APSVision 4-60 UG PDF

APSolute Vision User
Guide
APSolute Vision
USER GUIDE
Software Version 4.60

Document ID: RDWR-APSV-V04600_UG2006 June 2020
APSolute Vision User Guide
2 Document ID: RDWR-APSV-V04600_UG2006

Important Notices
The following important notices are presented in English, French, and German.
Important Notices
This guide is delivered subject to the following conditions and restrictions:
Copyright Radware Ltd. 2020. All rights reserved.
The copyright and all other intellectual property rights and trade secrets included in this guide are
owned by Radware Ltd.
The guide is provided to Radware customers for the sole purpose of obtaining information with
respect to the installation and use of the Radware products described in this document, and may not
be used for any other purpose.
The information contained in this guide is proprietary to Radware and must be kept in strict
confidence.
It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without
the prior written consent of Radware.
Notice importante
Ce guide est sujet aux conditions et restrictions suivantes:
Copyright Radware Ltd. 2020. Tous droits réservés.
Le copyright ainsi que tout autre droit lié à la propriété intellectuelle et aux secrets industriels
contenus dans ce guide sont la propriété de Radware Ltd.
Ce guide d’informations est fourni à nos clients dans le cadre de l’installation et de l’usage des
produits de Radware décrits dans ce document et ne pourra être utilisé dans un but autre que celui
pour lequel il a été conçu.
Les informations répertoriées dans ce document restent la propriété de Radware et doivent être
conservées de manière confidentielle.
Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce
manuel sans avoir obtenu le consentement préalable écrit de Radware.
Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschränkungen ausgeliefert:
Copyright Radware Ltd. 2020. Alle Rechte vorbehalten.
Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und
Geschäftsgeheimnisse sind Eigentum von Radware Ltd.
Dieses Handbuch wird Kunden von Radware mit dem ausschließlichen Zweck ausgehändigt,
Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von
Radware bereitzustellen. Es darf für keinen anderen Zweck verwendet werden.
Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und müssen streng
vertraulich behandelt werden.
Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung
von Radware zu kopieren, vervielfältigen, reproduzieren oder offen zu legen.
Document ID: RDWR-APSV-V04600_UG2006 3

Copyright Notices
The following copyright notices are presented in English, French, and German.
Copyright Notices
The programs included in this product are subject to a restricted use license and can only be used in
conjunction with this application.
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and
the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both
licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL,
please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote
products derived from this software without prior written permission. For written permission,
please contact openssl-core@openssl.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in
their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
“This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/)”
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS'' AND ANY EXPRESSED OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are
aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,
lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution
is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be
removed.
If this package is used in a product, Eric Young should be given attribution as the author of the parts
of the library used.
This can be in the form of a textual message at program startup or in documentation (online or
textual) provided with the package.
1. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
distribution.
3. All advertising materials mentioning features or use of this software must display the following
acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library being used are not
cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgment:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS”' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
The licence and distribution terms for any publically available version or derivative of this code
cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.]
This product contains the Rijndael cipher
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public
domain and distributed with the following license:
@version 3.0 (December 2000)
Optimized ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
The OnDemand Switch may use software components licensed under the GNU General Public
License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The
source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license
can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
This code is hereby placed in the public domain.

This product contains code developed by the OpenBSD Project

Copyright ©1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
distribution.
3. Neither the name of the University nor the names of its contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This product includes software developed by Markus Friedl.
This product includes software developed by Theo de Raadt.
This product includes software developed by Niels Provos
This product includes software developed by Dug Song
This product includes software developed by Aaron Campbell
This product includes software developed by Damien Miller
This product includes software developed by Kevin Steves
This product includes software developed by Daniel Kouril
This product includes software developed by Wesley Griffin
This product includes software developed by Per Allansson
This product includes software developed by Nils Nordman
This product includes software developed by Simon Wilkinson
distribution.
This product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm. RSA Data Security, Inc. makes no representations concerning either the merchantability
of the MD5 Message - Digest Algorithm or the suitability of the MD5 Message - Digest Algorithm for
any particular purpose. It is provided “as is” without express or implied warranty of any kind.
This product includes the DB2 Express-C database, the copyrights of which are owned IBM.
Notice traitant du copyright

Les programmes intégrés dans ce produit sont soumis à une licence d’utilisation limitée et ne
peuvent être utilisés qu’en lien avec cette application.
L’implémentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du
domaine public et distribuée sous les termes de la licence suivante:
@version 3.0 (Décembre 2000)
Code ANSI C code pour Rijndael (actuellement AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>.

Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes
de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets à
source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande
auprès de Radware. Une copie de la licence est répertoriée sur: http://www.gnu.org/licenses/old-
licenses/gpl-2.0.html.
Ce code est également placé dans le domaine public.
Ce produit renferme des codes développés dans le cadre du projet OpenSSL.
Copyright ©1983, 1990, 1992, 1993, 1995
Les membres du conseil de l’Université de Californie. Tous droits réservés.
La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée
pour autant que les conditions suivantes soient remplies:
1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette
liste de conditions et l’avis de non-responsabilité suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et
l’avis de non-responsabilité suivant.
3. Le nom de l’université, ainsi que le nom des contributeurs ne seront en aucun cas utilisés pour
approuver ou promouvoir un produit dérivé de ce programme sans l’obtention préalable d’une
autorisation écrite.
Ce produit inclut un logiciel développé par Markus Friedl.
Ce produit inclut un logiciel développé par Theo de Raadt.
Ce produit inclut un logiciel développé par Niels Provos.
Ce produit inclut un logiciel développé par Dug Song.
Ce produit inclut un logiciel développé par Aaron Campbell.
Ce produit inclut un logiciel développé par Damien Miller.
Ce produit inclut un logiciel développé par Kevin Steves.
Ce produit inclut un logiciel développé par Daniel Kouril.
Ce produit inclut un logiciel développé par Wesley Griffin.
Ce produit inclut un logiciel développé par Per Allansson.
Ce produit inclut un logiciel développé par Nils Nordman.
Ce produit inclut un logiciel développé par Simon Wilkinson.
La distribution et l’usage sous une forme source et binaire, avec ou sans modifications, est autorisée
pour autant que les conditions suivantes soient remplies:
1. La distribution d’un code source doit inclure la notice de copyright mentionnée ci-dessus, cette
liste de conditions et l’avis de non-responsabilité suivant.
2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout
autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et
l’avis de non-responsabilité suivant.
LE LOGICIEL MENTIONNÉ CI-DESSUS EST FOURNI TEL QUEL PAR LE DÉVELOPPEUR ET TOUTE
GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S’Y LIMITER, TOUTE GARANTIE
IMPLICITE DE QUALITÉ MARCHANDE ET D’ADÉQUATION À UN USAGE PARTICULIER EST EXCLUE.
EN AUCUN CAS L’AUTEUR NE POURRA ÊTRE TENU RESPONSABLE DES DOMMAGES DIRECTS,
INDIRECTS, ACCESSOIRES, SPÉCIAUX, EXEMPLAIRES OU CONSÉCUTIFS (Y COMPRIS, MAIS SANS
S’Y LIMITER, L’ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D’USAGE,
DE DONNÉES OU DE PROFITS OU L’INTERRUPTION DES AFFAIRES), QUELLE QU’EN SOIT LA CAUSE
ET LA THÉORIE DE RESPONSABILITÉ, QU’IL S’AGISSE D’UN CONTRAT, DE RESPONSABILITÉ
STRICTE OU D’UN ACTE DOMMAGEABLE (Y COMPRIS LA NÉGLIGENCE OU AUTRE), DÉCOULANT DE
QUELLE QUE FAÇON QUE CE SOIT DE L’USAGE DE CE LOGICIEL, MÊME S’IL A ÉTÉ AVERTI DE LA
POSSIBILITÉ D’UN TEL DOMMAGE.

Copyrightvermerke
Die in diesem Produkt enthalten Programme unterliegen einer eingeschränkten Nutzungslizenz und
können nur in Verbindung mit dieser Anwendung benutzt werden.
Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist
öffentlich zugänglich und wird unter folgender Lizenz vertrieben:
@version 3.0 (December 2000)
Optimierter ANSI C Code für den Rijndael cipher (jetzt AES)
@author Paulo Barreto <paulo.barreto@terra.com.br>
Der OnDemand Switch verwendet möglicherweise Software, die im Rahmen der DNU Allgemeine
Öffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschließlich LinuxBios und Filo
Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhältlich.
Eine Kopie dieser Lizenz kann eingesehen werden unter http://www.gnu.org/licenses/old-licenses/
gpl-2.0.html.
Dieser Code wird hiermit allgemein zugänglich gemacht.
Dieses Produkt enthält einen vom OpenBSD-Projekt entwickelten Code
Copyright ©1983, 1990, 1992, 1993, 1995
The Regents of the University of California. Alle Rechte vorbehalten.
Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.
3. Weder der Name der Universität noch die Namen der Beitragenden dürfen ohne ausdrückliche
vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete
Produkte zu empfehlen oder zu bewerben.
Dieses Produkt enthält von Markus Friedl entwickelte Software.
Dieses Produkt enthält von Theo de Raadt entwickelte Software.
Dieses Produkt enthält von Niels Provos entwickelte Software.
Dieses Produkt enthält von Dug Song entwickelte Software.
Dieses Produkt enthält von Aaron Campbell entwickelte Software.
Dieses Produkt enthält von Damien Miller entwickelte Software.
Dieses Produkt enthält von Kevin Steves entwickelte Software.
Dieses Produkt enthält von Daniel Kouril entwickelte Software.
Dieses Produkt enthält von Wesley Griffin entwickelte Software.
Dieses Produkt enthält von Per Allansson entwickelte Software.
Dieses Produkt enthält von Nils Nordman entwickelte Software.
Dieses Produkt enthält von Simon Wilkinson entwickelte Software.
Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind
unter folgenden Bedingungen erlaubt:
1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss beibehalten.
2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von
Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere
Materialien, die mit verteilt werden, reproduzieren.

SÄMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (“AS IS”)

BEREITGESTELLT. JEGLICHE AUSDRÜCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH,
DOCH NICHT BESCHRÄNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGÄNGIGKEIT UND DER
ANWENDBARKEIT FÜR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.
UNTER KEINEN UMSTÄNDEN HAFTET DER AUTOR FÜR DIREKTE ODER INDIREKTE SCHÄDEN, FÜR
BEI VERTRAGSERFÜLLUNG ENTSTANDENE SCHÄDEN, FÜR BESONDERE SCHÄDEN, FÜR
SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FÜR FOLGESCHÄDEN EINSCHLIESSLICH, DOCH
NICHT BESCHRÄNKT AUF, ERWERB VON ERSATZGÜTERN ODER ERSATZLEISTUNGEN; VERLUST AN
NUTZUNG, DATEN ODER GEWINN; ODER GESCHÄFTSUNTERBRECHUNGEN) GLEICH, WIE SIE
ENTSTANDEN SIND, UND FÜR JEGLICHE ART VON HAFTUNG, SEI ES VERTRÄGE,
GEFÄHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLÄSSIGKEIT
ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST
WENN AUF DIE MÖGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.
Standard Warranty
The following standard warranty is presented in English, French, and German.
Standard Warranty
Radware offers a limited warranty for all its products (“Products”). Radware hardware products are
warranted against defects in material and workmanship for a period of one year from date of
shipment. Radware software carries a standard warranty that provides bug fixes for up to 90 days
after date of purchase. Should a Product unit fail anytime during the said period(s), Radware will, at
its discretion, repair or replace the Product.
For hardware warranty service or repair, the product must be returned to a service facility
designated by Radware. Customer shall pay the shipping charges to Radware and Radware shall pay
the shipping charges in returning the product to the customer. Please see specific details outlined in
the Standard Warranty section of the customer’s purchase order.
Radware shall be released from all obligations under its Standard Warranty in the event that the
Product and/or the defective component has been subjected to misuse, neglect, accident or
improper installation, or if repairs or modifications were made by persons other than Radware
authorized service personnel, unless such repairs by others were made with the written consent of
Radware.
EXCEPT AS SET FORTH ABOVE, ALL RADWARE PRODUCTS (HARDWARE AND SOFTWARE) ARE
PROVIDED BY “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED.
Garantie standard
Radware octroie une garantie limitée pour l’ensemble de ses produits (“Produits”). Le matériel
informatique (hardware) Radware est garanti contre tout défaut matériel et de fabrication pendant
une durée d’un an à compter de la date d’expédition. Les logiciels (software) Radware sont fournis
avec une garantie standard consistant en la fourniture de correctifs des dysfonctionnements du
logiciels (bugs) pendant une durée maximum de 90 jours à compter de la date d’achat. Dans
l’hypothèse où un Produit présenterait un défaut pendant ladite (lesdites) période(s), Radware
procédera, à sa discrétion, à la réparation ou à l’échange du Produit.
S’agissant de la garantie d’échange ou de réparation du matériel informatique, le Produit doit être
retourné chez un réparateur désigné par Radware. Le Client aura à sa charge les frais d’envoi du
Produit à Radware et Radware supportera les frais de retour du Produit au client. Veuillez consulter
les conditions spécifiques décrites dans la partie “Garantie Standard” du bon de commande client.

Radware est libérée de toutes obligations liées à la Garantie Standard dans l’hypothèse où le Produit
et/ou le composant défectueux a fait l’objet d’un mauvais usage, d’une négligence, d’un accident ou
d’une installation non conforme, ou si les réparations ou les modifications qu’il a subi ont été
effectuées par d’autres personnes que le personnel de maintenance autorisé par Radware, sauf si
Radware a donné son consentement écrit à ce que de telles réparations soient effectuées par ces
personnes.
SAUF DANS LES CAS PREVUS CI-DESSUS, L’ENSEMBLE DES PRODUITS RADWARE (MATERIELS ET
LOGICIELS) SONT FOURNIS “TELS QUELS” ET TOUTES GARANTIES EXPRESSES OU IMPLICITES
SONT EXCLUES, EN CE COMPRIS, MAIS SANS S’Y RESTREINDRE, LES GARANTIES IMPLICITES DE
QUALITE MARCHANDE ET D’ADÉQUATION À UNE UTILISATION PARTICULIÈRE.
Standard Garantie
Radware bietet eine begrenzte Garantie für alle seine Produkte (“Produkte”) an. Hardware Produkte
von Radware haben eine Garantie gegen Material- und Verarbeitungsfehler für einen Zeitraum von
einem Jahr ab Lieferdatum. Radware Software verfügt über eine Standard Garantie zur
Fehlerbereinigung für einen Zeitraum von bis zu 90 Tagen nach Erwerbsdatum. Sollte ein Produkt
innerhalb des angegebenen Garantiezeitraumes einen Defekt aufweisen, wird Radware das Produkt
nach eigenem Ermessen entweder reparieren oder ersetzen.
Für den Hardware Garantieservice oder die Reparatur ist das Produkt an eine von Radware
bezeichnete Serviceeinrichtung zurückzugeben. Der Kunde hat die Versandkosten für den Transport
des Produktes zu Radware zu tragen, Radware übernimmt die Kosten der Rückversendung des
Produktes an den Kunden. Genauere Angaben entnehmen Sie bitte dem Abschnitt zur Standard
Garantie im Bestellformular für Kunden.
Radware ist von sämtlichen Verpflichtungen unter seiner Standard Garantie befreit, sofern das
Produkt oder der fehlerhafte Teil zweckentfremdet genutzt, in der Pflege vernachlässigt, einem
Unfall ausgesetzt oder unsachgemäß installiert wurde oder sofern Reparaturen oder Modifikationen
von anderen Personen als durch Radware autorisierten Kundendienstmitarbeitern vorgenommen
wurden, es sei denn, diese Reparatur durch besagte andere Personen wurden mit schriftlicher
Genehmigung seitens Radware durchgeführt.
MIT AUSNAHME DES OBEN DARGESTELLTEN, SIND ALLE RADWARE PRODUKTE (HARDWARE UND
SOFTWARE) GELIEFERT “WIE GESEHEN” UND JEGLICHE AUSDRÜCKLICHEN ODER
STILLSCHWEIGENDEN GARANTIEN, EINSCHLIESSLICH ABER NICHT BEGRENZT AUF
STILLSCHWEIGENDE GEWÄHRLEISTUNG DER MARKTFÄHIGKEIT UND EIGNUNG FÜR EINEN
BESTIMMTEN ZWECK AUSGESCHLOSSEN.
Limitations on Warranty and Liability

The following limitations on warranty and liability are presented in English, French, and German.
Limitations on Warranty and Liability

IN NO EVENT SHALL RADWARE LTD. OR ANY OF ITS AFFILIATED ENTITIES BE LIABLE FOR ANY
DAMAGES INCURRED BY THE USE OF THE PRODUCTS (INCLUDING BOTH HARDWARE AND
SOFTWARE) DESCRIBED IN THIS USER GUIDE, OR BY ANY DEFECT OR INACCURACY IN THIS USER
GUIDE ITSELF. THIS INCLUDES BUT IS NOT LIMITED TO ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION). THE ABOVE LIMITATIONS WILL APPLY EVEN IF RADWARE HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.

Limitations de la Garantie et Responsabilité

RADWARE LTD. OU SES ENTITIES AFFILIES NE POURRONT EN AUCUN CAS ETRE TENUES
RESPONSABLES DES DOMMAGES SUBIS DU FAIT DE L’UTILISATION DES PRODUITS (EN CE
COMPRIS LES MATERIELS ET LES LOGICIELS) DECRITS DANS CE MANUEL D’UTILISATION, OU DU
FAIT DE DEFAUT OU D’IMPRECISIONS DANS CE MANUEL D’UTILISATION, EN CE COMPRIS, SANS
TOUTEFOIS QUE CETTE ENUMERATION SOIT CONSIDEREE COMME LIMITATIVE, TOUS DOMMAGES
DIRECTS, INDIRECTS, ACCIDENTELS, SPECIAUX, EXEMPLAIRES, OU ACCESSOIRES (INCLUANT,
MAIS SANS S’Y RESTREINDRE, LA FOURNITURE DE PRODUITS OU DE SERVICES DE
REMPLACEMENT; LA PERTE D’UTILISATION, DE DONNEES OU DE PROFITS; OU L’INTERRUPTION
DES AFFAIRES). LES LIMITATIONS CI-DESSUS S’APPLIQUERONT QUAND BIEN MEME RADWARE A
ETE INFORMEE DE LA POSSIBLE EXISTENCE DE CES DOMMAGES. CERTAINES JURIDICTIONS
N’ADMETTANT PAS LES EXCLUSIONS OU LIMITATIONS DE GARANTIES IMPLICITES OU DE
RESPONSABILITE EN CAS DE DOMMAGES ACCESSOIRES OU INDIRECTS, LESDITES LIMITATIONS
OU EXCLUSIONS POURRAIENT NE PAS ETRE APPLICABLE DANS VOTRE CAS.
Haftungs- und Gewährleistungsausschluss

IN KEINEM FALL IST RADWARE LTD. ODER EIN IHR VERBUNDENES UNTERNEHMEN HAFTBAR FÜR
SCHÄDEN, WELCHE BEIM GEBRAUCH DES PRODUKTES (HARDWARE UND SOFTWARE) WIE IM
BENUTZERHANDBUCH BESCHRIEBEN, ODER AUFGRUND EINES FEHLERS ODER EINER
UNGENAUIGKEIT IN DIESEM BENUTZERHANDBUCH SELBST ENTSTANDEN SIND. DAZU GEHÖREN
UNTER ANDEREM (OHNE DARAUF BEGRENZT ZU SEIN) JEGLICHE DIREKTEN; IDIREKTEN; NEBEN;
SPEZIELLEN, BELEGTEN ODER FOLGESCHÄDEN (EINSCHLIESSLICH ABER NICHT BEGRENZT AUF
BESCHAFFUNG ODER ERSATZ VON WAREN ODER DIENSTEN, NUTZUNGSAUSFALL, DATEN- ODER
GEWINNVERLUST ODER BETRIEBSUNTERBRECHUNGEN). DIE OBEN GENANNTEN BEGRENZUNGEN
GREIFEN AUCH, SOFERN RADWARE AUF DIE MÖGLICHKEIT EINES SOLCHEN SCHADENS
HINGEWIESEN WORDEN SEIN SOLLTE. EINIGE RECHTSORDNUNGEN LASSEN EINEN AUSSCHLUSS
ODER EINE BEGRENZUNG STILLSCHWEIGENDER GARANTIEN ODER HAFTUNGEN BEZÜGLICH
NEBEN- ODER FOLGESCHÄDEN NICHT ZU, SO DASS DIE OBEN DARGESTELLTE BEGRENZUNG ODER
DER AUSSCHLUSS SIE UNTER UMSTÄNDEN NICHT BETREFFEN WIRD.
Safety Instructions
The following safety instructions are presented in English, French, and German.
Safety Instructions
CAUTION
A readily accessible disconnect device shall be incorporated in the building installation wiring.
Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that
involve opening panels or changing components must be performed by qualified service personnel
only.
To reduce the risk of fire and electrical shock, disconnect the device from the power line before
removing cover or panels.
The following figure shows the caution label that is attached to Radware platforms with dual power
supplies.

Figure 1: Electrical Shock Hazard Label
DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

The following figure is the warning for Radware platforms with dual power supplies.
Figure 2: Dual-Power-Supply-System Safety Warning in Chinese
Translation of Dual-Power-Supply-System Safety Warning in Chinese:

This unit has more than one power supply. Disconnect all power supplies before maintenance to
avoid electric shock.
SERVICING
Do not perform any servicing other than that contained in the operating instructions unless you are
qualified to do so. There are no serviceable parts inside the unit.
HIGH VOLTAGE
Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided
as much as possible and, when inevitable, must be carried out only by a skilled person who is aware
of the hazard involved.
Capacitors inside the instrument may still be charged even if the instrument has been disconnected
from its source of supply.
GROUNDING
Before connecting this device to the power line, the protective earth terminal screws of this device
must be connected to the protective earth in the building installation.
LASER
This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 +
A2:2001 Standard.
FUSES
Make sure that only fuses with the required rated current and of the specified type are used for
replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided.
Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be
made inoperative and be secured against any unintended operation.
LINE VOLTAGE
Before connecting this instrument to the power line, make sure the voltage of the power source
matches the requirements of the instrument. Refer to the Specifications for information about the
correct power rating for the device.
48V DC-powered platforms have an input tolerance of 36-72V DC.

SPECIFICATION CHANGES
Specifications are subject to change without notice.
Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
SPECIAL NOTICE FOR NORTH AMERICAN USERS
For North American power connection, select a power supply cord that is UL Listed and CSA Certified
3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [10 A], with a minimum
length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply
cord that is internationally harmonized and marked “<HAR>”, 3 - conductor, 0,75 mm2 minimum
mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated
250 V, 3 A.
RESTRICT AREA ACCESS
The DC powered equipment should only be installed in a Restricted Access Area.
INSTALLATION CODES
This device must be installed according to country national electrical codes. For North America,
equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16,
110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.
INTERCONNECTION OF UNITS
Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or
DP-2. (Note- when residing in non LPS circuit)
OVERCURRENT PROTECTION
A readily accessible listed branch-circuit over current protective device rated 15 A must be
incorporated in the building wiring for each power input.
REPLACEABLE BATTERIES
If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type,
then an explosion may occur. This is the case for some Lithium batteries and the following is
applicable:
• If the battery is placed in an Operator Access Area, there is a marking close to the battery or
a statement in both the operating and service instructions.
• If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a
statement in the service instructions.
This marking or statement includes the following text warning:

CAUTION
RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE.
DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.
Caution – To Reduce the Risk of Electrical Shock and Fire
1. This equipment is designed to permit connection between the earthed conductor of the DC
supply circuit and the earthing conductor equipment. See Installation Instructions.
2. All servicing must be undertaken only by qualified service personnel. There are not user
serviceable parts inside the unit.
3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.

4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.
5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label
adjacent to the power inlet, housing the fuse.
6. Do not operate the device in a location where the maximum ambient temperature exceeds
40°C/104°F.
7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove
and/or check the main power fuse.
CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60
825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001
AC units for Denmark, Finland, Norway, Sweden (marked on product):
• Denmark - “Unit is class I - unit to be used with an AC cord set suitable with Denmark
deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket
outlet which is connected to a protective earth. Socket outlets which are not connected to earth
are not to be used!”
• Finland - (Marking label and in manual) - “Laite on liitettävä suojamaadoituskoskettimilla
varustettuun pistorasiaan”
• Norway (Marking label and in manual) - “Apparatet må tilkoples jordet stikkontakt”
• Unit is intended for connection to IT power systems for Norway only.
• Sweden (Marking label and in manual) - “Apparaten skall anslutas till jordat uttag.”
To connect the power connection:

1. Connect the power cable to the main socket, located on the rear panel of the device.
2. Connect the power cable to the grounded AC outlet.
CAUTION
Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one
power supply module. To isolate the unit completely, disconnect all power supplies.
Instructions de sécurité
AVERTISSEMENT
Un dispositif de déconnexion facilement accessible sera incorporé au câblage du bâtiment.
En raison des risques de chocs électriques et des dangers énergétiques, mécaniques et d’incendie,
chaque procédure impliquant l’ouverture des panneaux ou le remplacement de composants sera
exécutée par du personnel qualifié.
Pour réduire les risques d’incendie et de chocs électriques, déconnectez le dispositif du bloc
d’alimentation avant de retirer le couvercle ou les panneaux.
La figure suivante montre l’étiquette d’avertissement apposée sur les plateformes Radware dotées
de plus d’une source d’alimentation électrique.
Figure 3: Étiquette d’avertissement de danger de chocs électriques

AVERTISSEMENT DE SÉCURITÉ POUR LES SYSTÈMES DOTÉS DE DEUX SOURCES D’ALIMENTATION

ÉLECTRIQUE (EN CHINOIS)
La figure suivante représente l’étiquette d’avertissement pour les plateformes Radware dotées de
deux sources d’alimentation électrique.
Figure 4: Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation
électrique (en chinois)
Traduction de la Avertissement de sécurité pour les systèmes dotes de deux sources d’alimentation
électrique (en chinois):
Cette unité est dotée de plus d’une source d’alimentation électrique. Déconnectez toutes les sources
d’alimentation électrique avant d’entretenir l’appareil ceci pour éviter tout choc électrique.
ENTRETIEN
N’effectuez aucun entretien autre que ceux répertoriés dans le manuel d’instructions, à moins d’être
qualifié en la matière. Aucune pièce à l’intérieur de l’unité ne peut être remplacée ou réparée.
HAUTE TENSION
Tout réglage, opération d’entretien et réparation de l’instrument ouvert sous tension doit être évité.
Si cela s’avère indispensable, confiez cette opération à une personne qualifiée et consciente des
dangers impliqués.
Les condensateurs au sein de l’unité risquent d’être chargés même si l’unité a été déconnectée de la
source d’alimentation électrique.
MISE A LA TERRE
Avant de connecter ce dispositif à la ligne électrique, les vis de protection de la borne de terre de
cette unité doivent être reliées au système de mise à la terre du bâtiment.
LASER
Cet équipement est un produit laser de classe 1, conforme à la norme IEC60825 - 1: 1993 + A1:
1997 + A2: 2001.
FUSIBLES
Assurez-vous que, seuls les fusibles à courant nominal requis et de type spécifié sont utilisés en
remplacement. L’usage de fusibles réparés et le court-circuitage des porte-fusibles doivent être
évités. Lorsqu’il est pratiquement certain que la protection offerte par les fusibles a été détériorée,
l’instrument doit être désactivé et sécurisé contre toute opération involontaire.
TENSION DE LIGNE
Avant de connecter cet instrument à la ligne électrique, vérifiez que la tension de la source
d’alimentation correspond aux exigences de l’instrument. Consultez les spécifications propres à
l’alimentation nominale correcte du dispositif.
Les plateformes alimentées en 48 CC ont une tolérance d’entrée comprise entre 36 et 72 V CC.
MODIFICATIONS DES SPÉCIFICATIONS
Les spécifications sont sujettes à changement sans notice préalable.

Remarque: Cet équipement a été testé et déclaré conforme aux limites définies pour un appareil
numérique de classe A, conformément au paragraphe 15B de la réglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformité de la CE. Ces limites sont fixées pour fournir une
protection raisonnable contre les interférences nuisibles, lorsque l’équipement est utilisé dans un
environnement commercial. Cet équipement génère, utilise et peut émettre des fréquences radio et,
s’il n’est pas installé et utilisé conformément au manuel d’instructions, peut entraîner des
interférences nuisibles aux communications radio. Le fonctionnement de cet équipement dans une
zone résidentielle est susceptible de provoquer des interférences nuisibles, auquel cas l’utilisateur
devra corriger le problème à ses propres frais.
NOTICE SPÉCIALE POUR LES UTILISATEURS NORD-AMÉRICAINS
Pour un raccordement électrique en Amérique du Nord, sélectionnez un cordon d’alimentation
homologué UL et certifié CSA 3 - conducteur, [18 AWG], muni d’une prise moulée à son extrémité,
de 125 V, [10 A], d’une longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la
connexion européenne, choisissez un cordon d’alimentation mondialement homologué et marqué
“<HAR>”, 3 - conducteur, câble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isolée. La
prise à l’extrémité du cordon, sera dotée d’un sceau moulé indiquant: 250 V, 3 A.
ZONE A ACCÈS RESTREINT
L’équipement alimenté en CC ne pourra être installé que dans une zone à accès restreint.
CODES D’INSTALLATION
Ce dispositif doit être installé en conformité avec les codes électriques nationaux. En Amérique du
Nord, l’équipement sera installé en conformité avec le code électrique national américain, articles
110-16, 110 -17, et 110 -18 et le code électrique canadien, Section 12.
INTERCONNEXION DES UNÎTES
Les câbles de connexion à l’unité RS232 et aux interfaces Ethernet seront certifiés UL, type DP-1 ou
DP-2. (Remarque- s’ils ne résident pas dans un circuit LPS).
PROTECTION CONTRE LES SURCHARGES
Un circuit de dérivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit
être intégré au câblage du bâtiment pour chaque puissance consommée.
BATTERIES REMPLAÇABLES
Si l’équipement est fourni avec une batterie, et qu’elle est remplacée par un type de batterie
incorrect, elle est susceptible d’exploser. C’est le cas pour certaines batteries au lithium, les
éléments suivants sont donc applicables:
• Si la batterie est placée dans une zone d’accès opérateur, une marque est indiquée sur la
batterie ou une remarque est insérée, aussi bien dans les instructions d’exploitation que
d’entretien.
• Si la batterie est placée ailleurs dans l’équipement, une marque est indiquée sur la batterie ou
une remarque est insérée dans les instructions d’entretien.
Cette marque ou remarque inclut l’avertissement textuel suivant:

AVERTISSEMENT
RISQUE D’EXPLOSION SI LA BATTERIE EST REMPLACÉE PAR UN MODÈLE INCORRECT.
METTRE AU REBUT LES BATTERIES CONFORMÉMENT AUX INSTRUCTIONS.
Attention - Pour réduire les risques de chocs électriques et d’incendie
1. Cet équipement est conçu pour permettre la connexion entre le conducteur de mise à la terre du
circuit électrique CC et l’équipement de mise à la terre. Voir les instructions d’installation.
2. Tout entretien sera entrepris par du personnel qualifié. Aucune pièce à l’intérieur de l’unité ne
peut être remplacée ou réparée.
3. NE branchez pas, n’allumez pas ou n’essayez pas d’utiliser une unité manifestement
endommagée.
4. Vérifiez que l’orifice de ventilation du châssis dans l’unité n’est PAS OBSTRUE.

5. Remplacez le fusible endommagé par un modèle similaire de même puissance, tel qu’indiqué sur
l’étiquette de sécurité adjacente à l’arrivée électrique hébergeant le fusible.
6. Ne faites pas fonctionner l’appareil dans un endroit, où la température ambiante dépasse la
valeur maximale autorisée. 40°C/104°F.
7. Débranchez le cordon électrique de la prise murale AVANT d’essayer de retirer et/ou de vérifier
le fusible d’alimentation principal.
PRODUIT LASER DE CLASSE 1 ET RÉFÉRENCE AUX NORMES LASER LES PLUS RÉCENTES: IEC 60
825-1: 1993 + A1: 1997 + A2: 2001 ET EN 60825-1: 1994+A1: 1996+ A2: 2001
Unités à CA pour le Danemark, la Finlande, la Norvège, la Suède (indiqué sur le produit):
• Danemark - Unité de classe 1 - qui doit être utilisée avec un cordon CA compatible avec les
déviations du Danemark. Le cordon inclut un conducteur de mise à la terre. L’unité sera
branchée à une prise murale, mise à la terre. Les prises non-mises à la terre ne seront pas
utilisées!
• Finlande (Étiquette et inscription dans le manuel) - Laite on liitettävä
suojamaadoituskoskettimilla varustettuun pistorasiaan
• Norvège (Étiquette et inscription dans le manuel) - Apparatet må tilkoples jordet stikkontakt
• L’unité peut être connectée à un système électrique IT (en Norvège uniquement).
• Suède (Étiquette et inscription dans le manuel) - Apparaten skall anslutas till jordat uttag.
Pour brancher à l’alimentation électrique:

1. Branchez le câble d’alimentation à la prise principale, située sur le panneau arrière de l’unité.
2. Connectez le câble d’alimentation à la prise CA mise à la terre.
AVERTISSEMENT
Risque de choc électrique et danger énergétique. La déconnexion d’une source d’alimentation
électrique ne débranche qu’un seul module électrique. Pour isoler complètement l’unité, débranchez
toutes les sources d’alimentation électrique.
ATTENTION
Risque de choc et de danger électriques. Le débranchement d’une seule alimentation stabilisée ne
débranche qu’un module “Alimentation Stabilisée”. Pour Isoler complètement le module en cause, il
faut débrancher toutes les alimentations stabilisées.
Attention: Pour Réduire Les Risques d’Électrocution et d’Incendie
1. Toutes les opérations d’entretien seront effectuées UNIQUEMENT par du personnel d’entretien
qualifié. Aucun composant ne peut être entretenu ou remplacée par l’utilisateur.
2. NE PAS connecter, mettre sous tension ou essayer d’utiliser une unité visiblement défectueuse.
3. Assurez-vous que les ouvertures de ventilation du châssis NE SONT PAS OBSTRUÉES.
4. Remplacez un fusible qui a sauté SEULEMENT par un fusible du même type et de même
capacité, comme indiqué sur l’étiquette de sécurité proche de l’entrée de l’alimentation qui
contient le fusible.
5. NE PAS UTILISER l’équipement dans des locaux dont la température maximale dépasse 40
degrés Centigrades.
6. Assurez vous que le cordon d’alimentation a été déconnecté AVANT d’essayer de l’enlever et/ou
vérifier le fusible de l’alimentation générale.
Sicherheitsanweisungen
VORSICHT
Die Elektroinstallation des Gebäudes muss ein unverzüglich zugängliches Stromunterbrechungsgerät
integrieren.

Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr dürfen Vorgänge,
in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschließlich von
qualifiziertem Servicepersonal durchgeführt werden.
Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gerät vor der Entfernung der
Abdeckung oder der Paneele von der Stromversorgung getrennt werden.
Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit
Doppelspeisung angebracht ist.
Figure 5: Warnetikett Stromschlaggefahr
SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FÜR SYSTEME MIT DOPPELSPEISUNG

Die folgende Abbildung ist die Warnung für Radware-Plattformen mit Doppelspeisung.
Figure 6: Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung
Übersetzung von Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung:

Die Einheit verfügt über mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von
Stromschlag vor Wartungsarbeiten sämtliche Stromversorgungsleitungen ab.
WARTUNG
Führen Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angeführt sind, es sei
denn, Sie sind dafür qualifiziert. Es gibt innerhalb des Gerätes keine wartungsfähigen Teile.
HOCHSPANNUNG
Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geöffneten Gerät unter
Spannung müssen so weit wie möglich vermieden werden. Sind sie nicht vermeidbar, dürfen sie
ausschließlich von qualifizierten Personen ausgeführt werden, die sich der Gefahr bewusst sind.
Innerhalb des Gerätes befindliche Kondensatoren können auch dann noch Ladung enthalten, wenn
das Gerät von der Stromversorgung abgeschnitten wurde.
ERDUNG
Bevor das Gerät an die Stromversorgung angeschlossen wird, müssen die Schrauben der
Erdungsleitung des Gerätes an die Erdung der Gebäudeverkabelung angeschlossen werden.
LASER
Dieses Gerät ist ein Laser-Produkt der Klasse 1 in Übereinstimmung mit IEC60825 - 1: 1993 +
A1:1997 + A2:2001 Standard.
SICHERUNGEN

Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstärke und der
angeführten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die
Kurzschließung von Sicherungsfassungen muss vermieden werden. In Fällen, in denen
wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeinträchtigt ist, muss das
Gerät abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.
LEITUNGSSPANNUNG
Vor Anschluss dieses Gerätes an die Stromversorgung ist zu gewährleisten, dass die Spannung der
Stromquelle den Anforderungen des Gerätes entspricht. Beachten Sie die technischen Angaben
bezüglich der korrekten elektrischen Werte des Gerätes.
Plattformen mit 48 V DC verfügen über eine Eingangstoleranz von 36-72 V DC.
ÄNDERUNGEN DER TECHNISCHEN ANGABEN
Änderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gerät wurde geprüft und entspricht den Beschränkungen von digitalen Geräten der
Klasse 1 gemäß Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 für Konformität mit der CE-Bezeichnung.
Diese Beschränkungen dienen dem angemessenen Schutz vor schädlichen Interferenzen bei Betrieb
des Gerätes in kommerziellem Umfeld. Dieses Gerät erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, könnte es mit dem Funkverkehr interferieren und ihn
beeinträchtigen. Der Betrieb dieses Gerätes in Wohnbereichen wird höchstwahrscheinlich zu
schädlichen Interferenzen führen. In einem solchen Fall wäre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
BESONDERER HINWEIS FÜR BENUTZER IN NORDAMERIKA
Wählen Sie für den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgeführt
und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, für 125 V, [10 A],
mit einer Mindestlänge von 1,5 m [sechs Fuß], doch nicht länger als 4,5 m. Für europäische
Anschlüsse verwenden Sie ein international harmonisiertes, mit “<HAR>” markiertes Stromkabel,
mit 3 Leitern von mindestens 0,75 mm2, für 300 V, mit PVC-Umkleidung. Das Kabel muss in einem
gegossenen Stecker für 250 V, 3 A enden.
BEREICH MIT EINGESCHRÄNKTEM ZUGANG
Das mit Gleichstrom betriebene Gerät darf nur in einem Bereich mit eingeschränktem Zugang
montiert werden.
INSTALLATIONSCODES
Dieses Gerät muss gemäß der landesspezifischen elektrischen Codes montiert werden. In
Nordamerika müssen Geräte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 -
17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden.
VERKOPPLUNG VON GERÄTEN Kabel für die Verbindung des Gerätes mit RS232- und Ethernet-
müssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem
nicht-LPS-Stromkreis)
ÜBERSTROMSCHUTZ
Ein gut zugänglicher aufgeführter Überstromschutz mit Abzweigstromkreis und 15 A Stärke muss für
jede Stromeingabe in der Gebäudeverkabelung integriert sein.
AUSTAUSCHBARE BATTERIEN
Wird ein Gerät mit einer austauschbaren Batterie geliefert und für diese Batterie durch einen
falschen Batterietyp ersetzt, könnte dies zu einer Explosion führen. Dies trifft zu für manche Arten
von Lithiumsbatterien zu, und das folgende gilt es zu beachten:
• Wird die Batterie in einem Bereich für Bediener eingesetzt, findet sich in der Nähe der Batterie
eine Markierung oder Erklärung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.
• Ist die Batterie an einer anderen Stelle im Gerät eingesetzt, findet sich in der Nähe der Batterie
eine Markierung oder einer Erklärung in der Wartungsanleitung.
Diese Markierung oder Erklärung enthält den folgenden Warntext:

VORSICHT

EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT

WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.
• Denmark - “Unit is class I - mit Wechselstromkabel benutzen, dass für die Abweichungen in
Dänemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine
geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!”
• Finland - (Markierungsetikett und im Handbuch) - Laite on liitettävä suojamaadoituskoskettimilla
varustettuun pistorasiaan
• Norway - (Markierungsetikett und im Handbuch) - Apparatet må tilkoples jordet stikkontakt
Ausschließlich für Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen
• Sweden - (Markierungsetikett und im Handbuch) - Apparaten skall anslutas till jordat uttag.
Anschluss des Stromkabels:

1. Schließen Sie das Stromkabel an den Hauptanschluss auf der Rückseite des Gerätes an.
2. Schließen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.
VORSICHT
Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein
Stromversorgungsmodul von der Stromversorgung. Um das Gerät komplett zu isolieren, muss es
von der gesamten Stromversorgung getrennt werden.
Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr
1. Dieses Gerät ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des
Gleichstromkreises und dem Erdungsleiter des Gerätes zu ermöglichen. Siehe
Montageanleitung.
2. Wartungsarbeiten jeglicher Art dürfen nur von qualifiziertem Servicepersonal ausgeführt
werden. Es gibt innerhalb des Gerätes keine vom Benutzer zu wartenden Teile.
3. Versuchen Sie nicht, ein offensichtlich beschädigtes Gerät an den Stromkreis anzuschließen,
einzuschalten oder zu betreiben.
4. Vergewissern Sie sich, dass sie Lüftungsöffnungen im Gehäuse des Gerätes NICHT BLOCKIERT
SIND.
5. Ersetzen Sie eine durchgebrannte Sicherung ausschließlich mit dem selben Typ und von der
selben Stärke, die auf dem Sicherheitsetikett angeführt sind, das sich neben dem
Stromkabelanschluss, am Sicherungsgehäuse.
6. Betreiben Sie das Gerät nicht an einem Standort, an dem die Höchsttemperatur der Umgebung
40°C überschreitet.
7. Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die
Hauptsicherung entfernen und/oder prüfen.
Electromagnetic-Interference Statements
The following statements are presented in English, French, and German.
Electromagnetic-Interference Statements
SPECIFICATION CHANGES
Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital
device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN
61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance.
These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction
manual, may cause harmful interference to radio communications. Operation of this equipment in a
residential area is likely to cause harmful interference in which case the user is required to correct
the interference at his own expense.
VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS
Figure 7: Statement for Class A VCCI-certified Equipment
Translation of Statement for Class A VCCI-certified Equipment:

This is a Class A product based on the standard of the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). If this equipment is used in a domestic environment,
radio disturbance may occur, in which case, the user may be required to take corrective actions.
KCC KOREA
Figure 8: KCC—Korea Communications Commission Certificate of Broadcasting and

Communication Equipment
Figure 9: Statement For Class A KCC-certified Equipment in Korean
Translation of Statement For Class A KCC-certified Equipment in Korean:

This equipment is Industrial (Class A) electromagnetic wave suitability equipment and seller or user
should take notice of it, and this equipment is to be used in the places except for home.
BSMI
Figure 10: Statement for Class A BSMI-certified Equipment

這是甲類的資訊產品，在居住的環境使用中時，可能會造成射頻
干擾，在這種情況下，使用者會被要求採取某些適當的對策。

Translation of Statement for Class A BSMI-certified Equipment:

This is a Class A product, in use in a residential environment, it may cause radio interference in
which case the user will be required to take adequate measures.
Déclarations sur les Interférences Électromagnétiques

MODIFICATIONS DES SPÉCIFICATIONS
Les spécifications sont sujettes à changement sans notice préalable.
Remarque: Cet équipement a été testé et déclaré conforme aux limites définies pour un appareil
numérique de classe A, conformément au paragraphe 15B de la réglementation FCC et EN55022
Classe A, EN 55024, EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8, et IEC
61000-4-11, pour la marque de conformité de la CE. Ces limites sont fixées pour fournir une
protection raisonnable contre les interférences nuisibles, lorsque l’équipement est utilisé dans un
environnement commercial. Cet équipement génère, utilise et peut émettre des fréquences radio et,
s’il n’est pas installé et utilisé conformément au manuel d’instructions, peut entraîner des
interférences nuisibles aux communications radio. Le fonctionnement de cet équipement dans une
zone résidentielle est susceptible de provoquer des interférences nuisibles, auquel cas l’utilisateur
devra corriger le problème à ses propres frais.
DÉCLARATIONS SUR LES INTERFÉRENCES ÉLECTROMAGNÉTIQUES VCCI
Figure 11: Déclaration pour l’équipement de classe A certifié VCCI
Traduction de la Déclaration pour l’équipement de classe A certifié VCCI:

Il s’agit d’un produit de classe A, basé sur la norme du Voluntary Control Council for Interference by
Information Technology Equipment (VCCI). Si cet équipement est utilisé dans un environnement
domestique, des perturbations radioélectriques sont susceptibles d’apparaître. Si tel est le cas,
l’utilisateur sera tenu de prendre des mesures correctives.
KCC Corée
Figure 12: KCC—Certificat de la commission des communications de Corée pour les equipements de
radiodiffusion et communication.
Figure 13: Déclaration pour l’équipement de classe A certifié KCC en langue coréenne
Translation de la Déclaration pour l’équipement de classe A certifié KCC en langue coréenne:

Cet équipement est un matériel (classe A) en adéquation aux ondes électromagnétiques et le

vendeur ou l’utilisateur doit prendre cela en compte. Ce matériel est donc fait pour être utilisé
ailleurs qu’ á la maison.
BSMI
Figure 14: Déclaration pour l’équipement de classe A certifié BSMI

Translation de la Déclaration pour l’équipement de classe A certifié BSMI:

Il s’agit d’un produit de Classe A; utilisé dans un environnement résidentiel il peut provoquer des
interférences, l’utilisateur devra alors prendre les mesures adéquates.
Erklärungen zu Elektromagnetischer Interferenz

ÄNDERUNGEN DER TECHNISCHEN ANGABEN
Änderungen der technischen Spezifikationen bleiben vorbehalten.
Hinweis: Dieses Gerät wurde geprüft und entspricht den Beschränkungen von digitalen Geräten der
Klasse 1 gemäß Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC
61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 für Konformität mit der CE-Bezeichnung.
Diese Beschränkungen dienen dem angemessenen Schutz vor schädlichen Interferenzen bei Betrieb
des Gerätes in kommerziellem Umfeld. Dieses Gerät erzeugt, verwendet und strahlt
elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im
Handbuch montiert und benutzt, könnte es mit dem Funkverkehr interferieren und ihn
beeinträchtigen. Der Betrieb dieses Gerätes in Wohnbereichen wird höchstwahrscheinlich zu
schädlichen Interferenzen führen. In einem solchen Fall wäre der Benutzer verpflichtet, diese
Interferenzen auf eigene Kosten zu korrigieren.
ERKLÄRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ
Figure 15: Erklärung zu VCCI-zertifizierten Geräten der Klasse A
Übersetzung von Erklärung zu VCCI-zertifizierten Geräten der Klasse A:

Dies ist ein Produkt der Klasse A gemäß den Normen des Voluntary Control Council for Interference
by Information Technology Equipment (VCCI). Wird dieses Gerät in einem Wohnbereich benutzt,
können elektromagnetische Störungen auftreten. In einem solchen Fall wäre der Benutzer
verpflichtet, korrigierend einzugreifen.
KCC KOREA
Figure 16: KCC—Korea Communications Commission Zertifikat für Rundfunk-und

Nachrichtentechnik

Figure 17: Erklärung zu KCC-zertifizierten Geräten der Klasse A
Übersetzung von Erklärung zu KCC-zertifizierten Geräten der Klasse A:

Verkäufer oder Nutzer sollten davon Kenntnis nehmen, daß dieses Gerät der Klasse A für industriell
elektromagnetische Wellen geeignete Geräten angehört und dass diese Geräte nicht für den
heimischen Gebrauch bestimmt sind.
BSMI
Figure 18: Erklärung zu BSMI-zertifizierten Geräten der Klasse A

Übersetzung von Erklärung zu BSMI-zertifizierten Geräten der Klasse A:

Dies ist ein Class A Produkt, bei Gebrauch in einer Wohnumgebung kann es zu Funkstörungen
kommen, in diesem Fall ist der Benutzer verpflichtet, angemessene Maßnahmen zu ergreifen.
Altitude and Climate Warning

This warning only applies to The People’s Republic of China.
1. 对于在非热带气候条件下运行的设备而言，Tma：为制造商规范允许的最大环境温度，或者为 25°C，采用两
者中的较大者。
2. 关于在海拔不超过 2000m 或者在非热带气候地区使用的设备，附加警告要求如下：
关于在海拔不超过 2000m 的地区使用的设备，必须在随时可见的位置处粘贴包含如下内容或者类似用语的警告标

记、或者附件 DD 中的符号。
“ 只可在海拔不超过 2000m 的位置使用。”
关于在非热带气候地区使用的设备，必须在随时可见的位置处粘贴包含如下内容的警告标记：
附件 DD：有关新安全警告标记的说明。
DD.1 海拔警告标记

标记含义：设备的评估仅基于 2000m 以下的海拔高度，因此设备只适用于该运行条件。如果在海拔超过 2000m 的

位置使用设备，可能会存在某些安全隐患。
DD.2 气候警告标记
标记含义：设备的评估仅基于温带气候条件，因此设备只适用于该运行条件。如果在热带气候地区使用设备，可能
会存在某些安全隐患。
Document Conventions
The following describes the conventions and symbols that this guide uses:
Item Description Description Beschreibung

An example scenario Un scénario d’exemple Ein Beispielszenarium
Example
Possible damage to Endommagement Mögliche Schäden an
equipment, software, or possible de l’équipement, Gerät, Software oder
Caution: data des données ou du Daten
logiciel
Additional information Informations Zusätzliche
complémentaires Informationen
Note:
A statement and Références et Eine Erklärung und
instructions instructions Anweisungen
To
A suggestion or Une suggestion ou Ein Vorschlag oder eine
workaround solution Umgehung
Tip:
Possible physical harm to Blessure possible de Verletzungsgefahr des
the operator l’opérateur Bedieners
Warning:


Table of Contents
TABLE OF CONTENTS
Important Notices .......................................................................................................... 3
Copyright Notices .......................................................................................................... 4
Standard Warranty ........................................................................................................ 9
Limitations on Warranty and Liability ........................................................................... 10
Safety Instructions ....................................................................................................... 11
Electromagnetic-Interference Statements ................................................................... 20
Altitude and Climate Warning ...................................................................................... 24
Document Conventions ............................................................................................... 25
CHAPTER 1 – INTRODUCTION TO APSOLUTE VISION ...................................... 41

What is APSolute Vision? ............................................................................................ 41
APSolute Vision Three-Tier Architecture ..................................................................... 42
APSolute Vision Features—Overview ........................................................................ 43
APSolute Vision Platform Management ............................................................................... 44
User Management and Role-based Access Control (RBAC) .............................................. 44
APSolute Vision Platform Security ....................................................................................... 44
Auditing and Alerts ............................................................................................................... 44
Device-Configuration Features ............................................................................................ 45
DefenseFlow Access ........................................................................................................... 48
Radware Cloud DDoS Portal Access .................................................................................. 48
Device- and Service-Monitoring Features ........................................................................... 49
Security-Reporting and Security-Monitoring Features ......................................................... 51
APSolute Vision Online Help ............................................................................................... 54
Language Support (Localization) ......................................................................................... 54
APSolute Vision Interface Navigation .......................................................................... 54
APSolute Vision Toolbar and Sidebar Menu ....................................................................... 55
APSolute Vision Settings View ............................................................................................ 57
Device Pane ........................................................................................................................ 60
Device-Properties Pane ....................................................................................................... 62
Configuration Perspective .................................................................................................... 63
Monitoring Perspective ........................................................................................................ 66
Security Monitoring Perspective .......................................................................................... 67
Related Documentation ............................................................................................... 68
CHAPTER 2 – GETTING STARTED WITH APSOLUTE VISION............................ 71

Initializing the APSolute Vision Server ........................................................................ 71
Recommended Basic Security Procedures ................................................................. 73
Restricting Root Access ....................................................................................................... 73
Restricting APSolute Vision CLI Access .............................................................................. 73
Restricting Web Access to the APSolute Vision Server ...................................................... 73

Table of Contents
Restricting Web Access by Radware Technical Support .................................................... 74

APSolute Vision WBM Requirements ......................................................................... 74
APSolute Vision WBM Requirements ................................................................................. 74
Application Performance Monitoring Requirements ............................................................ 75
APSolute Vision Reporter Requirements ............................................................................ 75
Device Performance Monitor Requirements ....................................................................... 75
Logging In to and Out of APSolute Vision .................................................................. 76
Changing Passwords for Local Users ........................................................................ 77
Selecting Your Landing Page ..................................................................................... 78
After Initial Configuration of APSolute Vision ............................................................. 79
Using Common GUI Elements in APSolute Vision ..................................................... 80
Icons/Buttons and Commands for Managing Table Entries ................................................ 80
Filtering Table Rows ............................................................................................................ 81
CHAPTER 3 – MANAGING APSOLUTE VISION USERS ...................................... 83

Logging In as the Default Administrator User—radware User ................................... 83
Viewing Details About the Current User ..................................................................... 84
Role-Based Access Control (RBAC) .......................................................................... 85
APSolute Vision RBAC—General Information .................................................................... 85
Roles and Scopes ............................................................................................................... 86
GUI Display Is According to Role ........................................................................................ 87
IDM Strings for Predefined Roles ........................................................................................ 87
Predefined Roles Described ................................................................................................ 88
Roles per Radware Product ............................................................................................... 91
Feature-Accessibility per Role ............................................................................................. 92
Rules for RBAC Permission Conflicts with Logical Groups ................................................. 95
Configuring General User-Management Settings ....................................................... 96
Configuring Local Users for APSolute Vision ............................................................. 99
Adding and Editing Users .................................................................................................. 101
Deleting Users ................................................................................................................... 105
Releasing User Lockout .................................................................................................... 105
Resetting User Passwords to the Default .......................................................................... 105
Revoking and Enabling Users ........................................................................................... 106
Viewing the Predefined Roles .................................................................................. 106
Managing LDAP Object Class Permissions ............................................................. 107
Viewing User Statistics ............................................................................................. 108
APSolute Vision Password Requirements ................................................................ 108
CHAPTER 4 – MANAGING AND MONITORING THE APSOLUTE VISION SYSTEM

111
Monitoring APSolute Vision—Overview ................................................................... 112
Managing APSolute Vision Basic Information and Properties .................................. 112

Table of Contents
Displaying Basic Information About the APSolute Vision Server ...................................... 112
Managing APSolute Vision Server Software .................................................................... 114
Displaying APSolute Vision Server Hardware Information ............................................... 116
Managing and Updating the Attack Descriptions File for DefensePro .............................. 116
Configuring Connectivity Parameters for Server Connections ................................. 117
Configuring Settings for Alerts .................................................................................. 121
Configuring Settings for the Alerts Table Pane ................................................................. 121
Selecting Parameters to Include in Security Alerts ........................................................... 132
Managing APSolute Vision Analytics Settings .......................................................... 133
Managing the Email Reporting Configuration for APSolute Vision Analytics .................... 133
ADC Analytics ................................................................................................................... 134
Configuring Monitoring Settings ............................................................................... 135
Configuring APSolute Vision Server Alarm Thresholds ............................................ 136
Managing Connections to Authentication Servers .................................................... 137
Managing RADIUS Server Connections ........................................................................... 137
Managing TACACS+ Server Connections ........................................................................ 142
Managing LDAP Server Connections ............................................................................... 147
Managing Device Drivers ......................................................................................... 150
Configuring APSolute Vision Reporter Parameters .................................................. 153
Managing APSolute Vision Licenses and Viewing Capacity Utilization .................... 154
Managing Licenses for APSolute Vision ........................................................................... 154
Viewing Details of the RTU Licenses ................................................................................ 156
Viewing Details on the Current Utilization of the APSolute Vision Server ........................ 157
Managing APM in APSolute Vision .......................................................................... 158
Considerations and Constraints Using APM with Alteon Version 29.5 ............................. 158
Managing the APM Server ................................................................................................ 159
Viewing Information on the APM-Enabled Devices .......................................................... 161
Configuring the Radware Cloud DDoS Protection Setting ....................................... 161
Configuring APSolute Vision Server Advanced Parameters .................................... 162
Configuring APSolute Vision Display Parameters .................................................... 163
Managing APSolute Vision Maintenance Files ......................................................... 165
Managing Operator Toolbox Settings ....................................................................... 166
Managing Stored Device Configuration/Backup Files .............................................. 166
Viewing Device Subscriptions .................................................................................. 168
Controlling APSolute Vision Operations ................................................................... 170
CHAPTER 5 – MANAGING DEVICES, SITES, AND LOGICAL GROUPS ........... 171

Using the Device Pane ............................................................................................. 171
Device Pane Trees ........................................................................................................... 172
Icons for High Availability .................................................................................................. 172
Configuring Sites .............................................................................................................. 172
Tree Nodes ....................................................................................................................... 174

Table of Contents
Exporting a CSV File with the Devices in the Sites and Devices Tree .............................. 174
Filtering Entities in the Device Pane .................................................................................. 174
Managing Individual Devices .................................................................................... 174
APSolute Vision Server Registered for Device Events—Alteon and LinkProof NG . 188
APSolute Vision Server Registered for Device Events—DefensePro ..................... 188
APSolute Vision Server Registered for Device Events—AppWall ........................... 189
Locking and Unlocking Devices ................................................................................ 189
Managing DefensePro Clusters for High Availability ................................................ 191
High-Availability in DefensePro—Overview ...................................................................... 191
Configuring DefensePro High-Availability Clusters ........................................................... 194
Monitoring DefensePro Clusters ....................................................................................... 195
Synchronizing High-Availability Devices and Switching the Device States ....................... 196
Using the Multi-Device View and the Multiple Devices Summary ............................ 196
Using Logical Groups of Devices ............................................................................. 199
Logical Groups—General Information .............................................................................. 199
Logical Group User Interface ............................................................................................ 200
Managing Logical Groups ................................................................................................. 201
After You Set Up Your Managed Devices ................................................................ 203
CHAPTER 6 – MANAGING DEVICE OPERATIONS AND MAINTENANCE ........ 205

Rebooting and Shutting Down Managed Devices .................................................... 205
Configuring Multiple Devices .................................................................................... 206
Using the Diff Feature ............................................................................................... 208
Device-Configuration Management (Global Commands) for Alteon and LinkProof NG ...
209
Updating DefensePro Device Software (Versions Earlier than 8.17.3) .................... 212
Downloading a DefensePro Log File to the APSolute Vision Client ......................... 213
Managing Radware Signature Files or Fraud Signature Files in DefensePro Devices ....
214
Rolling Back the Signature File ......................................................................................... 215
Downloading a DefensePro Technical Support File ................................................. 216
User Credentials in DefensePro Technical Support Files ................................................. 216
Managing DefensePro Configurations ...................................................................... 217
DefensePro Configuration File Content ............................................................................. 217
Downloading a Device-Configuration File ......................................................................... 218
Restoring a Device Configuration ...................................................................................... 219
Updating DefensePro Policy Configurations ............................................................ 220
CHAPTER 7 – USING THE TOOLBOX ................................................................. 221

Using and Managing Toolbox Scripts ....................................................................... 221
Toolbox Scripts—Basics ................................................................................................... 221
Managing and Customizing Panels in the Toolbox Dashboard ......................................... 225

Table of Contents
User Roles and Toolbox Scripts ....................................................................................... 227

vDirect and vDirect Access to Devices ............................................................................. 227
Prerequisites for Target Devices of Toolbox Scripts ......................................................... 227
Predefined Toolbox Scripts ............................................................................................... 228
Device Locking and Toolbox Scripts ................................................................................. 238
Running Scripts ................................................................................................................ 238
Configuring a Scheduled Task for a Script in the Toolbox Dashboard ............................. 241
Managing Toolbox Scripts ................................................................................................ 244
Writing and Editing Toolbox Scripts .................................................................................. 249
Using the Workflows Dashboard .............................................................................. 251
Using DefensePro Templates ................................................................................... 254
Exporting a Protection Policy as a Template .................................................................... 255
Exporting a Server Protection Policy as a Template ........................................................ 258
Managing DefensePro Configuration Templates .............................................................. 259
Using AppShape Templates and Instances ............................................................. 264
Uploading a New AppShape Template Type to the APSolute Vision Server ................... 267
Configuring a Common Web Application AppShape Instance ......................................... 268
Configuring a Citrix XenDesktop AppShape Instance ...................................................... 270
Configuring a DefenseSSL AppShape Instance ............................................................... 272
Configuring a Microsoft Exchange 2010 AppShape Instance .......................................... 275
Configuring a Microsoft Exchange 2013 AppShape Instance .......................................... 279
Configuring a Microsoft Lync External AppShape Instance .............................................. 283
Configuring a Microsoft Lync Internal AppShape Instance ............................................... 286
Configuring an Oracle E-Business AppShape Instance ................................................... 290
Configuring an Oracle SOA Suite 11g AppShape Instance .............................................. 292
Configuring an Oracle WebLogic 12c AppShape Instance ............................................... 294
Configuring a SharePoint 2010 AppShape Instance ........................................................ 296
Configuring a SharePoint 2013 AppShape Instance ........................................................ 298
Configuring an VMware View 5.1 AppShape Instance ..................................................... 300
Configuring a Zimbra AppShape Instance ........................................................................ 302
CHAPTER 8 – SCHEDULING APSOLUTE VISION AND DEVICE TASKS.......... 305

Overview of Scheduling ............................................................................................ 305
Managing Tasks in the Scheduler ............................................................................ 306
Task Parameters ...................................................................................................... 308
APSolute Vision Configuration Backup—Parameters ...................................................... 308
APSolute Vision Reporter Backup—Parameters ............................................................. 311
Update Security Signature Files—Parameters ................................................................ 313
Update Fraud Security Signatures—Parameters ............................................................. 314
Update Attack Description File—Parameters ................................................................... 316
Device Configuration Backup—Parameters ..................................................................... 317
Device Reboot Task—Parameters ................................................................................... 319
Operator Toolbox Task—Parameters .............................................................................. 321
ERT Active Attackers Feed for DefensePro—Parameters ............................................... 323
ERT IP Reputation Feed for Alteon—Parameters ........................................................... 326

Table of Contents
Geolocation Feed—Parameters ....................................................................................... 327
CHAPTER 9 – MANAGING AUDITING AND ALERTS ......................................... 329

APSolute Vision Auditing .......................................................................................... 329
Enabling Configuration Auditing for Managed Devices ............................................ 330
Managing Alerts ........................................................................................................ 330
Events Handled in the Alerts Table Pane .......................................................................... 330
Alert Information ................................................................................................................ 332
Displaying Alert Information .............................................................................................. 334
Filtering Alerts ................................................................................................................... 336
Configuring Preferences for the Alerts Pane ..................................................................... 338
CHAPTER 10 – MONITORING ALTEON WITH THE DASHBOARD AND SERVICE

STATUS VIEW ....................................................................................................... 339
Monitoring Alteon with the Dashboard ...................................................................... 339
Dashboard Features and Usage ....................................................................................... 340
System View Dashboard of the Alteon Standalone and Alteon VA Platforms .................. 341
System View Dashboard of the vADC Platform ................................................................ 342
System View Dashboard for the ADC-VX Platform ........................................................... 343
vADCs View Dashboard for ADC-VX ................................................................................ 345
Monitoring Alteon with the Application Delivery View ............................................... 346
Monitoring Alteon with the Service Status View ....................................................... 347
Detailed Status Filter ......................................................................................................... 348
CHAPTER 11 – MONITORING THE ALTEON SYSTEM ...................................... 351

Monitoring General Information ................................................................................ 351
CPU Utilization and Memory Statistics ..................................................................... 353
Monitoring Capacity .................................................................................................. 355
Monitoring System Capacity .............................................................................................. 355
Monitoring Network Capacity ............................................................................................ 356
Monitoring Application Delivery Capacity .......................................................................... 358
Unlocking Users ...................................................................................................... 359
Maintenance ............................................................................................................. 360
Technical Support Data ..................................................................................................... 360
Core File Management ..................................................................................................... 361
Packet Capture ................................................................................................................ 361
Session Logs ..................................................................................................................... 363
Application Services Trace Log ......................................................................................... 363
FastView Logs ................................................................................................................... 364
Azure ....................................................................................................................... 365
AWS ........................................................................................................................ 365

Table of Contents
CHAPTER 12 – MONITORING THE ALTEON NETWORK................................... 367

Monitoring and Controlling Physical Ports ................................................................ 367
Monitoring Layer 2 .................................................................................................... 368
Monitoring FDB ................................................................................................................. 368
Monitoring STG ................................................................................................................. 370
Monitoring Layer 3 .................................................................................................... 370
Monitoring Gateways ........................................................................................................ 371
Monitoring Routes ............................................................................................................. 371
Monitoring Learned MACs (or IP FDB) ............................................................................. 373
Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier ............................... 376
Monitoring Interfaces ........................................................................................................ 377
Monitoring Tunnels ........................................................................................................... 377
Monitoring High Availability ...................................................................................... 378
Monitoring High Availability in Alteon Version 30.1 .......................................................... 378
Monitoring High Availability for Alteon Version 30.2 and Later ......................................... 382
CHAPTER 13 – MONITORING ALTEON APPLICATION DELIVERY .................. 387

Clearing Non-operating SLB Statistics ..................................................................... 387
Clearing SLB Statistics from the HA Peer ................................................................ 388
Monitoring and Controlling Virtual Servers ............................................................... 388
Monitoring and Managing Filters .............................................................................. 397
Monitoring and Controlling Server Resources .......................................................... 403
Monitoring and Controlling Real Servers .......................................................................... 403
Monitoring and Controlling Server Groups ....................................................................... 406
View a FastView Web Application ............................................................................ 408
Monitoring and Controlling APM ............................................................................... 409
Monitoring and Controlling SSL ................................................................................ 409
Monitoring SSL Operations (in versions 32.2.x and later)/SSL Client Authentication (in
versions 30.2.x through 31.0.x) and the OCSP /CDP Cache ........................................... 411
Monitoring SSL Inspection ............................................................................................... 412
Monitoring Security Device Groups ................................................................................. 412
Monitoring Security Devices ............................................................................................ 413
Monitoring CDP Group Status ......................................................................................... 414
Monitoring OSCP ............................................................................................................. 414
Monitoring Traffic Match Criteria .............................................................................. 416
Monitoring URL Filtering .................................................................................................. 416
Monitoring and Controlling Application Services ...................................................... 417
Monitoring Event Logging ................................................................................................. 417
Monitoring and Controlling HTTP .................................................................................... 425
Monitoring LinkProof ................................................................................................. 431
Monitoring WAN Links ..................................................................................................... 431
Monitoring WAN Link Groups ........................................................................................... 432
Monitoring Proximity ......................................................................................................... 433

Table of Contents
Monitoring Smart NAT ....................................................................................................... 433

Monitoring Global Traffic Redirection Statistics ........................................................ 434
Monitoring Global DNS and HTTP Redirection Statistics .................................................. 434
Monitoring Remote Real And Virtual Server Statistics ...................................................... 435
Monitoring Client Network Rule Statistics ......................................................................... 436
Monitoring DNS Redirection Rule Statistics ...................................................................... 436
Monitoring DNS Zone Statistics ........................................................................................ 437
Monitoring AppShape++ Statistics ........................................................................... 438
CHAPTER 14 – MONITORING AND CONTROLLING VADC............................... 439

Monitoring and Rebooting vADCs ............................................................................ 439
CHAPTER 15 – MONITORING ALTEON IP REPUTATION SECURITY .............. 441

Monitoring IP Reputation Database Connections ..................................................... 441
Monitoring Hits per Action ................................................................................................. 442
Monitoring White List Hits .................................................................................................. 442
Monitoring the IP Reputation Activity Log ......................................................................... 442
CHAPTER 16 – USING THE DEVICE PERFORMANCE MONITOR .................... 445

DPM Overview .......................................................................................................... 445
Opening the Device Performance Monitor ............................................................... 446
Device Performance Monitor Main Interface ............................................................ 447
Displaying and Filtering Sites and Devices .............................................................. 448
Viewing and Managing Reports ................................................................................ 448
Viewing Reports ................................................................................................................ 448
Opening the Filter Window ................................................................................................ 449
Exporting Reports ..................................................................................................... 449
Supported Report Categories ................................................................................... 450
ADC/vADC Reports ........................................................................................................... 450
Application Reports ........................................................................................................... 455
Real Server Reports .......................................................................................................... 459
Port Reports ...................................................................................................................... 461
VX Reports ........................................................................................................................ 463
Viewing Dashboards for Single Standalone and vADC Devices .............................. 465
Displaying the Dashboard and Managing the Display ....................................................... 466
Dashboard Components for Single Standalone and vADC Devices ........................ 466
Viewing the Dashboard for ADC-VX Devices ........................................................... 468
Displaying the VX Dashboard and Managing the Display ................................................. 468
Dashboard Components for VX Devices .................................................................. 469
Viewing Dashboards for Multiple Standalone and vADC Devices ............................ 470
Displaying the Multi-Device Dashboard and Managing the Display .................................. 470
Multi-Device Dashboard Components ...................................................................... 471

Table of Contents
CHAPTER 17 – MONITORING AND CONTROLLING THE DEFENSEPRO

OPERATIONAL STATUS....................................................................................... 473
Monitoring the General DefensePro Device Information .......................................... 473
Monitoring and Controlling DefensePro Device Ports and Trunks ........................... 475
Monitoring DefensePro High Availability .................................................................. 477
Monitoring DefensePro Resource Utilization ............................................................ 478
Monitoring DefensePro CPU Utilization ............................................................................ 478
Monitoring DefensePro RAM and Disk Utilization ............................................................ 482
Monitoring and Clearing DefensePro Authentication Tables ............................................ 483
Monitoring DME Utilization According to Configured Policies .......................................... 484
Monitoring DefensePro Syslog Information ...................................................................... 485
Monitoring Cisco Security Group Tags (SGTs) ........................................................ 486
CHAPTER 18 – MONITORING DEFENSEPRO STATISTICS............................... 487

Monitoring DefensePro SNMP Statistics .................................................................. 487
Monitoring DefensePro Bandwidth Management Statistics ...................................... 488
Displaying the Last-Second BWM Statistics for a Selected DefensePro Device .............. 488
Displaying the Last-Period BWM Statistics for a Selected DefensePro Device ............... 489
Monitoring DefensePro IP Statistics ......................................................................... 490
CHAPTER 19 – MONITORING AND MANAGING DEFENSEPRO DIAGNOSTICS....

493
Configuring the Diagnostic Tool Parameters) ........................................................... 493
Configuring Diagnostics Policies .............................................................................. 497
Managing Capture Files ........................................................................................... 498
Managing Capture Files on DefensePro Version-8.x Devices Without the DME ............. 498
Managing Capture Files in DefensePro 6.x and 7.x Versions .......................................... 501
CHAPTER 20 – MONITORING AND CONTROLLING DEFENSEPRO NETWORKING

503
Monitoring and Controlling the DefensePro Session Table ...................................... 503
Monitoring Session Table Information .............................................................................. 503
Configuring DefensePro Session Table Filters ................................................................. 505
Monitoring Routing Table Information ...................................................................... 505
Monitoring DefensePro ARP Table Information ....................................................... 506
Monitoring MPLS RD Information ............................................................................. 507
Monitoring the DefensePro Suspend Table .............................................................. 508
Location-Based Suspended Traffic .......................................................................... 509
Monitoring Tunnel Interfaces .................................................................................... 509
Monitoring BGP Peers .............................................................................................. 510

Table of Contents
CHAPTER 21 – MONITORING AND CONTROLLING DEFENSEFLOW OPERATION

513
Operation .................................................................................................................. 513
Pending Actions ................................................................................................................ 513
Mitigation Devices ............................................................................................................. 520
Protected Objects .............................................................................................................. 522
Ongoing Protections .......................................................................................................... 530
BGP ................................................................................................................................... 535
System ...................................................................................................................... 542
General Information .......................................................................................................... 542
System Utilization .............................................................................................................. 543
Background Processes ..................................................................................................... 544
High Availability ................................................................................................................. 544
Attack Mitigation Operation Dashboard .................................................................... 545
CHAPTER 22 – USING THE APSOLUTE VISION DASHBOARDS ..................... 561

Using the Application SLA Dashboard ..................................................................... 561
Using the Security Control Center ............................................................................ 564
DefensePro Information in the Security Control Center .................................................... 565
DefenseFlow Information in the Security Control Center .................................................. 566
AppWall Information in the Security Control Center .......................................................... 566
APSolute Vision Reporter Information in the Security Control Center .............................. 566
APSolute Vision Analytics Information in the Security Control Center .............................. 567
Emergency Response Team Information in the Security Control Center .......................... 567
Radware Cloud DDoS Protection Information in the Security Control Center ................... 567
Radware Signature-Update-Service (SUS) Information in the Security Control Center .... 567
Fraud Security Signatures Information in the Security Control Center .............................. 568
ERT Active Attackers Feed Information in the Security Control Center ............................ 569
Using the Service Status Dashboard ........................................................................ 570
Service Status Dashboard Doughnut Charts .................................................................... 571
Service Status Dashboard-Status Tree ............................................................................. 571
Managing Set of Devices that the Service Status Dashboard Shows and the Objects in the
Tree View .......................................................................................................................... 572
Status Criteria in the Service Status Dashboard ............................................................... 574
Using the GEL Dashboard ........................................................................................ 576
Using the ERT Active Attackers Feed (EAAF) Dashboard ....................................... 579
Selecting the Time Range for EAAF Dashboard Information ............................................ 580
EAAF Dashboard Components ......................................................................................... 581
CHAPTER 23 – USING REAL-TIME SECURITY MONITORING .......................... 583

Using Real-Time Security Monitoring with AppWall and Alteon ............................... 584
Monitoring Security Events ................................................................................................ 584
Monitoring Attack Distribution ............................................................................................ 588
Monitoring Outbound SSL Inspection ............................................................................... 589

Table of Contents
Using Real-Time Security Monitoring with DefensePro and DefenseFlow ............... 596
Risk Levels ....................................................................................................................... 597
Using the Dashboard Views for Real-Time Security Monitoring ....................................... 598
Viewing Real-Time Traffic Reports ................................................................................... 626
Protection Monitoring ........................................................................................................ 637
HTTP Reports ................................................................................................................... 645
CHAPTER 24 – APSOLUTE VISION CLI COMMANDS........................................ 649

Accessing APSolute Vision CLI ................................................................................ 649
Command Syntax Conventions ................................................................................ 650
Main CLI Menu ......................................................................................................... 651
General CLI Commands ........................................................................................... 651
exit .................................................................................................................................... 651
help ................................................................................................................................... 652
history ............................................................................................................................... 652
ping ................................................................................................................................... 652
reboot ................................................................................................................................ 652
shutdown .......................................................................................................................... 653
grep ................................................................................................................................... 653
more .................................................................................................................................. 653
Network Configuration Commands ........................................................................... 653
Network DNS Commands ................................................................................................. 653
Net Firewall Commands ................................................................................................... 655
Network IP Interface Commands ...................................................................................... 656
Network NAT Commands ................................................................................................. 657
Network Physical Interface Commands ............................................................................ 659
Network Routing Commands ............................................................................................ 660
System Commands .................................................................................................. 662
System APM Commands .................................................................................................. 663
system audit-log export ..................................................................................................... 663
System APSolute Vision Reporter (AVR) Commands ...................................................... 664
System APSolute Vision Server Commands .................................................................... 665
System Backup Commands ............................................................................................. 665
system cleanup ................................................................................................................. 681
System Configuration-Synchronization Commands ......................................................... 681
System Database Commands .......................................................................................... 686
System Date Commands .................................................................................................. 688
System DF Commands ..................................................................................................... 689
System DPM Commands ................................................................................................. 690
System Exporter Commands (Event Exporter) ................................................................. 695
system hardware status get .............................................................................................. 700
System Hostname Commands ......................................................................................... 700
System Java Security Commands .................................................................................... 700
System LLS Commands ................................................................................................... 701
System NTP Commands .................................................................................................. 705

Table of Contents
system rpm list .................................................................................................................. 707

System SNMP Commands ................................................................................................ 707
System SSL Commands ................................................................................................... 709
system statistics ................................................................................................................ 712
System Storage Commands ............................................................................................. 712
System TCP Capture Commands ..................................................................................... 713
System Terminal Commands ............................................................................................ 715
System Timezone Commands .......................................................................................... 716
System Upgrade Commands ............................................................................................ 717
System User Authentication-Mode Commands ................................................................ 718
System User Password Commands .................................................................................. 720
system version .................................................................................................................. 721
System VRM Commands .................................................................................................. 721
Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand
Switch VL2 Platform .............................................................................................. 722
Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute
Vision ..................................................................................................................... 723
CHAPTER 25 – USING VDIRECT WITH APSOLUTE VISION ............................. 725

vDirect-APSolute Vision Integration—Overview ...................................................... 725
Accessing the vDirect Configuration Interface of the APSolute Vision Server ......... 725
Managing Devices in APSolute Vision with vDirect .................................................. 726
APSolute Vision and vDirect Terminology ......................................................................... 726
APSolute Vision vDirect Sites ........................................................................................... 727
APSolute-Vision–vDirect Limitations ................................................................................. 727
APSolute-Vision–vDirect Prerequisites and Recommendations ....................................... 727
Configuring a Container in vDirect .................................................................................... 728
Managing DefensePro Instances in APSolute Vision vDirect ........................................... 732
APPENDIX A – MANAGING THE ONLINE-HELP PACKAGE ON THE SERVER 737
APPENDIX B – APSOLUTE VISION LOG MESSAGES AND ALERTS............... 739

Global Parameters .................................................................................................... 740
Advanced Parameters .............................................................................................. 740
Alert Browser Settings .............................................................................................. 741
Connection Settings ................................................................................................. 742
Monitoring Settings ................................................................................................... 743
RADIUS Configuration .............................................................................................. 744
Security Alert Settings .............................................................................................. 745
TACACS+ Configuration Settings ............................................................................. 746
Warning Threshold Settings ..................................................................................... 746
SharePath Settings ................................................................................................... 747
APSolute Vision License Settings ............................................................................ 747

Table of Contents
Upload Logo Settings ............................................................................................... 748

Security Group Settings ............................................................................................ 748
Device Operation Alerts ............................................................................................ 748
Audit Message Type Enum ...................................................................................... 751
HTTPS Communication Check ................................................................................. 752
Anti-Fraud Update on the Device ............................................................................. 752
SUS Updates ............................................................................................................ 753
ERT Active Attackers Feed ...................................................................................... 753
Operation Constant .................................................................................................. 754
Audit Messages ........................................................................................................ 754
Alert Mail Notifier ...................................................................................................... 755
Scheduled Task Alerts .............................................................................................. 756
General ..................................................................................................................... 758
Alerts from CLI .......................................................................................................... 758
Device Configuration Audit Messages ...................................................................... 760
Hardware Alerts ........................................................................................................ 760
APPENDIX C – MIBS FOR MONITORING APSOLUTE VISION ......................... 761

RFC1213 MIB Objects for Monitoring APSolute Vision ............................................ 762
Host Resources MIB Objects for Monitoring APSolute Vision .................................. 764
UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision ................................ 764
NET-SNMP-EXTEND-MIB MIB Objects for Monitoring of APSolute Vision CPU
Utilization ............................................................................................................... 765
Trap Objects for Monitoring APSolute Vision ........................................................... 766
Trap Objects for APSolute Vision Alerts ................................................................... 767
APPENDIX D – APPSHAPE-GENERATED CONFIGURATIONS......................... 769

Common Web Application—AppShape-generated Configuration ........................... 769
Citrix XenDesktop—AppShape-generated Configuration ........................................ 771
DefenseSSL—AppShape-generated Configuration ................................................. 773
Microsoft Exchange 2010—AppShape-generated Configuration ............................ 774
Microsoft Exchange 2013—AppShape-generated Configuration ............................ 777
Microsoft Link External—AppShape-generated Configuration ................................ 779
Microsoft Link Internal—AppShape-generated Configuration .................................. 782
Oracle E-Business—AppShape-generated Configuration ....................................... 791
Oracle SOA Suite 11g—AppShape-generated Configuration ................................. 792
Oracle WebLogic 12c—AppShape-generated Configuration .................................. 794
SharePoint 2010—AppShape-generated Configuration .......................................... 795
SharePoint 2013—AppShape-generated Configuration .......................................... 797

Table of Contents
VMware View 5.1—AppShape-generated Configuration ......................................... 799

Zimbra—AppShape-generated Configuration .......................................................... 800
APPENDIX E – USING THE EVENT EXPORTER................................................. 805

Event-Record Structure and Content ....................................................................... 805
DFBdosBaseline (DefenseFlow BDoS Baseline) Records ...................................... 805
DFSecurityAttack (DefenseFlow Security Attack) Records ...................................... 807
DFTrafficUtilization (DefenseFlow Traffic Utilization) Records ................................. 811
DPSecurityAttack (DefensePro Security Attack) Records ........................................ 812
DPTrafficUtilization (DefensePro Traffic Utilization) Records ................................... 817
APPENDIX F – DEFENSEPRO ATTACK-PROTECTION ID NUMBERS ............. 819
APPENDIX G – APSOLUTE VISION SPECIFICATIONS AND REQUIREMENTS 833

UDP/TCP Ports and IP Protocols ............................................................................. 833
APSolute Vision Web Based Management Interface Requirements ........................ 836
APSolute Vision WBM Supported Operating Systems ...................................................... 836
APSolute Vision WBM Supported Browsers ..................................................................... 836
Application Performance Monitoring Requirements ................................................. 836
Device Performance Monitoring Requirements ........................................................ 837
APSolute Vision Reporter Requirements ................................................................. 837
RADWARE LTD. END USER LICENSE AGREEMENT ........................................ 839

CHAPTER 1 – INTRODUCTION TO
APSOLUTE VISION
This guide is intended for users and administrators of APSolute Vision™. The guide describes the
relevant aspects of APSolute Vision and how to use it.
The following topics introduce APSolute Vision:
• What is APSolute Vision?, page 41
• APSolute Vision Three-Tier Architecture, page 42
• APSolute Vision Features—Overview, page 43
• APSolute Vision Interface Navigation, page 54
• Related Documentation, page 68
What is APSolute Vision?

