Académique Documents
Professionnel Documents
Culture Documents
Guide
APSolute Vision
USER GUIDE
Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 2020. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 2020. Tous droits réservés.
Le copyright ainsi que tout autre droit lié à la propriété intellectuelle et aux secrets industriels
contenus dans ce guide sont la propriété de Radware Ltd.
Ce guide d’informations est fourni à nos clients dans le cadre de l’installation et de l’usage des
produits de Radware décrits dans ce document et ne pourra être utilisé dans un but autre que celui
pour lequel il a été conçu.
Les informations répertoriées dans ce document restent la propriété de Radware et doivent être
conservées de manière confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement préalable écrit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschränkungen ausgeliefert:
Copyright Radware Ltd. 2020. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschäftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschließlichen Zweck ausgehändigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf für keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und müssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfältigen, reproduzieren oder offen zu legen.
Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and
the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL,
please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote
products derived from this software without prior written permission. For written permission,
please contact openssl-core@openssl.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in
their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)”
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are
aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution
is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts
of the library used.
This can be in the form of a textual message at program startup or in documentation (online or
textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not
cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgment:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS”' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code
cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
This code is hereby placed in the public domain.
Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets à
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprès de Radware. Une copie de la licence est répertoriée sur: http://www.gnu.org/licenses/old-
licenses/gpl-2.0.html.
Ce code est également placé dans le domaine public.
Ce produit renferme des codes développés dans le cadre du projet OpenSSL.
Copyright ©1983, 1990, 1992, 1993, 1995
Les membres du conseil de l’Université de Californie. Tous droits réservés.
La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée
pour autant que les conditions suivantes soient remplies:
1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette
liste de conditions et l’avis de non-responsabilité suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et
l’avis de non-responsabilité suivant.
3. Le nom de l’université, ainsi que le nom des contributeurs ne seront en aucun cas utilisés pour
approuver ou promouvoir un produit dérivé de ce programme sans l’obtention préalable d’une
autorisation écrite.
Ce produit inclut un logiciel développé par Markus Friedl.
Ce produit inclut un logiciel développé par Theo de Raadt.
Ce produit inclut un logiciel développé par Niels Provos.
Ce produit inclut un logiciel développé par Dug Song.
Ce produit inclut un logiciel développé par Aaron Campbell.
Ce produit inclut un logiciel développé par Damien Miller.
Ce produit inclut un logiciel développé par Kevin Steves.
Ce produit inclut un logiciel développé par Daniel Kouril.
Ce produit inclut un logiciel développé par Wesley Griffin.
Ce produit inclut un logiciel développé par Per Allansson.
Ce produit inclut un logiciel développé par Nils Nordman.
Ce produit inclut un logiciel développé par Simon Wilkinson.
La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée
pour autant que les conditions suivantes soient remplies:
1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette
liste de conditions et l’avis de non-responsabilité suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et
l’avis de non-responsabilité suivant.
LE LOGICIEL MENTIONNÉ CI-DESSUS EST FOURNI TEL QUEL PAR LE DÉVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S’Y LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALITÉ MARCHANDE ET D’ADÉQUATION À UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS L’AUTEUR NE POURRA ÊTRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPÉCIAUX, EXEMPLAIRES OU CONSÉCUTIFS (Y COMPRIS, MAIS SANS
S’Y LIMITER, L’ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D’USAGE,
DE DONNÉES OU DE PROFITS OU L’INTERRUPTION DES AFFAIRES), QUELLE QU’EN SOIT LA CAUSE
ET LA THÉORIE DE RESPONSABILITÉ, QU’IL S’AGISSE D’UN CONTRAT, DE RESPONSABILITÉ
STRICTE OU D’UN ACTE DOMMAGEABLE (Y COMPRIS LA NÉGLIGENCE OU AUTRE), DÉCOULANT DE
QUELLE QUE FAÇON QUE CE SOIT DE L’USAGE DE CE LOGICIEL, MÊME S’IL A ÉTÉ AVERTI DE LA
POSSIBILITÉ D’UN TEL DOMMAGE.
Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschränkten Nutzungslizenz und
können nur in Verbindung mit dieser Anwendung benutzt werden.
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
öffentlich zugänglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code für den Rijndael cipher (jetzt AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet möglicherweise Software, die im Rahmen der DNU Allgemeine
Öffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschließlich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhältlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/
gpl-2.0.html.
Dieser Code wird hiermit allgemein zugänglich gemacht.
Dieses Produkt enthält einen vom OpenBSD-Projekt entwickelten Code
Copyright ©1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3. Weder der Name der Universität noch die Namen der Beitragenden dürfen ohne ausdrückliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthält von Markus Friedl entwickelte Software.
Dieses Produkt enthält von Theo de Raadt entwickelte Software.
Dieses Produkt enthält von Niels Provos entwickelte Software.
Dieses Produkt enthält von Dug Song entwickelte Software.
Dieses Produkt enthält von Aaron Campbell entwickelte Software.
Dieses Produkt enthält von Damien Miller entwickelte Software.
Dieses Produkt enthält von Kevin Steves entwickelte Software.
Dieses Produkt enthält von Daniel Kouril entwickelte Software.
Dieses Produkt enthält von Wesley Griffin entwickelte Software.
Dieses Produkt enthält von Per Allansson entwickelte Software.
Dieses Produkt enthält von Nils Nordman entwickelte Software.
Dieses Produkt enthält von Simon Wilkinson entwickelte Software.
Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
Standard Warranty
The following standard warranty is presented in English, French, and German.
Standard Warranty
Radware offers a limited warranty for all its products (“Products”). Radware hardware products are
warranted against defects in material and workmanship for a period of one year from date of
shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days
after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at
its discretion, repair or replace the Product.
For hardware warranty service or repair, the product must be returned to a service facility
designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay
the shipping charges in returning the product to the customer. Please see specific details outlined in
the Standard Warranty section of the customer’s purchase order.
Radware shall be released from all obligations under its Standard Warranty in the event that the
Product and/or the defective component has been subjected to misuse, neglect, accident or
improper installation, or if repairs or modifications were made by persons other than Radware
authorized service personnel, unless such repairs by others were made with the written consent of
Radware.
EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE
PROVIDED BY “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.
Garantie standard
Radware octroie une garantie limitée pour l’ensemble de ses produits (“Produits”). Le matériel
informatique (hardware) Radware est garanti contre tout défaut matériel et de fabrication pendant
une durée d’un an à compter de la date d’expédition. Les logiciels (software) Radware sont fournis
avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du
logiciels (bugs) pendant une durée maximum de 90 jours à compter de la date d’achat. Dans
l’hypothèse où un Produit présenterait un défaut pendant ladite (lesdites) période(s), Radware
procédera, à sa discrétion, à la réparation ou à l’échange du Produit.
S’agissant de la garantie d’échange ou de réparation du matériel informatique, le Produit doit être
retourné chez un réparateur désigné par Radware. Le Client aura à sa charge les frais d’envoi du
Produit à Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter
les conditions spécifiques décrites dans la partie “Garantie Standard” du bon de commande client.
Radware est libérée de toutes obligations liées à la Garantie Standard dans l’hypothèse où le Produit
et/ou le composant défectueux a fait l’objet d’un mauvais usage, d’une négligence, d’un accident ou
d’une installation non conforme, ou si les réparations ou les modifications qu’il a subi ont été
effectuées par d’autres personnes que le personnel de maintenance autorisé par Radware, sauf si
Radware a donné son consentement écrit à ce que de telles réparations soient effectuées par ces
personnes.
SAUF DANS LES CAS PREVUS CI-DESSUS, L’ENSEMBLE DES PRODUITS RADWARE (MATERIELS ET
LOGICIELS) SONT FOURNIS “TELS QUELS” ET TOUTES GARANTIES EXPRESSES OU IMPLICITES
SONT EXCLUES, EN CE COMPRIS, MAIS SANS S’Y RESTREINDRE, LES GARANTIES IMPLICITES DE
QUALITE MARCHANDE ET D’ADÉQUATION À UNE UTILISATION PARTICULIÈRE.
Standard Garantie
Radware bietet eine begrenzte Garantie für alle seine Produkte (“Produkte”) an. Hardware Produkte
von Radware haben eine Garantie gegen Material- und Verarbeitungsfehler für einen Zeitraum von
einem Jahr ab Lieferdatum. Radware Software verfügt über eine Standard Garantie zur
Fehlerbereinigung für einen Zeitraum von bis zu 90 Tagen nach Erwerbsdatum. Sollte ein Produkt
innerhalb des angegebenen Garantiezeitraumes einen Defekt aufweisen, wird Radware das Produkt
nach eigenem Ermessen entweder reparieren oder ersetzen.
Für den Hardware Garantieservice oder die Reparatur ist das Produkt an eine von Radware
bezeichnete Serviceeinrichtung zurückzugeben. Der Kunde hat die Versandkosten für den Transport
des Produktes zu Radware zu tragen, Radware übernimmt die Kosten der Rückversendung des
Produktes an den Kunden. Genauere Angaben entnehmen Sie bitte dem Abschnitt zur Standard
Garantie im Bestellformular für Kunden.
Radware ist von sämtlichen Verpflichtungen unter seiner Standard Garantie befreit, sofern das
Produkt oder der fehlerhafte Teil zweckentfremdet genutzt, in der Pflege vernachlässigt, einem
Unfall ausgesetzt oder unsachgemäß installiert wurde oder sofern Reparaturen oder Modifikationen
von anderen Personen als durch Radware autorisierten Kundendienstmitarbeitern vorgenommen
wurden, es sei denn, diese Reparatur durch besagte andere Personen wurden mit schriftlicher
Genehmigung seitens Radware durchgeführt.
MIT AUSNAHME DES OBEN DARGESTELLTEN, SIND ALLE RADWARE PRODUKTE (HARDWARE UND
SOFTWARE) GELIEFERT “WIE GESEHEN” UND JEGLICHE AUSDRÜCKLICHEN ODER
STILLSCHWEIGENDEN GARANTIEN, EINSCHLIESSLICH ABER NICHT BEGRENZT AUF
STILLSCHWEIGENDE GEWÄHRLEISTUNG DER MARKTFÄHIGKEIT UND EIGNUNG FÜR EINEN
BESTIMMTEN ZWECK AUSGESCHLOSSEN.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked “<HAR>”, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
• If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
• If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6. Do not operate the device in a location where the maximum ambient temperature exceeds
40°C/104°F.
7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
AC units for Denmark, Finland, Norway, Sweden (marked on product):
• Denmark - “Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!”
• Finland - (Marking label and in manual) - “Laite on liitettävä suojamaadoituskoskettimilla
varustettuun pistorasiaan”
• Norway (Marking label and in manual) - “Apparatet må tilkoples jordet stikkontakt”
• Unit is intended for connection to IT power systems for Norway only.
• Sweden (Marking label and in manual) - “Apparaten skall anslutas till jordat uttag.”
Instructions de sécurité
AVERTISSEMENT
Un dispositif de déconnexion facilement accessible sera incorporé au câblage du bâtiment.
En raison des risques de chocs électriques et des dangers énergétiques, mécaniques et d’incendie,
chaque procédure impliquant l’ouverture des panneaux ou le remplacement de composants sera
exécutée par du personnel qualifié.
Pour réduire les risques d’incendie et de chocs électriques, déconnectez le dispositif du bloc
d’alimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre l’étiquette d’avertissement apposée sur les plateformes Radware dotées
de plus d’une source d’alimentation électrique.
Figure 4: Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation
électrique (en chinois)
Traduction de la Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation
électrique (en chinois):
Cette unité est dotée de plus d’une source d’alimentation électrique. Déconnectez toutes les sources
d’alimentation électrique avant d’entretenir l’appareil ceci pour éviter tout choc électrique.
ENTRETIEN
N’effectuez aucun entretien autre que ceux répertoriés dans le manuel d’instructions, à moins d’être
qualifié en la matière. Aucune pièce à l’intérieur de l’unité ne peut être remplacée ou réparée.
HAUTE TENSION
Tout réglage, opération d’entretien et réparation de l’instrument ouvert sous tension doit être évité.
Si cela s’avère indispensable, confiez cette opération à une personne qualifiée et consciente des
dangers impliqués.
Les condensateurs au sein de l’unité risquent d’être chargés même si l’unité a été déconnectée de la
source d’alimentation électrique.
MISE A LA TERRE
Avant de connecter ce dispositif à la ligne électrique, les vis de protection de la borne de terre de
cette unité doivent être reliées au système de mise à la terre du bâtiment.
LASER
Cet équipement est un produit laser de classe 1, conforme à la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles à courant nominal requis et de type spécifié sont utilisés en
remplacement. L’usage de fusibles réparés et le court-circuitage des porte-fusibles doivent être
évités. Lorsqu’il est pratiquement certain que la protection offerte par les fusibles a été détériorée,
l’instrument doit être désactivé et sécurisé contre toute opération involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument à la ligne électrique, vérifiez que la tension de la source
d’alimentation correspond aux exigences de l’instrument. Consultez les spécifications propres à
l’alimentation nominale correcte du dispositif.
Les plateformes alimentées en 48 CC ont une tolérance d’entrée comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPÉCIFICATIONS
Les spécifications sont sujettes à changement sans notice préalable.
Remarque: Cet équipement a été testé et déclaré conforme aux limites définies pour un appareil
numérique de classe A, conformément au paragraphe 15B de la réglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformité de la CE. Ces limites sont fixées pour fournir une
protection raisonnable contre les interférences nuisibles, lorsque l’équipement est utilisé dans un
environnement commercial. Cet équipement génère, utilise et peut émettre des fréquences radio et,
s’il n’est pas installé et utilisé conformément au manuel d’instructions, peut entraîner des
interférences nuisibles aux communications radio. Le fonctionnement de cet équipement dans une
zone résidentielle est susceptible de provoquer des interférences nuisibles, auquel cas l’utilisateur
devra corriger le problème à ses propres frais.
NOTICE SPÉCIALE POUR LES UTILISATEURS NORD-AMÉRICAINS
Pour un raccordement électrique en Amérique du Nord, sélectionnez un cordon d’alimentation
homologué UL et certifié CSA 3 - conducteur, [18 AWG], muni d’une prise moulée à son extrémité,
de 125 V, [10 A], d’une longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion européenne, choisissez un cordon d’alimentation mondialement homologué et marqué
“<HAR>”, 3 - conducteur, câble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isolée. La
prise à l’extrémité du cordon, sera dotée d’un sceau moulé indiquant: 250 V, 3 A.
ZONE A ACCÈS RESTREINT
L’équipement alimenté en CC ne pourra être installé que dans une zone à accès restreint.
CODES D’INSTALLATION
Ce dispositif doit être installé en conformité avec les codes électriques nationaux. En Amérique du
Nord, l’équipement sera installé en conformité avec le code électrique national américain, articles
110-16, 110 -17, et 110 -18 et le code électrique canadien, Section 12.
INTERCONNEXION DES UNÎTES
Les câbles de connexion à l’unité RS232 et aux interfaces Ethernet seront certifiés UL, type DP-1 ou
DP-2. (Remarque- s’ils ne résident pas dans un circuit LPS).
PROTECTION CONTRE LES SURCHARGES
Un circuit de dérivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
être intégré au câblage du bâtiment pour chaque puissance consommée.
BATTERIES REMPLAÇABLES
Si l’équipement est fourni avec une batterie, et qu’elle est remplacée par un type de batterie
incorrect, elle est susceptible d’exploser. C’est le cas pour certaines batteries au lithium, les
éléments suivants sont donc applicables:
• Si la batterie est placée dans une zone d’accès opérateur, une marque est indiquée sur la
batterie ou une remarque est insérée, aussi bien dans les instructions d’exploitation que
d’entretien.
• Si la batterie est placée ailleurs dans l’équipement, une marque est indiquée sur la batterie ou
une remarque est insérée dans les instructions d’entretien.
5. Remplacez le fusible endommagé par un modèle similaire de même puissance, tel qu’indiqué sur
l’étiquette de sécurité adjacente à l’arrivée électrique hébergeant le fusible.
6. Ne faites pas fonctionner l’appareil dans un endroit, où la température ambiante dépasse la
valeur maximale autorisée. 40°C/104°F.
7. Débranchez le cordon électrique de la prise murale AVANT d’essayer de retirer et/ou de vérifier
le fusible d’alimentation principal.
PRODUIT LASER DE CLASSE 1 ET RÉFÉRENCE AUX NORMES LASER LES PLUS RÉCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
Unités à CA pour le Danemark, la Finlande, la Norvège, la Suède (indiqué sur le produit):
• Danemark - Unité de classe 1 - qui doit être utilisée avec un cordon CA compatible avec les
déviations du Danemark. Le cordon inclut un conducteur de mise à la terre. L’unité sera
branchée à une prise murale, mise à la terre. Les prises non-mises à la terre ne seront pas
utilisées!
• Finlande (Étiquette et inscription dans le manuel) - Laite on liitettävä
suojamaadoituskoskettimilla varustettuun pistorasiaan
• Norvège (Étiquette et inscription dans le manuel) - Apparatet må tilkoples jordet stikkontakt
• L’unité peut être connectée à un système électrique IT (en Norvège uniquement).
• Suède (Étiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebäudes muss ein unverzüglich zugängliches Stromunterbrechungsgerät
integrieren.
Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr dürfen Vorgänge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschließlich von
qualifiziertem Servicepersonal durchgeführt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gerät vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstärke und der
angeführten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschließung von Sicherungsfassungen muss vermieden werden. In Fällen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeinträchtigt ist, muss das
Gerät abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gerätes an die Stromversorgung ist zu gewährleisten, dass die Spannung der
Stromquelle den Anforderungen des Gerätes entspricht. Beachten Sie die technischen Angaben
bezüglich der korrekten elektrischen Werte des Gerätes.
Plattformen mit 48 V DC verfügen über eine Eingangstoleranz von 36-72 V DC.
ÄNDERUNGEN DER TECHNISCHEN ANGABEN
Änderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gerät wurde geprüft und entspricht den Beschränkungen von digitalen Geräten der
Klasse 1 gemäß Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 für Konformität mit der CE-Bezeichnung.
Diese Beschränkungen dienen dem angemessenen Schutz vor schädlichen Interferenzen bei Betrieb
des Gerätes in kommerziellem Umfeld. Dieses Gerät erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, könnte es mit dem Funkverkehr interferieren und ihn
beeinträchtigen. Der Betrieb dieses Gerätes in Wohnbereichen wird höchstwahrscheinlich zu
schädlichen Interferenzen führen. In einem solchen Fall wäre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
BESONDERER HINWEIS FÜR BENUTZER IN NORDAMERIKA
Wählen Sie für den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgeführt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, für 125 V, [10 A],
mit einer Mindestlänge von 1,5 m [sechs Fuß], doch nicht länger als 4,5 m. Für europäische
Anschlüsse verwenden Sie ein international harmonisiertes, mit “<HAR>” markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, für 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker für 250 V, 3 A enden.
BEREICH MIT EINGESCHRÄNKTEM ZUGANG
Das mit Gleichstrom betriebene Gerät darf nur in einem Bereich mit eingeschränktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gerät muss gemäß der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika müssen Geräte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 -
17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
VERKOPPLUNG VON GERÄTEN Kabel für die Verbindung des Gerätes mit RS232- und Ethernet-
müssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
ÜBERSTROMSCHUTZ
Ein gut zugänglicher aufgeführter Überstromschutz mit Abzweigstromkreis und 15 A Stärke muss für
jede Stromeingabe in der Gebäudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gerät mit einer austauschbaren Batterie geliefert und für diese Batterie durch einen
falschen Batterietyp ersetzt, könnte dies zu einer Explosion führen. Dies trifft zu für manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
• Wird die Batterie in einem Bereich für Bediener eingesetzt, findet sich in der Nähe der Batterie
eine Markierung oder Erklärung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
• Ist die Batterie an einer anderen Stelle im Gerät eingesetzt, findet sich in der Nähe der Batterie
eine Markierung oder einer Erklärung in der Wartungsanleitung.
Electromagnetic-Interference Statements
The following statements are presented in English, French, and German.
Electromagnetic-Interference Statements
SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
Figure 12: KCC—Certificat de la commission des communications de Corée pour les equipements de
radiodiffusion et communication.
Figure 13: Déclaration pour l’équipement de classe A certifié KCC en langue coréenne
关于在非热带气候地区使用的设备,必须在随时可见的位置处粘贴包含如下内容的警告标记:
附件 DD:有关新安全警告标记的说明。
DD.1 海拔警告标记
标记含义:设备的评估仅基于温带气候条件,因此设备只适用于该运行条件。如果在热带气候地区使用设备,可能
会存在某些安全隐患。
Document Conventions
The following describes the conventions and symbols that this guide uses:
Example
Possible damage to Endommagement Mögliche Schäden an
equipment, software, or possible de l’équipement, Gerät, Software oder
Caution: data des données ou du Daten
logiciel
Additional information Informations Zusätzliche
complémentaires Informationen
Note:
A statement and Références et Eine Erklärung und
instructions instructions Anweisungen
To
A suggestion or Une suggestion ou Ein Vorschlag oder eine
workaround solution Umgehung
Tip:
Possible physical harm to Blessure possible de Verletzungsgefahr des
the operator l’opérateur Bedieners
Warning:
TABLE OF CONTENTS
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Standard Warranty ........................................................................................................ 9
Limitations on Warranty and Liability ........................................................................... 10
Safety Instructions ....................................................................................................... 11
Electromagnetic-Interference Statements ................................................................... 20
Altitude and Climate Warning ...................................................................................... 24
Document Conventions ............................................................................................... 25
Displaying Basic Information About the APSolute Vision Server ...................................... 112
Managing APSolute Vision Server Software .................................................................... 114
Displaying APSolute Vision Server Hardware Information ............................................... 116
Managing and Updating the Attack Descriptions File for DefensePro .............................. 116
Configuring Connectivity Parameters for Server Connections ................................. 117
Configuring Settings for Alerts .................................................................................. 121
Configuring Settings for the Alerts Table Pane ................................................................. 121
Selecting Parameters to Include in Security Alerts ........................................................... 132
Managing APSolute Vision Analytics Settings .......................................................... 133
Managing the Email Reporting Configuration for APSolute Vision Analytics .................... 133
ADC Analytics ................................................................................................................... 134
Configuring Monitoring Settings ............................................................................... 135
Configuring APSolute Vision Server Alarm Thresholds ............................................ 136
Managing Connections to Authentication Servers .................................................... 137
Managing RADIUS Server Connections ........................................................................... 137
Managing TACACS+ Server Connections ........................................................................ 142
Managing LDAP Server Connections ............................................................................... 147
Managing Device Drivers ......................................................................................... 150
Configuring APSolute Vision Reporter Parameters .................................................. 153
Managing APSolute Vision Licenses and Viewing Capacity Utilization .................... 154
Managing Licenses for APSolute Vision ........................................................................... 154
Viewing Details of the RTU Licenses ................................................................................ 156
Viewing Details on the Current Utilization of the APSolute Vision Server ........................ 157
Managing APM in APSolute Vision .......................................................................... 158
Considerations and Constraints Using APM with Alteon Version 29.5 ............................. 158
Managing the APM Server ................................................................................................ 159
Viewing Information on the APM-Enabled Devices .......................................................... 161
Configuring the Radware Cloud DDoS Protection Setting ....................................... 161
Configuring APSolute Vision Server Advanced Parameters .................................... 162
Configuring APSolute Vision Display Parameters .................................................... 163
Managing APSolute Vision Maintenance Files ......................................................... 165
Managing Operator Toolbox Settings ....................................................................... 166
Managing Stored Device Configuration/Backup Files .............................................. 166
Viewing Device Subscriptions .................................................................................. 168
Controlling APSolute Vision Operations ................................................................... 170
Exporting a CSV File with the Devices in the Sites and Devices Tree .............................. 174
Filtering Entities in the Device Pane .................................................................................. 174
Managing Individual Devices .................................................................................... 174
APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG . 188
APSolute Vision Server Registered for Device Events—DefensePro ..................... 188
APSolute Vision Server Registered for Device Events—AppWall ........................... 189
Locking and Unlocking Devices ................................................................................ 189
Managing DefensePro Clusters for High Availability ................................................ 191
High-Availability in DefensePro—Overview ...................................................................... 191
Configuring DefensePro High-Availability Clusters ........................................................... 194
Monitoring DefensePro Clusters ....................................................................................... 195
Synchronizing High-Availability Devices and Switching the Device States ....................... 196
Using the Multi-Device View and the Multiple Devices Summary ............................ 196
Using Logical Groups of Devices ............................................................................. 199
Logical Groups—General Information .............................................................................. 199
Logical Group User Interface ............................................................................................ 200
Managing Logical Groups ................................................................................................. 201
After You Set Up Your Managed Devices ................................................................ 203
Using Real-Time Security Monitoring with DefensePro and DefenseFlow ............... 596
Risk Levels ....................................................................................................................... 597
Using the Dashboard Views for Real-Time Security Monitoring ....................................... 598
Viewing Real-Time Traffic Reports ................................................................................... 626
Protection Monitoring ........................................................................................................ 637
HTTP Reports ................................................................................................................... 645
The network physical- or virtual-device tier enables management of the collection of network
elements connected to APSolute Vision, which includes the following:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Note: For more information, see Managing APSolute Vision Users, page 83.
APSolute Vision provides the audit trail for system messages and modifications to the configuration
of managed devices.
APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute
Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications
can be sent via SMTP. Notifications can be sent to a syslog server.
APSolute Vision provides fault management by supporting the following system and audit alarms:
• APSolute Vision server alarms
• General device alarms (fan, CPU, and so on)
• Alteon device configuration and operation messages
• DefensePro security alerts
• Audit trail messages
Note: For more information, see Managing Auditing and Alerts, page 329 and APSolute Vision Log
Messages and Alerts, page 739.
Device-Configuration Features
APSolute Vision supports the following features for configuring Radware devices:
• Online Device Configuration, page 45
• Operation Control and Maintenance, page 46
• vDirect with APSolute Vision, page 46
• Supported Form Factors for Alteon and LinkProof NG, page 47
• Device Drivers, page 47
• Scheduled Tasks, page 48
Notes
• You can manage Toolbox scripts, vDirect workflows, AppShape templates, and DefensePro
configuration templates through the Automation item of the APSolute Vision sidebar menu
( ).
• For more information on Toolbox scripts, vDirect workflows, AppShape templates, and
DefensePro configuration templates, Using the Toolbox, page 221.
You can open the vDirect interface from the APSolute Vision sidebar menu ( Applications >
vDirect).
vDirect, a component within the Radware Virtual Application Delivery Infrastructure (VADI), is a
software-based plug-in that integrates Radware’s ADC and security products with networking
virtualization and automation solutions. With vDirect, enterprise and cloud IT personnel can
provision, decommission, configure, and monitor complex ADC and security services, both physical
and virtual, in matter of hours and even minutes, thus maintaining maximum business agility and IT
efficiency.
vDirect exposes the following APIs:
• SSH/HTTPS APIs for CLI or Web integration
• SOAP APIs for use with the vDirect Java SDK
• REST APIs for easy scripting integration
Note: For more information, see Using vDirect with APSolute Vision, page 725.
Notes
• For more information, see the Alteon Application Switch Operating System Application Guide.
• The Alerts Table pane displays Alteon and LinkProof NG configuration messages. A message is
displayed in the Alerts Table pane after each Alteon or LinkProof NG configuration-management
action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump). When you
double-click a message, APSolute Vision opens a separate pane that contains the full message
text, which you can copy to the clipboard.
• If the new configuration is different from the current one, to indicate that the Apply command is
required, the message “Apply is required” is displayed under the Apply button in the device
toolbar and a fiery background displays behind the button.
• During the Apply operation, the device icon may momentarily change from “locked” to
“maintenance” , and the value of the Status parameter in the Properties pane may
momentarily change from Up to Maintenance.
Device Drivers
APSolute Vision device drivers enable you to install or upgrade Radware devices without the need to
upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical user
interface and configuration for the software version of a managed device. The software version of a
managed device defines the baseline driver version. You can install a newer version of the device
driver, and you can revert to the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server. Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.
Notes
• There are cases where upgrading the Radware device software requires upgrading the APSolute
Vision server software. Check the release notes of the new Radware device version to determine
the minimum APSolute Vision version required.
• When you upgrade device software, you need to reboot the device. However, when you install a
new version of a device driver or revert to the baseline version, you do not need to reboot the
device.
• Device drivers do not include the online help. If the APSolute Vision server is configure so that
the clients get help from the server (the default option), the APSolute Vision administrator
should make sure that the APSolute Vision server has the latest version of the online-help
package.
• The Properties pane that is displayed for a device includes the name of the device driver.
Scheduled Tasks
You can configure scheduled tasks for various operations for the APSolute Vision server and
managed devices.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
You can open the scheduler from the APSolute Vision sidebar menu ( ).
Note: For more information, see Scheduling APSolute Vision and Device Tasks, page 305.
DefenseFlow Access
When the DefenseFlow IP address is configured, you can open the DefenseFlow configuration
interface from the APSolute Vision sidebar menu ( DefenseFlow > DefenseFlow
Configuration).
The DefenseFlow Configuration option is active only when the DefenseFlow IP address is
configured in the APSolute Vision CLI. The DefenseFlow Configuration option is inactive if the
DefenseFlow IP address is not configured.
In DefenseFlow version 3.2 and later, you can open the DefenseFlow Attack Mitigation Operation
dashboard from the APSolute Vision sidebar menu ( DefenseFlow > DefenseFlow
Operation). The dashboard graphically displays all the ongoing attacks and their associated
protections, and displays a log of all the history attacks.
Note: For more information on DefenseFlow, see the DefenseFlow Installation and User Guide.
Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS
Protection Services User Guide.
Note: For more information, see Using the Application SLA Dashboard, page 561.
You can open APM from the APSolute Vision sidebar menu ( Applications > APM).
Note: For more information, see the Application Performance Monitor User Guide.
Note: For more information, see Using the Service Status Dashboard, page 570.
You can open DPM from the APSolute Vision sidebar menu ( Applications > DPM).
Note: For more information, see Using the Device Performance Monitor, page 445.
( Applications > Security Control Center), or, in the APSolute Vision Settings view
Dashboards perspective, select Security Control Center.
Note: For more information, see Using the Security Control Center, page 564.
You can open the GEL Dashboard from the APSolute Vision sidebar menu ( Applications >
GEL).
Note: For more information, see Using the GEL Dashboard, page 576.
You can open the EAAF Dashboard from the APSolute Vision sidebar menu ( Applications >
EAAF).
Note: For more information, see Using the ERT Active Attackers Feed (EAAF) Dashboard, page 579.
Real-time security reporting for Alteon with embedded AppWall module or AppWall standalone
includes the following:
• Security-event monitoring
• Attack-distribution monitoring
• SSL Inspection monitoring
Note: SSL Inspection monitoring utilizes the infrastructure of APSolute Vision Analytics.
Real-time security reporting for DefenseFlow and DefensePro device includes the following:
• Dashboard views
• Real-time traffic reports
• Protection monitoring
• HTTP reports
Note: For more information, see Using Real-Time Security Monitoring, page 583.
Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event records
from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The event
exporter lets you integrate with a Security Information Event Management (SIEM) system, which
you may be using as your main analytics-and-reporting system. For more information, see System
Exporter Commands (Event Exporter), page 695.
You can open AVR from the APSolute Vision sidebar menu ( Applications > AVR).
Notes
• For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes.
• For information about APSolute Vision Reporter and how to use it, see its online help and the
APSolute Vision Reporter User Guide.
AVA consists of two main parts: AMS (Attack Mitigation Solution) for AppWall, DefenseFlow, and
DefensePro—and ADC (application delivery control) for Alteon.
Note: For information about APSolute Vision Analytics and how to use it, see the APSolute Vision
Analytics User Guide.
AVA ADC
AVA ADC supports the following modules:
• Application Dashboard—The Application Dashboard displays monitoring and reporting metrics
so that you can view and track real-time and historical information about the applications and
servers that your Alteon devices manage.
• Reports—You can use the Reports module to quickly generate an on-the-fly view.
You can open AVA ADC items from the APSolute Vision sidebar menu ( Analytics ADC).
AVA AMS
AVA AMS supports the following main modules:
• Dashboards—Dashboards display near real-time and historical monitoring and reporting
metrics. You can use the dashboards to track the security throughout the network that your
DefensePro, DefenseFlow, and AppWall devices are protecting. Dashboards summarize the
existing network infrastructure in panels of graphs, charts, and tables. You can perform a deep
analysis wherever necessary by drilling down into the event details.
• Reports—You can use the Reports module to create and generate reports of a single query.
• Alerts—You can use the Alerts module to configure rules for triggering, generating, and sending
alerts.
• Forensics—Forensics analysis involves recording and analyzing historical security events. You
can use the Forensics module to discover the source of the attack, attack trends, and analyze
the risk associated with each incident.
You can open AVA AMS items from the APSolute Vision sidebar menu ( Analytics AMS).
Notes
• AVA AMS supports security reporting and security monitoring for all DefensePro protection
modules.
• In APSolute Vision features other than AVA AMS, security reporting and security monitoring for
the following DefensePro protection modules is minimal:
— Connection PPS (supported in DefensePro version 8.22 and later)
— ERT Active Attackers Feed (supported in DefensePro version 8.19 and later)
— Geolocation (supported in DefensePro version 8.19 and later)
— HTTPS Flood Protection (supported in DefensePro version 8.18 and later)
Administrators can change the default language for new users and per new user.
Individual users can change their language when logging in or through the APSolute Vision toolbar
(see APSolute Vision Toolbar and Sidebar Menu, page 55).
The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.
Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based
Access Control (RBAC). For more information, see Role-Based Access Control (RBAC), page 85 and
Configuring Local Users for APSolute Vision, page 99.
Note: For some more information about AVA, see APSolute Vision Analytics, page 52. For
detailed information and how to use AVA, see the APSolute Vision Analytics User Guide.
• Analytics AMS—Opens a drop-down list with the following options for APSolute Vision Analytics
(AVA) for Radware Attack Mitigation Solution (AMS) products:
— DefensePro Monitoring—Opens the DefensePro Monitoring dashboard.
— DefensePro Attacks—Opens the DefensePro Attacks dashboard.
— HTTPS Flood—Opens the DefensePro HTTPS Flood dashboard.
— DefensePro Analytics—Opens the DefensePro Analytics dashboard.
— DefensePro Behavioral Protections—Opens the DefensePro Behavioral Protections
dashboard.
— DefenseFlow Analytics—Opens the DefenseFlow Analytics dashboard.
— AppWall—Opens the AppWall dashboard.
— Reports—Opens the AVA AMS Reports module.
— Forensics—Opens the AVA AMS Forensics module.
— Alerts—Opens the AVA AMS Alerts module.
Note: For some more information about AVA, see APSolute Vision Analytics, page 52. For
detailed information and how to use AVA, see the APSolute Vision Analytics User Guide.
• Applications—Opens a drop-down list with buttons to open or connect to the following apps
and services:
— AVR—APSolute Vision Reporter, which is historical security reporting for DefensePro and
AppWall.
— APM—Application Performance Monitoring for Alteon and LinkProof NG.
— DPM—Device Performance Monitoring for Alteon and LinkProof NG.
— Cloud DDoS Portal—Connects you to the to the associated Radware Cloud DDoS
Protection service interface. For more information on Radware Cloud DDoS Protection
services, see the Cloud DDoS Protection Services User Guide.
— vDirect—Opens the vDirect interface in the APSolute Vision server.
— Security Control Center—Opens the Security Control Center.
— GEL—Opens the Global Elastic License (GEL) Dashboard to activate a new Global Elastic
License (GEL) Entitlement, allocate throughput to Alteon servers using GEL Entitlements,
and to view the Entitlement-utilization state.
— EAAF—Opens the ERT Active Attackers Dashboard.
• DefenseFlow—Opens a drop-down list with buttons to open the following:
— Operation—Opens the DefenseFlow Attack Mitigation Operation dashboard.
— Configuration—Opens the DefenseFlow interface (when the DefenseFlow IP address is
configured in the APSolute Vision CLI).
• Automation—Opens the Toolbox pane, which includes the Toolbox tab and the Advanced tab.
By default, the Toolbox tab displays predefined Toolbox scripts. From the adjacent Workflows
tab, you can manage and use vDirect workflows. From the Advanced tab, you can manage
Toolbox scripts, use AppShape templates, and manage DefensePro configuration templates. For
more information, see Using the Toolbox, page 221.
• Scheduler—Opens the Scheduler to schedule various operations for the APSolute Vision server
and managed devices. For more information, see Scheduling APSolute Vision and Device Tasks,
page 305.
• Vision Settings—Opens the APSolute Vision Settings view. For more information, see APSolute
Vision Settings View, page 57.
Figure 21: Vision Settings Item (Selected) in the APSolute Vision Sidebar Menu
Click the relevant button (System, Dashboards, or Preferences) to display the perspective that
you require.
At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision
device-properties pane. For more information, see Device-Properties Pane, page 62.
When you hover over a device node in the device pane, a popup displays. For more information, see
Device-Properties Hover Popup, page 62.
The System perspective in the APSolute Vision Settings view is being displayed.
Content area.
Note: For more information on operations that are exposed in the APSolute Vision Settings view
System perspective, see Managing and Monitoring the APSolute Vision System, page 111.
Device Pane
Users with a proper role can use the device pane to add or delete the devices that the APSolute
Vision server manages.
If the device pane is not being displayed, to display it, click the little downward-pointing arrow
( ) close to the upper-left corner of the APSolute Vision main screen (see Figure 22 - Vision
Settings View (Showing the System Perspective), page 58).
To organize and manage devices, the device pane includes the following three different trees:
• Sites and Devices—The Sites and Devices tree can contain devices (except for ADC- VX),
user-defined Sites, and DefensePro high-availability clusters.
• Physical Containers—The Physical Containers tree can contain ADC-VX instances and Sites
with ADC-VX instances.
• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical
Group is a group of devices of the same type, which you manage as a single entity.
In the device pane, APSolute Vision uses the following basic icons to represent the device types,
with Status Up and functioning normally:
• —Alteon
• —AppWall
• —DefensePro
• —LinkProof NG
APSolute Vision modifies the display of the basic icons to show special device states or device
functions—which include the following:
• Device is locked—While the device is locked, the device icon in the device pane includes a lock
symbol— for Alteon and LinkProof NG, for AppWall, and for DefensePro.
• Status Down—When the device Status is Down, the device icon in the device pane includes
device icon in the device pane has a red slash through it— for Alteon and LinkProof NG,
for ADC-VX, for AppWall, and for DefensePro.
• DefensePro device is a DefenseFlow mitigation device—When, in DefenseFlow, you set
the mitigation device to be DefensePro, the DefensePro-device icon in the device pane includes
two triangles— .
Figure 23: Device Pane (Not Docked)—Showing the Sites and Devices Tree
Minimizes the docked device pane.
Docks the device pane.
The button that selects the device-pane tree (Sites and Devices, Physical Containers,
or Logical Groups) and the name of the tree that is displayed now.
Notes
• For information on how to add or delete the devices that the APSolute Vision server manages,
see Managing Devices, Sites, and Logical Groups, page 171.
• For more information on the device pane, see Using the Device Pane, page 171.
• When you double-click a device in the Sites and Devices tree or in the Physical Containers tree,
APSolute Vision displays the device-properties pane and the last perspective that you viewed on
the device along with the corresponding content area.
• In the context of role-based access control (RBAC) RBAC, Sites and Logical Groups enable
administrators to define the scope of each user. For more information on RBAC, see Role-Based
Access Control (RBAC), page 85.
• For more information on Logical Groups, see Using Logical Groups of Devices, page 199.
Note: If the status of the Right to Use license is Invalid, the device icon in the device pane
has a red slash through it— for Alteon and LinkProof NG, for ADC-VX, for AppWall, and
for DefensePro.
Device-Properties Pane
When you select a single device in the device pane, all APSolute Vision perspectives display the
device-properties pane (see Figure 22 - Vision Settings View (Showing the System Perspective),
page 58, Figure 24 - Configuration Perspective—Alteon and LinkProof NG, page 64, Figure 28 -
Monitoring Perspective—Alteon and LinkProof NG, page 66, Figure 29 - Monitoring Perspective—
DefensePro, page 67, Figure 30 - DefensePro Security Monitoring Perspective—Showing the
Security Dashboard, page 68).
When you select multiple devices in the device pane, APSolute Vision displays the multi-device view.
For more information, see Using the Multi-Device View and the Multiple Devices Summary,
page 196.
When you select a single device in the device pane, the device-properties pane displays the
following parameters:
• The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device
name.
• An icon showing whether the device is locked.
• A picture of the device front panel. When the device is locked, you can click the button to
reset or shut down the device.
• Status—The device general status: Up, Down, or Maintenance.
• Locked By—If the device is locked, the user who locked it.
• Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, Radware DefensePro
DDoS Mitigation for Cisco Firepower, and LinkProof NG devices)—This field displays the platform
and form factor.
• Platform (displayed only for DefensePro devices)—The platform type, for example x420.
• Mngt IP—The host or IP address of the devices.
• Version—The device version.
• MAC—The MAC address.
• License (displayed only for Alteon, AppWall, and LinkProof NG devices)—The license for the
device.
• APM License (displayed only for Alteon)—The pages-per-minute limit of the APM license.
• HA Status (displayed only for Alteon, Radware DefensePro DDoS Mitigation for Cisco Firepower,
and LinkProof NG devices)—The high-availability status of the device. For Alteon and LinkProof
NG: Active, Standby, or DISABLED. For DefensePro: Standalone, Primary, or Secondary.
• Init (displayed only for AppWall devices)—The init status, for example Ended with
Successfully or Ended with Errors.
• Device Driver—The device driver name.
• User Role—The RBAC role that the user has for the selected device. The User Role parameter
clarifies situations where the configuration of a user includes multiple devices (scopes) and
differing roles. For more information on RBAC users and role-scope pairs, see Managing
APSolute Vision Users, page 83.
Configuration Perspective
Use the Configuration perspective to configure Radware devices.
Choose the device to configure in the device pane.
You can view and modify device configurations in the content pane.
When APSolute Vision manages Alteon or LinkProof NG:
• You choose the standalone, VA, or vADC device to configure in the device pane Sites and
Devices tree.
• You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.
Content pane.
The following points apply to all configuration tasks in the Configuration perspective:
• To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 189.
• When you change a field value (and there is configuration that is pending Submit action), the
tab title changes to in italics with an asterisk (*).
• By default, tables display up to 20 rows per table page.
• You can perform one or more of the following operations on table entries:
— Add a new entry to the table, and define its parameters.
— Edit one or more parameters of an existing table entry.
— Delete a table entry.
— Device configuration information is saved only on the managed device, not in the APSolute
Vision database.
To commit information to the device, you must click Submit when you modify settings in a
configuration dialog box or configuration page.
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the change
without an immediate reboot. When you submit a change without a reboot, the Properties pane
displays a “Reboot Required” notification until you reboot the device.
For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (global-
command) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new
configuration requires an Apply or Save operation to take effect, the button is displayed with an
orange icon.
For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If
the configuration requires an Apply operation to take effect, the button is displayed with an orange
icon.
For DefensePro, click Update Policies to implement policy-configuration changes if necessary.
Policy-configuration changes for a device are saved on the device, but the device does not apply the
changes until you perform a device-configuration update. For DefensePro 7.x versions 7.32 and
later, if the new configuration requires an Update Policies operation to take effect, the button is
displayed with an orange icon.
2. Lock the device by clicking the icon in the device-properties pane. The icon changes to
Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.
Content pane.
Device-properties pane.
DefensePro configuration-management buttons.
Content pane.
The Security Monitoring perspective is available for single devices and also for multiple devices.
Security monitoring for multiple devices supports two report categories: the Dashboard View and
Traffic Monitoring. Security monitoring for single devices supports two additional report categories:
Protection Monitoring and HTTP Reports.
You can filter the Sites and devices that APSolute Vision displays. The filter does not change the
contents of the tree, only how APSolute Vision displays the tree to you.
For DefenseFlow and DefensePro, the Security Monitoring perspective includes the following tabs:
• Dashboard View—Comprises the following:
— Security Dashboard—A graphical summary view of all current active attacks in the
network with color-coded attack-category identification, graphical threat-level indication,
and instant drill-down to attack details.
— Current Attacks—A view of the current attacks in a tabular format with graphical notations
of attack categories, threat-level indication, drill-down to attack details, and easy access to
the protecting policies for immediate fine-tuning.
• Traffic Monitoring—A real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.
Note: For more information on the Security Monitoring perspective, see Using Real-Time Security
Monitoring, page 583.
Related Documentation
See the following documents for information related to APSolute Vision:
• APSolute Vision Release Notes—See this for information about:
— What's new in the version
— Supported platforms
— Hardware specifications
— Capacity specifications
— Maintenance fixes
— Known limitations
• APSolute Vision Installation and Maintenance Guide—See this for information about:
— Installing APSolute Vision
— Initializing APSolute Vision
• APSolute Vision online help—See this for information about configuring Radware devices that
APSolute Vision manages.
• Installation and maintenance guides, user guides, release notes, and so on, for Radware
application-delivery-control (ADC) and security products, modules, and services—See these for
information not included in the APSolute Vision online help.
• APSolute Vision Analytics (AVA) User Guide—See this for information about APSolute
Vision Analytics.
• APSolute Vision Reporter (AVR) documentation—See the AVR user guide and online help
for information about APSolute Vision Reporter (AVR) and how to use it.
• Application Performance Monitoring (APM) documentation—See the APM user guide,
online help, and Troubleshooting and Technical Guide for information about APM and how to use
it.
• APSolute Vision REST API documentation—See this for information about the APSolute
Vision REST API and how to user it.
• vDirect documentation—See this for additional information about vDirect and how to user it.
Notes
• For the latest Radware product documentation, download it from
https://portals.radware.com.
• The APSolute Vision REST API documentation for APSolute Vision version 4.60 is available on the
Radware website at
https://webhelp.radware.com/Vision/REST/4_60_00/index.html.
Notes
• For information about installing the APSolute Vision server, see the APSolute Vision Installation
and Maintenance Guide.
• For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 83.
Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:
• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute
Vision terminates the session.
Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter
without typing anything, the installation will proceed.
11. Type the interface identifier—for example, G1 or G2 (case-sensitive)—that is, the interface that
the APSolute Vision clients access, and then, press Enter.
Notes
— When APSolute Vision is running on the OnDemand Switch VL2 (ODS-VL2) platform, the
relevant identifiers are G3 and G5 (case-sensitive).
— The installation program checks whether there are connected interfaces, and it displays their
identifiers. If there are no connected interfaces, a “No link detected” message is displayed.
— The interface identifiers that are supported depend on the APSolute Vision form factor.
12. Review the values.
13. Type one of the following values:
— y —yes, that is, you accept the values.
— N —no, that is, you need to go back and change one or more values.
The initialization script asks whether you want to change the root user password.
14. Change the root user password if required.
Note: For information on how to change the default passwords, see APSolute Vision CLI
Commands, page 649.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 649.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 649.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 649.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 649.
Notes
• For the most up-to-date information, please refer to the APSolute Vision Release Notes.
• For more information, see APSolute Vision Specifications and Requirements, page 833.
• For the list of required UDP/TCP ports, see UDP/TCP Ports and IP Protocols, page 833.
Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision
WBM, there is sometimes a problem when downloading files. You can fix the problem by updating
the Windows registry. The update tells IE to open JSON documents in the browser. In the update,
the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the “Browse in place”
action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00
and update the Windows registry with the following:
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
Note: The CLI command net ip get displays the ports and the MAC addresses.
Up to 50 users can access the APSolute Vision server concurrently.
Note: Users with the Administrator role can manage APSolute Vision users. For information on
managing APSolute Vision users, see Managing APSolute Vision Users, page 83.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your
credentials and privileges may be managed through an authentication server or through the local
APSolute Vision user database.
After successful authentication, the user’s role is assigned. The role determines the devices that the
user is authorized to manage. Furthermore, the role determines which content panes, menus, and
operations the user can access. The assigned role remains fixed throughout the user session.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 105). If the user uses credentials
from an authentication server (for example, a RADIUS server), you must contact the administrator
of that authentication server.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 83.
— The language of the APSolute Vision graphical user interface. Click the arrow next to the
name of the current language to open the language drop-down list and select the language
that you require.
Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware
recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System
perspective, General Settings > Connectivity > Timeout).
Notes
• For information about password requirements, see APSolute Vision Password Requirements,
page 108.
• For more information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 83.
Parameter Description
Current Username (Read-only) The current username.
Current Password Your current password.
New Password Your new password.
Confirm New Password Your new password.
Parameter Description
Default Landing Page The page that APSolute Vision displays when you open APSolute
Vision WBM.
Values:
• None—When you open APSolute Vision WBM, you land in the
default page configured on the APSolute Vision server (see
Configuring APSolute Vision Display Parameters, page 163).
• Application SLA Dashboard—When you open APSolute Vision
WBM, you land on the Application SLA Dashboard (see Using
the Application SLA Dashboard, page 561).
• Security Control Center—When you open APSolute Vision WBM,
you land on the Security Control Center (see Using the Security
Control Center, page 564).
• Operator Toolbox—When you open APSolute Vision WBM, you
land on the Toolbox (see Using the Toolbox, page 221).
• Service Status Dashboard—When you open APSolute Vision
WBM, you land on the Service Status Dashboard (see Using the
Service Status Dashboard, page 570).
Default: None
Note: Your user role and scope determines the available options.
If you do not have permission to view the default page configured
on the APSolute Vision server, you land in the first permitted tab
of the APSolute Vision Settings view. For information on user
roles and scopes, see Managing APSolute Vision Users, page 83.
Note: For more information about the Radware products that APSolute Vision supports, see the
relevant product user guides and related documentation.
Notes
• You can configure and control a managed device only when the device is locked (see Locking
and Unlocking Devices, page 189).
• The APSolute Vision documentation shows icons/buttons in their colored state.
Duplicate Opens an “Add New...” tab, which is populated with the values
from the selected entry, except for the indexes.
Delete Deletes the selection.
View Opens a “View...” tab to view the values of the selected entry.
— If a table column displays a drop-down list (with an arrow, like this, ), click
the arrow and select the value to filter by.
— If the table column displays a white, text box (like this, ), type the value to
filter by.
Notes
— For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a
match if the string that you enter is merely contained in a value. For example, if you enter
ser in the text box, the filter returns rows with the values ser, service1, and service2.
— If the box at the top of a column is gray (like this, ), you cannot filter
according to that parameter.
Caution: Radware recommends that the radware user be used by customers for disaster recovery
and kept secret from all other administrators.
The radware user can create and manage additional local users and their individual and global user
settings.
The radware user cannot be deleted.
The radware user is authenticated only in the Local Users table, regardless of whether the system is
configured to use a different authentication method. That is, the radware user cannot be overridden
by the configuration of an authentication server (see Managing Connections to Authentication
Servers, page 137).
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
The radware user can change the password of the radware user in the CLI or in the login dialog box.
For more information, see the APSolute Vision User Guide.
To log in to APSolute Vision for the first time as the radware user
1. In your Web browser, enter the hostname or IP address of the APSolute Vision server.
2. In the login dialog box, specify the following:
— Username—The name of the user, radware.
— Password—The password for the radware user.
3. Click Log In.
Notes
• The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter
users.
• You cannot delete the radware, defenseflow, msspportal, and reporter users. They are defined,
managed, and authenticated only in the Local Users table, regardless of whether the system is
configured to manage other users through an authentication server.
• The reporter user is used by APSolute Vision Analytics.
• If you require a DefenseFlow or MSSP Portal platform to be authenticated remotely—for
connections from a DefenseFlow or MSSP Portal platform to APSolute Vision, you can create a
SYSTEM_USER on the remote authentication server, and configure DefenseFlow or MSSP Portal
to use that user rather than the built-in defenseflow or msspportal user.
• For information about how to configure DefenseFlow, see the DefenseFlow Installation and User
Guide.
• For information about how to configure MSSP Portal, see the MSSP Portal Deployment and
Operator Guide.
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
A user with the Administrator or User Administrator role can create, edit, and manage local APSolute
Vision users.
Notes
— For more information on Logical Groups, see Using Logical Groups of Devices, page 199.
— For information on permission conflicts, see Rules for RBAC Permission Conflicts with Logical
Groups, page 95.
Caution: If the name of an APSolute Vision Site or Logical Group changes and an authentication
server authenticates users, you must reconfigure the user scopes on the authentication server.
If the name of an APSolute Vision Site or Logical Group changes and APSolute Vision authenticates
the users locally, APSolute Vision updates the relevant scopes for the users.
Every role must be assigned a scope—except for the following roles, which APSolute Vision always
configures with the All scope:
• Administrator
• System User
• User Administrator
• Vision Administrator
Caution: When defined through an authentication server, users with the Administrator, User
Administrator, System User, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).
Users with a proper role can access the APSolute Vision GUI and can see the Alerts Table pane, but
APSolute Vision limits the alert-display according to device permissions.
Note: APSolute Vision RBAC functionality is separate from the functionality of user accounts on the
devices themselves.
The following table lists the predefined roles and the corresponding IDM strings. The relevance and
descriptions for the predefined roles may depend on the device type.
Role Description
ADC + Certificate The union of ADC Administrator and Certificate Administrator roles.
Administrator Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Can access Security Monitoring perspective.
ADC Administrator Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Can access Security Monitoring perspective.
ADC Operator Has read-only permission on the configuration of ADC devices and general
device control.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Administrator Can access the CLI and can perform all actions and access all functionality.
Can use DefenseFlow. For details, see the DefenseFlow documentation.
Role Description
Certificate Has control over the Certificate Repository and the Client Authentication Policy
Administrator in the Configuration perspective.
Can view the Alerts Table.
Can access the Monitoring perspective.
Can perform all functions related to Alteon and LinkProof NG, but some
functions are read-only.
Can view the Application SLA Dashboard.
Device Has full control over devices for which the user has credentials.
Administrator Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Can export a policy file from the Protection Policies table (Network Protection
Policies table and Server Protection Policies table in earlier versions).
Can access the Templates tab.
Device Can access all Configuration-perspective panes and Monitoring-perspective
Configurator panes, and has full control over the Setup, Networking, Device Security and
Advanced parameter tabs of the Configuration perspective of the devices for
which the user has credentials.
Can perform all Configuration and Monitoring pane perspective functions of the
devices for which the user has credentials, excluding AppShapes.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Device Operator Has full control over all Monitoring perspective panes and can access the
Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG, including
AppShapes, but some functions are read-only.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Device Viewer Can access all devices for which the user has credentials.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Real Server Can lock and unlock an Alteon device for which the user has credentials.
Operator Can access the Monitoring perspective with the following permissions with
read-write access to the following nodes (all other nodes are hidden):
• Application Delivery > Virtual Service > Real Servers
• Application Delivery > Virtual Service > Server Groups
Can view the Alerts Table.
Can view the Application SLA Dashboard.
Role Description
Security Can configure and manage network and server security, ACL policies, and so
Administrator on.
Can export a policy file from the Protection Policies table (Network Protection
Policies table and Server Protection Policies table in earlier versions) and
Server Protection Policies table. Furthermore, can open the Advanced Toolbox
tab, and can see and use the DefensePro Configuration Templates node.
Can view the Alerts Table.
Can use DefenseFlow. For details, see the DefenseFlow documentation.
Security Monitor Has full control over Security Monitoring and APSolute Vision Reporter.
System User Can access APSolute Vision through the REST interface (only) and can perform
all actions and access all functionality.
User Administrator Can access the APSolute Vision Settings view System perspective, and in it,
can create and manage users. Cannot view other elements in the APSolute
Vision Settings view System perspective.
Vision Can access the CLI except for system snmp community and system snmp
Administrator trap target —and can perform all actions and access all functionality,
except for user management and authentication protocols (RADIUS Settings
and TACACS+ Settings).
Can use DefenseFlow. For details, see the DefenseFlow documentation.
Can view the Alerts Table.
Vision Reporter Has full control over APSolute Vision reporting capabilities (APM, AVR, and
DPM).
Can use DefenseFlow. For details, see the DefenseFlow documentation.
1 – Yes, but only using the REST interface. This role does not allow access to the APSolute
Vision GUI (that is, Web Based Management).
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
ADC + Yes Yes Yes Yes Yes, but only User No No Yes Yes No No Yes Yes No
Certificate Preferences and
Administrator Device Backups
ADC Yes Yes, except for Yes Yes Yes, but only User No No Yes Yes Yes No Yes Yes No
Administrator Certificate Repository, Preferences and
which is read-only Device Backups
ADC Operator Yes Yes, but read-only Yes No Yes, but only User No No No No Yes No Yes Yes No
Preferences and
Device Backups
Administrator Yes Yes Yes Yes Yes, all Yes Yes Yes Yes Yes Yes Yes Yes Yes
Certificate Yes Yes, but read-only, Yes, but read- No Yes, but only User No No No No No No No No No
Administrator except for read-write only Preferences and
access to Certificate Device Backups
Repository and the Client
Authentication Policy
Device Yes Yes Yes Yes Yes, but only User Yes Yes Yes Yes Yes Yes Yes Yes No
Administrator Preferences and
Device Backups
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
Device Yes Yes, but some items are Yes, but some No Yes, but only User Yes No No No No No Yes Yes No
Configurator read-only items are read- Preferences and
only (for Device Backups
example, real-
server status)
Device Yes Yes, but read-only Yes No Yes, but only User Yes No No No Yes No Yes Yes No
Operator Preferences and
Device Backups
Device Viewer No Yes, but read-only Yes, but read- Yes Yes, but only User No No No No No Yes No Yes No
only Preferences and
Device Backups
Real Server Yes No Yes, but limited No Yes, but only User No No No No No No No No No
Operator to Real Servers Preferences
and Server
Groups nodes
Security Yes Yes Yes Yes Yes, but only User Yes Yes No No Yes Yes No No No
Administrator Preferences and
Device Backups
Security No No No Yes Yes, but only User No No No No Yes Yes No No No
Monitor Preferences
System User Yes, but REST interface only1
User No No No No Yes, but only User No No No No No No No No No
Administrator Preferences and User
Management settings
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
Vision Yes Yes Yes Yes All, but excluding Yes Yes Yes Yes Yes Yes Yes Yes
Administrator User Management
settings and
authentication
protocols2
Vision No No No No Yes, but only User No No No No Yes Yes Yes Yes No
Reporter Preferences
1 – Users with the System User role can perform all actions and access all functionality but can access APSolute Vision only using the
REST interface. The System User role does not allow access to the APSolute Vision GUI (Web Based Management).
2 – That is, RADIUS Settings, TACACS+ Settings, and LDAP Settings.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, and a Logical
Group named MyLG. Device-1 is a member of MyLG. The configuration of User-A contains two role-
scope pairs. One role-scope pair is Configurator–Device-1. The other role-scope pair is Operator–
MyLG. APSolute Vision grants User-A the role of Configurator on Device-1.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, a Site named
MySite, and a Logical Group named MyLG. Device-1 is a member of MySite and MyLG. The
configuration of User-A contains two role-scope pairs. One role-scope pair is Configurator–MySite.
The other role-scope pair is Operator–MyLG. APSolute Vision grants User-A the role of Configurator
on Device-1.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, a Logical Group
named MyLG-X and a Logical Group named MyLG-Y. Device-1 is a member of MyLG-X and MyLG-Y.
The configuration of User-A contains two role-scope pairs. One role-scope pair is
ADC-Administrator–MyLG-X. The other role-scope pair is Device-Viewer–MyLG-Y. APSolute Vision
grants User-A the role of ADC Administrator on Device-1.
The following table lists the access levels that APSolute Vision uses to determine a user’s RBAC role
for a device, when the device is a common member of multiple Logical Groups. The role with the
highest level takes precedence.
Table 8: Access Levels for Determining a User’s RBAC Role for a Device, when the Device Is a
Common Member of Multiple Logical Groups
Level Role
1 Administrator
2 Vision Administrator
3 System User
4 User Administrator
5 Device Administrator
6 Security Administrator
7 ADC + Certificate Administrator
8 ADC Administrator
9 Certificate Administrator
10 Device Configurator
11 Device Operator
12 ADC Operator
13 Real Server Operator
14 Device Viewer
15 Security Monitor
16 Vision Reporter
Parameter Description
Authentication Mode The user-authentication method that APSolute Vision uses.
The Administrator or User Administrator user can specify the
user-authentication method for all APSolute Vision interfaces.
The setting is retained after reboot of the APSolute Vision
server, and it is included in the APSolute Vision configuration
backup and restore operations.
Values:
• LDAP—An LDAP server stores the credentials of and
authenticates the APSolute Vision users (see Configuring
LDAP Server Connections, page 149). If the primary LDAP
server and, if defined, secondary LDAP server is down, user
authentication fails over to the Local Users table (see
Configuring Local Users for APSolute Vision, page 99).
• Local—The Local Users table stores the credentials of and
authenticates the APSolute Vision users (see Configuring
Local Users for APSolute Vision, page 99).
• RADIUS—A RADIUS server stores the credentials of and
authenticates the APSolute Vision users (see Managing
RADIUS Server Connections, page 137). If the primary
RADIUS server and, if defined, secondary RADIUS server is
down, user authentication fails over to the Local Users
table (see Configuring Local Users for APSolute Vision,
page 99).
• TACACS+—A TACACS+ server stores the credentials of and
authenticates the APSolute Vision users (see Managing
TACACS+ Server Connections, page 142). If the primary
TACACS+ server and, if defined, secondary TACACS+
server is down, user authentication fails over to the Local
Users table (see Configuring Local Users for APSolute
Vision, page 99).
Default: Local
Maximum Password Challenges The number of consecutive unsuccessful password entries
before a user is locked out.
Values: 3–10
Default: 3
Parameter Description
Default Password for Other Users The default password that new users enter on initial login or
after password reset—except for the following users: radware,
defenseflow, msspportal, and reporter.
Notes:
• You can configure the initial password for an individual
user. For more information, see Table 14 - User: Password
Parameters, page 104.
• The radware user can change the password at any time or
on expiration.
• The defenseflow user has a special password. For
DefenseFlow version 2.5 and later, the password for both
APSolute Vision and DefenseFlow must match.
• The reporter user (which APSolute Vision Analytics uses)
has a special password.
• The password for other users cannot be the same as the
name of the user.
Confirm Default Password for The value for confirmation of Default Password for Other
Other Users Users.
Password Validity Period The number of days from password creation until that
password expires. When you change this value, the new value
is applied to any subsequently created passwords; current
passwords are not affected by the change.
Values: 1–3670
Default: 30
User Statistics Storage Period The number of days the user statistics information is stored
before being deleted.
Values: 1–3670
Default: 30
Inactivity Timeout Period for CLI The time, in days—following the initial login, that APSolute
Access of Non-Local Users Vision allows CLI access to users who are defined in an external
authentication server (RADIUS, TACACS+, or LDAP). Any
subsequent login to APSolute Vision (either CLI or WBM) resets
the timer. A user who has timed out can reactivate CLI access
by logging in to APSolute Vision WBM.
Values: 30–3650
Default: 365
Note: To activate CLI access, all users defined in an external
authentication server must log in to APSolute Vision WBM at
least once.
Last Passwords Saved The number of passwords that APSolute Vision saves for a user
to prevent the user from reusing a recently expired password.
Values: 2–100
Default: 3
Parameter Description
User Must Change Password at Specifies whether all users must change their password when
First Login logging in for the first time to the APSolute Vision server.
Default: Disabled
Note: The value for this parameter applies to when the user
is created, and does not change. For example, if the value
for this parameter is enabled when the user is created, and
then the value changes to disabled—but the user has not yet
logged in, the user will be required to change his/her
password when he/she first logs in.
Besides the Local Users table, APSolute Vision users can be authenticated through an authentication
server (see Managing Connections to Authentication Servers, page 137). When the authentication
server is down, user authentication fails over to the Local Users table.
Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware
recommends that administrator users be defined also in the Local Users table. Having users defined
also in the Local Users table is for fall-back access to APSolute Vision in case the authentication
server is not available.
Note: The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter
users. You cannot delete them or modify their role and/or scope assignment.
Caution: Users with the name admin (case-insensitive) cannot be created in the APSolute Vision
Local Users table. If a user with the name admin (case-insensitive) is defined in an external, RADIUS
or TACACS+ authentication server, or was created in the Local Users table prior to APSolute Vision
version 3.30, the user can log in to APSolute Vision, but that user will not be able to log in to the
AVR.
For information about setting global user configurations, see Configuring General User-Management
Settings, page 96.
Parameter Description
User Name The username used for login.
User Full Name The user’s full name.
Language The default display language for the user.
Notes:
• The Default Display Language parameter (see Configuring
APSolute Vision Display Parameters, page 163) determines the
default value.
• A user can change his/her own display language, by opening
the User drop-down dialog box (from the APSolute Vision
toolbar, in the User ribbon at the at the far right) and selecting
the language from the drop-down list of languages.
Scope The scopes of devices, which are organized according to the Sites
and Devices tree and Physical Containers tree in the device pane.
A scope can be one of the following:
• An individual device.
• A Site, with all of its devices.
• A Logical Group—The user’s scope dynamically updates,
according to the devices in the Logical Group. That is, when the
device-set of a Logical Group changes, the user’s scope
changes accordingly. For more information, see Rules for RBAC
Permission Conflicts with Logical Groups, page 95 and Using
Logical Groups of Devices, page 199.
• [All]—The All scope contains all devices and the APSolute
Vision server.
The displayed scopes for each user represent the devices that the
user can access. Each scope in the list is associated with a
corresponding role that defines the permissions for the user on
those devices.
Users defined through an authentication server with the
Administrator, User Administrator, or Vision Administrator role
must be configured with the scope [ALL] (including the square
brackets).
Parameter Description
Role The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.
Contact Info The user’s contact information—organization, address, and phone
number.
Password Expiration Date The date on which the current password expires.
Active User Specifies whether the user is currently enabled.
Values:
• Yes—The user is currently enabled.
• No—The user is currently suspended and cannot log in.
Currently Locked Out Specifies whether the user is currently locked out.
Created On The date on which the user was created.
Last Password Change The date on which the user password was last changed.
Last Lockout The date on which the user was last locked out.
Note: You cannot modify the role and/or scope assignment of the radware, defenseflow,
msspportal, and reporter users.
By default, a new user is not associated with any scope or role.
You can only add a scope once for each user. You cannot add a scope that contains devices that are
already in a scope associated with the user.
For DefensePro devices, after you configure the role-scope pair, you can configure the security-
monitoring access for the user. Security-monitoring access defines what security data the user sees
in the Security Monitoring perspective and APSolute Vision Reporter according to specified
DefensePro Protection policies.
Caution: Do not configure more than 300 explicit device-policy pairs for DefensePro security-
monitoring access—for any user. If there are more than 300 explicit device-policy pairs for a user,
the Security Monitoring Dashboard View might not function properly for the user.
Note: The terms Protection Policy, Network Protection Policy, and network policy may be used
interchangeably in APSolute Vision and in the documentation.
— To add a new role-scope pair, click the (Add) button in the tab toolbar.
Note: For information, see Role and Scope in Table 10 - Local User Table Parameters,
page 100, and Role-Based Access Control (RBAC), page 85.
5. Click Submit.
6. Configure the rest of the user parameters, and click Submit.
Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is
populated with the values from the selected row, except for the indexes.
Note: At the initial login, a new user enters the password and is then prompted to create a new
password. Users can always change their own passwords at login. For more information, see
Changing Passwords for Local Users, page 77. The initial password can be a default password (see
Table 9 - User Management Settings, page 97) or a personal password configured for the specific
user (see Table 14 - User: Password Parameters, page 104).
Parameter Description
User Name The username used for login. This field is mandatory.
The name should start with a letter or an underscore.
After the first character, the remaining characters can be letters,
numbers, underscores, hyphens, or periods (dots).
Maximum characters: 32
Notes:
• APSolute Vision usernames are not case-sensitive when logging
in to APSolute Vision WBM.
• APSolute Vision usernames are case-sensitive when logging in to
the APSolute Vision CLI.
• APSolute Vision user passwords are case-sensitive.
• The user password cannot be the same as the user name.
User Full Name The user’s full name. This field is optional.
Language The default display language for the user.
Notes:
• The Default Display Language parameter (see Configuring
APSolute Vision Display Parameters, page 163) determines the
default value.
• The user can change his/her own display language. To do this,
the user clicks the user name at the right of the APSolute Vision
toolbar and selects the required language in the drop-down
dialog box.
Parameter Description
User Roles and Scopes The specified role for the user on the specified device or devices for
which the user has credentials.
Note: For information, see Role and Scope in Table 10 - Local
User Table Parameters, page 100, and Role-Based Access Control
(RBAC), page 85.
Authorized Network Policies The DefensePro Protection policies that the user is authorized to
for Security Monitoring monitor in the Security Monitoring perspective.
Note: For more information, see the procedure below, To
configure the DefensePro Protection policies whose security data
the user can access in the Security Monitoring perspective and
APSolute Vision Reporter, page 104.
Parameter Description
These fields are optional.
Organization The user’s organization.
Address The user’s address.
Phone Number The user’s phone number.
Parameter Description
These fields are optional.
If you specify no password, APSolute Vision uses the default password for new users.
Note: For more information, see Default Password for Other Users in Table 9 - User
Management Settings, page 97.
Password The initial password for the new user.
Note: The user password cannot be the same as the user name.
Confirm Password The value for confirmation of Password, when you specify the initial
password for the new user.
To configure the DefensePro Protection policies whose security data the user can access
in the Security Monitoring perspective and APSolute Vision Reporter
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Permissions tab, under the title Authorized Network Policies for Security
Monitoring, configure the Selected table with the Protection policies whose security data the
user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Notes
• By default, users have access to all policies of all devices in their scope.
• When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in
the Policy Name column. This signifies that the user can access all policies for each permitted
device. A user must be authorized for all network policies of a device ([ALL]) or for selected
network policies of a device. When you move a policy from the Available table to the Selected
table, [ALL] values move automatically from the Selected table to the Available table.
• A change to Authorized Network Policies for Security Monitoring takes effect the next
time the user logs in, and does not affect current ongoing sessions.
Deleting Users
Deleting a user removes the user from the Local Users table.
Notes
• The radware, defenseflow, msspportal, and reporter users cannot be deleted.
• You can suspend a user without removing the user from the table. For more information, see
Revoking and Enabling Users, page 106.
To delete a user
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Local Users table, select the username, and click the (Delete) button in the tab toolbar.
3. Click Yes in the confirmation box.
2. In the Local Users table, select the usernames that you want to unlock, and click (Unlock
Selected Users).
3. Reset the user password to the default, see Resetting User Passwords to the Default, page 105.
Notes
• You cannot reset the password of the radware user. If the radware user is locked out for any
reason, contact Radware Technical Support.
• You cannot reset the password of the reporter user.
2. In the Local Users table, select the usernames whose password you want to reset, and click
(Reset Selected User Password).
Caution: If you revoke the defenseflow user, DefenseFlow version 2.5 and later cannot
communicate with APSolute Vision.
Note: For information on how to delete a user from the Users table, see Deleting Users, page 105.
To revoke a user
1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. In the Local Users table, select the usernames, and click (Revoke Selected Users). The value
in the Active User column of the user in the Local Users table changes from Yes to No.
2. In the Users table, select the usernames, and click (Enable Selected Users). The value in the
Active User column of the user in the Local Users table changes from No to Yes.
Note: For the list of predefined roles, see Table 5 - Predefined Roles, page 88.
— To add a new role-scope pair, click the (Add) button in the tab toolbar.
Note: For information on roles, see Role-Based Access Control (RBAC), page 85.
6. Click Submit.
7. Repeat step 4 through step 6 to configure all the role-scope pairs for the permission.
8. (Optional) If you are using DefensePro, under the title Authorized Network Policies for
Security Monitoring, configure the Selected table with the Protection policies whose security
data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Note: A change to Authorized Network Policies for Security Monitoring takes effect the
next time the user logs in, and does not affect current ongoing sessions.
9. Click Submit.
Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is
populated with the values from the selected row, except for the indexes.
Example
Using the examples in step 3 in the procedure above, if some user who is a member of the
financeTeam group successfully logs in to the LDAP server, that user is assigned the role-scope pair
as described in step 4 and step 5.
For information about changing individual and default passwords, see the following:
• Changing Passwords for Local Users, page 77
• Configuring General User-Management Settings, page 96
Notes
• The labels of mandatory APSolute Vision parameters are bold.
• When the value of a parameter has changed, before the value is submitted, the label is in italics.
• In the English language display, when a value of a parameter has changed, before the value is
submitted, the tab label is in italics and has an asterisk (*).
• In the Chinese language display, when a value of a parameter has changed, before the value is
submitted, the tab label has a dashed underline.
Parameter Description
Management IP Address The IP address of the of the APSolute Vision server used for
management.
Hostname The name of the APSolute Vision host. The hostname is defined in
the APSolute Vision CLI.
Note: For more information, see System Hostname
Commands, page 700.
Hardware Platform The type of hardware platform of the APSolute Vision server.
Vision Server Uptime The up time of the APSolute Vision server, in days, hours,
minutes, and seconds.
Parameter Description
APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision
server.
Note: APSolute Vision requires that the date and time settings
of the server be configured correctly, relative to the real time—
taking into consideration their defined timezones. Upon
logging into APSolute Vision from your browser, an alert is
generated if a discrepancy of more than 5 minutes is found
between the date and time settings of the server and local
host.
MAC Address of Port G1 The MAC address of the APSolute Vision server G1 port.
MAC Address of Port G2 The MAC address of the APSolute Vision server G2 port.
MAC Address of Port G3 The MAC address of the APSolute Vision server G3 port.
Note: If the port is not supported, the field displays the value
Unsupported.
MAC Address of Port G4 The MAC address of the APSolute Vision server G4 port.
Note: If the port is not supported, the field displays the value
Unsupported.
Table 16: Basic Parameters: General Parameters—When Running on an OnDemand Switch VL2
(ODS-VL2) Platform
Parameter Description
Management IP Address The IP address of the of the APSolute Vision server used for
management.
Hostname The name of the APSolute Vision host. The hostname is defined in
the APSolute Vision CLI.
Note: For more information, see System Hostname
Commands, page 700.
Hardware Platform The type of hardware platform of the APSolute Vision server:
ODS-VL2 for OnDemand Switch VL2.
Vision Server Uptime The up time of the APSolute Vision server, in days, hours,
minutes, and seconds.
APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision
server.
Note: APSolute Vision requires that the date and time settings
of the server be configured correctly, relative to the real time—
taking into consideration their defined timezones. Upon
logging into APSolute Vision from your browser, an alert is
generated if a discrepancy of more than 5 minutes is found
between the date and time settings of the server and local
host.
MAC Address of Port G3 The MAC address of the APSolute Vision server G3 port.
MAC Address of Port G4 This port is not supported, and the field displays the value
Unsupported.
MAC Address of Port G5 The MAC address of the APSolute Vision server G5 port.
Table 16: Basic Parameters: General Parameters—When Running on an OnDemand Switch VL2
(ODS-VL2) Platform (cont.)
Parameter Description
MAC Address of Port G7 The MAC address of the APSolute Vision server G7 port.
Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For
optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade
Commands, page 717.
Parameter Description
Software Version The version of the APSolute Vision server and the following associated
modules:
• APSolute Vision Reporter (AVR)
• Device Performance Monitor (DPM)
• Application Performance Monitor (APM)—The Software Version
box displays the APM row only when APM is installed.
