ...................................................................... 367


Monitoring DefensePro ARP Table Information ....................................................... 368

Document ID: RDWR-APSV-V034000_UG1512

33

APSolute Vision User Guide


Table of Contents

Monitoring MPLS RD Information ............................................................................. 369


Monitoring the DefensePro Suspend Table .............................................................. 369
Monitoring Tunnel Interfaces .................................................................................... 370
Monitoring BGP Peers .............................................................................................. 371

Chapter 20 Monitoring and Controlling DefenseFlow Operation .................. 373


Operation .......................................................................................................................... 373
System .............................................................................................................................. 379

Chapter 21 Using Real-Time Security Monitoring .......................................... 381


Using Real-Time Security Monitoring with DefensePro and DefenseFlow ............... 381
Risk Levels ........................................................................................................................
Using the Dashboard Views for Real-Time Security Monitoring .......................................
Viewing Real-Time Traffic Reports ....................................................................................
Protection Monitoring ........................................................................................................
HTTP Reports ...................................................................................................................

382
382
408
417
424

Using Real-Time Security Monitoring with AppWall and Alteon ............................... 427
Monitoring Security Events ................................................................................................ 427
Monitoring Attack Distribution ............................................................................................ 431

Chapter 22 Using the APSolute Vision Dashboards ...................................... 433


Using the Application SLA Dashboard ..................................................................... 433
Using the Security Control Center ............................................................................ 436
DefensePro Information in the Security Control Center ....................................................
DefenseFlow Information in the Security Control Center ..................................................
AppWall Information in the Security Control Center ..........................................................
APSolute Vision Reporter Information in the Security Control Center ..............................
Emergency Response Team Information in the Security Control Center ..........................
DefensePipe Information in the Security Control Center ...................................................
Radware Signature-Update-Service (SUS) Information in the Security Control Center ....
RSA Security Signatures Information in the Security Control Center ................................

437
437
438
438
438
438
439
440

Chapter 23 APSolute Vision CLI Commands .................................................. 441


Accessing APSolute Vision CLI ................................................................................ 441
Command Syntax Conventions ................................................................................ 442
Main CLI Menu ......................................................................................................... 442
General CLI Commands ........................................................................................... 443
exit .....................................................................................................................................
help ...................................................................................................................................
history ................................................................................................................................
ping ...................................................................................................................................
reboot ................................................................................................................................
shutdown ...........................................................................................................................

34

443
443
444
444
444
444

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

grep ................................................................................................................................... 444


more .................................................................................................................................. 445

Network Configuration Commands ........................................................................... 445


Network DNS Commands .................................................................................................
Net Firewall Commands ...................................................................................................
Network IP Interface Commands ......................................................................................
Network NAT Commands .................................................................................................
Network Physical Interface Commands ............................................................................
Network Routing Commands ............................................................................................

445
447
447
449
450
451

System Commands .................................................................................................. 452


System APM Commands ..................................................................................................
system audit-log export .....................................................................................................
System APSolute Vision Server Commands ....................................................................
System Backup Commands .............................................................................................
system cleanup .................................................................................................................
System Database Commands ..........................................................................................

453
453
454
455
469
469

Chapter 24 Using vDirect with APSolute Vision ............................................. 495


vDirect-APSolute Vision IntegrationOverview ...................................................... 495
Accessing the vDirect Configuration Interface of the APSolute Vision Server ......... 495
Managing Devices in APSolute Vision with vDirect .................................................. 496
APSolute Vision and vDirect Terminology ........................................................................
APSolute Vision vDirect Sites ...........................................................................................
APSolute Vision vDirect Limitations ..................................................................................
Configuring a Container in vDirect ....................................................................................
Managing DefensePro Instances in APSolute Vision vDirect ...........................................

496
497
497
497
501

Appendix A Managing the Online-Help Package on the Server .................... 505


Appendix B APSolute Vision Database Views ................................................ 507
Using APSolute Vision Database Views ................................................................... 507
View Description and Relationships ......................................................................... 507
Security Attacks Tables .................................................................................................... 508
Traffic and Connection Tables .......................................................................................... 537
APSolute Vision Server Information Tables ...................................................................... 541

Real-time Data Retention and Aging ........................................................................ 544

Appendix C APSolute Vision Log Messages and Alerts ................................ 547


Global Parameters .................................................................................................... 548
Advanced Parameters .............................................................................................. 548
Alert Browser Settings .............................................................................................. 549
Connection Settings ................................................................................................. 550
Monitoring Settings ................................................................................................... 551

Document ID: RDWR-APSV-V034000_UG1512

35

APSolute Vision User Guide


Table of Contents

RADIUS Configuration .............................................................................................. 552


Security Alert Settings .............................................................................................. 553
TACACS+ Configuration Settings ............................................................................. 553
Warning Threshold Settings ..................................................................................... 554
SharePath Settings ................................................................................................... 555
APSolute Vision License Settings ............................................................................ 555
Upload Logo Settings ............................................................................................... 555
Security Group Settings ............................................................................................ 556
Device Operation Alerts ............................................................................................ 556
Audit Message Type Enum ...................................................................................... 558
HTTPS Communication Check ................................................................................. 559
RSA Update on the Device ....................................................................................... 560
Operation Constant .................................................................................................. 560
Audit Messages ........................................................................................................ 561
Alert Mail Notifier ...................................................................................................... 562
Scheduled Task Alerts .............................................................................................. 562
General ..................................................................................................................... 564
Alerts from CLI .......................................................................................................... 564
Device Configuration Audit Messages ...................................................................... 566
Hardware Alerts ........................................................................................................ 566

Appendix D MIBs for Monitoring APSolute Vision ........................................ 567


RFC1213 MIB Objects for Monitoring APSolute Vision ............................................ 568
Host Resources MIB Objects for Monitoring APSolute Vision .................................. 570
UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision ................................ 570
Trap Objects for Monitoring APSolute Vision ........................................................... 571

Appendix E AppShape-Generated Configurations......................................... 573


Common Web ApplicationAppShape-generated Configuration ........................... 573
DefenseSSLAppShape-generated Configuration ................................................. 575
Microsoft Exchange 2010AppShape-generated Configuration ............................ 576
Microsoft Exchange 2013AppShape-generated Configuration ............................ 579
Microsoft Link ExternalAppShape-generated Configuration ................................ 582
Microsoft Link InternalAppShape-generated Configuration .................................. 584
Oracle E-BusinessAppShape-generated Configuration ....................................... 593
Oracle SOA Suite 11gAppShape-generated Configuration ................................. 594
Oracle WebLogic 12cAppShape-generated Configuration .................................. 596
SharePoint 2010AppShape-generated Configuration .......................................... 598
SharePoint 2013AppShape-generated Configuration .......................................... 600

36

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Table of Contents

VMware View 5.1AppShape-generated Configuration ......................................... 601


ZimbraAppShape-generated Configuration .......................................................... 602

Appendix F APSolute Vision Specifications and Requirements ................... 607


System Capacity ....................................................................................................... 607
UDP/TCP Ports ........................................................................................................ 608
APSolute Vision Web Based Management Interface Requirements ........................ 609
APSolute Vision WBM Supported Operating Systems ..................................................... 610
APSolute Vision WBM Supported Browsers ..................................................................... 610

Application Performance Monitoring Requirements ................................................. 610


Device Performance Monitoring Requirements ........................................................ 610
APSolute Vision Reporter Requirements ................................................................. 610

Radware Ltd. End User License Agreement....................................................... 611

Document ID: RDWR-APSV-V034000_UG1512

37

APSolute Vision User Guide


Table of Contents

38

Document ID: RDWR-APSV-V034000_UG1512

Chapter 1 Introduction to APSolute Vision


This guide is intended for users and administrators of APSolute Vision. The guide describes the
relevant aspects of APSolute Vision and how to use it.
The following topics introduce APSolute Vision:

What is APSolute Vision?, page 39

APSolute Vision Three-Tier Architecture, page 40

Overview of APSolute Vision Features, page 41

APSolute Vision Interface Navigation, page 48

For information about installing the APSolute Vision server and initial settings on the APSolute Vision
platform, see the APSolute Vision Installation and Maintenance Guide.

What is APSolute Vision?


Use APSolute Vision to manage, monitor, control, and enhance Radware application-delivery-control
(ADC) and security products, modules, and servicesincluding the following:

Alteon Alteon is an application delivery controller (ADC) and load balancer that guarantees
application SLA. For information about the required workflows for configuring application
delivery with Alteon, see the Alteon Application Switch Operating System Application Guide.

AppWall AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure
delivery of mission-critical Web applications. For more information on AppWall, see the AppWall
User Guide.

DefenseFlow DefenseFlow is a network-wide attack detection and cyber command and


control application designed to protect networks against known and emerging network attacks
that threaten network resources availability. For more information on DefenseFlow, see the
DefenseFlow User Guide.

DefensePro DefensePro is a real-time attack-mitigation device that protects organizations


against emerging network and application cyber-attacks. For information about the required
workflows for configuring network security with DefensePro, see the DefensePro User Guide.
APSolute Vision supports the following products, which are related to DefensePro:

Check Point DDoS ProtectorUnless stated otherwise in the APSolute Vision


documentation or the Check Point DDoS Protector Release Notes, the term DefensePro
refers also to the Check Point DDoS Protector product. For more information on Check Point
DDoS Protector, including limitations and different behavior, see the Check Point DDoS
Protector Release Notes, Check Point DDoS Protector User Guide, and the related Check
Point documentation.

DefensePro for Cisco Firepower 9300Unless described otherwise in the APSolute


Vision documentation, the term DefensePro refers also to the DefensePro for Cisco
Firepower 9300 product. For more information on DefensePro for Cisco Firepower 9300,
including limitations and different behavior, see the Cisco Firepower 9300 Release Notes and
the related Cisco documentation.

LinkProof NGLinkProof NG provides link load-balancing. For information about the basic
and advanced link load balancing and configuration of LinkProof NG, see the LinkProof NG User
Guide.

Document ID: RDWR-APSV-V034000_UG1512

39

APSolute Vision User Guide


Introduction to APSolute Vision
APSolute Vision provides:

A Role-Based Access Control (RBAC) systemAPSolute Visions RBAC provides granular


control and monitoring of various aspects for different users.

Online configuration per device and multiple-device configuration and toolsThese


include the following:

Support for AppShape templates, which automate and streamlines device configuration for
common applications.

Support for DefensePro Configuration Templates, which automate and streamline


configuration in various applications.

Management capabilitiesThese include the following:

Scheduling device control and maintenance tasks, such as, backup and restore, and so on.

Auditing

Viewing alerts and configuration messages (Alerts pane)

Device software management

Management of DefensePro templates for Network Protection and Server Protection policies

Monitoring and control of multiple devicesThis includes enabling and disabling entities
within a device. APSolute Vision can configure and monitor multiple devices in a single view.

Capability for Application Performance Monitoring (APM)On HTTP/HTTPS traffic flowing


through Alteon devices.

Device Performance Monitoring (DPM) on Alteon and LinkProof NG devicesWhen DPM


is enabled, the device listens for requests for its performance data and sends the data to
APSolute Vision. APSolute Vision processes the data and can display the information in the
Device Performance Monitoring Web interface. The DPM Web interface includes alerts,
dashboards with current monitoring data, and reports with historical data.

Security reporting and statisticsAt the device level, and on logical entities within a device.
For real-time and historical security reporting, APSolute Vision can also provide device and
multi-device reports for immediate problem isolation, convenient attack and status visibility, and
information drill-down.

vDirect supportRadwares vDirect is a software-based plug-in that integrates Radwares


ADC and security products with networking virtualization and automation solutions.

REST API supportAPSolute Vision exposes a REST API for all functionality supported by the
APSolute Vision WBM, including configuration, monitoring, and security reporting.

APSolute Vision Three-Tier Architecture


APSolute Vision is a three-tier management system with client, server and device tiers. APSolute
Vision server can run as a standalone physical appliance or as a virtual appliance (VA). The client
tier does not connect to devices directly.
The client tier does the following:

Runs as a Web application on a PC browser and provides a graphical user interface with separate
perspectives for configuration, monitoring and control, and security monitoring.

Transmits user requests to the server tier and displays the results in the APSolute Vision
interface in an intuitive and easy-to-read format.

40

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision
The server tier does the following:

Runs on the APSolute Vision platform

Processes user commands

Transmits and stores data from other tiers

Makes logical decisions and performs calculations

Performs user authentication and authorization

Communicates with the managed devices

Collects statistics and generates reports

Collects alerts and messages from managed devices

The network physical or virtual device tier enables management of the collection of network
elements connected to APSolute Vision, which includes the following:

Alteon

AppWall

DefensePro

LinkProof NG

Overview of APSolute Vision Features


This section provides an overview of APSolute Visions main features:

Online Device Configuration, page 42

Monitoring of Managed Devices and Services, page 42

Operation Control and Maintenance, page 42

Device Drivers, page 43

Scheduled Tasks, page 43

Auditing and Alerts, page 43

User Management and Role-based Access Control (RBAC), page 44

APSolute Vision Platform Security, page 44

APSolute Vision Platform Management, page 44

Supported Form Factors for Alteon and LinkProof NG, page 44

Device Performance Monitoring for Alteon and LinkProof NG, page 45

Application Performance Monitor for Alteon and LinkProof NG, page 45

vDirect with APSolute Vision, page 45

DefensePro Configuration Templates, page 46

Real-Time Security Reporting for DefensePro, page 46

Historical Security Reporting for DefensePro and AppWallAPSolute Vision Reporter, page 46

DefensePipe Access, page 47

DefenseFlow Access, page 47

APSolute Vision Online Help, page 47

Language Support (Localization), page 48

Document ID: RDWR-APSV-V034000_UG1512

41

APSolute Vision User Guide


Introduction to APSolute Vision

Online Device Configuration


Online configuration of devices using APSolute Vision supports the following:

Easy access for all device configuration topics

Simultaneous configuration of multiple managed devices

Hierarchical grouping of logical elements

Graphical change notation

Drill-down configuration topics

Inline filtering

Online configuration per device

AppShape templates to automate and streamline device configuration for common


applications.

DefensePro configuration templates.

Monitoring of Managed Devices and Services


Monitoring of managed devices and services in APSolute Vision supports the following:

Easy access for device monitoring topics

Logical-element grouping

Hierarchical browsing

Propertiesstatus, management IP address, software version, device-driver version, hardware


platform, license information, and the time of the last configuration change

Routing table

IP statisticsreceived and discarded

Information on ports, VLANs, and trunks, such as:

General status

Statistics

Device statistics tables for the device level and logical level

Operation Control and Maintenance


Control and maintenance operations include the following:

Enabling and disabling all relevant entities on a device.

Managing AppShape templates and AppShape instances for Alteon ADC devices. AppShape
automates/streamlines ADC configuration for common applications, such as SAP Portal and
Microsoft SharePoint Server.

Managing DefensePro templates for Network Protection policies and Server Protection policies.

Managing pairs of devices for high availability (HA).

Performing file transfers.

Managing configuration backups.

Rebooting devices.

42

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Device Drivers
APSolute Vision device drivers can enable you to install or upgrade Radware devices without the
need to upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical
user interface and configuration for the software version of a managed device. The software version
of a managed device defines the baseline driver version. You can install a newer version of the
device driver, and you can revert to the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server. Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.

Notes

There are cases where upgrading the Radware device software requires upgrading the APSolute
Vision server software. Check the release notes of the new Radware device version to determine
the minimum APSolute Vision version required.

When you upgrade device software, you need to reboot the device. However, when you install a
new version of a device driver or revert to the baseline version, you do not need to reboot the
device.

Device drivers do not include the online help. If the APSolute Vision server is configure so that
the clients get help from the server (the default option), the APSolute Vision administrator
should make sure that the APSolute Vision server has the latest version of the online-help
package.

The Properties pane that is displayed for a device includes the name of the device driver.

Scheduled Tasks
You can configure scheduled tasks for various operations for the APSolute Vision server and
managed devices.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.

Auditing and Alerts


Auditing and alerts in APSolute Vision logs all alerts and actions for APSolute Vision and for the
managed devices. You can view auditing information and other alerts in the APSolute Vision Alerts
pane.
Alerts are created with the time at which the APSolute Vision server processed them, but the time
displayed in the Alerts pane is the time of the APSolute Vision client with the proper time offset.
APSolute Vision provides the audit trail for system messages and modifications to the configuration
of managed devices.
APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute
Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications
can be sent via SMTP. Notifications can be sent to a syslog server.

Document ID: RDWR-APSV-V034000_UG1512

43

APSolute Vision User Guide


Introduction to APSolute Vision
The Alerts tab in the Alerts pane provides fault management by supporting the following system and
audit alarms:

APSolute Vision server alarms

General device alarms (fan, CPU, and so on)

Alteon device configuration and operation messages

DefensePro security alerts

Audit trail messages

User Management and Role-based Access Control (RBAC)


The APSolute Vision server supports multi-user access and role-based access control (RBAC).
RBAC provides the following:

Predefined basic roles and permissions

Customized permissions per role and device

Access-control configuration and management in a local user table or using an external


authentication server (TACACS+, or RADIUSusing custom attributes defined to provide the
APSolute Vision RBAC definitions)

APSolute Vision Platform Security


APSolute Vision supports user security with user-account options for the following parameters:

Password expirationSpecified in days

Inactivity timeoutAutomatic logout

Forbidding use of old passwords

Password challenge configuration

Password constraints

Administrative actionsTo create users, reset user passwords (except for the radware
user), and locking out users

Tracking user statisticsFor successful logins, failed logins, account locks, and so on

APSolute Vision Platform Management


The APSolute Vision Server supports the following management interfaces:

CLI shell commandsFor installation, first-time configuration, and special maintenance


activities

APSolute Vision clientFor APSolute Vision server options, such as, timeouts, connectivity,
event forwarding, and so on, and for server monitoring

Supported Form Factors for Alteon and LinkProof NG


APSolute Vision supports the following form factors (or modes) for Alteon and LinkProof NG:

StandaloneThe traditional hardware Application Delivery Controller (ADC)

Alteon VAA software-based ADC supporting AlteonOS functionality and running on the
VMware virtual infrastructure

ADC-VXA specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated
ADC hardware, Radwares OnDemand Switch platforms

vADCA virtualized instance of the Alteon operating system (AlteonOS)

44

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Notes

For more information, see the Alteon Application Switch Operating System Application Guide.

The Alerts tab in the Alerts pane displays Alteon and LinkProof NG configuration messages. A
message is displayed in the Alerts pane after each Alteon or LinkProof NG configurationmanagement action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and
Dump). When you double-click a message, APSolute Vision opens a separate pane that contains
the full message text, which you can copy to the clipboard.

If the new configuration is different from the current one, to indicate that the Apply command is
required, the message Apply is required is displayed under the Apply button in the device
toolbar and a fiery background displays behind the button.

During the Apply operation, the device icon may momentarily change from locked

to

maintenance
, and the value of the Status parameter in the Properties pane may
momentarily change from Up to Maintenance.

Device Performance Monitoring for Alteon and LinkProof NG


APSolute Vision Device Performance Monitoring (DPM) enables you to view current and historical
device-performance data from Alteon and LinkProof NG devices.

Application Performance Monitor for Alteon and LinkProof NG


APSolute Vision Application Performance Monitoring (APM) enables you to view real applicationperformance statistics from Alteon and LinkProof NG devices.
APM opens from the APSolute Vision main screen.

Note: For more information, see the Application Performance Monitor User Guide.

Application SLA Dashboard


The Application SLA Dashboard enables you to view all major application SLA issues.

Note: For more information, see Using the Application SLA Dashboard, page 433.

vDirect with APSolute Vision


The APSolute Vision 3.40.00 installation includes vDirect version 3.20.
Users with the proper roles can use vDirect with APSolute Vision to do the following:

Add and delete Alteon and DefensePro devices to the devices that the APSolute Vision manages.

Change the and delete Alteon and DefensePro devices to the devices that the APSolute Vision
manages.

Use the Administrative Scripts feature.

Document ID: RDWR-APSV-V034000_UG1512

45

APSolute Vision User Guide


Introduction to APSolute Vision
vDirect, a component within the Radware Virtual Application Delivery Infrastructure (VADI), is a
software-based plug-in that integrates Radwares ADC and security products with networking
virtualization and automation solutions. With vDirect, enterprise and cloud IT personnel can
provision, decommission, configure, and monitor complex ADC and security services, both physical
and virtual, in matter of hours and even minutes, thus maintaining maximum business agility and IT
efficiency.
vDirect exposes the following APIs:

SSH/HTTPS APIs for CLI or Web integration

SOAP APIs for use with the vDirect Java SDK

REST APIs for easy scripting integration

Key benefits of the vDirect plug-in include:

Full business agility and resource elasticityImproved business agility by ensuring the
application delivery layer is constantly aligned with the changes in the virtual infrastructure.

Drives IT efficiency through workflow automationFull integration of Radwares ADC and


security products into the data center workflow automation, driving greater levels of IT
efficiency and extracting more value from Radware solutions.

DefensePro Configuration Templates


APSolute Vision enables you to manage and dispatch DefensePro configurations of Network
Protection and Server Protection policies, along with associated profiles, configuration objects (such
as and network classes) and baselines.

Real-Time Security Reporting for DefensePro


APSolute Vision provides real-time attack views and security service alarms for DefensePro devices.

Historical Security Reporting for DefensePro and AppWallAPSolute


Vision Reporter
APSolute Vision Reporter (AVR) is a historical security reporting engine, which provides the
following:

Customizable dashboards, reports, and notifications

Advanced incident handling for security operating centers (SOCs) and network operating centers
(NOCs)

Standard security reports

In-depth forensics capabilities

Ticket workflow management

Notes

For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes.

For information about APSolute Vision Reporter and how to use it, see its online help and the
APSolute Vision Reporter User Guide.

46

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

DefensePipe Access
The APSolute Vision main toolbar displays the DefensePipe button (
connects you to the associated DefensePipe interface.

). Clicking the button

Note: For more information on DefensePipe, see the DefensePipe User Guide.

DefenseFlow Access
The APSolute Vision main toolbar displays the DefenseFlow button ( ) when the DefenseFlow IP
address is configured in APSolute Vision. This option is available using APSolute Vision CLI. Clicking
the button opens the DefenseFlow interface.

Security Control Center


The Security Control Center enables you to view and monitor the following:

Radware security products and modules

DefensePro

DefenseFlow

AppWall (WAF)

APSolute Vision Reporter (AVR)

Radware subscription, security services:

Radware security signature files / Signature Update Service (SUS)

RSA Security signatures

Emergency Response Team (ERT)

DefensePipe

Note: For more information, see Using the Security Control Center, page 436.

APSolute Vision Online Help


By default, APSolute Vision clients get online help from the APSolute Vision server. The default
installation of the APSolute Vision server includes online-help files.
Depending on the configuration of the APSolute Vision server (see Configuring APSolute Vision
Server Advanced Parameters, page 122), APSolute Vision clients get online help from one of the
following locations:

A hard-coded location on the APSolute Vision serverInstallation of the APSolute Vision


server includes online-help files. However, the online-help files on the server should be updated
with a new online-help package if managed devices are upgraded later (with a new device, new
device version, new device driver, or new AppShape template type). It is the responsibility of the
APSolute Vision administrator to make sure that the help files on the server are updated as
necessary. For more information, see Appendix A - Managing the Online-Help Package on the
Server, page 505.

radware.comThe online help files at radware.com are always the most up-to-date.

Document ID: RDWR-APSV-V034000_UG1512

47

APSolute Vision User Guide


Introduction to APSolute Vision

Language Support (Localization)


APSolute Vision supports an English graphical user interfaces and online help.
Additionally, APSolute Vision supports a Chinese graphical user interfaces and online help for Alteon
version 30.2 and later.

APSolute Vision Interface Navigation


This section contains the following topics:

APSolute Vision Settings View, page 48

Device Pane, page 51

Configuration Perspective, page 53

Monitoring Perspective, page 55

Security Monitoring Perspective, page 56

The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.

Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based
Access Control (RBAC). For more information, see the APSolute Vision User Guide. For more
information, see Role-Based Access Control (RBAC), page 70 and Configuring Local Users for
APSolute Vision, page 79.

APSolute Vision Settings View


Click the
view.

(Settings) button at the top of the main screen to select the APSolute Vision Settings

The APSolute Vision Settings view includes the following perspectives:

SystemFor more information, see Settings ViewSystem Perspective, page 51. Access to the
APSolute Vision Settings view System perspective is restricted to administrators.

DashboardsFor more information, see Settings ViewDashboards Perspective, page 50.

PreferencesFor more information, see Settings ViewPreferences Perspective, page 50.

Click the relevant button (System, Dashboards, or Preferences) to display the perspective that
you require.
At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision
device-properties pane. For more information, see APSolute Vision Device-Properties Pane, page 49.
When you hover over a device node in the device pane, a popup displays. For more information, see
Device-Properties Hover Popup, page 50.

48

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Figure 19: Settings View (Showing the System Perspective)


Displays the device pane.
APSolute Vision device-properties pane.
The System perspective in the APSolute Vision Settings view is being displayed.
Dashboards buttonDisplays the Dashboards perspective in the APSolute Vision
Settings view.
Preferences buttonDisplays the Preferences perspective in the APSolute
Vision Settings view.
Settings buttonSwitches to
and from the APSolute Vision
Settings view.
Content area.

Alerts paneDisplays the Alerts table. The Alerts table displays APSolute Vision alerts,
device alerts, DefensePro security alerts, and device configuration messages.

APSolute Vision Device-Properties Pane


The APSolute Vision device-properties pane displays the following parameters for the currently
selected device:

The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device
name.

An icon showing whether the device is locked.

A picture of the device front panel. When the device is locked, you can click the
reset or shut down the device.

StatusThe device general status: Up, Down, or Maintenance.

Locked ByIf the device is locked, the user who locked it.

Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)This field displays the platform and form factor.

Document ID: RDWR-APSV-V034000_UG1512

button to

49

APSolute Vision User Guide


Introduction to APSolute Vision

Platform (displayed only for DefensePro version 6.x and 7.x devices)The platform type, for
example x420.

Mngt IPThe host or IP address of the devices.

VersionThe device version.

MACThe MAC address.

LicenseThe license for the device.

APM License (displayed only for Alteon and LinkProof NG devices)The pages-per-minute limit
of the APM license.

HA Status (displayed only for Alteon, DefensePro for Cisco Firepower 9300, and LinkProof NG
devices)The high-availability status of the device. For Alteon and LinkProof NG, displayed only
with HA configured: Active or Standby. For DefensePro: Standalone, Primary, or
Secondary.

Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.

Device DriverThe device driver name.

Device-Properties Hover Popup


When you hover over a device node in the device pane, a popup displays the following parameters:

Device NameThe user-defined device name.

StatusThe device general status: Up, Down, or Maintenance.

Locked ByIf the device is locked, the user who locked it.

Management IP AddressThe host or IP address of the device.

Device TypeThat is, Alteon, AppWall, DefensePro, or LinkProof NG.

VersionThe device version.

MACThe MAC address.

LicenseThe license for the device.

Form Factor (displayed only for Alteon, DefensePro version 8.x devices, DefensePro for Cisco
Firepower 9300, and LinkProof NG devices)The form factor, for example, Standalone.

PlatformThe platform type.

HA Status (displayed only for Alteon, DefensePro, and LinkProof NG devices)The highavailability status of the device. For Alteon and LinkProof NG, displayed only with HA configured:
Active or Standby. For DefensePro: N/A, Standalone, Primary, or Secondary.

Init Status (displayed only for AppWall devices)The init status, for example Ended with
Errors.

Device DriverThe device driver name.

Settings ViewPreferences Perspective


Use the Preferences perspective to change your password.

Settings ViewDashboards Perspective


Users with a proper role can use the APSolute Vision Settings view Dashboards perspective to access
the following:

Application SLA DashboardFor more information, see Using the Application SLA Dashboard,
page 433.

Security Control CenterFor more information, see Using the Security Control Center,
page 436.

50

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Settings ViewSystem Perspective


Administrators can use the APSolute Vision Settings view System perspective to do the following:

Monitor or manage the general settings of the APSolute Vision serverMonitoring and
managing the general settings of the APSolute Vision server include the following:

General properties, details, and statistics of the APSolute Vision server

Statistics of the APSolute Vision server

Connectivity

Alert browser and security alerts

Monitoring parameters

Server alarm thresholds

Authentication protocols

Device drivers

APSolute Vision Reporter for DefensePro

Licenses

Application Performance Monitoring (APM)

DefensePipe URL

Advanced general parameters

Display formats

Maintenance files

Manage and monitor usersUsers can, in turn, manage multiple devices concurrently. Using
APSolute Vision RBAC, administrators can allow the users various access control levels on
devices. RBAC provides a set of predefined roles, which you can assign per user and per working
scope (device or group of devices). RBAC definition is supported both internally (in APSolute
Vision) and through remote authentication (with RADIUS or TACACS+).

Manage device resources For example, device backup files.

Note: For more information on the most of the operations that are exposed in the APSolute Vision
Settings view System perspective, see Managing and Monitoring the APSolute Vision System,
page 87.

Device Pane
Users with a proper role can use the device pane to add or delete the Radware devices that the
APSolute Vision server manages.
Click the little button close to the upper-left corner to display the device pane (see Figure 20 Device Pane (Not Docked), page 52).
You can organize managed devices into high-availability clusters and sites.
Typically, a site is a group of devices that share properties, such as location, services, or device
type. You can nest sites; that is, each site can contain child sites and devices. In the context of rolebased access control (RBAC) RBAC, sites enable administrators to define the scope of each user.
In the context of Alteon, sites also play a role in the context of vADCs and ADC-VXs. When you
manage a vADC hosted by an ADC-VX in the device pane Physical Containers tree, you specify the
site under which that vADC is displayed in the Sites and Clusters tree.
When you double-click a device in the device pane, APSolute Vision displays the device-properties
pane and the last perspective that you viewed on the device along with the corresponding content
area.

Document ID: RDWR-APSV-V034000_UG1512

51

APSolute Vision User Guide


Introduction to APSolute Vision
You can filter the sites and devices that APSolute Vision displays. The filter applies to all the sites
and devices in the tree. The filter does not change the contents of the tree, only how APSolute Vision
displays the tree to you. By default, APSolute Vision displays all the sites and devices that you have
permission to view. To each node in the tree, APSolute Vision appends the number of devices
matching the filter at that level according to your RBAC permissions.
You can filter the sites and devices that APSolute Vision displays according to the following criteria:

StatusUp, Down, Maintenance, or Unknown.

TypeAlteon, AppWall, DefensePro, or LinkProof NG. The Physical Containers tab does
not display this field.

NameThe name of a device, site, or string contained in the name (for example, the value aRy
matches an element named Primary1 and SecondaryABC).

IP AddressThe IP address, IP range, or IP mask.

After you configure the filter criteria, to apply the filter, click the
Click the

button to apply the filter.

button to cancel the filter.

Figure 20: Device Pane (Not Docked)


Minimizes the docked device pane.
Docks the device pane.

Displays the UI for the selected device(s).

Controls for filtering the devices that the pane


displays.

APSolute Vision appends the number of devices


matching the filter at that level according to your
RBAC permissions.

52

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Configuration Perspective
Use the Configuration perspective to configure Radware devices.
Choose the device to configure in the device pane.
You can view and modify device configurations in the content area.
When APSolute Vision manages Alteon or LinkProof NG:

You choose the standalone, VA, or vADC device to configure in the device pane Sites and
Clusters tree.

You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.

Figure 21: Configuration PerspectiveAlteon and LinkProof NG


Device pane (docked) with the Sites and Clusters tree displayedDisplays, according
to your filter, the configured sites and standalone, vADC, and VA devices.
Physical Containers tabDisplays, according to your filter, the configured
sites and ADC-VXs with the hosted vADCs.
The Configuration perspective is being displayed.
Device-properties pane.
Monitoring buttonOpens the Monitoring perspective.
Configuration-management buttons.

Alerts TableDisplays APSolute Vision alerts,


device alerts, and configuration messages.

Content
pane.

The following points apply to all configuration tasks in the Configuration perspective:

To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 145.

When you change a field value (and there is configuration that is pending Submit action), the
tab title changes to in italics with an asterisk (*).

By default, tables display up to 20 rows per table page.

Document ID: RDWR-APSV-V034000_UG1512

53

APSolute Vision User Guide


Introduction to APSolute Vision

You can perform one or more of the following operations on table entries:

Add a new entry to the table, and define its parameters.

Edit one or more parameters of an existing table entry.

Delete a table entry.

Device configuration information is saved only on the managed device, not in the APSolute
Vision database.

To commit information to the device, you must click Submit when you modify settings in a
configuration dialog box or configuration page.
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the change
without an immediate reboot. When you submit a change without a reboot, the Properties pane
displays a Reboot Required notification until you reboot the device.
For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (globalcommand) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new
configuration requires an Apply or Save operation to take effect, the button is displayed with an
orange background.

Figure 22: Apply (Required) and Save (Required) Buttons

For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If
the configuration requires an Apply operation to take effect, the button is displayed with an orange
background.

Figure 23: Apply Button for AppWall

Figure 24: Apply Required Button for AppWall

For DefensePro, click Update Policies to implement policy-configuration changes if necessary.


Policy-configuration changes for a device are saved on the device, but the device does not apply the
changes until you perform a device-configuration update. For DefensePro 7.x versions 7.32 and
later, if the new configuration requires an Update Policies operation to take effect, the button is
displayed with an orange background.

Figure 25: Update Policies Button

Figure 26: Update Policies Required Button

54

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Example Device selection in the Configuration perspective


The following example shows the selections you would make to view or change configuration
parameters for a Radware device:
1. Select the required device in the device pane by drilling down through the sites and child sites.
2. Lock the device by clicking the

icon in the device-properties pane. The icon changes to

(a picture of a locked padlock).


3. Click Configuration (

) to open the Configuration perspective.

4. Navigate to the configuration objects in the content pane.

Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.

Figure 27: Monitoring PerspectiveAlteon and LinkProof NG


Device pane (docked) with the Sites and Clusters tree displayedDisplays, according
to your filter, the configured sites and standalone, vADC, and VA devices.
Physical Containers tabDisplays, according to your filter, the configured
sites and ADC-VXs with the hosted vADCs.
The Monitoring perspective is being displayed.
Device-properties pane.
Configuration-management buttons.

Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
configuration messages.

Document ID: RDWR-APSV-V034000_UG1512

55

APSolute Vision User Guide


Introduction to APSolute Vision

Figure 28: Monitoring PerspectiveDefensePro


Device paneIncludes the Sites and Clusters tree and the Physical Containers tree.
Only the Sites and Clusters tree is relevant for DefensePro.
The Monitoring perspective is being displayed.
Device-properties pane.
DefensePro configuration-management buttons.

Content pane.
Alerts TableDisplays APSolute Vision alerts, device alerts, and
DefensePro configuration messages.

Security Monitoring Perspective


For DefensePro and DefenseFlow, APSolute Vision displays the Security Monitoring perspective.
The Security Monitoring perspective is available for single devices and also for multiple devices.
Security monitoring for multiple devices supports two report categories: the Dashboard View and
Traffic Monitoring. Security monitoring for single devices supports two additional report categories:
Protection Monitoring and HTTP Reports.
You can filter the sites and devices that APSolute Vision displays. The filter does not change the
contents of the tree, only how APSolute Vision displays the tree to you.
In the Security Monitoring perspective, you can access a collection of real-time security-monitoring
tools that provide visibility regarding current attacks that the DefensePro device has detected. The
Properties pane displays information about the currently selected device.
The Security Monitoring perspective includes the following tabs:

56

Dashboard ViewComprises the following:

Security DashboardA graphical summary view of all current active attacks in the
network with color-coded attack-category identification, graphical threat-level indication,
and instant drill-down to attack details.

Current AttacksA view of the current attacks in a tabular format with graphical notations
of attack categories, threat-level indication, drill-down to attack details, and easy access to
the protecting policies for immediate fine-tuning.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Introduction to APSolute Vision

Traffic MonitoringA real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.

Protection MonitoringReal-time graphs and tables with statistics on policies, protections


according to specified traffic direction and protocol, along with learned traffic baselines.

HTTP ReportsReal-time graphs and tables with statistics on policies, protections according to
specified traffic direction and protocol, along with learned traffic baselines.

Figure 29: Security Monitoring PerspectiveShowing the Security Dashboard

Note: For more information on the Security Monitoring perspective, see Using Real-Time Security
Monitoring, page 381.

Document ID: RDWR-APSV-V034000_UG1512

57

APSolute Vision User Guide


Introduction to APSolute Vision

58

Document ID: RDWR-APSV-V034000_UG1512

Chapter 2 Getting Started with APSolute


Vision
The following topics describe how to get started and set up APSolute Vision before configuring and
monitoring your Radware devices:

Initializing the APSolute Vision Server, page 59

Recommended Basic Security Procedures, page 61

APSolute Vision WBM Requirements, page 62

Logging into APSolute Vision, page 63

Changing Passwords for Local Users, page 64

After Initial Configuration of APSolute Vision, page 66

Using Common GUI Elements in APSolute Vision, page 66

Notes

For information about installing the APSolute Vision server, see the APSolute Vision Installation
and Maintenance Guide.

For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.

Initializing the APSolute Vision Server


On a physical appliance, access the APSolute Vision CLI using a serial cable and terminal emulation
application, or from an SSH client.

Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:

Bits per second: 19200

Data bits: 8

Parity: None

Stop bits: 1

Flow control: None

Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute
Vision terminates the session.

Document ID: RDWR-APSV-V034000_UG1512

59

APSolute Vision User Guide


Getting Started with APSolute Vision

To initialize the APSolute Vision server


1.

Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and
that console computer is turned on.

2.

Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.

3.

Wait for the login prompt, vision login:.

4.

Type the default username radware, and then, press Enter.

5.

Type the default password radware, and then, press Enter.

6.

Type the IP address for the APSolute Vision server, and then, press Enter.

7.

Type the value for the network mask for the APSolute Vision server, and then, press Enter.

8.

Type the value for the default gateway for the APSolute Vision server, and then, press Enter.

9.

Type the value for the primary DNS server for the APSolute Vision server, and then, press Enter.

10. If applicable, type the value for the secondary DNS server for the APSolute Vision server, and
then, press Enter.

Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter
without typing anything, the installation will proceed.
11. Type the interface identifierfor example G1 or G2 (case sensitive)that is, the interface the
APSolute Vision clients access, and then, press Enter.

Notes

The installation program checks whether there are connected interfaces, and it displays their
identifiers. If there are no connected interfaces, a No link detected message is displayed.

The interface identifiers that are supported depend on the APSolute Vision form factor.

12. Review the values.


13. Type one of the following values:

y yes, that is, you accept the values.

N no, that is, you need to go back and change one or more values.

The initialization script asks whether you want to change the root user password.
14. Change the root user password if required.

Note: For information on how to change the default passwords, see APSolute Vision CLI
Commands, page 441.

60

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Getting Started with APSolute Vision

Recommended Basic Security Procedures


This section describes the basic procedures that Radware recommends for the security of the
APSolute Vision system.

Restricting Root Access


The APSolute Vision server runs on a Linux shell.
The APSolute Vision server supports root access to the operating system. The default password is
radware, which can be modified during the initial setup of the APSolute Vision server. Additionally,
user radware can modify the password using the CLI command system user password root.
Radware recommends that the root user password be kept secret from other administrators, and
retained for troubleshooting by Radware Technical Support.
If you require recovery of the root password, contact Radware Technical Support.

Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.

Restricting APSolute Vision CLI Access


The default username/password for the APSolute Vision CLI is radware/radware.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly, Radware recommends that you change the default password of the radware
user, using the CLI command system user password change radware.
Change the password with the relevant CLI command.
Access to the APSolute Vision CLI is available only to users with the Administrator or Vision
Administrator role.

Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.

Restricting Web Access to the APSolute Vision Server


You install of APSolute Vision client software by accessing an APSolute Vision appliance using a Web
browser.
The APSolute Vision installation includes one default user, radware, with the password radware.
The radware user has access to all APSolute Vision interfaces.
Radware recommends that you change the password of the radware user. Change the password with
the relevant CLI command.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly.

Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.

Document ID: RDWR-APSV-V034000_UG1512

61

APSolute Vision User Guide


Getting Started with APSolute Vision

Restricting Web Access by Radware Technical Support


Radware Technical Support can access an APSolute Vision appliance using a Web browser.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly, Radware recommends that you change the default password.
Change the password with the relevant CLI command.

Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 441.

APSolute Vision WBM Requirements


APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
This section describes the basic requirements with the following topics:

APSolute Vision WBM Requirements, page 62

Application Performance Monitoring Requirements, page 63

APSolute Vision Reporter Requirements, page 63

Device Performance Monitor Requirements, page 63

Notes

For more information, see APSolute Vision Specifications and Requirements, page 607.

For the list of required UDP/TCP ports, see UDP/TCP Ports, page 608.

APSolute Vision WBM Requirements


This section includes the following topics:

APSolute Vision Client Supported Operating Systems, page 62

APSolute Vision WBM Supported Browsers, page 62

APSolute Vision Client Supported Operating Systems


The following operating systems support APSolute Vision client:

Windows Server 2008R2 64-bit

Windows 8 64-bit

Windows 7 SP1 32-bit and 64-bit

Windows Server 2012R2 64-bit

Linux Ubuntu (Desktop)

Mac OS X

APSolute Vision WBM Supported Browsers


You can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device
Performance Monitor, and the APM server Web interface) using a Web browser. For the list of
supported browsers, refer to the release notes.

62

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Getting Started with APSolute Vision

Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision
WBM, there is sometimes a problem when downloading files. You can fix the problem by updating
the Windows registry. The update tells IE to open JSON documents in the browser. In the update,
the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the Browse in place
action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00
and update the Windows registry with the following:

[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00

Application Performance Monitoring Requirements


APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor (APM).
The APM is a process that runs on the APSolute Vision server with APM server VA offering. APSolute
Vision WBM includes an option to open the APM Web interface. You access the APM via a browser on
your PC. APSolute Vision WBM includes an option to open the APM Web interface.
For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and
Maintenance Guide.

APSolute Vision Reporter Requirements


APSolute Vision WBM can connect to the APSolute Vision Reporter (AVR). APSolute Vision WBM
includes a button that opens the AVR in a separate browser tab.
Java client version 1.6.0_22 or later must be installed to run the APSolute Vision Reporter.

Device Performance Monitor Requirements


APSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for
Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser
tab.

Logging into APSolute Vision


To start working with APSolute Vision, you log in to the APSolute Vision Web application, which is
referred to as Web Based Management (WBM).
The first login to APSolute Vision WBM requires an APSolute Vision Activation License (which has a
vision-activation prefix). The license is based on the MAC address of the APSolute Vision G1 or G2
port, which the CLI command net ip get displays. You can request the license from Radware
Technical Support. The license is also available using the license generator at radware.com.
Up to 50 concurrent users can access the APSolute Vision server concurrently.

Document ID: RDWR-APSV-V034000_UG1512

63

APSolute Vision User Guide


Getting Started with APSolute Vision

Note: Users with the Administrator role can manage APSolute Vision users. For information on
managing APSolute Vision users, see Managing APSolute Vision Users, page 69.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your
credentials and privileges may be managed through an authentication server or through the local
APSolute Vision user database.
After successful authentication, the users role is assigned. The role determines the devices that the
user is authorized to manage. Furthermore, the role determines which content panes, menus, and
operations the user can access. The assigned role remains fixed throughout the user session.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 84). If the user uses credentials from
an authentication server (for example, a RADIUS server), you must contact the administrator of that
authentication server.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 69.

To log into APSolute Vision as an existing user


1.

In a Web browser, enter the hostname or IP address of the APSolute Vision server.

2.

In the login dialog box, specify the following:

User NameYour user name.

PasswordYour user password. Depending on the configuration of the server, you may be
required to change your password immediately. Default: radware.

3.

(globe icon)The language of the APSolute Vision graphical user interface.

Click Login.

Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware
recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System
perspective, General Settings > Connectivity > Timeout).

Changing Passwords for Local Users


If your user credentials are managed through the APSolute Vision Local Users table (not through an
authentication server, such as RADIUS or TACACS+), you can change your user password at the
login or in the APSolute Vision Settings view Preferences perspective. For information about
password requirements, see APSolute Vision Password Requirements, page 86.
If your password has expired, you must change it in the APSolute Vision Login dialog box.

Note: For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 69.

64

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Getting Started with APSolute Vision

To change a password for a local user


1. In the APSolute Vision Settings view Preferences perspective, select User Preferences > User
Password Settings.
2. Configure the parameters, and click Update Password.

Table 1: User Password Settings Parameters

Parameter

Description

Current Username

(Read-only) The current username.

Current Password

Your current password.

New Password

Your new password.

Confirm New Password

Your new password.

Selecting Your Landing Page


You can select the page that APSolute Vision displays when you open APSolute Vision WBM.

To selecting your landing page


1. In the APSolute Vision Settings view Preferences perspective, select User Preferences >
Display.
2. Configure the parameter, and click Submit.

Table 2: Display Parameter

Parameter

Description

Default Landing Page

The page that APSolute Vision displays when you open APSolute
Vision WBM.
Values:

NoneWhen you open APSolute Vision WBM, you land in the


default page configured on the APSolute Vision server (see
Configuring APSolute Vision Display Parameters, page 124).

Application SLA DashboardWhen you open APSolute Vision


WBM, you land on the Application SLA Dashboard (see Using the
Application SLA Dashboard, page 433).

Security Control CenterWhen you open APSolute Vision WBM,


you land on the Security Control Center (see Using the Security
Control Center, page 436).

Default: None
Note: Your user role and scope determines the available options.
If you do not have permission to view default page configured on
the APSolute Vision server, you land in the first permitted tab in
the APSolute Vision Settings view. For information on user roles
and scopes, see Managing APSolute Vision Users, page 69.

Document ID: RDWR-APSV-V034000_UG1512

65

APSolute Vision User Guide


Getting Started with APSolute Vision

After Initial Configuration of APSolute Vision


After initial configuration of the APSolute Vision server, continue with the following (as permitted by
your RBAC role):

If required, configure local APSolute Vision users and global user settings in the APSolute Vision
Settings view System perspective, under User Management. For more information, see
Managing APSolute Vision Users, page 69.

Add the devices that you want to manage using APSolute Vision. For more information, see
Setting Up Your Network and Basic Device Configuration, page 129.
To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.

Configure the Radware devices that APSolute Vision manages. For more information, see the
APSolute Vision online help.

Manage device operations and maintenance.

Monitor the managed devices using APSolute Vision. For more information, see the APSolute
Vision online help.

Note: For more information about the Radware products that APSolute Vision supports, see the
relevant product user guides and related documentation.

Using Common GUI Elements in APSolute Vision


This section contains the following:

Icons/Buttons and Commands for Managing Table Entries, page 66

Filtering Table Rows, page 67

Icons/Buttons and Commands for Managing Table Entries


The following table describes icons/buttons and corresponding commands that are available when
you manage table entries (rows) using APSolute Vision Web Based Management. The commands
that are available depend on the feature. The icons/buttons are always above a table on the left
side. When the mouse cursor (pointer) hovers over an icon/button, the display changes from
monochrome (gray) to colored.

Notes

You can configure and control a managed device only when the device is locked (see Locking
and Unlocking Devices, page 145).

The APSolute Vision documentation shows icons/buttons in their colored state.

Table 3: Icons/Buttons and Commands for Managing Table Entries

Icon/Button

66

Command

Description

Add

Opens an Add New... tab to configure a new entry.

Edit

Opens an Edit... tab to modify the selected existing entry.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Getting Started with APSolute Vision

Table 3: Icons/Buttons and Commands for Managing Table Entries (cont.)

Icon/Button

Command

Description

Duplicate

Opens an Add New... tab, which is populated with the values


from the selected entry, except for the indexes.

Delete

Deletes the selection.

Export

Exports the selected entry.

View

Opens a View... tab to view the values of the selected entry.

Filtering Table Rows


For many tables in APSolute Vision and managed devices, you can filter table rows according to
values in the table columns.
The filter uses a Boolean AND operator for the filter criteria that you specify. That is, the filtered
table displays the rows that match all the search parameters, not any of the search parameters. For
example, if the table includes the columns Policy and Port, and you filter for the policy value ser,
and the port value 80, the filtered table displays rows where the value of the Policy parameter
includes ser AND the value of the Port parameter includes 80.

To filter table rows


1. Do the following:

If a table column displays a drop-down list (with an arrow, like this,


the arrow and select the value to filter by.

If the table column displays a white, text box (like this,


filter by.

), click

), type the value to

Notes

For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a
match if the string that you enter is merely contained in a value. For example, if you enter
ser in the text box, the filter returns rows with the values ser, service1, and service2.

If the box at the top of a column is gray (like this,


according to that parameter.

2. Click the

), you cannot filter

(Filter) button or press Enter.

Document ID: RDWR-APSV-V034000_UG1512

67

APSolute Vision User Guide


Getting Started with APSolute Vision

68

Document ID: RDWR-APSV-V034000_UG1512

Chapter 3 Managing APSolute Vision Users


APSolute Vision supports concurrent access to up to 50 users.
Each user has individual credentials and privileges. APSolute Vision supports role-based access
control (RBAC) to manage user privileges. RBAC users can be defined and managed in the local
APSolute Vision user database (the Local Users table) or through an external authentication server.
All user credentials for local users are encrypted and stored in the APSolute Vision database.
All all actions by all users (local or non-local) are stored in the audit log.
Users with the appropriate privileges can lock a device on an APSolute Vision server and modify its
configuration. Locking the device prevents other users from performing configuration tasks on that
device at the same time.
The following topics describe role-based access control, and how to configure and monitor local
APSolute Vision users:

Logging In as the Default Administrator Userradware User, page 69

Role-Based Access Control (RBAC), page 70

Configuring Local Users for APSolute Vision, page 79

Viewing User Statistics, page 86

Configuring General User Settings, page 77

APSolute Vision Password Requirements, page 86

Logging In as the Default Administrator Userradware


User
A new APSolute Vision server (one that no one has yet logged into) contains a single predefined
Administrator user, which is called radware, defined with the Administrator role.