APSolute Vision manages, monitors, controls, and enhances Radware application-delivery-control
(ADC) and security products, modules, and services—including the following:
• Alteon® —Alteon is an application delivery controller (ADC) and load balancer that guarantees
application SLA. For information about the required workflows for configuring application
delivery with Alteon, see the Alteon Application Switch Operating System Application Guide.
• AppWall® —AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and secure
delivery of mission-critical Web applications. For more information on AppWall, see the AppWall
User Guide.
• DefenseFlow® —DefenseFlow is a network-wide attack detection and cyber command and
control application designed to protect networks against known and emerging network attacks
that threaten network resources availability. For more information on DefenseFlow, see the
DefenseFlow Installation and User Guide.
• DefensePro® —DefensePro is a real-time attack-mitigation device that protects organizations
against emerging network and application cyber-attacks. For information about the required
workflows for configuring network security with DefensePro, see the DefensePro User Guide.
APSolute Vision supports the following products, which are related to DefensePro:
— Check Point DDoS Protector™—Unless stated otherwise in the APSolute Vision
documentation or the Check Point DDoS Protector Release Notes, the term DefensePro
refers also to the Check Point DDoS Protector product. For more information on Check Point
DDoS Protector, including limitations and different behavior, see the Check Point DDoS
Protector Release Notes, Check Point DDoS Protector User Guide, and the related Check
Point documentation.
— Radware DefensePro DDoS Mitigation for Cisco Firepower™—Unless described
otherwise in the APSolute Vision documentation, the term DefensePro refers also to the
Radware DefensePro DDoS Mitigation for Cisco Firepower service. For more information on
Radware DefensePro DDoS Mitigation for Cisco Firepower, including limitations and different
behavior, see the relevant release notes and the related Cisco documentation.
• LinkProof® NG—LinkProof NG provides link load-balancing. For information about the basic
and advanced link load balancing and configuration of LinkProof NG, see the LinkProof NG User
Guide.

Introduction to APSolute Vision
APSolute Vision provides:

• A Role-Based Access Control (RBAC) system—APSolute Vision’s RBAC provides granular
control and monitoring of various aspects for different users.
• Online configuration per device and multiple-device configuration and tools—These
include the following:
— Support for Toolbox scripts, which automate and streamline common configuration and
management actions on Alteon, DefensePro, or LinkProof NG devices
— Support for AppShape™ templates, which automate and streamlines device configuration for
common applications
— Support for DefensePro Configuration Templates, which automate and streamline
configuration in various applications
• Management capabilities—These include the following:
— Scheduling device control and maintenance tasks
— Auditing
— Viewing alerts and configuration messages (Alerts Table pane)
— Device software management
— Management of DefensePro templates for Protection policies
• Monitoring and control of logical groups of devices—You can use a Logical Group to help
you define the scope of APSolute Vision users, configure and monitor multiple devices in a single
view, and more. When you change the set of devices in a Logical Group, the features that use
the group reflect the change dynamically.
• Monitoring and control of multiple devices—This includes enabling and disabling entities
within a device. APSolute Vision can configure and monitor multiple devices in a single view.
• Application Performance Monitoring (APM)—On HTTP/HTTPS traffic flowing through Alteon
or LinkProof NG devices.
• Device Performance Monitoring (DPM)—On Alteon and LinkProof NG devices. When DPM is
enabled, the device listens for requests for its performance data and sends the data to APSolute
Vision. APSolute Vision processes the data and can display the information in the Device
Performance Monitoring Web interface. The DPM Web interface includes alerts, dashboards with
current monitoring data, and reports with historical data.
• Security reporting and statistics—At the device level, and on logical entities within a device.
For real-time and historical security reporting, APSolute Vision can also provide device and
multi-device reports for immediate problem isolation, convenient attack and status visibility, and
information drill-down.
• vDirect® support—Radware’s vDirect is a software-based plug-in that integrates Radware’s
ADC and security products with networking virtualization and automation solutions.
• REST API support—APSolute Vision exposes a REST API for all functionality supported by the
APSolute Vision WBM, including configuration, monitoring, and security reporting.
APSolute Vision Three-Tier Architecture

APSolute Vision is a three-tier management system with Web-client, server, and device tiers.
APSolute Vision server can run as a standalone physical appliance or as a virtual appliance (VA). The
client tier does not connect to devices directly.
The client tier does the following:
• Runs as a Web application on a PC browser and provides a graphical user interface with separate
perspectives for configuration, monitoring and control, and security monitoring.
• Transmits user requests to the server tier and displays the results in the APSolute Vision
interface in an intuitive and easy-to-read format.

The server tier does the following:

• Runs on the APSolute Vision platform
• Processes user commands
• Transmits and stores data from other tiers
• Makes logical decisions and performs calculations
• Performs user authentication and authorization
• Communicates with the managed devices
• Collects statistics and generates reports
• Collects alerts and messages from managed devices
The network physical- or virtual-device tier enables management of the collection of network
elements connected to APSolute Vision, which includes the following:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
APSolute Vision Features—Overview

This section provides an overview of APSolute Vision’s main features:
• APSolute Vision Platform Management, page 44
• User Management and Role-based Access Control (RBAC), page 44
• APSolute Vision Platform Security, page 44
• Auditing and Alerts, page 44
• Device-Configuration Features, page 45:
— Online Device Configuration, page 45
— Operation Control and Maintenance, page 46
— vDirect with APSolute Vision, page 46
— Supported Form Factors for Alteon and LinkProof NG, page 47
— Device Drivers, page 47
— Scheduled Tasks, page 48
• DefenseFlow Access, page 48
• Radware Cloud DDoS Portal Access, page 48
• Device- and Service-Monitoring Features, page 49
— Monitoring General Information About Managed Devices and Services, page 49
— Application SLA Dashboard—for Radware ADC Devices, page 49
— Service Status Dashboard—for Radware ADC Devices, page 50
— Device Performance Monitoring—for Radware ADC Devices, page 50
— Security Control Center—for Radware Security Devices and Services, page 50
— Global Elastic License (GEL) Dashboard—for Radware ADC Devices, page 51
— ERT Active Attackers Feed (EAAF) Dashboard, page 51
• Application Performance Monitor—for Radware ADC Devices, page 49
• Security-Reporting and Security-Monitoring Features, page 51:

— Real-Time Security Reporting, page 51

— Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter
(AVR), page 52
— APSolute Vision Analytics, page 52
• APSolute Vision Online Help, page 54
• Language Support (Localization), page 54
APSolute Vision Platform Management

APSolute Vision supports the following management interfaces:
• CLI shell commands—For installation, first-time configuration, and special maintenance
activities
• APSolute Vision Web Based Management—For APSolute Vision server options, such as,
timeouts, connectivity, event forwarding, and so on, and for server monitoring
User Management and Role-based Access Control (RBAC)

APSolute Vision supports multi-user access and role-based access control (RBAC).
APSolute Vision RBAC provides the following:
• Predefined basic roles and permissions
• Customized permissions per role and device
• Access-control configuration and management in a local user table or using an external
authentication server (TACACS+ or RADIUS—using custom attributes defined to provide the
APSolute Vision RBAC definitions)
Note: For more information, see Managing APSolute Vision Users, page 83.
APSolute Vision Platform Security

APSolute Vision supports user security with user-account options for the following parameters:
• Password expiration—Specified in days
• Inactivity timeout—Automatic logout
• Forbidding use of old passwords
• Password challenge configuration
• Password constraints
• Administrative actions—To create users, reset user passwords (except for the radware
user), and locking out users
• Tracking user statistics—For successful logins, failed logins, account locks, and so on
Auditing and Alerts

APSolute Vision logs all alerts and actions for APSolute Vision and for the managed devices. You can
view auditing information and other alerts in the APSolute Vision Alerts Table pane.
Alerts are created with the time at which the APSolute Vision server processed them, but the time
displayed in the Alerts Table pane is the time of the APSolute Vision client with the proper time
offset.

APSolute Vision provides the audit trail for system messages and modifications to the configuration
of managed devices.
APSolute Vision can forward alarms and notifications. System Alarms can be forwarded via APSolute
Vision. Security service alarms can be forwarded via APSolute Vision Reporter. E-mail notifications
can be sent via SMTP. Notifications can be sent to a syslog server.
APSolute Vision provides fault management by supporting the following system and audit alarms:
• APSolute Vision server alarms
• General device alarms (fan, CPU, and so on)
• Alteon device configuration and operation messages
• DefensePro security alerts
• Audit trail messages
Note: For more information, see Managing Auditing and Alerts, page 329 and APSolute Vision Log
Messages and Alerts, page 739.
Device-Configuration Features
APSolute Vision supports the following features for configuring Radware devices:
• Online Device Configuration, page 45
• Operation Control and Maintenance, page 46
• vDirect with APSolute Vision, page 46
• Supported Form Factors for Alteon and LinkProof NG, page 47
• Device Drivers, page 47
• Scheduled Tasks, page 48
Online Device Configuration

Online configuration of devices using APSolute Vision supports the following:
• Easy access for all device configuration topics
• Simultaneous configuration of multiple managed devices
• Hierarchical grouping of logical elements
• Graphical change notation
• Drill-down configuration topics
• Inline filtering
• Online configuration per device
• Toolbox scripts and vDirect workflows to automate and streamline common configuration and
management actions on Alteon, DefensePro, or LinkProof NG devices.
• AppShape™ templates and AppShape instances for Alteon ADC or LinkProof NG devices.
AppShape automates and streamlines ADC configuration for common applications, such as SAP
Portal and Microsoft SharePoint Server.
• DefensePro configuration templates to export and import Protection policies along with
associated profiles, configuration objects, and baselines.

Notes
• You can manage Toolbox scripts, vDirect workflows, AppShape templates, and DefensePro
configuration templates through the Automation item of the APSolute Vision sidebar menu
( ).
• For more information on Toolbox scripts, vDirect workflows, AppShape templates, and
DefensePro configuration templates, Using the Toolbox, page 221.
Operation Control and Maintenance

Control and maintenance operations include the following:
• Managing pairs of devices for high availability (HA)
• Enabling and disabling all relevant entities on a device
• Performing file transfers
• Managing configuration backups
• Rebooting devices
vDirect with APSolute Vision

The APSolute Vision installation includes vDirect.
Users with a proper role can use vDirect with APSolute Vision to do the following:
• Add Alteon, DefensePro, and LinkProof NG devices to the APSolute Vision configuration
• Delete Alteon, DefensePro, and LinkProof NG devices from the APSolute Vision configuration
• Modify Alteon, DefensePro, and LinkProof NG devices that APSolute Vision manages
• Use the Toolbox scripts feature
• Use the Toolbox Workflows tab
You can open the vDirect interface from the APSolute Vision sidebar menu ( Applications >
vDirect).
vDirect, a component within the Radware Virtual Application Delivery Infrastructure (VADI), is a
software-based plug-in that integrates Radware’s ADC and security products with networking
virtualization and automation solutions. With vDirect, enterprise and cloud IT personnel can
provision, decommission, configure, and monitor complex ADC and security services, both physical
and virtual, in matter of hours and even minutes, thus maintaining maximum business agility and IT
efficiency.
vDirect exposes the following APIs:
• SSH/HTTPS APIs for CLI or Web integration
• SOAP APIs for use with the vDirect Java SDK
• REST APIs for easy scripting integration
Key benefits of the vDirect plug-in include:

• Full business agility and resource elasticity—Improved business agility by ensuring the
application delivery layer is constantly aligned with the changes in the virtual infrastructure.
• Drives IT efficiency through workflow automation—Full integration of Radware’s ADC and
security products into the data center workflow automation, driving greater levels of IT
efficiency and extracting more value from Radware solutions.

Note: For more information, see Using vDirect with APSolute Vision, page 725.
Supported Form Factors for Alteon and LinkProof NG

APSolute Vision supports the following form factors (or modes) for Alteon and LinkProof NG:
• Standalone—The traditional hardware Application Delivery Controller (ADC)
• Alteon VA—A software-based ADC supporting AlteonOS functionality and running on the
VMware virtual infrastructure
• ADC-VX—A specialized ADC hypervisor that runs multiple virtual ADC instances on dedicated
ADC hardware, Radware’s OnDemand Switch platforms
• vADC—A virtualized instance of the Alteon operating system (AlteonOS)
Notes
• For more information, see the Alteon Application Switch Operating System Application Guide.
• The Alerts Table pane displays Alteon and LinkProof NG configuration messages. A message is
displayed in the Alerts Table pane after each Alteon or LinkProof NG configuration-management
action (Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump). When you
double-click a message, APSolute Vision opens a separate pane that contains the full message
text, which you can copy to the clipboard.
• If the new configuration is different from the current one, to indicate that the Apply command is
required, the message “Apply is required” is displayed under the Apply button in the device
toolbar and a fiery background displays behind the button.
• During the Apply operation, the device icon may momentarily change from “locked” to
“maintenance” , and the value of the Status parameter in the Properties pane may
momentarily change from Up to Maintenance.
Device Drivers
APSolute Vision device drivers enable you to install or upgrade Radware devices without the need to
upgrade your APSolute Vision server. A device driver in APSolute Vision defines the graphical user
interface and configuration for the software version of a managed device. The software version of a
managed device defines the baseline driver version. You can install a newer version of the device
driver, and you can revert to the baseline version.
You can have only one device-driver version in use on any single APSolute Vision server. Typically,
subsequent versions of device drivers for a particular software version of a managed device only
includes very minor changes and/or bug fixes.
Notes
• There are cases where upgrading the Radware device software requires upgrading the APSolute
Vision server software. Check the release notes of the new Radware device version to determine
the minimum APSolute Vision version required.
• When you upgrade device software, you need to reboot the device. However, when you install a
new version of a device driver or revert to the baseline version, you do not need to reboot the
device.

• Device drivers do not include the online help. If the APSolute Vision server is configure so that
the clients get help from the server (the default option), the APSolute Vision administrator
should make sure that the APSolute Vision server has the latest version of the online-help
package.
• The Properties pane that is displayed for a device includes the name of the device driver.
Scheduled Tasks
You can configure scheduled tasks for various operations for the APSolute Vision server and
managed devices.
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
You can open the scheduler from the APSolute Vision sidebar menu ( ).
Note: For more information, see Scheduling APSolute Vision and Device Tasks, page 305.
DefenseFlow Access
When the DefenseFlow IP address is configured, you can open the DefenseFlow configuration
interface from the APSolute Vision sidebar menu ( DefenseFlow > DefenseFlow
Configuration).
The DefenseFlow Configuration option is active only when the DefenseFlow IP address is
configured in the APSolute Vision CLI. The DefenseFlow Configuration option is inactive if the
DefenseFlow IP address is not configured.
In DefenseFlow version 3.2 and later, you can open the DefenseFlow Attack Mitigation Operation
dashboard from the APSolute Vision sidebar menu ( DefenseFlow > DefenseFlow
Operation). The dashboard graphically displays all the ongoing attacks and their associated
protections, and displays a log of all the history attacks.
Note: For more information on DefenseFlow, see the DefenseFlow Installation and User Guide.
Radware Cloud DDoS Portal Access

You can connect to the associated Radware Cloud DDoS Protection service interface from the
APSolute Vision sidebar menu ( Applications > Cloud DDoS Portal).
Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS
Protection Services User Guide.

Device- and Service-Monitoring Features

APSolute Vision supports the following features for monitoring Radware devices and services:
• Monitoring General Information About Managed Devices and Services, page 49
• Application SLA Dashboard—for Radware ADC Devices, page 49
• Application Performance Monitor—for Radware ADC Devices, page 49
• Service Status Dashboard—for Radware ADC Devices, page 50
• Device Performance Monitoring—for Radware ADC Devices, page 50
• Security Control Center—for Radware Security Devices and Services, page 50
Monitoring General Information About Managed Devices and Services

APSolute Vision supports the following for monitoring general information about managed devices
and services:
• Easy access for device monitoring topics
• Logical-element grouping
• Hierarchical browsing
• Properties—status, management IP address, software version, device-driver version, hardware
platform, license information, and the time of the last configuration change
• Routing table
• IP statistics—received and discarded
• Information on ports, VLANs, and trunks, such as:
— General status
— Statistics
— Device statistics tables for the device level and logical level
Application SLA Dashboard—for Radware ADC Devices

The Application SLA Dashboard enables you to view all major application SLA issues for Alteon and
LinkProof NG.
Note: For more information, see Using the Application SLA Dashboard, page 561.
Application Performance Monitor—for Radware ADC Devices

Application Performance Monitoring (APM) enables you to view real application-performance
statistics from Alteon and LinkProof NG devices.
You can open APM from the APSolute Vision sidebar menu ( Applications > APM).
Note: For more information, see the Application Performance Monitor User Guide.

Service Status Dashboard—for Radware ADC Devices

The Service Status Dashboard enables you to view configuration and status information about the
following ADC objects of up to 10 managed ADC devices:
• Virtual services
• AppShape++ scripts
• Content rules
• Server groups
• Real servers
• WAN links
Note: For more information, see Using the Service Status Dashboard, page 570.
Device Performance Monitoring—for Radware ADC Devices

Device Performance Monitoring (DPM) enables you to view current and historical device-
performance data from Alteon and LinkProof NG devices.
You can open DPM from the APSolute Vision sidebar menu ( Applications > DPM).
Note: For more information, see Using the Device Performance Monitor, page 445.
Security Control Center—for Radware Security Devices and Services

The Security Control Center, which is component of the APSolute Vision dashboards, enables you to
view and monitor the following:
• Radware security products and modules:
— DefenseProDefenseFlow
— AppWall (WAF)
— APSolute Vision Reporter (AVR)
— APSolute Vision Analytics
• Radware subscription, security services:
— Emergency Response Team (ERT)
— Radware Cloud DDoS Protection
— Radware security signature files / Signature Update Service (SUS)
— Fraud Security signatures
— ERT Active Attackers Feed subscription
You can open the Security Control Center from the APSolute Vision sidebar menu
( Applications > Security Control Center), or, in the APSolute Vision Settings view
Dashboards perspective, select Security Control Center.
Note: For more information, see Using the Security Control Center, page 564.

Global Elastic License (GEL) Dashboard—for Radware ADC Devices

The GEL Dashboard enables you to administer all your Alteon device licenses in one place. As part of
this process, you can register new purchase licenses, allocate licenses to Alteon devices, and
monitor license usage.
The Alteon GEL deployment-model enables a high level of flexibility for ADC services across data
centers, private clouds, and public clouds. GEL enables dynamic ADC capacity allocation and the
ability to move that capacity across environments, without having to invest separately in a dedicated
ADC infrastructure for each and every location where the organization’s applications are deployed
(for example, on premises or in the public cloud). This eliminates the need to approach Radware
Technical Support for a new license when the MAC address of an Alteon VA changes as result of
moving between clouds or hosts. This licensing model increases agility, decreases cost, and helps
eliminate planning risks in the purchase and deployment of ADC services, enabling continuous
investment protection of the ADC infrastructure throughout its life-cycle duration.
The GEL server is a flexible mechanism that enables Radware customers to consume an overall
throughput license, without the need for in-depth planning several years prior to changing the
capacity or number of Alteon devices. This can be modified on the fly as demand arises.
You can open the GEL Dashboard from the APSolute Vision sidebar menu ( Applications >
GEL).
Note: For more information, see Using the GEL Dashboard, page 576.
ERT Active Attackers Feed (EAAF) Dashboard

The EAAF Dashboard enables you to view and monitor the statistics on attacks and attackers that
DefensePro devices blocked using the ERT Active Attackers Feed.
You can open the EAAF Dashboard from the APSolute Vision sidebar menu ( Applications >
EAAF).
Note: For more information, see Using the ERT Active Attackers Feed (EAAF) Dashboard, page 579.
Security-Reporting and Security-Monitoring Features

APSolute Vision supports the following features for security reporting and security monitoring:
• Real-Time Security Reporting, page 51
• Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter (AVR),
page 52
• APSolute Vision Analytics, page 52
Real-Time Security Reporting

APSolute Vision provides the Security Monitoring perspective to view and analyze real-time security
information of managed devices, which include the following platform types:
• Alteon with embedded AppWall module
• AppWall standalone
• DefenseFlow mitigation devices
• DefensePro

Real-time security reporting for Alteon with embedded AppWall module or AppWall standalone
includes the following:
• Security-event monitoring
• Attack-distribution monitoring
• SSL Inspection monitoring
Note: SSL Inspection monitoring utilizes the infrastructure of APSolute Vision Analytics.
Real-time security reporting for DefenseFlow and DefensePro device includes the following:
• Dashboard views
• Real-time traffic reports
• Protection monitoring
• HTTP reports
Note: For more information, see Using Real-Time Security Monitoring, page 583.
Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event records
from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The event
exporter lets you integrate with a Security Information Event Management (SIEM) system, which
you may be using as your main analytics-and-reporting system. For more information, see System
Exporter Commands (Event Exporter), page 695.
Historical Security Reporting—for DefensePro and AppWall—APSolute Vision Reporter

(AVR)
APSolute Vision Reporter (AVR) is a historical security-reporting engine, which provides the
following:
• Customizable dashboards, reports, and notifications
• Advanced incident handling for security operating centers (SOCs) and network operating centers
(NOCs)
• Standard security reports
• In-depth forensics capabilities
• Ticket workflow management
You can open AVR from the APSolute Vision sidebar menu ( Applications > AVR).
Notes
• For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes.
• For information about APSolute Vision Reporter and how to use it, see its online help and the
APSolute Vision Reporter User Guide.
APSolute Vision Analytics

APSolute Vision Analytics (AVA) can provide real-time and historical information from the following
Radware products:
• Alteon devices running version 32.2 or later
• AppWall version 7.6.6 and later

• DefenseFlow version 3.5.0.0 and later

• DefensePro version-8.x devices
AVA consists of two main parts: AMS (Attack Mitigation Solution) for AppWall, DefenseFlow, and
DefensePro—and ADC (application delivery control) for Alteon.
Note: For information about APSolute Vision Analytics and how to use it, see the APSolute Vision
Analytics User Guide.
AVA ADC
AVA ADC supports the following modules:
• Application Dashboard—The Application Dashboard displays monitoring and reporting metrics
so that you can view and track real-time and historical information about the applications and
servers that your Alteon devices manage.
• Reports—You can use the Reports module to quickly generate an on-the-fly view.
You can open AVA ADC items from the APSolute Vision sidebar menu ( Analytics ADC).
AVA AMS
AVA AMS supports the following main modules:
• Dashboards—Dashboards display near real-time and historical monitoring and reporting
metrics. You can use the dashboards to track the security throughout the network that your
DefensePro, DefenseFlow, and AppWall devices are protecting. Dashboards summarize the
existing network infrastructure in panels of graphs, charts, and tables. You can perform a deep
analysis wherever necessary by drilling down into the event details.
• Reports—You can use the Reports module to create and generate reports of a single query.
• Alerts—You can use the Alerts module to configure rules for triggering, generating, and sending
alerts.
• Forensics—Forensics analysis involves recording and analyzing historical security events. You
can use the Forensics module to discover the source of the attack, attack trends, and analyze
the risk associated with each incident.
You can open AVA AMS items from the APSolute Vision sidebar menu ( Analytics AMS).
Notes
• AVA AMS supports security reporting and security monitoring for all DefensePro protection
modules.
• In APSolute Vision features other than AVA AMS, security reporting and security monitoring for
the following DefensePro protection modules is minimal:
— Connection PPS (supported in DefensePro version 8.22 and later)
— ERT Active Attackers Feed (supported in DefensePro version 8.19 and later)
— Geolocation (supported in DefensePro version 8.19 and later)
— HTTPS Flood Protection (supported in DefensePro version 8.18 and later)

APSolute Vision Online Help

APSolute Vision supports context-sensitive online help, which opens when you click the (Help)
button.
By default, APSolute Vision clients get online help from the APSolute Vision server. The default
installation of the APSolute Vision server includes online-help files.
Depending on the configuration of the APSolute Vision server (see Configuring APSolute Vision
Server Advanced Parameters, page 162), APSolute Vision clients get online help from one of the
following locations:
• A hard-coded location on the APSolute Vision server—Installation of the APSolute Vision
server includes online-help files. However, the online-help files on the server should be updated
with a new online-help package if managed devices are upgraded later (with a new device, new
device version, new device driver, or new AppShape template type). It is the responsibility of the
APSolute Vision administrator to make sure that the help files on the server are updated as
necessary. For more information, see Appendix A - Managing the Online-Help Package on the
Server, page 737.
• radware.com—The online help files at radware.com are always the most up-to-date.
Language Support (Localization)

APSolute Vision supports a graphical user interfaces and online help in the following languages:
• Chinese
• English
• Japanese
• Korean
Additionally, APSolute Vision supports the following:

• A Chinese graphical user interface and online help for Alteon version 30.2 and later
• A Japanese graphical user interface and online help for Alteon version 30.5 and later
• A Korean graphical user interface and online help for Alteon version 30.5 and later
Administrators can change the default language for new users and per new user.
Individual users can change their language when logging in or through the APSolute Vision toolbar
(see APSolute Vision Toolbar and Sidebar Menu, page 55).
APSolute Vision Interface Navigation

This section contains the following topics:
• APSolute Vision Toolbar and Sidebar Menu, page 55
• APSolute Vision Settings View, page 57
• Device Pane, page 60
• Configuration Perspective, page 63
• Monitoring Perspective, page 66
• Security Monitoring Perspective, page 67
The APSolute Vision interface follows a consistent hierarchical structure, organized functionally to
enable easy access to options. You start at a high functional level and drill down to a specific
module, function, or object.

Note: Access to and privileges in APSolute Vision interface elements is determined by Role-Based
Access Control (RBAC). For more information, see Role-Based Access Control (RBAC), page 85 and
Configuring Local Users for APSolute Vision, page 99.
APSolute Vision Toolbar and Sidebar Menu

The following figure shows the APSolute Vision (horizontal) toolbar and (vertical) sidebar menu.
Figure 19: APSolute Vision Toolbar and Sidebar Menu
Click the arrow to display the names

User ribbon.
of the items in the sidebar menu (as
shown). Click the arrow again to hide Refresh button and
the names. last refresh time.
Home icon/button. Click to display the Alerts icon/button. Click

specified landing page. to open the Alerts Table
pane. The Alerts Table
Hover over an item and click the displays APSolute Vision
arrow to display its options. alerts, device alerts,
DefensePro security
alerts, and device-
configuration messages.
The APSolute Vision toolbar contains the following items:

• Alerts icon/button—Click the button to open the Alerts Table pane. The Alerts Table displays
APSolute Vision alerts, device alerts, DefensePro security alerts, and device-configuration
messages.
• Refresh button and last refresh time.
• User ribbon—Clicking in the ribbon opens a drop-down dialog box.
Use the dialog box to do the following:
— View the user name, RBAC role, and previous login time.
— Change the UI language by selecting another value from the Language drop-down list.
— Log out of the session and log in as another user.
Figure 20: User Dialog Box
Clicking the user name opens the drop-down dialog box.

The APSolute Vision sidebar menu contains the following items:

• Home—Returns the display to the landing page, which is specified for the server or per user. For
more information, see Configuring APSolute Vision Display Parameters, page 163.
• Analytics ADC—Opens a drop-down list with the following options for APSolute Vision Analytics
(AVA) for Radware application-delivery-control (ADC) products:
— Application—Opens the Application Dashboard.
— System and Network—Opens the Network & System Dashboard.
— Reports—Opens the AVA ADC Reports module.
Note: For some more information about AVA, see APSolute Vision Analytics, page 52. For
detailed information and how to use AVA, see the APSolute Vision Analytics User Guide.
• Analytics AMS—Opens a drop-down list with the following options for APSolute Vision Analytics
(AVA) for Radware Attack Mitigation Solution (AMS) products:
— DefensePro Monitoring—Opens the DefensePro Monitoring dashboard.
— DefensePro Attacks—Opens the DefensePro Attacks dashboard.
— HTTPS Flood—Opens the DefensePro HTTPS Flood dashboard.
— DefensePro Analytics—Opens the DefensePro Analytics dashboard.
— DefensePro Behavioral Protections—Opens the DefensePro Behavioral Protections
dashboard.
— DefenseFlow Analytics—Opens the DefenseFlow Analytics dashboard.
— AppWall—Opens the AppWall dashboard.
— Reports—Opens the AVA AMS Reports module.
— Forensics—Opens the AVA AMS Forensics module.
— Alerts—Opens the AVA AMS Alerts module.
Note: For some more information about AVA, see APSolute Vision Analytics, page 52. For
detailed information and how to use AVA, see the APSolute Vision Analytics User Guide.
• Applications—Opens a drop-down list with buttons to open or connect to the following apps
and services:
— AVR—APSolute Vision Reporter, which is historical security reporting for DefensePro and
AppWall.
— APM—Application Performance Monitoring for Alteon and LinkProof NG.
— DPM—Device Performance Monitoring for Alteon and LinkProof NG.
— Cloud DDoS Portal—Connects you to the to the associated Radware Cloud DDoS
Protection service interface. For more information on Radware Cloud DDoS Protection
services, see the Cloud DDoS Protection Services User Guide.
— vDirect—Opens the vDirect interface in the APSolute Vision server.
— Security Control Center—Opens the Security Control Center.
— GEL—Opens the Global Elastic License (GEL) Dashboard to activate a new Global Elastic
License (GEL) Entitlement, allocate throughput to Alteon servers using GEL Entitlements,
and to view the Entitlement-utilization state.
— EAAF—Opens the ERT Active Attackers Dashboard.
• DefenseFlow—Opens a drop-down list with buttons to open the following:
— Operation—Opens the DefenseFlow Attack Mitigation Operation dashboard.
— Configuration—Opens the DefenseFlow interface (when the DefenseFlow IP address is
configured in the APSolute Vision CLI).

• Automation—Opens the Toolbox pane, which includes the Toolbox tab and the Advanced tab.
By default, the Toolbox tab displays predefined Toolbox scripts. From the adjacent Workflows
tab, you can manage and use vDirect workflows. From the Advanced tab, you can manage
Toolbox scripts, use AppShape templates, and manage DefensePro configuration templates. For
more information, see Using the Toolbox, page 221.
• Scheduler—Opens the Scheduler to schedule various operations for the APSolute Vision server
and managed devices. For more information, see Scheduling APSolute Vision and Device Tasks,
page 305.
• Vision Settings—Opens the APSolute Vision Settings view. For more information, see APSolute
Vision Settings View, page 57.
APSolute Vision Settings View

Select the Vision Settings item ( ) from the APSolute Vision sidebar menu to display the
APSolute Vision Settings view.
Figure 21: Vision Settings Item (Selected) in the APSolute Vision Sidebar Menu
The APSolute Vision Settings view includes the following perspectives:

• System—For more information, see Settings View—System Perspective, page 59. Access to the
APSolute Vision Settings view System perspective is restricted to administrators.
• Dashboards—For more information, see Settings View—Dashboards Perspective, page 59.
• Preferences—For more information, see Settings View—Preferences Perspective, page 59.
Click the relevant button (System, Dashboards, or Preferences) to display the perspective that
you require.
At the upper-left of the APSolute Vision Settings view, APSolute Vision displays the APSolute Vision
device-properties pane. For more information, see Device-Properties Pane, page 62.
When you hover over a device node in the device pane, a popup displays. For more information, see
Device-Properties Hover Popup, page 62.

Figure 22: Vision Settings View (Showing the System Perspective)

Vision Settings button—Switches to the APSolute Vision Settings view.
Displays the device pane.
APSolute Vision device-properties pane.
The System perspective in the APSolute Vision Settings view is being displayed.
Dashboards button—Displays the Dashboards perspective in the APSolute

Vision Settings view.
Preferences button—Displays the Preferences perspective in the

APSolute Vision Settings view.
Content area.

Settings View—System Perspective

Administrators can use the APSolute Vision Settings view System perspective to do the following:
• Monitor or manage the general settings of the APSolute Vision server—Monitoring and
managing the general settings of the APSolute Vision server include the following:
— General properties, details, and statistics of the APSolute Vision server
— Statistics of the APSolute Vision server
— Connectivity
— Alert browser and security alerts
— Monitoring parameters
— Server alarm thresholds
— Authentication protocols
— Device drivers
— APSolute Vision Reporter for DefensePro
— Licenses
— Application Performance Monitoring (APM)
— Radware Cloud DDoS Protection URL
— Advanced general parameters
— Display formats
— Maintenance files
— Operator Toolbox settings
• Manage and monitor users—Users can, in turn, manage multiple devices concurrently. Using
APSolute Vision RBAC, administrators can allow the users various access control levels on
devices. RBAC provides a set of predefined roles, which you can assign per user and per working
scope (device or group of devices). RBAC definition is supported both internally (in APSolute
Vision) and through remote authentication (with RADIUS or TACACS+).
• Manage device resources —For device backup files and device subscriptions.
Note: For more information on operations that are exposed in the APSolute Vision Settings view
System perspective, see Managing and Monitoring the APSolute Vision System, page 111.
Settings View—Dashboards Perspective

Users with a proper role can use the APSolute Vision Settings view Dashboards perspective to access
the following:
• Application SLA Dashboard—For more information, see Using the Application SLA Dashboard,
page 561.
• Security Control Center—For more information, see Using the Security Control Center,
page 564.
• Service Status Dashboard—For more information, see Using the Service Status Dashboard,
page 570.
Settings View—Preferences Perspective

Use the Preferences perspective to change your password or select the landing page (that is, the
page that APSolute Vision displays when you open APSolute Vision WBM).

Device Pane
Users with a proper role can use the device pane to add or delete the devices that the APSolute
Vision server manages.
If the device pane is not being displayed, to display it, click the little downward-pointing arrow
( ) close to the upper-left corner of the APSolute Vision main screen (see Figure 22 - Vision
Settings View (Showing the System Perspective), page 58).
To organize and manage devices, the device pane includes the following three different trees:
• Sites and Devices—The Sites and Devices tree can contain devices (except for ADC- VX),
user-defined Sites, and DefensePro high-availability clusters.
• Physical Containers—The Physical Containers tree can contain ADC-VX instances and Sites
with ADC-VX instances.
• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical
Group is a group of devices of the same type, which you manage as a single entity.
In the device pane, APSolute Vision uses the following basic icons to represent the device types,
with Status Up and functioning normally:
• —Alteon
• —AppWall
• —DefensePro
• —LinkProof NG
APSolute Vision modifies the display of the basic icons to show special device states or device
functions—which include the following:
• Device is locked—While the device is locked, the device icon in the device pane includes a lock
symbol— for Alteon and LinkProof NG, for AppWall, and for DefensePro.
• Status Down—When the device Status is Down, the device icon in the device pane includes
an X—for example, and .

• Status Unknown—When the device Status is Unknown, the device icon in the device pane
includes a question mark (?)—for example, .
• Devices in a high-availability configuration—APSolute Vision displays HA-Active Alteon
devices, AppWall cluster managers, and DefensePro primary devices with a green border—for
example, , , and .
• Right-to-Use license is Invalid—If the status of the Right to Use license is Invalid, the
device icon in the device pane has a red slash through it— for Alteon and LinkProof NG,
for ADC-VX, for AppWall, and for DefensePro.
• DefensePro device is a DefenseFlow mitigation device—When, in DefenseFlow, you set
the mitigation device to be DefensePro, the DefensePro-device icon in the device pane includes
two triangles— .

Figure 23: Device Pane (Not Docked)—Showing the Sites and Devices Tree
Minimizes the docked device pane.
Docks the device pane.
The button that selects the device-pane tree (Sites and Devices, Physical Containers,
or Logical Groups) and the name of the tree that is displayed now.
Displays the UI for the selected device or

devices.
Controls for filtering the devices that the pane
displays.
APSolute Vision appends the number of devices

matching the filter at that level according to
your RBAC permissions.
Notes
• For information on how to add or delete the devices that the APSolute Vision server manages,
see Managing Devices, Sites, and Logical Groups, page 171.
• For more information on the device pane, see Using the Device Pane, page 171.
• When you double-click a device in the Sites and Devices tree or in the Physical Containers tree,
APSolute Vision displays the device-properties pane and the last perspective that you viewed on
the device along with the corresponding content area.
• In the context of role-based access control (RBAC) RBAC, Sites and Logical Groups enable
administrators to define the scope of each user. For more information on RBAC, see Role-Based
Access Control (RBAC), page 85.
• For more information on Logical Groups, see Using Logical Groups of Devices, page 199.

Device-Properties Hover Popup

When you hover over a device node in the device pane, a popup displays the following parameters:
• Device Name—The user-defined device name.
• Status—The device general status: Up, Down, or Maintenance—and for vADCs in the
Physical Containers tab: Managed or Not Managed.
• Locked By—If the device is locked, the user who locked it.
• Management IP Address—The host or IP address of the device.
• Device Type—That is, Alteon, AppWall, DefensePro, or LinkProof NG.
• Version—The device version.
• MAC—The MAC address.
• License (displayed only for Alteon, and LinkProof NG devices)—The license for the device.
• APM License (displayed only for Alteon devices)—The license for the device.
• Form Factor (displayed only for Alteon, DefensePro version 8.x devices, Radware DefensePro
DDoS Mitigation for Cisco Firepower, and LinkProof NG devices)—The form factor, for example,
Standalone.
• Platform—The platform type.
• HA Status (displayed only for Alteon, DefensePro, and LinkProof NG devices)—The high-
availability status of the device. For Alteon and LinkProof NG: Active, Standby, or DISABLED.
For DefensePro: N/A, Standalone, Primary, or Secondary.
• Init (displayed only for AppWall devices)—The init status, for example Ended with
Successfully or Ended with Errors.
• Device Driver—The device driver name.
• RTU License—The status of the Right to Use license: Valid or Invalid—and for vADCs in the
Physical Containers tab: N/A.
Note: If the status of the Right to Use license is Invalid, the device icon in the device pane
has a red slash through it— for Alteon and LinkProof NG, for ADC-VX, for AppWall, and
for DefensePro.
Logical-Group–Properties Hover Popup

When you hover over a Logical Group in the device pane Logical Groups tree, a popup opens. For
more information, see Logical Group User Interface, page 200.
Device-Properties Pane
When you select a single device in the device pane, all APSolute Vision perspectives display the
device-properties pane (see Figure 22 - Vision Settings View (Showing the System Perspective),
page 58, Figure 24 - Configuration Perspective—Alteon and LinkProof NG, page 64, Figure 28 -
Monitoring Perspective—Alteon and LinkProof NG, page 66, Figure 29 - Monitoring Perspective—
DefensePro, page 67, Figure 30 - DefensePro Security Monitoring Perspective—Showing the
Security Dashboard, page 68).
When you select multiple devices in the device pane, APSolute Vision displays the multi-device view.
For more information, see Using the Multi-Device View and the Multiple Devices Summary,
page 196.

When you select a single device in the device pane, the device-properties pane displays the
following parameters:
• The device type (Alteon, AppWall, DefensePro, or LinkProof NG) and the user-defined device
name.
• An icon showing whether the device is locked.
• A picture of the device front panel. When the device is locked, you can click the button to
reset or shut down the device.
• Status—The device general status: Up, Down, or Maintenance.
• Locked By—If the device is locked, the user who locked it.
• Type (displayed only for Alteon, AppWall, DefensePro version 8.x devices, Radware DefensePro
DDoS Mitigation for Cisco Firepower, and LinkProof NG devices)—This field displays the platform
and form factor.
• Platform (displayed only for DefensePro devices)—The platform type, for example x420.
• Mngt IP—The host or IP address of the devices.
• Version—The device version.
• MAC—The MAC address.
• License (displayed only for Alteon, AppWall, and LinkProof NG devices)—The license for the
device.
• APM License (displayed only for Alteon)—The pages-per-minute limit of the APM license.
• HA Status (displayed only for Alteon, Radware DefensePro DDoS Mitigation for Cisco Firepower,
and LinkProof NG devices)—The high-availability status of the device. For Alteon and LinkProof
NG: Active, Standby, or DISABLED. For DefensePro: Standalone, Primary, or Secondary.
• Init (displayed only for AppWall devices)—The init status, for example Ended with
Successfully or Ended with Errors.
• Device Driver—The device driver name.
• User Role—The RBAC role that the user has for the selected device. The User Role parameter
clarifies situations where the configuration of a user includes multiple devices (scopes) and
differing roles. For more information on RBAC users and role-scope pairs, see Managing
APSolute Vision Users, page 83.
Configuration Perspective
Use the Configuration perspective to configure Radware devices.
Choose the device to configure in the device pane.
You can view and modify device configurations in the content pane.
When APSolute Vision manages Alteon or LinkProof NG:
• You choose the standalone, VA, or vADC device to configure in the device pane Sites and
Devices tree.
• You manage ADC-VXs and the hosted vADCs in the device pane Physical Containers tree.

Figure 24: Configuration Perspective—Alteon and LinkProof NG

Device pane (docked) with the Sites and Devices tree displayed—Displays, according to
your filter, the configured Sites and standalone, vADC, and VA devices. The Physical
Containers tree (not shown) displays, according to your filter, the configured Sites and
ADC-VXs with the hosted vADCs.
The Configuration perspective is being displayed.
Device-properties pane.
Monitoring button—Opens the Monitoring perspective.
Security Monitoring button—Opens the Security
Monitoring perspective.
Configuration-management buttons.
Content pane.
The following points apply to all configuration tasks in the Configuration perspective:
• To configure a device, you must lock it. For more information, see Locking and Unlocking
Devices, page 189.
• When you change a field value (and there is configuration that is pending Submit action), the
tab title changes to in italics with an asterisk (*).
• By default, tables display up to 20 rows per table page.
• You can perform one or more of the following operations on table entries:
— Add a new entry to the table, and define its parameters.
— Edit one or more parameters of an existing table entry.
— Delete a table entry.
— Device configuration information is saved only on the managed device, not in the APSolute
Vision database.

To commit information to the device, you must click Submit when you modify settings in a
configuration dialog box or configuration page.
Some configuration changes require an immediate device reboot. When you submit the
configuration change the device will reboot immediately.
Some configuration changes require a device reboot to take effect, but you can save the change
without an immediate reboot. When you submit a change without a reboot, the Properties pane
displays a “Reboot Required” notification until you reboot the device.
For Alteon and LinkProof NG, APSolute Vision supports the configuration-management (global-
command) options: Apply, Save, Diff, Diff Flash, Revert, Revert Apply, and Dump. If the new
configuration requires an Apply or Save operation to take effect, the button is displayed with an
orange icon.
Figure 25: Apply (Required) and Save (Required) Buttons
For AppWall, APSolute Vision supports the Apply button to perform the AppWall Apply operation. If
the configuration requires an Apply operation to take effect, the button is displayed with an orange
icon.
For DefensePro, click Update Policies to implement policy-configuration changes if necessary.
Policy-configuration changes for a device are saved on the device, but the device does not apply the
changes until you perform a device-configuration update. For DefensePro 7.x versions 7.32 and
later, if the new configuration requires an Update Policies operation to take effect, the button is
displayed with an orange icon.
Figure 26: Update Policies Button
Figure 27: Update Policies Required Button
Example Device selection in the Configuration perspective

The following example shows the selections you would make to view or change configuration
parameters for a Radware device:
1. Select the required device in the device pane by drilling down through the Sites and child Sites.
2. Lock the device by clicking the icon in the device-properties pane. The icon changes to
(a picture of a locked padlock).
3. Click Configuration ( ) to open the Configuration perspective.

4. Navigate to the configuration objects in the content pane.

Monitoring Perspective
In the Monitoring perspective, you can monitor physical devices and interfaces, and logical objects.
Figure 28: Monitoring Perspective—Alteon and LinkProof NG

your filter, the configured Sites and standalone, vADC, and VA devices. The Physical
Containers tree (not shown) displays, according to your filter, the configured Sites and
ADC-VXs with the hosted vADCs.
The Monitoring perspective is being displayed.
Configuration-management buttons.
Content pane.

Figure 29: Monitoring Perspective—DefensePro

your filter, the configured Sites and DefensePro devices. The Physical Containers tree (not
shown) is not relevant for DefensePro.
The Monitoring perspective is being displayed.
DefensePro configuration-management buttons.
Content pane.
Security Monitoring Perspective

APSolute Vision displays the Security Monitoring perspective to view and analyze real-time security
information of managed devices, which include the following platform types:
• DefensePro
The Security Monitoring perspective is available for single devices and also for multiple devices.
Security monitoring for multiple devices supports two report categories: the Dashboard View and
Traffic Monitoring. Security monitoring for single devices supports two additional report categories:
Protection Monitoring and HTTP Reports.
You can filter the Sites and devices that APSolute Vision displays. The filter does not change the
contents of the tree, only how APSolute Vision displays the tree to you.
For DefenseFlow and DefensePro, the Security Monitoring perspective includes the following tabs:
• Dashboard View—Comprises the following:
— Security Dashboard—A graphical summary view of all current active attacks in the
network with color-coded attack-category identification, graphical threat-level indication,
and instant drill-down to attack details.
— Current Attacks—A view of the current attacks in a tabular format with graphical notations
of attack categories, threat-level indication, drill-down to attack details, and easy access to
the protecting policies for immediate fine-tuning.
• Traffic Monitoring—A real-time graph and table displaying network information, with the
attack traffic and legitimate traffic filtered according to specified traffic direction and protocol.

• Protection Monitoring—Real-time graphs and tables with statistics on policies, protections

according to specified traffic direction and protocol, along with learned traffic baselines.
• HTTP Reports—Real-time graphs and tables with statistics on policies, protections according to
specified traffic direction and protocol, along with learned traffic baselines.
Figure 30: DefensePro Security Monitoring Perspective—Showing the Security Dashboard

Note: For more information on the Security Monitoring perspective, see Using Real-Time Security
Monitoring, page 583.
Related Documentation
See the following documents for information related to APSolute Vision:
• APSolute Vision Release Notes—See this for information about:
— What's new in the version
— Supported platforms
— Hardware specifications
— Capacity specifications
— Maintenance fixes
— Known limitations
• APSolute Vision Installation and Maintenance Guide—See this for information about:
— Installing APSolute Vision
— Initializing APSolute Vision
• APSolute Vision online help—See this for information about configuring Radware devices that
APSolute Vision manages.
• Installation and maintenance guides, user guides, release notes, and so on, for Radware
application-delivery-control (ADC) and security products, modules, and services—See these for
information not included in the APSolute Vision online help.
• APSolute Vision Analytics (AVA) User Guide—See this for information about APSolute
Vision Analytics.

• APSolute Vision Reporter (AVR) documentation—See the AVR user guide and online help
for information about APSolute Vision Reporter (AVR) and how to use it.
• Application Performance Monitoring (APM) documentation—See the APM user guide,
online help, and Troubleshooting and Technical Guide for information about APM and how to use
it.
• APSolute Vision REST API documentation—See this for information about the APSolute
Vision REST API and how to user it.
• vDirect documentation—See this for additional information about vDirect and how to user it.
Notes
• For the latest Radware product documentation, download it from
https://portals.radware.com.
• The APSolute Vision REST API documentation for APSolute Vision version 4.60 is available on the
Radware website at
https://webhelp.radware.com/Vision/REST/4_60_00/index.html.


CHAPTER 2 – GETTING STARTED WITH
APSOLUTE VISION
The following topics describe how to get started and set up APSolute Vision before configuring and
monitoring your Radware devices:
• Initializing the APSolute Vision Server, page 71
• Recommended Basic Security Procedures, page 73
• APSolute Vision WBM Requirements, page 74
• Logging In to and Out of APSolute Vision, page 76
• Changing Passwords for Local Users, page 77
• Selecting Your Landing Page, page 78
• After Initial Configuration of APSolute Vision, page 79
• Using Common GUI Elements in APSolute Vision, page 80
Notes
• For information about installing the APSolute Vision server, see the APSolute Vision Installation
and Maintenance Guide.
• For information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 83.
Initializing the APSolute Vision Server

On a physical appliance, access the APSolute Vision CLI using a serial cable and terminal emulation
application, or from an SSH client.
Note: APSolute Vision CLI uses Control-? (127) for the Backspace key.
Terminal settings for the APSolute Vision server are as follows:
• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
Note: When connecting from an SSH client, APSolute Vision CLI has a default timeout of five
minutes for idle connections. If an SSH connection is idle for more than five minutes, APSolute
Vision terminates the session.

Getting Started with APSolute Vision
To initialize the APSolute Vision server

1. Ensure that an ASCII console is connected to the device through the RJ-45–to–DE-9 cable and
that console computer is turned on.
2. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up.
3. Wait for the login prompt, vision login:.
4. Type the default username radware, and then, press Enter.
5. Type the default password radware, and then, press Enter.
6. Type the IP address for the APSolute Vision server, and then, press Enter.
7. Type the value for the network mask for the APSolute Vision server, and then, press Enter.
8. Type the value for the default gateway for the APSolute Vision server, and then, press Enter.
9. Type the value for the primary DNS server for the APSolute Vision server, and then, press Enter.
10. If applicable, type the value for the secondary DNS server for the APSolute Vision server, and
then, press Enter.
Note: Configuring a secondary DNS server is not mandatory. That is, if you press Enter
without typing anything, the installation will proceed.
11. Type the interface identifier—for example, G1 or G2 (case-sensitive)—that is, the interface that
the APSolute Vision clients access, and then, press Enter.
Notes
— When APSolute Vision is running on the OnDemand Switch VL2 (ODS-VL2) platform, the
relevant identifiers are G3 and G5 (case-sensitive).
— The installation program checks whether there are connected interfaces, and it displays their
identifiers. If there are no connected interfaces, a “No link detected” message is displayed.
— The interface identifiers that are supported depend on the APSolute Vision form factor.
12. Review the values.
13. Type one of the following values:
— y —yes, that is, you accept the values.
— N —no, that is, you need to go back and change one or more values.
The initialization script asks whether you want to change the root user password.
14. Change the root user password if required.
Note: For information on how to change the default passwords, see APSolute Vision CLI
Commands, page 649.

Recommended Basic Security Procedures

This section describes the basic procedures that Radware recommends for the security of the
APSolute Vision system.
Restricting Root Access

The APSolute Vision server runs on a Linux shell.
The APSolute Vision server supports root access to the operating system. The default password is
radware, which can be modified during the initial setup of the APSolute Vision server. Additionally,
user radware can modify the password using the CLI command system user password root.
Radware recommends that the root user password be kept secret from other administrators, and
retained for troubleshooting by Radware Technical Support.
If you require recovery of the root password, contact Radware Technical Support.
Note: For more information on the APSolute Vision CLI, see APSolute Vision CLI Commands,
page 649.
Restricting APSolute Vision CLI Access

The default username/password for the APSolute Vision CLI is radware/radware.
As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is
operating properly, Radware recommends that you change the default password of the radware
user, using the CLI command system user password change radware.
Change the password with the relevant CLI command.
Access to the APSolute Vision CLI is available only to users with the Administrator or Vision
Administrator role.
page 649.
Restricting Web Access to the APSolute Vision Server

The APSolute Vision installation includes one default user, radware, with the password radware.
The radware user has access to all APSolute Vision interfaces.
Radware recommends that you change the password of the radware user. Change the password with
the relevant CLI command.
operating properly.
page 649.

Restricting Web Access by Radware Technical Support

Radware Technical Support can access an APSolute Vision appliance using a Web browser.
operating properly, Radware recommends that you change the default password.
Change the password with the relevant CLI command.
page 649.
APSolute Vision WBM Requirements

APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
This section describes the basic requirements with the following topics:
• APSolute Vision WBM Requirements, page 74
• Application Performance Monitoring Requirements, page 75
• APSolute Vision Reporter Requirements, page 75
• Device Performance Monitor Requirements, page 75
Notes
• For the most up-to-date information, please refer to the APSolute Vision Release Notes.
• For more information, see APSolute Vision Specifications and Requirements, page 833.
• For the list of required UDP/TCP ports, see UDP/TCP Ports and IP Protocols, page 833.
APSolute Vision WBM Requirements

This section includes the following topics:
• APSolute Vision Client Supported Operating Systems, page 74
• APSolute Vision WBM Supported Browsers, page 75
APSolute Vision Client Supported Operating Systems

For the most up-to-date information, please refer to the APSolute Vision Release Notes.
The following operating systems support APSolute Vision WBM:
• Windows Server 2008 R2 64-bit
• Windows 8 64-bit
• Windows 7 SP1 32-bit and 64-bit
• Windows 10 10.0.10240
• Linux Ubuntu (Desktop) 14.04 LTS 64-bit
• macOS High Sierra 10.13.2

APSolute Vision WBM Supported Browsers

You can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device
Performance Monitor, and the APM server Web interface) using a Web browser.
For the list of supported browsers, please refer to the release notes.
Caution: When you use Internet Explorer 11 (IE11) on Windows OS to access APSolute Vision
WBM, there is sometimes a problem when downloading files. You can fix the problem by updating
the Windows registry. The update tells IE to open JSON documents in the browser. In the update,
the value 25336920-03F9-11cf-8FD0-00AA00686F13 is the CLSID for the “Browse in place”
action. To fix the problem, Radware recommends that you use Windows Registry Editor version 5.00
and update the Windows registry with the following:
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/json]
"CLSID"="{25336920-03F9-11cf-8FD0-00AA00686F13}"
"Encoding"=hex:08,00,00,00
Application Performance Monitoring Requirements

APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor (APM).
The APM is a process that runs on the APSolute Vision server with APM server VA offering. APSolute
Vision WBM includes an option to open the APM Web interface. You access the APM via a browser on
your PC. APSolute Vision WBM includes an option to open the APM Web interface.
For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and
Maintenance Guide.
APSolute Vision Reporter Requirements

• Windows 10 10.0.10240
Device Performance Monitor Requirements

APSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for
Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser
tab.

Logging In to and Out of APSolute Vision

To start working with APSolute Vision, you log in to the APSolute Vision Web application, which is
referred to as Web Based Management (WBM).
The first login to APSolute Vision WBM requires an APSolute Vision Activation License (which has the
prefix vision-activation). When APSolute Vision is running as a virtual appliance (VA), the
activation-license is based on the MAC address of the APSolute Vision G1 or G2 port. When APSolute
Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the activation-license is based
on the MAC address of the APSolute Vision G3 or G5 port.
You can request the activation-license from Radware Technical Support. The activation-license is also
available using the license generator at radware.com.
Note: The CLI command net ip get displays the ports and the MAC addresses.
Up to 50 users can access the APSolute Vision server concurrently.
Note: Users with the Administrator role can manage APSolute Vision users. For information on
managing APSolute Vision users, see Managing APSolute Vision Users, page 83.
APSolute Vision supports role-based access control (RBAC) to manage user privileges. Your
credentials and privileges may be managed through an authentication server or through the local
APSolute Vision user database.
After successful authentication, the user’s role is assigned. The role determines the devices that the
user is authorized to manage. Furthermore, the role determines which content panes, menus, and
operations the user can access. The assigned role remains fixed throughout the user session.
If a user enters the credentials incorrectly, the user is prompted to re-enter the information. After a
globally defined number of consecutive failures, the user is locked out of the system. If the user
uses local user credentials, an administrator can release the lockout by resetting the password to
the global default password (see Releasing User Lockout, page 105). If the user uses credentials
from an authentication server (for example, a RADIUS server), you must contact the administrator
of that authentication server.
There are special properties and procedures for the user who first logs into the APSolute Vision
server. For more information, see Managing APSolute Vision Users, page 83.
To log in to APSolute Vision as an existing user

1. In a Web browser, enter the hostname or IP address of the APSolute Vision server.
2. In the login dialog box, specify the following:
— User Name—Your user name.
— Password—Your user password. Depending on the configuration of the server, you may be
required to change your password immediately. Default: radware.

— The language of the APSolute Vision graphical user interface. Click the arrow next to the
name of the current language to open the language drop-down list and select the language
that you require.
3. Click Log In.
Caution: For DefensePro 7.x and 8.x versions and in networks with high latency, Radware
recommends increasing the SNMP Timeout to 180 seconds (APSolute Vision Settings view System
perspective, General Settings > Connectivity > Timeout).
To log out of APSolute Vision

1. In the APSolute Vision toolbar, click the User ribbon at the at the far right. A drop-down dialog
box opens.
2. Click Log Out.
Changing Passwords for Local Users

If your user credentials are managed through the APSolute Vision Local Users table (not through an
authentication server, such as RADIUS or TACACS+), you can change your user password at the
login or in the APSolute Vision Settings view Preferences perspective.
If your password has expired, you must change it in the APSolute Vision Login dialog box.
Notes
• For information about password requirements, see APSolute Vision Password Requirements,
page 108.
• For more information on managing APSolute Vision users, see Managing APSolute Vision Users,
page 83.

To change a password for a local user

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences > User
Password Settings.
2. Configure the parameters, and click Update Password.
Table 1: User Password Settings Parameters
Parameter Description
Current Username (Read-only) The current username.
Current Password Your current password.
New Password Your new password.
Confirm New Password Your new password.
Selecting Your Landing Page

You can select the page that APSolute Vision displays when you open APSolute Vision WBM.
To select your landing page

1. In the APSolute Vision Settings view Preferences perspective, select User Preferences >
Display.
2. Configure the parameter, and click Submit.

Table 2: Display Parameter
Default Landing Page The page that APSolute Vision displays when you open APSolute
Vision WBM.
Values:
• None—When you open APSolute Vision WBM, you land in the
default page configured on the APSolute Vision server (see
Configuring APSolute Vision Display Parameters, page 163).
• Application SLA Dashboard—When you open APSolute Vision
WBM, you land on the Application SLA Dashboard (see Using
the Application SLA Dashboard, page 561).
• Security Control Center—When you open APSolute Vision WBM,
you land on the Security Control Center (see Using the Security
Control Center, page 564).
• Operator Toolbox—When you open APSolute Vision WBM, you
land on the Toolbox (see Using the Toolbox, page 221).
• Service Status Dashboard—When you open APSolute Vision
WBM, you land on the Service Status Dashboard (see Using the
Service Status Dashboard, page 570).
Default: None
Note: Your user role and scope determines the available options.
If you do not have permission to view the default page configured
on the APSolute Vision server, you land in the first permitted tab
of the APSolute Vision Settings view. For information on user
roles and scopes, see Managing APSolute Vision Users, page 83.
After Initial Configuration of APSolute Vision

After initial configuration of the APSolute Vision server, continue with the following (as permitted by
your RBAC role):
• If required, configure local APSolute Vision users and global user settings in the APSolute Vision
Settings view System perspective, under User Management. For more information, see
Managing APSolute Vision Users, page 83.
• Add the devices that you want to manage using APSolute Vision. For more information, see
Managing Devices, Sites, and Logical Groups, page 171.
To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 725.
• Configure the Radware devices that APSolute Vision manages. For more information, see the
APSolute Vision online help.
• Manage device operations and maintenance.
• Monitor the managed devices using APSolute Vision. For more information, see the APSolute
Vision online help.
Note: For more information about the Radware products that APSolute Vision supports, see the
relevant product user guides and related documentation.

Using Common GUI Elements in APSolute Vision

This section contains the following:
• Icons/Buttons and Commands for Managing Table Entries, page 80
• Filtering Table Rows, page 81
Icons/Buttons and Commands for Managing Table Entries

The following table describes icons/buttons and corresponding commands that are available when
you manage table entries (rows) using APSolute Vision Web Based Management. The commands
that are available depend on the feature. The icons/buttons are always above a table on the left
side. When the mouse cursor (pointer) hovers over an icon/button, the display changes from
monochrome (gray) to colored.
Notes
• You can configure and control a managed device only when the device is locked (see Locking
and Unlocking Devices, page 189).
• The APSolute Vision documentation shows icons/buttons in their colored state.
Table 3: Icons/Buttons and Commands for Managing Table Entries
Icon/Button Command Description

Add Opens an “Add New...” tab to configure a new entry.
Edit Opens an “Edit...” tab to modify the selected existing entry.
Duplicate Opens an “Add New...” tab, which is populated with the values
from the selected entry, except for the indexes.
Delete Deletes the selection.
Export Exports the selected entry.
View Opens a “View...” tab to view the values of the selected entry.

Filtering Table Rows

For many tables in APSolute Vision and managed devices, you can filter table rows according to
values in the table columns.
The filter uses a Boolean AND operator for the filter criteria that you specify. That is, the filtered
table displays the rows that match all the search parameters, not any of the search parameters. For
example, if the table includes the columns Policy and Port, and you filter for the policy value ser,
and the port value 80, the filtered table displays rows where the value of the Policy parameter
includes ser AND the value of the Port parameter includes 80.
To filter table rows

1. Do the following:
— If a table column displays a drop-down list (with an arrow, like this, ), click
the arrow and select the value to filter by.
— If the table column displays a white, text box (like this, ), type the value to
filter by.
Notes
— For text boxes, the filter uses a contains algorithm. That is, the filter considers it to be a
match if the string that you enter is merely contained in a value. For example, if you enter
ser in the text box, the filter returns rows with the values ser, service1, and service2.
— If the box at the top of a column is gray (like this, ), you cannot filter
according to that parameter.
2. Click the (Filter) button or press Enter.


CHAPTER 3 – MANAGING APSOLUTE
VISION USERS
APSolute Vision supports concurrent access to up to 50 users.
Each user has individual credentials and privileges. APSolute Vision supports role-based access
control (RBAC) to manage user privileges.
RBAC users can be defined and managed in the local APSolute Vision user database (the Local Users
table) or through an external authentication server.
All user credentials for local users are encrypted and stored in the APSolute Vision database.
All all actions by all users (local or non-local) are stored in the audit log.
Users with the appropriate privileges can lock a device on an APSolute Vision server and modify its
configuration. Locking the device prevents other users from performing configuration tasks on that
device at the same time.
The following topics describe role-based access control, and how to configure and monitor local
APSolute Vision users:
• Logging In as the Default Administrator User—radware User, page 83
• Viewing Details About the Current User, page 84
• Role-Based Access Control (RBAC), page 85
• Configuring Local Users for APSolute Vision, page 99
• Managing LDAP Object Class Permissions, page 107
• Viewing User Statistics, page 108
• Configuring General User-Management Settings, page 96
• APSolute Vision Password Requirements, page 108
Logging In as the Default Administrator User—radware

User
A new APSolute Vision server (one that no one has yet logged into) contains a single predefined
Administrator user, which is called radware, defined with the Administrator role.
Caution: Radware recommends that the radware user be used by customers for disaster recovery
and kept secret from all other administrators.
The radware user can create and manage additional local users and their individual and global user
settings.
The radware user cannot be deleted.
The radware user is authenticated only in the Local Users table, regardless of whether the system is
configured to use a different authentication method. That is, the radware user cannot be overridden
by the configuration of an authentication server (see Managing Connections to Authentication
Servers, page 137).
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.

Managing APSolute Vision Users
The radware user can change the password of the radware user in the CLI or in the login dialog box.
For more information, see the APSolute Vision User Guide.
To log in to APSolute Vision for the first time as the radware user
1. In your Web browser, enter the hostname or IP address of the APSolute Vision server.
2. In the login dialog box, specify the following:
— Username—The name of the user, radware.
— Password—The password for the radware user.
3. Click Log In.
Viewing Details About the Current User

You can view the following details about the current user:
• The user name
• The user’s RBAC role or roles
• The previous login time
• The UI language (which you can change by selecting another value from the drop-down list)
Figure 31: Viewing Details About the Current User
To view details about the current user

> In the APSolute Vision toolbar, in the User ribbon at the at the far right, click the arrow.

Role-Based Access Control (RBAC)

This section contains the following main topics:
• APSolute Vision RBAC—General Information, page 85
• Roles and Scopes, page 86
• GUI Display Is According to Role, page 87
• IDM Strings for Predefined Roles, page 87
• Predefined Roles Described, page 88
• Roles per Radware Product, page 91
• Feature-Accessibility per Role, page 92
• Rules for RBAC Permission Conflicts with Logical Groups, page 95
APSolute Vision RBAC—General Information

You can determine the functionality and managed devices available to each user in APSolute Vision
by using RBAC to associate users with roles and scopes of devices.
All users can also be defined and managed through an authentication server—except for the users
radware, defenseflow, msspportal, and reporter.
Notes
• The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter
users.
• You cannot delete the radware, defenseflow, msspportal, and reporter users. They are defined,
managed, and authenticated only in the Local Users table, regardless of whether the system is
configured to manage other users through an authentication server.
• The reporter user is used by APSolute Vision Analytics.
• If you require a DefenseFlow or MSSP Portal platform to be authenticated remotely—for
connections from a DefenseFlow or MSSP Portal platform to APSolute Vision, you can create a
SYSTEM_USER on the remote authentication server, and configure DefenseFlow or MSSP Portal
to use that user rather than the built-in defenseflow or msspportal user.
• For information about how to configure DefenseFlow, see the DefenseFlow Installation and User
Guide.
• For information about how to configure MSSP Portal, see the MSSP Portal Deployment and
Operator Guide.
Caution: You are not required to change the password for the radware user during the initial
configuration, but Radware recommends you do so.
A user with the Administrator or User Administrator role can create, edit, and manage local APSolute
Vision users.

Roles and Scopes

User management includes assigning roles and scopes. A scope defines the devices that the user
can access. A role defines the set of permissions for the corresponding scope. A user definition can
contain multiple role-scope pairs.
APSolute Vision contains a set of predefined roles, which you cannot delete or modify. Each role
defines a set of privileges. The relevance and descriptions for the predefined roles may depend on
the device type.
The scopes of devices are organized according to the Sites and Devices tree and Physical Containers
tree in the device pane.
A scope can contain one of the following:
• An individual device.
• [All]—The All scope contains all devices and the APSolute Vision server.
• A Site—With all of its devices.
Note: For more information, see Configuring Sites, page 172.

• A Logical Group—The user’s scope dynamically updates, according to the devices in the
Logical Group. That is, when the device-set of a Logical Group changes, the user’s scope
changes accordingly.
Notes
— For more information on Logical Groups, see Using Logical Groups of Devices, page 199.
— For information on permission conflicts, see Rules for RBAC Permission Conflicts with Logical
Groups, page 95.
Caution: If the name of an APSolute Vision Site or Logical Group changes and an authentication
server authenticates users, you must reconfigure the user scopes on the authentication server.
If the name of an APSolute Vision Site or Logical Group changes and APSolute Vision authenticates
the users locally, APSolute Vision updates the relevant scopes for the users.
Every role must be assigned a scope—except for the following roles, which APSolute Vision always
configures with the All scope:
• Administrator
• System User
• User Administrator
• Vision Administrator
Caution: When defined through an authentication server, users with the Administrator, User
Administrator, System User, or Vision Administrator role must be configured with the scope [ALL]
(including the square brackets).

GUI Display Is According to Role

APSolute Vision displays the graphical user interface according to the user’s role, for example:
• When a user has full read and write permissions, all Add, Edit, and Delete buttons are
displayed.
• When a user has update permissions only, Add buttons are not displayed.
• When a user does not have any configuration permissions, Add, Delete, and Submit buttons
are not displayed.
• A user with the User Administrator role can manage all user settings: the Local Users table, the
Authentication Method, and so on. A user with the User Administrator role cannot view other
elements in the APSolute Vision Settings view System perspective.
• The tree in device pane displays only those devices that belong to scope associated with the
user.
• The Security Monitoring perspective displays information only for the devices that belong to the
user’s device scope. For DefensePro devices, you can limit the Protection policies accessible to
users in the perspective. This applies also to the information that APSolute Vision Reporter
displays.
Users with a proper role can access the APSolute Vision GUI and can see the Alerts Table pane, but
APSolute Vision limits the alert-display according to device permissions.
IDM Strings for Predefined Roles

Each role has an associated identity-management (IDM) string. You use the IDM strings in an
authentication-server configuration, for example. If the user is authenticated, the APSolute Vision
server grants access according to the user’s IDM string and scope. The authentication server Access-
Accept response must include an IDM-string–scope combination.
Note: APSolute Vision RBAC functionality is separate from the functionality of user accounts on the
devices themselves.
The following table lists the predefined roles and the corresponding IDM strings. The relevance and
descriptions for the predefined roles may depend on the device type.
Table 4: Predefined Roles and IDM Strings
Role IDM String

ADC + Certificate Administrator ADC_AND_CERTIF_ADMIN
ADC Administrator ADC_ADMIN
ADC Operator ADC_OPERATOR
Administrator SYS_ADMIN
Certificate Administrator CERTIF_ADMIN
Device Administrator DEV_ADMIN
Device Configurator CONFIG
Device Operator DEVICE_OPERATOR
Device Viewer VIEWER
Real Server Operator REAL_SERVER_OPERATOR
Security Administrator SEC_ADMIN
Security Monitor SEC_MON

Table 4: Predefined Roles and IDM Strings (cont.)
Role IDM String

System User SYSTEM_USER
User Administrator USR_ADMIN
Vision Administrator VISION_ADMIN
Vision Reporter REPORTER
Predefined Roles Described

The following table describes the predefined roles in APSolute Vision. The relevance and descriptions
for the predefined roles may depend on the device type.
Table 5: Predefined Roles
Role Description
ADC + Certificate The union of ADC Administrator and Certificate Administrator roles.
Administrator Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Has control over the Certificate Repository and the Client Authentication Policy
in the Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG.
Can launch the Device Performance Monitor Web interface and view the
Application SLA Dashboard.
Can view the Alerts Table.
Can access Security Monitoring perspective.
ADC Administrator Has full control over ADC configuration and AppShapes, can configure and
manage servers, services, traffic redirection, and health checks.
Can perform all functions of the devices for which the user has credentials.
Can access Security Monitoring perspective.
ADC Operator Has read-only permission on the configuration of ADC devices and general
device control.
Administrator Can access the CLI and can perform all actions and access all functionality.
Can use DefenseFlow. For details, see the DefenseFlow documentation.

Table 5: Predefined Roles (cont.)
Role Description
Certificate Has control over the Certificate Repository and the Client Authentication Policy
Administrator in the Configuration perspective.
Can access the Monitoring perspective.
Can perform all functions related to Alteon and LinkProof NG, but some
functions are read-only.
Can view the Application SLA Dashboard.
Device Has full control over devices for which the user has credentials.
Administrator Can launch the Device Performance Monitor Web interface and view the
Can export a policy file from the Protection Policies table (Network Protection
Policies table and Server Protection Policies table in earlier versions).
Can access the Templates tab.
Device Can access all Configuration-perspective panes and Monitoring-perspective
Configurator panes, and has full control over the Setup, Networking, Device Security and
Advanced parameter tabs of the Configuration perspective of the devices for
which the user has credentials.
Can perform all Configuration and Monitoring pane perspective functions of the
devices for which the user has credentials, excluding AppShapes.
Device Operator Has full control over all Monitoring perspective panes and can access the
Configuration perspective.
Can perform all functions related to Alteon and LinkProof NG, including
AppShapes, but some functions are read-only.
Device Viewer Can access all devices for which the user has credentials.
Real Server Can lock and unlock an Alteon device for which the user has credentials.
Operator Can access the Monitoring perspective with the following permissions with
read-write access to the following nodes (all other nodes are hidden):
• Application Delivery > Virtual Service > Real Servers
• Application Delivery > Virtual Service > Server Groups
Can view the Application SLA Dashboard.

Table 5: Predefined Roles (cont.)
Role Description
Security Can configure and manage network and server security, ACL policies, and so
Administrator on.
Can export a policy file from the Protection Policies table (Network Protection
Policies table and Server Protection Policies table in earlier versions) and
Server Protection Policies table. Furthermore, can open the Advanced Toolbox
tab, and can see and use the DefensePro Configuration Templates node.
Security Monitor Has full control over Security Monitoring and APSolute Vision Reporter.
System User Can access APSolute Vision through the REST interface (only) and can perform
all actions and access all functionality.
User Administrator Can access the APSolute Vision Settings view System perspective, and in it,
can create and manage users. Cannot view other elements in the APSolute
Vision Settings view System perspective.
Vision Can access the CLI except for system snmp community and system snmp
Administrator trap target —and can perform all actions and access all functionality,
except for user management and authentication protocols (RADIUS Settings
and TACACS+ Settings).
Vision Reporter Has full control over APSolute Vision reporting capabilities (APM, AVR, and
DPM).

Roles per Radware Product

The following table lists the predefined roles and corresponding functionalities.
Table 6: Role per Radware Product
Role Can Add Manages Application Manages Security Can Use

New Delivery Devices (Alteon Devices (AppWall DefenseFlow
Device and LinkProof NG) and DefensePro)
ADC + Certificate No Yes No No
Administrator
ADC Administrator No Yes No No
ADC Operator No Yes No No
Administrator Yes Yes Yes Yes
Certificate Administrator No Yes No No
Device Administrator Yes Yes Yes No
Device Configurator No Yes Yes No
Device Operator No Yes No No
Device Viewer No Yes Yes No
Real Server Operator No Yes No No
Security Administrator No No Yes No
Security Monitor No Yes Yes No
System User Yes1 Yes1 Yes1 Yes1
User Administrator No N/A N/A N/A
Vision Administrator Yes Yes Yes Yes
Vision Reporter No Yes Yes Yes
1 – Yes, but only using the REST interface. This role does not allow access to the APSolute
Vision GUI (that is, Web Based Management).

Feature-Accessibility per Role

The following table lists the predefined roles and which features are accessible.
Table 7: Feature-Accessibility per Role

DefensePro Configuration
DPM and Application

Security Monitoring
Alerts Table Pane
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
ADC + Yes Yes Yes Yes Yes, but only User No No Yes Yes No No Yes Yes No
Certificate Preferences and
Administrator Device Backups
ADC Yes Yes, except for Yes Yes Yes, but only User No No Yes Yes Yes No Yes Yes No
Administrator Certificate Repository, Preferences and
which is read-only Device Backups
ADC Operator Yes Yes, but read-only Yes No Yes, but only User No No No No Yes No Yes Yes No
Preferences and
Device Backups
Administrator Yes Yes Yes Yes Yes, all Yes Yes Yes Yes Yes Yes Yes Yes Yes
Certificate Yes Yes, but read-only, Yes, but read- No Yes, but only User No No No No No No No No No
Administrator except for read-write only Preferences and
access to Certificate Device Backups
Repository and the Client
Authentication Policy
Device Yes Yes Yes Yes Yes, but only User Yes Yes Yes Yes Yes Yes Yes Yes No
Administrator Preferences and
Device Backups

Table 7: Feature-Accessibility per Role (cont.)

DPM and Application

Security Monitoring
Alerts Table Pane
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
Device Yes Yes, but some items are Yes, but some No Yes, but only User Yes No No No No No Yes Yes No
Configurator read-only items are read- Preferences and
only (for Device Backups
example, real-
server status)
Device Yes Yes, but read-only Yes No Yes, but only User Yes No No No Yes No Yes Yes No
Operator Preferences and
Device Backups
Device Viewer No Yes, but read-only Yes, but read- Yes Yes, but only User No No No No No Yes No Yes No
only Preferences and
Device Backups
Real Server Yes No Yes, but limited No Yes, but only User No No No No No No No No No
Operator to Real Servers Preferences
and Server
Groups nodes
Security Yes Yes Yes Yes Yes, but only User Yes Yes No No Yes Yes No No No
Administrator Preferences and
Device Backups
Security No No No Yes Yes, but only User No No No No Yes Yes No No No
Monitor Preferences
System User Yes, but REST interface only1
User No No No No Yes, but only User No No No No No No No No No
Administrator Preferences and User
Management settings

Table 7: Feature-Accessibility per Role (cont.)

DPM and Application

Security Monitoring
Alerts Table Pane
Security Control
SLA Dashboard
Configuration
Settings View
Perspective
Perspective
Perspective
AppShapes
Monitoring
Templates
Scheduler
vDirect
Center
APM
Role
AVR
Vision Yes Yes Yes Yes All, but excluding Yes Yes Yes Yes Yes Yes Yes Yes
Administrator User Management
settings and
authentication
protocols2
Vision No No No No Yes, but only User No No No No Yes Yes Yes Yes No
Reporter Preferences
1 – Users with the System User role can perform all actions and access all functionality but can access APSolute Vision only using the
REST interface. The System User role does not allow access to the APSolute Vision GUI (Web Based Management).
2 – That is, RADIUS Settings, TACACS+ Settings, and LDAP Settings.