• vDirect
Build The date and build number of the current software version.
Last Upgrade The date and time of the last upgrade.
Upgrade Status The upgrade status.
Values:
• Fresh install
• In progress
• OK
• Failed
Notes
— A password is required for upgrade to all major versions. Upgrade without a password is
allowed when upgrading to minor versions.
— When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL
(ODS-VL) platform, the password is based on the size of the upgrade file and the MAC
address of the APSolute Vision G1 or G2 port, which the Basic Parameters pane displays.
— When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the
password is based on the size of the upgrade file and the MAC address of the APSolute
Vision G3 or G5 port, which the Basic Parameters pane displays.
— Migrating APSolute Vision on the OnDemand Switch VL (ODS-VL) platform to the OnDemand
Switch VL2 (ODS-VL2) platform uses a special procedure, which requires the Administrator
or the Vision Administrator role and root access to the ODS-VL2 operating system. For
information about the migration procedure, see Migrating APSolute Vision from the
OnDemand Switch VL Platform to the OnDemand Switch VL2 Platform, page 722.
— You can request the password from Radware Technical Support. The password is also
available using the password generator at radware.com.
6. Click Upload.
Parameter Description
RAM Size The amount of RAM, in gigabytes.
Note: Radware recommends updating the Attack Description file each time you update the
Signature files on DefensePro devices.
When you update the Attack Description file, APSolute Vision downloads the file directly from
Radware.com or from the enabled proxy file server.
To view the date and time of the last update of the Attack Description file
1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Select the Attack Descriptions File tab. The Attack Descriptions Last Update text box displays
the time of the latest update of the Attack Description file on the APSolute Vision server.
Parameter Description
Timeout The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect to other Radware devices. If the device does not
respond after the configured number of retries, APSolute Vision
notifies the user that the connection failed.
Values: 1–180
Default: 3
Caution: For DefensePro 7.x versions and in networks with high
latency, Radware recommends increasing the SNMP Timeout to
180 seconds (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Timeout).
Retries The number of connection retries to another Radware device, when
the device does not respond.
Values: 1–100
Default: 3
Parameter Description
Port The port used to communicate with Radware devices.
Values: 1–65,535
Default: 161
Parameter Description
Default HTTP Port The default HTTP port that APSolute Vision uses to communicate
with Radware devices. This value is displayed in the HTTP Port text
box in the Device Properties dialog box.
Values: 1–65,535
Default: 80
Default HTTPS Port The default HTTPS port that APSolute Vision uses to communicate
with Radware devices. This value is displayed in the HTTPS Port text
box in the Device Properties dialog box.
Values: 1–65,535
Default: 443
Connection Timeout The time, in seconds, that the HTTP client waits for a response from
the remote host—during the handshake for device configuration—
before disconnecting the socket and returning an exception.
Values: 1–60
Default: 20
Socket Timeout The time, in seconds, that the HTTP client waits for a response from
the remote host—during the data transfer for device configuration—
before disconnecting the socket and returning an exception.
Values: 1–60
Default: 20
Long Operation Connection The time, in seconds, that the HTTP client waits for a response from
Timeout the remote host—during the handshake for certain long file
operations—before disconnecting the socket and returning an
exception.1
Values: 1–1200
Default: 180
Long Operation Socket The time, in seconds, that the HTTP client waits for a response from
Timeout the remote host—during the data transfer for certain long file
operations—before disconnecting the socket and returning an
exception.
Values: 1–1200
Default: 180
Parameter Description
Vision Management Port Specifies the management port on the APSolute Vision server to
which the managed Radware devices send events. Any change of
this parameter takes effect only when you click Register This
APSolute Vision Server for Device Events button. Clicking
Submit in this pane has no effect on this parameter.
Caution: This parameter overwrites the Register APSolute
Vision Server IP parameter.
Remove All Other Targets of Specifies whether—when you click Register This APSolute Vision
Device Events Server for Device Events—the APSolute Vision server removes
(from all the managed devices) all recipients of device events except
for its own address.
Default: Disabled
Note: For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188
and APSolute Vision Server Registered for Device Events—
DefensePro, page 188.
Register This APSolute Vision Registers the APSolute Vision server as a target of the device events
Server for Device Events (for example, traps, alerts, IRP messages, and packet-reporting
(button) data) on all the managed devices.
In Alteon or LinkProof NG, when you click the button and run the
Apply command, APSolute Vision configures itself as a target of the
device events and ensures that the device also sends traps for
authentication-failure events. Alteon or LinkProof NG, by default,
does not send traps for authentication-failure events.
When multiple APSolute Vision servers manage the same
DefensePro device, the device sends the following:
• Traps to all the APSolute Vision servers that manage it. The
Target Address table and the Target Parameters table contain
entries for all APSolute Vision servers.
• Packet-reporting data only to the last APSolute Vision server
that registered on the device.
Note: For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188
and APSolute Vision Server Registered for Device Events—
DefensePro, page 188.
Parameter Description
These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts Table pane displays a success or failure notification
and whether the operation was performed using a proxy server.
Enable Proxy Server Specifies whether the APSolute Vision server uses a proxy server to
download files from Radware.com.
IP Address The IP address of the proxy server.
Port The port of the proxy server.
Use Authentication Specifies whether authentication is required for a successful
connection between the APSolute Vision server and the proxy server.
Username The username for the proxy server.
Password The password for the proxy-server user.
Verify Password The password for the proxy-server user.
Parameter Description
These settings define when to close the user session if there is no activity on either side.
Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a
poll from the WBM within 30 seconds, the server closes the user session.
Inactivity Timeout for The time, in minutes, of inactivity after which the server logs the
Configuration and Monitoring user out of the Configuration or Monitoring perspectives of a
Perspectives managed device, or the APSolute Vision Settings view System
perspective.
If the connection has not yet timed out, any activity in the Security
Monitoring perspective, APM, or DPM also resets the timer.
Values: 1–60
Default: 20
Inactivity Timeout for The time, in minutes, of inactivity in the Security Monitoring
Security Monitoring perspective, APM, or DPM, after which the server logs the user out
Perspective, APM, and DPM of the Security Monitoring perspective, APM, and DPM.
Values: 1–4320
Default: 1440
Parameter Description
Enable Detailed Auditing of Specifies whether the messages that APSolute Vision issues
APSolute Vision Activity regarding APSolute Vision activity include additional information,
such as the new value for a parameter.
For example:
• When an administrator changes a value for a parameter (such as
Device Lock Timeout):
— When the option is disabled, the message gives the name of
the parameter and says that the value was changed.
— When the option is enabled, the message gives the name of
the parameter and the new value.
• When a user administrator changes the contact information of
another user:
— When the option is disabled, the message gives the name of
the user and says that the user’s properties were changed.
— When the option is enabled, the message gives the name of
the user, says that the user’s properties were changed, and
gives the new contact information.
Default: Disabled
Notes:
• When a message refers to a change that a user initiated, the
message includes the username (even when the option is
disabled).
• For a list of log messages corresponding to when this option is
disabled, see Appendix B - APSolute Vision Log Messages and
Alerts, page 739.
Parameter Description
Enable Detailed Auditing of Specifies whether the messages that APSolute Vision issues
Device Configuration regarding configuration changes made on managed devices—from
Changes APSolute Vision—include additional information.
When a user changes a value for a scalar parameter:
• When the option is disabled, the message gives the name of the
scalar and says that the value was changed.
• When the option is enabled, the message gives the name of the
scalar and the new value.
When a user adds or edits an entry to a table:
• When the option is disabled, the message gives the name of the
table and says that a row was added or edited.
• When the option is enabled, the message gives the name of the
table, the table parameters, and the value for each parameter.
When a user deletes an entry in a table:
• When the option is disabled, the message gives the name of the
table and says that a row was deleted.
• When the option is enabled, the message gives the name of the
table and the indexes of the deleted row.
Default: Disabled
Notes:
• When a message refers to a change that a user initiated, the
message includes the username (even when the option is
disabled).
• This parameter does not affect audit messages that the
managed device generates, which APSolute Vision displays in
the Alerts Table pane. This parameter only affects alerts that
APSolute Vision generates itself.
Parameter Description
These settings determine how APSolute Vision forwards the events in the Alerts table to the
configured syslog servers. For more information, see Configuring Syslog Servers for Alerts from
APSolute Vision, page 126.
Enable Syslog Reporting Specifies whether APSolute Vision sends reports and logs to the
configured syslog servers.
Default: Disabled
Enable Encryption Specifies whether APSolute Vision sends the syslog messages
encrypted over TLS.1
Default: Disabled
Parameter Description
CA Certificate The filepath of the CA certificate.1
(This parameter is available To update the certificate
only when the Enable
1. Click the Update button next to this text field. A file browser
Encryption checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3. Click Submit. If successful, the field displays Installed.
Enable Authentication Specifies whether the certificate must be authenticated with a
(This parameter is available private key and a public key.1
only when the Enable Default: Disabled
Encryption checkbox is
selected.)
Authentication Type Values:1
(This parameter is available • Certificate Validation (certvalid)—APSolute Vision checks with
only when the Enable the syslog server that the certificate is valid.
Encryption checkbox is
• Name—APSolute Vision checks with the syslog server that the
selected.)
certificate is valid and includes the specified Permitted Peer in
the certificate subject.
Permitted Peer The string that the certificate subject must include for
(This parameter is available authentication.1
only when the
Authentication Type is
Name.)
Private Key The filepath of the private key.1
(This parameter is available To update the certificate
only when the Enable
1. Click the Update button next to this text field. A file browser
Authentication checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3. Click Submit. If successful, the field displays Installed.
Public Key The filepath of the public key.1
(This parameter is available To update the certificate
only when the Enable
1. Click the Update button next to this text field. A file browser
Authentication checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3. Click Submit. If successful, the field displays Installed.
The configured syslog servers.
For more information, see Configuring Syslog Servers for Alerts from APSolute Vision, page 126.
1 – This parameter applies to all the configured servers (see Configuring Syslog Servers for
Alerts from APSolute Vision, page 126).
Parameter Description
These settings determine how APSolute Vision forwards events via e-mail to the defined recipients.
Examples of such events include:
• Reports and logs from the Alerts Table pane. For more information, see Managing Auditing and
Alerts, page 329.
• Reports from APSolute Vision Analytics. For more information, see the APSolute Vision
Analytics User Guide.
• Email notifications after a specified number of missed configuration-synchronizations. The
configuration-synchronization mechanism uses only two parameters from this tab. For more
information, see System Configuration-Synchronization Commands, page 681.
Enable Specifies whether APSolute Vision sends, via e-mail, reports and logs
from the Alerts Table pane.
Default: Disabled
Note: This parameter relates to reports and logs from the Alerts Table
pane. This parameter does not affect the APSolute Vision Analytics
settings or the APSolute Vision configuration-synchronization
mechanism.
SMTP Server Address The name or IP address of the SMTP e-mail server.
This value of this parameter is shared with the SMTP Server Address
parameter under General Settings > APSolute Vision Analytics
Settings > Email Reporting Configuration.
Caution: If you change this value and click Submit, the SMTP
Server Address under General Settings > APSolute Vision
Analytics Settings > Email Reporting Configuration changes
accordingly.
SMTP User Name The account name used to send e-mail notifications—for example,
Vision@MyCompany.com.
Note: This value of this parameter is not shared with the SMTP User
Name parameter under General Settings > APSolute Vision
Analytics Settings > Email Reporting Configuration.
Subject Header The text that appears in the Subject header of the e-mail.
Default: Alert Notification Message.
From Header The text that appears in the From header of the e-mail.
Default: APSolute Vision
Recipient Email Address The e-mail addresses of the intended recipients. When there are multiple
e-mail addresses, use comma (,), or semi-colon (;) separators.
Email Sending Interval The interval, in seconds, between successive e-mail messages.
Values: 30–3600
Default: 30
Alerts per Email The maximum number of alerts to include in an e-mail message. When
there are more than the maximum number of alerts, multiple e-mail
messages are sent.
Values: 1–60
Default: 30
Parameter Description
Devices
Click to select a subset of managed devices for which to send alerts. If no devices are specified,
APSolute Vision forwards alerts from all the devices to the defined recipients.
Move the required devices from the Available list to the Selected list.
Severity
Critical Select the alert severities for which to send e-mail messages.
Major
Minor
Warning
Information
Module
Device Security Select the modules/mechanisms about which to send e-mail messages.
Device General
Vision General
Vision Configuration
Vision Control
Security Reporting
Trouble Ticket
Operator Toolbox
Vision Analytics Alerts
Device Health Errors
Device Throughput
License Errors
Device Throughput
License Exceeded Errors
Parameter Description
The SNMP Reporting Configuration comprises the following:
• A name
• An Alert Profile (see Configuring SNMP Alert Rules, page 128)
• An Alert Target (see Configuring SNMP Alert Targets, page 129)—that is, an SNMP listener
• Specifying whether the rule is enabled
Parameter Description
These settings determine which events in the in the Alerts table APSolute Vision forwards to the
configured SNMP listeners (targets). For more information, see Managing Alert Profiles, page 130.
Parameter Description
Refresh Interval The interval, in seconds, that APSolute Vision refreshes the Alerts
table with the latest messages.
Values: 5–300
Default: 5
Parameter Description
Enable Server Specifies whether the server is enabled.
Default: Disabled
Report Specifies whether APSolute Vision reports all messages received
(This parameter is available by the Alerts Table pane or only audit messages.
only when the Enable Server Values: All Messages, Audit Messages
checkbox is selected.) Default: All Messages
Syslog Server Address The IP address of the device running the syslog service.
(This parameter is available
only when the Enable Server
checkbox is selected.)
L4 Destination Port Values: 1–65,535
(This parameter is available Default: 514
only when the Enable Server
checkbox is selected.)
Parameter Description
Syslog Facility The facility for all APSolute Vision syslog reporting. The list
(This parameter is available includes facilities as defined in RFC 3164.
only when the Enable Server Values:
checkbox is selected.) • Local Use 0
• Local Use 1
• Local Use 2
• Local Use 3
• Local Use 4
• Local Use 5
• Local Use 6
• Local Use 6
• Local Use 7
• Log Audit
• User-Level Messages
Default: Log Audit
Note: Change the default if the syslog server uses this facility
for reports from another system.
Devices
Click to select a subset of managed devices for which to send alerts. If no devices are specified,
APSolute Vision forwards alerts from all the devices to the syslog server.
Move the required devices from the Available list to the Selected list.
Severity
By default, all the checkboxes are selected.
Critical Specifies whether to include alerts of this severity in syslog
messages.
Major Specifies whether to include alerts of this severity in syslog
messages.
Minor Specifies whether to include alerts of this severity in syslog
messages.
Warning Specifies whether to include alerts of this severity in syslog
messages.
Information Specifies whether to include alerts of this severity in syslog
messages.
Module
By default, all the checkboxes are selected.
Device Security Specifies whether to include alerts regarding this module in syslog
messages.
Device General Specifies whether to include alerts regarding this module in syslog
messages.
Vision General Specifies whether to include alerts regarding this module in syslog
messages.
Vision Configuration Specifies whether to include alerts regarding this module in syslog
messages.
Parameter Description
Vision Control Specifies whether to include alerts regarding this module in syslog
messages.
Security Reporting Specifies whether to include alerts regarding this module in syslog
messages.
Trouble Ticket Specifies whether to include alerts regarding this module in syslog
messages.
Operator Toolbox Specifies whether to include alerts regarding this module in syslog
messages.
Parameter Description
Name The name of the Alert Rule.
Maximum characters: 32
Profile The Alert Profile of the Alert Rule. (See the procedure To configure an Alert
Profile, page 130.)
Targets The SNMP Target of the Alert Rule. (See the procedure To configure an
SNMP Alert Target, page 129.)
Enabled Specifies whether the Alert Rule is enabled.
Default: Disabled
Parameter Description
Name The name of the Alert Rule.
Maximum characters: 32
SNMP Server IP Address The IP address of the SNMP server.
Port The Layer 4 port on the SNMP server.
Values: 1–65535
Default: 162
SNMP Version The SNMP version that APSolute Vision uses for the connection.
Values: SNMPv2c, SNMPv3
Default: SNMPv3
SNMP Community The SNMP community name.
(This parameter is displayed
only when SNMP Version is
SNMPv2c.)
User Name The username for the SNMP connection.
(This parameter is displayed Maximum characters: 32
only when SNMP Version is
SNMPv3.)
Use Authentication Specifies whether APSolute Vision authenticates the user for a
(This parameter is displayed successful connection.
only when SNMP Version is Values: Enabled, Disabled
SNMPv3.) Default: Disabled
Authentication Protocol The protocol that APSolute Vision uses for authentication.
(This parameter is available Values: MD5, SHA
only when the Use Default: SHA
Authentication value is
Enabled.)
Parameter Description
Authentication Password The password that APSolute Vision uses for authentication.
(This parameter is available Caution: The password should be at least eight characters.
only when the Use vDirect requires that password be at least eight characters.
Authentication value is
Enabled.)
Confirm Authentication The password that APSolute Vision uses for authentication.
Password
Caution: The password should be at least eight characters.
(This parameter is available vDirect requires that password be at least eight characters.
only when the Use
Authentication value is
Enabled.)
Use Privacy Specifies whether APSolute Vision encrypts SNMPv3 traffic for
(This parameter is displayed additional security.
only when SNMP Version is Default: Disabled
SNMPv3.)
Privacy Protocol The privacy protocol that APSolute Vision uses for the Privacy
(This parameter is available facility.
only when and the Use Value: DES, AES128
Privacy checkbox is Default: DES
selected.)
Privacy Password The password used for the Privacy facility.
(This parameter is available Caution: The password should be at least eight characters.
only when the Use Privacy vDirect requires that password be at least eight characters.
checkbox is selected.)
Confirm Privacy Password The password used for the Privacy facility.
(This parameter is available Caution: The password should be at least eight characters.
only when the Use Privacy vDirect requires that password be at least eight characters.
checkbox is selected.)
Parameter Description
Name The name of the Alert Profile.
Maximum characters: 255
Devices
The Available lists and the Selected lists of devices and Logical Groups (of devices of the
appropriate type). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the managed devices for which to send alerts. The Selected
Logical Group list displays the Logical Groups with the devices for which to send alerts.
Select entries from the Available lists and the Selected lists of devices and Logical Groups (of
devices). Use the arrows to move the entries to the other lists as required.
If no devices are specified, APSolute Vision forwards alerts from all the devices to the SNMP targets
(see Configuring SNMP Alert Targets, page 129).
Note: When a Logical Group is selected, the effective Selected device list dynamically
updates—according to the devices in the Logical Group. That is, when the device-set of a Logical
Group changes, the effective Selected device list changes accordingly. For more information,
see Using Logical Groups of Devices, page 199.
Severity
By default, all the checkboxes are selected.
Critical Specifies whether to include alerts of this severity in SNMP traps.
Major Specifies whether to include alerts of this severity in SNMP traps.
Minor Specifies whether to include alerts of this severity in SNMP traps.
Warning Specifies whether to include alerts of this severity in SNMP traps.
Information Specifies whether to include alerts of this severity in SNMP traps.
Module
By default, all the checkboxes are selected.
Device Security Specifies whether to include alerts regarding this module in SNMP traps.
Device General Specifies whether to include alerts regarding this module in SNMP traps.
Vision General Specifies whether to include alerts regarding this module in SNMP traps.
Vision Configuration Specifies whether to include alerts regarding this module in SNMP traps.
Vision Control Specifies whether to include alerts regarding this module in SNMP traps.
Security Reporting Specifies whether to include alerts regarding this module in SNMP traps.
Trouble Ticket Specifies whether to include alerts regarding this module in SNMP traps.
Operator Toolbox Specifies whether to include alerts regarding this module in SNMP traps.
Attack Category
By default, all the checkboxes are selected.
ACL Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Anti-Scanning Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Behavioral DoS Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
DoS Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Parameter Description
HTTP Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Intrusions Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Server Cracking Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
SYN Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Anomalies Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Stateful ACL Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
DNS Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Bandwidth Management Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Note: Changes to the settings take effect on alerts generated from the time of the change and
onward.
Notes
• For more information on AVA, see the APSolute Vision Analytics User Guide.
• The Alteon SSL Inspection node in the Security Monitoring perspective Dashboard View uses the
APSolute Vision Analytics infrastructure. For more information, see Monitoring Outbound SSL
Inspection, page 589.
Parameter Description
Enable Specifies whether APSolute Vision sends reports via e-mail.
Default: Disabled
Note: This parameter relates to APSolute Vision Analytics
reports only. This parameter is independent of the reports from
the Alerts Table pane.
Parameter Description
SMTP Server Address The name or IP address of the SMTP e-mail server.
This value of this parameter is shared with the SMTP Server
Address parameter under General Settings > Alert Settings >
Alert Browser > Email Reporting Configuration.
Caution: If you change this value and click Submit, the SMTP
Server Address under General Settings > Alert Settings >
Alert Browser > Email Reporting Configuration changes
accordingly.
SMTP User Name The account name used to send e-mail notifications—for example,
Vision@MyCompany.com.
Note: This value of this parameter is not shared with the SMTP
User Name parameter under General Settings > Alert
Settings > Alert Browser > Email Reporting Configuration.
Password The password of the SMTP e-mail server.
Confirm Password The password of the SMTP e-mail server.
ADC Analytics
Use the ADC Analytics pane to configure the storage settings for AVA ADC.
Parameter Description
Raw Data Retention Time How long APSolute Vision stores raw AVA ADC data before the data
is deleted and only aggregated data is available. After the specified
time, query information displays averaged values. This means that
after the Raw Data Retention Time elapses, queries cannot show
momentary large fluctuations and points on the curves might
diverge from the exact values.
Values:
• 1H
• 3H
• 6H
• 12H
• 24H
• 72H
• 168H
Default: 1H
Caution: Longer retention times use more disk space.
Parameter Description
Raw Data Query Window The maximum time window that queries can leverage the stored
raw data (according to the Raw Data Retention Time), resulting
in more granular data-points.
Values:
• 1H
• 2H
Default: 1H
Parameter Description
These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for On-line The interval, in seconds, between data collections for online
Monitoring monitoring of a managed device. A shorter interval provides more
up-to-date data, but uses more network and device resources.
Values: 15–3600
Default: 15
Polling Interval for Device The number of seconds between polls of a device to determine the
Status up or down status of the device and its elements.
Values: 10–3600
Default: 15
Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for
a response of a device-status poll before considering a device to be
down.
Default: 300
Note: If the network has latency longer than the Timeout for
Device Status Poll, devices will appear up and down or always
down, and therefore unmanageable. If you encounter such
behavior, increase the value accordingly.
Parameter Description
Reports
This setting configures APSolute Vision monitoring for real-time reports for DefensePro.
Polling Interval for Reports The time, in seconds, between data collections for reports. A
smaller interval provides more up-to-date information at the
expense of network resources.
Values: 15–3600
Default: 15
Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.
Parameter Description
Parameter (Read-only) The parameter name.
Enabled Specifies whether the threshold parameter is used for the corresponding
alarm.
Default: Enabled
Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.
Parameter Description
Error The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning The falling warning alarm value must be less than the rising warning alarm
value.
Error The falling error alarm value must be less than the rising error alarm value.
Note: For information on the he Local Users table, see Configuring Local Users for APSolute Vision,
page 99.
This section contains the following topics:
• Managing RADIUS Server Connections, page 137
• Managing TACACS+ Server Connections, page 142
• Configuring LDAP Server Connections, page 149
Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.
4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the username and its associated IDM-string–scope combination to the APSolute
Vision server. The Access-Accept message contains the SecurityMonitoringScope-
ProtectionPolicy combination for the Radware-Policy attribute (for more information, see
RADIUS Server Requirements, page 138). If the RADIUS server does not authenticate the user,
the RADIUS server sends an Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 85.
5. If the user is authenticated, the APSolute Vision server grants access according to the user’s
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
Caution: Users defined through a RADIUS server with the Administrator, User
Administrator, or Vision Administrator roles role must be configured with the scope [ALL]
(including the square brackets).
• If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must
include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy
attribute, in the following format:
<SecurityMonitoringScope>:<ProtectionPolicyName>
where:
— <SecurityMonitoringScope> is the scope of the user in the context of DefensePro
security monitoring. The scope [ALL] (including the square brackets) specifies all supported
DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more rows specifying an IP address of a
supported DefensePro device.
— <ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more rows.
Examples:
— [ALL]:[ALL] —The user has security-monitoring access to all the supported DefensePro
devices for the corresponding scope and all the associated Network Protection policies.
— 10.202.199.36:[ALL] —The user has security-monitoring access to all the Network
Protection Policies for the DefensePro device with the IP address 10.202.199.36.
— 10.202.199.36:MyNetProtPolicy —The user has security-monitoring access to data
related to the Network Protection Policy named MyNetProtPolicy that is configured in the
DefensePro device with the IP address 10.202.199.36.
— 10.202.199.36:MyNetProtPolicy1
10.202.199.36:MyNetProtPolicy2
10.202.199.36:MyNetProtPolicy3 —The user has security-monitoring access to data
related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and
MyNetProtPolicy3, that are configured in the DefensePro device with the IP address
10.202.199.36.
— Do not configure a user with the name admin (case-insensitive). A user with the name
admin (case-insensitive) can log in to APSolute Vision, but that user will not be able to log in
to all APSolute Vision modules (for example, the AVR).
Notes
— APSolute Vision usernames are not case-sensitive when logging in to APSolute Vision WBM.
— APSolute Vision usernames are case-sensitive when logging in to the APSolute Vision CLI.
— APSolute Vision user passwords are case-sensitive.
• Users defined through a RADIUS server with the Administrator, User Administrator, or Vision
Administrator roles must be configured with the scope [ALL] (including the square brackets).
• If the name of an APSolute Vision site or device changes and a RADIUS server authenticates
users, the user scopes on the RADIUS server must be reconfigured manually.
• When users defined through a RADIUS server must access DefensePro devices, those passwords
must not exceed 15 characters. Using RADIUS, when a password exceeds 15 characters,
APSolute Vision cannot log in to DefensePro devices over HTTP, HTTPS, or SSH.
• Do not configure more than 300 explicit device-policy pairs for DefensePro security-monitoring
access—for any user. If there are more than 300 explicit device-policy pairs for a user, the
Security Monitoring Dashboard View might not function properly for the user.
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access Control
(RBAC), page 85.
Parameter Description
Primary RADIUS Configuration Parameters
IP Address The IP address of the primary RADIUS server for authentication.
Port The Layer 4 port on the primary RADIUS server.
Values: 1812, 1645
Default: 1812
Shared Secret The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
Verify Shared Secret The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Maximum characters: 64
Parameter Description
Secondary RADIUS Configuration Parameters
IP The IP address of the secondary RADIUS server for authentication.
Authenticate Port The Layer 4 port on the secondary RADIUS server.
Values: 1812, 1645
Default: 1812
Shared Secret The shared secret used for communication between the secondary
RADIUS server and APSolute Vision.
Maximum characters: 64
Verify Shared Secret The shared secret used for communication between the secondary
RADIUS server and APSolute Vision.
Maximum characters: 64
Shared RADIUS Configuration Parameters
Timeout The time, in seconds, between retransmissions to the RADIUS servers.
Values: 1–100
Default: 5
Note: If connectivity is too slow, increase the value.
Retries The number of authentication retries before a second RADIUS server (if
configured) is contacted.
Values: 1–10
Default: 3
Note: If connectivity is too slow, increase the value.
Attribute ID The RADIUS attribute used in the RADIUS profile.
Values: 1–255
Default: 26—that is, Vendor Specific Attribute
Vendor ID The vendor ID for the vendor-specific attribute (VSAs).
(This parameter is Default: 89—Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
Vendor Attribute ID The vendor-specific-attribute ID to hold the <IDM string>:<Scope>
(This parameter is values.
displayed only if the Default: 100—Specifies the Radware Radware-Role.
specified Attribute ID is
26.) Note: Names of vendor-specific attributes are decided on by the
vendor.
Parameter Description
Authentication Type The method of authentication to be used.
Values:
• PAP
• CHAP
• EAP-MD5
• EAP-MSCHAP v1
• MSCHAP v1
• MSCHAP v2
Default: PAP
Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute
Vision server), the TACACS+ server ignores the request.
4. If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept
message with the username and its associated IDM-string–scope combination to the APSolute
Vision server. The Access-Accept message contains the SecurityMonitoringScope-
ProtectionPolicy combination for the Radware-Policy attribute (for more information, see
TACACS+ Server Requirements, page 143). If the TACACS+ server does not authenticate the
user, the TACACS+ server sends an Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 85.
5. If the user is authenticated, the APSolute Vision server grants access according to the user’s
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
user = <user> {
login = <login>
member = <user group>
}
group = <user group>{
service = <service> {
radware-role = <IDM string>:<Scope>
radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>
priv-lvl = <privilege level>
}
}
where:
— <user> is the user’s name.
— <login> is the login type and the user’s password. The login type can be cleartext,
where the user’s password is exposed in the configuration file, or may use encryption such
as des. If the password includes a space, the password must be enclosed in quotation
marks (").
Examples:
•
cleartext mypassword
• cleartext "my password"
• des l5c2fHiF21uZ6
— <user group> is the group of which the user is a member.
— <service> is the Service Name configured for the TACACS+ connection in APSolute Vision.
— <IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 85.
— <Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more entries
specifying a site or managed-device name—delimited by plus signs (+).
Caution: Users defined through a TACACS+ server with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).
Note: Privilege levels are ordered values from 0 to 15 with each level representing a
privilege level that is a superset of the next lower value. If a NAS client uses a different
privilege level scheme, mapping must be provided.
The predefined values are as follows:
— TAC_PLUS_PRIV_LVL_MAX := 0x0f
— TAC_PLUS_PRIV_LVL_ROOT := 0x0f
— TAC_PLUS_PRIV_LVL_USER := 0x01
— TAC_PLUS_PRIV_LVL_MIN := 0x00
Example
The following is an example of a TACACS+ configuration file.
The file includes definitions of the user testuser who belongs to the group testgroup.
dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.
The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.
RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all
policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.
user = testuser {
login = cleartext "radware"
member = testgroup
}
group = testgroup {
service = connection {
radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4
radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]
priv-lvl = 2
}
}
Notes
— APSolute Vision usernames are not case-sensitive when logging in to APSolute Vision WBM.
— APSolute Vision usernames are case-sensitive when logging in to the APSolute Vision CLI.
— APSolute Vision user passwords are case-sensitive.
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access
Control (RBAC), page 85.
• Users defined through a TACACS+ server with the Administrator, User Administrator, or Vision
Administrator roles must be configured with the scope [ALL] (including the square brackets).
• If the name of an APSolute Vision site or device changes and a TACACS+ server authenticates
users, the user scopes on the RADIUS server must be reconfigured manually.
• Do not configure more than 300 explicit device-policy pairs for DefensePro security-monitoring
access—for any user. If there are more than 300 explicit device-policy pairs for a user, the
Security Monitoring Dashboard View might not function properly for the user.
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access Control
(RBAC), page 85.
Parameter Description
Primary TACACS+ Configuration Parameters
IP Address The IP address of the primary TACACS+ server for authentication.
Port The Layer 4 port on the primary TACACS+ server.
Values: 49
Default: 49
Shared Secret The TACACS+ shared secret used for communication between the
primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Maximum characters: 255
Confirm Shared Secret The TACACS+ shared secret used for communication between the
primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Maximum characters: 255
Secondary TACACS+ Configuration Parameters
IP Address The IP address of the secondary TACACS+ server for authentication.
Port The Layer 4 port on the secondary TACACS+ server.
Values: 49
Default: 49
Shared Secret The shared secret used for communication between the secondary
TACACS+ server and APSolute Vision. The value can contain special
characters.
Maximum characters: 255
Parameter Description
Confirm Shared Secret The shared secret used for communication between the secondary
TACACS+ server and APSolute Vision. The value can contain special
characters.
Maximum characters: 255
Shared TACACS+ Configuration Parameters
Minimal Required Privilege The minimum TACACS+ privilege level specified for a user that will
Level allow access to APSolute Vision. A user can successfully be authorized
by the TACACS+ server but have a privilege level that is too low to
access APSolute Vision.
0 (zero) is the lowest privilege level, meaning: all users can access
APSolute Vision. 15 is the highest level. For example, if the Minimal
Required Privilege Level is defined as 1, all users with access level of 1
or higher can access APSolute Vision; and users with level 0 (zero) will
not have access to APSolute Vision.
Values: 0–15
Default: 0
Service Name The name of the service as defined in the TACACS+ server
configuration file.
Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in
the bind request includes the FQDN (that is, <username>@<FQDN>).
3. If the authentication with the LDAP server fails, the user receives an appropriate message.
Note: If the LDAP server does not find the requested user, APSolute Vision displays an
appropriate message and does not grant the user access.
Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in
the bind request includes the FQDN (that is, <username>@<FQDN>).
• For optimal login time, configure distinguished names using the most specific values that you
can.
Notes
— APSolute Vision usernames are not case-sensitive when logging in to APSolute Vision WBM.
— APSolute Vision usernames are case-sensitive when logging in to the APSolute Vision CLI.
— APSolute Vision user passwords are case-sensitive.
• Users defined through a LDAP server with the Administrator, User Administrator, or Vision
Administrator roles must be configured with the scope [ALL] (including the square brackets).
• If the name of an APSolute Vision site or device changes and an LDAP server authenticates
users, the user scopes on the LDAP server must be reconfigured manually.
• Do not configure more than 300 explicit device-policy pairs for DefensePro security-monitoring
access—for any user. If there are more than 300 explicit device-policy pairs for a user, the
Security Monitoring Dashboard View might not function properly for the user.
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access Control
(RBAC), page 85.
Parameter Description
General LDAP Settings
Warning The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold
value but is less than the error threshold value, a warning alert is
issued.
Fully Qualified Domain Name The Fully Qualified Domain Name of the LDAP server.
Primary LDAP Configuration Parameters
IP Address / Host The IP address of the primary LDAP server for authentication.
Port The Layer 4 port on the primary LDAP server.
Values: 1–65535
Default: 636
Note: If the Encrypted checkbox is not selected, the (port) value
is typically 389.
Encrypted Specifies whether authentication communication between APSolute
Vision and the primary LDAP server is encrypted using SSL.
Default: Enabled
Secondary LDAP Configuration Parameter
IP Address / Host The IP address of the secondary LDAP server for authentication.
Authenticate Port The Layer 4 port on the secondary LDAP server.
Values: 1–65535
Default: 636
Note: If the Encrypted checkbox is not selected, the (port) value
is typically 389.
Encrypted Specifies whether authentication communication between APSolute
Vision and the secondary LDAP server is encrypted using SSL.
Default: Enabled
Parameter Description
Distinguished Names for Searches
The list of each distinguished name (DN) on the LDAP server that may include the APSolute Vision
user accounts.
To add a name to the list
Caution: Device drivers do not include changes to the online help. Depending on the configuration
of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute
Vision server (the default option) or radware.com. The online-help files at radware.com are always
the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute
Vision clients get online help from the APSolute Vision server, after updating a device driver, the
online-help files on the server should be updated. It is the responsibility of the APSolute Vision
administrator to make sure that the help files on the server are updated as necessary. For more
information, see Appendix A - Managing the Online-Help Package on the Server, page 737.
Note: The device driver includes the minimum APSolute Vision version.
When an APSolute Vision server detects that a new device has been installed or that a new device
software version has been installed on an existing device, the server retrieves the driver version
from the device.
The server checks whether it already has a driver version that corresponds to the device software
version, and uses the newest device driver.
If the driver version on the device is newer than the device version on the server, the server
downloads the new driver from the device, but does not apply it. The table in the Device Drivers
node (in the APSolute Vision Settings view System perspective) displays the device-version row
shaded gray.
If the device driver is incompatible or not found, APSolute Vision behaves as follows:
• Issues an appropriate error message, but displays the device in the tree of the device pane with
a special icon (?) on top of it.
• When you click the device in the tree, no screen is displayed, but the following information is
displayed in the device-properties pane: Device Name (from Vision), Device Type (if known),
Status: Unsupported, and Software Version: <SW_version>
If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or
not. If you change the driver version when a device is locked by other users, you may lose the
changes for those users.
Column Description
Product Name The device type.
Values:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Product Version The device software version.
Instances The number of devices that use the same device software version.
Driver Baseline The baseline version of the driver used for this device software version.
Driver in Use The driver version in use for this device software version.
Latest Driver The latest driver version for this device software version that is stored in
the APSolute Vision server.
Supported Languages The languages that the device driver supports.
6. Read the confirmation message, and then, accept or abort the action.
The version of the driver that you install cannot be the same version or an older version of the
driver baseline version. If the driver version that you install is newer than the baseline version
but older than the driver version in use, APSolute Vision prompts you for confirmation to change
the current driver. If the driver version that you install is newer than the baseline version and
newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade
the current driver.
To apply a driver version to a specific device when there is a newer version in the server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Select the row with the relevant device and device version.
To revert to baseline driver version that resides on the APSolute Vision server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Select the row with the relevant device and device version.
Note: This option is displayed only when the driver version in use is different from the baseline
driver release.
To update all the device drivers to the latest ones that are stored in the APSolute Vision
server
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
Note: This command is available only when the APSolute Vision server has device driver
version that is later than one of the device drivers in use.
The following procedure is for troubleshooting a situation such as the following:
• A driver for the device you want to add to the APSolute Vision configuration does not exist in the
APSolute Vision server or does not exist as part of the device software.
• The driver for the device you want to add to the APSolute Vision configuration is corrupt in the
APSolute Vision server.
• The driver for the device you want to add to the APSolute Vision configuration does not exist in
the APSolute Vision server and is corrupt in device software.
Note: The APSolute Vision CLI includes a command for troubleshooting problems related to
device drivers. For more information, see system database maintenance driver_table delete,
page 687.
To load a driver for a software version that does not exist in the Device Drivers table
(that is, APSolute Vision has never managed a device using this software version)
1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
Notes
• You can open AVR from the APSolute Vision sidebar menu ( Applications > AVR).
• AVR does not support Alteon or LinkProof NG.
Parameter Description
Attack Polling Interval (Read-only) The interval for polling security attack data, which is 5
minutes.
Parameter Description
Data Retention Interval The time, in months, that APSolute Vision retains AVR data.
Values:
• 1–48
• Unlimited
Default: 12
Note: After upgrade from an APSolute Vision version prior to 2.30,
the value is Unlimited. You can modify this value if you require.
Upload Logo You can upload a logo to display on reports. Click the button and enter
(button) the name of the file to upload.
Note: For your convenience, the License Management pane includes a link to the Device
Subscriptions pane (see Viewing Device Subscriptions, page 168).
Notes
• When you install a new license over a license (of the same type) that has already expired, the
new license automatically overwrites the expired one. APSolute Vision enforces licenses
according to the start date to the expiration date. You can replace an existing valid license with
a new license if the starting day is before the installation date.
• If you try to install a new license over a valid active license, and the starting date of the new
license is after the day of installation, APSolute Vision does not allow the action and displays an
appropriate message.
• If there is no active license and you try to install a license with a future start date, APSolute
Vision allows the action but displays an appropriate message.
• When removing a device from APSolute Vision that is covered by the RTU license pool, the
license portion returns to the pool. If there are managed devices that are not covered by the
pool, APSolute Vision randomly selects one of those devices, and allocates the license portion to
that device.
APSolute Vision starts generating license-expiration alerts 90 days before the expiration date.
When APSolute Vision generates an license-expiration alert:
• The APSolute Vision toolbar displays the License Alert button. The button displays only to users
with the Administrator or Vision Administrator roles. If a license expires within 90 days up to 30
days, the button background is blue. If a license expires within 29 days up to one day, the
button background is amber. The last day before the license expires and after the license is
expired, the button background is red. When there are multiple license alerts, the button
displays the lowest number of remaining days. Hovering on the button opens a tooltip with
additional information. When there are multiple alerts, the bell shows the number of alerts.
Clicking the License Alert button opens the License Management pane.
• A pop-up notification is displayed to users with the Administrator or Vision Administrator roles.
• The alert is displayed in the Alerts Table pane.
• The alert is included in the technical-support (tech-support) package. For information on tech-
support packages, see System Backup Technical-Support Commands, page 677.
Caution: After upgrading from APSolute Vision versions earlier than 3.80, if there is an RTU-license
alert, there will be a grace period of 30 days. This grace period is intended to grant you time to
contact Radware Technical Support and purchase additional RTU licenses, as required. After the
grace period, APSolute Vision will support only the number of devices covered by the RTU license
pool.
Parameter Description
Item The license type.
License String The license string that Radware supplied.
Expiration Date The date that the license expires.
Note: The date format is according to the configuration of the APSolute
Vision server (see Configuring APSolute Vision Display Parameters,
page 163).
Days to Expiration The number of days before the license expires.
Activation Date The date that the license was activated.
Note: The date format is according to the configuration of the APSolute
Vision server (see Configuring APSolute Vision Display Parameters,
page 163).
Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the
relevant APSolute Vision version.
Parameter Description
Type Values:
• Managed Physical Devices—The number of physical devices (of any
supported device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
• Managed Virtual Devices—The number of virtual devices (of any
supported device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
Number of Devices The number of devices of the specific type that APSolute Vision is
managing.
Devices with No License The number of devices of the specific type that have no RTU license.
Allocated Licenses The number of devices of the specific type from the license pool that
are allocated (used).
License Pool The total number of licenses in the pool.
Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the
relevant APSolute Vision version.
Parameter Description
Item Values:
• Managed DefensePro Devices—The number of DefensePro devices of any
deployment type (virtual or physical appliance) that the APSolute Vision is
managing.
• Unavailable Devices—The number of devices that the APSolute Vision is
managing whose status is not Up. That is, devices whose status is Down,
Maintenance, Unknown, and so on.
• Total Enabled DefensePro Policies—The sum of enabled Network Protection
policies and Server Protection policies on the DefensePro devices that the
APSolute Vision is managing.
• Total Profiles Assigned to Enabled Policies—The number of profiles in both the
Network Protection policies and Server Protection policies on the DefensePro
devices that the APSolute Vision is managing. If a profile is associated with
multiple policies, it is counted multiple times.
Quantity The number of the specific item.
Notes
• The term “APM server” may also be referred to as “SharePath server”.
• APM requires a proper license, which you can manage in the License Management tab (APSolute
Vision Settings view System perspective, General Settings > License Management).
• For information on the installation of the APM server, see the APSolute Vision Installation and
Maintenance Guide.
• For information on how to configure Alteon or LinkProof NG with APM, see the sections
“Configuring the Application Performance Monitoring (APM) Server in Alteon” and “Managing
Virtual Services Settings” in the online help.
• For information on using APM, see the Application Performance Monitoring User Guide.
• For information on how to use the APM Web interface, click the (Help) button in the APM Web
interface.
— From the APSolute Vision sidebar menu, click (Applications) > APM).
— Do the following:
a. In the APSolute Vision Settings view System perspective, select General Settings >
APM Settings.
b. In the table, in the APM Server column, click the hyperlink.
Parameter Description
Use the APM Server Installed on Specifies whether APSolute Vision uses the APM server
this APSolute Vision Server associated with the APSolute Vision server with APM server VA
(This parameter is available only installation.
with the APSolute Vision server Values:
with APM server VA offering.) • Disabled—APSolute Vision uses an external APM server.
• Enabled—APSolute Vision uses the APM server associated
with the APSolute Vision installation, and populates the
following fields with read-only values:
— Management IP Address—The IP address of the APSolute
Vision management port (G1 or G2), which is the
management port for both APM and APSolute Vision
server.
— Data IP Address—The IP address of the G4 port.
— Backup IP Address—The IP address of the G3 port. This
value is not mandatory.
Default: Disabled
Notes:
• For information on configuring the IP address for each port,
see Network IP Interface Commands, page 656.
• For information on configuring the routing for each port, see
Network Routing Commands, page 660.
Parameter Description
Management IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM management traffic.
In the APSolute Vision server with APM server VA offering, this
address is typically the management IP address of the APSolute
Vision server too. By default, this is the IP address of the G1 port
on the APSolute Vision server VA.
Port The management interface TCP port.
Values: 1–65535
Default: 443
Caution: Specifying a non-default port involves modifying the
APM server configuration. For more information, in the
Application Performance Monitoring Troubleshooting and
Technical Guide, see the appendix “Configuring a Non-Default
APM Port for APM Reports.”
Note: You can specify the port only when you add a new APM
server to the APSolute Vision configuration. You cannot modify
the port on an APM server that is already configured in
APSolute Vision. To modify the port, you need to remove the
APM server from the APSolute Vision configuration, and then,
add the APM server with the required port to the APSolute
Vision configuration again.
Data IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM data traffic. In the APSolute Vision
server with APM server VA offering, this address is typically the
IP address of the APSolute Vision G4 port. This field is significant
only for older Alteon versions 29.5, 30.0.0, 30.0.1, 30.0.2,
30.0.3, and 30.1. New versions use the configuration on the
device and ignore the Data IP Address field. The default is set
to G4, assuming that APM must support the device sending
beacons from the Alteon data interface.
Backup IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM backup traffic.
Note: This value is not mandatory.
Performance Limit The maximum events (performance reports for an HTML page)
per second that the APM server can process.
Values: 10–1000
Default: 500
Parameter Description
Device Name The name of the device with the APM-enabled service.
Virtual Server Index The index of the APM-enabled service.
Virtual Server IP The IP address of the APM-enabled service.
Port The port of the APM-enabled service.
Description The description of the APM-enabled service.
Parameter Description
APM Application Link A hyperlink to the APM-enabled service in the APM interface.
Parameter Description
Device Name The name of the device with an APM-enabled service.
Device Management IP The IP address of the device.
Software Version The software version of the device.
APM License (PgPM) The APM license currently installed on the device.
Form Factor The form factor of the device.
Hardware Platform The platform of the device.
APM Server Management IP The IP address of the management port of the APM server.
For the APSolute Vision server with APM server VA offering, this
is the IP address of the management port of the APSolute Vision
server.
click (Applications) > Cloud DDoS Portal in the APSolute Vision sidebar menu.
Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS
Protection Services User Guide.
Parameter Description
Maximum Configuration Files The maximum number of configuration files per managed device
for Device that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 1–10
Default: 5
Note: If you change the maximum value to less than the number
of existing configuration files, none of the existing files will be
deleted. For example, the configured maximum value is 10 and
there are 8 configuration files, if you then change the configured
maximum value to 4, no files are deleted.
Minimal Log Level The lowest severity of messages that will be logged for debugging
purposes.
Values:
• Fatal
• Error
• Warning
• Info
• Debug
• Trace
Default: Error
Caution: Lowering the value of the Minimal Log Level
parameter may negatively affect the performance of the APSolute
Vision server. Radware recommends using the default value,
Error, except when there are specific troubleshooting
requirements.
Device Lock Timeout The time, in minutes, that a device remains locked. If you have the
appropriate permissions to configure a device, you can lock the
device so that other user cannot configure the device at the same
time.
Values: 5–180
Default: 10
Parameter Description
Results per Page The number of rows that are displayed per table page.
Values: 10–100
Default: 50
Parameter Description
Note: For changes to existing online help content to display properly, you may need to refresh
your browser display or clear the browser cache.
Online Help URL The source of the online help that clients request.
Values:
• APSolute Vision Server—The server provides the client with
online-help files stored on the server. Installation of the
APSolute Vision server includes online-help files, but if managed
devices are somehow upgraded later (with a new device, new
device version, or new device driver), the online-help files on
the server should be updated. It is the responsibility of the
APSolute Vision administrator to make sure that the help files
on the server are updated as necessary. For more information,
see Appendix A - Managing the Online-Help Package on the
Server, page 737.
• Radware.com—The client sends online-help requests to the
radware.com Web site and receives files from there. The online-
help files at radware.com are always the most up-to-date, but
you may encounter latency or connectivity problems.
Default: APSolute Vision Server
Update Opens the dialog box to update the online-help package that resides
(button) in the APSolute Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 737.
Revert to Default Help The online help currently on the server reverts to the online help
(button) package that was included with the installation of the APSolute
Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 737.
Parameter Description
Default Display Language The default display language for new users in the APSolute Vision
system.
Notes:
• If you change the value, the change affects only users created
after the change.
• Each user can change his/her own display language, by opening
the User drop-down dialog box (from the APSolute Vision
toolbar, in the User ribbon at the at the far right) and selecting
the language from the drop-down list of languages.
• An Administrator can specify the default language for each
specific user (see Configuring Local Users for APSolute Vision,
page 99).
Default Landing Page The page that APSolute Vision displays by default for new users in
the APSolute Vision system.
Values:
• First Device in the Tree—New users land on the Device pane
with the first available device selected, and the Configuration
perspective.
• Application SLA Dashboard—New users land on the Application
SLA Dashboard (see Using the Application SLA Dashboard,
page 561).
• Security Control Center—New users land on the Security
Control Center (see Using the Security Control Center,
page 564).
• Operator Toolbox—New users land on the Toolbox (see Using
the Toolbox, page 221).
• Service Status Dashboard—New users land on the Service
Status Dashboard (see Using the Service Status Dashboard,
page 570).
Default: First Device in the Tree
Notes:
• User roles and scopes determine whether the selected option is
relevant. If a user does not have permission to view the
selected option, he/she lands on the first permitted tab in the
APSolute Vision Settings view. For information on user roles and
scopes, see Managing APSolute Vision Users, page 83.
• Each user can change his/her own landing page (APSolute
Vision Settings view Preferences perspective, User
Preferences > Display).
• If you change the value, the change affects only users created
after the change.
Parameter Description
Date Format The date format for information that includes date and time
displayed in the APSolute Vision Web client.
Values:
• dd.MM.yyyy
• MM.dd.yyyy
• dd/MM/yyyy
• MM/dd/yyyy
Default: dd.MM.yyyy
Time Format The time format for information that includes date and time
displayed in the APSolute Vision Web client.
Values:
• HH:mm:ss
• HH:mm:ss z
• h:mm:ss aa
• h:mm:ss aa z
Default: HH:mm:ss
Note: To replace a file with the same name, you must first delete the old file.
Related Topics
• Using and Managing Toolbox Scripts, page 221
• Managing Toolbox Scripts, page 244
For information about configuring the maximum number of configuration files per device that can be
stored, see Configuring APSolute Vision Server Advanced Parameters, page 162.
To get the configuration file of the device from the APSolute Vision server and download
the file to the local PC
1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Select the relevant entry.
Parameter Description
File Name The name of the stored configuration file.
File Type This field always displays Regular.
SW Version The software version of the device.
Backup Date The date and time that the file was saved on the APSolute Vision server.
Description A description of the file. You can enter and edit text in this field.
Caution: The functionality of the Device Subscriptions pane requires connectivity to radware.com
or the proxy server that is configured in the APSolute Vision settings (APSolute Vision Settings view
System perspective, General Settings > Connectivity > Proxy Server Parameters).
Notes
• Columns in the Device Subscriptions table display N/A when there is no connectivity to
radware.com or the proxy server that is configured in the APSolute Vision settings.
• Radware’s Security Update Service (SUS) is a subscription service for security advisories and
signature updates, which delivers rapid and continuous updates.
• The Fraud Signature Protection subscription provides protection against fraud and phishing
attacks using the DefensePro Fraud Protection module.
• The ERT Active Attackers Feed is a subscription service that updates DefensePro devices with IP
addresses of known attackers that were recently active. The feed is generated by Radware’s
Threat Research Center.
• The Device Subscriptions table does not display DefenseFlow devices.
• The Device Subscriptions table does not display vADC devices that APSolute Vision does not
manage.
• Except for AppWall devices, all of the subscriptions are based on the device MAC address.
• For your convenience, the Device Subscriptions pane includes a link to the APSolute Vision
License Management tab (see Managing APSolute Vision Licenses and Viewing Capacity
Utilization, page 154).
You can use the Device Subscriptions table to help you manage your device repository, and make
sure you have all of the required subscriptions, prior to updating your devices. For example, when
you want to upgrade device software, you can first check the Device Subscriptions table, and verify
that all devices have a support agreement. You can filter the table for Support Agreement: No and
locate devices that do not have a support agreement. If there are no such devices, you can continue
and upgrade the devices. If there are devices that do not have a valid support agreement, you can
export the table to a CSV file and use the file to send Radware the list of MAC addresses lacking a
support agreement. Radware will check whether there’s is an error in the database or the device
MAC addresses are not registered. After handling errors and purchases and refreshing the Device
Subscriptions table, all relevant rows will show Support Agreement: Yes. You can then continue
with the device upgrade.
Parameter Description
Device Name The name of the device.
Device Type The type of the device.
MAC Address The MAC address of the device.
Note: AppWall devices do not use the MAC address for to register
agreements. Instead, AppWall devices use the host ID to register
agreements.
Software Version The software version of the device.
Valid Support Specifies whether there is a valid Support Agreement for the device.
Agreement Values: N/A, Yes, No
Parameter Description
Support Agreement The expiration date of the Support agreement.
Expiration Date
Valid SUS Agreement Specifies whether there is a valid SUS agreement for the device.
Values: N/A, Yes, No
SUS Expiration Date The expiration date of the SUS agreement.
Valid Fraud Updates Specifies whether there is a valid Fraud Updates agreement for the
Agreement device.
Values: N/A, Yes, No
Fraud Expiration Date The expiration date of the Fraud agreement.
ERT Active Attackers Specifies whether there is a valid ERT Active Attackers Feed subscription
Feed Subscription for the device.
Values: N/A, Yes, No
ERT Active Attackers The expiration date of the ERT Active Attackers Feed subscription.
Feed Expiration Date
To export a CSV file with the information in the Device Subscriptions table
1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Subscriptions.
You can perform the following operations using APSolute Vision CLI:
• Restoring the appliance configuration.
• Restoring the server configuration.
• Restarting the APSolute Vision server.
For more information about APSolute Vision CLI commands, see Using vDirect with APSolute Vision,
page 725.
Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 725.
Note: For a picture of the device pane, see Figure 23 - Device Pane (Not Docked)—Showing the
Sites and Devices Tree, page 61.
Note: You can configure DefensePro high-availability clusters only on DefensePro version
6.x and 7.x devices.
— LinkProof NG devices
• Physical Containers—The Physical Containers tree can contain the managed ADC-VX
instances, and Sites with ADC-VX instances. After you add an ADC-VX to the Physical Containers
tree, you can configure the vADCs that the ADC-VX hosts. The vADCs that the ADC-VX is hosting
are displayed as child nodes of the ADC-VX. Once a vADC is managed in the Physical Containers
tree, you can only configure the corresponding vADC entity in the Sites and Devices tree.
• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical
Group is a group of devices of the same type, which you manage as a single entity. For more
information on Logical Groups, see Using Logical Groups of Devices, page 199.
To display another tree, click the button, and select the name of the tree that you require.
Configuring Sites
You can configure Sites in the Sites and Devices tree and in the Physical Containers tree. You may
configure Sites according to a geographical location, administrative function, or device type. You can
nest Sites; that is, each Site can contain child Sites and devices. By default, the root Site is called
Default. You can rename this Site, and add nested Sites and devices. You can add, rename, and
delete Sites. When you delete a Site, you must first remove all its child Sites and devices.
When you manage a vADC hosted by an ADC-VX in the Physical Containers tree, you specify the Site
under which that vADC is displayed in the Sites and Devices tree.
You can also display real-time security monitoring for multiple devices. You can select a Site or
select multiple devices (using standard, mouse click/keyboard combinations) even if the devices are
in the same Site.
Notes
• To move a device between Sites, you must first delete the device from the tree and then add the
device in the required Site.
• A Site cannot have the same name as a device, and Sites nested under different parent Sites
cannot have the same name.
• You cannot delete the Default Site, but you can rename it.
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. In the device pane Sites and Devices tree or Physical Containers tree, select the Site node in
which you want to create the new Site.
Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name
of a Site and the Site name changes, the user definition in the RADIUS or TACACS+ server must be
updated accordingly.
If the name of an APSolute Vision Site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
To rename a Site
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the Site.
To delete a Site
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the Site.
Tree Nodes
Tree nodes are arranged alphabetically in the tree within each level. For example, a Site called
Alteon_Site appears before a Site at the same level called DefensePro_Site.
All nested Sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a Site and a device the same
name, and you cannot give devices in different Sites the same name.
Node names are case-sensitive.
Exporting a CSV File with the Devices in the Sites and Devices Tree
You can export a CSV file with the devices in the Sites and Devices tree. The CSV file includes
information on each device. The file does not include information regarding associated Sites.
For more information, see the procedure To export a CSV file with the devices in the Sites and
Devices tree, page 187.
After you configure the filter criteria, to apply the filter, click the button to apply the filter.
After submitting device-connection information, the APSolute Vision server verifies that it can
connect to the device. APSolute Vision then retrieves and stores the device information and licensing
information.
After the connection has been established, you can modify some of the connection information and
configure the device.
When you add a device or modify device properties, you can specify whether the APSolute Vision
server configures itself as a target of the device events and whether the APSolute Vision server
removes from the device all recipients of device events except for its own address. For more,
important information, see APSolute Vision Server Registered for Device Events—Alteon and
LinkProof NG, page 188, APSolute Vision Server Registered for Device Events—DefensePro,
page 188, or APSolute Vision Server Registered for Device Events—AppWall, page 189.
After adding devices, you can create clusters of the main and backup devices, or the primary and
secondary devices (according to the device type).
Notes
• A device cannot have the same name as a Site.
• Devices in different Sites cannot have the same name.
• You can change the name of a device after you have added it to the APSolute Vision
configuration.
• To move a device between Sites, you must first delete the device from the tree and then add it
to the required target Site.
• If you replace a device with a new device to which you want to assign the same management IP
address, you must delete the device from the Site and then recreate it for the replacement.
• When you delete a device, you can no longer view historical reports for that device.
• When you delete a device, the device alarms and security monitoring information are removed
also.
• You can export a CSV file with the devices in the Sites and Devices tab. The CSV file includes
information on each device. The file does not include information regarding associated Sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and
Devices tree, page 187.
• HTTPS is used for downloading/uploading various files from/to managed devices, including:
configuration files, certificate and key files, attack-signature files, device-software files, and so
on. APSolute Vision uses Transport Layer Security (TLS) protocol version 1.1 or later for
DefensePro 6.x versions 6.14.05 and later, 7.x versions 7.42.07 and later, and 8.x versions 8.13
and later. In the CLI of DefensePro 8.x versions 8.19 and later, you can disable the TLS version
1.1 to use only version 1.2, using the manage ssl version command.
• You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server.
Caution: If a DefensePro device was added to APSolute Vision using vDirect (that is, registered on
APSolute Vision), and the device Web (HTTPS) credentials are different from the CLI (SSH)
credentials, you must update the Web credentials of the device in the APSolute Vision Device
Properties dialog box. For the procedure, see To add a new device or edit device-connection
information, page 176. For more information on vDirect, see Using vDirect with APSolute Vision,
page 725 and Registering a DefensePro Instance, page 733.
1. In the device pane, click the icon, and select Sites and Devices.
2. In the device pane Sites and Devices tree, do one of the following:
— To add a new device:
a. Navigate to and select the Site name to which you want to add the device.
Parameter Description
Type The type of the object.
Values:
• Site
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Name The name of the device.
Notes:
• There are some reserved words (for example,
DefenseFlow) that APSolute Vision does not allow as
names.
• You can change the name of a device after you have
added it to the APSolute Vision configuration.
Parameter Description
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Management IP The management IP address as it is defined on the managed
device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
SNMP Version The SNMP version used for the connection.
SNMP Read Community The SNMP read community name.
(This parameter is displayed only
when SNMP Version is SNMPv1 or
SNMPv2.)
SNMP Write Community The SNMP write community name.
(This parameter is displayed only
when SNMP Version is SNMPv1 or
SNMPv2.)
User Name The username for the SNMP connection.
(This parameter is displayed only Maximum characters: 18
when SNMP Version is SNMPv3.)
Use Authentication Specifies whether the device authenticates the user for a
(This parameter is displayed only successful connection.
when SNMP Version is SNMPv3.) Default: Disabled
Authentication Protocol The protocol used for authentication.
(This parameter is available only Values: MD5, SHA
when the Use Authentication Default: SHA
checkbox is selected.)
Parameter Description
Authentication Password The password used for authentication.
(This parameter is available only Caution: The password should be at least eight
when the Use Authentication characters. vDirect requires that password be at least
checkbox is selected.) eight characters.
Use Privacy Specifies whether the device encrypts SNMPv3 traffic for
(This parameter is available only additional security.
when and the Use Authentication Default: Disabled
checkbox is selected.)
Privacy Protocol Value: DES, AES128
(This parameter is available only Default: DES
when and the Use Privacy
Caution: AES128 is supported only in Alteon version 30.5
checkbox is selected.)
and later, DefensePro 7.x versions 7.42.06 and later, and
DefensePro 8.x versions 8.20.0 and later. If you select
AES128 and the device software version does not support
AES128, APSolute Vision will fail to connect to the device.
Privacy Password The password used for the Privacy facility.
(This parameter is available only Caution: The password should be at least eight
when the Use Privacy checkbox is characters. vDirect requires that password be at least
selected.) eight characters.
Parameter Description
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to
(This option is not available for the managed device.
AppWall.) Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to
(This option is not available for the managed device.
AppWall.) Default: Enabled
Management IP The management IP address as it is defined on the managed
(This option is available only for device.
AppWall.) Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
User Name The username for HTTP and HTTPS communication.
Maximum characters:
• In DefensePro 8.x versions 8.20 and later: 32
• In DefensePro 6.x and 7.x versions, DefensePro 8.x
versions earlier than 8.20, and other products: 18
Password The password used for HTTP and HTTPS communication.
HTTP Port The port for HTTP communication with the device.
Default: 80
Parameter Description
HTTPS Port The port for HTTPS communication with the device.
Default: 443
Parameter Description
(This tab is available only for Alteon, DefensePro, LinkProof NG devices.)
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name The username for SSH access to the device.
Maximum characters: 32
Default: admin
Password The password for SSH access to the device.
Maximum characters: 32
Default: admin
SSH Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for the
SSH port configured in the device (Configuration
perspective, System> Management Access >
Management Protocols > SSH).
Parameter Description
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures
for Device Events itself as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself as
a target of the device events (for example, traps, alerts,
IRP messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Notes:
• APSolute Vision runs this action each time you click
Submit in the dialog box.
• For more, important information, see the following
relevant section:
— APSolute Vision Server Registered for Device
Events—Alteon and LinkProof NG, page 188
— APSolute Vision Server Registered for Device
Events—DefensePro, page 188
— APSolute Vision Server Registered for Device
Events—AppWall, page 189
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to
(This parameter is available only which the managed device sends events.
when the Register This APSolute Select an APSolute Vision server interface that is used as the
Vision Server for Device Events APSolute Vision server data port, and is configured to have a
checkbox is selected.) route to the managed devices.
Remove All Other Targets of Device Specifies whether the APSolute Vision server removes from
Events the device all recipients of device events (for example, traps,
(This parameter is available only and IRP messages) except for its own address.
when the Register This APSolute Default: Disabled
Vision Server for Device Events
Note: APSolute Vision runs this action each time you click
checkbox is selected.)
Submit in the dialog box. For example, if you select the
checkbox and click Submit—and later, a trap target is
added to the trap target-address table—APSolute Vision
removes the additional address the next time you click
Submit in the dialog box.
1. In the device pane, click the icon, and select Physical Containers.
2. Do one of the following:
Parameter Description
Type The type of the object.
Values: Site, Alteon
Name The name of the device.
Notes:
• There are some reserved words (for example,
DefenseFlow) that APSolute Vision does not allow as
names.
• You can change the name of a device after you have
added it to the APSolute Vision configuration.
Parameter Description
Management IP The management IP address as it is defined on the managed
device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
SNMP Version The SNMP version used for the connection.
SNMP Community The SNMP community name.
(This parameter is displayed only
when SNMP Version is SNMPv1
or SNMPv2.)
User Name The username for the SNMP connection.
(This parameter is displayed only Maximum characters: 18
when SNMP Version is
SNMPv3.)
Use Authentication Specifies whether the device authenticates the user for a
(This parameter is displayed only successful connection.
when SNMP Version is Default: disabled
SNMPv3.)
Parameter Description
Authentication Protocol The protocol used for authentication.
(This parameter is available only Values: MD5, SHA
when the Use Authentication Default: SHA
checkbox is selected.)
Authentication Password The password used for authentication.
(This parameter is available only
when the Use Authentication
checkbox is selected.)
Use Privacy Specifies whether the device encrypts SNMPv3 traffic for
(This parameter is available only additional security.
when and the Use Default: Disabled
Authentication checkbox is
selected.)
Privacy Protocol Values: DES, AES128
(This parameter is available only Default: DES
when and the Use Privacy
Note: AES128 is supported in Alteon only on version 30.5
checkbox is selected.)
and later. If the device software version does not support
AES128, APSolute Vision will fail to connect to the device.
Privacy Password The password used for the Privacy facility.
(This parameter is available only
when the Use Privacy checkbox
is selected.)
Parameter Description
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to the
managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to the
managed device.
Default: Enabled
User Name The username for HTTP and HTTPS communication.
Default: admin
Maximum characters: 18
Password The password used for HTTP and HTTPS communication.
Default: admin
HTTP Port The port for HTTP communication with the device.
Default: 80
HTTPS Port The port for HTTPS communication with the device.
Default: 443
Parameter Description
Register This APSolute Vision Specifies whether the APSolute Vision server configures itself
Server for Device Events as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself as a
target of the device events (for example, traps, alerts, IRP
messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes itself
as a target of the device events.
Default: Enabled
Notes:
• APSolute Vision runs this action each time you click
Submit in the dialog box.
• For more, important information, see APSolute Vision
Server Registered for Device Events—Alteon and LinkProof
NG, page 188.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to which
(This parameter is available only the managed device sends events.
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Remove All Other Targets of Specifies whether the APSolute Vision server removes from the
Device Events device all recipients of device events (for example, traps, and
(This parameter is available only IRP messages) except for its own address.
when the Register This Default: Disabled
APSolute Vision Server for APSolute Vision runs this action each time you click Submit in
Device Events checkbox is the dialog box. For example, if you select the checkbox and
selected.) click Submit—and later, a trap target is added to the trap
target-address table—APSolute Vision removes the additional
address the next time you click Submit in the dialog box.
1. In the device pane, click the icon, and select Physical Containers.
2. Expand the node of the ADC-VX that hosts the vADC.
4. In the Device Properties dialog box, configure the parameters, and click Submit.
After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and
Devices tree. The device information is displayed in the content pane, and device properties
information is displayed in the device-properties pane. Once you add the vADC to the device
pane Sites and Devices tree, you cannot change its location or configure any of its properties
from the Physical Containers tree.
Parameter Description
Name The name of the device. You can change the default.
(This parameter is not available when Notes:
configuring APSolute Vision to manage
• There are some reserved words (for example,
multiple vADCs.)
DefenseFlow) that APSolute Vision does not allow as
names.
• You can change the name of a device after you have
added it to the APSolute Vision configuration.
Location The Site in the device pane Sites and Devices tree where
APSolute Vision locates the vADC.
Parameter Description
Management IP The management IP address as it is defined on the
managed device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
SNMP Version The SNMP version used for the connection.
SNMP Community The SNMP community name.
(This parameter is displayed only when
SNMP Version is SNMPv1 or SNMPv2.)
User Name The username for the SNMP connection.
(This parameter is displayed only when Maximum characters: 18
SNMP Version is SNMPv3.)
Use Authentication Specifies whether the device authenticates the user for a
(This parameter is displayed only when successful connection.
SNMP Version is SNMPv3.) Default: disabled
Authentication Protocol The protocol used for authentication.
(This parameter is displayed only when Values: MD5, SHA
the Use Authentication checkbox is Default: SHA
selected.)
Authentication Password The password used for authentication.
(This parameter is displayed only when
the Use Authentication checkbox is
selected.)
Use Privacy Specifies whether the device encrypts SNMPv3 traffic for
(This parameter is displayed only when additional security.
and the Use Authentication checkbox Default: disabled
is selected.)
Parameter Description
Privacy Protocol Values: DES, AES128
(This parameter is available only when Default: DES
and the Use Privacy checkbox is
Note: AES128 is supported only on Alteon version 30.5
selected.)
and later, and on a future Defense version. If the
device software version does not support AES128,
APSolute Vision will fail to connect to the device.
Privacy Password The password used for the Privacy facility.
(This parameter is displayed only when
the Use Privacy checkbox is selected.)
Parameter Description
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to
the managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5
and later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access
to the managed device.
Default: Enabled
User Name The username for HTTP and HTTPS communication.
Default: admin
Maximum characters: 18
Password The password used for HTTP and HTTPS communication.
Default: admin
HTTP Port The port for HTTP communication with the device.
Default: 80
HTTPS Port The port for HTTPS communication with the device.
Default: 443
Parameter Description
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name The username for SSH access to the device.
Maximum characters: 32
Default: admin
Password The username for SSH access to the device.
Maximum characters: 32
Default: admin
Parameter Description
SSH Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for
the SSH port configured in the device (Configuration
perspective, System > Management Access >
Management Protocols > SSH).
Parameter Description
Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events itself as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself
as a target of the device events (for example, traps,
alerts, IRP messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision
server adds the device without registering itself as a
target for events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Notes:
• APSolute Vision runs this action each time you click
Submit in the dialog box.
• For more, important information, see APSolute Vision
Server Registered for Device Events—Alteon and
LinkProof NG, page 188.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to
(This parameter is available only when which the managed device sends events.
the Register This APSolute Vision
Server for Device Events checkbox is
selected.)
Remove All Other Targets of Device Specifies whether the APSolute Vision server removes
Events from the device all recipients of device events (for
(This parameter is available only when example, traps, and IRP messages) except for its own
the Register This APSolute Vision address.
Server for Device Events checkbox is Default: Disabled
selected.)
Notes:
• APSolute Vision runs this action each time you click
Submit in the dialog box. For example, if you select
the checkbox and click Submit and later, a trap
target is added to the trap target-address table—
APSolute Vision removes the additional address the
next time you click Submit in the dialog box.
• For more, important information, see APSolute Vision
Server Registered for Device Events—Alteon and
LinkProof NG, page 188.
The following procedure, To delete a device, page 187, is relevant for the following device types:
• Alteon standalone
• Alteon VA
• Alteon vADC displayed in the Sites and Devices tree
• AppWallDefensePro
• LinkProof NG
To delete a device
1. In the device pane, click the icon, and select Sites and Devices.
To delete an ADC-VX
1. In the device pane Physical Containers tree, select the device name and click the (Delete)
button.
2. Click Yes in the confirmation box. The device is deleted from the list.
To export a CSV file with the devices in the Sites and Devices tree
1. In the device pane, click the icon, and select Sites and Devices.
Note: The file does not include information regarding Sites or Logical Groups.
In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run
the Apply command, APSolute Vision configures itself as a target of the device events and ensures
that the device also sends traps for authentication-failure events.
Alteon, by default, does not send traps for authentication-failure events.
Use the following CLI command to enabling sending traps for these events:
/cfg/sys/ssnmp/auth
You can view the APSolute Vision address target with the following CLI commands:
• /cfg/sys/ssnmp/trap1
• /cfg/sys/ssnmp/trap2
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and
display information about the device.
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and
display information about the device. If the checkbox is cleared, and you want AppWall to send
security events to APSolute Vision and/or AVR, you need to manually configure AppWall to send
security events to APSolute Vision and/or AVR.
With AppWall version 6.6.1 and later, and for Alteon version 30.5 with embedded AppWall—or a
future version of AppWall for Alteon, when APSolute Vision server configures itself as a target of the
device events (Register This APSolute Vision Server for Device Events checkbox):
• AppWall sends the device events (that is, the syslog security events) to port 2215 on the
APSolute Vision server.
• APSolute Vision displays the events in the Security Monitoring perspective.
• APSolute Vision forwards the events to AVR for historical security reporting.
With AppWall versions earlier than 6.6.1—or AppWall for Alteon earlier than version 30.5, APSolute
Vision server cannot configure itself as a target of the device events. Rather, in the configuration of
the AppWall or AppWall for Alteon device, you must manually configure the APSolute Vision
management IP address as a syslog server. If you specify port 2214 for the syslog server, AppWall
security events are displayed (only) in AVR. If you specify port 2215 for the syslog server, AppWall
security events are displayed in AVR and in the Security Monitoring perspective.
Note: Only one APSolute Vision server should manage any one Radware device.
• The device icon in the device pane includes a small lock symbol— for Alteon and
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the device.
3. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of a locked padlock).
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the device.
3. In the device-properties pane, click (the drawing of the locked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the devices to lock. You can select a Site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same Site.
4. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of a locked padlock).
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. Select the devices to unlock. You can select a Site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same Site.
4. In the device-properties pane, click (the drawing of the locked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).
Tip: If you APSolute Vision setup uses Logical Groups, you can select a Logical Group to lock or
unlock the devices in it.
Note: DefensePro does not support this feature when the Device Operation Mode is IP (see
Configuring the Device Operation Mode for DefensePro, page 1394).
This section contains the following topics:
• High-Availability in DefensePro—Overview, page 191
• Configuring DefensePro High-Availability Clusters, page 194
• Monitoring DefensePro Clusters, page 195
• Synchronizing High-Availability Devices and Switching the Device States, page 196
High-Availability in DefensePro—Overview
To support high availability (HA), you can configure two compatible DefensePro devices to operate in
a two-node cluster. One member of the cluster is configured as the primary; the other member of
the cluster assumes the role of secondary.
Both cluster members must meet the following requirements:
• Must use the same:
— Platform
— Software version
— Software license
— Throughput license
— Radware signature file
• Must be on the same network.
• Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,
or both MNG-1 and MNG-2 on both devices).
When you configure a cluster and submit the configuration, the newly designated primary device
configures the required parameters on the designated secondary device.
You can configure a DefensePro high-availability cluster in the following ways:
• To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, you can use the High Availability pane (Configuration perspective, Setup >
High Availability). When you specify the primary device, you specify the peer device, which
becomes the secondary member of the cluster.
• To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and
Associated Management Ports), you can use the Create Cluster pane. The following graphic
shows the Create Cluster pane and the device pane.
A secondary device maintains its own configuration for the device users, IP interfaces, routing, and
the port-pair Failure Mode.
A primary device immediately transfers each relevant change to its secondary device. For example,
after you make a change to a Network Protection policy, the primary device immediately transfers
the change to the secondary device. However, if you change the list of device users on the primary
device, the primary device transfers nothing (because the secondary device maintains its own list of
device users).
The passive device periodically updates the baselines for BDoS and HTTP Mitigator protections with
the values from the active device.
The following situations trigger the active device and the passive device to switch states (active to
passive and passive to active):
• The passive device does not detect the active device according to the specified Heartbeat
Timeout.
• All links are identified as down on the active device according to the specified Link Down
Timeout.
• Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the
specified Idle Line Timeout.
• You issue the Switch Over command. To switch the device states, select the cluster node, and
then select Switch Over.
The actions that you can perform on a secondary device are limited.
You can perform only the following actions on a secondary device:
• Switch the device state (that is, switch over active to passive and passive to active).
• Break the cluster if the primary device is unavailable.
• Configure management IP addresses and routing.
• Configure the port-pair Failure Mode.
• Manage device users.
• Download a device configuration.
• Upload a signature file.
• Download the device log file.
• Download the support log file.
• Reboot.
• Shut down.