Caution: Radware recommends that the radware user be used by customers for disaster recovery
and kept secret from all other administrators.
The radware user can create and manage additional local users and their individual and global user
settings.
The radware user cannot be deleted.
The radware user is authenticated only in the Local Users table, regardless of whether the system is
configured to use a different authentication method. That is, the radware user cannot be overridden
by the configuration of an authentication server (see Configuring Connections to Authentication
Servers, page 103).

Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
The radware user can change the password of the radware user in the CLI or in the login dialog box.
For more information, see the APSolute Vision User Guide.

Document ID: RDWR-APSV-V034000_UG1512

69

APSolute Vision User Guide


Managing APSolute Vision Users

To log in to APSolute Vision for the first time as the radware user
1.

In your Web browser, enter the hostname or IP address of the APSolute Vision server.

2.

In the login dialog box, specify the following:

3.

UsernameThe name of the user, radware.

PasswordThe password for the radware user.

Click Login.

Role-Based Access Control (RBAC)


You can determine the functionality and managed devices available to each user in APSolute Vision
by using RBAC to associate users with roles and scopes of devices.
Except for the radware user, all users can also be defined and managed through an authentication
server.
A user with the Administrator or User Administrator role can create, edit, and manage local APSolute
Vision users. User management includes assigning scopes and roles. A scope defines the devices
that the user can access. A role defines the set of permissions for the corresponding scope.
Scopes of devices correspond to the hierarchy in the device pane. A scope can contain an individual
device or all the devices in a site (and its child sites). Scopes are named according to the
corresponding site or device name. The All scope contains all devices and the APSolute Vision server.

Caution: If the name of an APSolute Vision site changes and an authentication server
authenticates users, you must reconfigure the user scopes on the authentication server.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role
defines a set of privileges.
All roles, except Administrator, User Administrator, or Vision Administrator must be assigned a
scope.
Users with the Administrator, User Administrator, or Vision Administrator role with the All scope.
APSolute Vision always configures users with the Administrator, User Administrator, or Vision
Administrator role with the All scope.

Caution: When defined through an authentication server, users with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL] (including the
square brackets).
A user sees the APSolute Vision GUI displayed according to that users role, for example:

When a user has full read and write permissions, all Add, Edit, and Delete buttons are displayed.

When a user has update permissions only, Add buttons are not displayed.

When a user does not have any configuration permissions, Add, Delete, and Submit buttons are
not displayed.

The APSolute Vision Settings view System perspective is displayed only to users with the
Administrator, User Administrator, or Vision Administrator role.

70

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

A user with the User Administrator role can manage all user settings: the Local Users table, the
Authentication Method, and so on. A user with the User Administrator role cannot view other
elements in the APSolute Vision Settings view System perspective.

The tree in device pane displays only those devices that belong to scope associated with the
user.

The Security Monitoring perspective displays visible attacks only of those devices that belong to
the scope and specified DefensePro Network Protection policies associated with the user. This
applies also to the information that APSolute Vision Reporter displays.

Caution: Users with the name admin (case insensitive) cannot be created in the APSolute Vision
local user table. If users with the name admin (case insensitive) are defined in an external
authentication server (RADIUS or TACACS+) or were created in the local user table prior to APSolute
Vision version 3.30, they can log in to APSolute Vision, but they will not be able to log in to the AVR.
All users can see the Alerts pane, but the alerts displayed are limited according to device
permissions.
The relevance and descriptions for the predefined roles may depend on the device type (Alteon or
DefensePro).
Each role has an associated identity-management (IDM) string. You use the IDM strings in an
authentication-server configuration, for example. If the user is authenticated, the APSolute Vision
server grants access according to the users IDM string and scope. The authentication server AccessAccept response must include an IDM-stringscope combination.

Note: APSolute Vision RBAC functionality is separate from the functionality of device user accounts.
The following table lists the predefined roles and the corresponding IDM strings.

Table 4: Predefined Roles and IDM Strings

Role

IDM String

ADC + Certificate Administrator

ADC_AND_CERTIF_ADMIN

ADC Administrator

ADC_ADMIN

ADC Operator

ADC_OPERATOR

Administrator

SYS_ADMIN

Certificate Administrator

CERTIF_ADMIN

Device Administrator

DEV_ADMIN

Device Configurator

CONFIG

Device Operator

DEVICE_OPERATOR

Device Viewer

VIEWER

Real Server Operator

REAL_SERVER_OPERATOR

Security Administrator

SEC_ADMIN

Security Monitor

SEC_MON

User Administrator

USR_ADMIN

Vision Administrator

VISION_ADMIN

Vision Reporter

REPORTER

Document ID: RDWR-APSV-V034000_UG1512

71

APSolute Vision User Guide


Managing APSolute Vision Users

Table 5: Role per Radware Product

Role

Can Add
Manages Application
Manages Security
New Device Delivery Devices (Alteon Devices (AppWall and
and LinkProof NG)
DefensePro)

ADC + Certificate Administrator

No

Yes

No

ADC Administrator

No

Yes

No

ADC Operator

No

Yes

No

Administrator

Yes

Yes

Yes

Certificate Administrator

No

Yes

No

Device Administrator

Yes

Yes

Yes

Device Configurator

No

Yes

Yes

Device Operator

No

Yes

No

Device Viewer

No

Yes

Yes

Real Server Operator

No

Yes

No

Security Administrator

No

No

Yes

Security Monitor

No

Yes

Yes

User Administrator

No

N/A

N/A

Vision Administrator

Yes

Yes

Yes

Vision Reporter

No

Yes

Yes

The following table describes the predefined roles in APSolute Vision.

Table 6: Predefined Roles

Role

Description

ADC + Certificate
Administrator

The union of ADC Administrator and Certificate Administrator roles.


Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can access Security Monitoring perspective.

ADC Administrator

Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can access Security Monitoring perspective.

ADC Operator

Has read-only permission on the configuration of ADC devices and general


device control.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.

72

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

Table 6: Predefined Roles (cont.)

Role

Description

Administrator

Can access the CLI and can perform all actions and access all functionality.

Certificate
Administrator

Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can access the Monitoring perspective.
Can perform all functions related to Alteon and LinkProof NG, but some
functions are read-only.
Can view the Application SLA Dashboard.

Device
Administrator

Has full control over devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table.
Can access the Templates tab.

Device Configurator Can access all Configuration-perspective panes and Monitoring-perspective


panes, and has full control over the Setup, Networking, Device Security and
Advanced parameter tabs of the Configuration perspective of the devices for
which the user has credentials.
Can perform all Configuration and Monitoring pane perspective functions of
the devices for which the user has credentials, excluding AppShapes.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Device Operator

Has full control over all Monitoring perspective panes and can access the
Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG, including
AppShapes, but some functions are read-only.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.

Device Viewer

Can access all devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.

Real Server
Operator

Can lock and unlock an Alteon device for which the user has credentials.
Can access the Monitoring perspective with the following permissions with
read-write access to the following nodes (all other nodes are hidden):

Application Delivery > Virtual Service > Real Servers

Application Delivery > Virtual Service > Server Groups

Can view the Application SLA Dashboard.


Security
Administrator

Can configure and manage network and server security, ACL policies, and so
on.
Can export a policy file from the Network Protection Policies table and Server
Protection Policies table. Furthermore, can open the AppShapes & Templates
tab, and can see and use the DefensePro Configuration Templates node.

Security Monitor

Has full control over Security Monitoring and APSolute Vision Reporter.

User Administrator

Can access the APSolute Vision Settings view System perspective, and in it,
can create and manage users. Cannot view other elements in the APSolute
Vision Settings view System perspective.

Document ID: RDWR-APSV-V034000_UG1512

73

APSolute Vision User Guide


Managing APSolute Vision Users

Table 6: Predefined Roles (cont.)

Role

Description

Vision
Administrator

Can access the CLI except for system snmp community and system snmp
trap target and can perform all actions and access all functionality,
except for user management and authentication protocols (RADIUS Settings
and TACACS+ Settings).

Vision Reporter

Has full control over APSolute Vision reporting capabilities (APM, AVR, and
DPM).

vDirect

AppShapes

DefensePro Configuration
Templates

Scheduler

AVR

Settings View

Security Monitoring
Perspective

Monitoring
Perspective

Configuration
Perspective

Role

APM, DPM, and Application


SLA Dashboard
Security Control
Center

Table 7: Feature-Accessibility per Role

ADC +
Certificate
Administrator

Yes

Yes

Yes

Yes, but only User


Preferences and
Device Resources

No

Yes

No

No

No

Yes

Yes

ADC
Administrator

Yes, except for


Certificate
Repository, which is
read-only

Yes

Yes

Yes, but only User


Preferences and
Device Resources

No

Yes

No

No

No

Yes

Yes

ADC Operator

Yes, but read-only

Yes

No

Yes, but only User


Preferences and
Device Resources

No

Yes

No

No

No

No

No

Administrator

Yes

Yes

Yes

Yes, all

Yes

Yes

Yes

Yes

Yes

Yes

Yes

74

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

vDirect

Yes, but read-only,


Yes, but read-only
except for read-write
access to Certificate
Repository and the
Client Authentication
Policy

No

Yes, but only User


Preferences and
Device Resources

No

No

No

No

No

No

No

Device
Administrator

Yes

Yes

Yes

Yes, but only User


Preferences and
Device Resources

Yes

Yes

Yes, but
cannot click
Vision
Settings.

Yes

Yes

Yes

Yes

Device
Configurator

Yes, but some items


are read-only

Yes, but some items No


are read-only (for
example, realserver status)

Yes, but only User


Preferences and
Device Resources

No

Yes

Yes, but
cannot click
Vision
Settings.

Yes

No

No

No

Device
Operator

Yes, but read-only

Yes

No

Yes, but only User


Preferences and
Device Resources

No

Yes

No

Yes

No

No

No

Device Viewer

Yes, but read-only

Yes, but read-only

Yes

Yes, but only User


Preferences and
Device Resources

Yes

Yes

Yes, but
cannot click
Vision
Settings.

No

No

No

No

Document ID: RDWR-APSV-V034000_UG1512

Scheduler

Certificate
Administrator

AVR

AppShapes

DefensePro Configuration
Templates

Settings View

Security Monitoring
Perspective

Monitoring
Perspective

Configuration
Perspective

Role

APM, DPM, and Application


SLA Dashboard
Security Control
Center

Table 7: Feature-Accessibility per Role (cont.)

75

APSolute Vision User Guide


Managing APSolute Vision Users

vDirect

No

Yes, but limited to


Real Servers and
Server Groups
nodes

No

Yes, but only User


Preferences

No

No

No

No

No

No

No

Security
Administrator

Yes

Yes

Yes

Yes, but only User


Preferences and
Device Resources

Yes

No

Yes, but
cannot click
Vision
Settings.

Yes

Yes

No

No

Security
Monitor

No

No

Yes

Yes, but only User


Preferences

Yes

No

Yes, but
cannot click
Vision
Settings.

No

No

No

No

User
Administrator

No

No

No

Yes, but only User


Preferences and
User Management
settings

No

No

No

No

No

No

No

Vision
Administrator

Yes

Yes

Yes

All, but excluding


User Management
settings and
authentication
protocols (RADIUS
Settings and
TACACS+ Settings)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

76

Scheduler

Real Server
Operator

AVR

AppShapes

DefensePro Configuration
Templates

Settings View

Security Monitoring
Perspective

Monitoring
Perspective

Configuration
Perspective

Role

APM, DPM, and Application


SLA Dashboard
Security Control
Center

Table 7: Feature-Accessibility per Role (cont.)

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

No

Yes

Yes

No

No

DefensePro Configuration
Templates

Scheduler

AVR

Settings View
Yes, but only User
Preferences

No

vDirect

No

AppShapes

Vision Reporter No

Security Monitoring
Perspective

Monitoring
Perspective

Configuration
Perspective

Role

APM, DPM, and Application


SLA Dashboard
Security Control
Center

Table 7: Feature-Accessibility per Role (cont.)

No

No

To view the list of predefined roles


>

In the APSolute Vision Settings view System perspective, select User Management > Roles.

Configuring General User Settings


The Administrator or User Administrator user can specify the user-authentication method for all APSolute Vision interfaces.

To configure general user-management settings


1. In the APSolute Vision Settings view System perspective, select User Management > User Management Settings.
2. Configure the parameters, and click Submit.

Document ID: RDWR-APSV-V034000_UG1512

77

APSolute Vision User Guide


Managing APSolute Vision Users

Table 8: User Management Settings

Parameter
Authentication Mode

Description
The user-authentication method APSolute Vision users.
The Administrator or User Administrator user can specify the
user-authentication method for all APSolute Vision interfaces.
The setting is retained after reboot of the APSolute Vision
server, and it is included in the APSolute Vision configuration
backup and restore operations.
Values:

LocalThe Local Users table stores the credentials of and


authenticates the APSolute Vision users (see Configuring
Local Users for APSolute Vision, page 79).

RADIUSA RADIUS server stores the credentials of and


authenticates the APSolute Vision users (see Configuring
RADIUS Server Connections, page 103). If the primary
RADIUS server and, if defined, secondary RADIUS server is
down, user authentication fails over to the Local Users table
(see Configuring Local Users for APSolute Vision, page 79).

TACACS+A TACACS+ server stores the credentials of and


authenticates the APSolute Vision users (see Configuring
TACACS+ Server Connections, page 107). If the primary
TACACS+ server and, if defined, secondary TACACS+
server is down, user authentication fails over to the Local
Users table (see Configuring Local Users for APSolute
Vision, page 79).

Default: Local
Maximum Password Challenges

The number of consecutive unsuccessful password entries


before a user is locked out.
Values: 310
Default: 3

Default Password for Other Users

The default password that new users, other than the radware
user, enter on initial login or after password reset.
Notes:

You can configure the initial password for an individual user.


For more information, see Table 13 - User: Password
Parameters, page 83.

The radware user can change the password at any time or


on expiration.

Confirm Default Password for


Other Users

The value for confirmation of Default Password for Other


Users.

Password Validity Period

The number of days from password creation until that password


expires. When you change this value, the new value is applied
to any subsequently created passwords; current passwords are
not affected by the change.
Values: 13670
Default: 30

78

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

Table 8: User Management Settings (cont.)

Parameter

Description

User Statistics Storage Period

The number of days the user statistics information is stored


before being deleted.
Values: 13670
Default: 30

Number of Last Passwords Saved

The number of passwords that APSolute Vision saves for a user


to prevent the user from reusing a recently expired password.
Values: 2100
Default: 3

User Must Change Password at


First Login

Specifies whether all users must change their password when


logging in for the first time to the APSolute Vision server.
Default: Disabled
Note: The value for this parameter applies to when the user
is created, and does not change. For example, if the value for
this parameter is enabled when the user is created, and then
the value changes to disabledbut the user has not yet
logged in, the user will be required to change his/her
password when he/she first logs in.

Configuring Local Users for APSolute Vision


The Local Users table contain individual local APSolute Vision user configurations.
A user with the Administrator or User Administrator role can set and change the following individual
local APSolute Vision user configurations:
Specify the user-authentication method (Authentication Mode)

Add, edit, and delete users

Revoke and enable users

Release user lockout and reset user passwords

For information about setting global user configurations, see Configuring General User Settings,
page 77.

Note: An authentication server is specified to authenticate the APSolute Vision users. When the
authentication server is down, user authentication fails over to the Local Users table.

Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware
recommends that administrator users be defined also in the Local Users table. Having users defined
also in the Local Users table is for fall-back access to APSolute Vision in case the authentication
server is not available.
Use the Local Users tab for the following operations:

Adding and Editing Users, page 81

Deleting Users, page 84

Releasing User Lockout, page 84

Document ID: RDWR-APSV-V034000_UG1512

79

APSolute Vision User Guide


Managing APSolute Vision Users

Resetting User Passwords to the Default, page 84

Revoking and Enabling Users, page 85

To open the Local Users tab


>

In the APSolute Vision Settings view System perspective, select User Management > Local
Users.

The Local Users tab displays information for all currently defined users. Additional information for
users is available when editing specific rows in the Local Users table.

Table 9: Local User Table Parameters

Parameter

Description

User Name

The username used for login.

User Full Name

The users full name.

Language

The default display language for the user.


Notes:

The Default Display Language parameter (see Configuring


APSolute Vision Display Parameters, page 124) determines the
default value.

The user can change his/her own display language, by using


the

Scope

icon at the upper-right corner of the main screen.

The scopes of devices organized according to the site tree in the


device pane. A scope can contain an individual device or all the
devices in a site. The All scope contains all devices and the
APSolute Vision server.
The displayed scopes for each user represent the devices that the
user can access. Each scope in the list is associated with a
corresponding role that defines the permissions for the user on
those devices.
Users defined through an authentication server with the
Administrator, User Administrator, or Vision Administrator role
must be configured with the scope [ALL] (including the square
brackets).

Role

The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.

Contact Info

The users contact informationorganization, address, and phone


number.

Password Expiration Date

The date on which the current password expires.

Active User

Specifies whether the user is currently enabled.


Values:

Currently Locked Out

YesThe user is currently enabled.

NoThe user is currently suspended and cannot log in.

Specifies whether the user is currently locked out.

Created On

The date on which the user was created.

Last Password Change

The date on which the user password was last changed.

80

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

Table 9: Local User Table Parameters (cont.)

Parameter

Description

Last Lockout

The date on which the user was last locked out.

Adding and Editing Users


When you add a user, you associate the user with one or more role-and-scope pairs to define the
users privileges and the managed devices to which the privileges apply. Scopes represent the
devices for which the user has credentials. The corresponding role for each scope in the list defines
the permissions for the user on those devices.
When you modify the role and/or scope assignment for a user who is logged into APSolute Vision,
the user must log out and log in again for the changes to take effect.
By default, a new user is not associated with any scope or role.
You can only add a scope once for each user. You cannot add a scope that contains devices that are
already in a scope associated with the user.
For DefensePro devices, after you configure the role-scope pair, you can configure the securitymonitoring access for the user. Security-monitoring access defines what security data the user sees
in the Security Monitoring perspective and APSolute Vision Reporter according to specified
DefensePro Network Protection policies.

Note: The terms Network Protection policy and network policy may be used interchangeably in
APSolute Vision and in the documentation.

To add or edit a user


1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. Do one of the following:

To add a user, click the

(Add) button in the tab toolbar.

To edit a user, double-click the username.

3. In the Permissions tab User Roles and Scopes table, do one of the following:

To add a new role-scope pair, click the

To edit a role-scope pair, click

(Add) button in the tab toolbar.

(Edit) in the tab toolbar.

4. Do the following:

From the Role drop-down list, select the role for the selected scope.

From the Scope drop-down list, select the scope containing the devices that the user can
access.

Note: For information on roles, see Role-Based Access Control (RBAC), page 70.
5. Click Submit.
6. Configure the rest of the user parameters, and click Submit.

Document ID: RDWR-APSV-V034000_UG1512

81

APSolute Vision User Guide


Managing APSolute Vision Users

Tip: Select a row and click the


(Duplicate...) button to open a new add row tab, which is
populated with the values from the selected row, except for the indexes.

Note: At the initial login, a new user enters the password and is then prompted to create a new
password. Users can always change their own passwords at login. For more information, see
Changing Passwords for Local Users, page 64. The initial password can be a default password (see
Table 8 - User Management Settings, page 78) or a personal password configured for the specific
user (see Table 13 - User: Password Parameters, page 83).

Table 10: User: General Parameters

Parameter

Description

User Name

The username used for login. This field is mandatory.


The name must start with a letter or an underscore and cannot start
with a number or any other character.
The remaining characters can be letters, numbers, underscores,
hyphens, or periods (dots).
APSolute Vision usernames are not case sensitive when logging in to
APSolute Vision WBM.
APSolute Vision usernames are case sensitive when logging in to the
APSolute Vision CLI.
APSolute Vision user passwords are case sensitive.

User Full Name

The users full name. This field is optional.

Language

The default display language for the user.


Notes:

The Default Display Language parameter (see Configuring


APSolute Vision Display Parameters, page 124) determines the
default value.

The user can change his/her own display language, by using the
icon at the upper-right corner of the main screen.

Table 11: User: Permissions Parameters

Parameter

Description

User Roles and Scopes

The specified role for the user on the specified device or devices for
which the user has credentials.

Authorized Network Policies


for Security Monitoring

The DefensePro Network Protection policies that the user is


authorized to monitor in the Security Monitoring perspective. For
more information, see the procedure below, To configure the
DefensePro Network Protection policies whose security data the user
can access in the Security Monitoring perspective and APSolute
Vision Reporter, page 83.

82

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

Table 12: User: Contact Info Parameters

Parameter

Description

These fields are optional.


Organization

The users organization.

Address

The users address.

Phone Number

The users phone number.

Table 13: User: Password Parameters

Parameter

Description

These fields are optional.


If you specify no password, APSolute Vision uses the default password for new users. (For more
information, see Default Password for Other Users in Table 8 - User Management Settings,
page 78.)
Password

The initial password for the new user.

Confirm Password

The value for confirmation of Password, when you specify the initial
password for the new user.

To configure the DefensePro Network Protection policies whose security data the user
can access in the Security Monitoring perspective and APSolute Vision Reporter
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Permissions tab, under the title Authorized Network Policies for Security
Monitoring, configure the Selected table with the Network Protection policies whose security
data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.

Notes

By default, users have access to all policies of all devices in their scope.

When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in
the Policy Name column. This signifies that the user can access all policies for each permitted
device. A user must be authorized for all network policies of a device ([ALL]) or for selected
network policies of a device. When you move a policy from the Available table to the Selected
table, [ALL] values move automatically from the Selected table to the Available table.

A change to Authorized Network Policies for Security Monitoring takes effect the next
time the user logs in, and does not affect current ongoing sessions.

Document ID: RDWR-APSV-V034000_UG1512

83

APSolute Vision User Guide


Managing APSolute Vision Users

Deleting Users
Deleting a user removes the user from the Users table.

Notes

The radware user cannot be deleted.

You can suspend a user without removing the user from the table. For more information, see
Revoking and Enabling Users, page 85.

To delete a user
1.

In the APSolute Vision Settings view System perspective, select User Management > Local
Users.

2.

In the Local Users table, select the username, and click the
toolbar.

3.

Click Yes in the confirmation box.

(Delete) button in the tab

Releasing User Lockout


When a user performs more than the permitted number of unsuccessful logins (User
Management > User Management Settings > Maximum Password Challenges), the user is
locked out and cannot log in again until the user administrator releases the lock and resets the
password.

To release a user lockout


1.

In the APSolute Vision Settings view System perspective, select User Management > Local
Users.

2.

In the Local Users table, select the username(s) that you want to unlock, and click
Selected Users).

3.

Reset the user password to the default, see Resetting User Passwords to the Default, page 84.

(Unlock

Resetting User Passwords to the Default


Following a user lockout, a user administrator can reset a local users password to the default user
password. When the user next logs into APSolute Vision, that user will be prompted to change the
default password according to APSolute Vision Password Requirements, page 86.

Note: You cannot reset the password of the radware user. If the radware user is locked out for any
reason, contact Radware Technical Support.

84

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing APSolute Vision Users

To reset a users password to the default


1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Local Users table, select the username(s) whose password you want to reset, and click
(Reset Selected User Password).

Revoking and Enabling Users


Revoking a user suspends the user, but does not delete the user from the Users table. To delete a
user from the Users table, see Deleting Users, page 84.

To revoke a user
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Local Users table, select the username(s), and click
(Revoke Selected Users). The
value in the Active User column of the user in the Local Users table changes from Yes to No.

To enable a revoked user


1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Users table, select the username(s), and click
(Enable Selected Users). The value in
the Active User column of the user in the Local Users table changes from No to Yes.

Viewing Predefined Roles


APSolute Vision provides the predefined roles, which you cannot delete or modify.

Note: For the list of predefined roles, see Predefined Roles, page 72.

To view the table of predefined roles


>

In the APSolute Vision Settings view System perspective, select User Management > Roles.

Document ID: RDWR-APSV-V034000_UG1512

85

APSolute Vision User Guide


Managing APSolute Vision Users

Viewing User Statistics


Use the User Statistics tab to view user statistics.
The User Statistics tab includes the following tables:

Currently Connected UsersThe users who are currently connected to APSolute Vision
through the local user table or an authentication server.
The table contains the following columns:

Name

Login Date and TimeThe date and time of last login. The date/time format is configurable
according to your preferences (APSolute Vision Settings view Settings perspective, General
Settings > Display).

User StatisticsA table, which you can filter, and which contains the following columns:

User Name

Date

Successful Logins

Failed Authentication Attempts

Password Changes

Lock-Outs

To display user statistics


>

In the APSolute Vision Settings view System perspective, select User Management > User
Statistics.

APSolute Vision Password Requirements


All personal and default passwords required by the Administrator user and other local users must
conform to the following rules:

A password must be at least eight (8) characters in length.

A password must include characters from at least two (2) of the following character types: text
character, number, special characterexcept for characters that may have command functions.

A password must not be the same as the username with which they are associated.

A new password must not contain a sequence of three (3) or more characters from the previous
password.

For information about changing individual and default passwords, see the following:

Changing Passwords for Local Users, page 64

Configuring General User Settings, page 77

86

Document ID: RDWR-APSV-V034000_UG1512

Chapter 4 Managing and Monitoring the


APSolute Vision System
APSolute Vision monitors and controls the APSolute Vision server and platform, and the associated
database.
This chapter contains the following main sections:

Monitoring APSolute VisionOverview, page 87

Managing APSolute Vision Basic Information and Properties, page 88

Configuring Connectivity Parameters for Server Connections, page 91

Configuring Settings for the Alerts Pane, page 95

Configuring Monitoring Settings, page 101

Configuring APSolute Vision Server Alarm Thresholds, page 102

Configuring Connections to Authentication Servers, page 103

Managing Device Drivers, page 112

Configuring APSolute Vision Reporter Parameters, page 116

Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 117

Managing APM in APSolute Vision, page 118

Configuring DefensePipe Settings, page 122

Configuring APSolute Vision Server Advanced Parameters, page 122

Configuring APSolute Vision Display Parameters, page 124

Managing APSolute Vision Maintenance Files, page 126

Managing Stored Device Configuration/Backup Files, page 126

Controlling APSolute Vision Operations, page 128

Notes

The labels of mandatory APSolute Vision parameters are bold.

When the value of a parameter has changed, before the value is submitted, the label is in italics.

In the English language display, when a value of a parameter has changed, before the value is
submitted, the tab label is in italics and has an asterisk (*).

In the Chinese language display, when a value of a parameter has changed, before the value is
submitted, the tab label has a dashed underline.

Monitoring APSolute VisionOverview


APSolute Vision monitors the APSolute Vision server and platform, and the associated database. The
system monitors performance and operational status, and stores the processed monitoring
information in the APSolute Vision database. When a problem is identified, an alert is issued, and
displayed in the Alerts pane.

Document ID: RDWR-APSV-V034000_UG1512

87

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Managing APSolute Vision Basic Information and


Properties
This section contains the following topics:

Displaying Basic Information About the APSolute Vision Server, page 88

Managing APSolute Vision Server Software, page 89

Displaying APSolute Vision Server Hardware Information, page 90

Managing and Updating the Attack Descriptions File for DefensePro, page 90

Displaying Basic Information About the APSolute Vision Server


You can view the basic information about the APSolute Vision server. You can also verify that the
date and time on the APSolute Vision server is synchronized with the date and time on the client PC.

To display the basic information about the APSolute Vision server


>

In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.

Table 14: Basic Parameters: General Parameters

Parameter

Description

Operational Status

Specifies whether the of the APSolute Vision server is currently


up or down.

Management IP Address

The IP address of the of the APSolute Vision server used for


management.

Hardware Platform

The type of hardware platform of the APSolute Vision server.

Vision Server Uptime

The up time of the APSolute Vision server, in days, hours,


minutes, and seconds.

APSolute Vision Server Time

The current date, time, and timezone in the APSolute Vision


server.
Note: APSolute Vision requires the time and date settings of
the server and client to be configured correctly relative to the
real time, taking into consideration their defined timezones.
Upon logging into the APSolute Vision client, an alert is
generated if a discrepancy of more than 5 minutes is found
between the time and date settings of the server and client.

MAC Address of Port G1

The MAC address of the APSolute Vision server G1 port.

MAC Address of Port G2

The MAC address of the APSolute Vision server G2 port.

MAC Address of Port G3

The MAC address of the APSolute Vision server G3 port.


Note: If the port is not supported, the field displays the value
Unsupported.

MAC Address of Port G4

The MAC address of the APSolute Vision server G4 port.


Note: If the port is not supported, the field displays the value
Unsupported.

88

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To verify the date and time settings


1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Click Verify Time Settings.

Managing APSolute Vision Server Software


You can view information about the APSolute Vision server software. You can also update the
software, and you can download a log of the upgrades to the server.

Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For
optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade
Commands, page 490.

To display APSolute Vision server software information


1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Select the Software tab.

Table 15: APSolute Vision Server Software Parameters

Parameter

Description

Software Version

The version of the APSolute Vision server, APSolute Vision Reporter


(AVR), Device Performance Monitor (DPM), and Application
Performance Monitor (DPM).

Build

The date and build number of the current software version.

Last Upgrade

The date and time of the last upgrade.

Upgrade Status

The upgrade status.


Values: OK, Failed

To update the APSolute Vision server software


1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Select the Software tab.
3. Click Update.
4. Click Browse, navigate to the upgrade file, and click Open.

Document ID: RDWR-APSV-V034000_UG1512

89

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
5.

In the Password text box, enter the passwordif required. A password is required for upgrade
to all major versions. Upgrade without a password is allowed when upgrading to minor versions.

Note: The password is based on the size of the upgrade file and the MAC address of the
APSolute Vision G1 or G2 port, which the Basic Parameters pane displays. You can request the
password from Radware Technical Support. The password is also available using the password
generator at radware.com.
6.

Click Upload.

To download the upgrade log of the APSolute Vision server


1.

In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.

2.

Select the Software tab.

3.

Click Download Upgrade Log. You can open the file with a selected application, or you can
save the file to a specified location.

Displaying APSolute Vision Server Hardware Information


You can view information about the APSolute Vision server hardware.

To display APSolute Vision server hardware information


1.

In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.

2.

Select the Hardware tab.

Table 16: APSolute Vision Server Hardware Parameters

Parameter

Description

RAM Size

The amount of RAM, in gigabytes.

Managing and Updating the Attack Descriptions File for DefensePro


You can view the time of the latest update of the Attack Description file on the APSolute Vision
server, and you can update the file.
The Attack Description file contains descriptions of all the different attacks that DefensePro can
handle. You can view a specific description by entering the attack name. When you first configure
APSolute Vision, you should download the latest Attack Description file to the APSolute Vision server.
The file is used for real-time and historical reports to show attack descriptions for attacks coming
from DefensePro devices.
The file versions on APSolute Vision and on the DefensePro devices should be identical. Radware
recommends synchronizing regular updates of the file at regular intervals on APSolute Vision and on
the individual devices.

Note: Radware also recommends updating the Attack Description file each time you update the
Signature files on DefensePro devices.

90

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
When you update the Attack Description file, APSolute Vision downloads the file directly from
Radware.com or from the enabled proxy file server.

To view the date and time of the last update of the Attack Description file
1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Select the Attack Descriptions File tab.

Table 17: Attack Descriptions File Parameter

Parameter

Description

Attack Descriptions Last Update

The time of the latest update of the Attack Description file on the
APSolute Vision server.

To update the Attack Description file


1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Do one of the following:

To update the Attack Description file from Radware, select the Radware.com radio button.

To update the files from the APSolute Vision client host:


a.

Select the Client radio button.

b.

In the File Name text box, enter the file path of the Attack Description file or click
Browse to navigate to and select the file.

3. Click Update. The Alerts pane displays a success or failure notification and whether the
operation was performed using a proxy server.

Configuring Connectivity Parameters for Server


Connections
These settings define how the APSolute Vision server communicates with the APSolute Vision clients,
external servers, and Radware devices.

To configure the connections to and from the APSolute Vision server


1. In the APSolute Vision Settings view System perspective, select General Settings >
Connectivity.
2. Configure the parameters, and click Submit.

Document ID: RDWR-APSV-V034000_UG1512

91

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 18: Connectivity: SNMP Parameters Toward Devices Parameters

Parameter

Description

Timeout

The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect to other Radware devices. If the device does not
respond after the configured number of retries, APSolute Vision
notifies the user that the connection failed.
Values: 1180
Default: 3
Caution: For DefensePro 7.x versions and in networks with high
latency, Radware recommends increasing the SNMP Timeout to
180 seconds (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Timeout).

Retries

The number of connection retries to another Radware device, when


the device does not respond.
Values: 1100
Default: 3

Port

The port used to communicate with Radware devices.


Values: 165,535
Default: 161

Table 19: APSolute Vision Connectivity HTTP/S Parameters Toward Devices

Parameter

Description

Default HTTP Port

The default HTTP port that APSolute Vision uses to communicate


with Radware devices. This value is displayed in the HTTP Port text
box in the Device Properties dialog box.
Values: 165,535
Default: 80

Default HTTPS Port

The default HTTPS port that APSolute Vision uses to communicate


with Radware devices. This value is displayed in the HTTPS Port text
box in the Device Properties dialog box.
Values: 165,535
Default: 443

Connection Timeout

The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the handshake for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20

Socket Timeout

The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the data transfer for device configuration
before disconnecting the socket and returning an exception.
Values: 160
Default: 20

92

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 19: APSolute Vision Connectivity HTTP/S Parameters Toward Devices (cont.)

Parameter

Description

Long Operation Connection


Timeout

The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the handshake for certain long file
operationsbefore disconnecting the socket and returning an
exception.1
Values: 11200
Default: 180

Long Operation Socket


Timeout

The time, in seconds, that the HTTP client waits for a response from
the remote hostduring the data transfer for certain long file
operationsbefore disconnecting the socket and returning an
exception.
Values: 11200
Default: 180

1 This parameter relates to the following operations:


Import/export configuration file operations.
Export of the quarantined-addresses file (for DefensePro).
DefensePro-template import/export operations.
Import/export of Radware-devices log files.
Import/export of certificate files.
Import/export of DNSSEC files.
Import/export AppShape script files (for Alteon or LinkProof NG).
RSA update (for DefensePro).
Attack signatures updates (for DefensePro).
Download of the Attack Description file (for DefensePro).

Table 20: APSolute Vision Connectivity Event Notification Parameters

Parameter

Description

Vision Management Port

Specifies the management port on the APSolute Vision server to


which the managed Radware devices send events. Any change of
this parameter takes effect only when you click Register This
APSolute Vision Server for Device Events button. Clicking
Submit in this pane has no effect on this parameter.
Caution: This parameter overwrites the Register APSolute
Vision Server IP parameter.

Remove All Other Targets of


Device Events

Specifies whetherwhen you click Register This APSolute Vision


Server for Device Eventsthe APSolute Vision server removes
(from all the managed devices) all recipients of device events except
for its own address.
Default: Disabled
Note: For related information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG, page 144
and APSolute Vision Server Registered for Device Events
DefensePro, page 145.

Document ID: RDWR-APSV-V034000_UG1512

93

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 20: APSolute Vision Connectivity Event Notification Parameters (cont.)

Parameter

Description

Register This APSolute Vision Registers the APSolute Vision server as a target of the device events
Server for Device Events
(for example, traps, alerts, IRP messages, and packet-reporting
data) on all the managed devices.
(button)
In Alteon or LinkProof NG, when you click the button and run the
Apply command, APSolute Vision configures itself as a target of the
device events and ensures that the device also sends traps for
authentication-failure events. Alteon or LinkProof NG, by default,
does not send traps for authentication-failure events.
When multiple APSolute Vision servers manage the same
DefensePro device, the device sends the following:

Traps to all the APSolute Vision servers that manage it. The
Target Address table and the Target Parameters table contain
entries for all APSolute Vision servers.

Packet-reporting data only to the last APSolute Vision server that


registered on the device.

Note: For related information, see APSolute Vision Server


Registered for Device EventsAlteon and LinkProof NG, page 144
and APSolute Vision Server Registered for Device Events
DefensePro, page 145.

Table 21: Connectivity: Proxy Server Parameters

Parameter

Description

These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.
Enable Proxy Server

Specifies whether the APSolute Vision server uses a proxy server to


download files from Radware.com.

IP Address

The IP address of the proxy server.

Port

The port of the proxy server.

Use Authentication

Specifies whether authentication is required for a successful


connection between the APSolute Vision server and the proxy server.

Username

The username for the proxy server.

Password

The password for the proxy-server user.

Verify Password

The password for the proxy-server user.

94

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 22: Connectivity: Inactivity Timeouts Parameters

Parameter

Description

These settings define when to close the user session if there is no activity on either side.
Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a
poll from the WBM within 30 seconds, the server closes the user session.
Inactivity Timeout for
The time, in minutes, of inactivity after which the server logs the
Configuration and Monitoring user out of the Configuration or Monitoring perspectives of a
Perspectives
managed device, or the APSolute Vision Settings view System
perspective.
If the connection has not yet timed out, any activity in the Security
Monitoring perspective, APM, or DPM also resets the timer.
Values: 160
Default: 20
Inactivity Timeout for
Security Monitoring
Perspective, APM, and DPM

The time, in minutes, of inactivity in the Security Monitoring


perspective, APM, or DPM, after which the server logs the user out of
the Security Monitoring perspective, APM, and DPM.
Values: 14320
Default: 1440

Configuring Settings for Alerts


Configuring settings for alerts comprises the following topics:

Configuring Settings for the Alerts Pane, page 95

Selecting Parameters to Include in Security Alerts, page 100

Configuring Settings for the Alerts Pane


APSolute Vision displays alerts for APSolute Vision and all the managed Radware devices. The Alerts
pane is available in all APSolute Vision perspectives. APSolute Vision saves all alert information in
the database. You can configure Alerts pane settings to send alert reports to a syslog server and via
e-mail to defined recipients. You can also configure default settings for the Alerts pane per client.
For more information about the Alerts pane, see Managing Auditing and Alerts, page 241.

To configure Alerts pane settings


1. In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Alert Browser.
2. Configure the parameters, and click Submit.

Document ID: RDWR-APSV-V034000_UG1512

95

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 23: Alert Browser: Auditing Settings Parameters

Parameter

Description

Enable Detailed Auditing of


APSolute Vision Activity

Specifies whether the messages that APSolute Vision issues


regarding APSolute Vision activity include additional information,
such as the new value for a parameter.
For example:

When an administrator changes a value for a parameter (such as


Device Lock Timeout):

When the option is disabled, the message gives the name of


the parameter and says that the value was changed.

When the option is enabled, the message gives the name of


the parameter and the new value.

When a user administrator changes the contact information of


another user:

When the option is disabled, the message gives the name of


the user and says that the users properties were changed.

When the option is enabled, the message gives the name of


the user, says that the users properties were changed, and
gives the new contact information.

Default: Disabled
Notes:

96

When a message refers to a change that a user initiated, the


message includes the username (even when the option is
disabled).

For a list of log messages corresponding to when this option is


disabled, see Appendix C - APSolute Vision Log Messages and
Alerts, page 547.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 23: Alert Browser: Auditing Settings Parameters (cont.)

Parameter

Description

Enable Detailed Auditing of


Device Configuration
Changes

Specifies whether the messages that APSolute Vision issues


regarding configuration changes made on managed devicesfrom
APSolute Visioninclude additional information.
When a user changes a value for a scalar parameter:

When the option is disabled, the message gives the name of the
scalar and says that the value was changed.

When the option is enabled, the message gives the name of the
scalar and the new value.

When a user adds or edits an entry to a table:

When the option is disabled, the message gives the name of the
table and says that a row was added or edited.

When the option is enabled, the message gives the name of the
table, the table parameters, and the value for each parameter.

When a user deletes an entry in a table:

When the option is disabled, the message gives the name of the
table and says that a row was deleted.

When the option is enabled, the message gives the name of the
table and the indexes of the deleted row.

Default: Disabled
Notes:

When a message refers to a change that a user initiated, the


message includes the username (even when the option is
disabled).

This parameter does not affect audit messages that the


managed device generates, which APSolute Vision displays in the
Alerts pane. This parameter only affects alerts that APSolute
Vision generates itself.

Table 24: Alert Browser: Syslog Reporting Parameters

Parameter

Description

These settings determine how APSolute Vision reports and logs events from the Alerts pane to a
syslog server. For more information, see Alert Information, page 244.
Enable

Specifies whether APSolute Vision sends reports and logs to a syslog


server.
Default: Disabled

Report

Specifies whether APSolute Vision reports all messages received by


the Alerts pane or only audit messages.
Values: All Messages, Audit Messages
Default: All Messages

Syslog Server Address

The IP address of the device running the syslog service.

L4 Destination Port

Values: 165,535
Default: 514

Document ID: RDWR-APSV-V034000_UG1512

97

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 24: Alert Browser: Syslog Reporting Parameters (cont.)

Parameter

Description

Syslog Facility

The facility for all APSolute Vision syslog reporting. The list includes
facilities as defined in the RFC 3164. The default is Log Audit.
Change the default if the syslog server uses this facility for reports
from another system.

Enable Encryption

Specifies whether APSolute Vision sends syslog messages encrypted


over TLS.
Default: Disabled

CA Certificate

The filepath of the CA certificate.

(This parameter is available


only when the Enable
Encryption checkbox is
selected.)

To update the certificate

Enable Authentication
(This parameter is available
only when the Enable
Encryption checkbox is
selected.)

1.

Click the Update button next to this text field. A file browser
dialog box opens.

2.

Browse to the certificate file, and click Open. The field displays
Pending.

3.

Click Submit. If successful, the field displays Installed.

Specifies whether the certificate must be authenticated with a


private key and a public key.
Default: Disabled

Authentication Type

Values:

(This parameter is available


only when the Enable
Encryption checkbox is
selected.)

Certificate Validation (certvalid)APSolute Vision checks with


the syslog server that the certificate is valid.

NameAPSolute Vision checks with the syslog server that the


certificate is valid and includes the specified Permitted Peer in
the certificate subject.

Permitted Peer

The string that the certificate subject must include for


authentication.

(This parameter is available


only when the
Authentication Type is
Name.)
Private Key

The filepath of the private key.

(This parameter is available To update the certificate


only when the Enable
1. Click the Update button next to this text field. A file browser
Authentication checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3.
Public Key

Click Submit. If successful, the field displays Installed.

The filepath of the public key.

(This parameter is available To update the certificate


only when the Enable
1. Click the Update button next to this text field. A file browser
Authentication checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3.

98

Click Submit. If successful, the field displays Installed.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 25: Alert Browser: Email Reporting Configuration Parameters

Parameter

Description

These settings configure how APSolute Vision sends events from the Alerts pane via e-mail to
defined recipients.
Enable

Specifies whether APSolute Vision sends reports and logs via e-mail.
Default: Disabled

SMTP Server Address


SMTP User Name

The name or IP address of the SMTP e-mail server.


The account name used to send e-mail notifications; for example,

Vision@MyCompany.com.
Subject Header

The text that appears in the Subject header of the e-mail.


Default: Alert Notification Message.

From Header

The text that appears in the From header of the e-mail.


Default: APSolute Vision

Recipient Email Address

The e-mail addresses of the intended recipients. When there are


multiple e-mail addresses, use comma (,) or semi-colon (;)
separators.

Email Sending Interval

The interval, in seconds, between successive e-mail messages.


Values: 603600
Default: 60

Alerts per Email

The maximum number of alerts to include in an e-mail message.


When there are more than the maximum number of alerts, multiple
e-mail messages are sent.
Values: 1100
Default: 30

Devices
Click to select a subset of managed devices for which to send alerts.
Move the required devices from the Available list to the Selected list.
Severity
Critical

Specifies whether to include alerts of this severity in e-mail


messages.

Major

Specifies whether to include alerts of this severity in e-mail


messages.

Minor

Specifies whether to include alerts of this severity in e-mail


messages.

Warning

Specifies whether to include alerts of this severity in e-mail


messages.

Information

Specifies whether to include alerts of this severity in e-mail


messages.

Module
Vision Configuration

Specifies whether to include alerts of this severity in e-mail


messages.

Vision General

Specifies whether to include alerts regarding this module in e-mail


messages.

Vision Control

Specifies whether to include alerts regarding this module in e-mail


messages.

Document ID: RDWR-APSV-V034000_UG1512

99

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 25: Alert Browser: Email Reporting Configuration Parameters (cont.)

Parameter

Description

Device General

Specifies whether to include alerts regarding this module in e-mail


messages.

Device Security

Specifies whether to include alerts regarding this module in e-mail


messages.

Security Reporting

Specifies whether to include alerts regarding this module in e-mail


messages.

Table 26: Alert Browser: Display Parameters

Parameter

Description

Refresh Interval

The interval, in seconds, that APSolute Vision refreshes the Alerts


Table with the latest messages.
Values: 5300
Default: 5

Selecting Parameters to Include in Security Alerts


You can limit the parameters that are included in security alerts. This option enables you to
customize the alerts to provide the relevant information according to your administrative
requirements.

To select parameters to include in security alerts


1.

In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Security Alerts.

2.

Select the check box next to each parameter you want to include in the alerts.
You can choose any combination of the following parameters:

Policy Name

Attack Name

Source IP Address

Destination IP Address

Destination Port

Action

By default, all the checkboxes are selected.


3.

Click Submit.

Note: Changes to the settings take effect on alerts generated from the time of the change and
onward.

100

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Configuring Monitoring Settings


APSolute Vision can perform online monitoring of all the managed Radware devices. It also collects
information for online security reports for DefensePro. You can configure general global settings
about how APSolute Vision obtains data for online monitoring and reports.

To configure APSolute Vision monitoring parameters


1. In the APSolute Vision Settings view System perspective, select General Settings >
Monitoring.
2. Configure the parameters, and click Submit.

Table 27: Monitoring Parameters

Parameter

Description

These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for On-line
Monitoring

The interval, in seconds, between data collections for online


monitoring of a managed device. A shorter interval provides more
up-to-date data, but uses more network and device resources.
Values: 153600
Default: 15

Polling Interval for Device


Status

The number of seconds between polls of a device to determine the


up or down status of the device and its elements.
Values: 103600
Default: 15

Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for a
response of a device-status poll before considering a device to be
down.
Default: 300
Note: If the network has latency longer than the Timeout for
Device Status Poll, devices will appear up and down or always
down, and therefore unmanageable. If you encounter such
behavior, increase the value accordingly.
Reports
This setting configures APSolute Vision monitoring for real-time reports for DefensePro.
Polling Interval for Reports

The time, in seconds, between data collections for reports. A


smaller interval provides more up-to-date information at the
expense of network resources.
Values: 153600
Default: 15

Document ID: RDWR-APSV-V034000_UG1512

101

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Configuring APSolute Vision Server Alarm Thresholds


You can configure the following server-alarm thresholds for specific alarms:

Two threshold values for rising alarms to issue warning and error alerts respectively. The rising
server-alarm threshold value must always be lower than the rising error threshold. When the
parameter value exceeds the rising server-alarm threshold value but is less than the error
threshold value, a warning alert is issued. When the parameter value exceeds the rising error
threshold, an error alert is issued.

Two threshold values for falling alarms to clear warning and error alerts respectively. The falling
alarm values must be less than their respective rising alarm values.

Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.

To configure APSolute Vision server-alarm thresholds


1.

In the APSolute Vision Settings view System perspective, select General Settings > Server
Alarm.

2.

To edit the thresholds for a specific parameter, double-click the parameter name.

3.

Configure the parameters, and click Submit.

Table 28: Server-Alarm Threshold Parameters

Parameter

Description

Parameter

(Read-only) The parameter name.

Enabled

Specifies whether the threshold parameter is used for the corresponding


alarm.
Default: Enabled

Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning

The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.

Error

The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.

Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning

The falling warning alarm value must be less than the rising warning alarm
value.

Error

The falling error alarm value must be less than the rising error alarm value.

102

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Configuring Connections to Authentication Servers


Besides the local user table, APSolute Vision users can be authenticated through RADIUS or
TACACS+.
This section contains the following topics:

Configuring RADIUS Server Connections, page 103

Configuring TACACS+ Server Connections, page 107

Configuring RADIUS Server Connections


APSolute Vision can authenticate users using its role-based access control (RBAC) through a Remote
Authentication Dial In User Service (RADIUS) server connection. For more information on RBAC and
RBAC roles and scopes, see Role-Based Access Control (RBAC), page 70.

Caution: Users defined through a RADIUS server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).

Caution: If the name of an APSolute Vision site changes and a RADIUS server authenticates users,
the user scopes on the RADIUS server must be reconfigured manually.

Authentication Process with RADIUS


If the APSolute Vision server is configured to use RADIUS for authentication, the user-authentication
process is as follows:
1. The user starts the APSolute Vision client, enters the username and password given by the
RADIUS administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the RADIUS
server.
3. If the RADIUS server recognizes and authorizes the APSolute Vision server, the RADIUS server
processes the request for the user and password.

Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.
4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see Each RADIUS server (primary and
secondary) for APSolute Vision user authentication requires the following:, page 104). If the
RADIUS server does not authenticate the user, the RADIUS server sends an Access-Reject
message.

Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5. If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.

Document ID: RDWR-APSV-V034000_UG1512

103

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the
following:

The RADIUS server must use the port specified on the APSolute Vision server.

The RADIUS server must authorize the APSolute Vision server.

The RADIUS server must use the authentication type (for example, PAP) that is specified in the
APSolute Vision server.

Your RADIUS server and/or RADIUS Authentication system and your dictionary file must include
the following:

Attribute ID 26To specify a Vendor-Specific Attribute (VSA).