Rules for RBAC Permission Conflicts with Logical Groups

APSolute Vision users can include multiple role-scope pairs, and a device can be a member of
multiple Logical Groups. These factors make permission conflicts possible.
APSolute Vision handles conflicting permissions as follows:
• The role with an individual device overrides the user’s role with a Logical Group—That
is, if the configuration of user includes one role with a Logical-Group scope, and another role
with a individual-device scope, and that individual device is a member of the same Logical
Group, the role with the individual-device scope takes precedence.
• The role with a Site overrides the user’s role with a Logical Group—That is, if the
configuration of user includes one role with a Logical-Group scope, and another role with a Site
scope, and that Site contains a device that is a member of the same Logical Group, the role with
the Site scope takes precedence.
• The role with the highest level takes precedence when a device is a member of
multiple Logical Groups used in a user configuration—That is, if the configuration of a user
includes one role with one Logical-Group scope, and another role with another Logical-Group
scope, and the Logical Groups include a common member, the role with highest level of access
takes precedence. For the list of access levels, see Table 8 - Access Levels for Determining a
User’s RBAC Role for a Device, when the Device Is a Common Member of Multiple Logical
Groups, page 96.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, and a Logical
Group named MyLG. Device-1 is a member of MyLG. The configuration of User-A contains two role-
scope pairs. One role-scope pair is Configurator–Device-1. The other role-scope pair is Operator–
MyLG. APSolute Vision grants User-A the role of Configurator on Device-1.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, a Site named
MySite, and a Logical Group named MyLG. Device-1 is a member of MySite and MyLG. The
configuration of User-A contains two role-scope pairs. One role-scope pair is Configurator–MySite.
The other role-scope pair is Operator–MyLG. APSolute Vision grants User-A the role of Configurator
on Device-1.
Example
An APSolute Vision server includes a user named User-A, a device named Device-1, a Logical Group
named MyLG-X and a Logical Group named MyLG-Y. Device-1 is a member of MyLG-X and MyLG-Y.
The configuration of User-A contains two role-scope pairs. One role-scope pair is
ADC-Administrator–MyLG-X. The other role-scope pair is Device-Viewer–MyLG-Y. APSolute Vision
grants User-A the role of ADC Administrator on Device-1.

The following table lists the access levels that APSolute Vision uses to determine a user’s RBAC role
for a device, when the device is a common member of multiple Logical Groups. The role with the
highest level takes precedence.
Table 8: Access Levels for Determining a User’s RBAC Role for a Device, when the Device Is a
Common Member of Multiple Logical Groups
Level Role
1 Administrator
2 Vision Administrator
3 System User
4 User Administrator
5 Device Administrator
6 Security Administrator
7 ADC + Certificate Administrator
8 ADC Administrator
9 Certificate Administrator
10 Device Configurator
11 Device Operator
12 ADC Operator
13 Real Server Operator
14 Device Viewer
15 Security Monitor
16 Vision Reporter
Configuring General User-Management Settings

The Administrator or User Administrator user can specify the user-authentication method for all
APSolute Vision interfaces.
To configure general user-management settings

1. In the APSolute Vision Settings view System perspective, select User Management > User
Management Settings.
2. Configure the parameters, and click Submit.

Table 9: User Management Settings
Authentication Mode The user-authentication method that APSolute Vision uses.
The Administrator or User Administrator user can specify the
user-authentication method for all APSolute Vision interfaces.
The setting is retained after reboot of the APSolute Vision
server, and it is included in the APSolute Vision configuration
backup and restore operations.
Values:
• LDAP—An LDAP server stores the credentials of and
authenticates the APSolute Vision users (see Configuring
LDAP Server Connections, page 149). If the primary LDAP
server and, if defined, secondary LDAP server is down, user
authentication fails over to the Local Users table (see
Configuring Local Users for APSolute Vision, page 99).
• Local—The Local Users table stores the credentials of and
authenticates the APSolute Vision users (see Configuring
Local Users for APSolute Vision, page 99).
• RADIUS—A RADIUS server stores the credentials of and
authenticates the APSolute Vision users (see Managing
RADIUS Server Connections, page 137). If the primary
RADIUS server and, if defined, secondary RADIUS server is
down, user authentication fails over to the Local Users
table (see Configuring Local Users for APSolute Vision,
page 99).
• TACACS+—A TACACS+ server stores the credentials of and
authenticates the APSolute Vision users (see Managing
TACACS+ Server Connections, page 142). If the primary
TACACS+ server and, if defined, secondary TACACS+
server is down, user authentication fails over to the Local
Users table (see Configuring Local Users for APSolute
Vision, page 99).
Default: Local
Maximum Password Challenges The number of consecutive unsuccessful password entries
before a user is locked out.
Values: 3–10
Default: 3

Table 9: User Management Settings (cont.)
Default Password for Other Users The default password that new users enter on initial login or
after password reset—except for the following users: radware,
defenseflow, msspportal, and reporter.
Notes:
• You can configure the initial password for an individual
user. For more information, see Table 14 - User: Password
Parameters, page 104.
• The radware user can change the password at any time or
on expiration.
• The defenseflow user has a special password. For
DefenseFlow version 2.5 and later, the password for both
APSolute Vision and DefenseFlow must match.
• The reporter user (which APSolute Vision Analytics uses)
has a special password.
• The password for other users cannot be the same as the
name of the user.
Confirm Default Password for The value for confirmation of Default Password for Other
Other Users Users.
Password Validity Period The number of days from password creation until that
password expires. When you change this value, the new value
is applied to any subsequently created passwords; current
passwords are not affected by the change.
Values: 1–3670
Default: 30
User Statistics Storage Period The number of days the user statistics information is stored
before being deleted.
Values: 1–3670
Default: 30
Inactivity Timeout Period for CLI The time, in days—following the initial login, that APSolute
Access of Non-Local Users Vision allows CLI access to users who are defined in an external
authentication server (RADIUS, TACACS+, or LDAP). Any
subsequent login to APSolute Vision (either CLI or WBM) resets
the timer. A user who has timed out can reactivate CLI access
by logging in to APSolute Vision WBM.
Values: 30–3650
Default: 365
Note: To activate CLI access, all users defined in an external
authentication server must log in to APSolute Vision WBM at
least once.
Last Passwords Saved The number of passwords that APSolute Vision saves for a user
to prevent the user from reusing a recently expired password.
Values: 2–100
Default: 3

Table 9: User Management Settings (cont.)
User Must Change Password at Specifies whether all users must change their password when
First Login logging in for the first time to the APSolute Vision server.
Default: Disabled
Note: The value for this parameter applies to when the user
is created, and does not change. For example, if the value
for this parameter is enabled when the user is created, and
then the value changes to disabled—but the user has not yet
logged in, the user will be required to change his/her
password when he/she first logs in.
Configuring Local Users for APSolute Vision

The Local Users table contain individual local APSolute Vision user configurations.
A user with the Administrator or User Administrator role can set and change the following individual
local APSolute Vision user configurations:
• Add, edit, and delete users
• Revoke and enable users
• Release user lockout and reset user passwords
Besides the Local Users table, APSolute Vision users can be authenticated through an authentication
server (see Managing Connections to Authentication Servers, page 137). When the authentication
server is down, user authentication fails over to the Local Users table.
Tip: If an authentication server is specified to authenticate the APSolute Vision users, Radware
recommends that administrator users be defined also in the Local Users table. Having users defined
also in the Local Users table is for fall-back access to APSolute Vision in case the authentication
server is not available.
Note: The APSolute Vision installation includes the radware, defenseflow, msspportal, and reporter
users. You cannot delete them or modify their role and/or scope assignment.
Caution: Users with the name admin (case-insensitive) cannot be created in the APSolute Vision
Local Users table. If a user with the name admin (case-insensitive) is defined in an external, RADIUS
or TACACS+ authentication server, or was created in the Local Users table prior to APSolute Vision
version 3.30, the user can log in to APSolute Vision, but that user will not be able to log in to the
AVR.
For information about setting global user configurations, see Configuring General User-Management
Settings, page 96.

Use the Local Users tab for the following operations:

• Adding and Editing Users, page 101
• Deleting Users, page 105
• Releasing User Lockout, page 105
• Resetting User Passwords to the Default, page 105
• Revoking and Enabling Users, page 106
To open the Local Users tab

> In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
The Local Users tab displays information for all currently defined users. Additional information for
users is available when editing specific rows in the Local Users table.
Table 10: Local User Table Parameters
User Name The username used for login.
User Full Name The user’s full name.
Language The default display language for the user.
Notes:
• The Default Display Language parameter (see Configuring
APSolute Vision Display Parameters, page 163) determines the
default value.
• A user can change his/her own display language, by opening
the User drop-down dialog box (from the APSolute Vision
toolbar, in the User ribbon at the at the far right) and selecting
the language from the drop-down list of languages.
Scope The scopes of devices, which are organized according to the Sites
and Devices tree and Physical Containers tree in the device pane.
A scope can be one of the following:
• An individual device.
• A Site, with all of its devices.
• A Logical Group—The user’s scope dynamically updates,
according to the devices in the Logical Group. That is, when the
device-set of a Logical Group changes, the user’s scope
changes accordingly. For more information, see Rules for RBAC
Permission Conflicts with Logical Groups, page 95 and Using
Logical Groups of Devices, page 199.
• [All]—The All scope contains all devices and the APSolute
Vision server.
The displayed scopes for each user represent the devices that the
user can access. Each scope in the list is associated with a
corresponding role that defines the permissions for the user on
those devices.
Users defined through an authentication server with the
Administrator, User Administrator, or Vision Administrator role
must be configured with the scope [ALL] (including the square
brackets).

Table 10: Local User Table Parameters (cont.)
Role The roles with which the user is associated. Each role defines a set
of actions the user can perform through APSolute Vision. Each role
in the list applies to its corresponding scope of devices.
Contact Info The user’s contact information—organization, address, and phone
number.
Password Expiration Date The date on which the current password expires.
Active User Specifies whether the user is currently enabled.
Values:
• Yes—The user is currently enabled.
• No—The user is currently suspended and cannot log in.
Currently Locked Out Specifies whether the user is currently locked out.
Created On The date on which the user was created.
Last Password Change The date on which the user password was last changed.
Last Lockout The date on which the user was last locked out.
Adding and Editing Users

When you add a user, you associate the user with one or more role-and-scope pairs to define the
user’s privileges and the managed devices to which the privileges apply. Scopes represent the
devices for which the user has credentials. The corresponding role for each scope in the list defines
the permissions for the user on those devices.
When you modify the role and/or scope assignment for a user who is logged into APSolute Vision,
the user must log out and log in again for the changes to take effect.
Note: You cannot modify the role and/or scope assignment of the radware, defenseflow,
msspportal, and reporter users.
By default, a new user is not associated with any scope or role.
You can only add a scope once for each user. You cannot add a scope that contains devices that are
already in a scope associated with the user.
For DefensePro devices, after you configure the role-scope pair, you can configure the security-
monitoring access for the user. Security-monitoring access defines what security data the user sees
in the Security Monitoring perspective and APSolute Vision Reporter according to specified
DefensePro Protection policies.
Caution: Do not configure more than 300 explicit device-policy pairs for DefensePro security-
monitoring access—for any user. If there are more than 300 explicit device-policy pairs for a user,
the Security Monitoring Dashboard View might not function properly for the user.
Note: The terms Protection Policy, Network Protection Policy, and network policy may be used
interchangeably in APSolute Vision and in the documentation.

To add or edit a user

1. In the APSolute Vision Settings view System perspective, select User Management > Local
Users.
2. Do one of the following:
— To add a user, click the (Add) button in the tab toolbar.

— To edit a user, double-click the username.
3. In the Permissions tab User Roles and Scopes table, do one of the following:
— To add a new role-scope pair, click the (Add) button in the tab toolbar.
— To edit a role-scope pair, click (Edit) in the tab toolbar.

— From the Role drop-down list, select the role for the selected scope.
— From the Scope drop-down list, select the scope containing the devices that the user can
access.
Note: For information, see Role and Scope in Table 10 - Local User Table Parameters,
page 100, and Role-Based Access Control (RBAC), page 85.
5. Click Submit.
6. Configure the rest of the user parameters, and click Submit.
Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is
populated with the values from the selected row, except for the indexes.
Note: At the initial login, a new user enters the password and is then prompted to create a new
password. Users can always change their own passwords at login. For more information, see
Changing Passwords for Local Users, page 77. The initial password can be a default password (see
Table 9 - User Management Settings, page 97) or a personal password configured for the specific
user (see Table 14 - User: Password Parameters, page 104).

Table 11: User: General Parameters
User Name The username used for login. This field is mandatory.
The name should start with a letter or an underscore.
After the first character, the remaining characters can be letters,
numbers, underscores, hyphens, or periods (dots).
Maximum characters: 32
Notes:
• APSolute Vision usernames are not case-sensitive when logging
in to APSolute Vision WBM.
• APSolute Vision usernames are case-sensitive when logging in to
the APSolute Vision CLI.
• APSolute Vision user passwords are case-sensitive.
• The user password cannot be the same as the user name.
User Full Name The user’s full name. This field is optional.
Language The default display language for the user.
Notes:
• The Default Display Language parameter (see Configuring
APSolute Vision Display Parameters, page 163) determines the
default value.
• The user can change his/her own display language. To do this,
the user clicks the user name at the right of the APSolute Vision
toolbar and selects the required language in the drop-down
dialog box.
Table 12: User: Permissions Parameters
User Roles and Scopes The specified role for the user on the specified device or devices for
which the user has credentials.
Note: For information, see Role and Scope in Table 10 - Local
User Table Parameters, page 100, and Role-Based Access Control
(RBAC), page 85.
Authorized Network Policies The DefensePro Protection policies that the user is authorized to
for Security Monitoring monitor in the Security Monitoring perspective.
Note: For more information, see the procedure below, To
configure the DefensePro Protection policies whose security data
the user can access in the Security Monitoring perspective and
APSolute Vision Reporter, page 104.
Table 13: User: Contact Info Parameters
These fields are optional.
Organization The user’s organization.
Address The user’s address.
Phone Number The user’s phone number.

Table 14: User: Password Parameters
These fields are optional.
If you specify no password, APSolute Vision uses the default password for new users.
Note: For more information, see Default Password for Other Users in Table 9 - User
Management Settings, page 97.
Password The initial password for the new user.
Note: The user password cannot be the same as the user name.
Confirm Password The value for confirmation of Password, when you specify the initial
password for the new user.
To configure the DefensePro Protection policies whose security data the user can access
in the Security Monitoring perspective and APSolute Vision Reporter
Users.
2. In the Permissions tab, under the title Authorized Network Policies for Security
Monitoring, configure the Selected table with the Protection policies whose security data the
user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Notes
• By default, users have access to all policies of all devices in their scope.
• When you create a user, the Selected table displays [ALL] in the Device column and [ALL] in
the Policy Name column. This signifies that the user can access all policies for each permitted
device. A user must be authorized for all network policies of a device ([ALL]) or for selected
network policies of a device. When you move a policy from the Available table to the Selected
table, [ALL] values move automatically from the Selected table to the Available table.
• A change to Authorized Network Policies for Security Monitoring takes effect the next
time the user logs in, and does not affect current ongoing sessions.

Deleting Users
Deleting a user removes the user from the Local Users table.
Notes
• The radware, defenseflow, msspportal, and reporter users cannot be deleted.
• You can suspend a user without removing the user from the table. For more information, see
Revoking and Enabling Users, page 106.
To delete a user
Users.
2. In the Local Users table, select the username, and click the (Delete) button in the tab toolbar.
3. Click Yes in the confirmation box.
Releasing User Lockout

When a user performs more than the permitted number of unsuccessful logins (User
Management > User Management Settings > Maximum Password Challenges), the user is
locked out and cannot log in again until the user administrator releases the lock and resets the
password.
To release a user lockout

Users.
2. In the Local Users table, select the usernames that you want to unlock, and click (Unlock
Selected Users).
3. Reset the user password to the default, see Resetting User Passwords to the Default, page 105.
Resetting User Passwords to the Default

Following a user lockout, a user administrator can reset a local user’s password to the default user
password. When the user next logs into APSolute Vision, that user will be prompted to change the
default password according to APSolute Vision Password Requirements, page 108.
Notes
• You cannot reset the password of the radware user. If the radware user is locked out for any
reason, contact Radware Technical Support.
• You cannot reset the password of the reporter user.

To reset a user’s password to the default

Users.
2. In the Local Users table, select the usernames whose password you want to reset, and click
(Reset Selected User Password).
Revoking and Enabling Users

Revoking a user suspends the user, but does not delete the user from the Users table.
Caution: If you revoke the defenseflow user, DefenseFlow version 2.5 and later cannot
communicate with APSolute Vision.
Note: For information on how to delete a user from the Users table, see Deleting Users, page 105.
To revoke a user
Users.
2. In the Local Users table, select the usernames, and click (Revoke Selected Users). The value
in the Active User column of the user in the Local Users table changes from Yes to No.
To enable a revoked user

Users.
2. In the Users table, select the usernames, and click (Enable Selected Users). The value in the
Active User column of the user in the Local Users table changes from No to Yes.
Viewing the Predefined Roles

APSolute Vision provides predefined roles, which you cannot delete or modify.
Note: For the list of predefined roles, see Table 5 - Predefined Roles, page 88.
To view the table of predefined roles

> In the APSolute Vision Settings view System perspective, select User Management > Roles.

Managing LDAP Object Class Permissions

Use the LDAP Object Class Permissions tab to manage APSolute Vision permissions for LDAP object
classes.
To add or edit an LDAP Object Class Permission

1. In the APSolute Vision Settings view System perspective, select User Management > LDAP
Object Class Permission.
— To add a permission, click the (Add) button in the tab toolbar.

— To edit a permission, double-click the entry.
3. Configure the following parameters:
— Object Class Name—The name of the object class in the LDAP server that includes the
Attribute and Value for the permission. In most cases, the name of the object class is user.
Example: user
— Attribute—The Attribute field to match for the permission in the LDAP server.
Example: memberof
— Value—The value of the Attribute.
Example: CN=financeTeam,OU=finance,DC=company,DC=com
4. In the Permissions section, do one of the following:
— To add a new role-scope pair, click the (Add) button in the tab toolbar.
— To edit a role-scope pair, click (Edit) in the tab toolbar.

— From the Role drop-down list, select the role for the selected scope.
— From the Scope drop-down list, select the scope containing the devices that the user can
access.
Note: For information on roles, see Role-Based Access Control (RBAC), page 85.
6. Click Submit.
7. Repeat step 4 through step 6 to configure all the role-scope pairs for the permission.
8. (Optional) If you are using DefensePro, under the title Authorized Network Policies for
Security Monitoring, configure the Selected table with the Protection policies whose security
data the user can access in the Security Monitoring perspective and APSolute Vision Reporter.
Note: A change to Authorized Network Policies for Security Monitoring takes effect the
next time the user logs in, and does not affect current ongoing sessions.
9. Click Submit.
Tip: Select a row and click the (Duplicate...) button to open a new “add row” tab, which is
populated with the values from the selected row, except for the indexes.

Example
Using the examples in step 3 in the procedure above, if some user who is a member of the
financeTeam group successfully logs in to the LDAP server, that user is assigned the role-scope pair
as described in step 4 and step 5.
Viewing User Statistics

Use the User Statistics tab to view user statistics.
The User Statistics tab includes the following tables:
• Currently Connected Users—The users who are currently connected to APSolute Vision
through the local user table or an authentication server.
The table contains the following columns:
— Name
— Login Date and Time—The date and time of last login. The date/time format is configurable
according to your preferences (APSolute Vision Settings view Settings perspective, General
Settings > Display).
• User Statistics—A table, which you can filter, and which contains the following columns:
— User Name
— Date
— Successful Logins
— Failed Authentication Attempts
— Password Changes
— Lock-Outs
To display user statistics

> In the APSolute Vision Settings view System perspective, select User Management > User
Statistics.
APSolute Vision Password Requirements

All personal and default passwords required by the Administrator user and other local users must
conform to the following rules:
• The password cannot be the same as the user name.
• A password must be at least eight (8) characters in length.
• A password must include characters from at least two (2) of the following character types: text
character, number, special character—except for characters that may have command functions.
The backslash (\) is permitted.
• A password must not be the same as the username with which it is associated.
• A new password must not contain a sequence of three (3) or more characters from the previous
password.

For information about changing individual and default passwords, see the following:
• Changing Passwords for Local Users, page 77
• Configuring General User-Management Settings, page 96


CHAPTER 4 – MANAGING AND
MONITORING THE APSOLUTE VISION
SYSTEM
APSolute Vision monitors and controls the APSolute Vision server and platform, and the associated
database.
This chapter contains the following main sections:
• Monitoring APSolute Vision—Overview, page 112
• Managing APSolute Vision Basic Information and Properties, page 112
• Configuring Connectivity Parameters for Server Connections, page 117
• Configuring Settings for the Alerts Table Pane, page 121
• Managing APSolute Vision Analytics Settings, page 133
• Configuring Monitoring Settings, page 135
• Configuring APSolute Vision Server Alarm Thresholds, page 136
• Managing Connections to Authentication Servers, page 137
• Managing Device Drivers, page 150
• Configuring APSolute Vision Reporter Parameters, page 153
• Managing APSolute Vision Licenses and Viewing Capacity Utilization, page 154
• Managing APM in APSolute Vision, page 158
• Configuring the Radware Cloud DDoS Protection Setting, page 161
• Configuring APSolute Vision Server Advanced Parameters, page 162
• Configuring APSolute Vision Display Parameters, page 163
• Managing APSolute Vision Maintenance Files, page 165
• Managing Operator Toolbox Settings, page 166
• Managing Stored Device Configuration/Backup Files, page 166
• Viewing Device Subscriptions, page 168
• Controlling APSolute Vision Operations, page 170
Notes
• The labels of mandatory APSolute Vision parameters are bold.
• When the value of a parameter has changed, before the value is submitted, the label is in italics.
• In the English language display, when a value of a parameter has changed, before the value is
submitted, the tab label is in italics and has an asterisk (*).
• In the Chinese language display, when a value of a parameter has changed, before the value is
submitted, the tab label has a dashed underline.

Managing and Monitoring the APSolute Vision System
Monitoring APSolute Vision—Overview

APSolute Vision monitors the APSolute Vision server and platform, and the associated database. The
system monitors performance and operational status, and stores the processed monitoring
information in the APSolute Vision database. When a problem is identified, an alert is issued, and
displayed in the Alerts Table pane.
Managing APSolute Vision Basic Information and

Properties
• Displaying Basic Information About the APSolute Vision Server, page 112
• Managing APSolute Vision Server Software, page 114
• Displaying APSolute Vision Server Hardware Information, page 116
• Managing and Updating the Attack Descriptions File for DefensePro, page 116
Displaying Basic Information About the APSolute Vision Server

You can view the basic information about the APSolute Vision server. You can also verify that the
date and time on the APSolute Vision server is synchronized with the date and time on the client PC.
To display the basic information about the APSolute Vision server

> In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
Table 15: Basic Parameters: General Parameters—When Running as a VA or on an OnDemand

Switch VL (ODS-VL) Platform
Management IP Address The IP address of the of the APSolute Vision server used for
management.
Hostname The name of the APSolute Vision host. The hostname is defined in
Note: For more information, see System Hostname
Commands, page 700.
Hardware Platform The type of hardware platform of the APSolute Vision server.
Vision Server Uptime The up time of the APSolute Vision server, in days, hours,
minutes, and seconds.

Table 15: Basic Parameters: General Parameters—When Running as a VA or on an OnDemand

Switch VL (ODS-VL) Platform (cont.)
APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision
server.
Note: APSolute Vision requires that the date and time settings
of the server be configured correctly, relative to the real time—
taking into consideration their defined timezones. Upon
logging into APSolute Vision from your browser, an alert is
generated if a discrepancy of more than 5 minutes is found
between the date and time settings of the server and local
host.
MAC Address of Port G1 The MAC address of the APSolute Vision server G1 port.
Note: If the port is not supported, the field displays the value
Unsupported.
Note: If the port is not supported, the field displays the value
Unsupported.
Table 16: Basic Parameters: General Parameters—When Running on an OnDemand Switch VL2
(ODS-VL2) Platform
Management IP Address The IP address of the of the APSolute Vision server used for
management.
Hostname The name of the APSolute Vision host. The hostname is defined in
Note: For more information, see System Hostname
Commands, page 700.
Hardware Platform The type of hardware platform of the APSolute Vision server:
ODS-VL2 for OnDemand Switch VL2.
Vision Server Uptime The up time of the APSolute Vision server, in days, hours,
minutes, and seconds.
APSolute Vision Server Time The current date, time, and timezone in the APSolute Vision
server.
Note: APSolute Vision requires that the date and time settings
of the server be configured correctly, relative to the real time—
taking into consideration their defined timezones. Upon
logging into APSolute Vision from your browser, an alert is
generated if a discrepancy of more than 5 minutes is found
between the date and time settings of the server and local
host.
MAC Address of Port G4 This port is not supported, and the field displays the value
Unsupported.

Table 16: Basic Parameters: General Parameters—When Running on an OnDemand Switch VL2
(ODS-VL2) Platform (cont.)
To verify the date and time settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters.
2. Click Verify Time Settings.
Managing APSolute Vision Server Software

You can view information about the APSolute Vision server software. You can also update the
software, and you can download a log of the upgrades to the server.
Caution: Network latency may affect upgrading APSolute Vision server software using WBM. For
optimal results, Radware recommends upgrading using the CLI. For details, see System Upgrade
Commands, page 717.
To display APSolute Vision server software information

Parameters.
2. Select the Software tab.
Table 17: APSolute Vision Server Software Parameters
Software Version The version of the APSolute Vision server and the following associated
modules:
• APSolute Vision Reporter (AVR)
• Device Performance Monitor (DPM)
• Application Performance Monitor (APM)—The Software Version
box displays the APM row only when APM is installed.
• vDirect
Build The date and build number of the current software version.
Last Upgrade The date and time of the last upgrade.
Upgrade Status The upgrade status.
Values:
• Fresh install
• In progress
• OK
• Failed

To update the APSolute Vision server software

Parameters.
3. Click Update.
4. Click Browse, navigate to the upgrade file, and click Open.
5. If you are upgrading to a major version, do one of the following:
— Select the Generate Password Automatically checkbox to have APSolute Vision generate
the password automatically—after verifying that the device has a valid support agreement.
Default: Enabled.
Caution: The functionality of the Generate Password Automatically button requires

connectivity to radware.com or the proxy server that is configured in the APSolute Vision
settings (APSolute Vision Settings view System perspective, General Settings >
Connectivity > Proxy Server Parameters).
— In the Password text box, enter the password.
Notes
— A password is required for upgrade to all major versions. Upgrade without a password is
allowed when upgrading to minor versions.
— When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL
(ODS-VL) platform, the password is based on the size of the upgrade file and the MAC
address of the APSolute Vision G1 or G2 port, which the Basic Parameters pane displays.
— When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the
password is based on the size of the upgrade file and the MAC address of the APSolute
Vision G3 or G5 port, which the Basic Parameters pane displays.
— Migrating APSolute Vision on the OnDemand Switch VL (ODS-VL) platform to the OnDemand
Switch VL2 (ODS-VL2) platform uses a special procedure, which requires the Administrator
or the Vision Administrator role and root access to the ODS-VL2 operating system. For
information about the migration procedure, see Migrating APSolute Vision from the
OnDemand Switch VL Platform to the OnDemand Switch VL2 Platform, page 722.
— You can request the password from Radware Technical Support. The password is also
available using the password generator at radware.com.
6. Click Upload.
To download the upgrade log of the APSolute Vision server

Parameters.
3. Click Download Upgrade Log. You can open the file with a selected application, or you can
save the file to a specified location.

Displaying APSolute Vision Server Hardware Information

You can view information about the APSolute Vision server hardware.
To display APSolute Vision server hardware information

Parameters.
2. Select the Hardware tab.
Table 18: APSolute Vision Server Hardware Parameters
RAM Size The amount of RAM, in gigabytes.
Managing and Updating the Attack Descriptions File for DefensePro

You can view the time of the latest update of the Attack Description file on the APSolute Vision
server, and you can update the file.
The Attack Description file contains descriptions of all the different attacks that DefensePro can
handle. You can view a specific description by entering the attack name. When you first configure
APSolute Vision, you should download the latest Attack Description file to the APSolute Vision server.
The file is used for real-time and historical reports to show attack descriptions for attacks coming
from DefensePro devices.
The file versions on APSolute Vision and on the DefensePro devices should be identical. Radware
recommends synchronizing regular updates of the file at regular intervals on APSolute Vision and on
the individual devices.
Note: Radware recommends updating the Attack Description file each time you update the
Signature files on DefensePro devices.
When you update the Attack Description file, APSolute Vision downloads the file directly from
Radware.com or from the enabled proxy file server.
To view the date and time of the last update of the Attack Description file
Parameters.
2. Select the Attack Descriptions File tab. The Attack Descriptions Last Update text box displays
the time of the latest update of the Attack Description file on the APSolute Vision server.

To update the Attack Description file

Parameters.
— To update the Attack Description file from Radware.com, select the Radware.com radio
button.
— To update the files from the APSolute Vision client host:
a. Select the Client radio button.
b. In the File Name text box, enter the file path of the Attack Description file or click
Browse to navigate to and select the file.
3. Click Update. The Alerts pane displays a success or failure notification and whether the
operation was performed using a proxy server.
Configuring Connectivity Parameters for Server

Connections
These settings define how the APSolute Vision server communicates with the APSolute Vision clients,
external servers, and Radware devices.
To configure the connections to and from the APSolute Vision server

1. In the APSolute Vision Settings view System perspective, select General Settings >
Connectivity.
Table 19: Connectivity: SNMP Parameters Toward Devices Parameters
Timeout The time, in seconds, that APSolute Vision waits for a reply before
retrying to connect to other Radware devices. If the device does not
respond after the configured number of retries, APSolute Vision
notifies the user that the connection failed.
Values: 1–180
Default: 3
Caution: For DefensePro 7.x versions and in networks with high
latency, Radware recommends increasing the SNMP Timeout to
180 seconds (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Timeout).
Retries The number of connection retries to another Radware device, when
the device does not respond.
Values: 1–100
Default: 3

Table 19: Connectivity: SNMP Parameters Toward Devices Parameters (cont.)
Port The port used to communicate with Radware devices.
Values: 1–65,535
Default: 161
Table 20: APSolute Vision Connectivity HTTP/S Parameters Toward Devices
Default HTTP Port The default HTTP port that APSolute Vision uses to communicate
with Radware devices. This value is displayed in the HTTP Port text
box in the Device Properties dialog box.
Values: 1–65,535
Default: 80
Default HTTPS Port The default HTTPS port that APSolute Vision uses to communicate
with Radware devices. This value is displayed in the HTTPS Port text
box in the Device Properties dialog box.
Values: 1–65,535
Default: 443
Connection Timeout The time, in seconds, that the HTTP client waits for a response from
the remote host—during the handshake for device configuration—
before disconnecting the socket and returning an exception.
Values: 1–60
Default: 20
Socket Timeout The time, in seconds, that the HTTP client waits for a response from
the remote host—during the data transfer for device configuration—
before disconnecting the socket and returning an exception.
Values: 1–60
Default: 20
Long Operation Connection The time, in seconds, that the HTTP client waits for a response from
Timeout the remote host—during the handshake for certain long file
operations—before disconnecting the socket and returning an
exception.1
Values: 1–1200
Default: 180
Long Operation Socket The time, in seconds, that the HTTP client waits for a response from
Timeout the remote host—during the data transfer for certain long file
operations—before disconnecting the socket and returning an
exception.
Values: 1–1200
Default: 180

1 – This parameter applies to the following operations:

• Import/export configuration file operations.
• Export of the quarantined-addresses file (for DefensePro).
• DefensePro-template import/export operations.
• Import/export of Radware-devices log files.
• Import/export of certificate files.
• Import/export of DNSSEC files.
• Import/export AppShape script files (for Alteon or LinkProof NG).
• fraud signature update (for DefensePro).
• Attack signatures updates (for DefensePro).
• Download of the Attack Description file (for DefensePro).
Table 21: APSolute Vision Connectivity Event Notification Parameters
Vision Management Port Specifies the management port on the APSolute Vision server to
which the managed Radware devices send events. Any change of
this parameter takes effect only when you click Register This
APSolute Vision Server for Device Events button. Clicking
Submit in this pane has no effect on this parameter.
Caution: This parameter overwrites the Register APSolute
Vision Server IP parameter.
Remove All Other Targets of Specifies whether—when you click Register This APSolute Vision
Device Events Server for Device Events—the APSolute Vision server removes
(from all the managed devices) all recipients of device events except
for its own address.
Default: Disabled
Note: For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188
and APSolute Vision Server Registered for Device Events—
DefensePro, page 188.
Register This APSolute Vision Registers the APSolute Vision server as a target of the device events
Server for Device Events (for example, traps, alerts, IRP messages, and packet-reporting
(button) data) on all the managed devices.
In Alteon or LinkProof NG, when you click the button and run the
Apply command, APSolute Vision configures itself as a target of the
device events and ensures that the device also sends traps for
authentication-failure events. Alteon or LinkProof NG, by default,
does not send traps for authentication-failure events.
When multiple APSolute Vision servers manage the same
DefensePro device, the device sends the following:
• Traps to all the APSolute Vision servers that manage it. The
Target Address table and the Target Parameters table contain
entries for all APSolute Vision servers.
• Packet-reporting data only to the last APSolute Vision server
that registered on the device.
Note: For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188
and APSolute Vision Server Registered for Device Events—
DefensePro, page 188.

Table 22: Connectivity: Proxy Server Parameters
These connection settings are for the proxy server that the APSolute Vision server uses to
download files from Radware.com. The Alerts Table pane displays a success or failure notification
and whether the operation was performed using a proxy server.
Enable Proxy Server Specifies whether the APSolute Vision server uses a proxy server to
download files from Radware.com.
IP Address The IP address of the proxy server.
Port The port of the proxy server.
Use Authentication Specifies whether authentication is required for a successful
connection between the APSolute Vision server and the proxy server.
Username The username for the proxy server.
Password The password for the proxy-server user.
Verify Password The password for the proxy-server user.
Table 23: Connectivity: Inactivity Timeouts Parameters
These settings define when to close the user session if there is no activity on either side.
Note: APSolute Vision WBM polls the server at regular intervals. If the server does not receive a
poll from the WBM within 30 seconds, the server closes the user session.
Inactivity Timeout for The time, in minutes, of inactivity after which the server logs the
Configuration and Monitoring user out of the Configuration or Monitoring perspectives of a
Perspectives managed device, or the APSolute Vision Settings view System
perspective.
If the connection has not yet timed out, any activity in the Security
Monitoring perspective, APM, or DPM also resets the timer.
Values: 1–60
Default: 20
Inactivity Timeout for The time, in minutes, of inactivity in the Security Monitoring
Security Monitoring perspective, APM, or DPM, after which the server logs the user out
Perspective, APM, and DPM of the Security Monitoring perspective, APM, and DPM.
Values: 1–4320
Default: 1440

Configuring Settings for Alerts

Configuring settings for alerts comprises the following topics:
• Selecting Parameters to Include in Security Alerts, page 132
Configuring Settings for the Alerts Table Pane

APSolute Vision displays alerts for APSolute Vision and all the managed Radware devices. The Alerts
Table pane is available in all APSolute Vision perspectives. APSolute Vision saves all alert information
in its database. You can configure APSolute Vision to send alert reports to a syslog server, via e-mail
to defined recipients, and to SNMP targets. You can also configure default settings for the Alerts
Table pane per client.
For more information about the Alerts Table pane, see Managing Auditing and Alerts, page 329.
To configure Alerts Table pane settings

1. In the APSolute Vision Settings view System perspective, select General Settings > Alert
Settings > Alert Browser.
Table 24: Alert Browser: Auditing Settings Parameters
Enable Detailed Auditing of Specifies whether the messages that APSolute Vision issues
APSolute Vision Activity regarding APSolute Vision activity include additional information,
such as the new value for a parameter.
For example:
• When an administrator changes a value for a parameter (such as
Device Lock Timeout):
— When the option is disabled, the message gives the name of
the parameter and says that the value was changed.
— When the option is enabled, the message gives the name of
the parameter and the new value.
• When a user administrator changes the contact information of
another user:
— When the option is disabled, the message gives the name of
the user and says that the user’s properties were changed.
— When the option is enabled, the message gives the name of
the user, says that the user’s properties were changed, and
gives the new contact information.
Default: Disabled
Notes:
• When a message refers to a change that a user initiated, the
message includes the username (even when the option is
disabled).
• For a list of log messages corresponding to when this option is
disabled, see Appendix B - APSolute Vision Log Messages and
Alerts, page 739.

Table 24: Alert Browser: Auditing Settings Parameters (cont.)
Enable Detailed Auditing of Specifies whether the messages that APSolute Vision issues
Device Configuration regarding configuration changes made on managed devices—from
Changes APSolute Vision—include additional information.
When a user changes a value for a scalar parameter:
• When the option is disabled, the message gives the name of the
scalar and says that the value was changed.
• When the option is enabled, the message gives the name of the
scalar and the new value.
When a user adds or edits an entry to a table:
table and says that a row was added or edited.
table, the table parameters, and the value for each parameter.
When a user deletes an entry in a table:
table and says that a row was deleted.
table and the indexes of the deleted row.
Default: Disabled
Notes:
• When a message refers to a change that a user initiated, the
message includes the username (even when the option is
disabled).
• This parameter does not affect audit messages that the
managed device generates, which APSolute Vision displays in
the Alerts Table pane. This parameter only affects alerts that
APSolute Vision generates itself.
Table 25: Alert Browser: Syslog Reporting Parameters
These settings determine how APSolute Vision forwards the events in the Alerts table to the
configured syslog servers. For more information, see Configuring Syslog Servers for Alerts from
APSolute Vision, page 126.
Enable Syslog Reporting Specifies whether APSolute Vision sends reports and logs to the
configured syslog servers.
Default: Disabled
Enable Encryption Specifies whether APSolute Vision sends the syslog messages
encrypted over TLS.1
Default: Disabled

Table 25: Alert Browser: Syslog Reporting Parameters (cont.)
CA Certificate The filepath of the CA certificate.1
(This parameter is available To update the certificate
only when the Enable
1. Click the Update button next to this text field. A file browser
Encryption checkbox is
dialog box opens.
selected.)
2. Browse to the certificate file, and click Open. The field displays
Pending.
3. Click Submit. If successful, the field displays Installed.
Enable Authentication Specifies whether the certificate must be authenticated with a
(This parameter is available private key and a public key.1
only when the Enable Default: Disabled
selected.)
Authentication Type Values:1
(This parameter is available • Certificate Validation (certvalid)—APSolute Vision checks with
only when the Enable the syslog server that the certificate is valid.
• Name—APSolute Vision checks with the syslog server that the
selected.)
certificate is valid and includes the specified Permitted Peer in
the certificate subject.
Permitted Peer The string that the certificate subject must include for
(This parameter is available authentication.1
only when the
Authentication Type is
Name.)
Private Key The filepath of the private key.1
Authentication checkbox is
dialog box opens.
selected.)
Pending.
Public Key The filepath of the public key.1
dialog box opens.
selected.)
Pending.
The configured syslog servers.
For more information, see Configuring Syslog Servers for Alerts from APSolute Vision, page 126.
1 – This parameter applies to all the configured servers (see Configuring Syslog Servers for
Alerts from APSolute Vision, page 126).

Table 26: Alert Browser: Email Reporting Configuration Parameters
These settings determine how APSolute Vision forwards events via e-mail to the defined recipients.
Examples of such events include:
• Reports and logs from the Alerts Table pane. For more information, see Managing Auditing and
Alerts, page 329.
• Reports from APSolute Vision Analytics. For more information, see the APSolute Vision
• Email notifications after a specified number of missed configuration-synchronizations. The
configuration-synchronization mechanism uses only two parameters from this tab. For more
information, see System Configuration-Synchronization Commands, page 681.
Enable Specifies whether APSolute Vision sends, via e-mail, reports and logs
from the Alerts Table pane.
Default: Disabled
Note: This parameter relates to reports and logs from the Alerts Table
pane. This parameter does not affect the APSolute Vision Analytics
settings or the APSolute Vision configuration-synchronization
mechanism.
SMTP Server Address The name or IP address of the SMTP e-mail server.
This value of this parameter is shared with the SMTP Server Address
parameter under General Settings > APSolute Vision Analytics
Settings > Email Reporting Configuration.
Caution: If you change this value and click Submit, the SMTP
Server Address under General Settings > APSolute Vision
Analytics Settings > Email Reporting Configuration changes
accordingly.
SMTP User Name The account name used to send e-mail notifications—for example,
Vision@MyCompany.com.
Note: This value of this parameter is not shared with the SMTP User
Name parameter under General Settings > APSolute Vision
Analytics Settings > Email Reporting Configuration.
Subject Header The text that appears in the Subject header of the e-mail.
Default: Alert Notification Message.
From Header The text that appears in the From header of the e-mail.
Default: APSolute Vision
Recipient Email Address The e-mail addresses of the intended recipients. When there are multiple
e-mail addresses, use comma (,), or semi-colon (;) separators.
Email Sending Interval The interval, in seconds, between successive e-mail messages.
Values: 30–3600
Default: 30
Alerts per Email The maximum number of alerts to include in an e-mail message. When
there are more than the maximum number of alerts, multiple e-mail
messages are sent.
Values: 1–60
Default: 30

Table 26: Alert Browser: Email Reporting Configuration Parameters (cont.)
Devices
Click to select a subset of managed devices for which to send alerts. If no devices are specified,
APSolute Vision forwards alerts from all the devices to the defined recipients.
Move the required devices from the Available list to the Selected list.
Severity
Critical Select the alert severities for which to send e-mail messages.
Major
Minor
Warning
Information
Module
Device Security Select the modules/mechanisms about which to send e-mail messages.
Device General
Vision General
Vision Configuration
Vision Control
Security Reporting
Trouble Ticket
Operator Toolbox
Vision Analytics Alerts
Device Health Errors
Device Throughput
License Errors
Device Throughput
License Exceeded Errors
Table 27: Alert Browser: SNMP Reporting Configuration
The SNMP Reporting Configuration comprises the following:
• A name
• An Alert Profile (see Configuring SNMP Alert Rules, page 128)
• An Alert Target (see Configuring SNMP Alert Targets, page 129)—that is, an SNMP listener
• Specifying whether the rule is enabled
Table 28: Alert Browser: Alert Profiles
These settings determine which events in the in the Alerts table APSolute Vision forwards to the
configured SNMP listeners (targets). For more information, see Managing Alert Profiles, page 130.

Table 29: Alert Browser: Display Parameter
Refresh Interval The interval, in seconds, that APSolute Vision refreshes the Alerts
table with the latest messages.
Values: 5–300
Default: 5
Configuring Syslog Servers for Alerts from APSolute Vision

You can configure up to ten syslog servers that receive alerts from APSolute Vision and selected
managed devices.
To configure a syslog server that receive alerts from APSolute Vision

2. In the Syslog Reporting tab, do one of the following:
— To add an entry, click the (Add) button.

— To edit an entry, double-click the row.
Table 30: Syslog Server Parameters
Enable Server Specifies whether the server is enabled.
Default: Disabled
Report Specifies whether APSolute Vision reports all messages received
(This parameter is available by the Alerts Table pane or only audit messages.
only when the Enable Server Values: All Messages, Audit Messages
checkbox is selected.) Default: All Messages
Syslog Server Address The IP address of the device running the syslog service.
(This parameter is available
only when the Enable Server
checkbox is selected.)
L4 Destination Port Values: 1–65,535
(This parameter is available Default: 514
only when the Enable Server

Table 30: Syslog Server Parameters (cont.)
Syslog Facility The facility for all APSolute Vision syslog reporting. The list
(This parameter is available includes facilities as defined in RFC 3164.
only when the Enable Server Values:
checkbox is selected.) • Local Use 0
• Local Use 1
• Local Use 2
• Local Use 3
• Local Use 4
• Local Use 5
• Local Use 6
• Local Use 6
• Local Use 7
• Log Audit
• User-Level Messages
Default: Log Audit
Note: Change the default if the syslog server uses this facility
for reports from another system.
Devices
Click to select a subset of managed devices for which to send alerts. If no devices are specified,
APSolute Vision forwards alerts from all the devices to the syslog server.
Move the required devices from the Available list to the Selected list.
Severity
By default, all the checkboxes are selected.
Critical Specifies whether to include alerts of this severity in syslog
messages.
Major Specifies whether to include alerts of this severity in syslog
messages.
Minor Specifies whether to include alerts of this severity in syslog
messages.
Warning Specifies whether to include alerts of this severity in syslog
messages.
Information Specifies whether to include alerts of this severity in syslog
messages.
Module
Device Security Specifies whether to include alerts regarding this module in syslog
messages.
Device General Specifies whether to include alerts regarding this module in syslog
messages.
Vision General Specifies whether to include alerts regarding this module in syslog
messages.
Vision Configuration Specifies whether to include alerts regarding this module in syslog
messages.

Table 30: Syslog Server Parameters (cont.)
Vision Control Specifies whether to include alerts regarding this module in syslog
messages.
Security Reporting Specifies whether to include alerts regarding this module in syslog
messages.
Trouble Ticket Specifies whether to include alerts regarding this module in syslog
messages.
Operator Toolbox Specifies whether to include alerts regarding this module in syslog
messages.
Managing the SNMP Reporting Configuration

Use the SNMP Reporting Configuration tab for the following:
• Configuring SNMP Alert Rules, page 128
• Configuring SNMP Alert Targets, page 129
Configuring SNMP Alert Rules

You can configure APSolute Vision to send SNMP alerts (traps) to external NMS systems. NMS
systems may be referred to as SNMP servers. In the context of the APSolute Vision alert
configuration, an SNMP server is referred to as an SNMP Alert Target.
The APSolute Vision server can contain multiple SNMP Alert Rules. The configuration of an SNMP
Alert Rule includes one Alert Profile and one SNMP Alert Target. So, before you can configure a rule,
there must be at least one Alert Profile and one SNMP Target. For more information, see Managing
Alert Profiles, page 130 and Configuring SNMP Alert Targets, page 129.
To configure an SNMP Alert Rule

2. In the SNMP Reporting Configuration tab, do one of the following:

Table 31: SNMP Alert Rule Parameters
Name The name of the Alert Rule.
Profile The Alert Profile of the Alert Rule. (See the procedure To configure an Alert
Profile, page 130.)
Targets The SNMP Target of the Alert Rule. (See the procedure To configure an
SNMP Alert Target, page 129.)
Enabled Specifies whether the Alert Rule is enabled.
Default: Disabled

Configuring SNMP Alert Targets

Use the SNMP Reporting Configuration tab to configure SNMP Alert Targets for alerts from APSolute
Vision. An SNMP Alert Target, which is a parameter of an SNMP Alert Rule, (see Managing the SNMP
Reporting Configuration, page 128) can determine the destination of each alert.
To configure an SNMP Alert Target

2. In the SNMP Reporting Configuration tab, at the top of the SNMP Alert Targets table, do one of
the following:

Table 32: SNMP Alert Target Parameters
Name The name of the Alert Rule.
SNMP Server IP Address The IP address of the SNMP server.
Port The Layer 4 port on the SNMP server.
Values: 1–65535
Default: 162
SNMP Version The SNMP version that APSolute Vision uses for the connection.
Values: SNMPv2c, SNMPv3
Default: SNMPv3
SNMP Community The SNMP community name.
(This parameter is displayed
only when SNMP Version is
SNMPv2c.)
User Name The username for the SNMP connection.
(This parameter is displayed Maximum characters: 32
only when SNMP Version is
SNMPv3.)
Use Authentication Specifies whether APSolute Vision authenticates the user for a
(This parameter is displayed successful connection.
only when SNMP Version is Values: Enabled, Disabled
SNMPv3.) Default: Disabled
Authentication Protocol The protocol that APSolute Vision uses for authentication.
(This parameter is available Values: MD5, SHA
only when the Use Default: SHA
Authentication value is
Enabled.)

Table 32: SNMP Alert Target Parameters (cont.)
Authentication Password The password that APSolute Vision uses for authentication.
(This parameter is available Caution: The password should be at least eight characters.
only when the Use vDirect requires that password be at least eight characters.
Enabled.)
Confirm Authentication The password that APSolute Vision uses for authentication.
Password
Caution: The password should be at least eight characters.
(This parameter is available vDirect requires that password be at least eight characters.
only when the Use
Enabled.)
Use Privacy Specifies whether APSolute Vision encrypts SNMPv3 traffic for
(This parameter is displayed additional security.
only when SNMP Version is Default: Disabled
SNMPv3.)
Privacy Protocol The privacy protocol that APSolute Vision uses for the Privacy
(This parameter is available facility.
only when and the Use Value: DES, AES128
Privacy checkbox is Default: DES
selected.)
Privacy Password The password used for the Privacy facility.
only when the Use Privacy vDirect requires that password be at least eight characters.
Confirm Privacy Password The password used for the Privacy facility.
only when the Use Privacy vDirect requires that password be at least eight characters.
Managing Alert Profiles

You can configure Alert Profiles for alerts from APSolute Vision. An Alert Profile, which is a parameter
of an SNMP Alert Rule, (see Managing the SNMP Reporting Configuration, page 128) determines the
content filtering of each alert.
To configure an Alert Profile

2. In the Alert Profiles tab, do one of the following:


Table 33: Alert Profiles Parameters
Name The name of the Alert Profile.
Devices
The Available lists and the Selected lists of devices and Logical Groups (of devices of the
appropriate type). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the managed devices for which to send alerts. The Selected
Logical Group list displays the Logical Groups with the devices for which to send alerts.
Select entries from the Available lists and the Selected lists of devices and Logical Groups (of
devices). Use the arrows to move the entries to the other lists as required.
If no devices are specified, APSolute Vision forwards alerts from all the devices to the SNMP targets
(see Configuring SNMP Alert Targets, page 129).
Note: When a Logical Group is selected, the effective Selected device list dynamically
updates—according to the devices in the Logical Group. That is, when the device-set of a Logical
Group changes, the effective Selected device list changes accordingly. For more information,
see Using Logical Groups of Devices, page 199.
Severity
Critical Specifies whether to include alerts of this severity in SNMP traps.
Major Specifies whether to include alerts of this severity in SNMP traps.
Minor Specifies whether to include alerts of this severity in SNMP traps.
Warning Specifies whether to include alerts of this severity in SNMP traps.
Information Specifies whether to include alerts of this severity in SNMP traps.
Module
Device Security Specifies whether to include alerts regarding this module in SNMP traps.
Device General Specifies whether to include alerts regarding this module in SNMP traps.
Vision General Specifies whether to include alerts regarding this module in SNMP traps.
Vision Configuration Specifies whether to include alerts regarding this module in SNMP traps.
Vision Control Specifies whether to include alerts regarding this module in SNMP traps.
Security Reporting Specifies whether to include alerts regarding this module in SNMP traps.
Trouble Ticket Specifies whether to include alerts regarding this module in SNMP traps.
Operator Toolbox Specifies whether to include alerts regarding this module in SNMP traps.
Attack Category
ACL Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Anti-Scanning Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Behavioral DoS Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
DoS Specifies whether to include alerts regarding this Attack Category in
SNMP traps.

Table 33: Alert Profiles Parameters (cont.)
HTTP Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Intrusions Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Server Cracking Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
SYN Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Anomalies Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Stateful ACL Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
DNS Flood Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Bandwidth Management Specifies whether to include alerts regarding this Attack Category in
SNMP traps.
Selecting Parameters to Include in Security Alerts

You can limit the parameters that are included in security alerts. This option enables you to
customize the alerts to provide the relevant information according to your administrative
requirements.
To select parameters to include in security alerts

Settings > Security Alerts.
2. Select the check box next to each parameter you want to include in the alerts.
You can choose any combination of the following parameters:
— Policy Name
— Attack Name
— Source IP Address
— Destination IP Address
— Destination Port
— Action
3. Click Submit.
Note: Changes to the settings take effect on alerts generated from the time of the change and
onward.

Managing APSolute Vision Analytics Settings

APSolute Vision Analytics supports real-time and historical reporting in APSolute Vision.
APSolute Vision Analytics (AVA) can provide real-time and historical information from the following
Radware products:
• DefensePro version-8.x devices
• Alteon devices running version 32.2 and later
• DefenseFlow version 3.5.0.0 and later
• AppWall version 7.6.6 and later
Managing APSolute Vision Analytics settings comprises the following topics:

• Managing the Email Reporting Configuration for APSolute Vision Analytics, page 133
• ADC Analytics, page 134
Notes
• For more information on AVA, see the APSolute Vision Analytics User Guide.
• The Alteon SSL Inspection node in the Security Monitoring perspective Dashboard View uses the
APSolute Vision Analytics infrastructure. For more information, see Monitoring Outbound SSL
Inspection, page 589.
Managing the Email Reporting Configuration for APSolute Vision

Analytics
Use the Email Reporting Configuration pane to configure the general, e-mail settings for the
APSolute Vision Analytics.
To configure APSolute Vision Analytics Reporting Settings

1. In the APSolute Vision Settings view System perspective, select General Settings > APSolute
Vision Analytics Settings > Email Reporting Configuration.
Table 34: Email Reporting Configuration Parameters
Enable Specifies whether APSolute Vision sends reports via e-mail.
Default: Disabled
Note: This parameter relates to APSolute Vision Analytics
reports only. This parameter is independent of the reports from
the Alerts Table pane.

Table 34: Email Reporting Configuration Parameters (cont.)
SMTP Server Address The name or IP address of the SMTP e-mail server.
This value of this parameter is shared with the SMTP Server
Address parameter under General Settings > Alert Settings >
Alert Browser > Email Reporting Configuration.
Caution: If you change this value and click Submit, the SMTP
Server Address under General Settings > Alert Settings >
Alert Browser > Email Reporting Configuration changes
accordingly.
SMTP User Name The account name used to send e-mail notifications—for example,
Vision@MyCompany.com.
Note: This value of this parameter is not shared with the SMTP
User Name parameter under General Settings > Alert
Settings > Alert Browser > Email Reporting Configuration.
Password The password of the SMTP e-mail server.
Confirm Password The password of the SMTP e-mail server.
ADC Analytics
Use the ADC Analytics pane to configure the storage settings for AVA ADC.
To configure ADC Analytics Settings

Vision Analytics Settings > ADC Analytics.
Table 35: ADC Analytics Parameters
Raw Data Retention Time How long APSolute Vision stores raw AVA ADC data before the data
is deleted and only aggregated data is available. After the specified
time, query information displays averaged values. This means that
after the Raw Data Retention Time elapses, queries cannot show
momentary large fluctuations and points on the curves might
diverge from the exact values.
Values:
• 1H
• 3H
• 6H
• 12H
• 24H
• 72H
• 168H
Default: 1H
Caution: Longer retention times use more disk space.

Table 35: ADC Analytics Parameters (cont.)
Raw Data Query Window The maximum time window that queries can leverage the stored
raw data (according to the Raw Data Retention Time), resulting
in more granular data-points.
Values:
• 1H
• 2H
Default: 1H
Configuring Monitoring Settings

APSolute Vision can perform online monitoring of all the managed Radware devices. It also collects
information for online security reports for DefensePro. You can configure general global settings
about how APSolute Vision obtains data for online monitoring and reports.
To configure APSolute Vision monitoring parameters

Monitoring.
Table 36: Monitoring Parameters
These settings configure APSolute Vision online monitoring for all managed devices.
Polling Interval for On-line The interval, in seconds, between data collections for online
Monitoring monitoring of a managed device. A shorter interval provides more
up-to-date data, but uses more network and device resources.
Values: 15–3600
Default: 15
Polling Interval for Device The number of seconds between polls of a device to determine the
Status up or down status of the device and its elements.
Values: 10–3600
Default: 15
Timeout for Device Status Poll The time, in milliseconds, that the APSolute Vision server waits for
a response of a device-status poll before considering a device to be
down.
Default: 300
Note: If the network has latency longer than the Timeout for
Device Status Poll, devices will appear up and down or always
down, and therefore unmanageable. If you encounter such
behavior, increase the value accordingly.

Table 36: Monitoring Parameters (cont.)
Reports
This setting configures APSolute Vision monitoring for real-time reports for DefensePro.
Polling Interval for Reports The time, in seconds, between data collections for reports. A
smaller interval provides more up-to-date information at the
expense of network resources.
Values: 15–3600
Default: 15
Configuring APSolute Vision Server Alarm Thresholds

You can configure the following server-alarm thresholds for specific alarms:
• Two threshold values for rising alarms to issue warning and error alerts respectively—
The rising server-alarm threshold value must always be lower than the rising error threshold.
When the parameter value exceeds the rising server-alarm threshold value but is less than the
error threshold value, a warning alert is issued. When the parameter value exceeds the rising
error threshold, an error alert is issued.
• Two threshold values for falling alarms to clear warning and error alerts
respectively—The falling alarm values must be less than their respective rising alarm values.
Note: For the CPU alert, since CPU measurements vary rapidly, APSolute Vision determines
threshold limits based on a moving average calculation.
To configure APSolute Vision server-alarm thresholds

1. In the APSolute Vision Settings view System perspective, select General Settings > Server
Alarm.
2. To edit the thresholds for a specific parameter, double-click the parameter name.
Table 37: Server-Alarm Threshold Parameters
Parameter (Read-only) The parameter name.
Enabled Specifies whether the threshold parameter is used for the corresponding
alarm.
Default: Enabled
Rising
Configure rising alarms to issue warning and error alerts respectively.
Warning The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold value but
is less than the error threshold value, a warning alert is issued.

Table 37: Server-Alarm Threshold Parameters (cont.)
Error The rising error threshold value must always be greater than the rising
threshold value. When the parameter value exceeds the rising error
threshold, an error alert is issued.
Falling
Configure falling alarms to clear warning and error alerts respectively.
Warning The falling warning alarm value must be less than the rising warning alarm
value.
Error The falling error alarm value must be less than the rising error alarm value.
Managing Connections to Authentication Servers

APSolute Vision users can be authenticated through RADIUS, TACACS+, or LDAP—besides the Local
Users table.
Note: For information on the he Local Users table, see Configuring Local Users for APSolute Vision,
page 99.
• Managing RADIUS Server Connections, page 137
• Managing TACACS+ Server Connections, page 142
• Configuring LDAP Server Connections, page 149
Managing RADIUS Server Connections

APSolute Vision can authenticate users using its role-based access control (RBAC) through a Remote
Authentication Dial In User Service (RADIUS) server connection.
Authentication Process with RADIUS

If the APSolute Vision server is configured to use RADIUS for authentication, the user-authentication
process is as follows:
1. The user connects to APSolute Vision WBM, and enters the username and password given by the
RADIUS administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the RADIUS
server.
3. If the RADIUS server recognizes and authorizes the APSolute Vision server, the RADIUS server
processes the request for the user and password.
Note: If a RADIUS server does not recognize a request source (in this case, the APSolute
Vision server), the RADIUS server ignores the request.

4. If the RADIUS server authenticates the user, the RADIUS server returns an Access-Accept
message with the username and its associated IDM-string–scope combination to the APSolute
Vision server. The Access-Accept message contains the SecurityMonitoringScope-
ProtectionPolicy combination for the Radware-Policy attribute (for more information, see
RADIUS Server Requirements, page 138). If the RADIUS server does not authenticate the user,
the RADIUS server sends an Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 85.
5. If the user is authenticated, the APSolute Vision server grants access according to the user’s
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.
RADIUS Server Requirements

Each RADIUS server (primary and secondary) for APSolute Vision user authentication requires the
following:
• The RADIUS server must use the port specified on the APSolute Vision server.
• The RADIUS server must authorize the APSolute Vision server.
• The RADIUS server must use the authentication type (for example, PAP) that is specified in the
APSolute Vision server.
• Your RADIUS server and/or RADIUS Authentication system and your dictionary file must include
the following:
— Attribute ID 26—To specify a Vendor-Specific Attribute (VSA).
— Vendor ID 89—To specify Radware (as assigned by Internet Assigned Numbers Authority,
IANA). Vendor ID 89 will need to be configured on the RADIUS server.
— Vendor Attribute ID 100—To specify the Radware-Role attribute. The RADIUS server can
use this attribute to return the IDM-string–scope combination to the APSolute Vision server.
— Vendor Attribute ID 101—To specify the Radware-Policy attribute. The Radware-
Policy attribute is used to limit what DefensePro security data the user sees in the Security
Monitoring perspective and APSolute Vision Reporter according to specified DefensePro
Network Protection policies.
• The RADIUS server Access-Accept response must include an IDM-string–scope combination, for
the Radware-Role attribute, in the following format:
<IDM string>:<Scope>
where:
— <IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 85. The list of the available RADIUS attribute IDs and corresponding attribute names is
available at http://www.iana.org/assignments/radius-types/radius-types.xhtml.
— <Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more rows
specifying a site or managed-device name.
Examples:
ADMINISTRATOR:[ALL]ADC_OPERATOR:MyADCSiteADC_OPERATOR:MyADCSite
ADC_OPERATOR:MyDevice1
ADC_OPERATOR:MyDevice2

Caution: Users defined through a RADIUS server with the Administrator, User
Administrator, or Vision Administrator roles role must be configured with the scope [ALL]
• If the Radware-Policy attribute is used, the RADIUS server Access-Accept response must
include a SecurityMonitoringScope-ProtectionPolicy combination for the Radware-Policy
attribute, in the following format:
<SecurityMonitoringScope>:<ProtectionPolicyName>
where:
— <SecurityMonitoringScope> is the scope of the user in the context of DefensePro
security monitoring. The scope [ALL] (including the square brackets) specifies all supported
DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more rows specifying an IP address of a
supported DefensePro device.
— <ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more rows.
Examples:
— [ALL]:[ALL] —The user has security-monitoring access to all the supported DefensePro
devices for the corresponding scope and all the associated Network Protection policies.
— 10.202.199.36:[ALL] —The user has security-monitoring access to all the Network
Protection Policies for the DefensePro device with the IP address 10.202.199.36.
— 10.202.199.36:MyNetProtPolicy —The user has security-monitoring access to data
related to the Network Protection Policy named MyNetProtPolicy that is configured in the
DefensePro device with the IP address 10.202.199.36.
— 10.202.199.36:MyNetProtPolicy1
10.202.199.36:MyNetProtPolicy2
10.202.199.36:MyNetProtPolicy3 —The user has security-monitoring access to data
related to the Network Protection policies named MyNetProtPolicy1, MyNetProtPolicy2, and
MyNetProtPolicy3, that are configured in the DefensePro device with the IP address
10.202.199.36.
Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for

<ProtectionPolicy> must be [ALL].
Requirements and Guidelines with RADIUS Authentication of APSolute Vision Users

The following lists the requirements and guidelines with RADIUS authentication of APSolute Vision
users:
• The basic requirements and guidelines for a username are the same as those using the Local
Users table—that is:
— The username should start with a letter or an underscore.
— After the first character, the remaining characters can be letters, numbers, underscores,
hyphens, or periods (dots).
— Maximum characters: 32.

— Do not configure a user with the name admin (case-insensitive). A user with the name
admin (case-insensitive) can log in to APSolute Vision, but that user will not be able to log in
to all APSolute Vision modules (for example, the AVR).
Notes
— APSolute Vision usernames are not case-sensitive when logging in to APSolute Vision WBM.
— APSolute Vision usernames are case-sensitive when logging in to the APSolute Vision CLI.
— APSolute Vision user passwords are case-sensitive.
• Users defined through a RADIUS server with the Administrator, User Administrator, or Vision
Administrator roles must be configured with the scope [ALL] (including the square brackets).
• If the name of an APSolute Vision site or device changes and a RADIUS server authenticates
users, the user scopes on the RADIUS server must be reconfigured manually.
• When users defined through a RADIUS server must access DefensePro devices, those passwords
must not exceed 15 characters. Using RADIUS, when a password exceeds 15 characters,
APSolute Vision cannot log in to DefensePro devices over HTTP, HTTPS, or SSH.
• Do not configure more than 300 explicit device-policy pairs for DefensePro security-monitoring
access—for any user. If there are more than 300 explicit device-policy pairs for a user, the
Security Monitoring Dashboard View might not function properly for the user.
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access Control
(RBAC), page 85.
Configuring the RADIUS Server Connections

Use the following procedure to configure your RADIUS server connections.
To configure a RADIUS-server connection

Authentication Protocols > RADIUS Settings.
Table 38: RADIUS Settings
Primary RADIUS Configuration Parameters
IP Address The IP address of the primary RADIUS server for authentication.
Port The Layer 4 port on the primary RADIUS server.
Values: 1812, 1645
Default: 1812
Shared Secret The RADIUS shared secret used for communication between the primary
RADIUS server and APSolute Vision.
Verify Shared Secret The RADIUS shared secret used for communication between the primary

Table 38: RADIUS Settings (cont.)
Secondary RADIUS Configuration Parameters
IP The IP address of the secondary RADIUS server for authentication.
Authenticate Port The Layer 4 port on the secondary RADIUS server.
Values: 1812, 1645
Default: 1812
Shared Secret The shared secret used for communication between the secondary
Verify Shared Secret The shared secret used for communication between the secondary
Shared RADIUS Configuration Parameters
Timeout The time, in seconds, between retransmissions to the RADIUS servers.
Values: 1–100
Default: 5
Note: If connectivity is too slow, increase the value.
Retries The number of authentication retries before a second RADIUS server (if
configured) is contacted.
Values: 1–10
Default: 3
Note: If connectivity is too slow, increase the value.
Attribute ID The RADIUS attribute used in the RADIUS profile.
Values: 1–255
Default: 26—that is, Vendor Specific Attribute
Vendor ID The vendor ID for the vendor-specific attribute (VSAs).
(This parameter is Default: 89—Specifies Radware (as assigned by IANA)
displayed only if the
specified Attribute ID is
26.)
Vendor Attribute ID The vendor-specific-attribute ID to hold the <IDM string>:<Scope>
(This parameter is values.
displayed only if the Default: 100—Specifies the Radware Radware-Role.
specified Attribute ID is
26.) Note: Names of vendor-specific attributes are decided on by the
vendor.

Table 38: RADIUS Settings (cont.)
Authentication Type The method of authentication to be used.
Values:
• PAP
• CHAP
• EAP-MD5
• EAP-MSCHAP v1
• MSCHAP v1
• MSCHAP v2
Default: PAP
Managing TACACS+ Server Connections

APSolute Vision can authenticate users using its role-based access control (RBAC) through a
Terminal Access Controller Access-Control System Plus (TACACS+) server connection.
Authentication Process with TACACS+

If the APSolute Vision server is configured to use TACACS+ for authentication, the user-
authentication process is as follows:
TACACS+ administrator.
2. The APSolute Vision server sends the authentication request to the specified port of the
TACACS+ server.
3. If the TACACS+ server recognizes and authorizes the APSolute Vision server, the TACACS+
server processes the request for the user and password.
Note: If a TACACS+ server does not recognize a request source (in this case, the APSolute
Vision server), the TACACS+ server ignores the request.
4. If the TACACS+ server authenticates the user, the TACACS+ server returns an Access-Accept
message with the username and its associated IDM-string–scope combination to the APSolute
Vision server. The Access-Accept message contains the SecurityMonitoringScope-
ProtectionPolicy combination for the Radware-Policy attribute (for more information, see
TACACS+ Server Requirements, page 143). If the TACACS+ server does not authenticate the
user, the TACACS+ server sends an Access-Reject message.
Note: The identity-management (IDM) string defines the role of user. For more information on
roles, IDM strings, and scopes, see Role-Based Access Control (RBAC), page 85.
5. If the user is authenticated, the APSolute Vision server grants access according to the user’s
IDM string and scope. If the user is rejected, the APSolute Vision server does not grant access.

TACACS+ Server Requirements

The TACACS+ implementation in APSolute Vision supports standard ASCII inbound login to the
device. PAP, CHAP, ARAP, and MSCHAP login methods are not supported. TACACS+ change password
requests are not supported. One-time password authentication is not supported. APSolute Vision
performs encryption of body packets by concatenating a series of MD-5 hashes. Setting the
TAC_PLUS_UNENCRYPTED_FLAG, which allows the exchange of clear text TACACS+ packets, is not
allowed.
Each TACACS+ server (primary and secondary) for APSolute Vision user authentication requires the
following:
• The TACACS+ server must use the port specified on the APSolute Vision server.
• The TACACS+ server must authorize the APSolute Vision server.
• The TACACS+ server configuration file must use the following structure, which is also case-
sensitive:
user = <user> {
login = <login>
member = <user group>
}
group = <user group>{
service = <service> {
radware-role = <IDM string>:<Scope>
radware-policy = <SecurityMonitoringScope>:<ProtectionPolicyName>
priv-lvl = <privilege level>
}
}
where:
— <user> is the user’s name.
— <login> is the login type and the user’s password. The login type can be cleartext,
where the user’s password is exposed in the configuration file, or may use encryption such
as des. If the password includes a space, the password must be enclosed in quotation
marks (").
Examples:
•
cleartext mypassword
• cleartext "my password"
• des l5c2fHiF21uZ6
— <user group> is the group of which the user is a member.
— <service> is the Service Name configured for the TACACS+ connection in APSolute Vision.
— <IDM string> is the identity-management (IDM) string, which defines the role of user. For
more information on roles, IDM strings, and scopes, see Role-Based Access Control (RBAC),
page 85.
— <Scope> is the scope of the user. The scope [ALL] (including the square brackets)
specifies all sites and managed devices. You define a limited scope using one or more entries
specifying a site or managed-device name—delimited by plus signs (+).

Caution: Users defined through a TACACS+ server with the Administrator, User
Administrator, or Vision Administrator role must be configured with the scope [ALL]
— The radware-policy row defines DefensePro security monitoring.

The radware-policy row is optional if the managed device does not support DefensePro
security monitoring.
— <SecurityMonitoringScope> is the scope of the user in the context of DefensePro
security monitoring. The scope [ALL] (including the square brackets) specifies all supported
DefensePro devices under the corresponding role. If the value for
SecurityMonitoringScope is [ALL], the value for ProtectionPolicy must be
[ALL]. You define a limited scope using one or more entries specifying a DefensePro-device
name or APSolute Vision site name—delimited by plus signs (+).
and
— <ProtectionPolicy> is a DefensePro Network Protection Policy for the scope. The value
[ALL] (including the square brackets) specifies all Network Protection policies for the
corresponding SecurityMonitoringScope. You define Network Protection policies for the
SecurityMonitoringScope using one or more entries—delimited by plus signs (+).
Examples:
• [ALL]:[ALL] —The user has security-monitoring access to all the supported
DefensePro devices for the corresponding scope and all the associated Network
Protection policies.
• dp1:[ALL] —The user has security-monitoring access to all the Network Protection
policies for the DefensePro device named dp1.
• dp2:Syn_ACK_V21_Policy —The user has security-monitoring access to data related
to the Network Protection Policy named Syn_ACK_V21_Policy that is configured in the
DefensePro device named dp2.
• dp3:MyNetProtPolicy1+dp3:MyNetProtPolicy2+dp3:MyNetProtPolicy3 —The
user has security-monitoring access to data related to the Network Protection policies
named MyNetProtPolicy1, MyNetProtPolicy2, and MyNetProtPolicy3, that are configured
in the DefensePro device named dp3.
Caution: If the value for <SecurityMonitoringScope> is [ALL], the value for

<ProtectionPolicy> must be [ALL].
— <privilege level> is the Minimal Required Privilege Level configured for the
TACACS+ connection in APSolute Vision. TACACS+ indicates the privilege level at which the
user is authenticating.
Note: Privilege levels are ordered values from 0 to 15 with each level representing a
privilege level that is a superset of the next lower value. If a NAS client uses a different
privilege level scheme, mapping must be provided.
The predefined values are as follows:
— TAC_PLUS_PRIV_LVL_MAX := 0x0f
— TAC_PLUS_PRIV_LVL_ROOT := 0x0f
— TAC_PLUS_PRIV_LVL_USER := 0x01
— TAC_PLUS_PRIV_LVL_MIN := 0x00

Example
The following is an example of a TACACS+ configuration file.
The file includes definitions of the user testuser who belongs to the group testgroup.
dp1, dp2, and dp3 are DefensePro devices that are managed by the APSolute Vision server.
The user is defined to have multiple roles: Security Monitor on dp3 and dp4, and Viewer on dp1.
RBAC by DefensePro Network Protection policies is also defined. For dp1 and dp4, access to all
policies is allowed. For dp3, access is limited to the policy: Syn_ACK_V21_Policy.
user = testuser {
login = cleartext "radware"
member = testgroup
}
group = testgroup {
service = connection {
radware-role=VIEWER:dp1+SEC_MON:dp3+SEC_MON:dp4
radware-policy=dp1:[ALL]+dp3:Syn_ACK_V21_Policy+dp4:[ALL]
priv-lvl = 2
}
}
Requirements and Guidelines with TACACS+ Authentication of APSolute Vision Users

The following lists the requirements and guidelines with TACACS+ authentication of APSolute Vision
users:
Notes
Note: For more information on RBAC and RBAC roles and scopes, see Role-Based Access
Control (RBAC), page 85.
• Users defined through a TACACS+ server with the Administrator, User Administrator, or Vision

• If the name of an APSolute Vision site or device changes and a TACACS+ server authenticates
users, the user scopes on the RADIUS server must be reconfigured manually.
(RBAC), page 85.
Configuring the TACACS+ Server Connections

Use the following procedure to configure your TACACS+ server connections.
To configure a TACACS+ server connection

Authentication Protocols > TACACS+ Settings.
Table 39: TACACS+ Settings
Primary TACACS+ Configuration Parameters
IP Address The IP address of the primary TACACS+ server for authentication.
Port The Layer 4 port on the primary TACACS+ server.
Values: 49
Default: 49
Shared Secret The TACACS+ shared secret used for communication between the
primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Confirm Shared Secret The TACACS+ shared secret used for communication between the
primary TACACS+ server and APSolute Vision. The value can contain
special characters.
Secondary TACACS+ Configuration Parameters
IP Address The IP address of the secondary TACACS+ server for authentication.
Port The Layer 4 port on the secondary TACACS+ server.
Values: 49
Default: 49
Shared Secret The shared secret used for communication between the secondary
TACACS+ server and APSolute Vision. The value can contain special
characters.

Table 39: TACACS+ Settings (cont.)
Confirm Shared Secret The shared secret used for communication between the secondary
TACACS+ server and APSolute Vision. The value can contain special
characters.
Shared TACACS+ Configuration Parameters
Minimal Required Privilege The minimum TACACS+ privilege level specified for a user that will
Level allow access to APSolute Vision. A user can successfully be authorized
by the TACACS+ server but have a privilege level that is too low to
access APSolute Vision.
0 (zero) is the lowest privilege level, meaning: all users can access
APSolute Vision. 15 is the highest level. For example, if the Minimal
Required Privilege Level is defined as 1, all users with access level of 1
or higher can access APSolute Vision; and users with level 0 (zero) will
not have access to APSolute Vision.
Values: 0–15
Default: 0
Service Name The name of the service as defined in the TACACS+ server
configuration file.
Managing LDAP Server Connections

APSolute Vision can authenticate users using its role-based access control (RBAC) through a
Lightweight Directory Access Protocol (LDAP) server connection. APSolute Vision is tested to work
with Microsoft Active Directory; APSolute Vision is not tested with other LDAP implementations.
Authentication with LDAP

If the APSolute Vision server is configured to use LDAP for authentication, the user-authentication
process is as follows:
LDAP administrator.
2. The APSolute Vision server sends the authentication request (that is, the bind request) to the
LDAP server (see Configuring LDAP Server Connections, page 149).
Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in
the bind request includes the FQDN (that is, <username>@<FQDN>).
3. If the authentication with the LDAP server fails, the user receives an appropriate message.

4. If the authentication with the LDAP server succeeds:

a. APSolute Vision sends a search request to the LDAP server for the user whose
sAMAccountName value matches the login name, using a specified distinguished name as
the root for the search.
b. If the LDAP server finds the requested user, APSolute Vision gives permissions to the
authenticated user according to the matching LDAP object-class–permission entry that is
configured on the APSolute Vision server (see Managing LDAP Object Class Permissions,
page 107).
Note: If the LDAP server does not find the requested user, APSolute Vision displays an
appropriate message and does not grant the user access.
LDAP Server Recommendations

Radware recommends the following for each LDAP server (primary and secondary) for APSolute
Vision user authentication:
• Specify the Fully Qualified Domain Name (FQDN) parameter.
Note: If the Fully Qualified Domain Name (FQDN) parameter is specified, the user name in
the bind request includes the FQDN (that is, <username>@<FQDN>).
• For optimal login time, configure distinguished names using the most specific values that you
can.
Requirements and Guidelines with LDAP Authentication of APSolute Vision Users

The following lists the requirements and guidelines with LDAP authentication of APSolute Vision
users:
Notes
• Users defined through a LDAP server with the Administrator, User Administrator, or Vision
• If the name of an APSolute Vision site or device changes and an LDAP server authenticates
users, the user scopes on the LDAP server must be reconfigured manually.

(RBAC), page 85.
Configuring LDAP Server Connections

Use the following procedure to configure your LDAP server connections.
To configure a LDAP-server connection

Authentication Protocols > LDAP Settings.
Table 40: LDAP Settings
General LDAP Settings
Warning The rising threshold value must always be lower than the rising error
threshold. When the parameter value exceeds the rising threshold
value but is less than the error threshold value, a warning alert is
issued.
Fully Qualified Domain Name The Fully Qualified Domain Name of the LDAP server.
Primary LDAP Configuration Parameters
IP Address / Host The IP address of the primary LDAP server for authentication.
Port The Layer 4 port on the primary LDAP server.
Values: 1–65535
Default: 636
Note: If the Encrypted checkbox is not selected, the (port) value
is typically 389.
Encrypted Specifies whether authentication communication between APSolute
Vision and the primary LDAP server is encrypted using SSL.
Default: Enabled
Secondary LDAP Configuration Parameter
IP Address / Host The IP address of the secondary LDAP server for authentication.
Authenticate Port The Layer 4 port on the secondary LDAP server.
Values: 1–65535
Default: 636
Note: If the Encrypted checkbox is not selected, the (port) value
is typically 389.
Encrypted Specifies whether authentication communication between APSolute
Vision and the secondary LDAP server is encrypted using SSL.
Default: Enabled

Table 40: LDAP Settings (cont.)
Distinguished Names for Searches
The list of each distinguished name (DN) on the LDAP server that may include the APSolute Vision
user accounts.
To add a name to the list
1. Click the (Add) button.