• Change the device name.
• Change the device time.
• Initiate a baseline synchronization if the device is passive, using the CLI or Web Based
Management.
Notes
• To create a cluster, the devices must not be locked by another user.
• By design, an active device does not fail over during a user-initiated reboot. Before you reboot
an active device, you can manually switch to the other device in the cluster.
• You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web
Based Management.
• When you upgrade the device software, you need to break the cluster (that is, ungroup the two
devices). Then, you can upgrade the software and reconfigure the cluster as you require.
• In an existing cluster, you cannot change the role of a device (primary to secondary or vice
versa). To change the role of a device, you need to break the cluster (that is, ungroup the two
devices), and then, reconfigure the cluster as you require.
• If the devices of a cluster belong to different Sites, APSolute Vision creates the cluster node
under the Site where the primary device resides; and APSolute Vision removes the secondary
device from the Site where it was configured.
• APSolute Vision issues an alert if the state of the cluster members is ambiguous—for example, if
there has been no trigger for switchover and both cluster members detect traffic. However,
during the initial synchronization process, the state of the cluster members is momentarily
ambiguous, and this situation is normal.
• When a passive device becomes active, any grace time resets to 0 (for example, the time of the
Graceful Startup Mode Startup Timer).
• You can monitor high-availability operation in the High Availability pane of the Monitoring
perspective (Monitoring perspective, Operational Status > High Availability).
• The Properties pane displays the high-availability information of the selected device.
Parameter Description
Cluster Name The name for the cluster (up to 32 characters).
Primary Device Specifies which of the cluster members is the primary device.
Associated Management Ports Specifies the management (MNG) port or ports through which the
primary and secondary devices communicate.
Values: MNG1, MNG2, MNG1+2
Note: You cannot change the value if the currently specified
management port is being used by the cluster. For example, if
the cluster is configured with MNG1+2, and MNG1 is in use,
you cannot change the value to MNG2.
3. In the Cluster Name text box, type the new name (up to 32 characters).
4. Click Submit.
Note: You cannot change the value if the currently specified management port is being used by
the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you
cannot change the value to MNG2.
Icon Description
Cluster
Primary device
Secondary device
The following table describes the icon elements that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.
Synchronizing
Unavailable
The following table describes some icons that APSolute Vision can display in the device pane for
DefensePro high-availability clusters.
Icon Description
The cluster is operating normally.
Icon Description
The primary device is active, unlocked, and operating normally.
3. Click Synchronize ( ).
Figure 36: Multi-Device View from the Site and Devices Tree
Multiple devices are selected. You can select a site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same site.
View button.
Configuration button—Opens the Multi-Device Configuration dialog box.
To open the multi-device view from the Sites and Devices tree
1. In the device pane, click the button, and select Sites and Devices.
2. Select the devices. You can select a Site or select multiple devices (using standard, mouse click/
keyboard combinations) whether or not the devices are in the same site.
1. In the device pane, click the button, and select Logical Groups.
2. Select the Logical Group.
• Specify devices for Alert Profile—In addition to selecting individual devices, you can specify
one or more relevant Logical Groups. For more information on the Alert Profiles, see Managing
Alert Profiles, page 130.
• Specify devices for the Alerts Table Filter—In addition to selecting individual devices, you
can specify one or more relevant Logical Groups. For more information on the Alerts Filter, see
Filtering Alerts, page 336.
• Specify devices for REST API operations—For information on the REST API, see the
APSolute Vision REST API documentation.
Figure 38: Device Pane (Not Docked)—Showing the Logical Groups Tree
Minimizes the docked device pane.
Docks the device pane.
The button that selects the device-pane tree (Sites and Devices, Physical Containers,
or Logical Groups) and the name of the tree that is displayed now.
Note: For information on filtering the display of the tree, see Filtering Entities in the Device Pane,
page 174.
When you hover over a Logical Group node in the device pane, a popup displays the following
parameters:
• Group Name—The user-defined name of the Logical Group.
• Status—The status of the group: Valid or Invalid.
• Invalid Reason (displayed only when Status is Invalid)—The reason that the Logical Group is
invalid.
• Type—The device type of the group, that is: Alteon, AppWall, DefensePro, or LinkProof
NG.
• Lead Device Name—The name of the lead device of the Logical Group, select the lead device—
that is, the device whose configuration changes will be applied to the select devices.
• Description—The user-defined description of the Logical Group.
Figure 39: Popup for Logical Group Node in the Device Pane
Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name
of a Logical Group and the Logical Group name changes, the user definition in the RADIUS or
TACACS+ server must be updated accordingly.
If the name of Logical Group changes and APSolute Vision authenticates the users locally, APSolute
Vision updates the relevant scopes for the users.
In the device pane Logical Groups tree, you can configure and modify Logical Groups.
1. In the device pane, click the button, and select Logical Groups.
2. Do one of the following:
— To edit a Logical Group, select the Logical Group node and click the (Edit) button.
3. Configure the parameters, and click Submit.
Parameter Description
Type The device type. When you are creating a new Logical Group, the Type value
determines the devices that the Device lists display. When you are editing a
Logical Group, the Type value is read-only.
Values:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Default: Alteon
Name The name of the Logical Group.
Maximum characters: 255
Devices The Available list and the Selected list. The Available list displays the
available devices. The Selected list displays the devices in the Logical Group.
Description The description of the Logical Group.
Maximum characters: 255
In the device pane Sites and Devices tree and Physical Containers tree, you can select devices and
create a new Logical Group.
To create a new Logical Group from the Sites and Devices tree or Physical Containers
tree
1. In the device pane, click the button, and select Sites and Devices or Physical
Containers.
2. In the Sites and Devices or Physical Containers tree, select the devices, which must be of the
same type. You can select multiple devices (using standard, mouse click/keyboard
combinations) whether or not the devices are in the same Site.
Parameter Description
Type (Read-only) The device type.
Name The name of the Logical Group.
Maximum characters: 255
Devices The Available list and the Selected list. The Available list displays
the available devices. The Selected list displays the devices in the
Logical Group.
Description The description of the Logical Group.
Maximum characters: 255
You cannot delete a Logical Group if it is the used in a user role-scope pair.
1. In the device pane, click the button, and select Logical Groups.
2. In the device pane Logical Groups tree, click the Logical Group node, and click the (Delete)
button.
3. Click Yes in the confirmation box. The Logical Group is deleted from the Logical Groups tree.
Note: For information about configuring Radware devices through APSolute Vision, see the
APSolute Vision online help.
Note: For information about other topics that are related to managing device operations, see the
chapter Using the Toolbox, page 221, which contains the following:
• Using and Managing Toolbox Scripts, page 221
• Using DefensePro Templates, page 254
• Using AppShape Templates and Instances, page 264
• Reset causes failover of the ADC, which might cause an interruption in network service.
• If possible, synchronize the configuration before you reset the system.
• Configuration changes that have not been applied will be lost. Run the Diff command to view
the changes that have not been applied, and then, run the Apply command as needed.
• Configuration changes that have not been saved will be lost. Run the Diff Flash command to
view the changes that have not been saved, and then, run the Save command as needed.
• The spanning tree will be restarted, which will likely cause an interruption in network service.
Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see
Managing Tasks in the Scheduler, page 306.
To reboot a device
1. Lock the device.
2. In the Properties pane, click the (On-Off) button, which is part of the device picture.
3. Select Reset.
2. In the Properties pane, click the (On-Off) button, which is part of the device picture.
3. Select Shut Down.
Note: For more information, see Using the Multi-Device View and the Multiple Devices
Summary, page 196.
2. Click the (Configuration) button. The configuration GUI of the lead device opens.
Notes
— The tabs of the configuration GUI include the Summary tab, which comprises the Multi-
Device View.
— The lead device is the device whose configuration changes will be applied to the selected
additional devices. For more information on the lead device of a Logical Group, see Using
Logical Groups of Devices, page 199.
3. Lock the devices if necessary.
Notes
— APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on other devices in the Logical Group.
6. Repeat step 4 and step 5 as necessary.
3. Click the (Configuration) button. The Multi-Device Configuration dialog box opens.
Note: The top table, which you can filter, contains all the selected devices and comprises the
following columns: Device Type, Device Name, IP Address, and Version.
4. From the top table, select the lead device—that is, the device whose configuration changes will
be applied to the selected additional devices. The bottom table, which you can filter, displays the
selected devices of the same type and major version.
5. From the bottom table, select the checkbox next to each device that the lead device will try to
change.
6. Click Go. The GUI of the lead device opens. The device pane shows the lead device and the
selected additional devices as selected.
7. Lock the devices if necessary.
8. Make a required change in the GUI of the lead device.
9. After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the selected additional devices.
Notes
— APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on selected additional devices.
10. Repeat step 8 and step 9 as necessary.
Click the (Save to File) button to save the results to a specified location.
Role Description
Apply Applies any changes that have been made to the device configuration.
If the new configuration is different from the current configuration, to
indicate that the Apply command is required to take effect, the Apply
Required button is displayed with an orange icon.
The Apply operation requires the device to be locked. When you select
a single device, the Apply option is available only if the device is
locked. When you select multiple devices, the Apply option is always
available. When you select the Apply option for multiple devices,
APSolute Vision tries to lock all the selected devices. If APSolute
Vision is able to lock all the devices, APSolute Vision performs the
Apply operation. When the operation completes, APSolute Vision
unlocks the devices that were unlocked prior to the operation. If
APSolute Vision is not able to lock all the devices because some of the
devices are locked by another user, a pop-up message is displayed,
asking you whether to continue the Apply operation on the remaining
devices (that is, the devices are locked by you or not locked at all). If
you confirm the action, APSolute Vision performs the Apply operation.
When the operation completes, APSolute Vision unlocks the devices
that were unlocked prior to the operation.
Note: During the Apply operation, the device icon in the device
Table 75: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)
Role Description
Diff Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 208.
Diff Flash Collects the pending configuration changes and the affected
configuration stored in flash memory on the device. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 208.
Dump Collects a dump of the current device configuration. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Figure 42: Revert Button—Arrow Clicked Shows Revert and Revert Apply Options
Figure 43: Diff Button—Clicked Displays Compare, Diff, and Diff Flash Options
Notes
• In DefensePro 8.x versions 8.17.3 and later, use the Upload Software Version pane to upload
installation-packages (which may include release-specific components) and the Software
Version Management pane to manage the stored installation-packages. For more information,
see Uploading DefensePro Software, page 1370 and Managing DefensePro Software Versions
(Versionnn 8.17.3 and Later), page 1367.
• For information on device upgrade for Radware DefensePro DDoS Mitigation, refer to the
relevant release notes and other relevant Cisco documentation.
A device upgrade enables the new features and functions on the device without altering the existing
configuration. In exceptional circumstances, new software versions are incompatible with legacy
configuration files from earlier software versions. This most often occurs when attempting to
upgrade from a very old version to the newest version.
The software version file must be located on the APSolute Vision client system. APSolute Vision
transfers the file, over HTTPS, to the APSolute Vision server and uploads it to the device.
For a maintenance-only upgrade, a password is not required.
New software versions require a password. If the device has a valid support agreement, APSolute
Vision can generate a new password automatically. Alternatively, you can obtain the password from
the Radware corporate Web site and enter the password manually.
After the device upgrade is complete, you must reboot the device.
• Back up the existing configuration file. For more information, see Downloading a Device-
Configuration File, page 218.
• Ensure that you have configured on the device the authentication details for the protocol used to
upload the file.
Note: If the DefensePro platform is very far away from the machine with the upgrade file, software
upgrade may take a very long time. Besides distance, the line quality may further increase the
upgrade time.
Long upgrade time may be more common in DefensePro version-8.x platforms, because of the
significantly larger size of the upgrade file.
To update the device software version in DefensePro 6.x versions, 7.x versions, and 8.x
versions earlier than 8.17.3
1. In the device pane, select the device.
Table 76: Software Upgrade Parameters—DefensePro 6.x Versions, 7.x Versions, and 8.x
Versions Earlier than 8.17.3
Parameter Description
Software Version The software version number as specified in the new software
documentation.
Generate Password Automatically Specifies whether APSolute Vision generates the password
automatically—after verifying that the device has a valid
support agreement.
Default: Enabled
Caution: The functionality of the Generate Password
Automatically button requires connectivity to radware.com
or the proxy server that is configured in the APSolute Vision
settings (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Proxy Server
Parameters).
Password The password received with the new software version. The
(This parameter is available only password is case-sensitive.
when the Generate Password
Automatically checkbox is
cleared.)
Confirm Password The password received with the new software version. The
(This parameter is available only password is case-sensitive.
when the Generate Password
Automatically checkbox is
cleared.)
Browse for File The name of the file to upload.
Caution: You must use the original filename.
Notes
• You can schedule signature-file updates using the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 306.
• Signatures files are supplied by the SUS. For more information, see ERT Security Update Service
(SUS) (forrr rw only for now), page 1364.
• In DefensePro 6.x versions 6.14.07 and later and 7.x versions 7.42.08 and later, you can also
roll the signature file back to the previous version that was loaded on the device.
• A signature file on a DefensePro device may also be referred to as the attack database.
You can upload an updated Radware signature file to a DefensePro device from the following
sources:
• Radware.com or the proxy file server that is configured in the APSolute Vision
settings—The Alerts pane displays a success or failure notification and whether the operation
was performed using a proxy server. The configuration of the proxy server in the APSolute Vision
Settings view System perspective, under General Settings > Connectivity > Proxy Server
Parameters.
• APSolute Vision client system—The name of the signature file must be one of the following:
— <Device-MAC-address>.sig —For DefensePro physical platforms.
— <Device-IP-address>.sig —For DefensePro virtual platforms.
Caution: Updating the signature file consumes large amounts of resources, which may cause the
device to go temporarily into an overload state. Radware recommends updating the signature file
during hours of low activity.
Parameter Description
Signature Type The type of the signature file to upload to the device.
Values:
• Radware Signatures
• Fraud Signatures
Note: You can select Fraud Signatures only on DefensePro
version-6.x devices that have Fraud Protection enabled, and
version-7.x devices with version 7.42.09 and later that have Fraud
Protection enabled.
Update From The location of the signature file to upload.
Values:
• Radware.com—APSolute Vision uploads the signature file directly
from Radware.com or from the proxy server that is configured in
the Vision Server Connection configuration.
• Client—APSolute Vision uploads the signature file from the
APSolute Vision client system. This option is only available for
Radware signatures.
File Name Name of the signature file on the client system.
(This parameter is
displayed only when
Update From Client is
selected)
Note: A signature file on a DefensePro device may also be referred to as the attack database.
To roll the signature file on the device back to the previous version
1. In the device pane, select the device.
Note: You can also download a DefensePro technical support file using the DefensePro CLI. For
more information, see the DefensePro User Guide.
Use the following procedure to download a technical support file using APSolute Vision.
Parameter Description
Download Via (Read-only) The protocol used to download the technical support file.
Value: HTTPS
Save As Save the downloaded technical support file as a text file on the APSolute
Vision system. Enter or browse to the location of the saved file, and select
or enter a file name.
When the feature is enabled, the following items are not included in the iterations of the generated
technical support files:
• All users and passwords in the Local User Table for Web, Telnet, SSH, and HTTPS access
(Configuration perspective, Setup > Device Security > Users Table)
• The SNMPv3 users and associated values, such as Authentication Password and Privacy
Password.
• All secrets (both primary and secondary) of RADIUS users.
• All secrets (both primary and secondary) of TACACS+ users.
The commands are printed within each section—in the order of implementation.
At the end of the file, the device prints the signature of the configuration file. This signature is used
to verify the authenticity of the file and that it has not been corrupted. The signature is validated
each time the configuration file is uploaded to the device. If the validity check fails, the device
accepts the configuration, but a notification is sent to the user that the configuration file has been
tampered with and there is no guarantee that it works. The signature looks like File Signature:
063390ed2ce0e9dfc98c78266a90a7e4.
• After selecting the Operations icon ( ) > Export Configuration File, if the user enables
Include Private Keys (default: disabled) there is no effect.
• If the user uploads a configuration file that was generated without the credentials-info, the
device is accessible only with the default user through the console or over SNMPv1 or SNMPv2.
Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 306.
Parameter Description
Destination The destination of the device configuration file.
Values: Client, Server
Include Private Keys Specifies whether the certificate private key information is included in the
downloaded file.
Default: Disabled
Parameter Description
Passphrase The user-defined passphrase for the encryption of the private keys.
(This parameter is Minimum characters: 4
available only in Maximum characters: 64
DefensePro 8.x versions
8.14 and later and only
when the Include
Private Keys checkbox
is selected.)
Confirm Passphrase The user-defined passphrase for the encryption of the private keys.
(This parameter is Minimum characters: 4
available only in Maximum characters: 64
DefensePro 8.x versions
8.14 and later and only
when the Include
Private Keys checkbox
is selected.)
Save As On the server, the default name is a combination of the device name and
(This parameter is backup date and time. You can change the default name.
displayed only when
Destination is
Server.)
Caution: Importing a configuration file that has been edited is not supported.
Parameter Description
Upload From The location of the backup device-configuration file to send.
Values: Client, Server
File Name When uploading from the computer running the APSolute Vision client—
(This parameter is that is, the browser, enter or browse to the name of the configuration file
available only when to upload.
Upload From is
Client.)
File for Upload When uploading from the APSolute Vision server, select the configuration
(This parameter is to upload.
available only when
Upload From is
Server.)
Passphrase The passphrase for the decryption of the private keys—if a passphrase
(This parameter is was used to encrypt the file when it was exported (see Downloading a
available only in Device-Configuration File, page 218).
DefensePro 8.x versions Minimum characters: 4
8.14 and later.) Maximum characters: 64
> In the device pane, select the device, and then, click Update Policies ( ).
Toolbox Scripts—Basics
Use Toolbox scripts to automate common tasks on managed Alteon, DefensePro, and LinkProof NG
devices.
When you run a script, you configure the target devices and, if required, configure parameters.
When you specify the target devices for a script (that is, when you configure the Target Device List),
you can select individual devices or Logical Groups of devices. When you select a Logical Group, the
effective Target Device List dynamically updates, according to the devices in the Logical Group. That
is, when the device-set of a Logical Group changes, the effective Target Device List changes
accordingly. For more information, see Using Logical Groups of Devices, page 199.
You can run a Toolbox script in the following ways:
• From the Toolbox dashboard
• From a device toolbar
• From the Operator Toolbox pane from the Advanced Toolbox tree
• Using an Operator Toolbox scheduled task.
Select the Automation item ( ) from the APSolute Vision sidebar menu to display the Toolbox
dashboard.
Figure 45: Automation Item (Selected) in the APSolute Vision Sidebar Menu
The APSolute Vision installation includes many predefined Toolbox scripts, which are for routine
tasks on managed devices. By default, the Toolbox dashboard contains most of the predefined
Toolbox scripts and displays the scripts that are relevant to your role. For more information, see
Predefined Toolbox Scripts, page 228.
The configuration of each script includes the RBAC roles that are permitted to run the script. For
more information, see User Roles and Toolbox Scripts, page 227.
Caution: Target devices need to be accessible, must have SSH and SNMP access enabled, and
there are some other issues. If a target device is inaccessible, the operation will fail for the
remaining devices. For more information, see Prerequisites for Target Devices of Toolbox Scripts,
page 227.
You can customize your view of the dashboard. You can drag and drop a
script from one category panel to another category panel. You can add
scripts to the Favorites panel. You can resize panels and drag panels
where you want.
Tip: If most of your work with APSolute Vision involves using a Toolbox script, set your landing page
to it (APSolute Vision Settings view Preferences perspective, User Preferences > Display).
Clicking the button in the top-right corner of a category panel displays buttons to do the following:
• Select a script in another panel and move it to the currently selected panel
• Maximize the panel
• Remove the panel from the dashboard
Note: You can return the category panel to the dashboard display using the Categories
Repository. Clicking Restore Default View restores all the panels and removes all other
modifications to the dashboard.
In the Categories Repository, you can select which category panels the Toolbox dashboard displays.
Caution: If you delete the data from the browser, the contents of the Recently Used and Favorites
panels revert to the default display.
You can manage the contents of the category panels, but there are some logical restrictions. You can
drag and drop a script from one category panel to another category panel or to the Favorites panel.
You can also select a script in another category panel, or an Unassigned script, and move it to the
currently selected panel (see the procedure To add one or multiple scripts to a panel in the Toolbox
dashboard, page 226). A Toolbox script can exist in only one category panel. The Toolbox dashboard
can, however, display a script in a category panel and also in the Recently Used and/or Favorites
panels.
Caution: The contents of the category panels in the Toolbox dashboard are stored on the APSolute
Vision server. If you move a script to another category panel, the Category field changes
accordingly (see Category in Configuring a Toolbox Script in APSolute Vision, page 246), and other
users will see that script in the panel to which you moved that script. If you delete a script from a
category panel, the Category field changes to Unassigned, and users will not see that script in the
Toolbox dashboard anymore. However, it is possible to return the script to the Toolbox dashboard
using the Add Script dialog box.
Use the Add Scripts dialog box to add one or multiple scripts to a panel in the Toolbox dashboard.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. In the top-right corner of a panel to which you want to add scripts, click the button and then
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
DefensePro Traps that Must Be Disabled for Target Devices of Toolbox Scripts
Certain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps
must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled
by default, and they are used primarily only for troubleshooting. When these traps are disabled,
traps can still, however, go to the syslog and to APSolute Vision.
Caution: If you intend to run a predefined script often, you may want to modify its default
configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts,
which overwrite any script modifications that you have made to the predefined scripts. If you modify
a predefined script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script with your modifications.
Notes
• Almost all the predefined Toolbox scripts that are exposed in the Operator Toolbox tab are
displayed with an icon (a .svg file) in the Toolbox dashboard. In the following tables, if the Icon
column in contains a value, the Toolbox scripts is displayed in the Toolbox dashboard.
• The vDirect repository (Configuration Templates) includes some predefined scripts, which, by
default, are not exposed in the Toolbox dashboard or Operator Toolbox tab. The predefined
scripts that are not exposed in the Operator Toolbox tab are mostly for internal use.
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
ADC Check Certificate Finds Alteon and LinkProof NG • Administrator Alteon_Check_Cert certificate_alte
Validity devices that have a certificate that • Vision Administrator ificate_Validity on
expires within a specified number
of days. • System User
• Certificate Administrator
• ADC + Certificate
Administrator
• Device Administrator
ADC Check Policy Finds SSL policies in Alteon and • Administrator Alteon_Check_Poli check_policy_alt
Compliance LinkProof NG devices whose • Vision Administrator cy_Compliance eon
selected parameters do not match
specified values. • System User
• Device Viewer
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
ADC Create Users Creates a user in ADC devices. • Administrator ADC_Create_Users add_user_alteon
• Vision Administrator
• System User
• Device Administrator
ADC Delete Users Deletes a user from ADC devices. • Administrator ADC_Delete_Users delete_user_alte
• Vision Administrator on
• System User
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
ADC Find Apply Pending Finds Alteon and LinkProof NG • Administrator Alteon_Find_Apply find_apply_pendi
devices that have a configuration • Vision Administrator _Pending ng_alteon
that has not been applied yet.
• System User
• Device Viewer
• ADC Operator
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
ADC Find Save Pending Finds Alteon and LinkProof NG • Administrator Alteon_Find_Save_ find_save_pendin
devices that have a configuration • Vision Administrator Pending g_alteon
that has not been saved yet.
• System User
• Device Viewer
• ADC Operator
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
ADC Setup Device Implements a basic configuration • Administrator Alteon_Setup_Devi setup_alteon
on Alteon and LinkProof NG • Vision Administrator ce
devices (including NTP, syslog,
SSH, and SMTP settings). • System User
• Device Administrator
ADC Update Users Updates user credentials in ADC • Administrator ADC_Update_Users edit_user_alteon
devices. • Vision Administrator
• System User
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
Alteon Enable/Disable Real Enables or disables multiple real • Administrator ADC_TurnOffOn_All disable-enable-
Servers servers across multiple ADC • Vision Administrator _Real_Servers multiple-real-
devices based on their IP servers_alteon
addresses. • System User
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
Alteon Enable/Disable Enables or disables all virtual • Administrator Alteon_TurnOffOn_ enable_policy_al
Virtual Servers servers, including the VRRP virtual • Vision Administrator All_Virtual_Serve teon
routers that are linked to them. rs
• System User
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
Alteon Execute CLI Executes any CLI command on all • Administrator Alteon_Execute_Cm deploy_policy_al
Command on All Entities entities of one of the following • Vision Administrator d_On_All_Objects teon
types: real servers, groups, virtual
servers, VLANs, interfaces, VRRP • System User
virtual routers, ports, and filters. • Device Administrator
Alteon Find Unused Entities Finds Alteon entities that are • Administrator Alteon_Find_Unuse find_unused_alte
currently not in use (real servers • Vision Administrator d_Entities on
that are not used by any group,
groups with no real servers, • System User
groups with no session statistics, • Device Viewer
virtual servers with no session
• ADC Operator
statistics).
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
Alteon High-Availability Configures a High Availability • Administrator Alteon_HA_Configu high_availabilit
Configuration service/switch on Alteon devices. • Vision Administrator ration y_alteon
• System User
• ADC Operator
• ADC Administrator
• ADC + Certificate
Administrator
• Device Administrator
Alteon Specify ERT IP Configures Alteon devices to fetch • Administrator Alteon_Set_TOR_Fe N/A
Reputation Feed Source the ERT IP Reputation Feed via a • Vision Administrator ed
specified source.
• System User
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
DefensePro 6.x Deploy Deploys a new Network Protection • Administrator DefensePro_Deploy deploy_policy_d
Network Protection Policy policy on DefensePro version-6.x • Vision Administrator _Network_Policy_6 p
for Enterprise devices. The operator needs to _x
enter the full range for the network • System User
to protect and the bandwidth. • Security Administrator
Then, the operator can add services
• Device Administrator
from a predefined list.
DefensePro 6.x Setup Implements a basic configuration • Administrator DefensePro_6_x_Se setup_dp
Device on DefensePro version-6.x devices • Vision Administrator tup_Device
(including NTP, syslog, SSH, and
SMTP settings). • System User
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
DefensePro Add Network Creates a DefensePro Network • Administrator DefensePro_Add_Ne add_network_dp
Classes by Mask Class object using a subnet mask. • Vision Administrator twork_Classes_by_
Mask
• System User
• Security Administrator
• Device Administrator
DefensePro Add Network Creates a DefensePro Network • Administrator DefensePro_Add_Ne add_network_dp
Classes by Range Class object using an IP range. • Vision Administrator twork_Classes_by_
Range
• System User
• Security Administrator
• Device Administrator
DefensePro Add Network Creates a DefensePro Network • Administrator DefensePro_Add_Ne add_network_dp
Classes with Common Mask Class object with a subnet mask • Vision Administrator twork_Classes_wit
and multiple IP addresses (for h_Common_Mask
quick updates). • System User
• Security Administrator
• Device Administrator
DefensePro Check Network Finds the DefensePro Network • Administrator DefensePro_Check_ check_policy_dp
Policy Compliance Protection policies that differ from • Vision Administrator Network_Policy_Co
one specified policy. mpliance
• System User
• Security Administrator
• Device Administrator
DefensePro Create Users Creates a user in DefensePro • Administrator DefensePro_Create add_user_dp
devices. • Vision Administrator _Users
• System User
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
DefensePro Delete Active Deletes the Black List rules from • Administrator DefensePro_Delete N/A
Attackers Feed Entries from the ERT Active Attackers Feed from • Vision Administrator _ERTActiveDDoSFee
Blacklist Rules DefensePro devices. d_ACLRules
• System User
• Security Administrator
• Device Administrator
DefensePro Delete Users Deletes a user from DefensePro • Administrator DefensePro_Delete delete_user_dp
devices. • Vision Administrator _Users
• System User
• Device Administrator
DefensePro Deploy Deploys a new Network Protection • Administrator DefensePro_Deploy edit_policy_dp
Network Protection Policy policy. It deploys the policies per • Vision Administrator _Policies_for_MSS
for MSSP service for an MSSP environment. P
• System User
• Security Administrator
• Device Administrator
DefensePro Enable/Disable Toggles the state (enabled/ • Administrator DefensePro_Toggle enable_policy_d
Policies disabled) of a specified Network • Vision Administrator _Policy_State_Bas p
Protection policy on selected ed_On_Policy-
DefensePro devices. The policy • System User
regex
name can be specified using a • Security Administrator
regular expression.
• Device Administrator
DefensePro Export/Import Exports policies from a selected • Administrator DefensePro_Export check_policy_dp
Policies DefensePro device and imports the • Vision Administrator _And_Import_Polic
policies to one or more target y
devices. • System User
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
DefensePro Find Update Finds DefensePro devices that have • Administrator DefensePro_Find_U find_upsate_pol
Policy Pending a configuration that is pending an • Vision Administrator pdate_Policy_Pend icy_pending_dp
Update Policies action. ing
• System User
• Security Administrator
• Device Administrator
DefensePro Locate Policies Finds the policies and profiles that • Administrator DefensePro_Search tune_BDoS_profi
and Profiles with Specified use a specified Signature ID. • Device Administrator _Signature les_DP
Signature
• Security Monitor
• Security Administrator
DefensePro Reset BDoS Resets the BDoS baselines of • Administrator DefensePro_Reset_ reset_policy_bd
Policy Baselines specified policies on DefensePro • Vision Administrator BDoS_Policy_Basel os
devices. ines
• System User
• Security Administrator
• Device Administrator
DefensePro Reset DNS Resets the DNS baselines of • Administrator DefensePro_Reset_ reset_policy_dn
Policy Baselines specified policies on DefensePro • Vision Administrator DNS_Policy_Baseli s
devices. nes
• System User
• Security Administrator
• Device Administrator
DefensePro Tune BDoS Provides options for tuning existing • Administrator DefensePro_Tune_B tune_BDoS_profi
Profiles BDoS profiles. • Vision Administrator Dos_Profile les_DP
• System User
• Security Administrator
• Device Administrator
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
DefensePro Update Users Updates user credentials in • Administrator DefensePro_Update edit_user_dp
DefensePro devices. • Vision Administrator _Users
• System User
• Device Administrator
Running Scripts
You can run a script in the following ways:
• From the Toolbox dashboard
• From a device toolbar
• From the Operator Toolbox tab in the Advanced tree
Caution: Before you try running a script, see Prerequisites for Target Devices of Toolbox Scripts,
page 227.
Note: You cannot specify a high-availability cluster as a target device of a Toolbox script.
Tip: If you select devices in the device pane Sites and Devices tree or Physical Containers tree and
then run a Toolbox script, the Selected list of target devices is populated automatically.
Tip: Once you have run a Toolbox script from the Toolbox dashboard, you can run the script again
using the same configuration as the last time. All you need to do is hover over the required script
and click the button.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Hover over the required script and click the button. The Run Script: <script name> tab
opens.
3. Do the following:
— In the Target Device List tab, specify the target devices. That is, select entries from the lists
and use the arrows to move the entries to the other lists as required. The Target Device List
tab contains the Available lists and the Selected lists of devices and Logical Groups (of
devices). The Available lists display the available devices and available Logical Groups. The
Selected device list displays the devices that the script runs on. The Selected Logical
Group list displays the Logical Groups with the devices that the script runs on.
— In the Parameters tab, configure the script-specific parameters.
Note: When a Logical Group is selected, the effective Target Device List dynamically
updates, according to the devices in the Logical Group. That is, when the device-set of a
Logical Group changes, the effective Target Device List changes accordingly. For more
information, see Using Logical Groups of Devices, page 199.
4. Click Submit. The Output Script: <script name> tab opens.
The Output Script: <script name> tab contains the following three fields:
— Status—The short status of the script, for example, Operation Completed.
— Output—The output that the script returned after a successful run.
— CLI Output—The full CLI output of the script.
Notes
— You can leave the Output Script: <script name> tab open and rerun the script. Having
multiple instances of the Output Script: <script name> tab enables you to compare the
results of multiple runs.
— The Run Script: <script name> tab open after a run, so you can go back and look at the
script parameters and compare them to the output. You can also rerun the same script, or
change parameters and then rerun it.
— Only one Run Script: <script name> tab can be open concurrently. If you want to run
another script, you need to close the Run Script: <script name> tab.
A device toolbar may display one or more icons that enable a device user to run a script. For more
information, see Configuring a Toolbox Script in APSolute Vision, page 246.
Note: When a Logical Group is selected, the effective Target Device List dynamically
updates, according to the devices in the Logical Group. That is, when the device-set of a
Logical Group changes, the effective Target Device List changes accordingly. For more
information, see Using Logical Groups of Devices, page 199.
3. Click Submit. The Output Script: <script name> tab opens.
The Output Script: <script name> tab contains the following three fields:
— Status—The short status of the script, for example, Operation Completed.
— Output—The output that the script returned after a successful run.
— CLI Output—The full CLI output of the script.
Notes
— You can leave the Output Script: <script name> tab open and rerun the script. Having
multiple instances of the Output Script: <script name> tab enables you to compare the
results of multiple runs.
— The Run Script: <script name> tab open after a run, so you can go back and look at the
script parameters and compare them to the output. You can also rerun the same script, or
change parameters and then rerun it.
— Only one Run Script: <script name> tab can be open at any one time. If you want to run
another script, you need to close the Run Script: <script name> tab.
To run a Toolbox script from the Operator Toolbox tab in the Advanced tree
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
3. Select the script, and click the (Run Script) button. The Run Script: <script name> tab
opens.
4. Do the following:
— In the Target Device List tab, specify the target devices. That is, select entries from the lists
and use the arrows to move the entries to the other lists as required. The Target Device List
tab contains the Available lists and the Selected lists of devices and Logical Groups (of
devices). The Available lists display the available devices and available Logical Groups. The
Selected device list displays the devices that the script runs on. The Selected Logical
Group list displays the Logical Groups with the devices that the script runs on.
— In the Parameters tab, configure the script-specific parameters.
Note: When a Logical Group is selected, the effective Target Device List dynamically
updates, according to the devices in the Logical Group. That is, when the device-set of a
Logical Group changes, the effective Target Device List changes accordingly. For more
information, see Using Logical Groups of Devices, page 199.
5. Click Submit. The Output Script: <script name> tab opens.
The Output Script: <script name> tab contains the following three fields:
— Status—The short status of the script, for example, Operation Completed.
— Output—The output that the script returned after a successful run.
— CLI Output—The full CLI output of the script.
Notes
— You can leave the Output Script: <script name> tab open and rerun the script. Having
multiple instances of the Output Script: <script name> tab enables you to compare the
results of multiple runs.
— The Run Script: <script name> tab open after a run, so you can go back and look at the
script parameters and compare them to the output. You can also rerun the same script, or
change parameters and then rerun it.
— Only one Run Script: <script name> tab can be open at any one time. If you want to run
another script, you need to close the Run Script: <script name> tab.
Notes
• For more information on scheduled tasks, including modifying Operator Toolbox tasks, see
Scheduling APSolute Vision and Device Tasks, page 305.
• APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each action—that is, whether the action succeeded or failed for each
target device.
• The configuration of the Toolbox script determines whether the target device must be locked for
the script to run. If the script requires device locking, when an Operator Toolbox task runs the
script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs,
and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox
task fails.
• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes
the device from the Target Device List and continues running the task.
• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision
disables the task.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Hover over the required script and click the button. The Add Toolbox Script tab opens. The
Task Type value is Operator Toolbox, and in the Configuration Template tab, the Selected
Script text box displays the filename of the selected script.
3. Configure the remaining parameters, which are described in Operator Toolbox Task—
Parameters, page 321, and click Submit.
Parameter Description
Name The name of the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Parameter Description
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Selected Script (Read-only) The script that is selected in the table—with the file name.
To select the script, click the script from the Action Title column.
The table contains all the Toolbox scripts that you have permission to run. The table comprises the
following columns: Action Title, File Name, and Category.
Note: When you change a selection, the parameters in the Parameters tab change accordingly.
Parameter Description
Note: This tab is available only when the script that is selected in the Configuration Template
tab includes configuration parameters.
The parameters for the selected script.
Parameter Description
Note: This tab is available only when the script that is selected in the Configuration Template
tab includes configuration parameters.
Parameter Description
The Available lists and the Selected lists of devices and Logical Groups (of devices of the
appropriate type). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical
Group list displays the Logical Groups that the Toolbox script runs on.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
Buttons for managing a script: Add, Edit (that is, its properties not the
script itself), Delete, and Download.
Run button—Runs the selected script and opens the Run Script
tab, where you specify the target devices and script-specific
values.
The table in the Operator Toolbox tab, which contains most of the default scripts configured in the
APSolute Vision server, comprises the following columns:
• Action Title—The title for the script.
• File Name—The file name of the script, which is a hyperlink to the script in the vDirect module.
You can edit the script in the user interface of the vDirect module.
• Description—The user-defined description of the script.
• Category—The category assigned to sort the script. When you click on the category node, the
Operator Toolbox tab displays only the scripts belonging to the category.
• Toolbar Icon—The icon that runs the script from the toolbar of a managed device. This is
relevant only when the Assign to Toolbar parameter is set in the script configuration.
• Device Toolbar—The device types whose toolbar displays an icon to run the script.
• Uploaded By—The username who uploaded the script to APSolute Vision.
• Upload Date—The date the script was uploaded to APSolute Vision.
In the Operator Toolbox tab, you can load the scripts from APSolute Vision or from vDirect. You can
run scripts from the Toolbox or from vDirect. Any change you to make to a script is reflected in both
locations. The vDirect module in APSolute Vision validates the scripts and hosts them in the vDirect
Configuration Templates tab. You can use vDirect to write new Toolbox scripts and then configure
them in APSolute Vision. If a script is already configured in APSolute Vision, you can click on its link,
which opens the script in vDirect—for you to view or modify as you require.
Note: For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect
with APSolute Vision, page 725, and the Radware vDirect documentation that corresponds to the
vDirect version in the APSolute Vision server. To find out the vDirect version, in the APSolute Vision
Settings view System perspective, select General Settings > Basic Parameters and look in the
Software tab.
Caution: See before you try running a script, see Prerequisites for Target Devices of Toolbox
Scripts, page 227.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
3. Select the script, and click the (Run Script) button. The Run Script: <script name> tab
opens.
4. Do the following:
— In the Target Device List tab, specify the target devices. That is, select entries from the lists
and use the arrows to move the entries to the other lists as required. The Target Device List
tab contains the Available lists and the Selected lists of devices and Logical Groups (of
devices). The Available lists display the available devices and available Logical Groups. The
Selected device list displays the devices that the script runs on. The Selected Logical
Group list displays the Logical Groups with the devices that the script runs on.
— In the Parameters tab, configure the script-specific parameters.
Note: When a Logical Group is selected, the effective Target Device List dynamically
updates, according to the devices in the Logical Group. That is, when the device-set of a
Logical Group changes, the effective Target Device List changes accordingly. For more
information, see Using Logical Groups of Devices, page 199.
5. Click Submit.
Note: For information on writing and editing Toolbox scripts (for example, setting default values),
see Writing and Editing Toolbox Scripts, page 249.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
3. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
4. Configure the parameters, and then click Submit.
Parameter Description
Action Title The title for the script.
Maximum characters: 255
File Name The .vm file. Browse to the file and select it.
Description The description of the script.
Maximum characters: 1000
Tooltip The tooltip that displays when you hover over the specified icon in the
device toolbar.
Maximum characters: 255
Category The category that determines which node (under the parent Operator
Toolbox node) contains the script. Specify a category for a script to
organize the script into a meaningful group, and make it easier to
locate. When you click on a category node, the Operator Toolbox tab
displays only the scripts belonging to that category.
Values:
• Configuration
• Data Export
• Emergency
• High Availability
• Monitoring
• Operations
• Unassigned
Default: Unassigned
Assign to Toolbar Specifies whether you can run the script from the toolbar of a managed
device.
Default: Disabled
Toolbar Icon The icon that you click to run the script from the toolbar of a managed
(This button is available device.
only when the Assign to
Toolbar checkbox is
selected.)
Parameter Description
Device Toolbar The device type whose toolbar displays the icon to click to run the
script.
Values: Alteon, LinkProof NG, DefensePro, All
Default: All
Assign to Dashboard Specifies whether you can run the script from the Toolbox dashboard.
Default: Disabled
Dashboard Icon The icon that you click to run the script from the Toolbar dashboard.
(This parameter is Note: The table in the Operator Toolbox Settings tab manages the
available only when the icons for the Toolbox dashboard (APSolute Vision Settings view
Assign to Dashboard System perspective, General Settings > Operator Toolbox
checkbox is selected.) Settings). For more information, see Managing Operator Toolbox
Settings, page 166.
Roles
Configure the Selected list with the RBAC roles that are allowed to run the script.
The Selected list always includes the roles Administrator, Vision Administrator, and System
User, and you cannot remove them.
Notes:
• The predefined roles are configured with the appropriate RBAC roles, by default.
• For more information on RBAC roles, see Role-Based Access Control (RBAC), page 85.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > Operator Toolbox.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).
4. Select the rows with the required scripts (using standard Windows key combinations).
Toolbox scripts are text files with the .vm extension, which use vDirect syntax. You can write new
scripts, and you can edit existing scripts according to your requirements. For example, if you need to
run a script repeatedly with the same values, you can edit the script and define default values for
parameters.
Caution: If you intend to run a predefined script often, you may want to modify its default
configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts,
which overwrite any script modifications that you have made to the predefined scripts. If you modify
a predefined script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script.
Notes
• The predefined scripts incorporate the guidelines as appropriate. For example, using
#haltOnDeviceError is not incorporated in a script that uses a GET command, and
#require_device_lock=false is included in script that makes no change to a device
configuration.
• For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect with
APSolute Vision, page 725, and the Radware vDirect documentation that corresponds to the
vDirect version in the APSolute Vision server. (To identify the vDirect version, in the APSolute
Vision Settings view System perspective, select General Settings > Basic Parameters and
look in the Software tab.)
The following is an excerpt of a script that includes an output parameter, so that the
APSolute Vision alert message displays the output of the script formatted well and clearly.
The Workflows dashboard displays vDirect workflows that are stored in the APSolute Vision vDirect
Workflow Templates repository. The Workflow Templates repository is under the vDirect Inventory
tab.
Notes
• You can access vDirect from the from the APSolute Vision sidebar menu ( Applications >
vDirect).
• For general information on using vDirect with APSolute Vision, see Using vDirect with APSolute
Vision, page 725.
• Many or the default workflows in the Workflows dashboard are AppShape™ templates in vDirect
form. AppShape templates accelerate, simplify, and optimize the configuration of Alteon ADC
devices for deployments of various applications. For more information, see Using AppShape
Templates and Instances, page 264.
• You can filter the workflows displayed in the dashboard by entering appropriate text in the filter
box.
A vDirect workflow that you add to the Workflows dashboard—or retrieve from the APSolute Vision
vDirect Workflow Templates repository—is a .zip file. A workflow .zip file contains a
workflow.xml file and may include other items, such as a PNG graphic for the icon displayed in the
Workflows dashboard.
Creating and modifying vDirect workflow files is not within the scope of the APSolute Vision
documentation. For more information, refer to the Radware vDirect documentation that corresponds
to the vDirect version in the APSolute Vision server. To determine the vDirect version, in the
APSolute Vision Settings view System perspective, select General Settings > Basic Parameters
and look in the Software tab.
Note: If the workflow does not include a PNG graphic for the icon, APSolute Vision uses a
default graphic.
If there are no active instances of a workflow, you can delete the workflow from the dashboard.
Notes
• In DefensePro 8.x versions 8.17.2 and later display, the Configuration perspective displays the
Protections tab, and the tab includes the Protection Policies node. In 6.x versions, 7.x versions,
and 8.x versions earlier than 8.17.2, the tab is labeled Network Protection, and the tab includes
the Network Protection Policies node.
• The Server Protection feature is available only in DefensePro 6.x and 7.x versions.
A template from a (Network) Protection policy can include the baselines from the associated DNS
and/or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:
• DefensePro setup and network configuration—For example, device time, physical ports,
and so on.
• DefensePro security settings—The protections that a policy template uses must be
supported and enabled globally in the target DefensePro device (that is, the target DefensePro
device into which you are importing the policy template). For example, if you export a Protection
policy that includes a BDoS Protection profile, the DefensePro device into which you are
importing the policy template must have BDoS Protection enabled globally (Configuration
perspective, Setup > Security Settings > BDoS Protection > Enable BDoS Protection).
• User-defined signatures.
• The configuration of user-defined SYN Flood Protections in the SYN Flood Protection
profile.
Caution: If you export a configuration that includes any user-defined SYN Flood Protection in
the SYN Flood Protection profile, the configuration template will include the value(s) of the
Protection Name parameter, but will not include the associated configuration(s). Importing
such a configuration template will fail if the target DefensePro device does not include the user-
defined SYN Flood Protections with the same names.
Caution: If the imported BDoS baseline or DNS baseline is below the minimum value in the
configuration of the corresponding profile, after an Update Policies action, DefensePro recalculates
the baseline or baselines according to the configuration of the profile. (For information on the
configuration of profiles, see Configuring BDoS Profiles, page 1726 and Configuring DNS Flood
Protection Profiles, page 1758.)
Notes
• The terms Protection policy, Network Protection policy, and network policy may be used
interchangeably in APSolute Vision and in the documentation.
• You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.
• You can import Network Protection policies from DefensePro platforms running supported 7.x
versions only into other platforms running supported 7.x versions.
• You can import Protection policies from DefensePro platforms running supported 8.x versions
only into other platforms running supported 8.x versions.
• You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.
• You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
• APSolute Vision provides a predefined Toolbox script for exporting and importing DefensePro
configurations, DefensePro Export/Import Policies. For more information, see Using and
Managing Toolbox Scripts, page 221.
To export a Protection policy as a template in DefensePro 8.x versions 8.17.2 and later
1. In the Configuration perspective, select Protections > Protection Policies.
2. Select the Protection policy that you want to export, and click (Export).
3. Configure the parameters, and then click Submit.
Parameter Description
Download To Values:
• APSolute Vision Client—DefensePro exports the template to the
location specified (in the dialog box that opens after you click
Submit) in the filepath or by browsing to the location with the
Browse button.
• APSolute Vision Server—DefensePro exports the template to the
APSolute Vision database.
Default: Server
Parameter Description
Save As The filepath when Download To is APSolute Vision Client or the
filename when Download To is APSolute Vision Server.
The default filename uses the following format (with no extension):
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2016.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved on the server as a ZIP file; and on the local host, the file
is saved as a TXT file.
Export Policy and Profiles
Policy Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
Anti-Scanning Specifies whether DefensePro exports the template with the current
Whitelisted Objects whitelisted objects of the Anti-Scanning profile of the policy.
Default: Enabled
Custom Signature Specifies whether DefensePro exports the template with the current
Profile custom (user-defined) Signature Protection profile of the policy.
Default: Enabled
Traffic Filters Profile Specifies whether DefensePro exports the template with the current
Traffic Filters profile of the policy.
Default: Enabled
Export Baselines
BDoS Baseline Specifies whether DefensePro exports the template with the current BDoS
baseline of the policy.
Default: Enabled
DNS Flood Protection Specifies whether DefensePro exports the template with the current DNS
Baseline Flood Protection baseline of the policy.
(In DefensePro Default: Enabled
versions earlier than
8.18, the label for this
parameter is DNS
Baseline.)
HTTPS Flood Protection Specifies whether DefensePro exports the template with the current
Baselines HTTPS Flood Protection baselines of the policy.
(This parameter is Default: Enabled
available only in
DefensePro versions
8.18 and later.)
To export a Network Protection policy as a template in 6.x versions, 7.x versions, and 8.x
versions earlier than 8.17.2
1. In the Configuration perspective, select Network Protection > Network Protection Policies.
2. Select the Network Protection policy that you want to export, and click (Export).
3. Configure the parameters, and then click Submit.
Parameter Description
Download To Values:
• Client—DefensePro exports the template to the location specified (in
the dialog box that opens after you click Submit) in the filepath or by
browsing to the location with the Browse button.
• Server—DefensePro exports the template to the APSolute Vision
database.
Default: Server
Download Via (Read-only) The transport method.
Value: HTTPS
Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
DNS Baseline Specifies whether DefensePro exports the template with the current DNS
baseline of the policy.
Default: Enabled
BDoS Baseline Specifies whether DefensePro exports the template with the current BDoS
baseline of the policy.
Default: Enabled
Custom Signature Specifies whether DefensePro exports the template with the current
Profile custom (user-defined) Signature Protection profile of the policy.
Default: Enabled
Traffic Filters Profile Specifies whether DefensePro exports the template with the current
Traffic Filters profile of the policy.
Default: Enabled
Anti-Scanning Specifies whether DefensePro exports the template with the current
Whitelisted Objects whitelisted objects of the Anti-Scanning profile of the policy.
Default: Enabled
Parameter Description
Save As The filepath when Download To is Client or the filename when
Download To is Server.
The default filename uses the following format (with no extension):
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2016.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved on the server as a ZIP file; and on the local host, the file
is saved as a TXT file.
2. Select the policy that you want to export, and click (Export).
3. Configure the parameters, and then click Submit.
Parameter Description
Download To Values:
• Client—DefensePro exports the template to the location specified in
the filepath or by browsing to the location with the Browse button.
• Server—DefensePro exports the template to the APSolute Vision
database.
Default: Server
Download Via (Read-only) The transport method.
Value: HTTPS
Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
HTTP Baseline Specifies whether DefensePro exports the template with the current HTTP
baseline of the policy.
Default: Enabled
Parameter Description
Save As The filepath when Download To is Client or the filename when
Download To is Server.
The default filename uses the following format (with no extension):
<DeviceName>__<PolicyName>_<date>_<time>
Example:
MyDefensePro__MyPolicy_2015.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Date and Time
Format.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
Parameter Description
Source Device Name Values:
• Device name—Shows only the templates downloaded from the
selected device.
• Local—Shows only the templates uploaded from the local PC.
• System—Shows only the predefined templates.
Default: All
File Type Values:
• Server Protection (not relevant for DefensePro 8.x versions)—
Shows the templates from Server Protection policies.
• Network Protection—Shows the templates Protection policies.
File Name The filename that the filter uses. The value supports one or two
wildcards (*).
Examples:
• *pol* —Shows any filename containing the string pol.
• *pol —Shows any filename ending with the string pol.
• pol* —Shows any filename starting with the string pol.
To clear the template-list filter and show all of the stored templates
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Click Clear.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).
4. Select the rows with the required templates (using standard Windows key combinations).
5. Select Send to Devices.
6. Configure the parameters, and then click Submit.
Parameter Description
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices to update. The Selected Logical Group list
displays the Logical Groups with the devices to update.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Notes:
• The Available device list can contain only the devices that support the templates features.
• When a Logical Group is selected, the effective Target Device List dynamically updates,
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Update Method Values:
• Append to Existing Configuration—The template adds the policy
and profile configurations, and any baselines, to the devices in the
Selected lists. The template does not overwrite any existing
configuration. For example, if a policy name exists in a target
device, the policy on the target device does not get changed.
• Overwrite Existing Configuration—The template adds the policy
and profile configurations, and any baselines, to the devices in the
Selected lists. If a policy or profile with the same name exists in
a target device, the template overwrites it.
Default: Overwrite Existing Configuration
Caution: For the update behavior when the policy template
includes a user-defined profile (User-Defined Signature
Protection Profile, Custom Signature Profile, or Traffic Filters
Profile), see Update Behavior Using DefensePro Configuration
Templates with User-Defined Profiles, page 262.
Install on Instance The identifier or the DefensePro hardware instance onto which to add
(This parameter is relevant the template.
only for DefensePro x420 Values: 0, 1
platforms.) Default: 0
Update Policies After Values:
Sending Configuration • Enabled—After successfully uploading a template to a device, an
Update Policies (activate latest changes) action is automatically
initiated.
• Disabled—After successfully uploading a template to a device, an
Update Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled
• When the Update Method is Append to Existing Configuration and the policy does not exist,
but a user-defined profile name exists in the target device, the policy is created in the target
device using the existing profile.
• When the Update Method is Overwrite Existing Configuration and the user-defined profile
name exists in the target device, the policy is created or modified (if it exists already), but the
template does not modify the rules or attributes of the existing profile—the template only
extends the profile with new rules and attributes on the target device.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).
4. Select the rows with the required templates (using standard Windows key combinations).
5. Select Delete from Devices.
6. Configure the parameters, and then click Submit.
Parameter Description
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices to update. The Selected Logical Group list
displays the Logical Groups with the devices to update.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Notes:
• The Available device list can contain only the devices that support the templates features.
• The Selected device list can contain only DefensePro devices running 6.x versions 6.14 and
later, 7.x versions 7.41.02 and later, or 8.x versions 8.10 and later.
• When a Logical Group is selected, the effective Target Device List dynamically updates,
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Table 95: Delete from Devices: Select Devices to Update Parameters (cont.)
Parameter Description
Update Policies After Values:
Sending Configuration • Enabled—After successfully deleting the templates and associated
configuration objects from a device, an Update Policies (activate
latest changes) action is automatically initiated.
• Disabled—After successfully deleting the templates and
associated configuration objects from the devices, an Update
Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
Parameter Description
File Type Values:
• Server Protection—The template defines a Server Protection policy (not
relevant for DefensePro 8.x versions).
• Network Protection—The template defines a Protection policy.
Upload From The filepath of the template. Click Browse to browse to the directory and
select the file.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).
4. Select the rows with the required templates (using standard Windows key combinations).
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).
4. Select the rows with the required templates (using standard Windows key combinations).
AppShape templates configure all the required ADC options tailored and optimized for the selected
business application. With APSolute Vision, you can create instances of AppShape templates from
one single configuration pane with a small set of parameters.
AppShape configures the full, optimal Server Load Balancing (SLB) configuration for the selected
business application, which comprises:
• Real servers
• Server groups
• Virtual servers
• Virtual services
• Application services—such as (depending on the selected business application) health check,
FastView optimized caching, compression, connection management, or acceleration
Users with the Administrator role can manage the AppShape templates.
Users with following roles can create AppShape instances on Alteon devices:
• Administrator
• ADC + Certificate Administrator
• ADC Administrator
• Device Administrator
• System User
• Vision Administrator
To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run
CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH
must be enabled in the Management Protocols pane (Configuration perspective, System >
Management Access > Management Protocols). And, the SSH port configured in the
Management Protocols pane must be the same as the value in the SSH Port text box in the Device
Properties pane. (The Device Properties pane opens from the Sites and Devices tree when you add a
new device or edit device properties.)
To view the basic parameters of AppShape instances that the APSolute Vision server is
managing
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > AppShapes.
Parameter Description
AppShape Type The AppShape type.
Name The name of the AppShape instance.
Note: You can change the name in the configuration of the
instance on the device.
Device Name The name of the device on which the AppShape instance is deployed.
Virtual Address The virtual IP address of the service.
Valid Configuration The latest-known status that specifies whether the AppShape
instance is synchronized with the AppShape template.
Last Validation The last time that the configuration of the device was synchronized
with the AppShape template.
You can filter the display of the AppShapes Service table according to the values in any column. The
filter is either a drop-down list or a text box. If the filter is a text box, the result is a case-insensitive
match of a string that the specified string in the value. After you configure the filter criteria, to apply
the filter, click the button to apply the filter. Click Clear to cancel the filter.
The nodes under the AppShapes node display, by default, the instances of the corresponding
AppShape type.
Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the
default of most AppShape types), configure the SSL certificate before you configure the AppShape
instance (Configuration perspective, Application Delivery > Application Services > SSL >
Certificate Repository).
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
> Select the row with the AppShape instance and click (Validate AppShape Instance).
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > AppShapes.
3. Select the row with the instance whose configuration you want to view or modify, and then, click
Caution: If you upload an AppShape template type that already exists in the APSolute Vision
server, before proceeding, and overwriting the existing template, Radware recommends strongly
that you remove existing instances of the template. If you overwrite the existing template and there
are existing instances of this template, unexpected results may occur.
Note: The online help that includes the description of the new AppShape template type will be in
the online-help files at radware.com and the latest online-help package. The APSolute Vision
administrator can configure whether the online help comes from the APSolute Vision server or from
radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary with the latest online-help package.
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. Select Advanced > AppShapes.
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Common
Web Application—AppShape-generated Configuration, page 769.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Common Web Application.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter Description
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Enabled
Proxy IP Opens the Proxy IP pane.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Parameter Description
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Citrix
XenDesktop—AppShape-generated Configuration, page 771.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Citrix XenDesktop.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
StoreFront Virtual Address The virtual IP address of the StoreFront service.
DDC Virtual Address The virtual IP address of the DDC service.
Parameter Description
Citrix StoreFront Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Citrix DDC Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
StoreFront
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: tcp
Parameter Description
DDC
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: tcp
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Disabled
PIP Table Opens the Proxy IP pane.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Tip: If you are using DefensePro version 8.x, use the DefenseSSL Quick Setup Operator Toolbox
script. For more information, see Using and Managing Toolbox Scripts, page 221.
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see
DefenseSSL—AppShape-generated Configuration, page 773.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select DefenseSSL.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Parameter Description
Address The IP address for the ARP entry.
MAC Address The MAC address for the ARP entry.
VLAN The VLAN for the ARP entry.
Values: 1–4090
Port The port for the ARP entry.
The range of valid values depends on the device on which you are
deploying the AppShape instance.
Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
External Clients
Ethernet
DMZ
Ethernet
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
10/100 PWR
PWR
FAN
ACT LINK ACT LINK ACT LINK ACT LINK
SYS OK
Alteon.active.device
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
192.168.1.1/24
10/100
PWR
PWR
FAN
ACT LINK ACT LINK ACT LINK ACT LINK
SYS O K
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers Mail Box Servers DAG Exchange SMTP application servers Active Directory
(client access servers) (not part of the AppShape configuration ) (HUB transport) (not part of the AppShape configuration )
192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.35 192.168.1.36 192.168.1.10
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2010—AppShape-generated Configuration, page 774.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Microsoft Exchange 2010.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 116: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
RPC Client Access The static port for the RPC Client Access Service.
Values: 10–65535
Default: 135
RPC Endpoint Mapper The port for the RPC Endpoint Mapper.
Values: 10–65535
Default: 59532
Exchange Address Book The port for the Exchange Address Book.
Values: 10–65535
Default: 59533
POP3 The port for the associated POP3 server.
This parameter is optional.
Values: 10–65535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 110
Secured Specifies whether the POP3 server uses a secured port.
Default: Enabled
IMAP4 (Optional) The port for the associated IMAP4 server.
This parameter is optional.
Values: 10–65535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 143
Secured Specifies whether the IMAP4 server uses a secured port.
Default: Enabled
Parameter Description
Exchange CAS Application Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
Exchange SMTP Application Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
CAS
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
SMTP Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: smtp
1 – If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits.
Parameter Description
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Disabled
Parameter Description
Proxy IP Opens the Proxy IP pane.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
External Clients
Ethernet
DMZ
Ethernet
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
10/100 PWR
PWR
FAN
ACT LINK ACT LINK ACT LINK ACT LINK
SYS OK
192.168.1.1/24
10/100
PWR
PWR
FAN
ACT LINK ACT LINK ACT LINK ACT LINK
SYS OK
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers Mail Box Servers DAG Exchange IMAP application servers Exchange POP3 application servers Active Directory
(client access servers) (not part of the AppShape configuration ) (not part of the AppShape configuration )
192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.35 192.168.1.36 192.168.1.37 192.168.1.38 192.168.1.10
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2013—AppShape-generated Configuration, page 777.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Microsoft Exchange 2013.
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 123: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Exchange CAS Application Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Exchange IMAP Application Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
Exchange POP3 Application Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
CAS
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
IMAP Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Round Robin
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: imap
POP3 Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Round Robin
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: pop3
1 – If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits.
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link External—AppShape-generated Configuration, page 779.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Microsoft Lync External.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 129: Microsoft Lync External: Microsoft Lync External Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f
format, that the configuration device was synchronized
with the AppShape template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Edge AV HTTPS Virtual Address The text box contains the virtual IP address of the edge
audio-visual service, and the checkbox specifies whether
the service is enabled.
Edge Meeting HTTPS Virtual Address The text box contains the virtual IP address of the edge
Meeting service, and the checkbox specifies whether the
service is enabled.
Edge IM HTTPS Virtual Address The text box contains the virtual IP address of the edge
instant-messaging service, and the checkbox specifies
whether the service is enabled.
Edge SIP HTTPS Virtual Address The text box contains the virtual IP address of the edge
SIP service, and the checkbox specifies whether the
service is enabled.
CWA Virtual Address The text box contains the virtual IP address of the
Communicator Web Access (CWA) server, and the
checkbox specifies whether the service is enabled.
Parameter Description
SIP Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
IM Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
CWA Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Meeting Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
AV Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync
External Instance Parameters, page 284 table.
Edge HTTPS SIP (443) Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Table 131: Microsoft Lync External: Load Balancing Settings Parameters (cont.)
Parameter Description
Edge IM (443) Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Edge Meeting (443) Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Edge CWA Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Edge AV (443) Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
1 – If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Link Internal—AppShape-generated Configuration, page 782.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Microsoft Lync Internal.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 133: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format,
that the configuration device was synchronized with the
AppShape template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Front-End Virtual Address The text box contains the virtual IP address of the front end, and
the checkbox specifies whether the address is used.
Edge Internal Virtual Address The text box contains the virtual IP address of the internal edge,
and the checkbox specifies whether the address is used.
Directors Virtual Address The text box contains the virtual IP address of the directors, and
the checkbox specifies whether the address is used.
CWA Virtual Address The text box contains the virtual IP address of the Communicator
Web Access (CWA) server, and the checkbox specifies whether the
address is used.
Parameter Description
Real Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Edge Internal Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Director Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
CWA Servers
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal
Instance Parameters, page 287 table.
Front-End Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Table 135: Microsoft Lync Internal: Load Balancing Settings Parameters (cont.)
Parameter Description
Edge Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Directors Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
Edge CWA Settings
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: TCP
1 – If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Compression Specifies whether compression is enabled on the Communicator Web
Access (CWA) servers.
Default: Enabled
Domain Name The CWA domain name.
Example: https://cwa.lyncmycompany.com
Note: Internally, APSolute Vision forces the prefix of the domain
name to be https. For example, if you enter
http://cwa.lyncmycompany.com or just
cwa.lyncmycompany.com, APSolute Vision configures the value in
Alteon as
https://cwa.lyncmycompany.com.
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Parameter Description
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle E-
Business—AppShape-generated Configuration, page 791.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Oracle E-Business.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
Oracle E-Business server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Least Connections
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Parameter Description
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
SOA Suite 11g—AppShape-generated Configuration, page 792.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Oracle SOA Suite 11g.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 145: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Customer VIP The virtual IP address of the customer.
Internal SOA Services VIP The virtual IP address of the internal SOA services.
Management Access VIP The virtual IP address of the management access.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
Oracle SOA Suite 11g server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Table 147: Oracle SOA Suite 11g: Load Balancing Settings Parameters
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Least Connections
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter Description
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
WebLogic 12c—AppShape-generated Configuration, page 794.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Oracle WebLogic 12c.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 151: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
Oracle WebLogic 12c server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2010—AppShape-generated Configuration, page 795.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select SharePoint 2010.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
SharePoint 2010 server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Parameter Description
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Enabled
Domain Name The domain for of the SharePoint 2010 server.
Maximum characters: 34
Proxy IP Opens the Proxy IP pane.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2013—AppShape-generated Configuration, page 797.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select SharePoint 2013.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
SharePoint 2013 server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Domain Name The domain for of the SharePoint 2013 server.
Maximum characters: 34
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Parameter Description
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware
View 5.1—AppShape-generated Configuration, page 799.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select VMware View 5.1.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Table 169: VMware View 5.1: VMware View 5.1 Instance Parameters
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
VMware View 5.1 server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Persistent Hash
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra—
AppShape-generated Configuration, page 800.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
2. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
3. Select Advanced > AppShapes.
4. Select Zimbra.
5. Do one of the following:
— To edit an entry in the table, select the entry and click the (Edit) button.
6. Configure the parameters, and click Submit.
Parameter Description
AppShape Type The specified AppShape type.
Device Name The name of the device on which the AppShape instance is deployed.
Parameter Description
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.
Maximum characters: 100
Virtual Address The virtual IP address of the service.
Parameter Description
Address/Port table Contains the addresses and ports of each real server configured for the
Zimbra server.
To edit an entry in the table, select the entry and click the (Edit)
button.
Parameter Description
SLB Metric The SLB metric used to select next server in the group.
Default: Persistent Hash
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Parameter Description
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Parameter Description
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
checkbox is selected.)
Overview of Scheduling
You can schedule various operations for the APSolute Vision server and managed devices. Scheduled
operations are called tasks.
The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be
performed next. When you configure a task for multiple devices, the task runs on each device
sequentially. After the task completes on one device, it begins on the next. If the task fails to
complete on a device, the Scheduler will activate the task on the next listed device.
Select the Scheduler item ( ) from the APSolute Vision sidebar menu to display the Scheduler
pane.
Figure 58: Scheduler Item (Selected) in the APSolute Vision Sidebar Menu
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision
server or the managed device, take the time offset into consideration.
When you define a task, you can choose whether to enable or disable the task. All configured tasks
are stored in the APSolute Vision database.
You can define the following types of scheduled tasks:
• Back up the APSolute Vision server configuration
• Back up a device configuration
• Back up the APSolute Vision Reporter data
• Reboot a device
• Update the Radware security signature file onto a DefensePro device from radware.com or the
proxy server
• Update the fraud signature file onto a DefensePro device from radware.com or the proxy server
• Update the APSolute Vision Attack Description file from radware.com or the proxy server
• Run an Operator Toolbox script
• Retrieve the ERT IP Reputation Feed file for Alteon from the Radware domain, and upload the
feed to selected Alteon devices.
• Retrieve the ERT Active Attackers Feed (EAAF) for DefensePro from the Radware domain, and
upload the feed to selected DefensePro devices.
• Retrieve the Geolocation feed for DefensePro from the Radware domain, and upload the feed to
selected DefensePro devices.
Note: You can perform some of the operations manually, for example, from the APSolute Vision
Settings view System perspective, or from the Operations options
( ).
Note: For more information on filtering table rows, see Filtering Table Rows, page 81.
Parameter Description
Task Type The type of task to be performed.
Name The name of the configured task.
Description The user-defined description of the task.
Current Status The current status of the task.
Values: Waiting, In progress
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task is saved in the database.
Parameter Description
Last Execution Status Whether the last task run was successful. When the task is disabled or
has not yet started, the status is Never Executed.
Values:
• Failure
• Never Executed
• Success
• Warning
Last Execution Time The date and time of the last task run. When the task is disabled or has
not yet started, this field is empty.
Next Execution Time The date and time of the next task run. When the task is disabled, this
field is empty.
Run The frequency at which the task runs; for example, daily or weekly. The
schedule start date is displayed, if it has been defined.
Values:
• Daily
• Minutes
• Once
• Weekly
1. Select the Scheduler item ( ) from the APSolute Vision sidebar menu. The Scheduler pane
opens. The Task List table displays information for each scheduled task.
2. Do one of the following:
— To add an entry to the table, click the (Add) button. Then, select the type of task, and
click Submit. The dialog box for the selected task type is displayed.
— To edit an entry in the table, select the entry and click the (Edit) button.
3. Configure task parameters, and click Submit. All task configurations include basic parameters
and scheduling parameters. Other parameters depend on the task type that you select. Some
tasks that APSolute Vision exposes are non-operational/irrelevant for certain products and/or
versions. For more information, see the description of the relevant task parameters in Task
Parameters, page 308.
1. Select the Scheduler item ( ) from the APSolute Vision sidebar menu. The Scheduler pane
opens. The Task List table displays information for each scheduled task.
2. Select the required task, and click the (Run Now) button.
Task Parameters
The following sections describe the parameters for Scheduler tasks:
• APSolute Vision Configuration Backup—Parameters, page 308
• APSolute Vision Reporter Backup—Parameters, page 311
• Update Security Signature Files—Parameters, page 313
• Update Fraud Security Signatures—Parameters, page 314
• Update Attack Description File—Parameters, page 316
• Device Configuration Backup—Parameters, page 317
• Device Reboot Task—Parameters, page 319
• Operator Toolbox Task—Parameters, page 321
• ERT Active Attackers Feed for DefensePro—Parameters, page 323
• ERT IP Reputation Feed for Alteon—Parameters, page 326
• Geolocation Feed—Parameters, page 327
Note: Some tasks that APSolute Vision exposes are non-operational and/or irrelevant for certain
DefensePro versions.
Notes
• The storage location is, by default, a hard-coded location in the APSolute Vision server.
• For information on managing the backups using the CLI, see System Commands, page 662.
• Restoring the configuration is performed using the CLI. For more information, see system
backup config restore, page 669.
• APSolute Vision stores up to five configuration-backup iterations in the storage location. After
the fifth configuration-backup, APSolute Vision deletes the oldest one.
• The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
• The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Current Status (Read-only) The current status of the task.
Values: Waiting, In progress
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date 5 The date and time at which the task is activated.
Start Time5
Parameter Description
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Backup Configuration To The destination of the backup configuration files.
Values:
• APSolute Vision Server
• APSolute Vision and External Location
Default: APSolute Vision Server
Protocol1 The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
Backup File Name1 The name of the backup, up to 64 characters, with no spaces. Only
alphanumeric characters and underscores (_) are allowed.
Notes
• For information on managing the backups using the CLI, see System Commands, page 662.
• Restoring the data is performed using the CLI. For more information, see system backup config
restore, page 669.
• APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage
location. After the third reporter-backup, the system deletes the oldest one.
• The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
• The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Parameter Description
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Backup Configuration To The destination of the backup configuration files.
Values:
• APSolute Vision Server
• APSolute Vision and External Location
Default: APSolute Vision Server
1
Protocol The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
Parameter Description
Backup File Name1 The name of the backup, up to 64 characters, with no spaces. Only
alphanumeric characters and underscores (_) are allowed.
Caution: The Security Update Service (SUS) requires APSolute Vision communication with
services.radware.com. You may configure APSolute Vision communication with
services.radware.com through your own proxy server.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Parameter Description
Minutes3 The interval, in minutes, at which the task runs.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date 5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the devices whose Radware signature files this task updates. The
Selected Logical Group list displays the Logical Groups with the devices whose Radware signature
files this task updates.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Caution: This feature is operational only in DefensePro 6.x versions and 7.x versions 7.42.09 and
later.
Note: The frequency range for the Update Fraud Security Signatures task is 10–60 minutes.
The default interval is 60 minutes.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run (Read-only) The frequency unit at which the task runs.
Value: Minutes
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Minutes The frequency, in minutes, at which the task runs.
Values: 10–60
Default: 60
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely,
with no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Parameter Description
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices whose fraud signature files this task
updates. The Selected Logical Group list displays the Logical Groups with the devices whose fraud
signature files this task updates.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 118. For more information, see Using Logical Groups of Devices,
page 199.
Caution: In Radware DefensePro DDoS Mitigation for Cisco Firepower, this feature is non-
operational.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date5 The date and time at which the task is activated.
Start Time5
Table 194: Update Vision's Attack Description File: Schedule Parameters (cont.)
Parameter Description
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision
server. You can change this parameter in the APSolute Vision Setup tab.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Parameter Description
Minutes3 The interval, in minutes, at which the task runs.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date 5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Include Private Keys Specifies whether to include the certificate private key information in the
configuration file in devices that support private keys.
Default: Disabled
Parameter Description
Backup Configuration The destination of the backup configuration files.
To Values:
• APSolute Vision Server
• External Location
Default: APSolute Vision Server
Parameter Description
Protocol1 The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
Backup File Name1 The name of the backup, up to 64 characters, with no spaces. Only
alphanumeric characters and underscores (_) are allowed.
Parameter Description
The Available lists and the Selected lists of devices and Logical Groups (of devices). The
Available lists display the available devices and available Logical Groups. The Selected device list
displays the devices whose configurations this task backs up. The Selected Logical Group list
displays the Logical Groups with the devices whose configurations this task backs up.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Parameter Description
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
The Available lists and the Selected lists of devices and Logical Groups (of devices). The
Available lists display the available devices and available Logical Groups. The Selected device list
displays the devices that this task reboots. The Selected Logical Group list displays the Logical
Groups with the devices that this task reboots.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Notes
• For more information on Toolbox scripts, see Using and Managing Toolbox Scripts, page 221.
• The scope configured for an APSolute Vision user determines the managed devices that the
Operator Toolbox task displays. (For more information, see Managing APSolute Vision Users,
page 83.)
• APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each action—that is, whether the action succeeded or failed for each
target device.
• The configuration of the Toolbox script determines whether the target device must be locked for
the script to run. If the script requires device locking, when an Operator Toolbox task runs the
script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs,
and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox
task fails.
• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes
the device from the Target Device List and continues running the task.
• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision
disables the task.
Parameter Description
Name The name of the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date 5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Selected Script (Read-only) The script that is selected in the table—with the file name.
To select the script, click the script from the Action Title column.
The table contains all the Toolbox scripts that you have permission to run. The table comprises the
following columns: Action Title, File Name, and Category.
Note: When you change a selection, the parameters in the Parameters tab change accordingly.
Parameter Description
Note: This tab is available only when the script that is selected in the Configuration Template
tab includes configuration parameters.
The parameters for the selected script.
Parameter Description
Note: This tab is available only when the script that is selected in the Configuration Template
tab includes configuration parameters.
The Available lists and the Selected lists of devices and Logical Groups (of devices of the
appropriate type). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical
Group list displays the Logical Groups that the Toolbox script runs on.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Using the ERT Active Attackers Feed for DefensePro task requires a valid ERT Active Attackers Feed
subscription. You can view subscription information in the APSolute Vision Device Subscriptions table
(APSolute Vision Settings view System perspective, Device Resources > Device Subscriptions).
For more information on the Device Subscriptions table, see Viewing Device Subscriptions,
page 168.
Caution: The ERT Active Attackers Feed for DefensePro requires APSolute Vision communication
with services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple
Storage Service (Amazon S3). You may configure APSolute Vision communication with
services.radware.com through your own proxy server.
Caution: SSH must be enabled on the selected DefensePro devices for the ERT Active Attackers
Feed for DefensePro task to run. (You can enable SSH on DefensePro in the Configuration
perspective, under Setup > Device Security > Access Protocols> SSH Parameters > Enable
SSH.)
Caution: The task updates each selected DefensePro device sequentially, and if the task fails on
one device, the task-run does not continue. For example, suppose the task is configured with three
selected DefensePro devices, A, B, and C. The task succeeds on device A. The task fails on device B,
and stops. The task does not try to update device C.
Notes
• DefensePro devices running 7.x versions 7.42.12 and later, and 8.x versions 8.17–8.18 parse
only the first IP addresses from the feed—according to the current available capacity on the
device. The current available capacity is the platform capacity minus the number of manual
Black List entries.
• The ERT Active Attackers Feed node of the Security Control Center shows information about
DefensePro devices that were updated with the ERT Active Attackers Feed in the last run of the
ERT Active Attackers Feed for DefensePro scheduled task. To open the Security Control Center,
in the APSolute Vision sidebar menu, click , and then select Security Control Center >
ERT Active Attackers Feed. For more information, see ERT Active Attackers Feed Information
in the Security Control Center, page 569.