Vendor ID 89To specify Radware (as assigned by Internet Assigned Numbers Authority,
IANA). Vendor ID 89 will need to be configured on the RADIUS server.

Vendor Attribute ID 100To specify the Radware-Role attribute. The RADIUS server can
use this attribute to return the IDM-stringscope combination to the APSolute Vision serer.

Vendor Attribute ID 101To specify the Radware-Policy attribute. The RadwarePolicy attribute is used to limit what DefensePro security data the user sees in the Security
Monitoring perspective and APSolute Vision Reporter according to specified DefensePro
Network Protection policies. This feature is supported only in DefensePro on x412 platforms
with the DME and x420 devices.

The RADIUS server Access-Accept response must include an IDM-stringscope combination, for
the Radware-Role attribute, in the following format:

<IDM string>:<Scope>
where:

<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70. The list of the available RADIUS attribute IDs and corresponding attribute names is
available at http://www.iana.org/assignments/radius-types/radius-types.xhtml.

<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more rows
specifying a site or managed-device name.
Examples:

ADMINISTRATOR:[ALL]ADC_OPERATOR:MyADCSiteADC_OPERATOR:MyADCSite
ADC_OPERATOR:MyDevice1
ADC_OPERATOR:MyDevice2

Caution: Users defined through a RADIUS server with the Administrator, User
Administrator, or Vision Administrator roles role must be configured with the scope [ALL]
(including the square brackets).

If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must
include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy
attribute, in the following format:

<SecurityMonitoringScope>:<ProtectionPolicyName>

104

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
where:

<SecurityMonitoringScope> is the scope of the user in the context of DefensePro


security monitoring. The scope [ALL] (including the square brackets) specifies all
supported DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more rows specifying an IP address of a
supported DefensePro device.

<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more rows.

Examples:

[ALL]:[ALL] The user has security-monitoring access to all the supported DefensePro
devices for the corresponding scope and all the associated Network Protection policies.

10.202.199.36:[ALL] The user has security-monitoring access to all the Network


Protection Policies for the DefensePro device with the IP address 10.202.199.36.

10.202.199.36:MyNetProtPolicy The user has security-monitoring access to data


related to the Network Protection Policy named MyNetProtPolicy that is configured in the
DefensePro device with the IP address 10.202.199.36.

10.202.199.36:MyNetProtPolicy1
10.202.199.36:MyNetProtPolicy2
10.202.199.36:MyNetProtPolicy3 The user has security-monitoring access to data
related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and
MyNetProtPolicy3, that are configured in the DefensePro device with the IP address
10.202.199.36.

Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.

Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for


<ProtectionPolicy> must be [ALL].

Configuring the RADIUS Server Connections


Use the following procedure to configure your RADIUS server connections.

To configure a RADIUS-server connection


1. In the APSolute Vision Settings view System perspective, select General Settings >
Authentication Protocols > RADIUS Settings.
2. Configure the parameters, and click Submit.

Table 29: Primary RADIUS Configuration Parameters

Parameter

Description

IP Address

The IP address of the primary RADIUS server for authentication.

Document ID: RDWR-APSV-V034000_UG1512

105

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 29: Primary RADIUS Configuration Parameters (cont.)

Parameter

Description

Port

The Layer 4 port on the primary RADIUS server.


Values: 1812, 1645
Default: 1812

Shared Secret

The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64

Verify Shared Secret

The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64

Table 30: Secondary RADIUS Configuration Parameters

Parameter

Description

IP

The IP address of the secondary RADIUS server for authentication.

Authenticate Port

The Layer 4 port on the secondary RADIUS server.


Values: 1812, 1645
Default: 1812

Shared Secret

The shared secret used for communication between the secondary


RADIUS server and APSolute Vision.
Maximum characters: 64

Verify Shared Secret

The shared secret used for communication between the secondary


RADIUS server and APSolute Vision.
Maximum characters: 64

Table 31: Shared RADIUS Configuration Parameters

Parameter

Description

Timeout

The time, in seconds, between retransmissions to the RADIUS servers.


Values: 1100
Default: 5
Note: If connectivity is too slow, increase the value.

Retries

The number of authentication retries before a second RADIUS server (if


configured) is contacted.
Values: 110
Default: 3
Note: If connectivity is too slow, increase the value.

Attribute ID

The RADIUS attribute used in the RADIUS profile.


Values: 1255
Default: 26that is, Vendor Specific Attribute

106

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 31: Shared RADIUS Configuration Parameters (cont.)

Parameter

Description

Vendor ID

The vendor ID for the vendor-specific attribute (VSAs).

(This parameter is
Default: 89Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
Vendor Attribute ID

The vendor-specific-attribute ID to hold the <IDM string>:<Scope>


values.
(This parameter is
displayed only if the
Default: 100Specifies the Radware Radware-Role.
specified Attribute ID is
Note: Names of vendor-specific attributes are decided on by the
26.)
vendor.
Authentication Type

The method of authentication to be used.


Values:

PAP

CHAP

EAP-MD5

EAP-MSCHAP v1

MSCHAP v1

MSCHAP v2

Default: PAP

Configuring TACACS+ Server Connections


APSolute Vision can authenticate users using its role-based access control (RBAC) through a
Terminal Access Controller Access-Control System Plus (TACACS+) server connection. For more
information on RBAC and RBAC roles and scopes, see Role-Based Access Control (RBAC), page 70.

Caution: Users defined through a TACACS+ server with the Administrator, User Administrator, or
Vision Administrator roles must be configured with the scope [ALL] (including the square brackets).

Caution: If the name of an APSolute Vision site changes and a TACACS+ server authenticates
users, the user scopes on the TACACS+ server must be reconfigured manually.

Authentication Process with TACACS+


If the APSolute Vision server is configured to use TACACS+ for authentication, the userauthentication process is as follows:
1. The user starts the APSolute Vision client, enters the username and password given by the
TACACS+ administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the
TACACS+ server.

Document ID: RDWR-APSV-V034000_UG1512

107

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
3.

If the TACACS+ server recognizes and authorizes the APSolute Vision server, the TACACS+
server processes the request for the user and password.

Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute
Vision server), the TACACS+ server ignores the request.
4.

If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept
message with the username and its associated IDM-stringscope combination to the APSolute
Vision server. For DefensePro on x412 platforms with the DME and x420 devices, the AccessAccept message contains the SecurityMonitoringScope-ProtectionPolicy combination for the
Radware-Policy attribute (for more information, see TACACS+ Server Requirements,
page 108). If the TACACS+ server does not authenticate the user, the TACACS+ server sends an
Access-Reject message.

Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 70.
5.

If the user is authenticated, the APSolute Vision server grants access according to the users
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.

TACACS+ Server Requirements


The TACACS+ implementation in APSolute Vision supports standard ASCII inbound login to the
device. PAP, CHAP, ARAP, and MSCHAP login methods are not supported. TACACS+ change password
requests are not supported. One-time password authentication is not supported. APSolute Vision
performs encryption of body packets by concatenating a series of MD-5 hashes. Setting the
TAC_PLUS_UNENCRYPTED_FLAG, which allows the exchange of clear text TACACS+ packets, is not
allowed.
Each TACACS+ server (primary and secondary) for APSolute Vision user authentication requires the
following:

The TACACS+ server must use the port specified on the APSolute Vision server.

The TACACS+ server must authorize the APSolute Vision server.

The TACACS+ server configuration file must use the following structure:

user = <user> {
login = <login>
member = <user group>
}
group = <user group>{
service = <service> {
radware-role = <IDM string>:<Scope>
radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>
priv-lvl = <privilege level>
}
}

108

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System
where:

<user> is the users name.

<login> is the login type and the users password. The login type can be cleartext,
where the users password is exposed in the configuration file, or may use encryption such
as des. If the password includes a space, the password must be enclosed in quotation
marks (").
Examples:

cleartext mypassword
cleartext "my password"
des l5c2fHiF21uZ6
<user group> is the group of which the user is a member.

<service> is the Service Name configured for the TACACS+ connection in APSolute Vision.

<IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 70.

<Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more entries
specifying a site or managed-device namedelimited by plus signs (+).

Caution: Users defined through a TACACS+ server with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).

The radware-policy row defines DefensePro security monitoring.


The radware-policy row is optional if the managed device does not support DefensePro
security monitoring.

<SecurityMonitoringScope> is the scope of the user in the context of DefensePro


security monitoring. The scope [ALL] (including the square brackets) specifies all
supported DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more entries specifying a DefensePro-device
name or APSolute Vision site namedelimited by plus signs (+).
and

<ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more entriesdelimited by plus signs (+).
Examples:

[ALL]:[ALL] The user has security-monitoring access to all the supported

dp1:[ALL] The user has security-monitoring access to all the Network Protection

dp2:Syn_ACK_V21_Policy The user has security-monitoring access to data related


to the Network Protection Policy named Syn_ACK_V21_Policy that is configured in the
DefensePro device named dp2.

dp3:MyNetProtPolicy1+dp3:MyNetProtPolicy2+dp3:MyNetProtPolicy3 The

DefensePro devices for the corresponding scope and all the associated Network
Protection policies.

policies for the DefensePro device named dp1.

user has security-monitoring access to data related to the Network Protection policies
named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured
in the DefensePro device named dp3.

Document ID: RDWR-APSV-V034000_UG1512

109

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Caution: This feature is supported only in DefensePro on x412 platforms with the DME and
x420 devices. If you specify non-supported devices, you may experience improper behavior.

Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for


<ProtectionPolicy> must be [ALL].

<privilege level> is the Minimal Required Privilege Level configured for the
TACACS+ connection in APSolute Vision. TACACS+ indicates the privilege level at which the
user is authenticating.

Note: Privilege levels are ordered values from 0 to 15 with each level representing a privilege
level that is a superset of the next lower value. If a NAS client uses a different privilege level
scheme, mapping must be provided.
The predefined values are as follows:

TAC_PLUS_PRIV_LVL_MAX

:= 0x0f

TAC_PLUS_PRIV_LVL_ROOT

:= 0x0f

TAC_PLUS_PRIV_LVL_USER

:= 0x01

TAC_PLUS_PRIV_LVL_MIN

:= 0x00

Example
The following is an example of a TACACS+ configuration file.
The file includes definitions of the user testuser who belongs to the group testgroup.
dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.
The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.
RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all
policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.

user = testuser {
login = cleartext "radware"
member = testgroup
}
group = testgroup {
service = connection {
radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4
radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]
priv-lvl = 2
}
}

110

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Configuring the TACACS+ Server Connections


Use the following procedure to configure your TACACS+ server connections.

To configure a TACACS+ server connection


1. In the APSolute Vision Settings view System perspective, select General Settings >
Authentication Protocols > TACACS+ Settings.
2. Configure the parameters, and click Submit.

Table 32: Primary TACACS+ Configuration Parameters

Parameter

Description

IP Address

The IP address of the primary TACACS+ server for authentication.

Port

The Layer 4 port on the primary TACACS+ server.


Values: 49
Default: 49

Shared Secret

The TACACS+ shared secret used for communication between the


primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Maximum characters: 255

Verify Shared Secret

The TACACS+ shared secret used for communication between the


primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Maximum characters: 255

Table 33: Secondary TACACS+ Configuration Parameters

Parameter

Description

IP Address

The IP address of the secondary TACACS+ server for authentication.

Authenticate Port

The Layer 4 port on the secondary TACACS+ server.


Values: 49
Default: 49

Shared Secret

The shared secret used for communication between the secondary


TACACS+ server and APSolute Vision. The value can contain special
characters.
Maximum characters: 255

Verify Shared Secret

The shared secret used for communication between the secondary


TACACS+ server and APSolute Vision. The value can contain special
characters.
Maximum characters: 255

Document ID: RDWR-APSV-V034000_UG1512

111

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 34: Shared TACACS+ Configuration Parameters

Parameter

Description

Timeout

The time, in seconds, between retransmissions to the TACACS+


servers.
Values: 1100
Default: 5
Note: If connectivity is too slow, increase the value.

Retries

The number of authentication retries before a second TACACS+ server


(if configured) is contacted.
Values: 110
Default: 3
Note: If connectivity is too slow, increase the value.

Minimal Required Privilege


Level

The minimum TACACS+ privilege level specified for a user that will
allow access to APSolute Vision. A user can successfully be authorized
by the TACACS+ server but have a privilege level that is too low to
access APSolute Vision.
0 (zero) is the lowest privilege level, meaning: all users can access
APSolute Vision. 15 is the highest level. For example, if the Minimal
Required Privilege Level is defined as 1, all users with access level of 1
or higher can access APSolute Vision; and users with level 0 (zero) will
not have access to APSolute Vision.
Values: 015
Default: 0

Service Name

The name of the service as defined in the TACACS+ server


configuration file.

Managing Device Drivers


A device driver in APSolute Vision defines the GUI and configuration of the software version of a
managed device. The software version of a managed device defines the baseline driver version.
There may be multiple device-driver versions for a single software version of a device, but there can
be only one device-driver version in use on any single APSolute Vision server. That is, each device
driver applies to all devices in the system that use the same device-software version. Typically,
subsequent versions of device drivers include only fixes for GUI and configuration bugs. You can
install a newer version of the device driver, and you can revert to the baseline version.
When you upgrade device software, you need to reboot the device. However, when you install a new
version of a device driver or revert to the baseline version, you do not need to reboot the device.

Caution: Device drivers do not include changes to the online help. Depending on the configuration
of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute
Vision server (the default option) or radware.com. The online-help files at radware.com are always
the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute
Vision clients get online help from the APSolute Vision server, after updating a device driver, the
online-help files on the server should be updated. It is the responsibility of the APSolute Vision
administrator to make sure that the help files on the server are updated as necessary. For more
information, see Appendix A - Managing the Online-Help Package on the Server, page 505.

112

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Note: The device driver includes the minimum APSolute Vision version.
When an APSolute Vision server detects that a new device has been installed or that a new device
software version has been installed on an existing device, the server retrieves the driver version
from the device.
The server checks whether it already has a driver version that corresponds to the device software
version, and uses the newest device driver.
If the driver version on the device is newer than the device version on the server, the server
downloads the new driver from the device, but does not apply it. The table in the Device Drivers
node (in the APSolute Vision Settings view System perspective) displays the device-version row
shaded gray.
If the device driver is incompatible or not found, APSolute Vision behaves as follows:

Issues an appropriate error message, but displays the device in the tree of the device pane with
a special icon (?) on top of it.

When you click the device in the tree, no screen is displayed, but the following information is
displayed in the device-properties pane: Device Name (from Vision), Device Type (if known),
Status: Unsupported, and Software Version: <SW_version>

The device-properties pane includes the name of the device driver.


You can do the following:

Update the drivers of the devices of a particular software version.

Update all the device drivers that are not updated in the APSolute Vision server.

Revert the driver to the baseline driver version.

If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or
not. If you change the driver version when a device is locked by other users, you may lose the
changes for those users.

Table 35: Driver Parameters

Column

Description

Product Name

The device type.


Values:

Alteon

AppWall

DefensePro

LinkProof NG

Product Version

The device software version.

Instances

The number of devices that use the same device software version.

Driver Baseline

The baseline version of the driver used for this device software version.

Driver in Use

The driver version in use for this device software version.

Latest Driver

The latest driver version for this device software version that is stored in
the APSolute Vision server.

Supported Languages

The languages that the device driver supports.

Document ID: RDWR-APSV-V034000_UG1512

113

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To update a device driver


1.

In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.

2.

Select the row with the relevant device and device version.

3.

Click the

4.

Click Browse, navigate to the driver, and click Open.

5.

Click Update. APSolute Vision verifies that the device driver version is relevant for the device
software.

6.

Read the confirmation message, and then, accept or abort the action.

(Update Device Driver) button.

The version of the driver that you install cannot be the same version or an older version of the
driver baseline version. If the driver version that you install is newer than the baseline version
but older than the driver version in use, APSolute Vision prompts you for confirmation to change
the current driver. If the driver version that you install is newer than the baseline version and
newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade
the current driver.

To apply a driver version to a specific device when there is a newer version in the server
1.

In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.

2.

Select the row with the relevant device and device version.

3.

Select the

(Update to Latest Driver) button.

To revert to baseline driver version that resides on the APSolute Vision server
1.

In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.

2.

Select the row with the relevant device and device version.

3.

Select

(Revert to Baseline Driver) button.

Note: This option is displayed only when the driver version in use is different from the baseline
driver release.

114

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To update all the device drivers to the latest ones that are stored in the APSolute Vision
server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click

(Update All Drivers to Latest) button.

Note: This command is available only when the APSolute Vision server has device driver
version that is later than one of the device drivers in use.
The following procedure is for troubleshooting a situation such as the following:

A driver for the device you want to add to the APSolute Vision configuration does not exist in the
APSolute Vision server or does not exist as part of the device software.

The driver for the device you want to add to the APSolute Vision configuration is corrupt in the
APSolute Vision server.

The driver for the device you want to add to the APSolute Vision configuration does not exist in
the APSolute Vision server and is corrupt in device software.

Note: The APSolute Vision CLI includes a command for troubleshooting problems related to
device drivers. For more information, see system database maintenance driver_table delete,
page 472.

To load a driver for a software version that does not exist in the Device Drivers table
(that is, APSolute Vision has never managed a device using this software version)
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Click the

(Upload Device Driver) button.

3. Click Browse, navigate to the driver, and click Open.


4. Click Upload. The action loads a driver into the APSolute Vision server. The driver version is
displayed in the Device Driver table, in the Latest Driver column, if there is a managed device of
the corresponding software version. The driver is available when you add a new device to the
APSolute Vision configuration.

Document ID: RDWR-APSV-V034000_UG1512

115

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Configuring APSolute Vision Reporter Parameters


You can view historical security reports in the APSolute Vision Reporter (AVR).
The AVR client supports only a single timezone, which is the timezone configured on the APSolute
Vision server.

Notes

To open the AVR, click AVR (

AVR does not support Alteon or LinkProof NG.

) in the APSolute Vision toolbar.

To configure APSolute Vision Reporter settings


1.

In the APSolute Vision Settings view System perspective, select General Settings > APSolute
Vision Reporter.

2.

Configure the parameters, and click Submit.

Table 36: APSolute Vision Reporter Parameters

Parameter

Description

Attack Polling Interval

(Read-only) The interval for polling security attack data, which is 5


minutes.

Data Retention Interval

The time, in months, that APSolute Vision retains AVR data.


Values:

148

Unlimited

Default: 12
Note: After upgrade from an APSolute Vision version prior to 2.30,
the value is Unlimited. You can modify this value if you require.
Upload Logo
(button)

116

You can upload a logo to display on reports. Click the button and enter
the name of the file to upload.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Managing APSolute Vision Licenses and Viewing Capacity


Utilization
Licenses for APSolute Vision can be generated based on the MAC address of the APSolute Vision port
G1 or G2.
APSolute Vision displays the MAC address of port G1 in the License Management pane above the
License table.
Contact Radware Technical Support to purchase the license you require.

To manage a license for APSolute Vision


1. In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
2. Do one of the following:

To add an entry, click the

(Add) button.

To edit an entry, double-click the row.

3. In the License String text box, enter the license string.


4. Click Submit.

Viewing APSolute Vision Capacity Utilization


APSolute Vision has capacity limitations. For more information, see the APSolute Vision Release
Notes for the relevant version.
Use the Current Utilization table to help determine whether you exceed scale/capacity specifications
and whether you need to purchase additional RTU licenses. The Current Utilization table displays
various Item parameters and the number of each item (see Table 37 - Capacity Utilization Table
Parameters, page 117).

To view the Capacity Utilization table


>

In the APSolute Vision Settings view System perspective, select General Settings > License
Management.

Table 37: Capacity Utilization Table Parameters

Parameter

Description

Managed Physical Devices

The number of physical devices (of any supported


device type) that the APSolute Vision is managing.
DefenseFlow is not counted.

Managed Virtual Devices

The number of virtual devices (of any supported


device type) that the APSolute Vision is managing.
DefenseFlow is not counted.

Managed DefensePro Devices

The number of DefensePro devices of any deployment


type (virtual or physical appliance) that the APSolute
Vision is managing.

Document ID: RDWR-APSV-V034000_UG1512

117

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 37: Capacity Utilization Table Parameters (cont.)

Parameter

Description

Unavailable Devices

The number of devices that the APSolute Vision is


managing whose status is not Up. That is, devices
whose status is Down, Maintenance, Unknown,
and so on.

Total Enabled DefensePro Policies

The sum of enabled Network Protection policies and


Server Protection policies on the DefensePro devices
that the APSolute Vision is managing.

Total Profiles Assigned to Enabled Policies

The number of profiles in both the Network Protection


policies and Server Protection policies on the
DefensePro devices that the APSolute Vision is
managing. If a profile is associated with multiple
policies, it is counted multiple times.

Managing APM in APSolute Vision


Application Performance Monitoring (APM) monitors traffic through Alteon and LinkProof NG devices.
APM can continuously monitor all transactions and provide visibility into the true end-user
experience in the data center, network, or online application.
The APM server is part of the APSolute Vision server with APM server VA offering. One APM server
per APSolute Vision server supports the APM functionality. The APM server is an OVA installation in a
VMware vSphere environment. You specify the connection details of the APM server in the APSolute
Vision Settings view System perspective, under General Settings > APM Settings.
From the APM Settings node, you can view information related to the virtual services of the
managed devices that have APM enabled. There, you can also directly access the service in APM Web
interface.

Notes

The term APM server may also be referred to as SharePath server.

APM requires a proper license, which you can manage in the License Management tab (APSolute
Vision Settings view System perspective, General Settings > License Management).

For information on the installation of the APM server, see the APSolute Vision Installation and
Maintenance Guide.

For information on how to configure Alteon or LinkProof NG with APM, see Configuring the APM
Server in an Alteon, page 59 and Managing Virtual Services Settings, page 231.

For information on using APM, see the Application Performance Monitoring User Guide.

For information on how to use the APM Web interface, click the
Web interface.

118

(Help) button in the APM

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To open the APM Web interface


>

Do one of the following:

In the main toolbar, click APM (

Do the following:

).

a.

In the APSolute Vision Settings view System perspective, select General Settings >
APM Settings.

b.

In the table, in the APM Server column, click the hyperlink.

Considerations and Constraints Using APM with Alteon Version 29.5


The following lists describes the considerations and constraints using APM with Alteon version 29.5:

The Alteon must be managed by the same APSolute Vision that hosts the APM server.

If the instance of the APM server is replaced without restoring the previous database, the
system administrator must reapply the APM configuration on each virtual service.

Managing the APM Server


This section describes how to manage the APM server.
Use the APM-Enabled Services table to view information related to the virtual services of the
managed Alteon or LinkProof NG devices that have APM enabled. There, you can also directly access
the service in the APM Web interface.

To manage the APM server


1. In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings. The APM Settings tab displays the APM Server State field and a table with
information about the APM server.
The APM Server State field can display the following values:

InitializingThe APM server is initializing.

RunningThe APM server is running.

DownThe APM server is down. Typically, this is because the APM server is not yet
configured in the table or the APM license is not yet installed.

2. Do one of the following:

To add an entry, click the

To edit an entry, double-click the row.

(Add) button.

3. Configure the parameters, and then, click Submit.

Document ID: RDWR-APSV-V034000_UG1512

119

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 38: APM Server Parameters

Parameter

Description

Use the APM Server Installed on Specifies whether APSolute Vision uses the APM server associated
this APSolute Vision Server
with the APSolute Vision server with APM server VA installation.
(This parameter is available only Values:
with the APSolute Vision server DisabledAPSolute Vision uses an external APM server.
with APM server VA offering.)
EnabledAPSolute Vision uses the APM server associated
with the APSolute Vision installation, and populates the
following fields with read-only values:

Management IP AddressThe IP address of the APSolute


Vision management port (G1 or G2), which is the
management port for both APM and APSolute Vision
server.

Data IP AddressThe IP address of the G4 port.

Backup IP AddressThe IP address of the G3 port. This


value is not mandatory.

Default: Disabled
Notes:

Management IP Address

For information on configuring the IP address for each port,


see Network IP Interface Commands, page 447.

For information on configuring the routing for each port, see


Network Routing Commands, page 451.

The IP address of the port on the SharePath/APM server that


APSolute Vision uses for APM management traffic.
In the APSolute Vision server with APM server VA offering, this
address is typically the management IP address of the APSolute
Vision server too. By default, this the IP address of the G1 port.

Port

The management interface TCP port.


Values: 165535
Default: 443
Caution: Specifying a non-default port involves modifying the
APM server configuration. For more information, in the
Application Performance Monitoring Troubleshooting and
Technical Guide, see the appendix Configuring a Non-Default
APM Port for APM Reports.
Note: You can specify the port only when you add a new APM
server to the APSolute Vision configuration. You cannot modify
the port on an APM server that is already configured in
APSolute Vision. To modify the port, you need to remove the
APM server from the APSolute Vision configuration, and then,
add the APM server with the required port to the APSolute
Vision configuration again.

120

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 38: APM Server Parameters (cont.)

Parameter

Description

Data IP Address

The IP address of the port on the SharePath/APM server that


APSolute Vision uses for APM data traffic. In the APSolute Vision
server with APM server VA offering, this address is typically the IP
address of the APSolute Vision G4 port. This field is significant
only for older Alteon versions 29.5, 30.0.0, 30.0.1, 30.0.2,
30.0.3, and 30.1. New versions use the configuration on the
device and ignore the Data IP Address field. The default is set
to G4, assuming that APM must support the device sending
beacons from the Alteon data interface.

Backup IP Address

The IP address of the port on the SharePath/APM server that


APSolute Vision uses for APM backup traffic.
Note: This value is not mandatory.

Performance Limit

The maximum events (performance reports for an HTML page)


per second that the APM server can process.
Values: 101000
Default: 500

Table 39: APM-Enabled Services Table

Parameter

Description

Device Name

The name of the device with the APM-enabled service.

Virtual Server Index

The index of the APM-enabled service.

Virtual Server IP

The IP address of the APM-enabled service.

Port

The port of the APM-enabled service.

Description

The description of the APM-enabled service.

APM Application Link

A hyperlink to the APM-enabled service in the APM interface.

Viewing Information on the APM-Enabled Devices


Use the APM Enabled-Devices pane to view information on the devices managed by the APSolute
Vision server that have at least one virtual service with APM enabled.

To view information on the APM-enabled devices


>

In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings > APM-Enabled Devices.

Table 40: APM-Enabled Devices Table

Parameter

Description

Device Name

The name of the device with an APM-enabled service.

Device Management IP

The IP address of the device.

Software Version

The software version of the device.

APM License (PgPM)

The APM license currently installed on the device.

Form Factor

The form factor of the device.

Document ID: RDWR-APSV-V034000_UG1512

121

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 40: APM-Enabled Devices Table (cont.)

Parameter

Description

Hardware Platform

The platform of the device.

APM Server Management IP

The IP address of the management port of the APM server.


For the APSolute Vision server with APM server VA offering, this is
the IP address of the management port of the APSolute Vision
server.

Configuring DefensePipe Settings


Use the DefensePipe Settings pane to specify the DefensePipe URL.
APSolute Vision uses the URL to connect to DefensePipe when you click DefensePipe (
APSolute Vision menu bar.

) in the

Note: For more information on DefensePipe, see the DefensePipe User Guide.

To specify the DefensePipe URL


1.

In the APSolute Vision Settings view System perspective, select General Settings >
DefensePipe Settings.

2.

In the DefensePipe URL text box, type the URL, and click Submit.

Configuring APSolute Vision Server Advanced


Parameters
Use the following procedure to configure additional advanced parameters and online-help
parameters for the APSolute Vision server.

To configure advanced parameters for the APSolute Vision server


1.

In the APSolute Vision Settings view System perspective, select General Settings >
Advanced.

2.

Configure the parameters, and click Submit.

122

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 41: APSolute Vision Advanced: General Parameters

Parameter

Description

Maximum Configuration Files The maximum number of configuration files per managed device
for Device
that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 110
Default: 5
Note: If you change the maximum value to less than the number
of existing configuration files, none of the existing files will be
deleted. For example, the configured maximum value is 10 and
there are 8 configuration files, if you then change the configured
maximum value to 4, no files are deleted.
Minimal Log Level

The lowest severity of messages that will be logged for debugging


purposes.
Values:

Fatal

Error

Warning

Info

Debug

Trace

Default: Error
Caution: Lowering the value of the Minimal Log Level
parameter may negatively affect the performance of the APSolute
Vision server. Radware recommends using the default value,
Error, except when there are specific troubleshooting
requirements.
Device Lock Timeout

The time, in minutes, that a device remains locked. If you have the
appropriate permissions to configure a device, you can lock the
device so that other user cannot configure the device at the same
time.
Values: 5180
Default: 10

Results per Page

The number of rows that are displayed per table page.


If you change this setting after retrieving information into a table in
the current session, the table information will be lost and APSolute
Vision will need to obtain the device information again. Radware
recommends changing this setting at the beginning of a session
before obtaining information from a managed device.
Values: 10100
Default: 20

Document ID: RDWR-APSV-V034000_UG1512

123

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 42: APSolute Vision Advanced: Online Help Parameters

Parameter

Description

Note: After you click Submit, for a change to take effect immediately, you may need to refresh
your browser display or clear the browser cache.
Online Help URL

The source of the online help that clients request.


Values:

APSolute Vision ServerThe server provides the client with


online-help files stored on the server. Installation of the
APSolute Vision server includes online-help files, but if managed
devices are somehow upgraded later (with a new device, new
device version, or new device driver), the online-help files on
the server should be updated. It is the responsibility of the
APSolute Vision administrator to make sure that the help files on
the server are updated as necessary. For more information, see
Appendix A - Managing the Online-Help Package on the Server,
page 505.

Radware.comThe client sends online-help requests to the


radware.com Web site and receives files from there. The onlinehelp files at radware.com are always the most up-to-date, but
clients may encounter latency or connectivity problems.

Default: APSolute Vision Server


Update
(button)

Opens the dialog box to update the online-help package that resides
in the APSolute Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.

Revert to Default Help


(button)

The online help currently on the server reverts to the online help
package that was included with the installation of the APSolute
Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 505.

Configuring APSolute Vision Display Parameters


You can configure display parameters for APSolute Vision clients, which also affect certain other
APSolute Vision functionalities.

To configure APSolute Vision display parameters


1.

In the APSolute Vision Settings view System perspective, select General Settings > Display.

2.

Configure the parameters, and click Submit.

124

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 43: Display: General Parameters

Parameter

Description

Default Display Language

The default display language for new users in the APSolute Vision
system.
Notes:

Each user can change his/her own display language, by using


the

Default Landing Page

icon at the upper-right corner of the main screen.

If you change the value, the change affects only users created
after the change.

An Administrator can specify the default language for each


specific user (see Configuring Local Users for APSolute Vision,
page 79).

The page that APSolute Vision displays by default for new users in
the APSolute Vision system.
Values:

First Device in the TreeAPSolute Vision opens displaying the


Device pane with the first available device selected, and the
Configuration perspective.

Application SLA DashboardNew users land on the Application


SLA Dashboard (see Using the Application SLA Dashboard,
page 433).

Security Control CenterNew users land on the Security


Control Center (see Using the Security Control Center,
page 436).

None

Default: First Device in the Tree


Notes:

User roles and scopes determine whether the selected option is


relevant. If a user does not have permission to view the selected
option, the user lands in the first permitted tab in the APSolute
Vision Settings view). For information on user roles and scopes,
see Managing APSolute Vision Users, page 69.

Each user can change his/her own landing page (APSolute


Vision Settings view Preferences perspective, User
Preferences > Display).

If you change the value, the change affects only users created
after the change.

Document ID: RDWR-APSV-V034000_UG1512

125

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

Table 44: Display: Date and Time Format Parameters

Parameter

Description

Date Format

The date format for information that includes time and date and
displayed in the APSolute Vision client.
Values:

dd.MM.yyyy

MM.dd.yyyy

dd/MM/yyyy

MM/dd/yyyy

Default: dd.MM.yyyy
Time Format

The time format for information that includes time and date and
displayed in the APSolute Vision client.
Values:

HH:mm:ss

HH:mm:ss z

h:mm:ss aa

h:mm:ss aa z

Default: HH:mm:ss

Managing APSolute Vision Maintenance Files


You can open and save the maintenance files and upgrade log files of the APSolute Vision server.

To open or save a maintenance file or upgrade log file


1.

In the APSolute Vision Settings view System perspective, select General Settings >
Maintenance Files.

2.

Double-click the row with the relevant file.

3.

Use the dialog box to open the file with a selected application or save the file to a selected
location.

Managing Stored Device Configuration/Backup Files


You can manage configuration files of managed devices that are stored on the APSolute Vision
server.
You can do the following:

View details of the configuration files of managed devices

Save configuration files from the server to your PC

Delete configuration files from the server

Edit configuration file descriptions

For information about configuring the maximum number of configuration files per device that can be
stored, see Configuring APSolute Vision Server Advanced Parameters, page 122.

126

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To open the APM Web interface


>

In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.

To edit the description of a configuration file


1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Double-click the relevant entry.
3. In the Description text box, add or edit the text, up to 50 characters.

To delete a configuration file from the server


1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Select the relevant entry.
3. Click the

(Delete) button.

To get the configuration file of the device from the APSolute Vision server and download
the file to the local PC
1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Select the relevant entry.
3. Click the

(Download Selected File) button.

4. Open or save the file as you require.

Table 45: Device Configuration File Parameters

Parameter

Description

File Name

The name of the stored configuration file.

File Type

This field always displays Regular.

SW Version

The software version of the device.

Backup Date

The date and time that the file was saved on the APSolute Vision server.

Description

A description of the file. You can enter and edit text in this field.

Document ID: RDWR-APSV-V034000_UG1512

127

APSolute Vision User Guide


Managing and Monitoring the APSolute Vision System

To compare a device-backup fileof an Alteon, DefensePro, or LinkProof NG device


from the APSolute Vision server to another object
1.

In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.

2.

Select the relevant entry.

3.

Click the

4.

From the Compare... With drop-down list, select one of the following:

(Compare Backup File) button.

Other Device Running Configuration

Backup File from System

Backup File from Local File System

5.

Select the device, configuration, or file.

6.

Click OK.

Controlling APSolute Vision Operations


You can perform the following operations on APSolute Vision:

Back up the APSolute Vision dataYou can back up the configuration tables and other APSolute
Vision data. To back up the database including real-time and historical reports, you must use CLI
commands. For more information, see APSolute Vision CLI Commands, page 441.

Update the Attack Description file.

You can perform the following operations using APSolute Vision CLI:

Restoring the appliance configuration.

Restoring the server configuration.

Restarting the APSolute Vision server.

For more information about APSolute Vision CLI commands, see APSolute Vision CLI Commands,
page 441.

128

Document ID: RDWR-APSV-V034000_UG1512

Chapter 5 Setting Up Your Network and Basic


Device Configuration
Before you can configure Radware devices through APSolute Vision, you add sites and devices to the
APSolute Vision server configuration.
The following topics describe how to set up your network of managed Radware devices:

Device PaneSites, Clusters, and Physical Containers, page 129

Configuring Sites, page 130

Adding and Removing Devices, page 131

Locking and Unlocking Devices, page 145

Managing DefensePro Clusters for High Availability, page 146

Using the Multi-Device View and the Multiple Devices Summary, page 152

After You Set Up Your Managed Devices, page 153

Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 495.

Device PaneSites, Clusters, and Physical Containers


You organize the devices that APSolute Vision manages in the device pane.
The device pane includes the Sites and Clusters tree or Physical Containers tree.
The Sites and Clusters tree can contain:

Alteon standalone, VA, and vADC devices and clusters of Alteon devices for high availability

AppWall devices

DefensePro devices and clusters of DefensePro devices for high availability

LinkProof NG devices

You can organize the devices into logical groups, referred to as sites.
You can configure sites in both the Sites and Clusters tree and the Physical Containers tree.
You may configure sites according to a geographical location, administrative function, or device
type.
Each site can contain nested sites and devices. You can create clusters of devices for high
availability.
You can also display real-time security monitoring for multiple devices. You can select a site or select
multiple devices (using standard mouse click/keyboard combinations) whether or not the devices
are in the same site.
Tree nodes are organized alphabetically in the tree within each level. For example, a site called
Alteon_Site appears before a site at the same level called DefensePro_Site.
All nested sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a site and a device the same
name, and you cannot give devices in different sites the same name.
Node names are case-sensitive.

Document ID: RDWR-APSV-V034000_UG1512

129

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration
You can export a CSV file with the devices in the Sites and Clusters tab. The CSV file includes
information on each device. The file does not include information regarding associated sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and Clusters
tab, page 144.

Configuring Sites
By default, the root site is called Default. You can rename this site, and add nested sites and
devices.
You can add, rename, and delete sites. When you delete a site, you must first remove all its child
sites and devices.

Notes

To move a device between sites, you must first delete the device from the sites tree and then
add it in the required target site.

A site cannot have the same name as a device, and sites nested under different parent sites
cannot have the same name.

You cannot delete the Default site.

To add a new site


1.

In the device pane, select the site name in which you want to create the new site.

2.

Click the

3.

From the Type drop-down list, select Site.

4.

In the Name text box, type the name of the site.

5.

Click Submit.

(Add) button in the tab toolbar.

Caution: With RADIUS or TACACS+, if a user definition explicitly mention the name of a site and
the site name changes, the user definition in the RADIUS or TACACS+ server must be updated
accordingly.
If the name of an APSolute Vision site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.

To rename a site
1.

In the device pane, select the site.

2.

Click the

3.

In the Name text box, type the name of the site.

4.

Click Submit.

130

(Edit) button.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To delete a site
1. In the device pane, select the site.
2. Click the

(Delete) button and confirm your action.

Adding and Removing Devices


Before you can manage a Radware device in APSolute Vision, you need to add the device to the
appropriate site tree in the device pane.
When you add a device, you can define a name for it. You also provide the device-connection
information, including authentication parameters (credentials) for communication between the
device and the APSolute Vision server.
After submitting device-connection information, the APSolute Vision server verifies that it can
connect to the device. APSolute Vision then retrieves and stores the device information and licensing
information.
After the connection has been established, you can modify some of the connection information and
configure the device.
When you add a device or modify device properties, you can specify whether the APSolute Vision
server configures itself as a target of the device events and whether the APSolute Vision server
removes from the device all recipients of device events except for its own address. For more
important information, see APSolute Vision Server Registered for Device EventsAlteon and
LinkProof NG, page 144 and APSolute Vision Server Registered for Device EventsDefensePro,
page 145.
After adding devices, you can create clusters of the main and backup devices, or the primary and
secondary devices (according to the device type).

Notes

A device cannot have the same name as a site.

Devices in different sites cannot have the same name.

You can change the name of a device after you have added it to the APSolute Vision
configuration

To move a device between sites, you must first delete the device from the sites tree and then
add it to the required target site.

If you replace a device with a new device to which you want to assign the same management IP
address, you must delete the device from the site and then recreate it for the replacement.

When you delete a device, you can no longer view historical reports for that device.

When you delete a device, the device alarms and security monitoring information are removed
also.

You can export a CSV file with the devices in the Sites and Clusters tab. The CSV file includes
information on each device. The file does not include information regarding associated sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and
Clusters tab, page 144.

Document ID: RDWR-APSV-V034000_UG1512

131

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

HTTPS is used for downloading/uploading various files from/to managed devices, including:
configuration files, certificate and key files, attack-signature files, device-software files, and so
on. For DefensePro 6.x versions 6.14 and later, APSolute Vision uses Transport Layer Security
(TLS) protocol version 1.1 or later.

You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server.

The following procedure, To add a new device, page 133, is relevant for the following device types:

Alteon standalone

Alteon VA

Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server

AppWall

DefensePro

LinkProof NG

This section includes the procedures to do the following:

To add a new device, page 133Relevant for the following device types:

Alteon standalone

Alteon VA

Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server

AppWall

DefensePro

LinkProof NG

To add an ADC-VX, page 136

To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by
the same APSolute Vision server, page 139

To edit device connection information, page 143Relevant for the following device types:

Alteon standalone

Alteon VA

Alteon vADC displayed in the Sites and Clusters tree

AppWall

DefensePro

LinkProof NG

To edit ADC-VX connection information, page 143

To delete a device, page 143Relevant for the following device types:

132

Alteon standalone

Alteon VA

Alteon vADC displayed in the Sites and Clusters tree

AppWall

DefensePro

LinkProof NG

To delete an ADC-VX, page 144

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To add a new device


1. In the device pane Sites and Clusters tree, navigate to and select the site name to which you
want to add the device.
2. Click the

(Add) button in the tab toolbar.

3. From the Type drop-down list, select the device type that you require.
4. Configure the parameters, and click Submit.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane.

Managing Devices and Device Properties


This section describes managing devices and device properties.
The following tables describe the parameters of the Device Properties dialog box.

Table 46: Device Properties: General Parameters

Parameter
Type

Description
The type of the object.
Values:

Name

Site

Alteon

AppWall

DefensePro

LinkProof NG

The name of the device.


Notes:

There are some reserved words (for example,


DefenseFlow) that APSolute Vision does not allow as
names.

You can change the name of a device after you have


added it to the APSolute Vision configuration.

Table 47: Device Properties: SNMP Parameters

Parameter

Description

(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Management IP

The management IP address as it is defined on the managed


device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.

SNMP Version

The SNMP version used for the connection.

Document ID: RDWR-APSV-V034000_UG1512

133

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 47: Device Properties: SNMP Parameters (cont.)

Parameter

Description

SNMP Read Community

The SNMP read community name.

(This parameter is displayed only


when SNMP Version is SNMPv1 or
SNMPv2.)
SNMP Write Community

The SNMP write community name.

(This parameter is displayed only


when SNMP Version is SNMPv1 or
SNMPv2.)
User Name

The username for the SNMP connection.

(This parameter is displayed only


when SNMP Version is SNMPv3.)

Maximum characters: 18

Use Authentication

Specifies whether the device authenticates the user for a


successful connection.

(This parameter is displayed only


when SNMP Version is SNMPv3.)

Default: Disabled

Authentication Protocol

The protocol used for authentication.

(This parameter is available only


when the Use Authentication
checkbox is selected.)

Values: MD5, SHA

Authentication Password

The password used for authentication.

Default: MD5

(This parameter is available only


when the Use Authentication
checkbox is selected.)
Use Privacy
(This parameter is available only
when and the Use Authentication
checkbox is selected.)
Privacy Password

Specifies whether the device encrypts SNMPv3 traffic for


additional security.
Default: Disabled
The password used for the Privacy facility.

(This parameter is available only


when the Use Privacy checkbox is
selected.)

Table 48: Device Properties: HTTP/S Access Parameters

Parameter

Description

Verify HTTP Access

Specifies whether APSolute Vision verifies HTTP access to the


managed device.

(This option is not available for


AppWall.)

Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.

Verify HTTPS Access


(This option is not available for
AppWall.)

134

Specifies whether APSolute Vision verifies HTTPS access to


the managed device.
Default: Enabled

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 48: Device Properties: HTTP/S Access Parameters (cont.)

Parameter

Description

Management IP

The management IP address as it is defined on the managed


device.

(This option is available only for


AppWall.)
User Name

Note: Once you add the device to the APSolute Vision


configuration, you cannot change its IP address.
The username for HTTP and HTTPS communication.
Default: admin
Maximum characters: 18

Password

The password used for HTTP and HTTPS communication.


Default: admin

HTTP Port

The port for HTTP communication with the device.

HTTPS Port

The port for HTTPS communication with the device.

Default: 80
Default: 443

Table 49: Device Properties: SSH Access Parameters

Parameter

Description

(This tab is available only for Alteon and LinkProof NG devices.)


Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name

The username for SSH access to the device.


Maximum characters: 32
Default: admin

Password

The password for SSH access to the device.


Maximum characters: 32
Default: admin

SSH Port

The port for SSH communication with the device.


Default: 22
Note: This value should be the same as the value for the
SSH port configured in the device (Configuration
perspective, System> Management Access >
Management Protocols > SSH).

Document ID: RDWR-APSV-V034000_UG1512

135

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 50: Device Properties: Event Notification Parameters

Parameter

Description

(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures itself
for Device Events
as a target of the device events.
Values:

EnabledThe APSolute Vision server configures itself as


a target of the device events (for example, traps, alerts,
IRP messages, and packet-reporting data).

DisabledFor a new device, the APSolute Vision server


adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.

Default: Enabled
Note: APSolute Vision runs this action each time you click
Submit in the dialog box. For more, important
information, see APSolute Vision Server Registered for
Device EventsAlteon and LinkProof NG, page 144.
Register APSolute Vision Server IP
(This parameter is available only
when the Register This APSolute
Vision Server for Device Events
checkbox is selected.)
Remove All Other Targets of Device
Events
(This parameter is available only
when the Register This APSolute
Vision Server for Device Events
checkbox is selected.)

The port and IP address of the APSolute Vision server to


which the managed device sends events.
Select an APSolute Vision server interface that is used as the
APSolute Vision server data port, and is configured to have a
route to the managed devices.
Specifies whether the APSolute Vision server removes from
the device all recipients of device events (for example, traps,
and IRP messages) except for its own address.
Default: Disabled
APSolute Vision runs this action each time you click Submit
in the dialog box. For example, if you select the checkbox
and click Submitand later, a trap target is added to the
trap target-address tableAPSolute Vision removes the
additional address the next time you click Submit in the
dialog box.
For more, important information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG,
page 144.

To add an ADC-VX
1.

In the device pane Physical Containers tree, navigate to and select the site name to which you
want to add the ADC-VX.

2.

Click the

3.

From the Type drop-down list, select Alteon.

136

(Add) button in the tab toolbar.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration
4. Configure the parameters, and click Submit.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane. The vADCs
that the ADC-VX is hosting are displayed as child nodes of the ADC-VX. The name format in the
vADC child nodes is <ADC-VX Name>_vADC-<vADC ID>.

Table 51: ADC-VX Device Properties: General Parameters

Parameter

Description

Type

The type of the object.


Values: Site, Alteon

Name

The name of the device.


Notes:

There are some reserved words (for example,


DefenseFlow) that APSolute Vision does not allow as
names.

You can change the name of a device after you have


added it to the APSolute Vision configuration.

Table 52: ADC-VX Device: SNMP Properties

Parameter

Description

Management IP

The management IP address as it is defined on the managed


device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.

SNMP Version

The SNMP version used for the connection.

SNMP Community

The SNMP community name.

(This parameter is displayed only


when SNMP Version is SNMPv1
or SNMPv2.)
User Name

The username for the SNMP connection.

(This parameter is displayed only


when SNMP Version is
SNMPv3.)

Maximum characters: 18

Use Authentication

Specifies whether the device authenticates the user for a


successful connection.

(This parameter is displayed only


when SNMP Version is
SNMPv3.)

Default: disabled

Authentication Protocol

The protocol used for authentication.

(This parameter is available only


when the Use Authentication
checkbox is selected.)

Values: MD5, SHA

Authentication Password

The password used for authentication.

Default: MD5

(This parameter is available only


when the Use Authentication
checkbox is selected.)

Document ID: RDWR-APSV-V034000_UG1512

137

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 52: ADC-VX Device: SNMP Properties (cont.)

Parameter

Description

Use Privacy

Specifies whether the device encrypts SNMPv3 traffic for


additional security.

(This parameter is available only


when and the Use
Authentication checkbox is
selected.)
Privacy Password

Default: Disabled

The password used for the Privacy facility.

(This parameter is available only


when the Use Privacy checkbox is
selected.)

Table 53: ADC-VX Device: HTTP/S Access Properties

Parameter

Description

Verify HTTP Access

Specifies whether APSolute Vision verifies HTTP access to the


managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.

Verify HTTPS Access

Specifies whether APSolute Vision verifies HTTPS access to the


managed device.
Default: Enabled

User Name

The username for HTTP and HTTPS communication.


Default: admin
Maximum characters: 18

Password

The password used for HTTP and HTTPS communication.


Default: admin

HTTP Port

The port for HTTP communication with the device.


Default: 80

HTTPS Port

The port for HTTPS communication with the device.


Default: 443

138

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 54: ADC-VX Device: Event Notification Properties

Parameter

Description

Register This APSolute Vision


Server for Device Events

Specifies whether the APSolute Vision server configures itself


as a target of the device events.
Values:

EnabledThe APSolute Vision server configures itself as a


target of the device events (for example, traps, alerts, IRP
messages, and packet-reporting data).

DisabledFor a new device, the APSolute Vision server


adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes itself
as a target of the device events.

Default: Enabled
APSolute Vision runs this action each time you click Submit in
the dialog box.
For more, important information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG,
page 144.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to which
the managed device sends events.
(This parameter is available only
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Remove All Other Targets of
Device Events
(This parameter is available only
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)

Specifies whether the APSolute Vision server removes from the


device all recipients of device events (for example, traps, and
IRP messages) except for its own address.
Default: Disabled
APSolute Vision runs this action each time you click Submit in
the dialog box. For example, if you select the checkbox and
click Submitand later, a trap target is added to the trap
target-address tableAPSolute Vision removes the additional
address the next time you click Submit in the dialog box.
For more, important information, see APSolute Vision Server
Registered for Device EventsAlteon and LinkProof NG,
page 144.

To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX


managed by the same APSolute Vision server
1. In the device pane Physical Containers tree, expand the node of the ADC-VX that hosts the
vADC.
2. Select the vADCs and click the

(Manage vADC) button.

Document ID: RDWR-APSV-V034000_UG1512

139

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration
3.

In the Device Properties dialog box, configure the parameters, and click Submit.
After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and
Clusters tree. The device information is displayed in the content pane, and device properties
information is displayed in the device-properties pane. Once you add the vADC to the device
pane Sites and Clusters tree, you cannot change its location or configure any of its properties
from the Physical Containers tree.

Table 55: vADC Device Properties: General Parameters

Parameter

Description

Name

The name of the device. You can change the default.