2. In the Name box, type the DN.
3. Click Submit.
To edit a name in the list
1. Double-click the entry.
2. In the Name box, type the DN.
3. Click Submit.
To delete a name from the list
1. Select the entry.
2. Click the (Delete) button and confirm your action.
Managing Device Drivers

A device driver in APSolute Vision defines the GUI and configuration of the software version of a
managed device. The software version of a managed device defines the baseline driver version.
There may be multiple device-driver versions for a single software version of a device, but there can
be only one device-driver version in use on any single APSolute Vision server. That is, each device
driver applies to all devices in the system that use the same device-software version. Typically,
subsequent versions of device drivers include only fixes for GUI and configuration bugs. You can
install a newer version of the device driver, and you can revert to the baseline version.
When you upgrade device software, you need to reboot the device. However, when you install a new
version of a device driver or revert to the baseline version, you do not need to reboot the device.
Caution: Device drivers do not include changes to the online help. Depending on the configuration
of the APSolute Vision server, the APSolute Vision clients get online help either from the APSolute
Vision server (the default option) or radware.com. The online-help files at radware.com are always
the most up-to-date; but clients may encounter latency or connectivity problems. If the APSolute
Vision clients get online help from the APSolute Vision server, after updating a device driver, the
online-help files on the server should be updated. It is the responsibility of the APSolute Vision
administrator to make sure that the help files on the server are updated as necessary. For more
information, see Appendix A - Managing the Online-Help Package on the Server, page 737.
Note: The device driver includes the minimum APSolute Vision version.
When an APSolute Vision server detects that a new device has been installed or that a new device
software version has been installed on an existing device, the server retrieves the driver version
from the device.
The server checks whether it already has a driver version that corresponds to the device software
version, and uses the newest device driver.

If the driver version on the device is newer than the device version on the server, the server
downloads the new driver from the device, but does not apply it. The table in the Device Drivers
node (in the APSolute Vision Settings view System perspective) displays the device-version row
shaded gray.
If the device driver is incompatible or not found, APSolute Vision behaves as follows:
• Issues an appropriate error message, but displays the device in the tree of the device pane with
a special icon (?) on top of it.
• When you click the device in the tree, no screen is displayed, but the following information is
displayed in the device-properties pane: Device Name (from Vision), Device Type (if known),
Status: Unsupported, and Software Version: <SW_version>
The device-properties pane includes the name of the device driver.

You can do the following:
• Update the drivers of the devices of a particular software version.
• Update all the device drivers that are not updated in the APSolute Vision server.
• Revert the driver to the baseline driver version.
If one or more of the relevant devices is locked, APSolute Vision prompts you whether to continue or
not. If you change the driver version when a device is locked by other users, you may lose the
changes for those users.
Table 41: Driver Parameters
Column Description
Product Name The device type.
Values:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Product Version The device software version.
Instances The number of devices that use the same device software version.
Driver Baseline The baseline version of the driver used for this device software version.
Driver in Use The driver version in use for this device software version.
Latest Driver The latest driver version for this device software version that is stored in
the APSolute Vision server.
Supported Languages The languages that the device driver supports.
To update a device driver

1. In the APSolute Vision Settings view System perspective, select General Settings > Device
Drivers.
2. Select the row with the relevant device and device version.
3. Click the (Update Device Driver) button.

4. Click Browse, navigate to the driver, and click Open.
5. Click Update. APSolute Vision verifies that the device driver version is relevant for the device
software.

6. Read the confirmation message, and then, accept or abort the action.
The version of the driver that you install cannot be the same version or an older version of the
driver baseline version. If the driver version that you install is newer than the baseline version
but older than the driver version in use, APSolute Vision prompts you for confirmation to change
the current driver. If the driver version that you install is newer than the baseline version and
newer than the driver version in use, APSolute Vision prompts you for confirmation to upgrade
the current driver.
To apply a driver version to a specific device when there is a newer version in the server
Drivers.
3. Select the (Update to Latest Driver) button.
To revert to baseline driver version that resides on the APSolute Vision server
Drivers.
3. Select (Revert to Baseline Driver) button.
Note: This option is displayed only when the driver version in use is different from the baseline
driver release.
To update all the device drivers to the latest ones that are stored in the APSolute Vision
server
Drivers.
2. Click the (Update All Drivers to Latest) button.
Note: This command is available only when the APSolute Vision server has device driver
version that is later than one of the device drivers in use.
The following procedure is for troubleshooting a situation such as the following:
• A driver for the device you want to add to the APSolute Vision configuration does not exist in the
APSolute Vision server or does not exist as part of the device software.
• The driver for the device you want to add to the APSolute Vision configuration is corrupt in the

• The driver for the device you want to add to the APSolute Vision configuration does not exist in
the APSolute Vision server and is corrupt in device software.
Note: The APSolute Vision CLI includes a command for troubleshooting problems related to
device drivers. For more information, see system database maintenance driver_table delete,
page 687.
To load a driver for a software version that does not exist in the Device Drivers table
(that is, APSolute Vision has never managed a device using this software version)
Drivers.
2. Click the (Upload Device Driver) button.

3. Click Browse, navigate to the driver, and click Open.
4. Click Upload. The action loads a driver into the APSolute Vision server. The driver version is
displayed in the Device Driver table, in the Latest Driver column, if there is a managed device of
the corresponding software version. The driver is available when you add a new device to the
APSolute Vision configuration.
Configuring APSolute Vision Reporter Parameters

You can view historical security reports in the APSolute Vision Reporter (AVR).
The AVR client supports only a single timezone, which is the timezone configured on the APSolute
Vision server.
Notes
• You can open AVR from the APSolute Vision sidebar menu ( Applications > AVR).
• AVR does not support Alteon or LinkProof NG.
To configure APSolute Vision Reporter settings

Vision Reporter.
Table 42: APSolute Vision Reporter Parameters
Attack Polling Interval (Read-only) The interval for polling security attack data, which is 5
minutes.

Table 42: APSolute Vision Reporter Parameters (cont.)
Data Retention Interval The time, in months, that APSolute Vision retains AVR data.
Values:
• 1–48
• Unlimited
Default: 12
Note: After upgrade from an APSolute Vision version prior to 2.30,
the value is Unlimited. You can modify this value if you require.
Upload Logo You can upload a logo to display on reports. Click the button and enter
(button) the name of the file to upload.
Managing APSolute Vision Licenses and Viewing Capacity

Utilization
Use the License Management pane for doing the following:
• Managing Licenses for APSolute Vision, page 154
• Viewing Details of the RTU Licenses, page 156
• Viewing Details on the Current Utilization of the APSolute Vision Server, page 157
To open the License Management pane

> In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
Note: For your convenience, the License Management pane includes a link to the Device
Subscriptions pane (see Viewing Device Subscriptions, page 168).
Managing Licenses for APSolute Vision

In addition to the existing perpetual licenses, APSolute Vision accepts and enforces time-based
right-to-use (RTU) licenses and time-based licenses for various features, such as AVA, AVR, APM,
and DPM. APSolute Vision denies access to a feature if the license is not installed or the license has
expired.
When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL (ODS-VL)
platform, licenses for APSolute Vision are generated based on the MAC address of the APSolute
Vision port G1 or G2. APSolute Vision displays the MAC address of port G1 in the License
Management pane above the License table.
When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, licenses for
APSolute Vision are generated based on the MAC address of the APSolute Vision port G3 or G5.
APSolute Vision displays the MAC address of port G3 in the License Management pane above the
License table.
APSolute Vision has capacity limitations and limitations based on the RTU license. The total number
of licenses is called the RTU license pool. The RTU license pool determines the maximum number of
supported physical and virtual devices that the APSolute Vision server can manage.

When a system is in violation of the RTU license:

• APSolute Vision allows you to manage only the number of devices corresponding to the RTU
license pool.
• The RTU License status of the devices that are not covered by the RTU license pool is Invalid.
• APSolute Vision randomly selects which managed devices have the Invalid status.
• You cannot configure devices whose RTU License status is Invalid. In this context, configure
includes: Scheduler tasks, Operator Toolbox scripts, multi-device configuration, and multi-device
configuration with Logical Groups.
Notes
• When you install a new license over a license (of the same type) that has already expired, the
new license automatically overwrites the expired one. APSolute Vision enforces licenses
according to the start date to the expiration date. You can replace an existing valid license with
a new license if the starting day is before the installation date.
• If you try to install a new license over a valid active license, and the starting date of the new
license is after the day of installation, APSolute Vision does not allow the action and displays an
appropriate message.
• If there is no active license and you try to install a license with a future start date, APSolute
Vision allows the action but displays an appropriate message.
• When removing a device from APSolute Vision that is covered by the RTU license pool, the
license portion returns to the pool. If there are managed devices that are not covered by the
pool, APSolute Vision randomly selects one of those devices, and allocates the license portion to
that device.
APSolute Vision starts generating license-expiration alerts 90 days before the expiration date.
When APSolute Vision generates an license-expiration alert:
• The APSolute Vision toolbar displays the License Alert button. The button displays only to users
with the Administrator or Vision Administrator roles. If a license expires within 90 days up to 30
days, the button background is blue. If a license expires within 29 days up to one day, the
button background is amber. The last day before the license expires and after the license is
expired, the button background is red. When there are multiple license alerts, the button
displays the lowest number of remaining days. Hovering on the button opens a tooltip with
additional information. When there are multiple alerts, the bell shows the number of alerts.
Clicking the License Alert button opens the License Management pane.
Figure 32: License Alert Button and Tooltip
• A pop-up notification is displayed to users with the Administrator or Vision Administrator roles.
• The alert is displayed in the Alerts Table pane.
• The alert is included in the technical-support (tech-support) package. For information on tech-
support packages, see System Backup Technical-Support Commands, page 677.

Caution: After upgrading from APSolute Vision versions earlier than 3.80, if there is an RTU-license
alert, there will be a grace period of 30 days. This grace period is intended to grant you time to
contact Radware Technical Support and purchase additional RTU licenses, as required. After the
grace period, APSolute Vision will support only the number of devices covered by the RTU license
pool.
To add a license for APSolute Vision

1. In the APSolute Vision Settings view System perspective, select General Settings > License
Management.
2. In the License table, click the (Add) button.

3. In the License String text box, enter the license string.
4. Click Submit.
Use the Licenses table to view information on the installed licenses. If a license is expired or is soon
to expire, the text in the corresponding row is red. If a license is going to be active in the future, text
in the row is blue.
When you click on a license in the License Management table, the View License tab opens. If the
license is expired or about to expire, the View License tab includes a link to the Radware portal,
which provides purchasing options.
Table 43: License Table Parameters
Item The license type.
License String The license string that Radware supplied.
Expiration Date The date that the license expires.
Note: The date format is according to the configuration of the APSolute
Vision server (see Configuring APSolute Vision Display Parameters,
page 163).
Days to Expiration The number of days before the license expires.
Activation Date The date that the license was activated.
Note: The date format is according to the configuration of the APSolute
Vision server (see Configuring APSolute Vision Display Parameters,
page 163).
Viewing Details of the RTU Licenses

Use the RTU Licenses table to help determine whether you exceed scale/capacity specifications and
whether you need to purchase additional RTU licenses.
Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the
relevant APSolute Vision version.

Table 44: RTU Licenses Table Parameters
Type Values:
• Managed Physical Devices—The number of physical devices (of any
supported device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
• Managed Virtual Devices—The number of virtual devices (of any
supported device type) that the APSolute Vision is managing.
DefenseFlow is not counted.
Number of Devices The number of devices of the specific type that APSolute Vision is
managing.
Devices with No License The number of devices of the specific type that have no RTU license.
Allocated Licenses The number of devices of the specific type from the license pool that
are allocated (used).
License Pool The total number of licenses in the pool.
Viewing Details on the Current Utilization of the APSolute Vision Server

The Current Utilization table displays various Item parameters and the number of each item.
Note: For more information on capacity limitations, see the APSolute Vision Release Notes for the
relevant APSolute Vision version.
Table 45: Current Utilization Table Parameters
Item Values:
• Managed DefensePro Devices—The number of DefensePro devices of any
deployment type (virtual or physical appliance) that the APSolute Vision is
managing.
• Unavailable Devices—The number of devices that the APSolute Vision is
managing whose status is not Up. That is, devices whose status is Down,
Maintenance, Unknown, and so on.
• Total Enabled DefensePro Policies—The sum of enabled Network Protection
policies and Server Protection policies on the DefensePro devices that the
APSolute Vision is managing.
• Total Profiles Assigned to Enabled Policies—The number of profiles in both the
Network Protection policies and Server Protection policies on the DefensePro
devices that the APSolute Vision is managing. If a profile is associated with
multiple policies, it is counted multiple times.
Quantity The number of the specific item.

Managing APM in APSolute Vision

Application Performance Monitoring (APM) monitors traffic through Alteon and LinkProof NG devices.
APM can continuously monitor all transactions and provide visibility into the true end-user
experience in the data center, network, or online application.
The APM server is part of the APSolute Vision server with APM server VA offering. One APM server
per APSolute Vision server supports the APM functionality. The APM server is an OVA installation in a
VMware vSphere environment. You specify the connection details of the APM server in the APSolute
Vision Settings view System perspective, under General Settings > APM Settings.
From the APM Settings node, you can view information related to the virtual services of the
managed devices that have APM enabled. There, you can also directly access the service in APM Web
interface.
Notes
• The term “APM server” may also be referred to as “SharePath server”.
• APM requires a proper license, which you can manage in the License Management tab (APSolute
Vision Settings view System perspective, General Settings > License Management).
• For information on the installation of the APM server, see the APSolute Vision Installation and
Maintenance Guide.
• For information on how to configure Alteon or LinkProof NG with APM, see the sections
“Configuring the Application Performance Monitoring (APM) Server in Alteon” and “Managing
Virtual Services Settings” in the online help.
• For information on using APM, see the Application Performance Monitoring User Guide.
• For information on how to use the APM Web interface, click the (Help) button in the APM Web
interface.
To open the APM Web interface

> Do one of the following:
— From the APSolute Vision sidebar menu, click (Applications) > APM).
— Do the following:
a. In the APSolute Vision Settings view System perspective, select General Settings >
APM Settings.
b. In the table, in the APM Server column, click the hyperlink.
Considerations and Constraints Using APM with Alteon Version 29.5

The following lists describes the considerations and constraints using APM with Alteon version 29.5:
• The Alteon must be managed by the same APSolute Vision that hosts the APM server.
• If the instance of the APM server is replaced without restoring the previous database, the
system administrator must reapply the APM configuration on each virtual service.

Managing the APM Server

This section describes how to manage the APM server.
Use the APM-Enabled Services table to view information related to the virtual services of the
managed Alteon or LinkProof NG devices that have APM enabled. There, you can also directly access
the service in the APM Web interface.
To manage the APM server

1. In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings. The APM Settings tab displays the APM Server State field and a table with
information about the APM server.
The APM Server State field can display the following values:
— Initializing—The APM server is initializing.
— Running—The APM server is running.
— Down—The APM server is down. Typically, this is because the APM server is not yet
configured in the table or the APM license is not yet installed.

3. Configure the parameters, and then, click Submit.
Table 46: APM Server Parameters
Use the APM Server Installed on Specifies whether APSolute Vision uses the APM server
this APSolute Vision Server associated with the APSolute Vision server with APM server VA
(This parameter is available only installation.
with the APSolute Vision server Values:
with APM server VA offering.) • Disabled—APSolute Vision uses an external APM server.
• Enabled—APSolute Vision uses the APM server associated
with the APSolute Vision installation, and populates the
following fields with read-only values:
— Management IP Address—The IP address of the APSolute
Vision management port (G1 or G2), which is the
management port for both APM and APSolute Vision
server.
— Data IP Address—The IP address of the G4 port.
— Backup IP Address—The IP address of the G3 port. This
value is not mandatory.
Default: Disabled
Notes:
• For information on configuring the IP address for each port,
see Network IP Interface Commands, page 656.
• For information on configuring the routing for each port, see
Network Routing Commands, page 660.

Table 46: APM Server Parameters (cont.)
Management IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM management traffic.
In the APSolute Vision server with APM server VA offering, this
address is typically the management IP address of the APSolute
Vision server too. By default, this is the IP address of the G1 port
on the APSolute Vision server VA.
Port The management interface TCP port.
Values: 1–65535
Default: 443
Caution: Specifying a non-default port involves modifying the
APM server configuration. For more information, in the
Application Performance Monitoring Troubleshooting and
Technical Guide, see the appendix “Configuring a Non-Default
APM Port for APM Reports.”
Note: You can specify the port only when you add a new APM
server to the APSolute Vision configuration. You cannot modify
the port on an APM server that is already configured in
APSolute Vision. To modify the port, you need to remove the
APM server from the APSolute Vision configuration, and then,
add the APM server with the required port to the APSolute
Vision configuration again.
Data IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM data traffic. In the APSolute Vision
server with APM server VA offering, this address is typically the
IP address of the APSolute Vision G4 port. This field is significant
only for older Alteon versions 29.5, 30.0.0, 30.0.1, 30.0.2,
30.0.3, and 30.1. New versions use the configuration on the
device and ignore the Data IP Address field. The default is set
to G4, assuming that APM must support the device sending
beacons from the Alteon data interface.
Backup IP Address The IP address of the port on the SharePath/APM server that
APSolute Vision uses for APM backup traffic.
Note: This value is not mandatory.
Performance Limit The maximum events (performance reports for an HTML page)
per second that the APM server can process.
Values: 10–1000
Default: 500
Table 47: APM-Enabled Services Table
Device Name The name of the device with the APM-enabled service.
Virtual Server Index The index of the APM-enabled service.
Virtual Server IP The IP address of the APM-enabled service.
Port The port of the APM-enabled service.
Description The description of the APM-enabled service.

Table 47: APM-Enabled Services Table (cont.)
APM Application Link A hyperlink to the APM-enabled service in the APM interface.
Viewing Information on the APM-Enabled Devices

Use the APM Enabled-Devices pane to view information on the devices managed by the APSolute
Vision server that have at least one virtual service with APM enabled.
To view information on the APM-enabled devices

> In the APSolute Vision Settings view System perspective, select General Settings > APM
Settings > APM-Enabled Devices.
Table 48: APM-Enabled Devices Table
Device Name The name of the device with an APM-enabled service.
Device Management IP The IP address of the device.
Software Version The software version of the device.
APM License (PgPM) The APM license currently installed on the device.
Form Factor The form factor of the device.
Hardware Platform The platform of the device.
APM Server Management IP The IP address of the management port of the APM server.
For the APSolute Vision server with APM server VA offering, this
is the IP address of the management port of the APSolute Vision
server.
Configuring the Radware Cloud DDoS Protection Setting

Use the Radware Cloud DDoS Protection pane to specify the Radware Cloud DDoS Protection URL.
APSolute Vision uses the URL to connect to the Radware Cloud DDoS Protection service when you
click (Applications) > Cloud DDoS Portal in the APSolute Vision sidebar menu.
Note: For more information on Radware Cloud DDoS Protection services, see the Cloud DDoS
Protection Services User Guide.
To specify the Radware Cloud DDoS Protection URL

1. In the APSolute Vision Settings view System perspective, select General Settings > Radware
Cloud DDoS Protection.
2. In the Radware Cloud DDoS Protection URL text box, type the URL, and click Submit.

Configuring APSolute Vision Server Advanced

Parameters
Use the following procedure to configure additional advanced parameters and online-help
parameters for the APSolute Vision server.
To configure advanced parameters for the APSolute Vision server

Advanced.
Table 49: APSolute Vision Advanced: General Parameters
Maximum Configuration Files The maximum number of configuration files per managed device
for Device that you can store on the APSolute Vision server for backup. When
the limit is reached, you are prompted to delete the oldest file.
Values: 1–10
Default: 5
Note: If you change the maximum value to less than the number
of existing configuration files, none of the existing files will be
deleted. For example, the configured maximum value is 10 and
there are 8 configuration files, if you then change the configured
maximum value to 4, no files are deleted.
Minimal Log Level The lowest severity of messages that will be logged for debugging
purposes.
Values:
• Fatal
• Error
• Warning
• Info
• Debug
• Trace
Default: Error
Caution: Lowering the value of the Minimal Log Level
parameter may negatively affect the performance of the APSolute
Vision server. Radware recommends using the default value,
Error, except when there are specific troubleshooting
requirements.
Device Lock Timeout The time, in minutes, that a device remains locked. If you have the
appropriate permissions to configure a device, you can lock the
device so that other user cannot configure the device at the same
time.
Values: 5–180
Default: 10

Table 49: APSolute Vision Advanced: General Parameters (cont.)
Results per Page The number of rows that are displayed per table page.
Values: 10–100
Default: 50
Table 50: APSolute Vision Advanced: Online Help Parameters
Note: For changes to existing online help content to display properly, you may need to refresh
your browser display or clear the browser cache.
Online Help URL The source of the online help that clients request.
Values:
• APSolute Vision Server—The server provides the client with
online-help files stored on the server. Installation of the
APSolute Vision server includes online-help files, but if managed
devices are somehow upgraded later (with a new device, new
device version, or new device driver), the online-help files on
the server should be updated. It is the responsibility of the
APSolute Vision administrator to make sure that the help files
on the server are updated as necessary. For more information,
see Appendix A - Managing the Online-Help Package on the
Server, page 737.
• Radware.com—The client sends online-help requests to the
radware.com Web site and receives files from there. The online-
help files at radware.com are always the most up-to-date, but
you may encounter latency or connectivity problems.
Default: APSolute Vision Server
Update Opens the dialog box to update the online-help package that resides
(button) in the APSolute Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 737.
Revert to Default Help The online help currently on the server reverts to the online help
(button) package that was included with the installation of the APSolute
Vision server.
Note: For more information, see Appendix A - Managing the
Online-Help Package on the Server, page 737.
Configuring APSolute Vision Display Parameters

You can configure display parameters for APSolute Vision clients, which also affect certain other
APSolute Vision functionalities.
To configure APSolute Vision display parameters

1. In the APSolute Vision Settings view System perspective, select General Settings > Display.

Table 51: Display: General Parameters
Default Display Language The default display language for new users in the APSolute Vision
system.
Notes:
• If you change the value, the change affects only users created
after the change.
• Each user can change his/her own display language, by opening
the User drop-down dialog box (from the APSolute Vision
toolbar, in the User ribbon at the at the far right) and selecting
the language from the drop-down list of languages.
• An Administrator can specify the default language for each
specific user (see Configuring Local Users for APSolute Vision,
page 99).
Default Landing Page The page that APSolute Vision displays by default for new users in
the APSolute Vision system.
Values:
• First Device in the Tree—New users land on the Device pane
with the first available device selected, and the Configuration
perspective.
• Application SLA Dashboard—New users land on the Application
SLA Dashboard (see Using the Application SLA Dashboard,
page 561).
• Security Control Center—New users land on the Security
Control Center (see Using the Security Control Center,
page 564).
• Operator Toolbox—New users land on the Toolbox (see Using
the Toolbox, page 221).
• Service Status Dashboard—New users land on the Service
Status Dashboard (see Using the Service Status Dashboard,
page 570).
Default: First Device in the Tree
Notes:
• User roles and scopes determine whether the selected option is
relevant. If a user does not have permission to view the
selected option, he/she lands on the first permitted tab in the
APSolute Vision Settings view. For information on user roles and
scopes, see Managing APSolute Vision Users, page 83.
• Each user can change his/her own landing page (APSolute
Vision Settings view Preferences perspective, User
Preferences > Display).
• If you change the value, the change affects only users created
after the change.

Table 52: Display: Date and Time Format Parameters
Date Format The date format for information that includes date and time
displayed in the APSolute Vision Web client.
Values:
• dd.MM.yyyy
• MM.dd.yyyy
• dd/MM/yyyy
• MM/dd/yyyy
Default: dd.MM.yyyy
Time Format The time format for information that includes date and time
displayed in the APSolute Vision Web client.
Values:
• HH:mm:ss
• HH:mm:ss z
• h:mm:ss aa
• h:mm:ss aa z
Default: HH:mm:ss
Managing APSolute Vision Maintenance Files

You can open and save the maintenance files and upgrade log files of the APSolute Vision server.
To open or save a maintenance file or upgrade log file

Maintenance Files.
2. Double-click the row with the relevant file.
3. Use the dialog box to open the file with a selected application or save the file to a selected
location.

Managing Operator Toolbox Settings

Use the Operator Toolbox Settings tab to manage the graphic files for the Toolbox dashboard (see
Using and Managing Toolbox Scripts, page 221).
The file must have the PNG, SVG, or JPG extension and be no larger than 200 KB.
The table in the Operator Toolbox Settings tab comprises the following columns:
• File Name—The filename of the graphic file.
• Used by Script—The filename of the script that is associated with this graphic file (Toolbox >
Advanced > Operator Toolbox > Assign to Dashboard).
• Icon Preview—The image that the Operator Toolbox dashboard uses—or can use—to run a
script.
• Upload Date—The date the file was uploaded to APSolute Vision.
• Uploaded By—The username who uploaded the file to APSolute Vision.
Note: To replace a file with the same name, you must first delete the old file.
To upload an image file for the Toolbox dashboard

1. In the APSolute Vision Settings view System perspective, select General Settings > Operator
Toolbox Settings.

3. Click Browse and browse to the file.
4. Click Upload.
Related Topics
• Using and Managing Toolbox Scripts, page 221
• Managing Toolbox Scripts, page 244
Managing Stored Device Configuration/Backup Files

You can manage configuration files of managed devices that are stored on the APSolute Vision
server.
• View details of the configuration files of managed devices
• Save configuration files from the server to your PC
• Delete configuration files from the server
• Edit configuration file descriptions
For information about configuring the maximum number of configuration files per device that can be
stored, see Configuring APSolute Vision Server Advanced Parameters, page 162.

To access the device backups

> In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
To edit the description of a configuration file

1. In the APSolute Vision Settings view System perspective, select Device Resources > Device
Backups.
2. Double-click the relevant entry.
3. In the Description text box, add or edit the text, up to 50 characters.
To delete a configuration file from the server

Backups.
2. Select the relevant entry.
3. Click the (Delete) button.
To get the configuration file of the device from the APSolute Vision server and download
the file to the local PC
Backups.
3. Click the (Download Selected File) button.

4. Open or save the file as you require.
Table 53: Device Configuration File Parameters
File Name The name of the stored configuration file.
File Type This field always displays Regular.
SW Version The software version of the device.
Backup Date The date and time that the file was saved on the APSolute Vision server.
Description A description of the file. You can enter and edit text in this field.

To compare a device-backup file—of an Alteon, DefensePro, or LinkProof NG device—

from the APSolute Vision server to another object
Backups.
3. Click the (Compare Backup File) button.

4. From the Compare... With drop-down list, select one of the following:
— Other Device Running Configuration
— Backup File from System
— Backup File from Local File System
5. Select the device, configuration, or file.

6. Click OK.
Viewing Device Subscriptions

Use the Device Subscriptions pane to view information on the devices that APSolute Vision manages,
the associated support agreements, and the associated subscriptions. The table in the Device
Subscriptions tab displays all managed devices of most device types—including Alteon VX devices.
The table retrieves information on the devices from Radware, and displays the information even
when a device is unavailable to APSolute Vision. You can sort and filter the table according to your
needs. You can also export the contents of the table in the pane to a CSV file—according to any filter
that is applied.
Caution: The functionality of the Device Subscriptions pane requires connectivity to radware.com
or the proxy server that is configured in the APSolute Vision settings (APSolute Vision Settings view
System perspective, General Settings > Connectivity > Proxy Server Parameters).

Notes
• Columns in the Device Subscriptions table display N/A when there is no connectivity to
radware.com or the proxy server that is configured in the APSolute Vision settings.
• Radware’s Security Update Service (SUS) is a subscription service for security advisories and
signature updates, which delivers rapid and continuous updates.
• The Fraud Signature Protection subscription provides protection against fraud and phishing
attacks using the DefensePro Fraud Protection module.
• The ERT Active Attackers Feed is a subscription service that updates DefensePro devices with IP
addresses of known attackers that were recently active. The feed is generated by Radware’s
Threat Research Center.
• The Device Subscriptions table does not display DefenseFlow devices.
• The Device Subscriptions table does not display vADC devices that APSolute Vision does not
manage.
• Except for AppWall devices, all of the subscriptions are based on the device MAC address.
• For your convenience, the Device Subscriptions pane includes a link to the APSolute Vision
License Management tab (see Managing APSolute Vision Licenses and Viewing Capacity
Utilization, page 154).
You can use the Device Subscriptions table to help you manage your device repository, and make
sure you have all of the required subscriptions, prior to updating your devices. For example, when
you want to upgrade device software, you can first check the Device Subscriptions table, and verify
that all devices have a support agreement. You can filter the table for Support Agreement: No and
locate devices that do not have a support agreement. If there are no such devices, you can continue
and upgrade the devices. If there are devices that do not have a valid support agreement, you can
export the table to a CSV file and use the file to send Radware the list of MAC addresses lacking a
support agreement. Radware will check whether there’s is an error in the database or the device
MAC addresses are not registered. After handling errors and purchases and refreshing the Device
Subscriptions table, all relevant rows will show Support Agreement: Yes. You can then continue
with the device upgrade.
To open the Device Subscriptions pane

> In the APSolute Vision Settings view System perspective, select Device Resources > Device
Subscriptions.
The following table describes the Device Subscriptions table.
Table 54: Device Subscriptions Table Parameters
Device Name The name of the device.
Device Type The type of the device.
MAC Address The MAC address of the device.
Note: AppWall devices do not use the MAC address for to register
agreements. Instead, AppWall devices use the host ID to register
agreements.
Software Version The software version of the device.
Valid Support Specifies whether there is a valid Support Agreement for the device.
Agreement Values: N/A, Yes, No

Table 54: Device Subscriptions Table Parameters (cont.)
Support Agreement The expiration date of the Support agreement.
Expiration Date
Valid SUS Agreement Specifies whether there is a valid SUS agreement for the device.
Values: N/A, Yes, No
SUS Expiration Date The expiration date of the SUS agreement.
Valid Fraud Updates Specifies whether there is a valid Fraud Updates agreement for the
Agreement device.
Fraud Expiration Date The expiration date of the Fraud agreement.
ERT Active Attackers Specifies whether there is a valid ERT Active Attackers Feed subscription
Feed Subscription for the device.
ERT Active Attackers The expiration date of the ERT Active Attackers Feed subscription.
Feed Expiration Date
To export a CSV file with the information in the Device Subscriptions table
Subscriptions.
2. Click (Export Table to CSV File).

3. View the file or specify the location and file name, and then, click Save.
Controlling APSolute Vision Operations

You can perform the following operations on APSolute Vision:
• Back up the APSolute Vision data—You can back up the configuration tables and other APSolute
Vision data. To back up the database including real-time and historical reports, you must use CLI
commands. For more information, see Using vDirect with APSolute Vision, page 725.
• Update the Attack Description file.
You can perform the following operations using APSolute Vision CLI:
• Restoring the appliance configuration.
• Restoring the server configuration.
• Restarting the APSolute Vision server.
For more information about APSolute Vision CLI commands, see Using vDirect with APSolute Vision,
page 725.

CHAPTER 5 – MANAGING DEVICES,
SITES, AND LOGICAL GROUPS
Before you can configure Radware devices through APSolute Vision, you add devices to the APSolute
Vision server configuration. You can group devices into Sites and/or Logical Groups.
• Using the Device Pane, page 171
• Configuring Sites, page 172
• Managing Individual Devices, page 174
• Locking and Unlocking Devices, page 189
• Managing DefensePro Clusters for High Availability, page 191
• Using the Multi-Device View and the Multiple Devices Summary, page 196
• Using Logical Groups of Devices, page 199
• After You Set Up Your Managed Devices, page 203
Note: To add Alteon or DefensePro devices, you can also use vDirect with APSolute Vision. For more
information, see Using vDirect with APSolute Vision, page 725.
Using the Device Pane

You organize the devices that APSolute Vision manages in the device pane.
The following topics describe using the device pane:
• Device Pane Trees, page 172
• Icons for High Availability, page 172
• Configuring Sites, page 172
• Tree Nodes, page 174
• Exporting a CSV File with the Devices in the Sites and Devices Tree, page 174
• Filtering Entities in the Device Pane, page 174
Note: For a picture of the device pane, see Figure 23 - Device Pane (Not Docked)—Showing the
Sites and Devices Tree, page 61.

Managing Devices, Sites, and Logical Groups
Device Pane Trees

To organize and manage devices, the device pane includes the following three different trees:
• Sites and Devices—The Sites and Devices tree can contain:
— Alteon standalone, VA, and vADC devices and clusters of Alteon devices for high availability
— AppWall devices and clusters of AppWall devices for high availability
— DefensePro devices and clusters of DefensePro devices for high availability
Note: You can configure DefensePro high-availability clusters only on DefensePro version
6.x and 7.x devices.
— LinkProof NG devices
• Physical Containers—The Physical Containers tree can contain the managed ADC-VX
instances, and Sites with ADC-VX instances. After you add an ADC-VX to the Physical Containers
tree, you can configure the vADCs that the ADC-VX hosts. The vADCs that the ADC-VX is hosting
are displayed as child nodes of the ADC-VX. Once a vADC is managed in the Physical Containers
tree, you can only configure the corresponding vADC entity in the Sites and Devices tree.
• Logical Groups—The Logical Groups tree contains user-defined Logical Groups. A Logical
Group is a group of devices of the same type, which you manage as a single entity. For more
information on Logical Groups, see Using Logical Groups of Devices, page 199.
To display another tree, click the button, and select the name of the tree that you require.
Icons for High Availability

In the Sites and Devices tree, you can create clusters of devices for high availability. APSolute Vision
displays DefensePro primary devices and AppWall cluster managers with a green border.
Figure 33: Icon for a Primary Device in a DefensePro Cluster
Figure 34: Icon for an AppWall Cluster Manager
Configuring Sites
You can configure Sites in the Sites and Devices tree and in the Physical Containers tree. You may
configure Sites according to a geographical location, administrative function, or device type. You can
nest Sites; that is, each Site can contain child Sites and devices. By default, the root Site is called
Default. You can rename this Site, and add nested Sites and devices. You can add, rename, and
delete Sites. When you delete a Site, you must first remove all its child Sites and devices.
When you manage a vADC hosted by an ADC-VX in the Physical Containers tree, you specify the Site
under which that vADC is displayed in the Sites and Devices tree.
You can also display real-time security monitoring for multiple devices. You can select a Site or
select multiple devices (using standard, mouse click/keyboard combinations) even if the devices are
in the same Site.

Notes
• To move a device between Sites, you must first delete the device from the tree and then add the
device in the required Site.
• A Site cannot have the same name as a device, and Sites nested under different parent Sites
cannot have the same name.
• You cannot delete the Default Site, but you can rename it.
To add a new Site
1. In the device pane, click the icon, and select Sites and Devices or Physical Containers.
2. In the device pane Sites and Devices tree or Physical Containers tree, select the Site node in
which you want to create the new Site.
3. Click the (Add) button in the tab toolbar.

4. From the Type drop-down list, select Site.
5. In the Name text box, type the name of the Site.
6. Click Submit.
Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name
of a Site and the Site name changes, the user definition in the RADIUS or TACACS+ server must be
updated accordingly.
If the name of an APSolute Vision Site changes and APSolute Vision authenticates the users locally,
APSolute Vision updates the relevant scopes for the users.
To rename a Site
2. Select the Site.
3. Click the (Edit) button.

4. In the Name text box, type the name of the Site.
5. Click Submit.
To delete a Site
2. Select the Site.
3. Click the (Delete) button and confirm your action.

Tree Nodes
Tree nodes are arranged alphabetically in the tree within each level. For example, a Site called
Alteon_Site appears before a Site at the same level called DefensePro_Site.
All nested Sites appear before devices at the same level, regardless of their alphanumerical order.
All node names in a tree must be unique. For example, you cannot give a Site and a device the same
name, and you cannot give devices in different Sites the same name.
Node names are case-sensitive.
Exporting a CSV File with the Devices in the Sites and Devices Tree
You can export a CSV file with the devices in the Sites and Devices tree. The CSV file includes
information on each device. The file does not include information regarding associated Sites.
For more information, see the procedure To export a CSV file with the devices in the Sites and
Devices tree, page 187.
Filtering Entities in the Device Pane

You can filter the Sites, devices, and Logical Groups that APSolute Vision displays. The filter applies
to all the Sites, devices, and Logical Groups in the tree. The filter does not change the contents of
the tree, only how APSolute Vision displays the tree to you. By default, APSolute Vision displays all
the Sites, devices, and Logical Groups that you have permission to view. To each node in the tree,
APSolute Vision appends the number of devices matching the filter at that level according to your
RBAC permissions.
You can filter the Sites, devices, and Logical Groups that APSolute Vision displays according to the
following criteria:
• Status—Up, Down, Maintenance, or Unknown. The Logical Groups tab includes the criteria
Valid and Invalid.
• Type—Alteon, AppWall, DefensePro, or LinkProof NG. The Physical Containers tab does
not display this field.
• Name—The name of a device, Site, Logical Group, or string contained in the name (for
example, the value aRy matches an element named Primary1 and SecondaryABC).
• IP Address—The IP address or portion of the IP address.
After you configure the filter criteria, to apply the filter, click the button to apply the filter.
Click the button to cancel the filter.
Managing Individual Devices

Before you can manage a device in APSolute Vision, you need to add the device to the appropriate
Site tree in the device pane.
The number of devices that APSolute Vision can manage depends on the Right to Use (RTU) license.
For information on managing licenses in APSolute Vision, see Managing APSolute Vision Licenses and
Viewing Capacity Utilization, page 154.
When you add a device, you can define a name for it. You also provide the device-connection
information, including authentication parameters (credentials) for communication between the
device and the APSolute Vision server.
After APSolute Vision connects to the device, basic device information is displayed in the content
pane, and device properties information is displayed in the device-properties pane.

After submitting device-connection information, the APSolute Vision server verifies that it can
connect to the device. APSolute Vision then retrieves and stores the device information and licensing
information.
After the connection has been established, you can modify some of the connection information and
configure the device.
When you add a device or modify device properties, you can specify whether the APSolute Vision
server configures itself as a target of the device events and whether the APSolute Vision server
removes from the device all recipients of device events except for its own address. For more,
important information, see APSolute Vision Server Registered for Device Events—Alteon and
LinkProof NG, page 188, APSolute Vision Server Registered for Device Events—DefensePro,
page 188, or APSolute Vision Server Registered for Device Events—AppWall, page 189.
After adding devices, you can create clusters of the main and backup devices, or the primary and
secondary devices (according to the device type).
Notes
• A device cannot have the same name as a Site.
• Devices in different Sites cannot have the same name.
• You can change the name of a device after you have added it to the APSolute Vision
configuration.
• To move a device between Sites, you must first delete the device from the tree and then add it
to the required target Site.
• If you replace a device with a new device to which you want to assign the same management IP
address, you must delete the device from the Site and then recreate it for the replacement.
• When you delete a device, you can no longer view historical reports for that device.
• When you delete a device, the device alarms and security monitoring information are removed
also.
• You can export a CSV file with the devices in the Sites and Devices tab. The CSV file includes
information on each device. The file does not include information regarding associated Sites. For
more information, see the procedure To export a CSV file with the devices in the Sites and
Devices tree, page 187.
• HTTPS is used for downloading/uploading various files from/to managed devices, including:
configuration files, certificate and key files, attack-signature files, device-software files, and so
on. APSolute Vision uses Transport Layer Security (TLS) protocol version 1.1 or later for
DefensePro 6.x versions 6.14.05 and later, 7.x versions 7.42.07 and later, and 8.x versions 8.13
and later. In the CLI of DefensePro 8.x versions 8.19 and later, you can disable the TLS version
1.1 to use only version 1.2, using the manage ssl version command.
• You can configure APSolute Vision to manage multiple Alteon vADCs hosted by an ADC-VX
managed by the same APSolute Vision server.
Caution: If a DefensePro device was added to APSolute Vision using vDirect (that is, registered on
APSolute Vision), and the device Web (HTTPS) credentials are different from the CLI (SSH)
credentials, you must update the Web credentials of the device in the APSolute Vision Device
Properties dialog box. For the procedure, see To add a new device or edit device-connection
information, page 176. For more information on vDirect, see Using vDirect with APSolute Vision,
page 725 and Registering a DefensePro Instance, page 733.

This section includes the procedures to do the following:

• To add a new device or edit device-connection information, page 176—Relevant for the
following device types:
— Alteon standalone
— Alteon VA
— Alteon vADC not hosted by an ADC-VX managed by the same APSolute Vision server
— AppWall
— DefensePro
— LinkProof NG
• To add an ADC-VX or edit ADC-VX connection information, page 180
• To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by
the same APSolute Vision server, page 183
• To delete a device, page 187—Relevant for the following device types:
— Alteon standalone
— Alteon VA
— Alteon vADC displayed in the Sites and Devices tree
— AppWallDefensePro
— LinkProof NG
• To delete an ADC-VX, page 187
To add a new device or edit device-connection information
1. In the device pane, click the icon, and select Sites and Devices.
2. In the device pane Sites and Devices tree, do one of the following:
— To add a new device:
a. Navigate to and select the Site name to which you want to add the device.
b. Click the (Add) button in the tab toolbar.

c. From the Type drop-down list, select the device type that you require.
— To edit device-connection information:
a. Select the device name.
b. Click the (Edit) button.

pane, and device properties information is displayed in the device-properties pane.

Table 55: Device Properties: General Parameters
Type The type of the object.
Values:
• Site
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Name The name of the device.
Notes:
• There are some reserved words (for example,
DefenseFlow) that APSolute Vision does not allow as
names.
• You can change the name of a device after you have
added it to the APSolute Vision configuration.
Table 56: Device Properties: SNMP Parameters
(This tab is available only for Alteon, DefensePro, and LinkProof NG devices.)
Management IP The management IP address as it is defined on the managed
device.
Note: Once you add the device to the APSolute Vision
configuration, you cannot change its IP address.
SNMP Version The SNMP version used for the connection.
SNMP Read Community The SNMP read community name.
(This parameter is displayed only
when SNMP Version is SNMPv1 or
SNMPv2.)
SNMP Write Community The SNMP write community name.
when SNMP Version is SNMPv1 or
SNMPv2.)
(This parameter is displayed only Maximum characters: 18
when SNMP Version is SNMPv3.)
Use Authentication Specifies whether the device authenticates the user for a
(This parameter is displayed only successful connection.
when SNMP Version is SNMPv3.) Default: Disabled
Authentication Protocol The protocol used for authentication.
(This parameter is available only Values: MD5, SHA
when the Use Authentication Default: SHA

Table 56: Device Properties: SNMP Parameters (cont.)
Authentication Password The password used for authentication.
(This parameter is available only Caution: The password should be at least eight
when the Use Authentication characters. vDirect requires that password be at least
checkbox is selected.) eight characters.
Use Privacy Specifies whether the device encrypts SNMPv3 traffic for
(This parameter is available only additional security.
when and the Use Authentication Default: Disabled
Privacy Protocol Value: DES, AES128
(This parameter is available only Default: DES
when and the Use Privacy
Caution: AES128 is supported only in Alteon version 30.5
and later, DefensePro 7.x versions 7.42.06 and later, and
DefensePro 8.x versions 8.20.0 and later. If you select
AES128 and the device software version does not support
AES128, APSolute Vision will fail to connect to the device.
(This parameter is available only Caution: The password should be at least eight
when the Use Privacy checkbox is characters. vDirect requires that password be at least
selected.) eight characters.
Table 57: Device Properties: HTTP/S Access Parameters
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to
(This option is not available for the managed device.
AppWall.) Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to
(This option is not available for the managed device.
AppWall.) Default: Enabled
(This option is available only for device.
AppWall.) Note: Once you add the device to the APSolute Vision
User Name The username for HTTP and HTTPS communication.
Maximum characters:
• In DefensePro 8.x versions 8.20 and later: 32
• In DefensePro 6.x and 7.x versions, DefensePro 8.x
versions earlier than 8.20, and other products: 18
Password The password used for HTTP and HTTPS communication.
HTTP Port The port for HTTP communication with the device.
Default: 80

Table 57: Device Properties: HTTP/S Access Parameters (cont.)
HTTPS Port The port for HTTPS communication with the device.
Default: 443
Table 58: Device Properties: SSH Access Parameters
(This tab is available only for Alteon, DefensePro, LinkProof NG devices.)
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name The username for SSH access to the device.
Default: admin
Password The password for SSH access to the device.
Default: admin
SSH Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for the
SSH port configured in the device (Configuration
perspective, System> Management Access >
Management Protocols > SSH).

Table 59: Device Properties: Event Notification Parameters
Register This APSolute Vision Server Specifies whether the APSolute Vision server configures
for Device Events itself as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself as
a target of the device events (for example, traps, alerts,
IRP messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Notes:
• APSolute Vision runs this action each time you click
Submit in the dialog box.
• For more, important information, see the following
relevant section:
— APSolute Vision Server Registered for Device
Events—Alteon and LinkProof NG, page 188
Events—DefensePro, page 188
Events—AppWall, page 189
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to
(This parameter is available only which the managed device sends events.
when the Register This APSolute Select an APSolute Vision server interface that is used as the
Vision Server for Device Events APSolute Vision server data port, and is configured to have a
checkbox is selected.) route to the managed devices.
Remove All Other Targets of Device Specifies whether the APSolute Vision server removes from
Events the device all recipients of device events (for example, traps,
(This parameter is available only and IRP messages) except for its own address.
when the Register This APSolute Default: Disabled
Vision Server for Device Events
Note: APSolute Vision runs this action each time you click
Submit in the dialog box. For example, if you select the
checkbox and click Submit—and later, a trap target is
added to the trap target-address table—APSolute Vision
removes the additional address the next time you click
To add an ADC-VX or edit ADC-VX connection information
1. In the device pane, click the icon, and select Physical Containers.

— To add a new device:

a. Navigate to and select the Site name to which you want to add the ADC-VX.
b. Click the (Add) button in the tab toolbar.

c. From the Type drop-down list, select Alteon.
— To edit device-connection information:
a. Select the device name.
b. Click the (Edit) button.

pane, and device properties information is displayed in the device-properties pane. The vADCs
that the ADC-VX is hosting are displayed as child nodes of the ADC-VX. The name format in the
vADC child nodes is <ADC-VX Name>_vADC-<vADC ID>.
Table 60: ADC-VX Device Properties: General Parameters
Type The type of the object.
Values: Site, Alteon
Name The name of the device.
Notes:
names.
Table 61: ADC-VX Device: SNMP Properties
device.
when SNMP Version is SNMPv1
or SNMPv2.)
(This parameter is displayed only Maximum characters: 18
when SNMP Version is
SNMPv3.)
(This parameter is displayed only successful connection.
when SNMP Version is Default: disabled
SNMPv3.)

Table 61: ADC-VX Device: SNMP Properties (cont.)
(This parameter is available only Values: MD5, SHA
when the Use Authentication Default: SHA
(This parameter is available only
when the Use Authentication
(This parameter is available only additional security.
when and the Use Default: Disabled
selected.)
Privacy Protocol Values: DES, AES128
(This parameter is available only Default: DES
when and the Use Privacy
Note: AES128 is supported in Alteon only on version 30.5
and later. If the device software version does not support
AES128, APSolute Vision will fail to connect to the device.
(This parameter is available only
when the Use Privacy checkbox
is selected.)
Table 62: ADC-VX Device: HTTP/S Access Properties
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to the
managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5 and
later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access to the
managed device.
Default: Enabled
Default: admin
Default: admin
Default: 80
Default: 443

Table 63: ADC-VX Device: Event Notification Properties
Register This APSolute Vision Specifies whether the APSolute Vision server configures itself
Server for Device Events as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself as a
target of the device events (for example, traps, alerts, IRP
messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision server
adds the device without registering itself as a target for
events.
For an existing device, the APSolute Vision removes itself
as a target of the device events.
Default: Enabled
Notes:
• For more, important information, see APSolute Vision
Server Registered for Device Events—Alteon and LinkProof
NG, page 188.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to which
(This parameter is available only the managed device sends events.
when the Register This
APSolute Vision Server for
Device Events checkbox is
selected.)
Remove All Other Targets of Specifies whether the APSolute Vision server removes from the
Device Events device all recipients of device events (for example, traps, and
(This parameter is available only IRP messages) except for its own address.
when the Register This Default: Disabled
APSolute Vision Server for APSolute Vision runs this action each time you click Submit in
Device Events checkbox is the dialog box. For example, if you select the checkbox and
selected.) click Submit—and later, a trap target is added to the trap
target-address table—APSolute Vision removes the additional
address the next time you click Submit in the dialog box.
To configure APSolute Vision to manage one or more vADCs hosted by an ADC-VX

managed by the same APSolute Vision server
1. In the device pane, click the icon, and select Physical Containers.
2. Expand the node of the ADC-VX that hosts the vADC.
3. Select the vADCs and click the (Manage vADC) button.

4. In the Device Properties dialog box, configure the parameters, and click Submit.
After APSolute Vision connects to the vADC, the vADC is displayed in the device pane Sites and
Devices tree. The device information is displayed in the content pane, and device properties
information is displayed in the device-properties pane. Once you add the vADC to the device
pane Sites and Devices tree, you cannot change its location or configure any of its properties
from the Physical Containers tree.
Table 64: vADC Device Properties: General Parameters
Name The name of the device. You can change the default.
(This parameter is not available when Notes:
configuring APSolute Vision to manage
multiple vADCs.)
names.
Location The Site in the device pane Sites and Devices tree where
APSolute Vision locates the vADC.
Table 65: vADC Device Properties: SNMP Parameters
Management IP The management IP address as it is defined on the
managed device.
(This parameter is displayed only when
SNMP Version is SNMPv1 or SNMPv2.)
(This parameter is displayed only when Maximum characters: 18
SNMP Version is SNMPv3.)
(This parameter is displayed only when successful connection.
SNMP Version is SNMPv3.) Default: disabled
(This parameter is displayed only when Values: MD5, SHA
the Use Authentication checkbox is Default: SHA
selected.)
the Use Authentication checkbox is
selected.)
(This parameter is displayed only when additional security.
and the Use Authentication checkbox Default: disabled
is selected.)

Table 65: vADC Device Properties: SNMP Parameters (cont.)
Privacy Protocol Values: DES, AES128
(This parameter is available only when Default: DES
and the Use Privacy checkbox is
Note: AES128 is supported only on Alteon version 30.5
selected.)
and later, and on a future Defense version. If the
device software version does not support AES128,
APSolute Vision will fail to connect to the device.
the Use Privacy checkbox is selected.)
Table 66: vADC Device Properties: HTTP/S Access Parameters
Verify HTTP Access Specifies whether APSolute Vision verifies HTTP access to
the managed device.
Default: Enabled
Note: This option is not used for Alteon versions 29.5
and later.
Verify HTTPS Access Specifies whether APSolute Vision verifies HTTPS access
to the managed device.
Default: Enabled
Default: admin
Default: admin
Default: 80
Default: 443
Table 67: vADC Device Properties: SSH Access Parameters
Note: To configure and apply certain features, APSolute Vision requires SSH access to run CLI
commands on the Alteon device.
User Name The username for SSH access to the device.
Default: admin
Password The username for SSH access to the device.
Default: admin

Table 67: vADC Device Properties: SSH Access Parameters (cont.)
SSH Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for
the SSH port configured in the device (Configuration
perspective, System > Management Access >
Management Protocols > SSH).
Table 68: vADC Device Properties: Event Notification Parameters
Register This APSolute Vision Server for Specifies whether the APSolute Vision server configures
Device Events itself as a target of the device events.
Values:
• Enabled—The APSolute Vision server configures itself
as a target of the device events (for example, traps,
alerts, IRP messages, and packet-reporting data).
• Disabled—For a new device, the APSolute Vision
server adds the device without registering itself as a
target for events.
For an existing device, the APSolute Vision removes
itself as a target of the device events.
Default: Enabled
Notes:
Server Registered for Device Events—Alteon and
LinkProof NG, page 188.
Register APSolute Vision Server IP The port and IP address of the APSolute Vision server to
(This parameter is available only when which the managed device sends events.
the Register This APSolute Vision
Server for Device Events checkbox is
selected.)
Remove All Other Targets of Device Specifies whether the APSolute Vision server removes
Events from the device all recipients of device events (for
(This parameter is available only when example, traps, and IRP messages) except for its own
the Register This APSolute Vision address.
Server for Device Events checkbox is Default: Disabled
selected.)
Notes:
Submit in the dialog box. For example, if you select
the checkbox and click Submit and later, a trap
target is added to the trap target-address table—
APSolute Vision removes the additional address the
next time you click Submit in the dialog box.
Server Registered for Device Events—Alteon and
LinkProof NG, page 188.

The following procedure, To delete a device, page 187, is relevant for the following device types:
• Alteon standalone
• Alteon VA
• Alteon vADC displayed in the Sites and Devices tree
• AppWallDefensePro
• LinkProof NG
To delete a device
2. Select the device name, and click the (Delete) button.

3. Click Yes in the confirmation box. The device is deleted from the list of managed devices.
To delete an ADC-VX
1. In the device pane Physical Containers tree, select the device name and click the (Delete)
button.
2. Click Yes in the confirmation box. The device is deleted from the list.
To export a CSV file with the devices in the Sites and Devices tree
2. Click (Export Device List to CSV).

3. View the file or specify the location and file name, and then, click Save.
The CSV file includes the following columns:
— Device Name
— Device Type
— Status
— Management IP Address
— Software Version
— MAC Address
— License
— Platform
— Form Factor
— HA Status
— Device Driver
Note: The file does not include information regarding Sites or Logical Groups.

APSolute Vision Server Registered for Device Events—

Alteon and LinkProof NG
In the Device Properties dialog box, you can specify the following actions—which APSolute Vision
runs each time you click Submit in the dialog box:
• Whether the APSolute Vision server configures itself as a target of the device events (Register
This APSolute Vision Server for Device Events checkbox)
• Whether the APSolute Vision server removes from the device all recipients of device events
except for its own address (Remove All Other Targets of Device Events checkbox)
In Alteon, when you select the Remove All Other Targets of Device Events checkbox and run
the Apply command, APSolute Vision configures itself as a target of the device events and ensures
that the device also sends traps for authentication-failure events.
Alteon, by default, does not send traps for authentication-failure events.
Use the following CLI command to enabling sending traps for these events:
/cfg/sys/ssnmp/auth
You can view the APSolute Vision address target with the following CLI commands:
• /cfg/sys/ssnmp/trap1
• /cfg/sys/ssnmp/trap2

DefensePro
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and
display information about the device.
DefensePro supports a device being managed by multiple APSolute Vision servers.

When multiple APSolute Vision servers manage the same DefensePro device, the device sends the
following:
• Traps to all the APSolute Vision servers that manage it. The Target Address table and the Target
Parameters table contain entries for all APSolute Vision servers.
• Packet-reporting data only to the last APSolute Vision server that registered on the device.


AppWall
Caution: If the Register This APSolute Vision Server for Device Events checkbox is cleared,
the Alert browser, security reporting, and APSolute Vision Reporter (AVR) might not collect and
display information about the device. If the checkbox is cleared, and you want AppWall to send
security events to APSolute Vision and/or AVR, you need to manually configure AppWall to send
security events to APSolute Vision and/or AVR.
With AppWall version 6.6.1 and later, and for Alteon version 30.5 with embedded AppWall—or a
future version of AppWall for Alteon, when APSolute Vision server configures itself as a target of the
device events (Register This APSolute Vision Server for Device Events checkbox):
• AppWall sends the device events (that is, the syslog security events) to port 2215 on the
• APSolute Vision displays the events in the Security Monitoring perspective.
• APSolute Vision forwards the events to AVR for historical security reporting.
With AppWall versions earlier than 6.6.1—or AppWall for Alteon earlier than version 30.5, APSolute
Vision server cannot configure itself as a target of the device events. Rather, in the configuration of
the AppWall or AppWall for Alteon device, you must manually configure the APSolute Vision
management IP address as a syslog server. If you specify port 2214 for the syslog server, AppWall
security events are displayed (only) in AVR. If you specify port 2215 for the syslog server, AppWall
security events are displayed in AVR and in the Security Monitoring perspective.
Locking and Unlocking Devices

When you have permission to perform device configuration on a specific device, you must lock the
device before you can configure it. Locking the device ensures that other users cannot make
configuration changes at the same time. The device remains locked until you unlock the device, you
disconnect, until the Device Lock Timeout elapses, or an Administrator unlocks it.
Locking a device does not apply to the same device that is configured on another APSolute Vision
server, using Web Based Management, or using the CLI.
Note: Only one APSolute Vision server should manage any one Radware device.

While the device is locked:
• The device icon in the device pane includes a small lock symbol— for Alteon and
LinkProof NG, for AppWall, and for DefensePro.

• Configuration panes are displayed in read-only mode to other users with configuration
permissions for the device.
• If applicable, the Submit button is available.
• If applicable, the (Add) button is displayed.
To lock a single device
2. Select the device.
3. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of a locked padlock).
To unlock a single device
2. Select the device.
3. In the device-properties pane, click (the drawing of the locked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).
To lock multiple devices
2. Select the devices to lock. You can select a Site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same Site.
3. Click the (View) button.
4. In the device-properties pane, click (the drawing of the unlocked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of a locked padlock).

To unlock multiple devices
2. Select the devices to unlock. You can select a Site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same Site.
4. In the device-properties pane, click (the drawing of the locked padlock at the lower-left
corner of the device drawing). The drawing changes to (a picture of an unlocked padlock).
Tip: If you APSolute Vision setup uses Logical Groups, you can select a Logical Group to lock or
unlock the devices in it.
Managing DefensePro Clusters for High Availability

Radware recommends installing DefensePro devices in pairs to provide high availability (HA)—that
is, fault tolerance in the case of a single device failure.
Note: DefensePro does not support this feature when the Device Operation Mode is IP (see
Configuring the Device Operation Mode for DefensePro, page 1394).
• High-Availability in DefensePro—Overview, page 191
• Configuring DefensePro High-Availability Clusters, page 194
• Monitoring DefensePro Clusters, page 195
• Synchronizing High-Availability Devices and Switching the Device States, page 196
High-Availability in DefensePro—Overview
To support high availability (HA), you can configure two compatible DefensePro devices to operate in
a two-node cluster. One member of the cluster is configured as the primary; the other member of
the cluster assumes the role of secondary.
Both cluster members must meet the following requirements:
• Must use the same:
— Platform
— Software version
— Software license
— Throughput license
— Radware signature file
• Must be on the same network.
• Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both devices,
or both MNG-1 and MNG-2 on both devices).

When you configure a cluster and submit the configuration, the newly designated primary device
configures the required parameters on the designated secondary device.
You can configure a DefensePro high-availability cluster in the following ways:
• To configure the primary device of the cluster, the failover parameters, and the advanced
parameters, you can use the High Availability pane (Configuration perspective, Setup >
High Availability). When you specify the primary device, you specify the peer device, which
becomes the secondary member of the cluster.
• To configure only the basic parameters of a cluster (Cluster Name, Primary Device, and
Associated Management Ports), you can use the Create Cluster pane. The following graphic
shows the Create Cluster pane and the device pane.
Figure 35: Create Cluster Pane
The members of a cluster work in an active-passive architecture.

When a cluster is created:
• The primary device becomes the active member.
• The secondary device becomes the passive member.
• The primary device transfers the relevant configuration objects to the secondary device.
A secondary device maintains its own configuration for the device users, IP interfaces, routing, and
the port-pair Failure Mode.
A primary device immediately transfers each relevant change to its secondary device. For example,
after you make a change to a Network Protection policy, the primary device immediately transfers
the change to the secondary device. However, if you change the list of device users on the primary
device, the primary device transfers nothing (because the secondary device maintains its own list of
device users).
The passive device periodically updates the baselines for BDoS and HTTP Mitigator protections with
the values from the active device.

The following situations trigger the active device and the passive device to switch states (active to
passive and passive to active):
• The passive device does not detect the active device according to the specified Heartbeat
Timeout.
• All links are identified as down on the active device according to the specified Link Down
Timeout.
• Optionally, the traffic to the active device falls below the specified Idle Line Threshold for the
specified Idle Line Timeout.
• You issue the Switch Over command. To switch the device states, select the cluster node, and
then select Switch Over.
The actions that you can perform on a secondary device are limited.
You can perform only the following actions on a secondary device:
• Switch the device state (that is, switch over active to passive and passive to active).
• Break the cluster if the primary device is unavailable.
• Configure management IP addresses and routing.
• Configure the port-pair Failure Mode.
• Manage device users.
• Download a device configuration.
• Upload a signature file.
• Download the device log file.
• Download the support log file.
• Reboot.
• Shut down.
• Change the device name.
• Change the device time.
• Initiate a baseline synchronization if the device is passive, using the CLI or Web Based
Management.
Notes
• To create a cluster, the devices must not be locked by another user.
• By design, an active device does not fail over during a user-initiated reboot. Before you reboot
an active device, you can manually switch to the other device in the cluster.
• You can initiate a baseline synchronization if a cluster member is passive, using the CLI or Web
Based Management.
• When you upgrade the device software, you need to break the cluster (that is, ungroup the two
devices). Then, you can upgrade the software and reconfigure the cluster as you require.
• In an existing cluster, you cannot change the role of a device (primary to secondary or vice
versa). To change the role of a device, you need to break the cluster (that is, ungroup the two
devices), and then, reconfigure the cluster as you require.
• If the devices of a cluster belong to different Sites, APSolute Vision creates the cluster node
under the Site where the primary device resides; and APSolute Vision removes the secondary
device from the Site where it was configured.
• APSolute Vision issues an alert if the state of the cluster members is ambiguous—for example, if
there has been no trigger for switchover and both cluster members detect traffic. However,
during the initial synchronization process, the state of the cluster members is momentarily
ambiguous, and this situation is normal.

• When a passive device becomes active, any grace time resets to 0 (for example, the time of the
Graceful Startup Mode Startup Timer).
• You can monitor high-availability operation in the High Availability pane of the Monitoring
perspective (Monitoring perspective, Operational Status > High Availability).
• The Properties pane displays the high-availability information of the selected device.
Configuring DefensePro High-Availability Clusters

You can configure DefensePro high-availability clusters from the APSolute Vision device pane Sites
and Devices tree.
To create a DefensePro high-availability cluster

1. In the device pane Sites and Devices tree, select the two DefensePro devices for the cluster
(select one device and press Ctrl and click the other device).
2. Click the (Create Cluster) button.

Table 69: Cluster Setup Parameters
Cluster Name The name for the cluster (up to 32 characters).
Primary Device Specifies which of the cluster members is the primary device.
Associated Management Ports Specifies the management (MNG) port or ports through which the
primary and secondary devices communicate.
Values: MNG1, MNG2, MNG1+2
Note: You cannot change the value if the currently specified
management port is being used by the cluster. For example, if
the cluster is configured with MNG1+2, and MNG1 is in use,
you cannot change the value to MNG2.
To break a DefensePro high-availability cluster

1. In the device pane Sites and Devices tree, select the cluster node.
2. Click the (Break Cluster) button.

After your confirmation, the cluster node is removed from the tree, and the DefensePro devices
are displayed under the parent node.
To rename a DefensePro high-availability cluster


3. In the Cluster Name text box, type the new name (up to 32 characters).
4. Click Submit.
To change the associated management ports of a DefensePro high-availability cluster


3. Configure the parameters, and then click Submit.
Note: You cannot change the value if the currently specified management port is being used by
the cluster. For example, if the cluster is configured with MNG1+2, and MNG1 is in use, you
cannot change the value to MNG2.
Monitoring DefensePro Clusters

In the device pane, APSolute Vision identifies the high-availability cluster elements, roles, modes,
and states using various combinations of icons and icon elements.
The following table describes the icons that APSolute Vision displays in the device pane for
DefensePro high-availability clusters.
Table 70: Icons for DefensePro High-Availability Clusters
Icon Description
Cluster
Primary device
Secondary device
The following table describes the icon elements that APSolute Vision displays in the device pane for
Table 71: Icons Elements for DefensePro High-Availability Clusters
Icon Element Description

Active device
Synchronizing
Unavailable
The following table describes some icons that APSolute Vision can display in the device pane for
Table 72: Icons for DefensePro High-Availability Clusters—Examples
Icon Description
The cluster is operating normally.

Table 72: Icons for DefensePro High-Availability Clusters—Examples (cont.)
Icon Description
The primary device is active, unlocked, and operating normally.
The primary device is passive, unlocked, and operating normally.
The secondary device is active, locked, and operating normally.
The secondary device is passive, unlocked, and operating normally.
The device is unavailable.
Synchronizing High-Availability Devices and Switching the Device States

Use the Synchronize button to synchronize the members of a high-availability cluster. Use the
Switch Over button to switch the state of the members of a high-availability cluster.
To synchronize the members of a high-availability cluster

1. In the device pane, select the cluster node.
2. Lock the devices.
3. Click Synchronize ( ).
To switch the state of the members of a high-availability cluster

1. In the device pane, select the cluster node.
2. Lock the devices.
3. Click Switch Over ( ).
Using the Multi-Device View and the Multiple Devices

Summary
APSolute Vision displays the multi-device view when you do one of the following:
• Select a Logical Group in the Logical Groups tree in the device pane. For information about
managing and configuring Logical Groups, see Using Logical Groups of Devices, page 199.
• Select multiple devices in the Sites and Devices tree or the Physical Containers tree in the device
pane and then click the (View) button.

Use the multi-device view to do the following:

• Lock multiple devices to configure them.
• View the Multiple Devices Summary table. The table contains all the relevant devices and
comprises the following columns: Lock State, Device Type, Device Name, IP Address, Locked by
User, and Status.
• Run configuration-management actions for the relevant devices—You can run the Apply
or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies action on
multiple DefensePro devices.
• Use a Logical Group to configure the devices in it—For more about configuring multiple
devices simultaneously, see Configuring Multiple Devices, page 206.
• Open the Multi-Device Configuration dialog box to configure simultaneously multiple
devices of the same type and major version—For more about configuring multiple devices
simultaneously, see Configuring Multiple Devices, page 206.
• Open the Security Monitoring perspective—In the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabs—with the data
aggregated for all the selected devices. For more information, see Using Real-Time Security
Monitoring, page 583.
Figure 36: Multi-Device View from the Site and Devices Tree
Multiple devices are selected. You can select a site or select multiple devices (using standard,
mouse click/keyboard combinations) whether or not the devices are in the same site.
View button.
Configuration button—Opens the Multi-Device Configuration dialog box.
Security Monitoring button — Opens the Security Monitoring

perspective.
The relevant configuration-management buttons display
for the selected devices.
Multiple Devices Summary pane.

Figure 37: Multi-Device View from the Logical Groups Tree

A Logical Group is selected, which automatically opens the multi-device view. APSolute
Vision displays the name of the lead device with bold lettering. APSolute Vision
dynamically chooses the lead device of the Logical Group. The lead device is always the
device in the group that is available and running the earliest software version.
Configuration button—Opens the Multi-Device Configuration dialog

box.
Security Monitoring button— Opens the Security Monitoring
perspective.
The relevant configuration-management buttons

display for the selected devices.
Multiple Devices Summary pane.
To open the multi-device view from the Sites and Devices tree
1. In the device pane, click the button, and select Sites and Devices.
2. Select the devices. You can select a Site or select multiple devices (using standard, mouse click/
keyboard combinations) whether or not the devices are in the same site.
To open the multi-device view from the Logical Groups tree
1. In the device pane, click the button, and select Logical Groups.
2. Select the Logical Group.

Using Logical Groups of Devices

• Logical Groups—General Information, page 199
• Logical Group User Interface, page 200
• Managing Logical Groups, page 201
Logical Groups—General Information

A Logical Group is a user-defined group of one or more devices of the same device type.
To be valid, a Logical Device group must contain at least one accessible device, and all the devices in
the group must be the same device type.
The devices in a Logical Group do not need to be running the same software version.
The same device can exist in more than one Logical Group.
You can use a Logical Group to help you perform the following:
• Define the scope of APSolute Vision users—The Scope value of a user’s RBAC role/scope
pair can be a Logical Group. The user’s scope dynamically updates, according to the devices in
the Logical Group. That is, when the device-set of a Logical Group changes, the user’s scope
changes accordingly. For more information, see Role-Based Access Control (RBAC), page 85 and
Rules for RBAC Permission Conflicts with Logical Groups, page 95.
• Manage multiple devices simultaneously—When you configure the devices in a Logical
Group, you use the multi-device view (see Using the Multi-Device View and the Multiple Devices
Summary, page 196) to do the following:
— View the Multiple Devices Summary table. The table contains all the relevant devices
and comprises the following columns: Lock State, Device Type, Device Name, IP Address,
Locked by User, and Status.
— Lock multiple devices to configure them.
— Make configuration changes to the lead device and apply the changes to the other
devices in the Logical Group—APSolute Vision dynamically chooses the lead device of the
Logical Group. The lead device is always the device in the group that is available, and
running the earliest software version. APSolute Vision displays the name of the lead device
with bold lettering. After you make a valid change and click Submit All, APSolute Vision
attempts to change the value for the submitted parameters on the lead device and all the
other devices in the Logical Group. APSolute Vision submits only modified values; APSolute
Vision does not submit values that were not modified. For more information, see Configuring
Multiple Devices, page 206.
— Run configuration-management actions for the relevant devices—You can run the
Apply or Revert actions on Alteon or LinkProof NG devices. You can run the Update Policies
action on multiple DefensePro devices.
— Open the Security Monitoring perspective—In the multi-device view, the Security
Monitoring perspective displays the Dashboard View and Traffic Utilization tabs—with the
data aggregated for all the selected devices.
• Specify devices for scheduled tasks—In addition to selecting individual devices, you can
specify one or more relevant Logical Groups. For more information on scheduled tasks, see
Scheduling APSolute Vision and Device Tasks, page 305.
• Specify devices for Operator Toolbox scripts—In addition to selecting individual devices,
you can specify one or more relevant Logical Groups. For more information, see Using and
Managing Toolbox Scripts, page 221.
• Specify devices for sending or deleting DefensePro configuration templates—In
addition to selecting individual devices, you can specify one or more Logical Groups of
DefensePro devices. For more information on DefensePro configuration templates, see Using
DefensePro Templates, page 254.

• Specify devices for Alert Profile—In addition to selecting individual devices, you can specify
one or more relevant Logical Groups. For more information on the Alert Profiles, see Managing
Alert Profiles, page 130.
• Specify devices for the Alerts Table Filter—In addition to selecting individual devices, you
can specify one or more relevant Logical Groups. For more information on the Alerts Filter, see
Filtering Alerts, page 336.
• Specify devices for REST API operations—For information on the REST API, see the
APSolute Vision REST API documentation.
Logical Group User Interface

The user interface for existing Logical Groups comprises the following:
• The Logical Groups tree in the device pane and the popup displays information for each Logical
Group node.
• The multi-device view, which is displayed when you click a Logical Group node in the Logical
Groups tree. For more information, see Using the Multi-Device View and the Multiple Devices
Summary, page 196.
Figure 38: Device Pane (Not Docked)—Showing the Logical Groups Tree
Minimizes the docked device pane.
Docks the device pane.
The button that selects the device-pane tree (Sites and Devices, Physical Containers,
or Logical Groups) and the name of the tree that is displayed now.
Controls for filtering the devices that the pane

displays.
APSolute Vision appends the number of devices
matching the filter.
APSolute Vision displays the name of the lead

device with bold lettering. APSolute Vision
dynamically chooses the lead device of the
Logical Group. The lead device is always the
device in the group that is available and running
the earliest software version.
Identifies a valid Logical Group.
Identifies an invalid Logical Group.
Note: For information on filtering the display of the tree, see Filtering Entities in the Device Pane,
page 174.

When you hover over a Logical Group node in the device pane, a popup displays the following
parameters:
• Group Name—The user-defined name of the Logical Group.
• Status—The status of the group: Valid or Invalid.
• Invalid Reason (displayed only when Status is Invalid)—The reason that the Logical Group is
invalid.
• Type—The device type of the group, that is: Alteon, AppWall, DefensePro, or LinkProof
NG.
• Lead Device Name—The name of the lead device of the Logical Group, select the lead device—
that is, the device whose configuration changes will be applied to the select devices.
• Description—The user-defined description of the Logical Group.
Figure 39: Popup for Logical Group Node in the Device Pane
Managing Logical Groups

Only users with a proper RBAC roles can manage Logical Groups (Administrator, Vision
Administrator, and System User).
To be valid, a Logical Device group must contain at least one accessible device, and all the devices in
the group must be the same device type.
You can create a new Logical Group in any of the three trees that the device pane can display.
However, you cannot modify Logical Groups in the device pane Sites and Devices tree or Physical
Containers tree.
Caution: With RADIUS or TACACS+ authentication, if a user definition explicitly mentions the name
of a Logical Group and the Logical Group name changes, the user definition in the RADIUS or
TACACS+ server must be updated accordingly.
If the name of Logical Group changes and APSolute Vision authenticates the users locally, APSolute
Vision updates the relevant scopes for the users.
In the device pane Logical Groups tree, you can configure and modify Logical Groups.
To configure a Logical Group from the Logical Groups tree
— To create a new Logical Group, click the (Add) button.
— To edit a Logical Group, select the Logical Group node and click the (Edit) button.

Table 73: Logical Groups Parameters
Type The device type. When you are creating a new Logical Group, the Type value
determines the devices that the Device lists display. When you are editing a
Logical Group, the Type value is read-only.
Values:
• Alteon
• AppWall
• DefensePro
• LinkProof NG
Default: Alteon
Name The name of the Logical Group.
Devices The Available list and the Selected list. The Available list displays the
available devices. The Selected list displays the devices in the Logical Group.
Description The description of the Logical Group.
In the device pane Sites and Devices tree and Physical Containers tree, you can select devices and
create a new Logical Group.
To create a new Logical Group from the Sites and Devices tree or Physical Containers
tree
1. In the device pane, click the button, and select Sites and Devices or Physical
Containers.
2. In the Sites and Devices or Physical Containers tree, select the devices, which must be of the
same type. You can select multiple devices (using standard, mouse click/keyboard
combinations) whether or not the devices are in the same Site.
3. Click the (Add Group) button.

Table 74: Logical Groups Parameters
Type (Read-only) The device type.
Name The name of the Logical Group.
Devices The Available list and the Selected list. The Available list displays
the available devices. The Selected list displays the devices in the
Logical Group.
Description The description of the Logical Group.

You cannot delete a Logical Group if it is the used in a user role-scope pair.
To delete a Logical Group
2. In the device pane Logical Groups tree, click the Logical Group node, and click the (Delete)
button.
3. Click Yes in the confirmation box. The Logical Group is deleted from the Logical Groups tree.
After You Set Up Your Managed Devices

After you set up your network of managed devices, and establish a connection to the devices,
APSolute Vision obtains the network configuration and displays the settings in the device
configuration tabs.
You can then do the following:
• Set and change the device configuration through APSolute Vision.
• Perform administration and maintenance tasks on managed devices such as scheduling tasks,
making backups, and so on.
• Monitor managed devices through APSolute Vision.
Note: For information about configuring Radware devices through APSolute Vision, see the


CHAPTER 6 – MANAGING DEVICE
OPERATIONS AND MAINTENANCE
This section describes the following:
• Rebooting and Shutting Down Managed Devices, page 205
• Configuring Multiple Devices, page 206
• Using the Diff Feature, page 208
• Device-Configuration Management (Global Commands) for Alteon and LinkProof NG, page 209
• Updating DefensePro Device Software (Versions Earlier than 8.17.3), page 212
• Downloading a DefensePro Log File to the APSolute Vision Client, page 213
• Managing Radware Signature Files or Fraud Signature Files in DefensePro Devices, page 214
• Downloading a DefensePro Technical Support File, page 216
• Managing DefensePro Configurations, page 217
• Updating DefensePro Policy Configurations, page 220
Note: For information about other topics that are related to managing device operations, see the
chapter Using the Toolbox, page 221, which contains the following:
• Using DefensePro Templates, page 254
• Using AppShape Templates and Instances, page 264
Rebooting and Shutting Down Managed Devices

You can activate a device reboot (reset) or device shutdown from APSolute Vision.
Some configuration changes on the device require a device reboot for the configuration to take
effect. You can activate the device reboot from APSolute Vision.
Caution: For Alteon and LinkProof NG:
• Reset causes failover of the ADC, which might cause an interruption in network service.
• If possible, synchronize the configuration before you reset the system.
• Configuration changes that have not been applied will be lost. Run the Diff command to view
the changes that have not been applied, and then, run the Apply command as needed.
• Configuration changes that have not been saved will be lost. Run the Diff Flash command to
view the changes that have not been saved, and then, run the Save command as needed.
• The spanning tree will be restarted, which will likely cause an interruption in network service.
Note: You can schedule device reboots in the APSolute Vision scheduler. For more information, see
Managing Tasks in the Scheduler, page 306.

Managing Device Operations and Maintenance
To reboot a device
1. Lock the device.
2. In the Properties pane, click the (On-Off) button, which is part of the device picture.
3. Select Reset.
To shut down a device

1. Lock the device.
2. In the Properties pane, click the (On-Off) button, which is part of the device picture.
3. Select Shut Down.
Configuring Multiple Devices

Use the Multi-Device Configuration feature to make changes to multiple devices.
You can use the Multi-Device Configuration feature in the following ways:
• Using a Logical Group. The devices in Logical Group are of the same type, but may run different
software versions. For more information on Logical Groups, see Using Logical Groups of Devices,
page 199.
• Selecting a site or multiple devices from the Sites and Clusters tree or the Physical Containers
tree. The devices must be of the same type and same major version. You can select devices
from different Sites. For more information, see Configuring Sites, page 172.
To configure multiple devices using a Logical Group

1. In the device pane, open the Logical Groups tree, and click the Logical Group. The Multi-Device
View opens.
Note: For more information, see Using the Multi-Device View and the Multiple Devices
Summary, page 196.
2. Click the (Configuration) button. The configuration GUI of the lead device opens.
Notes
— The tabs of the configuration GUI include the Summary tab, which comprises the Multi-
Device View.
— The lead device is the device whose configuration changes will be applied to the selected
additional devices. For more information on the lead device of a Logical Group, see Using
3. Lock the devices if necessary.

4. Make a required change in the GUI of the lead device.

5. After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the other devices in the Logical Group.
Notes
— APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on other devices in the Logical Group.
6. Repeat step 4 and step 5 as necessary.
To configure the multiple devices by selecting a site or multiple devices

1. In the device pane, open the Sites and Clusters tree or the Physical Containers tree, and select
the devices. You can select a site or select multiple devices (using standard, mouse click/
keyboard combinations) whether or not the devices are in the same site.
3. Click the (Configuration) button. The Multi-Device Configuration dialog box opens.
Note: The top table, which you can filter, contains all the selected devices and comprises the
following columns: Device Type, Device Name, IP Address, and Version.
4. From the top table, select the lead device—that is, the device whose configuration changes will
be applied to the selected additional devices. The bottom table, which you can filter, displays the
selected devices of the same type and major version.
5. From the bottom table, select the checkbox next to each device that the lead device will try to
change.
6. Click Go. The GUI of the lead device opens. The device pane shows the lead device and the
selected additional devices as selected.
7. Lock the devices if necessary.
8. Make a required change in the GUI of the lead device.
9. After you make a valid change, click Submit All. APSolute Vision attempts to change the value
for the submitted parameter on the lead device and all the selected additional devices.
Notes
— APSolute Vision submits only modified values. APSolute Vision does not submit values that
were not modified.
— APSolute Vision issues detailed message for unsuccessful attempts to change the value of a
parameter on selected additional devices.
10. Repeat step 8 and step 9 as necessary.