Caution: ] On DefensePro devices running 6.x versions, 7.x versions earlier than 7.42.12, and 8.x
versions earlier than 8.17, the task fails if there is not enough space in the Black List module for the
IP address in the feed. DefensePro devices running 7.x versions 7.42.12 and later, and 8.x versions
8.17–8.18
Caution: For DefensePro devices running 6.x versions, 7.x versions, or 8.x versions earlier than
8.19, if the device on which the task is running is near maximum capacity (for example, more than
90% capacity for Black List rules) and an Update Policies action is initiated, the task does not
complete the update.
Table 208: ERT Active Attackers Feed for DefensePro: General Parameters
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Table 208: ERT Active Attackers Feed for DefensePro: General Parameters (cont.)
Parameter Description
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Table 209: ERT Active Attackers Feed for DefensePro: Schedule Parameters
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• 1 Hour
• 3 Hours
• 6 Hours
• 12 Hours
• Daily
Default: 3 Hours
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Run Always Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely,
with no start or end time, at the frequency specified in Run box.
• Disabled—The task runs (at the frequency specified in the Run box
tab) from the specified Start Date at the Start Time until the End
Date at the End Time.
Default: Enabled
Start Date 1 The date and time at which the task is activated.
Start Time1
End Date1 The date and time after which the task no longer runs.
End Time1
1 – This parameter is available only when the Run Always checkbox is cleared.
Table 210: ERT Active Attackers Feed for DefensePro: Target Device List
Parameter Description
Allow Device Updates During Attacks Specifies whether the task tries to update a device also
when the device is mitigating an attack.
Default: Disabled
Caution: Updating a device with the ERT Active
Attackers Feed includes running the Update Policies
action. Therefore, updating a device with the ERT Active
Attackers Feed when DefensePro is handling an attack
may cause attack leakage.
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices whose Black List rules this task updates. The
Selected Logical Group list displays the Logical Groups with the devices whose Black List rule files
this task updates.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Caution: Port 443 must be open on the APSolute Vision server and Alteon devices for this task to
run successfully.
Caution: The ERT IP Reputation Feed for Alteon requires APSolute Vision communication with
services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple Storage
Service (Amazon S3). You may configure APSolute Vision communication with services.radware.com
through your own proxy server.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs every five minutes after the first request by
an Alteon for the ERT IP Reputation Feed. Disabled tasks are not
activated, but the task configuration is saved in the database.
Geolocation Feed—Parameters
The Geolocation Feed task retrieves the Geolocation feed from the Radware domain, and uploads
the feed to selected DefensePro devices.
Note: DefenseFlow can use an associated DefensePro device for the Geolocation feed.
Using the Geolocation Feed task requires a valid subscription to the Location-Based Mitigation
(GeoIP) service.
Caution: The Location-Based Mitigation (GeoIP) service requires APSolute Vision communication
with services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple
Storage Service (Amazon S3). You may configure APSolute Vision communication with
services.radware.com through your own proxy server.
Caution: SSH must be enabled on the selected DefensePro devices for the Geolocation Feed task to
run. (You can enable SSH on DefensePro in the Configuration perspective, under Setup > Device
Security > Access Protocols> SSH Parameters > Enable SSH.)
Caution: The task updates the entries in the Geolocation module in each selected DefensePro
device sequentially, and if the task fails on one device, the task-run does not continue. For example,
suppose the task is configured with three selected DefensePro devices, A, B, and C. The task
succeeds on device A. The task fails on device B, and stops. The task does not try to update
device C.
Parameter Description
Name A name for the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Parameter Description
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Parameter Description
Run Always2 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely,
with no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date3 The date and time at which the task is activated.
Start Time3
End Date3 The date and time after which the task no longer runs.
End Time3
1 – This parameter is available only when the specified Run value is Daily or Weekly.
2 – This parameter is available only when the specified Run value is Daily or Weekly.
3 – This parameter is available only when the Run Always checkbox is cleared.
Parameter Description
Allow Device Updates During Attacks Specifies whether the task tries to update a device also
when the device is mitigating an attack.
Default: Disabled
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices whose Geolocation profiles this task updates.
The Selected Logical Group list displays the Logical Groups with the devices whose Geolocation
profiles this task updates.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Logical Groups of Devices, page 199.
Note: APSolute Vision server alerts are added to the Alerts Table, and added to the audit table and
forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on
the underlying operating system is down, alerts triggered by the operating system are sent to the
Alerts Table only.
This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the
network. In APSolute Vision, you can also configure the managed devices to log all configuration
changes on the device.
The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts Table,
and can be displayed in the Alerts Table pane depending on the alerts filter configuration. APSolute
Vision allows read-only access to the Auditing log. You can extract the data and store it remotely, as
you require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the
oldest entries after the maximum number of entries is reached and also ages entries that are older
than six months.
The following information is logged to the audit log:
• All user management events and user activities—for example, access attempts, successful
login, password change by user, password reset by admin, and so on.
• Actions performed on the device—for example, uploading or downloading a file to a device,
device reboot and shutdown, log file retrieval, and so on.
• APSolute Vision activities, including:
— APSolute Vision upgrade
— User management events (for example, creating or deleting a user, activating or
deactivating a user, and so on)
• Device changes through CLI or WBM (if device auditing is enabled).
• Alarms received from the device (if device auditing is enabled).
• Device configuration activities (if device auditing is enabled). The audit log records all
configuration changes applied to the managed devices.
• Device addition and deletion.
Note: To prevent overloading the managed device and prevent degraded performance, the feature
is disabled by default.
Managing Alerts
The Alerts Table pane stores and displays alerts.
The alerts are based on events that are received from:
• SNMP traps sent by the Radware devices that the APSolute Vision server is managing.
• Auditing messages from all APSolute Vision modules.
• APSolute Vision server events.
• Configuration auditing messages for managed devices, if enabled on the device.
All alert information is stored in the APSolute Vision database in a table separate from the audit
information. Alert information can be sent to a central audit repository via syslog, and to a
configured recipient via e-mail.
SNMP Traps
The Alerts Table handles all traps generated by APSolute Vision and the managed devices, including:
• Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.
• Radware traps common to all Radware devices.
• Device-specific Radware traps.
Auditing Messages
APSolute Vision forwards all logged audit events from all APSolute Vision modules and managed
devices to the Alerts Table pane, including:
• Successful and failed login attempts
• Backup and restore operations
• Configuration changes to APSolute Vision and the managed devices
• Monitoring and control changes
• Successful and failed task scheduling changes
• User management configuration changes
String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack
Information
An attack of type: <attack category>1 started. <quantity of attacks> attacks of type: <attack
category>1 started between <start time of first
attack> and <start time of last attack>.2
Detected by policy: <policy>; Detected by policy: <policy>;3
Attack name: <attack name>; Attack name: <attack name>;3
Source IP: <attacker IP address>; Source IP: <attacker IP address>;4
Destination IP: <attacked IP address>; Destination IP: <attacked IP address>;4
Destination port: <attacked port>; Destination port: <attacked port>;4
String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack
Information
Action: <action>5 . Action: <action>.4
1 – Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions,
Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM
2 – Times are in the format dd.MM.yy hh:mm.
3 – When there are differences in the field values for the attacks, the values are comma-
separated.
4 – When there are differences in the field values for the attacks, the value is multiple.
5 – Action values: forward, proxy, drop, source-reset, dest-reset, source-dest-reset, bypass,
challenge, quarantine, drop-and-quarantine
Alert Information
All alert information is stored in the APSolute Vision database.
Double-click on an alert in the Alerts Table pane to open the Alert Details dialog box, which displays
all the information with the expanded alert message.
The following table describes the fields of the APSolute Vision alerts.
The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered
the Alert key.
Table 217: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)
Alerts icon/button.
Click to open the Alerts
Table pane.
For more information about the information displayed, see Alert Information, page 332.
By default, alert information is displayed for one hour after the alert is raised. The information is
then cleared from the display, but remains in the Alerts database. You can change the default in the
Filtering dialog box. For more information, see Filtering Alerts, page 336.
Caution: The Alerts Table pane can display up to 10,000 entries. Refine your filter settings to get
better results.
For more information about Alerts Table pane navigation features, see APSolute Vision Interface
Navigation, page 54.
The information in the alert table is refreshed according to your configured preferences.
In the Alerts Table pane, you can:
• Show and hide columns.
• Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require
user acknowledgment to indicate that they have been seen by the user. The alert remains in the
Alerts pane display.
• Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering
Alerts, page 336.
• Clear individual alerts from the alert table display.
• Clear all the alerts in APSolute Vision database that match the current filter, whether or not the
alerts are visible in the Alerts pane.
• Turn off automatic refresh of alert information.
To clear all the alerts in APSolute Vision database that match the current filter, whether
or not the alerts are visible in the Alerts pane
To acknowledge alerts
> Do one of the following:
— To acknowledge one or more alerts, select the alert row in the table, and click the
— To acknowledge all alerts in the alert table, click the (Acknowledge All Alerts) button.
To unacknowledge alerts
> Select the alert rows in the table and select click the (Unacknowledge Selected Alerts)
button.
> To clear alerts, select the alert rows in the table and select the (Clear Selected Alerts)
button.
Notes
• Cleared alerts remain in the database, but cannot be viewed.
• Clearing an unacknowledged alert automatically acknowledges the alert.
> Click the (Resume) button. Radware recommends pausing automatic refresh while you are
analyzing alert information—to prevent alerts disappearing from the display.
Filtering Alerts
You can display a subset of the currently displayed alerts by filtering the alerts according to various
alert information criteria.
The criteria are organized according to categories, for example, alert severity, device module, and so
on. Criteria from the same category are combined with a logical OR. Criteria from different
categories are combined with a logical AND.
The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in
the last hour are displayed.
Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.
Note: Regardless of the filter defined, the configured number of most recent critical alerts are
always displayed at the top of the table on a colored background. This means that critical alerts that
match the filter criteria are displayed twice.
Note: To restore the default filtering criteria, click Restore Defaults, then click Submit.
For more information about the filtering criteria, see Alert Information, page 332.
Parameter Description
The Available lists and the Selected lists of devices and Logical Groups (of devices). The
Available lists display the available devices and available Logical Groups. The Selected device list
displays the devices whose alerts the Alerts Browser displays. The Selected Logical Group list
displays the Logical Groups with the devices whose alerts the Alerts Browser displays.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the devices whose alerts the Alerts Browser displays
dynamically updates, according to the devices in the Logical Group. That is, when the device-set
of a Logical Group changes, the set of devices whose alerts the Alerts Browser displays changes
accordingly. For more information, see Using Logical Groups of Devices, page 199.
Select All Devices Specifies whether matching alerts for all devices are displayed.
Default: Enabled
Raised Time The time period that includes the alerts’ raised-time that the Alerts
Browser displays. For example, if you define 1 hour, alerts raised in
the last hour are displayed. After the defined time, alerts are cleared
from the display (not from the Alerts database).
Values: 1 minute–24 hours
Default: 1 hour
Severity The severities that the Alerts Browser displays.
Module The modules that the Alerts Browser displays.
Device Type The device types that the Alerts Browser displays.
Acknowledgment Specifies whether the Alerts Browser displays acknowledged alerts,
unacknowledged alerts, or both.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 445.
This chapter contains the following main topics:
• Monitoring Alteon with the Dashboard, page 339
• Monitoring Alteon with the Application Delivery View, page 346
• Monitoring Alteon with the Service Status View, page 347
The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA,
vADC, or ADC-VX).
• To change the sorting from ascending to descending and descending to ascending, click in a
table heading.
• When the dashboard is visible, it displays runtime information.
• To pause or resume the display, click the icon in the upper right of any frame. When you pause
the display, the timestamp is displayed. The timestamp is according to the timezone of the
client.
• To pause or resume the display of all the displays in the current dashboard, click the Pause
button or Resume button the top of the dashboard.
In a some charts, hovering over a point opens a box with details of the specific point.
Component Description
CPU Utilization The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
Temperature and Fans This frame contains two sections: the temperature and status of
(The dashboard displays this the critical fans.
frame only for physical The chart view for temperature displays the following:
standalone platforms.) • A thermometer, per sensor, with a color indicator for
temperature status: green—for nominal, and red—for not
operating/not operating properly.
• A table with the sensor number and the temperature status
(for example: Normal).
The table view for temperature displays a table with the following
columns:
• Sensor ID.
• State—For example, Normal.
• Temperature—In Celsius and Fahrenheit.
The chart view for fans displays the following:
• A fan with a color indicator for the current temperature status:
green—for nominal, and red—for not operating/not operating
properly.
• A table with the number of fans and the current operational
status (for example: Up).
The table view for fans displays a table with the following columns:
• Fan ID—Only the critical fans.
• State—For example, Up.
System Usage The chart view contains bar graphs—Session Table, Hard Disk
(displayed only for physical standalone platforms), and Caching—
showing the current utilization value (percentage). The Y-axis
displays the current utilization percentage.
The table view displays a table with the following columns:
• Name—Hard Disk (displayed only for physical standalone
platforms), Capacity Units, and ADC Allocation.
• Utilization—The current utilization value (percentage).
• Current—The current utilization absolute value—for example,
in KB.
• Maximum—The maximum available absolute value—for
example, in KB.
Table 220: System View Dashboard for Alteon Standalone and VA (cont.)
Component Description
License Capacity Utilization The chart view contains bar graphs—one bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:
• Name—The name of the license type and the units (for
example, Mbps).
• Utilization—The current utilization value (percentage).
• License—The license capacity.
• Current—The current utilization absolute value.
• Peak—The peak utilization absolute value.
License Capacity The chart view for this frame contains two tabs:
• Throughput—A solid line for the Alteon, displaying the
throughput usage (Mbps) over time. A dotted line indicates the
maximum throughput that the license allows. The scale of the
Y-axis is logarithmic.
• SSL—A line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
Component Description
CPU Utilization The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
System Usage The chart view contains bar graphs—Session Table, Hard Disk
(relating to the physical ADC-VX), and Caching—showing the
current utilization value (percentage). The Y-axis displays the
current utilization percentage.
The table view displays a table with the following columns:
• Name—Hard Disk (relating to the physical ADC-VX), Capacity
Units, and ADC Allocation.
• Utilization—The current utilization value (percentage).
• Current—The current utilization absolute value—for example,
in KB.
• Maximum—The maximum available absolute value—for
example, in KB.
Component Description
License Capacity Utilization The chart view contains bar graphs—one bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
The table view displays a table with the following columns:
• Name—The name of the license type and the units (for
example, Mbps).
• Utilization—The current utilization value (percentage).
• License—The license capacity.
• Current—The current utilization absolute value.
• Peak—The peak utilization absolute value.
License Capacity The chart view for this frame contains two tabs:
• Throughput—A solid colored line for the Alteon, displaying the
throughput usage (Mbps) over time. A solid gray line for the
Alteon, displaying the latest peak throughput usage (Mbps)
over time. A dotted line indicates the maximum throughput
that the license allows. The scale of the Y-axis is logarithmic.
• SSL—A line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
Component Description
CPU Utilization The chart view displays a line graph showing the MP CPU utilization
(%) on the platform over time. The X-axis displays the time
(hh:mm:ss). The Y-axis displays the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform.
Table 222: System View Dashboard for Dashboard for ADC-VX (cont.)
Component Description
Temperature and Fans This frame contains two sections: the temperature and status of
the critical fans.
The chart view for temperature displays the following:
• A thermometer, per sensor, with a color indicator for
temperature status: green—for nominal, and red—for not
operating/not operating properly.
• A table with the sensor number and the temperature status
(for example: Normal).
The table view for temperature displays a table with the following
columns:
• Sensor ID.
• State—For example, Normal.
• Temperature—In Celsius and Fahrenheit.
The chart view for fans displays the following:
• A fan with a color indicator for the current temperature status:
green—for nominal, and red—for not operating/not operating
properly.
• A table with the number of fans and the current operational
status (for example: Up).
The table view for fans displays a table with the following columns:
• Fan ID—Only the critical fans.
• State—For example, Up.
System Usage The chart view contains three bar graphs—Hard Disk, Capacity
Units, and ADC Allocation—showing the current utilization value
(percentage). The Y-axis displays the current utilization
percentage.
The table view displays a table with the following columns:
• Name—Hard Disk, Capacity Units, and ADC Allocation.
• Utilization—The current utilization value (percentage).
• Current—The current utilization absolute value (for Hard disk,
in gigabytes, for Capacity Units and ADC Allocation, the
number).
• Maximum—The maximum available absolute value (for Hard
disk, in gigabytes, for Capacity Units and ADC Allocation, the
number).
Component Description
vADC Summary and Selection This frame contains two sections: vADC Utilization Summary and
vADC Selection.
There is no table view for this frame.
vADC Utilization Summary shows a status indicator (High, Medium,
Low) for SP CPU Utilization and Throughput Utilization.
Use the vADC Selection table to select the vADC to monitor in the
dashboard (up to five). The table contains the following columns:
ID, Name, and CU (which displays the number of allocated CUs).
CPU Utilization The chart view displays two bar graphs for each selected vADC.
One bar shows the current MP CPU utilization (%). One bar shows
the current SP CPU utilization (%). The Y-axis displays the
utilization percentage. If more than one vADC is operating at the
same utilization, only the top line is displayed.
The table view displays a table with the following columns:
• vADC—The vADC ID.
• Name—The vADC name, if configured.
• MP utilization (%).
• SP CPU (%).
License Capacity Utilization The chart view for this frame contains two tabs:
• Throughput—A line for each selected vADC displaying the
throughput utilization percentage over time. If more than one
vADC is operating at the same utilization, only the top line is
displayed.
• SSL—A line for each selected vADC displaying the SSL
utilization percentage over time. If more than one vADC is
operating at the same utilization, only the top line is displayed.
The table view displays a table with the following columns:
• vADC—The vADC ID.
• Name—The vADC name, if configured.
• Throughput (%).
• SSL (%).
Table 224: Application Delivery View Dashboard for Alteon Standalone and vADC
Component Description
Virtual Service Selection The table view displays a table with the following columns:
• Status—The operational status of the virtual service.
• Virtual Server—The identifier of the virtual server for the
virtual service.
• Application—Values: http, ftp, dns
• Port—The virtual service port.
• Protocol—The virtual service protocol. Values: tcp, udp
Virtual Service Performance The chart view displays the following for each entry selected in the
Virtual Service Selection frame:
• Throughput (Mbps)
• Connections per Second
• Concurrent Connections
The chart contains tool tips displaying a timestamp, a colored
virtual service identifier, and virtual service performance statistics.
The table view displays a table with the following columns:
• Virtual Server
• Port
• Throughput (Mbps)
• Connections per Second
• Concurrent Connections
Note: You must globally enable virtual service statistics reporting to display information in the
Application Delivery View.
Note: For information on the statuses, see Status Criteria, page 349 below.
Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status
frame.
By default, all the parent nodes in the tree—the Virtual Service nodes—are collapsed.
Each Virtual Service node is in the following format:
Virtual Service ID: <ID>, (<Port> <TCP|UDP>), Action: < Action>
where:
• <ID> is the specified ID of the virtual service.
• <Port> is the specified port number of the virtual service.
• <TCP|UDP> is the relevant protocol of the virtual service.
• < Action> is either the specified Action when the Application is HTTP or HTTPS (Group,
Redirect, or Discard) or Group for all other Application values.
Example
Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group
Expanding a Virtual Service node displays the following:
• AppShape++ Script(s) Associated —The Service Status View displays this node only if the
virtual service is configured with one or more AppShape++ scripts.
• Content Rules —This node is displayed only if the virtual service is configured with one or
more content rules. The Service Status View displays content rules numerically, each in the
following format:
<Rule ID>, Action: <Action>, Group: <Group name>
• Group ID: <ID> —The ID of the server group, and includes the following node(s) sorted
alphanumerically, each in the following format:
<Real server ID>: <IP address>
Note: Backup real servers and backup groups appear in the tree only when they are active.
Parameter Description
Status Values:
• All—Show the specified object types with all statuses.
• Up—Show only the specified object types with the Up status.
• Warning—Show only the specified object types with the Warning status.
• Down—Show only the specified object types with the Down status.
• Warning + Down—Show the specified object types with the Down status and
the Warning status.
• Admin Down—Show only the specified object types with the Down status.
• Shutdown—Show only the specified object types with the Shutdown status.
Available in Alteon version 30.2.3 and later.
Default: All
Note: For more status information, see Status Criteria, page 349.
Type Values:
• All—Show all object types.
• Virtual Service—Show only the virtual services that match the other criteria.
• Server Group—Show only the server groups that match the other criteria.
• Real Server—Show only the real servers that match the other criteria.
• Content Rule—Show only the content rules that match the other criteria.
Default: All
Free Text Free text that filters the results according to ID or other identifier.
For example:
• You can filter for a real server by entering its IP address.
• You can filter for a group by entering the suffix of its ID.
Status Criteria
Note: When the action is Group, the service-action status is the Group status. When the
Action is Redirect or Discard, the service-action status is always Up.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 445.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:
• Monitoring General Information, page 351
• CPU Utilization and Memory Statistics, page 353
• Monitoring Capacity, page 355
• Unlocking Users, page 359
• Maintenance, page 360
• Azure, page 365
• AWS, page 365
Parameter Description
Switch Name The name of the switch.
System Time The system time.
System Date The system date.
Last Apply The time and date of the last Apply action.
Last Save The time and date of the last Save action.
Last Boot The time and date of the last boot.
Switch Uptime The amount of time the switch has been up.
Parameter Description
This group box is displayed only in standalone mode and ADC-VX mode.
Parameter Description
Free The memory resources (in Kilobytes) currently free in the system.
Total The total memory resources (in Kilobytes) in the system.
Parameter Description
This group box is displayed only in standalone mode and ADC-VX mode.
IPv4 Management The IPv4 address of the management port.
IPv4 Gateway The IPv4 address of the default gateway.
IPv6 Management The IPv6 address of the management port.
IPv6 Gateway The IPv6 address of the default gateway.
SLAAC Address All SLAAC addresses acquired through Router Advertisements.
Parameter Description
MAC Address The MAC address.
Serial Number The serial number.
(Alteon VX and standalone
only)
Mainboard Hardware No The mainboard hardware number.
(Alteon VX and standalone
only)
Mainboard Hardware Rev The mainboard hardware revision.
Ethernet Board Hardware The Ethernet board hardware number.
No
Ethernet Board Hardware The Ethernet board hardware revision.
Rev
Temperature Sensors The number of temperature sensors.
(Alteon VX and standalone
only)
Hard Disk The capacity, in GBs, of the hard disk.
Used Disk Space The used space, in GBs, of the hard disk.
Total RAM The capacity, in GBs, of RAM.
Power Supply The number of power supplies.
(Alteon VX and standalone
only)
Fan Status The fan status.
(Alteon VX and standalone
only)
Parameter Description
SSL Chip Displays the following parameters regarding the SSL chips:
• SSL Chip Status—Values: Active Initialized, and so on.
• Type—For example:
Cavium HSM; Model NITROX XL CN16XX-NFBE;
• Amount—The quantity of HSM card on the platform, which is
typically 1.
HSM State The state of the HSM card.
Values: trusted, and so on.
Note: Initialization of the HSM card is done using the Alteon CLI.
For more information, see the Alteon Web Based Management
Application Guide and Alteon Command Line Interface Reference
Guide.
Current Available Capacity The current available (unused) capacity units configured on the
Units platform.
(Alteon VX only)
Max capacity units The maximum capacity units configured on the platform.
(Alteon VX only)
Current throughput The current throughput.
(Alteon VX only)
Max throughput The maximum throughput configured on the platform.
(Alteon VX only)
Parameter Description
Admin Context CPU Utilization
This group box is displayed only in ADC-VX mode.
Last Second The CPU utilization of the admin context in the last second.
Last 4 Seconds The CPU utilization of the admin context in the last four seconds.
Last 64 Seconds The CPU utilization of the admin context in the last 64 seconds.
CPU Utilization
Last Second The CPU utilization of the management processor in the last second.
Last 4 Seconds The CPU utilization of the management processor in the last four
seconds.
Last 64 Seconds The CPU utilization of the management processor in the last 64
seconds.
Parameter Description
Memory
This group box is displayed only in standalone mode and ADC-VX mode and standalone mode.
Free The memory resources currently free on the management processor.
Total The total memory resources of the management processor.
Table 231: CPU Utilization: Switch Processor Parameters (not available in Alteon VX)
Parameter Description
SP Number The switch-processor number.
Last Second The CPU utilization of the switch processor in the last second.
Last 4 Seconds The CPU utilization of the switch processor in the last four seconds.
Last 64 Seconds The CPU utilization of the switch processor in the last 64 seconds.
Dynamic Memory Statistics
This group box is not displayed in ADC-VX mode.
SP Number The switch-processor number.
Total Memory The total memory resources of the switch processor.
Current Memory The memory resources, in KB, currently used on the switch processor.
Hi water mark The peak memory resources, in KB, used on the switch processor.
Allowed Max The allowed maximum memory usage, in KB.
Parameter Description
This tab is available only in Alteon versions 30.5.2.0 and later.
This tab is not displayed in ADC-VX mode.
Total RAM The total RAM memory resources of the switch processor in MB.
Initial Configured Memory The initial configured memory of the switch processor in MB.
Safety Margin 1st The percentage of memory allocated to the first watermark.
Watermark
Safety Margin 2nd The percentage of memory allocated to the second watermark.
Watermark
SP Number The switch-processor number.
Initial Size: 1st The amount of memory given until pressure starts (in MB):
Watermark Initial configured memory / Number of SPs x 75%.
Initial Size: 2nd The amount of memory given to the growing phase (in MB):
Watermark Initial configured memory / Number of SPs x 90%.
Current Process Size: The size of the current process (in MB).
Current Process Size
Current Process Size: The size of the current process cache (in MB).
Cache
Current Process Size: The size of the current process dynamic certificates (in MB).
Dynamic Certificates
Parameter Description
Current Process Size: The size of the current process extra process (in MB).
Extra Process
Current Process Size: QAT The size of the current process QAT slabs (in MB).
Slabs
Memory Pressure The memory pressure.
Values: On, Off
Memory Pressure Active The memory pressure active time (in seconds).
Time
Memory used from 1st The percentage of memory used from the first watermark.
Watermark
Monitoring Capacity
This feature is available only in Alteon standalone, VA, and ADC-VX.
Monitoring capacity comprises the following:
• Monitoring System Capacity, page 355
• Monitoring Network Capacity, page 356
• Monitoring Application Delivery Capacity, page 358
Table 233: System Capacity Parameters in Alteon Standalone, VA, and vADC
Parameter Description
Cache Usage (MB) Comprises the following values:
• Maximum—The maximum cache usage, in MB, that the device can
support.
• Current—The current cache usage, in MB.
Hard Disk (GB) Comprises the following values:
• Maximum—The hard-disk size, in GB, that the device can support.
• Current—The current hard-disk usage, in GB.
• In Use—The amount of hard-disk space in use, in GB.
RAM (GB) Comprises the following value:
• Maximum—The maximum RAM, in GB, that the device can
support.
Parameter Description
vADCs Comprises the following values:
• Maximum—The maximum number of vADCs that the device can
support.
• Current—The current number of vADCs configured on the device
and, in parentheses, the number of enabled vADCs on the device.
Hard Disk (GB) Comprises the following values:
• Maximum—The maximum hard-disk size, in GB, that the device
supports.
• Current—The current hard-disk size, in GB.
• In Use—The amount of hard-disk space in use, in GB.
Capacity Units Comprises the following values:
• Maximum—The maximum number of capacity units that the device
can support.
• Current—The current number of capacity units configured on the
device.
Parameter Description
FDB Comprises the following two values:
• Maximum—The maximum Forwarding Database usage that the
device can support.
• Current—The current Forwarding Database usage.
VLANs Comprises the following two values:
• Maximum—The maximum number of VLANs that the device can
support.
• Current—The current number of VLANs configured on the device
and, in parentheses, the number of enabled VLANs on the device.
ARP Entries Comprises the following two values:
• Maximum—The maximum ARP entries that the device can support.
• Current—The current number of ARP entries configured on the
device and, in parentheses, the number of enabled ARP entries on
the device.
Parameter Description
IP Interfaces Comprises the following two values:
• Maximum—The maximum number of IP interfaces that the device
can support.
• Current—The current number of IP interfaces configured on the
device and, in parentheses, the number of enabled IP interfaces on
the device.
IP Routes Comprises the following two values:
• Maximum—The maximum number of IP routes that the device can
support.
• Current—The current number of IP routes configured on the
device.
VRRP Routers Comprises the following two values:
• Maximum—The maximum number of VRRP routers that the device
can support.
• Current—The current number of VRRP routers configured on the
device and, in parentheses, the number of enabled VRRP routers
on the device.
Parameter Description
FDB Comprises the following two values:
• Maximum—The maximum Forwarding Database usage that the
device can support.
• Current—The current Forwarding Database usage.
ARP Entries Comprises the following two values:
• Maximum—The maximum ARP entries that the device can support.
• Current—The current number of ARP entries configured on the
device and, in parentheses, the number of enabled ARP entries on
the device.
IP Interfaces Comprises the following two values:
• Maximum—The maximum number of IP interfaces that the device
can support.
• Current—The current number of IP interfaces configured on the
device and, in parentheses, the number of enabled IP interfaces on
the device.
IP Routes Comprises the following two values:
• Maximum—The maximum number of IP routes that the device can
support.
• Current—The current number of IP routes configured on the device.
VRRP Routers Comprises the following two values:
• Maximum—The maximum number of VRRP routers that the device
can support.
• Current—The current number of VRRP routers configured on the
device and, in parentheses, the number of enabled VRRP routers on
the device.
Parameter Description
VLANs Comprises the following two values:
• Maximum—The maximum number of VLANs that the device can
support.
• Current—The current number of VLANs configured on the device
and, in parentheses, the number of enabled VLANs on the device.
Parameter Description
Real Servers Comprises the following two values:
• Maximum—The maximum number of real servers that the
device can support.
• Current—The current number of real servers configured on
the device and, in parentheses, the number of enabled real
servers on the device.
Server Groups Comprises the following two values:
• Maximum—The maximum number of server groups that
the device can support.
• Current—The current number of server groups configured
on the device.
Virtual Servers Comprises the following two values:
• Maximum—The maximum number of virtual servers that
the device can support.
• Current—The current number of virtual servers configured
on the device and, in parentheses, the number of enabled
virtual servers on the device.
Virtual Services The maximum number of virtual services that the device can
support.
Real Services The maximum number of real services that the device can
support.
Filters Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of filters that the device
in version 30.0 and later.) can support.
• Current—The current number of filters currently used and,
in parentheses, the number of enabled filters on the device.
Parameter Description
Session Table Entries Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of Session table entries
in version 30.0 and later.) that the device can support.
• Current—The current number of Session table entries
currently used and, in parentheses, the number of enabled
Session table entries on the device.
Dynamic Data Store Comprises the following two values:
• Maximum—The maximum number of 512-byte blocks that
the device can support in the dynamic data store.
• Current—The current number of 512-byte blocks currently
used in the dynamic data store. Note that each persistence
and user-defined entry can occupy one or more 512 byte
blocks.
Keys Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of keys that the device
in version 30.0 and later.) can support.
• Current—The current number of keys configured on the
device.
Certificate Signing Requests Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of certificate signing
in version 30.0 and later.) requests that the device can support.
• Current—The current number of certificate signing requests
configured on the device.
Server Certificates Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of server certificates
in version 30.0 and later.) that the device can support.
• Current—The current number of server certificates
configured on the device.
Unlocking Users
The administrator can monitor all currently locked-out users, viewing the remaining lockout time,
and can unlock any locked-out user.
For more details regarding the user lockout feature, see the relevant Alteon section in the APSolute
Vision online help.
To unlock users
1. In the Monitoring perspective, select System > Locked Users.
The table lists all currently locked-out users, detailing the User ID, User Name and User Role.
The table shows the date and time the user was locked out and the amount of remaining lockout
time (in minutes).
2. Select the row detailing the specific locked-out user and click Unlock.
3. Click OK to confirm.
Maintenance
Use the Maintenance tab to manage technical support data, packet capture, and trace logging of
application services.
Note: The Technical Support File (tsdump) is a text file containing Alteon statistics, information
and configuration output. The Tech Data Log File is a zipped archive that includes, in addition to
the tsdump file, other log files (for example, core dump files) to help R&D with debugging.
All passwords in the technical support files are encrypted.
Note: Generating the technical support data file may take up to a few minutes. Only after you
receive the note stating that the file generation has ended, can you operate the export option.
Parameter Description
Include Private Keys Specifies whether to include private keys in the technical support file.
Passphrase The passphrase, which must be at least four characters long.
(Available when Include
Private Keys is selected.)
Confirm Passphrase The passphrase, which must be at least four characters long.
(Available when Include
Private Keys is selected.)
Include DNSSEC Specifies whether to include DNSSEC information in the technical
information support file.
(This parameter is
available only in version
31.0 and later.)
Include Persistency Specifies whether to include persistency entries in the technical
Entries support file.
(This parameter is
available only in version
31.0 and later.)
Parameter Description
Include UDP Listen Ports Specifies whether to include UDP listening ports in the technical
(This parameter is support file.
available only in version
31.0 and later.)
Note: The core files compress and export operation will take few minutes. During this time, the
WEB GUI will be blocked. The files will be available when the operation ends.
Packet Capture
Notes
• Live capture is not enabled when you are connected using a serial connection.
• For Alteon standalone and ADC-VX platforms: The capture file size is limited to 500 MB. For
Alteon VA platforms, the capture file size is limited to 50 MB.
• The output displays GMT time and not the local time.
• If you transform the back-end flow to port 80, you will see clear text in the capture file.
Note: Alteon VA translates the MAC address for virtual servers and interfaces assigned by VMware
to its own internal MAC address for internal processing. It switches the Alteon VA MAC address back
to the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the
internal Alteon VA MAC address is displayed in some of the tables and dumps displayed on the
console.
Note: Service interruptions may occur when using packet capture in certain situations; for
example, with high traffic volume and only one CU allocated for the vADC. Radware recommends
that you use packet capture sparingly (for troubleshooting purposes), during a maintenance
window, or only in periods of low traffic volume.
Parameter Description
Packet Count The maximum number of captured packets.
Range: 0-1000000000
Packet Length The length of packets to capture, in bytes. Range: 0-9100
Port Range The port range.
The valid range depends on the Alteon platform. Refer to the Alteon
Installation and Maintenance Guide for details of the port range for each
supported platform.
VLAN The VLAN range.
Range: 1-4090
Packet Filter String The packet capture filter string field is used to set the capture filter
parameters. It accepts the same filter criteria (syntax) as the tcpdump
format.
The following parameters can be set with an “and” or an “or” operator
between them, or using parentheses:
• dst host <host>—Filters the output on the specified destination host IP.
• src host <host>—Filters the output on the specified source host IP
address.
• dst port <port>—Filters the output on the specified destination port.
• src port <port>—Filters the output on the specified source port.
• port—Filters the output on the specified port.
• tcp—Filters the output for TCP traffic only.
• udp—Filters the output for UDP traffic only
• icmp—Filters the output for ICMP traffic only.
• ip multicast—Filters the output for multicast traffic only.
• ip broadcast—Filters the output for broadcast traffic only.
Example: (dst host 6.6.6.6 or src host 6.6.3.3) and port 80
Maximum characters: 1024
Parameter Description
Collect (Pre)-Master Includes a pre-master secret log file together with the capture file.
Secret Log Import the pre-master secret file to Wireshark in order to decrypt the SSL
session.
Note: Decryption of the SSL application data may expose sensitive
information. Make sure to keep the security of this data.
Session Logs
This feature is available only in Alteon versions 32.2.1 and 31.0.9 and up.
Depending on the configuration, session logs can be sent either to syslog servers or saved to disk to
export later. Both can be chosen too, this option however affects performance.
Session logs are sent to the syslog servers via the management port or saved to disk when the
sessions are deleted or aged out.
Parameter Description
AppShape++ Specifies whether to enable logging of AppShape++ activities.
Default: Disabled
Caching Specifies whether to enable logging of caching activities.
Default: Disabled
Compression Specifies whether to enable logging of compression activities.
Default: Disabled
Content Class Specifies whether to enable logging of Content Class activities.
Default: Disabled
HTTP Specifies whether to enable logging of HTTP activities.
Default: Disabled
HTTP Modification Specifies whether to enable logging of HTTP Modification activities.
Default: Disabled
SSL Specifies whether to enable logging of SSL activities.
Default: Disabled
TCP Specifies whether to enable logging of TCP activities.
Default: Disabled
Data Table Specifies whether to enable logging of data table activities.
Default: Disabled
Memory Specifies whether to enable logging of memory activities.
Default: Disabled
FastView Specifies whether to enable logging of FastView activities.
Default: Disabled
FastView SMF Specifies whether to enable logging of FastView SMF activities.
Default: Disabled
Fetcher Specifies whether to enable logging of Fetcher activities.
Default: Disabled
FastView Logs
This procedure describes how access the FastView log files.
Parameter Description
FastView Specifies whether to enable logging of FastView activities.
FastView SMF Specifies whether to enable logging of FastView SMF activities.
Azure
Displays the Azure VM public IP information.
If GSLB is configured, the NIC resource name and public IP address are presented. If HA is
configured the public IP address, the NIC resource name, the peer public IP address, and the peer
NIC resource name are presented.
Parameter Description
Public IP Address The public IP address.
NIC Resource Name The NIC resource name.
Peer Public IP Address The peer public IP address.
Peer NIC Resource Name The peer NIC resource address.
AWS
Displays the AWS public IP information.
Parameter Description
ID The AWS ID of your Alteon platform.
IP Address The local IP address of your Alteon platform.
Elastic IP Address The elastic (floating) IP address that enables moving from the IP
address of your Alteon to the IP address of the peer to provide for high
availability functionality.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 445.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
This chapter contains the following main topics:
• Monitoring and Controlling Physical Ports, page 367
• Monitoring Layer 2, page 368
• Monitoring Layer 3, page 370
• Monitoring High Availability, page 378
Parameter Description
Port ID The port identifier.
Status Specifies whether the port is enabled or disabled.
Values: Enable, Disable
Operational Status Specifies whether the port is online or offline.
Values: Online, Offline
Octets
In The number of inbound octets.
Out The number of outbound octets.
Unicast Packets
In The number of inbound unicast packets.
Out The number of outbound unicast packets.
Broadcast Packets
In The number of inbound broadcast packets.
Out The number of outbound broadcast packets.
Parameter Description
Multicast Packets
In The number of inbound multicast packets.
Out The number of outbound multicast packets.
Discards
In The number of inbound discarded packets.
Out The number of outbound discarded packets.
Errors
In The number of inbound errored packets.
Out The number of outbound errored packets.
Monitoring Layer 2
This feature is available only in version 30.0 and later.
Monitoring Layer 2 comprises the following topics:
• Monitoring FDB, page 368
• Monitoring STG, page 370
Monitoring FDB
This feature is available only in Alteon standalone, VA, and vADC.
The forwarding database (FDB) contains information that maps the media access control (MAC)
address to the port from which the Alteon address was learned.
Note: The forwarding database supports up to 16K MAC address entries on the MP per Alteon. Each
SP supports up to 8K entries.
Parameter Description
MAC Address The MAC address in the FDB.
VLAN The VLAN.
Values: 1–4090
Port The port number. 0 specifies unknown.
Trunk The trunk-group number. The FDB entries on a single trunk.
Values: 1–4090
Age The MAC age.
Referenced Ports The referenced ports.
State Values:
• FFD
• Flood
• Forward—The address has been learned by Alteon.
• Ignore
• Other
• Trunk—The Port field represents the trunk group number.
• Unknown—The MAC address has not yet been learned by Alteon,
but has only been seen as a destination address. When an address
is in the Unknown state, no outbound port is indicated, although
ports which reference the address as a destination are listed under
reference ports.
• Vir—The MAC address is for a standard VRRP virtual router.
• VPR
• Virtual server router (VSR)—The MAC address is for a virtual
server router, a virtual router with the same IP address as a virtual
server.
Referenced SPs The SP number.
Learned Port The learned port number.
Monitoring STG
This feature is available only in Alteon standalone, VA, and ADC-VX.
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.
Parameter Description
Spanning Tree Group The Spanning Tree Group number.
Number Of Topology changes The number of topology changes.
Time Since Last Changes The time since the last changes.
Statistic Description
Port The port number.
Status The status of the port.
BPDUs Received
Configuration The number of configuration BPDUs (bridge protocol data units) received.
TCN The number of TCN (Topology Change Notification) messages received.
RSTP/MSTP The number of MST or RST BPDUs received.
BPDUs Transmitted
Configuration The number of configuration BPDUs (bridge protocol data units) transmitted.
TCN The number of TCN (Topology Change Notification) messages transmitted.
RSTP/MSTP The number of MST or RST BPDUs transmitted.
Monitoring Layer 3
This feature is available only in Alteon standalone, VA, and vADC.
Monitoring Layer 3 comprises the following topics:
• Monitoring Gateways, page 371
• Monitoring Routes, page 371
• Monitoring Learned MACs (or IP FDB), page 373
• Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 376
• Monitoring Interfaces, page 377
Monitoring Gateways
This feature is available only in version 30.0 and later.
Alteon can be configured with up to 255 gateways. Gateways 1 to 4 are reserved for default gateway
load balancing. Gateways 5 to 259 are used for load-balancing of VLAN-based gateways.
Alteon needs an IP interface for each default gateway to which it is connected. Each interface needs
to be placed in the appropriate VLAN. These interfaces are used as the primary and secondary
default gateways for Alteon.
To monitor gateways
> In the Monitoring perspective, select Network > Layer 3 > Gateways.
Parameter Description
Status The status of the gateway.
Gateway ID The gateway number to which the information is related.
Values: 1–259
IP Address The IP address of the default gateway.
VLAN The VLAN identifier of the gateway.
Monitoring Routes
This feature is available only in version 30.0 and later.
Alteon uses a combination of configurable IP interfaces and IP routing options. Alteon IP routing
capabilities provide the following benefits:
• Connects the server IP subnets to the rest of the backbone network.
• Performs Server Load Balancing (using both Layer 3 and Layer 4 in combination) to server
subnets that are separate from backbone subnets.
• Introduces Jumbo frame technology into the server-switched network by fragmenting UDP
Jumbo frames when routing to non-Jumbo frame VLANs or subnets.
• Routing IP traffic between multiple Virtual Local Area Networks (VLANs) configured on Alteon.
To monitor routes
> In the Monitoring perspective, select Network > Layer 3 > Routes.
Parameter Description
Entry The entry number of the route in the routing table.
Destination The destination IP address of this route.
Mask The subnet mask of this route.
Gateway The IP address of the destination gateway for this route.
Parameter Description
Type The route type.
Values:
• Indirect—The next hop to the host or subnet destination are forwarded
through a router at the gateway address.
• Direct—Packets are delivered to a destination host or subnet attached to
Alteon.
• Local—Indicates a route to one of the Alteon IP interfaces.
• Broadcast—Indicates a broadcast route.
• Martian—The destination belongs to a host or subnet that is filtered out.
Packets to this destination are discarded.
• Multicast—Indicates a multicast route.
Tag The tag that indicates the origin of the route.
Values:
• Fixed—The address belongs to a host or subnet attached to Alteon.
• Static—The address is a static route which has been configured on Alteon.
• Addr—The address belongs to one of the Alteon IP interfaces.
• RIP—The address was learned by the Routing Information Protocol (RIP).
• OSPF—The address was learned by Open Shortest Path First (OSPF).
• BGP—The address was learned via the Border Gateway Protocol (BGP)
• Broadcast—Indicates a broadcast address.
• Martian—The address belongs to a filtered group.
• Multicast—Indicates a multicast address.
• VIP—Indicates a route destination that is a virtual server IP address. VIP
routes are needed to advertise virtual server IP addresses via BGP.
Metric The metric for RIP tagged routes, specifying the number of hops to the
destination (1 through 15 hops, or 16 for infinite hops).
Interface The IP interface that the route uses.
The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is
shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.
Parameter Description
Entry The entry number of the route in the routing table.
Destination The destination IP address of this route.
VLAN The VLAN of the route.
Next Hop The next hop of the route.
Protocol The route protocol.
Values: BGP, BGPA, IGMP, IS-IS, Local, NATPT, OSPF, OSPFA, OSPFE, OSPFE2,
OSPFI, RIP, RIPA, Static, STLOW, Unknown
ARP
This procedure describes how to display the ARP monitoring parameters.
Static ARP entries reside permanently in the ARP cache and do not age out like the ARP entries that
are learned dynamically. Static ARP entries enable Alteon to reach hosts without sending an ARP
broadcast request to the network. Static ARPs are also useful in communicating with devices that do
not respond to ARP requests. Static ARPs can also be configured on some gateways as protection
against malicious ARP cache corruption and possible DoS attacks.
Note: Alteon allows the static ARP configuration to be retained over reboots.
Parameter Description
IP Address The IP address for the ARP entry.
Flags The flag associated with the entry.
Examples:
• clear
• permanent—Not obtained via an ARP request (for example, IP interface and
VIP)
• R—Indirect ARP (cache) entry for IP address reachable via indirect routes
(static/dynamic)
• layer4—Layer 4 IP address (VIP)
• u—Unresolved ARP entry. The MAC address has not been learned.
MAC Address The MAC address for the ARP entry.
VLAN The VLAN for the ARP entry.
Values: 1–4090
Port The physical port where the IP address owner for this ARP entry is connected.
Referenced SPs The number of SPs on which this ARP entry is present.
Neighbor Cache
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors’ link layer addresses and
reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor.
Neighbor Cache entries are added in the following situations:
• Entries are added when an IPv6 interface or virtual IP is operational.
• Reception of ND messages from neighbor.
• A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
Parameter Description
IPv6 Address The IPv6 address for the Neighbor Cache entry.
MAC Address The MAC address for the Neighbor Cache entry.
VLAN The VLAN for the Neighbor Cache entry.
Values: 1–4090
Port The physical port for the Neighbor Cache entry.
Parameter Description
State The the reachability state of the Neighbor Cache entry.
Values:
• Delay—The neighbor is no longer known to be reachable, and traffic has
recently been sent to the neighbor.
• INCPM—Incomplete. The link-layer address of the neighbor has not yet been
determined.
• INVAL—Invalid. The link-layer address of the neighbor is invalid.
• Probe—The neighbor is no longer known to be reachable, and ND messages
are sent to the neighbor to verify reachability.
• REACH—Reachable. The neighbor is known to have been reachable recently.
• Stale—The neighbor is no longer known to be reachable, but until traffic is
sent to the neighbor, no attempt should be made to verify its reachability.
• UNDEF—Undefined. The link-layer address of the neighbor is undefined.
• UNKNOWN—Unknown. The link-layer address of the neighbor is unknown.
Type The type of the Neighbor Cache entry.
Values:
• Dynamic—The entry is a neighbor address learned from ND.
• Invalid—The entry is an invalid address.
• Local—The entry is a local predefined address on Alteon.
• Other—The entry is another type of address (not listed here).
• Static—The entry is a static address.
• Undef—The entry is an undefined address.
Parameter Description
Total dynamic Neighbor Cache entries The total number of dynamic Neighbor Cache entries.
Total local Neighbor Cache entries The total number of local Neighbor Cache entries.
Total Static Neighbor Cache entries The total number of static Neighbor Cache entries.
Other Neighbor Cache entries The number of other Neighbor Cache entries.
Parameter Description
Status The VRRP status.
Values:
• Init—If there is no port in the virtual router’s VLAN with an active
link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
• Master—The virtual router is the master.
• Backup—The virtual router is a backup.
• Holdoff—VRRP operation is globally suspended for the specified
interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.
Router ID The router identifier.
VR ID The virtual router identifier.
IP Version The type of IP address—version 4 or version 6.
IP Address The IP address of the virtual router.
Interface The IP interface of the device. If the IP interface has the same IP
address as the IP address, this device is considered the owner of the
defined virtual router.
Priority The election priority bias for this virtual server.
During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual router’s IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1–254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.
Parameter Description
Ownership The owner of the VRRP IP address.
Values:
• Owner—If the IP interface has the same IP address as the virtual
address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.
• Renter—The virtual router that is not owned by the device.
Monitoring Interfaces
Alteon needs an IP interface for each subnet to which it is connected so it can communicate with the
real servers and other devices attached to it that receive switching services. Alteon can be
configured with up to 256 IP interfaces. Each IP interface represents Alteon on an IP subnet on your
network. The interface option is disabled by default.
This feature is available only in version 30.0 and later.
To monitor interfaces
> In the Monitoring perspective, select Network > Layer 3 > Interfaces.
Parameter Description
State The state of the interface.
Interface ID The identifier of the interface.
IP Address The IP address of the interface.
Mask The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields
displays 0.0.0.0.
Prefix The prefix of the interface if the interface is IPv6. If the interface is IPv4, the
fields displays 0.
VLAN The VLAN identifier of the interface.
BFD The status of the Bidirectional Forwarding Detection (BFD) peer on this interface.
Values: Disabled, Enabled
Monitoring Tunnels
Statistics for all the configured tunnels are shown.
Note: You can filter any of the parameters to view specific values by entering the value in the field
or selecting from the drop down list, as applicable.
This feature is available only in version 32.2 and later.
To monitor interfaces
> In the Monitoring perspective, select Network > Layer 3 > Tunnels.
Parameter Description
Status The tunnel status.
Values: Enabled or Disabled.
Tunnel ID The tunnel ID (alphanumeric).
Description The tunnels descriptive name.
Protocol The tunnels protocol.
Values: GRE or IPIP
Current The number of current sessions.
Sessions
Total Sessions The number of total sessions.
Highest The highest sessions.
Sessions
Total Bytes The number of total bytes.
Note: You can configure the values for the High Availability feature in the Configuration perspective,
under Network > High Availability.
For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do
the following:
• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon
version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode.
Typically, you do this when you need to perform maintenance on the active Alteon and not affect
the service.
• When the High Availability Mode on the device is Service HA:
— Monitor high-availability information.
— Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
• When the High Availability Mode on the device is Legacy VRRP:
— Monitor high-availability information.
— Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
Parameter Description
Status The Service HA status.
HA Group ID The HA Group identifier.
Parameter Description
Peer Switch ID The identifier of the peer.
Peer Switch Address The IP address of the advertisement IP interface associated with the
peer.
Last Sync The type (manual or automatic), status, timestamp, and failure reason
of the last configuration synchronization attempt.
Parameter Description
Last Successful Sync The type (manual or automatic) and timestamp of the last successful
configuration synchronization.
Parameter Description
Status The VRRP status.
Values:
• Init—If there is no port in the virtual router’s VLAN with an active
link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
• Master—The virtual router is the master.
• Backup—The virtual router is a backup.
• Holdoff—VRRP operation is globally suspended for the specified
interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.
Router ID The router identifier.
VR ID The virtual router identifier.
IP Version The type of IP address—version 4 or version 6.
IP Address The IP address of the virtual router.
Interface The IP interface of the device. If the IP interface has the same IP
address as the IP address, this device is considered the owner of the
defined virtual router.
Parameter Description
Priority The election priority bias for this virtual server.
During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual router’s IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1–254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.
Ownership The owner of the VRRP IP address.
Values:
• Owner—If the IP interface has the same IP address as the virtual
address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.
• Renter—The virtual router that is not owned by the device.
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
“preferred master”) briefly becomes the backup and then reverts to the master.
Note: You can configure the values for the High Availability feature in the Configuration perspective,
under Network > High Availability.
• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon
version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode.
Typically, you do this when you need to perform maintenance on the active Alteon and not affect
the service.
• When the High Availability Mode on the device is Service HA:
— Monitor high-availability information.
— Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
• When the High Availability Mode on the device is Legacy VRRP:
— Monitor high-availability information.
— Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
Parameter Description
Status The Service HA status.
HA Group ID The HA Group identifier.
Parameter Description
Peer Switch ID The identifier of the peer.
Peer Switch Address The IP address of the advertisement IP interface associated with the
peer.
Last Sync The type (manual or automatic), status, timestamp, and failure reason
of the last configuration synchronization attempt.
Last Successful Sync The type (manual or automatic) and timestamp of the last successful
configuration synchronization.
Parameter Description
State The Extended HA status.
Values:
• Init—If there is no port in the virtual router’s VLAN with an active
link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
• Master—The virtual router is the master.
• Backup—The virtual router is a backup.
Parameter Description
Status The VRRP status.
Values:
• Init—If there is no port in the virtual router’s VLAN with an active
link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
• Master—The virtual router is the master.
• Backup—The virtual router is a backup.
• Holdoff—VRRP operation is globally suspended for the specified
interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.
Router ID The router identifier.
VR ID The virtual router identifier.
IP Version The type of IP address—version 4 or version 6.
IP Address The IP address of the virtual router.
Interface The IP interface of the device. If the IP interface has the same IP
address as the IP address, this device is considered the owner of the
defined virtual router.
Priority The election priority bias for this virtual server.
During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual router’s IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1–254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.
Ownership The owner of the VRRP IP address.
Values:
• Owner—If the IP interface has the same IP address as the virtual
address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.
• Renter—The virtual router that is not owned by the device.
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
“preferred master”) briefly becomes the backup and then reverts to the master.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 445.
This chapter contains the following main topics:
• Clearing Non-operating SLB Statistics, page 387
• Clearing SLB Statistics from the HA Peer, page 388
• Monitoring and Controlling Virtual Servers, page 388
• Monitoring and Managing Filters, page 397
• Monitoring and Controlling Server Resources, page 403
• View a FastView Web Application, page 408
• Monitoring and Controlling APM, page 409
• Monitoring and Controlling SSL, page 409
• Monitoring Traffic Match Criteria, page 416
• Monitoring and Controlling Application Services, page 417
• Monitoring LinkProof, page 431
• Monitoring Global Traffic Redirection Statistics, page 434
• Monitoring AppShape++ Statistics, page 438
Note: When a client sends a DNS query to the site, and the site sends a DNS response with the IP
address of the remote real server, the client binds to the remote real server directly. In such cases,
the statistics at Monitoring > Application Delivery > Virtual Servers do not include statistics for
the remote real server because the site does not act as a proxy or redirect the session.
DNS and redirect statistics for the remote real server are displayed at Monitoring > Application
Delivery > Global Traffic Redirection > Remote Real Virtual Servers.
Parameter Description
Status The status of the virtual server.
Virtual Server ID The ID of the virtual server.
Description The description of the virtual server.
(This parameter is
available only in version
31.0 and later, and 32.0
and later.)
Name A name for the virtual server
(This parameter is
available only in version
29.5.x, 30.0.x, 30.1.x,
30.2.x, and 30.5.x.)
IP Address The IP address of the virtual server.
(This parameter is
available only in version
31.0 and later, and 32.0
and later.)
Connection per Second The number of connections per second for the virtual server.
(This parameter is
available only in version
30.5.x and later, 31.0.2
and later, and 32.0 and
later.)
Throughput per Second The throughput, in Mbps, for the virtual server.
(This parameter is
available only in version
30.5.x and later, 31.0.2
and later, and 32.0 and
later.)
Current Sessions The number of sessions currently open on the virtual server.
Total Sessions The total number of sessions handled by the virtual server.
Highest Sessions The highest number of concurrent sessions recorded on the virtual
server.
Total Octets The total number of octets sent and received by the virtual server.
Click on an entry in the Virtual Services of Selected Virtual Server table to view the following
detailed virtual service statistics:
Table 266: Virtual Services: General Statistics (Alteon Version 31.0 and Later)
Parameter Description
Status The status of the virtual service.
Virtual Server ID The ID of the virtual server associated with the selected virtual service.
Service Port The service port associated with the selected virtual service.
Action The action of the virtual service.
Table 266: Virtual Services: General Statistics (Alteon Version 31.0 and Later) (cont.)
Parameter Description
Group ID The identifier of the server group to which this virtual service redirects
the traffic.
Total Octets The total number of octets sent and received by the virtual service.
(This parameter is
available only in version
31.0.2 and later, and
version 32.0 and later.)
Connections per Second The number of connections per second for the virtual service.
(This parameter is
available only in version
31.0.2 and later, and
version 32.0 and later.)
Throughput per Second The throughput, in bytes per second, for the virtual service.
(This parameter is
available only in version
31.0.2 and later, and
version 32.0 and later.)
Current Sessions The number of sessions currently open on the virtual service.
(This parameter is
available only in version
31.0.2 and later, and
version 32.0 and later.)
Total Sessions The total number of sessions handled by the virtual service.
(This parameter is
available only in version
31.0.2 and later, and
version 32.0 and later.)
Highest Sessions The highest number of concurrent sessions recorded on the virtual
(This parameter is service.
available only in version
31.0.2 and later, and
version 32.0 and later.)
Table 267: Virtual Service: Traffic Statistics (per Real Server) (Alteon Version 30.1 and Later)
Parameter Description
Runtime Status The run-time status of the real server per service based on the
(Available only in Alteon configuration, operational status, health check status, and traffic of the
version 31.0 and later, real server.
and version 32.0 and Available statuses: Up, Down, Admin-Down, Warning, or Shutdown.
later.)
Real ID The identifier of a real server associated with the virtual service.
Current Sessions The number of current sessions to the virtual service on the real
server.
Total Sessions The total number of sessions to the virtual service on the real server.
Highest Sessions The highest number of concurrent sessions to the virtual service on the
real server.
Table 267: Virtual Service: Traffic Statistics (per Real Server) (Alteon Version 30.1 and Later)
Parameter Description
Failure Reason Displays the reason for which the real server associated with the
(This parameter is virtual service is considered Down. The failure reason displays when
available only in version the runtime status of the server is Down, otherwise the failure reason
31.0.3 and later, and is empty.
version 32.0 and later)
Server RTT The average server round-trip time (RTT) in microseconds.
Table 268: Statistics and Timing (Alteon Version 31.0 and Later)
Parameter Description
Connections per Second The number of connections per second for the virtual service.
Current Sessions The number of sessions currently open on the virtual service.
Highest Sessions The highest number of concurrent sessions recorded on the virtual
service.
Throughput per Second The throughput, in Mbytes per second, for the virtual service.
Total Sessions The total number of sessions handled by the virtual service.
Total Octets The total number of octets sent and received by the virtual service.
Timing
Client RTT The average client round-trip time (RTT) in microseconds.
Server RTT The average server round-trip time (RTT) in microseconds.
Application Response The average application response time, in microseconds.
Response Transfer The average response transfer time, in microseconds.
Total The average total response time, in microseconds.
Table 269: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later)
Parameter Description
HTTP 2.0 Displays the following statistics for HTTP 2.0 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
HTTP 1.1 Displays the following statistics for HTTP 1.1 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
Table 269: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later) (cont.)
Parameter Description
HTTP 1.0 Displays the following statistics for HTTP 1.0 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
HTTP/2 Connection Displays the value for the last measuring period (Current) and the
Statistics highest value recorded in a measuring period (Peak) for each of the
(These statistics are following statistics:
displayed only when an • Backend Connections used by HTTP/2 Proxy
HTTP/2 policy is • Client Streams—Average number of client streams per connection.
associated with the
selected virtual service) • PUSH Streams—Average number of PUSH stream connections sent
by Alteon to clients.
• Canceled PUSH Requests—Average number of cancel PUSH
requests received from a client per connection.
• Session Duration Average—In mm:ss format.
HTTP/2 Header Displays the value for the last measuring period (Current) and the
Compression Statistics highest value recorded in a measuring period (Peak) for each of the
(These statistics are following header compression statistics:
displayed only when an • Requests—Average Compression Ratio (%)
HTTP/2 policy is • Responses—Average Compression Ratio (%)
associated with the
selected virtual service) • Average de facto HPACK Table Size—Average size of the dynamic
HPACK table.
• Big Headers Count—The number of Big Headers handled. A Big
Header is a header whose size is more than half of the maximum
dynamic table size. Such headers usually cause eviction of older
headers from the table.
• Average Evicted Bytes Per Connection
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
New SSL Handshakes The number of current SSL handshakes per second, and the total
number of new SSL handshakes.
Reused SSL Handshakes The number of current reused SSL handshakes per second, and the
total number of reused SSL handshakes.
Reuse rate The percentage of current and total reuse rate.
Reused 0-RTT SSL The number of current reused 0-RTT SSL handshakes per second, and
handshakes the total number of reused 0-RTT SSL handshakes.
Parameter Description
Reuse 0-RTT rate The percentage of current and total reuse 0-RTT rate.
Rejected 0-RTT The number of current rejected 0-RTT handshakes per second, and the
handshakes total number of rejected 0-RTT handshakes.
SSL v3 Handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 Handshakes The percentage of current and total TLS 1.0 handshakes.
TLS 1.1 Handshakes The percentage of current and total TLS 1.1 handshakes.
TLS 1.2 Handshakes The percentage of current and total TLS 1.2 handshakes.
TLS 1.3 Handshakes The percentage of current and total TLS 1.3 handshakes.
HTTP to HTTPS The number of current and total number of HTTP to HTTPS
Redirections redirections.
Rejected SSL Handshakes The number of current rejected SSL handshakes per second, and the
total number of rejected SSL handshakes.
Session ID Reuse SSL The number of current session ID reuse handshakes per second, and
Handshakes the total number of current session ID reuse handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse SSL handshakes.
Handshakes
Ticket Reuse SSL The number of current ticket reuse SSL handshakes per second, and
Handshakes total number of ticket reuse SSL handshakes.
Ticket Reuse SSL The percentage of current ticket reuse SSL handshakes.
Handshakes
Parameter Description
New SSL Handshakes The number of current SSL handshakes per second, and the total
number of new SSL handshakes.
Reused SSL Handshakes The number of current reused SSL handshakes per second, and the
total number of reused SSL handshakes.
Reuse Rate The percentage of current and total reuse rate.
SSL v3 Handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 Handshakes The percentage of current and total TLS 1.0 handshakes.
TLS 1.1 Handshakes The percentage of current and total TLS 1.1 handshakes.
TLS 1.2 Handshakes The percentage of current and total TLS 1.2 handshakes.
TLS 1.3 Handshakes The percentage of current and total TLS 1.3 handshakes.
HTTP to HTTPS The number of current HTTP to HTTPS redirections.
redirections
Session ID Reuse SSL The number of current session ID reuse handshakes per second, and
Handshakes the total number of session ID reuse SSL handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse handshakes.
Handshakes
Ticket Reuse SSL The number of current ticket reuse handshakes per second, and the
Handshakes total number of ticket reuse SSL handshakes.
Parameter Description
Ticket Reuse SSL The percentage of current and total ticket reuse handshakes.
Handshakes
Ignored Certificates The reason for ignoring the certificate.
Reasons
Current The number of current (per second) ignored certificates for the listed
reason.
Total The number of total ignored certificates for the listed reason.
Parameter Description
For Frontend and Backend Cipher Usage
Cipher Name The cipher name.
Current Cipher usage per second.
Total Total cipher usage.
Parameter Description
Rejected Handshake Reasons for Frontend and Backend
Rejected Handshake The reason for the rejected handshake.
Reason
Current The number of current (per second) rejected handshakes.
Total The total number of rejected handshakes.
Table 274: Caching and Compression Statistics (Alteon Version 30.2 and Later)
Parameter Description
Objects Served from The number of objects served from cache.
Cache
Cache Hits Percentage of cache hits.
Cache Requests Number of cache requests per second.
Total Cached Objects Total number of cached objects.
New Cached Objects Number of new cached objects per second.
Peak New Cached Objects Number of peak new cached objects per second.
Table 274: Caching and Compression Statistics (Alteon Version 30.2 and Later) (cont.)
Parameter Description
Compression Statistics Compression-specific statistics:
• Throughput (KB)—Amount of compressed and uncompressed
throughput, and compression ratio.
• Average Object Size (KB)—Average compressed and
uncompressed object size, and compression ratio.
• Total Bytes Saved—Since last reboot or statistics clear.
• Bytes Saved—Bytes saved per second.
• Peak Bytes Saved—Highest number of bytes saved per second
since last reboot or statistics clear.
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
Transactions Number of current, total, and peak transactions.
HTML Pages Number of current, total, and peak HTML pages.
Optimized Pages Number of current, total, and peak optimized pages.
Tokens Rewritten Number of current, total, and peak tokens rewritten.
Compiled Pages Number of current, total, and peak compiled pages.
Bytes Saved with Image Number of bytes saved with image reduction for current traffic, and for
Reduction traffic since the last clear of statistics.
% Bytes Saved with Percentage of bytes saved with image reduction for current traffic, and
Image Reduction for traffic since the last clear of statistics.
Responses with Expiry Number of responses with expiry modified for current traffic, and for
Modified traffic since the last clear of statistics.
% Responses with Expiry Percentage of responses with expiry modified for current traffic, and
Modified for traffic since the last clear of statistics.
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
The Defense Messaging Policy parameters are shown for their Current value, Last Period
Average, Current Period average, and Peak values (also showing the time stamp for the peak
value).
Bandwidth The bandwidth (in Mbps)
Parameter Description
PPS The number of packets per second (PPS)
CPS The number of connections per second (CPS)
Latency The latency (in microseconds)
Parameter Description
Virtual Server ID The ID of the virtual server associated with the selected content-based
rule.
Service ID The ID of the virtual service associated with the selected content-
based rule.
Content Rule ID The ID of the content-based rule.
Action The action of the content-based rule.
Current Sessions The number of current sessions that match the content-based rule.
Total Sessions The total number of sessions that match the content-based rule.
Highest Sessions The highest number of concurrent sessions that matched the content-
based rule.
Total Octets The total number of bytes/octets that matched the content-based rule.
In the Traffic tab, click an entry in the Content Based Rule Service table to see all statistics for
each service.
Parameter Description
Server ID The ID of the virtual server associated with the selected content-based rule.
Service ID The ID of the virtual service associated with the selected content-based rule.
Rule ID The ID of the content-based rule.
Real ID The ID of the rule (when Action is set to Group).
Sessions
Server RTT The average server round-trip time (RTT) in microseconds.
Current The number of current sessions to the virtual service on the real server.
Sessions
Total Sessions The total number of sessions that match the content-based rule.
Highest The highest number of concurrent sessions that matched the content-based rule.
Sessions
Total Octets The total number of bytes/octets that matched the content-based rule.
To monitor filters
1. In the Monitoring perspective, select Application Delivery > Filters.
2. In the Filters table, select the required row(s) and click the button to view the filter details.
Parameter Description
Status The configurational status of the filter.
Filter ID The filter ID of the filter.
Name The name of the filter.
Action The configurational action of the filter.
Group ID The real server group to which traffic matching the Redirect filter is
(This parameter is sent.
displayed only when the
value for the Action
parameter is Redirect or
Outbound LLB.)
Total Hits The number of total hits, in packets, connections, or Requests,
depending on the type of filter.
Special cases:
• For HTTP Layer 7 filters, the match is request based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
The statistics in the following tabs are relevant for redirect filters. They displays the statistics of the
real servers that participate in this redirect group.
Note: The counters display accumulative data from all filters that redirect to each real server.
Parameter Description
This tab is available only in version 32.0 and later.
Connections per Second The number of connections per second currently processed by this
filter.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets based, and therefore the session counter is not
incremented.
Parameter Description
Current Sessions The current number of sessions processed by this filter.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Highest Sessions The highest number of sessions processed by this filter since the last
reboot of reset statistics.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Total Sessions The total number of sessions processed by this filter since the last
reboot of reset statistics.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Current Throughput The current throughput, in Kbps, processed by this filter.
Highest Throughput The highest throughput, in Kbps, processed by this filter.
Total Bandwidth The total bandwidth, in Mb, processed by this filter.
Total Hits The number of total hits, in packets, connections, or Requests,
depending on the type of filter.
Special cases:
• For HTTP Layer 7 filters, the match is request based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Parameter Description
This tab is available only in version 32.0 and later.
Runtime Status The runtime status of the real server.
Values: Disabled, Failed, Running
Real IDs The real server ID.
Parameter Description
Current Sessions The current number of sessions processed by the real server
connected to this filter.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Highest Sessions The highest number of sessions processed by this real server since the
last reboot of reset statistics.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Total Sessions The total number of sessions processed by this real server since the
last reboot of reset statistics.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Current Throughput The current throughput, in Kbps, processed by this real server.
[Kbps]
Highest Throughput The highest throughput, in Kbps, processed by this real server.
[Kbps]
Total BW [Mb] The total bandwidth, in Mb, processed by this real server.
CPS The number of connections per second currently processed by this real
server.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
Failure Reason Displays the reason for which the real server associated with the filter
is considered Down. The failure reason displays when the runtime
status of the server is Down, otherwise the failure reason is empty.
Note: In some later versions, some of the SSL monitoring parameters are shown in the SSL tab.
Parameter Description
This tab is available only in version 32.0.1 and later.
New SSL handshakes The number of new SSL handshakes per second.
Reused SSL handshakes The number of reused SSL handshakes per second.
Reuse rate The reuse rate of SSL handshakes as a percentage.
Rejected SSL handshakes The number of rejected SSL handshakes per second.
Reused 0-RTT SSL The number of reused 0-RTT SSL handshakes per second.
handshakes
Reuse 0-RTT rate The reuse rate of 0-RTT SSL handshakes as a percentage.
Rejected 0-RTT The number of rejected 0-RTT SSL handshakes per second.
handshakes
SSL v3 handshakes The percentage of SSL v3 handshakes.
TLS 1.0 handshakes The percentage of TLS 1.0 handshakes.
TLS 1.1 handshakes The percentage of TLS 1.1 handshakes.
TLS 1.2 handshakes The percentage of TLS 1.2 handshakes.
TLS 1.3 handshakes The percentage of TLS 1.3 handshakes.
HTTP to HTTPS The number of HTTP to HTTPS redirections.
redirections
Rejected Certificates The number of rejected certificates.
Ignored Certificates The number of ignored certificates.
Expired Certificates The number of expired certificates.
Untrusted Certificates The number of untrusted certificates.
Certificate Hostname The number of certificate hostname mismatches.
Mismatch
Rejected Handshake The number of reasons for handshake rejections.
Reasons
Total Cipher Handshakes The number of cipher handshakes.
Session ID Reuse SSL The number of session ID reused SSL handshakes per second.
Handshake
Session ID Reuse SSL The number of session ID reused SSL handshakes percentage.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes per second.
Handshake
Parameter Description
This tab is available only in version 32.0.1 and later.
New SSL handshakes The number of new SSL handshakes per second.
Reused SSL handshakes The number of reused SSL handshakes per second.
Reuse handshakes The reuse rate of SSL handshakes as a percentage.
Rejected SSL handshakes The number of rejected SSL handshakes per second.
Parameter Description
SSL v3 handshakes The percentage of SSL v3 handshakes.
TLS 1.0 handshakes The percentage of TLS 1.0 handshakes.
TLS 1.1 handshakes The percentage of TLS 1.1 handshakes.
TLS 1.2 handshakes The percentage of TLS 1.2 handshakes.
TLS 1.3 handshakes The percentage of TLS 1.3 handshakes.
HTTP to HTTPS The number of HTTP to HTTPS redirections.
redirections
Session ID Reuse SSL The number of session ID reused SSL handshakes per second.
Handshake
Session ID Reuse SSL The number of session ID reused SSL handshakes percentage.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes per second.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes percentage.
Handshake
Ignored Certificate The reasons for the ignored certificates - current (per second) and
Reasons total.
Parameter Description
Frontend Cipher Usage Table listing the front-end cipher name, current usage (per second)
and total usage.
Backend Cipher Usage Table listing the back-end cipher name, current usage (per second)
and total usage.
Parameter Description
Frontend Rejected Table listing the front-end rejected handshake reason, for current (per
Handshake Reasons second) and total rejected handshakes.
Backend Rejected Table listing the back-end rejected handshake reason, for current (per
Handshake Reasons second) and total rejected handshakes.
Parameter Description
This tab is available only in version 32.0.1 and later.
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
Total Rejected Certificates The number of rejected certificates.
(Starting with version
32.2.x, this parameter no
longer displays)
Total Ignored Certificates The number of ignored certificates.
(Starting with version
32.2.x, this parameter no
longer displays)
Total Expired Certificates The number of expired certificates.
(Starting with version
32.2.x, this parameter
displays in the General tab
at Configuration >
Application Delivery >
SSL, and is named SSL
Expired Certificate)
Total Untrusted The number of untrusted certificates.
Certificates
(Starting with version
32.2.x, this parameter
displays in the General tab
at Configuration >
Application Delivery >
SSL and is named SSL
Untrusted Certificate)
Total Certificate Hostname The number of certificate hostname mismatches.
Mismatch
(Starting with version
32.2.x, this parameter
displays in the General tab
at Configuration >
Application Delivery >
SSL and is named
SSLCertificate
Hostname Mismatch)
Parameter Description
This tab is available only in version 31.x and earlier.
New SSL handshakes The number of new SSL handshakes per second.
Reused SSL handshakes The number of reused SSL handshakes per second.
Reuse rate The reuse rate of SSL handshakes as a percentage.
Rejected SSL handshakes The number of rejected SSL handshakes per second.
SSL v3 handshakes The percentage of SSL v3 handshakes.
TLS 1.0 handshakes The percentage of TLS 1.0 handshakes.
TLS 1.1 handshakes The percentage of TLS 1.1 handshakes.
Parameter Description
TLS 1.2 handshakes The percentage of TLS 1.2 handshakes.
TLS 1.3 handshakes The percentage of TLS 1.3 handshakes.
HTTP to HTTPS The number of HTTP to HTTPS redirections.
redirections
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
Current Connection Per The number of current connections per second.
Second
Current Throughput The amount of current throughput (in Mbps).
Current SSL CPS The number of current SSL connections per second.
Related Topics
• Clearing Non-operating SLB Statistics, page 387
• Clearing SLB Statistics from the HA Peer, page 388
Note: Changing the operational status of a real server is typically performed for maintenance
purposes. If you execute a change to the operational status of a real server, the change takes effect
without an Apply or Save command. When the Alteon resets, the real server reverts to its
configuration status (that is, enabled or disabled).
Parameter Description
Disable Disables the selected real server(s) immediately and close existing
connections.
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fast-ages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Gracefully disables the real server, having the server do the following:
Persistency 1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Disable & Keep Gracefully disables the real server, having the server do the following:
Persistency and Fastage 1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Fast-ages existing sessions.
4. Disables the real server when there are no connections including
the persistent data for the real server.
Enable Enables the selected real server(s).
Note: Users with CoS type User can see the statistics and status of all real servers, but they
can only perform operations on the real servers that are assigned to them.
2. To view the monitoring information for one specific real server, click the button.
Parameter Description
Status The administrative status of the real server.
Values (Alteon version 30.2.7 and later, version 30.5.6 and later, and
version 31.0.3 and later):
• Disable—Disables the server and removes the existing sessions
using the disabled-with-fastage option.
• Enabled—Enables the server.
• Connections Shutdown—Continues sending to the server traffic
belonging to active connections but denies any new connections.
• Sessions Shutdown—Continues sending to the server traffic
belonging to active connections and accepts new connections if
they belong to persistent session entry.
Values (all other versions):
• Enabled—The real server is enabled.
• Disabled—The real server is disabled.
• Disable-with-fastage—The real server was disabled and fastaged
the existing sessions.
Server State The run-time state of the real server (which is, the result of the real-
server health check).
Values: Disabled, Failed, Running
Operational Status The operational status of the real server. For more information, see
Real Server Operations—Options, page 404.
Real Server ID The identifier of the real server.
Name The description of the real server.
IP Address The IP address of the real server.
IP Version The IP version of the real server.
MAC Address The MAC address of the real server.