(This parameter is not available when


configuring APSolute Vision to manage
multiple vADCs.)

Notes:

Location

There are some reserved words (for example,


DefenseFlow) that APSolute Vision does not allow as
names.

You can change the name of a device after you have


added it to the APSolute Vision configuration.

The site in the device pane Sites and Clusters tree where
APSolute Vision locates the vADC.

Table 56: vADC Device Properties: SNMP Parameters

Parameter

Description

Management IP

The management IP address as it is defined on the


managed device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.

SNMP Version

The SNMP version used for the connection.

SNMP Community

The SNMP community name.

(This parameter is displayed only when


SNMP Version is SNMPv1 or SNMPv2.)
User Name

The username for the SNMP connection.

(This parameter is displayed only when Maximum characters: 18


SNMP Version is SNMPv3.)
Use Authentication

Specifies whether the device authenticates the user for a


(This parameter is displayed only when successful connection.
SNMP Version is SNMPv3.)
Default: disabled
Authentication Protocol

The protocol used for authentication.

(This parameter is displayed only when Values: MD5, SHA


the Use Authentication checkbox is
Default: MD5
selected.)
Authentication Password

The password used for authentication.

(This parameter is displayed only when


the Use Authentication checkbox is
selected.)

140

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 56: vADC Device Properties: SNMP Parameters (cont.)

Parameter

Description

Use Privacy

Specifies whether the device encrypts SNMPv3 traffic for


(This parameter is displayed only when additional security.
and the Use Authentication checkbox Default: disabled
is selected.)
Privacy Password

The password used for the Privacy facility.

(This parameter is displayed only when


the Use Privacy checkbox is selected.)

Table 57: vADC Device Properties: HTTP/S Access Parameters

Parameter

Description

Verify HTTP Access

Specifies whether APSolute Vision verifies HTTP access to


the managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5
and later.

Verify HTTPS Access

Specifies whether APSolute Vision verifies HTTPS access


to the managed device.
Default: Enabled

User Name

The username for HTTP and HTTPS communication.


Default: admin
Maximum characters: 18

Password

The password used for HTTP and HTTPS communication.


Default: admin

HTTP Port

The port for HTTP communication with the device.


Default: 80

HTTPS Port

The port for HTTPS communication with the device.


Default: 443

Table 58: vADC Device Properties: SSH Access Parameters

Parameter

Description

Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name

The username for SSH access to the device.


Maximum characters: 32
Default: admin

Password

The username for SSH access to the device.


Maximum characters: 32
Default: admin

Document ID: RDWR-APSV-V034000_UG1512

141

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 58: vADC Device Properties: SSH Access Parameters (cont.)

Parameter

Description

SSH Port

The port for SSH communication with the device.


Default: 22
Note: This value should be the same as the value for
the SSH port configured in the device (Configuration
perspective, System > Management Access >
Management Protocols > SSH).

Table 59: vADC Device Properties: Event Notification Parameters

Parameter

Description

Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events
itself as a target of the device events.
Values:

EnabledThe APSolute Vision server configures itself


as a target of the device events (for example, traps,
alerts, IRP messages, and packet-reporting data).

DisabledFor a new device, the APSolute Vision


server adds the device without registering itself as a
target for events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.

Default: Enabled
APSolute Vision runs this action each time you click
Submit in the dialog box.
For more, important information, see APSolute Vision
Server Registered for Device EventsAlteon and
LinkProof NG, page 144.
Register APSolute Vision Server IP
(This parameter is available only when
the Register This APSolute Vision
Server for Device Events checkbox is
selected.)
Remove All Other Targets of Device
Events

The port and IP address of the APSolute Vision server to


which the managed device sends events.

Specifies whether the APSolute Vision server removes


from the device all recipients of device events (for
example, traps, and IRP messages) except for its own
address.

(This parameter is available only when


the Register This APSolute Vision
Server for Device Events checkbox is Default: Disabled
selected.)
APSolute Vision runs this action each time you click
Submit in the dialog box. For example, if you select the
checkbox and click Submit and later, a trap target is
added to the trap target-address tableAPSolute Vision
removes the additional address the next time you click
Submit in the dialog box.
For more, important information, see APSolute Vision
Server Registered for Device EventsAlteon and
LinkProof NG, page 144.

142

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration
The following procedure, To edit device connection information, page 143, is relevant for the
following device types:

Alteon standalone

Alteon VA

Alteon vADC displayed in the Sites and Clusters tree

AppWall

DefensePro

LinkProof NG

To edit device connection information


1. In the device pane Sites and Clusters tree, select the device name.
2. Click the

(Edit) button.

3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.

To edit ADC-VX connection information


1. In the device pane Physical Containers tree, select the device.
2. Click the

(Edit) button.

3. Modify the parameters as described in Managing Devices and Device Properties, page 133, and
click Submit.
The following procedure, To delete a device, page 143, is relevant for the following device types:

Alteon standalone

Alteon VA

Alteon vADC displayed in the Sites and Clusters tree

AppWall

DefensePro

LinkProof NG

To delete a device
1. In the device pane Sites and Clusters tree, select the device name, and click the
button.

(Delete)

2. Click Yes in the confirmation box. The device is deleted from the list of managed devices.

Document ID: RDWR-APSV-V034000_UG1512

143

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To delete an ADC-VX
1.

In the device pane Physical Containers tree, select the device name and click the
button.

2.

Click Yes in the confirmation box. The device is deleted from the list.

(Delete)

To export a CSV file with the devices in the Sites and Clusters tab
1.

In the device pane Sites and Clusters tree, click

(Export Device List to CSV).

2.

View the file or specify the location and file name, and then, click Save.
The CSV file includes the following columns:

Device Name

Device Type

Status

Management IP Address

Software Version

MAC Address

License

Platform

Form Factor

HA Status

Device Driver

Note: The file does not include information regarding sites.

APSolute Vision Server Registered for Device Events


Alteon and LinkProof NG
In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click Submit in the dialog box.
In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run
the Apply command, APSolute Vision configures itself as a target of the device events and ensures
that the device also sends traps for authentication-failure events.
Alteon, by default, does not send traps for authentication-failure events.
The CLI command for enabling sending traps for these events is

/cfg/sys/ssnmp/auth.
You can view the APSolute Vision address target with the CLI commands
/cfg/sys/ssnmp/trap1 or /cfg/sys/ssnmp/trap2.

144

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

APSolute Vision Server Registered for Device Events


DefensePro
In the Device Properties dialog box, you can specify whether the APSolute Vision server configures
itself as a target of the device events (Register This APSolute Vision Server for Device Events
checkbox) and whether the APSolute Vision server removes from the device all recipients of device
events except for its own address (Remove All Other Targets of Device Events checkbox).
APSolute Vision runs these actions each time you click Submit in the dialog box.
DefensePro support a device being managed by multiple APSolute Vision servers.
When multiple APSolute Vision servers manage the same DefensePro device, the device sends the
following:

Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target
Parameters table contain entries for all APSolute Vision servers.

Packet-reporting data only to the last APSolute Vision server that registered on the device.

Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter might not collect and display
information about the device.

Locking and Unlocking Devices


When you have permissions to perform device configuration on a specific device, you must lock the
device before you can configure it. Locking the device ensures that other users cannot make
configuration changes at the same time. The device remains locked until you unlock the device, you
disconnect, until the Device Lock Timeout elapses, or an Administrator unlocks it.
Locking a device does not apply to the same device that is configured on another APSolute Vision
server, using Web Based Management, or using the CLI.

Note: Only one APSolute Vision server should manage any one Radware device.
While the device is locked:

The device icon in the device pane includes a small lock symbol
LinkProof NG,

for AppWall, and

for Alteon and

for DefensePro.

Configuration panes are displayed in read-only mode to other users with configuration
permissions for the device.

If applicable, the Submit button is available.

If applicable, the

(Add) button is displayed.

To lock a single device


1. In the device pane, select the device.
2. In the device-properties pane, click

(the drawing of the unlocked padlock at the lower-left

corner of the device drawing). The drawing changes to

Document ID: RDWR-APSV-V034000_UG1512

(a picture of a locked padlock).

145

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To unlock a single device


1.

In the device pane, select the device.

2.

In the device-properties pane, click

(the drawing of the locked padlock at the lower-left

corner of the device drawing). The drawing changes to

(a picture of an unlocked padlock).

To lock multiple devices


1.

In the device pane, select the devices to lock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.

2.

Click the

3.

In the device-properties pane, click

(View) button.
(the drawing of the unlocked padlock at the lower-left

corner of the device drawing). The drawing changes to

(a picture of a locked padlock).

To unlock multiple devices


1.

In the device pane, select the devices to unlock. You can select a site or select multiple devices
(using standard mouse click/keyboard combinations) whether or not the devices are in the same
site.

2.

Click the

3.

In the device-properties pane, click

(View) button.
(the drawing of the locked padlock at the lower-left

corner of the device drawing). The drawing changes to

(a picture of an unlocked padlock).

Managing DefensePro Clusters for High Availability


Radware recommends installing DefensePro devices in pairs to provide high availability (HA)that
is, fault tolerance in the case of a single device failure.

Note: DefensePro does not support this feature when the Device Operation Mode is IP (see
Configuring the Device Operation Mode for DefensePro, page 153).
This section contains the following topics:

High-Availability in DefenseProOverview, page 147

Configuring High-Availability Clusters, page 149

Monitoring DefensePro Clusters, page 150

Synchronizing High-Availability Devices and Switching the Device States, page 151

146

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

High-Availability in DefenseProOverview
To support high availability (HA), you can configure two compatible DefensePro devices to operate in
a two-node cluster. One member of the cluster is configured as the primary; the other member of
the cluster assumes the role of secondary.
Both cluster members must meet the following requirements:

Must use the same:

Platform

Software version

Software license

Throughput license

Radware signature file

Must be on the same network.

Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,
or both MNG-1 and MNG-2 on both devices).

When you configure a cluster and submit the configuration, the newly designated primary device
configures the required parameters on the designated secondary device.
You can configure a DefensePro high-availability cluster in the following ways:

To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, you can use the High Availability pane (Configuration perspective, Setup >
High Availability). When you specify the primary device, you specify the peer device, which
becomes the secondary member of the cluster.

To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and
Associated Management Ports), you can use the Create Cluster pane. The following graphic
shows the Create Cluster pane and the device pane.

Figure 30: Create Cluster Pane

The members of a cluster work in an active-passive architecture.

Document ID: RDWR-APSV-V034000_UG1512

147

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration
When a cluster is created:

The primary device becomes the active member.

The secondary device becomes the passive member.

The primary device transfers the relevant configuration objects to the secondary device.

A secondary device maintains its own configuration for the device users, IP interfaces, routing, and
the port-pair Failure Mode.
A primary device immediately transfers each relevant change to its secondary device. For example,
after you make a change to a Network Protection policy, the primary device immediately transfers
the change to the secondary device. However, if you change the list of device users on the primary
device, the primary device transfers nothing (because the secondary device maintains its own list of
device users).
The passive device periodically synchronizes baselines for BDoS and HTTP Mitigator protections.
The following situations trigger the active device and the passive device to switch states (active to
passive and passive to active):

The passive device does not detect the active device according to the specified Heartbeat
Timeout.

All links are identified as down on the active device according to the specified Link Down
Timeout.

Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the
specified Idle Line Timeout.

You issue the Switch Over command. To switch the device states, select the cluster node, and
then select Switch Over.

You cannot perform many actions on a secondary device.


You can perform only the following actions on a secondary device:

Switch the device state (that is, switch over active to passive and passive to active).

Break the cluster if the primary device is unavailable.

Configure management IP addresses and routing.

Configure the port-pair Failure Mode.

Manage device users.

Download a device configuration.

Upload a signature file.

Download the device log file.

Download the support log file.

Reboot.

Shut down.

Change the device name.

Change the device time.

Initiate a baseline synchronization if the device is passive, using the CLI or Web Based
Management.

Notes

To create a cluster, the devices must not be locked by another user.

By design, an active device does not fail over during a user-initiated reboot. Before you reboot
an active device, you can manually switch to the other device in the cluster.

148

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web
Based Management.

When you upgrade the device software, you need to break the cluster (that is, ungroup the two
devices). Then, you can upgrade the software and reconfigure the cluster as you require.

In an existing cluster, you cannot change the role of a device (primary to secondary or vice
versa). To change the role of a device, you need to break the cluster (that is, ungroup the two
devices), and then, reconfigure the cluster as you require.

If the devices of a cluster belong to different sites, APSolute Vision creates the cluster node
under the site where the primary device resides; and APSolute Vision removes the secondary
device from the site where it was configured.

APSolute Vision issues an alert if the state of the device clusters is ambiguous. For example, if
there has been no trigger for switchover and both cluster members detect traffic. This state is
normal during the initial synchronization process.

There is no failback mechanism. There is only the automatic switchover action and the manual
Switch Over command.

When a passive device becomes active, any grace time resets to 0 (for example, the time of the
Graceful Startup Mode Startup Timer).

You can monitor high-availability operation in the High Availability pane of the Monitoring
perspective (Monitoring perspective, Operational Status > High Availability).

The Properties pane displays the high-availability information of the selected device.

Configuring High-Availability Clusters


You can configure DefensePro high-availability clusters from the APSolute Vision device pane Sites
and Clusters tab.

To create a DefensePro high-availability cluster


1. In the device pane Sites and Clusters tab, select the two DefensePro devices for the cluster
(select one device and press Ctrl and click the other device).
2. Click the

(Create Cluster) button.

3. Configure the parameters, and then, click Submit.

Table 60: Cluster Setup Parameters

Parameter

Description

Cluster Name

The name for the cluster (up to 32 characters).

Primary Device

Specifies which of the cluster members is the primary device.

Associated Management Ports

Specifies the management (MNG) port or ports through which the


primary and secondary devices communicate.
Values: MNG1, MNG2, MNG1+2
Note: You cannot change the value if the currently specified
management port is being used by the cluster. For example, if
the cluster is configured with MNG1+2, and MNG1 is in use,
you cannot change the value to MNG2.

Document ID: RDWR-APSV-V034000_UG1512

149

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To break a DefensePro high-availability cluster


1.

In the device pane Sites and Clusters tab, select cluster node.

2.

Click the

(Break Cluster) button.

After your confirmation, the cluster node is removed from the tree, and the DefensePro devices
are displayed under the parent node.

To rename a DefensePro high-availability cluster


1.

In the device pane Sites and Clusters tab, select the cluster node.

2.

Click the

3.

In the Cluster Name text box, type the new name (up to 32 characters).

4.

Click Submit.

(Edit) button.

To change the associated management ports of a DefensePro high-availability cluster


1.

In the device pane Sites and Clusters tab, select the cluster node.

2.

Click the

3.

Configure the parameters, and then click Submit.

(Edit) button.

Note: You cannot change the value if the currently specified management port is being used by
the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you
cannot change the value to MNG2.

Monitoring DefensePro Clusters


In the device pane, APSolute Vision identifies the high-availability cluster elements, roles, modes,
and states using various combinations of icons and icon elements.
The following table describes the icons that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.

Table 61: Icons for DefensePro High-Availability Clusters

Icon

Description
Cluster
Primary device
Secondary device

The following table describes the icon elements that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.

150

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Table 62: Icons Elements for DefensePro High-Availability Clusters

Icon Element Description


Active device
Synchronizing
Unavailable
The following table describes some icons that APSolute Vision can display in the device pane for
DefensePro high-availability clusters.

Table 63: Icons for DefensePro High-Availability ClustersExamples

Icon

Description
The cluster is operating nominally.
The primary device is active, unlocked, and operating nominally.
The primary device is passive, unlocked, and operating nominally.
The secondary device is active, locked, and operating nominally.

The secondary device is passive, unlocked, and operating nominally.


The device unavailable.

Synchronizing High-Availability Devices and Switching the Device States


Use the Synchronize button to synchronize the members of a high-availability cluster. Use the
Switch Over button to switch the state of the members of a high-availability cluster.

To synchronize the members of a high-availability cluster


1. In the device pane, select the cluster node.
2. Lock the devices.

3. Click the

(Synchronize) button.

To switch the state of the members of a high-availability cluster


1. In the device pane, select the cluster node.
2. Lock the devices.

3. Click the

(Switch Over) button.

Document ID: RDWR-APSV-V034000_UG1512

151

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

Using the Multi-Device View and the Multiple Devices


Summary
APSolute Vision the displays multi-device view when you select multiple devices in the device pane,
and then click the

(View) button.

Use the multi-device view to do the following:

Lock multiple devices to configure them.

View the Multiple Devices Summary table.

Run configuration-management actions for the relevant devicesYou can run the Apply
or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on
multiple DefensePro devices.

Open the Multi-Device Configuration dialog box to configure multiple devices


simultaneouslyFor more information, see Configuring Multiple Devices, page 156.

Open the Security Monitoring perspectiveIn the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabswith the data
aggregated for all the selected devices. For more information, see Using Real-Time Security
Monitoring, page 381.

Figure 31: Multi-Device View


Multiple devices are selected. You can select a site or select multiple devices (using standard
mouse click/keyboard combinations) whether or not the devices are in the same site.
View button.
Configuration buttonOpens the Multi-Device Configuration
dialog box.
Security Monitoring button Opens the Security
Monitoring perspective.
The relevant configuration-management buttons
display for the selected devices.
Multiple Devices
Summary pane.

152

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

To open the multi-devices view


1. In the device pane, select the devices. You can select a site or select multiple devices (using
standard mouse click/keyboard combinations) whether or not the devices are in the same site.
2. Click the

(View) button.

After You Set Up Your Managed Devices


After you set up your network of managed devices, and establish a connection to the devices,
APSolute Vision obtains the network configuration and displays the settings in the device
configuration tabs.
You can then do the following:

Set and change the device configuration through APSolute Vision.


For more information about configuring DefensePros associated services, such as network
protection settings, and so on, see Managing DefensePro Network Protection Policies, page 1.
For information about configuring DefensePros associated services, see the APSolute Vision
online help.

Perform administration and maintenance tasks on managed devices such as scheduling tasks,
making backups, and so on.
For more information, see Managing Device Operations and Maintenance, page 155.

Monitor managed devices through APSolute Vision.


For more information, see the APSolute Vision online help.
For more information, see Monitoring and Controlling the DefensePro Operational Status,
page 343.

Document ID: RDWR-APSV-V034000_UG1512

153

APSolute Vision User Guide


Setting Up Your Network and Basic Device Configuration

154

Document ID: RDWR-APSV-V034000_UG1512

Chapter 6 Managing Device Operations and


Maintenance
This section describes the following:

Rebooting and Shutting Down Managed Devices, page 155

Configuring Multiple Devices, page 156

Using the Diff Feature, page 157

Device-Configuration Management (Global Commands) for Alteon and LinkProof NG, page 158

Upgrading DefensePro Device Software, page 161

Downloading a DefensePro Log File to the APSolute Vision Client, page 162

Updating a Radware Signature File or RSA Signature File in DefensePro Devices, page 162

Downloading a DefensePro Technical Support File, page 164

Managing DefensePro Configurations, page 164

Updating DefensePro Policy Configurations, page 166

Rebooting and Shutting Down Managed Devices


You can activate a device reboot (reset) or device shutdown from APSolute Vision.
Some configuration changes on the device require a device reboot for the configuration to take
effect. You can activate the device reboot from APSolute Vision.
For Alteon and LinkProof NG:

Reset will cause failover of the ADC, which might cause an interruption in network service.

If possible, synchronize the configuration before you reset the system.

Configuration changes that have not been applied will be lost. Run the Diff command to view
the changes that have not been applied, and then, run the Apply command as needed.

Configuration changes that have not been saved will be lost. Run the Diff Flash command to
view the changes that have not been saved, and then, run the Save command as needed.

The spanning tree will be restarted, which will likely cause an interruption in network service.

Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see
Managing Tasks in the Scheduler, page 222.

To reboot a device
1.

Lock the device.

2.

In the Properties pane, click the

3.

Select Reset.

(On-Off) button, which is part of the device picture.

Document ID: RDWR-APSV-V034000_UG1512

155

APSolute Vision User Guide


Managing Device Operations and Maintenance

To shut down a device


1.

Lock the device.

2.

In the Properties pane, click the

3.

Select Shut Down.

(On-Off) button, which is part of the device picture.

Configuring Multiple Devices


Use the Multi-Device Configuration feature to make changes to multiple devices of the same type
and major version.

To configure the multiple devices


1.

In the device pane, select the devices. You can select a site or select multiple devices (using
standard mouse click/keyboard combinations) whether or not the devices are in the same site.

2.

Click the

3.

Click

(View) button.
. The Multi-Device Configuration dialog box opens.

Note: The top table, which you can filter, contains all the selected devices and comprises the
following columns: Device Type, Device Name, IP Address, and Version.
4.

From the top table, select the lead device, whose configuration changes will be applied to the
selected additional devices. The bottom table, which you can filter, displays the selected devices
of the same type and major version.

5.

From the bottom table, select the checkbox next to each device that the lead device will try to
change.

6.

Click Go. The GUI of the lead device opens. The device pane shows the lead device and the
selected additional devices as selected.

7.

Lock the devices if necessary.

8.

Make a required change in the GUI of the lead device.

9.

After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the selected additional devices.

Notes

APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.

APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on a selected additional devices.

10. Repeat step 8 and step 9 as necessary.

156

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance

Using the Diff Feature


Click the

(Diff) button to run the following commands on a single selected device:

Compare (Alteon, DefensePro, and LinkProof NG only)Compares the configuration of the


selected device with one of the following:

Other Device Running ConfigurationThat is, another device of the same type and
major version

Backup File from SystemThat is, a device-configuration backup file stored on the
APSolute Vision server

Backup File from Local File SystemThat is, a device-configuration backup file stored on
the local file system

The Compare action displays differences in the configurations using a green background for the
configuration of the first device and red background for the configuration of the other device.

Diff (Alteon and LinkProof NG only)Collects the pending configuration changes.

Diff Flash (Alteon and LinkProof NG only)Collects the pending configuration changes and the
affected configuration stored in flash memory on the device.

Figure 32: Diff Feature (Displaying Options for Alteon)

Click the

(Save to File) button to save the results to a specified location.

Document ID: RDWR-APSV-V034000_UG1512

157

APSolute Vision User Guide


Managing Device Operations and Maintenance

Device-Configuration Management (Global Commands)


for Alteon and LinkProof NG
Alteon and LinkProof NG devices support the following configuration-management actionsalso
referred to as global commands.

Table 64: Alteon and LinkProof-NG Device Configuration Management Actions

Role

Description

Apply

Applies any changes that have been made to the device configuration.
If the new configuration is different from the current configuration, to
indicate that the Apply command is required to take effect, the Apply
Required button is displayed with an orange background.
The Apply operation requires the device to be locked. When you select
a single device, the Apply option is available only if the device is
locked. When you select multiple devices, the Apply option is always
available. When you select the Apply option for multiple devices,
APSolute Vision tries to lock all the selected devices. If APSolute Vision
is able to lock all the devices, APSolute Vision performs the Apply
operation. When the operation completes, APSolute Vision unlocks the
devices that were unlocked prior to the operation. If APSolute Vision is
not able to lock all the devices because some of the devices are locked
by another user, a pop-up message is displayed, asking you whether
to continue the Apply operation on the remaining devices (that is, the
devices are locked by you or not locked at all). If you confirm the
action, APSolute Vision performs the Apply operation. When the
operation completes, APSolute Vision unlocks the devices that were
unlocked prior to the operation.
Note: During the Apply operation, the device icon in the device
pane may momentarily change from locked

to

maintenance
, and the value of the Status parameter in
the device-properties pane may momentarily change from Up to
Maintenance.
Save

Saves the current configuration in backup memory and saves the


active configuration by overwriting the current configuration. TW Note
that there is also Save Configuration (no back up), which saves the
current configuration to the flash memory.
When you select a single device, this option is available only if the
device is locked. When you select multiple devices, this option is
always available.

Revert

Reverts the device to the current active configuration.


When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were not applied.
When you select multiple devices, this option is always available.

Revert Apply

Reverts the device to the current saved configuration.


When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were applied but
not saved. When you select multiple devices, this option is always
available.

158

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance

Table 64: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)

Role

Description

Diff

Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 157.

Diff Flash

Collects the pending configuration changes and the affected


configuration stored in flash memory on the device. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 157.

Dump

Collects a dump of the current device configuration. You can view,


save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.

To perform a configuration-management action on a single device


1. From the device pane, select the device name.
2. Click the required button. The Diff Flash option is available when you click the Diff button. The
Revert Apply option is available when you click the arrow of the Revert button.

Figure 33: Apply (Required) and Save (Required) Buttons

Figure 34: Revert ButtonArrow Clicked Shows Revert and Revert Apply Options

Document ID: RDWR-APSV-V034000_UG1512

159

APSolute Vision User Guide


Managing Device Operations and Maintenance

Figure 35: Diff ButtonClicked Displays Compare, Diff, and Diff Flash Options

Figure 36: Dump ButtonClicked

160

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance

Upgrading DefensePro Device Software


You can upgrade the software version on DefensePro devices from APSolute Vision.
A device upgrade enables the new features and functions on the device without altering the existing
configuration. In exceptional circumstances, new software versions are incompatible with legacy
configuration files from earlier software versions. This most often occurs when attempting to
upgrade from a very old version to the most recently available version.
The software version file must be located on the APSolute Vision client system. APSolute Vision
automatically transfers it to the APSolute Vision server and uploads it to the device. New software
versions require a password, which can be obtained from the Radware corporate Web site. For a
maintenance-only upgrade, the password is not required.
After the device upgrade is complete, you must reboot the device.

Caution: Before upgrading to a newer software version, do the following:

Back up the existing configuration file. For more information, see Downloading a DeviceConfiguration File, page 27.

Ensure that you have configured on the device the authentication details for the protocol used to
upload the file.

To update the device software version


1. In the device pane, select the device.
2. Click the arrow of the Operations icon.

Figure 37: Arrow of the Operations Icon

3. Select Update Software Versions.


4. Configure software upgrade parameters, and click Update.
5. When the device upgrade is complete, reboot the device.

Table 65: Software Upgrade Parameters

Parameter

Description

Upload Via

(Read-only) The protocol used to upload the software file from APSolute
Vision to the device.
Value: HTTPS

File Name

The name of the file to upload.

Software Version

The software version number as specified in the new software


documentation.

Password

Enter the password received with the new software version, and verify.
The password is case sensitive.

Document ID: RDWR-APSV-V034000_UG1512

161

APSolute Vision User Guide


Managing Device Operations and Maintenance

Downloading a DefensePro Log File to the APSolute


Vision Client
You can download a log file to the APSolute Vision client system. The log file is automatically
generated by the device and contains a report of configuration errors. The log file can be used for
debugging.

To download a device log file


1.

In the device pane, select the device

2.

Click the arrow of the

3.

Click Export Log File.

4.

Configure download parameters, and click Submit.

(Operations) icon.

Table 66: Device Log File Download Parameters

Parameter
Download Via

Description
(Read-only) The protocol used to download the log file.
Value: HTTPS

Save As

Save the downloaded log file as a text file on the client system. Enter or
browse to the location of the saved log file, and select or enter a file
name.

Updating a Radware Signature File or RSA Signature File


in DefensePro Devices
You can upload an updated Radware signature file or RSA signature file to a DefensePro device.
You can upload an updated Radware signature file to a DefensePro device.
Uploading an updated RSA signature file is relevant only DefensePro version-6.x devices.
You can upload an updated Radware signature file to a DefensePro device from the following
sources:

Radware.com or the proxy file server that is configured in the Vision Server
Connection configurationThe Alerts pane displays a success or failure notification and
whether the operation was performed using a proxy server.

APSolute Vision client systemThe name of the signature file must be <DEVICE-MACADDRESS>.sig.

Caution: Updating the signature file consumes large amounts of resources, which may cause the
device to go temporarily into an overload state. Radware recommends updating the signature file
during hours of low activity.

162

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance

Note: You can schedule signature-file updates in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.
For more information about using signature files, see the DefensePro User Guide.

To update the signature file of a device


1. In the device pane, select the device.

2. Click the arrow of the

(Operations) icon.

3. Select Update Security Signatures.


4. Configure the parameters, and click Update.

Table 67: Update Device Signature File Parameters for DefensePro

Parameter

Description

Signature Type

The type of the signature file to upload to the device.


Values:

Radware Signatures

RSA Signatures

Note: You can select RSA Signatures only on DefensePro version6.x devices that have Fraud Protection enabled.
Update From

The location of the signature file to upload.


Values:

Upload Via

Radware.comAPSolute Vision uploads the signature file directly


from Radware.com or from the proxy server that is configured in
the Vision Server Connection configuration.

ClientAPSolute Vision uploads the signature file from the


APSolute Vision client system. This option is only available for
Radware signatures.

The protocol used to upload the signature file.


Values: HTTP, HTTPS, TFTP

File Name

Name of the signature file on the client system.

(This parameter is
displayed only when
Update From Client is
selected)

Document ID: RDWR-APSV-V034000_UG1512

163

APSolute Vision User Guide


Managing Device Operations and Maintenance

Downloading a DefensePro Technical Support File


For debugging purposes, a DefensePro device can generate a TAR file containing the technical
information that Radware Technical Support requires. The file includes output of various CLI
commands, for example, a printout of the Client table.
You can download a DefensePro technical support file and send it to Radware Technical Support.

Note: You can also download a DefensePro technical support file using the DefensePro CLI. For
more information, see the DefensePro User Guide.
Use the following procedure to download a technical support file using APSolute Vision.

To download a technical support file using APSolute Vision

1.

In the device pane, select the device, and then, click the arrow of the
icon.

2.

Select Export Tech Support File.

3.

Configure download parameters, and click Submit.

(Operations)

Table 68: Device Technical Support File Download Parameters

Parameter

Description

Download Via

(Read-only) The protocol used to download the technical support file.


Value: HTTPS

Save As

Save the downloaded technical support file as a text file on the client
system. Enter or browse to the location of the saved file, and select or
enter a file name.

Managing DefensePro Configurations


This section describes how to manage configurations of the DefensePro devices that are configured
on the APSolute Vision server.

DefensePro Configuration File Content


The configuration file content is divided into two sections:

Commands that require rebooting the deviceThese include BWM Application


Classification Mode, Application Security status, Device Operation Mode, tuning parameters, and
so on. Copying and pasting a command from this section takes effect only after the device is
rebooted. The section has the heading: The following commands will take effect

only once the device has been rebooted!

Commands that do not require rebooting the deviceCopying and pasting a command
from this section takes effect immediately after pasting. The commands in the section are not
bound to SNMP. The section has the heading: The following commands take effect

immediately upon execution!


The commands are printed within each sectionin the order of implementation.

164

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance
At the end of the file, the device prints the signature of the configuration file. This signature is used
to verify the authenticity of the file and that it has not been corrupted. The signature is validated
each time the configuration file is uploaded to the device. If the validity check fails, the device
accepts the configuration, but a notification is sent to the user that the configuration file has been
tampered with and there is no guarantee that it works. The signature looks like File Signature:
063390ed2ce0e9dfc98c78266a90a7e4.

Downloading a Device-Configuration File


You can download a configuration file from a managed device to APSolute Vision, for backup. If you
choose to download to the APSolute Vision server, a copy is always saved in the APSolute Vision
database.
By default, you can save up to five (5) configuration files per device on the APSolute Vision server.
You can change this parameter in the APSolute Vision Setup page up to a maximum of 10. When the
limit is reached, you are prompted to delete the oldest file. For more information, see Configuring
APSolute Vision Server Advanced Parameters, page 122.

Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 222.

To download a device-configuration file


1. In the device pane, select the device.

2. Click the arrow of the

(Operations) icon.

3. Select Export Configuration File.


4. Configure the download parameters, and then, click Save.

Table 69: Device Configuration File Download Parameters

Parameter

Description

Download to

Where to back up the device configuration file.


Values: Client, Server

Download Via

(Read-only) The protocol used to download the configuration file.


Values: HTTPS

Save As

Save the downloaded configuration file as a text file on the client system.
On the server, the default name is a combination of the device name and
backup date and time. You can change the default name.

Passphrase

The passphrase for HTTPS.

(This parameter is
displayed only in Alteon
devices.)
Include Private Keys

When enabled, the certificate private key information is included in the


downloaded file. You must include the private key information to restore
the private keys; otherwise, the device reverts to default keys.

Document ID: RDWR-APSV-V034000_UG1512

165

APSolute Vision User Guide


Managing Device Operations and Maintenance

Restoring a Device Configuration


You can restore a DefensePro or DefenseFlow configuration from a backup configuration file on the
APSolute Vision server or client system to the DefensePro or DefenseFlow device. When you upload
the configuration file to the device, it overwrites the existing device configuration.
After the restore operation is complete, you must reboot the device.

Caution: Importing a configuration file that has been edited is not supported.

Caution: Importing a configuration file from a different version is not supported.

To restore a devices configuration


1.

In the device pane, select the device.

2.

Click the arrow of the

3.

Click Import Configuration File.

4.

Configure upload parameters, and click Submit.

5.

When the upload completes, reboot the device.

(Operations) icon.

Table 70: Device Configuration File Upload Parameters

Parameter

Description

Upload from

The location of the backup device configuration file to send.


Values: Client, Server

Upload Via

(Read-only) The protocol used to upload the configuration file.


Value: HTTPS

File Name

When uploading from the client system, enter or browse to the name of
the configuration file to upload.
When uploading from the server, select the configuration to upload.

Passphrase

The passphrase for HTTPS.

(This parameter is
available only with
Alteon devices.)

Updating DefensePro Policy Configurations


You can apply the following configuration changes to a DefensePro device in a single operation:

Network Protection policy

Server Protection policy

ACL policy

White list

166

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Device Operations and Maintenance

Black list

Classes

To update policy configurations on a DefensePro device

>

In the device pane, select the device, and then, click the

Document ID: RDWR-APSV-V034000_UG1512

button.

167

APSolute Vision User Guide


Managing Device Operations and Maintenance

168

Document ID: RDWR-APSV-V034000_UG1512

Chapter 7 Using Templates in APSolute Vision


This chapter contains the following main sections:

Using DefensePro Templates, page 169

Using AppShape Templates and Instances, page 176

Using Administrative Scripts, page 214

Using DefensePro Templates


This feature is available only in DefensePro 6.x versions 6.11 and later, and 7.x versions.
You can export and import DefensePro configuration templates.
A DefensePro configuration template can include the configuration (the definitions and security
settings) and/or policy baselines of a Network Protection policy and/or Server Protection policy.
A template from a Network Protection policy can include the baselines from the associated DNS and/
or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:

DefensePro setup and network configurationFor example, device time, physical ports,
and so on.

DefensePro security settingsThe protections that a policy template uses must be


supported and enabled globally in the target DefensePro device (that is, the target DefensePro
device into which you are importing the policy template). For example, if you export a Network
Protection policy that includes a BDoS Protection profile, the DefensePro device into which you
are importing the policy template must have BDoS Protection enabled globally (Configuration
perspective, Setup > Security Settings > BDoS Protection > Enable BDoS Protection).

User-defined signatures.

Notes

The terms Network Protection policy, and network policy may be used interchangeably in
APSolute Vision and in the documentation.

You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.

You can import Network Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.

You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.

You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.

Document ID: RDWR-APSV-V034000_UG1512

169

APSolute Vision User Guide


Using Templates in APSolute Vision

Exporting a Network Protection Policy as a Template


Use the following procedure to export a Network Protection policy as a template.

To export a Network Protection policy as a template


1.

In the Configuration perspective, select Network Protection > Network Protection Policies.

2.

Select the Network Protection policy that you want to export, and click

3.

Configure the parameters, and then click Submit.

(Export).

Table 71: Export Network Protection Parameters

Parameter

Description

Download To

Values:

ClientDefensePro exports the template to the location specified in


the filepath or by browsing to the location with the Browse button.

ServerDefensePro exports the template to the APSolute Vision


database.

Default: Server
Download Via

(Read-only) The transport method.


Value: HTTPS

Configuration

Specifies whether DefensePro exports the template with the configuration


of the policy.
Default: Enabled

DNS Baseline

Specifies whether DefensePro exports the template with the current DNS
baseline of the policy.
Default: Enabled

BDoS Baseline

Specifies whether DefensePro exports the template with the current BDoS
baseline of the policy.
Default: Enabled

User-Defined Signature Specifies whether DefensePro exports the template with the current userProtection Profile
defined Signature Protection profile of the policy.
Default: Enabled
Save As

The filepath when Download To is Client or the filename when


Download To is Server.
The default filename uses the following format (with no extension):

<DeviceName>_<PolicyName>_<date>_<time>
Example:

MyDefensePro_MyPolicy_2014.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.

170

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Exporting a Server Protection Policy as a Template


Use the following procedure to export a Server Protection policy as a template.

To export a Server Protection policy as a template


1. In the Configuration perspective, select Server Protection > Server Protection Policy.
2. Select the policy that you want to export, and click

(Export).

3. Configure the parameters, and then click Submit.

Table 72: Export Server Protection Parameters

Parameter

Description

Download To

Values:

ClientDefensePro exports the template to the location specified in


the filepath or by browsing to the location with the Browse button.

ServerDefensePro exports the template to the APSolute Vision


database.

Default: Server
Download Via

(Read-only) The transport method.


Value: HTTPS

Configuration

Specifies whether DefensePro exports the template with the configuration


of the policy.
Default: Enabled

HTTP Baseline

Specifies whether DefensePro exports the template with the current HTTP
baseline of the policy.
Default: Enabled

Save As

The filepath when Download To is Client or the filename when


Download To is Server.
The default filename uses the following format (with no extension):

<DeviceName>__<PolicyName>_<date>_<time>
Example:

MyDefensePro__MyPolicy_2015.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Date and Time
Format.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.

Document ID: RDWR-APSV-V034000_UG1512

171

APSolute Vision User Guide


Using Templates in APSolute Vision

Managing DefensePro Configuration Templates


Use the DefensePro Configuration Templates pane to manage security-protection templates.
The DefensePro Configuration Templates pane contains the table of templates, which comprises the
following columns:

Source Device NameDisplays one of the following:

The name of the device from which the template was exported.

LocalThe template was uploaded from the local PC.

SystemThe template is a predefined template.

File NameDisplays the filename of the template.

File TypeDisplays Server Protection for a template from a Server Protection policy or
Network Protection for a template from a Network Protection policy.

Export DateDisplays the date and time that the template was added to the Template List.
The date-time format is determined in the APSolute Vision Settings view Preferences
perspective, under General Settings > Date and Time Format.

The template table can contain up to 2000 entries.


You can filter the display of the list for convenience and efficiency, and clear the filter as necessary.
You can select one or multiple rows, using standard key combinations.
When you make a selection, you can do the following:

Send the templates to one or more DefensePro devices.

Delete the templates from one or more DefensePro devicesThe delete command
removes the selected template(s) from the table and, from the DefensePro devices, the policy
definitions and all other policy-related configurations (Network Classes, VLAN Tag Classes,
profile definitions) as long as the other policies on the device(s) are not using those objects.

Add (upload) templates from another location to the template table.

Download the templates to another location.

Delete the rowsThis action deletes the policy or policies, without the related objects.

To filter the display of the template list


1.

Click Templates (

2.

Configure the parameters, and then, click the

172

) to open the DefensePro Configuration Templates pane.


(Search) button.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 73: Template-List Filter Parameters

Parameter
Source Device Name

Description
Values:

Device nameShows only the templates downloaded from the


selected device.

LocalShows only the templates uploaded from the local PC.

SystemShows only the predefined templates.

Default: All
File Type

File Name

Values:

Server ProtectionShows the templates from Server Protection


policies.

Network ProtectionShows the templates from Network Protection


policies.

The filename that the filter uses. The value supports one or two
wildcards (*).
Examples:

*pol* Shows any filename containing the string pol.

*pol Shows any filename ending with the string pol.

pol* Shows any filename starting with the string pol.

To clear the template-list filter and show all of the stored templates
1. Click Templates (

) to open the DefensePro Configuration Templates pane.

2. Click Clear.

To send templates to DefensePro devices


1. Click Templates (

) to open the DefensePro Configuration Templates pane.

2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Send to Devices.
5. Configure the parameters, and then click Submit.

Document ID: RDWR-APSV-V034000_UG1512

173

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 74: Send to Devices: Select Devices to Update Parameters

Parameter

Description

Available Devices

The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.

Selected Devices

The DefensePro devices selected to update. Select devices and use


the arrows to move them to the other list as required.

Update Method

Values:

Append to Existing ConfigurationThe template adds the policy


and profile configurations, and any baselines, to the devices in the
Selected Devices list. If a policy or profile name exists in a
target device, the update fails.

Overwrite Existing ConfigurationThe template adds the policy


and profile configurations, and any baselines, to the devices in the
Selected Devices list. If a policy or profile with the same name
exists in a target device, the template overwrites it.

Default: Overwrite Existing Configuration


Caution: The following limitations exist for user-defined Signature
Protection profiles included in the policy (DefensePro 6.x versions
6.13 and later with the User-Defined Signature Protection
Profile option enabled):

When the Update Method is Append to Existing


Configuration and the policy does not exist, but a user-defined
Signature Protection profile name exists in the target device, the
policy is created in the target device using the existing Signature
protection profile.

When the Update Method is Overwrite Existing


Configuration and the user-defined Signature Protection profile
name exists in the target device, the policy is created or modified
(if it exists already), but the template does not modify the rules or
attributes of the existing Signature Protection profilethe
template only extends the profile with new rules and attributes on
the target device.

Install on Instance

The identifier or the DefensePro hardware instance onto which to add


(This parameter is relevant the template.
only for DefensePro x420
Values: 0, 1
platforms.)
Default: 0
Update Policies After
Sending Configuration

Values:

EnabledAfter successfully uploading a template to a device, an


Update Policies (activate latest changes) action is automatically
initiated.

DisabledAfter successfully uploading a template to a device, an


Update Policies (activate latest changes) action is required for the
configuration to take effect.

Default: Disabled

174

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

To delete templates and associated configuration objects from DefensePro devices


1. Click Templates (

) to open the DefensePro Configuration Templates pane.

2. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).
3. Select the rows with the required templates (using standard Windows key combinations).
4. Select Delete from Devices.
5. Configure the parameters, and then click Submit.

Table 75: Delete from Devices: Select Devices to Update Parameters

Parameter

Description

Available Devices

The DefensePro devices that you can select to update. Select devices
and use the arrows to move them to the other list as required.
Note: The list can contain only the devices that support the
templates features.

Selected Devices

The DefensePro devices selected to update. Select devices and use


the arrows to move them to the other list as required.
Note: The list can contain only DefensePro devices running 6.x
versions 6.14 and later, or 7.x versions 7.41.02 and later.

Update Policies After


Sending Configuration

Values:

EnabledAfter successfully deleting the template(s) and


associated configuration objects from a device, an Update Policies
(activate latest changes) action is automatically initiated.

DisabledAfter successfully deleting the template(s) and


associated configuration objects from the device(s), an Update
Policies (activate latest changes) action is required for the
configuration to take effect.

Default: Disabled

To add (upload) templates from another location to the template list


1. Click Templates (
2. Click the

) to open the DefensePro Configuration Templates pane.

(Add) button.

3. Configure the parameters, and then click Submit.

Table 76: Upload File to Server Parameters

Parameter

Description

File Type

Values:

Upload From

Server ProtectionThe template defines a Server Protection policy.

Network ProtectionThe template defines a Network Protection policy.

The filepath of the template. Click Browse to browse to the directory and
select the file.

Document ID: RDWR-APSV-V034000_UG1512

175

APSolute Vision User Guide


Using Templates in APSolute Vision

To download templates to another location


1.

Click Templates (

) to open the DefensePro Configuration Templates pane.

2.

Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).

3.

Select the rows with the required templates (using standard Windows key combinations).

4.

Click the

5.

In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.

6.

Click Save.

(Download Selected File) button.

To delete stored templates


1.

Click Templates (

) to open the DefensePro Configuration Templates pane.

2.

Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).

3.

Select the rows with the required templates (using standard Windows key combinations).

4.

Click the

(Delete) button in the pane.

Using AppShape Templates and Instances


Use AppShape templates to accelerate, simplify, and optimize the configuration of Alteon ADC
devices for deployments of the following applications:

Common Web Applications

DefenseSSL

Microsoft Exchange 2010

Microsoft Exchange 2013

Microsoft Lync External

Microsoft Lync Internal

Oracle E Business

Oracle SOA Suite 11g

Oracle WebLogic 12c

SharePoint 2010

SharePoint 2013

VMware View 5.1

Zimbra

176

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision
AppShape templates configure all the required ADC options tailored and optimized for the selected
business application. With APSolute Vision, you can create instances of AppShape templates from
one single configuration pane with a small set of parameters.
AppShape configures the full, optimal Server Load Balancing (SLB) configuration for the selected
business application, which comprises:

Real servers

Server groups

Virtual servers

Virtual services

Application servicessuch as (depending on the selected business application) health check,


FastView optimized caching, compression, connection management, or acceleration

Users with the Administrator role can manage the AppShape templates.
Users with following roles can create AppShape instances on Alteon devices:

Administrator

ADC Administrator

Device Administrator

System Configuration

To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run
CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH
must be enabled in the Management Protocols pane (Configuration perspective, System >
Management Access > Management Protocols). And, the SSH port configured in the
Management Protocols pane must be the same as the value in the SSH Port text box in the Device
Properties pane. (The Device Properties pane opens from the Sites and Clusters tab when you add a
new device or edit device properties.)

To view the basic parameters of AppShape instances that the APSolute Vision server is
managing
>

Click Templates (

) and select AppShapes.

Table 77: Basic Parameters of AppShape Instances in APSolute Vision

Parameter

Description

AppShape Type

The AppShape type.

Name

The name of the AppShape instance.


Note: You can change the name in the configuration of the
instance on the device.

Device Name

The name of the device on which the AppShape instance is deployed.

Virtual Address

The virtual IP address of the service.

Configuration Validation

The latest-known status that specifies whether the AppShape


instance is synchronized with the AppShape template.

Last Validation

The last time that the configuration of the device was synchronized
with the AppShape template.

Document ID: RDWR-APSV-V034000_UG1512

177

APSolute Vision User Guide


Using Templates in APSolute Vision
You can filter the display of the AppShapes Service table according to the values in any column. The
filter is either a drop-down list or a text box. If the filter is a text box, the result is a case-insensitive
match of a string that the specified string in the value. After you configure the filter criteria, to apply
the filter, click the

button to apply the filter. Click Clear to cancel the filter.

The nodes under the AppShapes node display, by default, the instances of the corresponding
AppShape type.

Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the
default of most AppShape types), configure the SSL certificate before you configure the AppShape
instance (Configuration perspective, Application Delivery > Application Services > SSL >
Certificate Repository).

To create an AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (

3.

Click the

4.

Do the following:

5.

) and select AppShapes.

(Add) button in the AppShape Service pane.

From the AppShape Type drop-down list, select the AppShape type that you require.

From the Device Name drop-down list, select the Alteon instance on which to configure the
AppShape instance.

Configure the mandatory parameters, make changes to non-mandatory parameters as required,


and click Submit.
For information on the various AppShape types and associated parameters, see the relevant
section:

Configuring a Common Web Application AppShape Instance, page 180

Configuring a DefenseSSL AppShape Instance, page 182

Configuring a Microsoft Exchange 2010 AppShape Instance, page 184

Configuring a Microsoft Exchange 2013 AppShape Instance, page 188

Configuring a Microsoft Lync External AppShape Instance, page 192

Configuring a Microsoft Lync Internal AppShape Instance, page 196

Configuring an Oracle E-Business AppShape Instance, page 199

Configuring an Oracle SOA Suite 11g AppShape Instance, page 201

Configuring an Oracle WebLogic 12c AppShape Instance, page 204

Configuring a SharePoint 2010 AppShape Instance, page 206

Configuring a SharePoint 2013 AppShape Instance, page 208

Configuring an VMware View 5.1 AppShape Instance, page 210

Configuring a Zimbra AppShape Instance, page 212

To validate an AppShape instance


>

178

Select the row with the AppShape instance and click

(Validate AppShape Instance).

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

To view or modify the configuration of an existing AppShape instance on a specific


device
1. Click Templates (

) and select AppShapes.

2. Select the row with the instance whose configuration you want to view or modify, and then, click
the

(Edit) button.

3. View or modify the configuration as required.

Uploading a New AppShape Template Type to the APSolute Vision Server


You can upload a new AppShape template type to the APSolute Vision server. When you upload a
new AppShape template type to the APSolute Vision server, you do not need to change or even
restart the APSolute Vision server. All you need is the AppShape-template ZIP file, that you receive
from Radware.

Caution: If you upload an AppShape template type that already exists in the APSolute Vision
server, before proceeding, and overwriting the existing template, Radware strongly recommends
that you remove existing instances of the template. If you overwrite the existing template and there
are existing instances of this template, unexpected results may occur.

Note: The online help that includes the description of the new AppShape template type will be in
the online-help files at radware.com and the latest online-help package. The APSolute Vision
administrator can configure whether the online help comes from the APSolute Vision server or from
radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary with the latest online-help package.

To upload a new AppShape template type to the APSolute Vision server


1. Click Templates (
2. Click the

) and select AppShapes.

(Upload AppShape Template) button at the top-left of the Templates pane.

3. Navigate to the AppShape-template ZIP file, and then, click Open.

Document ID: RDWR-APSV-V034000_UG1512

179

APSolute Vision User Guide


Using Templates in APSolute Vision

Configuring a Common Web Application AppShape Instance


Use the Common Web Application AppShape to configure an Alteon ADC device to work in a network
architecture with a generic HTTP-based application.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Common
Web ApplicationAppShape-generated Configuration, page 573.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Common Web Application AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (

3.

Do one of the following:

4.