Using the Diff Feature

Click the (Diff) button to run the following commands on a single selected device:
• Compare (Alteon, DefensePro, and LinkProof NG only)—Compares the configuration of the
selected device with one of the following:
— Other Device Running Configuration—That is, another device of the same type and
major version
— Backup File from System—That is, a device-configuration backup file stored on the
APSolute Vision server
— Backup File from Local File System—That is, a device-configuration backup file stored on
the local file system
The Compare action displays differences in the configurations using a green background for the
configuration of the first device and red background for the configuration of the other device.
• Diff (Alteon and LinkProof NG only)—Collects the pending configuration changes.
• Diff Flash (Alteon and LinkProof NG only)—Collects the pending configuration changes and the
affected configuration stored in flash memory on the device.
Figure 40: Diff Feature (Displaying Options for Alteon)
Click the (Save to File) button to save the results to a specified location.

Device-Configuration Management (Global Commands)

for Alteon and LinkProof NG
Alteon and LinkProof NG devices support the following configuration-management actions—also
referred to as global commands.
Table 75: Alteon and LinkProof-NG Device Configuration Management Actions
Role Description
Apply Applies any changes that have been made to the device configuration.
If the new configuration is different from the current configuration, to
indicate that the Apply command is required to take effect, the Apply
Required button is displayed with an orange icon.
The Apply operation requires the device to be locked. When you select
a single device, the Apply option is available only if the device is
locked. When you select multiple devices, the Apply option is always
available. When you select the Apply option for multiple devices,
APSolute Vision tries to lock all the selected devices. If APSolute
Vision is able to lock all the devices, APSolute Vision performs the
Apply operation. When the operation completes, APSolute Vision
unlocks the devices that were unlocked prior to the operation. If
APSolute Vision is not able to lock all the devices because some of the
devices are locked by another user, a pop-up message is displayed,
asking you whether to continue the Apply operation on the remaining
devices (that is, the devices are locked by you or not locked at all). If
you confirm the action, APSolute Vision performs the Apply operation.
When the operation completes, APSolute Vision unlocks the devices
that were unlocked prior to the operation.
Note: During the Apply operation, the device icon in the device
pane may momentarily change from “locked” to
“maintenance” , and the value of the Status parameter in the

device-properties pane may momentarily change from Up to
Maintenance.
Save Saves the current configuration in backup memory and saves the
active configuration by overwriting the current configuration. TW Note
that there is also Save Configuration (no back up), which saves the
current configuration to the flash memory.
When you select a single device, this option is available only if the
device is locked. When you select multiple devices, this option is
always available.
Revert Reverts the device to the current active configuration.
When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were not applied.
When you select multiple devices, this option is always available.
Revert Apply Reverts the device to the current saved configuration.
When you select a single device, this option is displayed only if the
device is locked and the new configuration settings were applied but
not saved. When you select multiple devices, this option is always
available.

Table 75: Alteon and LinkProof-NG Device Configuration Management Actions (cont.)
Role Description
Diff Collects the pending configuration changes. You can view, save, and
copy the text when you double-click the associated message in the
Alerts tab in the Alerts pane.
When you select multiple devices, this option is not supported.
Note: For more information, see Using the Diff Feature, page 208.
Diff Flash Collects the pending configuration changes and the affected
configuration stored in flash memory on the device. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
Note: For more information, see Using the Diff Feature, page 208.
Dump Collects a dump of the current device configuration. You can view,
save, and copy the text when you double-click the associated
message in the Alerts tab in the Alerts pane.
To perform a configuration-management action on a single device

1. From the device pane, select the device name.
2. Click the required button. The Diff Flash option is available when you click the Diff button. The
Revert Apply option is available when you click the arrow next to the Revert icon.
Figure 41: Apply (Required) and Save (Required) Buttons
Figure 42: Revert Button—Arrow Clicked Shows Revert and Revert Apply Options

Figure 43: Diff Button—Clicked Displays Compare, Diff, and Diff Flash Options
Figure 44: Dump Button—Clicked

Updating DefensePro Device Software (Versions Earlier

than 8.17.3)
You can use APSolute Vision to upgrade the software version on DefensePro devices.
Notes
• In DefensePro 8.x versions 8.17.3 and later, use the Upload Software Version pane to upload
installation-packages (which may include release-specific components) and the Software
Version Management pane to manage the stored installation-packages. For more information,
see Uploading DefensePro Software, page 1370 and Managing DefensePro Software Versions
(Versionnn 8.17.3 and Later), page 1367.
• For information on device upgrade for Radware DefensePro DDoS Mitigation, refer to the
relevant release notes and other relevant Cisco documentation.
A device upgrade enables the new features and functions on the device without altering the existing
configuration. In exceptional circumstances, new software versions are incompatible with legacy
configuration files from earlier software versions. This most often occurs when attempting to
upgrade from a very old version to the newest version.
The software version file must be located on the APSolute Vision client system. APSolute Vision
transfers the file, over HTTPS, to the APSolute Vision server and uploads it to the device.
For a maintenance-only upgrade, a password is not required.
New software versions require a password. If the device has a valid support agreement, APSolute
Vision can generate a new password automatically. Alternatively, you can obtain the password from
the Radware corporate Web site and enter the password manually.
After the device upgrade is complete, you must reboot the device.
Caution: Before upgrading to a newer software version, do the following:
• Back up the existing configuration file. For more information, see Downloading a Device-
Configuration File, page 218.
• Ensure that you have configured on the device the authentication details for the protocol used to
upload the file.
Note: If the DefensePro platform is very far away from the machine with the upgrade file, software
upgrade may take a very long time. Besides distance, the line quality may further increase the
upgrade time.
Long upgrade time may be more common in DefensePro version-8.x platforms, because of the
significantly larger size of the upgrade file.
To update the device software version in DefensePro 6.x versions, 7.x versions, and 8.x
versions earlier than 8.17.3
1. In the device pane, select the device.
2. Click the arrow next to the Operations icon ( ).

3. Select Update Software Versions.

4. Configure software upgrade parameters, and click Update.

5. When the device upgrade is complete, reboot the device.
Table 76: Software Upgrade Parameters—DefensePro 6.x Versions, 7.x Versions, and 8.x
Versions Earlier than 8.17.3
Software Version The software version number as specified in the new software
documentation.
Generate Password Automatically Specifies whether APSolute Vision generates the password
automatically—after verifying that the device has a valid
support agreement.
Default: Enabled
Caution: The functionality of the Generate Password
Automatically button requires connectivity to radware.com
or the proxy server that is configured in the APSolute Vision
settings (APSolute Vision Settings view System perspective,
General Settings > Connectivity > Proxy Server
Parameters).
Password The password received with the new software version. The
(This parameter is available only password is case-sensitive.
when the Generate Password
Automatically checkbox is
cleared.)
Confirm Password The password received with the new software version. The
(This parameter is available only password is case-sensitive.
when the Generate Password
Automatically checkbox is
cleared.)
Browse for File The name of the file to upload.
Caution: You must use the original filename.
Downloading a DefensePro Log File to the APSolute

Vision Client
You can download a log file to the APSolute Vision system. DefensePro automatically generates a log
file, which contains a report of configuration errors.
To download a device log file


3. Click Export Configuration Log File.
4. Configure the download parameters, and click Submit.

Managing Radware Signature Files or Fraud Signature

Files in DefensePro Devices
This section describes how to upload an updated Radware signature file or fraud signature file to a
DefensePro device.
Uploading an updated fraud signature file is relevant only for DefensePro 6.x versions and 7.x
versions 7.42.09 and later.
Notes
• You can schedule signature-file updates using the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 306.
• Signatures files are supplied by the SUS. For more information, see ERT Security Update Service
(SUS) (forrr rw only for now), page 1364.
• In DefensePro 6.x versions 6.14.07 and later and 7.x versions 7.42.08 and later, you can also
roll the signature file back to the previous version that was loaded on the device.
• A signature file on a DefensePro device may also be referred to as the attack database.
You can upload an updated Radware signature file to a DefensePro device from the following
sources:
• Radware.com or the proxy file server that is configured in the APSolute Vision
settings—The Alerts pane displays a success or failure notification and whether the operation
was performed using a proxy server. The configuration of the proxy server in the APSolute Vision
Settings view System perspective, under General Settings > Connectivity > Proxy Server
Parameters.
• APSolute Vision client system—The name of the signature file must be one of the following:
— <Device-MAC-address>.sig —For DefensePro physical platforms.
— <Device-IP-address>.sig —For DefensePro virtual platforms.
Caution: Updating the signature file consumes large amounts of resources, which may cause the
device to go temporarily into an overload state. Radware recommends updating the signature file
during hours of low activity.
To update the signature file of a device


3. Select Update Security Signatures.
4. Configure the parameters, and click Update.

Table 77: Update Device Signature File Parameters for DefensePro
Signature Type The type of the signature file to upload to the device.
Values:
• Radware Signatures
• Fraud Signatures
Note: You can select Fraud Signatures only on DefensePro
version-6.x devices that have Fraud Protection enabled, and
version-7.x devices with version 7.42.09 and later that have Fraud
Protection enabled.
Update From The location of the signature file to upload.
Values:
• Radware.com—APSolute Vision uploads the signature file directly
from Radware.com or from the proxy server that is configured in
the Vision Server Connection configuration.
• Client—APSolute Vision uploads the signature file from the
APSolute Vision client system. This option is only available for
Radware signatures.
File Name Name of the signature file on the client system.
(This parameter is
displayed only when
Update From Client is
selected)
Rolling Back the Signature File

This feature is supported only in DefensePro 6.x versions 6.14.07 and later and 7.x versions 7.42.08
and later.
When the signature file on a DefensePro device gets updated, DefensePro stores the previous
version.
Use the Roll Back command to roll the signature file back to the previous version that was loaded on
the device. You may require this command if you encounter an error after a signature-file update, a
corrupted signature file, and so on.
Note: A signature file on a DefensePro device may also be referred to as the attack database.
To roll the signature file on the device back to the previous version

3. Select Update Security Signatures.
4. Click Roll Back.

Downloading a DefensePro Technical Support File

For debugging purposes, a DefensePro device can generate a TAR file containing the technical
information that Radware Technical Support requires. The file includes output of various CLI
commands, for example, a printout of the Client table.
You can download a DefensePro technical support file and send it to Radware Technical Support.
Note: You can also download a DefensePro technical support file using the DefensePro CLI. For
more information, see the DefensePro User Guide.
Use the following procedure to download a technical support file using APSolute Vision.
To download a technical support file using APSolute Vision


3. Select Export Technical Support File.
4. Configure the download parameters, and click Submit.
Table 78: Device Technical Support File Download Parameters
Download Via (Read-only) The protocol used to download the technical support file.
Value: HTTPS
Save As Save the downloaded technical support file as a text file on the APSolute
Vision system. Enter or browse to the location of the saved file, and select
or enter a file name.
User Credentials in DefensePro Technical Support Files

By default, the passwords in the DefensePro technical support files are encrypted or hashed.
However, in DefensePro 8.x versions 8.19 and later, you can use a CLI command to specify that
DefensePro generates its technical support files without any user credentials (that is, files without
even encrypted or hashed passwords). The command affects all subsequent technical support files
that the device generates.
The syntax of the command is:
system internal config-file remove-credentials-info {0|1}
where:
• 0 (default) specifies that the feature is disabled. That is, generated technical support files
include user credentials (but they are encrypted or hashed)
• 1 specifies that the feature is enabled. That is, generated technical support files contain no user
credentials.

When the feature is enabled, the following items are not included in the iterations of the generated
technical support files:
• All users and passwords in the Local User Table for Web, Telnet, SSH, and HTTPS access
(Configuration perspective, Setup > Device Security > Users Table)
• The SNMPv3 users and associated values, such as Authentication Password and Privacy
Password.
• All secrets (both primary and secondary) of RADIUS users.
• All secrets (both primary and secondary) of TACACS+ users.
Managing DefensePro Configurations

This section describes how to manage configurations of the DefensePro devices that are managed on
DefensePro Configuration File Content

The configuration file content is divided into two sections:
• Commands that require rebooting the device—These include BWM Application
Classification Mode, Application Security status, Operation Mode, tuning parameters, and so on.
Copying and pasting a command from this section takes effect only after the device is rebooted.
The section has the heading: The following commands will take effect only once
the device has been rebooted!
• Commands that do not require rebooting the device—Copying and pasting a command
from this section takes effect immediately after pasting. The commands in the section are not
bound to SNMP. The section has the heading: The following commands take effect
immediately upon execution!
The commands are printed within each section—in the order of implementation.
At the end of the file, the device prints the signature of the configuration file. This signature is used
to verify the authenticity of the file and that it has not been corrupted. The signature is validated
each time the configuration file is uploaded to the device. If the validity check fails, the device
accepts the configuration, but a notification is sent to the user that the configuration file has been
tampered with and there is no guarantee that it works. The signature looks like File Signature:
063390ed2ce0e9dfc98c78266a90a7e4.
User Credentials in DefensePro Configuration Files

By default, the passwords in the DefensePro configuration files are encrypted or hashed. However, in
DefensePro 8.x versions 8.19 and later, you can use a CLI command to specify that DefensePro
generates its configuration files without any user credentials (that is, files without even encrypted or
hashed passwords). The command affects all subsequent configuration files that the device
generates.
The syntax of the command is:
system internal config-file remove-credentials-info {0|1}
where
• 0 (default) specifies that the feature is disabled. That is, generated configuration files include
user credentials (but they are encrypted or hashed)
• 1 specifies that the feature is enabled. That is, generated configuration files and contain no user
credentials.

When the feature is enabled:

• The following items are not included in the iterations of the generated configuration files:
— All users and passwords in the Local User Table for Web, Telnet, SSH, and HTTPS access
(Configuration perspective, Setup > Device Security > Users Table)
— The SNMPv3 users and associated values, such as Authentication Password and Privacy
Password.
— All secrets (both primary and secondary) of RADIUS users.
— All secrets (both primary and secondary) of TACACS+ users.
• After selecting the Operations icon ( ) > Export Configuration File, if the user enables
Include Private Keys (default: disabled) there is no effect.
• If the user uploads a configuration file that was generated without the credentials-info, the
device is accessible only with the default user through the console or over SNMPv1 or SNMPv2.
Downloading a Device-Configuration File

You can download a configuration file from a managed device to APSolute Vision, for backup. If you
choose to download to the APSolute Vision server, a copy is always saved in the APSolute Vision
database.
By default, you can save up to five (5) configuration files per device on the APSolute Vision server.
You can change this number in the APSolute Vision Setup page—up to a maximum of 10. When the
limit is reached, you are prompted to delete the oldest file. For more information, see Configuring
APSolute Vision Server Advanced Parameters, page 162.
Note: You can schedule configuration file backups in the APSolute Vision scheduler. For more
information, see Managing Tasks in the Scheduler, page 306.
To download a device-configuration file


3. Select Export Configuration File.
4. Configure the download parameters, and then, click OK.
Table 79: Device Configuration File Download Parameters
Destination The destination of the device configuration file.
Values: Client, Server
Include Private Keys Specifies whether the certificate private key information is included in the
downloaded file.
Default: Disabled

Table 79: Device Configuration File Download Parameters (cont.)
Passphrase The user-defined passphrase for the encryption of the private keys.
(This parameter is Minimum characters: 4
available only in Maximum characters: 64
DefensePro 8.x versions
8.14 and later and only
when the Include
Private Keys checkbox
is selected.)
Confirm Passphrase The user-defined passphrase for the encryption of the private keys.
(This parameter is Minimum characters: 4
available only in Maximum characters: 64
8.14 and later and only
when the Include
Private Keys checkbox
is selected.)
Save As On the server, the default name is a combination of the device name and
(This parameter is backup date and time. You can change the default name.
displayed only when
Destination is
Server.)
Restoring a Device Configuration

You can restore a DefensePro or DefenseFlow configuration from a backup configuration file on the
APSolute Vision server or client system to the DefensePro or DefenseFlow device. When you upload
the configuration file to the device, it overwrites the existing device configuration.
After the restore operation is complete, you must reboot the device.
Caution: Importing a configuration file that has been edited is not supported.
Caution: Importing a configuration file from a different version is not supported.
To restore a device’s configuration


3. Click Import Configuration File.
4. Configure upload parameters, and then, do one of the following:
— If you select Upload From Client, click Import.
— If you select Upload From Server, click Update.
5. When the upload completes, reboot the device.

Table 80: Device Configuration File Upload Parameters
Upload From The location of the backup device-configuration file to send.
Values: Client, Server
File Name When uploading from the computer running the APSolute Vision client—
(This parameter is that is, the browser, enter or browse to the name of the configuration file
available only when to upload.
Upload From is
Client.)
File for Upload When uploading from the APSolute Vision server, select the configuration
(This parameter is to upload.
available only when
Upload From is
Server.)
Passphrase The passphrase for the decryption of the private keys—if a passphrase
(This parameter is was used to encrypt the file when it was exported (see Downloading a
available only in Device-Configuration File, page 218).
DefensePro 8.x versions Minimum characters: 4
8.14 and later.) Maximum characters: 64
Updating DefensePro Policy Configurations

You can apply the following configuration changes to a DefensePro device in a single operation:
• Protection policy
• Server Protection policy
• ACL policy
• White list
• Black list
• Classes
To update policy configurations on a DefensePro device
> In the device pane, select the device, and then, click Update Policies ( ).

CHAPTER 7 – USING THE TOOLBOX
• Using the Workflows Dashboard, page 251
• Using DefensePro Templates, page 254
• Using AppShape Templates and Instances, page 264
Using and Managing Toolbox Scripts

The following sections describe using and managing Toolbox scripts:
• Toolbox Scripts—Basics, page 221
• Managing and Customizing Panels in the Toolbox Dashboard, page 225
• User Roles and Toolbox Scripts, page 227
• vDirect and vDirect Access to Devices, page 227
• Prerequisites for Target Devices of Toolbox Scripts, page 227
• Predefined Toolbox Scripts, page 228
• Device Locking and Toolbox Scripts, page 238
• Running Scripts, page 238
• Managing Toolbox Scripts, page 244
• Writing and Editing Toolbox Scripts, page 249
Toolbox Scripts—Basics
Use Toolbox scripts to automate common tasks on managed Alteon, DefensePro, and LinkProof NG
devices.
When you run a script, you configure the target devices and, if required, configure parameters.
When you specify the target devices for a script (that is, when you configure the Target Device List),
you can select individual devices or Logical Groups of devices. When you select a Logical Group, the
effective Target Device List dynamically updates, according to the devices in the Logical Group. That
is, when the device-set of a Logical Group changes, the effective Target Device List changes
accordingly. For more information, see Using Logical Groups of Devices, page 199.
You can run a Toolbox script in the following ways:
• From the Toolbox dashboard
• From a device toolbar
• From the Operator Toolbox pane from the Advanced Toolbox tree
• Using an Operator Toolbox scheduled task.
Select the Automation item ( ) from the APSolute Vision sidebar menu to display the Toolbox
dashboard.

Using the Toolbox
Figure 45: Automation Item (Selected) in the APSolute Vision Sidebar Menu
The APSolute Vision installation includes many predefined Toolbox scripts, which are for routine
tasks on managed devices. By default, the Toolbox dashboard contains most of the predefined
Toolbox scripts and displays the scripts that are relevant to your role. For more information, see
Predefined Toolbox Scripts, page 228.
The configuration of each script includes the RBAC roles that are permitted to run the script. For
more information, see User Roles and Toolbox Scripts, page 227.
Caution: Target devices need to be accessible, must have SSH and SNMP access enabled, and
there are some other issues. If a target device is inaccessible, the operation will fail for the
remaining devices. For more information, see Prerequisites for Target Devices of Toolbox Scripts,
page 227.

Using the Toolbox
Figure 46: Toolbox Dashboard

Toolbox icon—Displays the Toolbox dashboard. Clicking the Advanced icon displays the
advanced features of the Toolbox. Clicking the Workflows tab displays the Workflows
dashboard.
You can hover over a script icon to perform several basic actions—for example, to
run the script.
You can customize your view of the dashboard. You can drag and drop a
script from one category panel to another category panel. You can add
scripts to the Favorites panel. You can resize panels and drag panels
where you want.
Clicking here displays buttons to customize the panel. You can

select a script from another panel and move it to the currently
selected panel. You can maximize the panel. You can remove the
panel from the dashboard.
Here is an example of a user-defined icon for a user-defined script.
Clicking here restores the default view of the Toolbox.
Clicking here opens the Categories Repository.
Tip: If most of your work with APSolute Vision involves using a Toolbox script, set your landing page
to it (APSolute Vision Settings view Preferences perspective, User Preferences > Display).

Using the Toolbox
Hovering over a script icon displays buttons to do the following:

• Configure a scheduled task to run the script. For more information, see the procedure To
configure a scheduled task for a script from the Toolbox dashboard, page 242.
• Remove the script from your view of the dashboard.
• Run the script. For more information, see the procedure To run a Toolbox script from the
Toolbox dashboard, page 239.
• Run the script the last configuration.
Figure 47: Hovering Over a Script Icon
Clicking the button in the top-right corner of a category panel displays buttons to do the following:
• Select a script in another panel and move it to the currently selected panel
• Maximize the panel
• Remove the panel from the dashboard
Note: You can return the category panel to the dashboard display using the Categories
Repository. Clicking Restore Default View restores all the panels and removes all other
modifications to the dashboard.
Figure 48: Category-Panel-Display Buttons
In the Categories Repository, you can select which category panels the Toolbox dashboard displays.
Figure 49: Categories Repository

Using the Toolbox
Managing and Customizing Panels in the Toolbox Dashboard

You can manage and customize contents of the panels in the Toolbox dashboard.
The Toolbox dashboard displays the following panels:
• Recently Used
• Favorites
• The following category panels:
— Configuration
— Data Export
— Emergency
— High Availability
— Monitoring
— Operations
The Recently Used panel contains up to six scripts that you have used most recently. APSolute Vision
populates the panel on a first-in-first-out basis but with weight on the number of uses. For example,
if you used a script, Script_A, 10 times and other scripts fewer times, Script_A will be the last
one that APSolute Vision removes, even if Script_A was the first one that APSolute Vision added to
the panel.
The Favorites panel contains your favorite scripts. You can drag and drop a script from a category
panel to the Favorites panel. You can add one or multiple scripts from category panels to the
Favorites panel. You can delete scripts from the Favorites panel as you wish.
The contents of the Recently Used and Favorites panels in the Toolbox dashboard are per user, per
browser, and per machine.
Caution: If you delete the data from the browser, the contents of the Recently Used and Favorites
panels revert to the default display.
You can manage the contents of the category panels, but there are some logical restrictions. You can
drag and drop a script from one category panel to another category panel or to the Favorites panel.
You can also select a script in another category panel, or an Unassigned script, and move it to the
currently selected panel (see the procedure To add one or multiple scripts to a panel in the Toolbox
dashboard, page 226). A Toolbox script can exist in only one category panel. The Toolbox dashboard
can, however, display a script in a category panel and also in the Recently Used and/or Favorites
panels.
Caution: The contents of the category panels in the Toolbox dashboard are stored on the APSolute
Vision server. If you move a script to another category panel, the Category field changes
accordingly (see Category in Configuring a Toolbox Script in APSolute Vision, page 246), and other
users will see that script in the panel to which you moved that script. If you delete a script from a
category panel, the Category field changes to Unassigned, and users will not see that script in the
Toolbox dashboard anymore. However, it is possible to return the script to the Toolbox dashboard
using the Add Script dialog box.
Use the Add Scripts dialog box to add one or multiple scripts to a panel in the Toolbox dashboard.

Using the Toolbox
Figure 50: Add Scripts Dialog Box
Type a string in this box to show

only the matching script names.
The Unassigned category

contains the scripts in the
APSolute Vision server with the
Category value Unassigned.
Here, the category list is
expanded, and it contains an
example of a user-defined icon
for a user-defined script.
The Add Scripts dialog box

displays only the categories that
are populated. Here, the
category lists are collapsed.
To add one or multiple scripts to a panel in the Toolbox dashboard
1. Select the Automation item ( ) from the APSolute Vision sidebar menu. The Toolbox
dashboard opens.
2. In the top-right corner of a panel to which you want to add scripts, click the button and then
the button. The Add Scripts dialog box opens.

3. Do the following as convenient:
— Expand or collapse the category headings.
— Type a string in text box to show only the matching script names.
4. Select the required scripts (using standard Windows key combinations), and click Select.
To delete a script from the Toolbox dashboard
dashboard opens.
2. Hover over the required script and click the button.

Using the Toolbox
User Roles and Toolbox Scripts

The configuration of each script includes the RBAC roles that are permitted to run the script. Users
may run a script from the Toolbox dashboard or a device toolbar. The Operator Toolbox node in the
Advanced Toolbox tree (for managing scripts) is available only to users with the Administrator or
Vision Administrator roles. For more information, see Role-Based Access Control (RBAC), page 85.
Users with the Administrator, Vision Administrator, or System User roles can run and manage
Toolbox scripts in APSolute Vision. This includes adding scripts to the APSolute Vision server,
modifying script properties, exporting scripts, and deleting scripts from the APSolute Vision server.
For example, an administrator can upload a script, specify the roles that can run a script, expose a
script in the Toolbox dashboard, and display an icon for a script in the toolbar of the managed
devices. For more information, see Managing Toolbox Scripts, page 244.
vDirect and vDirect Access to Devices

Toolbox scripts use the vDirect infrastructure. Toolbox scripts are text files with the .vm extension,
which use vDirect syntax. There is a vDirect repository in the APSolute Vision server for Toolbox
scripts, which is called Configuration Templates. Users with the Administrator or Vision
Administrator, roles can access vDirect to add and edit scripts. For more information, see Writing
and Editing Toolbox Scripts, page 249 and Using vDirect with APSolute Vision, page 725.
Prerequisites for Target Devices of Toolbox Scripts

• Device Connectivity for Target Devices of Toolbox Scripts, page 227
• DefensePro Traps that Must Be Disabled for Target Devices of Toolbox Scripts, page 227
Device Connectivity for Target Devices of Toolbox Scripts

Target Alteon and LinkProof NG devices must have SSH enabled and SNMP access enabled on the
management interface (/c/sys/mmgmt/snmp mgmt, /c/sys/access/snmp w, and /c/sys/
access/sshd/on).
Target DefensePro devices must have SSH and SNMP access enabled (manage ssh status set
enable and manage snmp status set enable).
DefensePro Traps that Must Be Disabled for Target Devices of Toolbox Scripts
Certain traps that DefensePro can generate can damage the behavior of Toolbox scripts. These traps
must be disabled before you run a Toolbox script on a DefensePro device. These traps are disabled
by default, and they are used primarily only for troubleshooting. When these traps are disabled,
traps can still, however, go to the syslog and to APSolute Vision.
To check whether the traps are disabled, as required

> In the DefensePro CLI, run the following commands:
— services auditing status —Required result: Auditing Status: Disabled
— manage terminal trap-echo —Required result: Traps Echo Disabled
— manage terminal traps-output get —Required result: Trap output: off
Perform the following procedure for each trap type that is not disabled as required.

Using the Toolbox
To disable the traps, as required

— services auditing status set 2
— manage terminal trap-echo set 2
— manage terminal traps-output set 3
Predefined Toolbox Scripts

The following tables describe the default configuration of predefined Toolbox scripts that are exposed
in theAPSolute Vision Operator Toolbox tab:
• Table 81 - ADC and Alteon Predefined Toolbox Scripts, page 229
• Table 82 - DefensePro Predefined Toolbox Scripts, page 232
• Table 83 - Miscellaneous Predefined Toolbox Scripts, page 237
Caution: If you intend to run a predefined script often, you may want to modify its default
configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts,
which overwrite any script modifications that you have made to the predefined scripts. If you modify
a predefined script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script with your modifications.
Notes
• Almost all the predefined Toolbox scripts that are exposed in the Operator Toolbox tab are
displayed with an icon (a .svg file) in the Toolbox dashboard. In the following tables, if the Icon
column in contains a value, the Toolbox scripts is displayed in the Toolbox dashboard.
• The vDirect repository (Configuration Templates) includes some predefined scripts, which, by
default, are not exposed in the Toolbox dashboard or Operator Toolbox tab. The predefined
scripts that are not exposed in the Operator Toolbox tab are mostly for internal use.

Using the Toolbox
Table 81: ADC and Alteon Predefined Toolbox Scripts
Action Title Description/Remark Permitted Roles vDirect Filename (.vm) Icon Filename (.svg)
ADC Check Certificate Finds Alteon and LinkProof NG • Administrator Alteon_Check_Cert certificate_alte
Validity devices that have a certificate that • Vision Administrator ificate_Validity on
expires within a specified number
of days. • System User
• Certificate Administrator
• ADC + Certificate
Administrator
• Device Administrator
ADC Check Policy Finds SSL policies in Alteon and • Administrator Alteon_Check_Poli check_policy_alt
Compliance LinkProof NG devices whose • Vision Administrator cy_Compliance eon
selected parameters do not match
specified values. • System User
• Device Viewer
• ADC Administrator
Administrator
ADC Create Users Creates a user in ADC devices. • Administrator ADC_Create_Users add_user_alteon
• System User
ADC Delete Users Deletes a user from ADC devices. • Administrator ADC_Delete_Users delete_user_alte
• Vision Administrator on
• System User

Using the Toolbox
Table 81: ADC and Alteon Predefined Toolbox Scripts (cont.)
ADC Find Apply Pending Finds Alteon and LinkProof NG • Administrator Alteon_Find_Apply find_apply_pendi
devices that have a configuration • Vision Administrator _Pending ng_alteon
that has not been applied yet.
• System User
• Device Viewer
• ADC Operator
Administrator
ADC Find Save Pending Finds Alteon and LinkProof NG • Administrator Alteon_Find_Save_ find_save_pendin
devices that have a configuration • Vision Administrator Pending g_alteon
that has not been saved yet.
• System User
• Device Viewer
• ADC Operator
Administrator
ADC Setup Device Implements a basic configuration • Administrator Alteon_Setup_Devi setup_alteon
on Alteon and LinkProof NG • Vision Administrator ce
devices (including NTP, syslog,
SSH, and SMTP settings). • System User
ADC Update Users Updates user credentials in ADC • Administrator ADC_Update_Users edit_user_alteon
devices. • Vision Administrator
• System User

Using the Toolbox
Alteon Enable/Disable Real Enables or disables multiple real • Administrator ADC_TurnOffOn_All disable-enable-
Servers servers across multiple ADC • Vision Administrator _Real_Servers multiple-real-
devices based on their IP servers_alteon
addresses. • System User
Administrator
Alteon Enable/Disable Enables or disables all virtual • Administrator Alteon_TurnOffOn_ enable_policy_al
Virtual Servers servers, including the VRRP virtual • Vision Administrator All_Virtual_Serve teon
routers that are linked to them. rs
• System User
Administrator
Alteon Execute CLI Executes any CLI command on all • Administrator Alteon_Execute_Cm deploy_policy_al
Command on All Entities entities of one of the following • Vision Administrator d_On_All_Objects teon
types: real servers, groups, virtual
servers, VLANs, interfaces, VRRP • System User
virtual routers, ports, and filters. • Device Administrator
Alteon Find Unused Entities Finds Alteon entities that are • Administrator Alteon_Find_Unuse find_unused_alte
currently not in use (real servers • Vision Administrator d_Entities on
that are not used by any group,
groups with no real servers, • System User
groups with no session statistics, • Device Viewer
virtual servers with no session
• ADC Operator
statistics).
Administrator

Using the Toolbox
Alteon High-Availability Configures a High Availability • Administrator Alteon_HA_Configu high_availabilit
Configuration service/switch on Alteon devices. • Vision Administrator ration y_alteon
• System User
• ADC Operator
Administrator
Alteon Specify ERT IP Configures Alteon devices to fetch • Administrator Alteon_Set_TOR_Fe N/A
Reputation Feed Source the ERT IP Reputation Feed via a • Vision Administrator ed
specified source.
• System User
Table 82: DefensePro Predefined Toolbox Scripts
DefensePro 6.x Deploy Deploys a new Network Protection • Administrator DefensePro_Deploy deploy_policy_d
Network Protection Policy policy on DefensePro version-6.x • Vision Administrator _Network_Policy_6 p
for Enterprise devices. The operator needs to _x
enter the full range for the network • System User
to protect and the bandwidth. • Security Administrator
Then, the operator can add services
from a predefined list.
DefensePro 6.x Setup Implements a basic configuration • Administrator DefensePro_6_x_Se setup_dp
Device on DefensePro version-6.x devices • Vision Administrator tup_Device
(including NTP, syslog, SSH, and
SMTP settings). • System User

Using the Toolbox
Table 82: DefensePro Predefined Toolbox Scripts (cont.)
DefensePro Add Network Creates a DefensePro Network • Administrator DefensePro_Add_Ne add_network_dp
Classes by Mask Class object using a subnet mask. • Vision Administrator twork_Classes_by_
Mask
• System User
• Security Administrator
Classes by Range Class object using an IP range. • Vision Administrator twork_Classes_by_
Range
• System User
Classes with Common Mask Class object with a subnet mask • Vision Administrator twork_Classes_wit
and multiple IP addresses (for h_Common_Mask
quick updates). • System User
DefensePro Check Network Finds the DefensePro Network • Administrator DefensePro_Check_ check_policy_dp
Policy Compliance Protection policies that differ from • Vision Administrator Network_Policy_Co
one specified policy. mpliance
• System User
DefensePro Create Users Creates a user in DefensePro • Administrator DefensePro_Create add_user_dp
devices. • Vision Administrator _Users
• System User

Using the Toolbox
DefensePro Delete Active Deletes the Black List rules from • Administrator DefensePro_Delete N/A
Attackers Feed Entries from the ERT Active Attackers Feed from • Vision Administrator _ERTActiveDDoSFee
Blacklist Rules DefensePro devices. d_ACLRules
• System User
DefensePro Delete Users Deletes a user from DefensePro • Administrator DefensePro_Delete delete_user_dp
devices. • Vision Administrator _Users
• System User
DefensePro Deploy Deploys a new Network Protection • Administrator DefensePro_Deploy edit_policy_dp
Network Protection Policy policy. It deploys the policies per • Vision Administrator _Policies_for_MSS
for MSSP service for an MSSP environment. P
• System User
DefensePro Enable/Disable Toggles the state (enabled/ • Administrator DefensePro_Toggle enable_policy_d
Policies disabled) of a specified Network • Vision Administrator _Policy_State_Bas p
Protection policy on selected ed_On_Policy-
DefensePro devices. The policy • System User
regex
name can be specified using a • Security Administrator
regular expression.
DefensePro Export/Import Exports policies from a selected • Administrator DefensePro_Export check_policy_dp
Policies DefensePro device and imports the • Vision Administrator _And_Import_Polic
policies to one or more target y
devices. • System User
For more information on the • Device Administrator

feature, see Using DefensePro
Templates, page 254.

Using the Toolbox
DefensePro Find Update Finds DefensePro devices that have • Administrator DefensePro_Find_U find_upsate_pol
Policy Pending a configuration that is pending an • Vision Administrator pdate_Policy_Pend icy_pending_dp
Update Policies action. ing
• System User
DefensePro Locate Policies Finds the policies and profiles that • Administrator DefensePro_Search tune_BDoS_profi
and Profiles with Specified use a specified Signature ID. • Device Administrator _Signature les_DP
Signature
• Security Monitor
DefensePro Reset BDoS Resets the BDoS baselines of • Administrator DefensePro_Reset_ reset_policy_bd
Policy Baselines specified policies on DefensePro • Vision Administrator BDoS_Policy_Basel os
devices. ines
• System User
DefensePro Reset DNS Resets the DNS baselines of • Administrator DefensePro_Reset_ reset_policy_dn
Policy Baselines specified policies on DefensePro • Vision Administrator DNS_Policy_Baseli s
devices. nes
• System User
DefensePro Tune BDoS Provides options for tuning existing • Administrator DefensePro_Tune_B tune_BDoS_profi
Profiles BDoS profiles. • Vision Administrator Dos_Profile les_DP
• System User

Using the Toolbox
DefensePro Update Users Updates user credentials in • Administrator DefensePro_Update edit_user_dp
DefensePro devices. • Vision Administrator _Users
• System User

Using the Toolbox
Table 83: Miscellaneous Predefined Toolbox Scripts
Action Title Description/Remark Permitted Roles vDirect Filename Icon Filename

(.vm) (.svg)
DefenseSSL Configures a DefensePro version-8.x device with SYN • Administrator DefenseSSL_DPv N/A
Quick Setup Flood Protection and SSL Mitigation, and configures an • Vision Administrator 8_Alteon_Quick
Alteon device that acts as the SSL Decryption Unit. _Setup
• System User
The Alteon device that acts as the SSL Decryption Unit
must be an Alteon standalone or VA platform of version • Security Administrator
30.0 and later. • Device Administrator
In DefensePro versions 8.14 and later, before you can
run the script, you must select the option Enabled,
Using an External Device.
Notes:
• For information on the SSL Mitigation feature, see
the relevant sections in the DefensePro User Guide
or the APSolute Vision online help.
• After the Toolbox script configures the DefensePro
and Alteon devices, you can modify the
configuration on the devices. Be aware, however,
that modifying the configuration of the DefensePro
device may require modifying the configuration of
the Alteon device or vice versa.
Validate All APM Validates the APM configuration for all APM-enabled • Administrator Validate_All_A apm_alteon.svg
Services services. • Vision Administrator pm_Services
For more information on APM, see the Application • System User
Performance Monitoring User Guide and other related
documentation. • ADC Administrator
Administrator
• Device Configurator

Using the Toolbox
Device Locking and Toolbox Scripts

The Toolbox script determines whether the target devices must be locked for the script to run.
If the script does not require device locking, any Toolbox mechanism can run the script (whether or
not the device is locked by any user).
If the script requires device locking:
• When an Operator Toolbox scheduled task runs the script, APSolute Vision tries to lock the
device. If the locking action is successful, the script runs, and then, APSolute Vision unlocks the
device. If the locking action fails, the Operator Toolbox scheduled task fails.
• When a user runs the script, and the device is already locked by the user, the script runs.
• When a user runs the script, and the device is not locked by the user, the APSolute Vision tries to
lock the device for the user. If the locking action is successful, the script runs, and then,
APSolute Vision unlocks the device. If the locking action fails, APSolute Vision issues an error
message and stops trying to run the script.
The following predefined scripts do not require device locking:

• DefensePro Check Network Policy Compliance
• DefensePro Find Update Policy Pending
• ADC Check Certificate Validity
• ADC Check SSL Policy Compliance
• ADC Find Apply Pending
• ADC Find Save Pending
Running Scripts
You can run a script in the following ways:
• From the Toolbox dashboard
• From a device toolbar
• From the Operator Toolbox tab in the Advanced tree
Caution: Before you try running a script, see Prerequisites for Target Devices of Toolbox Scripts,
page 227.
Note: You cannot specify a high-availability cluster as a target device of a Toolbox script.
Tip: If you select devices in the device pane Sites and Devices tree or Physical Containers tree and
then run a Toolbox script, the Selected list of target devices is populated automatically.
Tip: Once you have run a Toolbox script from the Toolbox dashboard, you can run the script again
using the same configuration as the last time. All you need to do is hover over the required script
and click the button.

Using the Toolbox
Figure 51: Button to Run a Script Using the Last Configuration
To run a Toolbox script from the Toolbox dashboard
dashboard opens.
2. Hover over the required script and click the button. The Run Script: <script name> tab
opens.
— In the Target Device List tab, specify the target devices. That is, select entries from the lists
and use the arrows to move the entries to the other lists as required. The Target Device List
tab contains the Available lists and the Selected lists of devices and Logical Groups (of
devices). The Available lists display the available devices and available Logical Groups. The
Selected device list displays the devices that the script runs on. The Selected Logical
Group list displays the Logical Groups with the devices that the script runs on.
— In the Parameters tab, configure the script-specific parameters.
Note: When a Logical Group is selected, the effective Target Device List dynamically
updates, according to the devices in the Logical Group. That is, when the device-set of a
Logical Group changes, the effective Target Device List changes accordingly. For more
information, see Using Logical Groups of Devices, page 199.
4. Click Submit. The Output Script: <script name> tab opens.
The Output Script: <script name> tab contains the following three fields:
— Status—The short status of the script, for example, Operation Completed.
— Output—The output that the script returned after a successful run.
— CLI Output—The full CLI output of the script.
Notes
— You can leave the Output Script: <script name> tab open and rerun the script. Having
multiple instances of the Output Script: <script name> tab enables you to compare the
results of multiple runs.
— The Run Script: <script name> tab open after a run, so you can go back and look at the
script parameters and compare them to the output. You can also rerun the same script, or
change parameters and then rerun it.
— Only one Run Script: <script name> tab can be open concurrently. If you want to run
another script, you need to close the Run Script: <script name> tab.

Using the Toolbox
A device toolbar may display one or more icons that enable a device user to run a script. For more
information, see Configuring a Toolbox Script in APSolute Vision, page 246.
To run a script from a device toolbar

1. Open the device and click the relevant icon in the device toolbar. The Run Script: <script name>
tab opens.
Notes
— Only one Run Script: <script name> tab can be open at any one time. If you want to run
To run a Toolbox script from the Operator Toolbox tab in the Advanced tree
dashboard opens.
2. Select Advanced > Operator Toolbox.
3. Select the script, and click the (Run Script) button. The Run Script: <script name> tab
opens.

Using the Toolbox
Notes
— Only one Run Script: <script name> tab can be open at any one time. If you want to run
Configuring a Scheduled Task for a Script in the Toolbox Dashboard

You can configure a new scheduled task for a script from the Toolbox dashboard. The task type is
Operator Toolbox. If your configuration is successful, the Scheduler’s Task List table displays your
new task.
Notes
• For more information on scheduled tasks, including modifying Operator Toolbox tasks, see
Scheduling APSolute Vision and Device Tasks, page 305.
• APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each action—that is, whether the action succeeded or failed for each
target device.
• The configuration of the Toolbox script determines whether the target device must be locked for
the script to run. If the script requires device locking, when an Operator Toolbox task runs the
script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs,
and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox
task fails.

Using the Toolbox
• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes
the device from the Target Device List and continues running the task.
• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision
disables the task.
To configure a scheduled task for a script from the Toolbox dashboard
dashboard opens.
2. Hover over the required script and click the button. The Add Toolbox Script tab opens. The
Task Type value is Operator Toolbox, and in the Configuration Template tab, the Selected
Script text box displays the filename of the selected script.
3. Configure the remaining parameters, which are described in Operator Toolbox Task—
Parameters, page 321, and click Submit.
Table 84: Operator Toolbox: General Parameters
Name The name of the task.
Description A user-defined description of the task.
Enabled When selected, the task runs according to the defined schedule. Disabled
tasks are not activated, but the task configuration is saved in the
database.
Table 85: Operator Toolbox: Schedule Parameters
Run The frequency at which the task runs.
Select a frequency, then configure the related time and day/date
parameters.
Values:
• Once—The task runs one time only at the specified date and time.
• Minutes—The task runs at intervals of the specified number of
minutes between task starts.
• Daily—The task runs daily at the specified time.
• Weekly—The task runs every week on the specified day or days, at
the specified time.
Note: Tasks run according to the time as configured on the APSolute
Vision client.
Time1 The time at which the task runs.
Date2 The date on which the task runs.
Minutes3 The interval, in minutes, at which the task runs.

Using the Toolbox
Table 85: Operator Toolbox: Schedule Parameters (cont.)
Run Always4 Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely, with
no start or end time. It runs at the first Time configured with the
Frequency in the Schedule tab.
• Disabled—The task runs (at the time and frequency specified in the
Schedule tab) from the specified Start Date at the Start Time until
the End Date at the End Time.
Default: Enabled
Start Date5 The date and time at which the task is activated.
Start Time5
End Date5 The date and time after which the task no longer runs.
End Time5
1 – This parameter is available only when the specified Run value is Once, Daily, or
Weekly.
2 – This parameter is available only when the specified Run value is Once.
3 – This parameter is available only when the specified Run value is Minutes.
4 – This parameter is available only when the specified Run value is Minutes, Daily, or
Weekly.
5 – This parameter is available only when the Run Always checkbox is cleared.
Table 86: Operator Toolbox: Configuration Template
Selected Script (Read-only) The script that is selected in the table—with the file name.
To select the script, click the script from the Action Title column.
The table contains all the Toolbox scripts that you have permission to run. The table comprises the
following columns: Action Title, File Name, and Category.
Note: When you change a selection, the parameters in the Parameters tab change accordingly.
Table 87: Operator Toolbox: Parameters Parameters
Note: This tab is available only when the script that is selected in the Configuration Template
tab includes configuration parameters.
The parameters for the selected script.
Table 88: Operator Toolbox: Target Device List

Using the Toolbox
Table 88: Operator Toolbox: Target Device List (cont.)
The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical
Group list displays the Logical Groups that the Toolbox script runs on.
Select entries from the lists and use the arrows to move the entries to the other lists as required.
Note: When a Logical Group is selected, the effective Target Device List dynamically updates—
according to the devices in the Logical Group. That is, when the device-set of a Logical Group
changes, the effective Target Device List changes accordingly. For more information, see Using
Managing Toolbox Scripts

Users with the Administrator or Vision Administrator roles can access the Operator Toolbox pane
from the Advanced Toolbox tree and manage Toolbox scripts.
Managing Toolbox scripts comprises the following:
• Using the Operator Toolbox Pane, page 244
• Configuring a Toolbox Script in APSolute Vision, page 246
• Deleting a Toolbox Script from APSolute Vision, page 248
• Downloading a Toolbox Script, page 248
Using the Operator Toolbox Pane

Use the Operator Toolbox pane from the Advanced Toolbox tree to manage Toolbox scripts.
To open the Operator Toolbox pane
dashboard opens.

Using the Toolbox
Figure 52: Operator Toolbox Pane in the Advanced Toolbox Tree

Categories—You can define a category for each script, organizing your scripts into
meaningful groups, to make it easier to locate relevant scripts. When you click on a category
node, the Operator Toolbox tab displays only the scripts belonging to that category.
Advanced icon—Displays the advanced features of the toolbox.
Buttons for managing a script: Add, Edit (that is, its properties not the
script itself), Delete, and Download.
Run button—Runs the selected script and opens the Run Script
tab, where you specify the target devices and script-specific
values.
The table in the Operator Toolbox tab, which contains most of the default scripts configured in the
APSolute Vision server, comprises the following columns:
• Action Title—The title for the script.
• File Name—The file name of the script, which is a hyperlink to the script in the vDirect module.
You can edit the script in the user interface of the vDirect module.
• Description—The user-defined description of the script.
• Category—The category assigned to sort the script. When you click on the category node, the
Operator Toolbox tab displays only the scripts belonging to the category.
• Toolbar Icon—The icon that runs the script from the toolbar of a managed device. This is
relevant only when the Assign to Toolbar parameter is set in the script configuration.
• Device Toolbar—The device types whose toolbar displays an icon to run the script.
• Uploaded By—The username who uploaded the script to APSolute Vision.
• Upload Date—The date the script was uploaded to APSolute Vision.
In the Operator Toolbox tab, you can load the scripts from APSolute Vision or from vDirect. You can
run scripts from the Toolbox or from vDirect. Any change you to make to a script is reflected in both
locations. The vDirect module in APSolute Vision validates the scripts and hosts them in the vDirect
Configuration Templates tab. You can use vDirect to write new Toolbox scripts and then configure
them in APSolute Vision. If a script is already configured in APSolute Vision, you can click on its link,
which opens the script in vDirect—for you to view or modify as you require.

Using the Toolbox
Note: For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect
with APSolute Vision, page 725, and the Radware vDirect documentation that corresponds to the
vDirect version in the APSolute Vision server. To find out the vDirect version, in the APSolute Vision
Settings view System perspective, select General Settings > Basic Parameters and look in the
Software tab.
Caution: See before you try running a script, see Prerequisites for Target Devices of Toolbox
Scripts, page 227.
To run a Toolbox script from the Operator Toolbox tab
dashboard opens.
3. Select the script, and click the (Run Script) button. The Run Script: <script name> tab
opens.
5. Click Submit.
Configuring a Toolbox Script in APSolute Vision

Use the Operator Toolbox tab to configure a Toolbox script in APSolute Vision.
Note: For information on writing and editing Toolbox scripts (for example, setting default values),
see Writing and Editing Toolbox Scripts, page 249.

Using the Toolbox
To configure a Toolbox script in APSolute Vision
dashboard opens.
— To add an entry to the table, click the (Add) button.
— To edit an entry in the table, select the entry and click the (Edit) button.
Table 89: Operator Toolbox Parameters
Action Title The title for the script.
File Name The .vm file. Browse to the file and select it.
Description The description of the script.
Tooltip The tooltip that displays when you hover over the specified icon in the
device toolbar.
Category The category that determines which node (under the parent Operator
Toolbox node) contains the script. Specify a category for a script to
organize the script into a meaningful group, and make it easier to
locate. When you click on a category node, the Operator Toolbox tab
displays only the scripts belonging to that category.
Values:
• Configuration
• Data Export
• Emergency
• High Availability
• Monitoring
• Operations
• Unassigned
Default: Unassigned
Assign to Toolbar Specifies whether you can run the script from the toolbar of a managed
device.
Default: Disabled
Toolbar Icon The icon that you click to run the script from the toolbar of a managed
(This button is available device.
only when the Assign to
Toolbar checkbox is
selected.)

Using the Toolbox
Table 89: Operator Toolbox Parameters (cont.)
Device Toolbar The device type whose toolbar displays the icon to click to run the
script.
Values: Alteon, LinkProof NG, DefensePro, All
Default: All
Assign to Dashboard Specifies whether you can run the script from the Toolbox dashboard.
Default: Disabled
Dashboard Icon The icon that you click to run the script from the Toolbar dashboard.
(This parameter is Note: The table in the Operator Toolbox Settings tab manages the
available only when the icons for the Toolbox dashboard (APSolute Vision Settings view
Assign to Dashboard System perspective, General Settings > Operator Toolbox
checkbox is selected.) Settings). For more information, see Managing Operator Toolbox
Settings, page 166.
Roles
Configure the Selected list with the RBAC roles that are allowed to run the script.
The Selected list always includes the roles Administrator, Vision Administrator, and System
User, and you cannot remove them.
Notes:
• The predefined roles are configured with the appropriate RBAC roles, by default.
• For more information on RBAC roles, see Role-Based Access Control (RBAC), page 85.
Deleting a Toolbox Script from APSolute Vision

Use the Operator Toolbox tab to delete a Toolbox script from APSolute Vision.
To delete a Toolbox script from APSolute Vision
dashboard opens.
3. Select the script, and click the (Delete) button.
Downloading a Toolbox Script

Use the Operator Toolbox tab to download or view a Toolbox script in APSolute Vision.
To download or view a Toolbox script
dashboard opens.
3. Configure the filter as necessary (see the procedure To filter the display of the template list,
page 260).

Using the Toolbox
4. Select the rows with the required scripts (using standard Windows key combinations).

6. In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
7. Click Save.
Writing and Editing Toolbox Scripts

• Allowing a Script To Run on an Unlocked Device, page 249
• Guidelines for Setting a Default Value for a Parameter, page 250
• Recommended vDirect Elements to Include in Scripts, page 250
Toolbox scripts are text files with the .vm extension, which use vDirect syntax. You can write new
scripts, and you can edit existing scripts according to your requirements. For example, if you need to
run a script repeatedly with the same values, you can edit the script and define default values for
parameters.
Caution: If you intend to run a predefined script often, you may want to modify its default
configuration. However, an upgrade of APSolute Vision may include changes to predefined scripts,
which overwrite any script modifications that you have made to the predefined scripts. If you modify
a predefined script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script.
Notes
• The predefined scripts incorporate the guidelines as appropriate. For example, using
#haltOnDeviceError is not incorporated in a script that uses a GET command, and
#require_device_lock=false is included in script that makes no change to a device
configuration.
• For more information on vDirect, see vDirect with APSolute Vision, page 46, Using vDirect with
APSolute Vision, page 725, and the Radware vDirect documentation that corresponds to the
vDirect version in the APSolute Vision server. (To identify the vDirect version, in the APSolute
Vision Settings view System perspective, select General Settings > Basic Parameters and
look in the Software tab.)
Allowing a Script To Run on an Unlocked Device

By default, Toolbox scripts cannot run on an unlocked device. For more information, see Device
Locking and Toolbox Scripts, page 238.
To allow a script to run on unlocked devices, include the following row in the script:
#param($require_device_lock, 'bool', 'out', 'defaultValue=false')

Using the Toolbox
Guidelines for Setting a Default Value for a Parameter

You can set a default value for a script parameter.
Here are some snippets showing how to set a default value for a parameter:
• #param($activate, 'type=string', 'prompt=Enable User',
'values=Enable,Disable', 'defaultValue=Enable')
• #param($crtmng, 'type=string', 'prompt=Certificate Management',
'values=Enable,Disable', 'defaultValue=Disable')
• #param($name, 'type=string', 'prompt=Server Name',
'properties={"maxCharLength" : "24"}', 'defaultValue="My Server"')
• #param($privsrc, 'type=ip', 'prompt=Primary Source Address',
'required=false', 'defaultValue=0.0.0.0')
Recommended vDirect Elements to Include in Scripts

When you write a vDirect script to use as a Toolbox script in APSolute Vision, Radware recommends
using the following elements:
• #haltOnDeviceError(true|false) ... #end —This block directive surrounds a block of
commands.
When you use the true argument, every command is automatically tested for errors and, if an
error response is detected, the script is halted with an exception. The drawback to this is that
when you run a Toolbox script on multiple devices, the first exception causes the script to halt.
When you use the false argument, no command is tested for errors, and the script is not halted.
• An output parameter, so that the APSolute Vision alert message displays the output of the
script formatted well and clearly.
Figure 53: Example Output that Is Not Formatted Well
Figure 54: Example Output that Is Formatted Well

Using the Toolbox
The following is an excerpt of a script that includes an output parameter, so that the
APSolute Vision alert message displays the output of the script formatted well and clearly.
#device($alteons, 'type=alteon[]', 'prompt=Alteon/LinkProof NG')

#param($output, 'type=string','out')
#set($output = 'The following devices are pending apply:<br>')
#set($negOutput = 'There are no devices pending apply.')
#set($tempOutput = '')
#foreach($alteon in $alteons)
#select($alteon)
#set($applyTable = $alteon.readAllBeans("AgApply"))
#foreach($applyRow in $applyTable)
#if($applyRow.agApplyPending == 'APPLYNEEDED')
#set($tempOutput = $tempOutput + $alteon.ip + '<br>')
#end
#end
#end
#if($tempOutput.isEmpty())
#set($output = $negOutput)
#else
#set($output = $output + $tempOutput)
#end
Using the Workflows Dashboard

Users with the Administrator or Vision Administrator roles can access the Workflows dashboard to
manage and create instances of vDirect workflows.
Figure 55: Workflows Dashboard

Using the Toolbox
The Workflows dashboard displays vDirect workflows that are stored in the APSolute Vision vDirect
Workflow Templates repository. The Workflow Templates repository is under the vDirect Inventory
tab.
Notes
• You can access vDirect from the from the APSolute Vision sidebar menu ( Applications >
vDirect).
• For general information on using vDirect with APSolute Vision, see Using vDirect with APSolute
Vision, page 725.
• Many or the default workflows in the Workflows dashboard are AppShape™ templates in vDirect
form. AppShape templates accelerate, simplify, and optimize the configuration of Alteon ADC
devices for deployments of various applications. For more information, see Using AppShape
Templates and Instances, page 264.
• You can filter the workflows displayed in the dashboard by entering appropriate text in the filter
box.
A vDirect workflow that you add to the Workflows dashboard—or retrieve from the APSolute Vision
vDirect Workflow Templates repository—is a .zip file. A workflow .zip file contains a
workflow.xml file and may include other items, such as a PNG graphic for the icon displayed in the
Workflows dashboard.
Creating and modifying vDirect workflow files is not within the scope of the APSolute Vision
documentation. For more information, refer to the Radware vDirect documentation that corresponds
to the vDirect version in the APSolute Vision server. To determine the vDirect version, in the
APSolute Vision Settings view System perspective, select General Settings > Basic Parameters
and look in the Software tab.
To add a workflow to the Workflows dashboard

1. In the Workflows tab, click +New Workflows.
2. Browse to the workflow .zip file and click Open. APSolute Vision checks the file for basic
validity. If the file passes the inspection, the Workflows dashboard displays the new workflow as
a new widget.
Note: If the workflow does not include a PNG graphic for the icon, APSolute Vision uses a
default graphic.
If there are no active instances of a workflow, you can delete the workflow from the dashboard.
To delete a workflow from the Workflows dashboard
1. In the relevant widget, click the icon.

2. Select Delete, and confirm.

Using the Toolbox
To update the configuration of a workflow in the Workflows dashboard
1. In the relevant widget, click the icon.

2. Select Update.
3. Browse to the workflow .zip file and click Open. APSolute Vision checks the file for basic validity
and updates the workflow configuration accordingly.
To create/run an instance of a workflow in the Workflows dashboard

1. In the relevant widget, click Create. The workflow interface opens.
2. Configure the parameters.
3. Click Run. Depending on the workflow configuration, vDirect creates an instance of the workflow
or runs the workflow. If the workflow configuration creates an instance, the dashboard
increments the Instances count.
If there is an instance of a workflow, you can open its Instances Table dialog box.
Each row of Instances table comprises the following:
• The name of the instance.
• The state of the instance as defined in the vDirect workflow, for example: created or ready.
• The last message that the workflow issued for the instance.
• The Actions drop-down list, which contains the action options that the vDirect workflow
supports. Click an action as necessary.
• The delete icon ( ) to delete the instance.

• The More link, which opens the workflow template instance in APSolute Vision vDirect.
To open the Instances Table dialog box

> In the relevant widget, click Instances.

Using the Toolbox
Using DefensePro Templates

This feature is available only in DefensePro 6.x versions 6.11 and later, 7.x versions, and 8.x
versions 8.10 and later.
You can export and import DefensePro configuration templates.
A DefensePro configuration template can include the configuration (the definitions and security
settings) and/or baselines of a (Network) Protection policy and/or Server Protection policy.
Notes
• In DefensePro 8.x versions 8.17.2 and later display, the Configuration perspective displays the
Protections tab, and the tab includes the Protection Policies node. In 6.x versions, 7.x versions,
and 8.x versions earlier than 8.17.2, the tab is labeled Network Protection, and the tab includes
the Network Protection Policies node.
• The Server Protection feature is available only in DefensePro 6.x and 7.x versions.
A template from a (Network) Protection policy can include the baselines from the associated DNS
and/or BDoS profiles.
A template from a Server Protection policy can include learned baselines from the associated HTTP
Flood profiles.
DefensePro configuration templates do not include the following information:
• DefensePro setup and network configuration—For example, device time, physical ports,
and so on.
• DefensePro security settings—The protections that a policy template uses must be
supported and enabled globally in the target DefensePro device (that is, the target DefensePro
device into which you are importing the policy template). For example, if you export a Protection
policy that includes a BDoS Protection profile, the DefensePro device into which you are
importing the policy template must have BDoS Protection enabled globally (Configuration
perspective, Setup > Security Settings > BDoS Protection > Enable BDoS Protection).
• User-defined signatures.
• The configuration of user-defined SYN Flood Protections in the SYN Flood Protection
profile.
Caution: If you export a configuration that includes any user-defined SYN Flood Protection in
the SYN Flood Protection profile, the configuration template will include the value(s) of the
Protection Name parameter, but will not include the associated configuration(s). Importing
such a configuration template will fail if the target DefensePro device does not include the user-
defined SYN Flood Protections with the same names.
• User-defined/custom Signature Protection profiles in certain earlier DefensePro

versions—The following versions can include the user-defined/custom Signature Protection
profile: 6.x versions 6.13 and later, 7.x versions 7.42.03 and later, and 8.x versions 8.10 and
later.
Caution: If the imported BDoS baseline or DNS baseline is below the minimum value in the
configuration of the corresponding profile, after an Update Policies action, DefensePro recalculates
the baseline or baselines according to the configuration of the profile. (For information on the
configuration of profiles, see Configuring BDoS Profiles, page 1726 and Configuring DNS Flood
Protection Profiles, page 1758.)

Using the Toolbox
Notes
• The terms Protection policy, Network Protection policy, and network policy may be used
interchangeably in APSolute Vision and in the documentation.
• You can import Network Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x or 7.x versions.
• You can import Network Protection policies from DefensePro platforms running supported 7.x
versions only into other platforms running supported 7.x versions.
• You can import Protection policies from DefensePro platforms running supported 8.x versions
only into other platforms running supported 8.x versions.
• You can import Server Protection policies from DefensePro platforms running supported 6.x
versions into platforms running supported 6.x versions.
• You can import Server Protection policies from DefensePro platforms running supported 7.x
versions into platforms running supported 7.x versions.
• APSolute Vision provides a predefined Toolbox script for exporting and importing DefensePro
configurations, DefensePro Export/Import Policies. For more information, see Using and
Managing Toolbox Scripts, page 221.
Exporting a Protection Policy as a Template

Use the following procedure to export a Protection policy as a template.
To export a Protection policy as a template in DefensePro 8.x versions 8.17.2 and later
1. In the Configuration perspective, select Protections > Protection Policies.
2. Select the Protection policy that you want to export, and click (Export).
Table 90: Export Protection Parameters
Download To Values:
• APSolute Vision Client—DefensePro exports the template to the
location specified (in the dialog box that opens after you click
Submit) in the filepath or by browsing to the location with the
Browse button.
• APSolute Vision Server—DefensePro exports the template to the
APSolute Vision database.
Default: Server

Using the Toolbox
Table 90: Export Protection Parameters (cont.)
Save As The filepath when Download To is APSolute Vision Client or the
filename when Download To is APSolute Vision Server.
The default filename uses the following format (with no extension):
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2016.03.19_13.45.59
The date-time format is determined in the APSolute Vision Settings view
Preferences perspective, under General Settings > Display.
The file is saved on the server as a ZIP file; and on the local host, the file
is saved as a TXT file.
Export Policy and Profiles
Policy Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
Anti-Scanning Specifies whether DefensePro exports the template with the current
Whitelisted Objects whitelisted objects of the Anti-Scanning profile of the policy.
Default: Enabled
Custom Signature Specifies whether DefensePro exports the template with the current
Profile custom (user-defined) Signature Protection profile of the policy.
Default: Enabled
Traffic Filters Profile Specifies whether DefensePro exports the template with the current
Traffic Filters profile of the policy.
Default: Enabled
Export Baselines
BDoS Baseline Specifies whether DefensePro exports the template with the current BDoS
baseline of the policy.
Default: Enabled
DNS Flood Protection Specifies whether DefensePro exports the template with the current DNS
Baseline Flood Protection baseline of the policy.
(In DefensePro Default: Enabled
versions earlier than
8.18, the label for this
parameter is DNS
Baseline.)
HTTPS Flood Protection Specifies whether DefensePro exports the template with the current
Baselines HTTPS Flood Protection baselines of the policy.
(This parameter is Default: Enabled
available only in
DefensePro versions
8.18 and later.)

Using the Toolbox
To export a Network Protection policy as a template in 6.x versions, 7.x versions, and 8.x
versions earlier than 8.17.2
1. In the Configuration perspective, select Network Protection > Network Protection Policies.
2. Select the Network Protection policy that you want to export, and click (Export).
Table 91: Export Network Protection Parameters
Download To Values:
• Client—DefensePro exports the template to the location specified (in
the dialog box that opens after you click Submit) in the filepath or by
browsing to the location with the Browse button.
• Server—DefensePro exports the template to the APSolute Vision
database.
Default: Server
Download Via (Read-only) The transport method.
Value: HTTPS
Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
DNS Baseline Specifies whether DefensePro exports the template with the current DNS
Default: Enabled
BDoS Baseline Specifies whether DefensePro exports the template with the current BDoS
Default: Enabled
Custom Signature Specifies whether DefensePro exports the template with the current
Profile custom (user-defined) Signature Protection profile of the policy.
Default: Enabled
Traffic Filters Profile Specifies whether DefensePro exports the template with the current
Traffic Filters profile of the policy.
Default: Enabled
Anti-Scanning Specifies whether DefensePro exports the template with the current
Whitelisted Objects whitelisted objects of the Anti-Scanning profile of the policy.
Default: Enabled

Using the Toolbox
Table 91: Export Network Protection Parameters (cont.)
Save As The filepath when Download To is Client or the filename when
Download To is Server.
<DeviceName>_<PolicyName>_<date>_<time>
Example:
MyDefensePro_MyPolicy_2016.03.19_13.45.59
Preferences perspective, under General Settings > Display.
The file is saved on the server as a ZIP file; and on the local host, the file
is saved as a TXT file.
Exporting a Server Protection Policy as a Template

Use the following procedure to export a Server Protection policy as a template.
To export a Server Protection policy as a template

1. In the Configuration perspective, select Server Protection > Server Protection Policy.
2. Select the policy that you want to export, and click (Export).
Table 92: Export Server Protection Parameters
Download To Values:
• Client—DefensePro exports the template to the location specified in
the filepath or by browsing to the location with the Browse button.
• Server—DefensePro exports the template to the APSolute Vision
database.
Default: Server
Download Via (Read-only) The transport method.
Value: HTTPS
Configuration Specifies whether DefensePro exports the template with the configuration
of the policy.
Default: Enabled
HTTP Baseline Specifies whether DefensePro exports the template with the current HTTP
Default: Enabled

Using the Toolbox
Table 92: Export Server Protection Parameters (cont.)
Save As The filepath when Download To is Client or the filename when
Download To is Server.
<DeviceName>__<PolicyName>_<date>_<time>
Example:
MyDefensePro__MyPolicy_2015.03.19_13.45.59
Preferences perspective, under General Settings > Date and Time
Format.
The file is saved in the server as a ZIP file, and in the local host, the file is
saved as a TXT file.
Managing DefensePro Configuration Templates

Use the DefensePro Configuration Templates pane to manage security-protection templates.
The DefensePro Configuration Templates pane contains the table of templates, which comprises the
following columns:
• Source Device Name—Displays one of the following:
— The name of the device from which the template was exported.
— Local—The template was uploaded from the local PC.
— System—The template is a predefined template.
• File Name—Displays the filename of the template.
• File Type—Displays Server Protection for a template from a Server Protection policy or
Network Protection for a template from a Protection policy.
• Export Date—Displays the date and time that the template was added to the Template List.
The date-time format is determined in the APSolute Vision Settings view Preferences
perspective, under General Settings > Date and Time Format.
The template table can contain up to 2000 entries.

You can filter the display of the list for convenience and efficiency, and clear the filter as necessary.
You can select one or multiple rows, using standard key combinations.
• Send the templates to one or more DefensePro devices.
• Delete the templates from one or more DefensePro devices—The delete command does
the following:
— Removes the selected templates from the table.
— Removes, from the DefensePro devices, the policy definitions and all other policy-related
configurations (Network Classes, VLAN Tag Classes, profile definitions) as long as the other
policies on the devices are not using those objects.
• Add (upload) templates from another location to the template table.
• Download the templates to another location.
• Delete the rows—This action deletes the policy or policies, without the related objects.

Using the Toolbox
To filter the display of the template list
dashboard opens.
2. Select Advanced > DefensePro Configuration Templates.
3. Configure the parameters, and then, click the (Search) button.
Table 93: Template-List Filter Parameters
Source Device Name Values:
• Device name—Shows only the templates downloaded from the
selected device.
• Local—Shows only the templates uploaded from the local PC.
• System—Shows only the predefined templates.
Default: All
File Type Values:
• Server Protection (not relevant for DefensePro 8.x versions)—
Shows the templates from Server Protection policies.
• Network Protection—Shows the templates Protection policies.
File Name The filename that the filter uses. The value supports one or two
wildcards (*).
Examples:
• *pol* —Shows any filename containing the string pol.
• *pol —Shows any filename ending with the string pol.
• pol* —Shows any filename starting with the string pol.
To clear the template-list filter and show all of the stored templates
dashboard opens.
3. Click Clear.
To send templates to DefensePro devices
dashboard opens.
page 260).

Using the Toolbox
4. Select the rows with the required templates (using standard Windows key combinations).
5. Select Send to Devices.
Table 94: Send to Devices: Select Devices to Update Parameters
The Available lists and the Selected lists of DefensePro devices and Logical Groups (of
DefensePro devices). The Available lists display the available devices and available Logical
Groups. The Selected device list displays the devices to update. The Selected Logical Group list
displays the Logical Groups with the devices to update.
Notes:
• The Available device list can contain only the devices that support the templates features.
• When a Logical Group is selected, the effective Target Device List dynamically updates,
Update Method Values:
• Append to Existing Configuration—The template adds the policy
and profile configurations, and any baselines, to the devices in the
Selected lists. The template does not overwrite any existing
configuration. For example, if a policy name exists in a target
device, the policy on the target device does not get changed.
• Overwrite Existing Configuration—The template adds the policy
and profile configurations, and any baselines, to the devices in the
Selected lists. If a policy or profile with the same name exists in
a target device, the template overwrites it.
Default: Overwrite Existing Configuration
Caution: For the update behavior when the policy template
includes a user-defined profile (User-Defined Signature
Protection Profile, Custom Signature Profile, or Traffic Filters
Profile), see Update Behavior Using DefensePro Configuration
Templates with User-Defined Profiles, page 262.
Install on Instance The identifier or the DefensePro hardware instance onto which to add
(This parameter is relevant the template.
only for DefensePro x420 Values: 0, 1
platforms.) Default: 0
Update Policies After Values:
Sending Configuration • Enabled—After successfully uploading a template to a device, an
Update Policies (activate latest changes) action is automatically
initiated.
• Disabled—After successfully uploading a template to a device, an
Update Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled

Using the Toolbox
Update Behavior Using DefensePro Configuration Templates with User-Defined Profiles

This section describes the update behavior when one of the following Export options was enabled
when a security-protection policy template was created:
• Custom Signature Profile—Available only in DefensePro 8.x versions
• User-Defined Signature Protection Profile—Available only in DefensePro 6.x versions 6.13
and later, and 7.x versions 7.42.03 and later
• Traffic Filters Profile—Available only in DefensePro 8.x versions 8.15 and later
• When the Update Method is Append to Existing Configuration and the policy does not exist,
but a user-defined profile name exists in the target device, the policy is created in the target
device using the existing profile.
• When the Update Method is Overwrite Existing Configuration and the user-defined profile
name exists in the target device, the policy is created or modified (if it exists already), but the
template does not modify the rules or attributes of the existing profile—the template only
extends the profile with new rules and attributes on the target device.
To delete templates and associated configuration objects from DefensePro devices
dashboard opens.
page 260).
5. Select Delete from Devices.
Table 95: Delete from Devices: Select Devices to Update Parameters
Groups. The Selected device list displays the devices to update. The Selected Logical Group list
displays the Logical Groups with the devices to update.
Notes:
• The Available device list can contain only the devices that support the templates features.
• The Selected device list can contain only DefensePro devices running 6.x versions 6.14 and
later, 7.x versions 7.41.02 and later, or 8.x versions 8.10 and later.
• When a Logical Group is selected, the effective Target Device List dynamically updates,

Using the Toolbox
Table 95: Delete from Devices: Select Devices to Update Parameters (cont.)
Update Policies After Values:
Sending Configuration • Enabled—After successfully deleting the templates and associated
configuration objects from a device, an Update Policies (activate
latest changes) action is automatically initiated.
• Disabled—After successfully deleting the templates and
associated configuration objects from the devices, an Update
Policies (activate latest changes) action is required for the
configuration to take effect.
Default: Disabled
To add (upload) templates from another location to the template list
dashboard opens.

Table 96: Upload File to Server Parameters
File Type Values:
• Server Protection—The template defines a Server Protection policy (not
relevant for DefensePro 8.x versions).
• Network Protection—The template defines a Protection policy.
Upload From The filepath of the template. Click Browse to browse to the directory and
select the file.
To download templates to another location
dashboard opens.
page 260).

6. In the Save As text box, type the path to the target directory or click Browse to browse to the
directory.
7. Click Save.

Using the Toolbox
To delete stored templates
dashboard opens.
page 260).
5. Click the (Delete) button in the pane.
Using AppShape Templates and Instances

Use AppShape™ templates to accelerate, simplify, and optimize the configuration of Alteon ADC
devices for deployments of the following applications:
• Common Web Applications
• Citrix XenDesktop
• DefenseSSL
• Microsoft Exchange 2010
• Microsoft Exchange 2013
• Microsoft Lync External
• Microsoft Lync Internal
• Oracle E Business
• Oracle SOA Suite 11g
• Oracle WebLogic 12c
• SharePoint 2010
• SharePoint 2013
• VMware View 5.1
• Zimbra
AppShape templates configure all the required ADC options tailored and optimized for the selected
business application. With APSolute Vision, you can create instances of AppShape templates from
one single configuration pane with a small set of parameters.
AppShape configures the full, optimal Server Load Balancing (SLB) configuration for the selected
business application, which comprises:
• Real servers
• Server groups
• Virtual servers
• Application services—such as (depending on the selected business application) health check,
FastView optimized caching, compression, connection management, or acceleration

Using the Toolbox
Users with the Administrator role can manage the AppShape templates.
Users with following roles can create AppShape instances on Alteon devices:
• Administrator
• ADC + Certificate Administrator
• System User
To create AppShape instances of most AppShape types, APSolute Vision requires SSH access to run
CLI commands on the Alteon device. Therefore, SSH must be enabled and properly configured. SSH
must be enabled in the Management Protocols pane (Configuration perspective, System >
Management Access > Management Protocols). And, the SSH port configured in the
Management Protocols pane must be the same as the value in the SSH Port text box in the Device
Properties pane. (The Device Properties pane opens from the Sites and Devices tree when you add a
new device or edit device properties.)
To view the basic parameters of AppShape instances that the APSolute Vision server is
managing
dashboard opens.
2. Select Advanced > AppShapes.
Table 97: Basic Parameters of AppShape Instances in APSolute Vision
AppShape Type The AppShape type.
Name The name of the AppShape instance.
Note: You can change the name in the configuration of the
instance on the device.
Device Name The name of the device on which the AppShape instance is deployed.
Virtual Address The virtual IP address of the service.
Valid Configuration The latest-known status that specifies whether the AppShape
instance is synchronized with the AppShape template.
Last Validation The last time that the configuration of the device was synchronized
with the AppShape template.
You can filter the display of the AppShapes Service table according to the values in any column. The
filter is either a drop-down list or a text box. If the filter is a text box, the result is a case-insensitive
match of a string that the specified string in the value. After you configure the filter criteria, to apply
the filter, click the button to apply the filter. Click Clear to cancel the filter.
The nodes under the AppShapes node display, by default, the instances of the corresponding
AppShape type.

Using the Toolbox
Tip: If you intend to configure the AppShape instance with SSL Acceleration enabled (which is the
default of most AppShape types), configure the SSL certificate before you configure the AppShape
instance (Configuration perspective, Application Delivery > Application Services > SSL >
Certificate Repository).
To create an AppShape instance on a device

1. Lock the Alteon device on which you intend to configure the AppShape instance.
dashboard opens.
4. Click the (Add) button in the AppShape Service pane.

— From the AppShape Type drop-down list, select the AppShape type that you require.
— From the Device Name drop-down list, select the Alteon instance on which to configure the
AppShape instance.
6. Configure the mandatory parameters, make changes to non-mandatory parameters as required,
and click Submit.
For information on the various AppShape types and associated parameters, see the relevant
section:
— Configuring a Common Web Application AppShape Instance, page 268
— Configuring a Citrix XenDesktop AppShape Instance, page 270
— Configuring a DefenseSSL AppShape Instance, page 272
— Configuring a Microsoft Exchange 2010 AppShape Instance, page 275
— Configuring a Microsoft Exchange 2013 AppShape Instance, page 279
— Configuring a Microsoft Lync External AppShape Instance, page 283
— Configuring a Microsoft Lync Internal AppShape Instance, page 286
— Configuring an Oracle E-Business AppShape Instance, page 290
— Configuring an Oracle SOA Suite 11g AppShape Instance, page 292
— Configuring an Oracle WebLogic 12c AppShape Instance, page 294
— Configuring a SharePoint 2010 AppShape Instance, page 296
— Configuring a SharePoint 2013 AppShape Instance, page 298
— Configuring an VMware View 5.1 AppShape Instance, page 300
— Configuring a Zimbra AppShape Instance, page 302
To validate an AppShape instance
> Select the row with the AppShape instance and click (Validate AppShape Instance).

Using the Toolbox
To view or modify the configuration of an existing AppShape instance on a specific

device
dashboard opens.
3. Select the row with the instance whose configuration you want to view or modify, and then, click
the (Edit) button.

4. View or modify the configuration as required.
Uploading a New AppShape Template Type to the APSolute Vision Server

You can upload a new AppShape template type to the APSolute Vision server. When you upload a
new AppShape template type to the APSolute Vision server, you do not need to change or even
restart the APSolute Vision server. All you need is the AppShape-template ZIP file, that you receive
from Radware.
Caution: If you upload an AppShape template type that already exists in the APSolute Vision
server, before proceeding, and overwriting the existing template, Radware recommends strongly
that you remove existing instances of the template. If you overwrite the existing template and there
are existing instances of this template, unexpected results may occur.
Note: The online help that includes the description of the new AppShape template type will be in
the online-help files at radware.com and the latest online-help package. The APSolute Vision
administrator can configure whether the online help comes from the APSolute Vision server or from
radware.com. It is the responsibility of the APSolute Vision administrator to make sure that the help
files on the server are updated as necessary with the latest online-help package.
To upload a new AppShape template type to the APSolute Vision server
dashboard opens.
3. Click the (Upload AppShape) button at the top-left of the pane.

4. Navigate to the AppShape-template ZIP file, and then, click Open.

Using the Toolbox
Configuring a Common Web Application AppShape Instance

Use the Common Web Application AppShape to configure an Alteon ADC device to work in a network
architecture with a generic HTTP-based application.
Notes
• For the CLI configuration that AppShape generates as the result of the hard-coded AppShape
pattern or as the result of a value that you specify in the AppShape Instance tab, see Common
Web Application—AppShape-generated Configuration, page 769.
• The template configures some parameters automatically, which the template GUI does not
expose. After you finish the following procedure, you can use the Diff command to view the
entire configuration.
To configure a Common Web Application AppShape instance on a device

dashboard opens.
4. Select Common Web Application.
Table 98: Common Web Application: General Parameters
AppShape Type The specified AppShape type.
Table 99: Common Web Application: Web Application Instance Parameters
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format, that
the configuration device was synchronized with the AppShape
template.
Valid Configuration (Read-only) Specifies whether the configuration is valid.
Instance Name The name of the AppShape instance.