Parameter Description
Current Sessions The number of sessions currently open on the real server.
Total Sessions The total number of sessions the real server handled.
Highest Sessions The highest number of concurrent sessions handled by the real server.
Parameter Description
Total Bytes The total number of bytes handled by the real server (transmit and
receive).
Parameter Description
Server Failures The number of times the real server has failed since the last reboot.
Parameter Description
(These parameters are displayed only when monitoring a specific real server.)
Last Failure The time of the last failure.
Up Time The time that the server has been up.
Down Time The time that the server has been down
Parameter Description
Server Group ID The identifier of the server group.
Description The description of the server group.
SLB Metric The load balancing metric for the server group.
Health Check The health check used to monitor the server group.
Current Sessions The current number of sessions that the server group is handling.
Total Sessions The total number of sessions that the server group has handled.
Highest Sessions The highest number of concurrent sessions that the server group has
handled.
Total Octets The total number of octets that the server group has handled.
2. In the Real Servers per Group table, select the required row(s) and click the (Edit) button.
3. From the Real Server per Group Operation drop-down list, select Enable.
4. Click Enable.
2. In the Server Groups table, select the required server group and click the (Edit) button.
3. In the Real Servers per Group table, select the required row(s).
4. (In Alteon version 30.0.12 and earlier, version 30.2.7 and earlier, version 30.5.5 and earlier, and
version 31.0.2 and earlier) From the Real Server per Group Operation drop-down list, select
Disable.
5. (In Alteon version 30.2.8 and later, version 30.5.6 and later, and version 31.0.3 and later) From
the Real Server per Group Operation drop-down list, select from the following options how to
shut down the selected real servers in the server group:
— Disabled—Disables the server and removes the existing sessions using the disabled-with-
fastage option.
— Connections Shutdown—Continues sending to the server traffic belonging to active
connections but denies any new connections.
— Sessions Shutdown—Continues sending to the server traffic belonging to active connections
and accepts new connections if they belong to persistent session entry.
6. Click the button next to the Real Server per Group Operation drop-down list.
Parameter Description
Status The real server configuration status in the group.
Values: Enable, Disable, Connection Shutdown, Sessions Shutdown
Parameter Description
Server State The run-time state of the real server in the group.
Values: Running, Failed, Overloaded.
(The Overloaded status is available only in version 30.2.10.0 and later,
version 30.5.8.0 and later, version 31.0.5.0 and later, and version
32.0.1.0 and later.)
Operational Status The operational status of the server.
Values: Enable, Disable, Connection Shutdown, Sessions Shutdown
Real Server ID The ID of the real server.
IP Address The IP address of the real server.
Description The description of the real server.
Current (Sessions) The current number of sessions that the real server is handling.
Total (Sessions) The total number of sessions that the real server has handled.
Highest (Sessions) The highest number of concurrent sessions that the real server has
handled.
Bytes The total number of bytes that the real server has handled.
Note: You can also access this information directly from the Content Rule pane or the FastView
Web Application pane.
2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server
pane.
3. Select the FastView tab on the View Virtual Service pane.
4. View the information available for each virtual service:
Parameter Description
Transactions The counter of current, total, and peak HTTP GET requests served by
FastView for this virtual service within the measured period.
HTML Pages The number of current, total, and peak HTML pages served by FastView.
Some of them may not be optimized, for example if they are excluded in
the configuration.
Optimized Pages The number of current, total, and peak HTML pages optimized and
rewritten by FastView.
Parameter Description
Tokens Rewritten The number of current, total, and peak substitution performed by FastView.
Compiled Pages The number of current, total, and peak compiled or learned pages.
Bytes Saved with Displays the number of bytes saved by the image reduction treatments on a
Image Reduction resource, and for traffic since the last clear of statistics.
% Bytes Saved with Displays the percentage of bytes saved by the image reductions treatments
Image Reduction on a resource, and for traffic since the last clear of statistics.
Responses with Displays the number of responses that have a modified expiry, and for
Expiry Modified traffic since the last clear of statistics.
% Responses with Displays the percentage of responses with a modified expiry, and for traffic
Expiry Modified since the last clear of statistics.
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were cleared.
reset / clear statistics
To monitor APM
1. Depending on your Alteon version, do one of the following:
— For Alteon version 30.2 or later, in the Monitoring perspective, select Application Delivery
> Virtual Service > APM.
— For Alteon version 30.5 or later, in the Monitoring perspective, select Application Delivery
> Server Resources > APM.
— For Alteon version 31.0 or later, and version 32.1 or later, in the Monitoring perspective,
select Application Delivery > Virtual Servers > APM.
2. Configure the parameters, and click Submit.
Parameter Description
Virtual Server ID The ID of the virtual server.
Service The service identifier.
Note: In some previous versions, some of the SSL monitoring parameters are shown in the Filters
tab.
Parameter Description
New SSL handshakes The number of current new SSL handshakes per second, and the total
number of SSL handshakes per second.
Reused SSL handshakes The number of current reused SSL handshakes per second, and the
total number of reused SSL handshakes.
Reuse rate The percentage of current and total reuse rate.
Rejected SSL handshakes The number of current rejected SSL handshakes per second, and the
total number of rejected SSL handshakes.
Reused 0-RTT SSL The number of current reused 0-RTT SSL handshakes per second, and
handshakes the total number of reused 0-RTT SSL handshakes
Reuse 0-RTT rate The percentage of current and total reuse 0-RTT rate.
Rejected 0-RTT The number of current rejected SSL handshakes per second, and the
handshakes total number of rejected 0-RTT handshakes.
Non-Expired Ticket The number of current non-expired tickets deleted in percentage, and
Deletion the total number of non-expired ticket deletion.
SSL v3 handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 handshakes The percentage of current and total TLS 1.0 handshakes.
TLS 1.1 handshakes The percentage of current and total TLS 1.1 handshakes.
TLS 1.2 handshakes The percentage of current and total TLS 1.2 handshakes.
TLS 1.3 handshakes The percentage of current and total TLS 1.3 handshakes.
HTTP to HTTPS The number of current HTTP to HTTPS redirections.
redirections
Non-expired TLS 1.3 The percentage of current and total non-expired TLS 1.3 tickets
tickets deleted deleted.
Session ID Reuse SSL The number of current session ID reuse handshakes per second, and
Handshake the total number of session ID reuse SSL handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse handshakes.
Handshake
Ticket Reuse SSL The number of current ticket reuse handshakes per second, and the
Handshake total number of ticket reuse SSL handshakes.
Ticket Reuse SSL The percentage of current and total ticket reuse handshakes.
Handshake
Parameter Description
New SSL handshakes The number of current new SSL handshakes per second, and the total
number of new SSL handshakes.
Reused SSL handshakes The number of current reused SSL handshakes per second, and the
total number of reused SSL handshakes.
Reused SSL handshakes The percentage of current and total reuse rate.
Rejected SSL handshakes The number of current rejected SSL handshakes per second, and the
total number of rejected SSL handshakes.
SSL v3 handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 handshakes The percentage of current and total TLS 1.0 handshakes.
TLS 1.1 handshakes The percentage of current and total TLS 1.1 handshakes.
TLS 1.2 handshakes The percentage of current and total TLS 1.2 handshakes.
TLS 1.3 handshakes The percentage of current and total TLS 1.3 handshakes.
Session ID Reuse SSL The number of current session ID reuse handshakes per second, and
Handshake the total number of session ID reuse SSL handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse handshakes.
Handshake
Ticket Reuse SSL The number of current ticket reuse handshakes per second, and the
Handshake total number of ticket reuse SSL handshakes.
Ticket Reuse SSL The percentage of current and total ticket reuse handshakes.
Handshake
Parameter Description
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
SSL Expired Certificate The number of current and total expired SSL certificates per second.
SSL Untrusted Certificate The number of current and total untrusted SSL certificates per second.
SSL Certificate Hostname The number of current and total SSL certificate hostname mismatches
Mismatch per second.
When the OCSP or CDP cache is filled with stale responses, you may want to purge the cache.
Table 303: SSL Operations (in versions 32.2.x and later)/Client Authentication (in versions
30.2.x through 31.0.x) Parameters
Parameter Description
Client Authentication Policy ID The Client Authentication Policy ID.
OCSP Cache Purge Purges the cached content of the relevant OCSP responses.
CDP Cache Purge Purges the cached content of the relevant CDP responses.
Inspection Certificate Cache Purge Purges the cached content of the relevant inspection
certificate.
0-RTT Session Tickets Purge Purges the cached content of the relevant 0-RTT session
tickets.
Parameter Description
Enable Enables the selected real server(s).
Disable Disables the selected real server(s) immediately and close existing
connections.
Disable & Keep Gracefully disables the real server, having the server do the following:
Persistency 1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fastages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Gracefully disables the real server, having the server do the following:
Persistency and Fastage 1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Fastages existing sessions.
4. Disables the real server when there are no connections including
the persistent data for the real server.
• MAC Address
• Current Sessions
• Total Sessions
• Highest Sessions
• Total Bytes
• Server Failures
Parameter Description
ID The CDP group identifier.
Last Successful Download Shows the day, date, and time of the last successful CRL download per
CDP group.
Last Failed Download Shows the day, date, and time of the last failed CRL download per CDP
group.
Monitoring OSCP
You can view (read-only) the OSCP status as a summary or per OSCP server.
Parameter Description
OCSP Validation/Stapling Requests
Validation/Stapling The number of times we attempted an OCSP connection (regardless if
Attempts it was successful or not).
Successful OCSP The number of times we were able to connect the OCSP server and got
Connections an OCSP response (regardless if the response was good or not).
Successful Validations/ The number of times the OCSP was successful (connection/cache +
Stapling Requests validation).
Failed Validations/Stapling The number of times failed due to connection error / validation error.
Requests
Handled from Cache The number of times we got the response from cache.
Parameter Description
Failed OCSP Connection The number of times all connection attempts (according to retry logic)
Attempts failed.
Failed OCSP Connection The number of times a single retry failed. (For example, if we had 5
Retries retries and they all failed we will get five failed retries and one failed
connection attempts (previous stat).)
Validation Stapling Failure Reasons
Certificate Revoked The certificate is breached.
Unknown Certificate The OCSP server had no information regarding the certificate.
Irrelevant Response The OCSP server answered about a different certificate.
Bad Response The the response was problematic.
General Failure Indicates an internal problem.
Invalid Algorithm The OCSP response is signed by an algorithm different than what we
configured.
Invalid Signature The OCSP signature was made by a trusted CA that is not configured in
the authentication policy.
Invalid Nonce The nonce is a random number sent in the OCSP request and must be
returned in the OCSP response in order to avoid reply attacks. Invalid
nonce means a non-existing or different nonce than we sent.
Invalid Time The time of the response is out of range of the time deviation
configured.
Certificate Status (Stapling) Responses
Certificate Status The number of times Alteon, as a client, asked for stapling in client
Response Received hello and received the response.
Certificate Status The number of times Alteon, as a client, asked for stapling in client
Response Not Received hello and didn’t received the response.
Parameter Description
OCSP Server The URL of the OCSP server.
Request Method The response method that the OCSP server supports - via HTTP POST
or HTTP GET.
Successful OCSP The number of times we were able to connect the OCSP server and got
Connections an OCSP response (regardless if the response was good or not).
Successful Validations/ The number of times the OCSP was successful (connection/cache +
Stapling Requests validation).
Failed OCSP Connection The number of times a single retry failed.
Retries
Failed Validations/Stapling The number of times failed due to connection error / validation error.
Requests
Validation / Stapling Failure Reasons
Certificate Revoked The certificate is breached.
Unknown Certificate The OCSP server had no information regarding the certificate.
Irrelevant Response The OCSP server answered about a different certificate.
Parameter Description
Bad Response The the response was problematic.
General Failure Indicates an internal problem.
Invalid Algorithm The OCSP response is signed by an algorithm different than what we
configured.
Invalid Signature The OCSP signature was made by a trusted CA that is not configured in
the authentication policy.
Invalid Nonce The nonce is a random number sent in the OCSP request and must be
returned in the OCSP response in order to avoid reply attacks. Invalid
nonce means a non-existing or different nonce than we sent.
Invalid Time The time of the response is out of range of the time deviation
configured.
2. Select a row and click the button to view the URL filtering information for the selected URL
filter.
3. If you want to clear the URL filtering statistics, click Clear Statistics.
4. If you want to purge the URL filtering cache, click URLF Cache Purge.
Parameter Description
Subcategory The URL filter subcategory hits status.
Category The URL filter category hits status.
Count The URL filter count statistics.
Parameter Description
Virtual Server ID The virtual server ID
Port The virtual server port.
Current (per Sec)
HTTP Request The current number of HTTPS request events per second.
Frontend SSL The current number of front-end SSL events per second.
Layer 4 The current number of Layer 4 events per second.
Total
Total HTTP Request The number of HTTPS request events since Alteon was last reset.
Total Frontend SSL The number of front-end SSL events since Alteon was last reset.
Total Layer 4 The number of Layer 4 events since Alteon was last reset.
Parameter Description
Virtual Server ID The virtual server ID
Port The virtual server port.
Traffic Event Sent Successful
HTTP Request Current (per Sec)—The current number of successful HTTPS request
events per second.
Total—The number of successful HTTPS request events since Alteon was
last reset.
HTTP Response Current (per Sec)—The current number of successful HTTPS response
events per second.
Total—The number of successful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of successful front-end SSL
events per second.
Total—The number of successful front-end SSL events since Alteon was
last reset.
Backend SSL Current (per Sec)—The current number of successful back-end SSL
events per second.
Total—The number of successful back-end SSL events since Alteon was
last reset.
Layer 4 Current (per Sec)—The current number of successful Layer 4 events
per second.
Total—The number of successful Layer 4 events since Alteon was last
reset.
Unified Current (per Sec)—The current number of successful unified HTTP
(Available only in Alteon transaction events per second.
version 32.4.1 and Total—The number of successful unified HTTP transaction events since
later.) Alteon was last reset.
Unified Normal You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.4.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Normal severity that were generated.
Total—The total number of events with Normal severity that were
generated since the last device reboot or statistics reset.
Parameter Description
Unified Normal (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Normal severity
version 32.4.1 and that were generated compared to all Normal severity events per second.
later.) Total—The percentage of the total events with Normal severity that
were generated compared to a all Normal events.
Unified Exception You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.4.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Exception severity that were generated.
Total—The total number of events with Exception severity that were
generated since the last device reboot or statistics reset.
Unified Exception (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Exception
version 32.4.1 and severity that were generated compared to all Exception severity events
later.) per second.
Total—The percentage of the total events with Exception severity that
were generated compared to a all Exception events.
Traffic Event Sent Failure
HTTP Request Current (per Sec)—The current number of unsuccessful HTTPS request
events per second.
Total—The number of unsuccessful HTTPS request events since Alteon
was last reset.
HTTP Response Current (per Sec)—The current number of unsuccessful HTTPS
response events per second.
Total—The number of unsuccessful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of unsuccessful front-end SSL
events per second.
Total—The number of unsuccessful front-end SSL events since Alteon
was last reset.
Backend SSL Current (per Sec)—The current number of unsuccessful back-end SSL
events per second.
Total—The number of unsuccessful back-end SSL events since Alteon
was last reset.
Layer 4 Current (per Sec)—The current number of unsuccessful Layer 4 events
per second.
Total—The number of unsuccessful Layer 4 events since Alteon was last
reset.
Traffic Events Failure Reasons
Missing Events Fields Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Parameter Description
Events Allocation Failed Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Events Queue is Full Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Parameter Description
Filter ID The virtual server ID
Current (per Sec)
HTTP Request The current number of HTTPS request events per second.
Frontend SSL The current number of front-end SSL events per second.
Layer 4 The current number of Layer 4 events per second.
Total
Total HTTP Request The number of HTTPS request events since Alteon was last reset.
Total Frontend SSL The number of front-end SSL events since Alteon was last reset.
Total Layer 4 The number of Layer 4 events since Alteon was last reset.
Parameter Description
Filter ID The filter ID
Traffic Event Sent Successful
HTTP Request Current (per Sec)—The current number of successful HTTPS request
events per second.
Total—The number of successful HTTPS request events since Alteon was
last reset.
HTTP Response Current (per Sec)—The current number of successful HTTPS response
events per second.
Total—The number of successful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of successful front-end SSL
events per second.
Total—The number of successful front-end SSL events since Alteon was
last reset.
Backend SSL Current (per Sec)—The current number of successful back-end SSL
events per second.
Total—The number of successful back-end SSL events since Alteon was
last reset.
SSL Inspection Current—The current number of successful SSL inspection hostname
Hostname Bypass bypass events per second.
Total—The number of successful SSL inspection hostname bypass
events since Alteon was last reset.
Layer 4 Current (per Sec)—The current number of successful Layer 4 events
per second.
Total—The number of successful Layer 4 events since Alteon was last
reset.
Traffic Event Sent Failure
HTTP Request Current (per Sec)—The current number of unsuccessful HTTPS request
events per second.
Total—The number of unsuccessful HTTPS request events since Alteon
was last reset.
HTTP Response Current (per Sec)—The current number of unsuccessful HTTPS
response events per second.
Total—The number of unsuccessful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of unsuccessful front-end SSL
events per second.
Total—The number of unsuccessful front-end SSL events since Alteon
was last reset.
Backend SSL Current (per Sec)—The current number of unsuccessful back-end SSL
events per second.
Total—The number of unsuccessful back-end SSL events since Alteon
was last reset.
Parameter Description
SSL Inspection Current—The current number of successful SSL inspection hostname
Hostname Bypass bypass events per second.
Total—The number of successful SSL inspection hostname bypass
events since Alteon was last reset.
Layer 4 Current (per Sec)—The current number of unsuccessful Layer 4 events
per second.
Total—The number of unsuccessful Layer 4 events since Alteon was last
reset.
Traffic Events Failure Reasons
Missing Events Fields Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Events Allocation Failed Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Events Queue is Full Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
To monitor combined traffic event statistics for virtual services and filters
1. In the Monitoring perspective, select Application Delivery > Application Services > Event
Logging.
2. Select the Summary tab.
Parameter Description
Traffic Event Sent Successfully
HTTP Request Current (per Sec)—The current number of successful HTTPS request
events per second.
Total—The number of successful HTTPS request events since Alteon was
last reset.
HTTP Response Current (per Sec)—The current number of successful HTTPS response
events per second.
Total—The number of successful HTTPS response events since Alteon
was last reset.
Parameter Description
Frontend SSL Current (per Sec)—The current number of successful front-end SSL
events per second.
Total—The number of successful front-end SSL events since Alteon was
last reset.
Backend SSL Current (per Sec)—The current number of successful back-end SSL
events per second.
Total—The number of successful back-end SSL events since Alteon was
last reset.
SSL Inspection Current—The current number of successful SSL inspection hostname
Hostname Bypass bypass events per second.
Total—The number of successful SSL inspection hostname bypass
events since Alteon was last reset.
Layer 4 Current (per Sec)—The current number of successful Layer 4 events
per second.
Total—The number of successful Layer 4 events since Alteon was last
reset.
Unified Current (per Sec)—The current number of successful unified HTTP
(Available only in Alteon transaction events per second.
version 32.4.1 and Total—The number of successful unified HTTP transaction events since
later.) Alteon was last reset.
Unified Normal You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.4.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Normal severity that were generated.
Total—The total number of events with Normal severity that were
generated since the last device reboot or statistics reset.
Unified Normal (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Normal severity
version 32.4.1 and that were generated compared to all Normal severity events per second.
later.) Total—The percentage of the total events with Normal severity that
were generated compared to a all Normal events.
Unified Exception You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.4.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Exception severity that were generated.
Total—The total number of events with Exception severity that were
generated since the last device reboot or statistics reset.
Unified Exception (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Exception
version 32.4.1 and severity that were generated compared to all Exception severity events
later.) per second.
Total—The percentage of the total events with Exception severity that
were generated compared to a all Exception events.
Parameter Description
Unified Security You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.6.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Security severity that were generated.
Total—The total number of events with security severity that were
generated since the last device reboot or statistics reset.
Security Current (per Sec)—The current number of successful Security
(Available only in Alteon transaction events per second.
version 32.6.1 and Total—The number of successful Security transaction events since
later.) Alteon was last reset.
Traffic Event Sent Failure
HTTP Request Current (per Sec)—The current number of unsuccessful HTTPS request
events per second.
Total—The number of unsuccessful HTTPS request events since Alteon
was last reset.
HTTP Response Current (per Sec)—The current number of unsuccessful HTTPS
response events per second.
Total—The number of unsuccessful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of unsuccessful front-end SSL
events per second.
Total—The number of unsuccessful front-end SSL events since Alteon
was last reset.
Backend SSL Current (per Sec)—The current number of unsuccessful back-end SSL
events per second.
Total—The number of unsuccessful back-end SSL events since Alteon
was last reset.
SSL Inspection Current—The current number of successful SSL inspection hostname
Hostname Bypass bypass events per second.
Total—The number of successful SSL inspection hostname bypass
events since Alteon was last reset.
Layer 4 Current (per Sec)—The current number of unsuccessful Layer 4 events
per second.
Total—The number of unsuccessful Layer 4 events since Alteon was last
reset.
Traffic Events Failure Reason
Missing Events Fields Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Events Allocation Failed Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
Parameter Description
Events Queue is Full Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.
HTTP Services
This feature is available only in Alteon standalone, VA, and vADC.
HTTP services include:
• Viewing HTTP Statistics, page 425
• Purging Cached Content of HTTP Responses, page 426
• Flushing Learned FastView Optimizations, page 426
Parameter Description
HTTP 2.0 Displays the following statistics for HTTP 2.0 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
Parameter Description
HTTP 1.1 Displays the following statistics for HTTP 1.1 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
HTTP 1.0 Displays the following statistics for HTTP 1.0 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Parameter Description
Virtual Server The virtual server or all virtual servers.
Service Port The port of the virtual service or all virtual-service ports.
Object URL The specific object URL or a URL with wildcard (*) in it.
button.
— In Alteon version 30.2 and later, this option is no longer available. To flush all the learned
Note: The FastView Web Applications tab stays active once you launch it. If you want to view
diagnostics for another Web application, you can navigate from the FastView Web Applications
tab or close the tab and reopen from the HTTP page, with another Web application selected.
Resource Library
The Resource Library tab displays a list of all modified resources for a Web application.
By selecting any resource on the list, you can find out more details about it, including its treated
name, if it is in a preload list, and so on.
The following information is listed for each resource.
• ID
• Name
• Size
• Created (date is displayed)
• Accessed (date is displayed)
Note: It can be very difficult to find individual treated resources using the Resource Library, as the
list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware
recommends that you use the ?printcompileinfo parameter, which specifically displays
information about treated resources for a specific page.
Instruction Lists
Each time a page is optimized for a client browser, it is called an instruction. Instructions are a
representation of a treated HTML document and the manner in which it is rewritten to call treated
resources. It does not represent the treated resources themselves, except when those resources
have been inlined into the page as part of a treatment.
This section includes the following topics:
• Working with Instruction Lists, page 428
• Instruction Details, page 428
• Substitution Lists, page 428
• Treatment Information, page 429
The details page also includes both primary and secondary substitution lists. These display what was
the original text on a compiled text or HTML page, and what is now being provided to a user.
Treatment Information
Some types of treatment information is also provided on this page. The details of these vary
between treatments, however the common information includes:
• Is the treatment enabled?
• Has the treatment reached its threshold?
• Does it require compilation?
Note: The treatment information here does not necessarily align with the actual FastView for
Alteon NG treatments. These are representative of the processes that are applied to a page
when they undergo acceleration treatment.
Dashboard Tab
The Dashboard tab includes details on:
• Optimization Status, page 429
• Workload Monitor, page 430
Optimization Status
The Optimization Status displays the following information:
• Optimization by Instruction, page 429
• Optimization by Page View, page 430
• Settings, page 430
Optimization by Instruction
This displays the various instructions that are being treated by FastView. An instruction is a unique
view of a Web page (based on Web browser client and page compile type). For example, /
home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single
instruction.
Each instruction can be in one of the following states:
• Queued—The instruction is being served as untreated. FastView is ready to process the
instruction for treating, but it is currently in a queue.
• First Compile—The instruction has been served as treated, but FastView has only viewed the
page once. FastView still needs to process the page to learn how to provide instructions.
• Learning—The instruction is being served as treated, but FastView is still learning how to treat
the instruction. The next time FastView serves the page, it may be treated differently depending
on how the next few unique browsers request the instruction. This continues until the Compiled
threshold (number of same unique views) occurs.
• Compiled—The instruction has been requested enough times (defined by unique page views
that are the same) to consider the page as Compiled. FastView does not continue to process
the page until it goes through a touch-up or recompile.
• Touchup—The percentage of instructions that are in the Touchup state. This indicates that the
instruction will still be served, but FastView will examine the next request to the instruction to
ensure that everything is still valid.
• Recompile—Instructions in the Recompile state have expired. A request to the instruction
causes it to go into a Learning state again.
The graph indicates, by percentage, where the instructions are located in the system. For detailed
information on a specific instruction, see Instruction Lists, page 428.
Optimization by Page View
This displays the status of unique views rather than instruction states. It contains the following:
• Unaccelerated—The viewed page was unaccelerated.
• Learning—The viewed page displayed to the client as accelerated, but FastView is still learning
the best way to treat the page.
• Accelerated—The page served to the client was accelerated by FastView.
The Optimization by Page View is a cumulative view of each unique request to a page. The following
workflow illustrates how values display in this section:
1. Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.
2. Person B and Person C now browse to the same page. Each of these users add to the Learning
state. This results in 33% Unaccelerated and 66% Learning.
3. Person D now browses to the same page. The page has a compile threshold set to three unique
views which has been reached by Persons A, B and C. Because of this, the request is set to the
Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25%
Accelerated.
Settings
This section displays the current FastView settings. These values are generally not configurable:
• Compile Threshold—The number of unique page views that must be requested of an
instruction before it can go into the Compiled state. The default unique views is three.
• Touch-Up Interval—The number of minutes that FastView waits per compiled instruction
before it re-examines it for the next request. This value is the starting value for the Touch-Up
Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up
interval takes. The default Touch-Up Interval is five minutes.
• Recompile Interval—The number of minutes that FastView waits per compiled instruction
before it discards the instruction and performs full recompile. The default recompile time is 1440
minutes or one day.
The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize
changing data on your Web server after the initial instruction compilation has occurred.
Workload Monitor
The Workload Monitor displays the amount of processing FastView is currently performing.
The Peak, Current, Average, and Total values for the following rates are displayed with the following
values:
• Request Rate—The number of unique pages requested through FastView. This provides a
Pages Per Second (PPS) view of your traffic.
• Parse Rate—The amount of information that FastView has looked at for potential replacement
in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and
displayed in tokens per second/minute (tkps/tkpm).
• Rewrite Rate—The amount of information that FastView actually acts upon when replacing
data in Web content that is served. This is also displayed in number of tokens per second/minute
(tkps/tkpm).
• Compile Rate—The number of instructions compiled by FastView. As pages eventually stop
being compiled after they pass the Learning state, this number should increase greatly when
your site is first started or modified, and slowly as FastView learns how to provide the treated
pages.
Monitoring LinkProof
Monitoring LinkProof services comprises:
• Monitoring WAN Links, page 431
• Monitoring WAN Link Groups, page 432
• Monitoring Proximity, page 433
• Monitoring Smart NAT, page 433
Parameter Description
Status The WAN link status, per WAN link ID.
(Per WAN Link ID)
ID The WAN link ID
(Per WAN Link ID)
IP Address The WAN link IP address.
Download Bandwidth - The current download bandwidth, in Mbps, of the WAN link.
Current [Mbps]
Download Bandwidth - The utilization of the download bandwidth, of the WAN link.
Utilization
Upload Bandwidth - The current download upload, in Mbps, of the WAN link.
Current [Mbps]
Upload Bandwidth - The utilization of the upload bandwidth, of the WAN link.
Utilization
Total Bandwidth - Current The current total (download and upload) bandwidth, in Mbps, of the
[Mbps] WAN link.
Total Bandwidth - The utilization of the total (download and upload) bandwidth, of the
Utilization WAN link.
Parameter Description
Concurrent Connections The number of concurrent connections of the WAN link.
3. Select a row and click the button to view the WAN Link measurements for the selected WAN
link.
Parameter Description
WAN Link Status The WAN link status, per WAN link ID.
WAN Link ID The WAN link ID
IP Address The WAN link IP address.
Connections The number of concurrent connections of the WAN link.
Time Since Device Reset/ The time and date of last device reset or clearing the statistics
Statistics Clear
Current Bandwidth Mbps The current download, upload, and total bandwidth, in Mbps, of the
WAN link.
Peak Bandwidth Mbps The peak download, upload, and total bandwidth, in Mbps, of the WAN
link.
Utilization The utilization of the download, upload, and total bandwidth, of the
WAN link.
Timestamp The timestamp of the download, upload, and total bandwidth, of the
WAN link.
Byte Transfered MB The number of bytes transfered, in MB, of the download, upload, and
total bandwidth, of the WAN link.
2. Select a row and click the button to view the WAN Link Group measurements for the
selected WAN link group.
3. If you want to clear all WAN Link Group data, click Clear All.
Parameter Description
WAN Link Group ID The WAN link group ID.
Download The download bandwidth of the WAN link group.
Upload The upload bandwidth of the WAN link group.
Total The total (download and upload) bandwidth of the WAN link group.
Concurrent Connections The number of concurrent connections of the WAN link group.
Monitoring Proximity
This feature is available only in Alteon version 30.1 and later.
To monitor proximity
1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.
2. Select a row and click the button to view the proximity measurements for the selected WAN
link (see Smart NAT Parameters).
3. If you want to clear all proximity data, click Clear Proximity Table.
Parameter Description
Subnet The network subnet for which proximity data is available. For each
subnet, proximity data is available for up to three (the best three)
WAN Links.
For each WAN Link
WAN Link IP The IP address of the WAN link.
Round Trip Time The time, in seconds, required for the round trip to the specified
subnet via this WAN link.
Hops The number of hops to the specified subnet via this WAN link.
For the entire entry
Time to Live (min) The time, in minutes, after which the entry is cleared. Once the entry
is cleared, if new requests arrive for this subnet, proximity is checked
and a new entry is created.
3. Select a row and click the button to view the Smart NAT parameters.
Parameter Description
Smart NAT ID Specifies the identifier for this NAT address.
Current Sessions The number of current NAT sessions.
Total Sessions The number of total NAT sessions
Parameter Description
Total DNS requests The total number of DNS queries received.
Total DNSSEC requests The total number of DNSSEC requests received.
Current DNS requests The number of DNS requests currently being processed.
Current DNSSEC requests The number of DNSSEC requests currently being
processed.
Current DNS requests per second The number of DNS requests received per second.
Current DNSSEC requests per second The number of DNSSEC requests received per second.
Total DNS responses The total number of DNS responses sent by Alteon
(includes DNS records and DNS error responses).
Total NSEC record answers The number of NSEC records answered since boot time.
Total UDP DNS requests The total number of DNS queries received over UDP
transport.
DNSSEC requests percentage The number of DNSSEC requests received per second.
Total TCP DNS requests The total number of DNS queries received over TCP
transport.
Total invalid DNS requests The total number of malformed DNS queries received.
Parameter Description
Total domain parse errors The total number of DNS queries with short or invalid
domain names received.
No matching domain occurrences The number of times the DNS queries received did not
match the hostname or configured domain name.
Threshold exceeded occurrences The number of times the threshold was exceeded.
Last source IP The source IP address of the last DNS query or HTTP
request received.
Last no result domain The last domain received that did not match the
hostname, domain name, or the network domain
configured.
Parameter Description
Total HTTP Requests The total number of HTTP requests received.
Total HTTP Responses The total number of HTTP responses sent by Alteon that
redirects traffic to a different site.
Bad HTTP Requests The number of bad/dropped client HTTP requests. Client
HTTP GET request packets that do not contain the entire
URL are considered bad and are dropped.
Parameter Description
Current The number of persistent DNS entries currently active.
Highwater The highest number of persistent DNS entries ever
recorded.
Maximum The maximum number of entries in the persistent DNS
cache.
Parameter Description
Real Server ID The remote real server ID.
Server IP Address The IP address of the virtual server.
Parameter Description
Threshold Exceeded Hits The number of times the threshold was exceeded.
DNS Redirects The number of DNS responses that return the IP address
of this server.
HTTP Redirects The number of HTTP requests redirected to this server.
Parameter Description
Virtual Server ID The local virtual server ID.
IP Version The IP version of the virtual server.
Server IP Address The IP address of the virtual server.
Threshold Exceeded Hits The number of times the threshold was exceeded.
DNS Redirects The number of DNS responses that return the IP address
of this server.
Parameter Description
Network ID The client network ID.
IP Address The client network IP address.
Hits The number of times DNS queries were received from
clients belonging to this network.
Parameter Description
Rule ID The DNS rule ID.
Total Hits The number of times the DNS queries received matched
the specific DNS redirection rule ID.
Parameter Description
DNS Zone ID The DNS zone ID.
Total DNS Requests The total number of DNS queries received.
UDP DNS Requests The total number of DNS queries received over UDP
transport.
TCP DNS Requests The total number of DNS queries received over TCP
transport.
Total DNSSEC Requests The total number of DNSSEC requests received.
Parameter Description
Total DNS requests The total number of DNS queries received.
Total DNSSEC requests The total number of DNSSEC requests received.
DNSSEC requests percentage The number of DNSSEC requests received per second.
Current DNS requests per second The number of DNS requests received per second.
Total UDP DNS requests The total number of DNS queries received over UDP
transport.
Total TCP DNS requests The total number of DNS queries received over TCP
transport.
Total invalid DNS requests The total number of malformed DNS queries received.
Total NSEC record answers The number of NSEC records answered since boot time.
Statistic Description
Script ID The identifier for the AppShape++ script.
Event The event name that appears in the AppShape++ script ID.
Activation The number of times that the AppShape++ script or script event was
activated.
Failures The number of times that the AppShape++ script failed, and the failure
distribution between the script events (how many of the failures occurred
during treatment of each event).
Aborts The number of times that the AppShape++ script was aborted, and the abort
distribution between the script events (how many of the aborts occurred
during treatment of each event).
Notes
• For information on monitoring Alteon device performance using the Device Performance Monitor,
see Using the Device Performance Monitor, page 445.
• For more information on this feature, see the Alteon Web Based Management Application Guide.
To monitor vADCs
> In the Monitoring perspective, select vADC > vADC.
Parameter Description
Status The status of the vADC.
vADC ID The vADC ID.
Boot Action The boot action.
vADC Name The vADC name.
Capacity Units The number of capacity units associated with this vADC.
SP Utilization The percentage of SP utilization.
vMP Utilization The percentage of vMP utilization.
Throughput Utilization The percentage of throughput utilization.
Up Time The length of time this vADC has been running (in
<days>D<hours>H<minutes>M<seconds>S format) since its last
reboot.
To reboot a vADC
1. In the Monitoring perspective, select vADC > vADC.
2. Select the row with the relevant vADC and click Reset vADC.
Parameter Description
Status The status of the connection to the IP reputation database.
Reason The reason for a database connection failure.
Baseline DB Update
Last Attempt The last time an update was received from the database.
Last Attempt Status The status of the last attempted connection to the database.
Delta DB Update
Last Attempt The last time an update was received from the database.
Last Attempt Status The status of the last attempted connection to the database.
2. To view an entry in the table, select the entry and click the (View) button.
Parameter Description
Date and Time The date and time the activity was logged.
Source IP Source IP address of logged traffic.
Country Source country of logged traffic.
Destination IP Destination IP address of logged traffic.
Source Port Source port of logged traffic.
Parameter Description
Destination Port Destination port of logged traffic.
Direction Direction of logged traffic—Inbound or Outbound.
Category Category of logged traffic—Spam or Malware.
Risk Risk severity level of logged traffic—High, Medium, or Low.
Action Alteon processing of logged traffic—Alarm, Allow, or Block.
DPM Overview
DPM requires a valid license installed on the associated APSolute Vision server.
When DPM is enabled in an Alteon or LinkProof NG device, the device sends its performance data to
APSolute Vision. APSolute Vision processes the data and can display the information in the Device
Performance Monitoring Web interface.
The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with
historical data.
Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that
sends data to DPM.
Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.
The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list
of supported browsers.
The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC
scope.
Users with the following roles can launch the DPM Web interface:
• ADC Administrator
• ADC Operator
• ADC + Certificate Administrator
• Administrator
• Device Administrator
• Device Configurator
• Device Operator
• Device Viewer
Notes
• For requirements, limitations, and information on configuring DPM parameters in the Alteon or
LinkProof NG device, see the section “Configuring Device Performance Monitoring” in the
APSolute Vision online help.
• For information on roles, see Role-Based Access Control (RBAC), page 85.
• One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk
space in the course of a year.
• For information on managing the DPM database and DPM technical-support files, see Using
vDirect with APSolute Vision, page 725.
> In the APSolute Vision sidebar menu, select Applications ( ) > DPM.
Properties pane—Displays, according to the configuration in the Devices pane, and the
properties of devices.
Viewing Reports
The tab that you select in the Devices pane (Organization or Physical) determines which reports you
can view in the Report tab of the content area. You specify the Report Category and Report Type and
configure a filter. Some Report Types are available for more than one Report Category. A Report
Category with the same name displays the same report. For more information on the reports, see
Supported Report Categories, page 450.
To view a report
1. In the Devices pane, select the required tab (Organization or Physical).
2. In the Report tab, from the Report Category drop-down list, select the category, and then,
from the Report Type drop-down list, select the required type. The category determines the
available report types.
3. Configure the filter or filters. The set of filters that you can configure depends on the selected
Report Category.
4. Click Display Report.
Exporting Reports
You can export a report in any of the following formats:
• PDF
• HTML
• Excel
• Text
• RTF
• XML
• PostScript
To export a report
1. In the content area, click the Export button ( ), and then, click OK.
2. Do the following:
— From the Export File Format drop-down list, select the required format.
— Select the checkboxes next to the name or each report component to include in the report.
— If you require, in the File Name text box, modify the file name.
ADC/vADC Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category ADC/vADC:
• Table 335 - ADC CPU Capacity Utilization Report, page 450
• Table 336 - ADC Memory Utilization Report, page 451
• Table 337 - ADC Throughput License Utilization Report, page 452
• Table 338 - ADC System Resources Utilization Report, page 453
• Table 339 - Total Network Statistics per Port Report, page 454
• Table 340 - Network Performance per ADC Report, page 455
The ADC names in the reports correspond to the selected objects in the Devices pane.
Application Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category Application:
• Table 341 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 456
• Table 342 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 457
• Table 343 - Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC, page 458
• Table 344 - Total Usage of Resources per Network Class per Application Report for LinkProof NG,
Alteon Standalone, VA, or vADC, page 458
Table 341: Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Table 342: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Table 343: Total Usage of Resources per Application per Network Class Report for Alteon
Standalone, VA, or vADC
Table 344: Total Usage of Resources per Network Class per Application Report for LinkProof
NG, Alteon Standalone, VA, or vADC
Table 345: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Table 346: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Table 347: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Port Reports
The following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC
with Report Category Port:
• Table 348 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 462
• Table 349 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 463
Table 348: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC
Table 349: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC
VX Reports
The following tables describe the DPM Report for Alteon VX with Report Category VX:
• Table 350 - CPU Utilization per vADC Report for Alteon VX, page 464
• Table 351 - Throughput Limit Utilization per vADC Report for Alteon VX, page 465
Table 351: Throughput Limit Utilization per vADC Report for Alteon VX
Button Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Table 353: Dashboard Components for Single Standalone and vADC Devices
Table 353: Dashboard Components for Single Standalone and vADC Devices (cont.)
Button Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Component Description
Temperature chart The temperature, according to the selected scale (Celsius or
Fahrenheit), for each temperature sensor in the VX device.
When relating to an Alteon 10000 platform, the temperatures that
the monitor displays show the average temperature of the blade
sensors. The ID numbers represent the slot numbers. Slot 1
supports the Switch Blade. Slot 2 supports the Switch Extension
Blade. Slots 3–6 support Payload Blades. Slot 7–8 support Shelf
Managers. Some blades are optional.
Fan Status indicators The status of each fan: nominal or not operating. Green—for
nominal. Red—for not operating/not operating properly.
Each fan icon is displayed with its corresponding ID number. The
fan ID numbers might not be sequential and might be repeated.
When relating to an Alteon 10000 non-NEBS platform, the ID
number represents the fan blade. If all fans in the blade are
working properly, the status is green. If one or more fans in the
blade are not working properly, the status is red.
vADC CPU Distribution graph The proportion and number of vADCs per maximum utilization
level of vSP and vMP.
Values:
• Low
• Medium
• High
vADC Throughput Limit The proportion and number of vADCs per maximum throughput-
Utilization Distribution graph limit utilization.
Values:
• Low
• Medium
• High
Component Description
vADC Identifier Lists the vADCs of the VX.
Select rows to filter the results of the CPU Utilization per vADC
graph and Throughput Limit Utilization per vADC graph.
Button Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Component Description
Overall Status pie chart The proportion and number of devices per highest-severity status
level.
Values: OK, Warning, Error
Throughput Utilization The proportion and number of devices per throughput-utilization
Distribution pie chart level.
Values: Low, Medium, High
Max. CPU Utilization The proportion and number of devices per maximum-CPU-
Distribution pie chart utilization level.
Values: Low, Medium, High
Session Table Utilization The proportion and number of devices per session-table-utilization
Distribution pie chart level.
Values: Low, Medium, High
Max. Temperature Distribution The proportion and number of devices per maximum-temperature
pie chart level.
Values: Low, Medium, High, NA (vADC)
Monitoring Parameters per Columns:
Device • Device—Displays the device name.
• Overall Status—Displays the highest-severity status level on
the device except for Virtual Services Down. Values: OK,
Warning, Error.
• Virtual Services Down—Displays the number of virtual services
that are down on the device.
• Throughput Util. (%)—Displays the utilization (%) of the
throughput license (for standalone devices) or the allocated
throughput limit (for vADCs).
• Max. CPU Util. (%)—Displays the highest current CPU
utilization (%) of all the SP/MPs.
• Session Table Util. (%)—Displays the current Session-table
utilization (%) of all the SP/MPs.
• Max. Temperature—Displays the highest current temperature
of the sensors on the device. This value is not applicable for
virtual devices. For a vADC, NA (vADC) is displayed.
Parameter Description
Hardware Platform The type of hardware platform for this device.
Uptime The system up time in days, hours, minutes, and seconds.
Base MAC Address The MAC address of the first port on the device.
Device Serial Number The serial number of the device.
(This parameter is Virtual devices do not have a serial number.
exposed only in 6.x
Note: For virtual devices of some versions, this field displays
versions 6.12 and later,
0000000000.
7.x versions, and 8.x
versions.)
Parameter Description
Radware Signature File The version of the Radware Signature File installed on the device.
Version
Parameter Description
Fraud Signatures Last When Fraud Protection is enabled, this parameter can display the
Update timestamp of the last update of fraud signatures, received from
(This parameter is Radware.com and downloaded to the DefensePro device.
available only in 6.x Values:
versions and 7.x
• The timestamp, in DDD MMM DD hh:mm:ss yyyy z format—
versions 7.42.09 and
displayed according to the timezone of your APSolute Vision client.
later.)
• No Feeds Received Since Device Boot
Parameter Description
Software Version The version of the product software installed on the device.
APSolute OS Version The version of the APSolute OS installed on the device—for example,
(This parameter is not 10.31-03.01:2.06.08.
available in 8.x versions
8.17.3 and later.)
Build The build number of the current software version.
Version Status The state of this software version.
Values:
• Open—Not yet released
• Final—Released version
Throughput License Values:
(This parameter • The maximum throughput that the license allows.
displays only in 8.x • Unlimited
versions.)
Parameter Description
Hardware Version The hardware version; for example, B.5.
(This parameter
displays only in 6.x and
7.x versions.)
RAM Size The amount of RAM, in megabytes.
Flash Size The size of flash (permanent) memory, in megabytes.
Cores The number of CPUs/cores that the device uses for processing traffic.
(This parameter is That is, the value does not include the CPUs/cores for DefensePro
available only in 8.x management.
versions.) Note: On virtual DefensePro platforms—but not Radware DefensePro
DDoS Mitigation for Cisco Firepower, you can specify the number of
virtual cores in the initial setup of the virtual instance.
CPU Speed The CPU speed, in GHz.
(This parameter is
available only in 8.x
versions.)
Caution: If the administrative status of a QSFP+ 40-Gigabit Ethernet (40GbE) port is Down, the
port does not issue traps or alerts, and does not show information for system hardware
transceiver-info commands.
2. Select the rows with the relevant ports, and click the (Disable Selected Ports) button (for a
port currently Up) or the (Enable Selected Ports) button (for a port that is currently Down).
Parameter Description
Port Name The interface name or index number.
Port Family A hard-coded description of the interface.
(This parameter displays
only in DefensePro 7.x and
8.x versions.)
Port Description For 6.x versions—A hard-coded description of the interface.
For DefensePro 7.x and 8.x versions—A user-defined description of
the interface. Maximum characters: 64.
Port Speed The current bandwidth of the interface. On DefensePro 6, 20, 60,
110, 200, 220, 400, x420, and x4420 platforms, the value is in
megabits per second. On all platforms except for DefensePro 6, 20,
60, 110, 200, 220, 400, x420, and x4420, the value is in bits per
second.
MAC Address The MAC address of the interface.
Admin Status The administrative status of the interface, Up or Down.
Operational Status The operational status of the interface, Up or Down.
Parameter Description
Last Change Time The value of System Up time at the time the interface entered its
current operational state. If the current state was entered prior to the
last re-initialization of the local network management subsystem,
then this value is zero (0).
Parameter Description
Incoming Bytes The number of incoming octets (bytes) through the interface
including framing characters.
Incoming Unicast Packets The number of packets delivered by this sub-layer to a higher sub-
layer, which were not addressed to a multicast or broadcast address
at this sub-layer.
Incoming Non-Unicast The number of packets delivered by this sub-layer to a higher sub-
Packets layer, which were addressed to a multicast or broadcast address at
this sub-layer.
Incoming Discards The number of inbound packets chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a
higher-layer protocol. One possible reason for discarding such a
packet could be to free up buffer space.
Incoming Errors For packet-oriented interfaces, the number of inbound packets that
contained errors preventing them from being deliverable to a higher-
layer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors
preventing them from being deliverable to a higher-layer protocol.
Outgoing Bytes The total number of octets (bytes) transmitted out of the interface,
including framing characters.
Outgoing Unicast Packets The total number of packets that higher-level protocols requested be
transmitted, and which were not addressed to a multicast or
broadcast address at this sub-layer, including those that were
discarded or not sent.
Outgoing Non-Unicast The total number of packets that higher-level protocols requested be
Packets transmitted, and which were addressed to a multicast or broadcast
address at this sub-layer, including those discarded or not sent.
Outgoing Discards The number of outbound packets that were chosen to be discarded
even though no errors had been detected to prevent their being
transmitted. One possible reason for discarding such a packet could
be to free up buffer space.
Outgoing Errors For packet-oriented interfaces, the number of outbound packets that
could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units
that could not be transmitted because of errors.
Note: When you issue the Switch Over command on the cluster node, the active device switches
over. To switch modes, select the cluster node, and then select Switch Over.)
To view the parameters related to the high availability of a selected DefensePro device
> In the Monitoring perspective, select Operational Status > High Availability.
Parameter Description
Device Role Values:
• Stand Alone—The device is not configured as a member of a high-
availability cluster.
• Primary—The device is configured as the primary member of a high-
availability cluster.
• Secondary—This device is configured as the secondary member of a
high-availability cluster.
Device State Values:
• Active—The device is in the active state. The device may be a
standalone device (not part of a high-availability cluster) or the active
member of a high-availability cluster.
• Passive—The device is the passive member of a high-availability
cluster.
Last Baseline Sync. Values:
• Base-Line still not synched on this device—Either high availability is
not enabled on the device or high availability is enabled on the device
but the baselines for security protections are still not synchronized.
• The timestamp, in DDD MMM DD hh:mm:ss yyyy format, of the last
synchronization of the baseline between the active and passive
device.
Cluster State Values:
• Pair not defined—The device is not configured as a member of a high-
availability cluster.
• Disconnected—The device is disconnected from the other member of
the high-availability cluster.
• Negotiate—The device is negotiating with the other member of the
high-availability cluster.
• Synchronizing—The device is synchronizing with the other member of
the high-availability cluster.
• In Sync—The members of the high-availability cluster are
synchronized.
• Hold on—The device is waiting for information from the other member
of the high-availability cluster.
Parameter Description
Cluster Node in Use The IP address of the selected device.
Peer Clustered Node in The IP address of the other cluster member.
Use
Tip: in 8.x versions 8.17.4 and later, you can configure DefensePro to issue Device-Health Event
messages (SNMP traps and syslog messages) for high controller CPU utilization and/or high flow-
engine CPUs utilization (Configuration perspective, Setup > Advanced Parameters > CPU Load
Settings).
Table 365: CPU Utilization: Controller Utilization Parameters—Versions 8.14 and Later
Parameter Description
Controller Utilization The percentage of the controller’s resources currently utilized.
Average Controller Utilization - The average utilization of controller’s resources in the last 5
Last 5 Seconds seconds.
Average Controller Utilization - The average utilization of controller’s resources in the last 60
Last 60 Seconds seconds.
Table 366: CPU Utilization: Engines Utilization Parameters—Versions 8.14 and Later
Parameter Description
Engine ID The name of the flow engine.
Forwarding Task The percentage of CPU cycles used for traffic processing.
Table 366: CPU Utilization: Engines Utilization Parameters—Versions 8.14 and Later (cont.)
Parameter Description
Other Tasks The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task The percentage of free CPU resources.
Table 367: CPU Utilization: General Parameters—8.x Versions Earlier than 8.14
Parameter Description
Resource Utilization The percentage of the device’s CPU currently utilized.
Last 5 sec. Average The average utilization of resources in the last 5 seconds.
Utilization
Last 60 sec. Average The average utilization of resources in the last 60 seconds.
Utilization
Table 368: CPU Utilization: Engine Utilization Parameters—8.x Versions Earlier than 8.14
Parameter Description
Engine ID The name of the flow engine.
Forwarding Task The percentage of CPU cycles used for traffic processing.
Other Tasks The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task The percentage of free CPU resources.
Parameter Description
Note: DefensePro 7.x versions running on the x420 platform contains internal logic of two
DefensePro software instances—using the DoS Mitigation Engine (DME) and physical ports as
shared resources. For more information, see the DefensePro User Guide.
Resource Utilization Instance 0 The percentage of the device’s instance-0 CPU currently utilized.
Resource Utilization Instance 1 The percentage of the device’s instance-1 CPU currently utilized.
RS Resource Utilization The percentage of the device’s instance-0 routing services (RS)
Instance 0 resource currently utilized.
RS Resource Utilization The percentage of the device’s instance-1 routing services (RS)
Instance 1 resource currently utilized.
RE Resource Utilization The percentage of the device’s instance-0 routing engine (RE)
Instance 0 resource currently utilized.
RE Resource Utilization The percentage of the device’s instance-1 routing engine (RE)
Instance 1 resource currently utilized.
Parameter Description
Last 5 sec. Average Utilization The average utilization of instance-0 resources in the last 5
Instance 0 seconds.
Last 5 sec. Average Utilization The average utilization of instance-1 resources in the last 5
Instance 1 seconds.
Last 60 sec. Average Utilization The average utilization of instance-0 resources in the last 60
Instance 0 seconds.
Last 60 sec. Average Utilization The average utilization of instance-1 resources in the last 60
Instance 1 seconds.
Parameter Description
Instance The internal hardware instance of the device.
Accelerator Type The name of the accelerator. The accelerator named
Flow_Accelerator_0 is one logical accelerator that uses several
CPU cores. The accelerator named HW Classifier is the string-
matching engine (SME).
CPU ID The CPU number for the accelerator.
Forwarding Task The percentage of CPU cycles used for traffic processing.
Other Tasks The percentage of CPU resources used for other tasks such as
aging and so on.
Idle Task The percentage of free CPU resources.
Parameter Description
Maximum Resource The highest percentage of the device’s CPU-cores currently utilized.
Utilization
(In versions earlier than
6.14.10, the parameter
is labeled Resource
Utilization.)
Master RS Utilization The percentage of the master routing services (RS) resource that is
(In versions earlier than currently utilized.
6.14.10, the parameter Note: RS refers to the portion of the master CPU that is used for
is labeled RS Resource tasks not related to packet handling.
Utilization.)
Parameter Description
Master RE Utilization The percentage of the master routing-engine (RE) resource that is
(In versions earlier than currently utilized.
6.14.10, the parameter Note: RE refers to the portion of the master CPU that is used for
is labeled RE Resource processing packets.
Utilization.)
Last 5 sec. Average The average utilization of resources in the last 5 seconds.
Utilization
Last 60 sec. Average The average utilization of resources in the last 60 seconds.
Utilization
Parameter Description
Accelerator Type The name of the accelerator. The accelerator named Flow_Accelerator_0
is one logical accelerator that uses several CPU cores. The accelerator
named Hardware SME (or Hardware Classifier In versions earlier than
6.14.10) is the string-matching engine (SME). OnDemand Switch 3 S1
has no SME.
CPU ID The CPU number for the accelerator. OnDemand Switch 2 and
OnDemand Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has
three CPU cores.
Forwarding Task The percentage of CPU cycles used for traffic processing.
Other Tasks The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task The percentage of free CPU resources.
Related Topics
• Configuring Settings for the Alerts Table Pane, page 121
Notes
— APSolute Vision can convey Device Health Error messages from the APSolute Vision Alerts
Table (APSolute Vision Settings view System perspective, General Settings > Alert
Settings > Alert Browser). For more information, see Configuring Settings for the Alerts
Table Pane, page 121.
— If you require Device-Health Events (also) as syslog messages directly from the DefensePro
device, make sure that the Device-Health Events checkbox is selected in the configuration
of the syslog server(s) (Configuration perspective, Setup > Reporting Settings >
Syslog). For more information, see Configuring DefensePro Syslog Settings, page 1634.
Parameter Description
Enable RAM Utilization Alerts Specifies whether the device issues alerts about RAM
utilization.
Default: Enabled
RAM Utilization Alert Level The percentage of the device’s RAM utilization above which
(This parameter is available only the device sends an alert. The device issues another message
when the Enable RAM Utilization when the utilization level returns to below the specified
Alerts is selected.) percentage.
Values: 50–99
Default: 85
Enable Disk-Space Utilization Alerts Specifies whether the device sends alerts about disk-space
utilization.
Default: Enabled
Disk-Space Utilization Alert Level The percentage of the device’s disk-space utilization above
(This parameter is available only which the device sends alerts. The device issues another
when the Enable Disk-Space message when the utilization level returns to below the
Utilization Alerts is selected.) specified percentage.
Values: 30–99
Default: 50
Parameter Description
RAM Utilization
RAM Capacity The device’s total RAM capacity, in GB.
Used RAM The amount, in GB, of the device’s RAM currently used.
RAM Used The percentage of the device’s RAM currently utilized.
Disk Utilization
Hard Disk Capacity The device’s hard disk capacity, in GB.
Used Disk Space The amount, in GB, of the device’s hard disk currently used.
Disk Space Utilization The percentage of the device’s hard-disk space currently utilized.
Related Topics
• Configuring Settings for the Alerts Table Pane, page 121
Parameter Description
Table Size The number of source addresses that the table can hold.
Table Utilization Percent of the table that is currently utilized.
Aging Time The aging time, in seconds, for the table.
Parameter Description
Table Size The number of source-destination couples for protected HTTP servers.
For example, if there are two attacks towards two HTTP servers and the
source addresses are the same, for those two servers, there will be two
entries for the source in the table.
Table Utilization Percent of the table that is currently utilized.
Parameter Description
Aging Time The aging time, in seconds, for the table.
Values: 60–3600
Default: 1200
Parameter Description
(This tab is not displayed in DefensePro 8.x versions.)
Table Size The number of source addresses that the table can hold.
Table Utilization Percent of the table that is currently utilized.
Aging Time The aging time, in minutes, for the table.
Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table
action can take up to 10 seconds.
Note: If the device is not equipped with the DME, 0 (zero) values are displayed.
Parameter Description
Note: If a value in this tab is close to the maximum, the resources for the device are exhausted.
Total Policies The total number of policies in the context of the DME, which is
double the number of network policies configured in the device.
OnDemand Switch 3 S2 supports 50 configured network policies.
x420 supports 50 configured network policies.
HW Entries Utilization The percentage of resource utilization from the HW entries in the
context of the DME.
Sub-Policies Utilization The percentage of DME resource utilization from the entries of sub-
policies.
In the context of the DME, a sub-policy is a combination of the
following:
• Source-IP-address range
• Destination-IP-address range
• VLAN-tag range
Concurrent Active BDoS The number of concurrent active BDoS attacks.
Attacks
(This parameter is available
only in 7.x versions.)
Parameter Description
Policy Name The name of the policy.
Direction The direction of the policy.
Values:
• Inbound
• Outbound
HW Entries The number of DME hardware entries that the policy uses.
Sub-Policies The number of DME sub-policy entries that the policy uses.
Parameter Description
Syslog Server The name of the syslog server.
Parameter Description
Status The status of the syslog server.
Values:
• Reachable—The server is reachable.
• Unreachable—The server is unreachable.
• N/R—Specifies not relevant, because traffic towards the
Syslog server is over UDP—as specified (Configuration
perspective, Setup > Syslog Server > Protocol > UDP).
Messages in Backlog The number of messages in the backlog to the syslog server.
Note: For more information on SGTs in DefensePro, see Managing SGT Classes, page 1688.
To monitor SGTs
> In the Monitoring perspective, select Operational Status > SGT.
Parameter Description
Name The name of the SGT.
Value The value of the SGT.
Parameter Description
Number of SNMP Received Packets The total number of messages delivered to the SNMP entity
from the transport service.
Number of SNMP Sent Packets The total number of SNMP messages passed from the SNMP
protocol entity to the transport service.
Number of SNMP Successful 'GET' The total number of MIB objects retrieved successfully by
Requests the SNMP protocol entity as the result of receiving valid
SNMP GET-Request and GET-Next PDUs.
Number of SNMP Successful 'SET' The total number of MIB objects modified successfully by the
Requests SNMP protocol entity as the result of receiving valid SNMP
SET-Request PDUs.
Number of SNMP 'GET' Requests The total number of SNMP GET-Request PDUs accepted and
processed by the SNMP protocol entity.
Number of SNMP 'GET-Next' The total number of SNMP GET-Next Request PDUs accepted
Requests and processed by the SNMP protocol entity.
Number of SNMP 'SET' Requests The total number of SNMP SET-Request PDUs accepted and
processed by the SNMP protocol entity.
Number of SNMP Error “Too Big” The total number of SNMP PDUs generated by the SNMP
Received protocol entity for which the value of the error-status field is
‘tooBig.’
Number of SNMP Error “No Such The total number of SNMP PDUs generated by the SNMP
Name” Received protocol entity for which the value of the error-status is
‘noSuchName’.
Number of SNMP Error “Bad Value” The total number of SNMP PDUs generated by the SNMP
Received protocol entity for which the value of the error-status field is
‘badValue’.
Parameter Description
Number of SNMP Error “Generic The total number of SNMP PDUs generated by the SNMP
Error” Received protocol entity for which the value of the error-status field is
‘genErr’.
Number of SNMP 'GET' Responses The total number of SNMP Get-Response PDUs generated by
Sent the SNMP protocol entity.
Number of SNMP Traps Sent The total number of SNMP Trap PDUs generated by the
SNMP protocol entity.
Parameter Description
Policy Name The name of the displayed policy.
Matched Packets The number of packets matching the policy during the last
second.
Matched Bandwidth The traffic bandwidth, in Kbits, matching the policy during the
last second.
Sent Bandwidth The volume of sent traffic, in Kbits, in any direction, in the last
second.
Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached
during the last second.
Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during
the last second.
New TCP Sessions The number of new TCP sessions the device detected in the last
second.
Parameter Description
New UDP Sessions The number of new UDP sessions the device detected in the
last second.
Queued Bandwidth The bandwidth, in Kilobits, during the last second.
Full Queue Bandwidth The bandwidth, in Kilobits, discarded during the last second,
due to a full queue.
Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, during the last
second, due to the aging of packets in the queue.
Inbound Packets The number of inbound packets in the last second.
Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last second
that matched the policy.
Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last
second.
Outbound Packets The number of outbound packets in the last second.
Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last second
that matched the policy.
Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last
second.
Parameter Description
Policy Name The name of the displayed policy.
Matched Packets The number of packets matching the policy during the last
specified period.
Matched Bandwidth The traffic bandwidth, in Kilobits, matching the policy during
the last specified period.
Sent Bandwidth The volume of sent traffic, in Kilobits, in any direction, in the
last specified period.
Parameter Description
Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached
during the last specified period.
Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during
the last specified period.
New TCP Sessions The number of new TCP sessions the device detected in the last
specified period.
New UDP Sessions The number of new UDP sessions the device detected in the
last specified period.
Queued Bandwidth The volume of queued traffic, in Kilobits, during the last
second.
Full Queue Bandwidth The bandwidth, in Kilobits, discarded in the last specified
period, due to a full queue.
Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, in the last
specified period, due to the aging of packets in the queue.
Inbound Packets The number of inbound packets in the last specified period.
Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last specified
period that matched the policy.
Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last
specified period.
Outbound Packets The number of outbound packets in the last specified period.
Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last specified
period that matched the policy.
Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last
specified period.
Parameter Description
Number of IP Packets The total number of input datagrams received from interfaces,
Received including those received in error.
Number of IP Header Errors The number of input datagrams discarded due to errors in their IP
headers, including bad checksums, version number mismatch, other
format errors, time-to-live exceeded, errors discovered in
processing their IP options, and so on.
Parameter Description
Number of Discarded IP The total number of input datagrams for management that were
Packets discarded.
This counter does not include any datagrams discarded while
awaiting re-assembly.
Number of Valid IP Packets The total number of input datagrams successfully delivered to IP
Received user-protocols (including ICMP).
Number of Transmitted The total number of IP datagrams which local IP user-protocols,
Packets (Inc. Discards) including ICMP supplied to IP in requests for transmission.
This counter does not include any datagrams counted in the
Number of IP Packets Forwarded.
Number of Discarded Packets The number of output IP datagrams for which no problem was
on TX encountered to prevent their transmission to their destination, but
which were discarded, for example, the lack of buffer space.
This counter includes any datagrams counted in the Number of IP
Packets Forwarded if those packets meet this (discretionary) discard
criterion.
Parameter Description
Number of IP Packets The number of input datagrams for which this entity was not their
Forwarded final IP destination, as a result of which an attempt was made to
find a route to forward them to that final destination. In entities that
do not act as IP Gateways, this counter includes only those packets
which were Source - Routed via this entity, and the Source - Route
option processing was successful.
Number of IP Packets The number of locally addressed datagrams received successfully
Discarded Due to ‘Unknown but discarded because of an unknown or unsupported protocol.
Protocol’
Number of IP Packets The number of IP datagrams discarded because no route could be
Discarded Due to ‘No Route’ found to transmit them to their destination.
Note: This counter includes any packets counted in the Number
of IP Packets Forwarded that meet the no-route criterion. This
includes any datagrams which a host cannot route because all of
its default gateways are down.
Number of IP Fragments The number of IP fragments received which needed to be
Received reassembled at this entity.
Number of IP Fragments The number of IP datagrams successfully re-assembled.
Successfully Reassembled
Number of IP Fragments The number of failures detected by the IP re-assembly algorithm,
Failed Reassembly such as timed out, errors, and so on. Note: This is not necessarily a
count of discarded IP fragments since some algorithms (notably the
algorithm in RFC 815) can lose track of the number of fragments by
combining them as they are received.
Number of IP Datagrams The number of IP datagrams that have been successfully re-
Successfully Reassembled assembled at this entity.
Parameter Description
Number of IP Datagrams The number of IP datagrams that have been discarded because they
Discarded Due to needed to be fragmented at this entity but could not be, for
Fragmentation Failure example, because their Don’t Fragment flag was set.
Number of IP Datagrams The number of IP datagram fragments that have been generated as
Fragments Generated a result of fragmentation at this entity.
Valid Routing Entries Number of valid routing entries discarded.
Discarded
You can monitor and manage DefensePro diagnostics using in APSolute Vision in DefensePro 6.x
versions 6.12 and later, 7.x versions, and 8.x versions 8.10 and later. The feature described in
Configuring Diagnostics Policies is relevant only to DefensePro 6.x and 7.x versions.
Note: In DefensePro 6.x versions earlier than 6.12, you can monitor and manage DefensePro
diagnostics using DefensePro CLI or WBM.
Notes
• For information on managing the files that diagnostic packet-capture tool generates, see
Managing Capture Files.
• To see the actual timestamp of the packets in the files that the diagnostic packet-capture tool
produces, in the packet analyzer (for example, Wireshark), you may need to modify the format
of the time display. The timestamp in the packets in the files that the diagnostic packet-capture
tool produces is always UTC.
• The diagnostic packet-capture tool does not capture packets that pass through the device as the
result of Traffic Exclusion. Traffic Exclusion is when DefensePro passes through all traffic that
matches no network policy configured on the device.
• The diagnostic packet-capture tool does not capture GRE-encapsulated packets.
• In DefensePro 6.x versions, the diagnostic packet-capture tool truncates packets longer than
1619 bytes (regardless of the configuration for jumbo frames).
• In DefensePro 7.x and 8.x versions, the diagnostic packet-capture tool does not handle jumbo
frames. DefensePro 7.x and 8.x versions either forward jumbo-frame traffic through the device
or drop jumbo-frame traffic.
Parameter Description
Status Specifies whether the diagnostic packet-capture tool is enabled.
Values: Enabled, Disabled
Default: Disabled
Note: When the device reboots, the status of the diagnostic packet-
capture tool reverts to Disabled.
Parameter Description
Capture Point The location where the device captures the data.
Values for devices running version 8.14 or later configured with the SSL
Decryption and Encryption option Enabled, Using the On-Device
Component:
• On Packet Arrive—The device captures packets when they enter the
device.
• On Packet Send—The device captures packets when they leave the
device.
• On Both Packet Arrive and Packet Send—The device captures packets
when they enter the device and when they leave the device.
• On Packet Arrive, Including To and From On-device Decryption Unit—
The device captures packets when they enter the device, and captures
packets to and from the on-device SSL component.
• On Packet Send, Including To and From On-device Decryption Unit—The
device captures packets when they leave the device, and captures
packets to and from the on-device SSL component.
• On Both Packet Arrive and Packet Send, Including To and From On-
device Decryption Unit—The device captures packets when they enter
the device and when they leave the device, and captures packets to and
from the on-device SSL component.
• To and From On-device Decryption Unit—The device captures packets to
and from the on-device SSL component.
Values for devices running version 8.10–8.13 and running version 8.14 or
later configured without the SSL Decryption and Encryption option
Enabled, Using the On-Device Component:
• On Packet Arrive—The device captures packets when they enter the
device.
• On Packet Send—The device captures packets when they leave the
device.
• On Both Packet Arrive and Packet Send—The device captures packets
when they enter the device and when they leave the device.
Default: On Packet Arrive
Capture Port Group The ports where the device captures the data.
(This parameter is Values:
available only in • On Data Ports
DefensePro version
8.11 and later.) • On Management and Data Ports
• On Management Ports
Default:
• In DefensePro version 8.20 and later, and 8.17.x versions 8.17.7 and
later: On Data Ports
• In DefensePro versions earlier than 8.20, and 8.17.x versions earlier
than 8.17.7: On Management and Data Ports
Parameter Description
Capture Rate The per-packet capture rate per core (also referred to as a DefensePro
(This parameter is engine). For example, if the value is 10, the device captures every tenth
not available in packet from each core.
DefensePro version Values: 1–10,000
8.10.) Default: 1
Note: When the device reboots, the value reverts to 1.
Table 388: Diagnostic Tool Parameters in DefensePro 6.x and 7.x Versions
Parameter Description
Status Specifies whether the diagnostic packet-capture tool is enabled.
Values: Enabled, Disabled
Default: Disabled
Note: When the device reboots, the status of the diagnostic packet-
capture tool reverts to Disabled.
Output to File The location of the stored captured data.
Values:
• RAM Drive and Flash—The device stores the data in RAM and appends
the data to the file on the CompactFlash drive. Due to limits on
CompactFlash size, DefensePro uses two files. When the first file
becomes full, the device switches to the second, until it is full, and then
it overwrites the first file, and so on.
• RAM Drive—The device stores the data in RAM.
• None—The device does not store the data in RAM or flash, but you can
view the data using a terminal.
Output to Terminal Specifies whether the device sends captured data to a terminal.
Values: Enabled, Disabled
Default: Disabled
Capture Point The location where the device captures the data.
Values:
• On Packet Arrive—The device captures packets when they enter the
device.
• On Packet Send—The device captures packets when they leave the
device.
• Both—The device captures packets when they enter the device and
when they leave the device.
Default: On Packet Arrive
Parameter Description
Name The user-defined name of the policy.
Maximum characters: 64
Index The number of the policy in the order in which the diagnostic packet-
capture tool classifies (that is, captures) the packets.
Default: 1
Description The user-defined description of the policy.
Maximum characters: 20
VLAN Tag Group The VLAN tag value or predefined class object whose packets the policy
classifies (that is, captures).
Destination The destination IP address or predefined class object whose packets the
policy classifies (that is, captures).
Source The source IP address or predefined class object whose packets the
policy classifies (that is, captures).
Service Type The service type whose packets the policy classifies (that is, captures).
Values:
• None
• Basic Filter
• AND Group
• OR Group
Default: None
Service The service whose packets the policy classifies (that is, captures).
Outbound Port Group The Physical Port class whose outbound packets the policy classifies
(that is, captures).
You cannot set the this parameter when the Trace-Log Status
parameter is enabled in the DefensePro CLI or Web Based Management,
Inbound Port Group The Physical Port class whose inbound packets the policy classifies (that
is, captures).
Parameter Description
Destination MAC Group The destination MAC group whose packets the policy classifies (that is,
captures).
Source MAC Group The source MAC group whose packets the policy classifies (that is,
captures).
Maximal Number of The maximal number of packets that the policy captures. Once the
Packets policy captures the specified number of packets, it stops capturing
traffic. In some cases, the policy captures fewer packets than the
configured value. This happens when the device is configured to drop
packets.
Note: For DefensePro 7.x versions, which run on the x420 platform,
the Maximal Number of Packets is counted per software instance.
Maximal Packet Length The maximal length for a packet the policy captures.
Trace-Log Status Specifies whether the Trace-Log feature is enabled in the policy.
Values: Enabled, Disabled
Default: Disabled
Note: You cannot set the Outbound Port Group when the value of the
Trace-Log Status parameter is Enabled.
Capture Status Specifies whether the packet-capture feature is enabled in the policy.
Values: Enabled, Disabled
Default: Disabled
Note: You configure the creation process of the diagnostic packet-capture files in the Diagnostic
Tool Parameters pane. The configuration includes enabling or disabling packet capture, and
specifying the Capture Port Group (On Data Ports, On Management and Data Ports, or On
Management Ports). For more information, see Configuring the Diagnostic Tool Parameters),
page 493.
In DefensePro 8.x version 8.17 and later, the diagnostic packet-capture tool does the following—
according to the value of the of the Capture Port Group parameter:
• When the Status of the diagnostic packet-capture tool is Enabled (Monitoring perspective,
Diagnostics > Diagnostic Tool Parameters > Status), the diagnostic packet-capture tool
writes the following:
— Files from the data (traffic) ports per core (also referred to as a “DefensePro
engine”)
In version 8.22 and later, the files are in the following format:
CapturedOnEngine_<engine ID>.cap.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap file (per core)
to 300 MB.
In version 8.17–8.21, the files are compressed, in the following format:
CapturedOnEngine_<engine ID>.cap.bz2.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap.bz2 file (per
core)—before compression—to 300 MB.
When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the
specific core stops (but the tool will remain enabled to allow other cores to continue
capturing).
To resume packet capture on the specific core, you must delete the file.
Note: When packet capture is disabled and re-enabled, the tool appends data to the
existing files from the data (traffic) ports.
— Files from management ports 1 and 2
In version 8.22 and later, the files are in the following format:
CapturedOnManagement_<1|2>.cap.
DefensePro limits the size of each CapturedOnManagement_<1|2>.cap file (per
management interface) to 300 MB.
In version 8.17–8.21, the files are compressed, in the following format:
CapturedOnEngine_<engine ID>.cap.bz2.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap.bz2 file (per
management interface)—before compression—to 300 MB.
When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the
specific interface, the file rolls over, restarting with an empty file.
To resume packet capture on the specific core, you must delete the file.
Note: When packet capture is disabled and re-enabled, the tool starts a new file for the
management ports.
• In version 8.22 and later, when the Status of the diagnostic packet-capture tool changes from
Enabled to Disabled (Monitoring perspective, Diagnostics > Diagnostic Tool Parameters >
Status), the diagnostic packet-capture tool writes the following:
— A merged file of the data (traffic) ports, interleaved from all the
CapturedOnEngine_<engine ID>.cap files (per core)—In the following format:
AllEnginesCombined.cap.
DefensePro limits the size of each AllEnginesCombined.cap to 300 MB.
DefensePro merges the first 300 MB of data—starting from the earliest packet.
In DefensePro version 8.10, the diagnostic packet-capture tool does the following:
• Writes the files per core (also referred to as a DefensePro engine) in the following format:
CapturedOnEngine_<engine ID>.cap
• Limits the size of each file (per core) to 300 MB. When a diagnostic packet-capture file exceeds
the maximum size, packet-capture on the specific core stops (but the tool will remain enabled to
allow other cores to continue capturing). To resume packet capture on the specific core, you
must delete the file.
To download or delete capture files in DefensePro 8.x versions on platforms without the
DME
1. In the Monitoring perspective, select Diagnostics > Capture Files.
The table comprises the following columns:
— File Name—The name of the file.
— Uncompressed File Size—The size of the file, in bytes, before compression.
Notes
• The filtered Session table does not automatically refresh. The information loads when you
display the Session Table pane and when you manually refresh the display.
• DefensePro issues alerts for high utilization alerts of the Session table. DefensePro sends alerts
to APSolute Vision when table utilization reaches 90% and 100%.
Parameter Description
Source IP The source IP address within the defined subnet.
Destination IP The destination IP address within the defined subnet.
Source L4 Port The session source port.
Destination L4 Port The session destination port.
Context Group Tag The Tag value of the Context Group class associated with the entry.
(This parameter is
available only in
DefensePro 8.x
versions.)
Protocol The session protocol.
Physical Interface The physical port on the device at which the request arrives from the
(This parameter is client.
available only in
DefensePro 6.x and 7.x
versions.)
Lifetime (Sec.) The time, in seconds, following the arrival of the last packet, that the
entry remains in the table before it is deleted.
Aging Type The reason for the Lifetime value.
(This parameter is Values:
available only in • Default—A lifetime per protocol. The default value is 100 seconds.
DefensePro 6.x and 7.x
versions.) • End—Session end. A FIN/RST arrived, and the session ended. The
value depends on the protocol defaults. The default value is 5
seconds.
• SYN—SYN Flood Protection. The Lifetime was set after DefensePro
received a SYN that may be an attack. The default value is 10
seconds.