) and select AppShapes > Common Web Application.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 78: Common Web Application: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 79: Common Web Application: Web Application Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

180

The virtual IP address of the service.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 80: Common Web Application: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 81: Common Web Application: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http

Table 82: Common Web Application: HTTP Parameters

Parameter

Description

Caching

Specifies whether the HTTP profile uses caching.


Default: Enabled

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Connection Management

Specifies whether the HTTP profile uses connection management.


If enabled, you must configure the proxy IP address.
Default: Enabled

Proxy IP
(This button is displayed
only when the
Connection
Management checkbox is
selected.)

Opens the Proxy IP pane. For information on adding a new proxy IP


address, see Configuring Proxy IP, page 118.

Document ID: RDWR-APSV-V034000_UG1512

181

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 83: Common Web Application: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring a DefenseSSL AppShape Instance


Use the DefenseSSL AppShape to configure an Alteon ADC device to work in a network architecture
with DefenseSSL. DefenseSSL mitigates SSL encrypted flood attacks at the network perimeter.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see
DefenseSSLAppShape-generated Configuration, page 575.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a DefenseSSL AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > DefenseSSL. The AppShape Type dropdown list displays DefenseSSL.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 84: DefenseSSL: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

182

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 85: DefenseSSL: DefenseSSL Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 86: DefenseSSL: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 87: DefenseSSL: SSL Parameters

Parameter
SSL Acceleration

Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Table 88: DefenseSSL: Static ARP Parameters

Parameter

Description

Address

The IP address for the ARP entry.

MAC Address

The MAC address for the ARP entry.

VLAN

The VLAN for the ARP entry.


Values: 14090

Port

The port for the ARP entry.


The range of valid values depends on the device on which you are
deploying the AppShape instance.

Document ID: RDWR-APSV-V034000_UG1512

183

APSolute Vision User Guide


Using Templates in APSolute Vision

Configuring a Microsoft Exchange 2010 AppShape Instance


Use the Microsoft Exchange 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2010.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2010 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.

Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.

Figure 38: Alteon and Microsoft Exchange 2010 Architecture

External Clients
Ethernet

Ethernet

DMZ

192.168.2.254/24

Firewall

Internal Clients

192.168.1.254/24

Edge Transport Server

ACT

LINK

10

11

ACT

1000
10/100

Alteon 4416

MNG 1

LINK

PWR

PWR

FAN
ACT LINK

ACT LINK

ACT LINK

ACT LINK

13

14

15

16

SYS OK

ACT

LINK

ACT

12

LINK

RST

USB

MNG 2

CONSOLE

Alteon.active.device
ACT

192.168.1.1/24

LINK

10

11

ACT

1000
10/100

Alteon 4416

MNG 1

LINK

PWR

PWR

FAN
ACT LINK

ACT LINK

ACT LINK

ACT LINK

13

14

15

16

SYS O K

ACT

LINK

ACT

12

LINK

RST

USB

MNG 2

CONSOL E

Alteon.backup.device
192.168.1.2/24

Ethernet

Exchange CAS application servers


(client access servers)
192.168.1.81

184

192.168.1.82

Mail Box Servers DAG


(not part of the AppShape configuration )
192.168.1.33

192.168.1.34

Exchange SMTP application servers


(HUB transport)
192.168.1.35

192.168.1.36

Active Directory
(not part of the AppShape configuration )
192.168.1.10

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2010AppShape-generated Configuration, page 576.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Microsoft Exchange 2010 AppShape instance on a device


1. Lock the Alteon device on which you intend to configure the AppShape instance.
2. Click Templates (
) and select AppShapes > Microsoft Exchange 2010. The AppShape
Type drop-down list displays Microsoft Exchange 2010.
3. Do one of the following:

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

4. Configure the parameters, and click Submit.

Table 89: Microsoft Exchange 2010: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 90: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 91: Microsoft Exchange 2010: Protocols Parameters

Parameter

Description

RPC Client Access

The static port for the RPC Client Access Service.


Values: 1065535
Default: 135

Document ID: RDWR-APSV-V034000_UG1512

185

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 91: Microsoft Exchange 2010: Protocols Parameters (cont.)

Parameter

Description

RPC Endpoint Mapper

The port for the RPC Endpoint Mapper.


Values: 1065535
Default: 59532

Exchange Address Book

The port for the Exchange Address Book.


Values: 1065535
Default: 59533

POP3

The port for the associated POP3 server.


This parameter is optional.
Values: 1065535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 110

Secured

Specifies whether the POP3 server uses a secured port.


Default: Enabled

IMAP4 (Optional)

The port for the associated IMAP4 server.


This parameter is optional.
Values: 1065535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 143

Secured

Specifies whether the IMAP4 server uses a secured port.


Default: Enabled

Table 92: Microsoft Exchange 2010: Application Servers Parameters

Parameter

Description

Exchange CAS Application Servers


Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

186

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 92: Microsoft Exchange 2010: Application Servers Parameters (cont.)

Parameter

Description

Exchange SMTP Application Servers


Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 93: Microsoft Exchange 2010: Load Balancing Settings Parameters

Parameter

Description

CAS
SLB Metric

The SLB metric used to select next server in the group.1


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http

SMTP Settings
SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: smtp

1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.

Table 94: Microsoft Exchange 2010: HTTP Parameters

Parameter

Description

Caching

Specifies whether the HTTP profile uses caching.


Default: Enabled

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Connection Management

Specifies whether the HTTP profile uses connection management.


If enabled, you must configure the proxy IP address.
Default: Disabled

Document ID: RDWR-APSV-V034000_UG1512

187

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 94: Microsoft Exchange 2010: HTTP Parameters (cont.)

Parameter

Description

Proxy IP

Opens the Proxy IP pane. For information on adding a new proxy IP


address, see Configuring Proxy IP, page 118.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)

Table 95: Microsoft Exchange 2010: SSL Parameters

Parameter
SSL Acceleration

Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring a Microsoft Exchange 2013 AppShape Instance


Use the Microsoft Exchange 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2013.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2013 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.

Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.

188

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Figure 39: Alteon and Microsoft Exchange 2013 Architecture

External Clients
Ethernet

Ethernet

DMZ

192.168.2.254/24

Firewall

Internal Clients

192.168.1.254/24

Edge Transport Server

ACT

LINK

10

11

ACT

Alteon 4416

MNG 1

LINK

1000
10/100

PWR

PWR

FAN
ACT LINK

ACT LINK

ACT LINK

ACT LINK

13

14

15

16

SYS OK

ACT

LINK

ACT

12

LINK

RST

USB

MNG 2

CONSOLE

Alteon.active.device
ACT

LINK

10

11

ACT

Alteon 4416

MNG 1

LINK

1000

192.168.1.1/24

10/100

PWR

PWR

FAN
ACT LINK

ACT LINK

ACT LINK

ACT LINK

13

14

15

16

SYS OK

ACT

LINK

ACT

12

LINK

RST

USB

MNG 2

CONSOL E

Alteon.backup.device
192.168.1.2/24

Ethernet

Exchange CAS application servers


(client access servers)
192.168.1.81

192.168.1.82

Mail Box Servers DAG


(not part of the AppShape configuration )
192.168.1.33

192.168.1.34

Exchange IMAP application servers


192.168.1.35

192.168.1.36

Exchange POP3 application servers


192.168.1.37

Active Directory
(not part of the AppShape configuration )

192.168.1.38

192.168.1.10

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2013AppShape-generated Configuration, page 579.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Microsoft Exchange 2013 AppShape instance on a device


1. Lock the Alteon device on which you intend to configure the AppShape instance.
2. Click Templates (
) and select AppShapes > Microsoft Exchange 2013. The AppShape
Type drop-down list displays Microsoft Exchange 2013.
3. Do one of the following:

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

4. Configure the parameters, and click Submit.

Document ID: RDWR-APSV-V034000_UG1512

189

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 96: Microsoft Exchange 2013: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 97: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 98: Microsoft Exchange 2013: Application Servers Parameters

Parameter

Description

Exchange CAS Application Servers


Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
Exchange IMAP Application Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

190

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 98: Microsoft Exchange 2013: Application Servers Parameters (cont.)

Parameter

Description

Exchange POP3 Application Servers


Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 99: Microsoft Exchange 2013: Load Balancing Settings Parameters

Parameter

Description

CAS
SLB Metric

The SLB metric used to select next server in the group.


Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http

IMAP Settings
SLB Metric

The SLB metric used to select next server in the group.1


Default: Round Robin

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: imap

POP3 Settings
SLB Metric

The SLB metric used to select next server in the group.


Default: Round Robin

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: pop3

1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits. For more information on the SLB Metric, see Configuring Server Groups,
page 339.

Document ID: RDWR-APSV-V034000_UG1512

191

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 100: Microsoft Exchange 2013: HTTP Parameter

Parameter

Description

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Table 101: Microsoft Exchange 2013: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring a Microsoft Lync External AppShape Instance


Use the Microsoft Lync External AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync External.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link ExternalAppShape-generated Configuration, page 582.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Microsoft Lync External AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > Microsoft Lync External. The AppShape
Type drop-down list displays Microsoft Lync External.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 102: Microsoft Lync External: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

192

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 102: Microsoft Lync External: General Parameters (cont.)

Parameter

Description

Device Name

The name of the device on which the AppShape instance is deployed.

Table 103: Microsoft Lync External: Microsoft Lync External Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f


format, that the configuration device was synchronized
with the AppShape template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Edge AV HTTPS Virtual Address

The text box contains the virtual IP address of the edge


audio-visual service, and the checkbox specifies whether
the service is enabled.

Edge Meeting HTTPS Virtual Address

The text box contains the virtual IP address of the edge


Meeting service, and the checkbox specifies whether the
service is enabled.

Edge IM HTTPS Virtual Address

The text box contains the virtual IP address of the edge


instant-messaging service, and the checkbox specifies
whether the service is enabled.

Edge SIP HTTPS Virtual Address

The text box contains the virtual IP address of the edge


SIP service, and the checkbox specifies whether the
service is enabled.

CWA Virtual Address

The text box contains the virtual IP address of the


Communicator Web Access (CWA) server, and the
checkbox specifies whether the service is enabled.

Table 104: Microsoft Lync External: Application Servers Parameters

Parameter

Description

SIP Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Document ID: RDWR-APSV-V034000_UG1512

193

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 104: Microsoft Lync External: Application Servers Parameters (cont.)

Parameter

Description

IM Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
CWA Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
Meeting Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
AV Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

194

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 105: Microsoft Lync External: Load Balancing Settings Parameters

Parameter

Description

Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync
External Instance Parameters, page 193 table.
Edge HTTPS SIP (443) Settings
SLB Metric

The SLB metric used to select next server in the group.1


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge IM (443) Settings


SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge Meeting (443) Settings


SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge CWA Settings


SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge AV (443) Settings


SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Real Servers, page 326.

Document ID: RDWR-APSV-V034000_UG1512

195

APSolute Vision User Guide


Using Templates in APSolute Vision

Configuring a Microsoft Lync Internal AppShape Instance


Use the Microsoft Lync Internal AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync Internal.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link InternalAppShape-generated Configuration, page 584.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Microsoft Lync Internal AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > Microsoft Lync Internal. The AppShape
Type drop-down list displays Microsoft Lync Internal.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 106: Microsoft Lync Internal: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format,


that the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Front-End Virtual Address

The text box contains the virtual IP address of the front end, and
the checkbox specifies whether the address is used.

Edge Internal Virtual Address

The text box contains the virtual IP address of the internal edge,
and the checkbox specifies whether the address is used.

Directors Virtual Address

The text box contains the virtual IP address of the directors, and
the checkbox specifies whether the address is used.

196

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 107: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters (cont.)

Parameter

Description

CWA Virtual Address

The text box contains the virtual IP address of the Communicator


Web Access (CWA) server, and the checkbox specifies whether the
address is used.

Table 108: Microsoft Lync Internal: Application Servers Parameters

Parameter

Description

Real Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
Edge Internal Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.
Director Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Document ID: RDWR-APSV-V034000_UG1512

197

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 108: Microsoft Lync Internal: Application Servers Parameters (cont.)

Parameter

Description

CWA Servers
Address/Port table

Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 109: Microsoft Lync Internal: Load Balancing Settings Parameters

Parameter

Description

Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal
Instance Parameters, page 196 table.
Front-End Settings
SLB Metric

The SLB metric used to select next server in the group.1


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge Settings
SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Directors Settings
SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

Edge CWA Settings


SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP

198

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision
1 If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Real Servers, page 326.

Table 110: Microsoft Lync Internal: CWA HTTP Configuration Parameters

Parameter

Description

Compression

Specifies whether compression is enabled on the Communicator Web


Access (CWA) servers.
Default: Enabled

Domain Name

The CWA domain name.


Example: https://cwa.lyncmycompany.com
Note: Internally, APSolute Vision forces the prefix of the domain
name to be https. For example, if you enter
http://cwa.lyncmycompany.com or just
cwa.lyncmycompany.com, APSolute Vision configures the value in
Alteon as
https://cwa.lyncmycompany.com.

Table 111: Microsoft Lync Internal: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

For information on configuring SSL certificates, see Managing the


Certificate Repository, page 394.

To edit the selected SSL certificate, click Server Certificate.

Configuring an Oracle E-Business AppShape Instance


Use the Oracle E-Business AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle E-Business.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle EBusinessAppShape-generated Configuration, page 593.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

Document ID: RDWR-APSV-V034000_UG1512

199

APSolute Vision User Guide


Using Templates in APSolute Vision

To configure an Oracle E-Business instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > Oracle E-Business. The AppShape Type
drop-down list displays Oracle E-Business.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 112: Oracle E-Business: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 113: Oracle E-Business: Oracle E-Business Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 114: Oracle E-Business: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
Oracle E-Business server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

200

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 115: Oracle E-Business: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Table 116: Oracle E-Business: HTTP Parameters

Parameter

Description

Caching

Specifies whether the HTTP profile uses caching.


Default: Enabled

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Table 117: Oracle E-Business: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring an Oracle SOA Suite 11g AppShape Instance


Use the Oracle SOA Suite 11g AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle SOA Suite 11g.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
SOA Suite 11gAppShape-generated Configuration, page 594.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

Document ID: RDWR-APSV-V034000_UG1512

201

APSolute Vision User Guide


Using Templates in APSolute Vision

To configure a Oracle SOA Suite 11g instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > Oracle SOA Suite 11g. The AppShape Type
drop-down list displays Oracle SOA Suite 11g.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 118: Oracle SOA Suite 11g: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 119: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Customer VIP

The virtual IP address of the customer.

Internal SOA Services VIP The virtual IP address of the internal SOA services.
Management Access VIP

The virtual IP address of the management access.

Table 120: Oracle SOA Suite 11g: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
Oracle SOA Suite 11g server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

202

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 121: Oracle SOA Suite 11g: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Least Connections
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http

Table 122: Oracle SOA Suite 11g: HTTP Parameters

Parameter

Description

Caching

Specifies whether the HTTP profile uses caching.


Default: Enabled

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Connection Management

Specifies whether the HTTP profile uses connection management.


If enabled, you must configure the proxy IP address.
Default: Enabled

Table 123: Oracle SOA Suite 11g: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

For information on configuring SSL certificates, see Managing the


Certificate Repository, page 394.

To edit the selected SSL certificate, click Server Certificate.

Document ID: RDWR-APSV-V034000_UG1512

203

APSolute Vision User Guide


Using Templates in APSolute Vision

Configuring an Oracle WebLogic 12c AppShape Instance


Use the Oracle WebLogic 12c AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle WebLogic 12c.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
WebLogic 12cAppShape-generated Configuration, page 596.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Oracle WebLogic 12c instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > Oracle WebLogic 12c. The AppShape Type
drop-down list displays Oracle WebLogic 12c.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 124: Oracle WebLogic 12c: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 125: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

204

The virtual IP address of the service.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 126: Oracle WebLogic 12c: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
Oracle WebLogic 12c server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 127: Oracle WebLogic 12c: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Table 128: Oracle WebLogic 12c: HTTP Parameters

Parameter

Description

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Table 129: Oracle WebLogic 12c: SSL Parameters

Parameter
SSL Acceleration

Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Document ID: RDWR-APSV-V034000_UG1512

205

APSolute Vision User Guide


Using Templates in APSolute Vision

Configuring a SharePoint 2010 AppShape Instance


Use the SharePoint 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2010.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2010AppShape-generated Configuration, page 598.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a SharePoint 2010 AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > SharePoint 2010. The AppShape Type
drop-down list displays SharePoint 2010.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 130: SharePoint 2010: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 131: SharePoint 2010: SharePoint 2010 Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

206

The virtual IP address of the service.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 132: SharePoint 2010: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
SharePoint 2010 server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 133: SharePoint 2010: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Health Check

The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http

Table 134: SharePoint 2010: HTTP Parameters

Parameter

Description

Caching

Specifies whether the HTTP profile uses caching.


Default: Enabled

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Connection Management

Specifies whether the HTTP profile uses connection management.


If enabled, you must configure the proxy IP address.
Default: Enabled

Domain Name

The domain for of the SharePoint 2010 server.


Maximum characters: 34

Proxy IP
(This button is displayed
only when the
Connection
Management checkbox is
selected.)

Opens the Proxy IP pane. For information on adding a new proxy IP


address, see Configuring Proxy IP, page 118.

Document ID: RDWR-APSV-V034000_UG1512

207

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 135: SharePoint 2010: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring a SharePoint 2013 AppShape Instance


Use the SharePoint 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2013.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2013AppShape-generated Configuration, page 600.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a SharePoint 2013 AppShape instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > SharePoint 2013. The AppShape Type
drop-down list displays SharePoint 2013.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 136: SharePoint 2013: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

208

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 137: SharePoint 2013: SharePoint 2013 Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 138: SharePoint 2013: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
SharePoint 2013 server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 139: SharePoint 2013: Load Balancing Settings Parameters

Parameter
SLB Metric

Description
The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Table 140: SharePoint 2013: HTTP Parameters

Parameter

Description

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Domain Name

The domain for of the SharePoint 2013 server.


Maximum characters: 34

Document ID: RDWR-APSV-V034000_UG1512

209

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 141: SharePoint 2013: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Configuring an VMware View 5.1 AppShape Instance


Use the VMware View 5.1 AppShape to configure an Alteon ADC device to work in a network
architecture with VMware View 5.1.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware
View 5.1AppShape-generated Configuration, page 601.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a VMware View 5.1 instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
) and select AppShapes > VMware View 5.1. The AppShape Type
drop-down list displays VMware View 5.1.

3.

Do one of the following:

4.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 142: VMware View 5.1: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

210

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 143: VMware View 5.1: VMware View 5.1 Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 144: VMware View 5.1: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
VMware View 5.1 server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 145: VMware View 5.1: Load Balancing Settings Parameters

Parameter
SLB Metric

Description
The SLB metric used to select next server in the group.
Default: Persistent Hash
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Table 146: VMware View 5.1: HTTP Parameters

Parameter

Description

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Table 147: VMware View 5.1: SSL Parameters

Parameter

Description

SSL Acceleration

Specifies whether SSL offloading is enabled for acceleration.


Default: Enabled

Document ID: RDWR-APSV-V034000_UG1512

211

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 147: VMware View 5.1: SSL Parameters (cont.)

Parameter

Description

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

For information on configuring SSL certificates, see Managing the


Certificate Repository, page 394.

To edit the selected SSL certificate, click Server Certificate.

Configuring a Zimbra AppShape Instance


Use the Zimbra AppShape to configure an Alteon ADC device to work in a network architecture with
Zimbra.

Notes

For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra
AppShape-generated Configuration, page 602.

The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.

To configure a Zimbra instance on a device


1.

Lock the Alteon device on which you intend to configure the AppShape instance.

2.

Click Templates (
displays Zimbra.

3.

Do one of the following:

4.

) and select AppShapes > Zimbra. The AppShape Type drop-down list

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and click Submit.

Table 148: Zimbra: General Parameters

Parameter

Description

AppShape Type

The specified AppShape type.

Device Name

The name of the device on which the AppShape instance is deployed.

Table 149: Zimbra: Zimbra Instance Parameters

Parameter

Description

Last Validation

(Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that


the configuration device was synchronized with the AppShape
template.

Valid Configuration

(Read-only) Specifies whether the configuration is valid.

212

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 149: Zimbra: Zimbra Instance Parameters (cont.)

Parameter

Description

Instance Name

The name of the AppShape instance.


Maximum characters: 100

Virtual Address

The virtual IP address of the service.

Table 150: Zimbra: Application Servers Parameters

Parameter

Description

Address/Port table

Contains the addresses and ports of each real server configured for the
Zimbra server.
To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the
button.

(Edit)

For information on configuring real servers, see Configuring Real


Servers, page 326.

Table 151: Zimbra: Load Balancing Settings Parameters

Parameter

Description

SLB Metric

The SLB metric used to select next server in the group.


Default: Persistent Hash
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
For more information on the SLB Metric, see Configuring Server
Groups, page 339.

Table 152: Zimbra: HTTP Parameters

Parameter

Description

Compression

Specifies whether the HTTP profile uses compression.


Default: Enabled

Table 153: Zimbra: SSL Parameters

Parameter
SSL Acceleration

Description
Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled

Server Certificate

The name of the SSL certificate, selected from the drop-down list.

(This parameter is
displayed only when the
SSL Acceleration
checkbox is selected.)

To edit the selected SSL certificate, click Server Certificate.


For information on configuring SSL certificates, see Managing the
Certificate Repository, page 394.

Document ID: RDWR-APSV-V034000_UG1512

213

APSolute Vision User Guide


Using Templates in APSolute Vision

Using Administrative Scripts


The following sections describe using administrative scripts:

Administrative ScriptsOverview, page 214

Predefined Administrative Scripts, page 216

Guidelines for Writing Administrative Scripts, page 216

Managing Administrative Scripts, page 218

Running an Administrative Script from the Administrative Scripts Tab, page 220

Administrative ScriptsOverview
Use administrative scripts in APSolute Vision to automate common administrative tasks on managed
Alteon and DefensePro devices. You can run any script configured in APSolute Vision from the
Administrative Scripts tab. You can also run scripts by clicking an icon in the toolbar of managed
devices.
Administrative scripts in APSolute Vision use the vDirect infrastructure. Administrative scripts in
APSolute Vision are vDirect scripts. They are text files with the .vm extension, and they use vDirect
syntax. There is a joint APSolute-VisionvDirect repository. You can load the scripts from APSolute
Vision or from vDirectand execute them from both locations. Any change you to make to a script
is reflected in both locations. The vDirect component in APSolute Vision validates the scripts and
hosts them in the vDirect Configuration Templates tab. You can use vDirect to write new
administrative scripts and then configure them in APSolute Vision. If a script is already configured in
APSolute Vision, you can click on its link, which opens the script in vDirectfor you to view or
modify as you require.

Note: For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect
with APSolute Vision, page 495, and the Radware vDirect documentation.

214

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Figure 40: Administrative Scripts Interface


CategoriesYou can define a category for each script. When you click on the category
node, the Administrative Scripts tab displays only the scripts belonging to the category.
Buttons for managing a script: Add, Edit (that is, its properties not the
script itself), Delete, and Download.
Run buttonRuns the select script and opens the Run Script tab,
where you specify the target devices and script-specific values.

The Administrative Scripts tab includes the following:

All the functionality for using administrative scriptswhich comprises the following:

Running a selected script.

Configuring script in the APSolute Vision server.

Exporting a script from the APSolute Vision server, to modify or view as necessary.

Deleting a script from the APSolute Vision server.

A table with all the scripts configured in the APSolute Vision serverwhich comprises
the following columns:

Action TitleThe title for the script.

File NameThe file name of the script, which is a hyperlink to the script in the vDirect
component.

IconThe icon that runs the script from the toolbar of a managed device. This is relevant
only when the Assign to Toolbar parameter is set in the script configuration.

CategoryThe category assigned to sort the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.

Device ToolbarThe device types whose toolbar displays an icon to run the script.

DescriptionThe user-defined description of the script.

Created ByThe username who uploaded the script to APSolute Vision.

Upload DateThe date the script was uploaded to APSolute Vision.

Document ID: RDWR-APSV-V034000_UG1512

215

APSolute Vision User Guide


Using Templates in APSolute Vision

Predefined Administrative Scripts


APSolute Vision provides many out-of-the-box predefined scripts. The predefined scripts are
configured by default in the Administrative Scripts tab.
As with all scripts configured in the Administrative Scripts tab, you can export them, modify them,
and add them back into the Administrative Scripts tab.
If you intend to run a predefined script often, you may want to modify its default configuration
according to your system configuration.

Caution: Upgrade of APSolute Vision may include changes to predefined scripts, which overwrite
any script modification that you have made to the predefined scripts. If you modify a predefined
script, it is recommended that you download the file, rename it, and upload it to APSolute Vision as
a new script.
Typically, you may want to modify the values of the following parameters of a predefined script:

Action TitleIf you modify the script, you may want to modify the title to be more descriptive.

Assign to ToolbarBy default, this parameter is disabled. That is, by default, you cannot run
a predefined script from the toolbar of a managed device. You may want to enable this
parameter.
If you configure the script to run from the toolbar of a managed device, you can specify the
following related parameters:

Device ToolbarSpecifies which device types display the icon to run the script.

IconSpecifies the icon that runs the script. You can choose from an assortment of icons
that APSolute Vision provides.

CategorySpecifies a category to assign to the script. When you click on the category node,
the Administrative Scripts tab displays only the scripts belonging to the category.

Guidelines for Writing Administrative Scripts


This section presents guidelines for writing a vDirect script to use as an administrative script
APSolute Vision.

Notes

The predefined scripts (see Predefined Administrative Scripts, page 216) incorporate the
guidelines as appropriate. For example, using #haltOnDeviceError is not incorporated in a
script that uses a GET command.

For more information on vDirect, see vDirect with APSolute Vision, page 45, Using vDirect with
APSolute Vision, page 495, and the Radware vDirect documentation.

Tip: If you need to run a script repeatedly with the same values, edit the script and define default
values for parameters.

216

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision
Here are some snippets showing how to set a default value for a parameter:

#param($activate, 'type=string', 'prompt=Enable User',


'values=Enable,Disable', 'defaultValue=Enable')

#param($crtmng, 'type=string', 'prompt=Certificate Management',


'values=Enable,Disable', 'defaultValue=Disable')

#param($name, 'type=string', 'prompt=Server Name',


'properties={"maxCharLength" : "24"}', 'defaultValue="My Server"'))

#param($privsrc, 'type=ip', 'prompt=Primary Source Address',


'required=false', 'defaultValue=0.0.0.0')

When you write a vDirect script to use as an administrative script APSolute Vision, Radware
recommends using the following:

#haltOnDeviceError(true|false) ... #end This block directive surrounds a block of


commands.
When you use the true argument, every command is automatically tested for errors and, if an
error response is detected, the script is halted with an exception. The drawback to this is that
when you run an administrative script on multiple devices, the first exception causes the script
to halt.
When you use the false argument, no command is tested for errors, and the script is not halted.

An output parameter, so that the APSolute Vision alert message displays the output of the
script formatted well and clearly.

Figure 41: Example Output that Is Not Formatted Well

Figure 42: Example Output that Is Formatted Well

Document ID: RDWR-APSV-V034000_UG1512

217

APSolute Vision User Guide


Using Templates in APSolute Vision
The following is an excerpt of a script that includes an output parameter, so that the APSolute
Vision alert message displays the output of the script formatted well and clearly.

#device($alteons, 'type=alteon[]', 'prompt=Alteon/LinkProof NG')


#param($output, 'type=string','out')
#set($output = 'The following devices are pending apply:<br>')
#set($negOutput = 'There are no devices pending apply.')
#set($tempOutput = '')
#foreach($alteon in $alteons)
#select($alteon)
#set($applyTable = $alteon.readAllBeans("AgApply"))
#foreach($applyRow in $applyTable)
#if($applyRow.agApplyPending == 'APPLYNEEDED')
#set($tempOutput = $tempOutput + $alteon.ip + '<br>')
#end
#end
#end
#if($tempOutput.isEmpty())
#set($output = $negOutput)
#else
#set($output = $output + $tempOutput)
#end

Managing Administrative Scripts


Managing administrative scripts includes the following:

Configuring an Administrative Script in APSolute Vision, page 218

Deleting an Administrative Script from APSolute Vision, page 220

Downloading an Administrative Script, page 220

Configuring an Administrative Script in APSolute Vision


Use the Administrative Scripts tab to configure an administrative script in APSolute Vision.

To configure an administrative script in APSolute Vision


1.

Click Templates (

2.

Do one of the following:

3.

218

) and select Administrative Scripts.

To add an entry to the table, click the

(Add) button.

To edit an entry in the table, select the entry and click the

(Edit) button.

Configure the parameters, and then click Submit.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using Templates in APSolute Vision

Table 154: Administrative Script Parameters

Parameter

Description

Action Title

The title for the script.

Assign to Toolbar

Specifies whether you can run the script from the toolbar of a managed
device.
Default: Disabled

Icon
(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)
Category

The icon that you click to run the script from the toolbar of a managed
device.

The category that determines which node (under the parent


Administrative Scripts node) contains the script. That is, when you click
on a category node, the Administrative Scripts tab displays only the scripts
belonging to that category.
Values:

Configuration

Data Export

Emergency

High Availability

Monitoring

Operations

Unassigned

Default: Unassigned
Upload From

The path to the script.

Device Toolbar

The device type whose toolbar displays the icon to click to run the script

(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)

Values: Alteon, LinkProof NG, DefensePro, All

Tooltip

The tooltip that displays when you hover over the icon in device toolbar.

(This button is
available only when
the Assign to
Toolbar checkbox is
selected.)

Maximum characters: 255

Description

The description of the script.

Default: All

Document ID: RDWR-APSV-V034000_UG1512

219

APSolute Vision User Guide


Using Templates in APSolute Vision

Deleting an Administrative Script from APSolute Vision


Use the Administrative Scripts tab to delete an administrative script in APSolute Vision.

To delete an administrative script from APSolute Vision


1.

Click Templates (

) and select Administrative Scripts.

2.

Select the script, and click the

(Delete) button.

Downloading an Administrative Script


Use the Administrative Scripts tab to download or view an administrative script in APSolute Vision.

To download or view an administrative script


1.

Click Templates (

2.

Configure the filter as necessary (see the procedure To filter the display of the template list,
page 172).

) to open the DefensePro Configuration Templates pane.

3.

Select the rows with the required templates (using standard Windows key combinations).

4.

Click the

5.

In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.

6.

Click Save.

(Download Selected File) button.

Running an Administrative Script from the Administrative Scripts Tab


You can run an administrative script from the Administrative Scripts tab.

To run an administrative script from APSolute Vision


1.

Click Templates (

2.

Select the script, and click the

3.

Specify the target devices and script-specific values, and then click Submit.

220

) and select Administrative Scripts.


(Run Script) button. The Run Script tab opens.

Document ID: RDWR-APSV-V034000_UG1512

Chapter 8 Scheduling APSolute Vision and


Device Tasks
The following topics describe how to schedule APSolute Vision and device operations in the APSolute
Vision Scheduler:

Overview of Scheduling, page 221

Managing Tasks in the Scheduler, page 222

Task Parameters, page 223

Overview of Scheduling
You can schedule various operations for the APSolute Vision server and managed devices. Scheduled
operations are called tasks.
The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be
performed next. When you configure a task for multiple devices, the task runs on each device
sequentially. After the task completes on one device, it begins on the next. If the task fails to
complete on a device, the Scheduler will activate the task on the next listed device.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.

Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision
server or the managed device, take the time offset into consideration.
When you define a task, you can choose whether to enable or disable the task. All configured tasks
are stored in the APSolute Vision database.
You can define the following types of scheduled tasks:

Back up the APSolute Vision server configuration

Back up a device configuration

Back up the APSolute Vision Reporter data

Reboot a device

Update the Radware security signature file onto a DefensePro device from Radware.com or the
proxy server

Update the RSA security signature file onto a DefensePro device from Radware.com or the proxy
server

Update the APSolute Vision Attack Description file from Radware.com or the proxy server

Apply DefensePro configuration templates

Note: You can perform some of the operations manually, for example, from the APSolute Vision
Settings view System perspective, or from the Operations options

).

Document ID: RDWR-APSV-V034000_UG1512

221

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Managing Tasks in the Scheduler


The Task List table is the starting point for viewing and configuring tasks, which are scheduled
operations. The table displays the information for each configured task. You can sort and filter the
table rows according to your needs. You can also drag the bottom of Task List pane to lengthen the
table.

Figure 43: Sorting Rows in the Task List


Click the far-right side of the title of the column with the values to
sort by. Then, select Sort Ascending or Sort Descending.

Note: For more information on filtering table rows, see Filtering Table Rows, page 67.

Table 155: Tasks Table Parameters

Parameter

Description

Task Type

The type of task to be performed.

Name

The name of the configured task.

Description

The user-defined description of the task.

Current Status

The current status of the task.


Values: Waiting, In progress

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task is saved in the database.

Last Execution Status

Whether the last task run was successful. When the task is disabled or
has not yet started, the status is Never Executed.
Values:

Last Execution Time

222

Failure

Never Executed

Success

Warning

The date and time of the last task run. When the task is disabled or has
not yet started, this field is empty.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 155: Tasks Table Parameters (cont.)

Parameter

Description

Next Execution Time

The date and time of the next task run. When the task is disabled, this
field is empty.

Run

The frequency at which the task runs; for example, daily or weekly. The
schedule start date is displayed, if it has been defined.
Values:

Daily

Minutes

Once

Weekly

To configure a scheduled task


1. In the main toolbar, click the
each scheduled task.

(Scheduler) button. The Tasks table displays information for

2. Do one of the following:

To add an entry to the table, click the


(Add) button. Then, select the type of task, and
click Submit. The dialog box for the selected task type is displayed.

To edit an entry in the table, select the entry and click the

(Edit) button.

3. Configure task parameters, and click Submit. All task configurations include basic parameters
and scheduling parameters. Other parameters depend on the task type that you select.

To run an existing task


1. In the main toolbar, click the
each scheduled task.

(Scheduler) button. The Tasks table displays information for

2. Select the required task, and click the

(Run Now) button.

Task Parameters
The following sections describe the parameters for Scheduler tasks:

APSolute Vision Configuration BackupParameters, page 224

APSolute Vision Reporter BackupParameters, page 226

Update Security Signature FilesParameters, page 228

Update RSA Security SignatureParameters, page 230

Update Attack Description FileParameters, page 231

Device Configuration BackupParameters, page 232

Device Reboot TaskParameters, page 234

DefensePro Configuration Templates TaskParameters, page 236

Document ID: RDWR-APSV-V034000_UG1512

223

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

APSolute Vision Configuration BackupParameters


The APSolute Vision Configuration Backup task creates a backup of the APSolute Vision configuration
and exports it to a specified destination.
Each backup includes the following:

The APSolute Vision system configuration

The local users

The managed devices

The host IP addresses in the database-viewer list

The task does not back up the following:

The password of the radware user of the APSolute Vision server appliance

The IP address(es) of the APSolute Vision server

The DNS address(es) of the APSolute Vision server

The network routes of the APSolute Vision server

Attack data

Notes

For information on managing the backups using the CLI, see System Commands, page 452.

Restoring the configuration is performed using the CLI. For more information, see system
backup config restore, page 458.

APSolute Vision stores up to five configuration-backup iterations in the storage location. After
the fifth configuration-backup, APSolute Vision deletes the oldest one.

The storage location is, by default, a hard-coded location in the APSolute Vision server.

The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.

The backup file in the storage location includes the hard-coded description Scheduler-

generated.
Table 156: APSolute Vision Configuration Backup: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

Current Status

(Read-only) The current status of the task.


Values: Waiting, In progress

224

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 157: APSolute Vision Configuration Backup: Schedule Parameters

Parameter
Run

Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
Start Date5

The date and time at which the task is activated.

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Document ID: RDWR-APSV-V034000_UG1512

225

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 158: APSolute Vision Configuration Backup Task: Destination Parameters

Parameter

Description

Protocol

The protocol that APSolute Vision uses for this task.


Values:

FTP

SCP

SFTP

SSH

Default: FTP
IP Address

The IP address of the server.

Directory

The path to the export directory with no spaces. Only alphanumeric


characters and underscores (_) are allowed.

Backup File Name

The name of the backup, up to 15 characters, with no spaces. Only


alphanumeric characters and underscores (_) are allowed.

User

The username.

Password

The user password.

Confirm Password

The user password.

APSolute Vision Reporter BackupParameters


The APSolute Vision Reporter Backup task creates a backup of the APSolute Vision Reporter data
and exports it to a specified destination. The backup includes all the APSolute Vision Reporter data.

Notes

For information on managing the backups using the CLI, see System Commands, page 452.

Restoring the data is performed using the CLI. For more information, see system backup config
restore, page 458.

APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage
location. After the third reporter-backup, the system deletes the oldest one.

The storage location is, by default, a hard-coded location in the APSolute Vision server.

The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.

The backup file in the storage location includes the hard-coded description Scheduler-

generated.
Table 159: APSolute Vision Reporter Backup: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

226

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 160: APSolute Vision Reporter Backup: Schedule Parameters

Parameter
Run

Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts. TBD: minimum

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
Start Date5

The date and time at which the task is activated.

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Document ID: RDWR-APSV-V034000_UG1512

227

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 161: APSolute Vision Reporter Backup: Destination Parameters

Parameter

Description

Protocol

The protocol that APSolute Vision uses for this task.


Values:

FTP

SCP

SFTP

SSH

Default: FTP
IP Address

The IP address of the server.

Directory

The path to the export directory with no spaces. Only alphanumeric


characters and underscores (_) are allowed.

Backup File Name

The name of the backup, up to 15 characters, with no spaces. Only


alphanumeric characters and underscores (_) are allowed.

User

The username.

Password

The user password.

Confirm Password

The user password.

Update Security Signature FilesParameters


The Update Security Signature Files task updates the Radware security signature files on the
selected DefensePro devices.

Caution: In DefensePro for Cisco Firepower 9300, this feature is non-operational.

Table 162: Update Security Signature Files: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

228

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 163: Update Security Signature Files: Schedule Parameters

Parameter
Run

Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
Start Date5

The date and time at which the task is activated.

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Table 164: Update Security Signature Files: Target Device List Parameters

Parameter

Description

The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices whose Radware signature files this task updates.

Document ID: RDWR-APSV-V034000_UG1512

229

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Update RSA Security SignatureParameters


The Update RSA Security Signature task updates the RSA security signature on the selected
DefensePro devices.

Caution: In DefensePro 7.x versions, DefensePro 8.x versions, and DefensePro for Cisco Firepower
9300, this feature is non-operational.

Note: The frequency range for the Update RSA Security Signature task is 1060 minutes. The
default interval is 60 minutes.

Table 165: Update RSA Security Signature: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

Table 166: Update RSA Security Signature: Schedule Parameters

Parameter

Description

Run

(Read-only) The frequency unit at which the task runs.


Value: Minutes
Note: Tasks run according to the time as configured on the APSolute
Vision client.

Minutes

The frequency, in minutes, at which the task runs.


Values: 1060
Default: 60
Note: Tasks run according to the time as configured on the APSolute
Vision client.

Run Always

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled

230

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 167: Update RSA Security Signature Task: Target Device List Parameters

Parameter

Description

The Available list and the Selected list. The Available list displays the DefensePro devices with
Fraud Protection enabled. The Selected list displays the DefensePro devices whose RSA signature
files this task update.

Update Attack Description FileParameters


The Update Attack Description File task updates the attack description file on the APSolute Vision
server.

Caution: In DefensePro for Cisco Firepower 9300, this feature is non-operational.

Table 168: Update Attack Description File: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

Table 169: Update Vision's Attack Description File: Schedule Parameters

Parameter

Description

Run

The frequency at which the task runs.


Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Document ID: RDWR-APSV-V034000_UG1512

231

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 169: Update Vision's Attack Description File: Schedule Parameters (cont.)

Parameter

Description

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
The date and time at which the task is activated.

Start Date

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Device Configuration BackupParameters


The Device Configuration Backup task saves a configuration backup of the specified devices.

Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision
server. You can change this parameter in the APSolute Vision Setup tab.

Table 170: Device Configuration Backup: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

232

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 171: Device Configuration Backup: Schedule Parameters

Parameter

Description

Run

The frequency at which the task runs.


Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
The date and time at which the task is activated.

Start Date5
Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Table 172: Device Configuration Backup: Parameters Parameters

Parameter

Description

Include Private Keys

Specifies whether to include the certificate private key information in the


configuration file in devices that support private keys.
Default: Disabled

Document ID: RDWR-APSV-V034000_UG1512

233

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 173: Device Configuration Backup: Destination Parameters

Parameter

Description

Backup Configuration To The destination the backup configuration files.


Values:

APSolute Vision Server

External Location

Default: APSolute Vision Server


The protocol that APSolute Vision uses for this task.

Protocol

Values:

FTP

SCP

SFTP

SSH

IP Address

The IP address of the external location.

Directory

The path to the export directory with no spaces. Only alphanumeric


characters and underscores (_) are allowed.

Backup File Name

The name of the backup, up to 15 characters, with no spaces. Only


alphanumeric characters and underscores (_) are allowed.

User

The username.

Password

The user password.

Confirm Password

The user password.

1 This parameter is available only when Backup Configuration To is External Location.

Table 174: Device Configuration Backup: Target Device List Parameters

Parameter

Description

The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices whose configurations this task backs up.

Device Reboot TaskParameters


The Device Reboot task reboots the specified devices.

Table 175: Device Reboot: General Parameters

Parameter

Description

Name

A name for the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

234

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 176: Device Reboot: Schedule Parameters

Parameter
Run

Description
The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
Start Date5

The date and time at which the task is activated.

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Table 177: Device Reboot: Device List Parameters

Parameter

Description

The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices that this task reboots.

Document ID: RDWR-APSV-V034000_UG1512

235

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

DefensePro Configuration Templates TaskParameters


The DefensePro Configuration Templates task can export (download) and import (deploy)
DefensePro configuration templates.
A DefensePro configuration template can include the configuration (the definitions and security
settings) and/or policy baselines of a Network Protection policy and/or Server Protection policy.
A template from a Network Protection policy can include the baselines from the associated DNS and/
or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:

DefensePro setup and network configurationFor example, device time, physical ports,
and so on.

DefensePro security settingsThe protections that a policy template uses must be


supported and enabled globally in the target (destination) DefensePro device (that is, the target
DefensePro device into which you are importing the policy template). For example, if you export
a Network Protection policy that includes a BDoS Protection profile, the DefensePro device into
which you are importing the policy template must have BDoS Protection enabled globally
(Configuration perspective, Setup > Security Settings > BDoS Protection > Enable BDoS
Protection).

User-defined signatures.

User-defined Signature Protection profiles. THIS IS SUPPORTED IN 6.13 AND LATER IN


THE TEMPLATE FEATURE, BUT IT IS NOT SUPPORTED FOR THE TASK.

Notes

The scope configured for an APSolute Vision user determines the DefensePro devices that the
DefensePro Configuration Templates task displays. (For more information, see Managing
APSolute Vision Users, page 69.)

You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.

You can import Network Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.

You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.

You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.

APSolute Vision issues a success message if all the task actions are successful on all the selected
destination (target) DefensePro devices.

APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each actionthat is, whether the action succeeded or failed for each
selected, destination device.

If all the policies that are configured in a task are deleted from the source DefensePro devices,
APSolute Vision disables the task.

If a DefensePro device in the Target Device List is deleted from APSolute Vision, APSolute
Vision deletes the device from the Target Device List and continues running the task.

If all the DefensePro devices in the Target Device List are deleted from APSolute Vision,
APSolute Vision disables the task.

236

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 178: DefensePro Configuration Templates: General Parameters

Parameter

Description

Name

The name of the task.

Description

A user-defined description of the task.

Enabled

When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.

Table 179: DefensePro Configuration Templates: Schedule Parameters

Parameter

Description

Run

The frequency at which the task runs.


Select a frequency, then configure the related time and day/date
parameters.
Values:

OnceThe task runs one time only at the specified date and time.

MinutesThe task runs at intervals of the specified number of


minutes between task starts.

DailyThe task runs daily at the specified time.

WeeklyThe task runs every week on the specified day or days, at


the specified time.

Note: Tasks run according to the time as configured on the APSolute


Vision client.
Time1

The time at which the task runs.

Date2

The date on which the task runs.

Minutes3

The interval, in minutes, at which the task runs.

Run Always4

Specifies whether the task always runs or only during the defined period.
Values:

EnabledThe task is activated immediately and runs indefinitely, with


no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.

DisabledThe task runs (at the Time and Frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until the
End Date at the End Time.

Default: Enabled
Start Date

The date and time at which the task is activated.

Start Time
End Date

The date and time after which the task no longer runs.

End Time
1 This parameter
Weekly.
2 This parameter
3 This parameter
4 This parameter
Weekly.
5 This parameter

is available only when the specified Run value is Once, Daily, or


is available only when the specified Run value is Once.
is available only when the specified Run value is Minutes.
is available only when the specified Run value is Minutes, Daily, or
is available only when the Run Always checkbox is cleared.

Document ID: RDWR-APSV-V034000_UG1512

237

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 180: DefensePro Configuration Templates: Network Protection Policies Parameters

Parameter

Description

The list of Available list and the Selected list. The Available list displays (per device) the
Network Protection policies in the devices that you have permission to view, and which support
exporting policies. The Selected list displays (per device) the Network Protection policies that the
task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the

(Filter) button. To clear the filter, and display all the rows, click Clear.

Note: If you select any Network Protection policy, you must select at least one of the Export
checkboxes (Configuration, BDoS Baseline, or DNS Baseline).
Configuration

Specifies whether DefensePro exports the configuration of each selected


policy.
Default: Enabled

DNS Baseline

Specifies whether DefensePro exports the current DNS baseline of each


selected policy.
Default: Enabled

BDoS Baseline

Specifies whether DefensePro exports the current BDoS baseline of each


selected policy.
Default: Enabled

Table 181: DefensePro Configuration Templates: Server Protection Policies Parameters

Parameter

Description

The list of Available list and the Selected list. The Available list displays (per device) the Server
Protection policies in the devices that you have permission to view, and which support exporting
policies. The Selected list displays (per device) the Server Protection policies that the task exports.
You can filter the rows of the Available list according to values in the table columns (Device and
Policy). The filter does not change the contents of the list, only how APSolute Vision displays the list
to you. The filter uses a Boolean AND operator for the filter criteria that you specify. To filter the
rows of the Available list, type the value (case insensitive) in the Device and/or Policy column and
click the

(Filter) button. To clear the filter, and display all the rows, click Clear.

Note: If you select any Server Protection policy, you must select at least one of the Export
checkboxes (Configuration, or HTTP Baseline).
Configuration

Specifies whether DefensePro exports the configuration of each selected


policy.
Default: Enabled

HTTP Baseline

Specifies whether DefensePro exports the current HTTP baseline of each


selected policy.
Default: Enabled

238

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

Table 182: DefensePro Configuration Templates: Destination Devices Parameters

Parameter

Description

The Available list and the Selected list. The Available list displays the available devices. The
Selected list displays the devices to which the task deploys the selected policies.
Update Method

Values:

Append to Existing ConfigurationThe task adds the policy and profile


configurations, and any baselines, to the devices in the Selected list.
If a policy or profile name exists in a destination device, the update
fails.

Overwrite Existing ConfigurationThe task adds the policy and profile


configurations, and any baselines, to the devices in the Selected list.
If a policy or profile with the same name exists in a destination device,
the template overwrites it.

Default: Overwrite Existing Configuration


Install on Instance
(This parameter is
relevant only for
DefensePro x420
platforms.)
Update Policies After
Sending Configuration

The identifier or the DefensePro hardware instance onto which to deploy


the selected policies.
Values: 0, 1
Default: 0
Values:

EnabledAfter successfully deploying all the selected policies to a


device, an Update Policies (activate latest changes) action is
automatically initiated.

DisabledAfter successfully deploying all the selected policies to a


device, an Update Policies (activate latest changes) action is required
for the configuration to take effect.

Default: Disabled

Document ID: RDWR-APSV-V034000_UG1512

239

APSolute Vision User Guide


Scheduling APSolute Vision and Device Tasks

240

Document ID: RDWR-APSV-V034000_UG1512

Chapter 9 Managing Auditing and Alerts


APSolute Vision logs all alerts and actions for APSolute Vision and, optionally, for the managed
devices. You can view auditing information and other alerts in the Alerts pane.
The following topics describe APSolute Vision auditing and the Alerts pane:

APSolute Vision Auditing, page 241

Enabling Configuration Auditing for Managed Devices, page 242

Managing Alerts, page 242

Note: APSolute Vision server alerts are added to the alert table, and added to the audit table and
forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on
the underlying operating system is down, alerts triggered by the operating system are sent to the
alert table only.

APSolute Vision Auditing


APSolute Vision auditing meets compliance requirements by automatically logging the following:

All APSolute Vision alerts and user actions

All configuration changes made to managed devices via APSolute Vision

This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the
network. In APSolute Vision, you can also configure the managed devices to log all configuration
changes on the device.
The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts pane,
and can be displayed in the Alerts pane depending on the alerts filter configuration. APSolute Vision
allows read-only access to the Auditing log. You can extract the data and store it remotely, as you
require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the oldest
entries after the maximum number of entries is reached and also ages entries that are older than six
months.
The following information is logged to the audit log:

All user management events and user activitiesfor example, access attempts, successful
login, password change by user, password reset by admin, and so on.

Actions performed on the devicefor example, uploading or downloading a file to a device,


device reboot and shutdown, log file retrieval, and so on.

APSolute Vision activities, including:

APSolute Vision upgrade

User management events (for example, creating or deleting a user, activating or


deactivating a user, and so on)

Device changes through CLI or WBM (if device auditing is enabled).

Alarms received from the device (if device auditing is enabled).

Device configuration activities (if device auditing is enabled). The audit log records all
configuration changes applied to the managed devices.

Device addition and deletion.