Using the Toolbox
Table 100: Common Web Application: Application Servers Parameters
Address/Port table Contains the addresses and ports of each real server configured for the
service.
To add an entry to the table, click the (Add) button.
To edit an entry in the table, select the entry and click the (Edit)
button.
Table 101: Common Web Application: Load Balancing Settings Parameters
SLB Metric The SLB metric used to select next server in the group.
Default: Round Robin
Note: If you choose a value other than the default, the AppShape
always uses the default value for any additional, specifically related
parameter. For example, if the value of SLB Metric is Min Misses,
the specifically related Minmiss Hash is always the default 24 Bits.
Health Check The type of content that is examined during health checks. The content
depends on the type of health check.
Default: http
Table 102: Common Web Application: HTTP Parameters
Caching Specifies whether the HTTP profile uses caching.
Default: Enabled
Compression Specifies whether the HTTP profile uses compression.
Default: Enabled
Connection Management Specifies whether the HTTP profile uses connection management.
If enabled, you must configure the proxy IP address.
Default: Enabled
Proxy IP Opens the Proxy IP pane.
(This button is displayed
only when the
Connection
Management checkbox is
selected.)
Table 103: Common Web Application: SSL Parameters
SSL Acceleration Specifies whether SSL offloading is enabled for acceleration.
Default: Enabled

Using the Toolbox
Table 103: Common Web Application: SSL Parameters (cont.)
Server Certificate The name of the SSL certificate, selected from the drop-down list.
(This parameter is To edit the selected SSL certificate, click Server Certificate.
displayed only when the
SSL Acceleration
Configuring a Citrix XenDesktop AppShape Instance

Use the Citrix XenDesktop AppShape to configure an Alteon ADC device to work in a network
architecture with Citrix XenDesktop.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Citrix
XenDesktop—AppShape-generated Configuration, page 771.
To configure a Citrix XenDesktop AppShape instance on a device

dashboard opens.
4. Select Citrix XenDesktop.
Table 104: Citrix XenDesktop: General Parameters

Using the Toolbox
Table 105: Citrix XenDesktop: Web Application Instance Parameters
template.
StoreFront Virtual Address The virtual IP address of the StoreFront service.
DDC Virtual Address The virtual IP address of the DDC service.
Table 106: Citrix XenDesktop: Application Servers Parameters
Citrix StoreFront Servers
service.
button.
Citrix DDC Servers
service.
button.
Table 107: Citrix XenDesktop: Load Balancing Settings Parameters
StoreFront
Default: tcp

Using the Toolbox
Table 107: Citrix XenDesktop: Load Balancing Settings Parameters (cont.)
DDC
Default: tcp
Table 108: Citrix XenDesktop: HTTP Parameters
Default: Enabled
Default: Disabled
PIP Table Opens the Proxy IP pane.
only when the
Connection
selected.)
Table 109: Citrix XenDesktop: SSL Parameters
Default: Enabled
SSL Acceleration
Configuring a DefenseSSL AppShape Instance

Use the DefenseSSL AppShape to configure an Alteon ADC device to work in a network architecture
with DefenseSSL. DefenseSSL mitigates SSL encrypted flood attacks at the network perimeter.
Tip: If you are using DefensePro version 8.x, use the DefenseSSL Quick Setup Operator Toolbox
script. For more information, see Using and Managing Toolbox Scripts, page 221.

Using the Toolbox
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see
DefenseSSL—AppShape-generated Configuration, page 773.
To configure a DefenseSSL AppShape instance on a device

dashboard opens.
4. Select DefenseSSL.
Table 110: DefenseSSL: General Parameters
Table 111: DefenseSSL: DefenseSSL Instance Parameters
template.

Using the Toolbox
Table 112: DefenseSSL: Application Servers Parameters
service.
button.
Table 113: DefenseSSL: SSL Parameters
Default: Enabled
SSL Acceleration
Table 114: DefenseSSL: Static ARP Parameters
Address The IP address for the ARP entry.
MAC Address The MAC address for the ARP entry.
VLAN The VLAN for the ARP entry.
Values: 1–4090
Port The port for the ARP entry.
The range of valid values depends on the device on which you are
deploying the AppShape instance.

Using the Toolbox
Configuring a Microsoft Exchange 2010 AppShape Instance

Use the Microsoft Exchange 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2010.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2010 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.
Note: With Exchange Server 2010, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.
Figure 56: Alteon and Microsoft Exchange 2010 Architecture
External Clients
Ethernet
DMZ
Ethernet
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
10/100 PWR
PWR
FAN
ACT LINK ACT LINK ACT LINK ACT LINK
SYS OK
ACT LINK ACT LINK

13 14 15 16 2 4 6 8 10 12 RST USB MNG 2 CONSOLE
Alteon.active.device
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
192.168.1.1/24
10/100
PWR
PWR
FAN
SYS O K
ACT LINK ACT LINK

13 14 15 16 2 4 6 8 10 12 RST USB MNG 2 CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers Mail Box Servers DAG Exchange SMTP application servers Active Directory
(client access servers) (not part of the AppShape configuration ) (HUB transport) (not part of the AppShape configuration )
192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.35 192.168.1.36 192.168.1.10

Using the Toolbox
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Microsoft
Exchange 2010—AppShape-generated Configuration, page 774.
To configure a Microsoft Exchange 2010 AppShape instance on a device

dashboard opens.
4. Select Microsoft Exchange 2010.
Table 115: Microsoft Exchange 2010: General Parameters
Table 116: Microsoft Exchange 2010: Microsoft Exchange 2010 Instance Parameters
template.

Using the Toolbox
Table 117: Microsoft Exchange 2010: Protocols Parameters
RPC Client Access The static port for the RPC Client Access Service.
Values: 10–65535
Default: 135
RPC Endpoint Mapper The port for the RPC Endpoint Mapper.
Values: 10–65535
Default: 59532
Exchange Address Book The port for the Exchange Address Book.
Values: 10–65535
Default: 59533
POP3 The port for the associated POP3 server.
This parameter is optional.
Values: 10–65535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 110
Secured Specifies whether the POP3 server uses a secured port.
Default: Enabled
IMAP4 (Optional) The port for the associated IMAP4 server.
This parameter is optional.
Values: 10–65535
Default with the Secured checkbox selected: 993
Default with the Secured checkbox cleared: 143
Secured Specifies whether the IMAP4 server uses a secured port.
Default: Enabled
Table 118: Microsoft Exchange 2010: Application Servers Parameters
Exchange CAS Application Servers
service.
button.

Using the Toolbox
Table 118: Microsoft Exchange 2010: Application Servers Parameters (cont.)
Exchange SMTP Application Servers
service.
button.
Table 119: Microsoft Exchange 2010: Load Balancing Settings Parameters
CAS
SLB Metric The SLB metric used to select next server in the group.1
Default: Least Connections
Default: http
SMTP Settings
Default: smtp
1 – If you choose a value other than the default, the AppShape always uses the default
value for any additional, specifically related parameter. For example, if the value of SLB
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits.
Table 120: Microsoft Exchange 2010: HTTP Parameters
Default: Enabled
Default: Enabled
Default: Disabled

Using the Toolbox
Table 120: Microsoft Exchange 2010: HTTP Parameters (cont.)
only when the
Connection
selected.)
Table 121: Microsoft Exchange 2010: SSL Parameters
Default: Enabled
SSL Acceleration
Configuring a Microsoft Exchange 2013 AppShape Instance

Use the Microsoft Exchange 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with MS Exchange 2013.
Microsoft Exchange provides business-class email, calendar and contacts. The Alteon and Microsoft
Exchange 2013 joint solution provides a highly scalable and highly available unified messaging and
communication infrastructure, with fast response time. Using advanced health monitoring of each of
the client access servers (CASs), Alteon can validate the availability and response time of those
resources, as well as deliver seamless load-balancing, redundancy, and persistency features.
Furthermore, Alteon provides service acceleration through compression, caching, and SSL
termination to the Exchange users, offloading critical resources from the client access servers,
enabling smaller CAS arrays, and thus, lower CAPEX and OPEX in the organization.
Note: With Exchange Server 2013, Outlook clients connect using native MAPI to the RPC Client
Access Service (CAS), which runs on Client Access servers. Because the RPC CAS requires the traffic
to be passed to the Client Access servers on a large number of ports, Radware recommends that you
use a firewall to permit only internal networks to access the RPC Client Access virtual server IP
address.

Using the Toolbox
Figure 57: Alteon and Microsoft Exchange 2013 Architecture
External Clients
Ethernet
DMZ
Ethernet
192.168.2.254/24
Firewall
Internal Clients
192.168.1.254/24
Edge Transport Server
Alteon 4416
ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
10/100 PWR
PWR
FAN
SYS OK
ACT LINK ACT LINK

13 14 15 16 2 4 6 8 10 12 RST USB MNG 2 CONSOLE
Alteon.active.device Alteon 4416

ACT 1 LINK 3 5 7 9 11 MNG 1
ACT LINK
1000
192.168.1.1/24
10/100
PWR
PWR
FAN
SYS OK
ACT LINK ACT LINK

13 14 15 16 2 4 6 8 10 12 RST USB MNG 2 CONSOL E
Alteon.backup.device
192.168.1.2/24
Ethernet
Exchange CAS application servers Mail Box Servers DAG Exchange IMAP application servers Exchange POP3 application servers Active Directory
(client access servers) (not part of the AppShape configuration ) (not part of the AppShape configuration )
192.168.1.81 192.168.1.82 192.168.1.33 192.168.1.34 192.168.1.35 192.168.1.36 192.168.1.37 192.168.1.38 192.168.1.10
Notes
Exchange 2013—AppShape-generated Configuration, page 777.
To configure a Microsoft Exchange 2013 AppShape instance on a device

dashboard opens.
4. Select Microsoft Exchange 2013.

Using the Toolbox
Table 122: Microsoft Exchange 2013: General Parameters
Table 123: Microsoft Exchange 2013: Microsoft Exchange 2013 Instance Parameters
template.
Table 124: Microsoft Exchange 2013: Application Servers Parameters
Exchange CAS Application Servers
service.
button.
Exchange IMAP Application Servers
service.
button.

Using the Toolbox
Table 124: Microsoft Exchange 2013: Application Servers Parameters (cont.)
Exchange POP3 Application Servers
service.
button.
Table 125: Microsoft Exchange 2013: Load Balancing Settings Parameters
CAS
Default: http
IMAP Settings
Default: imap
POP3 Settings
Default: pop3
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24
Bits.

Using the Toolbox
Table 126: Microsoft Exchange 2013: HTTP Parameter
Default: Enabled
Table 127: Microsoft Exchange 2013: SSL Parameters
Default: Enabled
SSL Acceleration
Configuring a Microsoft Lync External AppShape Instance

Use the Microsoft Lync External AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync External.
Notes
Link External—AppShape-generated Configuration, page 779.
To configure a Microsoft Lync External AppShape instance on a device

dashboard opens.
4. Select Microsoft Lync External.

Using the Toolbox
Table 128: Microsoft Lync External: General Parameters
Table 129: Microsoft Lync External: Microsoft Lync External Instance Parameters
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f
format, that the configuration device was synchronized
with the AppShape template.
Edge AV HTTPS Virtual Address The text box contains the virtual IP address of the edge
audio-visual service, and the checkbox specifies whether
the service is enabled.
Edge Meeting HTTPS Virtual Address The text box contains the virtual IP address of the edge
Meeting service, and the checkbox specifies whether the
service is enabled.
Edge IM HTTPS Virtual Address The text box contains the virtual IP address of the edge
instant-messaging service, and the checkbox specifies
whether the service is enabled.
Edge SIP HTTPS Virtual Address The text box contains the virtual IP address of the edge
SIP service, and the checkbox specifies whether the
service is enabled.
CWA Virtual Address The text box contains the virtual IP address of the
Communicator Web Access (CWA) server, and the
checkbox specifies whether the service is enabled.
Table 130: Microsoft Lync External: Application Servers Parameters
SIP Servers
service.
button.

Using the Toolbox
Table 130: Microsoft Lync External: Application Servers Parameters (cont.)
IM Servers
service.
button.
CWA Servers
service.
button.
Meeting Servers
service.
button.
AV Servers
service.
button.
Table 131: Microsoft Lync External: Load Balancing Settings Parameters
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync External: Microsoft Lync
External Instance Parameters, page 284 table.
Edge HTTPS SIP (443) Settings
Default: TCP

Using the Toolbox
Table 131: Microsoft Lync External: Load Balancing Settings Parameters (cont.)
Edge IM (443) Settings
Default: TCP
Edge Meeting (443) Settings
Default: TCP
Edge CWA Settings
Default: TCP
Edge AV (443) Settings
Default: TCP
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
Configuring a Microsoft Lync Internal AppShape Instance

Use the Microsoft Lync Internal AppShape to configure an Alteon ADC device to work in a network
architecture with Microsoft Lync Internal.
Notes
Link Internal—AppShape-generated Configuration, page 782.

Using the Toolbox
To configure a Microsoft Lync Internal AppShape instance on a device

dashboard opens.
4. Select Microsoft Lync Internal.
Table 132: Microsoft Lync Internal: General Parameters
Table 133: Microsoft Lync Internal: Microsoft Lync Internal Instance Parameters
Last Validation (Read-only) The last time, in yyyy-MM-dd hh:mm:ss.f format,
that the configuration device was synchronized with the
AppShape template.
Front-End Virtual Address The text box contains the virtual IP address of the front end, and
the checkbox specifies whether the address is used.
Edge Internal Virtual Address The text box contains the virtual IP address of the internal edge,
and the checkbox specifies whether the address is used.
Directors Virtual Address The text box contains the virtual IP address of the directors, and
the checkbox specifies whether the address is used.
CWA Virtual Address The text box contains the virtual IP address of the Communicator
Web Access (CWA) server, and the checkbox specifies whether the
address is used.

Using the Toolbox
Table 134: Microsoft Lync Internal: Application Servers Parameters
Real Servers
service.
button.
Edge Internal Servers
service.
button.
Director Servers
service.
button.
CWA Servers
service.
button.
Table 135: Microsoft Lync Internal: Load Balancing Settings Parameters
Each pair of load-balancing parameters (the SLB Metric and the Health Check) is available only
when the corresponding checkbox is selected in the Microsoft Lync Internal: Microsoft Lync Internal
Instance Parameters, page 287 table.
Front-End Settings
Default: TCP

Using the Toolbox
Table 135: Microsoft Lync Internal: Load Balancing Settings Parameters (cont.)
Edge Settings
Default: TCP
Directors Settings
Default: TCP
Edge CWA Settings
Default: TCP
Metric is Min Misses, the specifically related Minmiss Hash is always the default 24 Bits.
Table 136: Microsoft Lync Internal: CWA HTTP Configuration Parameters
Compression Specifies whether compression is enabled on the Communicator Web
Access (CWA) servers.
Default: Enabled
Domain Name The CWA domain name.
Example: https://cwa.lyncmycompany.com
Note: Internally, APSolute Vision forces the prefix of the domain
name to be https. For example, if you enter
http://cwa.lyncmycompany.com or just
cwa.lyncmycompany.com, APSolute Vision configures the value in
Alteon as
https://cwa.lyncmycompany.com.
Table 137: Microsoft Lync Internal: SSL Parameters
Default: Enabled

Using the Toolbox
Table 137: Microsoft Lync Internal: SSL Parameters (cont.)
SSL Acceleration
Configuring an Oracle E-Business AppShape Instance

Use the Oracle E-Business AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle E-Business.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle E-
Business—AppShape-generated Configuration, page 791.
To configure an Oracle E-Business instance on a device

dashboard opens.
4. Select Oracle E-Business.
Table 138: Oracle E-Business: General Parameters

Using the Toolbox
Table 139: Oracle E-Business: Oracle E-Business Instance Parameters
template.
Table 140: Oracle E-Business: Application Servers Parameters
Oracle E-Business server.
button.
Table 141: Oracle E-Business: Load Balancing Settings Parameters
Table 142: Oracle E-Business: HTTP Parameters
Default: Enabled
Default: Enabled
Table 143: Oracle E-Business: SSL Parameters
Default: Enabled

Using the Toolbox
Table 143: Oracle E-Business: SSL Parameters (cont.)
SSL Acceleration
Configuring an Oracle SOA Suite 11g AppShape Instance

Use the Oracle SOA Suite 11g AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle SOA Suite 11g.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
SOA Suite 11g—AppShape-generated Configuration, page 792.
To configure a Oracle SOA Suite 11g instance on a device

dashboard opens.
4. Select Oracle SOA Suite 11g.
Table 144: Oracle SOA Suite 11g: General Parameters

Using the Toolbox
Table 145: Oracle SOA Suite 11g: Oracle SOA Suite 11g Instance Parameters
template.
Customer VIP The virtual IP address of the customer.
Internal SOA Services VIP The virtual IP address of the internal SOA services.
Management Access VIP The virtual IP address of the management access.
Table 146: Oracle SOA Suite 11g: Application Servers Parameters
Oracle SOA Suite 11g server.
button.
Table 147: Oracle SOA Suite 11g: Load Balancing Settings Parameters
Default: http
Table 148: Oracle SOA Suite 11g: HTTP Parameters
Default: Enabled
Default: Enabled
Default: Enabled

Using the Toolbox
Table 149: Oracle SOA Suite 11g: SSL Parameters
Default: Enabled
SSL Acceleration
Configuring an Oracle WebLogic 12c AppShape Instance

Use the Oracle WebLogic 12c AppShape to configure an Alteon ADC device to work in a network
architecture with Oracle WebLogic 12c.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Oracle
WebLogic 12c—AppShape-generated Configuration, page 794.
To configure a Oracle WebLogic 12c instance on a device

dashboard opens.
4. Select Oracle WebLogic 12c.
Table 150: Oracle WebLogic 12c: General Parameters

Using the Toolbox
Table 151: Oracle WebLogic 12c: Oracle WebLogic 12c Instance Parameters
template.
Table 152: Oracle WebLogic 12c: Application Servers Parameters
Oracle WebLogic 12c server.
button.
Table 153: Oracle WebLogic 12c: Load Balancing Settings Parameters
Table 154: Oracle WebLogic 12c: HTTP Parameters
Default: Enabled
Table 155: Oracle WebLogic 12c: SSL Parameters
Default: Enabled
SSL Acceleration

Using the Toolbox
Configuring a SharePoint 2010 AppShape Instance

Use the SharePoint 2010 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2010.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2010—AppShape-generated Configuration, page 795.
To configure a SharePoint 2010 AppShape instance on a device

dashboard opens.
4. Select SharePoint 2010.
Table 156: SharePoint 2010: General Parameters
Table 157: SharePoint 2010: SharePoint 2010 Instance Parameters
template.

Using the Toolbox
Table 158: SharePoint 2010: Application Servers Parameters
SharePoint 2010 server.
button.
Table 159: SharePoint 2010: Load Balancing Settings Parameters
Default: http
Table 160: SharePoint 2010: HTTP Parameters
Default: Enabled
Default: Enabled
Default: Enabled
Domain Name The domain for of the SharePoint 2010 server.
only when the
Connection
selected.)

Using the Toolbox
Table 161: SharePoint 2010: SSL Parameters
Default: Enabled
SSL Acceleration
Configuring a SharePoint 2013 AppShape Instance

Use the SharePoint 2013 AppShape to configure an Alteon ADC device to work in a network
architecture with SharePoint 2013.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see SharePoint
2013—AppShape-generated Configuration, page 797.
To configure a SharePoint 2013 AppShape instance on a device

dashboard opens.
4. Select SharePoint 2013.
Table 162: SharePoint 2013: General Parameters

Using the Toolbox
Table 163: SharePoint 2013: SharePoint 2013 Instance Parameters
template.
Table 164: SharePoint 2013: Application Servers Parameters
SharePoint 2013 server.
button.
Table 165: SharePoint 2013: Load Balancing Settings Parameters
Table 166: SharePoint 2013: HTTP Parameters
Default: Enabled
Domain Name The domain for of the SharePoint 2013 server.
Table 167: SharePoint 2013: SSL Parameters
Default: Enabled

Using the Toolbox
Table 167: SharePoint 2013: SSL Parameters (cont.)
SSL Acceleration
Configuring an VMware View 5.1 AppShape Instance

Use the VMware View 5.1 AppShape to configure an Alteon ADC device to work in a network
architecture with VMware View 5.1.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see VMware
View 5.1—AppShape-generated Configuration, page 799.
To configure a VMware View 5.1 instance on a device

dashboard opens.
4. Select VMware View 5.1.
Table 168: VMware View 5.1: General Parameters

Using the Toolbox
Table 169: VMware View 5.1: VMware View 5.1 Instance Parameters
template.
Table 170: VMware View 5.1: Application Servers Parameters
VMware View 5.1 server.
button.
Table 171: VMware View 5.1: Load Balancing Settings Parameters
Default: Persistent Hash
Table 172: VMware View 5.1: HTTP Parameters
Default: Enabled
Table 173: VMware View 5.1: SSL Parameters
Default: Enabled
SSL Acceleration

Using the Toolbox
Configuring a Zimbra AppShape Instance

Use the Zimbra AppShape to configure an Alteon ADC device to work in a network architecture with
Zimbra.
Notes
pattern or as the result of a value that you specify in the AppShape Instance tab, see Zimbra—
AppShape-generated Configuration, page 800.
To configure a Zimbra instance on a device

dashboard opens.
4. Select Zimbra.
Table 174: Zimbra: General Parameters
Table 175: Zimbra: Zimbra Instance Parameters
template.

Using the Toolbox
Table 176: Zimbra: Application Servers Parameters
Zimbra server.
button.
Table 177: Zimbra: Load Balancing Settings Parameters
Default: Persistent Hash
Table 178: Zimbra: HTTP Parameters
Default: Enabled
Table 179: Zimbra: SSL Parameters
Default: Enabled
SSL Acceleration

Using the Toolbox

CHAPTER 8 – SCHEDULING
APSOLUTE VISION AND DEVICE
TASKS
The following topics describe how to schedule APSolute Vision and device operations in the APSolute
Vision Scheduler:
• Overview of Scheduling, page 305
• Managing Tasks in the Scheduler, page 306
• Task Parameters, page 308
Overview of Scheduling
You can schedule various operations for the APSolute Vision server and managed devices. Scheduled
operations are called tasks.
The APSolute Vision scheduler tracks when tasks were last performed and when they are due to be
performed next. When you configure a task for multiple devices, the task runs on each device
sequentially. After the task completes on one device, it begins on the next. If the task fails to
complete on a device, the Scheduler will activate the task on the next listed device.
Select the Scheduler item ( ) from the APSolute Vision sidebar menu to display the Scheduler
pane.
Figure 58: Scheduler Item (Selected) in the APSolute Vision Sidebar Menu
When you create a task and specify the time to run it, the time is according to your local OS.
APSolute Vision then stores the time, translated to the timezone of the of the APSolute Vision server,
and then runs it accordingly. That is, once you configure a task, it runs according to the APSolute
Vision time settings, disregarding any changes made to the local OS time settings.
Caution: If the APSolute Vision client timezone differs from the timezone of the APSolute Vision
server or the managed device, take the time offset into consideration.
When you define a task, you can choose whether to enable or disable the task. All configured tasks
are stored in the APSolute Vision database.
You can define the following types of scheduled tasks:
• Back up the APSolute Vision server configuration
• Back up a device configuration
• Back up the APSolute Vision Reporter data
• Reboot a device

Scheduling APSolute Vision and Device Tasks
• Update the Radware security signature file onto a DefensePro device from radware.com or the
proxy server
• Update the fraud signature file onto a DefensePro device from radware.com or the proxy server
• Update the APSolute Vision Attack Description file from radware.com or the proxy server
• Run an Operator Toolbox script
• Retrieve the ERT IP Reputation Feed file for Alteon from the Radware domain, and upload the
feed to selected Alteon devices.
• Retrieve the ERT Active Attackers Feed (EAAF) for DefensePro from the Radware domain, and
upload the feed to selected DefensePro devices.
• Retrieve the Geolocation feed for DefensePro from the Radware domain, and upload the feed to
selected DefensePro devices.
Note: You can perform some of the operations manually, for example, from the APSolute Vision
Settings view System perspective, or from the Operations options
( ).
Managing Tasks in the Scheduler

The Task List table is the starting point for viewing and configuring tasks, which are scheduled
operations. The table displays the information for each configured task. You can sort and filter the
table rows according to your needs. You can also drag the bottom of Task List pane to lengthen the
table.
Figure 59: Sorting Rows in the Task List

Click the far-right side of the title of the column with the
values to sort by. Then, select the option that you require, for
example, Sort Ascending or Sort Descending.
Note: For more information on filtering table rows, see Filtering Table Rows, page 81.
Table 180: Tasks Table Parameters
Task Type The type of task to be performed.
Name The name of the configured task.
Description The user-defined description of the task.
Current Status The current status of the task.
Values: Waiting, In progress
tasks are not activated, but the task is saved in the database.

Table 180: Tasks Table Parameters (cont.)
Last Execution Status Whether the last task run was successful. When the task is disabled or
has not yet started, the status is Never Executed.
Values:
• Failure
• Never Executed
• Success
• Warning
Last Execution Time The date and time of the last task run. When the task is disabled or has
not yet started, this field is empty.
Next Execution Time The date and time of the next task run. When the task is disabled, this
field is empty.
Run The frequency at which the task runs; for example, daily or weekly. The
schedule start date is displayed, if it has been defined.
Values:
• Daily
• Minutes
• Once
• Weekly
To configure a scheduled task
1. Select the Scheduler item ( ) from the APSolute Vision sidebar menu. The Scheduler pane
opens. The Task List table displays information for each scheduled task.
— To add an entry to the table, click the (Add) button. Then, select the type of task, and
click Submit. The dialog box for the selected task type is displayed.
3. Configure task parameters, and click Submit. All task configurations include basic parameters
and scheduling parameters. Other parameters depend on the task type that you select. Some
tasks that APSolute Vision exposes are non-operational/irrelevant for certain products and/or
versions. For more information, see the description of the relevant task parameters in Task
To run an existing task
1. Select the Scheduler item ( ) from the APSolute Vision sidebar menu. The Scheduler pane
opens. The Task List table displays information for each scheduled task.
2. Select the required task, and click the (Run Now) button.

Task Parameters
The following sections describe the parameters for Scheduler tasks:
• APSolute Vision Configuration Backup—Parameters, page 308
• APSolute Vision Reporter Backup—Parameters, page 311
• Update Security Signature Files—Parameters, page 313
• Update Fraud Security Signatures—Parameters, page 314
• Update Attack Description File—Parameters, page 316
• Device Configuration Backup—Parameters, page 317
• Device Reboot Task—Parameters, page 319
• Operator Toolbox Task—Parameters, page 321
• ERT Active Attackers Feed for DefensePro—Parameters, page 323
• ERT IP Reputation Feed for Alteon—Parameters, page 326
• Geolocation Feed—Parameters, page 327
Note: Some tasks that APSolute Vision exposes are non-operational and/or irrelevant for certain
DefensePro versions.
APSolute Vision Configuration Backup—Parameters

The APSolute Vision Configuration Backup task creates a backup of the APSolute Vision configuration
in the storage location and exports the backup to a specified destination.
Each backup includes the following:
• The APSolute Vision system configuration
• The local users
• The managed devices
• The host IP addresses in the database-viewer list
The task does not back up the following:

• The password of the radware user of the APSolute Vision server appliance
• The IP address(es) of the APSolute Vision server
• The DNS address(es) of the APSolute Vision server
• The network routes of the APSolute Vision server
• Attack data
Notes
• The storage location is, by default, a hard-coded location in the APSolute Vision server.
• For information on managing the backups using the CLI, see System Commands, page 662.
• Restoring the configuration is performed using the CLI. For more information, see system
backup config restore, page 669.
• APSolute Vision stores up to five configuration-backup iterations in the storage location. After
the fifth configuration-backup, APSolute Vision deletes the oldest one.

• The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
• The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 181: APSolute Vision Configuration Backup: General Parameters
Name A name for the task.
database.
Current Status (Read-only) The current status of the task.
Values: Waiting, In progress
Table 182: APSolute Vision Configuration Backup: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.
Values:
Default: Enabled
Start Date 5 The date and time at which the task is activated.
Start Time5

Table 182: APSolute Vision Configuration Backup: Schedule Parameters (cont.)
End Time5
Weekly.
Weekly.
Table 183: APSolute Vision Configuration Backup: Destination Parameters
Backup Configuration To The destination of the backup configuration files.
Values:
• APSolute Vision Server
• APSolute Vision and External Location
Protocol1 The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
IP Address1 The IP address of the external location.

Note: By default, the selected Protocol determines the port of the
external location. You can specify a port by adding a colon and the
port number after the IP address—for example,
172.16.254.1:8022 or [2001:db8:0:1234:0:567:8:1]:8022.
Directory1 The path to the export directory with no spaces. Only alphanumeric
characters and underscores (_) are allowed.
Backup File Name1 The name of the backup, up to 64 characters, with no spaces. Only
alphanumeric characters and underscores (_) are allowed.
User1 The username.
Password1 The user password.
Confirm Password1 The user password.
1 – This parameter is available only when Backup Configuration To is APSolute Vision

Server and External Location.

APSolute Vision Reporter Backup—Parameters

The APSolute Vision Reporter Backup task creates a backup of the APSolute Vision Reporter data in
the storage location and exports the date to a specified destination. The backup includes all the
APSolute Vision Reporter data.
Notes
• For information on managing the backups using the CLI, see System Commands, page 662.
• Restoring the data is performed using the CLI. For more information, see system backup config
restore, page 669.
• APSolute Vision stores up to three iterations of the APSolute Vision Reporter data in the storage
location. After the third reporter-backup, the system deletes the oldest one.
• The backup filenames in the storage location are the first five characters of the specified
filename plus a 10-character timestamp. When the task exports the backup file, the filename is
as specified in the task configuration.
• The backup file in the storage location includes the hard-coded description Scheduler-
generated.
Table 184: APSolute Vision Reporter Backup: General Parameters
database.
Table 185: APSolute Vision Reporter Backup: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.

Table 185: APSolute Vision Reporter Backup: Schedule Parameters (cont.)
Values:
Default: Enabled
Start Time5
End Time5
Weekly.
Weekly.
Table 186: APSolute Vision Reporter Backup: Destination Parameters
Backup Configuration To The destination of the backup configuration files.
Values:
• APSolute Vision and External Location
1
Protocol The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
IP Address1 The IP address of the external location.

external location. You can specify a port by adding a colon and the
port number after the IP address—for example,
172.16.254.1:8022 or [2001:db8:0:1234:0:567:8:1]:8022.

Table 186: APSolute Vision Reporter Backup: Destination Parameters (cont.)
User1 The username.
1 – This parameter is available only when Backup Configuration To is APSolute Vision

Server and External Location.
Update Security Signature Files—Parameters

The Update Security Signature Files task updates the Radware security signature files on the
selected DefensePro devices. This action uses the Radware Security Update Service (SUS).
Caution: The Security Update Service (SUS) requires APSolute Vision communication with
services.radware.com. You may configure APSolute Vision communication with
services.radware.com through your own proxy server.
Table 187: Update Security Signature Files: General Parameters
database.
Table 188: Update Security Signature Files: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.

Table 188: Update Security Signature Files: Schedule Parameters (cont.)
Values:
Default: Enabled
Start Time5
End Time5
Weekly.
Weekly.
Table 189: Update Security Signature Files: Target Device List
DefensePro devices). The Available lists display the available devices and available Logical Groups.
The Selected device list displays the devices whose Radware signature files this task updates. The
Selected Logical Group list displays the Logical Groups with the devices whose Radware signature
files this task updates.
Update Fraud Security Signatures—Parameters

The Update Fraud Security Signatures task updates the fraud security signatures on the selected
DefensePro devices.
Caution: This feature is operational only in DefensePro 6.x versions and 7.x versions 7.42.09 and
later.

Note: The frequency range for the Update Fraud Security Signatures task is 10–60 minutes.
The default interval is 60 minutes.
Table 190: Update Fraud Security Signatures: General Parameters
database.
Table 191: Update Fraud Security Signatures: Schedule Parameters
Run (Read-only) The frequency unit at which the task runs.
Value: Minutes
Vision client.
Minutes The frequency, in minutes, at which the task runs.
Values: 10–60
Default: 60
Vision client.
Run Always Specifies whether the task always runs or only during the defined period.
Values:
• Enabled—The task is activated immediately and runs indefinitely,
with no start or end time. It runs at the first Time configured with the
Default: Enabled
Table 192: Update Fraud Security Signatures: Target Device List
Groups. The Selected device list displays the devices whose fraud signature files this task
updates. The Selected Logical Group list displays the Logical Groups with the devices whose fraud
signature files this task updates.
Logical Groups of Devices, page 118. For more information, see Using Logical Groups of Devices,
page 199.

Update Attack Description File—Parameters

The Update Attack Description File task updates the attack description file on the APSolute Vision
server.
Caution: In Radware DefensePro DDoS Mitigation for Cisco Firepower, this feature is non-
operational.
Table 193: Update Attack Description File: General Parameters
database.
Table 194: Update Vision's Attack Description File: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.
Values:
Default: Enabled
Start Time5

Table 194: Update Vision's Attack Description File: Schedule Parameters (cont.)
End Time5
Weekly.
Weekly.
Device Configuration Backup—Parameters

The Device Configuration Backup task saves a configuration backup of the specified devices.
Note: By default, you can save up to five (5) configuration files per device on the APSolute Vision
server. You can change this parameter in the APSolute Vision Setup tab.
Table 195: Device Configuration Backup: General Parameters
database.
Table 196: Device Configuration Backup: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.

Table 196: Device Configuration Backup: Schedule Parameters (cont.)
Values:
Default: Enabled
Start Time5
End Time5
Weekly.
Weekly.
Table 197: Device Configuration Backup: Parameters Parameters
Include Private Keys Specifies whether to include the certificate private key information in the
configuration file in devices that support private keys.
Default: Disabled
Table 198: Device Configuration Backup: Destination Parameters
Backup Configuration The destination of the backup configuration files.
To Values:
• External Location

Table 198: Device Configuration Backup: Destination Parameters
Protocol1 The protocol that APSolute Vision uses for this task.
Values:
• FTP
• SCP
• SFTP
• SSH
IP Address 1 The IP address of the external location.

external location. You can specify a port by adding a colon and the port
number after the IP address—for example, 172.16.254.1:8022 or
[2001:db8:0:1234:0:567:8:1]:8022.
User1 The username.
1 – This parameter is available only when Backup Configuration To is External Location.
Table 199: Device Configuration Backup: Target Device List
The Available lists and the Selected lists of devices and Logical Groups (of devices). The
Available lists display the available devices and available Logical Groups. The Selected device list
displays the devices whose configurations this task backs up. The Selected Logical Group list
displays the Logical Groups with the devices whose configurations this task backs up.
Device Reboot Task—Parameters

The Device Reboot task reboots the specified devices.
Table 200: Device Reboot: General Parameters

Table 200: Device Reboot: General Parameters (cont.)
database.
Table 201: Device Reboot: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.
Values:
Default: Enabled
Start Time5
End Time5
Weekly.
Weekly.

Table 202: Device Reboot: Target Device List
displays the devices that this task reboots. The Selected Logical Group list displays the Logical
Groups with the devices that this task reboots.
Operator Toolbox Task—Parameters

The Operator Toolbox task can run a Toolbox script on selected devices.
Notes
• For more information on Toolbox scripts, see Using and Managing Toolbox Scripts, page 221.
• The scope configured for an APSolute Vision user determines the managed devices that the
Operator Toolbox task displays. (For more information, see Managing APSolute Vision Users,
page 83.)
• APSolute Vision issues a failure message if any task action is not successful. The failure message
includes the result of each action—that is, whether the action succeeded or failed for each
target device.
• The configuration of the Toolbox script determines whether the target device must be locked for
the script to run. If the script requires device locking, when an Operator Toolbox task runs the
script, APSolute Vision tries to lock the device. If the locking action is successful, the script runs,
and then, APSolute Vision unlocks the device. If the locking action fails, the Operator Toolbox
task fails.
• If a device in the Target Device List is deleted from APSolute Vision, APSolute Vision deletes
the device from the Target Device List and continues running the task.
• If all the devices in the Target Device List are deleted from APSolute Vision, APSolute Vision
disables the task.
Table 203: Operator Toolbox: General Parameters
Name The name of the task.
database.

Table 204: Operator Toolbox: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.
Values:
Default: Enabled
Start Time5
End Time5
Weekly.
Weekly.

Table 205: Operator Toolbox: Configuration Template
Selected Script (Read-only) The script that is selected in the table—with the file name.
To select the script, click the script from the Action Title column.
The table contains all the Toolbox scripts that you have permission to run. The table comprises the
following columns: Action Title, File Name, and Category.
Note: When you change a selection, the parameters in the Parameters tab change accordingly.
Table 206: Operator Toolbox: Parameters Parameters
The parameters for the selected script.
Table 207: Operator Toolbox: Target Device List
The Selected device list displays the devices that the Toolbox script runs on. The Selected Logical
Group list displays the Logical Groups that the Toolbox script runs on.
ERT Active Attackers Feed for DefensePro—Parameters

The ERT Active Attackers Feed for DefensePro task does one of the following, depending on the
DefensePro version:
• For DefensePro devices running 8.x versions 8.19 and later, the task updates the database for
the ERT Active Attackers Feed profiles in the selected DefensePro devices.
• For DefensePro devices running 6.x versions, 7.x versions, and 8.x versions earlier than 8.19,
the task updates entries in the Black List module in the selected DefensePro devices with the
ERT Active Attackers Feed.
Using the ERT Active Attackers Feed for DefensePro task requires a valid ERT Active Attackers Feed
subscription. You can view subscription information in the APSolute Vision Device Subscriptions table
(APSolute Vision Settings view System perspective, Device Resources > Device Subscriptions).
For more information on the Device Subscriptions table, see Viewing Device Subscriptions,
page 168.

Caution: The ERT Active Attackers Feed for DefensePro requires APSolute Vision communication
with services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple
Storage Service (Amazon S3). You may configure APSolute Vision communication with
Caution: SSH must be enabled on the selected DefensePro devices for the ERT Active Attackers
Feed for DefensePro task to run. (You can enable SSH on DefensePro in the Configuration
perspective, under Setup > Device Security > Access Protocols> SSH Parameters > Enable
SSH.)
Caution: The task updates each selected DefensePro device sequentially, and if the task fails on
one device, the task-run does not continue. For example, suppose the task is configured with three
selected DefensePro devices, A, B, and C. The task succeeds on device A. The task fails on device B,
and stops. The task does not try to update device C.
Notes
• DefensePro devices running 7.x versions 7.42.12 and later, and 8.x versions 8.17–8.18 parse
only the first IP addresses from the feed—according to the current available capacity on the
device. The current available capacity is the platform capacity minus the number of manual
Black List entries.
• The ERT Active Attackers Feed node of the Security Control Center shows information about
DefensePro devices that were updated with the ERT Active Attackers Feed in the last run of the
ERT Active Attackers Feed for DefensePro scheduled task. To open the Security Control Center,
in the APSolute Vision sidebar menu, click , and then select Security Control Center >
ERT Active Attackers Feed. For more information, see ERT Active Attackers Feed Information
in the Security Control Center, page 569.
Caution: ] On DefensePro devices running 6.x versions, 7.x versions earlier than 7.42.12, and 8.x
versions earlier than 8.17, the task fails if there is not enough space in the Black List module for the
IP address in the feed. DefensePro devices running 7.x versions 7.42.12 and later, and 8.x versions
8.17–8.18
Caution: For DefensePro devices running 6.x versions, 7.x versions, or 8.x versions earlier than
8.19, if the device on which the task is running is near maximum capacity (for example, more than
90% capacity for Black List rules) and an Update Policies action is initiated, the task does not
complete the update.
Table 208: ERT Active Attackers Feed for DefensePro: General Parameters

Table 208: ERT Active Attackers Feed for DefensePro: General Parameters (cont.)
database.
Table 209: ERT Active Attackers Feed for DefensePro: Schedule Parameters
parameters.
Values:
• 1 Hour
• 3 Hours
• 6 Hours
• 12 Hours
• Daily
Default: 3 Hours
Vision client.
Run Always Specifies whether the task always runs or only during the defined period.
Values:
with no start or end time, at the frequency specified in Run box.
• Disabled—The task runs (at the frequency specified in the Run box
tab) from the specified Start Date at the Start Time until the End
Date at the End Time.
Default: Enabled
Start Time1
End Time1

Table 210: ERT Active Attackers Feed for DefensePro: Target Device List
Allow Device Updates During Attacks Specifies whether the task tries to update a device also
when the device is mitigating an attack.
Default: Disabled
Caution: Updating a device with the ERT Active
Attackers Feed includes running the Update Policies
action. Therefore, updating a device with the ERT Active
Attackers Feed when DefensePro is handling an attack
may cause attack leakage.
Groups. The Selected device list displays the devices whose Black List rules this task updates. The
Selected Logical Group list displays the Logical Groups with the devices whose Black List rule files
this task updates.
ERT IP Reputation Feed for Alteon—Parameters

The ERT IP Reputation Feed for Alteon task makes the ERT IP Reputation Feed service to be
available for the Alteon devices that the APSolute Vision manages.
Caution: Port 443 must be open on the APSolute Vision server and Alteon devices for this task to
run successfully.
Caution: The ERT IP Reputation Feed for Alteon requires APSolute Vision communication with
services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple Storage
Service (Amazon S3). You may configure APSolute Vision communication with services.radware.com
through your own proxy server.
Table 211: ERT IP Reputation Feed for Alteon: General Parameters
Enabled When selected, the task runs every five minutes after the first request by
an Alteon for the ERT IP Reputation Feed. Disabled tasks are not
activated, but the task configuration is saved in the database.

Geolocation Feed—Parameters
The Geolocation Feed task retrieves the Geolocation feed from the Radware domain, and uploads
the feed to selected DefensePro devices.
Note: DefenseFlow can use an associated DefensePro device for the Geolocation feed.
Using the Geolocation Feed task requires a valid subscription to the Location-Based Mitigation
(GeoIP) service.
Caution: The Location-Based Mitigation (GeoIP) service requires APSolute Vision communication
with services.radware.com and also with radwareti.s3.amazonaws.com—that is Amazon Simple
Storage Service (Amazon S3). You may configure APSolute Vision communication with
Caution: SSH must be enabled on the selected DefensePro devices for the Geolocation Feed task to
run. (You can enable SSH on DefensePro in the Configuration perspective, under Setup > Device
Security > Access Protocols> SSH Parameters > Enable SSH.)
Caution: The task updates the entries in the Geolocation module in each selected DefensePro
device sequentially, and if the task fails on one device, the task-run does not continue. For example,
suppose the task is configured with three selected DefensePro devices, A, B, and C. The task
succeeds on device A. The task fails on device B, and stops. The task does not try to update
device C.
Table 212: Geolocation Feed: General Parameters
database.
Table 213: Geolocation Feed: Schedule Parameters
parameters.
Values:
the specified time.
Vision client.

Table 213: Geolocation Feed: Schedule Parameters (cont.)
Values:
with no start or end time. It runs at the first Time configured with the
Default: Enabled
Start Time3
End Time3
1 – This parameter is available only when the specified Run value is Daily or Weekly.
2 – This parameter is available only when the specified Run value is Daily or Weekly.
Table 214: Geolocation Feed: Target Device List
Allow Device Updates During Attacks Specifies whether the task tries to update a device also
when the device is mitigating an attack.
Default: Disabled
Groups. The Selected device list displays the devices whose Geolocation profiles this task updates.
The Selected Logical Group list displays the Logical Groups with the devices whose Geolocation
profiles this task updates.

CHAPTER 9 – MANAGING AUDITING
AND ALERTS
APSolute Vision logs all alerts and actions for APSolute Vision and, optionally, for the managed
devices. You can view auditing information and other alerts in the Alerts Table pane.
The following topics describe APSolute Vision auditing and the Alerts Table pane:
• APSolute Vision Auditing, page 329
• Enabling Configuration Auditing for Managed Devices, page 330
• Managing Alerts, page 330
Note: APSolute Vision server alerts are added to the Alerts Table, and added to the audit table and
forwarded to syslog, with one exception. The exception is that when the APSolute Vision process on
the underlying operating system is down, alerts triggered by the operating system are sent to the
Alerts Table only.
APSolute Vision Auditing

APSolute Vision auditing meets compliance requirements by automatically logging the following:
• All APSolute Vision alerts and user actions
• All configuration changes made to managed devices via APSolute Vision
This meets Sarbanes-Oxley requirements to audit any configuration change that might affect the
network. In APSolute Vision, you can also configure the managed devices to log all configuration
changes on the device.
The Auditing log is stored in the APSolute Vision database. All audit logs are sent to the Alerts Table,
and can be displayed in the Alerts Table pane depending on the alerts filter configuration. APSolute
Vision allows read-only access to the Auditing log. You can extract the data and store it remotely, as
you require. The Auditing log can hold a maximum two million entries. APSolute Vision ages the
oldest entries after the maximum number of entries is reached and also ages entries that are older
than six months.
The following information is logged to the audit log:
• All user management events and user activities—for example, access attempts, successful
login, password change by user, password reset by admin, and so on.
• Actions performed on the device—for example, uploading or downloading a file to a device,
device reboot and shutdown, log file retrieval, and so on.
• APSolute Vision activities, including:
— APSolute Vision upgrade
— User management events (for example, creating or deleting a user, activating or
deactivating a user, and so on)
• Device changes through CLI or WBM (if device auditing is enabled).
• Alarms received from the device (if device auditing is enabled).
• Device configuration activities (if device auditing is enabled). The audit log records all
configuration changes applied to the managed devices.
• Device addition and deletion.

Managing Auditing and Alerts
To manage APSolute Vision auditing

1. Enable or disable configuration auditing for devices. For more information, see Enabling
Configuration Auditing for Managed Devices, page 330.
2. Enable and configure syslog and e-mail settings for sending audit information from the Alerts
Table pane. For more information, see Configuring Settings for the Alerts Table Pane, page 121.
Enabling Configuration Auditing for Managed Devices

When configuration auditing for devices is enabled on the APSolute Vision server and on the device,
any configuration change on a device using APSolute Vision creates two records in the Audit
database, one from the APSolute Vision server, and one from the device audit message.
Note: To prevent overloading the managed device and prevent degraded performance, the feature
is disabled by default.
To enable configuration auditing for a managed device

1. In the Configuration perspective, select Setup > Advanced Parameters > Configuration
Audit.
2. Select the Enable Configuration Auditing checkbox, and click Submit.
Managing Alerts
The Alerts Table pane stores and displays alerts.
The alerts are based on events that are received from:
• SNMP traps sent by the Radware devices that the APSolute Vision server is managing.
• Auditing messages from all APSolute Vision modules.
• APSolute Vision server events.
• Configuration auditing messages for managed devices, if enabled on the device.
All alert information is stored in the APSolute Vision database in a table separate from the audit
information. Alert information can be sent to a central audit repository via syslog, and to a
configured recipient via e-mail.
Figure 60: Alert Displayed on the APSolute Vision Main Screen
Events Handled in the Alerts Table Pane

The following types of events are handled in the Alerts Table pane:
• SNMP Traps, page 331
• Auditing Messages, page 331

• APSolute Vision Server Events, page 331

• Alerts for New Security Attacks, page 331
SNMP Traps
The Alerts Table handles all traps generated by APSolute Vision and the managed devices, including:
• Generic traps, such as, Cold Start, Link Down, Link Up, Authentication Failure, and so on.
• Radware traps common to all Radware devices.
• Device-specific Radware traps.
Auditing Messages
APSolute Vision forwards all logged audit events from all APSolute Vision modules and managed
devices to the Alerts Table pane, including:
• Successful and failed login attempts
• Backup and restore operations
• Configuration changes to APSolute Vision and the managed devices
• Monitoring and control changes
• Successful and failed task scheduling changes
• User management configuration changes
APSolute Vision Server Events

APSolute Vision server events include events from:
• Server and database monitoring processes
• The APSolute Vision appliance
• The watchdog process, which monitors APSolute Vision server processes
Alerts for New Security Attacks

APSolute Vision triggers an alert when a new attack is displayed in the Current Attacks table (which
is part of the Security Monitoring perspective).
The value in the Module column in the Alerts Table pane is Security Reporting.
Each DefensePro device triggers separate security alerts.
The security alerts are either for a single security event (that is, a single attack event) or aggregated
from multiple security events. The format is similar for alerts for single attacks and multiple attacks.
Table 215: Information in Security Alerts
String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack
Information
An attack of type: <attack category>1 started. <quantity of attacks> attacks of type: <attack
category>1 started between <start time of first
attack> and <start time of last attack>.2
Detected by policy: <policy>; Detected by policy: <policy>;3
Attack name: <attack name>; Attack name: <attack name>;3
Source IP: <attacker IP address>; Source IP: <attacker IP address>;4
Destination IP: <attacked IP address>; Destination IP: <attacked IP address>;4
Destination port: <attacked port>; Destination port: <attacked port>;4

Table 215: Information in Security Alerts (cont.)
String in a Security Alert for a Single Attack String in a Security Alert Aggregated Attack
Information
Action: <action>5 . Action: <action>.4
1 – Attack categories: ACL, Anti-Scanning, Behavioral DoS, DoS, HTTP Flood, Intrusions,
Server Cracking, SYN Flood, Anomalies, Stateful ACL, DNS, BWM
2 – Times are in the format dd.MM.yy hh:mm.
3 – When there are differences in the field values for the attacks, the values are comma-
separated.
4 – When there are differences in the field values for the attacks, the value is multiple.
5 – Action values: forward, proxy, drop, source-reset, dest-reset, source-dest-reset, bypass,
challenge, quarantine, drop-and-quarantine
Alert Information
All alert information is stored in the APSolute Vision database.
Double-click on an alert in the Alerts Table pane to open the Alert Details dialog box, which displays
all the information with the expanded alert message.
The following table describes the fields of the APSolute Vision alerts.
Table 216: APSolute Vision Alert Fields
Alert Information Description Displayed in

Alerts Table
Pane?
Ack A check box indicating whether the alert has been Yes, by default
acknowledged. Alerts of Info severity are acknowledged
automatically when raised. Alerts of severity higher than
Info require user acknowledgment. Acknowledging an
alert indicates that it has been seen by the user and
remains in the Alerts Table pane display. You can select
or clear the check box to acknowledge or un-
acknowledge alerts.
Severity The APSolute Vision severity of the event: Critical, Major, Yes, by default
Minor, Warning, Info. SNMP trap severities are mapped
as shown in SNMP Trap Severity Mapped to APSolute
Vision Severity, page 333 and APSolute Vision Alerts
Mapped to Syslog Severity, page 334.
Date and Time The date and GMT time at which the event occurred. Yes, by default
In the Alert Details dialog box, this value is displayed
with the label Raised Time.
Device Name The values differ according to the alert type, as follows: Yes, by default
• SNMP traps—The value is the name of the device
that generated them.
• APSolute Vision auditing events, which have device
context (configuration, monitoring). The value is the
name of the device to which the event relates.
When the alert is generated by the APSolute Vision
server, no device name is displayed.

Table 216: APSolute Vision Alert Fields (cont.)
Alert Information Description Displayed in

Alerts Table
Pane?
Device IP address The IP address of the device to which the message Yes, by default
relates. No value is provided for alerts generated by
APSolute Vision.
Message The description of the event. Yes, by default
Module The source module of the event. Yes, by default
Values:
• Vision Configuration—APSolute Vision configuration
auditing messages
• Vision General—Includes general APSolute Vision
auditing messages and APSolute Vision server events
• Vision Control—APSolute Vision Monitoring auditing
messages
• Device General—For all other device alerts
• Device Security—For network security alerts
• Security Reporting—For security alerts
User Name For APSolute Vision auditing, the name of the user whose Yes, if
action was audited. If no user is associated with the configured
action, the user APSolute_Vision is displayed.
Device Type The type of device that generated the alert: Yes, by default
• The APSolute Vision server—for auditing, appliance,
server and database monitoring, and watchdog alerts
• Any AppDirector device
• Any Alteon device
• Any AppWall device
• Any DefensePro device
• Any LinkProof NG device
Trap SID The trap SID for SNMP traps. There is no value for events Yes, if
that are not SNMP traps. configured
Port The port number included in the alert information, if it Yes, by default
exists (for example, when a port link goes up or down).
The Raised Time, Device Name, and Message uniquely identify an alert, and are together considered
the Alert key.
Table 217: SNMP Trap Severity Mapped to APSolute Vision Severity
Trap Severity APSolute Vision Severity Severity Description

Fatal Critical Indicates a severe problem, which prevents
or disrupts normal use of the object.

Table 217: SNMP Trap Severity Mapped to APSolute Vision Severity (cont.)
Trap Severity APSolute Vision Severity Severity Description

Error Major Indicates a problem of relatively high
(APSolute Vision uses severity, which is likely to prevent normal use
predefined criteria to of the object.
assign Major or Minor Minor Indicates a problem of relatively low severity,
severity.) which should not prevent normal use of the
object.
Warning Warning While the managed object is functioning as it
is intended to function, conditions exist that
could potentially cause a problem.
Info Information Information only. There are no problems and
the object is functioning normally.
Table 218: APSolute Vision Alerts Mapped to Syslog Severity
Severity in APSolute Vision Alerts Table Pane Level in Syslog

1 - CRITICAL 3 - CRITICAL
2 - MAJOR 4 - ERROR
3 - MINOR 5 - WARNING
4 - WARNING 6 - NOTICE
5 - INFO 7 - INFORMATIONAL
Displaying Alert Information

APSolute Vision displays alert information in the Alerts Table pane. The Alerts Table table displays
APSolute Vision alerts, device alerts, DefensePro security alerts, and device-configuration messages.
Figure 61: Alerts icon/button
Alerts icon/button.
Click to open the Alerts
Table pane.
For more information about the information displayed, see Alert Information, page 332.
By default, alert information is displayed for one hour after the alert is raised. The information is
then cleared from the display, but remains in the Alerts database. You can change the default in the
Filtering dialog box. For more information, see Filtering Alerts, page 336.
Caution: The Alerts Table pane can display up to 10,000 entries. Refine your filter settings to get
better results.
To view the Alerts Table pane
> Click the (alert bell) button.

For more information about Alerts Table pane navigation features, see APSolute Vision Interface
Navigation, page 54.
The information in the alert table is refreshed according to your configured preferences.
In the Alerts Table pane, you can:
• Show and hide columns.
• Acknowledge and unacknowledge displayed alerts. Alerts of severity higher than Info require
user acknowledgment to indicate that they have been seen by the user. The alert remains in the
Alerts pane display.
• Filter the alerts in the alert table to display a subset of alerts. For more information, see Filtering
Alerts, page 336.
• Clear individual alerts from the alert table display.
• Clear all the alerts in APSolute Vision database that match the current filter, whether or not the
alerts are visible in the Alerts pane.
• Turn off automatic refresh of alert information.
To view details of an alert

> Double-click the alert row that you want to view. The alert details are displayed in the Alert
Details dialog box.
For more information about the information displayed, see Alert Information, page 332.
To clear all the alerts in APSolute Vision database that match the current filter, whether
or not the alerts are visible in the Alerts pane
> Click the (Clear All Alerts) button.
To acknowledge alerts
— To acknowledge one or more alerts, select the alert row in the table, and click the
(Acknowledge Selected Alerts) button.
— To acknowledge all alerts in the alert table, click the (Acknowledge All Alerts) button.
To unacknowledge alerts
> Select the alert rows in the table and select click the (Unacknowledge Selected Alerts)
button.

To clear alerts from the display
> To clear alerts, select the alert rows in the table and select the (Clear Selected Alerts)
button.
Notes
• Cleared alerts remain in the database, but cannot be viewed.
• Clearing an unacknowledged alert automatically acknowledges the alert.
Automatic refresh is indicated by the selected (Pause) button.
To pause automatic refresh of alert information
> Click the (Pause) button.
To resume automatic refresh of alert information
> Click the (Resume) button. Radware recommends pausing automatic refresh while you are
analyzing alert information—to prevent alerts disappearing from the display.
To close the Alert Table pane

> At the bottom of the Alerts Table pane, click Minimize.
Filtering Alerts
You can display a subset of the currently displayed alerts by filtering the alerts according to various
alert information criteria.
The criteria are organized according to categories, for example, alert severity, device module, and so
on. Criteria from the same category are combined with a logical OR. Criteria from different
categories are combined with a logical AND.
The default filter settings include all criteria in all categories, meaning, by default, all alerts raised in
the last hour are displayed.
Use the filtering criteria to define how long an alert is displayed in the Alerts Browser.
Note: Regardless of the filter defined, the configured number of most recent critical alerts are
always displayed at the top of the table on a colored background. This means that critical alerts that
match the filter criteria are displayed twice.

To filter alerts in the alert table
1. Click the (alert bell) button to display the Alerts Table.
2. Click the (Alert Filter) button.

3. Configure the filtering criteria, and click Submit. The table is updated at the next automatic
refresh.
Note: To restore the default filtering criteria, click Restore Defaults, then click Submit.
For more information about the filtering criteria, see Alert Information, page 332.
Table 219: Filtering Criteria Parameters
displays the devices whose alerts the Alerts Browser displays. The Selected Logical Group list
displays the Logical Groups with the devices whose alerts the Alerts Browser displays.
Note: When a Logical Group is selected, the devices whose alerts the Alerts Browser displays
dynamically updates, according to the devices in the Logical Group. That is, when the device-set
of a Logical Group changes, the set of devices whose alerts the Alerts Browser displays changes
accordingly. For more information, see Using Logical Groups of Devices, page 199.
Select All Devices Specifies whether matching alerts for all devices are displayed.
Default: Enabled
Raised Time The time period that includes the alerts’ raised-time that the Alerts
Browser displays. For example, if you define 1 hour, alerts raised in
the last hour are displayed. After the defined time, alerts are cleared
from the display (not from the Alerts database).
Values: 1 minute–24 hours
Default: 1 hour
Severity The severities that the Alerts Browser displays.
Module The modules that the Alerts Browser displays.
Device Type The device types that the Alerts Browser displays.
Acknowledgment Specifies whether the Alerts Browser displays acknowledged alerts,
unacknowledged alerts, or both.

Configuring Preferences for the Alerts Pane

You can configure the following preferences for the Alerts pane:
• Client preferences—Define how many critical alerts to display and how often the client polls
the server for alert information. For more information, see Configuring Settings for the Alerts
Table Pane, page 121.
• Server preferences—Define how the APSolute Vision server handles alerts. You can enable
and configure reporting and logging events from the Alerts pane to a syslog server. You can
configure sending alert information via e-mail to a defined recipient. For more information, see
Configuring Settings for the Alerts Table Pane, page 121.

CHAPTER 10 – MONITORING ALTEON
WITH THE DASHBOARD AND SERVICE
STATUS VIEW
This chapter describes the monitoring Alteon using the Dashboard and Service Status View.
This feature is available only in Alteon version 30.0 and later.
Note: For information on monitoring Alteon device performance using the Device Performance
Monitor, see Using the Device Performance Monitor, page 445.
This chapter contains the following main topics:
• Monitoring Alteon with the Dashboard, page 339
• Monitoring Alteon with the Application Delivery View, page 346
• Monitoring Alteon with the Service Status View, page 347
Monitoring Alteon with the Dashboard

Every 15 seconds, Alteon polls the following information for the dashboard:
• CPU utilization
• System usage
• License capacity utilization
• License capacity
• Temperature and fans (physical platforms only)
The top row of the dashboard includes the following:

• The device IP address or device name if configured
• The current date and time on the client
• The role of the user who opened the dashboard
• The name of the user who opened the dashboard
• Log Out to log out of the session
The parameters that the dashboard displays depend on the Alteon form factor (standalone, VA,
vADC, or ADC-VX).

Monitoring Alteon with the Dashboard and Service Status View
Dashboard Features and Usage

The following dashboard features and usage are common to all form factors:
• The dashboard opens in a new browser tab. Each click on the Dashboard opens a new browser
tab, which does not affect the display of any other opened browser tabs.
• To change the display in the frame from a chart/graph to a table and from a table to a chart/
graph, click the icon in the upper right of any frame.
• To change the sorting from ascending to descending and descending to ascending, click in a
table heading.
• When the dashboard is visible, it displays runtime information.
• To pause or resume the display, click the icon in the upper right of any frame. When you pause
the display, the timestamp is displayed. The timestamp is according to the timezone of the
client.
• To pause or resume the display of all the displays in the current dashboard, click the Pause
button or Resume button the top of the dashboard.
In a some charts, hovering over a point opens a box with details of the specific point.
To view the dashboard

> In the Configuration perspective or Monitoring perspective, select Overview > Dashboard.

System View Dashboard of the Alteon Standalone and Alteon VA

Platforms
The following table describes the frames in the System View dashboard for the Alteon standalone
and VA platforms.
Table 220: System View Dashboard for Alteon Standalone and VA
Component Description
CPU Utilization The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
The table view displays the current MP CPU utilization (%) on the
platform and the CPU utilization (%) for each SP.
Temperature and Fans This frame contains two sections: the temperature and status of
(The dashboard displays this the critical fans.
frame only for physical The chart view for temperature displays the following:
standalone platforms.) • A thermometer, per sensor, with a color indicator for
temperature status: green—for nominal, and red—for not
operating/not operating properly.
• A table with the sensor number and the temperature status
(for example: Normal).
The table view for temperature displays a table with the following
columns:
• Sensor ID.
• State—For example, Normal.
• Temperature—In Celsius and Fahrenheit.
The chart view for fans displays the following:
• A fan with a color indicator for the current temperature status:
green—for nominal, and red—for not operating/not operating
properly.
• A table with the number of fans and the current operational
status (for example: Up).
The table view for fans displays a table with the following columns:
• Fan ID—Only the critical fans.
• State—For example, Up.
System Usage The chart view contains bar graphs—Session Table, Hard Disk
(displayed only for physical standalone platforms), and Caching—
showing the current utilization value (percentage). The Y-axis
displays the current utilization percentage.
The table view displays a table with the following columns:
• Name—Hard Disk (displayed only for physical standalone
platforms), Capacity Units, and ADC Allocation.
• Utilization—The current utilization value (percentage).
• Current—The current utilization absolute value—for example,
in KB.
• Maximum—The maximum available absolute value—for
example, in KB.

Table 220: System View Dashboard for Alteon Standalone and VA (cont.)
License Capacity Utilization The chart view contains bar graphs—one bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
• Name—The name of the license type and the units (for
example, Mbps).
• License—The license capacity.
• Current—The current utilization absolute value.
• Peak—The peak utilization absolute value.
License Capacity The chart view for this frame contains two tabs:
• Throughput—A solid line for the Alteon, displaying the
throughput usage (Mbps) over time. A dotted line indicates the
maximum throughput that the license allows. The scale of the
Y-axis is logarithmic.
• SSL—A line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
System View Dashboard of the vADC Platform

The following table describes the frames in the System View dashboard for the vADC platform.
Table 221: System View Dashboard for vADC
CPU Utilization The chart view displays a line graph showing the average SP CPU
utilization (%) and MP CPU utilization (%) on the platform over
time. The X-axis displays the time (hh:mm:ss). The Y-axis displays
the utilization percentage.
platform and the CPU utilization (%) for each SP.
System Usage The chart view contains bar graphs—Session Table, Hard Disk
(relating to the physical ADC-VX), and Caching—showing the
current utilization value (percentage). The Y-axis displays the
current utilization percentage.
• Name—Hard Disk (relating to the physical ADC-VX), Capacity
Units, and ADC Allocation.
• Current—The current utilization absolute value—for example,
in KB.
• Maximum—The maximum available absolute value—for
example, in KB.

Table 221: System View Dashboard for vADC (cont.)
License Capacity Utilization The chart view contains bar graphs—one bar for each license type
showing the current utilization value (percentage) of each capacity
license. The Y-axis displays the current utilization percentage.
• Name—The name of the license type and the units (for
example, Mbps).
• License—The license capacity.
• Current—The current utilization absolute value.
• Peak—The peak utilization absolute value.
License Capacity The chart view for this frame contains two tabs:
• Throughput—A solid colored line for the Alteon, displaying the
throughput usage (Mbps) over time. A solid gray line for the
Alteon, displaying the latest peak throughput usage (Mbps)
over time. A dotted line indicates the maximum throughput
that the license allows. The scale of the Y-axis is logarithmic.
• SSL—A line for each selected vADC displaying the SSL usage
(CPS) over time. A dotted line indicates the maximum
throughput that the license allows.
To reset the peak values for the chart, click Reset All Peak
Values.
System View Dashboard for the ADC-VX Platform

The following table describes the frames in the System View dashboard for the ADC-VX platform.
Table 222: System View Dashboard for Dashboard for ADC-VX
CPU Utilization The chart view displays a line graph showing the MP CPU utilization
(%) on the platform over time. The X-axis displays the time
(hh:mm:ss). The Y-axis displays the utilization percentage.
platform.

Table 222: System View Dashboard for Dashboard for ADC-VX (cont.)
Temperature and Fans This frame contains two sections: the temperature and status of
the critical fans.
The chart view for temperature displays the following:
• A thermometer, per sensor, with a color indicator for
temperature status: green—for nominal, and red—for not
operating/not operating properly.
• A table with the sensor number and the temperature status
(for example: Normal).
The table view for temperature displays a table with the following
columns:
• Sensor ID.
• State—For example, Normal.
• Temperature—In Celsius and Fahrenheit.
The chart view for fans displays the following:
• A fan with a color indicator for the current temperature status:
green—for nominal, and red—for not operating/not operating
properly.
• A table with the number of fans and the current operational
status (for example: Up).
The table view for fans displays a table with the following columns:
• Fan ID—Only the critical fans.
• State—For example, Up.
System Usage The chart view contains three bar graphs—Hard Disk, Capacity
Units, and ADC Allocation—showing the current utilization value
(percentage). The Y-axis displays the current utilization
percentage.
• Name—Hard Disk, Capacity Units, and ADC Allocation.
• Current—The current utilization absolute value (for Hard disk,
in gigabytes, for Capacity Units and ADC Allocation, the
number).
• Maximum—The maximum available absolute value (for Hard
disk, in gigabytes, for Capacity Units and ADC Allocation, the
number).

vADCs View Dashboard for ADC-VX

You can select up to five vADCs to monitor.
The following table describes the frames in the vADCs View dashboard for the ADC-VX platform.
Table 223: vADCs View Dashboard for ADC-VX
vADC Summary and Selection This frame contains two sections: vADC Utilization Summary and
vADC Selection.
There is no table view for this frame.
vADC Utilization Summary shows a status indicator (High, Medium,
Low) for SP CPU Utilization and Throughput Utilization.
Use the vADC Selection table to select the vADC to monitor in the
dashboard (up to five). The table contains the following columns:
ID, Name, and CU (which displays the number of allocated CUs).
CPU Utilization The chart view displays two bar graphs for each selected vADC.
One bar shows the current MP CPU utilization (%). One bar shows
the current SP CPU utilization (%). The Y-axis displays the
utilization percentage. If more than one vADC is operating at the
same utilization, only the top line is displayed.
• vADC—The vADC ID.
• Name—The vADC name, if configured.
• MP utilization (%).
• SP CPU (%).
License Capacity Utilization The chart view for this frame contains two tabs:
• Throughput—A line for each selected vADC displaying the
throughput utilization percentage over time. If more than one
vADC is operating at the same utilization, only the top line is
displayed.
• SSL—A line for each selected vADC displaying the SSL
utilization percentage over time. If more than one vADC is
operating at the same utilization, only the top line is displayed.
• vADC—The vADC ID.
• Name—The vADC name, if configured.
• Throughput (%).
• SSL (%).

Monitoring Alteon with the Application Delivery View

The Application Delivery View is available for Alteon standalone and vADC.
The following table describes the frames in the Application Delivery View dashboard for the Alteon
standalone and vADC platforms.
Table 224: Application Delivery View Dashboard for Alteon Standalone and vADC
Virtual Service Selection The table view displays a table with the following columns:
• Status—The operational status of the virtual service.
• Virtual Server—The identifier of the virtual server for the
virtual service.
• Application—Values: http, ftp, dns
• Port—The virtual service port.
• Protocol—The virtual service protocol. Values: tcp, udp
Virtual Service Performance The chart view displays the following for each entry selected in the
Virtual Service Selection frame:
• Throughput (Mbps)
• Connections per Second
• Concurrent Connections
The chart contains tool tips displaying a timestamp, a colored
virtual service identifier, and virtual service performance statistics.
• Virtual Server
• Port
• Connections per Second
• Concurrent Connections
Note: You must globally enable virtual service statistics reporting to display information in the
Application Delivery View.
To configure virtual service statistics settings

1. Select Configuration > Application Delivery > Virtual Services > Settings.
2. Select the Statistics tab.
3. In the Statistics Measuring Period field, type a value in seconds in the range 1–3600.
4. Set the Per Service Statistics option to Enable.
5. Click Submit.

Monitoring Alteon with the Service Status View

The Service Status View is available for Alteon standalone, VA, and vADC.
The Service Status View, which refreshes every 15 seconds, can display configuration information
and status information on all the virtual services and the following associated Alteon objects:
• Content rules
• Server groups
• Real servers
Note: For information on the statuses, see Status Criteria, page 349 below.
To view the Service Status View

> In the Configuration perspective or Monitoring perspective, select Overview > Service Status
View.
The Service Status View comprises two frames: Status Summary and Detailed Status.
The Status Summary shows a summary of the following:
— Virtual services—The total number of virtual services configured on the platform and a pie
chart that shows the percentage of each status.
For Alteon version 29.5—Up, Warning, Down, and Admin Down.
For Alteon version 30.0 and later—Up, Warning, Down, Admin Down, and Shutdown.
— Server groups—The total number of server groups configured on the platform and a pie
chart that shows the percentage of each status (Up, Warning, Down, Admin Down, and
Mixed). Mixed indicates that the group is associated with multiple virtual services, and the
statuses are not the same.
— Real servers—The total number of real servers configured on the platform and a pie chart
that shows the percentage of each status (Up, Warning, Down, Admin Down, and Mixed).
Mixed indicates that the real server is associated with multiple server groups, and the
statuses are not the same.
Tip: Click a segment in pie chart to apply a filter to the corresponding objects in the Detailed Status
frame.
The Detailed Status frame comprises:

• Detailed Status tree—A tree with all the virtual services on the devices
• Detailed Status filter—A filter with which you can filter the services
The status of each node in the tree is identified with an icon—

By default, all the parent nodes in the tree—the Virtual Service nodes—are collapsed.
Each Virtual Service node is in the following format:
Virtual Service ID: <ID>, (<Port> <TCP|UDP>), Action: < Action>
where:
• <ID> is the specified ID of the virtual service.
• <Port> is the specified port number of the virtual service.
• <TCP|UDP> is the relevant protocol of the virtual service.
• < Action> is either the specified Action when the Application is HTTP or HTTPS (Group,
Redirect, or Discard) or Group for all other Application values.
Example
Virtual Service ID: MyDNSVirt, (53 TCP), Action: Group
Expanding a Virtual Service node displays the following:
• AppShape++ Script(s) Associated —The Service Status View displays this node only if the
virtual service is configured with one or more AppShape++ scripts.
• Content Rules —This node is displayed only if the virtual service is configured with one or
more content rules. The Service Status View displays content rules numerically, each in the
following format:
<Rule ID>, Action: <Action>, Group: <Group name>
• Group ID: <ID> —The ID of the server group, and includes the following node(s) sorted
alphanumerically, each in the following format:
<Real server ID>: <IP address>
Note: Backup real servers and backup groups appear in the tree only when they are active.
Detailed Status Filter

Applying a filter refreshes the tree view and shows the updated statuses and objects based on the
filter criteria. The filter uses a Boolean AND operator on the data.
By default, the child objects of each virtual service node are collapsed. After you run the filter, the
tree view displays the relevant object expanded.
To filter the Detailed Status tree

> Configure the filter parameters and click GO.

Table 225: System View Dashboard for Alteon Standalone and VA
Status Values:
• All—Show the specified object types with all statuses.
• Up—Show only the specified object types with the Up status.
• Warning—Show only the specified object types with the Warning status.
• Down—Show only the specified object types with the Down status.
• Warning + Down—Show the specified object types with the Down status and
the Warning status.
• Admin Down—Show only the specified object types with the Down status.
• Shutdown—Show only the specified object types with the Shutdown status.
Available in Alteon version 30.2.3 and later.
Default: All
Note: For more status information, see Status Criteria, page 349.
Type Values:
• All—Show all object types.
• Virtual Service—Show only the virtual services that match the other criteria.
• Server Group—Show only the server groups that match the other criteria.
• Real Server—Show only the real servers that match the other criteria.
• Content Rule—Show only the content rules that match the other criteria.
Default: All
Free Text Free text that filters the results according to ID or other identifier.
For example:
• You can filter for a real server by entering its IP address.
• You can filter for a group by entering the suffix of its ID.
Status Criteria
Real Server Status

The real server status is calculated according to the following order:
• Admin Down—Configuration disabled (either globally or in the group).
• Shutdown—Operationally disabled (either globally or in the group).
• Down—The real server health check failed.
• Warning—The real server is in the No-new-sessions state or the Recovery state.
• Up—The real server health check state is UP.
Server Group status

The server group status is calculated according to the status of its real servers.
Note: A group is considered to be in the Warning state if:

• At least one real server is in the Warning state, or
• Some of the real servers in the group are in Down and some are in the UP state.

Content Rules per Virtual Service Status

The content rule status is defined as follows:
• If the content rule is disabled, its status is Admin Down.
• For a group action, the content rule status is the group status.
• For a redirect or discard action, the content rule is considered to be up.
Virtual Service Status

The virtual service status is calculated according to the following statuses:
• The content rule status.
• If at least one enabled AppShape++ script is associated to this service.
• The service-action status, as follows:
— For an HTTP or HTTPS service, you can specify Group, Redirect, or Discard actions.
— For a non-HTTP/S services, the action is always (implicitly) Group.
Note: When the action is Group, the service-action status is the Group status. When the
Action is Redirect or Discard, the service-action status is always Up.

CHAPTER 11 – MONITORING THE
ALTEON SYSTEM
This chapter describes monitoring Alteon system operations.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
standalone, VA, vADC, or ADC-VX.
• Monitoring General Information, page 351
• CPU Utilization and Memory Statistics, page 353
• Monitoring Capacity, page 355
• Unlocking Users, page 359
• Maintenance, page 360
• Azure, page 365
• AWS, page 365
Monitoring General Information

The Alteon parameters that Alteon displays depend on the Alteon form factor and/or platform:
To monitor general system information

> In the Monitoring perspective, select System > General Information.
Table 226: General Information: General Parameters
Switch Name The name of the switch.
System Time The system time.
System Date The system date.
Last Apply The time and date of the last Apply action.
Last Save The time and date of the last Save action.
Last Boot The time and date of the last boot.
Switch Uptime The amount of time the switch has been up.
Table 227: General Information: System Memory Parameters
This group box is displayed only in standalone mode and ADC-VX mode.

Monitoring the Alteon System
Free The memory resources (in Kilobytes) currently free in the system.
Total The total memory resources (in Kilobytes) in the system.
Table 228: General Information: IP Addresses Parameters
This group box is displayed only in standalone mode and ADC-VX mode.
IPv4 Management The IPv4 address of the management port.
IPv4 Gateway The IPv4 address of the default gateway.
IPv6 Management The IPv6 address of the management port.
IPv6 Gateway The IPv6 address of the default gateway.
SLAAC Address All SLAAC addresses acquired through Router Advertisements.
Table 229: General Information: System Hardware Parameters
MAC Address The MAC address.
Serial Number The serial number.
(Alteon VX and standalone
only)
Mainboard Hardware No The mainboard hardware number.
only)
Mainboard Hardware Rev The mainboard hardware revision.
Ethernet Board Hardware The Ethernet board hardware number.
No
Ethernet Board Hardware The Ethernet board hardware revision.
Rev
Temperature Sensors The number of temperature sensors.
only)
Hard Disk The capacity, in GBs, of the hard disk.
Used Disk Space The used space, in GBs, of the hard disk.
Total RAM The capacity, in GBs, of RAM.
Power Supply The number of power supplies.
only)
Fan Status The fan status.
only)

SSL Chip Displays the following parameters regarding the SSL chips:
• SSL Chip Status—Values: Active Initialized, and so on.
• Type—For example:
Cavium HSM; Model NITROX XL CN16XX-NFBE;
• Amount—The quantity of HSM card on the platform, which is
typically 1.
HSM State The state of the HSM card.
Values: trusted, and so on.
Note: Initialization of the HSM card is done using the Alteon CLI.
For more information, see the Alteon Web Based Management
Application Guide and Alteon Command Line Interface Reference
Guide.
Current Available Capacity The current available (unused) capacity units configured on the
Units platform.
(Alteon VX only)
Max capacity units The maximum capacity units configured on the platform.
(Alteon VX only)
Current throughput The current throughput.
(Alteon VX only)
Max throughput The maximum throughput configured on the platform.
(Alteon VX only)
CPU Utilization and Memory Statistics
To monitor CPU utilization and memory statistics

> In the Monitoring perspective, select System > CPU Utilization and Memory Statistics.
Table 230: CPU Utilization: Management Processor Parameters
Admin Context CPU Utilization
This group box is displayed only in ADC-VX mode.
Last Second The CPU utilization of the admin context in the last second.
Last 4 Seconds The CPU utilization of the admin context in the last four seconds.
Last 64 Seconds The CPU utilization of the admin context in the last 64 seconds.
CPU Utilization
Last Second The CPU utilization of the management processor in the last second.
Last 4 Seconds The CPU utilization of the management processor in the last four
seconds.
Last 64 Seconds The CPU utilization of the management processor in the last 64
seconds.