• App—An application changed the lifetime for an application-specific
reason. Note that the host table can change this lifetime only to the
Lifetime type End (for example, ACL rules).
• Initial—The initial lifetime of the session, which later (probably after
the arrival of the second packet) will be modified to the Lifetime
type Default. The default value is 5 seconds.
• Unknown—If none of the above options are used.
SYN Flood Status Indicates whether the entry is currently protected against SYN attacks.
(This parameter is Values:
available only in • Not Protected—The SYN Flood Protection module is disabled.
DefensePro 6.x and 7.x
versions.) • Protected (No Attack)—No trigger is found for the protected server,
thus there is no attack.
• Protected (Under Attack)—There is an ongoing attack on the
protected server, and DefensePro is mitigating the attack
Policy Name The name of the Network Protection policy.
(This parameter is
available only in
DefensePro 7.x versions
7.42 and later.)
Parameter Description
Filter Name The unique name of the filter.
Physical Interface The physical port on the device at which the request arrives from the
client.
Default: Any
Source IP Address The source IP address within the defined subnet.
Select IPv4 or IPv6, and then, enter the address.
Source IP Mask The source IP address used to define the subnet that you want to
present in the Session table.
Select IPv4 or IPv6, and then, enter the mask.
Destination IP Address The destination IP address within the defined subnet.
Select IPv4 or IPv6, and then, enter the address.
Destination IP Mask The destination IP address used to define the subnet that you want to
present in the Session table.
Select IPv4 or IPv6, and then, enter the mask.
Source L4 Port The session source Layer 4 port.
Destination L4 Port The session destination Layer 4 port.
Note: The Routing table is not automatically refreshed periodically. The information is loaded when
you select to display the Routing Table pane, and when you manually refresh the display.
Parameter Description
Destination Network The destination network to which the route is defined.
Netmask The network mask of the destination subnet.
Next Hop The IP address of the next hop toward the Destination subnet. (The next
hop always resides on the subnet local to the device.)
Via Interface In DefensePro 6.x–8.x versions, this is the local interface or VLAN through
which the next hop of this route is reached. This can be the port name,
trunk name, or VLAN ID.
In Radware DefensePro DDoS Mitigation for Cisco Firepower, the value is
MNG-1 (read-only), which is the value of the management interface.
Type This field is displayed only in the Static Routes table.
The type of routing.
Values:
• Local—The subnet is directly reachable from the device.
• Remote—The subnet is not directly reachable from the device.
Metric The metric value defined or calculated for this route.
Note: The ARP table is not automatically refreshed periodically. The information is loaded when you
select to display the ARP Table pane, and when you manually refresh the display.
Parameter Heading
Port The interface number where the station resides.
IP Address The station’s IP address.
MAC Address The station’s MAC address.
Parameter Heading
Type The entry type.
Values:
• Other—Not Dynamic or Static.
• Dynamic—Entry is learned from ARP protocol. If the entry is not active
for a predetermined time, the node is deleted from the table.
• Static—Entry has been configured by the network management station
and is permanent.
Parameter Description
MPLS RD The MPLS RD name.
Type Describes the MPLS RD format.
Values:
• 2 Bytes : 4 Bytes—AS (16 bit): Number (32 bit)
• 4 Bytes : 2 Bytes—AS (32 bit): Number (16 bit)
• IP Address : 2 Bytes—IP: Number (16 bit)
Upper Tag The upper tag for the link on which the device is installed.
Lower Tag The lower tag for the link on which the device is installed.
Parameter Description
Source IP The IP address from which traffic was suspended.
Destination IP The IP address to which traffic was suspended.
The value 0.0.0.0 specifies all destinations.
Destination Port The application port to which traffic was suspended.
Protocol The network protocol of the suspended traffic.
Module The security module that activated the traffic suspension.
Values for DefensePro 8.x versions: Anti-Scanning, Connection Limit, Traffic
Filters
Values for DefensePro 6.x and 7.x versions: Signatures, Anti Scanning, Syn
Protection
Note: The Signatures value encompasses the Signature Protection
module and the Connection Limit module.
Classification Type Value for DefensePro 8.x versions: Policy—A Protection policy suspended
the traffic.
Values for DefensePro 6.x and 7.x versions:
• Policy—A Network Protection policy suspended the traffic.
• Server—A Server Protection policy suspended the traffic.
Policy / Server Name The name of the policy that suspended the traffic.
(This column is
displayed only in
DefensePro 6.x and
7.x versions.)
Policy Name The name of the Protection policy that suspended the traffic.
(This column is
displayed only in
DefensePro 8.x
versions.)
Expiration Type The method of determining the expiration.
Value for DefensePro 8.x versions: Dynamic Timeout
Values for DefensePro 6.x and 7.x versions: On Request, Fixed Timeout,
Dynamic Timeout
Expiration Time The number of seconds until the entry is aged from the Suspend table.
Parameter Description
Policy Name The name of the Protection policy with the temporarily blocked
geolocation.
Geolocation The geolocation code.
Suspended At The time that the geolocation was blocked.
Suspension Expires At The time that the block expires.
Parameter Description
Tunnel IP Address The IP address of the tunnel.
Primary Tunnel Status The status of the primary tunnel.
Secondary Tunnel Status The status of the secondary tunnel.
Parameter Description
Total Tunnels Status The number of reachable tunnels of the total configured tunnels,
using a slash (/) as the separator. For example, the value 10/11
signifies that there are 10 reachable tunnels of the 11 total
configured tunnels.
Note: The routing tables managed by a Border Gateway Protocol (BGP) implementation are
adjusted continually to reflect changes in the network, such as links breaking and being restored, or
routers going down and coming back up. In the network as a whole, these changes happen almost
continuously, but for any particular router or link, changes should be relatively infrequent.
Parameter Description
Peer IP Address The IP address of the remote peer.
Admin Status Indicates whether the peer is enabled.
Parameter Description
Connection State The state of the connection.
Values:
• Idle—The peer is stopped.
• Connect—DefensePro initiated a TCP connection to remote
peer.
• Active—The peer is waiting during a connect retry interval,
after failing to establish TCP connection to a remote peer. In
this state, DefensePro also listens on port 179 for potential
incoming connections from the remote peer.
• OpenSent—A TCP connection is established with the remote
peer. DefensePro sent a BGP OPEN message to the remote peer
and expects to receive an OPEN message from it.
• OpenConfirm—DefensePro received an OPEN message from the
remote peer. DefensePro responds with a KEEPALIVE message
and expects a KEEPALIVE message from the remote peer.
• Established—A BGP connection is established with a remote
peer. DefensePro can now exchange UPDATE messages with it.
Remote AS The remote autonomous system number.
Peer Identifier The IP address that identifies the remote peer for the current BGP
connection.
Local Address The DefensePro IP interface address used as the source IP address
for a BGP connection.
Local Port (Source) The TCP source port number used by DefensePro for a BGP
connection to the remote peer.
Remote Port (Destination) The TCP destination port number used by DefensePro for a BGP
connection to the remote peer.
In Updates The number of BGP UPDATE messages transmitted on the
connection.
Out Updates The number of BGP UPDATE messages transmitted on the
connection.
In Total Messages The total number of messages received from to the remote peer on
the connection.
Out Total Messages The total number of messages transmitted to the remote peer on
the connection.
Last Error The last error code and subcode seen by the peer on the
connection. If no error has occurred, the value for this field is zero
(0). Otherwise, the first byte of this two-byte OCTET STRING
contains the error code, and the second byte contains the subcode.
FSM Established Time How long, in seconds, the peer has been in the established state, or
how long since the peer was last in the established state. It is set to
zero when a new peer is configured or the router is booted.
FSM Established Transitions The total number of times the BGP FSM transitioned into the
established state.
Connect Retry Interval The Connect Retry Interval value specified in the configuration of
the peer.
Parameter Description
Hold Time The time, in seconds, the Hold Timer established with the peer. The
value of this object is calculated by the BGP speaker by using the
smaller of the value by the specified Hold Time and the Hold Time
received in the OPEN message. The value zero (0) indicates that the
Hold Timer has not been established with the peer, or, the specified
Hold Time is zero (0).
Keep Alive Time The interval, in seconds, for the keepalive timer established with
the peer. The value of this object is calculated by the BGP speaker.
The value zero (0) indicates that the keepalive timer has not been
established with the peer, or, the specified Keep-Alive Time is zero
(0).
Hold Time Configured The Hold Time value specified in the configuration of the peer.
Keep Alive Configured The Keep-Alive Time value specified in the configuration of the
peer.
In Update Elapsed Time The elapsed time, in seconds, since the last BGP UPDATE message
was received from the peer.
Note: In DefenseFlow version 2.1, the order of the Operation and System tabs are switched.
• Attack Mitigation Operation Dashboard—In addition to managing protected objects with the
Monitoring pane, you can view and manage the details of protected objects using the Attack
Mitigation Operation dashboard. For more information, see Attack Mitigation Operation
Dashboard, page 545.
Operation
The Operation pane lets you manage protected objects and manually activate them using the
Protected Objects pane.
These protected objects include:
• Pending Actions, page 513
• Mitigation Devices, page 520
• Protected Objects, page 522
• Ongoing Protections, page 530
• BGP, page 535
Pending Actions
This feature is only available starting with version 2.2.
The Pending Actions pane lets you manage pending actions to be performed for protected objects in
User Confirmation mode.
Note: If there are any pending actions, the number of pending actions is indicated on the Pending
Parameter Description
Name The name of the protected object awaiting action confirmation.
(From versions Starting with version 2.7, to view and/or edit a protected object associated with a
2.3 through 2.6, pending action, select the link in the Name column, and the Edit Protected Object
the Name and pane for that protected object displays. For more information on protected
IP Address objects, see the DefenseFlow Installation and User Guide.
parameters
Note: If the protected object is under protection, and you modify an attribute
were together in
that conflicts with the ongoing protection, the change is performed only at the
one column. In
next activation of the protected object.
versions earlier
than 2.7, Name Starting with version 2.8.1, if you want a modification that affects an ongoing
was PO Name) protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
IP Address The IP address of the attacked destination as detected by the selected detection
(In versions device.
earlier than 2.3,
IP Address
was Detected
IP Address)
Operation String within the operation name.
(This parameter Starting with version 2.7, to view and/or edit an operation associated with a
is only available pending action, select the link in the Operation column, and the Edit Operation
starting with pane for that operation displays. For more information on operations, see the
version 2.3. In DefenseFlow Installation and User Guide.
versions earlier
Note: If the protected object is under protection, and you modify an attribute
than 2.4, it
that conflicts with the ongoing protection, the change is performed only at the
displays in the
next activation of the protected object.
last column)
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Attack ID The ID of the detected attack as reported by the detection device.
Pending Action The pending action waiting for confirmation.
Values:
• Start—An attack was detected for the protected object. The user can confirm
activation of the configured actions.
• End—The attack was terminated. The user can confirm deactivation of the
active actions.
Parameter Description
Configured The configured action for the protected object.
Action
(This parameter
is only available
in versions prior
to 2.8.1)
Workflow Workflow associated with the protected object.
(This parameter Starting with version 2.8.1, to view and/or edit a workflow associated with a
is only available pending action, select the link in the Workflow column, and the Edit Workflow
starting with pane for that operation displays. For more information on operations, see the
version 2.7) DefenseFlow Installation and User Guide.
Criteria The criteria associated with the pending action.
(This parameter
is only available
starting with
version 2.7)
External Attack Link to the third-party detector management system that handles the external
URI attack associated with the pending action.
(This parameter
is only available
starting with
version 2.7)
External PO URI Link to the third-party detector management system that handles the external
(This parameter protected object associated with the pending action.
is only available
starting with
version 2.7)
To clear the filter and perform a new search, click Clear next to the (Search) button.
— To confirm start of a pending action, for the Action, select Confirm Start. The Action
parameters display and can be modified:
• Attack Destination (this option is only available in versions earlier than 2.3)— Select
Activate Entire PO to protect the entire protected object or select Activate Specific
IP to protect a specific IP address or set of addresses within the protected object.
• Protected IP Address (in versions earlier than 2.3, Protected IP)—Starting with
version 2.3, select one of the following options:
• —Activate (in versions earlier than 2.4, Divert) Entire Networks—This activates
(in versions earlier than 2.4, diverts) the entire protected object.
• —Activate (in versions earlier than 2.4, Divert) Specific IP Address—This
activates (in versions earlier than 2.4, diverts) only a specified IP address, which
you change to any IP address or subnet as required.
Starting with version 2.3, this option displays the Attack Destination IP Address
parameter is the specific IP address attack target to be protected (this displays only if
you selected Activate Specific IP). This must be within the network classification of
the protected object.
In versions earlier than 2.3, this option (Protected IP) is the specific IP address attack
target to be protected (this displays only if you selected Activate Specific IP). This
must be within the network classification of the protected object.
• Attack Destination IP Address (starting with version 2.3)—The IP address of the
attack destination. This field only displays if the Activate Specific IP Address option is
selected.
• Operation—The operation to use for diversion and mitigation groups preferences.
Starting with version 2.3, select from the list of configured operations. The fields related
to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth
and Ignore mitigation devices capacity units parameters are available.
• If the operation you selected is a Mitigation operation, the mitigation and BGP
parameters (starting in version 2.4) display:
Parameter Description
Attack In versions earlier than 2.3, the peak attack level to use as a basis for configuring
Bandwidth the DefensePro device if the information is missing from the detection signals.
Starting with version 2.3, specify the attack bandwidth (bits per second). You can
also specify units (for example, 100M). This is used for verifying that the
mitigation devices can handle the related attack bandwidth. This is also used to
set the DefensePro policy bandwidth if there is not any BDoS bandwidth ready
yet.
Use busy If checked, DefenseFlow uses the selected DefensePro devices regardless of their
mitigation monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity units)
BGP
Operation BGP The BGP community values to be sent to the diversion groups that should receive
Community them per the operation. Multiple communities can be configured separated by a
(In versions space.
earlier than 2.4, In addition, well-known communities can be also defined, including: NO_EXPORT,
BGP NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
Community.)
Parameter Description
Use Protected Whether to add the protected object’s defined community in the announcement
Object to the blocking group.
Community When you select this parameter, the Protected Object Community parameter
(In versions displays.
earlier than 2.4,
Use
Community,
and displays
above the BGP
Community
parameter.)
Protected The protected object’s BGP community values to be sent to the diversion groups
Object BGP that should receive them per the operation. Multiple communities can be
Community configured separated by a space.
(This parameter In addition, well-known communities can be also defined, including: NO_EXPORT,
is only available NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
starting with
version 2.4)
(This parameter
displays only
when the Use
Protected
Object
Community
parameter is
selected.)
Advanced (This section is only available starting with version 2.8.1)
Minimum IPv4 The minimum IPv4 Advertised Subnet.
Advertised Default: 32
Subnet
(This parameter
is only available
starting with
version 2.8.1)
Minimum IPv6 The minimum IPv6 Advertised Subnet.
Advertised Default: 128
Subnet
(This parameter
is only available
starting with
version 2.8.1)
Override IPv4 Override the IPv4 Next Hop IP address.
Next Hop
(This field is
only available
starting with
version 2.10)
Parameter Description
Override IPv6 Override the IPv6 Next Hop IP address.
Next Hop
(This field is
only available
starting with
version 2.10)
Mitigation Route The route name for this mitigation. Select one of the routes that you defined for
Name mitigation devices. For more information on configuring routes, see the
(This field is DefenseFlow Installation and User Guide.
only available
starting with
version 2.10)
• If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic
Blocking) operation, the FlowSpec parameters display (for more information on
defining FlowSpec operations, see the DefenseFlow Installation and User Guide):
Table 402: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters
Parameter Description
Destination The destination prefix to block as defined in the Flow rule.
Prefix Values:
• Attacked IP—The actual destination IP addresses are inherited from the
protected object’s networks or IP addresses under attack or manually
activated.
During an attack the destination prefix is populated with the actual
destination IP address of the attack.
• Entire Networks—The actual destination IP addresses are inherited from the
protected object that uses this rule for its various operations or manual
actions.
• Specific prefix—The Prefix to Block field displays, letting you define a set of
IP prefixes for the destination prefix.
Default: Attacked IP
Prefix to Block Defines one or more IPv4 destination prefixes, each IP prefix separated by a
(This field is space.
only available Values: IPv4 address in the format n1.n2.n3.n4/5
starting with Maximum number of networks: 100
version 2.4)
(This field
displays only if
you have
selected
Specific prefix
as the
Destination
Prefix.)
Source Prefix The source prefix to block as defined in the Flow rule.
During an attack the source prefix is populated with the actual source IP address
of the attack.
Table 402: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)
Parameter Description
Port The port to block as defined in the Flow rule.
Starting with version 3.2, for objects protected by DPaaD, during an attack the
port is populated with the actual source port of the attack.
Destination Port The destination port to block as defined in the Flow rule.
Starting with version 3.2, for objects protected by DPaaD, during an attack the
destination port is populated with the actual destination port of the attack.
Protocol The protocol to block as defined in the Flow rule.
During an attack the protocol is populated with the actual protocol of the attack.
Source Port The source port to block as defined in the Flow rule.
ICMP Type The ICMP type to block as defined in the Flow rule.
ICMP Code The ICMP code to block as defined in the Flow rule.
TCP Flag The TCP flag to block as defined in the Flow rule.
Starting with version 3.6, during an attack the TCP flag is populated with the
actual TCP flag of the attack.
Packet Length The packet length to block as defined in the Flow rule.
DSCP The DSCP to block as defined in the Flow rule.
Fragment The fragment to block as defined in the Flow rule.
Starting with version 3.2, for objects protected by DPaaD, during an attack the
fragment is populated with the actual fragment of the attack.
Note: DefenseFlow FlowSpec support is in accordance with RFC 5575. Ensure
that your router supports all fragmentation values to avoid the incorrect setup
of your router.
Redirect to VRF The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic.
(This field is Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you
only available have defined a route target. For more information, see the DefenseFlow
starting with Installation and User Guide.
version 2.4)
Redirect to Enables or disables redirection to the operation’s mitigation group. The next hop
Mitigation IP addresses are inherited from the mitigation group of the protected object that
(This field is uses this rule for its various operations or manual actions.
only available
starting with
version 2.4)
Block Enables or disables traffic blocking (drop all matching packets).
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Table 402: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)
Parameter Description
Rate Limit The rate limit in MB/s or GB/s.
(This parameter Values:
is only available • Example for MB/s: 103M
starting with
version 2.4. In • Example for GB/s: 1G
version 2.3, this
was an Action
option.)
Set DSCP Defines how to update the DSCP header of the matching packets.
(This parameter Values: 0–63
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Action The FlowSpec action to perform.
(This parameter Available actions:
is only available • Block—Drop all matching packets.
in version 2.3.
Starting with • Rate Limit—Drop all matching packets above this rate (see the Rate
version 2.4, the parameter in this table).
options are now • Set DSCP—Update the DSCP header of the matching packets.
separate
parameters.)
Rate This field displays when you select the Action as Rate Limit. Set the rate limit to
(This parameter block in bytes per second.
is only available
in version 2.3.)
— To confirm ending a protection, for the Action, select Confirm End. Do this if after you
have started an action with Confirm Start by clicking Submit and the exit criteria for the
action has been met (usually after an attack has ended). A confirmation message displays.
Click OK to confirm.
4. Click Submit.
Mitigation Devices
This feature is only available starting with version 2.2.
The Mitigation Devices pane lets you monitor the status of mitigation devices.
Parameter Description
Name The name of the mitigation device.
Starting with version 2.7, to view and/or edit a mitigation device, select the link
in the Name column, and the Edit Mitigation Device pane for that mitigation
device displays. For more information on mitigation devices, see the DefenseFlow
Installation and User Guide.
Note: Any modification you make is deployed immediately on the mitigation
device.
Instance For DefensePro version 7.x mitigation devices, the DefensePro internal hardware
(This parameter instance that handles BDoS attacks in the DME when there are more than 32 such
is only available attacks.
starting with Values: 0, 1
version 2.9
through version
3.0)
Operational The operational status of the mitigation device.
Status
CPU Utilization Percent of the CPU utilization of the mitigation device.
BW Utilization Percent of the bandwidth utilization of the mitigation device.
(Gbps) Value: percentage_utilized (bandwidth_utilized/total_bandwidth)
Example
5.0% (3.00/60.00)
In this example, 5.0% of the total bandwidth (60.00 Gbps) is utilized (3.00
Gbps).
Policies Percent of the policies table utilization of the mitigation device.
Utilization
Filter List Percent of the filter list utilization of the mitigation device.
Utilization
(This parameter
is only available
starting with
version 2.8.1)
Managed Whether the mitigation device is managed.
(This parameter Values: true, false
is only available
starting with
version 2.4.1)
Update Time Last monitored update time.
Last Error The last device access error that was issued.
(This parameter
is only available
starting with
Examples
version 2.4.1)
A Authentication error
B Unable to connect to the mitigation device
Parameter Description
Geo Feed Status Geolocation Feed status:
(This parameter • Active—The Geolocation Feed on the DefensePro mitigation device is active.
is only available • Inactive—The Geolocation Feed on the DefensePro mitigation device is
starting with inactive.
version 3.7)
Default: Active
To clear the filter and perform a new search, click Clear next to the (Search) button.
Protected Objects
The Protected Objects pane lets you monitor protected objects and manually activate them.
Parameter Description
Name The name of the protected object.
Starting with version 2.7, to view and/or edit a protected object, select the link in
the Name column, and the Edit Protected Object pane for that protected object
displays. For more information on protected objects, see the DefenseFlow
Installation and User Guide.
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Detection The detection status of the protected object.
Status Values:
• Learning—DefenseFlow learns protected object baselines.
• Normal—No attack is currently detected for the protected object.
• Attacked—The protected object is under attack.
Action Status The action status of the protected object.
Values:
• Active—The configured actions are active. This means that the action
specified for the protected object is now enabled. The action can be enabled
automatically or manually.
• Not Active—The configured actions are currently not active.
Parameter Description
Mitigation The list of mitigation devices that are currently performing mitigation for the
Device/ protected object.
Mitigation Group
(This parameter
is only available
in version 2.1)
Action Mode The action mode configured for the protected object.
(This parameter Values:
is only available • Automatic—Configured actions are automatically activated upon detection of
in versions an attack.
earlier than 2.7.
Starting with • Manual—Configured actions can only be activated manually.
version 2.7, it is • User confirmation—The user is prompted to confirm activation of the
now configured configured actions upon attack.
as one of the
Workflow Rules
parameters.)
Pending Action The pending action waiting for confirmation for a protected object that is in User
Confirmation mode.
Values:
• Activate—An attack was detected for the protected object. The user can
confirm activation of the configured actions.
• Deactivate—The attack was terminated. The user can confirm deactivation of
the active actions.
Configured The configured action for the protected object.
Action
(This parameter
is only available
for versions
earlier than 2.3)
Protected A list of currently activated destinations for the protected object.
Destination
(This parameter
is only available
in version 2.2)
Workflow Workflow associated with the protected object.
(This parameter Starting with version 2.7, to view and/or edit a workflow associated with a
is only available protected object, select the link in the Workflow column, and the Edit Workflow
starting with pane for that workflow displays. For more information on workflows, see the
version 2.3) DefenseFlow Installation and User Guide.
Criteria The configured criteria for the protected object.
(This parameter
is only available
in version 2.7)
To clear the filter and perform a new search, click Clear next to the (Search) button.
— In versions 2.2 through 2.8.1, to cancel all active protections and move the protected object
to Manual mode in one operation, for the Action, select Cancel all protection and move
to manual protection.
4. Configure the activation parameters, as required:
— Starting with version 2.9, the activation parameters display only if you have selected
Advanced (see step 3).
— In versions earlier than 2.9, if you selected the Activate Action, activation parameters
display.
Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters
Parameter Description
Operation The operation to use for diversion and mitigation groups preferences. Starting
(In versions with version 2.3, select from the list of configured operations. The fields related to
earlier than 2.9, the operation type display. In versions earlier than 2.3, only the Attack
this parameter Bandwidth and Ignore mitigation devices capacity units parameters are
is required and available.
displays with
the Action and
the Attack
Destination
options.)
Attack Source This displays only if you selected a Mitigation operation. This is the specific IP
IP address attack target to be protected. This must be within the network
classification of the protected object.
The operation to use for diversion and mitigation groups preferences. Starting
with version 2.3, select from the list of configured operations. The fields related to
the operation type display. In versions earlier than 2.3, only the Attack
Bandwidth and Ignore mitigation devices capacity units parameters are
available.
Attack In versions earlier than 2.3, the peak attack level to use as a basis for configuring
Bandwidth the DefensePro device if the information is missing from the detection signals.
Starting with version 2.3, specify the attack bandwidth (bits per second) (this
displays only if you selected a Mitigation operation). You can also specify units
(for example, 100M). This is used for verifying that the mitigation devices can
handle the related attack bandwidth. This is also used to set the DefensePro
policy bandwidth if there is not any BDoS bandwidth ready yet.
Use busy This displays only if you selected a Mitigation operation. If selected, DefenseFlow
mitigation uses the selected DefensePro devices regardless of their monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity units)
BGP Communities
Operation BGP The BGP community values to be sent to the diversion groups that should receive
Community them per the operation. Multiple communities can be configured separated by a
(In versions space.
earlier than 2.4, In addition, well-known communities can be also defined, including: NO_EXPORT,
BGP NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
Community.)
Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)
Parameter Description
Use Protected Whether to add the protected object’s defined community in the announcement
Object to the blocking group.
Community When you select this parameter, the Protected Object Community parameter
(In versions displays.
earlier than 2.4,
Use
Community,
and displays
above the BGP
Community
parameter.)
Protected The protected object’s BGP community values to be sent to the diversion groups
Object BGP that should receive them per the operation. Multiple communities can be
Community configured separated by a space.
(This parameter In addition, well-known communities can be also defined, including: NO_EXPORT,
is only available NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
starting with
version 2.4)
(This parameter
displays only
when the Use
Protected
Object
Community
parameter is
selected.)
Advanced (In version 2.9, this section is no longer referred to as Advanced.)
Starting with version 2.7, the following parameters let you advertise BGP announcements following
a predefined operation prefix size. This is useful for an advertisement over the WAN or any other
network where the router restricts the advertisement for certain classes.
For example, if DefenseFlow receives an attack alert for IP address 204.1.1.3/32 and the network
allows only an advertisement of /24 or lower, you can set the DefenseFlow prefix size to 24.
Minimum IPv4 Minimum IPv4 advertised BGP announcement subnet.
Advertised Default: 32
Subnet
Minimum IPv6 Minimum IPv6 advertised BGP announcement subnet.
Advertised Default: 128
Subnet
Override IPv4 Override the IPv4 Next Hop IP address.
Next Hop
(This field is
only available
starting with
version 2.10)
Override IPv6 Override the IPv6 Next Hop IP address.
Next Hop
(This field is
only available
starting with
version 2.10)
Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)
Parameter Description
Mitigation Route The route name for this mitigation. Select one of the routes that you defined for
Name mitigation devices. For more information on configuring routes, see the
(This field is DefenseFlow Installation and User Guide.
only available
starting with
version 2.10)
— If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic Blocking)
operation, the FlowSpec parameters display (for more information on defining FlowSpec
operations, and starting with version 2.4, for mitigation with BGP FlowSpec rules, see the
DefenseFlow Installation and User Guide):
Table 406: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters
Parameter Description
Flow Rules
(Starting in version 2.4, the FlowSpec rules display only if you have selected a BGP FlowSpec
operation to activate the protected object).
Destination The destination prefix to block as defined in the Flow rule.
Prefix Values:
• Attacked IP—The actual destination IP addresses are inherited from the
protected object’s networks or IP addresses under attack or manually
activated.
• Entire Networks—The actual destination IP addresses are inherited from the
protected object that uses this rule for its various operations or manual
actions.
• Specific prefix—The Prefix to Block field displays, letting you define a set of
IP prefixes for the destination prefix.
Default: Attacked IP
Prefix to Block Defines one or more IP destination prefixes, each IP prefix separated by a space.
(This field is Values: IP address
only available Maximum number of networks: 100
starting with
version 2.4)
(This field
displays only if
you have
selected
Specific prefix
as the
Destination
Prefix.)
Source Prefix The source prefix to block as defined in the Flow rule.
Port The port to block as defined in the Flow rule.
Destination Port The destination port to block as defined in the Flow rule.
Protocol The protocol to block as defined in the Flow rule.
Source Port The source port to block as defined in the Flow rule.
ICMP Type The ICMP type to block as defined in the Flow rule.
ICMP Code The ICMP code to block as defined in the Flow rule.
TCP Flag The TCP flag to block as defined in the Flow rule.
Packet Length The packet length to block as defined in the Flow rule.
DSCP The DSCP to block as defined in the Flow rule.
Fragment The fragment to block as defined in the Flow rule.
Redirect to VRF The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic.
(This parameter Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you
is only available have defined a route target. For more information, see the DefenseFlow
starting with Installation and User Guide.
version 2.4)
Table 406: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)
Parameter Description
Redirect to Enables or disables redirection to the operation’s mitigation group. The next hop
Mitigation IP addresses are inherited from the mitigation group of the protected object that
(This parameter uses this rule for its various operations or manual actions.
is only available
starting with
version 2.4)
Block Enables or disables traffic blocking (drop all matching packets).
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Rate Limit The rate limit in MB/s or GB/s.
(This parameter Values:
is only available • Example for MB/s: 103M
starting with
version 2.4. In • Example for GB/s: 1G
version 2.3, this
was an Action
option.)
Set DSCP Defines how to update the DSCP header of the matching packets.
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Action The FlowSpec action to perform.
(This parameter Available actions:
is only available • Block—Drop all matching packets.
in version 2.3.
Starting with • Rate Limit—Drop all matching packets above this rate (see the Rate
version 2.4, the parameter in this table).
options are now • Set DSCP—Update the DSCP header of the matching packets.
separate
parameters.)
Rate This field displays when you select the Action as Rate Limit. Set the rate limit to
(This parameter block in bytes per second.
is only available
in version 2.3.)
Table 406: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)
Parameter Description
Use busy If checked, DefenseFlow uses the selected DefensePro devices regardless of their
mitigation monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity
units.)
5. In version 2.1, a confirmation message displays; click Yes to perform the action. In version 2.2,
click Submit.
Ongoing Protections
This feature is only available starting with version 2.2.
The Ongoing Protections pane lets you monitor the status of currently active protections.
Parameter Description
Note: In version 2.8.1, the placement of many of the parameters was shifted. This table reflects
the order of the parameters in version 2.8.1.
ID The ID of the protected object.
(This parameter
is only available
in version 2.8.1)
Protected The name of the protected object.
Object Starting with version 2.7, to view and/or edit a protected object associated with
(In versions an ongoing protection, select the link in the Name column, and the Edit Protected
earlier than Object pane for that protected object displays. For more information on protected
2.4.1, this objects, see the DefenseFlow Installation and User Guide.
parameter is
Note: If the protected object is under protection, and you modify an attribute
named Name.
that conflicts with the ongoing protection, the change is performed only at the
From version
next activation of the protected object.
2.4.1 through
version 2.7, this Starting with version 2.8.1, if you want a modification that affects an ongoing
parameter is protection to take effect immediately, you can make this modification from
named PO Operation > Ongoing Protections > Edit Protection. For more information,
Name.) see To edit ongoing protections, page 534.
Parameter Description
IP Address The Destination IP address that was activated.
(This parameter
does not display
in version 2.8.1)
In versions
earlier than 2.7,
PO Name and
IP Address are
in the same
column, In
versions earlier
than 2.3, the IP
Address
parameter
displays after
the Origin
parameter.)
Networks The destination networks that were activated.
(This parameter
is only available
starting with
version 2.8.1.
In version
2.8.1, it was
named
Network.)
Operation The operation used for the protection.
(In versions Starting with version 2.7, to view and/or edit an operation associated with an
earlier than 2.3, ongoing protection, select the link in the Operation column, and the Edit
this is named Operation pane for that operation displays. For more information on operations,
the Strategy see the DefenseFlow Installation and User Guide.
parameter)
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Policy Name The policy name for this protection activation.
(This parameter
is only available
starting with
version 2.4.1)
Parameter Description
Activated Black Black list associated with the protection activation.
List
(This parameter
is only available
from version 2.7
through 2.8.1.
In version 2.7 it
is named Black
List.)
Activated White White list associated with the protection activation.
List
(This parameter
is only available
from version 2.7
through 2.8.1.
In version 2.7 it
is named White
List.)
Origin Origin of the detection for this protection activation.
Workflow The configured workflow for the protection activation.
(This parameter
is only available
starting with
version 2.7)
Criteria The configured criteria for the protection activation.
(This parameter
is only available
starting with
version 2.7)
Mitigation The list of mitigation devices that are currently performing mitigation for this
Devices, protection, and (starting with version 2.9) the DefensePro 7.x instance.
Instance
(In versions
earlier than 2.6
and starting
with version
2.4.1, this is
named the
Mitigation
Device
parameter. In
versions earlier
than 2.4.1, this
is named the
Mitigation
Device/
Mitigation
Group
parameter)
Parameter Description
Mitigation The mitigation status for this protection.
Status A BGP announcement is not sent if the mitigation status is not SUCCESS.
(This parameter Values: RUNNING, SUCCESS, FAILED
is only available
starting with
version 2.4.1)
Signature The protected object’s signature source IP addresses.
Source IP
Addresses
(This parameter
is only available
starting with
version 2.8.1)
Network The network elements for the protection.
Elements In versions 2.3 and 2.4, the diversion and blocking network elements for the
(In versions 2.3 protection. In versions earlier than 2.3, the diversion group for this protection.
and 2.4, this is
named the
Diversion
Blocking/
Network
Elements
parameter. In
versions earlier
than 2.3, this is
named the
Diversion
Group
parameter)
Attack ID Attack ID as received from the detection origin.
Start Time The time that the protection has started.
Configured Type The configured operation type (in versions earlier than 2.3, the action) for the
(This parameter protected object.
does not display
in version 2.8.1)
(In versions
earlier than 2.3,
this is named
the Configured
Action
parameter)
External Attack Link to the third-party detector management system that handles the external
URI attack associated with the ongoing protection.
(This parameter
is only available
starting with
version 2.7)
Parameter Description
External PO URI Link to the third-party detector management system that handles the external
(This parameter protected object associated with the ongoing protection.
is only available
starting with
version 2.7)
To clear the filter and perform a new search, click Clear next to the (Search) button.
2. Select the ongoing protection to edit and click the (Edit) button.
Parameter Description
ID (read-only) The ID of the protected object.
Protected (read-only) The name of the protected object.
Object
Operation (read-only) The operation used for the protection.
Networks Tab The networks to be activated in the mitigation group (scrubbing center
(This tab is only DefensePro devices):
available • Protected Networks Policy—The networks that are diverted to the scrubbing
starting with center (mitigation group).
version 2.9) You can resize the text box as required by dragging the icon at the bottom
right-hand corner of the scroll bar.
• Diverted Networks (read-only)—The diversion networks for this ongoing
protection.
• Clean Traffic Injection Networks (read-only)—The injection networks from the
scrubbing center going to the protected object.
Policy Tab The policy text for this protection activation.
You can resize the text box as required by dragging the icon at the bottom right-
hand corner of the scroll bar.
Filters Tab Filter lists associated with this ongoing protection:
• Blacklist—Select a black list to associate with the protection activation.
• Whitelist—Select a white list to associate with the protection activation.
Parameter Description
Advanced Filters Black list and white list IP addresses associated with this ongoing protection:
Tab • Blacklist Addresses—Add, delete, modify individual IP addresses in the
associated black list.
• Auto-generated Blacklist Addresses—These addresses are automatically
generated upon detection of an attacker’s source address.
• Whitelist Addresses—Add, delete, modify individual IP addresses in the
associated white list.
You can resize the text boxes as required by dragging the icon at the bottom
right-hand corner of the text box scroll bar.
Maximum number of characters: 50,000,000
BGP
This feature is only available starting with version 2.2.
The BGP pane lets you monitor the status of BGP peers and announcements.
These include:
• Peers, page 535
• Announcements, page 537
• FlowSpecs, page 538
Peers
The Peers pane lets you monitor the status of BGP peers.
Parameter Description
Peer Name The name of the network element.
Starting with version 2.7, to view and/or edit a BGP peer, select the link in the
Peer Name column, and the Edit Network Element pane for that peer displays.
For more information on network elements, see the DefenseFlow Installation and
User Guide.
IP Address The IP address of the BGP peer.
Peering State Peering state of the BGP peer.
Values:
• ACTIVE (in versions earlier than 2.9, Down)—The router did not receive
agreement for peer establishment.
• ESTABLISHED (in versions earlier than 2.9, Up)—Peering is established and
routing begins.
Last The last connectivity time of the BGP peer.
Connectivity
Time
Local Router ID The DefenseFlow BGP peer ID.
(In versions The local peer ID in an HA installation is the IPv4 address of the HA Node control
earlier than 2.6, interface.
this is named
the ID
parameter)
Local IP Address The local IP address of the DefenseFlow device used to communicate with the
(This parameter BGP peer. This is the control interface IP address.
is only available In a High Availability (HA) installation, you can use this to distinguish between the
starting with connections opened by the Active and the Standby HA nodes. As a result, in such
version 2.5 and an installation there are two node entries per single network element. For more
was named information, see the DefenseFlow Installation and User Guide.
Local Node IP) The local IP address in an HA installation is the IPv4 address of the HA Node
control interface.
Local AS The local Autonomous System number.
Peer AS The peer Autonomous System number.
Announcements Number of BGP active announcements.
Withdrawals Number of withdrawals.
BGP FlowSpec The Flow Specification state of the BGP peer.
State
(This parameter
is only available
starting with
version 2.3)
To clear the filter and perform a new search, click Clear next to the (Search) button.
Announcements
The Announcements pane lets you monitor the status of currently active BGP announcements.
Note: In a High Availability (HA) installation, per announcement, there are two entries representing
the two HA nodes.
of the BGP announcement search fields and clicking the (Search) button:
Parameter Description
Protected The name of the protected object for which that the announcement was sent.
Object Starting with version 2.7, to view and/or edit a protected object associated with a
BGP announcement, select the link in the Name column, and the Edit Protected
Object pane for that protected object displays. For more information on protected
objects, see the DefenseFlow Installation and User Guide.
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Operation The operation of the protected object for which that the announcement was sent.
(This parameter Starting with version 2.7, to view and/or edit an operation associated with a BGP
is only available announcement, select the link in the Operation column, and the Edit Operation
starting with pane for that operation displays. For more information on operations, see the
version 2.6) DefenseFlow Installation and User Guide.
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Local IP Address The local IP address of the protected object for which that the announcement was
(This parameter sent.
is only available
starting with
version 2.6)
Parameter Description
Peer Name The name of network element to which the announcement was sent.
Starting with version 2.7, to view and/or edit a BGP peer associated with a BGP
announcement, select the link in the Peer Name column, and the Edit Network
Element pane for that network element displays. For more information on
network elements, see the DefenseFlow Installation and User Guide.
Peer IP Address The IP address of the DefenseFlow BGP peer.
Network The destination network of the BGP announcement.
Next Hop The next hop address used for the BGP announcement.
Type The type of announcement.
(This parameter
is only available
in versions
earlier than 2.6)
Communities The BGP communities in the announcement.
(In versions
earlier than 2.3,
this is named
the
Community
parameter)
Status The status of the announcement.
Time The time the announcement was sent.
To clear the filter and perform a new search, click Clear next to the (Search) button.
FlowSpecs
This feature is only available starting with version 2.3.
The FlowSpecs pane lets you monitor the status of currently advertised FlowSpec rules.
Starting with version 2.6, you can edit the advertised FlowSpec rules “on-the-fly” in real-time. When
you edit a rule on-the-fly, DefenseFlow withdraws the ongoing rule and advertises the new modified
rule. This on-the-fly modification is one-time and does not affect the regular configuration of the
ongoing rule.
To monitor the status of FlowSpec rules and (starting with version 2.6) edit them
1. In the Monitoring perspective, select Operation > BGP > FlowSpecs.
2. Highlight the FlowSpec announcement or search for the FlowSpec announcement by typing a
string in one of the FlowSpec announcement search fields and clicking the (Search)
button:
3. To edit the FlowSpec rule, click the (Edit) button, and click Submit:
Parameter Description
ID (Starting with version 2.6, in the Edit pane, read-only) The ID to block as defined
(This parameter in the FlowSpec rule.
is only available
starting with
version 2.6)
Protected (Starting with version 2.6, in the Edit pane, read-only) The protected object to
Object block as defined in the FlowSpec rule.
(This parameter Starting with version 2.7, to view and/or edit a protected object associated with a
is only available FlowSpec rule, select the link in the Name column, and the Edit Protected Object
starting with pane for that protected object displays. For more information on protected
version 2.6) objects, see the DefenseFlow Installation and User Guide.
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Operation (Starting with version 2.6, in the Edit pane, read-only) The operation to block as
(This parameter defined in the FlowSpec rule.
is only available Starting with version 2.7, to view and/or edit an operation associated with a
starting with FlowSpec rule, select the link in the Operation column, and the Edit Operation
version 2.6) pane for that operation displays. For more information on operations, see the
DefenseFlow Installation and User Guide.
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Activated Rule The activated rule name to block as defined in the FlowSpec rule.
Name Starting with version 2.7, to view and/or edit a FlowSpec rule, select the link in
(This parameter the Activated Rule Name column, and the Edit GP FlowSpec pane for that rule
is only available displays. For more information on BGP FlowSpec rules, see the DefenseFlow
starting with Installation and User Guide.
version 2.6)
Note: If the protected object is under protection, and you modify an attribute
that conflicts with the ongoing protection, the change is performed only at the
next activation of the protected object.
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
Parameter Description
Peer IP Address The IP address to block as defined in the FlowSpec rule.
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Community (Starting with version 2.6, in the Edit pane, read-only) The community to block as
(This parameter defined in the FlowSpec rule.
is only available
starting with
version 2.4)
Destination (Starting with version 2.6, in the Edit pane, read-only) The destination prefix to
block as defined in the FlowSpec rule.
Source The source prefix to block as defined in the FlowSpec rule.
Port The port to block as defined in the FlowSpec rule.
Destination Port The destination port to block as defined in the FlowSpec rule.
Source Port The source port to block as defined in the FlowSpec rule.
Protocol The protocol to block as defined in the FlowSpec rule.
ICMP Type The ICMP type to block as defined in the FlowSpec rule.
ICMP Code The ICMP code to block as defined in the FlowSpec rule.
TCP Flag The TCP flag to block as defined in the FlowSpec rule.
Packet Length The packet length to block as defined in the FlowSpec rule.
DSCP The DSCP to block as defined in the FlowSpec rule.
Fragment The fragment to block as defined in the FlowSpec rule.
Route Tag Name The name of the route tag (VPN prior to version 2.8.1) to which to redirect as
(This parameter defined in the FlowSpec rule.
is only available
starting with
version 2.4. In
versions 2.6 and
2.7, it is named
VPN Name.
Before version
2.6, it is named
Redirect VPN.)
Parameter Description
Route Tag Route The route tag route (VPN prior to version 2.8.1) to which to redirect as defined in
(This parameter the FlowSpec rule.
is only available
starting with
version 2.6. In
versions 2.6 and
2.7, it is named
VPN Route.))
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Redirect The mitigation redirection status (enabled or disabled) for the FlowSpec rule.
Mitigation
Enabled
(This parameter
is only available
starting with
version 2.4.
Before version
2.6, it is named
Redirect
Mitigation.)
Redirect The device to which to redirect for mitigation as defined in the FlowSpec rule.
Mitigation
NextHop
(This parameter
is only available
starting with
version 2.6)
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Block The blocking status (enabled or disabled) for the FlowSpec rule.
(This parameter
is only available
starting with
version 2.4)
Action The FlowSpec action to perform as defined in the Flow rule.
(This parameter
is only available
in versions
earlier than 2.3)
Parameter Description
Rate Limit The rate limit to block as defined in the Flow rule.
(bytes per
second)
(In versions
earlier than 2.9,
it is named
Rate Limit)
Set DSCP The update setting for DSCP header in the FlowSpec rule.
(This parameter
is only available
starting with
version 2.4)
System
The System pane lets you view system information and utilization statistics.
These include:
• General Information, page 542
• System Utilization, page 543
• Background Processes, page 544
• High Availability, page 544
General Information
The General Information pane lets you view DefenseFlow general system information.
Parameter Description
Uptime Time since the last reboot of the system in the format hh:mm:ss (hours:
minutes, seconds).
Software Currently installed DefenseFlow software version.
Version
Build Currently installed DefenseFlow software build.
System Utilization
The System Utilization pane lets you view the current DefenseFlow utilization statistics and set alert
levels.
Parameter Description
CPU Utilization Set the CPU utilization percentage for which an alert is issued.
If the CPU utilization on any of the containers monitored by DefenseFlow reaches
this percentage, an alert is issued.
Memory Alert Set the memory utilization percentage for which an alert is issued.
Level If the memory utilization on any of the containers monitored by DefenseFlow
reaches this percentage, an alert is issued.
Disk Alert Level Set the disk utilization percentage for which an alert is issued.
If the disk utilization on any of the containers monitored by DefenseFlow reaches
this percentage, an alert is issued.
Container System Utilization Statistics
Container Name Name of the container monitored by DefenseFlow.
CPU Utilization Percentage of CPU currently being utilized by the container.
Memory Percentage of memory currently being utilized by the container.
Utilization
Disk Space Percentage of disk space currently being utilized by the container.
Utilization
Update Time Last monitored update time.
Parameter Description
CPU Utilization Percent of CPU currently being utilized.
Alert Level Set the CPU utilization percentage for which an alert is issued.
Memory Utilization
Memory Memory percentage currently being utilized.
Utilization
Free Amount of free memory in kilobytes.
Total Total memory in kilobytes
Alert Level Set the memory utilization percentage for which an alert is issued.
Background Processes
The Background Process pane lets you view the status of background processes running in
DefenseFlow to determine if an unsynchronized task is completed or still running.
of the background process search fields and clicking the (Search) button:
Parameter Description
Description Description of the background process.
Status Status of the background process.
Update Time Date and time of the status update for the background process.
Error Message Error message related to the status update.
To clear the filter and perform a new search, click Clear next to the (Search) button.
High Availability
This feature is only available starting with version 2.5.
The High Availability pane lets you monitor the status of High Availability nodes.
APSolute Vision supports high availability for a DefenseFlow-instance pair that is associated with the
APSolute Vision server, by allowing a seamless automatic failover from the active DefenseFlow
instance to the stand-by instance.
All APSolute Vision DefenseFlow functionality relates to the active instance only.
Upon a DefenseFlow failover, APSolute Vision will maintain all data of the failed DefenseFlow
instance to avoid any data loss or discrepancies due to the failover.
The signaling between the DefenseFlow instances and APSolute Vision is done through the
defenseflow system user, by default.
Notes
• The default password of the defenseflow system user is defenseflow. For more information,
see Role-Based Access Control (RBAC), page 85.
• For communication between a DefenseFlow instance version 2.5 or later and APSolute Vision,
the user and password must match on both sides.
one of the High Availability search fields and clicking the (Search) button:
Parameter Description
DefenseFlow The IP address of the node.
Node IP Address
Node Role The role of the node.
Values: ACTIVE, STANDBY, STANDALONE
Operational The operational status.
Status Values: up, down
Automatic The automatic failover state.
Failover Values: ENABLED, DISABLED
To clear the filter and perform a new search, click Clear next to the (Search) button.
To view and modify attack mitigation operations from the Attack Mitigation Operation
dashboard
1. To access the Attack Mitigation Operation dashboard, do one of the following:
— Starting with version 3.2, from the Apps Launcher on the APSolute Vision toolbar, select
DefenseFlow Operation.
— In versions earlier than 3.2, from APSolute Vision,
a. In the Monitoring perspective, select Operation > Attack Mitigation Operations.
b. To open the Attack Mitigation Operation dashboard, click Click here to access Attack
Mitigation Operations. A separate browser page opens with the DefenseFlow login
prompt.
— To directly access the DefenseFlow dashboard, go to the following URL: https://
DefenseFlow-IP/login
2. In versions earlier than 3.3, at the DefenseFlow login prompt, log in to the DefenseFlow device
using the DefenseFlow username and password. The Attack Mitigation Operation dashboard
displays all the ongoing attacks and their associated protections, and displays a log of all the
history attacks.
Note: Up to 3000 historical attacks are saved for three months. Any attacks older than
three months are deleted. Any attacks beyond the 3000 attacks limit are deleted, starting
with the oldest attack.
— You can sort the attack table by any of the columns in the table in ascending or descending
order by clicking on the relevant column header.
— You can search for records in the Search field above the Attack Mitigation Operations table
based on strings in the Attack ID, PO Name, Source Network, Destination Network,
Protocol, Attack Start, and Attack End parameters.
Begin the search by entering characters, one at a time, until you find the records that
include the string you entered. If no records include the string you entered, the table will
display with no records.
— You can start protections for all unprotected attacks by clicking the Protect All button at the
top right corner of the Attack Mitigation Operation dashboard pane.
—
4. Highlight the attack and review and/or set the attack operation parameters as required:
Parameter Description
Overall Attack A colored indicator to the left of the Attack ID that indicates the overall attack
Operation operation status. It is related to the protection Status, as described here and as
Status described later in this table.
Overall Status Indicators:
• Red—Displays under one the following conditions:
— This status icon is (In progress), where the protections are either
being activated or deactivated.
Parameter Description
Source Network The attack operation geolocation represented by the geolocation flag (starting
with version 3.7), and the source network IP addresses and ranges (CIDRs).
Up to three CIDRs are displayed. If there are more than three CIDRs for an
attack, the total number of CIDRs is displayed within parentheses (round
brackets).
To view the list of source CIDRs, click the (Edit) icon to the right of the
displayed CIDRs. From the Networks dialog box, you can:
• View the full list of source CIDRs (and starting with version 3.7, the
geolocation flag).
• Click the Destination tab and
— Change the protection statuses of any of the destination CIDRs.
— Add a new network to protect in the CIDR field and click Add.
After making any changes, click Submit.
Destination The attack operation geolocation represented by the geolocation flag (starting
Network with version 3.7), and the destination network IP addresses and ranges (CIDRs).
Up to three CIDRs are displayed. If there are more than three CIDRs for an
attack, the total number of CIDRs is displayed within parentheses (round
brackets).
To view the list of destination CIDRs, click the (Edit) icon to the right of the
displayed CIDRs. From the Networks dialog box, you can:
• Change the protection statuses of any of the destination CIDRs.
• Add a new network to protect in the CIDR field and click Add.
• Click the Source tab and view the full list of the source CIDRs (and starting
with version 3.7, the geolocation flag).
After making any changes, click Submit.
Volume Number of bytes per seconds (BPS) for the attack operation.
Starting with version 3.7, displays for an historic attack the maximum BPS that
was reported since the start of the attack until termination of the attack.
The BPS volume is graphically represented as a percentage interval on the BPS
volume gauge per the defined volume range.
The following are the default BPS gauge representations and their associated
volume ranges:
• 0%-25%—0m < value < 50m
• 25%-50%—50m < value < 250m
• 50%-75%—250m < value < 500m
• 75%-100%—value < 500m
You can change the volume range for the gauge using the CLI command dfc-
core-configuration.
For example, if you want to change the top limit of the PPS volume range for 75%
of the gauge from 500m to 70m, run the following CLI command:
dfc-core:configuration-set -name
dfc.attack.dashboard.volume.bps.level075 -value 70m
Parameter Description
Rate Number of packets per seconds (PPS) for the attack operation.
Starting with version 3.7, displays for an historic attack the maximum BPS that
was reported since the start of the attack until termination of the attack.
The PPS rate is graphically represented as a percentage interval on the PPS rate
gauge per the defined rate range.
The following are the default PPS gauge representations and their associated rate
ranges:
• 0%-25%—0k < value < 100k
• 25%-50%—100k < value < 500k
• 50%-75%—500k < value < 1m
• 75%-100%—1m < value
You can change the rate range for the gauge using the CLI command dfc-core-
configuration.
For example, if you want to change the top limit of the PPS rate range for 50% of
the gauge from 500k to 400k, run the following CLI command:
dfc-core:configuration-set -name
dfc.attack.dashboard.volume.pps.level050 -value 400k
Protocol Protocols used by the attack operation.
Detection The detection control element.
Status An icon indicating of the status of the attack operation. To view the status icon
description, hover over the status icon.
Note: The overall attack operation status is represented by a color indicator to
the left of the Attack ID. Earlier in this table, see the description of this
indicator and its relationship to the attack operation statuses.
Statuses:
Parameter Description
Protection Manually start or stop a protection operation for the attack based on the current
status of the protection.
Click one of the following buttons as relevant:
• CONFIRM ALL—Confirm starting or stopping multiple protection operations
for a given attack ID.
• CONFIRM START—Confirm starting a single protection operation for a given
attack ID.
• CONFIRM STOP—Confirm stopping a single protection operation for a given
attack ID.
• START—Start a single protection operation for a given attack ID.
• STOP—Stop a single protection operation for a given attack ID.
• STOP ALL—Stop all protections for multiple operations for a given attack ID.
Notes:
• You can start protections for all unprotected attacks by clicking the Protect
All button at the top right corner of the Attack Mitigation Operation
dashboard pane.
• While a protection operation is in process, you can hover over the Protection
button to view the protection status and to see more details of the operation
by clicking the Details link.
• Starting with version 3.7, you can only manually stop a manually activated
protection on a protected object, even if the attack has terminated.
Attack Start Attack operation start time and end time of the attack or the protection.
Attack End Attack operation end time of the attack or the protection.
5. Starting with version 3.1, you can expand the attack record to see more detailed information
regarding the attack.
Mouse-click the attack record. The set of dashboards with detailed information for that attack
display (see Attack Detailed Information, page 551), and the PACKET CAPTURE button that
opens the Real-time Packet Capture pane (see Real-Time Packet Capture, page 554).
Widget Description
Detection Anomaly detection event information, including:
Events • External ID— The ID of the event in the detection element. It can be an
external NetFlow detection or a DefensePro attack ID.
• Detector—The detector that detected the anomaly.
• Event—Description of the event.
• Started At—Start date and time of the event.
• Rate—Packet rate of the event in pps.
• Volume—Packet volume of the event in bps.
PO Traffic A graph that displays the following attack information:
Realization
• Received and dropped packets if the mitigation has
started and the data is available from the DefensePro devices.
You can filter out received or dropped packets from the display by clicking the
relevant icon before exporting. When you click either of the icons, a cross-out
line displays across them, indicating that those packets are filtered out from
the display. To remove the filters, click the relevant icon and the cross-out line
is removed.
• Incoming traffic for DPaaD and other third-party detectors.
The traffic is displayed as bandwidth over time for all DefensePro devices, or for
individual devices, as selected from the device drop-down.
Actions include:
• Select which device for which to display data: TOTAL (all devices), individual
device name
• Select the traffic bandwidth type: PPS, BPS
By default, the time range in the graph is the last 15 minutes. You can change the
time range by clicking on the time range icon in the upper-right corner of the
page. Do one of the following:
• Select a Quick Range:
— Set the quick range. Values: 15m (last 15 minutes), 30m (last 30
minutes), 1H (last hour), 6H (last six hours), 12H (last 12 hours), 24H
(last 24 hours)
— Click Apply.
• Set the time range based on the calendar date:
— Click the start date and end date fields, and select the calendar date for
each.
— The default start time is 15 minutes before the current time, and the
default end time is the current time. You can amend these times using
the format HH:MM.
Widget Description
Audit Log A detailed log of the following event types for the specific attack (including the
configuration changes during the attack):
• Attack start/end
• Operation start/end
• Any ongoing protection configuration change
Each log includes the following information:
• Timestamp
• Event description
• Username for user-generated events
Workflow Workflow information related to the attack:
• Name—Workflow name
• Description—Workflow description
• Detection—Detection related to the workflow
• Provisioning—Provisioning related to the workflow
Ongoing Displays the individual mitigation operations that comprise the entire operation
Mitigation workflow, and their settings:
(This table and • Mitigation ID—ID of the individual mitigation operation
its functionality • Operation—Mitigation operation related to the workflow
have been
expanded • Protected Network—Network protected by the mitigation operation
starting with • Enter Criteria—Workflow enter criteria
version 3.4.
• Exit Criteria—Workflow exit criteria
Prior to version
3.4, it was • Activation Mode (prior to version 3.4, Actual User Action Mode)—The enter
referred to as and exit activation mode. Syntax: Enter_Mode/Exit_Mode
Workflow Values: Automatic, Manual, User Confirmation
Rules and
Examples:
included only
the Enter — Automatic/Automatic
Criteria, Exit — Automatic/Manual
Criteria,
— Automatic/User Confirmation
Operation, and
Actual User — Manual/Manual
Action Mode • Mitigation Start Date—Mitigation operation start date and time
parameters)
You can expand the individual rows to display more detailed settings for the
mitigation operation. You can modify these details for the ongoing protection as
required. After the ongoing protection has ended, the changes you made no
longer are valid.
After making your changes, click Apply to apply them.
For more information on the Ongoing Mitigation details, see Table 419 - Ongoing
Mitigation Detailed Information, page 553.
Row Description
Operation Details of the operation, including:
• Description—Description of the operation.
• Operation Type—The type of operation. Values: Mitigation, Traffic Blocking,
Custom
• Diversion Protocol—The diversion protocol. Values: BGP, BGP FlowSpec
Mitigation Group Details of the mitigation devices with the mitigation group associated with the
operation, including:
• Name—Mitigation of the mitigation device name.
• Operational Status—The operational status of the mitigation device.
• CPU Utilization—Percent of the CPU utilization of the mitigation device.
• BW Utilization (GBPS)—Percent of the bandwidth utilization of the mitigation
device.
• Policies Utilization—Percent of the policies table utilization of the mitigation
device.
• Filter List Utilization—Percent of filter list utilization of the mitigation device.
• Managed—Whether the mitigation device is managed.
Values: true, false
• Platform Name—Platform name of the mitigation device.
• Update Time—Last monitored update time.
• Last Error—The last device access error that was issued.
• Geo Feed Status—The status of the Geolocation Feed on the DefensePro
mitigation device (active, inactive).
Filter List If you want to associate a black list and/or white list to the operation, select them
from the drop-down lists.
Geo-Location If you want to temporarily override the current geoblocking settings for this
(This row is operation for the duration of the protection, select a geolocation or Geolocation
available only feed group to block or allow, then select the override action:
starting with • Allow—Allow the selected geolocation or Geolocation feed group (default).
version 3.7) • Block—Block the selected geolocation or Geolocation feed group.
DNS Protection If you want to associate a DNS white list to the operation, select one from the
drop-down list, or click the Upload icon to upload a file with a DNS white list
not on the list.
If you want to see the contents of a DNS white list, select one from the drop-
down list and click the Download icon to save it as a .txt file.
Policy Edit the associated policy, if required.
Widget Description
Packet Capture Click PACKET CAPTURE to open the REAL-TIME PACKET CAPTURE pane
displaying the set of packets in the attack. Dropped packets are highlighted in
red, passed packets are highlighted in green.
To exit the REAL-TIME PACKET CAPTURE pane, click the <Back icon at the top
right of the pane.
The following fields display for each attack:
• Capture Settings—These fields include the Mitigation Device/Group drop-
down list and the Capture Filter. The filter is a regular expression that filters
which packets are displayed in the Packet Display table. For more details on
the capture filter regular expressions you can define, see Table 421 - Packet
Capture Filter Regular Expression Parameters, page 557.
— Mitigation Device/Group—Select from which DefensePro device or device
group the packets are captured. The default is the device or group that is
referred to specifically by the attack information.
— Capture Filter—Regular expression to display the packet capture
information from the selected DefensePro device or group of DefensePro
devices. The default device is the device or group that is referred to
specifically by the attack information. From the drop-down list, you can
choose one of the last 10 previous inputs for the filter.
Widget Description
Packet Capture • Display Settings—These fields include the Match Filter and Display Filter.
The filters are regular expressions that filter the packets that are displayed in
the Packet Display table. For more details on the regular expressions you can
define, see Table 422 - Match Filter and Display Filter Regular Expression
Parameters, page 557.
— Match Filter—Highlights the packets that match the filter. From the drop-
down list, you can choose one of the last 10 previous inputs for the filter.
— Display Filter—Displays all those packets that match the filter. From the
drop-down list, you can choose one of the last 10 previous inputs for the
filter.
• Legend for the color-codes for packets that match the capture and display
filters:
Widget Description
Packet Capture • Display actions—Do one of the following:
(continued)
— Click to begin the packet capture display. The packets display one
at one time based on the filters that you defined.
Table 422: Match Filter and Display Filter Regular Expression Parameters
Table 422: Match Filter and Display Filter Regular Expression Parameters (cont.)
Table 422: Match Filter and Display Filter Regular Expression Parameters (cont.)
icon.
2. On the menu, click Operation Background Processes. The Operation Background Processes
table includes the following parameters:
Parameter Description
PROCESS Description of the operation background process, including the associated PO
DESCRIPTION name where relevant.
DATE STARTED Date and time the process started.
DATE MODIFIED Last date and time the process was modified.
STATUS Current status of the process:
• —Process started
• —Process running
• —Process completed
• —Process failed
— To return to the Attack Mitigation Operation dashboard, click the icon and click Attack
Operations.
Tip: You can select one of the APSolute Vision dashboards as your landing page. APSolute Vision
administrators can select one of the APSolute Vision dashboards as the landing page for new users.
For more information, see Selecting Your Landing Page, page 78 or Configuring APSolute Vision
Display Parameters, page 163.
— Not Available—The Application SLA Dashboard cannot display the status because the
feature is not supported on the Alteon platform or the required license is not installed.
— No Data—The Application SLA Dashboard cannot display the status because no traffic
transactions were generated in the collection interval.
1 – The status is the same as that in APM. The dashboard displays the status only if the ser-
vice has generated transactions and APM data is available.
2 – This is based on one poll per minute for the last 15 minutes—Green (OK): 0 (zero) ser-
vice-down records. Amber (Warning): 1–2 service-down records. Red (Critical): 3 or
more service-down records.
Each tab displays one of the following global-status indicators, in addition to the label (for example,
DefensePro):
• —OK.
• —Mixed results.
• —Warning or Fail.
• —Not enough data, polling data, or the Security Control Center cannot determine the status.
— In the APSolute Vision sidebar menu, select Applications ( ) > Security Control
Center.
• —The APSolute Vision server is managing one or more DefensePro devices with enabled
policies.
• —The APSolute Vision server is managing one or more DefensePro devices, but none have
any enabled policy.
• —The Security Control Center has not yet determined the status.
When the global status is OK or mixed-results, the DefensePro node of the Security Control Center
displays the parameters described in the following table.
Parameter Description
Total managed DefensePro devices The number of DefensePro device that the APSolute Vision
server is managing.
Total Policies The number of DefensePro Protection policies and Server
Protection policies.
Enabled Policies The number of enabled DefensePro Protection policies and
Server Protection policies.
Disabled Policies The number of disabled DefensePro Protection policies and
Server Protection policies.
• —DefenseFlow is available.
• —The APSolute Vision server is managing one or more AppWall devices, which is reporting
to the associated APSolute Vision Reporter.
• —The APSolute Vision server is managing s or more AppWall devices, but one or more of
the AppWall devices is not reporting to the APSolute Vision Reporter that is associated with this
APSolute Vision server.
When the global status is OK or mixed-results, the AppWall node of the Security Control Center
displays the parameters described in the following table.
Parameter Description
AppWall devices Managed by APSolute The number of AppWall devices that the APSolute Vision
Vision server is managing.
AppWall devices Monitored by APSolute The number of AppWall devices that APSolute Vision
Vision Reporter Reporter is monitoring.
• —The APSolute Vision server has a license for AVR, and AVR is available.
• —The APSolute Vision server has no license for AVR, or AVR is unavailable.
• —The APSolute Vision server has a license for the APSolute Vision Analytics, and APSolute
Vision Analytics is available.
• —The APSolute Vision server has no license for APSolute Vision Analytics, or APSolute Vision
Analytics is unavailable.
• —The Security Control Center cannot determine the APSolute Vision Analytics status.
• —The Radware Cloud DDoS Protection service is not configured in the system.
Tip: Users with a proper role can click the (Settings) icon to specify the Radware Cloud DDoS
Protection URL (see Configuring the Radware Cloud DDoS Protection Setting, page 161).
• —All the DefensePro devices are using the latest signature file.
• —Only some of the DefensePro devices are using the latest signature file version.
• —No DefensePro devices are using the latest signature file (whether or not they have a
subscription).
Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and
configure an Update Security Signature Files task (see Update Security Signature Files—
Parameters, page 313).
When the global status is OK or mixed-results, the Radware Security Signatures (SUS) node of the
Security Control Center displays the parameters described in the following table.
Table 427: Security Control Center: Radware Security Signatures (SUS) Parameters
Parameter Description
Latest Signature Release The identifier or the Signature file.
Total DefensePro Devices The number of DefensePro devices that the APSolute Vision
server is managing.
DefensePro Devices Using Latest The number of DefensePro devices using the latest signature-file
Signature File Release release.
DefensePro Devices Requiring The number of DefensePro devices not using the latest
Signature File Update signature-file release.
DefensePro Devices Without The number of DefensePro devices that do not have a
Signature File Update subscription for Signature File updates.
Subscription
• —All of the DefensePro devices were updated with fraud signatures in the last hour.
• —Only some of the DefensePro devices were updated with fraud signatures in the last hour.
• —No DefensePro devices were updated with fraud signatures in the last hour.
Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and
configure an Update Security Signature Files task (see Update Fraud Security Signatures—
Parameters, page 314).
When the global status is OK or mixed-results, the Fraud Security Signatures node of the Security
Control Center displays the parameters described in the following table.
Parameter Description
DefensePro Devices Updated in The number of DefensePro devices (managed by the APSolute
Last Hour Vision server) that were updated in the last hour.
DefensePro Devices Not Updated The number of DefensePro devices (managed by the APSolute
in Last Hour Vision server) that were not updated in the last hour.
Parameter Description
DefensePro Devices Not Using The number of DefensePro devices (managed by the APSolute
fraud Subscription Vision server) without a Fraud Signature Protection
subscription.
• —All of the DefensePro devices were updated with the ERT Active Attackers Feed in the last
run of the ERT Active Attackers Feed for DefensePro scheduled task.
• —Only some of the DefensePro devices were updated with the ERT Active Attackers Feed in
the last run of the ERT Active Attackers Feed for DefensePro scheduled task.
• —No DefensePro devices were updated with the ERT Active Attackers Feed in the last run of
the ERT Active Attackers Feed for DefensePro scheduled task.
Note: For information on the ERT Active Attackers Feed for DefensePro scheduled task, see ERT
Active Attackers Feed for DefensePro—Parameters, page 323.
Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and
configure an ERT Active Attackers Feed for DefensePro task.
When the global status is OK or mixed-results, the ERT Active Attackers Feed node of the Security
Control Center displays the parameters described in the following table.
Table 429: Security Control Center: ERT Active Attackers Feed Parameters
Parameter Description
Last ERT Active Attackers Feed The time that APSolute Vision received the last feed.
Note: The time format is according to the configuration (see
Configuring APSolute Vision Display Parameters, page 163).
Last Run The time that APSolute Vision last ran an ERT Active Attackers
Feed for DefensePro task.
Note: The time format is according to the configuration (see
Configuring APSolute Vision Display Parameters, page 163).
DefensePro Devices Updated in The number of DefensePro devices (managed by the APSolute
Last Run Vision server) that were updated in the last run of the ERT
Active Attackers Feed for DefensePro scheduled task.
DefensePro Devices Not Updated The number of DefensePro devices (managed by the APSolute
in Last Run Vision server) that were not updated in the last run of the ERT
Active Attackers Feed for DefensePro scheduled task.
Parameter Description
DefensePro Devices Not Using The number of DefensePro devices (managed by the APSolute
ERT Active Attackers Feed Vision server) without an ERT Active Attackers Feed
Subscription subscription.
The Service Status Dashboard includes doughnut charts that show summary information and a tree
view with more detailed information.
For information on the different statuses, see Status Criteria in the Service Status Dashboard,
page 574.
You can manage the set of devices that the Service Status Dashboard shows and filter objects in the
tree view using the filter dialog box. For more information, see Managing Set of Devices that the
Service Status Dashboard Shows and the Objects in the Tree View, page 572.
You can pause and resume the refresh of Service Status Dashboard display.
Figure 66: Use the Slider to Pause or Refresh the Display of the Service Status Dashboard
Notes
• For information about roles in APSolute Vision, see Role-Based Access Control (RBAC), page 85.
• By default, the information in the Service Status Dashboard refreshes every 15 seconds. You can
modify the rate by modifying the value for the APSolute Vision Polling Interval for Reports
parameter (see Configuring Monitoring Settings, page 135).
• The Service Status Dashboard may not be able to fetch data from the ADC for several reasons,
for example:
— The ADC statistics are not ready.
— The ADC is unavailable.
— There is some exception on the APSolute Vision side or the ADC side.
Tip: Click a segment in a doughnut chart to apply a filter to the corresponding objects in the status
tree.
Tip: Hover over a segment in a doughnut chart to display more exact values.
Under each device node, all the second-level nodes in the tree—the virtual-service nodes—are
collapsed.
Expanding a device node displays the following:
• Virtual Service ID: <ID>, <Application> (<port> <tcp|udp>), Action: <action>
where:
— <ID> is the specified ID of the virtual service.
— <Application> is the specified Application of the virtual service, for example: basic-
slb, http, or https. For information on the Application parameter, see the APSolute
Vision online help.
— <Port> is the specified port number of the of the virtual service.
— <tcp|udp> is the relevant protocol of the virtual service.
— <action> is either the specified Action (Group, Redirect, or Discard) when the
Application is HTTP or HTTPS (group, redirect, discard) or group for all other
Application values.
• AppShape++ Script (Always Up)—Specifies that a virtual service is always be available,
even if all servers are down, when an AppShape++ script is attached to the service.
The Service Status Dashboard displays this node only under the following conditions:
— In version 30.2.5 and later, version 30.5.3 and later, and version 31.0 and later—
The virtual service is configured with one or more AppShape++ scripts and the Service
Always Up options is Enable. For more information on the Service Always Up parameter,
see the APSolute Vision online help.
— In versions earlier than 30.2.5, earlier than 30.5.3, and earlier than 31.0—The
virtual service is configured with one or more AppShape++ scripts.
• Content Rules—This node is displayed only if the virtual service is configured with one or more
content rules. The Service Status Dashboard displays content rules numerically, each in the
format <Rule ID>, Action: <Action>, Group: <Group name>.
• Group ID: <ID>—The ID of the server group, and includes the following nodes sorted
alphanumerically, each in the format <Real server ID>,<IP address>.
• WAN Link ID: <ID>, <WAN Link Router IP address>—This node is displayed only if the
virtual service is configured with a WAN link.
Note: Backup real servers and backup groups appear in the tree only when they are active.
Managing Set of Devices that the Service Status Dashboard Shows and
the Objects in the Tree View
Use the following procedure to modify the set of managed ADC devices that the Service Status
Dashboard shows. The Service Status Dashboard can show up to 10 managed ADC devices. If there
are more than 10 managed ADC devices, by default, the Service Status Dashboard shows the first
10 devices.
Applying a filter refreshes the tree view (not the doughnut charts) and shows the updated statuses
and objects based on the filter criteria.
To manage the set of devices that the Service Status Dashboard Shows and the objects
in the tree view
1. In the APSolute Vision Settings view Dashboards perspective, select Service Status
Dashboard.
2. Click the filter funnel icon ( ) at the top-left of the Service Status Dashboard.
3. Configure the filter parameters and click APPLY.
To cancel the filter application of the status tree, but retain the filter configuration
1. In the APSolute Vision Settings view Dashboards perspective, select Service Status
Dashboard.
2. Click the filter funnel icon ( ) at the top-left of the Service Status Dashboard.
3. Configure the filter parameters and click CANCEL.
To cancel the filter application of the status tree and revert the filter configuration to the
default
1. In the APSolute Vision Settings view Dashboards perspective, select Service Status
Dashboard.
2. Click the filter funnel icon ( ) at the top-left of the Service Status Dashboard.
3. Configure the filter parameters and click CLEAR.
Note: When the specified Action is Group, the service-action status is the Group status.
When the Action is Redirect or Discard, the service-action status is always Up.
Note: The GEL Dashboard uses the Local License Server (LLS) on the APSolute Vision server. The
LLS service starts automatically with APSolute Vision. Administrators can use system lls
commands in the APSolute Vision CLI to manage the LLS. For more information, see System LLS
Commands, page 701.
> In the APSolute Vision sidebar menu, select Applications ( ) > GEL.
Note the following terms:
• Activate a license means to register a new Entitlement on the local server.
• Allocate a license (for a selected Entitlement) means that the user allocates throughput and
add-ons to selected Alteon devices.
Note: Devices displayed in this list are the devices that do not yet have any license.
d. In the Throughput field, select the required throughput from the drop-down list.
e. Click Allocate.
f. Repeat step b–step e for each Alteon to which you want to allocate Entitlements.
The statistics update in the Entitlement display and the Alteon servers to which the
Entitlements are allocated display in the table, as shown below:
2. Place your cursor over the icon to view notifications, as shown below:
Parameter Description
Throughput The percentage of the total allowed throughput currently in
use and the amount of allocated throughput for this
Entitlement.
Instances The number of instances that have licenses allocated from this
Entitlement.
Add-Ons The percentage of the total number of add-ons allowed and
the total number of add-ons allocated.
Expires on The expiry date of the license.
Remaining The number of days remaining until the license expires.
Parameter Description
Instance Name The Alteon server to which licenses from this Entitlement are
allocated.
Server Identification The form factor of the Alteon server to which this Entitlement
is allocated.
IP Address The IP address of the Alteon server which this Entitlement is
allocated.
Allocated Throughput (Mbps) The throughput in use for the Alteon server to which this
Entitlement is allocated.
Allocated Add-Ons The add-on for the Alteon server which this Entitlement is
allocated.
Notes
• The ERT Active Attackers Feed is a subscription service, which updates DefensePro devices with
IP addresses of known attackers that were recently active. The feed is generated by Radware’s
Threat Research Center.
• A scheduled task ERT Active Attackers Feed for DefensePro updates the selected DefensePro
devices with the ERT Active Attackers Feed. For more information, see ERT Active Attackers
Feed for DefensePro—Parameters, page 323.
• The ERT Active Attackers Feed node of the Security Control Center shows information about
DefensePro devices that were updated with the ERT Active Attackers Feed in the last run of the
ERT Active Attackers Feed for DefensePro scheduled task. For more information, see ERT Active
Attackers Feed Information in the Security Control Center, page 569.
• For information about roles in APSolute Vision, see Role-Based Access Control (RBAC), page 85.
> In the APSolute Vision sidebar menu, select Applications ( ) > EAAF.
The EAAF Dashboard displays the selected time range to the left of the clock button ( ).
1. Click the clock button ( ) on the dashboard toolbar to open the Devices dialog box.
2. Select one of the following ranges:
— 15m—The last 15 minutes
— 30m—The last 30 minutes
— 1H—The last hour
— 1D—The last days
— 1W—The seven days
— 1M—The last month
— 3M—The last three months
Default: 15m
Figure 69: IP Address Specified in the Filter Not Among the Top-10 Malicious IP Addresses
Notes
• The contents of the Security Monitoring perspective are customized for the specific monitored
device. The reporting information for DefensePro and DefenseFlow mitigation devices is different
from the reporting information for AppWall and Alteon devices.