Document ID: RDWR-APSV-V034000_UG1512

241

APSolute Vision User Guide


Managing Auditing and Alerts

To manage APSolute Vision auditing


1.

Enable or disable configuration auditing for devices. For more information, see Enabling
Configuration Auditing for Managed Devices, page 242.

2.

Enable and configure syslog and e-mail settings for sending audit information from the Alerts
pane. For more information, see Configuring Settings for the Alerts Pane, page 95.

Enabling Configuration Auditing for Managed Devices


When configuration auditing for devices is enabled on the APSolute Vision server and on the device,
any configuration change on a device using APSolute Vision creates two records in the Audit
database, one from the APSolute Vision server, and one from the device audit message.

Note: To prevent overloading the managed device and prevent degraded performance, the feature
is disabled by default.

To enable configuration auditing for a managed device


1.

In the Configuration perspective, select Setup > Advanced Parameters > Configuration
Audit.

2.

Select the Enable Configuration Auditing checkbox, and click Submit.

Managing Alerts
The Alerts tab in the Alerts pane stores and displays alerts.
The alerts are based on events that are received from:

SNMP traps sent by managed Radware devices.

Auditing messages from all APSolute Vision modules.

APSolute Vision server events.

Configuration auditing messages for managed devices, if enabled on the device.

All alert information is stored in the APSolute Vision database in a table separate from the audit
information. Alert information can be sent to a central audit repository via syslog, and to a
configured recipient via e-mail.

Events Handled in the Alerts Pane


The following types of events are handled in the Alerts pane:

SNMP Traps, page 243

Auditing Messages, page 243

APSolute Vision Server Events, page 243

Alerts for New Security Attacks, page 243

242

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Auditing and Alerts

SNMP Traps
The Alerts pane handles all traps generated by APSolute Vision and the managed devices, including:

Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.

Radware traps common to all Radware devices.

Device-specific Radware traps.

Auditing Messages
APSolute Vision forwards all logged audit events from all APSolute Vision modules and managed
devices to the Alerts pane, including:

Successful and failed login attempts

Backup and restore operations

Configuration changes to APSolute Vision and the managed devices

Monitoring and control changes

Successful and failed task scheduling changes

User management configuration changes

APSolute Vision Server Events


APSolute Vision server events include events from:

Server and database monitoring processes

The APSolute Vision appliance

The watchdog process, which monitors APSolute Vision server processes

Alerts for New Security Attacks


APSolute Vision triggers an alert when a new attack is displayed in the Current Attacks table (which
is part of the Security Monitoring perspective).
The value in the Module column in the Alerts pane is Security Reporting.
Each DefensePro device triggers separate security alerts.
The security alerts are either for a single security event (that is, a single attack event) or aggregated
from multiple security events. The format is similar for alerts for single attacks and multiple attacks.

Table 183: Information in Security Alerts

String in a Security Alert for a Single Attack

String in a Security Alert Aggregated Attack


Information

An attack of type: <attack category>1 started.

<quantity of attacks> attacks of type: <attack


category> started between <start time of first
attack> and <start time of last attack>.2

Detected by policy: <policy>;

Detected by policy: <policy>;3

Attack name: <attack name>;

Attack name: <attack name>;

Source IP: <attacker IP address>;

Source IP: <attacker IP address>;4

Destination IP: <attacked IP address>;

Destination IP: <attacked IP address>;

Destination port: <attacked port>;

Destination port: <attacked port>;

Action: <action>5 .

Action: <action>.

1 Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions,
Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM

Document ID: RDWR-APSV-V034000_UG1512

243

APSolute Vision User Guide


Managing Auditing and Alerts
2 Times are in the format dd.MM.yy hh:mm.
3 When there are differences in the field values for the attacks, the values are commaseparated.
4 When there are differences in the field values for the attacks, the value is multiple.
5 Action values: forward, proxy, drop, source-reset, dest-reset, source-dest-reset,
bypass, challenge, quarantine, drop-and-quarantine

Alert Information
All alert information is stored in the APSolute Vision database.
Double-click on a an alert in the Alerts tab to open the Alert Details dialog box, which displays all the
information with the expanded alert message.
The following table describes the fields of the APSolute Vision alerts.

Alert Information

Description

Displayed in
Alerts Pane?

Ack Acknowledged

A check box indicating whether the alert has been


Yes, by default
acknowledged. Alerts of Info severity are acknowledged
automatically when raised. Alerts of severity higher than
Info require user acknowledgment. Acknowledging an
alert indicates that it has been seen by the user and
remains in the Alerts pane display. You can select or
clear the check box to acknowledge or un-acknowledge
alerts.

Severity

The APSolute Vision severity of the event: Critical, Major, Yes, by default
Minor, Warning, Info. SNMP trap severities are mapped
as shown in SNMP Trap Severity Mapped to APSolute
Vision Severity, page 245 and APSolute Vision Alerts
Mapped to Syslog Severity, page 246.

Time

The date and GMT time at which the event occurred.

Yes, by default

In the Alert Details dialog box, this value is displayed


with the label Raised Time.
Device Name

The values differ according to the alert type, as follows: Yes, by default

SNMP trapsThe value is the name of the device


that generated them.

APSolute Vision auditing events, which have device


context (configuration, monitoring). The value is the
name of the device to which the event relates.

When the alert is generated by the APSolute Vision


server, no device name is displayed.
Device IP address

The IP address of the device to which the message


relates. No value is provided for alerts generated by
APSolute Vision.

Yes, by default

Message

The description of the event.

Yes, by default

244

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Auditing and Alerts

Alert Information

Description

Displayed in
Alerts Pane?

Module

The source module of the event.

Yes, by default

Values:

Vision ConfigurationAPSolute Vision configuration


auditing messages

Vision GeneralIncludes general APSolute Vision


auditing messages and APSolute Vision server
events

Vision ControlAPSolute Vision Monitoring auditing


messages

Device GeneralFor all other device alerts

Device SecurityFor network security alerts

Security ReportingFor security alerts

User Name

For APSolute Vision auditing, the name of the user


whose action was audited. If no user is associated with
the action, the user APSolute_Vision is displayed.

Yes, if
configured

Device Type

The type of device that generated the alert:

Yes, by default

The APSolute Vision serverfor auditing, appliance,


server and database monitoring, and watchdog
alerts

Any AppDirector device

Any Alteon device

Any AppWall device

Any DefensePro device

Any LinkProof NG device

Trap SID

The trap SID for SNMP traps. There is no value for


events that are not SNMP traps.

Yes, if
configured

Port

The port number included in the alert information, if it


Yes, by default
exists (for example, when a port link goes up or down).

The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered
the Alert key.

Table 184: SNMP Trap Severity Mapped to APSolute Vision Severity

Trap Severity

APSolute Vision Severity Severity Description

Fatal

Critical

Indicates a severe problem, which prevents or


disrupts normal use of the object.

Error

Major

Indicates a problem of relatively high severity,


which is likely to prevent normal use of the
object.

Minor

Indicates a problem of relatively low severity,


which should not prevent normal use of the
object.

Warning

While the managed object is functioning as it


is intended to function, conditions exist that
could potentially cause a problem.

(APSolute Vision uses


predefined criteria to
assign Major or Minor
severity.)
Warning

Document ID: RDWR-APSV-V034000_UG1512

245

APSolute Vision User Guide


Managing Auditing and Alerts

Table 184: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)

Trap Severity

APSolute Vision Severity Severity Description

Info

Information

Information only. There are no problems and


the object is functioning normally.

Table 185: APSolute Vision Alerts Mapped to Syslog Severity

Severity in APSolute Vision Alerts Pane

Level in Syslog

1 - CRITICAL

3 - CRITICAL

2 - MAJOR

4 - ERROR

3 - MINOR

5 - WARNING

4 - WARNING

6 - NOTICE

5 - INFO

7 - INFORMATIONAL

Displaying Alert Information


Alert information is displayed in the Alerts pane, which, by default, is below the content pane. For
more information about the information displayed, see Alert Information, page 244.
By default, alert information is displayed for one hour after the alert is raised. The information is
then cleared from the display, but remains in the Alerts database. You can change the default in the
Filtering dialog box. For more information, see Filtering Alerts, page 248.
The configured number of most recent critical alerts are always displayed at the top of the table on
a colored background.
You can maximize and minimize the Alerts pane.

To view the Alert table


>

Click the

(Maximize) button.

For more information about Alerts pane navigation features, see APSolute Vision Interface
Navigation, page 48.
The number of unacknowledged alerts for each severity are displayed in the bar above the table.
The information in the alert table is refreshed according to your configured preferences.
In the Alerts pane, you can:

Show and hide columns.

Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require
user acknowledgment to indicate that they have been seen by the user. The alert remains in the
Alerts pane display.

Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering
Alerts, page 248.

Clear individual alerts from the alert table display.

Clear all the alerts in APSolute Vision database that match the current filter, whether or not the
alerts are visible in the Alerts pane.

Turn off automatic refresh of alert information.

246

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Auditing and Alerts

To view details of an alert


>

Double-click the alert row that you want to view. The alert details are displayed in the Alert
Details dialog box.
For more information about the information displayed, see Alert Information, page 244.

To clear all the alerts in APSolute Vision database that match the current filter, whether
or not the alerts are visible in the Alerts pane
>

Click the

(Clear All Alerts) button.

To acknowledge alerts
>

Do one of the following:

To acknowledge one or more alerts, select the alert row in the table, and click the
(Acknowledge Selected Alerts) button.

To acknowledge all alerts in the alert table, click the

(Acknowledge All Alerts) button.

To unacknowledge alerts
>

Select the alert row(s) in the table and select click the
button.

(Unacknowledge Selected Alerts)

To clear alerts from display

>

To clear alerts, select the alert row(s) in the table and select the
button.

(Clear Selected Alerts)

Notes

Cleared alerts remain in the database, but cannot be viewed.

Clearing an unacknowledged alert automatically acknowledges the alert.

Automatic refresh is indicated by the selected

Document ID: RDWR-APSV-V034000_UG1512

(Pause) button.

247

APSolute Vision User Guide


Managing Auditing and Alerts

To pause automatic refresh of alert information


>

Click the

(Pause) button.

To resume automatic refresh of alert information


>

Click the

(Resume) button.

Note: Radware recommends pausing automatic refresh while you are analyzing alert information
to prevent alerts disappearing from the display.

Filtering Alerts
You can display a subset of the currently displayed alerts by filtering the alerts according to various
alert information criteria.
The criteria are organized according to categories, for example, alert severity, device module, and
so on. Criteria from the same category are combined with logical OR. Criteria from different
categories are combined with logical AND.
The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in
the last hour are displayed.
Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.

Note: Regardless of the filter defined, the configured number of most recent critical alerts are
always displayed at the top of the table on a colored background. This means that critical alerts that
match the filter criteria are displayed twice.

To filter alerts in the alert table


1.

Click the

(Maximize) button to maximize the Alerts pane.

2.

Click the

(Alert Filter) button.

3.

Set the filtering criteria and click Submit. The table is updated at the next automatic refresh.

4.

To restore the default filtering criteria, click Restore Defaults, then click Submit.

For more information about the filtering criteria, see Alert Information, page 244.

Table 186: Filtering Criteria Parameters

Parameter

Description

Select Devices

Click to select a subset of managed devices for which to display alerts.


In the Select Devices dialog box, move the required devices from the
Available Devices list to the Selected Devices list.

248

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Managing Auditing and Alerts

Table 186: Filtering Criteria Parameters (cont.)

Parameter

Description

Select All Devices

When selected, matching alerts for all devices are displayed.

Raised Time

Alerts raised within the defined time period are displayed. For
example, if you define 1 hour, alerts raised in the last hour are
displayed. After the defined time, alerts are cleared from the display
(not from the Alerts database).
Values: 1 minute24 hours
Default: 1 hour

Severity

Alerts of the selected severities are displayed.

Module

Alerts for the selected modules are displayed.

Device Type

Alerts for the selected device types are displayed.

Acknowledgment

Specifies whether to display acknowledged alerts, unacknowledged


alerts, or both.

Configuring Preferences for the Alerts Pane


You can configure the following preferences for the Alerts pane:

Client preferencesDefine how many critical alerts to display and how often the client polls
the server for alert information. For more information, see Configuring Settings for the Alerts
Pane, page 95.

Server preferencesDefine how the APSolute Vision server handles alerts. You can enable
and configure reporting and logging events from the Alerts pane to a syslog server. You can
configure sending alert information via e-mail to a defined recipient. For more information, see
Configuring Settings for the Alerts Pane, page 95.

Document ID: RDWR-APSV-V034000_UG1512

249

APSolute Vision User Guide


Managing Auditing and Alerts

250

Document ID: RDWR-APSV-V034000_UG1512

Chapter 10 Monitoring Alteon with the


Dashboard and Service Status View
This chapter describes the monitoring Alteon using the Dashboard and Service Status View.
This feature is available only in Alteon version 30.0 and later.

Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
This chapter contains the following main topics:

Monitoring Alteon with the Dashboard, page 251

Monitoring Alteon with the Application Delivery View, page 258

Monitoring Alteon with the Service Status View, page 259

Monitoring Alteon with the Dashboard


Every 15 seconds, Alteon polls the following information for the dashboard:

CPU utilization

System usage

License capacity utilization

License capacity

Temperature and fans (physical platforms only)

The top row of the dashboard includes the following:

The device IP address or device name if configured

The current date and time on the client

The role of the user who opened the dashboard

The name of the user who opened the dashboard

Log Out to log out of the session

The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA,
vADC, or ADC-VX).

Dashboard Features and Usage


The following dashboard features and usage are common to all form factors:

The dashboard opens in a new browser tab. Each click on the Dashboard opens a new browser
tab, which does not affect the display of any other opened browser tabs.

To change the display in the frame from a chart/graph to a table and from a table to a chart/
graph, click the icon in the upper right of any frame.

Document ID: RDWR-APSV-V034000_UG1512

251

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

To change the sorting from ascending to descending and descending to ascending, click in a
table heading.

To pause or resume the display, click the icon in the upper right of any frame. When you pause
the display, the timestamp is displayed. The timestamp is according to the timezone of the
client.

To pause or resume the display of all the displays in the current dashboard, click the Pause
button or Resume button the top of the dashboard.

In a some charts, hovering over a point opens a box with details of the specific point.

To view the dashboard


>

In the Configuration perspective or Monitoring perspective, select Overview > Dashboard.

System View Dashboard of the Alteon Standalone and Alteon VA


Platforms
The following table describes the frames in the System View dashboard for the Alteon standalone
and VA platforms.

Table 187: System View Dashboard for Alteon Standalone and VA

Component

Description

CPU Utilization

The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.

252

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 187: System View Dashboard for Alteon Standalone and VA (cont.)

Component

Description

Temperature and Fans

This frame contains two sections: the temperature and status of


the critical fans.

(The dashboard displays this


frame only for physical
standalone platforms.)

The chart view for temperature displays the following:

A thermometer, per sensor, with a color indicator for


temperature status: greenfor nominal, and redfor not
operating/not operating properly.

A table with the sensor number and the temperature status (for
example: Normal).

The table view for temperature displays a table with the following
columns:

Sensor ID.

StateFor example, Normal.

TemperatureIn Celsius and Fahrenheit.

The chart view for fans displays the following:

A fan with a color indicator for the current temperature status:


greenfor nominal, and redfor not operating/not operating
properly.

A table with the number of fans and the current operational


status (for example: Up).

The table view for fans displays a table with the following columns:

System Usage

Fan IDOnly the critical fans.

StateFor example, Up.

The chart view contains bar graphsSession Table, Hard Disk


(displayed only for physical standalone platforms), and Caching
showing the current utilization value (percentage). The Y-axis
displays the current utilization percentage.
The table view displays a table with the following columns:

License Capacity Utilization

NameHard Disk (displayed only for physical standalone


platforms), Capacity Units, and ADC Allocation.

UtilizationThe current utilization value (percentage).

CurrentThe current utilization absolute valuefor example,


in KB.

MaximumThe maximum available absolute valuefor


example, in KB.

The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:

NameThe name of the license type and the units (for


example, Mbps).

UtilizationThe current utilization value (percentage).

LicenseThe license capacity.

CurrentThe current utilization absolute value.

PeakThe peak utilization absolute value.

Document ID: RDWR-APSV-V034000_UG1512

253

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 187: System View Dashboard for Alteon Standalone and VA (cont.)

Component

Description

License Capacity

The chart view for this frame contains two tabs:

ThroughputA solid line for the Alteon, displaying the


throughput usage (Mbps) over time. A dotted line indicates the
maximum throughput that the license allows. The scale of the
Y-axis is logarithmic.

SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.

To reset the peak values for the chart, click Reset All Peak
Values.

System View Dashboard of the Alteon vADC Platform


The following table describes the frames in the System View dashboard for the Alteon vADC
platform.

Table 188: System View Dashboard for Alteon vADC

Component

Description

CPU Utilization

The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.

System Usage

The chart view contains bar graphsSession Table, Hard Disk


(relating to the physical ADC-VX), and Cachingshowing the
current utilization value (percentage). The Y-axis displays the
current utilization percentage.
The table view displays a table with the following columns:

License Capacity Utilization

NameHard Disk (relating to the physical ADC-VX), Capacity


Units, and ADC Allocation.

UtilizationThe current utilization value (percentage).

CurrentThe current utilization absolute valuefor example,


in KB.

MaximumThe maximum available absolute valuefor


example, in KB.

The chart view contains bar graphsone bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:

254

NameThe name of the license type and the units (for


example, Mbps).

UtilizationThe current utilization value (percentage).

LicenseThe license capacity.

CurrentThe current utilization absolute value.

PeakThe peak utilization absolute value.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 188: System View Dashboard for Alteon vADC (cont.)

Component

Description

License Capacity

The chart view for this frame contains two tabs:

ThroughputA solid colored line for the Alteon, displaying the


throughput usage (Mbps) over time. A solid gray line for the
Alteon, displaying the latest peak throughput usage (Mbps)
over time. A dotted line indicates the maximum throughput
that the license allows. The scale of the Y-axis is logarithmic.

SSLA line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.

To reset the peak values for the chart, click Reset All Peak
Values.

System View Dashboard for the Alteon ADC-VX Platform


The following table describes the frames in the System View dashboard for the Alteon ADC-VX
platform.

Table 189: System View Dashboard for Dashboard for Alteon ADC-VX

Component

Description

CPU Utilization

The chart view displays a line graph showing the MP CPU utilization
(%) on the platform over time. The X-axis displays the time
(hh:mm:ss). The Y-axis displays the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform.

Document ID: RDWR-APSV-V034000_UG1512

255

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 189: System View Dashboard for Dashboard for Alteon ADC-VX (cont.)

Component

Description

Temperature and Fans

This frame contains two sections: the temperature and status of


the critical fans.
The chart view for temperature displays the following:

A thermometer, per sensor, with a color indicator for


temperature status: greenfor nominal, and redfor not
operating/not operating properly.

A table with the sensor number and the temperature status


(for example: Normal).

The table view for temperature displays a table with the following
columns:

Sensor ID.

StateFor example, Normal.

TemperatureIn Celsius and Fahrenheit.

The chart view for fans displays the following:

A fan with a color indicator for the current temperature status:


greenfor nominal, and redfor not operating/not operating
properly.

A table with the number of fans and the current operational


status (for example: Up).

The table view for fans displays a table with the following columns:

System Usage

Fan IDOnly the critical fans.

StateFor example, Up.

The chart view contains three bar graphsHard Disk, Capacity


Units, and ADC Allocationshowing the current utilization value
(percentage). The Y-axis displays the current utilization
percentage.
The table view displays a table with the following columns:

256

NameHard Disk, Capacity Units, and ADC Allocation.

UtilizationThe current utilization value (percentage).

CurrentThe current utilization absolute value (for Hard disk,


in gigabytes, for Capacity Units and ADC Allocation, the
number).

MaximumThe maximum available absolute value (for Hard


disk, in gigabytes, for Capacity Units and ADC Allocation, the
number).

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

vADCs View Dashboard for Alteon ADC-VX


You can select up to five vADCs to monitor.
The following table describes the frames in the vADCs View dashboard for the ADC-VX platform.

Table 190: vADCs View Dashboard for ADC-VX

Component

Description

vADC Summary and Selection This frame contains two sections: vADC Utilization Summary and
vADC Selection.
There is no table view for this frame.
vADC Utilization Summary shows a status indicator (High, Medium,
Low) for SP CPU Utilization and Throughput Utilization.
Use the vADC Selection table to select the vADC to monitor in the
dashboard (up to five). The table contains the following columns:
ID, Name, and CU (which displays the number of allocated CUs).
CPU Utilization

The chart view displays two bar graphs for each selected vADC.
One bar shows the current MP CPU utilization (%). One bar shows
the current SP CPU utilization (%). The Y-axis displays the
utilization percentage. If more than one vADC is operating at the
same utilization, only the top line is displayed.
The table view displays a table with the following columns:

License Capacity Utilization

vADCThe vADC ID.

NameThe vADC name, if configured.

MP utilization (%).

SP CPU (%).

The chart view for this frame contains two tabs:

ThroughputA line for each selected vADC displaying the


throughput utilization percentage over time. If more than one
vADC is operating at the same utilization, only the top line is
displayed.

SSLA line for each selected vADC displaying the SSL


utilization percentage over time. If more than one vADC is
operating at the same utilization, only the top line is displayed.

The table view displays a table with the following columns:

vADCThe vADC ID.

NameThe vADC name, if configured.

Throughput (%).

SSL (%).

Document ID: RDWR-APSV-V034000_UG1512

257

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Monitoring Alteon with the Application Delivery View


The Application Delivery View is available for Alteon standalone and vADC.
This feature is available only in Alteon version 30.2 and later.
The following table describes the frames in the Application Delivery View dashboard for the Alteon
standalone and vADC platforms.

Table 191: Application Delivery View Dashboard for Alteon Standalone and vADC

Component
Virtual Service Selection

Virtual Service Performance

Description
The table view displays a table with the following columns:

StatusThe operational status of the virtual service.

Virtual ServerThe identifier of the virtual server for the


virtual service.

ApplicationValues: http, ftp, dns

PortThe virtual service port.

ProtocolThe virtual service protocol. Values: tcp, udp

The chart view displays the following for each entry selected in the
Virtual Service Selection frame:

Throughput (Mbps)

Connections per Second

Concurrent Connections

The chart contains tool tips displaying a timestamp, a colored


virtual service identifier, and virtual service performance statistics.
The table view displays a table with the following columns:

Virtual Server

Port

Throughput (Mbps)

Connections per Second

Concurrent Connections

Note: You must globally enable virtual service statistics reporting to display information in the
Application Delivery View.

To configure virtual service statistics settings


1.

Select Configuration > Application Delivery > Virtual Services > Settings.

2.

Select the Statistics tab.

3.

In the Statistics Measuring Period field, type a value in seconds in the range 13600.

4.

Set the Per Service Statistics option to Enable.

5.

Click Submit.

258

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Monitoring Alteon with the Service Status View


The Service Status View is available for Alteon standalone, VA, and vADC.
The Service Status View, which refreshes every 15 seconds, can display configuration information
and status information on all the virtual services and the following associated Alteon objects:

AppShape++ scripts

Content rules

Server groups

Real servers

Note: For information on the statuses, see Status Criteria, page 261 below.

To view the Service Status View


>

In the Configuration perspective or Monitoring perspective, select Overview > Service Status
View.

The Service Status View comprises two frames: Status Summary and Detailed Status.
The Status Summary shows a summary of the following:

Virtual servicesThe total number of virtual services configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, and Admin Down).

Server groupsThe total number of server groups configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and
Mixed). Mixed indicates that the group is associated with multiple virtual services, and the
statuses are not the same.

Real serversThe total number of real servers configured on the platform and a pie chart
that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed).
Mixed indicates that the real server is associated with multiple server groups, and the
statuses are not the same.

Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status
frame.
The Detailed Status frame comprises:

Detailed Status treeA tree with all the virtual services on the devices

Detailed Status filterA filter with which you can filter the services

The status of each node in the tree is identified with an icon

By default, all the parent nodes in the treethe Virtual Service nodesare collapsed.
Each Virtual Service node is in the following format:

Virtual Service ID: <ID>, (<Port> <TCP|UDP>), Action: < Action>


where:

<ID> is the specified ID of the virtual service.

<Port> is the specified port number of the of the virtual service.

Document ID: RDWR-APSV-V034000_UG1512

259

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

<TCP|UDP> is the relevant protocol of the virtual service.

< Action> is either the specified Action when the Application is HTTP or HTTPS (Group,
Redirect, or Discard) or Group for all other Application values.

Example
Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group
Expanding a Virtual Service node displays the following:

AppShape++ Script(s) Associated The Service Status View displays this node only if the

Content Rules This node is displayed only if the virtual service is configured with one or

virtual service is configured with one or more AppShape++ scripts.


more content rules. The Service Status View displays content rules numerically, each in the
following format:

<Rule ID>, Action: <Action>, Group: <Group name>

Group ID: <ID> The ID of the server group, and includes the following node(s) sorted
alphanumerically, each in the following format:
<Real server ID>: <IP address>

Note: Backup real servers and backup groups appear in the tree only when they are active.

Detailed Status Filter


Applying a filter refreshes the tree view and shows the updated statuses and objects based on the
filter criteria. The filter uses a Boolean AND operator on the data.
By default, the child objects of each virtual service node are collapsed. After you apply the filter, the
tree view displays the relevant object expanded.

To filter the Detailed Status tree


>

Configure the filter parameters and click GO.

Table 192: System View Dashboard for Alteon Standalone and VA

Parameter

Description

Status

Values:

AllShow the specified object types with all statuses.

UpShow only the specified object types with the Up status.

DownShow only the specified object types with the Up status.

Admin DownShow only the specified object types with the Down status.

WarningShow only the specified object types with the Warning status.

Down + WarningShow the specified object types with the Down status and
the Warning status.

Default: All
Note: For more status information, see Status Criteria, page 261.

260

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 192: System View Dashboard for Alteon Standalone and VA (cont.)

Parameter

Description

Type

Values:

AllShow all object types.

Virtual ServiceShow only the virtual services that match the other criteria.

Server GroupShow only the server groups that match the other criteria.

Real ServerShow only the real servers that match the other criteria.

Content RuleShow only the content rules that match the other criteria.

Default: All
Free Text

Free text that filters the results according to ID or other identifier.


For example:

You can filter for a real server by entering its IP address.

You can filter for a group by entering the suffix of its ID.

Status Criteria
The following table describes the criteria for the statuses of virtual servers. One of the criteria is the
service-action status. You can specify Action for an HTTP or HTTPS serviceGroup, Redirect or
Discard. For non-HTTP/S services, the action is always (implicitly) Group. When the Action is Group,
the service-action status is the Group status. When the Action is Redirect or Discard, the serviceaction status is always Up. For more information, see Configuring a Virtual Service for a Virtual
Server, page 237.

Table 193: Virtual Service Statuses

Status

Description

Admin Down

(The service-action status is in the Admin Down state AND the Content Rules status
is in the Admin Down state)
OR
The Enable Virtual Server checkbox is cleared.

Down

(The service-action status is in the Down state AND the Content Rules status is in
the Down state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Down state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Admin Down state).

Document ID: RDWR-APSV-V034000_UG1512

261

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

Table 193: Virtual Service Statuses (cont.)

Status

Description

Up

(The service-action status is in the Up state AND the Content Rules status is in the
Up state)
OR
(The service-action status is in the Admin Down state AND the Content Rules status
is in the Up state)
OR
(The service-action status is in the Up state AND the Content Rules status is in the
Admin Down state).

Warning

The service-action status is in the Warning state


OR
The Content Rules status is in the Warning state
OR
(The service-action status is in the Down state AND the Content Rules status is in
the Up state)
OR
(The service-action status is in the UP state AND the Content Rules status is in the
Down state)
OR
(There is an enabled associated AppShape++ script AND the service-action status is
in the Down AND The Content Rules status is in the Down state).

The following table describes the criteria for the statuses of Content Rules. Only HTTP and HTTPS
applications support content-based rules. The Service Status View determines the value by taking
into account all the content-based rules in the virtual service.

Table 194: Content Rules Statuses

Status

Description

Admin Down

The Enable Content Based Rule checkbox is cleared for all the contentbased rules.

Down

All the all the content-based rules are in the Down state
OR
Some of the all the content-based rules are in the Down state while the rest
are in the Admin Down state.
The Service Status View always considers a content-based rule with no
associated Content Class to be in the Down state.

Up

All the all the content-based rules are in the Up state


OR
Some of the all the content-based rules are in the Up state while the rest are
in the Admin Down state.

Warning

At least one content-based rule is in the Warning state


OR
some of the content-based rules are in the UP state and some are in the
Down state.

262

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View
The following table lists the criteria for the statuses of real-server groups. The Service Status View
determines the value based on the status of each real server in the groupusing a Boolean AND
operator. The value 1 represents Yes. The value 0 represents No.

Table 195: Real-Server Group Statuses

Real-Server
Group Status

Real Server Is in
Up State

Real Server Is in Real Server Is in


Warning State
Down State

Real Server is in
Admin Down State

Up

Warning

Down
Admin Down

Document ID: RDWR-APSV-V034000_UG1512

263

APSolute Vision User Guide


Monitoring Alteon with the Dashboard and Service Status View

264

Document ID: RDWR-APSV-V034000_UG1512

Chapter 11 Monitoring the Alteon System


This chapter describes monitoring Alteon system operations.

Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:

Monitoring General Information, page 265

CPU Utilization, page 266

Monitoring Capacity, page 268

Maintenance, page 272

Monitoring General Information


The Alteon parameters that Alteon displays depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.

To monitor general system information


>

In the Monitoring perspective, select System > General Information.

Table 196: General Information: General Parameters

Parameter

Description

Switch Name

The name of the switch.

System Time

The system time.

System Date

The system date.

Last Apply

The time and date of the last Apply action.

Last Save

The time and date of the last Save action.

Last Boot

The time and date of the last boot.

Switch Uptime

The amount of time the switch has been up.

Table 197: General Information: Licenses Parameters

Parameter

Description

Software Features

The software features.

Table 198: General Information: System Hardware Parameters

Parameter

Description

MAC Address

The MAC address.

Serial Number

The serial number.

Document ID: RDWR-APSV-V034000_UG1512

265

APSolute Vision User Guide


Monitoring the Alteon System

Parameter

Description

Mainboard Hardware No

The mainboard hardware number.

Mainboard Hardware Rev

The mainboard hardware revision.

Ethernet Board Hardware


No

The Ethernet board hardware number.

Ethernet Board Hardware


Rev

The Ethernet board hardware revision.

Temperature Sensors

The number of temperature sensors.


(Alteon VX only.)

Hard Disk

The capacity, in GBs, of the hard disk.

Used Disk Space

The used space, in GBs, of the hard disk.

Total RAM

The capacity, in GBs, of RAM.

Power Supply

The number of power supplies.


(Alteon VX only.)

Fan Status

The fan status.

SSL Chip

Displays the following parameters regarding the SSL chips:

(Alteon VX only.)

SSL Chip StatusValues: Active Initialized, and so on.

TypeFor example:

Cavium HSM; Model NITROX XL CN16XX-NFBE;

HSM State

AmountThe quantity of HSM card on the platform, which is


typically 1.

The state of the HSM card.


Values: trusted, and so on.
Note: Initialization of the HSM card is done using the Alteon CLI.
For more information, see the Alteon Application Switch Operating
System Application Guide and Alteon Application Switch Operating
System Command Reference.

Current capacity units

The current capacity units configured on the platform.


(Alteon standalone only.)

Max capacity units

The maximum capacity units configured on the platform.


(Alteon standalone only.)

Current throughput

The current throughput.


(Alteon standalone only.)

Max throughput

The maximum throughput configured on the platform.


(Alteon standalone only.)

CPU Utilization
To monitor CPU utilization
>

266

In the Monitoring perspective, select System > CPU Utilization.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon System

Table 199: CPU Utilization: Management Processor Parameters

Parameter

Description

Admin Context CPU Utilization


This group box is displayed only in ADC-VX mode.
Last Second

The CPU utilization of the admin context in the last second.

Last 4 Seconds

The CPU utilization of the admin context in the last four seconds.

Last 64 Seconds

The CPU utilization of the admin context in the last 64 seconds.

CPU Utilization
This group box is displayed only in vADC mode and standalone mode.
Last Second

The CPU utilization of the management processor in the last second.

Last 4 Seconds

The CPU utilization of the management processor in the last four


seconds.

Last 64 Seconds

The CPU utilization of the management processor in the last 64


seconds.

Memory
This group box is displayed only in standalone mode and ADC-VX mode and standalone mode.
Free

The memory resources currently free on the management processor.

Total

The total memory resources of the management processor.

Table 200: CPU Utilization: Switch Processor Parameters

Parameter

Description

CPU Utilization
SP Number

The switch-processor number.

Last Second

The CPU utilization of the switch processor in the last second.

Last 4 Seconds

The CPU utilization of the switch processor in the last four seconds.

Last 64 Seconds

The CPU utilization of the switch processor in the last 64 seconds.

Dynamic Memory Statistics


This group box is not displayed in ADC-VX mode.
SP Number

The switch-processor number.

Total Memory

The total memory resources of the switch processor.

Current Memory

The memory resources, in KB, currently used on the switch processor.

Hi water mark

The peak memory resources, in KB, used on the switch processor.

Allowed Max

The allowed maximum memory usage, in KB.

To clear the current CPU-utilization data of the switch processor


1. In the Monitoring perspective, select System > CPU Utilization.
2. In the Switch Processor group box, click Clear.

Document ID: RDWR-APSV-V034000_UG1512

267

APSolute Vision User Guide


Monitoring the Alteon System

Monitoring Capacity
This feature is available only in Alteon standalone, VA, and ADC-VX.
Monitoring capacity comprises the following:

Monitoring System Capacity, page 268

Monitoring Network Capacity, page 269

Monitoring Application Delivery Capacity, page 270

Monitoring System Capacity


This feature is available only in version 30.0 and later.

To monitor system capacity


>

In the Monitoring perspective, select System > Capacity > System.

Table 201: System Capacity Parameters in Alteon Standalone, VA, and vADC

Parameter

Description

Cache Usage (MB)

Comprises the following two values:

Hard Disk (GB)

RAM (GB)

MaximumThe maximum cache usage, in MB, that the device can


support.

CurrentThe current cache usage, in MB.

Comprises the following two values:

MaximumThe hard-disk size, in GB, that the device can support.

CurrentThe current hard-disk usage, in GB.

In UseThe amount of hard-disk space in use, in MB.

Comprises the following two values:

MaximumThe maximum RAM, in GB, that the device can support.

Table 202: System Capacity Parameters in ADC-VX

Parameter
vADCs

Capacity Units

268

Description
Comprises the following two values:

MaximumThe maximum number of vADCs that the device can


support.

CurrentThe current number of vADCs configured on the device


and, in parentheses, the number of enabled vADCs on the device.

Comprises the following two values:

MaximumThe maximum number of capacity units that the device


can support.

CurrentThe current number of capacity units configured on the


device.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon System

Monitoring Network Capacity


This feature is available only in version 30.0 and later.

To monitor network capacity


>

In the Monitoring perspective, select System > Capacity > Network.

Table 203: Network Capacity Parameters in Alteon Standalone and VA

Parameter

Description

FDB

Comprises the following two values:

VLANs

ARP Entries

IP Interfaces

IP Routes

VRRP Routers

MaximumThe maximum Forwarding Database usage that the


device can support.

CurrentThe current Forwarding Database usage.

Comprises the following two values:

MaximumThe maximum number of VLANs that the device can


support.

CurrentThe current number of VLANs configured on the device


and, in parentheses, the number of enabled VLANs on the device.

Comprises the following two values:

MaximumThe maximum ARP entries that the device can support.

CurrentThe current number of ARP entries configured on the


device and, in parentheses, the number of enabled ARP entries on
the device.

Comprises the following two values:

MaximumThe maximum number of IP interfaces that the device


can support.

CurrentThe current number of IP interfaces configured on the


device and, in parentheses, the number of enabled IP interfaces on
the device.

Comprises the following two values:

MaximumThe maximum number of IP routes that the device can


support.

CurrentThe current number of IP routes configured on the


device.

Comprises the following two values:

MaximumThe maximum number of VRRP routers that the device


can support.

CurrentThe current number of VRRP routers configured on the


device and, in parentheses, the number of enabled VRRP routers
on the device.

Document ID: RDWR-APSV-V034000_UG1512

269

APSolute Vision User Guide


Monitoring the Alteon System

Table 204: Network Capacity Parameters in Alteon vADC

Parameter
FDB

ARP Entries

IP Interfaces

IP Routes

VRRP Routers

Description
Comprises the following two values:

MaximumThe maximum Forwarding Database usage that the


device can support.

CurrentThe current Forwarding Database usage.

Comprises the following two values:

MaximumThe maximum ARP entries that the device can support.

CurrentThe current number of ARP entries configured on the


device and, in parentheses, the number of enabled ARP entries on
the device.

Comprises the following two values:

MaximumThe maximum number of IP interfaces that the device


can support.

CurrentThe current number of IP interfaces configured on the


device and, in parentheses, the number of enabled IP interfaces on
the device.

Comprises the following two values:

MaximumThe maximum number of IP routes that the device can


support.

CurrentThe current number of IP routes configured on the device.

Comprises the following two values:

MaximumThe maximum number of VRRP routers that the device


can support.

CurrentThe current number of VRRP routers configured on the


device and, in parentheses, the number of enabled VRRP routers on
the device.

Table 205: Network Capacity Parameters in ADC-VX

Parameter
VLANs

Description
Comprises the following two values:

MaximumThe maximum number of VLANs that the device can


support.

CurrentThe current number of VLANs configured on the device


and, in parentheses, the number of enabled VLANs on the device.

Monitoring Application Delivery Capacity


This feature is available only in Alteon standalone, VA, and vADC.

To monitor application-delivery capacity


>

270

In the Monitoring perspective, select System > Capacity > Application Delivery.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon System

Table 206: Application Delivery Capacity Parameters

Parameter
Real Servers

Server Groups

Virtual Servers

Description
Comprises the following two values:

MaximumThe maximum number of real servers that the


device can support.

CurrentThe current number of real servers configured on


the device and, in parentheses, the number of enabled real
servers on the device.

Comprises the following two values:

MaximumThe maximum number of server groups that


the device can support.

CurrentThe current number of server groups configured


on the device.

Comprises the following two values:

MaximumThe maximum number of virtual servers that


the device can support.

CurrentThe current number of virtual servers configured


on the device and, in parentheses, the number of enabled
virtual servers on the device.

Virtual Services

The maximum number of virtual services that the device can


support.

Real Services

The maximum number of real services that the device can


support.

Filters

Comprises the following two values:

(This parameter is available only


in version 30.0 and later.)

MaximumThe maximum number of filters that the device


can support.

CurrentThe current number of filters currently used and,


in parentheses, the number of enabled filters on the device.

Session Table Entries

Comprises the following two values:

(This parameter is available only


in version 30.0 and later.)

MaximumThe maximum number of Session table entries


that the device can support.

CurrentThe current number of Session table entries


currently used and, in parentheses, the number of enabled
Session table entries on the device.

Dynamic Data Store

Comprises the following two values:

MaximumThe maximum number of 512-byte blocks that


the device can support in the dynamic data store.

CurrentThe current number of 512-byte blocks currently


used in the dynamic data store. Note that each persistency
and user-defined entry can occupy one or more 512 byte
blocks.

Keys

Comprises the following two values:

(This parameter is available only


in version 30.0 and later.)

MaximumThe maximum number of keys that the device


can support.

CurrentThe current number of keys configured on the


device.

Document ID: RDWR-APSV-V034000_UG1512

271

APSolute Vision User Guide


Monitoring the Alteon System

Table 206: Application Delivery Capacity Parameters (cont.)

Parameter

Description

Certificate Signing Requests

Comprises the following two values:

(This parameter is available only


in version 30.0 and later.)

MaximumThe maximum number of certificate signing


requests that the device can support.

CurrentThe current number of certificate signing requests


configured on the device.

Server Certificates

Comprises the following two values:

(This parameter is available only


in version 30.0 and later.)

MaximumThe maximum number of server certificates


that the device can support.

CurrentThe current number of server certificates


configured on the device.

Maintenance
Use the Maintenance tab to manage technical support data, packet capture, and trace logging of
application services.

Technical Support Data


This procedure describes how manage technical support data.

Note: All passwords in the technical support data files are encrypted.

To manage technical support data


1.

In the Monitoring perspective, select System > Maintenance.

2.

In the Technical Support Data tab, configure the parameters, and do one the following:

Click Generate to generate the technical support file.

Click Export to export the put dump archive.

Table 207: Technical Support Data Parameters

Parameter

Description

Include Private Keys

Specifies whether to include private keys.

Passphrase

The passphrase, which must be at least four characters long.

Confirm Passphrase

The passphrase, which must be at least four characters long.

Packet Capture
The Alteon VA translates the VMware MAC address assigned to virtual servers and interfaces to its
own, internal MAC address for internal processing. It switches the Alteon VA MAC address back to
the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the
internal Radware Alteon VA MAC address is shown in some of the tables and dumps displayed on the
console.

272

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon System

To manage packet capture


1. In the Monitoring perspective, select System > Maintenance.
2. In the Packet Capture tab, configure the parameters, and do one the following:

Click Start to start the packet capture.

Click Stop to stop the packet capture.

Click Export to export the packet capture.

Click Clear Capture File to clear the packet capture file.

Table 208: Packet Capture Parameters

Parameter

Description

Packet Count

The maximum number of captured packets.


Range: 0-1000000000

Packet Length
Port Range

The packet snap length, that is, the length of packets to capture, in bytes.
Range: 0-9100
The port range.
The valid range depends on the Alteon platform:
VA:1-2
5412:1-16
4416:1-16
4408:1-8
5208:1-10
5224:1-26
5224XL:1-26
5412XL:1-16
4416XL:1-16
4408XL:1-8
5208XL:1-10
6420:1-24

VLAN

The VLAN range.


Range: 1-4090

Document ID: RDWR-APSV-V034000_UG1512

273

APSolute Vision User Guide


Monitoring the Alteon System

Table 208: Packet Capture Parameters (cont.)

Parameter

Description

Packet Filter String

The packet capture filter string field is used to set the capture filter
parameters. It accepts the same filter criteria (syntax) as the tcpdump
format.
The following parameters can be set with an and or an or operator
between them, or using parentheses:

dst host <host>Filters the output on the specified destination host IP.

src host <host>Filters the output on the specified source host IP


address.

dst port <port>Filters the output on the specified destination port.

src port <port>Filters the output on the specified source port.

portFilters the output on the specified port.

tcpFilters the output for TCP traffic only.

udpFilters the output for UDP traffic only

icmpFilters the output for ICMP traffic only.

ip multicastFilters the output for multicast traffic only.

ip broadcastFilters the output for broadcast traffic only.

Example: (dst host 6.6.6.6 or src host 6.6.3.3) and port 80


Maximum characters: 1024

Application Services Trace Log


Enabling Application Services Trace Logging may impact performance on Alteon traffic processing
capabilities. Make sure that you disable trace logging when you are done.

To manage application services trace log


1.

In the Monitoring perspective, select System > Maintenance.

2.

In the Application Services Trace Log tab, configure the parameters, and do one the following:

3.

Click Clear to clear the trace log.

4.

Click Export to export the trace log.

5.

Click Submit to submit the configuration.

Table 209: Application Services Trace Log Parameters

Parameter

Description

AppShape++

Specifies whether to enable logging of AppShape++ activities.


Default: Disabled

Caching

Specifies whether to enable logging of caching activities.


Default: Disabled

Compression

Specifies whether to enable logging of compression activities.


Default: Disabled

Content Class

Specifies whether to enable logging of Content Class activities.


Default: Disabled

274

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon System

Table 209: Application Services Trace Log Parameters (cont.)

Parameter

Description

HTTP

Specifies whether to enable logging of HTTP activities.

HTTP Modification

Specifies whether to enable logging of HTTP Modification activities.

Default: Disabled
Default: Disabled
SSL

Specifies whether to enable logging of SSL activities.


Default: Disabled

TCP

Specifies whether to enable logging of TCP activities.


Default: Disabled

FastView Logs
This procedure describes how access the FastView log files.

To manage technical support data


1. In the Monitoring perspective, select System > Maintenance.
2. In the FastView Logs tab, select one of the following FastView log files to display:

SMF Hub

Configuration Manager

Compiler

View the FastView logs for SMF Hub, Config Manager, and the Compiler. Each button launches a new
pane for you to see the details in the log.

Table 210: Application Services Trace Log Parameters

Parameter

Description

FastView

Specifies whether to enable logging of FastView activities.

FastView SMF

Specifies whether to enable logging of FastView SMF activities.

Document ID: RDWR-APSV-V034000_UG1512

275

APSolute Vision User Guide


Monitoring the Alteon System

276

Document ID: RDWR-APSV-V034000_UG1512

Chapter 12 Monitoring the Alteon Network


This chapter describes monitoring Alteon network operations.

Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:

Monitoring and Controlling Physical Ports, page 277

Monitoring Layer 2, page 278

Monitoring Layer 3, page 280

Monitoring High Availability, page 286

Monitoring and Controlling Physical Ports


This feature is available only in Alteon standalone, VA, and ADC-VX.

To monitor physical ports


>

In the Monitoring perspective, select Network > Physical Ports.

Table 211: Physical Port Parameters

Parameter

Description

Port ID

The port identifier.

Status

The status of the port.


Values: Enable, Disable

Operational Status

The port status.


Values: Online, Offline

Octets
In

The number of inbound octets.

Out

The number of outbound octets.

Unicast Packets
In

The number of inbound unicast packets.

Out

The number of outbound unicast packets.

Broadcast Packets
In

The number of inbound broadcast packets.

Out

The number of outbound broadcast packets.

Multicast Packets
In

The number of inbound multicast packets.

Document ID: RDWR-APSV-V034000_UG1512

277

APSolute Vision User Guide


Monitoring the Alteon Network

Table 211: Physical Port Parameters (cont.)

Parameter

Description

Out

The number of outbound multicast packets.

Discards
In

The number of inbound discarded packets.

Out

The number of outbound discarded packets.

Errors
In

The number of inbound errored packets.

Out

The number of outbound errored packets.

To enable physical ports


1.

In the Monitoring perspective, select Network > Physical Ports.

2.

Select the row in the table for the required port.

3.

Click Enable.

To disable physical ports


1.

In the Monitoring perspective, select Network > Physical Ports.

2.

Select the row in the table for the required port.

3.

Click Disable.

To clear statistics for physical ports


1.

In the Monitoring perspective, select Network > Physical Ports.

2.

Select the row in the table for the required port.

3.

Click Clear Statistics.

Monitoring Layer 2
This feature is available only in version 30.0 and later.
Monitoring Layer 2 comprises the following topics:

Monitoring FDB, page 278

Monitoring STG, page 280

Monitoring FDB
This feature is available only in Alteon standalone, VA, and vADC.
The forwarding database (FDB) contains information that maps the media access control (MAC)
address of each known Alteon to the port where the Alteon address was learned. The FDB also
shows which other ports have seen frames destined for a particular MAC address.

278

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Note: The master forwarding database supports up to 16K MAC address entries on the MP per
Alteon. Each SP supports up to 8K entries.

To display FDB monitoring parameters


>

In the Monitoring perspective, select Network > Layer 2 > FDB.

Table 212: FDB Monitoring Parameters

Parameter

Description

MAC Address

The MAC address in the FDB.

VLAN

The VLAN.
Values: 14090

Port

The port number. 0 specifies unknown.

Trunk

The trunk-group number. The FDB entries on a single trunk.


Values: 14090

State

References SPs

Values:

ForwardThe address has been learned by Alteon.

TrunkingThe Port field represents the trunk group number.

UnknownThe MAC address has not yet been learned by Alteon,


but has only been seen as a destination address. When an address
is in the Unknown state, no outbound port is indicated, although
ports which reference the address as a destination are listed under
reference ports.

InterfaceThe MAC address is for a standard VRRP virtual router.

Virtual server (VIP)The MAC address is for a virtual server


router, a virtual router with the same IP address as a virtual server.

The SP number.
Values: 14

Learned Port

The learned port number.


Values: 14

To clear the entire FDB


1. In the Monitoring perspective, select Network > Layer 2 > FDB.
2. Click Clear Entire FDB.

Document ID: RDWR-APSV-V034000_UG1512

279

APSolute Vision User Guide


Monitoring the Alteon Network

Monitoring STG
This feature is available only in Alteon standalone and VA.
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.

Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.

To display Spanning Tree Group monitoring parameters


>

In the Monitoring perspective, select Network > Layer 2 > STG.

Table 213: STG Monitoring Parameters

Parameter

Description

Spanning Tree Group

The IP address of ARP entry.

Number Of Topology changes

The number of topology changes.

Time Since Last Changes

The time since the last changes.

Table 214: Spanning Tree Group BPDU Statistics Parameters

Statistic

Description

Port

The port number.

Status

The status of the port.

BPDUs Received AB 20141223 changed to Bold all - per original


Configuration

The number of configuration BPDUs received.

TCN

The number of TCN (Topology Change Notification) messages received.

RSTP/MST

The number of MST or RST BPDUs received.

BPDUs Transmitted
Configuration

The number of configuration BPDUs transmitted.

TCN

The number of TCN (Topology Change Notification) messages transmitted.

RSTP/MST

The number of MST or RST BPDUs transmitted.

Monitoring Layer 3
This feature is available only in Alteon standalone, VA, and vADC.
Monitoring Layer 3 comprises the following topics:

Monitoring Gateways, page 281

Monitoring Routes, page 281

Monitoring Learned MACs (or IP FDB), page 282

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 285

Monitoring Interfaces, page 286

280

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Monitoring Gateways
This feature is available only in version 30.0 and later.

To monitor gateways
>

In the Monitoring perspective, select Network > Layer 3 > Gateways.