Table 230: CPU Utilization: Management Processor Parameters (cont.)
Memory
This group box is displayed only in standalone mode and ADC-VX mode and standalone mode.
Free The memory resources currently free on the management processor.
Total The total memory resources of the management processor.
Table 231: CPU Utilization: Switch Processor Parameters (not available in Alteon VX)
SP Number The switch-processor number.
Last Second The CPU utilization of the switch processor in the last second.
Last 4 Seconds The CPU utilization of the switch processor in the last four seconds.
Last 64 Seconds The CPU utilization of the switch processor in the last 64 seconds.
Dynamic Memory Statistics
This group box is not displayed in ADC-VX mode.
Total Memory The total memory resources of the switch processor.
Current Memory The memory resources, in KB, currently used on the switch processor.
Hi water mark The peak memory resources, in KB, used on the switch processor.
Allowed Max The allowed maximum memory usage, in KB.
Table 232: Memory Statistics: Memory Statistics Parameters
This tab is available only in Alteon versions 30.5.2.0 and later.
This tab is not displayed in ADC-VX mode.
Total RAM The total RAM memory resources of the switch processor in MB.
Initial Configured Memory The initial configured memory of the switch processor in MB.
Safety Margin 1st The percentage of memory allocated to the first watermark.
Watermark
Safety Margin 2nd The percentage of memory allocated to the second watermark.
Watermark
Initial Size: 1st The amount of memory given until pressure starts (in MB):
Watermark Initial configured memory / Number of SPs x 75%.
Initial Size: 2nd The amount of memory given to the growing phase (in MB):
Watermark Initial configured memory / Number of SPs x 90%.
Current Process Size: The size of the current process (in MB).
Current Process Size
Current Process Size: The size of the current process cache (in MB).
Cache
Current Process Size: The size of the current process dynamic certificates (in MB).
Dynamic Certificates

Table 232: Memory Statistics: Memory Statistics Parameters (cont.)
Current Process Size: The size of the current process extra process (in MB).
Extra Process
Current Process Size: QAT The size of the current process QAT slabs (in MB).
Slabs
Memory Pressure The memory pressure.
Values: On, Off
Memory Pressure Active The memory pressure active time (in seconds).
Time
Memory used from 1st The percentage of memory used from the first watermark.
Watermark
Monitoring Capacity
This feature is available only in Alteon standalone, VA, and ADC-VX.
Monitoring capacity comprises the following:
• Monitoring System Capacity, page 355
• Monitoring Network Capacity, page 356
• Monitoring Application Delivery Capacity, page 358
Monitoring System Capacity

This feature is available only in version 30.0 and later.
To monitor system capacity

> In the Monitoring perspective, select System > Capacity > System.
Table 233: System Capacity Parameters in Alteon Standalone, VA, and vADC
Cache Usage (MB) Comprises the following values:
• Maximum—The maximum cache usage, in MB, that the device can
support.
• Current—The current cache usage, in MB.
Hard Disk (GB) Comprises the following values:
• Maximum—The hard-disk size, in GB, that the device can support.
• Current—The current hard-disk usage, in GB.
• In Use—The amount of hard-disk space in use, in GB.
RAM (GB) Comprises the following value:
• Maximum—The maximum RAM, in GB, that the device can
support.

Table 234: System Capacity Parameters in ADC-VX
vADCs Comprises the following values:
• Maximum—The maximum number of vADCs that the device can
support.
• Current—The current number of vADCs configured on the device
and, in parentheses, the number of enabled vADCs on the device.
Hard Disk (GB) Comprises the following values:
• Maximum—The maximum hard-disk size, in GB, that the device
supports.
• Current—The current hard-disk size, in GB.
• In Use—The amount of hard-disk space in use, in GB.
Capacity Units Comprises the following values:
• Maximum—The maximum number of capacity units that the device
can support.
• Current—The current number of capacity units configured on the
device.
Monitoring Network Capacity

To monitor network capacity

> In the Monitoring perspective, select System > Capacity > Network.
Table 235: Network Capacity Parameters in Alteon Standalone and VA
FDB Comprises the following two values:
• Maximum—The maximum Forwarding Database usage that the
device can support.
• Current—The current Forwarding Database usage.
VLANs Comprises the following two values:
• Maximum—The maximum number of VLANs that the device can
support.
• Current—The current number of VLANs configured on the device
and, in parentheses, the number of enabled VLANs on the device.
ARP Entries Comprises the following two values:
• Maximum—The maximum ARP entries that the device can support.
• Current—The current number of ARP entries configured on the
device and, in parentheses, the number of enabled ARP entries on
the device.

IP Interfaces Comprises the following two values:
• Maximum—The maximum number of IP interfaces that the device
can support.
• Current—The current number of IP interfaces configured on the
device and, in parentheses, the number of enabled IP interfaces on
the device.
IP Routes Comprises the following two values:
• Maximum—The maximum number of IP routes that the device can
support.
• Current—The current number of IP routes configured on the
device.
VRRP Routers Comprises the following two values:
• Maximum—The maximum number of VRRP routers that the device
can support.
• Current—The current number of VRRP routers configured on the
device and, in parentheses, the number of enabled VRRP routers
on the device.
Table 236: Network Capacity Parameters in Alteon vADC
FDB Comprises the following two values:
• Maximum—The maximum Forwarding Database usage that the
device can support.
• Current—The current Forwarding Database usage.
ARP Entries Comprises the following two values:
• Maximum—The maximum ARP entries that the device can support.
• Current—The current number of ARP entries configured on the
device and, in parentheses, the number of enabled ARP entries on
the device.
IP Interfaces Comprises the following two values:
• Maximum—The maximum number of IP interfaces that the device
can support.
• Current—The current number of IP interfaces configured on the
device and, in parentheses, the number of enabled IP interfaces on
the device.
IP Routes Comprises the following two values:
• Maximum—The maximum number of IP routes that the device can
support.
• Current—The current number of IP routes configured on the device.
VRRP Routers Comprises the following two values:
• Maximum—The maximum number of VRRP routers that the device
can support.
• Current—The current number of VRRP routers configured on the
device and, in parentheses, the number of enabled VRRP routers on
the device.

Table 237: Network Capacity Parameters in ADC-VX
VLANs Comprises the following two values:
• Maximum—The maximum number of VLANs that the device can
support.
• Current—The current number of VLANs configured on the device
and, in parentheses, the number of enabled VLANs on the device.
Monitoring Application Delivery Capacity

This feature is available only in Alteon standalone, VA, and vADC.
To monitor application delivery capacity

> In the Monitoring perspective, select System > Capacity > Application Delivery.
Table 238: Application Delivery Capacity Parameters
Real Servers Comprises the following two values:
• Maximum—The maximum number of real servers that the
device can support.
• Current—The current number of real servers configured on
the device and, in parentheses, the number of enabled real
servers on the device.
Server Groups Comprises the following two values:
• Maximum—The maximum number of server groups that
the device can support.
• Current—The current number of server groups configured
on the device.
Virtual Servers Comprises the following two values:
• Maximum—The maximum number of virtual servers that
the device can support.
• Current—The current number of virtual servers configured
on the device and, in parentheses, the number of enabled
virtual servers on the device.
Virtual Services The maximum number of virtual services that the device can
support.
Real Services The maximum number of real services that the device can
support.
Filters Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of filters that the device
in version 30.0 and later.) can support.
• Current—The current number of filters currently used and,
in parentheses, the number of enabled filters on the device.

Table 238: Application Delivery Capacity Parameters (cont.)
Session Table Entries Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of Session table entries
in version 30.0 and later.) that the device can support.
• Current—The current number of Session table entries
currently used and, in parentheses, the number of enabled
Session table entries on the device.
Dynamic Data Store Comprises the following two values:
• Maximum—The maximum number of 512-byte blocks that
the device can support in the dynamic data store.
• Current—The current number of 512-byte blocks currently
used in the dynamic data store. Note that each persistence
and user-defined entry can occupy one or more 512 byte
blocks.
Keys Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of keys that the device
in version 30.0 and later.) can support.
• Current—The current number of keys configured on the
device.
Certificate Signing Requests Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of certificate signing
in version 30.0 and later.) requests that the device can support.
• Current—The current number of certificate signing requests
configured on the device.
Server Certificates Comprises the following two values:
(This parameter is available only • Maximum—The maximum number of server certificates
in version 30.0 and later.) that the device can support.
• Current—The current number of server certificates
configured on the device.
Unlocking Users
The administrator can monitor all currently locked-out users, viewing the remaining lockout time,
and can unlock any locked-out user.
For more details regarding the user lockout feature, see the relevant Alteon section in the APSolute
Vision online help.
To unlock users
1. In the Monitoring perspective, select System > Locked Users.
The table lists all currently locked-out users, detailing the User ID, User Name and User Role.
The table shows the date and time the user was locked out and the amount of remaining lockout
time (in minutes).
2. Select the row detailing the specific locked-out user and click Unlock.
3. Click OK to confirm.

Maintenance
Use the Maintenance tab to manage technical support data, packet capture, and trace logging of
application services.
Technical Support Data

This procedure describes how manage technical support data.
Note: The Technical Support File (tsdump) is a text file containing Alteon statistics, information
and configuration output. The Tech Data Log File is a zipped archive that includes, in addition to
the tsdump file, other log files (for example, core dump files) to help R&D with debugging.
All passwords in the technical support files are encrypted.
To manage technical support data

1. In the Monitoring perspective, select System > Maintenance.
2. In the Technical Support Data tab, select the technical support data to be included, and click
Generate to generate the technical support file.
3. Click Export to export the technical support file.
4. To export the full technical support data, click Export Tech Data Log to export the Tech Data
log file.
Note: Generating the technical support data file may take up to a few minutes. Only after you
receive the note stating that the file generation has ended, can you operate the export option.
Table 239: Technical Support Data Parameters
Include Private Keys Specifies whether to include private keys in the technical support file.
Passphrase The passphrase, which must be at least four characters long.
(Available when Include
Private Keys is selected.)
Confirm Passphrase The passphrase, which must be at least four characters long.
(Available when Include
Private Keys is selected.)
Include DNSSEC Specifies whether to include DNSSEC information in the technical
information support file.
(This parameter is
available only in version
31.0 and later.)
Include Persistency Specifies whether to include persistency entries in the technical
Entries support file.
(This parameter is
31.0 and later.)

Table 239: Technical Support Data Parameters (cont.)
Include UDP Listen Ports Specifies whether to include UDP listening ports in the technical
(This parameter is support file.
31.0 and later.)
Core File Management

This feature is available only in Alteon standalone, VA, and VX.
Alteon allows you to export the core dump files in a compressed .tgz file to your local disk. You can
select to export all the core dump files in a single zipped file, or you can select a single core dump
file to be exported.
You can also delete all core dump files.
Note: The core files compress and export operation will take few minutes. During this time, the
WEB GUI will be blocked. The files will be available when the operation ends.
To export core files

2. In the Core File Management tab, do one the following:
— Select Export All Core Files (enabled by default).
— Select Export Selected Core File, and enter the core ID to be exported.
The Core Files are listed in a table, detailing the Core ID, File Name, Time and date, and file size.
3. Click Export to export the (selected) Core File(s).
4. Click Delete to delete all Core Files.
Packet Capture
Notes
• Live capture is not enabled when you are connected using a serial connection.
• For Alteon standalone and ADC-VX platforms: The capture file size is limited to 500 MB. For
Alteon VA platforms, the capture file size is limited to 50 MB.
• The output displays GMT time and not the local time.
• If you transform the back-end flow to port 80, you will see clear text in the capture file.
Note: Alteon VA translates the MAC address for virtual servers and interfaces assigned by VMware
to its own internal MAC address for internal processing. It switches the Alteon VA MAC address back
to the VMware MAC address when it sends the packet back to the VMware switch. Therefore, the
internal Alteon VA MAC address is displayed in some of the tables and dumps displayed on the
console.

Note: Service interruptions may occur when using packet capture in certain situations; for
example, with high traffic volume and only one CU allocated for the vADC. Radware recommends
that you use packet capture sparingly (for troubleshooting purposes), during a maintenance
window, or only in periods of low traffic volume.
To manage packet capture

2. In the Packet Capture tab, configure the parameters, and do one the following:
— Click Start to start the packet capture.
— Click Stop to stop the packet capture.
— Click Export to export the packet capture.
— Click Clear Capture File to clear the packet capture file.
Table 240: Packet Capture Parameters
Packet Count The maximum number of captured packets.
Range: 0-1000000000
Packet Length The length of packets to capture, in bytes. Range: 0-9100
Port Range The port range.
The valid range depends on the Alteon platform. Refer to the Alteon
Installation and Maintenance Guide for details of the port range for each
supported platform.
VLAN The VLAN range.
Range: 1-4090
Packet Filter String The packet capture filter string field is used to set the capture filter
parameters. It accepts the same filter criteria (syntax) as the tcpdump
format.
The following parameters can be set with an “and” or an “or” operator
between them, or using parentheses:
• dst host <host>—Filters the output on the specified destination host IP.
• src host <host>—Filters the output on the specified source host IP
address.
• dst port <port>—Filters the output on the specified destination port.
• src port <port>—Filters the output on the specified source port.
• port—Filters the output on the specified port.
• tcp—Filters the output for TCP traffic only.
• udp—Filters the output for UDP traffic only
• icmp—Filters the output for ICMP traffic only.
• ip multicast—Filters the output for multicast traffic only.
• ip broadcast—Filters the output for broadcast traffic only.
Example: (dst host 6.6.6.6 or src host 6.6.3.3) and port 80

Table 240: Packet Capture Parameters (cont.)
Collect (Pre)-Master Includes a pre-master secret log file together with the capture file.
Secret Log Import the pre-master secret file to Wireshark in order to decrypt the SSL
session.
Note: Decryption of the SSL application data may expose sensitive
information. Make sure to keep the security of this data.
Session Logs
This feature is available only in Alteon versions 32.2.1 and 31.0.9 and up.
Depending on the configuration, session logs can be sent either to syslog servers or saved to disk to
export later. Both can be chosen too, this option however affects performance.
Session logs are sent to the syslog servers via the management port or saved to disk when the
sessions are deleted or aged out.
Note: The Session log files are exported in tar.gz format.
To export or clear the collected session logs

2. In the Session Logs tab, select if you want to export previously archived session log file.
3. Click Clear Session Logs to clear the session log.
4. Click Export Session Logs to export the session log.
Application Services Trace Log

If a service is specified, messages generated by that service are enabled for logging and routed to
the syslog server.
Enabling Application Services Trace Logging may impact performance on Alteon traffic processing
capabilities. Make sure that you disable trace logging when you are done.
To manage application services trace log

2. In the Application Services Trace Log tab, configure the parameters, and do one the following:
3. Click Clear to clear the trace log.
4. Click Export to export the trace log.
5. Click Submit to submit the configuration.

Table 241: Application Services Trace Log Parameters
AppShape++ Specifies whether to enable logging of AppShape++ activities.
Default: Disabled
Caching Specifies whether to enable logging of caching activities.
Default: Disabled
Compression Specifies whether to enable logging of compression activities.
Default: Disabled
Content Class Specifies whether to enable logging of Content Class activities.
Default: Disabled
HTTP Specifies whether to enable logging of HTTP activities.
Default: Disabled
HTTP Modification Specifies whether to enable logging of HTTP Modification activities.
Default: Disabled
SSL Specifies whether to enable logging of SSL activities.
Default: Disabled
TCP Specifies whether to enable logging of TCP activities.
Default: Disabled
Data Table Specifies whether to enable logging of data table activities.
Default: Disabled
Memory Specifies whether to enable logging of memory activities.
Default: Disabled
FastView Specifies whether to enable logging of FastView activities.
Default: Disabled
FastView SMF Specifies whether to enable logging of FastView SMF activities.
Default: Disabled
Fetcher Specifies whether to enable logging of Fetcher activities.
Default: Disabled
FastView Logs
This procedure describes how access the FastView log files.
To manage technical support data

2. In the FastView Logs tab, select one of the following FastView log files to display:
— SMF Hub
— Configuration Manager
— Compiler
View the FastView logs for SMF Hub, Config Manager, and the Compiler. Each button launches a new
pane for you to see the details in the log.

Table 242: Application Services Trace Log Parameters
FastView Specifies whether to enable logging of FastView activities.
FastView SMF Specifies whether to enable logging of FastView SMF activities.
Azure
Displays the Azure VM public IP information.
If GSLB is configured, the NIC resource name and public IP address are presented. If HA is
configured the public IP address, the NIC resource name, the peer public IP address, and the peer
NIC resource name are presented.
To monitor azure information

> In the Monitoring perspective, select System > Azure.
Table 243: Azure Parameters
Public IP Address The public IP address.
NIC Resource Name The NIC resource name.
Peer Public IP Address The peer public IP address.
Peer NIC Resource Name The peer NIC resource address.
AWS
Displays the AWS public IP information.
To monitor AWS information

> In the Monitoring perspective, select System > AWS.
Table 244: AWS Parameters
ID The AWS ID of your Alteon platform.
IP Address The local IP address of your Alteon platform.
Elastic IP Address The elastic (floating) IP address that enables moving from the IP
address of your Alteon to the IP address of the peer to provide for high
availability functionality.


CHAPTER 12 – MONITORING THE
ALTEON NETWORK
This chapter describes monitoring Alteon network operations.
The Alteon operations that you can monitor depend on the Alteon form factor and/or platform:
• Monitoring and Controlling Physical Ports, page 367
• Monitoring Layer 2, page 368
• Monitoring Layer 3, page 370
• Monitoring High Availability, page 378
Monitoring and Controlling Physical Ports

To monitor physical ports

> In the Monitoring perspective, select Network > Physical Ports.
Table 245: Physical Port Parameters
Port ID The port identifier.
Status Specifies whether the port is enabled or disabled.
Values: Enable, Disable
Operational Status Specifies whether the port is online or offline.
Values: Online, Offline
Octets
In The number of inbound octets.
Out The number of outbound octets.
Unicast Packets
In The number of inbound unicast packets.
Out The number of outbound unicast packets.
Broadcast Packets
In The number of inbound broadcast packets.
Out The number of outbound broadcast packets.

Monitoring the Alteon Network
Table 245: Physical Port Parameters (cont.)
Multicast Packets
In The number of inbound multicast packets.
Out The number of outbound multicast packets.
Discards
In The number of inbound discarded packets.
Out The number of outbound discarded packets.
Errors
In The number of inbound errored packets.
Out The number of outbound errored packets.
To enable physical ports

1. In the Monitoring perspective, select Network > Physical Ports.
2. Select the row in the table for the required port.
3. Click Enable.
To disable physical ports

3. Click Disable.
To clear statistics for physical ports

3. Click Clear Statistics.
Monitoring Layer 2
Monitoring Layer 2 comprises the following topics:
• Monitoring FDB, page 368
• Monitoring STG, page 370
Monitoring FDB

The forwarding database (FDB) contains information that maps the media access control (MAC)
address to the port from which the Alteon address was learned.
Note: The forwarding database supports up to 16K MAC address entries on the MP per Alteon. Each
SP supports up to 8K entries.
To display FDB monitoring parameters

> In the Monitoring perspective, select Network > Layer 2 > FDB.
Table 246: FDB Monitoring Parameters
MAC Address The MAC address in the FDB.
VLAN The VLAN.
Values: 1–4090
Port The port number. 0 specifies unknown.
Trunk The trunk-group number. The FDB entries on a single trunk.
Values: 1–4090
Age The MAC age.
Referenced Ports The referenced ports.
State Values:
• FFD
• Flood
• Forward—The address has been learned by Alteon.
• Ignore
• Other
• Trunk—The Port field represents the trunk group number.
• Unknown—The MAC address has not yet been learned by Alteon,
but has only been seen as a destination address. When an address
is in the Unknown state, no outbound port is indicated, although
ports which reference the address as a destination are listed under
reference ports.
• Vir—The MAC address is for a standard VRRP virtual router.
• VPR
• Virtual server router (VSR)—The MAC address is for a virtual
server router, a virtual router with the same IP address as a virtual
server.
Referenced SPs The SP number.
Learned Port The learned port number.
To clear the entire FDB

1. In the Monitoring perspective, select Network > Layer 2 > FDB.
2. Click Clear Entire FDB.

Monitoring STG
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network so
that Alteon uses only the most efficient path.
Note: Alteon supports up to 16 multiple Spanning Trees or Spanning Tree Groups.
To display Spanning Tree Group monitoring parameters

> In the Monitoring perspective, select Network > Layer 2 > STG.
Table 247: STG Monitoring Parameters
Spanning Tree Group The Spanning Tree Group number.
Number Of Topology changes The number of topology changes.
Time Since Last Changes The time since the last changes.
Table 248: Spanning Tree Group BPDU Statistics Parameters
Statistic Description
Port The port number.
Status The status of the port.
BPDUs Received
Configuration The number of configuration BPDUs (bridge protocol data units) received.
TCN The number of TCN (Topology Change Notification) messages received.
RSTP/MSTP The number of MST or RST BPDUs received.
BPDUs Transmitted
Configuration The number of configuration BPDUs (bridge protocol data units) transmitted.
TCN The number of TCN (Topology Change Notification) messages transmitted.
RSTP/MSTP The number of MST or RST BPDUs transmitted.
Monitoring Layer 3
Monitoring Layer 3 comprises the following topics:
• Monitoring Gateways, page 371
• Monitoring Routes, page 371
• Monitoring Learned MACs (or IP FDB), page 373
• Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier, page 376
• Monitoring Interfaces, page 377

Monitoring Gateways
Alteon can be configured with up to 255 gateways. Gateways 1 to 4 are reserved for default gateway
load balancing. Gateways 5 to 259 are used for load-balancing of VLAN-based gateways.
Alteon needs an IP interface for each default gateway to which it is connected. Each interface needs
to be placed in the appropriate VLAN. These interfaces are used as the primary and secondary
default gateways for Alteon.
To monitor gateways
> In the Monitoring perspective, select Network > Layer 3 > Gateways.
Table 249: Gateway Monitoring Parameters
Status The status of the gateway.
Gateway ID The gateway number to which the information is related.
Values: 1–259
IP Address The IP address of the default gateway.
VLAN The VLAN identifier of the gateway.
Monitoring Routes
Alteon uses a combination of configurable IP interfaces and IP routing options. Alteon IP routing
capabilities provide the following benefits:
• Connects the server IP subnets to the rest of the backbone network.
• Performs Server Load Balancing (using both Layer 3 and Layer 4 in combination) to server
subnets that are separate from backbone subnets.
• Introduces Jumbo frame technology into the server-switched network by fragmenting UDP
Jumbo frames when routing to non-Jumbo frame VLANs or subnets.
• Routing IP traffic between multiple Virtual Local Area Networks (VLANs) configured on Alteon.
To monitor routes
> In the Monitoring perspective, select Network > Layer 3 > Routes.
Table 250: IPv4 Routes Monitoring Parameters
Entry The entry number of the route in the routing table.
Destination The destination IP address of this route.
Mask The subnet mask of this route.
Gateway The IP address of the destination gateway for this route.

Type The route type.
Values:
• Indirect—The next hop to the host or subnet destination are forwarded
through a router at the gateway address.
• Direct—Packets are delivered to a destination host or subnet attached to
Alteon.
• Local—Indicates a route to one of the Alteon IP interfaces.
• Broadcast—Indicates a broadcast route.
• Martian—The destination belongs to a host or subnet that is filtered out.
Packets to this destination are discarded.
• Multicast—Indicates a multicast route.
Tag The tag that indicates the origin of the route.
Values:
• Fixed—The address belongs to a host or subnet attached to Alteon.
• Static—The address is a static route which has been configured on Alteon.
• Addr—The address belongs to one of the Alteon IP interfaces.
• RIP—The address was learned by the Routing Information Protocol (RIP).
• OSPF—The address was learned by Open Shortest Path First (OSPF).
• BGP—The address was learned via the Border Gateway Protocol (BGP)
• Broadcast—Indicates a broadcast address.
• Martian—The address belongs to a filtered group.
• Multicast—Indicates a multicast address.
• VIP—Indicates a route destination that is a virtual server IP address. VIP
routes are needed to advertise virtual server IP addresses via BGP.
Metric The metric for RIP tagged routes, specifying the number of hops to the
destination (1 through 15 hops, or 16 for infinite hops).
Interface The IP interface that the route uses.
The IPv6 Routers table shows all of the IPv6 routes maintained. Since each link-local interface is
shown with an entry prefix of /128, the link-local network (such as FE80::/10) is not shown for each
interface to avoid too many network entries in the table.
Table 251: IPv6 Routes Monitoring Parameters
Entry The entry number of the route in the routing table.
Destination The destination IP address of this route.
VLAN The VLAN of the route.
Next Hop The next hop of the route.
Protocol The route protocol.
Values: BGP, BGPA, IGMP, IS-IS, Local, NATPT, OSPF, OSPFA, OSPFE, OSPFE2,
OSPFI, RIP, RIPA, Static, STLOW, Unknown

Monitoring Learned MACs (or IP FDB)

The name of this node in Alteon version 30.1 and earlier is IP FDB. The name of this node in Alteon
version 30.2 and later is Learned MACs.
Monitoring learned MACs (or IP FDB) comprises the following topics:
• ARP, page 373—Displaying ARP monitoring parameters and clearing the ARP cache
• Neighbor Cache, page 374—Includes displaying Neighbor Cache monitoring parameters and
summary information and clearing the Neighbor Cache
ARP
This procedure describes how to display the ARP monitoring parameters.
Static ARP entries reside permanently in the ARP cache and do not age out like the ARP entries that
are learned dynamically. Static ARP entries enable Alteon to reach hosts without sending an ARP
broadcast request to the network. Static ARPs are also useful in communicating with devices that do
not respond to ARP requests. Static ARPs can also be configured on some gateways as protection
against malicious ARP cache corruption and possible DoS attacks.
Note: Alteon allows the static ARP configuration to be retained over reboots.
To display ARP monitoring parameters

> In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
Table 252: ARP Monitoring Parameters
IP Address The IP address for the ARP entry.
Flags The flag associated with the entry.
Examples:
• clear
• permanent—Not obtained via an ARP request (for example, IP interface and
VIP)
• R—Indirect ARP (cache) entry for IP address reachable via indirect routes
(static/dynamic)
• layer4—Layer 4 IP address (VIP)
• u—Unresolved ARP entry. The MAC address has not been learned.
MAC Address The MAC address for the ARP entry.
VLAN The VLAN for the ARP entry.
Values: 1–4090
Port The physical port where the IP address owner for this ARP entry is connected.
Referenced SPs The number of SPs on which this ARP entry is present.

To clear the ARP cache

1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
2. Select the relevant row in the table.
3. Click Clear ARP Cache.
Neighbor Cache
IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors’ link layer addresses and
reachability. ND can also auto-configure addresses and detect duplicate addresses. ND enables
routers to advertise their presence and address prefixes, and to inform hosts of a better next hop
address to forward packets.
Note: Once the Neighbor Cache table reaches 2000 entries, table entries are replaced by adding
the new entry and dropping the 2000th entry off the list. Table entries are kept until the entry is
replaced by a new one. During this period, no new entries are used to sort for display.
The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache maintains
information about each neighbor.
Neighbor Cache entries are added in the following situations:
• Entries are added when an IPv6 interface or virtual IP is operational.
• Reception of ND messages from neighbor.
• A device sends ND packets to resolve a link layer address to which it is attempting to send
packets.
To display Neighbor Cache monitoring parameters and summary information

> In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
Table 253: Neighbor Cache Monitoring Parameters
IPv6 Address The IPv6 address for the Neighbor Cache entry.
MAC Address The MAC address for the Neighbor Cache entry.
VLAN The VLAN for the Neighbor Cache entry.
Values: 1–4090
Port The physical port for the Neighbor Cache entry.

Table 253: Neighbor Cache Monitoring Parameters (cont.)
State The the reachability state of the Neighbor Cache entry.
Values:
• Delay—The neighbor is no longer known to be reachable, and traffic has
recently been sent to the neighbor.
• INCPM—Incomplete. The link-layer address of the neighbor has not yet been
determined.
• INVAL—Invalid. The link-layer address of the neighbor is invalid.
• Probe—The neighbor is no longer known to be reachable, and ND messages
are sent to the neighbor to verify reachability.
• REACH—Reachable. The neighbor is known to have been reachable recently.
• Stale—The neighbor is no longer known to be reachable, but until traffic is
sent to the neighbor, no attempt should be made to verify its reachability.
• UNDEF—Undefined. The link-layer address of the neighbor is undefined.
• UNKNOWN—Unknown. The link-layer address of the neighbor is unknown.
Type The type of the Neighbor Cache entry.
Values:
• Dynamic—The entry is a neighbor address learned from ND.
• Invalid—The entry is an invalid address.
• Local—The entry is a local predefined address on Alteon.
• Other—The entry is another type of address (not listed here).
• Static—The entry is a static address.
• Undef—The entry is an undefined address.
Table 254: Neighbor Cache Summary Information Parameters
Total dynamic Neighbor Cache entries The total number of dynamic Neighbor Cache entries.
Total local Neighbor Cache entries The total number of local Neighbor Cache entries.
Total Static Neighbor Cache entries The total number of static Neighbor Cache entries.
Other Neighbor Cache entries The number of other Neighbor Cache entries.
To clear the Neighbor Cache

1. In the Monitoring perspective, select Network > Layer 3 > Learned MACs (or IP FDB).
2. Select the relevant row in the table.
3. Click Clear Neighbor Cache.

Monitoring VRRP Virtual Routers in Alteon Version 30.0 and Earlier

To monitor VRRP virtual routers

> In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
Table 255: Legacy VRRP Virtual Router Parameters
Status The VRRP status.
Values:
• Init—If there is no port in the virtual router’s VLAN with an active
link, the interface for the VLAN fails, thus placing the virtual router
into the INIT state. The INIT state identifies that the virtual router
is waiting for a startup event. If it receives a startup event, it will
either transition to master if its priority is 255 (the IP address
owner), or transition to the backup state if it is not the IP address
owner.
• Master—The virtual router is the master.
• Backup—The virtual router is a backup.
• Holdoff—VRRP operation is globally suspended for the specified
interval. When a device becomes the VRRP master at power up or
after a failover operation, it may begin to forward data traffic
before the connected gateways or real servers are operational.
Alteon may create empty session entries for the coming data
packets and the traffic cannot be forwarded to any gateway or real
server.
Router ID The router identifier.
VR ID The virtual router identifier.
IP Version The type of IP address—version 4 or version 6.
IP Address The IP address of the virtual router.
Interface The IP interface of the device. If the IP interface has the same IP
address as the IP address, this device is considered the owner of the
defined virtual router.
Priority The election priority bias for this virtual server.
During the master router election process, the routing device with the
highest virtual router priority number wins. If there is a tie, the device
with the highest IP interface address wins. If this virtual router’s IP
address (addr) is the same as the one used by the IP interface, the
priority for this virtual router is set to 255 (highest).
When priority tracking is used, this base priority value can be modified
according to a number of performance and operational criteria.
Values: 1–254
Default: 100
Note: When you enable hot-standby for a vrgroup, the currently set
priority for the vrgroup is increased by 2.

Table 255: Legacy VRRP Virtual Router Parameters (cont.)
Ownership The owner of the VRRP IP address.
Values:
• Owner—If the IP interface has the same IP address as the virtual
address IP, this device is considered the owner of the defined
virtual router. An owner has a special priority of 255 (highest) and
always assumes the role of the master router, even if it must
preempt another virtual router that has assumed master routing
authority.
• Renter—The virtual router that is not owned by the device.
To switch over a VRRP virtual router

1. In the Monitoring perspective, select Network > Layer 3 > VRRP Virtual Routers.
2. Select an entry and click Backup.
Monitoring Interfaces
Alteon needs an IP interface for each subnet to which it is connected so it can communicate with the
real servers and other devices attached to it that receive switching services. Alteon can be
configured with up to 256 IP interfaces. Each IP interface represents Alteon on an IP subnet on your
network. The interface option is disabled by default.
To monitor interfaces
> In the Monitoring perspective, select Network > Layer 3 > Interfaces.
Table 256: Interface Monitoring Parameters
State The state of the interface.
Interface ID The identifier of the interface.
IP Address The IP address of the interface.
Mask The mask of the interface if the interface is IPv4. If the interface is IPv6, the fields
displays 0.0.0.0.
Prefix The prefix of the interface if the interface is IPv6. If the interface is IPv4, the
fields displays 0.
VLAN The VLAN identifier of the interface.
BFD The status of the Bidirectional Forwarding Detection (BFD) peer on this interface.
Values: Disabled, Enabled
Monitoring Tunnels
Statistics for all the configured tunnels are shown.

Note: You can filter any of the parameters to view specific values by entering the value in the field
or selecting from the drop down list, as applicable.
To monitor interfaces
> In the Monitoring perspective, select Network > Layer 3 > Tunnels.
Table 257: Tunnels Monitoring Parameters
Status The tunnel status.
Values: Enabled or Disabled.
Tunnel ID The tunnel ID (alphanumeric).
Description The tunnels descriptive name.
Protocol The tunnels protocol.
Values: GRE or IPIP
Current The number of current sessions.
Sessions
Total Sessions The number of total sessions.
Highest The highest sessions.
Sessions
Total Bytes The number of total bytes.
To clear the all the tunnel statistics

1. In the Monitoring perspective, select Network > Layer 3 > Tunnels.
2. Click Clear Tunnel Statistics.
Monitoring High Availability

This section comprises the following topics:
• Monitoring High Availability in Alteon Version 30.1, page 378
• Monitoring High Availability for Alteon Version 30.2 and Later, page 382
Monitoring High Availability in Alteon Version 30.1

Note: You can configure the values for the High Availability feature in the Configuration perspective,
under Network > High Availability.

For Alteon version 30.1 and later, use the High Availability tab in the Monitoring perspective to do
the following:
• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon
version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode.
Typically, you do this when you need to perform maintenance on the active Alteon and not affect
the service.
• When the High Availability Mode on the device is Service HA:
— Monitor high-availability information.
— Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
• When the High Availability Mode on the device is Legacy VRRP:
— Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
To view High Availability mode and state

> In the Monitoring perspective, select Network > High Availability.
The High Availability Mode field displays one of the following: Disabled, Switch HA, Service
HA, Extended HA, Legacy VRRP
The Status field displays master or backup.
To monitor Service HA information in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability.
Table 258: Service HA Monitoring Parameters
Status The Service HA status.
HA Group ID The HA Group identifier.
To monitor Switch HA information in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability
Table 259: Switch HA Monitoring Parameters
Peer Switch ID The identifier of the peer.
Peer Switch Address The IP address of the advertisement IP interface associated with the
peer.
Last Sync The type (manual or automatic), status, timestamp, and failure reason
of the last configuration synchronization attempt.

Table 259: Switch HA Monitoring Parameters (cont.)
Last Successful Sync The type (manual or automatic) and timestamp of the last successful
configuration synchronization.
To monitor legacy VRRP virtual routers in Alteon version 30.1

> In the Monitoring perspective, select Network > Layer 3 > High Availability.
Values:
owner.
server.

Table 260: Legacy VRRP Virtual Router Parameters (cont.)
Values: 1–254
Default: 100
Values:
authority.
Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
“preferred master”) briefly becomes the backup and then reverts to the master.
To force a master Alteon into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Click Backup.
To force a master service group into backup mode

1. In the Monitoring perspective, select Network > Layer 3 > High Availability.
2. Select the required service group or service groups.
3. Click Backup.

Monitoring High Availability for Alteon Version 30.2 and Later

Note: You can configure the values for the High Availability feature in the Configuration perspective,
under Network > High Availability.
• When the High Availability Mode on the device is Switch HA (or Extended HA in Alteon
version 30.5.4 and later, and version 31.0.1 and later), switch an active device to backup mode.
Typically, you do this when you need to perform maintenance on the active Alteon and not affect
the service.
• When the High Availability Mode on the device is Service HA:
— Switch an active service group to backup mode. Typically, you select all the services and
switch to backup mode when you need to perform maintenance on the active Alteon and not
affect the services.
• When the High Availability Mode on the device is Legacy VRRP:
— Switch an active device to backup mode when the High Availability Mode on the device is
Legacy VRRP. Typically, you do this when you need to perform maintenance on the active
Alteon and not affect the services or for passing master control back to a primary Alteon
after it has been returned to service after a failure.
To view High Availability mode and state

> In the Monitoring perspective, select Network > High Availability.
The High Availability Mode field displays one of the following: Disabled, Switch HA, Service
HA, Extended HA, Legacy VRRP
The Status field displays master or backup.
To monitor Service HA information

> In the Monitoring perspective, select Network > High Availability > Sync Status.
Table 261: Service HA Monitoring Parameters
Status The Service HA status.
HA Group ID The HA Group identifier.
To monitor Switch HA information


Table 262: Switch HA Monitoring Parameters
Peer Switch ID The identifier of the peer.
Peer Switch Address The IP address of the advertisement IP interface associated with the
peer.
Last Sync The type (manual or automatic), status, timestamp, and failure reason
of the last configuration synchronization attempt.
Last Successful Sync The type (manual or automatic) and timestamp of the last successful
configuration synchronization.
To monitor Extended HA information

This option is available only in Alteon version 30.5.4 and later, and in version 31.0.1 and later.
Table 263: Extended HA Monitoring Parameters
State The Extended HA status.
Values:
owner.
To monitor legacy VRRP virtual routers


Values:
owner.
server.
Values: 1–254
Default: 100
Values:
authority.

Forcing Failover
You can force a specified master Alteon, or a specified master service group, into backup mode. This
is generally used for passing master control back to a preferred Alteon (or service group) once the
preferred Alteon (or service group) has been returned to service after a failure.
If failback mode is Always when you force failover, the Alteon with preferred state Active (the
“preferred master”) briefly becomes the backup and then reverts to the master.
To force a master Alteon into backup mode

1. In the Monitoring perspective, select Network > High Availability.
2. Click Backup.
To force a master service group into backup mode

1. In the Monitoring perspective, select Network > High Availability.
2. Select the required service group or service groups.
3. Click Backup.


APPLICATION DELIVERY
This chapter describes monitoring Alteon application delivery operations.
• Clearing Non-operating SLB Statistics, page 387
• Clearing SLB Statistics from the HA Peer, page 388
• Monitoring and Controlling Virtual Servers, page 388
• Monitoring and Managing Filters, page 397
• Monitoring and Controlling Server Resources, page 403
• View a FastView Web Application, page 408
• Monitoring and Controlling APM, page 409
• Monitoring and Controlling SSL, page 409
• Monitoring Traffic Match Criteria, page 416
• Monitoring and Controlling Application Services, page 417
• Monitoring LinkProof, page 431
• Monitoring Global Traffic Redirection Statistics, page 434
• Monitoring AppShape++ Statistics, page 438
Clearing Non-operating SLB Statistics

In Alteon version 30.1 and later, you can clear all non-operating SLB statistics, resetting them to
zero.
The action, Clear All SLB Statistics, does not reset Alteon and does not affect the following
counters:
• Counters required for Layer 4 and Layer 7 operations (such as current real server sessions)
• All related SNMP counters
To clear all non-operating SLB statistics

1. (In Alteon version 30.1 and later, and 30.2 and later) In the Monitoring perspective, select
Application Delivery > Virtual Service.
2. (In Alteon version 30.5 and later, version 31.0 and later, and version 32.0 and later) In the
Monitoring perspective, select Application Delivery > Server Resources.
3. Click Clear All SLB Statistics.

Monitoring Alteon Application Delivery
Clearing SLB Statistics from the HA Peer

In Alteon version 31.0.6.0 and later, and version 32.1.0.0 and later, you can clear all SLB statistics
from the HA peer when both the following conditions are met:
When both the following conditions are met, you can clear all SLB statistics from the HA peer:
• The Configuration > Network > High Availability > High Availability Mode parameter is
set to Service HA.
• Session mirroring is enabled for at least one service.
To clear all SLB statistics from the HA peer

1. In the Monitoring perspective, select Application Delivery > Server Resources.
2. Select Also clear SLB statistics on peer.
3. Click Clear All SLB Statistics.
Monitoring and Controlling Virtual Servers

To monitor virtual servers, virtual services, and content-based rules

> In the Monitoring perspective, select Application Delivery > Virtual Service > Virtual
Servers.
The following parameters display in the Virtual Servers table:

> In the Monitoring perspective, select Application Delivery > Server Resources > Virtual
Servers.

> In the Monitoring perspective, select Application Delivery > Virtual Servers.
Note: When a client sends a DNS query to the site, and the site sends a DNS response with the IP
address of the remote real server, the client binds to the remote real server directly. In such cases,
the statistics at Monitoring > Application Delivery > Virtual Servers do not include statistics for
the remote real server because the site does not act as a proxy or redirect the session.
DNS and redirect statistics for the remote real server are displayed at Monitoring > Application
Delivery > Global Traffic Redirection > Remote Real Virtual Servers.

Table 265: Virtual Servers Statistics
Status The status of the virtual server.
Virtual Server ID The ID of the virtual server.
Description The description of the virtual server.
(This parameter is
31.0 and later, and 32.0
and later.)
Name A name for the virtual server
(This parameter is
29.5.x, 30.0.x, 30.1.x,
30.2.x, and 30.5.x.)
IP Address The IP address of the virtual server.
(This parameter is
31.0 and later, and 32.0
and later.)
Connection per Second The number of connections per second for the virtual server.
(This parameter is
30.5.x and later, 31.0.2
and later, and 32.0 and
later.)
Throughput per Second The throughput, in Mbps, for the virtual server.
(This parameter is
30.5.x and later, 31.0.2
and later, and 32.0 and
later.)
Current Sessions The number of sessions currently open on the virtual server.
Total Sessions The total number of sessions handled by the virtual server.
Highest Sessions The highest number of concurrent sessions recorded on the virtual
server.
Total Octets The total number of octets sent and received by the virtual server.
Click on an entry in the Virtual Services of Selected Virtual Server table to view the following
detailed virtual service statistics:
Table 266: Virtual Services: General Statistics (Alteon Version 31.0 and Later)
Status The status of the virtual service.
Virtual Server ID The ID of the virtual server associated with the selected virtual service.
Service Port The service port associated with the selected virtual service.
Action The action of the virtual service.

Table 266: Virtual Services: General Statistics (Alteon Version 31.0 and Later) (cont.)
Group ID The identifier of the server group to which this virtual service redirects
the traffic.
Total Octets The total number of octets sent and received by the virtual service.
(This parameter is
31.0.2 and later, and
version 32.0 and later.)
Connections per Second The number of connections per second for the virtual service.
(This parameter is
Throughput per Second The throughput, in bytes per second, for the virtual service.
(This parameter is
Current Sessions The number of sessions currently open on the virtual service.
(This parameter is
Total Sessions The total number of sessions handled by the virtual service.
(This parameter is
(This parameter is service.
Table 267: Virtual Service: Traffic Statistics (per Real Server) (Alteon Version 30.1 and Later)
Runtime Status The run-time status of the real server per service based on the
(Available only in Alteon configuration, operational status, health check status, and traffic of the
version 31.0 and later, real server.
and version 32.0 and Available statuses: Up, Down, Admin-Down, Warning, or Shutdown.
later.)
Real ID The identifier of a real server associated with the virtual service.
Current Sessions The number of current sessions to the virtual service on the real
server.
Total Sessions The total number of sessions to the virtual service on the real server.
Highest Sessions The highest number of concurrent sessions to the virtual service on the
real server.

Table 267: Virtual Service: Traffic Statistics (per Real Server) (Alteon Version 30.1 and Later)
Failure Reason Displays the reason for which the real server associated with the
(This parameter is virtual service is considered Down. The failure reason displays when
available only in version the runtime status of the server is Down, otherwise the failure reason
31.0.3 and later, and is empty.
version 32.0 and later)
Server RTT The average server round-trip time (RTT) in microseconds.
Table 268: Statistics and Timing (Alteon Version 31.0 and Later)
Connections per Second The number of connections per second for the virtual service.
Current Sessions The number of sessions currently open on the virtual service.
service.
Throughput per Second The throughput, in Mbytes per second, for the virtual service.
Total Sessions The total number of sessions handled by the virtual service.
Total Octets The total number of octets sent and received by the virtual service.
Timing
Client RTT The average client round-trip time (RTT) in microseconds.
Application Response The average application response time, in microseconds.
Response Transfer The average response transfer time, in microseconds.
Total The average total response time, in microseconds.
Table 269: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later)
HTTP 2.0 Displays the following statistics for HTTP 2.0 traffic:
• Connection Count—Number of connections within the statistics
measuring period.
• Connection Peak—The peak number of concurrent connections
within the statistics measuring period.
• Requests Count—Number of requests within the statistics
measuring period.
measuring period.
measuring period.

Table 269: Virtual Service: HTTP Statistics (Alteon Version 30.2 and Later) (cont.)
measuring period.
measuring period.
HTTP/2 Connection Displays the value for the last measuring period (Current) and the
Statistics highest value recorded in a measuring period (Peak) for each of the
(These statistics are following statistics:
displayed only when an • Backend Connections used by HTTP/2 Proxy
HTTP/2 policy is • Client Streams—Average number of client streams per connection.
associated with the
selected virtual service) • PUSH Streams—Average number of PUSH stream connections sent
by Alteon to clients.
• Canceled PUSH Requests—Average number of cancel PUSH
requests received from a client per connection.
• Session Duration Average—In mm:ss format.
HTTP/2 Header Displays the value for the last measuring period (Current) and the
Compression Statistics highest value recorded in a measuring period (Peak) for each of the
(These statistics are following header compression statistics:
displayed only when an • Requests—Average Compression Ratio (%)
HTTP/2 policy is • Responses—Average Compression Ratio (%)
associated with the
selected virtual service) • Average de facto HPACK Table Size—Average size of the dynamic
HPACK table.
• Big Headers Count—The number of Big Headers handled. A Big
Header is a header whose size is more than half of the maximum
dynamic table size. Such headers usually cause eviction of older
headers from the table.
• Average Evicted Bytes Per Connection
Statistics Measuring Period, in seconds, for which statistics are measured and displayed.
Period You configure this parameter in the Statistics tab at Configuration >
Application Delivery > Virtual Services > Settings.
Time since last device The time since the device was last reset and traffic statistics were
reset / clear statistics cleared.
Table 270: Frontend SSL Parameters
New SSL Handshakes The number of current SSL handshakes per second, and the total
number of new SSL handshakes.
Reused SSL Handshakes The number of current reused SSL handshakes per second, and the
total number of reused SSL handshakes.
Reuse rate The percentage of current and total reuse rate.
Reused 0-RTT SSL The number of current reused 0-RTT SSL handshakes per second, and
handshakes the total number of reused 0-RTT SSL handshakes.

Table 270: Frontend SSL Parameters (cont.)
Reuse 0-RTT rate The percentage of current and total reuse 0-RTT rate.
Rejected 0-RTT The number of current rejected 0-RTT handshakes per second, and the
handshakes total number of rejected 0-RTT handshakes.
SSL v3 Handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 Handshakes The percentage of current and total TLS 1.0 handshakes.
HTTP to HTTPS The number of current and total number of HTTP to HTTPS
Redirections redirections.
Rejected SSL Handshakes The number of current rejected SSL handshakes per second, and the
total number of rejected SSL handshakes.
Session ID Reuse SSL The number of current session ID reuse handshakes per second, and
Handshakes the total number of current session ID reuse handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse SSL handshakes.
Handshakes
Ticket Reuse SSL The number of current ticket reuse SSL handshakes per second, and
Handshakes total number of ticket reuse SSL handshakes.
Ticket Reuse SSL The percentage of current ticket reuse SSL handshakes.
Handshakes
Table 271: Backend SSL Parameters
New SSL Handshakes The number of current SSL handshakes per second, and the total
Reused SSL Handshakes The number of current reused SSL handshakes per second, and the
Reuse Rate The percentage of current and total reuse rate.
SSL v3 Handshakes The percentage of current and total SSL v3 handshakes.
HTTP to HTTPS The number of current HTTP to HTTPS redirections.
redirections
Handshakes the total number of session ID reuse SSL handshakes.
Session ID Reuse SSL The percentage of current and total session ID reuse handshakes.
Handshakes
Ticket Reuse SSL The number of current ticket reuse handshakes per second, and the
Handshakes total number of ticket reuse SSL handshakes.

Table 271: Backend SSL Parameters (cont.)
Ticket Reuse SSL The percentage of current and total ticket reuse handshakes.
Handshakes
Ignored Certificates The reason for ignoring the certificate.
Reasons
Current The number of current (per second) ignored certificates for the listed
reason.
Total The number of total ignored certificates for the listed reason.
Table 272: SSL Cipher Usage
For Frontend and Backend Cipher Usage
Cipher Name The cipher name.
Current Cipher usage per second.
Total Total cipher usage.
Table 273: Rejected Handshake Reasons
Rejected Handshake Reasons for Frontend and Backend
Rejected Handshake The reason for the rejected handshake.
Reason
Current The number of current (per second) rejected handshakes.
Total The total number of rejected handshakes.
Table 274: Caching and Compression Statistics (Alteon Version 30.2 and Later)
Objects Served from The number of objects served from cache.
Cache
Cache Hits Percentage of cache hits.
Cache Requests Number of cache requests per second.
Total Cached Objects Total number of cached objects.
New Cached Objects Number of new cached objects per second.
Peak New Cached Objects Number of peak new cached objects per second.

Table 274: Caching and Compression Statistics (Alteon Version 30.2 and Later) (cont.)
Compression Statistics Compression-specific statistics:
• Throughput (KB)—Amount of compressed and uncompressed
throughput, and compression ratio.
• Average Object Size (KB)—Average compressed and
uncompressed object size, and compression ratio.
• Total Bytes Saved—Since last reboot or statistics clear.
• Bytes Saved—Bytes saved per second.
• Peak Bytes Saved—Highest number of bytes saved per second
since last reboot or statistics clear.
Table 275: FastView Statistics (Alteon Version 30.2 and Later)
Transactions Number of current, total, and peak transactions.
HTML Pages Number of current, total, and peak HTML pages.
Optimized Pages Number of current, total, and peak optimized pages.
Tokens Rewritten Number of current, total, and peak tokens rewritten.
Compiled Pages Number of current, total, and peak compiled pages.
Bytes Saved with Image Number of bytes saved with image reduction for current traffic, and for
Reduction traffic since the last clear of statistics.
% Bytes Saved with Percentage of bytes saved with image reduction for current traffic, and
Image Reduction for traffic since the last clear of statistics.
Responses with Expiry Number of responses with expiry modified for current traffic, and for
Modified traffic since the last clear of statistics.
% Responses with Expiry Percentage of responses with expiry modified for current traffic, and
Modified for traffic since the last clear of statistics.
Table 276: Defense Messaging parameters
The Defense Messaging Policy parameters are shown for their Current value, Last Period
Average, Current Period average, and Peak values (also showing the time stamp for the peak
value).
Bandwidth The bandwidth (in Mbps)

Table 276: Defense Messaging parameters (cont.)
PPS The number of packets per second (PPS)
CPS The number of connections per second (CPS)
Latency The latency (in microseconds)
Table 277: Content Based Rules Statistics
Virtual Server ID The ID of the virtual server associated with the selected content-based
rule.
Service ID The ID of the virtual service associated with the selected content-
based rule.
Content Rule ID The ID of the content-based rule.
Action The action of the content-based rule.
Current Sessions The number of current sessions that match the content-based rule.
Total Sessions The total number of sessions that match the content-based rule.
Highest Sessions The highest number of concurrent sessions that matched the content-
based rule.
Total Octets The total number of bytes/octets that matched the content-based rule.
In the Traffic tab, click an entry in the Content Based Rule Service table to see all statistics for
each service.
Table 278: Content Based Rule Service Statistics
Server ID The ID of the virtual server associated with the selected content-based rule.
Service ID The ID of the virtual service associated with the selected content-based rule.
Rule ID The ID of the content-based rule.
Real ID The ID of the rule (when Action is set to Group).
Sessions
Current The number of current sessions to the virtual service on the real server.
Sessions
Total Sessions The total number of sessions that match the content-based rule.
Highest The highest number of concurrent sessions that matched the content-based rule.
Sessions
Total Octets The total number of bytes/octets that matched the content-based rule.

Monitoring and Managing Filters
To monitor filters
1. In the Monitoring perspective, select Application Delivery > Filters.
2. In the Filters table, select the required row(s) and click the button to view the filter details.
Table 279: Filter Parameters
Status The configurational status of the filter.
Filter ID The filter ID of the filter.
Name The name of the filter.
Action The configurational action of the filter.
Group ID The real server group to which traffic matching the Redirect filter is
(This parameter is sent.
value for the Action
parameter is Redirect or
Outbound LLB.)
Total Hits The number of total hits, in packets, connections, or Requests,
depending on the type of filter.
Special cases:
• For HTTP Layer 7 filters, the match is request based, and therefore
the session counter is incremented per request.
• For non-cached filters and Layer 2 filters with non-IP traffic, the
match is packets-based, and therefore the session counter is not
incremented.
The statistics in the following tabs are relevant for redirect filters. They displays the statistics of the
real servers that participate in this redirect group.
Note: The counters display accumulative data from all filters that redirect to each real server.
Table 280: Statistics Parameters
This tab is available only in version 32.0 and later.
Connections per Second The number of connections per second currently processed by this
filter.
Special cases:
• For HTTP Layer 7 filters, the match is request-based, and therefore
match is packets based, and therefore the session counter is not
incremented.

Table 280: Statistics Parameters (cont.)
Current Sessions The current number of sessions processed by this filter.
Special cases:
incremented.
Highest Sessions The highest number of sessions processed by this filter since the last
reboot of reset statistics.
Special cases:
incremented.
Total Sessions The total number of sessions processed by this filter since the last
reboot of reset statistics.
Special cases:
incremented.
Current Throughput The current throughput, in Kbps, processed by this filter.
Highest Throughput The highest throughput, in Kbps, processed by this filter.
Total Bandwidth The total bandwidth, in Mb, processed by this filter.
Total Hits The number of total hits, in packets, connections, or Requests,
depending on the type of filter.
Special cases:
• For HTTP Layer 7 filters, the match is request based, and therefore
incremented.
Table 281: Real Server Traffic Parameters
This tab is available only in version 32.0 and later.
Runtime Status The runtime status of the real server.
Values: Disabled, Failed, Running
Real IDs The real server ID.

Table 281: Real Server Traffic Parameters (cont.)
Current Sessions The current number of sessions processed by the real server
connected to this filter.
Special cases:
incremented.
Highest Sessions The highest number of sessions processed by this real server since the
last reboot of reset statistics.
Special cases:
incremented.
Total Sessions The total number of sessions processed by this real server since the
last reboot of reset statistics.
Special cases:
incremented.
Current Throughput The current throughput, in Kbps, processed by this real server.
[Kbps]
Highest Throughput The highest throughput, in Kbps, processed by this real server.
[Kbps]
Total BW [Mb] The total bandwidth, in Mb, processed by this real server.
CPS The number of connections per second currently processed by this real
server.
Special cases:
incremented.
Failure Reason Displays the reason for which the real server associated with the filter
is considered Down. The failure reason displays when the runtime
status of the server is Down, otherwise the failure reason is empty.
Note: In some later versions, some of the SSL monitoring parameters are shown in the SSL tab.

Table 282: Front-end SSL Parameters
This tab is available only in version 32.0.1 and later.
New SSL handshakes The number of new SSL handshakes per second.
Reused SSL handshakes The number of reused SSL handshakes per second.
Reuse rate The reuse rate of SSL handshakes as a percentage.
Rejected SSL handshakes The number of rejected SSL handshakes per second.
Reused 0-RTT SSL The number of reused 0-RTT SSL handshakes per second.
handshakes
Reuse 0-RTT rate The reuse rate of 0-RTT SSL handshakes as a percentage.
Rejected 0-RTT The number of rejected 0-RTT SSL handshakes per second.
handshakes
SSL v3 handshakes The percentage of SSL v3 handshakes.
TLS 1.0 handshakes The percentage of TLS 1.0 handshakes.
HTTP to HTTPS The number of HTTP to HTTPS redirections.
redirections
Rejected Certificates The number of rejected certificates.
Ignored Certificates The number of ignored certificates.
Expired Certificates The number of expired certificates.
Untrusted Certificates The number of untrusted certificates.
Certificate Hostname The number of certificate hostname mismatches.
Mismatch
Rejected Handshake The number of reasons for handshake rejections.
Reasons
Total Cipher Handshakes The number of cipher handshakes.
Session ID Reuse SSL The number of session ID reused SSL handshakes per second.
Handshake
Session ID Reuse SSL The number of session ID reused SSL handshakes percentage.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes per second.
Handshake
Table 283: Backend SSL Parameters
Reuse handshakes The reuse rate of SSL handshakes as a percentage.

Table 283: Backend SSL Parameters (cont.)
redirections
Session ID Reuse SSL The number of session ID reused SSL handshakes per second.
Handshake
Session ID Reuse SSL The number of session ID reused SSL handshakes percentage.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes per second.
Handshake
Ticket Reuse SSL The number of ticket reused SSL handshakes percentage.
Handshake
Ignored Certificate The reasons for the ignored certificates - current (per second) and
Reasons total.
Table 284: SSL Cipher Usage Parameters
Frontend Cipher Usage Table listing the front-end cipher name, current usage (per second)
and total usage.
Backend Cipher Usage Table listing the back-end cipher name, current usage (per second)
and total usage.
Table 285: Rejected Handshake Reason Parameters
Frontend Rejected Table listing the front-end rejected handshake reason, for current (per
Handshake Reasons second) and total rejected handshakes.
Backend Rejected Table listing the back-end rejected handshake reason, for current (per
Handshake Reasons second) and total rejected handshakes.
Table 286: General Parameters

Table 286: General Parameters (cont.)
Total Rejected Certificates The number of rejected certificates.
(Starting with version
32.2.x, this parameter no
longer displays)
Total Ignored Certificates The number of ignored certificates.
32.2.x, this parameter no
longer displays)
Total Expired Certificates The number of expired certificates.
32.2.x, this parameter
displays in the General tab
at Configuration >
Application Delivery >
SSL, and is named SSL
Expired Certificate)
Total Untrusted The number of untrusted certificates.
Certificates
at Configuration >
SSL and is named SSL
Untrusted Certificate)
Total Certificate Hostname The number of certificate hostname mismatches.
Mismatch
at Configuration >
SSL and is named
SSLCertificate
Hostname Mismatch)
Table 287: SSL Parameters
This tab is available only in version 31.x and earlier.
Reuse rate The reuse rate of SSL handshakes as a percentage.

Table 287: SSL Parameters (cont.)
redirections
Monitoring and Controlling Server Resources

Alteon displays the following connections per second (CPS) statistics for the entire Alteon platform:
current connections per second, current throughput (in Mbps), and current SSL connections per
second.
Monitoring and controlling virtual services comprises the following:
• Monitoring and Controlling Real Servers, page 403
• Monitoring and Controlling Server Groups, page 406
• Monitoring and Controlling Virtual Servers, page 388
• Monitoring and Controlling APM, page 409
To monitor device summary statistics

> In the Monitoring perspective, select Application Delivery > Server Resources.
The device statistics table displays the following statistics:
Table 288: Device Summary Statistics
Current Connection Per The number of current connections per second.
Second
Current Throughput The amount of current throughput (in Mbps).
Current SSL CPS The number of current SSL connections per second.
Related Topics
• Clearing Non-operating SLB Statistics, page 387
• Clearing SLB Statistics from the HA Peer, page 388
Monitoring and Controlling Real Servers

You can view monitoring information of the real servers and change their operational status.

Note: Changing the operational status of a real server is typically performed for maintenance
purposes. If you execute a change to the operational status of a real server, the change takes effect
without an Apply or Save command. When the Alteon resets, the real server reverts to its
configuration status (that is, enabled or disabled).
To change the operation status or one or more real servers

1. In the Monitoring perspective, select Application Delivery > Virtual Service Server
Resources > Real Servers.
2. In the table, select the rows of the real server whose operational statue you want to change.
3. From the Real Server Operations drop-down list, select the required option, and then click
Execute.
Default: Disable.
Table 289: Real Server Operations—Options
Disable Disables the selected real server(s) immediately and close existing
connections.
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fast-ages existing sessions.
3. Disables the real server when there are no connections on it.
Disable & Keep Gracefully disables the real server, having the server do the following:
Persistency 1. Does not accept new connections.
2. Keeps persistent data until session expiration.
3. Disables the real server when there are no connections including
the persistent data for the real server.
Persistency and Fastage 1. Does not accept new connections.
3. Fast-ages existing sessions.
Enable Enables the selected real server(s).

To view monitoring information for the real servers

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Real Servers.
The table in the Real Servers tab displays information for all the real servers.
Note: Users with CoS type User can see the statistics and status of all real servers, but they
can only perform operations on the real servers that are assigned to them.
2. To view the monitoring information for one specific real server, click the button.
Table 290: Real Server Monitoring: Status Information
Status The administrative status of the real server.
Values (Alteon version 30.2.7 and later, version 30.5.6 and later, and
version 31.0.3 and later):
• Disable—Disables the server and removes the existing sessions
using the disabled-with-fastage option.
• Enabled—Enables the server.
• Connections Shutdown—Continues sending to the server traffic
belonging to active connections but denies any new connections.
• Sessions Shutdown—Continues sending to the server traffic
belonging to active connections and accepts new connections if
they belong to persistent session entry.
Values (all other versions):
• Enabled—The real server is enabled.
• Disabled—The real server is disabled.
• Disable-with-fastage—The real server was disabled and fastaged
the existing sessions.
Server State The run-time state of the real server (which is, the result of the real-
server health check).
Values: Disabled, Failed, Running
Operational Status The operational status of the real server. For more information, see
Real Server Operations—Options, page 404.
Real Server ID The identifier of the real server.
Name The description of the real server.
IP Address The IP address of the real server.
IP Version The IP version of the real server.
MAC Address The MAC address of the real server.
Table 291: Real Server Monitoring: Sessions Statistics
Current Sessions The number of sessions currently open on the real server.
Total Sessions The total number of sessions the real server handled.
Highest Sessions The highest number of concurrent sessions handled by the real server.

Table 292: Real Server Monitoring: Octets Statistics
Total Bytes The total number of bytes handled by the real server (transmit and
receive).
Table 293: Real Server Monitoring: Failures Statistics
Server Failures The number of times the real server has failed since the last reboot.
Table 294: Real Server Monitoring: Health Check Information
(These parameters are displayed only when monitoring a specific real server.)
Last Failure The time of the last failure.
Up Time The time that the server has been up.
Down Time The time that the server has been down
Monitoring and Controlling Server Groups

To monitor basic information of the server groups

> In the Monitoring perspective, select Application Delivery > Virtual Service Server
Resources > Server Groups.
The Server Groups table shows the following statistics:
Table 295: Server Groups Statistics
Server Group ID The identifier of the server group.
Description The description of the server group.
SLB Metric The load balancing metric for the server group.
Health Check The health check used to monitor the server group.
Current Sessions The current number of sessions that the server group is handling.
Total Sessions The total number of sessions that the server group has handled.
Highest Sessions The highest number of concurrent sessions that the server group has
handled.
Total Octets The total number of octets that the server group has handled.

To operationally enable selected servers in a group

1. In the Monitoring perspective, select Application Delivery > Virtual Service > Server
Groups.
2. In the Real Servers per Group table, select the required row(s) and click the (Edit) button.
3. From the Real Server per Group Operation drop-down list, select Enable.
4. Click Enable.
To operationally disable selected servers in a group

Groups.
2. In the Server Groups table, select the required server group and click the (Edit) button.
3. In the Real Servers per Group table, select the required row(s).
4. (In Alteon version 30.0.12 and earlier, version 30.2.7 and earlier, version 30.5.5 and earlier, and
version 31.0.2 and earlier) From the Real Server per Group Operation drop-down list, select
Disable.
5. (In Alteon version 30.2.8 and later, version 30.5.6 and later, and version 31.0.3 and later) From
the Real Server per Group Operation drop-down list, select from the following options how to
shut down the selected real servers in the server group:
— Disabled—Disables the server and removes the existing sessions using the disabled-with-
fastage option.
— Connections Shutdown—Continues sending to the server traffic belonging to active
connections but denies any new connections.
— Sessions Shutdown—Continues sending to the server traffic belonging to active connections
and accepts new connections if they belong to persistent session entry.
6. Click the button next to the Real Server per Group Operation drop-down list.
To monitor information of the real servers in a server group

Groups.
2. Double-click the relevant server group.
The Real Servers per Group table shows the following statistics:
Table 296: Real Servers per Group Statistics
Status The real server configuration status in the group.
Values: Enable, Disable, Connection Shutdown, Sessions Shutdown

Table 296: Real Servers per Group Statistics (cont.)
Server State The run-time state of the real server in the group.
Values: Running, Failed, Overloaded.
(The Overloaded status is available only in version 30.2.10.0 and later,
version 30.5.8.0 and later, version 31.0.5.0 and later, and version
32.0.1.0 and later.)
Operational Status The operational status of the server.
Values: Enable, Disable, Connection Shutdown, Sessions Shutdown
Real Server ID The ID of the real server.
IP Address The IP address of the real server.
Description The description of the real server.
Current (Sessions) The current number of sessions that the real server is handling.
Total (Sessions) The total number of sessions that the real server has handled.
Highest (Sessions) The highest number of concurrent sessions that the real server has
handled.
Bytes The total number of bytes that the real server has handled.
View a FastView Web Application

You can view details about any FastView Web applications from the Monitoring section.
To access monitoring details for FastView Web applications

1. Navigate to Monitoring > Application Delivery > Virtual Service > Virtual Servers.
Note: You can also access this information directly from the Content Rule pane or the FastView
Web Application pane.
2. Select the Web application you want to view in the Virtual Services of Selected Virtual Server
pane.
3. Select the FastView tab on the View Virtual Service pane.
4. View the information available for each virtual service:
Table 297: Virtual Service
Transactions The counter of current, total, and peak HTTP GET requests served by
FastView for this virtual service within the measured period.
HTML Pages The number of current, total, and peak HTML pages served by FastView.
Some of them may not be optimized, for example if they are excluded in
the configuration.
Optimized Pages The number of current, total, and peak HTML pages optimized and
rewritten by FastView.

Table 297: Virtual Service (cont.)
Tokens Rewritten The number of current, total, and peak substitution performed by FastView.
Compiled Pages The number of current, total, and peak compiled or learned pages.
Bytes Saved with Displays the number of bytes saved by the image reduction treatments on a
Image Reduction resource, and for traffic since the last clear of statistics.
% Bytes Saved with Displays the percentage of bytes saved by the image reductions treatments
Image Reduction on a resource, and for traffic since the last clear of statistics.
Responses with Displays the number of responses that have a modified expiry, and for
Expiry Modified traffic since the last clear of statistics.
% Responses with Displays the percentage of responses with a modified expiry, and for traffic
Expiry Modified since the last clear of statistics.
Time since last device The time since the device was last reset and traffic statistics were cleared.
reset / clear statistics
Monitoring and Controlling APM

This feature is available only in version 30.0 and later on Alteon standalone, VA, and vADC.
To monitor APM
1. Depending on your Alteon version, do one of the following:
— For Alteon version 30.2 or later, in the Monitoring perspective, select Application Delivery
> Virtual Service > APM.
— For Alteon version 30.5 or later, in the Monitoring perspective, select Application Delivery
> Server Resources > APM.
— For Alteon version 31.0 or later, and version 32.1 or later, in the Monitoring perspective,
select Application Delivery > Virtual Servers > APM.
Table 298: Virtual Servers Monitoring Parameters
Virtual Server ID The ID of the virtual server.
Service The service identifier.
Monitoring and Controlling SSL

You can view and monitor the SSL filter parameters (read only).
The SSL Summary parameters are shown for both Frontend SSL Summary and Backend SSL
Summary, for both current and total values.

Note: In some previous versions, some of the SSL monitoring parameters are shown in the Filters
tab.
To monitor SSL filters

> In the Monitoring perspective, select Application Delivery > SSL.
Table 299: Front-end SSL Summary Parameters
New SSL handshakes The number of current new SSL handshakes per second, and the total
number of SSL handshakes per second.
Reused SSL handshakes The number of current reused SSL handshakes per second, and the
Reuse rate The percentage of current and total reuse rate.
Rejected SSL handshakes The number of current rejected SSL handshakes per second, and the
Reused 0-RTT SSL The number of current reused 0-RTT SSL handshakes per second, and
handshakes the total number of reused 0-RTT SSL handshakes
Reuse 0-RTT rate The percentage of current and total reuse 0-RTT rate.
Rejected 0-RTT The number of current rejected SSL handshakes per second, and the
handshakes total number of rejected 0-RTT handshakes.
Non-Expired Ticket The number of current non-expired tickets deleted in percentage, and
Deletion the total number of non-expired ticket deletion.
SSL v3 handshakes The percentage of current and total SSL v3 handshakes.
TLS 1.0 handshakes The percentage of current and total TLS 1.0 handshakes.
HTTP to HTTPS The number of current HTTP to HTTPS redirections.
redirections
Non-expired TLS 1.3 The percentage of current and total non-expired TLS 1.3 tickets
tickets deleted deleted.
Handshake the total number of session ID reuse SSL handshakes.
Handshake
Handshake total number of ticket reuse SSL handshakes.
Handshake

Table 300: Backend SSL Summary Parameters
New SSL handshakes The number of current new SSL handshakes per second, and the total
Reused SSL handshakes The number of current reused SSL handshakes per second, and the
Reused SSL handshakes The percentage of current and total reuse rate.
Rejected SSL handshakes The number of current rejected SSL handshakes per second, and the
SSL v3 handshakes The percentage of current and total SSL v3 handshakes.
Handshake the total number of session ID reuse SSL handshakes.
Handshake
Handshake total number of ticket reuse SSL handshakes.
Handshake
Table 301: Total SSL Parameters
Table 302: General SSL Parameters
SSL Expired Certificate The number of current and total expired SSL certificates per second.
SSL Untrusted Certificate The number of current and total untrusted SSL certificates per second.
SSL Certificate Hostname The number of current and total SSL certificate hostname mismatches
Mismatch per second.
Monitoring SSL Operations (in versions 32.2.x and later)/SSL Client

Authentication (in versions 30.2.x through 31.0.x) and the OCSP /CDP
Cache

When the OCSP or CDP cache is filled with stale responses, you may want to purge the cache.
To monitor SSL client authentication and purge the caches

> In the Monitoring perspective, select Application Delivery > SSL > SSL Operations (in
versions 32.2.x and later)/Client Authentication (in versions 30.2.x through 31.0.x).
Table 303: SSL Operations (in versions 32.2.x and later)/Client Authentication (in versions
30.2.x through 31.0.x) Parameters
Client Authentication Policy ID The Client Authentication Policy ID.
OCSP Cache Purge Purges the cached content of the relevant OCSP responses.
CDP Cache Purge Purges the cached content of the relevant CDP responses.
Inspection Certificate Cache Purge Purges the cached content of the relevant inspection
certificate.
0-RTT Session Tickets Purge Purges the cached content of the relevant 0-RTT session
tickets.
Monitoring SSL Inspection

You can purge the SSL Certificate Cache.
To purge the SSL certificate cache

1. In the Monitoring perspective, select Application Delivery > SSL> SSL Operations.
2. Click Certificate Cache Purge.
Monitoring Security Device Groups

You can view the security device group parameters.
To monitor Security Device Group parameters

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection >
Security Device Groups
Security device parameters include:
• Group Name
• Security Device Type
• Health Check
• Current Sessions
• Total Sessions
• Highest Sessions
• Total Bytes

Monitoring Security Devices

You can set the real server operation and monitor and view the security device parameters.
To set the real server operation

1. In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection >
Security Devices
2. For the Real Server Operation parameter, select an option from the drop-down list and click
Enable/Disable (as applicable)
Table 304: Real Server Operations—Options
Enable Enables the selected real server(s).
Disable Disables the selected real server(s) immediately and close existing
connections.
Persistency 1. Does not accept new connections.
Disable & Fastage Existing Gracefully disables the real server, having the server do the following:
1. Does not accept new connections.
2. Fastages existing sessions.
3. Disables the real server when there are no connections on it.
Persistency and Fastage 1. Does not accept new connections.
3. Fastages existing sessions.
To monitor Security Device parameters

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection >
Security Devices
Security device parameters include:
• Status
• Server State
• Operational State
• Real server ID
• security Device Type
• Description
• IP Address

• MAC Address
• Current Sessions
• Total Sessions
• Highest Sessions
• Total Bytes
• Server Failures
Monitoring CDP Group Status

You can view (read-only) the status of the latest successful or failed CRL downloads.
To view the CRL download status

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > CDP
Group
Table 305: CDP Group up Monitoring Parameters
ID The CDP group identifier.
Last Successful Download Shows the day, date, and time of the last successful CRL download per
CDP group.
Last Failed Download Shows the day, date, and time of the last failed CRL download per CDP
group.
Monitoring OSCP
You can view (read-only) the OSCP status as a summary or per OSCP server.
To view the OSCP status

> In the Monitoring perspective, select Application Delivery > SSL > SSL Inspection > OSCP
Table 306: OSCP Monitoring - Summary Parameters
OCSP Validation/Stapling Requests
Validation/Stapling The number of times we attempted an OCSP connection (regardless if
Attempts it was successful or not).
Successful OCSP The number of times we were able to connect the OCSP server and got
Connections an OCSP response (regardless if the response was good or not).
Successful Validations/ The number of times the OCSP was successful (connection/cache +
Stapling Requests validation).
Failed Validations/Stapling The number of times failed due to connection error / validation error.
Requests
Handled from Cache The number of times we got the response from cache.

Table 306: OSCP Monitoring - Summary Parameters
Failed OCSP Connection The number of times all connection attempts (according to retry logic)
Attempts failed.
Failed OCSP Connection The number of times a single retry failed. (For example, if we had 5
Retries retries and they all failed we will get five failed retries and one failed
connection attempts (previous stat).)
Validation Stapling Failure Reasons
Certificate Revoked The certificate is breached.
Unknown Certificate The OCSP server had no information regarding the certificate.
Irrelevant Response The OCSP server answered about a different certificate.
Bad Response The the response was problematic.
General Failure Indicates an internal problem.
Invalid Algorithm The OCSP response is signed by an algorithm different than what we
configured.
Invalid Signature The OCSP signature was made by a trusted CA that is not configured in
the authentication policy.
Invalid Nonce The nonce is a random number sent in the OCSP request and must be
returned in the OCSP response in order to avoid reply attacks. Invalid
nonce means a non-existing or different nonce than we sent.
Invalid Time The time of the response is out of range of the time deviation
configured.
Certificate Status (Stapling) Responses
Certificate Status The number of times Alteon, as a client, asked for stapling in client
Response Received hello and received the response.
Certificate Status The number of times Alteon, as a client, asked for stapling in client
Response Not Received hello and didn’t received the response.
Table 307: OSCP Monitoring - Per OCSP Server Parameters
OCSP Server The URL of the OCSP server.
Request Method The response method that the OCSP server supports - via HTTP POST
or HTTP GET.
Successful OCSP The number of times we were able to connect the OCSP server and got
Connections an OCSP response (regardless if the response was good or not).
Successful Validations/ The number of times the OCSP was successful (connection/cache +
Stapling Requests validation).
Failed OCSP Connection The number of times a single retry failed.
Retries
Failed Validations/Stapling The number of times failed due to connection error / validation error.
Requests
Validation / Stapling Failure Reasons
Certificate Revoked The certificate is breached.
Unknown Certificate The OCSP server had no information regarding the certificate.
Irrelevant Response The OCSP server answered about a different certificate.

Table 307: OSCP Monitoring - Per OCSP Server Parameters
Bad Response The the response was problematic.
General Failure Indicates an internal problem.
Invalid Algorithm The OCSP response is signed by an algorithm different than what we
configured.
Invalid Signature The OCSP signature was made by a trusted CA that is not configured in
the authentication policy.
Invalid Nonce The nonce is a random number sent in the OCSP request and must be
returned in the OCSP response in order to avoid reply attacks. Invalid
nonce means a non-existing or different nonce than we sent.
Invalid Time The time of the response is out of range of the time deviation
configured.
Monitoring Traffic Match Criteria

Traffic Match Criteria comprises the following topic:
• Monitoring URL Filtering, page 416
Monitoring URL Filtering

This feature lets you view the URL filtering information for a selected URL filter.
To monitor URL filtering

1. In the Monitoring perspective, select Application Delivery > Traffic Match Criteria > URL
Filtering.
2. Select a row and click the button to view the URL filtering information for the selected URL
filter.
3. If you want to clear the URL filtering statistics, click Clear Statistics.
4. If you want to purge the URL filtering cache, click URLF Cache Purge.
Table 308: URL Filtering Parameters
Subcategory The URL filter subcategory hits status.
Category The URL filter category hits status.
Count The URL filter count statistics.

Monitoring and Controlling Application Services

Monitoring and controlling application services comprises:
• Monitoring Event Logging, page 417
• Monitoring and Controlling HTTP, page 425
Monitoring Event Logging

This section describes the following topics:
• Monitoring Virtual Service Events, page 417
• Monitoring Filter Events, page 420
• Monitoring Event Logging Summary, page 422
Monitoring Virtual Service Events
To monitor virtual service traffic event statistics

1. In the Monitoring perspective, select Application Delivery > Application Services > Event
Logging.
2. Select the Virtual Services Events tab.
Table 309: Virtual Services Events Parameters
Virtual Server ID The virtual server ID
Port The virtual server port.
Current (per Sec)
HTTP Request The current number of HTTPS request events per second.
Frontend SSL The current number of front-end SSL events per second.
Layer 4 The current number of Layer 4 events per second.
Total
Total HTTP Request The number of HTTPS request events since Alteon was last reset.
Total Frontend SSL The number of front-end SSL events since Alteon was last reset.
Total Layer 4 The number of Layer 4 events since Alteon was last reset.

Monitoring Virtual Service Event Entries
To monitor traffic event statistics for a specific virtual service

Logging.
2. Select the Virtual Services Events tab.
3. In the Virtual Services Events table, double-click a virtual service entry, or select an entry and
click the (View) button.
Table 310: Virtual Services Event Entry Parameters
Virtual Server ID The virtual server ID
Port The virtual server port.
Traffic Event Sent Successful
HTTP Request Current (per Sec)—The current number of successful HTTPS request
events per second.
Total—The number of successful HTTPS request events since Alteon was
last reset.
HTTP Response Current (per Sec)—The current number of successful HTTPS response
events per second.
Total—The number of successful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of successful front-end SSL
events per second.
Total—The number of successful front-end SSL events since Alteon was
last reset.
Backend SSL Current (per Sec)—The current number of successful back-end SSL
events per second.
Total—The number of successful back-end SSL events since Alteon was
last reset.
Layer 4 Current (per Sec)—The current number of successful Layer 4 events
per second.
Total—The number of successful Layer 4 events since Alteon was last
reset.
Unified Current (per Sec)—The current number of successful unified HTTP
(Available only in Alteon transaction events per second.
version 32.4.1 and Total—The number of successful unified HTTP transaction events since
later.) Alteon was last reset.
Unified Normal You can limit the number of events per second with a severity level of
(Available only in Alteon normal or exception that are generated per application to reduce traffic
version 32.4.1 and event log volume and to protect and predict traffic log storage.
later.) Current (per Sec)—The current number of events per second with
Normal severity that were generated.
Total—The total number of events with Normal severity that were
generated since the last device reboot or statistics reset.