• When selecting multiple devices, the Security Monitoring perspective display reports that are
relevant across devices, with the same reporting information. When selecting multiple devices
including DefensePro and other device types (AppWall or Alteon), the Security Monitoring
perspective shows reports only for the DefensePro devices.
• You can use APSolute Vision Analytics to view and analyze real-time and historical security
information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards
for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics
capabilities. Full functionality of APSolute Vision Analytics requires a license. For more
information, see the online help or the APSolute Vision Analytics User Guide.
• You can use APSolute Vision Reporter (AVR) to view and analyze historical security information.
For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes. For information about APSolute Vision Reporter and how to use
it, see its online help and the APSolute Vision Reporter User Guide.
• Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event
records from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The
event exporter lets you integrate with a Security Information Event Management (SIEM)
system, which you may be using as your main analytics-and-reporting system. For more
information, see System Exporter Commands (Event Exporter), page 695.
Columns icon, , and select or clear any parameter to be shown or removed from the Security
Events table. (All the non-default Security Events parameters are listed in the Create Filter:
Basic or Advanced Parameters table below.)
4. If you want to define a filter to display the security events in the table according to selected
parameter values, click the Create Filter icon, , and enter the required parameters
(listed in the Create Filter: Basic or Advanced Parameters table below), and click Submit.
5. Click the Enable Auto-Refresh icon, , to enable auto-refresh of the Security Events table.
Parameter Description
Severity The severity of the security event.
Values:
• Critical
• High
• Low
• Info
• Warning
Time The date and time that the security event occurred.
Source IP The source IP address of the security event.
Source Port The source port number of the security event.
Action The action taken regarding the security event.
Values:
• Blocked
• Modified
• Reported
Device IP The device IP address of the security event.
Server Name The server name of the security event.
Transaction ID The transaction ID number of the security event.
Parameter Description
Display Last Select Display Last to filter the Security Event table to only list
the events that occurred during the last specified amount of time.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
• 2 Hours
• 6 Hours
• 12 Hours
• 24 Hours
Default: 10 Minutes
Date and Time Range Select Date and Time Range to filter the Security Event table to
only list the events that occurred during the specified date and
time range.
Note: The default time is 12:00:00 on each date selected. The
time can be changed manually within the field.
Parameter Description
Time The time that the security event occurred, in HH:mm:ss format.
Severity The severity of the security event.
Values (Equals or Not Equals):
• Critical
• High
• Low
• Info
• Warning
Web Application The Web application of the security event.
Values: Contains or Not Contains the entered value
External IP The external IP address of the security event.
Values: Contains or Not Contains the entered value
Action The action taken regarding the security event.
Values (Equals or Not Equals):
• Blocked
• Modified
• Reported
Violation Type The violation type of the security event.
Values: Equals or Not Equals the violation type from the drop-
down list
Source IP The source IP address of the security event.
Values: Contains or Not Contains the entered value
Parameter Description
User The user of the security event.
Values: Contains or Not Contains the entered value
AppWall Version The AppWall version of the security event.
Values: Contains or Not Contains the entered value
Target Module The target module of the security event.
Values: Contains or Not Contains the entered value
Host The host of the security event.
Values: Contains or Not Contains the entered value
Tunnel The tunnel of the security event.
Values: Contains or Not Contains the entered value
Tunnel Listen Port The tunnel listening port of the security event.
Values: Contains or Not Contains the entered value
Parameter Description
Device Type The device type of the security event.
Values (Equals or Not Equals):
• Stand-Alone Gateway
• Stand-Alone Monitor
• Cluster Manager
• Cluster Gateway Node
• Cluster Monitor Mode
vHost The virtual host of the security event.
Values: Contains or Not Contains the entered value
Source Port The source port of the security event.
Values: Contains or Not Contains the entered value
Destination Port The destination port of the security event.
Values: Contains or Not Contains the entered value
Protocol The protocol of the security event.
Values (Equals or Not Equals):
• TCP
• HTTP
• HTTPS
Parameter Name The parameter name of the security event.
Values: Contains or Not Contains the entered value
Transaction ID The transaction ID number of the security event.
Values: Contains or Not Contains the entered value
Request The request of the security event.
Values: Contains or Not Contains the entered value
Role The role of the security event.
Values: Contains or Not Contains the entered value
Module The module of the security event.
Values: Contains or Not Contains the entered value
Event Type The event type of the security event.
Values: Contains or Not Contains the entered value
Directory The directory of the security event.
Values: Contains or Not Contains the entered value
Tunnel Listen IP The tunnel listening IP address of the security event.
Values: Contains or Not Contains the entered value
URI The URI of the security event.
Values: Contains or Not Contains the entered value
Violation Category The violation category of the security event.
Values: Equals or Not Equals the violation category from the
drop-down list
Parameter Description
appPath The application path of the security event.
Values: Contains or Not Contains the entered value
Destination IP The destination IP address of the security event.
Values: Contains or Not Contains the entered value
Refine CRC The refine CRC of the security event.
Values: Contains or Not Contains the entered value
Method The method of the security event.
Values (Equals or Not Equals):
• GET
• POST
Parameter Type The parameter type of the security event.
Values: Contains or Not Contains the entered value
Rule ID The rule ID of the security event.
Values: Contains or Not Contains the entered value
Title The title of the security event.
Values: Contains or Not Contains the entered value
Caution: To view the SSL Inspection statistics in the Security Monitoring perspective, the relevant
services must be enabled on the APSolute Vision server, using the CLI. By default, the services are
disabled. Users with the Administrator or the Vision Administrator role can use the APSolute Vision
CLI. For more information, see System VRM Commands, page 721.
2. In the Security Monitoring perspective, select Dashboard View > SSL Inspection >
Dashboard.
3. By default the dashboard displays reporting information for the last hour. To change the time
period for which you want to display data, click the clock icon indicated and select a new time
period, or set a specific time range. Then, click Apply.
Time period options:
— Last 15 minutes
— Last 30 minutes
— Last hour
— Last day
— Last week
— Last month
— Last 3 months
Adding Filters
For each chart, you can perform advanced filtering over the displayed data.
Configuring Reports
This section describes how to configure the SSL Inspection monitoring module to send e-mail
reports for selected managed devices. Reports are included in the e-mail as PDF files.
2. Click .
Parameter Description
Report Title Specifies a name for the report.
Sender Specifies the name or e-mail address of the sender.
Recipients Specifies the recipients of the e-mail containing the report.
Subject Specifies the subject line of the e-mail containing the report.
Message Body (Optional) Specifies the body of the e-mail containing the report.
Report Period Specifies the period covered by the report.
Options:
• Last 1 Day
• Last 1 Week
• Last 1 Month
• Last 3 Months
• Last 6 Months
• Last 1 Year
Default: Last 3 Months
Send Every Specifies the frequency, in hours, with which APSolute Vision Analytics sends the
e-mail containing the report.
Viewing Reports
You can view or download a list of the reports sent as follows:
Notes
• Your user permissions (your RBAC user definition) determine the DefensePro devices and
policies, or DefenseFlow protected objects, that the Security Monitoring perspective displays to
you. You can view and monitor only the attacks blocked by the DefensePro devices and policies,
or DefenseFlow mitigation devices and protected objects that are available to you.
• APSolute Vision also manages and issues alerts for new security attacks.
• DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic
levels.
• At the time of writing, APSolute Vision collects the sampled attack data that DefensePro sends to
it at the rate of two samples per two minutes per attack. Please note that the rate is subject to
change without notice.
• When calculating the real-time network traffic and statistical parameters, DefensePro or
DefenseFlow version 2.1 do not include traffic that exceeded the throughput license.
• You can use APSolute Vision Analytics to view and analyze real-time and historical security
information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards
for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics
capabilities. Full functionality of APSolute Vision Analytics requires a license. For more
information, see the APSolute Vision online help or the APSolute Vision Analytics User Guide.
• You can use the APSolute Vision REST API to view security events from DefenseFlow mitigation
devices or DefensePro devices. For more information, see the APSolute Vision REST API
documentation.
• You can use the APSolute Vision CLI to export security events from DefenseFlow mitigation
devices or DefensePro devices. For more information, see System Exporter Commands (Event
Exporter), page 695.
Risk Levels
The following table describes the risk levels that DefensePro supports to classify security events.
Note: For some protections, the user can specify the risk level for an event. For these protections,
the descriptions in the following table are recommendations, and specifying the risk level is the
user’s responsibility.
Use a Dashboard View in the Security Monitoring perspective to analyze activity and security events
in the network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a Site, all devices in a Logical Group,
or all devices in the network. The dashboard monitoring display automatically refreshes providing
ongoing real-time analysis of the system.
The Dashboard View node comprises the following tabs, which display the same summary
information:
• Current Attacks Table—which is a table display (see Figure 70 - Current Attacks Table—
DefensePro, page 602).
• Ongoing Attacks Monitor—which includes a graphical, chart display (see Figure 71 - Ongoing
Attacks Monitor, page 607).
The Scope and other display parameters that you configure apply to the Current Attacks Table and
to the Ongoing Attacks Monitor. For more information, see Configuring the Display Parameters of a
Dashboard View, page 599.
When you double-click an attack in the Current Attacks Table or Ongoing Attacks Monitor, APSolute
Vision displays the details in an Attack Details tab. There, you can display the Sampled Data dialog
box for the all attack types that support sampled data.
By default, the display of the Dashboard View refreshes every 15 seconds. Administrators can
configure the refresh rate (APSolute Vision Settings view System perspective, General Settings >
Monitoring > Polling Interval for Reports).
Parameter Description
Scope The Scope depends on whether you are monitoring using DefensePro or
DefenseFlow. Using DefensePro, this parameter defines the physical
ports and the Protection policies that the dashboard displays. Using
DefenseFlow, this parameter defines the Protected Object, ports, and
policies that the dashboard displays.
Using DefensePro, by default, the Scope is Any Port; Any Policy. That
is, by default, the dashboard displays all the information.
Using DefenseFlow, by default, the Scope is Any Protected Object;
Any Port; Any Policy. That is, by default, the dashboard displays all
the information.
To control the scope of the information that the dashboard displays in
DefensePro, see the procedure To control the scope of the information
that the Dashboard View displays for DefensePro, page 600.
To control the scope of the information that the dashboard displays in
DefenseFlow, see the procedure To control the scope of the information
that the Dashboard View displays for DefenseFlow, page 600.
Display Last How long the dashboard displays attacks after the attack terminates.
That is, the dashboard displays all attacks that are currently ongoing or
that terminated within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
• 2 Hours
• 6 Hours
• 12 Hours
• 24 Hours
Default: 10 Minutes
Top Attacks to Display The number of attacks that the Ongoing Attacks Monitor displays.
(This parameter is Values: 1–50
available only in the Default: 20
Ongoing Attacks
Monitor.)
Parameter Description
Sort By Values:
(This parameter is • Top Total Packet Count—The Ongoing Attacks Monitor displays the
available only in the attacks with the highest number of packets.
Ongoing Attacks • Top Volume—The Ongoing Attacks Monitor displays the attacks with
Monitor.) the highest volume.
• Most Recent—The Ongoing Attacks Monitor displays the most recent
attacks.
• Attack Risk—The Ongoing Attacks Monitor displays the attacks
according to attack risk.
Default: Top Packet Count
To control the scope of the information that the Dashboard View displays for DefensePro
1. Click . Two tables open. One table has the Device Name and Port columns, and the
other table has the Device Name and Policy columns.
2. Do one of the following:
— To limit the physical ports or Protection policies that the dashboard displays, select the
corresponding checkboxes.
— To display the information for all the currently relevant physical ports or Protection policies,
click in the top-left table cell, and then, select Select All.
— To display all the information in the database, even information that is not associated with a
specific port or specific Protection policy, click in the top-left table cell, and then, select
Select None.
To control the scope of the information that the Dashboard View displays for
DefenseFlow
1. Click . Three tables open. One table has the Protected Object, one table has the Device
Name and Port columns, and the third table has the Device Name and Policy columns.
2. To toggle the sort order of the information in any of the columns, hover over the column heading
until you see an arrow, and then, click the arrow.
Note: For certain attacks, once DefensePro reports the attack, the Status value Occurred and the
Start Time value remain indefinitely. Such attacks include Packet Anomaly attacks and DNS Flood
attacks with ID 470. For example, suppose a new DefensePro device starts identifying and handling
a Packet Anomaly attack with Radware ID 105 with the start time 20.02.2017 15:19:09. The
attack subsides. One month later, the DefensePro device starts identifying and handling another
Packet Anomaly attack with Radware ID 105. The Start Time value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see Configuring Global Packet
Anomaly Protection, page 1579. For more information on the DNS Flood attack with ID 470, see
DefensePro Attack-Protection ID Numbers, page 819.)
click (View Attack Details). For more information, see Attack Details, page 608.
• Export the information in the table to a CSV file—To do this, click (CSV). Then, you can
view the file or specify the location and file name.
• Pause the refresh of the table display—To do this, click (Pause). When the table display
is not paused, it refreshes approximately every 15 seconds.
Parameter Description
Source Type The source of the signal entry.
(This parameter is Values:
available only in • DP—DefensePro
DefenseFlow.)
• DF—DefenseFlow
Start Time The date and time that the attack started.1
Parameter Description
Attack Category The threat type to which this attack belongs.
Values:
• ACL (not in DefenseFlow)
• Anomalies1 (in DefenseFlow, detection was performed by an external
detector)
• Anti-Scanning (not in DefenseFlow)
• Bandwidth Management (not in DefenseFlow)
• Behavioral DoS (in DefenseFlow, detection was performed by
DefenseFlow BDoS)
• DNS Flood (not in DefenseFlow)1
• DoS (not in DefenseFlow)
• HTTP Flood (not in DefenseFlow)
• Intrusions (not in DefenseFlow)
• Server Cracking (not in DefenseFlow)
• Stateful ACL (not in DefenseFlow)
• SYN Flood (not in DefenseFlow)
• Traffic Filters
Status The last-reported status of the attack.1
Values:
• Started—An attack containing more than one security event has been
detected. (Some attacks contain multiple security events, such as DoS,
Scans, and so on.)
• Occurred (Signature-based attacks)—Each packet matched with
signatures was reported as an attack and dropped.
• Sampled (available only in DefenseFlow)—The last reading for each
protocol and the totals for all protocols, for a single device. This
information is only available when viewing a single device.
• Ongoing—The attack is currently taking place, that is, the time
between Started and Terminated (for attacks that contain multiple
security events, such as DoS, Scans, and so on).
• Terminated—There are no more packets matching the characteristics
of the attack, and the device reports that the attack has ended.
Risk The predefined attack severity level (see Risk Levels, page 597).
Values:
• —High
• —Medium
• —Low
• —Info
Attack Name The name of the detected attack.
Parameter Description
Source Address The source IP address of the attack. If there are multiple IP sources for an
attack, this field displays Multiple. The multiple IP addresses are displayed
in the Attack Details window. Multiple may also refer to cases when
DefensePro or DefenseFlow cannot report a specific value.
The Search string can be any legal IPv4 or IPv6 address, and can include a
wildcard (*).
Destination Address The destination IP address of the attack. If there are multiple IP sources
for an attack, this field displays Multiple. The multiple IP addresses are
displayed in the Attack Details window. Multiple may also refer to cases
when DefensePro or DefenseFlow cannot report a specific value.
Policy In DefensePro, the name of the configured Protection policy that was
violated by this attack.
To view or edit the policy for a specific attack, select the attack entry and
click the (Go to Policy) button.
In DefenseFlow, the name of the configured Security Policy that was set to
mitigate this attack. The default policy name is the name of the protected
object. Policies in DefenseFlow cannot be edited.
Radware ID The DefensePro Attack-Protection identifier issued by the device. For more
information, see DefensePro Attack-Protection ID Numbers, page 819. For
more information, see Attack-Protection ID Numbers, page 889.
Direction The direction of the attack, inbound or outbound.
Values: in, out
Parameter Description
Action Type The reported action against the attack. The actions are specified in the
(This parameter is protection profile, which may or may not be available or relevant for your
available only in system.
DefensePro.) Values:
• Bypass—DefensePro does not protect against this attack, but rather,
sends its data out of the device, and may report it.
• Challenge—DefensePro challenges the packet.
• Destination Reset—DefensePro sends a TCP-Reset packet to the
destination IP address and port.
• Drop—DefensePro discards the packet.
• Drop & Quarantine—DefensePro discards the traffic and adds the
destination to the Web quarantine.
• Forward—DefensePro continues to process the traffic and eventually
forwards the packet to its destination.
• Proxy
• Quarantine—DefensePro adds the destination to the Web quarantine.
• Source Destination Reset—DefensePro sends a TCP-Reset packet to
both the packet source IP and the packet destination IP address.
• Source Reset—DefensePro sends a TCP-Reset packet to the packet
source IP address.
• Http 200 Ok—DefensePro sends a 200 OK response using a predefined
page and leaves the server-side connection open.
• Http 200 Ok Reset Dest—DefensePro sends a 200 OK response using a
predefined page and sends a TCP-Reset packet to the server side to
close the connection.
• Http 403 Forbidden—DefensePro sends a 403 Forbidden response
using a predefined page and leaves the server-side connection open.
• Http 403 Forbidden Reset Dest—DefensePro sends a 403 Forbidden
response using a predefined page and sends a TCP-Reset packet to the
server side to close the connection.
Total Packet Count The number of identified attack packets from the beginning of the attack.
Volume For most protections, this value is the volume of the attack, in kilobits,
from when the attack started.
In DefensePro, for SYN Flood Protection (SYN cookies), this value is the
number of SYN packets dropped, multiplied by 60 bytes (the SYN packet
size).
Device IP The IP address of the attacked device.
(This parameter is
available only in
DefensePro.)
Protected Object The name of the protected object that was attacked.
(This parameter is
available only in
DefenseFlow.)
Parameter Description
Application Protocol2 The transmission protocol used to send the attack.
Values:
• TCP
• UDP
• ICMP
• IP
MPLS RD 2 The Multi-protocol Label Switching Route Distinguisher in the policy that
handled the attack. The value N/A or 0 (zero) in this field indicates that
the MPLS RD is not available.
VLAN Tag / Context2 The VLAN tag value or Context Group in the policy that handled the attack.
The value N/A or 0 (zero) in this field indicates that the VLAN tag or
Context Group is not available.
Note: The VLAN tag or Context Group identifies similar information in
this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions support Context Groups.
Destination Port2 The Layer 4 destination port of the attack. If there are multiple destination
L4 ports, this field displays Multiple. In cases when DefensePro cannot
report a specific value, the field displays 0 (zero).
Physical Port2 The port on the device at which the attack packets arrived. In cases when
DefensePro cannot report a specific value, the field displays 0 (zero) or
Multiple.
Source MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version
3.0 and later.
Destination MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version
3.0 and later.
1 – For certain attacks, once DefensePro reports the attack, the Status value Occurred and
the Start Time value remain indefinitely. Such attacks include Packet Anomaly attacks
and DNS Flood attacks with ID 470. For example, suppose a new DefensePro device
starts identifying and handling a Packet Anomaly attack with Radware ID 105 with the
start time 20.02.2017 15:19:09. The attack subsides. One month later, the Defense-
Pro device starts identifying and handling another Packet Anomaly attack with Radware
ID 105. The Start Time value 20.02.2017 15:19:09 is reported. (For more informa-
tion on Packet Anomaly protection, see Configuring Global Packet Anomaly Protection,
page 1579. For more information on the DNS Flood attack with ID 470, see DefensePro
Attack-Protection ID Numbers, page 819.)
2 – This column is not displayed by default in the Current Attacks tab.
To display the column, click the (Table Settings) button and then select the relevant
checkbox. Click the button again to close the Table Settings list.
Attack Details
APSolute Vision displays an Attack Details tab when you double-click an attack in a Security
Monitoring Dashboard View.
APSolute Vision displays attack details for the following attacks:
• ACL (Black List) Details, page 609
• Anti-Scanning Details, page 609
• Bandwidth Management Details, page 612
• BDoS Attack Details, page 612
• DNS Flood Attack Details, page 615
• DoS Attack Details, page 617
• HTTP Flood Attack Details, page 618
• Intrusions Attack Details, page 620
• Packet Anomalies Attack Details, page 621
• Server Cracking Attack Details, page 621
• Stateful ACL Details, page 622
• SYN Flood Attack Details, page 623
• Traffic Filters Attack Details, page 624
For DefenseFlow Attack Details, only the Attack Details tab displays.
Each Attack Details tab includes two or more sub-tabs, which provide details on the attack. All
Attack Details tabs include the sub-tabs Attack Characteristics and the Attack Description. The
Attack Characteristics tab displays information that is also available in the hidden columns of the
Current Attacks Table. The Attack Description tab displays the information from the Attack
Descriptions file. An attack description is displayed only if the Attacks Description file has been
uploaded on the APSolute Vision server.
Notes
• To display hidden columns of the Current Attacks Table, click the (Table Settings) button and
then select the relevant checkbox. Click the button again to close the Table Settings list.
• For information about uploading the Attack Description file, see Managing and Updating the
Attack Descriptions File for DefensePro, page 116.
In addition to viewing the details of the attack, in each Attack Details tab, you can do the following:
• View sampled data from the attack—To do this, click the (View Sampled Data) button.
For more information, see Sampled Data Tab, page 625.
• Go to the policy that handled attack— To do this, click the (Go to Policy) button.
• Export the information in the in the Attack Details tab to a CSV file—To do this, click
the (CSV) button. Then, you can view the file or specify the location and file name.
• In DefensePro 8.x versions 8.13 and later, for DNS recursive attacks, view the list of
To do this, click the (Export Attack Capture Files) button, and enter a file name in the file
selection dialog box.
Notes
— You can send the CAP file to a packet analyzer.
— Up to 255 bytes of packet information is saved in the CAP file. That is, DefensePro and/or
DefenseFlow export full packets but APSolute Vision trims them to 255 bytes.
— The file is available only as long as it is displayed in the Current Attacks table.
— The file is created only if packet reporting is enabled in the protection configuration for the
profile that was violated.
— DefensePro exports only the last packet in a sequence that matches the filter. Furthermore,
if traffic matches a signature that consists of more than one packet, the reported packet will
not include the whole expression in the filter.
— For DoS attacks of very short duration, there might be no sampling or ongoing traps.
Consequently, for such attacks, there might be no sampled data or capture files. (For more
information, see DoS Attack Details, page 617.)
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port1 The physical port that the attack uses or used.
1 – This parameter is not resolved, and the value Multiple is always displayed.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Anti-Scanning Details
The set of Anti-Scanning Attack Details parameters and their location differs slightly depending on
the DefensePro version.
Parameter Description
Source L4 Port The source L4 port that the attack uses or used.
Protocol The protocol that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Total Packet Count The packet count that the attack uses or used.
Parameter Description
VLAN Tag / Context The Context Group that the attack uses or used.
MPLS RD N/A
Device IP Address The device IP address that the attack uses or used.
Avg. Time Between Probes The average time, in seconds, between scan events.
Number of Probes The number of scan events from the time the attack started.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
Parameter Description
Action The protection Action taken.
Action Reason Values:
• Configuration—The action is (or was) according to the
value in the Action field in the Anti-Scanning profile.
• Footprint-accuracy-level—There is (or was) insufficient
data for a footprint, because the Include in the
Footprint More than Source IP Address and
Protocol option is enabled in the Anti-Scanning profile.
• Multiple-probed-ports—Port scans are (or were)
monitored only (not blocked), because the Monitor but
Do Not Block Port Scans option is enabled in the Anti-
Scanning profile.
Blocking Duration The blocking duration, in seconds, of the attacker source IP
address.
Estimated Release Time (Local) The estimated release time of attacker in local time.
Parameter Description
DST IP The destination IP address of the scan.
DST L4 Port The destination port of the scan.
TCP Flag / Protocol Values:
• The TCP flag, for example, “ACK”—Displayed for TCP
scans.
• UDP—Displayed for UDP scans.
• ICMP—Displayed for ICMP scans.
Parameter Description
The footprint-blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Source L4 Port The source L4 port that the attack uses or used.
Protocol The protocol that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Total Packet Count The packet count that the attack uses or used.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
VLAN Tag / Context The VLAN Tag class that the attack uses or used.
MPLS RD The MPLS RD that the attack uses or used.
Device IP Address The device IP address that the attack uses or used.
Parameter Description
Action The protection Action taken.
Action Reason Describes the difference between the configured action and
the actual action.
Blocking Duration The blocking duration, in seconds, of the attacker source IP
address.
Estimated Release Time (Local) The estimated release time of attacker in local time.
Avg. Time Between Probes The average time, in seconds, between scan events.
Number of Probes The number of scan events from the time the attack started.
Parameter Description
DST IP The destination IP address of the scan.
DST L4 Port The destination port of the scan.
TCP Flag / Protocol Values:
• The TCP flag, for example, “ACK”—Displayed for TCP
scans.
• UDP—Displayed for UDP scans.
• ICMP—Displayed for ICMP scans.
Parameter Description
The footprint-blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port1 The physical port that the attack uses or used.
1 – This parameter is not resolved, and the value Multiple is always displayed.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Note: Some fields can display multiple values, when relevant and available. The values that
these field display depend on the current stage of the attack. If a field is part of the dynamic
signature (that is, a specific value or values appear in all the attack traffic), the field displays the
relevant value or values.
Protocol The protocol that the attack uses or used.
Source L4 Port The source L4 port that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Packet Count The packet count of the attack.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
Parameter Description
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions support Context Groups.
MPLS RD The MPLS RD that the attack uses or used.
Device IP The device IP address that the attack uses or used.
TTL The TTL that the attack uses or used.
L4 Checksum The L4 checksum that the attack uses or used.
TCP Sequence Number The TCP sequence number that the attack uses or used.
IP ID Number The IP ID number that the attack uses or used.
Fragmentation Offset The fragmentation offset that the attack uses or used.
Fragmentation Flag The fragmentation flag that the attack uses or used. 0 indicates that
fragmentation is allowed. 1 indicates that fragmentation is not allowed.
Flow Label (IPv6 only) The flow label that the attack uses or used.
ToS The ToS that the attack uses or used.
Packet Size The packet size that the attack uses or used.
ICMP Message Type The ICMP message type that the attack uses or used.
(This is displayed only if
the protocol is ICMP.)
Source IP The source IP address that the attack uses or used.
Destination IP The destination IP address that the attack uses or used.
Source Ports The source ports that the attack uses or used.
Destination Ports The destination port that the attack uses or used.
DNS ID The DNS ID that the attack uses or used.
DNS Query The DNS query that the attack uses or used.
DNS Query Count The DNS query count that the attack uses or used.
Parameter Description
Packet Size Anomaly The statistical region of the attack packets.
Region The formula for the packet-size baseline for a policy is as follows:
{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/
NormalPPS)}
Values:
• Large Packets—The attack packets are approximately 15% larger
than the normal packet-size baseline for the policy.
• Normal Packets—The attack packets are within approximately 15%
either side of the normal packet-size baseline for the policy.
• Small Packets—The attack packets are approximately 15% smaller
than the normal packet-size baseline for the policy.
Parameter Description
State The state of the protection process.
Values:
• footprint analysis—BDoS protection has detected an attack and is
currently generating an attack footprint.
• footprint-applied—BDoS protection is blocking the attack based on
the generated footprint. Through a closed-feedback loop operation,
BDoS protection optimizes the footprint rule, achieving the
narrowest effective mitigation rule.
• burst-footprint-blocking (available only in 8.x versions 8.15 and
later)—BDoS protection is blocking the burst attack based on the
footprint generated by the previous states. This state remains until
the burst attack terminates or the specified Maximum Burst-
Attack Period is reached.
• footprint-is-overblocking (available only in 8.x versions 8.17.3 and
later)—BDoS protection started blocking the attack but stopped
three times after identifying an overblocking situation. This state
remains for 10 minutes, after which, BDoS protection generates
and implements a new footprint.
• non-attack—Nothing was blocked because the traffic was not an
attack. That is, no footprint was detected or the blocking strictness
level was not met.
Parameter Description
The footprint-blocking rule generated by the Behavioral DoS Protection, which provides the
narrowest effective blocking rule against the flood attack.
Parameter Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the
protocols: TCP (includes all flags), UDP, or ICMP.
Parameter Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which the
attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line
represents the normal adapted traffic baseline.
Parameter Description
This tab displays data only for DefensePro 8.x versions 8.15 and later, and only when the value of
the State parameter in the Info tab (see above) is burst-footprint-blocking.
Note: For information on burst-attacks protection, see the DefensePro documentation.
Burst Occurring Now Values: Yes, No
Current Burst Number The number of bursts since start of the attack.
Average Burst Duration The average duration, in hh:mm:ss format, of the bursts.
Average Time Between Bursts The average time, in hh:mm:ss format, between separate
bursts.
Average Burst Rate The average rate, in Kbps, of the bursts.
Max. Burst Rate The rate, in Kbps, of the biggest burst in this attack.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Note: In DefensePro 8.x versions 8.13 and later, the Attack Details tab includes the (View
Subdomains Whitelist) button. When the attack is a recursive attack, clicking the button opens a
table with the subdomains that match the attack footprint but DefensePro identifies as legitimate.
DefensePro can identify a subdomain as legitimate through automatic learning and by using manual
entries in the Subdomains Whitelist. For more information, see the section “Configuring DNS Flood
Protection Profiles” in the APSolute Vision online help.
Parameter Description
Note: Some fields can display multiple values, when relevant and available. The values that
these field display depend on the current stage of the attack. If a field is part of the dynamic
signature (that is, a specific value or values appear in all the attack traffic), the field displays the
relevant value or values.
Protocol The protocol that the attack uses or used.
Source L4 Port The source L4 port that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Packet Count The packet count of the attack.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions support Context Groups.
Parameter Description
MPLS RD The MPLS RD that the attack uses or used.
Device IP The device IP address that the attack uses or used.
TTL The TTL that the attack uses or used.
L4 Checksum The L4 checksum that the attack uses or used.
IP ID Number The IP ID number that the attack uses or used.
Packet Size The packet size that the attack uses or used.
Destination IP The destination IP address that the attack uses or used.
Destination Ports The destination ports that the attack uses or used.
DNS ID The DNS ID that the attack uses or used.
DNS Query The DNS query that the attack uses or used.
DNS Query Count The DNS query count that the attack uses or used.
DNS An Query Count The DNS An query count that the attack uses or used.
Parameter Description
State The state of the protection process.
Mitigation Action The mitigation action.
Values:
• Signature Challenge
• Signature Rate Limit
• Collective Challenge
• Collective Rate Limit
Parameter Description
The footprint-blocking rule that the Behavioral DoS Protection generated. The footprint-blocking
rule provides the narrowest effective blocking rule against the flood attack.
Parameter Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the DNS
query types: A, MX, PTR, AAAA, Text, SOA, NAPTR, SRV, Other.
Parameter Description
The graph displays a snapshot of the relevant traffic type for the 15-second period during which
the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue
line represents the normal adapted traffic baseline.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Note: For DoS attacks of very short duration, there might be no sampling or ongoing traps.
Consequently, for such attacks, there might be no sampled data or capture files.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Packet Count The packet count of the attack.
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions support Context Groups.
MPLS RD The MPLS RD that the attack uses or used.
Device IP The device IP address that the attack uses or used.
Parameter Description
Action The Action that the protection took for the attack traffic, for example:
Drop.
Attacker IP The IP address of the attacker.
Protected Host The protected host.
Protected Port The protected port.
Attack Duration The duration of the attack.
Current Packet Rate The current packet rate.
Average Packet Rate The average packet rate.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Note: Some fields can display multiple values, when relevant and available. The values that
these field display depend on the current stage of the attack. If a field is part of the dynamic
signature (that is, a specific value or values appear in all the attack traffic), the field displays the
relevant value or values.
Protocol The protocol that the attack uses or used.
Source L4 Port The source L4 port that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Packet Count The dropped packet count of the attack.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
VLAN The VLAN that the attack uses or used.
MPLS RD The MPLS RD that the attack uses or used.
Device IP The device IP address that the attack uses or used.
Parameter Description
Protection State The state of the protection process.
Values:
• Characterization—The protection module is analyzing the
attack footprint.
• Mitigation—The protection module is mitigating the attack
according to the profile configuration.
• Suspicious Activities—The protection module identified the
attack but cannot mitigate it.
Mitigation Flow The configuration of the mitigation flow for the profile.
Values:
• Default—The mitigation flow for the profile is configured to
use all three mitigation actions, which are selected by
default: 1-Challenge Suspects, 2-Challenge All, 3-Block
Suspects.
• Customized—The mitigation flow for the profile is not
configured to use all three mitigation actions.
Parameter Description
Action The current action that protection module is using to mitigate the
attack.
Values:
• Challenge Suspected Attackers—The protection module is
challenging HTTP sources that match the real-time signature.
• Challenge All Sources—The protection module is challenging
all HTTP traffic toward the protected server.
• Block Suspected Attackers—The protection module is
blocking all HTTP traffic from the suspect sources (that is,
sources that match the signature).
• No Mitigation—The protection module is in the Suspicious
Activities state and is not mitigating the attack.
Challenge Method The user-specified Challenge Mode: 302 Redirect or JavaScript.
Suspicious Sources The number of sources that the protection module suspects as
being malicious.
Challenged Sources The number of sources that the protection module has identified
as being attackers and is now challenging them.
Blocked Sources The number of sources that the protection module has identified
as being attackers and is now blocking them.
HTTP Authentication Table The percentage of HTTP Authentication Table that is full.
Utilization [%]
Parameter Description
Source IP address The source IP addresses mitigated as attackers. Up to 40
different IP addresses can be viewed.
Note: When the HTTP flood attack is widely distributed,
meaning more than 1000 source IP addresses, the system
does not use any source IP addresses in the blocking rule. This
mitigation occurs only if the URI Only blocking mode option is
enabled.
Request URI The HTTP request URIs that took part in the HTTP flood attack
and were mitigated.
Bypassed / Blocked Usually, the value that is displayed is Blocked. Only when one of
HTTP request URIs was configured to be bypassed, is the value
Bypassed.
Parameter Description
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines.
Table columns:
• Statistic Type—Anomaly or Normal
• Get and Post Requests/sec
• Other HTTP Requests/sec
• Outbound Kbps
• GET and POST per source/sec
• GET and POST per connection
Parameter Description
The graph displays the HTTP request URI size distribution. The y-axis shows the number of HTTP
requests per second that refers to GET and POST request methods, and the x-axis shows the
Request URI size in bytes. The blue line represents the normal expected HTTP request rates and
the orange line represents the real-time rate values identified when the attack was triggered.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port1 The physical port that the attack uses or used.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port1 The physical port that the attack uses or used.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Caution: Server Cracking attack details do not include information for DNS brute-force attacks.
Parameter Description
Protocol The protocol that the attack uses or used.
Source L4 Port The Source L4 Port that the attack uses or used.
Physical Port The Physical Port that the attack uses or used.
Packet Count The Packet Count that the attack uses or used.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
VLAN The VLAN that the attack uses or used.
MPLS RD The MPLS RD that the attack uses or used.
Device IP The Device IP that the attack uses or used.
Parameter Description
Blocking Duration The blocking duration, in seconds, of the attacker source IP
address.
Estimated Release Time The estimated release time of attacker in local time.
Avg. Time Between Probes The average time between scan events in seconds.
Number of Probes The number of scan events from the time the attack started.
Parameter Description
Requests Details When a server-cracking attack is detected, DefensePro sends, to
the management system, sample suspicious “attacker” requests
in order to provide more information on the nature of the attack.
The sample requests are sent for the protocols or attacks.
Values:
• Web Scan—Sample HTTP requests.
• Web Cracking—Username and Password.
• SIP—SIP user (SIP URI).
• FTP—Username (if sent in the same request) and Password.
• POP3—Username (if sent in the same request) and Password.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port 1 The physical port that the attack uses or used.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Parameter Description
Protocol The protocol that the attack uses or used.
Physical Port The physical port that the attack uses or used. If the
configuration of the Protection policy includes no value for Port
Group, the field displays Multiple.
Packet Count The packet count of the attack.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions support Context
Groups.
MPLS RD The MPLS RD that the attack uses or used.
Parameter Description
The information is displayed when the protection action is blocking mode.
Caution: If SYN Flood Protection is configured with report-only mode, the fields Average
Attack Rate, Attack Threshold, and Attack Volume display 0 (zero).
Average Attack Rate The average rate of spoofed SYNs and data connection attempts
per second, calculated every 10 seconds.
Attack Threshold The configured attack trigger threshold, in half connections per
second.
Attack Volume The number of packets from spoofed TCP connections during the
attack life cycle (aggregated). These packets are from the
sessions that were established through the SYN-cookies
mechanism or were passed through the SYN Flood Protection
trusted list.
Attack Duration The duration, in hh:mm:ss format, of the attack on the protected
port.
TCP Challenge The Authentication Method that identified the attack: Transparent
Proxy or Safe-Reset.
HTTP Challenge The HTTP Authentication Method that identified the attack: 302-
Redirect or JavaScript.
Table 489: SYN Flood Attack Details: Authentication Lists Utilization Parameters
Parameter Description
TCP Auth. List The current utilization, in percent, of the TCP Authentication
table.
HTTP Auth. List The current utilization, in percent, of the HTTP Authentication
table.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Note: For information on Traffic Filters, see the section “Configuring DNS Flood Protection Profiles”
in the APSolute Vision online help.
Parameter Description
Filter Name The name of the Traffic Filter that matched the traffic.
Filter ID The Radware ID of the Traffic Filter that matched the traffic.
Note: The ID is a hyperlink to the configuration of the Traffic
Filter.
Protocol The protocol of the traffic that the Traffic Filter matched.
Source Network The source network of the traffic that the Traffic Filter matched.
Source Port The source port of the traffic that the Traffic Filter matched.
Destination Network The destination network of the traffic that the Traffic Filter
matched.
Destination Port The destination port of the traffic that the Traffic Filter matched.
Device IP The IP address of the DefensePro device with the Traffic Filter that
matched the traffic.
Parameter Description
Total Attack Packets The total number of packets that match or matched the Traffic
Filter.
Attack Packets Rate (pps) The rate, in packets/second, of packets that match or matched the
Traffic Filter.
Total Attack Data (Kbits) The total volume, in Kbits, of traffic that matches or matched the
Traffic Filter.
Parameter Description
Attack Bandwidth (Kbps) The bandwidth, in Kbits/second, of traffic that matches or matched
the Traffic Filter.
Parameter Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Notes
• This feature is not supported on OnDemand Switch 2 S2 (DefensePro 1016 IPS & Behavioral
Protection - DME).
• APSolute Vision stores sampled attack data, which includes the source and destination
addresses of the sampled packets. This information reflects a sampling of the attack packets; it
does not reflect the full attack data. For example, it is possible that the source IP addresses of
the sampled data do not include all of the source addresses of the attack.
The table in the Sampled Data tab comprises the following columns:
• Time
• Source Address
• Source L4 Port
• Destination Address
• Destination L4 Port
• Protocol
• VLAN / Context
• MPLS RD
• Physical Port
You can export some rows of the table in the Sampled Data dialog box to a CSV file.
Notes
• On DefensePro devices that do not support the Device Operation Mode feature, the traffic is
calculated according to the selected port pairs.
• For DefensePro devices that support the Device Operation Mode feature:
— When Device Operation Mode is Transparent, the traffic is calculated according to the
selected port pairs.
— When Device Operation Mode is IP, the traffic is calculated according to the selected
ports.
— When you are viewing multiple DefensePro devices in the Security Monitoring perspective,
the table displays both port pairs and single ports as appropriate.
You can also view graphs of connection rates and concurrent connections based on data from the
Session table.
By default, all traffic is presented in these graphs and tables. In each graph, you can filter the
display by protocol or traffic direction, but not for concurrent connections.
For DefensePro 6.x and 7.x versions, the Connection Statistics are displayed only when the Session
Table Lookup Mode is Full L4 or L4 Excluding VLAN.
You can monitor the following traffic information in the Traffic Monitoring tab:
• Viewing the Traffic Utilization Report, page 627
• Viewing the Connection Rate Report, page 633
• Viewing the Concurrent Connections Report, page 635
• Viewing the Top Queried Domain Names Report, page 635
Caution: When the value of the Scope parameter is Devices/Policies (see Table 494 - Traffic
Utilization Report: Display Parameters for Graph and Table, page 628), during the Update
Policies process, the Statistics Graph momentarily displays Traffic Utilization as 0 (zero).
Caution: When the Scope is Devices/Policies, the Last Sample Statistics table displays
Outbound statistics only when the Direction of the Protection policy is Two Way.
Tip: To get the current traffic rate in packets or bytes per second (calculated as the average rate in
15 seconds), you can use the following CLI command on the DefensePro device:
dp rtm-stats get [port number]
Caution: When the Scope is Devices/Policies, the Traffic Utilization Report does not include
inbound traffic that the Black List module blocked. This is because the Black List module processes
traffic before the classification of a Protection policy.
Caution: In DefensePro 6.x and 7.x versions, when traffic-utilization rates are above 13M PPS, the
Traffic Utilization Report may show less traffic than DefensePro actually received.
Notes
• For packets received through the 1G, 10G, or 40G ports, packet-size information and counters
do not account for the CRC.
• The Traffic Utilization Report and the statistical traffic information that Protection Monitoring
provides are based on different counters. (For information on the statistical traffic information
that Protection Monitoring provides, see Protection Monitoring, page 637.)
Table 494: Traffic Utilization Report: Display Parameters for Graph and Table
Parameter Description
Scope Using DefensePro, the Scope table displays the physical ports or the
(link, which displays Protection policies that the Traffic Utilization Report displays.
the table) By default, the Scope is Any Port or Any Policy—depending on the
specified value in the Scope drop-down list. That is, by default, the Traffic
Utilization Report displays all the information.
Using DefenseFlow, the Scope table displays the Protected Objects or the
Security policies that the Traffic Utilization Report displays. By default, the
Scope is Any Protected Object.
To control the scope of the information that the report shows for DefensePro,
see the procedure To control the scope of the information that the report
shows for DefensePro, page 629.
Caution: The scope for DefensePro platforms without the DME can be
only according to physical ports, not Protection policies.
Table 494: Traffic Utilization Report: Display Parameters for Graph and Table (cont.)
Parameter Description
Display Last How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Scope The scope of the graph view.
(drop-down list) Values:
(This parameter is • Devices/Physical Ports—The graph shows traffic according to physical
not available in ports on the specified device.
DefenseFlow and is
not available in • Devices/Policies—The graph shows traffic according to Protection
DefensePro version policies on the specified device.
6.x and 7.x Default: Devices/Physical Ports
platforms without
the DME.)
Units The units for the traffic rate.
Values:
• Kbps—Kilobits per second
• Packet/Sec—Packets per second
To control the scope of the information that the report shows for DefensePro
1. Click . A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columns—according to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
2. Do one of the following:
— To limit the physical ports or Protection policies that the report displays, select the
corresponding checkboxes.
— To display the information for all the currently relevant physical ports or Protection policies,
click in the top-left table cell, and then, select Select All.
— To display all the information in the database, even information that is not associated with a
specific port or specific Protection policy, click in the top-left table cell, and then, select
Select None.
Table 495: Traffic Utilization Report: Filter Parameters for the Traffic Statistics Graph
Parameter Description
Direction The traffic that the graph shows.
Values:
• Inbound—Show inbound traffic.
• Outbound—Show outbound traffic.
• Both—Show inbound and outbound traffic. Data for inbound and
outbound are displayed as separate lines, not as totals.
Note: The direction of traffic between a pair of ports is defined by the
In Port setting in the port pair configuration.
Protocol The traffic protocol to display.
Values:
• TCP—Show the statistics of the TCP traffic.
• UDP—Show the statistics of the UDP traffic.
• ICMP—Show the statistics of the ICMP traffic.
• IGMP—Show the statistics of the IGMP traffic.
• SCTP—Show the statistics of the SCTP traffic.
• Other—Show the statistics of the traffic that is not TCP, UDP, ICMP,
IGMP, or SCTP.
• All—Show total traffic statistics.
Caution: When the Scope is Devices/Policies, the Other traffic does
not include IPsec traffic.
Parameter Description
Protocol The protocol of the statistics displayed in the row.
Values: HTTP, TCP, DNS
Note: The HTTP row is not relevant for DefensePro 8.x
versions earlier than 8.10.
Current Attacks The number of attacks currently in the device.
Authentication Table Utilization % The percentage of the Authentication Table that is full.
Challenges Rate The rate, in PPS, that the device is sending challenges.
Parameter Description
Protocol The traffic protocol.
Values:
• TCP
• UDP
• ICMP
• IGMP
• SCTP
• Other—The statistics of the traffic that is not TCP, UDP, ICMP, IGMP, or
SCTP.
• All—Total traffic statistics.
Caution: When the Scope is Devices/Policies, the Other traffic does
not include IPsec traffic.
Inbound The amount of inbound traffic for the protocol identified in the row.
Outbound The amount of outbound traffic for the protocol identified in the row.
(This parameter is
available only in
DefensePro.)
Discarded Inbound The amount of discarded inbound traffic for the protocol identified in the row.
Discarded Outbound The amount of discarded outbound traffic for the protocol identified in the
(This parameter is row.
available only in
DefensePro.)
Clean The amount of clean traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Dropped The amount of traffic dropped traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Diverted The amount of traffic diverted traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Discard % The percentage of discarded traffic for the protocol identified in the row.
Excluded Inbound The amount of excluded inbound traffic for the protocol identified in the row.
Excluded Outbound The amount of excluded outbound traffic for the protocol identified in the
(This parameter is row.
available only in
DefensePro.)
Parameter Description
Scope The physical ports and the Protection policies that the Connection Rate
(link, which displays Report shows.
the table) By default, the Scope is Any Port or Any Policy (depending on the
specified value in the Scope drop-down list). That is, by default, the
Connection Rate Report displays all the information.
To control the scope of the information that the report shows, see the
procedure To control the scope of the information that the report shows,
page 634.
Caution: The scope for DefensePro platforms without the DME can be
only according to physical ports, not Protection policies.
Display Last How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Scope The scope of the graph view.
(link, which displays Values:
the table)
• Devices/Physical Ports—The graph shows traffic according to physical
ports on the specified device.
• Devices/Network Policies—The graph shows traffic according to
Protection policies on the specified device. This graph is available only on
DefensePro 20, 60, 110, 200, 220, 400, x420, and x4420 devices, and
x412 devices with the DME.
Default: Devices/Physical Ports
Caution: In 8.x versions, the Connection Rate Report works only when
the Scope is Devices/Network Policies.
Parameter Description
Direction Values:
• Both—Show both inbound traffic and outbound traffic. Data for inbound
and outbound are displayed as separate lines, not as totals.
• Inbound—Show only inbound traffic.
• Outbound—Show only outbound traffic.
Note: The direction of traffic between a pair of ports is defined by the In
Port setting in the port pair configuration.
Protocol The traffic protocol to display.
When you select All, total traffic statistics are displayed.
Select Port Pair Opens the Select Port Pairs dialog box. Select the port pairs relevant for the
(button) network topology by moving the required port pairs to the Selected Port
(This button is Pairs list. All other port pairs should be in the Available Port Pairs list.
displayed only when Note: You can select port pairs for each direction; however, Radware
the Scope is recommends that you select a port pair in one direction only, and display
Devices/Physical traffic for both directions, if required. If you select port pairs in both
Ports.) directions, and traffic for both directions, the graph will display the same
traffic twice.
Select Policies Opens the Select Policies dialog box. Select the Protection policies relevant
(This button is for the network topology by moving the required policies the Selected
displayed only when Policies list.
the Scope is
Devices/Policies.)
1. Click . A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columns—according to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
2. Do one of the following:
— To limit the physical ports or Protection policies that the report displays, select the
corresponding checkboxes.
— To display the information for all the currently relevant physical ports or Protection policies,
click in the top-left table cell, and then, select Select All.
— To display all the information in the database, even information that is not associated with a
specific port or specific Protection policy, click in the top-left table cell, and then, select
Select None.
Note: For packets received through the 1G, 10G, or 40G ports, packet-size information and
counters do not account for the CRC.
Parameter Description
Display Last How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Protocol The traffic protocol to display.
When you select All, total traffic statistics are displayed.
Note: For more information, see the section “Configuring DNS Flood Protection Profiles” in the
APSolute Vision online help.
Every 10 minutes, DefensePro sends APSolute Vision data about sampled DNS packets, and
APSolute Vision recalculates the values and the display of the Top Queried Domain Names Report.
Parameter Description
Scope The Protection policy whose 10 most-queried DNS domain names the tab
(drop-down list) displays.
Table 501: Top Queried Domain Names Report: Display Parameters (cont.)
Parameter Description
Display Last Determines the following:
• The period for the calculation of the 10 most-queried DNS domain
names (the bar graphs and the displayed values)
• The time range of the x-axis in the line graph (for a selected domain)
Values:
• 10 Minutes
• 1 Hour
• 12 Hours
• 24 Hour
Default: 10 Minutes
Protection Monitoring
Protection Monitoring provides the real-time traffic monitoring per network policy, either for the
network as a whole—if BDoS Protection is configured, or for DNS traffic—if DNS Flood Protection is
configured. The statistical traffic information that Protection Monitoring provides can help you better
understand the traffic that flows through the protected network, how the configured protection is
working, and, most importantly, how anomalous traffic is detected.
For information about displaying protection information for a selected device, see the following:
• Displaying Attack Status Information, page 637
• Monitoring the Traffic Under BDoS Protection, page 638
• Monitoring the Traffic Under DNS Flood Protection, page 641
Note: The statistical traffic information that Protection Monitoring provides and Traffic Utilization
Report are based on different counters. (For information on the Traffic Utilization Report, see
Viewing the Traffic Utilization Report, page 627.)
— IPv6-TCP
— IPv6-UDP
— IPv6-ICMP
— IPv6-DNS
3. When an attack icon is displayed in the table, click the icon to display the corresponding attack
traffic information.
Caution: When traffic matches multiple Protection policies with Out-of-State protection, the value
that APSolute Vision displays for the total dropped traffic represents the sum of all dropped traffic for
all relevant Protection policies. This is because when traffic matches multiple Protection policies with
Out-of-State protection, all those Protection policies count the same dropped traffic.
Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and
therefore, points on the curves might diverge from the exact values.
Note: When using DefenseFlow, the BDoS Traffic Monitoring reports are populated with data only if
the DefenseFlow detector type is set to BDoS Detector. For more information on DefenseFlow
detection parameters, see Detection, page 2082.
To display traffic information for a Protection policy that includes BDoS protection
1. In the Security Monitoring perspective, select the device to monitor.
2. Select Protection Monitoring > BDoS Traffic Monitoring Reports.
3. Configure the general parameters for the display of the BDoS Traffic Statistics graph and Last
Sample Statistics table.
Parameter Description
Scope The Protection policy. The list only displays policies that are configured with
a BDoS profile.
Display Last How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Parameter Description
Direction The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units The unit according to which the Statistics Graph and Last Sample Statistics
table display the traffic.
Values:
• Kbps—Kilobits per second
• Packets/Sec—Packets per second
Parameter Description
IP Version The IP version of the traffic that the graph displays.
Values: IPv4, IPv6
Protection Type The protection type to monitor.
Values:
• TCP ACK FIN • TCP SYN
• TCP FRAG • SYN ACK
• TCP RST • TCP FRAG
• TCP SYN • TCP RST
• TCP SYN ACK • TCP ACK FIN
• UDP • UDP
• ICMP • UDP FRAG
• IGMP • ICMP
• UDP FRAG • Other IP
• TCP
For DefenseFlow, only the following protection types are available:
• UDP
• ICMP
• TCP
• Other
Scale The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status (Read-only) The status of the attack.
Line Description
Total Traffic The total traffic that the device sees for the specific protection type
( dark blue) and direction.
Legitimate Traffic The actual forwarded traffic rate, after DefensePro managed to block
( light blue) the attack.
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
Normal Edge The statistically calculated baseline traffic rate.
( dashed green)
Suspected Edge The traffic rate that indicates a change in traffic that might be an
( dashed orange) attack.
Caution: DefensePro reports the Suspected Edge in Kbps only. The
graph displays the Suspected Edge only when the Scope parameter
Units is Kbps (see Table 506 - DNS Traffic Monitoring Reports:
General Parameters, page 641). When the Scope parameter Units
is Packets/Sec, the graph does not display the Suspected Edge.
Attack Edge The traffic rate that indicates an attack.
( dashed red) Caution: DefensePro reports the Attack Edge in Kbps only. The
graph displays the Attack Edge only when the Scope parameter
Units is Kbps (see Table 506 - DNS Traffic Monitoring Reports:
General Parameters, page 641). When the Scope parameter Units
is Packets/Sec, the graph does not display the Attack Edge.
Parameter Description
Traffic Type The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline The normal traffic rate expected by the device.
Total Traffic The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion % An indication for the rate invariant baseline—that is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion % The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic The actual forwarded traffic rate, after the device blocked the attack.
(This parameter is When there is no attack, the RT Rate and Legitimate Rate are equal.
not available in
DefenseFlow.)
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
(This parameter is relative to other types of traffic, after the device blocked the attack.
not available in
DefenseFlow.)
Parameter Description
Traffic Peak Peak traffic value, in bps, to use in case of a manual action without attack
(This parameter is volume information available.
available only in
DefenseFlow.)
Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or
greater signifies an attack.
Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and
therefore, points on the curves might diverge from the exact values.
To display traffic information for a Protection policy that includes DNS Flood Protection
1. In the Security Monitoring perspective, select the device to monitor.
2. Select Protection Monitoring > DNS Traffic Monitoring Reports.
3. Configure the general parameters for the display of the Statistics Graph and Last Sample
Statistics table.
Parameter Description
Scope The Protection policy. The list only displays rules configured with a DNS
profile.
Direction (Read-only) The direction of the traffic that the Statistics Graph and Last
Sample Statistics table display.
Value: Inbound
Units (Read-only) The unit according to which the Statistics Graph and Last
Sample Statistics table display the traffic.
Value: QPS—Queries per second
Parameter Description
IP Version The IP version of the traffic that the graph displays.
Values: IPv4, IPv6
Parameter Description
Protection Type The DNS query type to monitor.
Values:
• Other
• Text
• A
• AAAA
• MX
• NAPTR
• PTR
• SOA
• SRV
Scale The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status (Read-only) The status of the attack.
Line Description
Total Traffic The total traffic that the device sees for the specific protection type
( dark blue) and direction.
Legitimate Traffic The actual forwarded traffic rate, after DefensePro managed to block
( light blue) the attack.
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
Suspected Edge1 The traffic rate that indicates a change in traffic that might be an
attack.
( dashed orange)
1 – This line is not displayed if the protection is configured to use a footprint bypass or man-
ual triggers.
DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and Later
The Last Sample Statistics tab for DefensePro 8.x versions 8.13 and later is divided into panels for
each of the DNS query types.
Note: For more information, see the section “Configuring DNS Flood Protection Profiles” in the
APSolute Vision online help.
Figure 73: DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and Later—Example
Showing the “A” Panel
The query type whose information the panel shows.
Table 509: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later
Parameter Description
Query Type The DNS query type.
Values:
• A
• AAAA
• MX
• NAPTR
• Other
• PTR
• SOA
• SRV
• Text
Degree of Attack A gauge with a color representation of the DefensePro Degree of Attack
(gauge) (DoA) value for the specific query type. Green represents the Normal status.
Orange represents the Suspect status. Red represents the Attack status.
General rate statistics
Total Traffic The total rate of traffic, in QPS, that the DefensePro device sees for the
specific query type.
Legitimate Traffic The actual forwarded traffic rate, in QPS, for the specific query type, after
the device blocked the attack.
Note: When there is no attack, the Total Traffic and Legitimate Traffic
values are equal.
Table 509: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later (cont.)
Parameter Description
Baseline The normal rate of traffic, in QPS, expected by the DefensePro device for the
specific query type. Each query type has a baseline that the device learns
automatically.
Rate-invariant statistics—query-type distribution (on the left side of the panel)
Baseline Portion % An indication of the rate-invariant baseline—that is, the normal percentage
of the specific query type out of all other DNS traffic in the same direction.
Current Portion % The actual percentage of the specific traffic type relative to all other DNS
traffic in the same direction.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified query
type relative to other types of queries, after the device blocked the attack.
Rate-invariant statistics—FQDN Randomization Level (on the right side of the panel)
Baseline Portion % An indication of the FQDN Randomization Level baseline—that is, the normal
randomness level, in percent, of FQDNs i the DNS queries of the specific
query type.
Current Portion % The actual percentage, representing the FQDN Randomization Level within
the DNS queries of the specific query type.
Legitimate Portion % The actual FQDN Randomization Level, in the forwarded traffic after the
device blocked the attack.
DNS Last Sample Statistics—for all Versions Other than 8.x Versions 8.13 and Later
The following table describes the parameters of the Last Sample Statistics tab for all DefensePro
versions other than DefensePro 8.x versions 8.13 and later.
Table 510: Last Sample Statistics Parameters for All DefensePro Versions Other than
DefensePro 8.x Versions 8.13 and Later
Parameter Description
Traffic Type The query type. Each specific query type and direction has a baseline that
the device learns automatically.
Baseline The normal traffic rate expected by the device.
Total Traffic The total traffic rate that the DefensePro device sees for the specific query
type and direction.
Baseline Portion % An indication for the rate-invariant baseline—that is, the normal percentage
of the specific query type out of all other traffic in the same direction.
RT Portion % The actual percentage of the specific query type relative to all other traffic in
the same direction.
Legitimate Traffic The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of queries, after the device blocked the attack.
Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or
greater signifies an attack.
HTTP Reports
This feature is functional only in DefensePro 6.x and 7.x versions.
This feature is not functional in DefensePro 8.x versions.
HTTP Mitigator protection monitors rate-based and rate-invariant HTTP traffic parameters, learns
them, and generates normal behavior baselines accordingly.
Note: DefensePro examines the number and rate of HTTP requests. Thus, when HTTP pipelining is
used, the detection mechanism remains accurate.
You can monitor real-time and historical (normal baseline) values, and analyze HTTP traffic
anomalies using the following reports:
• Monitoring Continuous Learning Statistics, page 645
• Monitoring Hour-Specific Learning Statistics, page 646
• HTTP Request Size Distribution, page 647
Channel Description
GET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Requests Rate per Source The maximum rate of HTTP GET and POST requests per second
per source IP address.
This parameter characterizes the site users’ behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Legitimate users may generate many requests per second, but
automatic devices such as bots or scanners generate many
more.
Channel Description
Requests per Connection The maximum number of HTTP GET and POST requests per TCP
connection.
This parameter characterizes the site users’ behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Many requests over a single TCP connection may indicate bot or
scanner activity.
Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP servers
sending the responses.
Note: Normal Requests per Source and Requests per Connection baseline parameters show the
highest number of HTTP requests generated by a single source IP address and TCP connection
respectively. This number fades out, unless a higher value is observed, within about 30 seconds.
Parameter Description
Server The name of the protected Web server for which to display HTTP traffic
statistics.
Display Last The last number of hours for which the graph displays information.
Values: 1, 2, 3, 6, 12, 24
Default: 1
The Hour-Specific Learning Statistics reports display normal traffic baselines for the last week. You
can view the hourly distribution of the site requests and outbound HTTP traffic for each day in the
past week and for each hour in a day.
The normal baseline for each hour in the week is calculated based on historical information for the
specific hour in the day and the specific day of the week over the past 12 weeks. The graph is
updated every hour.
The HTTP Mitigator learns the baseline traffic, and, based on these statistics, reports attacks based
on abnormal traffic.
Channel Description
GET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP pages sent
as responses.
Parameter Description
Server The protected server for which to display information.
Scale The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Caution: Radware recommends strongly that the system administrator follow the recommended
basic security procedures. The basic security procedure use the APSolute Vision CLI and affect
access to the APSolute Vision CLI. For more information, see Recommended Basic Security
Procedures, page 73 and System User Password Commands, page 720.
All configuration changes that are made using CLI commands are sent to the APSolute Vision server
audit log.
This chapter contains the following sections:
• Accessing APSolute Vision CLI, page 649
• Command Syntax Conventions, page 650
• Main CLI Menu, page 651
• General CLI Commands, page 651
• Network Configuration Commands, page 653
• System Commands, page 662
• Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2
Platform, page 722
• Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute Vision,
page 723
You can access the APSolute Vision CLI using a serial cable and terminal emulation application, or
from an SSH client.
Terminal settings for the APSolute Vision server are as follows:
• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
• APSolute Vision CLI uses Control-? (127) for the Backspace key.
• When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes
for idle connections. If an SSH connection is idle for five minutes, APSolute Vision terminates the
session.
• Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that your
SSH client does not attempt GSSAPI authentication.
Command Description
exit Logs out of the APSolute Vision CLI session. For more information, see exit,
page 651.
help Displays help for menus and commands. You can also use the ? key. For more
information, see help, page 652.
history Displays a history of previously run commands. For more information, see
history, page 652.
net Commands to display and configure network interface settings and IP routing.
For more information, see Network Configuration Commands, page 653.
ping Pings a host on the network to test its availability. For more information, see
ping, page 652.
reboot Stops all processes and then reboots the APSolute Vision server. For more
information, see reboot, page 652.
shutdown Stops all processes and then shuts down the APSolute Vision server. For more
information, see shutdown, page 653.
system System commands for the APSolute Vision server. For more information, see
System Commands, page 662.
grep Selects lines containing a match for the specified regular expression. For more
information, see grep, page 653.
more Paginates command output. For more information, see more, page 653.
exit
Logs out of the APSolute Vision CLI session.
Syntax
exit
help
Displays help for a command or menu. You can also use the ? key.
Examples
A net? displays help for the net menu.
B net management-ip? displays help for the net management-ip command.
Tip: To display the list of commands for a menu, enter the menu name and press Enter.
history
Displays a history of the previously run commands.
Syntax
history [-<num>]
Example
history | grep sys
Displays the history of commands containing the string sys.
ping
Pings a host on the network to test its availability.
Syntax
ping <IP_address> <N>
reboot
Stops all processes and then reboots the APSolute Vision server.
Syntax
reboot
shutdown
Stops all processes and then shuts down the APSolute Vision server.
Syntax
shutdown
grep
Selects lines containing a match for the specified regular expression. You can use this command only
concatenated to other commands that produce output.
Syntax
| grep <regexp>
Tip: Use this command with history and timezone list commands to filter output.
more
Paginates command output. You can use this command only concatenated to other commands that
produce output.
Syntax
| more
Tip: Use this command with history and timezone list commands to paginate output.
Note: For information on the ports opened by the APSolute Vision installation, see UDP/TCP Ports
and IP Protocols, page 833.
The net firewall commands comprise the following:
• net firewall open-port set
• net firewall open-port list
{open|close} The open argument in the command opens the port in the Required
firewall.
The close argument in the command closes a port that was
opened with the net firewall open-port set
<port_number> open command.
Note: After changing the configuration of a management port, G1 or G2—or G3 or G5, you must
restart the APSolute Vision server.
The net ip commands comprise the following:
• net ip set
• net ip delete
• net ip get
• net ip management set
net ip set
Configures an IP address for APSolute Vision server network interfaces.
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net ip set <IP_address> <netmask> {G1|G2|G3|G4|G5|G7}
{G1|G2|G3|G4|G5|G7} Specifies whether the interface is on port G1, G2, G3, G4, Required
G5, or G7.
net ip delete
Deletes an IP address from a port on the APSolute Vision server.
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net ip delete {G1|G2|G3|G4|G5|G7}
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server whose IP address Required
will be deleted.
net ip get
Displays the MAC addresses and other information about the configured network interfaces.
Syntax
net ip get
Notes
• When APSolute Vision is running as a virtual appliance (VA), you can connect to the APSolute
Vision server (with the client, SSH/Telnet, and so on) through ports G1, G2, and G3.
• When APSolute Vision is running on an OnDemand Switch VL (ODS-VL) platform, you can
connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G1
and G2.
• When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, you can
connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G3,
G5, and G7.
Syntax
net ip management set {G1|G2|G3|G5}
Syntax
net nat get
Caution: The specified IP address must be routable from the client machine.
Syntax
net nat set ip <IP address>
<IP address> The IP address of the APSolute Vision server from an external Required
network.
Examples
A net physical-interface set G1 autoneg on
B net physical-interface set G2 speed 1000 autoneg off
C net physical-interface set G1 duplex half speed 10 autoneg off
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net route set host <host_ip> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant
only for APSolute Vision
VA).
Optional for all ports except
G4.
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant
only for APSolute Vision
VA).
Optional for all ports
except G4.
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4. G4 is not
relevant for the net route set default command.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net route set default <gateway_ip> [dev {G1|G2|G3|G5|G7}]
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net route delete <net_ip> <netmask> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]
{G1|G2|G3|G4|G5|G7} The physical port on the APSolute Vision server. Required for G4
(relevant only for
APSolute Vision VA).
Optional for all ports
except G4.
System Commands
The system menu includes the following system commands and command types for the APSolute
Vision server:
• System APM Commands, page 663
• system audit-log export, page 663
• System APSolute Vision Server Commands, page 665
• System Backup Commands, page 665
• system cleanup, page 681
• System Configuration-Synchronization Commands, page 681
• System Database Commands, page 686
• System Date Commands, page 688
• System DF Commands, page 689
• System DPM Commands, page 690
• System Exporter Commands (Event Exporter), page 695
• system hardware status get, page 700
• System Hostname Commands, page 700
• System LLS Commands, page 701
• System NTP Commands, page 705
• system rpm list, page 707
• System SNMP Commands, page 707
• System SSL Commands, page 709
• system statistics, page 712
• System Storage Commands, page 712
• System TCP Capture Commands, page 713
• System Backup Technical-Support Commands, page 677
• System Terminal Commands, page 715
• System Timezone Commands, page 716
• System Upgrade Commands, page 717
Note: For more information on APSolute Vision server with APM server VA, see the APSolute Vision
Installation and Maintenance Guide and the Application Performance Monitoring Troubleshooting and
Technical Guide.
The system apm commands comprise the following:
• system apm clear, page 663
• system apm shell, page 663
Note: From the APM shell, the exit command returns the CLI session to the APSolute Vision shell.
Syntax
{all|<yyyy-MM-dd>} Specify all to export all entries, or specify the start date of Required
records to export. The start date must be in yyyy-MM-dd
format.
Note: Enabling the APSolute Vision Reporter service requires restarting APSolute Vision Collector
service.
Syntax
system avr start
Note: Disabling the APSolute Vision Reporter service requires restarting the APSolute Vision
Collector service.
Syntax
system avr disable
Note: For information on the storage location, see System Storage Commands, page 712.
Each backup includes the following:
• The APSolute Vision system configuration
• The local users
• The managed devices
• The host IP addresses in the database-viewer list
• The vDirect database file
The backup config create command does not back up the following:
• The password of the radware user of the APSolute Vision server appliance
• The IP address/es of the APSolute Vision server appliance
• The DNS address/es of the APSolute Vision server appliance
• The network routes of the APSolute Vision server appliance
• Attack data
The system stores up to five configuration-backup iterations. After the fifth configuration-backup,
the system deletes the oldest one.
Syntax
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup config export <configName> <protocol>://<user>@<server>:/<path/
to/directory>/<filename>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup config import <protocol>://<user>@<server>:/<path/to/
directory><filename>
Syntax
system backup config info <configName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup config list
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
system backup config restore <configName> [-retainlicenses]
Note: For information on the storage location, see System Storage Commands, page 712.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Caution: The system backup does not include AVR or DPM data.
Syntax
system backup full create <backupName> [description]
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup full delete <backupName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup full export <backupName> <protocol>://<user>@<server>:/<path/
to/directory>/<filename>
<filename> The filename of the backup in the export directory, which Required
may be different from the backupName.
Note: For information on the storage location, see System Storage Commands, page 712.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
system full backup import <protocol>://<user>@<server>:/<path/to/
directory><filename>
<filename> The name of the backup in the export directory, which may Required
be different from the backupName.
When the file is imported, the filename reverts to the
backupName, that is, the name that was used when the
backup was created.
Syntax
system backup full info <backupName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup full list
Caution: The system backup does not include the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM). If you use AVR or DPM, you must restore the system before you
restore the AVR and/or DPM data.
Caution: If the password of the reporter user (used for the Vision Reporting Module) changed after
running system backup full create, before you run the system backup full restore
command, you must update the password on the APSolute Vision server
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
system backup full restore <backupName> [-retainlicenses]
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup securityReporter create <securityReporterName> <description>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup securityReporter delete <securityReporterName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup securityReporter export <securityReporterName> <protocol>://
<user>@<server>:/<path/to/directory>/<filename>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup securityReporter import <protocol>://<user>@<server>:/<path/to/
directory><filename>
Syntax
system backup securityReporter info <securityReporterName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup securityReporter list
Caution: When you are restoring the system backup also, you must restore the system before you
restore AVR data.
Caution: After the restore process is complete, verify that AVR is successfully collecting data for
new attacks and traffic events. To do this, in AVR, select Setup > Admin Messages.
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
system backup securityReporter restore <securityReporterName>
Notes
• This command is an alternative to using the two separate commands, system backup
techSupport create and system backup techSupport export.
• You can delete the .tar file using system backup techSupport delete (without the .tar
extension).
APSolute Vision generates each package in a .tar file using the following format:
vision_support_<IPAddress>_<MM-dd-yy-hhmm>.tar
where:
• <IPAddress> is the IP address of the APSolute Vision server.
• <MM-dd-yy-hhmm> is the date and time.
Syntax
system backup techSupport local
Note: For information on the storage location, see System Storage Commands, page 712.
Each tech-support package includes the following:
• The current system time in millis
• The APSolute Vision version and build number
• APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
• Running processes
• The status of each APSolute Vision service
• APSolute Vision system logs
• APSolute Vision Reporter logs
• APSolute Vision debug logs
• Disk usage
• Additional internal-resource information
Syntax
system backup techSupport create <techSupportName> [<description>]
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup techSupport export <techSupportName> <protocol>://
<user>@<server>:/<path/to/directory>/<filename>
Syntax
system backup techSupport info <techSupportName>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system backup techSupport list
Notes
• For information on the storage location, see System Storage Commands, page 712.
• For information on system backup techSupport local, see system backup techSupport
local, page 677.
Syntax
system backup techSupport delete <techSupportName>
system cleanup
Cleans all the data on the APSolute Vision server, or cleans all the data on the APSolute Vision server
except for the following:
• APSolute Vision server management IP addresses and routes
• Installed licenses
Syntax
system cleanup {full|without-server-ip}
{full | without-server-ip} The command with the full argument restores the Required
APSolute Vision server to the factory defaults. After
you run the command with the full argument, the
initial configuration script launches automatically.
The command with the without-server-ip
argument cleans all the data on the APSolute Vision
server but retains the APSolute Vision server
management IP addresses and routes.
The configuration-synchronization mechanism uses the following two (external) parameters for
sending email notifications after the specified number of missed configuration-synchronizations:
• SMTP Server Address (APSolute Vision Settings view System perspective, General Settings
> Alert Settings > Alert Browser > Email Reporting Configuration Parameters tab > SMTP
Server Address)—For the name or IP address of the SMTP email server.
• SMTP User Name (APSolute Vision Settings view System perspective, General Settings >
Alert Settings > Alert Browser > Email Reporting Configuration Parameters tab > SMTP
User Name)—For the sender address.
Note: If the SMTP User Name field is empty, the configuration-synchronization mechanism
uses a default name. Typically, the default name is Vision.Config.Sync@radware.com.
Caution: It is the responsibility of the APSolute Vision administrator to register the APSolute Vision
servers as a target of the device events (for example, traps, alerts, IRP messages, and packet-
reporting data) on the managed devices. For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188, APSolute Vision Server
Registered for Device Events—DefensePro, page 188, and APSolute Vision Server Registered for
Device Events—AppWall, page 189.
Note: The APSolute Vision server instances in the configuration-synchronization setup are not
aware of one another. It is possible—but not recommended—that the mode of both peers of a
configuration-synchronization setup is active.
Syntax
system config-sync mode set {active|disabled|standby}
<IP address or hostname> The IP address or hostname for the peer APSolute Required
Vision server.
Caution: You must not use radware as the
hostname.
Syntax
system config-sync status
Caution: If you require functionality that relies on a manually uploaded device driver (for
example, as is the case with configuration templates), you must upload the relevant device
driver again.
Note: For more information on device drivers, see Managing Device Drivers, page 150.
Syntax
system database maintenance driver_table delete
Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or
within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Notes
• Setting the system date stops the NTP service.
• Setting the system date requires restarting the APSolute Vision server, the APSolute Vision
Reporter, and MySQL.
• The APSolute Vision Reporter client supports only a single timezone, which is the timezone
configured in APSolute Vision server.
Syntax
system date set <date_and_time>
Example
system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.
System DF Commands
Use df commands to manage the DefenseFlow device associated with the APSolute Vision server.
Note: APSolute Vision allows only one DefenseFlow device to be associated with it.
The system df commands comprise the following:
• system df management-ip get, page 689
• system df management-ip set, page 689
• system df management-ip delete, page 690
• system df shell, page 690
Notes
• If the APSolute Vision server includes an embedded DefenseFlow device, this command is not
required.
• If the APSolute Vision server includes an embedded DefenseFlow device, you can set a different
(external) DefenseFlow device to be associated with the APSolute Vision server.
Syntax
system df management-ip set <IP_address>
Syntax
system df management-ip delete <IP_address>
system df shell
Launches the DefenseFlow shell.
Syntax
system df shell
Caution: This command deletes all the data for the Device Performance Monitor.
Syntax
system dpm database clear
Note: For information on the storage location, see System Storage Commands, page 712.
The system stores up to three DPM backups. After the third tech-support package, the system
deletes the oldest one.
Syntax
system dpm backup create <dpm_bu_name>
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system dpm backup export <dpm_bu_name> <protocol>://<user>@<ip>://<path/to/
directory><RemoteFolder>
<RemoteFolder> The remote folder for the file in the export directory. Required
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system dpm backup import <protocol>://<user>@<ip>://<path/to/
directory><BackupFilename>
Caution: When you are restoring the system backup also, you must restore the system before you
restore DPM data. Otherwise, the devices in DPM will be marked as deleted.
Note: This action also stops and restarts the Device Performance Monitor process.
Syntax
system dpm backup restore <dpm_bu_name>
Note: For information on the storage location, see System Storage Commands, page 712.
The system stores up to three DPM tech-support packages. After the third tech-support package,
the system deletes the oldest one.
Syntax
system dpm techSupport create <techSupportName> [description]
<RemoteFolder> The remote folder for the file in the export directory. Required
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system dpm techSupport list
Note: For information on the storage location, see System Storage Commands, page 712.
Syntax
system dpm techSupport delete <techSupportName>
Caution: The system dpm debug install command performs a fresh installation of the
DPM service, and all existing DPM data is deleted.
Notes
• For information about the records from the event exporter, see Appendix E - Using the Event
Exporter, page 805.
• When you use the event exporter within an active/standby topology, only the active instance
exports the security-event information. (For more information, see System Configuration-
Synchronization Commands, page 681.)
• The event exporter can export to the specified syslog server only over UDP.