Table 215: Gateway Monitoring Parameters

Parameter

Description

Status

The status of the gateway.

Gateway ID

The identifier of the gateway.

IP Address

The IP address of the gateway.

VLAN

The VLAN identifier of the gateway.

Monitoring Routes
This feature is available only in version 30.0 and later.

To monitor routes
>

In the Monitoring perspective, select Network > Layer 3 > Routes.

Table 216: IPv4 Routes Monitoring Parameters

Parameter

Description

Entry

The number of the route entry.

Destination

The destination IP address of the route.

Mask

The subnet mask of the route.

Gateway

The IP address of the route gateway.

Type

The route type.


Values:

IndirectThe next hop to the host or subnet destination are forwarded


through a router at the gateway address.

DirectPackets are delivered to a destination host or subnet attached to


Alteon.

LocalIndicates a route to one of the Alteon IP interfaces.

BroadcastIndicates a broadcast route.

MartianThe destination belongs to a host or subnet that is filtered out.


Packets to this destination are discarded.

Document ID: RDWR-APSV-V034000_UG1512

281

APSolute Vision User Guide


Monitoring the Alteon Network

Parameter
Tag

Description
The tag that indicates the origin of the route.
Values:

FixedThe address belongs to a host or subnet attached to Alteon.

StaticThe address is a static route which has been configured on Alteon.

AddrThe address belongs to one of the Alteon IP interfaces.

RIPThe address was learned by the Routing Information Protocol (RIP).

OSPFThe address was learned by Open Shortest Path First (OSPF).

BGPThe address was learned via the Border Gateway Protocol (BGP)

BroadcastIndicates a broadcast address.

MartianThe address belongs to a filtered group.

MulticastIndicates a multicast address.

VIPIndicates a route destination that is a virtual server IP address. VIP


routes are needed to advertise virtual server IP addresses via BGP.

Metric

The metric for RIP tagged routes, specifying the number of hops to the
destination (1 through 15 hops, or 16 for infinite hops).

Interface

The IP interface that the route uses.

The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is
shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.

Table 217: IPv6 Routes Monitoring Parameters

Parameter

Description

Entry

The number of the route entry.

Destination

The destination IP address of the route.

VLAN

The VLAN of the route.

Next Hop

The next hop of the route.

Protocol

The route protocol.


Values: Local, Static

Monitoring Learned MACs (or IP FDB)


This feature is available only in Alteon standalone, VA, and vADC.
The name of this node in Alteon version 30.1 and earlier is IP FDB. The name of this node in Alteon
version 30.2 and later is Learned MACs.
Monitoring learned MACs (or IP FDB) comprises the following topics:

ARP, page 283Displaying ARP monitoring parameters and clearing the ARP cache

Neighbor Cache, page 283Includes displaying neighbor-cache monitoring parameters and


summary information and clearing the neighbor cache

282

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

ARP
This procedure describes how to display the ARP monitoring parameters.

To display ARP monitoring parameters


>

In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).

Table 218: ARP Monitoring Parameters

Parameter

Description

IP Address

The IP address of ARP entry.

Flags

The flag associated with the entry.


Examples:

clear

permanentNot obtained via an ARP request (for example, IP interface and


VIP)

layer4Layer 4 IP address (VIP)

MAC Address

The MAC address of the ARP entry.

VLAN

The VLAN of the ARP entry.

Port

The physical port where this IP address owner is connected.

Referenced SPs

The number of SPs on which this ARP entry is present.

To clear the ARP cache


1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
2. Select the relevant row in the table.
3. Click Clear ARP Cache.

Neighbor Cache
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link layer addresses and
reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.

Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor.
Neighbor Cache entries are added in the following situations:

Entries are added when an IPv6 interface or virtual IP is operational.

Reception of ND messages from neighbor.

A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.

Document ID: RDWR-APSV-V034000_UG1512

283

APSolute Vision User Guide


Monitoring the Alteon Network

To display neighbor-cache monitoring parameters and summary information


>

In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).

Table 219: Neighbor Cache Monitoring Parameters

Parameter

Description

IP6 Address

The IPv6 address of the Neighbor Cache entry.

MAC Address

The MAC address of the Neighbor Cache entry.

VLAN

The VLAN of the Neighbor Cache entry.

Port

The physical port of the Neighbor Cache entry.

State

The the reachability state of the Neighbor Cache entry.


Values:

Type

INCPMIncomplete. The link-layer address of the neighbor has not yet been
determined.

REACHReachable. The neighbor is known to have been reachable recently.

StaleThe neighbor is no longer known to be reachable, but until traffic is


sent to the neighbor, no attempt should be made to verify its reachability.

DelayThe neighbor is no longer known to be reachable, and traffic has


recently been sent to the neighbor.

ProbeThe neighbor is no longer known to be reachable, and ND messages


are sent to the neighbor to verify reachability.

The type of the Neighbor Cache entry.


Values:

LOCALThe entry is a preconfigured address on Alteon.

DYNAMICThe entry is a neighbor address learned from ND.

Table 220: Neighbor Cache Summary Information Parameters

Parameter

Description

Total dynamic neighbor cache entries

The total number of dynamic Neighbor Cache entries.

Total local neighbor cache entries

The total number of local Neighbor Cache entries.

Other neighbor cache entries

The number of other Neighbor Cache entries.

To clear the neighbor cache


1.

In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).

2.

Select the relevant row in the table.

3.

Click Clear Neighbor Cache.

284

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier


This feature is available only in Alteon standalone, VA, and vADC.

To monitor VRRP virtual routers


>

In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.

Table 221: Legacy VRRP Virtual Router Parameters

Parameter

Description

Status

The VRRP status.


Values:

InitIf there is no port in the virtual routers VLAN with an active


link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.

MasterThe virtual router is the master.

BackupThe virtual router is a backup.

HoldoffVRRP operation is globally suspended for the specified


interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.

Router ID

The router identifier.

VR ID

The virtual router identifier.

IP Address

The IP address of the virtual router.

Interface

The IP interface of the device. If the IP interface has the same IP


address as the IP address, this device is considered the owner of the
defined virtual router.

Priority

The election priority bias for this virtual server.


During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual routers IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.

Document ID: RDWR-APSV-V034000_UG1512

285

APSolute Vision User Guide


Monitoring the Alteon Network

Table 221: Legacy VRRP Virtual Router Parameters (cont.)

Parameter

Description

Ownership

The owner of the VRRP IP address.


Values:

OwnerIf the IP interface has the same IP address as the virtual


address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.

RenterThe virtual router that is not owned by the device.

To switch over a VRRP virtual router


1.

In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.

2.

Select an entry and click Backup.

Monitoring Interfaces
This feature is available only in version 30.0 and later.

To monitor interfaces
>

In the Monitoring perspective, select Network > Layer 3 > Interfaces.

Table 222: Interface Monitoring Parameters

Parameter

Description

State

The state of the interface.

Interface ID

The identifier of the interface.

IP Address

The IP address of the interface.

Mask

The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields
displays 0.0.0.0.

Prefix

The prefix of the interface if the interface is IPv6. If the interface is IPv4, the
fields displays 0.

VLAN

The VLAN identifier of the interface.

Monitoring High Availability


This section comprises the following topics:

Monitoring High Availability in Alteon Version 30.1, page 287

Monitoring High Availability for Alteon Version 30.2 and Later, page 289

286

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Monitoring High Availability in Alteon Version 30.1


This feature is available only in Alteon standalone, VA, and vADC.

Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.
For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do
the following:

When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.

When the High Availability Mode on the device is Service HA:

Monitor high-availability information.

Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.

When the High Availability Mode on the device is Legacy VRRP:

Monitor high-availability information.

Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.

To monitor Service HA information in Alteon version 30.1


>

In the Monitoring perspective, select Network > Layer 3 > High Availability.

Table 223: Service HA Monitoring Parameters

Parameter

Description

Status

The Service HA status.

HA Group ID

The HA Group identifier.

To monitor Switch HA information in Alteon version 30.1


>

In the Monitoring perspective, select Network > Layer 3 > High Availability

Table 224: Switch HA Monitoring Parameters

Parameter

Description

Peer Switch ID

The identifier of the peer.

Peer Switch Address

The IP address of the advertisement IP interface associated with the


peer.

Last Sync

The type (manual or automatic), status, timestamp, and failure reason


of the last configuration synchronization attempt.

Last Successful Sync

The type (manual or automatic) and timestamp of the last successful


configuration synchronization.

Document ID: RDWR-APSV-V034000_UG1512

287

APSolute Vision User Guide


Monitoring the Alteon Network

To monitor legacy VRRP virtual routers in Alteon version 30.1


>

In the Monitoring perspective, select Network > Layer 3 > High Availability.

Table 225: Legacy VRRP Virtual Router Parameters

Parameter

Description

Status

The VRRP status.


Values:

InitIf there is no port in the virtual routers VLAN with an active


link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.

MasterThe virtual router is the master.

BackupThe virtual router is a backup.

HoldoffVRRP operation is globally suspended for the specified


interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.

Router ID

The router identifier.

VR ID

The virtual router identifier.

IP Address

The IP address of the virtual router.

Interface

The IP interface of the device. If the IP interface has the same IP


address as the IP address, this device is considered the owner of the
defined virtual router.

Priority

The election priority bias for this virtual server.


During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual routers IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.

288

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Table 225: Legacy VRRP Virtual Router Parameters (cont.)

Parameter
Ownership

Description
The owner of the VRRP IP address.
Values:

OwnerIf the IP interface has the same IP address as the virtual


address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.

RenterThe virtual router that is not owned by the device.

Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.

To force a master Alteon into backup mode


1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Click Backup.

To force a master service group into backup mode


1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Select the required service group or service groups.
3. Click Backup.

Monitoring High Availability for Alteon Version 30.2 and Later


This feature is available only in Alteon standalone, VA, and vADC.

Note: You can configure the values for the High Availability feature in the Configuration
perspective, under Network > High Availability.

When the High Availability Mode on the device is Switch HA, switch an active device to
backup mode. Typically, you do this when you need to perform maintenance on the active Alteon
and not affect the service.

When the High Availability Mode on the device is Service HA:

Monitor high-availability information.

Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.

When the High Availability Mode on the device is Legacy VRRP:

Document ID: RDWR-APSV-V034000_UG1512

289

APSolute Vision User Guide


Monitoring the Alteon Network

Monitor high-availability information.

Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.

To view High Availability mode and state


>

In the Monitoring perspective, select Network > High Availability.


The High Availability Mode field displays one of the following: Disabled, Switch HA, Service
HA, Legacy VRRP
The Status field displays master or backup.

To monitor Service HA information


>

In the Monitoring perspective, select Network > High Availability > Sync Status.

Table 226: Service HA Monitoring Parameters

Parameter

Description

Status

The Service HA status.

HA Group ID

The HA Group identifier.

To monitor Switch HA information


>

In the Monitoring perspective, select Network > High Availability > Sync Status.

Table 227: Switch HA Monitoring Parameters

Parameter

Description

Peer Switch ID

The identifier of the peer.

Peer Switch Address

The IP address of the advertisement IP interface associated with the


peer.

Last Sync

The type (manual or automatic), status, timestamp, and failure reason


of the last configuration synchronization attempt.

Last Successful Sync

The type (manual or automatic) and timestamp of the last successful


configuration synchronization.

To monitor legacy VRRP virtual routers


>

290

In the Monitoring perspective, select Network > High Availability > Sync Status.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring the Alteon Network

Table 228: Legacy VRRP Virtual Router Parameters

Parameter

Description

Status

The VRRP status.


Values:

InitIf there is no port in the virtual routers VLAN with an active


link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.

MasterThe virtual router is the master.

BackupThe virtual router is a backup.

HoldoffVRRP operation is globally suspended for the specified


interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.

Router ID

The router identifier.

VR ID

The virtual router identifier.

IP Address

The IP address of the virtual router.

Interface

The IP interface of the device. If the IP interface has the same IP


address as the IP address, this device is considered the owner of the
defined virtual router.

Priority

The election priority bias for this virtual server.


During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual routers IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.

Ownership

The owner of the VRRP IP address.


Values:

OwnerIf the IP interface has the same IP address as the virtual


address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.

RenterThe virtual router that is not owned by the device.

Document ID: RDWR-APSV-V034000_UG1512

291

APSolute Vision User Guide


Monitoring the Alteon Network

Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
preferred master) briefly becomes the backup and then reverts to the master.

To force a master Alteon into backup mode


1.

In the Monitoring perspective, select Network > High Availability.

2.

Click Backup.

To force a master service group into backup mode


1.

In the Monitoring perspective, select Network > High Availability.

2.

Select the required service group or service groups.

3.

Click Backup.

292

Document ID: RDWR-APSV-V034000_UG1512

Chapter 13 Monitoring Alteon Application


Delivery
This chapter describes monitoring Alteon application-delivery operations.

Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 315.
This section contains the following main topics:

Clearing Non-operating SLB Statistics, page 293

Monitoring and Controlling Virtual Service, page 293

Monitoring and Controlling Server Groups, page 296

Monitoring and Controlling Virtual Servers, page 298

View a FastView Web Application, page 301

Monitoring and Controlling APM, page 302

Monitoring AppShape++ Statistics, page 302

Monitoring and Controlling Application Services, page 303

Monitoring and Controlling SSL, page 309

Monitoring and Managing Filters, page 309

Monitoring LinkProof, page 310

Clearing Non-operating SLB Statistics


In Alteon version 30.1 and later, you can clear all non-operating SLB statistics, resetting them to
zero.
The action, Clear All SSB Statistics, does not reset Alteon and does not affect the following
counters:

Counters required for Layer 4 and Layer 7 operations (such as current real server sessions)

All related SNMP counters

To clear all non-operating SLB statistics


1.

In the Monitoring perspective, select Application Delivery > Virtual Service.

2.

Click Clear All SSB Statistics.

Monitoring and Controlling Virtual Service


Monitoring and controlling virtual services comprises the following:

Monitoring and Controlling Real Servers, page 294

Monitoring and Controlling Server Groups, page 296

Document ID: RDWR-APSV-V034000_UG1512

293

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Monitoring and Controlling Virtual Servers, page 298

Monitoring and Controlling APM, page 302

In Alteon version 30.1 and later, you can clear all SLB statistics.

Monitoring and Controlling Real Servers


This feature is available only in Alteon standalone, VA, and vADC.
You can view monitoring information of the real servers and change their operational status.

Note: Changing the operational status of a real server is typically performed for maintenance
purposes. If you execute a change to the operational status of a real server, the change takes effect
without an Apply or Save command. When the Alteon resets, the real server reverts to its
configuration status (that is, enabled or disabled).

To change the operation status or one or more real servers


1.

In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.

2.

In the table, select the rows of the real server whose operational statue you want to change.

3.

From the Real Server Operations drop-down list, select the required option, and then click
Execute.
Default: Disable.

Table 229: Real Server OperationsOptions

Parameter

Description

Disable

Disables the selected real server(s) immediately and close existing


connections.

Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fastages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Disable & Keep Persistency Gracefully disables the real server, having the server do the following:
and Fastage
1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Fastages existing sessions.
4. Disables the real server when there are no connections including
the persistent data for the real server.
Enable

294

Enables the selected real server(s).

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

To view monitoring information for the real servers


1. In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.
The table in the Real Servers tab displays information for all the real servers.

Note: Users with CoS type User can see the statistics and status of all real servers, but they
can only perform operations on the real servers that are assigned to them.
2. To view the monitoring information for one specific real server, click the

button.

Table 230: Real Server Monitoring: General Parameters

Parameter

Description

Status

The configuration status of the real server.


Values:

Server State

EnabledThe real server is enabled.

DisabledThe real server is disabled.

Disable-with-fastageThe real server was disabled and fastaged


the existing sessions.

The run-time state of the real server (which is, the result of the realserver health check).
Values: Disabled, Failed, Running

Operational Status

The value of the Real Server Operations parameter. For more


information, see Real Server OperationsOptions, page 294.

Real Server ID

The identifier of the real server.

Description

The description of the real server.

IP Address

The IP address of the real server.

MAC Address

The MAC address of the real server.

Table 231: Real Server Monitoring: Sessions Parameters

Parameter

Description

Current Sessions

The number of sessions currently open on the real server.

Total Sessions

The total sessions the real server was assigned.

Highest Sessions

The highest number of simultaneous sessions recorded for each real


server.

Table 232: Real Server Monitoring: Octets Parameter

Parameter

Description

Total Bytes

The real server transmit and receive octets.

Table 233: Real Server Monitoring: Failures Parameter

Parameter

Description

Server Failures

The number of times the real server has failed since the last reboot.

Document ID: RDWR-APSV-V034000_UG1512

295

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 234: Real Server Monitoring: Health Check Parameters

Parameter

Description

(These parameters are displayed only when monitoring a specific real server.)
Last Failure

The time of the last failure.

Up Time

The time that the server has been up.

Down Time

The time that the server has been down

Monitoring and Controlling Server Groups


This feature is available only in Alteon standalone, VA, and vADC.

To monitor basic information of the server groups


>

In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.

The Server Groups table comprises the following columns:

Table 235: Server Groups Table Columns

Parameter

Description

Server Group ID

The identifier of the server group.

Description

The description of the server group.

SLB Metric

The SLB metric.

Health Check

The health check type, for example tcp.


Values: icmp, tcp, http, httphead, dns, smtp, pop3, nntp, ftp, imap,
radius, sslh, script1, script2, script3, script4, script5, script6, script7,
script8, script9, script10, script11, script12, script13, script14,
script15, script16, link, wsp, wtls, ldap, udpdns, arp, snmp1, snmp2,
snmp3, snmp4, snmp5, radiusacs, tftp, wtp, rtsp, sipping, sipoptions,
wts, dhcp, radiusaa, script17, script18, script19, script20, script21,
script22, script23, script24, script25, script26, script27, script28,
script29, script30, script31, script32, script33, script34, script35,
script36, script37, script38, script39, script40, script41, script42,
script43, script44, script45, script46, script47, script48, script49,
script50, script51, script52, script53, script54, script55, script56,
script57, script58, script59, script60, script61, script62, script63,
script64

Current Sessions

The number of current sessions that the real server is handling.

Total Sessions

The total number of sessions that the real server has handled.

Highest Sessions

The highest number of sessions that the real server has handled.

Total Octets

The total number of octets that the real server has handled.

296

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

To enable selected servers in a group


1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
2. In the Real Servers per Group table, select the required row(s) and click the

(Edit) button.

3. From the Real Server per Group Operation drop-down list, select Enable.
4. Click Execute.

To disable selected servers in a group


1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
2. In the Real Servers per Group table, select the required row(s) and click the

(Edit) button.

3. From the Real Server per Group Operation drop-down list, select Disable.
4. Click Execute.

To monitor information of the real servers in a server group


1. In the Monitoring perspective, select Application Delivery > Virtual Services > Server
Groups.
2. Double-click the relevant server group.
The Real Server Groups per Group table comprises the following columns:

Table 236: Real Server in This Group Parameters

Parameter

Description

Real Servers per Group


Status

The real server configuration status in the group.


Values: Enable, Disable

Server State

The run-time state of the real server in the group. For example, if the
health check passed, the Status is Enable.
Values: Enable, Disable

Operational Status

The operational status of the server.


Values: Enable, Disable

Real Server ID

The ID of the real server.

IP Address

The IP address of the real server.

Description

The description of the real server.

Current (Sessions)

The number of current sessions that the real server is handling.

Total (Sessions)

The total number of sessions that the real server has handled.

Highest (Sessions)

The highest number of sessions that the real server has handled.

Bytes

The total number of bytes that the real server has handled.

Document ID: RDWR-APSV-V034000_UG1512

297

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Monitoring and Controlling Virtual Servers


This feature is available only in Alteon standalone, VA, and vADC.

To monitor virtual servers, virtual services, and content-based rules


>

In the Monitoring perspective, select Application Delivery > Virtual Services > Virtual
Servers.

Table 237: Virtual Servers Monitoring Parameters

Parameter

Description

Status

The status of the virtual server.

Virtual Server ID

The ID of the virtual server.

Name

The name of the virtual server.

Current Sessions

The number of current sessions in the virtual server.

Total Sessions

The total number of sessions in the virtual server.

Highest Sessions

The highest number of sessions in the virtual server.

Total Octets

The total octets in the virtual server.

Table 238: Virtual Services Monitoring: General Parameters (Alteon Version 30.1 and Later)

Parameter

Description

Virtual Server ID

The ID of the virtual server associated with the selected virtual service.

Service Port

The virtual service port.

Action

The action of the virtual service.

Group ID

The identifier of the virtual service.

Table 239: Virtual Services Monitoring: Traffic Parameters (Alteon Version 30.1 and Later)

Parameter

Description

Real ID

The identifier of a real server associated with the virtual service.

Current Sessions

The number of current sessions in the real server.

Total Sessions

The total number of sessions in the real server.

Highest Sessions

The highest number of sessions in the real server.

Time since last device


reset / clear statistics

The time since the device was last reset and traffic statistics were
cleared.

298

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 240: Virtual Services Monitoring: HTTP Parameters (Alteon Version 30.2 and Later)

Parameter

Description

HTTP 2.0

Displays the following statistics for HTTP 2.0 traffic:

HTTP 1.1

HTTP 1.0

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

Displays the following statistics for HTTP 1.1 traffic:

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

Displays the following statistics for HTTP 1.0 traffic:

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

HTTP/2 Connection
Statistics

Displays the current number of connections (Current) and connection


peaks (Peak) for each of the following connections:

(These statistics are


displayed only when an
HTTP/2 policy is
associated with the
selected virtual service)

Backend Connections used by HTTP/2 Proxy

Client Streams

PUSH Streams

Canceled PUSH Requests

Session Duration AverageIn mm:ss format.

HTTP/2 Header
Compression Statistics

Displays the current number of connections (Current) and connection


peaks (Peak) for each of the following header compression types:

(These statistics are


displayed only when an
HTTP/2 policy is
associated with the
selected virtual service)

Requests - Average Compression Ratio (%)

Responses - Average Compression Ratio (%)

Average de facto HPACK Table Size

Big Headers Count

Average Evicted Bytes Per Connection

Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics

The time since the device was last reset and traffic statistics were
cleared.

Document ID: RDWR-APSV-V034000_UG1512

299

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 241: Virtual Services Monitoring: Caching and Compression Parameters (Alteon Version
30.2 and Later)

Parameter

Description

Objects Served from


Cache

The number of objects served from cache.

Cache Hits

Percentage of cache hits.

Cache Requests

Number of cache requests per second.

Total Cached Objects

Total number of cached objects.

New Cached Objects

Number of cached objects per second.

Peak New Cached Objects Number of peak new cached objects per second.
Compression Statistics

Compression-specific statistics:

Throughput (KB)Amount of compressed, uncompressed, and


ratio throughput.

Average Object Size (KB)Average compressed, uncompressed,


and ratio object size.

Total Bytes Saved

Bytes SavedBytes saved per second.

Peak Bytes SavedPeak bytes saved per second.

Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics

The time since the device was last reset and traffic statistics were
cleared.

Table 242: Virtual Services Monitoring: FastView Parameters (Alteon Version 30.2 and Later)

Parameter

Description

Transactions

Number of current, total, and peak transactions.

HTML Pages

Number of current, total, and peak HTML pages.

Optimized Pages

Number of current, total, and peak optimized pages.

Tokens Rewritten

Number of current, total, and peak tokens rewritten.

Compiled Pages

Number of current, total, and peak compiled pages.

Bytes Saved with Image


Reduction

Number of bytes saved with image reduction for current traffic, and for
traffic since the last clear of statistics.

% Bytes Saved with


Image Reduction

Percentage of bytes saved with image reduction for current traffic, and
for traffic since the last clear of statistics.

Responses with Expiry


Modified

Number of responses with expiry modified for current traffic, and for
traffic since the last clear of statistics.

% Responses with Expiry


Modified

Percentage of responses with expiry modified for current traffic, and for
traffic since the last clear of statistics.

Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics

300

The time since the device was last reset and traffic statistics were
cleared.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 243: Content-Based Rules Monitoring Parameters

Parameter

Description

Virtual Server ID

The ID of the virtual server associated with the selected content-based


rule.

Service ID

The ID of the virtual service associated with the selected content-based


rule.

Content Rule ID

The ID of the content-based rule.

Action

The action of the content-based rule.

Current Sessions

The number of current sessions in the content-based rule.

Total Sessions

The total number of sessions in the content-based rule.

Highest Sessions

The highest number of sessions in the content-based rule.

Total Octets

The total octets in the content-based rule.

View a FastView Web Application


You can view details about any FastView Web applications from the Monitoring section.

To access monitoring details for FastView Web applications


1. Navigate to Monitoring > Application Delivery > Virtual Service > Virtual Servers.

Note: You can also access this information directly from the Content Rule pane or the FastView
Web Application pane.
2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server
pane.
3. Select the FastView tab on the View Virtual Service pane.
4. View the information available for each virtual service:

Table 244: Virtual Service

Parameter

Description

Transactions

The counter of HTTP GET requests served by FastView for this virtual
service within the measured period.

HTML Pages

The number of HTML pages served by FastView. Some of them may not be
optimized, for example if they are excluded in the configuration.

Optimized Pages

The number of HTML pages optimized and rewritten by FastView.

Tokens Rewritten

The number of substitution performed by FastView.

Compiled Pages

The number of compiled or learned pages.

Bytes Saved with


Image Reduction

Displays the number of bytes saved by the image reduction treatments on a


resource.

% Bytes Saved with


Image Reduction

Displays the percentage of bytes saved by the image reductions treatments


on a resource.

Document ID: RDWR-APSV-V034000_UG1512

301

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 244: Virtual Service (cont.)

Parameter

Description

Responses with Expiry Displays the number of responses that have a modified expiry.
Modified
% Responses with
Expiry Modified

Displays the percentage of responses with a modified expiry.

Statistics Measuring
Period

Displays the number of statistics that are gathered per second.


You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Note: The values in the Current column are defined as over the last x
seconds, where x is determined by the value of the Statistics Measuring
Period.

Time since last device Displays the time in seconds since the platform was last reset or the
reset / clear statistics statistics were cleared.

Monitoring and Controlling APM


This feature is available only in version 30.0 and later on Alteon standalone, VA, and vADC.

To monitor APM
>

In the Monitoring perspective, select Application Delivery > Virtual Services > APM.

Table 245: Virtual Servers Monitoring Parameters

Parameter

Description

Virtual Server ID

The ID of the virtual server.

Service

The service identifier.

Monitoring AppShape++ Statistics


To monitor AppShape++ statistics
1.

In the Monitoring perspective, select Application Delivery > AppShape++.

2.

Select the required row, and click Edit Row.

3.

View the parameters, and click OK.

AppShape++ statistics are described in the following table:

Table 246: AppShape++ Statistics

Statistic

Description

Script ID

The identifier for the AppShape++ script.

Event

The event name that appears in the AppShape++ script ID.

302

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 246: AppShape++ Statistics (cont.)

Statistic

Description

Activation

The number of times that the AppShape++ script or script event was
activated.

Failures

The number of times that the AppShape++ script failed, and the failure
distribution between the script events (how many of the failures occurred
during treatment of each event).

Aborts

The number of times that the AppShape++ script was aborted, and the abort
distribution between the script events (how many of the aborts occurred
during treatment of each event).

Monitoring and Controlling Application Services


Monitoring and controlling application services comprises:

Monitoring and Controlling HTTP, page 303

Monitoring and Controlling SSL, page 309

Monitoring and Controlling HTTP


Monitoring and controlling HTTP includes the following features on the HTTP Services pane:

In Alteon version 30.2 and later, HTTP Statistics

Cache Purge of HTTP Content

Flushing Learned FastView Optimizations

HTTP Services
This feature is available only in Alteon standalone, VA, and vADC.
HTTP services include:

Viewing HTTP Statistics, page 303

Purging Cached Content of HTTP Responses, page 304

Flushing Learned FastView Optimizations, page 305

Viewing HTTP Statistics


This feature is available only in Alteon version 30.2 and later.
You can view statistics for supported versions of HTTP.

To view HTTP statistics


1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2. Select the HTTP tab.

Document ID: RDWR-APSV-V034000_UG1512

303

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 247: HTTP Statistics Parameters

Parameter

Description

HTTP 2.0

Displays the following statistics for HTTP 2.0 traffic:

HTTP 1.1

HTTP 1.0

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

Displays the following statistics for HTTP 1.1 traffic:

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

Displays the following statistics for HTTP 1.0 traffic:

Connection CountNumber of connections within the statistics


measuring period.

Connection PeakNumber of connection peaks within the statistics


measuring period.

Requests CountNumber of requests within the statistics


measuring period.

Statistics Measuring Period Period, in seconds, for which statistics are measured and displayed.
You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services.
Time since last device
reset / clear statistics

The time since the device was last reset and traffic statistics were
cleared.

Purging Cached Content of HTTP Responses


When the caching criteria or the server content has changed, you may want to purge the cached
content of HTTP responses.

To purge cached content of HTTP responses


1.

In the Monitoring perspective, select Application Delivery > Application Services > HTTP.

2.

Select the Cache Purge tab.

3.

Configure the following parameters, and then, click Purge.

Table 248: HTTP Cache Parameters

Parameter

Description

Virtual Server

The virtual server or all virtual servers.

Service Port

The port of the virtual service or all virtual-service ports.

Object URL

The specific object URL or a URL with wildcard (*) in it.

304

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Flushing Learned FastView Optimizations


If you are using FastView, you can flush learned FastView optimizations.
This feature is available only in Alteon version 30.2 and later.

To flush learned FastView optimizations


1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2. Select the FastView tab.
3. Do one of the following:

To flush selected learned FastView Web applications, filter the FastView Web Applications
table by Web Application ID or State, select the required entries, and then click the
button.

In Alteon version 30.2 and later, this option is no longer available. To flush all the learned
FastView Web applications, click the

button.

Viewing FastView Diagnostics


This feature is available only in Alteon version 30.1 and later.
Diagnostics provide runtime information on your selected Web application, providing you a better
understanding of the internal optimization process and its outputs, including instructions sets and
resources. There are a few actions that you can perform in response, but primarily the diagnostics
provide a summary of the selected Web applications configuration and where this information is
stored.
You can view various diagnostics for your FastView Web applications including:

Optimization Status

Workload Monitor

Resource Library

Instruction List

To view diagnostics for FastView Web applications.


1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2. Select the appropriate Web application.
3. Select Diagnostics.

Note: The FastView Web Applications tab stays active once you launch it. If you want to view
diagnostics for another Web application, you can navigate from the FastView Web Applications
tab or close the tab and reopen from the HTTP page, with another Web application selected.

Resource Library
The Resource Library tab displays a list of all modified resources for a Web application.
By selecting any resource on the list, you can find out more details about it, including its treated
name, if it is in a preload list, and so on.

Document ID: RDWR-APSV-V034000_UG1512

305

APSolute Vision User Guide


Monitoring Alteon Application Delivery
The following information is listed for each resource.

ID

Name

Size

Created (date is displayed)

Accessed (date is displayed)

Note: It can be very difficult to find individual treated resources using the Resource Library, as the
list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware
recommends using the ?printcompileinfo parameter, which specifically displays information
about treated resources for a specific page.

Instruction Lists
Each time a page is optimized for a client browser, it is called an instruction. Instructions are a
representation of a treated HTML document and the manner in which it is rewritten to call treated
resources. It does not represent the treated resources themselves, except when those resources
have been inlined into the page as part of a treatment.
This section includes the following topics:

Working with Instruction Lists, page 306

Instruction Details, page 306

Substitution Lists, page 307

Treatment Information, page 307

Working with Instruction Lists


Use the following procedure to access the instruction lists.

To access the instruction list


1.

Navigate to Monitoring > Application Delivery > Application Services > HTTP.

2.

Select the Web application for which you want the instruction list.

3.

Select Diagnostics.

4.

Select the Instruction List tab.

The instruction list contains a list of all the compiled pages for the Web Application, including which
page URL it is for, which Client Group it is part of, and if it is a landing page. Each of these individual
values create a unique page instruction.
Filters
Use the following procedure to filter the instruction set.

To filter the instruction set


1.

Select the filter options: URL contents, client groups, landing page, rows per page.

2.

Click Refresh Instruction List.

Instruction Details
You can drill down into each instruction to get more details about it.

306

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery
Parameters that indicate the health of the instruction include: Recompiling?, Requires Compile?,
and At Threshold?.
Substitution Lists
The details page also includes both primary and secondary substitution lists. These display what was
the original text on a compiled text or HTML page, and what is now being provided to a user.
Treatment Information
Some types of treatment information is also provided on this page. The details of these vary
between treatments, however the common information includes:

Is the treatment enabled?

Has the treatment reached its threshold?

Does it require compilation?

Note: The treatment information here does not necessarily align with the actual FastView for
Alteon NG treatments. These are representative of the processes that are applied to a page
when they undergo acceleration treatment.

Dashboard Tab
The Dashboard tab includes details on:

Optimization Status, page 307

Workload Monitor, page 308

From the Dashboard tab, you can:

Navigate to different Web applications using the Selected WebApp drop-down.

Refresh the results with the Refresh icon in the top right corner of the Dashboard tab.

Optimization Status
The Optimization Status displays the following information:

Optimization by Instruction, page 307

Optimization by Page View, page 308

Settings, page 308

Optimization by Instruction
This displays the various instructions that are being treated by FastView. An instruction is a unique
view of a Web page (based on Web browser client and page compile type). For example, /
home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single
instruction.
Each instruction can be in one of the following states:

QueuedThe instruction is being served as untreated. FastView is ready to process the


instruction for treating, but it is currently in a queue.

First CompileThe instruction has been served as treated, but FastView has only viewed the
page once. FastView still needs to process the page to learn how to provide instructions.

LearningThe instruction is being served as treated, but FastView is still learning how to treat
the instruction. The next time FastView serves the page, it may be treated differently depending
on how the next few unique browsers request the instruction. This continues until the Compiled
threshold (number of same unique views) occurs.

CompiledThe instruction has been requested enough times (defined by unique page views
that are the same) to consider the page as Compiled. FastView does not continue to process
the page until it goes through a touch-up or recompile.

Document ID: RDWR-APSV-V034000_UG1512

307

APSolute Vision User Guide


Monitoring Alteon Application Delivery

TouchupThe percentage of instructions that are in the Touchup state. This indicates that the
instruction will still be served, but FastView will examine the next request to the instruction to
ensure that everything is still valid.

RecompileInstructions in the Recompile state have expired. A request to the instruction


causes it to go into a Learning state again.

The graph indicates, by percentage, where the instructions are located in the system. For detailed
information on a specific instruction, see Instruction Lists, page 306.
Optimization by Page View
This displays the status of unique views rather than instruction states. It contains the following:

UnacceleratedThe viewed page was unaccelerated.

LearningThe viewed page displayed to the client as accelerated, but FastView is still learning
the best way to treat the page.

AcceleratedThe page served to the client was accelerated by FastView.

The Optimization by Page View is a cumulative view of each unique request to a page. The following
workflow illustrates how values display in this section:
1.

Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.

2.

Person B and Person C now browse to the same page. Each of these users add to the Learning
state. This results in 33% Unaccelerated and 66% Learning.

3.

Person D now browses to the same page. The page has a compile threshold set to three unique
views which has been reached by Persons A, B and C. Because of this, the request is set to the
Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25%
Accelerated.

Settings
This section displays the current FastView settings. These values are generally not configurable:

Compile ThresholdThe number of unique page views that must be requested of an


instruction before it can go into the Compiled state. The default unique views is three.

Touch-Up IntervalThe number of minutes that FastView waits per compiled instruction
before it re-examines it for the next request. This value is the starting value for the Touch-Up
Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up
interval takes. The default Touch-Up Interval is five minutes.

Recompile IntervalThe number of minutes that FastView waits per compiled instruction
before it discards the instruction and performs full recompile. The default recompile time is 1440
minutes or one day.

The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize
changing data on your Web server after the initial instruction compilation has occurred.

Workload Monitor
The Workload Monitor displays the amount of processing FastView is currently performing.
The Peak, Current, Average, and Total values for the following rates are displayed with the following
values:

Request RateThe number of unique pages requested through FastView. This provides a
Pages Per Second (PPS) view of your traffic.

Parse RateThe amount of information that FastView has looked at for potential replacement
in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and
displayed in tokens per second/minute (tkps/tkpm).

308

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Rewrite RateThe amount of information that FastView actually acts upon when replacing
data in Web content that is served. This is also displayed in number of tokens per second/minute
(tkps/tkpm).

Compile RateThe number of instructions compiled by FastView. As pages eventually stop


being compiled after they pass the Learning state, this number should increase greatly when
your site is first started or modified, and slowly as FastView learns how to provide the treated
pages.

Monitoring and Controlling SSL


Monitoring and controlling SSL comprises Managing SSL Client Authentication and the OCSP /CDP
Cache, page 309.

Managing SSL Client Authentication and the OCSP /CDP Cache


This feature is available only in Alteon standalone, VA, and vADC.
When the OCSP or CDP cache is filled with stale responses, you may want to purge the cache.

To monitor SSL client authentication and purge the OCSP/CDP cache


>

In the Monitoring perspective, select Application Delivery > SSL Statistics.

Table 249: SSL Client Authentication Parameters

Parameter

Description

Client Authentication Policy ID

The Client Authentication Policy ID.

OCSP Cache Purge

Purges the cached content of the relevant OCSP responses.

CDP Cache Purge

Purges the cached content of the relevant CDP responses.

Monitoring and Managing Filters


To monitor filters
>

In the Monitoring perspective, select Application Delivery > Filters.

Table 250: Filter Parameters

Parameter

Description

Status

The status of the filter.

Filter ID

The filter ID of the filter.

Name

The name of the filter.

Action

The action of the filter.

Source IP

The source IP address of the filter.

Source Port

The source port of the filter.

Document ID: RDWR-APSV-V034000_UG1512

309

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 250: Filter Parameters (cont.)

Parameter

Description

Destination IP

The destination IP address of the filter.

Destination Port

The destination port of the filter.

Firings

The number of times the filter was activated.

Monitoring LinkProof
Monitoring LinkProof services comprises:

Monitoring WAN Links, page 310

Monitoring WAN Link Groups, page 311

Monitoring Proximity, page 311

Monitoring WAN Links


This feature is available only in Alteon version 30.2 and later.

To monitor WAN link statistics


1.

In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.

2.

Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.

3.

Select a row and click the


link.

4.

If you want to clear all WAN link data, click Clear All.

button to view the WAN Link measurements for the selected WAN

Table 251: WAN Link Parameters

Parameter

Description

Status
(Per WAN Link ID)

The WAN link status, per WAN link ID.

ID
(Per WAN Link ID)

The WAN link ID

IP Address

The WAN link IP address.

Download Bandwidth Current [Mbps]

The current download bandwidth, in Mbps, of the WAN link.

Download Bandwidth Utilization

The utilization of the download bandwidth, of the WAN link.

Upload Bandwidth Current [Mbps]

The current download upload, in Mbps, of the WAN link.

Upload Bandwidth Utilization

The utilization of the upload bandwidth, of the WAN link.

Total Bandwidth - Current


[Mbps]

The current total (download and upload) bandwidth, in Mbps, of the


WAN link.

310

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 251: WAN Link Parameters (cont.)

Parameter

Description

Total Bandwidth Utilization

The utilization of the total (download and upload) bandwidth, of the


WAN link.

Concurrent Connections

The number of concurrent connections of the WAN link.

Monitoring WAN Link Groups


This feature is available only in Alteon version 30.2 and later.

To monitor WAN link group statistics


1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Link Groups.
2. Select a row and click the
selected WAN link group.

button to view the WAN Link Group measurements for the

3. If you want to clear all WAN Link Group data, click Clear All.

Table 252: WAN Link Group Parameters

Parameter

Description

WAN Link Group ID

The WAN link group ID.

Download

The download bandwidth of the WAN link group.

Upload

The upload bandwidth of the WAN link group.

Total

The total (download and upload) bandwidth of the WAN link group.

Concurrent Connections

The number of concurrent connections of the WAN link group.

Monitoring Proximity
This feature is available only in Alteon version 30.1 and later.

To monitor proximity
1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.
2. Select a row and click the
button to view the proximity measurements for the selected WAN
link (see Proximity Parameters, page 311).
3. If you want to clear all proximity data, click Clear Proximity Table.

Table 253: Proximity Parameters

Parameter

Description

Subnet

The network subnet for which proximity data is available. For each
subnet, proximity data is available for up to three (the best three) WAN
Links.

For each WAN Link


WAN Link IP

The IP address of the WAN link.

Document ID: RDWR-APSV-V034000_UG1512

311

APSolute Vision User Guide


Monitoring Alteon Application Delivery

Table 253: Proximity Parameters (cont.)

Parameter

Description

Round Trip Time

The time, in seconds, required for the round trip to the specified subnet
via this WAN link.

Hops

The number of hops to the specified subnet via this WAN link.

For the entire entry


Time to Live (min)

312

The time, in minutes, after which the entry is cleared. Once the entry is
cleared, if new requests arrive for this subnet, proximity is checked
and a new entry is created.

Document ID: RDWR-APSV-V034000_UG1512

Chapter 14 Monitoring and Controlling Alteon


vADC
This chapter describes monitoring Alteon vADC operations.
This feature is available only in Alteon ADC-VX mode.

Notes

For information on monitoring Alteon device performance using the Device Performance Monitor,
see Using the Device Performance Monitor, page 315.

For more information on this feature, see the Alteon Application Switch Operating System
Application Guide.

Monitoring and Rebooting vADCs


For more information on this feature, see the Alteon Application Switch Operating System
Application Guide.

To monitor vADCs
>

In the Monitoring perspective, select vADC > vADC.

Table 254: vADC Parameters

Parameter

Description

Status

The status of the vADC.

vADC ID

The vADC ID.

Boot Action

The boot action.

vADC Name

The vADC name.

Capacity Units

The number of capacity units.

SP Utilization

The SP utilization.

vMP Utilization

The vMP utilization.

Throughput Utilization

The throughput utilization.

Up Time

The uptime, in <days>D<hours>H<minutes>M<seconds>S


format.

To reboot a vADC
1.

In the Monitoring perspective, select vADC > vADC.

2.

Select the row with the relevant vADC and click Reset vADC.

Document ID: RDWR-APSV-V034000_UG1512

313

APSolute Vision User Guide


Monitoring and Controlling Alteon vADC

314

Document ID: RDWR-APSV-V034000_UG1512

Chapter 15 Using the Device Performance


Monitor
This chapter contains the following main sections:

DPM Overview, page 315

Opening the Device Performance Monitor, page 316

Device Performance Monitor Main Interface, page 316

Displaying and Filtering Sites and Devices, page 318

Viewing and Managing Reports, page 318

Exporting Reports, page 319

Supported Report Categories, page 320

Viewing Dashboards for Single Standalone and vADC Devices, page 335

Viewing the Dashboard for ADC-VX Devices, page 338

Viewing Dashboards for Multiple Standalone and vADC Devices, page 340

DPM Overview
DPM requires a valid license installed on the associated APSolute Vision server.
When DPM is enabled in an Alteon or LinkProof NG device (see Configuring Device Performance
Monitoring, page 61), the device sends its performance data to APSolute Vision. APSolute Vision
processes the data and can display the information in the Device Performance Monitoring Web
interface.
The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with
historical data.
Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that
sends data to DPM.
Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.
The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list
of supported browsers.
The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC
scope.
Users with the following roles can launch the DPM Web interface:

ADC Administrator

ADC Operator

ADC + Certificate Administrator

Administrator

Device Administrator

Device Configurator

Device Operator

Device Viewer

Document ID: RDWR-APSV-V034000_UG1512

315

APSolute Vision User Guide


Using the Device Performance Monitor

Notes

For requirements, limitations, and information on configuring DPM parameters in the Alteon or
LinkProof NG device, see Configuring Device Performance Monitoring, page 61.

For information on roles, see Role-Based Access Control (RBAC), page 70.

One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk
space in the course of a year.

For information on managing the DPM database and DPM technical-support files, see APSolute
Vision CLI Commands, page 441.

Opening the Device Performance Monitor


The following procedure describes how to open the DPM Web interface.

To open the DPM Web interface


>

In the main toolbar, click the

icon.

Device Performance Monitor Main Interface


The following figure describes the Device Performance Monitor screen.

316

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Figure 44: Device Performance Monitor Screen


Devices pane
Devices pane Organization tabDisplays, according to your filter, the configured sites
and or LinkProof NG, Alteon standalone, vADC, and VA devices. The Deleted Devices
node shows deleted devices on which DPM can show historical reports.
Devices pane Physical tabDisplays, according to your filter, configured sites
and Alteon ADC-VXs.
Content areaContains the Report and Dashboard tabs. The
Server Time Difference value (near the Modify Filter button)
displays the timezone difference between the PC and the APSolute
Vision server.
Report tabDisplays a report according to report category and
type.
Dashboard tabDisplays current alerts and the System,
Network, and Application dashboards for one selected
device in the Devices pane Organization tab.
VX Dashboard tabDisplays the current alerts and
status of various parameters of one selected VX device
in the Devices pane Physical tab.
Multi-Device Dashboard tabDisplays current
alerts and the status of multiple devices selected
in the Devices pane Organization tab.

Properties paneDisplays, according to the configuration in the Devices pane,


and the properties of devices.

Document ID: RDWR-APSV-V034000_UG1512

317

APSolute Vision User Guide


Using the Device Performance Monitor

Displaying and Filtering Sites and Devices


The Devices pane displays the all sites and Alteon or LinkProof NG devices of the APSolute Vision
(according to your RBAC scope).
You can filter the sites and devices that the DPM displays. The filter does not change the contents of
the tree, only how the DPM displays the tree to you.
The Properties pane displays information about the currently selected devices.

Viewing and Managing Reports


Use the Report tab in the content area to view reports. Reports display static, historical Alteondevice or LinkProof-NG-device data in various formats (line graph, bar graph, pie-chart, or table).
In addition, you can export reports in many different file formats, for example, PDF, Excel, and so
on.
DPM aggregates historical statistics data to bigger time frames as the time passes, up to one year
back.

Table 255: Aggregation of Historical Data

Sampling Period

Time

Number of Samples

15 seconds

15 minutes

60

2 minute

1 hour

30

15 minutes

24 hours

96

1 hour

72 hours

72

1 day

3 months

93

1 week

1 year

52

Viewing Reports
The tab that you select in the Devices pane (Organization or Physical) determines which reports you
can view in the Report tab of the content area. You specify the Report Category and Report Type and
configure a filter. Some Report Types are available for more than one Report Category. A Report
Category with the same name displays the same report. For more information on the reports, see
Supported Report Categories, page 320.

To view a report
1.

In the Devices pane, select the required tab (Organization or Physical).

2.

In the Report tab, from the Report Category drop-down list, select the category, and then,
from the Report Type drop-down list, select the required type. The category determines the
available report types.

3.

Configure the filter or filters. The set of filters that you can configure depends on the selected
Report Category.

4.

Click Display Report.

318

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

To modify a filter when the DPM is displaying a report


1. Click Modify Filter.
2. Configure the filter or filters.
The set of filters that you can configure depends on the selected Report Category, which may
include:

Filter Time PeriodIncludes last hour, day, week, month, year, and Custom, with start date/
time and end date/time.

Filter ScopeIn the filter, you can select the object on which to perform the report,
depending on the report type.

Group ByIn the filter configuration, you can specify to display the data per selected object
or grouped by ADC.

3. Click Display Report.

Opening the Filter Window


Use the Filter window to configure Boolean expressions and apply them to selected report
components.

To open the Filter window


>

In the content area, click the Filter button (

).

Exporting Reports
You can export a report in any of the following formats:

PDF

HTML

Excel

Text

RTF

XML

PostScript

To export a report
1. In the content area, click the Export button (

), and then, click OK.

2. Do the following:

From the Export File Format drop-down list, select the required format.

Select the checkboxes next to the name or each report component to include in the report.

If you require, in the File Name text box, modify the file name.

Document ID: RDWR-APSV-V034000_UG1512

319

APSolute Vision User Guide


Using the Device Performance Monitor

Supported Report Categories


The DPM supports the following report categories:

ADC/vADC Reports, page 320

Application Reports, page 325

Real Server Reports, page 329

Port Reports, page 331

VX Reports, page 333

ADC/vADC Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category ADC/vADC:

Table 256 - ADC CPU Capacity Utilization Report, page 320

Table 257 - ADC Memory Utilization Report, page 321

Table 258 - ADC Throughput License Utilization Report, page 322

Table 259 - ADC System Resources Utilization Report, page 323

Table 260 - Total Network Statistics per Port Report, page 324

Table 261 - Network Performance per ADC Report, page 325

The ADC names in the reports correspond to the selected objects in the Devices pane.

Table 256: ADC CPU Capacity Utilization Report

Supported Filter Type/s Component

Component Description

This report supports the MP CPU Utilization graph


following filter type:
Filter Time Period
Includes last hour, day,
MP CPU Utilization Peak
week, month, year, and
Usage graph
Custom, with start date/
time and end date/time.
Maximum SP CPU
Utilization graph

Displays the MP CPU utilization (%) according


to time. For vADCs, DPM bases the values on
the allocated CUs.
Displays the peak MP CPU utilization (%) in
the selected time period. For vADCs, DPM
bases the values on the allocated CUs.
Displays, according to time, the maximum SP
CPU utilization (%) from all SPs. For vADCs,
DPM bases the values on the allocated CUs.

Maximum SP CPU
Utilization Peak Usage
graph

Displays the peak SP CPU utilization (%) from


all the SPs in the selected time period. For
vADCs, DPM bases the values on the allocated
CUs.

ADC CPU Capacity


Utilization table

Columns:

ADC Name

TypeMP and SPs

CPU Utilization (%)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012 03:10
PM)

To sort or filter the table, right-click in a row


and select the option that you require.