The system exporter commands comprise the following:
• system exporter configuration get, page 695
• System Exporter Event-Type Commands, page 696
• System Exporter History Commands, page 697
• System Exporter State Commands, page 698
• System Exporter Syslog-Host Commands, page 699
• System Exporter Syslog-Port Commands, page 699
Example output
Exporter disabled
type: syslog
syslogHost:
syslogPort: 514
rabbitHost: rabbit-rabbitPort: 5672-rabbitUserName: radware-rabbitPassword:
radware-rabbitQueueName: event.exporter
DPTrafficUtilization: true
DPSecurityAttack: true
DFSecurityAttack: true
DFTrafficUtilization: true
DFBdosBaseline: true
Syntax
system exporter state get
<hostname> The hostname. The hostname must conform to RFC 952. Optional
If a nat hostname is configured (see net nat set hostname,
page 658), and the nat hostname is the same as the system
hostname before running system hostname set, this
command overwrites the nat hostname.
Maximum characters: 63
Caution: You must not use radware as the hostname.
Note: A period (.) is expected to delimit components (for
example, vision.radware.com), however, APSolute Vision
does not enforce fully qualified domain names.
Caution: If there is insufficient RAM on the APSolute Vision server, the LLS service cannot start. If
you are using an installation that does not have the minimum amount of RAM, to use the LLS, you
must first increase the RAM for it manually, in the virtual infrastructure.
Notes
• The APSolute Vision LLS uses the Flexera cloud management system to manage GEL
authorization.
• Use the GEL Dashboard to allocate throughput to Alteon servers using GEL Entitlements, and to
view Entitlement notifications. For more information, see Using the GEL Dashboard, page 576.
APSolute Vision supports the following the LLS-install-modes: standalone, backup, and main.
By default, installation of APSolute Vision includes the LLS with the standalone FlexNet Operations
(FNO) mode.
The backup and main LLS-install-modes support LLS high-availability (HA).
Caution: Although LLS HA is not directly related to the APSolute Vision configuration-
synchronization feature, if you deploy LLS in a high-availability configuration, Radware recommends
nonetheless using the configuration-synchronization feature—and configuring the LLS service on the
appropriate instances of a configuration-synchronization pair. For more information on the
configuration-synchronization feature, see System Configuration-Synchronization Commands,
page 681.
When you deploy the LLS in a high-availability configuration, Radware recommends that you do the
following:
1. Deploy the backup LLS service, as described in system lls install backup, page 703.
Radware recommends that you configure the backup LLS service on the standby instance of a
configuration-synchronization pair (see system config-sync mode Commands, page 683).
2. Deploy the main LLS service, as described in system lls install main, page 703.
Radware recommends that you configure the main LLS service on the active instance of the
configuration-synchronization pair (see system config-sync mode Commands, page 683).
3. On the APSolute Vision server with the backup LLS service, stop and start the service, as
described in system lls service, page 704.
<server alias> A user-defined name for the LLS, which can be helpful to Optional
identify the LLS in the cloud portal. If no alias is given,
APSolute Vision uses the automatically generated host ID as
the name of the LLS.
Note: Radware recommends that you use this option to
provide a meaningful name for the LLS that will display in
the Flexera FlexNet Operations Cloud Portal.
<main LLS IP address> The IP address of APSolute Vision server with the Required
main LLS service.
<server alias> A user-defined name for the LLS, which can be Optional
helpful to identify the LLS in the cloud portal. If no
alias is given, APSolute Vision uses the automatically
generated host ID as the name of the LLS.
Note: Radware recommends that you use this
option to provide a meaningful name for the LLS
that will display in the Flexera FlexNet Operations
Cloud Portal.
<backup LLS IP address> The IP address of APSolute Vision server with the Required
backup LLS service.
<server alias> A user-defined name for the LLS, which can be helpful Optional
to identify the LLS in the cloud portal. If no alias is
given, APSolute Vision uses the automatically
generated host ID as the name of the LLS.
Note: Radware recommends that you use this option
to provide a meaningful name for the LLS that will
display in the Flexera FlexNet Operations Cloud
Portal.
Syntax
system lls certificates replace
<minpoll> The minimum poll interval for NTP messages, as a power Optional
of 2 in seconds.
Minimum: 4—That is, 16 seconds.
Default: 6—That is, 64 seconds.
<maxpoll> The maximum poll interval for NTP messages, as a power Optional
of 2 in seconds.
Maximum: 17—That is, approximately 36.4 hours.
Default: 10—That is, 1024 seconds, approximately 17
minutes.
Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or
within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Syntax
system ntp service {start|stop|status}
Note: For information on the MIBs that the SNMP interface exposes, see Appendix C - MIBs for
Monitoring APSolute Vision, page 761.
Caution: Every certificate includes a validity period, which is defined by a start date and an end
date. To prevent certificate-validity conflicts, before creating certificates, make sure that the correct
time is configured on the APSolute Vision server—either manually or using an NTP server.
Note: Replacing the SSL certificate reboots the AVR Web server. You will need to log in again to
AVR.
Syntax
system ssl create
<key_passphrase> The passphrase of the key file in the remote directory. Optional
For PEM, the key passphrase is optional. Supply the key
passphrase if the private key is encrypted with a
passphrase.
Example
sftp://radware@1.1.1.1:/tmp -key key.pem -cert cert.pem -pass 12345
<PKCS12_filename> The name of the PKCS #12 file in the remote directory. Required
Example
sftp://radware@1.1.1.1:/tmp/file.p12 -pass 12345
system statistics
Displays system resources statistics, including CPU utilization, uptime, system disk usage, database
disk usage, RAM utilization, and network throughput.
Syntax
system statistics
Note: Only root users can manually manage files in the hard-coded local directory.
Syntax
system storage backup local
Filter-expression examples:
• port 80 —Filter packets with source port 80.
• tcp src port 443 —Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Caution: The dump to the capture file (dump.cap) stops when the first condition is reached:
timeout_sec, max_packets, or size. To ensure that each dump includes as much data as
possible when you configure a timeout_sec condition, Radware recommends that you set
max_packets to the maximum (-c 0). To ensure that each dump includes as much data as
possible when you configure a max_packets condition, Radware recommends that you set
timeout_sec to the maximum (-t 0).
Syntax
system tcpdump export [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Syntax
system tcpdump print [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
Note: The settings are persistent and are included in the APSolute Vision configuration backup and
restore operations.
The system terminal commands comprise the following:
• System Terminal Prompt Commands, page 715
• System Terminal Banner Commands, page 715
Tip: To paginate output, use system timezone list | more. To find a specific timezone, use
|grep. For example, to find the timezone for London, use system timezone list | grep Lon
to display all time-zone names containing Lon.
Note: In an APSolute Vision server with APM server VA installation, this command affects the
APSolute Vision server and the APM module. That is, in an APSolute Vision server with APM server
VA installation, changing the timezone in the APM Linux shell, has no effect.
Timezones for named locations, for example, Europe/London, set the GMT value and daylight saving
time parameters for those areas.
To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for
example, Etc/GMT+2.
For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and
the zones east of GMT have a negative (-) sign in the timezone name. For example,
Etc/GMT-2 is 2 hours ahead/east of GMT.
To prevent incorrect timezone configuration, use the country name listed in the timezone list,
not timezones beginning with Etc/GMT.
Tip: To view the list of supported timezones, use system timezone list.
Syntax
system timezone set <timezone_name>
<timezone_name> The name of the timezone, selected from the list of supported Required
timezones. The timezone name is case-sensitive, for example,
system timezone set Europe/London.
Note: You can also use the APSolute Vision WBM to upgrade the APSolute Vision software version or
the APSolute Vision online help stored on the APSolute Vision server.
<filename> The name of the upgrade file, including the extension. Required
Syntax
system upgrade help <filename>
<filename> The name of the upgrade file, including the extension. Required
Note: The setting is retained after reboot of the APSolute Vision server, and it is included in the
APSolute Vision configuration backup and restore operations.
Syntax
system user authentication-mode set {Local | RADIUS | TACACS+ | LDAP}
Caution: Radware recommends using the radware only for disaster recovery, and keeping the
details of the radware user secret from all except special administrators.
Notes
• The default password is radware.
• This command is not available to Vision Administrator users.
When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.
Syntax
system user password change <user>
The vision-files users are authenticated locally by APSolute Vision server, regardless of whether the
system is configured to use a different authentication method. That is, vision-files users cannot be
overridden by the configuration of an authentication server.
This command is available only to the radware user and Administrator users.
Syntax
system user password vision-files
system version
Displays the current APSolute Vision version and the versions of its components.
Syntax
system version
Note: For more information on outbound SSL-inspection monitoring, see Monitoring Outbound SSL
Inspection, page 3162 (in Using Real-Time Security Monitoring, page 583) and the APSolute Vision
Analytics User Guide.
To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with only
the system-configuration backup
1. Install APSolute Vision on the ODS-VL2 platform.
Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the
APSolute Vision Installation and Maintenance Guide.
2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on
the ODS-VL2 platform that you installed in the previous step. For more information, see
Managing APSolute Vision Basic Information and Properties, page 112.
3. Create a system-configuration backup of the APSolute Vision on the ODS-VL platform. For more
information, see system backup config create, page 666.
4. Export the system-configuration backup from the storage location on the ODS-VL platform to a
specified location (for example, your computer). For more information, see system backup
config export, page 667.
5. Import the system-configuration backup from the specified location to the storage location on
the ODS-VL2 platform. For more information, see system backup config import, page 668.
6. Restore the system on the ODS-VL2 platform using the specified system-configuration backup.
For more information, see system backup config restore, page 669.
7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following
command:
system_post_restore.sh
8. Run the following command to restart APSolute Vision:
reboot
To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with the
full system backup
1. Install APSolute Vision on the ODS-VL2 platform.
Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the
APSolute Vision Installation and Maintenance Guide.
2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on
the ODS-VL2 platform that you installed in the previous step. For more information, see
Managing APSolute Vision Basic Information and Properties, page 112.
3. Create a full system backup of the APSolute Vision on the ODS-VL platform. For more
information, see system backup full create, page 670.
4. Export the full system backup from the storage location on the ODS-VL platform to a specified
location (for example, your computer). For more information, see system backup full export,
page 670.
5. Import the full system backup from the specified location to the storage location on the ODS-
VL2 platform. For more information, see system backup full import, page 671.
6. Restore the system on the ODS-VL2 platform using the specified full system backup. For more
information, see system backup full restore, page 673.
7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following
command:
system_post_restore.sh
8. Run the following command to restart APSolute Vision:
reboot
Note: If you need to refer to the Radware vDirect documentation, use the documentation that
corresponds to the vDirect version in the APSolute Vision server. To determine the vDirect version, in
the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters and look in the Software tab.
Caution: An upgrade of APSolute Vision may include changes to vDirect objects included in the
APSolute Vision installation—that is, system scripts. Examples of system scripts are predefined
Toolbox scripts (see Predefined Toolbox Scripts, page 228) and some AppShape templates. If you
modify a system script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script with your modifications.
Other than Administrator and Vision Administrator, no other APSolute Vision roles can access
vDirect. vDirect maps all other APSolute Vision roles to a vDirect role called defaultRole. The
defaultRole role has no permissions in vDirect, including viewing vDirect.
vDirect supports the following special users: admin, root, and vDirect, which are all mapped to the
vDirect Administrator role.
It is possible that the same username is defined both in APSolute Vision RBAC and vDirect access
control.
You can open the vDirect interface from the APSolute Vision sidebar menu ( Applications >
vDirect).
You can access vDirect explicitly through the APSolute Vision RBAC by entering vision: before the
username—for example, vision:john for a user named john.
You can access vDirect explicitly through the vDirect access control by entering pam: before the
username—for example, pam:john for a user named john.
Note: For more information on APSolute Vision RBAC, see Role-Based Access Control (RBAC),
page 85.
Caution: If you change the name of a vDirect Site in the APSolute Vision device pane, vDirect
does not recognize it later. That is, if you change the name of a vDirect Site in the APSolute Vision
device pane, and you register a new Radware device with APSolute Vision, vDirect will create a new
a vDirect Site.
APSolute-Vision–vDirect Limitations
vDirect in APSolute Vision includes the following limitations:
• For Radware devices that are added to APSolute Vision using APSolute Vision WBM, vDirect
displays IP address of each device, not the specified name.
• You cannot register multiple vADCs from multiple VXs in the same operation.
• vDirect recognizes LinkProof NG devices as Alteon devices.
• DefensePro high-availability (HA) clusters defined in APSolute Vision are not supported with
vDirect.
• Alteon HA clusters defined in APSolute Vision are not synchronized with vDirect.
• ADC Services (a type of HA cluster of Alteon devices) defined in vDirect are not supported with
APSolute Vision.
• There are differences in the set of device-access parameters that vDirect and APSolute Vision
expose. For example, APSolute Vision exposes the HTTP and HTTPS parameters, and event-
notification parameters. If a DefensePro device is registered on APSolute Vision using vDirect,
and the device Web (HTTPS) credentials are different from the CLI (SSH) credentials, you must
update the Web credentials of the device in the APSolute Vision Device Properties dialog box
(see the procedure To add a new device or edit device-connection information, page 176).
• If a device managed by APSolute Vision is in Maintenance status, device-synchronization
messages from vDirect do not update APSolute Vision.
• The APSolute Vision Lock operation on a device is not enforced on vDirect. That is, the APSolute
Vision and APSolute Vision vDirect can modify a device configuration in parallel. This may cause
conflicting configurations.
Parameter Description
Name The container name.
Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.
Tenants Assigns the container to one or more tenants. For more information, see
the vDirect documentation.
Address The IP address where the dedicated ADC container resides. This is the
management IP address as it is defined on the managed device.
CLI User Name The username for CLI and HTTPS access to the device.
Maximum characters: 32
Default: admin
CLI Password The password for CLI and HTTPS access to the device.
Maximum characters: 32
Default: admin
CLI Use SSH Specifies whether the device uses SSH.
Default: Enabled
CLI Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
SNMP Version The SNMP version used for the connection.
SNMP Port The SNMP port.
Default: 161
User Name The username for the SNMP connection.
(This parameter is Maximum characters: 18
displayed only when
SNMP Version is
VersionThree.)
Authentication Protocol The protocol used for authentication.
(This parameter is Values: MD5, SHA, None
displayed only when Default: SHA
SNMP Version is
VersionThree.)
Authentication The password used for authentication.
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Parameter Description
Privacy Password The password used for the Privacy facility.
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol The SNMPv3 privacy protocol to use.
(This parameter is Values: DES, None
displayed only when Default: DES
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the dedicated ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write The SNMP write community name authorized to access the dedicated
Community ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
Unregistering a Container
This section describes how to remove a container from the vDirect system.
To unregister a container
1. Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 725).
2. From the upper menu options, select Configuration.
3. Select Containers.
4. Click the box to the left of the name of the container you want to unregister.
5. Click Unregister.
6. Click Unregister again to confirm the removal.
Certain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps
must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled
by default, and they are used primarily only for troubleshooting. When these traps are disabled,
traps can still, however, go to the syslog and to APSolute Vision.
Caution: If you use vDirect to register a DefensePro device, and the device Web (HTTPS)
credentials are different from the CLI (SSH) credentials, you must update the Web credentials of the
device in the APSolute Vision Device Properties dialog box (see the procedure To add a new device
or edit device-connection information, page 176).
Parameter Description
Name The name of the DefensePro instance.
Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.
Parameter Description
Tenants Configures and adds new tenants to the DefensePro instance. For more
information, see the vDirect documentation.
Address The management IP address of the DefensePro instance.
CLI User Name The username for CLI, HTTP, and HTTPS access to the device.
Maximum characters: 32
Default: radware
CLI Password The password for CLI, HTTP, and HTTPS access to the device.
Maximum characters: 32
Default: radware
CLI Use SSH Specifies whether the device uses SSH.
Default: Enabled
CLI Port The port for SSH or telnet communication with the device.
When SSH is enabled, the default SSH port is 22.
When SSH is disabled, the default Telnet port is 23.
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
SNMP Version The SNMP version used for the connection.
Default: VersionThree
SNMP Port The SNMP port.
User Name The username for the SNMP connection.
(This parameter is Maximum characters: 18
displayed only when
SNMP Version is
VersionThree.)
Authentication Protocol The protocol used for authentication.
(This parameter is Values: MD5, SHA, None
displayed only when Default: SHA
SNMP Version is
VersionThree.)
Authentication The password used for authentication.
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Password The password used for the Privacy facility.
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Parameter Description
Privacy Protocol The SNMPv3 privacy protocol to use.
(This parameter is Values: DES, None
displayed only when Default: DES
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write The SNMP write community name authorized to access the DefensePro.
Community
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
5. Click Unregister.
6. Click Unregister again to confirm the removal.
You can upgrade the online-help package that resides in the APSolute Vision server using the
procedure below (To update the APSolute Vision help on the server, page 738) or using the CLI. For
information on the CLI command, see System Upgrade Commands, page 717.
Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute
Vision Server Advanced Parameters, page 162), APSolute Vision clients access online-help pages
from the server itself or from radware.com. The online help at radware.com is always the latest, but
the files on your APSolute Vision server might be out-of-date if a managed device was upgraded or a
new device driver is used.
The help-upgrade procedure requires a valid online-help–upgrade package.
You can download the software upgrade file from the Radware customer portal.
The name format of the online-help package is as follows:
APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade
To download the software upgrade file from the Radware customer portal
1. Open your browser and go to www.radware.com.
2. At the top right of the window, click My Account, and log in.
3. At the upper right of the window, click Customer.
4. Hover over Products, navigate to the relevant product type, and click the relevant product—as
shown in the following example.
5. In the Software Releases tab, click (Download Software) for the relevant item.
To revert the online help to the original version on the APSolute Vision server
1. In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2. In the Online Help section, click Revert to Default Help.
Global Parameters
The following table lists the messages that are triggered by actions performed on global parameters.
The value in the Type column identifies whether the message is regular (R), or detailed (D) when
detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane, page 121).
ID Type Message
- R User <username> has changed the default password for other users.
- R User <username> has changed the default Password for the user radware.
- R User <username> has changed the User Statistics Storage
- D User <username> has changed the User Statistics Storage to <value>.
- R User <username> has changed the Number of Password Challenges.
- D User <username> has changed the Number of Password Challenges to <value>.
- R User <username> has changed the Number of Last Passwords Saved.
- D User <username> has changed the Number of Last Passwords Saved to
value <value>.
- R User <username> has changed the Password Validity Period
- R User <username> changed the setting that users must change their password at
first login.
- D User <username> changed the setting that users must change their password at
first login to <value>.
Advanced Parameters
The following table lists the messages that are triggered by actions performed on advanced
parameters. The value in the Type column identifies whether the message is regular (R), or detailed
(D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
ID Type Message
- R User <username> has changed the Online Help URL.
- D User <username> has changed the Online Help URL to APSolute Vision Server.
- D User <username> has changed the Online Help URL to Radware.com.
- R User <username> has changed the Results per Page.
- D User <username> has changed the Results per Page to <value>.
- R User <username> has changed the Device Lock Timeout.
- D User <username> has changed the Device Lock Timeout to <value>.
- R User <username> User <username> User <username> has changed the Minimal
Log Level.
- D User <username> has changed the Minimal Log Level to <value>.
ID Type Message
- R User <username> has changed the Max. Number of Configuration Files per
Device.
- D User <username> has changed the Max. Number of Configuration Files per
Device to <value>.
ID Type Message
- R User <username> has changed the Syslog Facility.
- D User <username> has changed the Syslog Facility to <value>.
- R User <username> has changed the L4 Destination Port for Syslog Reporting.
- D User <username> has changed the L4 Destination Port for Syslog Reporting to Port
<value>.
- R User <username> changed the Syslog server address.
- D User <username> changed the Syslog server address to <value>.
- R User <username> has changed the Syslog Reporting report (scope).
- D User <username> has changed the Syslog Reporting report (scope) to <value>.
- R User <username> changed the Syslog reporting status.
- D User <username> changed the Syslog reporting status to <value>.
- R User <username> changed the Syslog reporting encryption status.
- D User <username> changed the Syslog reporting encryption status to <value>.
- R User <username> changed the Syslog reporting encryption certificate.
- D User <username> changed the Syslog reporting encryption certificate to <value>.
- R User <username> changed the Syslog reporting authentication status.
- D User <username> changed the Syslog reporting authentication status to <value>.
- R User <username> changed the Syslog reporting authentication type.
- D User <username> changed the Syslog reporting authentication type to <value>.
- R User <username> changed the Syslog reporting encryption authentication
permitted peer was changed.
- D User <username> changed the Syslog reporting encryption authentication
permitted peer was changed to <value>.
- R User <username> changed the Syslog reporting encryption authentication private
key was changed.
- D User <username> changed the Syslog reporting encryption authentication private
key was changed to <value>.
ID Type Message
- R User <username> changed the Syslog reporting encryption authentication public
key was changed.
- D User <username> changed the Syslog reporting encryption authentication public
key was changed to value>.
- R User <username> changed the detailed APSolute Vision activity auditing alerts
feature to <value>
- D User <username> changed the detailed APSolute Vision activity auditing alerts
feature.
- R User <username> changed the detailed Device Configuration auditing alerts
feature.
- D User <username> changed the detailed Device Configuration auditing alerts
feature to <value>.
Connection Settings
The following table lists the messages that are triggered by actions performed on connection
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane, page 121).
ID Type Message
00986 R User <username> has changed the password for authentication with the proxy
server.
00987 R User <username> has changed the user name for authentication with the proxy
server.
00988 R User <username> changed the proxy-server authentication status.
00988 D User <username> changed the proxy-server authentication status to <value>.
00989 R User <username> has changed the port of the proxy server.
00989 D User <username> has changed the port of the proxy server to port <value>.
00990 R User <username> has changed the IP address of the proxy server.
00991 R User <username> changed the proxy-server status.
00991 D User <username> changed the proxy-server status to <value>.
00992 R User <username> has changed the timeout for connecting to a device using
SNMP.
00992 D User <username> has changed the timeout for connecting to a device using SNMP
to <value>.
00993 R User <username> has changed the number of retries for connecting to a device
using SNMP.
00993 D User <username> has changed the number of retries for connecting to a device
using SNMP to <value>.
00994 R User <username> has changed the port for accessing a device using SNMP.
00994 D User <username> has changed the port for accessing a device using SNMP to port
<value>.
ID Type Message
00995 R User <username> has changed the value of the 'Session Inactivity Timeout'
parameter.
00995 D User <username> has changed the value of the 'Session Inactivity Timeout'
parameter to <value>.
00996 R User <username> has changed the default HTTPS port toward devices.
00996 D User <username> has changed the default HTTPS port toward devices to port
<value>.
00997 R User <username> has changed the default HTTP port toward devices.
00997 D User <username> has changed the default HTTP port toward devices to port
<value>.
00998 D User <username> has changed the IP address of the proxy server to IP Address
<value>.
00999 D User <username> has changed the user name for authentication with the proxy
server to proxy-username <value>.
Monitoring Settings
The following table lists the messages that are triggered by actions performed on monitoring
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane, page 121).
ID Type Message
01000 R User <username> has changed the Polling Interval for Reports.
01000 D User <username> has changed the Polling Interval for Reports to <value>.
01001 R User <username> has changed the Timeout for Device Status Poll.
01001 D User <username> has changed the Timeout for Device Status Poll to <value>.
01002 R User <username> has changed the polling interval for device status.
01002 D User <username> has changed the polling interval for device status to <value>.
01003 R User <username> has changed the Polling Interval for System Configuration.
01003 D User <username> has changed the Polling Interval for System Configuration to
<value>.
01004 R User <username> has changed the Polling Interval for On-line Monitoring.
01004 D User <username> has changed the Polling Interval for On-line Monitoring to
<value>.
01005 R User <username> changed the status of the MSISDN resolution feature.1
01006 D User <username> changed the status of the MSISDN resolution feature to
<value>.1
01007 R User <username> changed the MSISDN IP address.1
01007 D User <username> changed the MSISDN IP address to <value>.1
01008 R User <username> changed the MSISDN Port address.1
ID Type Message
01008 D User <username> changed the MSISDN Port address to <value>.1
01009 R User <username> changed the MSISDN user name.1
01009 D User <username> changed the MSISDN user name to <value>.1
01010 R User <username> changed the MSISDN password.1
1 – The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and later.
RADIUS Configuration
The following table lists the messages that are triggered by actions performed on the RADIUS
configuration. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
ID Type Message
- R User <username> has changed the Timeout for the RADIUS servers.
- D User <username> has changed the Timeout for the RADIUS servers to <value>.
- R User <username> has changed the Retries for the RADIUS servers.
- D User <username> has changed the Retries for the RADIUS servers to <value>.
- R User <username> has changed the Authentication Type for the RADIUS servers.
- D User <username> has changed the Authentication Type for the RADIUS servers
to <value>.
- R User <username> has changed the Attribute ID for the RADIUS servers.
- D User <username> has changed the Attribute ID for the RADIUS servers to
<value>.
- R User <username> has changed the Vendor ID for the RADIUS servers.
- D User <username> has changed the Vendor ID for the RADIUS servers to
<value>.
- R User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers.
- D User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers to <value>.
- R User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers.
- D User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers to <value>.
- R User <username> has changed the Shared Secret for the Secondary RADIUS
server.
- R User <username> has changed the Shared Secret for the Primary RADIUS
server.
- R User <username> has changed the Port for the Secondary RADIUS server.
ID Type Message
- D User <username> has changed the Port for the Secondary RADIUS server to
<value>.
- R User <username> has changed the Port for the Primary RADIUS server.
- D User <username> has changed the Port for the Primary RADIUS server to
<value>.
- R User <username> has changed the IP Address for the Secondary RADIUS server.
- D User <username> has changed the IP Address for the Secondary RADIUS server
to <value>.
- R User <username> has changed the IP Address for the Primary RADIUS server.
- D User <username> has changed the IP Address for the Primary RADIUS server to
<value>.
ID Type Message
01012 R Security alert fields were modified: Rule Name was enabled.
01013 R Security alert fields were modified: Rule Name was disabled.
01014 R Security alert fields were modified: Source IP was enabled.
01015 R Security alert fields were modified: Source IP was disabled.
01016 R Security alert fields were modified: Destination port was enabled.
01017 R Security alert fields were modified: Destination port was disabled.
01018 R Security alert fields were modified: Attack Name was enabled.
01019 R Security alert fields were modified: Attack Name was disabled.
01020 R Security alert fields were modified: Action was enabled.
01021 R Security alert fields were modified: Action was disabled.
01022 R Security alert fields were modified: Destination IP was enabled.
01023 R Security alert fields were modified: Destination IP was disabled.
ID Type Message
- R User <username> changed TACACS+ service name.
- D User <username> changed TACACS+ service name to <value>.
- R User <username> changed TACACS+ timeout.
- D User <username> changed TACACS+ timeout to <value>.
- R User <username> changed TACACS+ retries.
- D User <username> changed TACACS+ retries to <value>.
- R User <username> changed TACACS+ minimal required privilege level.
- D User <username> changed TACACS+ minimal required privilege level to
<value>.
- R The Authentication Type for the TACACS+ servers was changed.
- R User <username> changed TACACS+ secondary server shared secret.
- R User <username> changed TACACS+ primary server shared secret.
- R User <username> changed TACACS+ secondary server port.
- D User <username> changed TACACS+ secondary server port to <value>.
- R User <username> changed TACACS+ primary server port.
- D User <username> changed TACACS+ primary server port to <value>.
- R User <username> changed TACACS+ secondary server IP address.
- D User <username> changed TACACS+ secondary server IP address to <value>.
- R User <username> changed TACACS+ primary server IP address.
- D User <username> changed TACACS+ primary server IP address to <value>.
ID Type Message
00980 R User <username> has changed the threshold for Warning Falling CPU Utilization.
00980 D User <username> has changed the threshold for Warning Falling CPU Utilization
to <value>.
00982 R User <username> has changed the threshold for Error Falling CPU Utilization.
ID Type Message
00982 D User <username> has changed the threshold for Error Falling CPU Utilization to
<value>.
00983 R User <username> has changed the threshold for Error Rising CPU Utilization.
00983 D User <username> has changed the threshold for Error Rising CPU Utilization to
<value>.
00981 R User <username> has changed the threshold for Warning Rising CPU Utilization.
00981 D User <username> has changed the threshold for Warning Rising CPU Utilization
to <value>.
00984 R User <username> disabled alarms for server CPU utilization.
00985 R User <username> enabled alarms for server CPU utilization.
SharePath Settings
The following table lists the messages that are triggered by actions performed on SharePath
settings.
ID Type Message
- R The management IP of a SharePath server instance was updated.
- R The data IP of a SharePath server instance was updated.
- R The backup server IP of a SharePath server instance was updated.
- R The Performance Limit of a SharePath server instance was updated.
00585 R A SharePath server instance was added to the configuration of the APSolute Vision
server.
00586 R A SharePath server instance was removed from the configuration of the APSolute
Vision server.
ID Type Message
- R A license of type <feature Name> was deleted from APSolute Vision.
00852 R A new license of type <license type> was provided for APSolute Vision.
ID Type Message
- R A new logo for Vision Reporter uploaded, filename: <file name>.
ID Type Message
- R A DefensePro Security Group's senders list was updated.
- R A DefensePro Security Group's receivers list was updated.
- R Blocking Rule parameters of a DefensePro Security Group were updated.
- R Security modules of a DefensePro Security Group were updated.
- R A DefensePro Security Group was disabled.
- R A DefensePro Security Group was enabled.
- R A DefensePro Security Group's blocking period was updated.
- R A new DefensePro Security Group was created.
ID Type Message
- R User <username> backed up a configuration file for device <device name> -
<Device IP>.
- R User <username> restored a configuration file to device <device name> -
<device IP>.
- R User <username> uploaded an attack signatures file to device <device name> -
<device IP>.
- R User <username> updated the attack signatures file to device <device name>.
- R User <username> failed uploading the attack signatures file to device <device
name>.
- R <device name>, <device IP> is locked by other user.
- R User <username> failed to unlock <device name>, <device IP>.
ID Type Message
- R <device name>, <device IP> cannot be unlocked by user <username> because it
already locked by user <username>
- R <Operation Name> action finished successfully for device <device name>.
<Operation Output>
- R <Operation Name> action failed for device <device name> due to: <reason>
- R Send Signature File From Website To Device
- R Send File To Device
- R Send Attack Signatures File To Device
- R For more information, see the Messages tab.
- R The device type or version is not compatible with DefensePro Configuration
Template feature.
00699, R Devices <device name> and <device name> have identical SNMP engine IDs. To
00971 prevent connection problems, change the engine ID on one of the devices.
00723 R Failed to retrieve the Device Driver from <device name>. Please enable HTTPS or
HTTP communication on the device.
00908 R <Operation Name> action failed for device <device name>. <Operation Output>
00910, R User <username> failed uploading a quarantine file to device <device name> -
00952 <device IP>.
00912 R User <username> failed downloading a quarantine file from device <device
name> - <device IP>.
00915 R User <username> uploaded a configuration file to device <device name> -
<device IP> successfully.
00915, R User <username> uploaded a configuration file to device <device name> -
00944 <device IP> successfully.
00916, R User <username> failed uploading a configuration file to device <device name> -
00945 <device IP>.
00920 R User <username> upgraded the software for device <device name> - <device
IP> successfully.
00921 R The signature file is up-to-date. No download is required.
00926 R <device name>, <device IP> unlocked due to inactivity.
00927, R <device name>, <device IP> unlocked by user <username>.
00938,
01098
00933 R User <username> rebooted device <device name> - <device IP>.
00934 R User <username> shutdown device <device name> - <device IP>.
00935 R <device name>, <device IP> locked by user <username>.
00936 R <device name>, <device IP> is already locked.
00937 R <device name>, <device IP> forcibly locked by user <username>.
00939 R <device name>, <device IP> is already unlocked.
00941 R User <username> failed to update Anti-Fraud signatures for device <device
name>.
00942, R User <username> uploaded file <file name> to device <device name> - <device
01047 IP> successfully.
ID Type Message
00947 R Failed to retrieve the <file type> file <file name> from device <device name> -
<Device IP>.
00948 R User <username> downloaded a certificate file from device <device name> -
<Device IP> successfully.
00949 R User <username> failed downloading a certificate file from device <device name>
- <device IP>.
00950 R User <username> failed uploading a certificate file to device <device name> -
<device IP>.
00951 R User <username> uploaded a certificate file to device <device name> - <device
IP> successfully.
00954 R User <username> failed uploading a file to device <device name> - <device IP>.
00955 R User <username> uploaded a file to device <device name> - <device IP>
successfully.
00956 R User <username> downloaded a file from device <device name> - <device IP>
successfully.
00957 R User <username> failed downloading a file from device <device name> - <device
IP>.
00958 R User <username> uploaded a certificate revocation list file to device <device
name> - <device IP> successfully.
00959 R User <username> failed uploading a certificate revocation list file to
device <device name> - <device IP>.
00961 R User <username> failed upgrading software for device <device name> - <device
IP>.
00964, R Wrong parameters are passed from client.
00965
00967 R Device <device name>, <device IP> deleted successfully.
00968 R Device <device name>, <device IP> deletion failed.
01048, R User <username> failed uploading file <file name> to device <device name> -
01105 <Device IP>.
01049 R User <username> downloaded <file type> file from device <device name> -
<Device IP> successfully.
01050 R Failed to retrieve the <file type> file from device <device name> - <device IP>.
Check your HTTP/HTTPS configuration and try again.
01051, R User <username> failed downloading file <file name> from device <device
00940 name> - <device IP>.
01052 R Restore Device Driver for device <device name> succeeded.
01053 R Restore Device Driver failed for device <device name>.
01099 R A newer device driver is available for {0} {1}: {2}. You can manage device
drivers in the Settings view.
01100 R Failed to retrieve the Device Driver from <device name>. Please check status of
HTTPS or HTTP communication on the device and specified credentials.
01102 R The software version from the device driver metadata ({0}) does not match the
software version from the driver name ({1}).
01103 R The driver file for device {0} is invalid.
ID Type Message
01106 R Failed <file type> file verification on device <device name> - <device IP>.
01107 R An operation was performed using a proxy server.
01110 R User <username> failed to lock <device name>, <device IP>.
ID Type Message
- R Added user <username>.
- R User <username> changed password.
- R Deleted user <username>.
- R Enabled user <username>.
- R Disabled user <username>.
- R User <username> was locked.
- R User <username> was unlocked.
- R User <username> successfully logged in.
- R User <username> failed to log in.
- R Password for user <username> was reset.
- R Changed properties for user <username>.
- R User <username> logged out.
- R Updating Configuration template <template> failed because <reason>.
- R Updated role-scope pair for user <username>.
- R Removed role-scope pair for user <username>.
- R User <username> changed the scheduled task name.
00855 R Changed password expiration date for user <username>.
00866 R Changed name for user <username> to <username>.
00873 R User <username> has credentials error.
00874 R The configuration template <template> was added to the APSolute Vision
server.
00875 R The configuration template <template> was updated to the APSolute Vision
server.
00876 R The configuration template <template> was deleted to sic the APSolute Vision
server.
00877 R Propagated Configuration template <template>.
00878 R Failed to propagate Configuration template <template>.
ID Type Message
- R The specified HTTPS user <username> does not exist on the device.
00180 R Secure-Web-server operation on the device is disabled.
00182 R The specified HTTPS password is incorrect, or you have exceeded the maximum
allowed login attempts.
00184 R APSolute Vision has encountered an error communicating with the device over
HTTPS.
ID Type Message
- R Synchronize Device Configuration (for cluster)
- R Synchronization Task (<task name>) failed: Skipping unmatching device:
<name> (Version: <Version>, Redundancy Status: <Status>, Parent: <name>.
- R Synchronization Task (<task name>) failed: Skipping device: <name> (backup
device was not found).
00062 R Task <task name> failed.
00070 R Anti-Fraud update failed: unable to retrieve Anti-Fraud signatures.
00071 R Anti-Fraud signature update failed for some of devices.
00072 R The Anti-Fraud update task is not applicable to device <device name>.
00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures
update for following devices: <device list>.
00076 R The Update Anti-Fraud Security Signature task failed. No device configured for
the task has Fraud Protection enabled.
00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.
00097 R Anti-Fraud Update is not required for any subscribed device from the task.
00106 R Fraud Protection is disabled for device <device name>.
00482 R Not authorized operation launched by the user: <name> on screen <screen ID>
00815 R Scheduled Task <task name> executed successfully
01088 R Failed to run task logic for task <task name>.
01623 R The Radware site cannot be reached to download the update. Please check DNS
and Proxy settings in APSolute Vision configuration.
01625 R Scheduled Task <task name> is completed.
01628 R The Anti-Fraud Update succeeded for device <device name>.
SUS Updates
The following table lists the messages that are triggered by SUS update actions.
ID Type Message
01088 R Failed to run task logic for task <task name>.
01482 R User <user name> failed to download the file <file name> for the device <device
IP>. The device does not have a subscription for SUS updates.
01483 R User <user name> failed to download the file <file name> from Radware.com.
01484 R User <user name> failed to send the file <file name> to the device at IP address
<device IP>.
01623 R The Radware site cannot be reached to download the update. Please check DNS
and Proxy settings in APSolute Vision configuration.
01624 R Device <device name> does not have a valid subscription for Attack Signatures
update.
01657, R User <user name> failed to upload the file <file name> to the device <device
01658 name> (IP address: <device IP>).
ID Type Message
01902 R The ERT Active Attackers Feed task updated the following DefensePro devices:
<device list>.
01903 R The ERT Active Attackers Feed task failed.
01904 R The following DefensePro devices are not available: <device list>.
01905 R The following DefensePro devices are not subscribed to the ERT Active Attackers
Feed service: <device list>.
01906 R Updating the following DefensePro devices with the ERT Active Attackers Feed
failed: <device list>.
01908 R Skipping device update. The content of the ERT Active Attackers Feed is the same
as the previous run.
01912 R Filtered ERT Active Attackers Feed is empty. Deleting previous feed from devices.
01914 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed
information from Radware.
01915 R ERT Active Attackers Feed task was aborted. A communication problem caused a
failure in loading feed information from Radware.
01916 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed
from Radware.
01917 R ERT Active Attackers Feed task was aborted. A communication problem caused a
failure in loading the feed from Radware.
ID Type Message
01918 R ERT Active Attackers Feed task was aborted. There are no devices with a valid
subscription.
01919 R Update failed with the following error on the device <device>: <error>
01920 R ERT Active Attackers Feed task failed to update the device <device>. No specific
error.
Operation Constant
The following table lists the messages that are triggered by operation constants.
ID Type Message
- R Anti-Fraud Security Signature Update from Radware Site failed.
- R Anti-Fraud Security Signature Update from Radware Site succeeded.
- R Anti-Fraud Security Signature Update was downloaded from Radware Site
- R Anti-Fraud Security Signature Update is not required.
00917 R Backup Vision DB failed.
00918 R Backup Vision DB succeeded.
01041 R Updating the Attack Description file from Radware site succeeded.
01042 R Updating the Attack Description file from Radware site failed.
01043 R Updating the Attack Description file from Remote Server succeeded.
01044 R Update the Attack Description file from Remote Server failed.
01045 R Updating the Attack Description file from client succeeded.
01046 R Updating the Attack Description file from client failed.
Audit Messages
The following table lists the audit messages.
ID Type Message
- R User <username> added account <account> ,with Scope <scope>, Role <role>
and Network Policy <policy>
- R User <username> changed password expiration Date for user <user name>, to
expiration Date <date>
00857 R User <username> changed his/her password.
00858 R User <username> deleted account <account>
00859 R User <username> enabled account <account>
00860 R User <username> disabled the account <account>
ID Type Message
00861 R Account <account> was locked
00862 R User <username> has unlocked account <account>
00863 R Account <account> successfully logged in
00864 R Account <account> failed to log in
00865 R User <username> reset password for account <account>
00866 R User <username> changed name for user <name>, to <name>
00868 R User <username> update the Full Name of account <account>, to Full Name:
<value>
00870 R User <username> update the Contact Information of account <account>, to
Contact Information: <value>.
00872 R Account <account> logged out.
00874 R The configuration template <template> was added to the APSolute Vision server
00875 R The configuration template <template> was updated to the APSolute Vision
server
00876 R The configuration template <template> was deleted to the APSolute Vision server
00877 R Propagated Configuration template <template>
00878 R Failed to propagate Configuration template <value>
- R Updating Configuration template <value> failed because <reason>
00880 R User <username> added or modified the Role-scope pair for account <account> ,
to Role-scope pair <pair>
00882 R User <username> removed the Role-scope pair <pair> of account <account>
00883 R User <username> changed his/her password on the APSolute Vision server
machine.
00884 R User <username> deleted device backup file <file name>
ID Type Message
- D User <username> has changed the Subject Header in the Email Reporting
Configuration to <value>.
01026 R Email reporting settings were changed.
01028 R User <username> has changed the Email Sending Interval.
01028 D User <username> has changed the Email Sending Interval to <value>.
01029 R User <user name> has changed the From Header in the Email Reporting
Configuration.
ID Type Message
01029 D User <user name> has changed the From Header in the Email Reporting
Configuration to <value>.
01030 R User <username> has changed the Number of Alerts per Email.
01030 D User <username> has changed the Number of Alerts per Email to <value>.
01031 R User <username> has changed the Recipient Email Address.
01032 R User <username> has changed the SMTP Server Address.
01032 D User <username> has changed the SMTP Server Address to IP Address
<value>.
01033 R User <username> has changed the SMTP User Name.
01034 R User <username> has changed the Subject Header in the Email Reporting
Configuration.
01024 D User <username> has changed the Recipient Email Address to email-address
<value>.
01025 D User <username> has changed the SMTP User Name to smtp-username
<value>.
ID Type Message
- R User <username> changed the scheduled task backup file name.
- D User <username> changed the scheduled task backup file name to <value>.
- R User <username> changed the scheduled task destination IP address.
- D User <username> changed the scheduled task destination IP address to <value>.
- R User <username> has changed the password for authentication with the backup
device during a scheduled task.
- D User <username> has changed the password for authentication with the backup
device during a scheduled task.
- R User <username> changed the scheduled task backup directory.
- D User <username> changed the scheduled task backup directory to <value>.
- R User <username> changed the protocol to communicate with the backup device
during a scheduled task.
- D User <username> changed the protocol to communicate with the backup device
during a scheduled task to protocol <value>.
- R User <username> has changed the user name for authentication with the backup
device during a scheduled task.
- D User <username> has changed the user name for authentication with the backup
device during a scheduled task to username <value>.
ID Type Message
- R User <username> added Devices to a scheduled task's list of devices.
- D User <username> changed scheduled task name to <value>.
- R User <username> updated the date (day) of a scheduled task.
- D User <username> updated the date (day) of a scheduled task to <value>.
- R User <username> updated the date (month) of a scheduled task.
- D User <username> updated the date (month) of a scheduled task to <value>.
- R User <username> updated the date (year) of a scheduled task.
- D User <username> updated the date (year) of a scheduled task to <value>.
- R User <username> updated the time (hour) of a scheduled task.
- D User <username> updated the time (hour) of a scheduled task to <value>.
- R User <username> updated the time (minutes) of a scheduled task.
- D User <username> updated the time (minutes) of a scheduled task to <value>.
- R User <username> updated the time (seconds) of a scheduled task.
- D User <username> updated the time (seconds) of a scheduled task to <value>.
- R User <username> updated the frequency of a scheduled task.
- D User <username> updated the frequency of a scheduled task to <value>.
- R User <username> updated the quantity of minutes between two executions of a
scheduled task.
- D User <username> updated the quantity of minutes between two executions of a
scheduled task to <value>.
- R User <username> set run always to a scheduled task.
- R User <username> updated the start date of the scheduled period of a scheduled
task.
- D User <username> updated the start date of the scheduled period of a scheduled
task to <value>.
- R User <username> updated the end date of the scheduled period of a scheduled
task.
- D User <username> updated the end date of the scheduled period of a scheduled
task to <value>.
- R User <username> removed Devices from a scheduled task's list of devices.
- R User <username> changed scheduled task name.
00072 R The Anti-Fraud update task is not applicable to device <device name>.
00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures
update for following devices: <device list>.
00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.
00097 R Anti-Fraud Update is not required for any subscribed device from the task.
00106 R Fraud Protection is disabled for device <device name>.
00972 R User <username> changed scheduled task to enabled.
00973 R User <username> changed scheduled task to disabled.
00976 R User <username> changed scheduled task file type.
00976 D User <username> changed scheduled task file type to <value>.
ID Type Message
00977 R User <username> created a scheduled task.
00978 R User <username> removed a scheduled task.
01088 R Failed to run task logic for task <task name>.
01623 R The Radware site cannot be reached to download the update. Please check DNS
and Proxy settings in APSolute Vision configuration.
01624 R Device <device name> does not have a valid subscription for Attack Signatures
update.
01625 R Scheduled Task <task name> is completed.
01628 R The Anti-Fraud Update succeeded for device <device name>.
General
The following table lists the message that is triggered when the APSolute Vision server is up.
ID Type Message
00810 R The APSolute Vision server is now up.
ID Type Message
60000 R User <username> has created a system backup.
60001 R User <username> has failed to create a system backup with error message:
<error message>.
60004 R User <username> has restored a system backup.
60005 R User <username> has failed to restore a system backup with error message:
<error message>.
60006 R User <username> exported a system backup successfully.
60007 R User <username> failed to export a system backup with error message: <error
message>.
60008 R User <username> has created a new system configuration backup.
60009 R User <username> failed to create a new system configuration backup with error
message: <error message>.
60012 R User <username> successfully restored a system configuration Backup.
60013 R User <username> failed to restore a system configuration backup with error
message: <error message>.
ID Type Message
60014 R User <username> successfully exported a system configuration backup.
60015 R User <username> failed to export a system configuration backup with error
message: <error message>.
60016 R User <username> has created a new Vision Reporter backup.
60017 R User <username> failed to create a new Vision Reporter backup with error
message: <error message>.
60020 R User <username> successfully restore a Vision Reporter Backup.
60021 R User <username> failed to restore a Vision Reporter backup with error message:
<error message>.
60022 R User <username> successfully exported a Vision Reporter Backup.
60023 R User <username> failed to export a Vision Reporter backup with error message:
<error message>.
60024 R User <username> created a tech-support file.
60025 R User <username> failed to create a tech-support file with error message: <error
message>.
60028 R User <username> successfully restore a tech-support file.
60029 R User <username> failed to restore a tech-support file with error message:
<error message>.
60030 R User <username> successfully exported a tech-support file.
60031 R User <username> failed to export a tech-support file with error message: <error
message>.
60032 R User <username> changed the date and time on the APSolute Vision server to
Date and Time <value>.
60033 R User <username> changed the timezone of the APSolute Vision server to
Timezone <value>.
60034 R User <username> started the Vision server.
60035 R User <username> failed to started the Vision server.
60036 R User <username> stopped the Vision server.
60037 R User <username> failed to stop the Vision server.
60038 R User <username> changed the IP address for the <value> port of the APSolute
Vision server to IP Address <value>.
60039 R User <username> changed the tech-support password of the APSolute Vision
server.
60040 R User <username> changed the web-access password of the APSolute Vision
server.
60041 R The <username> user password of the APSolute Vision system was changed.
60042 R User <username> changed the root user password of the APSolute Vision
system.
60043 R User <username> changed the vision-files user password of the APSolute Vision
system.
60044 R User <username> started the database server.
60045 R User <username> stopped the database server.
60046 R User <username> failed to stop the database server.
ID Type Message
60047 R User <username> added CLI-Access for external user: <name>.
60048 R User <username> deleted CLI-Access for external user: <name>.
ID Type Message
- R User <username> set value to scalar '<name>'
- D User <username> set value to scalar '<name>': <value>.
- R User <username> added a row to table '<name>':
- D User <username> added a row to table '<name>', indexes:
- R User <username> deleted row from table '<name>':
- D User <username> deleted row from table '<name>', indexes:
- R User <username> edited a row of table '<name>':
- D User <username> edited a row of table '<name>', indexes:
- R User <username> Propagated template '<template>' in table '<name>':
- D User <username> Propagated template '<template>' in table '<name>',
Hardware Alerts
The following table lists the messages that APSolute Vision issues related to hardware issues.
ID Type Message
- R APM server disk space and usage exceeding the <number> percent threshold -
usage is <number> percent
00889 R Fan number <number> is not working.
00890 R Temperature above critical threshold: temperature sensor number <number> is
reporting <temperature C>°C / <temperature F>°F.
00891 R Falling: CPU utilization is normal.
00892 R Rising: CPU utilization is high for core <<number>>
01901 R The APSolute Vision disk utilization of "<filesystemPath>" is now <percent>%.
01951 R Falling: Memory utilization is normal.
01952 R Rising: Memory utilization is high.
Note: For information on managing the settings of the SNMP interface, see System SNMP
Commands, page 707.
Table 544: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Table 544: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)
Table 545: Host Resources MIB Objects for Monitoring APSolute Vision
Table 546: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision (cont.)
Note: These objects use the Linux sar command, which provide the contents of selected cumulative activity counters in the operating system.
Table 547: MIB Objects for Monitoring APSolute Vision CPU Utilization
Table 547: MIB Objects for Monitoring APSolute Vision CPU Utilization (cont.)
Note: For more information on the Common Web Application AppShape type, see Configuring a
Common Web Application AppShape Instance, page 268.
ena
/c/slb/real <user-specified virtual-server name>_<generated suffix>
ena
ipver v4
rip <user-specified IP address>
name "CommonWebApp.<user-specified IP address>"
/c/slb/real <user-specified virtual-server name>_<generated suffix>
ena
ipver v4
rip <user-specified IP address>
name "CommonWebApp.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix>
add <user-specified virtual-server name>_<generated suffix>
name "WebApplication.servers"
/c/slb/virt <user-specified virtual-server name>
ena
ipver v4
vip <user-specified IP address>
vname "WebApp.<user-specified virtual-server name>"
/c/slb/virt <user-specified virtual-server name>/service 80 http
group <user-specified virtual-server name>_grp
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 80 http/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 10
/c/slb/virt <user-specified virtual-server name>/service 443 https
group <user-specified virtual-server name>_grp
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 443 https/http
comppol <generated index number>
Note: For more information on the Citrix XenDesktop AppShape type, see Configuring a Citrix
XenDesktop AppShape Instance, page 270.
metric roundrobin
name "Citrix_DDC.group"
/c/slb/virt <user-specified instance name>DDC
ena
ipver v4
vip <user-specified IP address>
vname "Citrix.<user-specified instance name>DDC"
/c/slb/virt <user-specified instance name>DDC/service <user-specified port and
service>p
group <user-specified instance name>_grpDDC
rport <user-specified port>
pbind clientip norport
dbind forceproxy
tmout 20
ptmout 20
/c/slb/virt <user-specified instance name>StoreFront
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified IP
address and service>
group <generated index number>
rport <user-specified port>
dbind forceproxy
tmout 20
ptmout 20
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified
port and service>
comppol <user-specified instance name>Citrix
xforward ena
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified
port and service>/ssl
srvrcert cert MyCertID
sslpol <user-specified instance name>Citrix
DefenseSSL—AppShape-generated Configuration
The following is the Alteon CLI configuration that the DefenseSSL AppShape generates.
Note: For more information on the DefenseSSL AppShape type, see Configuring a DefenseSSL
AppShape Instance, page 272.
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2010 AppShape Instance, page 275.
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2013 AppShape Instance, page 279.
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol 1
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol 1
/c/slb/virt <user-specified instance name>/service 110 pop3
group <user-specified instance name>_grpPOP3
rport 110
pbind clientip norport
/c/slb/virt <user-specified instance name>/service 143 imap
group <user-specified instance name>_grpIMAP
rport 143
pbind clientip norport
/c/slb/virt <user-specified instance name>/service 993 basic-slb
group <user-specified instance name>_grpIMAP
rport 993
pbind clientip norport
/c/slb/virt <user-specified instance name>/service 995 basic-slb
group <user-specified instance name>_grpPOP3
rport 995
pbind clientip norport
/c/slb/virt <user-specified instance name>/service 25 smtp
group <user-specified instance name>_grpCAS
rport 25
pbind clientip norport
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Lync External AppShape Instance, page 283.
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_CWA/service 443 https
group <user-specified instance name>_CWA
rport 443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_MEETING
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_MEETING/service 443 https
group <user-specified instance name>_MEETING
rport 443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_PROXY
ena
ipver v4
vip <user-specified IP address>
vname "lm.Proxy_<user-specified instance name>_PROXY"
/c/slb/virt <user-specified instance name>_PROXY/service 443 https
group <user-specified instance name>_IM
rport 4443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_SIP
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_SIP/service 443 https
group <user-specified instance name>_SIP
rport 443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_STUN
ena
ipver v4
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Lync Internal AppShape Instance, page 286.
/c/slb/accel/compress/comppol 1
name "cwa"
minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate>
/c/slb/ssl/certs/request <user-specified certificate>
/c/slb/ssl/certs/cert <user-specified certificate>
/c/slb/ssl/sslpol <generated index number>
name "Lync.SSL.policy"
ena
/c/slb/real <user-specified instance name>_CWA_<generated index number>
ena
ipver v4
rip <user-specified IP address>
addport <user-specified port>
/c/slb/group <user-specified instance name>_CWA
ipver v4
content "<user-specified port>"
add <user-specified instance name>_CWA_<generated index number>
name "Lync.CWA.Group"
/c/slb/group <user-specified instance name>_Directors_1
ipver v4
content "5061"
name "Lync.Directors"
/c/slb/group <user-specified instance name>_Directors_2
ipver v4
name "Lync.Director.5060"
/c/slb/group <user-specified instance name>_EDGE_1
ipver v4
name "EDGE.Replication.4443"
/c/slb/group <user-specified instance name>_EDGE_2
ipver v4
name "EDGE.INT.443"
/c/slb/group <user-specified instance name>_EDGE_3
ipver v4
name "EDGE.INT.5061"
/c/slb/group <user-specified instance name>_EDGE_4
ipver v4
name "EDGE.INT.5062"
/c/slb/group <user-specified instance name>_EDGE_5
ipver v4
name "GE.INT.UDP.STUN.3478"
/c/slb/group <user-specified instance name>_EDGE_6
ipver v4
name "EDGE.INT.8057"
/c/slb/group <user-specified instance name>_Fronted_1 TBD 3.40, Nir is fixing
all to “Frontend_x”.
ipver v4
content "5060"
name "Lync.frontend.SIP.5060"
/c/slb/group <user-specified instance name>_Fronted_2
ipver v4
content "444"
name "Lync.frontend.HTTPS.conf.444"
/c/slb/group <user-specified instance name>_Fronted_3
ipver v4
content "443"
name "Lync.frontend.HTTPS.443"
/c/slb/group <user-specified instance name>_Fronted_4
ipver v4
content "5061"
name "Lync.frontend.MTLS.5061"
/c/slb/group <user-specified instance name>_Fronted_5
ipver v4
content "135"
name "Lync.frontend.DCOM.135"
/c/slb/group <user-specified instance name>_Fronted_6
ipver v4
name "Proxy.to.FE.4443"
/c/slb/group <user-specified instance name>_Fronted_7
ipver v4
name "FE.IM.REQ.8057"
/c/slb/group <user-specified instance name>_Fronted_8
ipver v4
name "fe.web.service.8080"
/c/slb/group <user-specified instance name>_Fronted_9
ipver v4
name "FE.CALL.ADM.448"
/c/slb/group <user-specified instance name>_Fronted_10
ipver v4
name "FE.App.Share.5065"
/c/slb/group <user-specified instance name>_Fronted_11
ipver v4
name "FE.monitoring.5069"
/c/slb/group <user-specified instance name>_Fronted_12
ipver v4
name "FE.RES.GROUP.5071"
/c/slb/group <user-specified instance name>_Fronted_13
ipver v4
name "FE.SIP.REQ.5072"
/c/slb/group <user-specified instance name>_Fronted_14
ipver v4
name "FE.CONF.ANOUN.5073"
/c/slb/group <user-specified instance name>_Fronted_15
ipver v4
name "FE.SIP.REQ.CALL.PRK.5075"
/c/slb/group <user-specified instance name>_Fronted_16
ipver v4
name "FE.AUDIO.TEST.5076"
/c/slb/group <user-specified instance name>_Fronted_17
ipver v4
name "FE.AV.AGE.TURN.TRAFF.5080"
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_2/service 443 https
group <user-specified instance name>_EDGE_2
rport 443
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_3
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_3/service 5062 basic-slb
group <user-specified instance name>_EDGE_4
rport 5062
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_4
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_4/service 8057 basic-slb
group <user-specified instance name>_EDGE_6
rport 8057
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_5
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_EDGE_5/service 5061 basic-slb
group <user-specified instance name>_EDGE_3
rport 5061
pbind clientip norport
tmout 30
/c/slb/virt <user-specified instance name>_EDGE_6
ena
ipver v4
vip <user-specified IP address>
tmout 30
/c/slb/virt <user-specified instance name>_Fronted_14
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_14/service 5075 basic-slb
group <user-specified instance name>_Fronted_15
rport 5075
pbind clientip norport
/c/slb/virt <user-specified instance name>_Fronted_15
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_15/service 5076 basic-slb
group <user-specified instance name>_Fronted_16
rport 5076
pbind clientip norport
/c/slb/virt <user-specified instance name>_Fronted_16
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_16/service 5080 basic-slb
group <user-specified instance name>_Fronted_17
rport 5080
pbind clientip norport
/c/slb/virt <user-specified instance name>_Fronted_17
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_Fronted_17/service 8080 http
group <user-specified instance name>_Fronted_8
rport 8080
pbind clientip norport
/c/slb/layer7/httpmod <generated index number>
ena
name "htto.to.https.lync.cwa"
/c/slb/layer7/httpmod <generated index number>/rule <generated index number>
text
name "htto.to.https.cwa"
directn resp
body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Note: For more information on the Oracle E-Business AppShape type, see Configuring an Oracle E-
Business AppShape Instance, page 290.
action redirect
group <user-specified instance name>_grp
rport 0
redirect "https://$HOST/$PATH/"
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 80 http/http
comppol <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https
group <user-specified instance name>_grp
rport 8000
dbind forceproxy
ptmout 720
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol <generated index number>
cachepol <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate ID>
sslpol <generated index number>
Note: For more information on the Oracle SOA Suite 11g AppShape type, see Configuring an Oracle
SOA Suite 11g AppShape Instance, page 292.
ipver v4
health http
slowstr 180
name "webtier"
/c/slb/virt <user-specified instance name>_<generated index number>
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http
group <user-specified instance name>_grp
rport 7777
dbind ena
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http/http
cachepol 1
/c/slb/virt <user-specified instance name>_<generated index number>/service 443
https
group <user-specified instance name>_grp
rport 7777
pbind clientip
dbind ena
/c/slb/virt <user-specified instance name>_<generated index number>/service 443
https/http
comppol <generated index number>
cachepol <generated index number>
/c/slb/virt <user-specified instance name>_<generated index number>/service 443
https/ssl
srvrcert cert <user-specified certificate ID>
sslpol <generated index number>
/c/slb/virt <user-specified instance name>_<generated index number>
ena
ipver v4
vip <user-specified IP address>
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http
group <user-specified instance name>_grp
rport 7777
dbind forceproxy
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http/http
Note: For more information on the Oracle WebLogic 12c AppShape type, see Configuring an Oracle
WebLogic 12c AppShape Instance, page 294.
ipver v4
metric roundrobin
add <user-specified instance name>_<generated index number>
name "weblogic.group"
/c/slb/virt <user-specified instance name>
ena
ipver v4
vip <user-specified IP address>
vname "Weblogic.<user-specified instance name>"
/c/slb/virt <user-specified instance name>/service 80 http
action redirect
group <user-specified instance name>_grp
rport 0
redirect "https://$HOST/$PATH/"
dbind ena
/c/slb/virt <user-specified instance name>/service 443 https
group <user-specified instance name>_grp
rport 7001
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate ID>
sslpol <generated index number>
Note: For more information on the SharePoint 2010 AppShape type, see Configuring a SharePoint
2010 AppShape Instance, page 296.
ena
/c/slb/ssl/sslpol < generated index number>/passinfo
frontend enabled
User specified enable disable
/c/slb/accel/caching/cachepol <generated index number>
name "SharePoint. <generated index number>"
minsize 1024
ena
/c/slb/real <user-specified virtual-server name>_<generated suffix>
ena
ipver v4
rip <user-specified IP address>
name "SharePoint. <user-specified IP address>"
/c/slb/real <user-specified virtual-server name>_<generated suffix>
ena
ipver v4
rip <user-specified IP address>
name "SharePoint.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix first>
add <user-specified virtual-server name>_<generated suffix next>
name "SharePoint.group"
/c/slb/pip/type vlan [Specified by user because connection management was
enabled]
/c/slb/pip/type port [Specified by user because connection management was
enabled]
/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by
user because connection management was enabled.]
/c/slb/virt <user-specified virtual-server name>
ena
ipver v4
vip <user-specified IP address>
vname "SharePoint.<user-specified virtual-server name>"
/c/slb/virt <user-specified virtual-server name>/service 80 http
group .<user-specified virtual-server name>_grp
rport 80
pbind clientip norport
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 80 http/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 20 [disabled by default]
/c/slb/virt <user-specified virtual-server name>/service 443 https
group <user-specified virtual-server name>_grp
rport 80
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 443 https/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 10
httpmod <generated index number>
/c/slb/virt <user-specified virtual-server name>/service 443 https/<generated
index number>
srvrcert cert <user-specified certificate>
sslpol <generated index number>
/c/slb/layer7/httpmod <generated index number>
ena
name "http.to.https.sharepoint"
/c/slb/layer7/httpmod <generated index number>/rule 1 text
ena
name "http.to.https.sharepoint"
directn resp
body include
action replace "FROMTEXT=http://<user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Note: For more information on the SharePoint 2013 AppShape type, see Configuring a SharePoint
2013 AppShape Instance, page 298.
minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate>
/c/slb/ssl/certs/request <user-specified certificate>
/c/slb/ssl/certs/cert <user-specified certificate>
/c/slb/ssl/sslpol 1
name "SharePoint_2013. <generated index number>"
ena
/c/slb/real <user-specified instance name>_<generated index number>
ena
ipver v4
rip <user-specified IP address>
name "SP2013.<user-specified IP address>"
addport <user-specified port>
/c/slb/group <user-specified instance name>_grp
ipver v4
metric roundrobin
add <user-specified instance name>_<generated index number>
name "sp.group"
/c/slb/virt <user-specified instance name>
ena
ipver v4
vip <user-specified IP address>
vname "SP.<user-specified instance name>"
/c/slb/virt <user-specified instance name>/service 443 https
group <user-specified instance name>_grp
rport <user-specified port>
dbind ena
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol <generated index number>
httpmod <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol <generated index number>
/c/slb/real <user-specified instance name>_<generated index number>/layer7
addlb <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/pbind cookie
insert
/c/slb/virt <user-specified instance name>/service 443 https/http/rcount
<generated index number>
Note: For more information on the VMware View 5.1 AppShape type, see Configuring an VMware
View 5.1 AppShape Instance, page 300.
Zimbra—AppShape-generated Configuration
The following is the Alteon CLI configuration that the Zimbra AppShape generates.
Note: For more information on the Zimbra AppShape type, see Configuring a Zimbra AppShape
Instance, page 302.
convert disabled
ena
/c/slb/real <user-specified instance name>_<generated index number>
ena
ipver v4
rip <user-specified IP address>
name "Zimbra.<user-specified IP address>"
addport <user-specified port>
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.HTTP.servers"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.pop3.servers"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.ldap.servers"
/c/slb/group MyZimbraInstance_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.imap.servers"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
add <user-specified instance name>_<generated index number>
name "zimbra.smtp.servers"
/c/slb/virt <user-specified instance name>
ena
ipver v4
vip <user-specified IP address>
vname "zimbra.servers.MyZimbraInstance"
/c/slb/virt <user-specified instance name>/service 443 https
Note: For information on managing the event exporter, see System Exporter Commands (Event
Exporter), page 695.
1 – Once DefensePro reports a Packet Anomaly attack of a certain radwareId, the status
value Occurred and the startTime value remain indefinitely. For example, suppose a
new DefensePro device starts identifying and handling a Packet Anomaly attack with
radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One
month later, the DefensePro device starts identifying and handling another Packet Anom-
aly attack with radwareId 105. The startTime value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see the APSolute Vision
online help or the DefensePro User Guide.)
1 – Once DefensePro reports a Packet Anomaly attack of a certain Radware ID, the status
value Occurred and the startTime value remain indefinitely. For example, suppose a
new DefensePro device starts identifying and handling a Packet Anomaly attack with
radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One
month later, the DefensePro device starts identifying and handling another Packet Anom-
aly attack with radwareId 105. The Start Time value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see the APSolute Vision
online help or the DefensePro User Guide.)
Note: Some DefensePro versions do not support all the attack-protections listed in the following
table. For the list of Attack-Protection IDs for a specific DefensePro version, please refer to the
relevant DefensePro User Guide.
Notes
• For additional specifications and the most up-to-date information, see the APSolute Vision
Release Notes.
• APSolute Vision server can run as a physical or virtual appliance called APSolute Vision server.
For hardware and virtual-appliance (VA) specifications, see the APSolute Vision Installation and
Maintenance Guide.
• APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
• APSolute Vision supports multiple device types and versions. For the most up-to-date lists of
supported devices and versions, see the APSolute Vision Release Notes for the required version.
Table 556: Ports for APSolute Vision Server-WBM Communication and Operating System
Table 556: Ports for APSolute Vision Server-WBM Communication and Operating System
1 – Alteon also uses port 80 to communicate with the APM server (over the APM Data inter-
face).
The following table lists the ports for communication between APSolute Vision server and Radware
devices.
Table 557: Communication Ports for APSolute Vision Server with Radware Devices and
Radware Services
Table 557: Communication Ports for APSolute Vision Server with Radware Devices and
Radware Services (cont.)
The following IP protocols are opened on the APSolute Vision server firewall by default:
• ICMP—Internet Control Message Protocol. All types (an ICMP term) are opened except
Timestamp (type 13) and Timestamp Reply (type 14).
• ESP—Encapsulating Security Payload part of the IPsec (Internet Protocol Security).
• AH—Authentication Header part of the IPsec (Internet Protocol Security).
distributed to you together with code samples in source code format (the “Code Samples”) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
nonexclusive, nontransferable license to copy and modify the Code Samples and create
derivative works based thereon solely for the SDK Purpose and solely on computers within your
organization. The SDK shall be considered part of the term “Software” for all purposes of this
License Agreement. You agree that you will not sell, assign, license, sublicense, transfer, pledge,
lease, rent or share your rights under this License Agreement nor will you distribute copies of
the Software or any parts thereof. Rights not specifically granted herein, are specifically
prohibited.
2. Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any time-
limited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (“Evaluation Use”) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the “Evaluation Period”). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radware's then-current list prices.
3. Lab/Development License. Notwithstanding anything to the contrary in this License
Agreement, if the Software is provided to you for use in your lab or for development
purposes, as indicated in your purchase order, sales receipt, the part number description for the
Software, the Web page from which you download the Software, or otherwise, then You may use
the Software only in your lab and only in connection with Radware Products that you purchased
or will purchase (in case of a lab license) or for internal testing and development purposes (in
case of a development license) but not for any production use purposes.
4. Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
5. Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (“Feedback”),
provided by you to Radware will be owned exclusively by Radware and considered Radware's
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sub-licensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 5 will survive
the termination or expiration of this Agreement.
6. Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble,
disassemble, decompile, reverse engineer or otherwise attempt to derive source code (or the
underlying ideas, algorithms, structure or organization) from the Software, in whole or in part,
except and only to the extent: (i) applicable law expressly permits any such action despite this
limitation, in which case you agree to provide Radware at least ninety (90) days advance written
notice of your belief that such action is warranted and permitted and to provide Radware with an
opportunity to evaluate if the law's requirements necessitate such action, or (ii) required to
debug changes to any third party LGPL-libraries linked to by the Software; or (c) create,
develop, license, install, use, or deploy any software or services to circumvent, enable, modify
or provide access, permissions or rights which violate the technical restrictions of the Software;
(d) in the event the Software is provided as an embedded or bundled component of another
Radware Product, you shall not use the Software other than as part of the combined Product and
for the purposes for which the combined Product is intended; (e) remove any copyright notices,
identification or any other proprietary notices from the Software (including any notices of Third
Party Software (as defined below); or (f) copy the Software onto any public or distributed
network or use the Software to operate in or as a time-sharing, outsourcing, service bureau,
application service provider, or managed service provider environment. Notwithstanding the
foregoing, if you provide hosting or cloud computing services to your customers, you are entitled
to use and include the Software in your IT infrastructure on which you provide your services. It
is hereby clarified that the prohibitions on modifying, or creating derivative works based on, any
Software provided by Radware, apply whether the Software is provided in a machine or in a
human readable form. Human readable Software to which this prohibition applies includes
(without limitation) “Radware AppShape++ Script Files” that contain “Special License Terms”. It
is acknowledged that examples provided in a human readable form may be modified by a user.
7. Intellectual Property Rights. You acknowledge and agree that this License Agreement does
not convey to you any interest in the Software except for the limited right to use the Software,
and that all right, title, and interest in and to the Software, including any and all associated
intellectual property rights, are and shall remain with Radware or its third party licensors. You
further acknowledge and agree that the Software is a proprietary product of Radware and/or its
licensors and is protected under applicable copyright law.
8. No Warranty. The Software, and any and all accompanying software, files, libraries, data and
materials, are distributed and provided “AS IS” by Radware or by its third party licensors (as
applicable) and with no warranty of any kind, whether express or implied, including, without
limitation, any non-infringement warranty or warranty of merchantability or fitness for a
particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or
makes any representation regarding the title in the Software, the use of, or the results of the
use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the
operation of the Software will be uninterrupted or error-free, or that the use of any passwords,
license keys and/or encryption features will be effective in preventing the unintentional
disclosure of information contained in any file. You acknowledge that good data processing
procedure dictates that any program, including the Software, must be thoroughly tested with
non-critical data before there is any reliance on it, and you hereby assume the entire risk of all
use of the copies of the Software covered by this License. Radware does not make any
representation or warranty, nor does Radware assume any responsibility or liability or provide
any license or technical maintenance and support for any operating systems, databases,
migration tools or any other software component provided by a third party supplier and with
which the Software is meant to interoperate.
This disclaimer of warranty constitutes an essential and material part of this License.
In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable
under any warranty provision, Radware shall be released from all such obligations in the event
that the Software shall have been subject to misuse, neglect, accident or improper installation,
or if repairs or modifications were made by persons other than by Radware's authorized service
personnel.
9. Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no
event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors,
contractors, subsidiaries, or parent organizations (together, the “Radware Parties”), be liable for
any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating
to the use of, or the inability to use, the Software, or to your relationship with, Radware or any
of the Radware Parties (including, without limitation, loss or disclosure of data or information,
and/or loss of profit, revenue, business opportunity or business advantage, and/or business
interruption), whether based upon a claim or action of contract, warranty, negligence, strict
liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of
the possibility of such damages. If any Radware Party is found to be liable to You or to any third-
party under any applicable law despite the explicit disclaimers and limitations under these
terms, then any liability of such Radware Party, will be limited exclusively to refund of any
license or registration or subscription fees paid by you to Radware.
10. Third Party Software. The Software includes software portions developed and owned by third
parties (the “Third Party Software”). Third Party Software shall be deemed part of the Software
for all intents and purposes of this License Agreement; provided, however, that in the event that
a Third Party Software is a software for which the source code is made available under an open
source software license agreement, then, to the extent there is any discrepancy or inconsistency
between the terms of this License Agreement and the terms of any such open source license
agreement (including, for example, license rights in the open source license agreement that are
broader than the license rights set forth in Section 1 above and/or no limitation in the open
source license agreement on the actions set forth in Section 6 above), the terms of any such
open source license agreement will govern and prevail. The terms of open source license
agreements and copyright notices under which Third Party Software is being licensed to
Radware or a link thereto, are included with the Software documentation or in the header or
readme files of the Software. Third Party licensors and suppliers retain all right, title and interest
in and to the Third Party Software and all copies thereof, including all copyright and other
intellectual property associated therewith. In addition to the use limitations applicable to Third
Party Software pursuant to Section 6 above, you agree and undertake not to use the Third Party
Software as a general SQL server, as a stand-alone application or with applications other than
the Software under this License Agreement.
11. Term and Termination. This License Agreement is effective upon the first to occur of your
opening the package of the Product, purchasing, downloading, installing, copying or using the
Software or any portion thereof, and shall continue until terminated. However, sections 5-15
shall survive any termination of this License Agreement. The Licenses granted under this License
Agreement are not transferable and will terminate upon: (i) termination of this License
Agreement, or (ii) transfer of the Software, or (iii) in the event the Software is provided as an
embedded or bundled component of another Radware Product, when the Software is unbundled
from such Product or otherwise used other than as part of such Product. If the Software is
licensed on subscription basis, this Agreement will automatically terminate upon the termination
of your subscription period if it is not extended.
12. Export. The Software or any part thereof may be subject to export or import controls under
applicable export/import control laws and regulations including such laws and regulations of the
United States and/or Israel. You agree to comply with such laws and regulations, and, agree not
to knowingly export, re-export, import or re-import, or transfer products without first obtaining
all required Government authorizations or licenses therefor. Furthermore, You hereby covenant
and agree to ensure that your use of the Software is in compliance with all other foreign,
federal, state, and local laws and regulations, including without limitation all laws and
regulations relating to privacy rights, and data protection. You shall have in place a privacy
policy and obtain all of the permissions, authorizations and consents required by applicable law
for use of cookies and processing of users' data (including without limitation pursuant to
Directives 95/46/EC, 2002/58/EC and 2009/136/EC of the EU if applicable) for the purpose of
provision of any services.
13. US Government. To the extent you are the U.S. government or any agency or instrumentality
thereof, you acknowledge and agree that the Software is a “commercial computer software” and
“commercial computer software documentation” pursuant to applicable regulations and your use
of the Software is subject to the terms of this License Agreement.
14. Federal Acquisition Regulation (FAR)/Data Rights Notice. Radware's commercial
computer software is created solely at private expense and is subject to Radware's commercial
license rights.
15. Governing Law. This License Agreement shall be construed and governed in accordance with
the laws of the State of Israel.
16. Miscellaneous. If a judicial determination is made that any of the provisions contained in this
License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or
provisions shall be rendered void or invalid only to the extent that such judicial determination
finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder
of this License Agreement shall remain operative and in full force and effect. In any event a
party breaches or threatens to commit a breach of this License Agreement, the other party will,
in addition to any other remedies available to, be entitled to injunction relief. This License
Agreement constitutes the entire agreement between the parties hereto and supersedes all prior
agreements between the parties hereto with respect to the subject matter hereof. The failure of
any party hereto to require the performance of any provisions of this License Agreement shall in
no manner affect the right to enforce the same. No waiver by any party hereto of any provisions
or of any breach of any provisions of this License Agreement shall be deemed or construed
either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of
any other provision or breach of any other provision of this License Agreement.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE YOU MUST REMOVE THE
SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMEDIATELY CEASE USING THE
SOFTWARE.
COPYRIGHT © 2020, Radware Ltd. All Rights Reserved.