320

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 257: ADC Memory Utilization Report

Supported Filter Type/s Component

Component Description

This report supports the


following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start date/
time and end date/time.

MP Memory Utilization
graph

Displays, according to time, the MP-memory


utilization (%). For vADCs, DPM bases the
values on the allocated CUs.

MP Memory Utilization
Peak Usage graph

Displays the peak MP-memory utilization (%)


in the selected time period. For vADCs, DPM
bases the values on the allocated CUs.

Maximum SP Memory
Utilization graph

Displays, according to time, the maximum


SP-memory utilization (%) from all the SPs.
For vADCs, DPM bases the values on the
allocated CUs.

Maximum SP Memory
Utilization Peak Usage
graph

Displays the peak SP-memory utilization (%)


from all the SPs in the selected time period.
For vADCs, DPM bases the values on the
allocated CUs.

ADC Memory Capacity


Utilization table

Columns:

ADC Name

TypeMP and SPs

Memory Utilization (%)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012 03:10
PM)

To sort or filter the table, select a row and


select the option that you require.

Document ID: RDWR-APSV-V034000_UG1512

321

APSolute Vision User Guide


Using the Device Performance Monitor

Table 258: ADC Throughput License Utilization Report

Supported Filter Type/s Component

Component Description

This report supports the Throughput License


Displays the device throughput utilization
following filter type:
Utilization graph
according to time. DPM measures the traffic
Filter Time Period
entering all the data ports, and calculates the
Includes last hour, day,
values based on the installed throughput
week, month, year, and
license (for ADC) or allocated throughput limit
Custom, with start date/
(for vADC).
time and end date/time.
Throughput License Peak Displays the peak throughput utilization (%)
Usage graph
in the selected time period. DPM measures
the traffic entering all the data ports, and
calculates the values based on the installed
throughput license (for ADC) or allocated
throughput limit (for vADC).
License ADC/vADC table

Columns:

ADC Name

Throughput License (Mb)

Throughput Peak utilization (%)

To sort or filter the table, select a row and


select the option that you require.
ADC Throughput License
Utilization table

Columns:

ADC Name

Throughput Utilization (%)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012 03:10
PM)

To sort or filter the table, select a row and


select the option that you require.

322

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 259: ADC System Resources Utilization Report

Supported Filter Type/s Component

Component Description

This report supports the Session Utilization graph


following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Session Utilization Peak
Custom, with start date/
Usage graph
time and end date/time.

Displays the session utilization (%) according


to time. DPM calculates the values based on
the maximum session-table size available on
the ADC/vADC.
Displays the peak session utilization (%) in
the selected time period. DPM calculates the
values based on the maximum session-table
size available on the ADC/vADC.

Cache Memory Utilization Displays the memory utilization (%)


graph
according to time. DPM calculates the values
based on the memory allocated for caching on
the ADC/vADC.
Cache Memory Utilization Displays the peak memory utilization (%) in
Peak Usage graph
the selected time period. DPM calculates the
values based on the memory allocated for
caching on the ADC/vADC.
Hard Disk Utilization
graph

Displays hard-disk utilization (%) according


to time. DPM calculates the values based on
the installed/allocated hard disk on the ADC/
vADC.

Hard Disk Utilization Peak Displays the peak utilization (%) in the
Usage graph
selected time period. DPM calculates the
values based on the installed/allocated hard
disk on the ADC/vADC.
PIP Allocation graph

Displays utilization according to time. DPM


calculates the values based on the maximum
PIP addresses available on the ADC/vADC.

PIP Allocation Peak Usage Displays the peak utilization (%) in the
graph
selected time period. DPM calculates the
values based on the maximum PIP addresses
available on the ADC/vADC.
ADC System Resources
Utilization table

Columns:

ADC Name

Session (%)

Cache Memory (%)

Hard Disk (%)

PIP Allocation (%)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012 03:10
PM)

The last row is Average for Session (%),


Cache Memory (%), Hard Disk (%), and
PIP Allocation (%).
To sort or filter the table, select a row and
select the option that you require.

Document ID: RDWR-APSV-V034000_UG1512

323

APSolute Vision User Guide


Using the Device Performance Monitor

Table 260: Total Network Statistics per Port Report

Supported Filter Type/s Component


This report supports the ADC Port Filter list
following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start date/
time and end date/time. Total RX per Port
(Packets) graph
Total TX per Port
(Packets) graph

Component Description
Lists the ports of the selected ADCs.
Select one or more rows to filter the results.
Click
the filter.

(erase) in the list title bar to clear

Displays, for the specified (filter) time period,


the total received packets per port.
Displays, for the specified (filter) time period,
the total transmitted packets per port.

Total Dropped RX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped received packets per port.
Total Dropped TX per Port Displays, for the specified (filter) time period,
(Packets) graph
the total dropped transmitted packets per
port.
Total Error RX per Port
(Packets) graph

Displays, for the specified (filter) time period,


the total errored received packets per port.

Total Error TX per Port


(Packets) graph

Displays, for the specified (filter) time period,


the total errored transmitted packets per
port.

Total Bandwidth per Port


(Mbit) graph

Displays, for the specified (filter) time period,


the total bandwidth per port.

Total Network Statistics


per Port table

Columns:

ADC Name

Port

RX (Packets)

TX (Packets)

Dropped RX (Packets)

Dropped TX (Packets)

Error RX (Packets)

Error TX (Packets)

Bandwidth (Mbit)

The last two rows are Total per ADC and


Total for RX (Packets), TX (Packets), and
Bandwidth (Mbit).
To sort or filter the table, select a row and
select the option that you require.

324

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 261: Network Performance per ADC Report

Supported Filter Type/s Component

Component Description

This report supports the Connections per Second


following filter type:
graph
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start date/
time and end date/time.

Displays, per ADC/vADC, the connections per


second according to time. This value counts
only the connections established based on the
configuration of the virtual service. The value
does not count connections established based
on the Alteon-filter or LinkProof-NG-filter
configuration.

Packets per Second graph Displays, per ADC/vADC, the packets-persecond rate, for traffic entering and exiting all
ADC/vADC data ports, according to time.
Caution: For this version of APSolute
Vision, the values include traffic that enters
and exits the data ports, so therefore may
seem to be double the traffic.
Throughput graph

Displays, per ADC/vADC, the throughput, in


Mbps, for traffic entering all ADC/vADC data
ports, according to time.

Network Performance per Columns:


ADC table
Name

Packets/second

Connections/second

Throughput (Mbps)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012 03:10
PM)

The last row is Average for Packets/


second, Connections/second, and
Throughput (Mbps).
To sort or filter the table, select a row and
select the option that you require.
License per ADC table

Columns:

ADC Name

Throughput License (Mbps)

To sort or filter the table, select a row and


select the option that you require.

Application Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category Application:

Table 262 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 326

Table 263 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 327

Document ID: RDWR-APSV-V034000_UG1512

325

APSolute Vision User Guide


Using the Device Performance Monitor

Table 264 - Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC, page 328

Table 265 - Total Usage of Resources per Network Class per Application Report for LinkProof NG,
Alteon Standalone, VA, or vADC, page 328

An application is a virtual service, which is identified in one of the following ways:

The specified virtual-service Description is set in the configuration (Configuration perspective


Application Delivery tab navigation pane > Virtual Services > Virtual Servers > Virtual
Services > Description/Virtual Service Name).

The virtual-service identifier in the following format:


<VirtualServerAddress>:<protocol>:<port>[:NetworkClass].

Table 262: Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC

Supported Filter Type/s

Component

Component Description

This report supports the


following filter types:

Filter by Application Name list

Select one or more applications


names to filter the results.

Filter Time Period


Includes last hour, day,
Click
(erase) in the list title bar
week, month, year, and
to clear the filter.
Custom, with start date/
Connections per Second graph Displays the connections per second
time and end date/time.
per application according to time.
Filter ScopeIn the
Displays the packets per second per
filter, you can select up Packets per Second graph
application
according to time.
to 10 applications.
Displays the throughput, in Mbps, per
Group ByIn the filter Throughput graph
application according to time.
configuration, you can
specify to group the
data by application or
ADC.

Throughput License/Limit per


ADC/vADC table

Columns:

ADC Name

Throughput License Limit (Mbps)

To sort or filter the table, select a row


and select the option that you
require.
Network Performance per
Application table

Columns:

App Name

ADC Name

Connections/second

Packets/second

Throughput (Mbps)

TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM

The last two rows are Average per


ADC, and Average for
Connections/second, Packets/
second, and Throughput (Mbps).
To sort or filter the table, select a row
and select the option that you
require.

326

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 263: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC

Notes and Supported Filter Component


Type/s

Component Description

You can view this report this Filter by Application


report only on services
Name:Real Server list
where the granularity level
is set to Real Server.

Select one or more real servers to


filter the results.

This report supports only a


single selected device.
This report supports the
following filter types:

Connections per Second graph Displays the connections per second


per application per real server
according to time.

Filter Time Period


Packets per Second graph
Includes last hour, day,
week, month, year, and
Custom, with start date/
time and end date/time. Throughput graph
Filter ScopeIn the
filter, you can select up
to 10 real servers.

Click
(erase) in the list title bar
to clear the filter.

Network Performance of
Application per Real Server
table

Displays the packets per second per


application per real server according
to time.
Displays the throughput, in Mbps, per
application per real server according
to time.
Columns:

ADC Name

APP Name

Real Identifier

Real Name

Connections/second

Packets/second

Throughput (Mbps)

TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM

The last two rows are Average/Real


and Average for Connections/
second, Packets/second, and
Throughput (Mbps).
To sort or filter the table, select a row
and select the option that you
require.

Document ID: RDWR-APSV-V034000_UG1512

327

APSolute Vision User Guide


Using the Device Performance Monitor

Table 264: Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC

Note and Supported Filter


Type/s

Component

Note: This report


supports only a single
selected device.

Total Bandwidth (Mbits) Usage Displays the total bandwidth usage,


of Application per Network
in Mbits, per network class per
graph
application.

This report supports the


following filter types:

Total Connections (K) of


Displays the total connections, in
Application per Network graph 1000s, per network class per
application.

Component Description

Filter Time Period


Includes last hour, day, Total Usage of Resources per
week, month, year, and Application table
Custom, with start date/
time and end date/time.
Filter ScopeIn the
filter, you can select up
to 10 applications.

Columns:

Application

Network Class

Bandwidth (Mbits)

Total Connections (K)

The last two rows are Total per


Application and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
To sort or filter the table, select a row
and select the option that you
require.

Table 265: Total Usage of Resources per Network Class per Application Report for LinkProof
NG, Alteon Standalone, VA, or vADC

Supported Filter Type/s

Component

This report supports the


following filter types:

Total Bandwidth (Mbits) Usage Displays the total bandwidth, in


of Network per Applications
Mbits, per applications per network
graph
class.

Component Description

Filter Time Period


Includes last hour, day, Total Connections (K) Usage of
week, month, year, and Network per Applications
Custom, with start date/ graph
time and end date/time.
Total Usage of Resources per
Filter ScopeIn the
Network Class per Application
filter, you can select up table
to 10 network classes.

Displays the total usage of


connections, in 1000s, per network
class per application.
Columns:

Network Class

Application

Bandwidth (Mbits)

Total Connections (K)

The last two rows are Total per


Client Subnet and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
To sort or filter the table, select a row
and select the option that you
require.

328

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Real Server Reports


The following tables describe the DPM Reports for LinkProof NG, Alteon Standalone, VA, or vADC
with Report Category Real Server:

Table 266 - Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 329

Table 267 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 330

Table 268 - Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 331

Table 266: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC

Supported Filter Type/s Component


This report supports the Filter by ADC Name:Real Server list
following filter types:

Filter Time Period


Includes last hour,
day, week, month,
year, and Custom,
with start date/time
and end date/time. Connections per Second graph
Filter ScopeIn the
filter, you can select
Packets per Second graph
up to 10 real
servers.

Component Description
Lists the real servers.
Select one or more rows to filter
the results.
Click
(erase) in the list title bar
to clear the filter.
Displays the connections per
second per real server according to
time.
Displays the packets per second per
real server according to time.

Throughput graph

Displays the throughput, in Mbps,


per real server according to time.

Network Performance per Real


Server table

Columns:

ADC Name

Real Identifier

Real Name

Connections/second

Packets/second

Throughput (Mbps)

TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10
PM)

The last two rows are Average per


ADC and Average for
Connections/second, Packets/
second, and Throughput
(Mbps).
To sort or filter the table, select a
row and select the option that you
require.

Document ID: RDWR-APSV-V034000_UG1512

329

APSolute Vision User Guide


Using the Device Performance Monitor

Table 267: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC

Notes and Supported


Filter Type/s

Component

You can view this report Filter by Application Name:Real


this report only on
Server list
services where the
granularity level is set
to Real Server.
This report supports
only a single selected
device.

Lists the real servers.


Select one or more rows to filter
the results.
Click
(erase) in the list title
bar to clear the filter.

Connections per Second graph

Displays the connections per


second per real server according to
time.

Filter Time Period Packets per Second graph


Includes last hour,
day, week, month, Throughput graph
year, and Custom,
with start date/time
Network Performance per Real
and end date/time.
Server table
Filter ScopeIn the
filter, you can select
up to 10 real
servers.

Displays the packets per second per


real server according to time.

This report supports the


following filter types:

Component Description

Displays the throughput, in Mbps,


per real server according to time.
Columns:

ADC Name

APP Name

Real Identifier

Real Name

Connections/second

Packets/second

Throughput (Mbps)

TimeIn dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10
PM)

The last row is Average for


Connections/second, Packets/
second, and Throughput
(Mbps).
To sort or filter the table, right-click
in a row and select the option that
you require.

330

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 268: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC

Supported Filter Type/s Component


This report supports the Filter by ADC Name:Real Server list
following filter types:

Filter Time Period


Includes last hour,
day, week, month,
year, and Custom,
with start date/time
and end date/time. Total Connections graph
Filter ScopeIn the
filter, you can select Total Bandwidth graph
up to 10 real
servers.
Total Usage of Resources per Real
Server table

Component Description
Lists the real servers.
Select one or more rows to filter
the results.
Click
(erase) in the list title
bar to clear the filter.
Displays the total connections per
real server.
Displays the total bandwidth, in
Mbits, per real server.
Columns:

ADC Name

Real Identifier

Real Name

Connections

Bandwidth (Mbit)

The last row is Total for


Connections and Bandwidth
(Mbit).
To sort or filter the table, select a
row and select the option that you
require.

Port Reports
The following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC
with Report Category Port:

Table 269 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 332

Table 270 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 333

Document ID: RDWR-APSV-V034000_UG1512

331

APSolute Vision User Guide


Using the Device Performance Monitor

Table 269: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

Supported Filter Type/s Component


This report supports the Filter by ADC Name:Port list
following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start
date/time and end
Total RX per Port (Packets)
date/time.
graph

Component Description
Lists the ports of the selected ADCs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the total received packets per
port.

Total TX per Port (Packets)


graph

Displays the total transmitted packets per


port.

Total Dropped RX per Port


(Packets) graph

Displays the total received dropped


packets per port.

Total Dropped TX per Port


(Packets) graph

Displays the total transmitted dropped


packets per port.

Total Error RX per Port


(Packets) graph

Displays the total received errored


packets per port.

Total Error TX per Port


(Packets) graph

Displays the total transmitted errored


packets per port.

Total Bandwidth per Port


(Mbit) graph

Displays the total bandwidth, in Mbits, per


port.

Total Network Statistics per


Port table

Columns:

ADC Name

Port

RX (Packets)

TX (Packets)

Dropped RX (Packets)

Dropped TX (Packets)

Error RX (Packets)

Error TX (Packets)

Bandwidth (Mbit)

The last rows are Total per ADC and


Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).
To sort or filter the table, select a row and
select the option that you require.

332

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 270: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

Supported Filter Type/s Component


This report supports the Filter by ADC Name:Port list
following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start
date/time and end
RX Port Rate graph
date/time.

Component Description
Lists the ports of the selected ADCs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the rates, in Mbps, of received
traffic per port according to time.

TX Port Rate graph

Displays the rates, in Mbps, of transmitted


traffic per port according to time.

Packets per Second per Port


graph

Displays the packets per second per port


according to time.

Throughput per Port graph

Displays the throughput, in Mbps, per port


according to time.

Network Performance per Port Columns:


table
ADC Name

Port

RX (bps)

TX (bps)

Packets/second

Throughput (Mbps)

The last rows are Average per ADC and


Average for RX (bps), TX (bps), and
Packets/second.
To sort or filter the table, select a row and
select the option that you require.

VX Reports
The following tables describe the DPM Report for Alteon VX with Report Category VX:

Table 271 - CPU Utilization per vADC Report for Alteon VX, page 334

Table 272 - Throughput Limit Utilization per vADC Report for Alteon VX, page 335

Document ID: RDWR-APSV-V034000_UG1512

333

APSolute Vision User Guide


Using the Device Performance Monitor

Table 271: CPU Utilization per vADC Report for Alteon VX

Supported Filter Type/s Component


This report supports the Filter by vADC list
following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start
date/time and end
vMP CPU Utilization graph
date/time.

Component Description
Lists the vADCs of the selected VXs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the CPU utilization (%) per vADC
vMP according to time.

Peak vMP CPU Utilization


graph

Displays the peak CPU utilization (%) per


vADC vMP in the selected time period.

vSP CPU Utilization graph

Displays the CPU utilization (%) per vADC


vSP according to time.

Peak vSP CPU Utilization


graph

Displays the peak CPU utilization (%) er


vADC vSP in the selected time period.

CPU Utilization per vADC


table

Columns:

vADC Name

CPU TypevSP, vMP or the SPs (for


example, SP # 1)

CPU Utilization (%)

TimeIn dd/MMM/yyyy hh:mm:ss T


format (for example: 31/Jan/2012
03:10 PM)

The last rows are Total per ADC and


Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).
To sort or filter the table, select a row and
select the option that you require.

334

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 272: Throughput Limit Utilization per vADC Report for Alteon VX

Supported Filter Type/s Component


This report supports the Filter by vADC list
following filter type:
Filter Time Period
Includes last hour, day,
week, month, year, and
Custom, with start
date/time and end
vADC Throughput Limit
date/time.
Utilization graph

Component Description
Lists the vADCs of the selected VXs.
Select rows to filter the results.
Click
(erase) in the list title bar to
clear the filter.
Displays the vADC throughput-limit
utilization (%) according to time. DPM
measures the vADC throughput of the
traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.

Peak vADC Throughput Limit


Utilization graph

Displays the peak vADC throughput-limit


utilization (%) in the selected time period.
DPM measures the vADC throughput of
the traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.

Throughput Limit Utilization


per vADC table

Columns:

vADC

Throughput Limit Utilization (%)

TimeIn dd/MMM/yyyy hh:mm:ss


T format (for example: 31/Jan/2012
03:10 PM)

The last two rows Grand Total Average


Throughput and Grand Total
Maximum Throughput for Throughput
Limit Utilization (%).
To sort or filter the table, select a row and
select the option that you require.

Viewing Dashboards for Single Standalone and vADC


Devices
Use the Dashboard tab in the content area to view the dashboards with the current data for one
selected device in the Devices pane Organization tab. The contents of the dashboards differ
according to whether the selected device is a standalone or vADC. For example, the dashboard tab
for a vADC does not display temperature.
You will always see the alerts for all the devices you have in the Organization and Physical trees
according to your role and scope.
This section contains the following topics:

Displaying the Dashboard and Managing the Display, page 336

Dashboard Components for Single Standalone and vADC Devices, page 336

Document ID: RDWR-APSV-V034000_UG1512

335

APSolute Vision User Guide


Using the Device Performance Monitor

Displaying the Dashboard and Managing the Display


The following procedure describes how to display the dashboard.

To display the dashboard


1.

In the Devices pane, select the Organization tab.

2.

In the Organization tab, select one device.

3.

In the content area (on the right, by default), select the Dashboard tab.

Use the buttons, which are described in the following table, to manage the dashboard display.

Table 273: Dashboard-Display Buttons

Button

Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the currently displayed dashboard tab.

Dashboard Components for Single Standalone and vADC


Devices
The following table describes the dashboard components for single standalone and vADC devices.

336

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 274: Dashboard Components for Single Standalone and vADC Devices

Dashboard

Component

Description

System

CPU Utilization graph

The utilization per SP and MP CPU.

Fans Status graph

The status of each ADC fan: nominal or not operating.

(This graph is displayed Note: Each fan icon is displayed with its
only for physical
corresponding ID number. The fan ID numbers might
devices.)
not be sequential.
Capacity Utilization
graph

Network

Bars:

CacheCache memory utilization (%). DPM


calculates the value based on the memory allocated
for caching on the ADC/vADC.

HDHard disk utilization (%). DPM calculates the


value based on the installed/allocated hard disk on
the ADC/vADC.

PIPPIP allocation utilization (%). DPM calculates


the value based on the maximum PIP addresses
available on the ADC/vADC.

SessionSession utilization (%). DPM calculates the


value based on the maximum session-table size
available on the ADC/vADC.

Temperature chart

The temperature, according to the selected scale (Celsius


or Fahrenheit), for each temperature sensor.

Throughput graph

The throughput, in Mbps, of the traffic entering all the


data ports, polled every 30 seconds.

Throughput Usage
graph

Bars:

Port Status table

The peak throughput in Mbps, of the traffic entering


all the data ports, since the last reboot.

The throughput-license limit in Mbps.

Columns:

Port IDThe ADC port ID

StatusValues: Up, Warning, Admin Down, Down

To sort or filter the table, select a row and select the


option that you require.
Port Status Summary
pie chart

The proportion and number of ports per status: Up,


Warning, Admin Down, and Down.

Port Bandwidth graph

The received and sent bandwidth, in Mbps, per port.

Document ID: RDWR-APSV-V034000_UG1512

337

APSolute Vision User Guide


Using the Device Performance Monitor

Table 274: Dashboard Components for Single Standalone and vADC Devices (cont.)

Dashboard

Component

Description

Application

Virtual Service Status


table

Lists the virtual services configured for the device with


the corresponding Content Rule, Status, and Action.

To display the
Application
dashboard,
select a single
device in the
Organization
tab and up to
10 services
from the Filter
table.

The Virtual Service Identifier is either:

The specified Description or Virtual Service Name


(depending on the Alteon version)if it is set in the
configuration (Configuration perspective Application
Delivery tab navigation pane > Virtual Services >
Virtual Servers > Virtual Services >
Description).

The virtual-service identifier in the following format:


<VirtualServerAddress>:<protocol>:<port>
[:NetworkClass].

Click

(erase) in the list title bar to clear the filter.

Selected Virtual
Services Status pie
chart

The proportion and number of the selected virtual


services per status level.

Real Servers Status of


the Selected Services
pie chart

The proportion and number of real servers per status


level for the selected services.

Virtual Service
Throughput graph

The Virtual Service Throughput, in Mbps.

Values: Up, Warning, Admin Down, Down

Values: Up, Warning, Admin Down, Down

Virtual Service
The Virtual Service connections, in CPS.
Connections per Second
graph

Viewing the Dashboard for ADC-VX Devices


Use the VX Dashboard tab in the content area to view the current alerts for the selected Alteon VX
devices in the Devices pane Physical tab.
This section contains the following topics:

Displaying the VX Dashboard and Managing the Display, page 338

Dashboard Components for VX Devices, page 339

Displaying the VX Dashboard and Managing the Display


The following procedure describes how to display the VX dashboard.

To display the VX dashboard


1.

In the Devices pane, select the Physical tab.

2.

In the Physical tab, select one device.

3.

In the content area (on the right, by default), select the VX Dashboard tab.

Use the buttons, which are described in the following table, to manage the dashboard display.

338

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Table 275: VX Dashboard-Display Buttons

Button

Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the VX Dashboard tab.

Dashboard Components for VX Devices


The following table describes the dashboard components for VX devices.

Table 276: Dashboard Components for VX Devices

Component

Description

Temperature chart

The temperature, according to the selected scale (Celsius or


Fahrenheit), for each temperature sensor in the VX device.
When relating to an Alteon 10000 platform, the temperatures that
the monitor displays show the average temperature of the blade
sensors. The ID numbers represent the slot numbers. Slot 1
supports the Switch Blade. Slot 2 supports the Switch Extension
Blade. Slots 36 support Payload Blades. Slot 78 support Shelf
Managers. Some blades are optional.

Fan Status indicators

The status of each fan: nominal or not operating. Greenfor


nominal. Redfor not operating/not operating properly.
Each fan icon is displayed with its corresponding ID number. The
fan ID numbers might not be sequential and might be repeated.
When relating to an Alteon 10000 non-NEBS platform, the ID
number represents the fan blade. If all fans in the blade are
working properly, the status is green. If one or more fans in the
blade are not working properly, the status is red.

vADC CPU Distribution graph

The proportion and number of vADCs per maximum utilization level


of vSP and vMP.
Values:

vADC Throughput Limit


Utilization Distribution graph

Low

Medium

High

The proportion and number of vADCs per maximum throughputlimit utilization.


Values:

Low

Medium

High

Document ID: RDWR-APSV-V034000_UG1512

339

APSolute Vision User Guide


Using the Device Performance Monitor

Table 276: Dashboard Components for VX Devices (cont.)

Component

Description

vADC Identifier

Lists the vADCs of the VX.


Select rows to filter the results of the CPU Utilization per vADC
graph and Throughput Limit Utilization per vADC graph.
Click

(erase) in the list title bar to clear the filter.

CPU Utilization per vADC


graph

The maximum vSP or vMP CPU utilization (%) per vADC, polled
every two minutes. If more than one vADC is operating at the
same utilization, only the top line is displayed.

Throughput Limit Utilization


per vADC graph

The utilization (%) of the allocated throughput limit per vADC,


polled every two minutes. If more than one vADC is operating at
the same utilization, only the top line is displayed.

Viewing Dashboards for Multiple Standalone and vADC


Devices
Use the Multi-Device Dashboard tab in the content area to view the information about the selected
devices in the Devices pane Organization tab.
This section contains the following topics:

Displaying the Multi-Device Dashboard and Managing the Display, page 340

Multi-Device Dashboard Components, page 341

Displaying the Multi-Device Dashboard and Managing the Display


The following procedure describes how to display the multi-device dashboard.

To display the multi-device dashboard


1.

In the Devices pane, select the Organization tab.

2.

In the Organization tab, select the devices.

3.

In the content area (on the right, by default), select the Multi-Dashboard tab.

Use the buttons, which are described in the following table, to manage the dashboard display.

Table 277: Multi-Device Dashboard-Display Buttons

Button

Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the Multi-Device Dashboard tab.

340

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Using the Device Performance Monitor

Multi-Device Dashboard Components


The following table describes the multi-device dashboard components.

Table 278: Multi-Device Dashboard Components

Component

Description

Overall Status pie chart

The proportion and number of devices per highest-severity status


level.
Values: OK, Warning, Error

Throughput Utilization
Distribution pie chart

The proportion and number of devices per throughput-utilization


level.
Values: Low, Medium, High

Max. CPU Utilization


Distribution pie chart

The proportion and number of devices per maximum-CPUutilization level.


Values: Low, Medium, High

Session Table Utilization


Distribution pie chart

The proportion and number of devices per session-table-utilization


level.
Values: Low, Medium, High

Max. Temperature Distribution The proportion and number of devices per maximum-temperature
pie chart
level.
Values: Low, Medium, High, NA (vADC)
Monitoring Parameters per
Device

Columns:

DeviceDisplays the device name.

Overall StatusDisplays the highest-severity status level on


the device except for Virtual Services Down. Values: OK,
Warning, Error.

Virtual Services DownDisplays the number of virtual services


that are down on the device.

Throughput Util. (%)Displays the utilization (%) of the


throughput license (for standalone devices) or the allocated
throughput limit (for vADCs).

Max. CPU Util. (%)Displays the highest current CPU


utilization (%) of all the SP/MPs.

Session Table Util. (%)Displays the current Session-table


utilization (%) of all the SP/MPs.

Max. TemperatureDisplays the highest current temperature


of the sensors on the device. This value is not applicable for
virtual devices. For a vADC, NA (vADC) is displayed.

Document ID: RDWR-APSV-V034000_UG1512

341

APSolute Vision User Guide


Using the Device Performance Monitor

342

Document ID: RDWR-APSV-V034000_UG1512

Chapter 16 Monitoring and Controlling the


DefensePro Operational Status
APSolute Visions online monitoring for DefensePro can serve as part of a Network Operating Center
(NOC) that monitors and analyzes the network and connected devices for changes in conditions that
may impact network performance.
This section contains the following topics:

Monitoring the General DefensePro Device Information, page 343

Monitoring and Controlling DefensePro Device Ports and Trunks, page 344

Monitoring DefensePro High Availability, page 346

Monitoring DefensePro Resource Utilization, page 348

Monitoring Cisco Security Group Tags (SGTs), page 353

Monitoring the General DefensePro Device Information


The Overview tab displays general device information, including the information about the software
version on the device and the hardware version of the device.

To display general device information for a selected device


>

In the Monitoring perspective, select Operational Status > Overview.

Table 279: Overview: Basic Parameters

Parameter

Description

Hardware Platform

Type of hardware platform for this device.

Uptime

System up time in days, hours, minutes, and seconds.

Base MAC Address

The MAC address of the first port on the device.

Device Serial Number

The serial number of the device.

(This parameter is
exposed only in 7.x
versions and 6.x
versions 6.12 and
later.)

Document ID: RDWR-APSV-V034000_UG1512

343

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 280: Overview: Signature Update Parameters

Parameter

Description

Radware Signature File


Version

The version of the Radware Signature File installed on the device.

RSA Signatures Last


Update

When RSA is enabled, this parameter can display the timestamp of the
last update of RSA signatures, received from Radware.com and
downloaded to the DefensePro device.
Values:

The timestamp, in DDD MMM DD hh:mm:ss yyyy z format


displayed according to the timezone of your APSolute Vision client

No Feeds Received Since Device Boot

Table 281: Overview: Software Parameters

Parameter

Description

Software Version

The version of the product software installed on the device.

APSolute OS Version

Version of the APSolute OS installed on the devicefor example, 10.3103.01:2.06.08.

Build

The build number of the current software version.

Version Status

State of this software version.


Values:

OpenNot yet released

FinalReleased version

Table 282: Overview: Hardware Parameters

Parameter

Description

Hardware Version

The hardware version; for example, B.5.

(This parameter is
exposed only in 6.x and
7.x versions.)
RAM Size

The amount of RAM, in megabytes.

Flash Size

The size of flash (permanent) memory, in megabytes.

Monitoring and Controlling DefensePro Device Ports and


Trunks
A Layer 2 interface is defined as any interface that has its own MAC address, physical port, trunk,
and VLAN.
You can monitor status and interface statistics for ports and trunks on DefensePro version 6.x8.x
platforms.
You can also change the administrative status of a port, from Up to Down or vice versa.

344

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

To change the administrative status of a port or trunk


1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. Select the row(s) with the relevant port(s), and click the
a port currently Up) or the

(Disable Selected Ports) button (for

(Enable Selected Ports) button (for a port that is currently Down).

To display L2 interface statistics for a selected device


1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. To view the statistics for a specific port all in one dialog box, double-click the row.

Table 283: L2 Interface Statistics Basic Parameters

Parameter

Description

Port Name

The interface name or index number.

Port Family

A hard-coded description of the interface.

(This parameter is displayed


only in DefensePro 7.x and
8.x versions.)
Port Description

For DefensePro 7.x versionsA user-defined description of the


interface. Maximum characters: 64.
For all other versionsA hard-coded description of the interface.
Maximum characters: 64.

Port Speed

The current bandwidth of the interface. For all DefensePro platforms


except for x420 and x4420, the value is in bits per second. For
DefensePro on the x420 and x4420 platforms, the value is in
megabits per second.

MAC Address

The MAC address of the interface.

Admin Status

The administrative status of the interface, Up or Down.

Operational Status

The operational status of the interface, Up or Down.

Last Change Time

The value of System Up time at the time the interface entered its
current operational state. If the current state was entered prior to the
last re-initialization of the local network management subsystem,
then this value is zero (0).

Table 284: L2 Interface Statistics Parameters

Parameter

Description

Incoming Bytes

The number of incoming octets (bytes) through the interface


including framing characters.

Incoming Unicast Packets

The number of packets delivered by this sub-layer to a higher sublayer, which were not addressed to a multicast or broadcast address
at this sub-layer.

Incoming Non-Unicast
Packets

The number of packets delivered by this sub-layer to a higher sublayer, which were addressed to a multicast or broadcast address at
this sub-layer.

Document ID: RDWR-APSV-V034000_UG1512

345

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 284: L2 Interface Statistics Parameters (cont.)

Parameter

Description

Incoming Discards

The number of inbound packets chosen to be discarded even though


no errors had been detected to prevent their being deliverable to a
higher-layer protocol. One possible reason for discarding such a
packet could be to free up buffer space.

Incoming Errors

For packet-oriented interfaces, the number of inbound packets that


contained errors preventing them from being deliverable to a higherlayer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors
preventing them from being deliverable to a higher-layer protocol.

Outgoing Bytes

The total number of octets (bytes) transmitted out of the interface,


including framing characters.

Outgoing Unicast Packets

The total number of packets that higher-level protocols requested be


transmitted, and which were not addressed to a multicast or
broadcast address at this sub-layer, including those that were
discarded or not sent.

Outgoing Non-Unicast
Packets

The total number of packets that higher-level protocols requested be


transmitted, and which were addressed to a multicast or broadcast
address at this sub-layer, including those discarded or not sent.

Outgoing Discards

The number of outbound packets which were chosen to be discarded


even though no errors had been detected to prevent their being
transmitted. One possible reason for discarding such a packet could
be to free up buffer space.

Outgoing Errors

For packet-oriented interfaces, the number of outbound packets that


could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units
that could not be transmitted because of errors.

Monitoring DefensePro High Availability


You can view the status of parameters related to the high availability of a selected DefensePro
device.

Note: When you issue the Switch Over command on the cluster node, the active device switches
over. To switch modes, select the cluster node, and then select Switch Over.)

To view the parameters related to the high availability of a selected DefensePro device
>

346

In the Monitoring perspective, select Operational Status > High Availability.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 285: DefensePro High-Availability Monitoring Parameters

Parameter

Description

Device Role

Values:

Device State

Last Baseline Sync.

Cluster State

Cluster Node in Use

Stand AloneThe device is not configured as a member of a highavailability cluster.

PrimaryThe device is configured as the primary member of a highavailability cluster.

SecondaryThis device is configured as the secondary member of a


high-availability cluster.

Values:

ActiveThe device is in the active state. The device may be a


standalone device (not part of a high-availability cluster) or the active
member of a high-availability cluster.

PassiveThe device is the passive member of a high-availability


cluster.

Values:

Base-Line still not synched on this deviceEither high availability is


not enabled on the device or high availability is enabled on the device
but the baselines for security protections are still not synchronized.

The timestamp, in DDD MMM DD hh:mm:ss yyyy format, of the last


synchronization of the baseline between the active and passive device.

Values:

Pair not definedThe device is not configured as a member of a highavailability cluster.

DisconnectedThe device is disconnected from the other member of


the high-availability cluster.

NegotiateThe device is negotiating with the other member of the


high-availability cluster.

SynchronizingThe device is synchronizing with the other member of


the high-availability cluster.

In SyncThe members of the high-availability cluster are


synchronized.

Hold onThe device is waiting for information from the other member
of the high-availability cluster.

The IP address of the selected device.

Peer Clustered Node in The IP address of the other cluster member.


Use

Document ID: RDWR-APSV-V034000_UG1512

347

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Monitoring DefensePro Resource Utilization


This section contains the following topics:

Monitoring DefensePro CPU Utilization, page 348

Monitoring and Clearing DefensePro Authentication Tables, page 350

Monitoring DME Utilization According to Configured Policies, page 351

Monitoring DefensePro Syslog Information, page 352

Monitoring DefensePro CPU Utilization


You can view statistics for the devices average resource utilization and the utilization for each
accelerator.

To monitor device utilization for a selected DefensePro device


>

In the Monitoring perspective, select Operational Status > Resource Utilization > CPU
Utilization.

Table 286: CPU Utilization: General Parameters in 8.x Versions and DefensePro for Cisco
Firepower 9300

Parameter

Description

Resource Utilization

The percentage of the devices CPU currently utilized.

Last 5 sec. Average


Utilization

The average utilization of resources in the last 5 seconds.

Last 60 sec. Average


Utilization

The average utilization of resources in the last 60 seconds.

Table 287: CPU-Utilization: General Parameters in 7.x Versions

Parameter

Description

Note: DefensePro 7.x versions running on the x420 platform contains internal logic of two
DefensePro software instancesusing the DoS Mitigation Engine (DME) and physical ports as
shared resources. For more information, see the DefensePro User Guide.
Resource Utilization Instance 0

The percentage of the devices instance-0 CPU currently utilized.

Resource Utilization Instance 1

The percentage of the devices instance-1 CPU currently utilized.

RS Resource Utilization
Instance 0

The percentage of the devices instance-0 routing services (RS)


resource currently utilized.

RS Resource Utilization
Instance 1

The percentage of the devices instance-1 routing services (RS)


resource currently utilized.

RE Resource Utilization
Instance 0

The percentage of the devices instance-0 routing engine (RE)


resource currently utilized.

RE Resource Utilization
Instance 1

The percentage of the devices instance-1 routing engine (RE)


resource currently utilized.

Last 5 sec. Average Utilization


Instance 0

The average utilization of instance-0 resources in the last 5


seconds.

348

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 287: CPU-Utilization: General Parameters in 7.x Versions (cont.)

Parameter

Description

Last 5 sec. Average Utilization


Instance 1

The average utilization of instance-1 resources in the last 5


seconds.

Last 60 sec. Average Utilization The average utilization of instance-0 resources in the last 60
Instance 0
seconds.
Last 60 sec. Average Utilization The average utilization of instance-1 resources in the last 60
Instance 1
seconds.

Table 288: CPU Utilization: Accelerator Utilization Parameters in 7.x Versions

Parameter

Description

Instance

The internal hardware instance of the device.

Accelerator Type

The name of the accelerator. The accelerator named


Flow_Accelerator_0 is one logical accelerator that uses several
CPU cores. The accelerator named HW Classifier is the stringmatching engine (SME).

CPU ID

The CPU number for the accelerator.

Forwarding Task

The percentage of CPU cycles used for traffic processing.

Other Tasks

The percentage of CPU resources used for other tasks such as


aging and so on.

Idle Task

The percentage of free CPU resources.

Table 289: CPU Utilization: General Parameters in DefensePro 6.x Versions

Parameter

Description

Resource Utilization

The percentage of the devices CPU currently utilized.

RS Resource Utilization

The percentage of the devices routing services (RS) resource currently


utilized.

RE Resource Utilization

The percentage of the devices routing engine (RE) resource currently


utilized.

Last 5 sec. Average


Utilization

The average utilization of resources in the last 5 seconds.

Last 60 sec. Average


Utilization

The average utilization of resources in the last 60 seconds.

Table 290: CPU-Utilization: Accelerator Utilization Parameters in 6.x Versions

Parameter

Description

Accelerator Type

The name of the accelerator. The accelerator named Flow_Accelerator_0


is one logical accelerator that uses several CPU cores. The accelerator
named HW Classifier is the string-matching engine (SME). OnDemand
Switch 3 S1 has no SME.

CPU ID

The CPU number for the accelerator. OnDemand Switch 2 and OnDemand
Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has three CPU
cores.

Forwarding Task

The percentage of CPU cycles used for traffic processing.

Document ID: RDWR-APSV-V034000_UG1512

349

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 290: CPU-Utilization: Accelerator Utilization Parameters in 6.x Versions (cont.)

Parameter

Description

Other Tasks

The percentage of CPU resources used for other tasks such as aging and
so on.

Idle Task

The percentage of free CPU resources.

Table 291: CPU Utilization: Engine Utilization Parameters in 8.x Versions and DefensePro for
Cisco Firepower 9300

Parameter

Description

Engine ID

The name of the flow engine.

Forwarding Task

The percentage of CPU cycles used for traffic processing.

Other Tasks

The percentage of CPU resources used for other tasks such as aging and
so on.

Idle Task

The percentage of free CPU resources.

Monitoring and Clearing DefensePro Authentication Tables


You can view statistics for the devices Authentication Tables. You can also clear the contents of each
table.
The contents of this tab are irrelevant for DefensePro version 8.x versions and DefensePro for Cisco
Firepower 9300.

To monitor Authentication Tables for a selected DefensePro device


>

In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.

Table 292: TCP Authentication Table Monitoring Parameters

Parameter

Description

Table Size

The number of source addresses that the table can hold.

Table Utilization

Percent of the table that is currently utilized.

Aging Time

The aging time, in seconds, for the table.

Table 293: DefensePro HTTP Authentication Table Monitoring Parameters

Parameter

Description

Table Size

The number of source-destination couples for protected HTTP servers.


For example, if there are two attacks towards two HTTP servers and the
source addresses are the same, for those two servers, there will be two
entries for the source in the table.

Table Utilization

Percent of the table that is currently utilized.

Aging Time

The aging time, in seconds, for the table.


Values: 603600
Default: 1200

350

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 294: DNS Authentication Tables Monitoring Parameters

Parameter

Description

Table Size

The number of source addresses that the table can hold.

Table Utilization

Percent of the table that is currently utilized.

Aging Time

The aging time, in minutes, for the table.

To clean an Authentication Table for a selected DefensePro device


1. In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
2. In the relevant tab (that is, TCP Authentication Table, HTTP Authentication Table, or DNS
Authentication Table), click Clean Table.

Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table
action can take up to 10 seconds.

Monitoring DME Utilization According to Configured Policies


The contents of this tab are irrelevant for DefensePro version 8.x versions and DefensePro for Cisco
Firepower 9300.
This tab is functional only on x412 platforms with the DME and x420 platforms.
You can view statistics relating the user-defined policies to the utilization of the DoS Mitigation
Engine (DME).
The values that the device exposes are the calculated according to the configured valueseven
before running the Update Policies command.

Note: If the device is not equipped with the DME, 0 (zero) values are displayed.

To monitor DME utilization according to configured policies


>

In the Monitoring perspective, select Operational Status > Resource Utilization > Policies.

Table 295: DME-Utilization Monitoring Policies Resources Utilization Parameters for


DefensePro 6.x and 7.x Versions

Parameter

Description

If any of the values in this tab is close to the maximum, the resources for the device are
exhausted.
Total Policies

The total number of policies in the context of the DME, which is


double the number of network policies configured in the device.
OnDemand Switch 3 S2 supports 50 configured network policies.
x420 supports 50 configured network policies.

Document ID: RDWR-APSV-V034000_UG1512

351

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Table 295: DME-Utilization Monitoring Policies Resources Utilization Parameters for


DefensePro 6.x and 7.x Versions (cont.)

Parameter

Description

HW Entries Utilization

The percentage of resource utilization from the HW entries in the


context of the DME.

Sub-Policies Utilization

The percentage of DME resource utilization from the entries of subpolicies.


In the context of the DME, a sub-policy is a combination of the
following:

Source-IP-address range

Destination-IP-address range

VLAN-tag range

Table 296: DME-Utilization Monitoring Policies Table Parameters for DefensePro 6.x and 7.x
Versions

Parameter

Description

Policy Name

The name of the policy.

Direction

The direction of the policy.


Values:

Inbound

Outbound

HW Entries

The number of DME hardware entries that the policy uses.

Sub-Policies

The number of DME sub-policy entries that the policy uses.

Monitoring DefensePro Syslog Information


You can view information relating to the syslog mechanism.

To monitor DefensePro syslog information


>

In the Monitoring perspective, select Operational Status > Resource Utilization > Syslog
Monitor.

Table 297: DefensePro Syslog Monitoring Parameters

Parameter

Description

Syslog Server

The name of the syslog server.

Status

The status of the syslog server.


Values:

Messages in Backlog

352

ReachableThe server is reachable.

UnreachableThe server is unreachable.

N/RSpecifies not relevant, because traffic towards the


Syslog server is over UDPas specified (Configuration
perspective, Setup > Syslog Server > Protocol > UDP).

The number of messages in the backlog to the syslog server.

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

Monitoring Cisco Security Group Tags (SGTs)


You can monitor the name and value of the enabled SGT, if one exists.

Note: For more information on SGTs in DefensePro, see Configuring SGT Classes, page 25.

To monitor SGTs
>

In the Monitoring perspective, select Operational Status > SGT.

Table 298: SGT Monitoring Parameters

Parameter

Description

Name

The name of the SGT.

Value

The value of the SGT.

Document ID: RDWR-APSV-V034000_UG1512

353

APSolute Vision User Guide


Monitoring and Controlling the DefensePro Operational Status

354

Document ID: RDWR-APSV-V034000_UG1512

Chapter 17 Monitoring DefensePro Statistics


Monitoring DefensePro statistics comprises the following topics:

Monitoring DefensePro SNMP Statistics, page 355

Monitoring DefensePro Bandwidth Management Statistics, page 356

Monitoring DefensePro IP Statistics, page 358

Monitoring DefensePro SNMP Statistics


You can view statistics for the SNMP layer of the device.

To monitor DefensePro SNMP statistics


>

In the Monitoring perspective, select Statistics > SNMP Statistics.

Table 299: DefensePro SNMP Statistics

Parameter

Description

Number of SNMP Received Packets

The total number of messages delivered to the SNMP entity


from the transport service.

Number of SNMP Sent Packets

The total number of SNMP messages passed from the SNMP


protocol entity to the transport service.

Number of SNMP Successful 'GET'


Requests

The total number of MIB objects retrieved successfully by


the SNMP protocol entity as the result of receiving valid
SNMP GET-Request and GET-Next PDUs.

Number of SNMP Successful 'SET'


Requests

The total number of MIB objects modified successfully by the


SNMP protocol entity as the result of receiving valid SNMP
SET-Request PDUs.

Number of SNMP 'GET' Requests

The total number of SNMP GET-Request PDUs accepted and


processed by the SNMP protocol entity.

Number of SNMP 'GET-Next'


Requests

The total number of SNMP GET-Next Request PDUs accepted


and processed by the SNMP protocol entity.

Number of SNMP 'SET' Requests

The total number of SNMP SET-Request PDUs accepted and


processed by the SNMP protocol entity.

Number of SNMP Error Too Big


Received

The total number of SNMP PDUs generated by the SNMP


protocol entity for which the value of the error-status field is
tooBig.

Number of SNMP Error No Such


Name Received

The total number of SNMP PDUs generated by the SNMP


protocol entity for which the value of the error-status is
noSuchName.

Number of SNMP Error Bad Value


Received

The total number of SNMP PDUs generated by the SNMP


protocol entity for which the value of the error-status field is
badValue.

Number of SNMP Error Generic


Error Received

The total number of SNMP PDUs generated by the SNMP


protocol entity for which the value of the error-status field is
genErr.

Document ID: RDWR-APSV-V034000_UG1512

355

APSolute Vision User Guide


Monitoring DefensePro Statistics

Table 299: DefensePro SNMP Statistics (cont.)

Parameter

Description

Number of SNMP 'GET' Responses


Sent

The total number of SNMP Get-Response PDUs generated by


the SNMP protocol entity.

Number of SNMP Traps Sent

The total number of SNMP Trap PDUs generated by the SNMP


protocol entity.

Monitoring DefensePro Bandwidth Management Statistics


This feature is available only in DefensePro 6.x versions.
You can monitor the Bandwidth Management (BWM) statistics for a DefensePro device.

Displaying the Last-Second BWM Statistics for a Selected DefensePro


Device
This feature is available only in DefensePro 6.x versions.
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).

To display the last-second BWM statistics for a selected DefensePro device


1.

In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Second). The Policy Statistics (Last Second) table is displayed.

2.

To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.

Table 300: DefensePro BWM Last-Second Statistics Parameters

Parameter

Description

Policy Name

The name of the displayed policy.

Matched Packets

The number of packets matching the policy during the last


second.

Matched Bandwidth

The traffic bandwidth, in Kbits, matching the policy during the


last second.

Sent Bandwidth

The volume of sent traffic, in Kbits, in any direction, in the last


second.

Guaranteed Bandwidth Reached

Specifies whether the guaranteed bandwidth was reached


during the last second.

Maximum Bandwidth Reached

Specifies whether the maximum bandwidth was reached during


the last second.

New TCP Sessions

The number of new TCP sessions the device detected in the last
second.

New UDP Sessions

The number of new UDP sessions the device detected in the last
second.

Queued Bandwidth

The bandwidth, in Kilobits, during the last second.

356

Document ID: RDWR-APSV-V034000_UG1512

APSolute Vision User Guide


Monitoring DefensePro Statistics

Table 300: DefensePro BWM Last-Second Statistics Parameters (cont.)

Parameter

Description

Full Queue Bandwidth

The bandwidth, in Kilobits, discarded during the last second,


due to a full queue.

Aged Packets Bandwidth

The amount of discarded bandwidth, in Kilobits, during the last


second, due to the aging of packets in the queue.

Inbound Packets

The number of inbound packets in the last second.

Inbound Matched Bandwidth

The volume of inbound traffic, in Kilobits, in the last second that


matched the policy.

Inbound Sent Bandwidth

The volume of inbound sent traffic, in Kilobits, in the last


second.

Outbound Packets

The number of outbound packets in the last second.

Outbound Matched Bandwidth

The volume of outbound traffic, in Kilobits, in the last second


that matched the policy.

Outbound Sent Bandwidth

The volume of outbound sent traffic, in Kilobits, in the last


second.

Displaying the Last-Period BWM Statistics for a Selected DefensePro


Device
This feature is available only in DefensePro 6.x versions.
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).
The Policy Statistics Reporting Period parameter determines the period (Configuration perspective,
BWM > Global Settings > Policy Statistics Reporting Period).

To display the last-period BWM statistics for a selected DefensePro device


1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Period). The Policy Statistics (Last Period) table is displayed.
2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.

Table 301: DefensePro BWM Last-Period Statist