Table 310: Virtual Services Event Entry Parameters (cont.)
Unified Normal (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Normal severity
version 32.4.1 and that were generated compared to all Normal severity events per second.
later.) Total—The percentage of the total events with Normal severity that
were generated compared to a all Normal events.
Unified Exception You can limit the number of events per second with a severity level of
Exception severity that were generated.
Total—The total number of events with Exception severity that were
Unified Exception (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Exception
version 32.4.1 and severity that were generated compared to all Exception severity events
later.) per second.
Total—The percentage of the total events with Exception severity that
were generated compared to a all Exception events.
Traffic Event Sent Failure
HTTP Request Current (per Sec)—The current number of unsuccessful HTTPS request
events per second.
Total—The number of unsuccessful HTTPS request events since Alteon
was last reset.
HTTP Response Current (per Sec)—The current number of unsuccessful HTTPS
response events per second.
Total—The number of unsuccessful HTTPS response events since Alteon
was last reset.
Frontend SSL Current (per Sec)—The current number of unsuccessful front-end SSL
events per second.
Total—The number of unsuccessful front-end SSL events since Alteon
was last reset.
Backend SSL Current (per Sec)—The current number of unsuccessful back-end SSL
events per second.
Total—The number of unsuccessful back-end SSL events since Alteon
was last reset.
Layer 4 Current (per Sec)—The current number of unsuccessful Layer 4 events
per second.
Total—The number of unsuccessful Layer 4 events since Alteon was last
reset.
Traffic Events Failure Reasons
Missing Events Fields Current (per Sec)—The current number of unsuccessful events per
second that failed for this reason.
Total—The number of unsuccessful events since Alteon was last reset
that failed for this reason.

Table 310: Virtual Services Event Entry Parameters (cont.)
Events Allocation Failed Current (per Sec)—The current number of unsuccessful events per
Events Queue is Full Current (per Sec)—The current number of unsuccessful events per
Monitoring Filter Events
To monitor filter traffic event statistics

Logging.
2. Select the Filter Events tab.
Table 311: Filter Events Parameters
Filter ID The virtual server ID
Current (per Sec)
HTTP Request The current number of HTTPS request events per second.
Frontend SSL The current number of front-end SSL events per second.
Layer 4 The current number of Layer 4 events per second.
Total
Total HTTP Request The number of HTTPS request events since Alteon was last reset.
Total Frontend SSL The number of front-end SSL events since Alteon was last reset.
Total Layer 4 The number of Layer 4 events since Alteon was last reset.
Monitoring Filter Event Entries
To monitor traffic event statistics for a specific filter

Logging.
2. Select the Filter Events tab.
3. In the Filter Events table, double-click a filter entry, or select an entry and click
the (View) button.

Table 312: Filter Event Entry Parameters
Filter ID The filter ID
Traffic Event Sent Successful
events per second.
last reset.
events per second.
was last reset.
events per second.
last reset.
events per second.
last reset.
SSL Inspection Current—The current number of successful SSL inspection hostname
Hostname Bypass bypass events per second.
Total—The number of successful SSL inspection hostname bypass
events since Alteon was last reset.
per second.
reset.
events per second.
was last reset.
was last reset.
events per second.
was last reset.
events per second.
was last reset.

Table 312: Filter Event Entry Parameters (cont.)
per second.
reset.
Traffic Events Failure Reasons
Monitoring Event Logging Summary
To monitor combined traffic event statistics for virtual services and filters
Logging.
2. Select the Summary tab.
Table 313: Summary Parameters
Traffic Event Sent Successfully
events per second.
last reset.
events per second.
was last reset.

Table 313: Summary Parameters (cont.)
events per second.
last reset.
events per second.
last reset.
per second.
reset.
Unified Current (per Sec)—The current number of successful unified HTTP
version 32.4.1 and Total—The number of successful unified HTTP transaction events since
Unified Normal You can limit the number of events per second with a severity level of
Normal severity that were generated.
Total—The total number of events with Normal severity that were
Unified Normal (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Normal severity
version 32.4.1 and that were generated compared to all Normal severity events per second.
later.) Total—The percentage of the total events with Normal severity that
were generated compared to a all Normal events.
Unified Exception You can limit the number of events per second with a severity level of
Exception severity that were generated.
Total—The total number of events with Exception severity that were
Unified Exception (%) The percentage is relevant when the event per second limit is defined.
(Available only in Alteon Current (per Sec)—The percentage of the events with Exception
version 32.4.1 and severity that were generated compared to all Exception severity events
later.) per second.
Total—The percentage of the total events with Exception severity that
were generated compared to a all Exception events.

Unified Security You can limit the number of events per second with a severity level of
Security severity that were generated.
Total—The total number of events with security severity that were
Security Current (per Sec)—The current number of successful Security
version 32.6.1 and Total—The number of successful Security transaction events since
events per second.
was last reset.
was last reset.
events per second.
was last reset.
events per second.
was last reset.
per second.
reset.
Traffic Events Failure Reason

Monitoring and Controlling HTTP

Monitoring and controlling HTTP includes the following features on the HTTP Services pane:
• In Alteon version 30.2 and later, HTTP Statistics
• Cache Purge of HTTP Content
• Flushing Learned FastView Optimizations
HTTP Services
HTTP services include:
• Viewing HTTP Statistics, page 425
• Purging Cached Content of HTTP Responses, page 426
• Flushing Learned FastView Optimizations, page 426
Viewing HTTP Statistics

You can view statistics for supported versions of HTTP.
To view HTTP statistics

1. In the Monitoring perspective, select Application Delivery > Application Services > HTTP.
2. Select the HTTP tab.
Table 314: HTTP Statistics Parameters
measuring period.
measuring period.

Table 314: HTTP Statistics Parameters (cont.)
measuring period.
measuring period.
measuring period.
measuring period.
Purging Cached Content of HTTP Responses

When the caching criteria or the server content has changed, you may want to purge the cached
content of HTTP responses.
To purge cached content of HTTP responses

2. Select the Cache Purge tab.
3. Configure the following parameters, and then, click Purge.
Table 315: HTTP Cache Parameters
Virtual Server The virtual server or all virtual servers.
Service Port The port of the virtual service or all virtual-service ports.
Object URL The specific object URL or a URL with wildcard (*) in it.
Flushing Learned FastView Optimizations

If you are using FastView, you can flush learned FastView optimizations.

To flush learned FastView optimizations

2. Select the FastView tab.
— To flush selected learned FastView Web applications, filter the FastView Web Applications
table by Web Application ID or State, select the required entries, and then click the
button.
— In Alteon version 30.2 and later, this option is no longer available. To flush all the learned
FastView Web applications, click the button.
Viewing FastView Diagnostics

Diagnostics provide runtime information on your selected Web application, providing you a better
understanding of the internal optimization process and its outputs, including instructions sets and
resources. There are a few actions that you can perform in response, but primarily the diagnostics
provide a summary of the selected Web application’s configuration and where this information is
stored.
You can view various diagnostics for your FastView Web applications including:
• Optimization Status
• Workload Monitor
• Resource Library
• Instruction List
To view diagnostics for FastView Web applications.

1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2. Select the appropriate Web application.
3. Select Diagnostics.
Note: The FastView Web Applications tab stays active once you launch it. If you want to view
diagnostics for another Web application, you can navigate from the FastView Web Applications
tab or close the tab and reopen from the HTTP page, with another Web application selected.
Resource Library
The Resource Library tab displays a list of all modified resources for a Web application.
By selecting any resource on the list, you can find out more details about it, including its treated
name, if it is in a preload list, and so on.
The following information is listed for each resource.
• ID
• Name

• Size
• Created (date is displayed)
• Accessed (date is displayed)
Note: It can be very difficult to find individual treated resources using the Resource Library, as the
list is not sorted by treated or untreated name, and has no indication of what page it is on. Radware
recommends that you use the ?printcompileinfo parameter, which specifically displays
information about treated resources for a specific page.
Instruction Lists
Each time a page is optimized for a client browser, it is called an instruction. Instructions are a
representation of a treated HTML document and the manner in which it is rewritten to call treated
resources. It does not represent the treated resources themselves, except when those resources
have been inlined into the page as part of a treatment.
• Working with Instruction Lists, page 428
• Instruction Details, page 428
• Substitution Lists, page 428
• Treatment Information, page 429
Working with Instruction Lists

Use the following procedure to access the instruction lists.
To access the instruction list

1. Navigate to Monitoring > Application Delivery > Application Services > HTTP.
2. Select the Web application for which you want the instruction list.
3. Select Diagnostics.
4. Select the Instruction List tab.
The instruction list contains a list of all the compiled pages for the Web Application, including which
page URL it is for, which Client Group it is part of, and if it is a landing page. Each of these individual
values create a unique page instruction.
Filters
Use the following procedure to filter the instruction set.
To filter the instruction set

1. Select the filter options: URL contents, client groups, landing page, rows per page.
2. Click Refresh Instruction List.
Instruction Details
You can drill down into each instruction to get more details about it.
Parameters that indicate the health of the instruction include: Recompiling?, Requires Compile?,
and At Threshold?.
Substitution Lists

The details page also includes both primary and secondary substitution lists. These display what was
the original text on a compiled text or HTML page, and what is now being provided to a user.
Treatment Information
Some types of treatment information is also provided on this page. The details of these vary
between treatments, however the common information includes:
• Is the treatment enabled?
• Has the treatment reached its threshold?
• Does it require compilation?
Note: The treatment information here does not necessarily align with the actual FastView for
Alteon NG treatments. These are representative of the processes that are applied to a page
when they undergo acceleration treatment.
Dashboard Tab
The Dashboard tab includes details on:
• Optimization Status, page 429
• Workload Monitor, page 430
From the Dashboard tab, you can:

• Navigate to different Web applications using the Selected WebApp drop-down.
• Refresh the results with the Refresh icon in the top right corner of the Dashboard tab.
Optimization Status
The Optimization Status displays the following information:
• Optimization by Instruction, page 429
• Optimization by Page View, page 430
• Settings, page 430
Optimization by Instruction
This displays the various instructions that are being treated by FastView. An instruction is a unique
view of a Web page (based on Web browser client and page compile type). For example, /
home.aspx is viewed as a non-landing page by Internet Explorer 7 browsers creates a single
instruction.
Each instruction can be in one of the following states:
• Queued—The instruction is being served as untreated. FastView is ready to process the
instruction for treating, but it is currently in a queue.
• First Compile—The instruction has been served as treated, but FastView has only viewed the
page once. FastView still needs to process the page to learn how to provide instructions.
• Learning—The instruction is being served as treated, but FastView is still learning how to treat
the instruction. The next time FastView serves the page, it may be treated differently depending
on how the next few unique browsers request the instruction. This continues until the Compiled
threshold (number of same unique views) occurs.
• Compiled—The instruction has been requested enough times (defined by unique page views
that are the same) to consider the page as Compiled. FastView does not continue to process
the page until it goes through a touch-up or recompile.

• Touchup—The percentage of instructions that are in the Touchup state. This indicates that the
instruction will still be served, but FastView will examine the next request to the instruction to
ensure that everything is still valid.
• Recompile—Instructions in the Recompile state have expired. A request to the instruction
causes it to go into a Learning state again.
The graph indicates, by percentage, where the instructions are located in the system. For detailed
information on a specific instruction, see Instruction Lists, page 428.
Optimization by Page View
This displays the status of unique views rather than instruction states. It contains the following:
• Unaccelerated—The viewed page was unaccelerated.
• Learning—The viewed page displayed to the client as accelerated, but FastView is still learning
the best way to treat the page.
• Accelerated—The page served to the client was accelerated by FastView.
The Optimization by Page View is a cumulative view of each unique request to a page. The following
workflow illustrates how values display in this section:
1. Person A browses to home.aspx. 100% of page views display in the Unaccelerated state.
2. Person B and Person C now browse to the same page. Each of these users add to the Learning
state. This results in 33% Unaccelerated and 66% Learning.
3. Person D now browses to the same page. The page has a compile threshold set to three unique
views which has been reached by Persons A, B and C. Because of this, the request is set to the
Accelerated state. This results in 25% Unaccelerated, 50% Learning, and 25%
Accelerated.
Settings
This section displays the current FastView settings. These values are generally not configurable:
• Compile Threshold—The number of unique page views that must be requested of an
instruction before it can go into the Compiled state. The default unique views is three.
• Touch-Up Interval—The number of minutes that FastView waits per compiled instruction
before it re-examines it for the next request. This value is the starting value for the Touch-Up
Interval and is on a sliding scale. The more static the instruction, the longer the next touch-up
interval takes. The default Touch-Up Interval is five minutes.
• Recompile Interval—The number of minutes that FastView waits per compiled instruction
before it discards the instruction and performs full recompile. The default recompile time is 1440
minutes or one day.
The Touch-Up Interval, Recompile Interval, and Invalidation framework help to FastView recognize
changing data on your Web server after the initial instruction compilation has occurred.
Workload Monitor
The Workload Monitor displays the amount of processing FastView is currently performing.
The Peak, Current, Average, and Total values for the following rates are displayed with the following
values:
• Request Rate—The number of unique pages requested through FastView. This provides a
Pages Per Second (PPS) view of your traffic.
• Parse Rate—The amount of information that FastView has looked at for potential replacement
in a page. Any rewriting (such as replacement tokens, URL renaming) is considered and
displayed in tokens per second/minute (tkps/tkpm).

• Rewrite Rate—The amount of information that FastView actually acts upon when replacing
data in Web content that is served. This is also displayed in number of tokens per second/minute
(tkps/tkpm).
• Compile Rate—The number of instructions compiled by FastView. As pages eventually stop
being compiled after they pass the Learning state, this number should increase greatly when
your site is first started or modified, and slowly as FastView learns how to provide the treated
pages.
Monitoring LinkProof
Monitoring LinkProof services comprises:
• Monitoring WAN Links, page 431
• Monitoring WAN Link Groups, page 432
• Monitoring Proximity, page 433
• Monitoring Smart NAT, page 433
Monitoring WAN Links

To monitor WAN link statistics

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.
2. Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.
3. If you want to clear all WAN link data, click Clear All.
Table 316: WAN Link Parameters
Status The WAN link status, per WAN link ID.
(Per WAN Link ID)
ID The WAN link ID
(Per WAN Link ID)
IP Address The WAN link IP address.
Download Bandwidth - The current download bandwidth, in Mbps, of the WAN link.
Current [Mbps]
Download Bandwidth - The utilization of the download bandwidth, of the WAN link.
Utilization
Upload Bandwidth - The current download upload, in Mbps, of the WAN link.
Current [Mbps]
Upload Bandwidth - The utilization of the upload bandwidth, of the WAN link.
Utilization
Total Bandwidth - Current The current total (download and upload) bandwidth, in Mbps, of the
[Mbps] WAN link.
Total Bandwidth - The utilization of the total (download and upload) bandwidth, of the
Utilization WAN link.

Table 316: WAN Link Parameters (cont.)
Concurrent Connections The number of concurrent connections of the WAN link.
Viewing Statistics of a WAN Link

To view statistics of a WAN link

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Links.
2. Select the tab to view WAN Link data Per WAN Link IP or Per WAN Link ID.
3. Select a row and click the button to view the WAN Link measurements for the selected WAN
link.
Table 317: Statistics of a WAN Link Parameters
WAN Link Status The WAN link status, per WAN link ID.
WAN Link ID The WAN link ID
IP Address The WAN link IP address.
Connections The number of concurrent connections of the WAN link.
Time Since Device Reset/ The time and date of last device reset or clearing the statistics
Statistics Clear
Current Bandwidth Mbps The current download, upload, and total bandwidth, in Mbps, of the
WAN link.
Peak Bandwidth Mbps The peak download, upload, and total bandwidth, in Mbps, of the WAN
link.
Utilization The utilization of the download, upload, and total bandwidth, of the
WAN link.
Timestamp The timestamp of the download, upload, and total bandwidth, of the
WAN link.
Byte Transfered MB The number of bytes transfered, in MB, of the download, upload, and
total bandwidth, of the WAN link.
Monitoring WAN Link Groups

To monitor WAN link group statistics

1. In the Monitoring perspective, select Application Delivery > LinkProof > WAN Link Groups.
2. Select a row and click the button to view the WAN Link Group measurements for the
selected WAN link group.
3. If you want to clear all WAN Link Group data, click Clear All.

Table 318: WAN Link Group Parameters
WAN Link Group ID The WAN link group ID.
Download The download bandwidth of the WAN link group.
Upload The upload bandwidth of the WAN link group.
Total The total (download and upload) bandwidth of the WAN link group.
Concurrent Connections The number of concurrent connections of the WAN link group.
Monitoring Proximity
To monitor proximity
1. In the Monitoring perspective, select Application Delivery > LinkProof > Proximity.
2. Select a row and click the button to view the proximity measurements for the selected WAN
link (see Smart NAT Parameters).
3. If you want to clear all proximity data, click Clear Proximity Table.
Table 319: Proximity Parameters
Subnet The network subnet for which proximity data is available. For each
subnet, proximity data is available for up to three (the best three)
WAN Links.
For each WAN Link
WAN Link IP The IP address of the WAN link.
Round Trip Time The time, in seconds, required for the round trip to the specified
subnet via this WAN link.
Hops The number of hops to the specified subnet via this WAN link.
For the entire entry
Time to Live (min) The time, in minutes, after which the entry is cleared. Once the entry
is cleared, if new requests arrive for this subnet, proximity is checked
and a new entry is created.
Monitoring Smart NAT
To monitor Smart NAT

1. In the Monitoring perspective, select Application Delivery > LinkProof > Smart NAT.
2. If you want to clear Smart NAT data from the Smart NAT table, select one of the following
options: Clear All, No NAT, Static NAT, or Dynamic NAT, and then click Clear Smart NAT
Table.
3. Select a row and click the button to view the Smart NAT parameters.

Table 320: Smart NAT Parameters
Smart NAT ID Specifies the identifier for this NAT address.
Current Sessions The number of current NAT sessions.
Total Sessions The number of total NAT sessions
Monitoring Global Traffic Redirection Statistics

In Alteon version 30.2.3.0 and later, you can view statistics for the traffic that was globally
redirected.
The following data is available:
• Monitoring Global DNS and HTTP Redirection Statistics, page 434
• Monitoring Remote Real And Virtual Server Statistics, page 435
• Monitoring Client Network Rule Statistics, page 436
• Monitoring DNS Redirection Rule Statistics, page 436
• Monitoring DNS Zone Statistics, page 437
Monitoring Global DNS and HTTP Redirection Statistics
To view global DNS and HTTP traffic redirection statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection.
Table 321: Global Traffic Redirection: DNS Statistics
Total DNS requests The total number of DNS queries received.
Total DNSSEC requests The total number of DNSSEC requests received.
Current DNS requests The number of DNS requests currently being processed.
Current DNSSEC requests The number of DNSSEC requests currently being
processed.
Current DNS requests per second The number of DNS requests received per second.
Current DNSSEC requests per second The number of DNSSEC requests received per second.
Total DNS responses The total number of DNS responses sent by Alteon
(includes DNS records and DNS error responses).
Total NSEC record answers The number of NSEC records answered since boot time.
Total UDP DNS requests The total number of DNS queries received over UDP
transport.
DNSSEC requests percentage The number of DNSSEC requests received per second.
Total TCP DNS requests The total number of DNS queries received over TCP
transport.
Total invalid DNS requests The total number of malformed DNS queries received.

Table 321: Global Traffic Redirection: DNS Statistics (cont.)
Total domain parse errors The total number of DNS queries with short or invalid
domain names received.
No matching domain occurrences The number of times the DNS queries received did not
match the hostname or configured domain name.
Threshold exceeded occurrences The number of times the threshold was exceeded.
Last source IP The source IP address of the last DNS query or HTTP
request received.
Last no result domain The last domain received that did not match the
hostname, domain name, or the network domain
configured.
Table 322: Global Traffic Redirection: HTTP Statistics
Total HTTP Requests The total number of HTTP requests received.
Total HTTP Responses The total number of HTTP responses sent by Alteon that
redirects traffic to a different site.
Bad HTTP Requests The number of bad/dropped client HTTP requests. Client
HTTP GET request packets that do not contain the entire
URL are considered bad and are dropped.
Table 323: Global Traffic Redirection: DNS Persistence Cache Statistics
Current The number of persistent DNS entries currently active.
Highwater The highest number of persistent DNS entries ever
recorded.
Maximum The maximum number of entries in the persistent DNS
cache.
Monitoring Remote Real And Virtual Server Statistics

In Alteon version 30.2.3.0 and later, you can view statistics for remote real servers and local virtual
servers that participate in a global solution.
To view remote real and virtual server statistics

> In the Monitoring perspective, select Application Delivery > Global Traffic Redirection >
Remote Real And Virtual Servers.
Table 324: Remote Real Server Statistics
Real Server ID The remote real server ID.
Server IP Address The IP address of the virtual server.

Table 324: Remote Real Server Statistics (cont.)
Threshold Exceeded Hits The number of times the threshold was exceeded.
DNS Redirects The number of DNS responses that return the IP address
of this server.
HTTP Redirects The number of HTTP requests redirected to this server.
Table 325: Virtual Server Statistics
Virtual Server ID The local virtual server ID.
IP Version The IP version of the virtual server.
Server IP Address The IP address of the virtual server.
Threshold Exceeded Hits The number of times the threshold was exceeded.
DNS Redirects The number of DNS responses that return the IP address
of this server.
Monitoring Client Network Rule Statistics

In Alteon version 30.2.3.0 and later, you can view statistics per client network.
To view client network rule statistics

Network Preference.
Table 326: Client Network Rule Statistics
Network ID The client network ID.
IP Address The client network IP address.
Hits The number of times DNS queries were received from
clients belonging to this network.
Monitoring DNS Redirection Rule Statistics

In Alteon version 30.2.3.0 and later, you can view statistics per DNS redirection rule. When a
different DNS rule is configured for each domain, these statistics provide a view per domain.
To view DNS rule statistics

Rules.

Table 327: DNS Rule Statistics
Rule ID The DNS rule ID.
Total Hits The number of times the DNS queries received matched
the specific DNS redirection rule ID.
Monitoring DNS Zone Statistics

In Alteon version 30.2.3.0 and later, you can view statistics for the DNS zones defined under
DNSSEC capability.
To view DNZ zone statistics

DNS Zones.
Table 328: DNS Zones: DNS Zone Statistics
DNS Zone ID The DNS zone ID.
Total DNS Requests The total number of DNS queries received.
UDP DNS Requests The total number of DNS queries received over UDP
transport.
TCP DNS Requests The total number of DNS queries received over TCP
transport.
Total DNSSEC Requests The total number of DNSSEC requests received.
Table 329: DNS Zones: View Detailed Zone Statistics
Total DNS requests The total number of DNS queries received.
Total DNSSEC requests The total number of DNSSEC requests received.
DNSSEC requests percentage The number of DNSSEC requests received per second.
Current DNS requests per second The number of DNS requests received per second.
Total UDP DNS requests The total number of DNS queries received over UDP
transport.
Total TCP DNS requests The total number of DNS queries received over TCP
transport.
Total invalid DNS requests The total number of malformed DNS queries received.
Total NSEC record answers The number of NSEC records answered since boot time.

Monitoring AppShape++ Statistics
To monitor AppShape++ statistics

1. In the Monitoring perspective, select Application Delivery > AppShape++.
2. Select the required row, and click Edit Row.
3. View the parameters, and click OK.
AppShape++ statistics are described in the following table:
Table 330: AppShape++ Statistics
Statistic Description
Script ID The identifier for the AppShape++ script.
Event The event name that appears in the AppShape++ script ID.
Activation The number of times that the AppShape++ script or script event was
activated.
Failures The number of times that the AppShape++ script failed, and the failure
distribution between the script events (how many of the failures occurred
during treatment of each event).
Aborts The number of times that the AppShape++ script was aborted, and the abort
distribution between the script events (how many of the aborts occurred
during treatment of each event).

CHAPTER 14 – MONITORING AND
CONTROLLING VADC
This chapter describes monitoring vADC operations.
This feature is available only in ADC-VX mode.
Notes
• For information on monitoring Alteon device performance using the Device Performance Monitor,
see Using the Device Performance Monitor, page 445.
• For more information on this feature, see the Alteon Web Based Management Application Guide.
Monitoring and Rebooting vADCs

For more information on this feature, see the Alteon Web Based Management Application Guide.
To monitor vADCs
> In the Monitoring perspective, select vADC > vADC.
Table 331: vADC Parameters
Status The status of the vADC.
vADC ID The vADC ID.
Boot Action The boot action.
vADC Name The vADC name.
Capacity Units The number of capacity units associated with this vADC.
SP Utilization The percentage of SP utilization.
vMP Utilization The percentage of vMP utilization.
Throughput Utilization The percentage of throughput utilization.
Up Time The length of time this vADC has been running (in
<days>D<hours>H<minutes>M<seconds>S format) since its last
reboot.
To reboot a vADC
1. In the Monitoring perspective, select vADC > vADC.
2. Select the row with the relevant vADC and click Reset vADC.

Monitoring and Controlling vADC

IP REPUTATION SECURITY
This chapter describes monitoring Alteon IP reputation.
IP reputation is a security feature that protects Alteon from known malicious IP addresses.
Using a dynamic list of IP addresses list, the Alteon security administrator can easily and effectively
stop network-based IP threats that are targeting the network.
The administrator can define whether to allow, block, or alert malicious IP addresses based on
region, category (Tor Exit Nodes or Malicious IPs in Alteon version 31.0.5 and later, SPAM or
MALWARE in Alteon version 32.0.1), or risk severity level.
An IP reputation license is required for IP reputation functionality.
You can enable IP reputation for each vADC from the ADC-VX Web Based Management interface.
Note: Applying IP reputation to a vADC requires a vADC reboot.

• Monitoring IP Reputation Database Connections, page 441
• Monitoring Hits per Action, page 442
• Monitoring White List Hits, page 442
• Monitoring the IP Reputation Activity Log, page 442
Monitoring IP Reputation Database Connections

You can view the status of Alteon connections to IP reputation databases, and reset database
counters.
To view the status of connections to IP reputation databases

> In the Monitoring perspective, select Security > IP Reputation.
Table 332: IP Reputation Status Parameters
Status The status of the connection to the IP reputation database.
Reason The reason for a database connection failure.
Baseline DB Update
Last Attempt The last time an update was received from the database.
Last Attempt Status The status of the last attempted connection to the database.
Delta DB Update
Last Attempt The last time an update was received from the database.
Last Attempt Status The status of the last attempted connection to the database.

Monitoring Alteon IP Reputation Security
To clear IP reputation counters

1. In the Monitoring perspective, select Security > IP Reputation.
2. Click Clear All Counters.
Monitoring Hits per Action

You can view the number of IP reputation activities for traffic from blocked, reported, and allowed IP
addresses based on the category (Tor Exit Nodes or Malicious IP addresses in Alteon version 31.0.5
and later, SPAM or MALWARE in Alteon version 32.0.1), and risk severity level (High, Medium, or
Low) of the traffic.
To view the hits per action

2. Select the Hits per Action tab.
Monitoring White List Hits

You can view the total number of hits on the IP addresses added to the IP reputation white list.
To view total white list hits

2. Select the White List hits tab.
Monitoring the IP Reputation Activity Log

Alteon logs the activities of the IP reputation module. The IP reputation activity log displays the last
1000 activities.
To view the IP reputation activity log

1. In the Monitoring perspective, select Security > IP Reputation > Activity Log.
2. To view an entry in the table, select the entry and click the (View) button.
Table 333: IP Reputation Activity Log Parameters
Date and Time The date and time the activity was logged.
Source IP Source IP address of logged traffic.
Country Source country of logged traffic.
Destination IP Destination IP address of logged traffic.
Source Port Source port of logged traffic.

Table 333: IP Reputation Activity Log Parameters (cont.)
Destination Port Destination port of logged traffic.
Direction Direction of logged traffic—Inbound or Outbound.
Category Category of logged traffic—Spam or Malware.
Risk Risk severity level of logged traffic—High, Medium, or Low.
Action Alteon processing of logged traffic—Alarm, Allow, or Block.


CHAPTER 16 – USING THE DEVICE
PERFORMANCE MONITOR
• DPM Overview, page 445
• Opening the Device Performance Monitor, page 446
• Device Performance Monitor Main Interface, page 447
• Displaying and Filtering Sites and Devices, page 448
• Viewing and Managing Reports, page 448
• Exporting Reports, page 449
• Supported Report Categories, page 450
• Viewing Dashboards for Single Standalone and vADC Devices, page 465
• Viewing the Dashboard for ADC-VX Devices, page 468
• Viewing Dashboards for Multiple Standalone and vADC Devices, page 470
DPM Overview
DPM requires a valid license installed on the associated APSolute Vision server.
When DPM is enabled in an Alteon or LinkProof NG device, the device sends its performance data to
APSolute Vision. APSolute Vision processes the data and can display the information in the Device
Performance Monitoring Web interface.
The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with
historical data.
Only one single APSolute Vision server can manage any one Alteon or LinkProof NG device that
sends data to DPM.
Users with the proper roles can launch the DPM Web interface from the APSolute Vision client.
The DPM interface launches in the default browser. See the APSolute Vision Release Notes for the list
of supported browsers.
The sites and Alteon or LinkProof NG devices that display in the DPM are according to your RBAC
scope.
Users with the following roles can launch the DPM Web interface:
• ADC Operator
• ADC + Certificate Administrator
• Administrator
• Device Configurator
• Device Operator
• Device Viewer

Using the Device Performance Monitor
Notes
• For requirements, limitations, and information on configuring DPM parameters in the Alteon or
LinkProof NG device, see the section “Configuring Device Performance Monitoring” in the
• For information on roles, see Role-Based Access Control (RBAC), page 85.
• One Alteon or LinkProof NG ADC with a large configuration consumes about 210 MB hard-disk
space in the course of a year.
• For information on managing the DPM database and DPM technical-support files, see Using
vDirect with APSolute Vision, page 725.
Opening the Device Performance Monitor

The following procedure describes how to open the DPM Web interface.
To open the DPM Web interface
> In the APSolute Vision sidebar menu, select Applications ( ) > DPM.

Device Performance Monitor Main Interface

Figure 62: Device Performance Monitor Screen
Devices pane
Devices pane Organization tab—Displays, according to your filter, the configured sites
and or LinkProof NG, Alteon standalone, vADC, and VA devices. The Deleted Devices
node shows deleted devices on which DPM can show historical reports.
Devices pane Physical tab—Displays, according to your filter, configured sites

and Alteon ADC-VXs.
Content area—Contains the Report and Dashboard tabs. The

Server Time Difference value (near the Modify Filter button)
displays the timezone difference between the PC and the APSolute
Vision server.
Report tab—Displays a report according to report category and type.
Dashboard tab—Displays current alerts and the System,

Network, and Application dashboards for one selected device
in the Devices pane Organization tab.
VX Dashboard tab—Displays the current alerts and

status of various parameters of one selected VX device
in the Devices pane Physical tab.
Multi-Device Dashboard tab—Displays current
alerts and the status of multiple devices selected
in the Devices pane Organization tab.
Properties pane—Displays, according to the configuration in the Devices pane, and the
properties of devices.

Displaying and Filtering Sites and Devices

The Devices pane displays the all sites and Alteon or LinkProof NG devices of the APSolute Vision
(according to your RBAC scope).
You can filter the sites and devices that the DPM displays. The filter does not change the contents of
the tree, only how the DPM displays the tree to you.
The Properties pane displays information about the currently selected devices.
Viewing and Managing Reports

Use the Report tab in the content area to view reports. Reports display static, historical Alteon-
device or LinkProof-NG-device data in various formats (line graph, bar graph, pie-chart, or table).
In addition, you can export reports in many different file formats, for example, PDF, Excel, and so
on.
DPM aggregates historical statistics data to bigger time frames as the time passes, up to one year
back.
Table 334: Aggregation of Historical Data
Sampling Period Time Number of Samples

15 seconds 15 minutes 60
2 minute 1 hour 30
15 minutes 24 hours 96
1 hour 72 hours 72
1 day 3 months 93
1 week 1 year 52
Viewing Reports
The tab that you select in the Devices pane (Organization or Physical) determines which reports you
can view in the Report tab of the content area. You specify the Report Category and Report Type and
configure a filter. Some Report Types are available for more than one Report Category. A Report
Category with the same name displays the same report. For more information on the reports, see
Supported Report Categories, page 450.
To view a report
1. In the Devices pane, select the required tab (Organization or Physical).
2. In the Report tab, from the Report Category drop-down list, select the category, and then,
from the Report Type drop-down list, select the required type. The category determines the
available report types.
3. Configure the filter or filters. The set of filters that you can configure depends on the selected
Report Category.
4. Click Display Report.

To modify a filter when the DPM is displaying a report

1. Click Modify Filter.
2. Configure the filter or filters.
The set of filters that you can configure depends on the selected Report Category, which may
include:
— Filter Time Period—Includes last hour, day, week, month, year, and Custom, with start date/
time and end date/time.
— Filter Scope—In the filter, you can select the object on which to perform the report,
depending on the report type.
— Group By—In the filter configuration, you can specify to display the data per selected object
or grouped by ADC.
3. Click Display Report.
Opening the Filter Window

Use the Filter window to configure Boolean expressions and apply them to selected report
components.
To open the Filter window
> In the content area, click the Filter button ( ).
Exporting Reports
You can export a report in any of the following formats:
• PDF
• HTML
• Excel
• Text
• RTF
• XML
• PostScript
To export a report
1. In the content area, click the Export button ( ), and then, click OK.
— From the Export File Format drop-down list, select the required format.
— Select the checkboxes next to the name or each report component to include in the report.
— If you require, in the File Name text box, modify the file name.

Supported Report Categories

The DPM supports the following report categories:
• ADC/vADC Reports, page 450
• Application Reports, page 455
• Real Server Reports, page 459
• Port Reports, page 461
• VX Reports, page 463
ADC/vADC Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category ADC/vADC:
• Table 335 - ADC CPU Capacity Utilization Report, page 450
• Table 336 - ADC Memory Utilization Report, page 451
• Table 337 - ADC Throughput License Utilization Report, page 452
• Table 338 - ADC System Resources Utilization Report, page 453
• Table 339 - Total Network Statistics per Port Report, page 454
• Table 340 - Network Performance per ADC Report, page 455
The ADC names in the reports correspond to the selected objects in the Devices pane.
Table 335: ADC CPU Capacity Utilization Report
Supported Filter Type/s Component Component Description

This report supports the MP CPU Utilization graph Displays the MP CPU utilization (%) according
following filter type: to time. For vADCs, DPM bases the values on
Filter Time Period— the allocated CUs.
Includes last hour, day,
MP CPU Utilization Peak Displays the peak MP CPU utilization (%) in
week, month, year, and
Usage graph the selected time period. For vADCs, DPM
Custom, with start
bases the values on the allocated CUs.
date/time and end
date/time. Maximum SP CPU Displays, according to time, the maximum SP
Utilization graph CPU utilization (%) from all SPs. For vADCs,
DPM bases the values on the allocated CUs.
Maximum SP CPU Displays the peak SP CPU utilization (%) from
Utilization Peak Usage all the SPs in the selected time period. For
graph vADCs, DPM bases the values on the
allocated CUs.
ADC CPU Capacity Columns:
Utilization table • ADC Name
• Type—MP and SPs
• CPU Utilization (%)
• Time—In dd/MMM/yyyy hh:mm:ss T
format (for example: 31/Jan/2012 03:10
PM)
To sort or filter the table, right-click in a row
and select the option that you require.

Table 336: ADC Memory Utilization Report

This report supports the MP Memory Utilization Displays, according to time, the MP-memory
following filter type: graph utilization (%). For vADCs, DPM bases the
Filter Time Period— values on the allocated CUs.
MP Memory Utilization Displays the peak MP-memory utilization (%)
Peak Usage graph in the selected time period. For vADCs, DPM
Custom, with start date/
bases the values on the allocated CUs.
Maximum SP Memory Displays, according to time, the maximum
Utilization graph SP-memory utilization (%) from all the SPs.
For vADCs, DPM bases the values on the
allocated CUs.
Maximum SP Memory Displays the peak SP-memory utilization (%)
Utilization Peak Usage from all the SPs in the selected time period.
graph For vADCs, DPM bases the values on the
allocated CUs.
ADC Memory Capacity Columns:
• Type—MP and SPs
• Memory Utilization (%)
PM)
To sort or filter the table, select a row and
select the option that you require.

Table 337: ADC Throughput License Utilization Report

This report supports the Throughput License Displays the device throughput utilization
following filter type: Utilization graph according to time. DPM measures the traffic
Filter Time Period— entering all the data ports, and calculates the
Includes last hour, day, values based on the installed throughput
week, month, year, and license (for ADC) or allocated throughput
Custom, with start date/ limit (for vADC).
Throughput License Peak Displays the peak throughput utilization (%)
Usage graph in the selected time period. DPM measures
the traffic entering all the data ports, and
calculates the values based on the installed
throughput license (for ADC) or allocated
throughput limit (for vADC).
License ADC/vADC table Columns:
• ADC Name
• Throughput License (Mb)
• Throughput Peak utilization (%)
ADC Throughput License Columns:
• Throughput Utilization (%)
PM)

Table 338: ADC System Resources Utilization Report

This report supports the Session Utilization graph Displays the session utilization (%) according
following filter type: to time. DPM calculates the values based on
Filter Time Period— the maximum session-table size available on
Includes last hour, day, the ADC/vADC.
Session Utilization Peak Displays the peak session utilization (%) in
Custom, with start date/
Usage graph the selected time period. DPM calculates the
values based on the maximum session-table
size available on the ADC/vADC.
Cache Memory Utilization Displays the memory utilization (%)
graph according to time. DPM calculates the values
based on the memory allocated for caching
on the ADC/vADC.
Cache Memory Utilization Displays the peak memory utilization (%) in
Peak Usage graph the selected time period. DPM calculates the
values based on the memory allocated for
caching on the ADC/vADC.
Hard Disk Utilization Displays hard-disk utilization (%) according
graph to time. DPM calculates the values based on
the installed/allocated hard disk on the ADC/
vADC.
Hard Disk Utilization Peak Displays the peak utilization (%) in the
Usage graph selected time period. DPM calculates the
values based on the installed/allocated hard
disk on the ADC/vADC.
PIP Allocation graph Displays utilization according to time. DPM
calculates the values based on the maximum
PIP addresses available on the ADC/vADC.
PIP Allocation Peak Displays the peak utilization (%) in the
Usage graph selected time period. DPM calculates the
values based on the maximum PIP addresses
available on the ADC/vADC.
ADC System Resources Columns:
• Session (%)
• Cache Memory (%)
• Hard Disk (%)
• PIP Allocation (%)
PM)
The last row is Average for Session (%),
Cache Memory (%), Hard Disk (%), and
PIP Allocation (%).

Table 339: Total Network Statistics per Port Report

This report supports the ADC Port Filter list Lists the ports of the selected ADCs.
following filter type: Select one or more rows to filter the results.
Filter Time Period—
week, month, year, and Click (erase) in the list title bar to clear
Custom, with start date/ the filter.
time and end date/time. Total RX per Port Displays, for the specified (filter) time period,
(Packets) graph the total received packets per port.
Total TX per Port Displays, for the specified (filter) time period,
(Packets) graph the total transmitted packets per port.
Total Dropped RX per Displays, for the specified (filter) time period,
Port (Packets) graph the total dropped received packets per port.
Total Dropped TX per Displays, for the specified (filter) time period,
Port (Packets) graph the total dropped transmitted packets per
port.
Total Error RX per Port Displays, for the specified (filter) time period,
(Packets) graph the total errored received packets per port.
Total Error TX per Port Displays, for the specified (filter) time period,
(Packets) graph the total errored transmitted packets per
port.
Total Bandwidth per Port Displays, for the specified (filter) time period,
(Mbit) graph the total bandwidth per port.
Total Network Statistics Columns:
per Port table • ADC Name
• Port
• RX (Packets)
• TX (Packets)
• Dropped RX (Packets)
• Dropped TX (Packets)
• Error RX (Packets)
• Error TX (Packets)
• Bandwidth (Mbit)
The last two rows are Total per ADC and
Total for RX (Packets), TX (Packets), and
Bandwidth (Mbit).

Table 340: Network Performance per ADC Report

This report supports the Connections per Second Displays, per ADC/vADC, the connections per
following filter type: graph second according to time. This value counts
Filter Time Period— only the connections established based on the
Includes last hour, day, configuration of the virtual service. The value
week, month, year, and does not count connections established based
Custom, with start date/ on the Alteon-filter or LinkProof-NG-filter
time and end date/time. configuration.
Packets per Second Displays, per ADC/vADC, the packets-per-
graph second rate, for traffic entering and exiting all
ADC/vADC data ports, according to time.
Caution: For this version of APSolute
Vision, the values include traffic that enters
and exits the data ports, so therefore may
seem to be double the traffic.
Throughput graph Displays, per ADC/vADC, the throughput, in
Mbps, for traffic entering all ADC/vADC data
ports, according to time.
Network Performance per Columns:
ADC table • Name
• Packets/second
• Connections/second
PM)
The last row is Average for Packets/
second, Connections/second, and
Throughput (Mbps).
License per ADC table Columns:
• ADC Name
• Throughput License (Mbps)
Application Reports
The following tables describe the DPM reports for LinkProof NG, Alteon Standalone, VA, or vADC with
Report Category Application:
• Table 341 - Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 456
• Table 342 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC, page 457

• Table 343 - Total Usage of Resources per Application per Network Class Report for Alteon
• Table 344 - Total Usage of Resources per Network Class per Application Report for LinkProof NG,
Alteon Standalone, VA, or vADC, page 458
An application is a virtual service, which is identified in one of the following ways:

• The specified virtual-service Description is set in the configuration (Configuration perspective
Application Delivery tab navigation pane > Virtual Services > Virtual Servers > Virtual
Services > Description/Virtual Service Name).
• The virtual-service identifier in the following format:
<VirtualServerAddress>:<protocol>:<port>[:NetworkClass].
Table 341: Network Performance per Application Report for LinkProof NG, Alteon Standalone,
VA, or vADC

This report supports the Filter by Application Name list Select one or more applications
following filter types: names to filter the results.
• Filter Time Period—
Includes last hour, day, Click (erase) in the list title bar
week, month, year, and to clear the filter.
Custom, with start
Connections per Second graph Displays the connections per second
date/time and end
per application according to time.
date/time.
• Filter Scope—In the Packets per Second graph Displays the packets per second per
filter, you can select up application according to time.
to 10 applications. Throughput graph Displays the throughput, in Mbps,
• Group By—In the filter per application according to time.
configuration, you can Throughput License/Limit per Columns:
specify to group the ADC/vADC table • ADC Name
data by application or
ADC. • Throughput License Limit (Mbps)
To sort or filter the table, select a row
and select the option that you
require.
Network Performance per Columns:
Application table • App Name
• ADC Name
• Packets/second
• Time—In dd/MMM/yyyy
hh:mm:ss T format (for
example: 31/Jan/2012 03:10 PM
The last two rows are Average per
ADC, and Average for
Connections/second, Packets/
second, and Throughput (Mbps).
require.

Table 342: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Standalone, VA, or vADC
Notes and Supported Filter Component Component Description

Type/s
You can view this report this Filter by Application Select one or more real servers to
report only on services Name:Real Server list filter the results.
where the granularity level
is set to Real Server.
Click (erase) in the list title bar
This report supports only a to clear the filter.
single selected device.
Connections per Second graph Displays the connections per second
This report supports the per application per real server
following filter types: according to time.
• Filter Time Period— Packets per Second graph Displays the packets per second per
Includes last hour, day, application per real server according
week, month, year, and to time.
Custom, with start
date/time and end Throughput graph Displays the throughput, in Mbps,
date/time. per application per real server
according to time.
• Filter Scope—In the
filter, you can select up Network Performance of Columns:
to 10 real servers. Application per Real Server • ADC Name
table
• APP Name
• Real Identifier
• Real Name
• Packets/second
example: 31/Jan/2012 03:10 PM
The last two rows are Average/Real
and Average for Connections/
second, Packets/second, and
Throughput (Mbps).
require.

Table 343: Total Usage of Resources per Application per Network Class Report for Alteon
Note and Supported Filter Component Component Description

Type/s
Note: This report Total Bandwidth (Mbits) Usage Displays the total bandwidth usage,
supports only a single of Application per Network in Mbits, per network class per
selected device. graph application.
This report supports the Total Connections (K) of Displays the total connections, in
following filter types: Application per Network graph 1000s, per network class per
• Filter Time Period— application.
Includes last hour, day, Total Usage of Resources per Columns:
week, month, year, and Application table • Application
Custom, with start
date/time and end • Network Class
date/time. • Bandwidth (Mbits)
• Filter Scope—In the • Total Connections (K)
filter, you can select up
to 10 applications. The last two rows are Total per
Application and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
require.
Table 344: Total Usage of Resources per Network Class per Application Report for LinkProof
NG, Alteon Standalone, VA, or vADC

This report supports the Total Bandwidth (Mbits) Usage Displays the total bandwidth, in
following filter types: of Network per Applications Mbits, per applications per network
• Filter Time Period— graph class.
Includes last hour, day, Total Connections (K) Usage Displays the total usage of
week, month, year, and of Network per Applications connections, in 1000s, per network
Custom, with start graph class per application.
date/time and end
Total Usage of Resources per Columns:
date/time.
Network Class per Application • Network Class
• Filter Scope—In the table
filter, you can select up • Application
to 10 network classes. • Bandwidth (Mbits)
• Total Connections (K)
The last two rows are Total per
Client Subnet and Grand Total for
Bandwidth (Mbits) and Total
Connections (K).
require.

Real Server Reports

The following tables describe the DPM Reports for LinkProof NG, Alteon Standalone, VA, or vADC
with Report Category Real Server:
• Table 345 - Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC, page 459
• Table 346 - Network Performance of Application per Real Server Report for LinkProof NG, Alteon
• Table 347 - Total Usage of Resources per Real Server Report for LinkProof NG, Alteon
Table 345: Network Performance per Real Server Report for LinkProof NG, Alteon Standalone,
VA, or vADC
Supported Filter Type/ Component Component Description

s
This report supports the Filter by ADC Name:Real Server list Lists the real servers.
following filter types: Select one or more rows to filter
• Filter Time Period— the results.
Includes last hour,
day, week, month, Click (erase) in the list title
year, and Custom, bar to clear the filter.
with start date/time
and end date/time. Connections per Second graph Displays the connections per
second per real server according to
time.
filter, you can select
up to 10 real Packets per Second graph Displays the packets per second
servers. per real server according to time.
Throughput graph Displays the throughput, in Mbps,
per real server according to time.
Network Performance per Real Columns:
Server table • ADC Name
• Real Identifier
• Real Name
• Packets/second
example: 31/Jan/2012 03:10
PM)
The last two rows are Average per
ADC and Average for
second, and Throughput
(Mbps).
To sort or filter the table, select a
row and select the option that you
require.

Table 346: Network Performance of Application per Real Server Report for LinkProof NG, Alteon
Notes and Supported Component Component Description

Filter Type/s
You can view this report Filter by Application Name:Real Lists the real servers.
this report only on Server list Select one or more rows to filter
services where the the results.
granularity level is set
to Real Server.
Click (erase) in the list title
This report supports
bar to clear the filter.
only a single selected
device. Connections per Second graph Displays the connections per
second per real server according to
This report supports the
time.
following filter types:
• Filter Time Period— Packets per Second graph Displays the packets per second
per real server according to time.
Includes last hour,
day, week, month, Throughput graph Displays the throughput, in Mbps,
year, and Custom, per real server according to time.
Network Performance per Real Columns:
and end date/time.
filter, you can select • APP Name
up to 10 real • Real Identifier
servers.
• Real Name
• Packets/second
example: 31/Jan/2012 03:10
PM)
The last row is Average for
second, and Throughput
(Mbps).
To sort or filter the table, right-click
in a row and select the option that
you require.

Table 347: Total Usage of Resources per Real Server Report for LinkProof NG, Alteon

s
This report supports the Filter by ADC Name:Real Server list Lists the real servers.
following filter types: Select one or more rows to filter
• Filter Time Period— the results.
Includes last hour,
day, week, month,
Click (erase) in the list title
year, and Custom,
bar to clear the filter.
and end date/time. Total Connections graph Displays the total connections per
real server.
filter, you can select Total Bandwidth graph Displays the total bandwidth, in
up to 10 real Mbits, per real server.
servers.
Total Usage of Resources per Real Columns:
• Real Identifier
• Real Name
• Connections
The last row is Total for
Connections and Bandwidth
(Mbit).
To sort or filter the table, select a
row and select the option that you
require.
Port Reports
The following tables describe the DPM Reports for LinkProof NG,. Alteon Standalone, VA, or vADC
with Report Category Port:
• Table 348 - Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 462
• Table 349 - Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC, page 463

Table 348: Total Network Statistics per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

s
This report supports the Filter by ADC Name:Port list Lists the ports of the selected ADCs.
following filter type: Select rows to filter the results.
week, month, year, and Click (erase) in the list title bar to
Custom, with start clear the filter.
date/time and end Total RX per Port (Packets) Displays the total received packets per
date/time. graph port.
Total TX per Port (Packets) Displays the total transmitted packets per
graph port.
Total Dropped RX per Port Displays the total received dropped
(Packets) graph packets per port.
Total Dropped TX per Port Displays the total transmitted dropped
Total Error RX per Port Displays the total received errored
Total Error TX per Port Displays the total transmitted errored
Total Bandwidth per Port Displays the total bandwidth, in Mbits, per
(Mbit) graph port.
Total Network Statistics per Columns:
Port table • ADC Name
• Port
• RX (Packets)
• TX (Packets)
• Dropped RX (Packets)
• Dropped TX (Packets)
• Error RX (Packets)
• Error TX (Packets)
The last rows are Total per ADC and
Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).

Table 349: Network Performance per Port Report for LinkProof NG, Alteon Standalone, VA, or
vADC

s
This report supports the Filter by ADC Name:Port list Lists the ports of the selected ADCs.
date/time and end RX Port Rate graph Displays the rates, in Mbps, of received
date/time. traffic per port according to time.
TX Port Rate graph Displays the rates, in Mbps, of
transmitted traffic per port according to
time.
Packets per Second per Port Displays the packets per second per port
graph according to time.
Throughput per Port graph Displays the throughput, in Mbps, per
port according to time.
Network Performance per Port Columns:
table • ADC Name
• Port
• RX (bps)
• TX (bps)
• Packets/second
The last rows are Average per ADC and
Average for RX (bps), TX (bps), and
Packets/second.
VX Reports
The following tables describe the DPM Report for Alteon VX with Report Category VX:
• Table 350 - CPU Utilization per vADC Report for Alteon VX, page 464
• Table 351 - Throughput Limit Utilization per vADC Report for Alteon VX, page 465

Table 350: CPU Utilization per vADC Report for Alteon VX

s
This report supports the Filter by vADC list Lists the vADCs of the selected VXs.
date/time and end vMP CPU Utilization graph Displays the CPU utilization (%) per vADC
date/time. vMP according to time.
Peak vMP CPU Utilization Displays the peak CPU utilization (%) per
graph vADC vMP in the selected time period.
vSP CPU Utilization graph Displays the CPU utilization (%) per vADC
vSP according to time.
Peak vSP CPU Utilization Displays the peak CPU utilization (%) er
graph vADC vSP in the selected time period.
CPU Utilization per vADC Columns:
table • vADC Name
• CPU Type—vSP, vMP or the SPs (for
example, SP # 1)
• CPU Utilization (%)
• Time—In dd/MMM/yyyy hh:mm:ss
T format (for example: 31/Jan/2012
03:10 PM)
The last rows are Total per ADC and
Total for RX (Packets), TX (Packets),
and Bandwidth (Mbit).

Table 351: Throughput Limit Utilization per vADC Report for Alteon VX

s
This report supports the Filter by vADC list Lists the vADCs of the selected VXs.
date/time and end vADC Throughput Limit Displays the vADC throughput-limit
date/time. Utilization graph utilization (%) according to time. DPM
measures the vADC throughput of the
traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.
Peak vADC Throughput Limit Displays the peak vADC throughput-limit
Utilization graph utilization (%) in the selected time period.
DPM measures the vADC throughput of
the traffic entering all the data ports, and
calculates the values based on the
allocated throughput limit of each vADC.
Throughput Limit Utilization Columns:
per vADC table • vADC
• Throughput Limit Utilization (%)
• Time—In dd/MMM/yyyy hh:mm:ss
T format (for example: 31/Jan/2012
03:10 PM)
The last two rows Grand Total Average
Throughput and Grand Total
Maximum Throughput for Throughput
Limit Utilization (%).
Viewing Dashboards for Single Standalone and vADC

Devices
Use the Dashboard tab in the content area to view the dashboards with the current data for one
selected device in the Devices pane Organization tab. The contents of the dashboards differ
according to whether the selected device is a standalone or vADC. For example, the dashboard tab
for a vADC does not display temperature.
You will always see the alerts for all the devices you have in the Organization and Physical trees—
according to your role and scope.
• Displaying the Dashboard and Managing the Display, page 466
• Dashboard Components for Single Standalone and vADC Devices, page 466

Displaying the Dashboard and Managing the Display

The following procedure describes how to display the dashboard.
To display the dashboard

1. In the Devices pane, select the Organization tab.
2. In the Organization tab, select one device.
3. In the content area (on the right, by default), select the Dashboard tab.
Use the buttons, which are described in the following table, to manage the dashboard display.
Table 352: Dashboard-Display Buttons
Button Description
Opens the dialog box to select the temperature scale (Celsius or Fahrenheit) for
monitoring the temperature sensors on physical devices.
Note: This setting applies to all DPM interfaces.
Refreshes the dashboard display.
Maximizes and floats the currently displayed dashboard tab.
Dashboard Components for Single Standalone and vADC

Devices
The following table describes the dashboard components for single standalone and vADC devices.

Table 353: Dashboard Components for Single Standalone and vADC Devices
Dashboard Component Description

System CPU Utilization graph The utilization per SP and MP CPU.
Fans Status graph The status of each ADC fan: nominal or not operating.
(This graph is displayed Note: Each fan icon is displayed with its
only for physical corresponding ID number. The fan ID numbers might
devices.) not be sequential.
Capacity Utilization Bars:
graph • Cache—Cache memory utilization (%). DPM
calculates the value based on the memory allocated
for caching on the ADC/vADC.
• HD—Hard disk utilization (%). DPM calculates the
value based on the installed/allocated hard disk on
the ADC/vADC.
• PIP—PIP allocation utilization (%). DPM calculates
the value based on the maximum PIP addresses
• Session—Session utilization (%). DPM calculates the
value based on the maximum session-table size
Temperature chart The temperature, according to the selected scale
(Celsius or Fahrenheit), for each temperature sensor.
Throughput graph The throughput, in Mbps, of the traffic entering all the
data ports, polled every 30 seconds.
Throughput Usage Bars:
graph • The peak throughput in Mbps, of the traffic entering
all the data ports, since the last reboot.
• The throughput-license limit in Mbps.
Network Port Status table Columns:
• Port ID—The ADC port ID
• Status—Values: Up, Warning, Admin Down, Down
To sort or filter the table, select a row and select the
option that you require.
Port Status Summary The proportion and number of ports per status: Up,
pie chart Warning, Admin Down, and Down.
Port Bandwidth graph The received and sent bandwidth, in Mbps, per port.

Table 353: Dashboard Components for Single Standalone and vADC Devices (cont.)
Dashboard Component Description

Application Virtual Service Status Lists the virtual services configured for the device with
To display the table the corresponding Content Rule, Status, and Action.
Application The Virtual Service Identifier is either:
dashboard, • The specified Description or Virtual Service Name
select a single (depending on the Alteon version)—if it is set in the
device in the configuration (Configuration perspective Application
Organization Delivery tab navigation pane > Virtual Services >
tab and up to Virtual Servers > Virtual Services >
10 services Description).
from the Filter
table. • The virtual-service identifier in the following format:
<VirtualServerAddress>:<protocol>:<port>
[:NetworkClass].
Click (erase) in the list title bar to clear the filter.

Selected Virtual The proportion and number of the selected virtual
Services Status pie services per status level.
chart Values: Up, Warning, Admin Down, Down
Real Servers Status of The proportion and number of real servers per status
the Selected Services level for the selected services.
pie chart Values: Up, Warning, Admin Down, Down
Virtual Service The Virtual Service Throughput, in Mbps.
Throughput graph
Virtual Service The Virtual Service connections, in CPS.
Connections per Second
graph
Viewing the Dashboard for ADC-VX Devices

Use the VX Dashboard tab in the content area to view the current alerts for the selected Alteon VX
devices in the Devices pane Physical tab.
• Displaying the VX Dashboard and Managing the Display, page 468
• Dashboard Components for VX Devices, page 469
Displaying the VX Dashboard and Managing the Display

The following procedure describes how to display the VX dashboard.
To display the VX dashboard

1. In the Devices pane, select the Physical tab.
2. In the Physical tab, select one device.
3. In the content area (on the right, by default), select the VX Dashboard tab.

Table 354: VX Dashboard-Display Buttons
Button Description
Maximizes and floats the VX Dashboard tab.
Dashboard Components for VX Devices

The following table describes the dashboard components for VX devices.
Table 355: Dashboard Components for VX Devices
Temperature chart The temperature, according to the selected scale (Celsius or
Fahrenheit), for each temperature sensor in the VX device.
When relating to an Alteon 10000 platform, the temperatures that
the monitor displays show the average temperature of the blade
sensors. The ID numbers represent the slot numbers. Slot 1
supports the Switch Blade. Slot 2 supports the Switch Extension
Blade. Slots 3–6 support Payload Blades. Slot 7–8 support Shelf
Managers. Some blades are optional.
Fan Status indicators The status of each fan: nominal or not operating. Green—for
nominal. Red—for not operating/not operating properly.
Each fan icon is displayed with its corresponding ID number. The
fan ID numbers might not be sequential and might be repeated.
When relating to an Alteon 10000 non-NEBS platform, the ID
number represents the fan blade. If all fans in the blade are
working properly, the status is green. If one or more fans in the
blade are not working properly, the status is red.
vADC CPU Distribution graph The proportion and number of vADCs per maximum utilization
level of vSP and vMP.
Values:
• Low
• Medium
• High
vADC Throughput Limit The proportion and number of vADCs per maximum throughput-
Utilization Distribution graph limit utilization.
Values:
• Low
• Medium
• High

Table 355: Dashboard Components for VX Devices (cont.)
vADC Identifier Lists the vADCs of the VX.
Select rows to filter the results of the CPU Utilization per vADC
graph and Throughput Limit Utilization per vADC graph.
Click (erase) in the list title bar to clear the filter.

CPU Utilization per vADC The maximum vSP or vMP CPU utilization (%) per vADC, polled
graph every two minutes. If more than one vADC is operating at the
same utilization, only the top line is displayed.
Throughput Limit Utilization The utilization (%) of the allocated throughput limit per vADC,
per vADC graph polled every two minutes. If more than one vADC is operating at
the same utilization, only the top line is displayed.
Viewing Dashboards for Multiple Standalone and vADC

Devices
Use the Multi-Device Dashboard tab in the content area to view the information about the selected
devices in the Devices pane Organization tab.
• Displaying the Multi-Device Dashboard and Managing the Display, page 470
• Multi-Device Dashboard Components, page 471
Displaying the Multi-Device Dashboard and Managing the Display

The following procedure describes how to display the multi-device dashboard.
To display the multi-device dashboard

1. In the Devices pane, select the Organization tab.
2. In the Organization tab, select the devices.
3. In the content area (on the right, by default), select the Multi-Dashboard tab.
Table 356: Multi-Device Dashboard-Display Buttons
Button Description
Maximizes and floats the Multi-Device Dashboard tab.

Multi-Device Dashboard Components

The following table describes the multi-device dashboard components.
Table 357: Multi-Device Dashboard Components
Overall Status pie chart The proportion and number of devices per highest-severity status
level.
Values: OK, Warning, Error
Throughput Utilization The proportion and number of devices per throughput-utilization
Distribution pie chart level.
Values: Low, Medium, High
Max. CPU Utilization The proportion and number of devices per maximum-CPU-
Distribution pie chart utilization level.
Session Table Utilization The proportion and number of devices per session-table-utilization
Distribution pie chart level.
Max. Temperature Distribution The proportion and number of devices per maximum-temperature
pie chart level.
Values: Low, Medium, High, NA (vADC)
Monitoring Parameters per Columns:
Device • Device—Displays the device name.
• Overall Status—Displays the highest-severity status level on
the device except for Virtual Services Down. Values: OK,
Warning, Error.
• Virtual Services Down—Displays the number of virtual services
that are down on the device.
• Throughput Util. (%)—Displays the utilization (%) of the
throughput license (for standalone devices) or the allocated
throughput limit (for vADCs).
• Max. CPU Util. (%)—Displays the highest current CPU
utilization (%) of all the SP/MPs.
• Session Table Util. (%)—Displays the current Session-table
utilization (%) of all the SP/MPs.
• Max. Temperature—Displays the highest current temperature
of the sensors on the device. This value is not applicable for
virtual devices. For a vADC, NA (vADC) is displayed.


CONTROLLING THE DEFENSEPRO
OPERATIONAL STATUS
APSolute Vision’s online monitoring for DefensePro can serve as part of a Network Operating Center
(NOC) that monitors and analyzes the network and connected devices for changes in conditions that
may impact network performance.
• Monitoring the General DefensePro Device Information, page 473
• Monitoring and Controlling DefensePro Device Ports and Trunks, page 475
• Monitoring DefensePro High Availability, page 477
• Monitoring DefensePro Resource Utilization, page 478
• Monitoring Cisco Security Group Tags (SGTs), page 486
Monitoring the General DefensePro Device Information

The Overview pane displays general device information, including the information about the
software version on the device and the hardware version of the device.
To display general device information for a selected device

> In the Monitoring perspective, select Operational Status > Overview.
Table 358: Overview: Basic Parameters
Hardware Platform The type of hardware platform for this device.
Uptime The system up time in days, hours, minutes, and seconds.
Base MAC Address The MAC address of the first port on the device.
Device Serial Number The serial number of the device.
(This parameter is Virtual devices do not have a serial number.
exposed only in 6.x
Note: For virtual devices of some versions, this field displays
versions 6.12 and later,
0000000000.
7.x versions, and 8.x
versions.)
Table 359: Overview: Signature Update Parameters
Radware Signature File The version of the Radware Signature File installed on the device.
Version

Monitoring and Controlling the DefensePro Operational Status
Table 359: Overview: Signature Update Parameters (cont.)
Fraud Signatures Last When Fraud Protection is enabled, this parameter can display the
Update timestamp of the last update of fraud signatures, received from
(This parameter is Radware.com and downloaded to the DefensePro device.
available only in 6.x Values:
versions and 7.x
• The timestamp, in DDD MMM DD hh:mm:ss yyyy z format—
versions 7.42.09 and
displayed according to the timezone of your APSolute Vision client.
later.)
• No Feeds Received Since Device Boot
Table 360: Overview: Software Parameters
Software Version The version of the product software installed on the device.
APSolute OS Version The version of the APSolute OS installed on the device—for example,
(This parameter is not 10.31-03.01:2.06.08.
available in 8.x versions
8.17.3 and later.)
Build The build number of the current software version.
Version Status The state of this software version.
Values:
• Open—Not yet released
• Final—Released version
Throughput License Values:
(This parameter • The maximum throughput that the license allows.
displays only in 8.x • Unlimited
versions.)
Table 361: Overview: Hardware Parameters
Hardware Version The hardware version; for example, B.5.
(This parameter
displays only in 6.x and
7.x versions.)
RAM Size The amount of RAM, in megabytes.
Flash Size The size of flash (permanent) memory, in megabytes.
Cores The number of CPUs/cores that the device uses for processing traffic.
(This parameter is That is, the value does not include the CPUs/cores for DefensePro
available only in 8.x management.
versions.) Note: On virtual DefensePro platforms—but not Radware DefensePro
DDoS Mitigation for Cisco Firepower, you can specify the number of
virtual cores in the initial setup of the virtual instance.
CPU Speed The CPU speed, in GHz.
(This parameter is
available only in 8.x
versions.)

Monitoring and Controlling DefensePro Device Ports and

Trunks
A Layer 2 interface is defined as any interface that has its own MAC address, physical port, trunk,
and VLAN.
You can monitor status and interface statistics for ports and trunks on DefensePro version 6.x–8.x
platforms.
You can also change the administrative status of a port, from Up to Down or vice versa.
Caution: If the administrative status of a QSFP+ 40-Gigabit Ethernet (40GbE) port is Down, the
port does not issue traps or alerts, and does not show information for system hardware
transceiver-info commands.
To change the administrative status of a port or trunk

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. Select the rows with the relevant ports, and click the (Disable Selected Ports) button (for a
port currently Up) or the (Enable Selected Ports) button (for a port that is currently Down).
To display L2 interface statistics for a selected device

1. In the Monitoring perspective, select Operational Status > Ports and Trunks.
2. To view the statistics for a specific port all in one dialog box, double-click the row.
Table 362: L2 Interface Statistics Basic Parameters
Port Name The interface name or index number.
Port Family A hard-coded description of the interface.
(This parameter displays
only in DefensePro 7.x and
8.x versions.)
Port Description For 6.x versions—A hard-coded description of the interface.
For DefensePro 7.x and 8.x versions—A user-defined description of
the interface. Maximum characters: 64.
Port Speed The current bandwidth of the interface. On DefensePro 6, 20, 60,
110, 200, 220, 400, x420, and x4420 platforms, the value is in
megabits per second. On all platforms except for DefensePro 6, 20,
60, 110, 200, 220, 400, x420, and x4420, the value is in bits per
second.
MAC Address The MAC address of the interface.
Admin Status The administrative status of the interface, Up or Down.
Operational Status The operational status of the interface, Up or Down.

Table 362: L2 Interface Statistics Basic Parameters (cont.)
Last Change Time The value of System Up time at the time the interface entered its
current operational state. If the current state was entered prior to the
last re-initialization of the local network management subsystem,
then this value is zero (0).
Table 363: L2 Interface Statistics Parameters
Incoming Bytes The number of incoming octets (bytes) through the interface
including framing characters.
Incoming Unicast Packets The number of packets delivered by this sub-layer to a higher sub-
layer, which were not addressed to a multicast or broadcast address
at this sub-layer.
Incoming Non-Unicast The number of packets delivered by this sub-layer to a higher sub-
Packets layer, which were addressed to a multicast or broadcast address at
this sub-layer.
Incoming Discards The number of inbound packets chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a
higher-layer protocol. One possible reason for discarding such a
packet could be to free up buffer space.
Incoming Errors For packet-oriented interfaces, the number of inbound packets that
contained errors preventing them from being deliverable to a higher-
layer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors
preventing them from being deliverable to a higher-layer protocol.
Outgoing Bytes The total number of octets (bytes) transmitted out of the interface,
including framing characters.
Outgoing Unicast Packets The total number of packets that higher-level protocols requested be
transmitted, and which were not addressed to a multicast or
broadcast address at this sub-layer, including those that were
discarded or not sent.
Outgoing Non-Unicast The total number of packets that higher-level protocols requested be
Packets transmitted, and which were addressed to a multicast or broadcast
address at this sub-layer, including those discarded or not sent.
Outgoing Discards The number of outbound packets that were chosen to be discarded
even though no errors had been detected to prevent their being
transmitted. One possible reason for discarding such a packet could
be to free up buffer space.
Outgoing Errors For packet-oriented interfaces, the number of outbound packets that
could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units
that could not be transmitted because of errors.

Monitoring DefensePro High Availability

You can view the status of parameters related to the high availability of a selected DefensePro
device.
Note: When you issue the Switch Over command on the cluster node, the active device switches
over. To switch modes, select the cluster node, and then select Switch Over.)
To view the parameters related to the high availability of a selected DefensePro device
> In the Monitoring perspective, select Operational Status > High Availability.
Table 364: DefensePro High-Availability Monitoring Parameters
Device Role Values:
• Stand Alone—The device is not configured as a member of a high-
availability cluster.
• Primary—The device is configured as the primary member of a high-
• Secondary—This device is configured as the secondary member of a
high-availability cluster.
Device State Values:
• Active—The device is in the active state. The device may be a
standalone device (not part of a high-availability cluster) or the active
member of a high-availability cluster.
• Passive—The device is the passive member of a high-availability
cluster.
Last Baseline Sync. Values:
• Base-Line still not synched on this device—Either high availability is
not enabled on the device or high availability is enabled on the device
but the baselines for security protections are still not synchronized.
• The timestamp, in DDD MMM DD hh:mm:ss yyyy format, of the last
synchronization of the baseline between the active and passive
device.
Cluster State Values:
• Pair not defined—The device is not configured as a member of a high-
• Disconnected—The device is disconnected from the other member of
the high-availability cluster.
• Negotiate—The device is negotiating with the other member of the
high-availability cluster.
• Synchronizing—The device is synchronizing with the other member of
the high-availability cluster.
• In Sync—The members of the high-availability cluster are
synchronized.
• Hold on—The device is waiting for information from the other member
of the high-availability cluster.

Table 364: DefensePro High-Availability Monitoring Parameters (cont.)
Cluster Node in Use The IP address of the selected device.
Peer Clustered Node in The IP address of the other cluster member.
Use
Monitoring DefensePro Resource Utilization

• Monitoring DefensePro CPU Utilization, page 478
• Monitoring DefensePro RAM and Disk Utilization, page 482
• Monitoring and Clearing DefensePro Authentication Tables, page 483
• Monitoring DME Utilization According to Configured Policies, page 484
• Monitoring DefensePro Syslog Information, page 485
Monitoring DefensePro CPU Utilization

You can view statistics for the device’s average resource utilization and the utilization for each
accelerator.
Tip: in 8.x versions 8.17.4 and later, you can configure DefensePro to issue Device-Health Event
messages (SNMP traps and syslog messages) for high controller CPU utilization and/or high flow-
engine CPUs utilization (Configuration perspective, Setup > Advanced Parameters > CPU Load
Settings).
To monitor device utilization for a selected DefensePro device in 8.x versions

> In the Monitoring perspective, select Operational Status > Resource Utilization > CPU
Utilization.
Table 365: CPU Utilization: Controller Utilization Parameters—Versions 8.14 and Later
Controller Utilization The percentage of the controller’s resources currently utilized.
Average Controller Utilization - The average utilization of controller’s resources in the last 5
Last 5 Seconds seconds.
Average Controller Utilization - The average utilization of controller’s resources in the last 60
Last 60 Seconds seconds.
Table 366: CPU Utilization: Engines Utilization Parameters—Versions 8.14 and Later
Engine ID The name of the flow engine.
Forwarding Task The percentage of CPU cycles used for traffic processing.

Table 366: CPU Utilization: Engines Utilization Parameters—Versions 8.14 and Later (cont.)
Other Tasks The percentage of CPU resources used for other tasks such as aging and
so on.
Idle Task The percentage of free CPU resources.
Table 367: CPU Utilization: General Parameters—8.x Versions Earlier than 8.14
Resource Utilization The percentage of the device’s CPU currently utilized.
Last 5 sec. Average The average utilization of resources in the last 5 seconds.
Utilization
Utilization
Table 368: CPU Utilization: Engine Utilization Parameters—8.x Versions Earlier than 8.14
Engine ID The name of the flow engine.
so on.

Utilization.
Table 369: CPU-Utilization: General Parameters
Note: DefensePro 7.x versions running on the x420 platform contains internal logic of two
DefensePro software instances—using the DoS Mitigation Engine (DME) and physical ports as
shared resources. For more information, see the DefensePro User Guide.
Resource Utilization Instance 0 The percentage of the device’s instance-0 CPU currently utilized.
Resource Utilization Instance 1 The percentage of the device’s instance-1 CPU currently utilized.
RS Resource Utilization The percentage of the device’s instance-0 routing services (RS)
Instance 0 resource currently utilized.
RS Resource Utilization The percentage of the device’s instance-1 routing services (RS)
RE Resource Utilization The percentage of the device’s instance-0 routing engine (RE)
RE Resource Utilization The percentage of the device’s instance-1 routing engine (RE)

Table 369: CPU-Utilization: General Parameters (cont.)
Last 5 sec. Average Utilization The average utilization of instance-0 resources in the last 5
Instance 0 seconds.
Instance 1 seconds.
Instance 0 seconds.
Instance 1 seconds.
Table 370: CPU Utilization: Accelerator Utilization Parameters
Instance The internal hardware instance of the device.
Accelerator Type The name of the accelerator. The accelerator named
Flow_Accelerator_0 is one logical accelerator that uses several
CPU cores. The accelerator named HW Classifier is the string-
matching engine (SME).
CPU ID The CPU number for the accelerator.
Other Tasks The percentage of CPU resources used for other tasks such as
aging and so on.

Utilization.
Table 371: CPU Utilization: General Parameters
Maximum Resource The highest percentage of the device’s CPU-cores currently utilized.
Utilization
(In versions earlier than
6.14.10, the parameter
is labeled Resource
Utilization.)
Master RS Utilization The percentage of the master routing services (RS) resource that is
(In versions earlier than currently utilized.
6.14.10, the parameter Note: RS refers to the portion of the master CPU that is used for
is labeled RS Resource tasks not related to packet handling.
Utilization.)

Table 371: CPU Utilization: General Parameters (cont.)
Master RE Utilization The percentage of the master routing-engine (RE) resource that is
(In versions earlier than currently utilized.
6.14.10, the parameter Note: RE refers to the portion of the master CPU that is used for
is labeled RE Resource processing packets.
Utilization.)
Utilization
Utilization
Table 372: CPU-Utilization: Accelerator Utilization Parameters
Accelerator Type The name of the accelerator. The accelerator named Flow_Accelerator_0
is one logical accelerator that uses several CPU cores. The accelerator
named Hardware SME (or Hardware Classifier In versions earlier than
6.14.10) is the string-matching engine (SME). OnDemand Switch 3 S1
has no SME.
CPU ID The CPU number for the accelerator. OnDemand Switch 2 and
OnDemand Switch 3 S2 have two CPU cores. OnDemand Switch 3 S1 has
three CPU cores.
so on.
Related Topics

Monitoring DefensePro RAM and Disk Utilization

This feature is available only in DefensePro 8.x versions 8.21 and later.
Use the RAM and Disk Utilization page to do the following:
• View statistics for the device’s RAM utilization and disk utilization.
• Configure the device to issue alerts about RAM utilization and disk utilization. DefensePro issues
these alerts as SNMP traps, which are also displayed in the APSolute Vision Alerts Table. In the
context of DefensePro, these alerts are Device-Health Events. In the context of APSolute Vision,
these alerts are Device Health Errors.
Notes
— APSolute Vision can convey Device Health Error messages from the APSolute Vision Alerts
Table (APSolute Vision Settings view System perspective, General Settings > Alert
Settings > Alert Browser). For more information, see Configuring Settings for the Alerts
— If you require Device-Health Events (also) as syslog messages directly from the DefensePro
device, make sure that the Device-Health Events checkbox is selected in the configuration
of the syslog server(s) (Configuration perspective, Setup > Reporting Settings >
Syslog). For more information, see Configuring DefensePro Syslog Settings, page 1634.
To configure alert settings for RAM utilization and disk utilization

1. In the Monitoring perspective, select Operational Status > Resource Utilization > RAM and
Disk Utilization.
Table 373: RAM and Disk Utilization—Alert Parameters
Enable RAM Utilization Alerts Specifies whether the device issues alerts about RAM
utilization.
Default: Enabled
RAM Utilization Alert Level The percentage of the device’s RAM utilization above which
(This parameter is available only the device sends an alert. The device issues another message
when the Enable RAM Utilization when the utilization level returns to below the specified
Alerts is selected.) percentage.
Values: 50–99
Default: 85
Enable Disk-Space Utilization Alerts Specifies whether the device sends alerts about disk-space
utilization.
Default: Enabled
Disk-Space Utilization Alert Level The percentage of the device’s disk-space utilization above
(This parameter is available only which the device sends alerts. The device issues another
when the Enable Disk-Space message when the utilization level returns to below the
Utilization Alerts is selected.) specified percentage.
Values: 30–99
Default: 50

To monitor RAM utilization and disk utilization

> In the Monitoring perspective, select Operational Status > Resource Utilization > RAM and
Disk Utilization.
Table 374: RAM and Disk Utilization—Monitoring Parameters
RAM Utilization
RAM Capacity The device’s total RAM capacity, in GB.
Used RAM The amount, in GB, of the device’s RAM currently used.
RAM Used The percentage of the device’s RAM currently utilized.
Disk Utilization
Hard Disk Capacity The device’s hard disk capacity, in GB.
Used Disk Space The amount, in GB, of the device’s hard disk currently used.
Disk Space Utilization The percentage of the device’s hard-disk space currently utilized.
Related Topics
Monitoring and Clearing DefensePro Authentication Tables

You can view statistics for the device’s Authentication Tables. You can also clear the contents of each
table.
To monitor Authentication Tables for a selected DefensePro device

> In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
Table 375: TCP Authentication Table: Monitoring Parameters
Table Size The number of source addresses that the table can hold.
Table Utilization Percent of the table that is currently utilized.
Aging Time The aging time, in seconds, for the table.
Table 376: DefensePro HTTP Authentication Table: Monitoring Parameters
Table Size The number of source-destination couples for protected HTTP servers.
For example, if there are two attacks towards two HTTP servers and the
source addresses are the same, for those two servers, there will be two
entries for the source in the table.

Table 376: DefensePro HTTP Authentication Table: Monitoring Parameters (cont.)
Aging Time The aging time, in seconds, for the table.
Values: 60–3600
Default: 1200
Table 377: DNS Authentication Table: Monitoring Parameters
(This tab is not displayed in DefensePro 8.x versions.)
Table Size The number of source addresses that the table can hold.
Aging Time The aging time, in minutes, for the table.
To clean an Authentication Table for a selected DefensePro device

1. In the Monitoring perspective, select Operational Status > Resource Utilization >
Authentication Tables.
2. In the relevant tab (that is, TCP Authentication Table, HTTP Authentication Table, or DNS
Authentication Table), click Clean Table.
Note: For the TCP Authentication Table and the HTTP Authentication Table, the Clean Table
action can take up to 10 seconds.
Monitoring DME Utilization According to Configured Policies

The contents of this pane are irrelevant for Radware DefensePro DDoS Mitigation for Cisco
Firepower.
This pane is functional only on DefensePro 20, 60, 110, 200, 220, 400, x420, and x4420 devices,
and x412 devices with the DME.
You can view statistics relating the user-defined policies to the utilization of the DoS Mitigation
Engine (DME).
The values that the device exposes are the calculated according to the configured values—even
before running the Update Policies command.
Note: If the device is not equipped with the DME, 0 (zero) values are displayed.
To monitor DME utilization according to configured policies

> In the Monitoring perspective, select Operational Status > Resource Utilization > Policies.

Table 378: Policies: General Resource Utilization Monitoring Parameters
Note: If a value in this tab is close to the maximum, the resources for the device are exhausted.
Total Policies The total number of policies in the context of the DME, which is
double the number of network policies configured in the device.
OnDemand Switch 3 S2 supports 50 configured network policies.
x420 supports 50 configured network policies.
HW Entries Utilization The percentage of resource utilization from the HW entries in the
context of the DME.
Sub-Policies Utilization The percentage of DME resource utilization from the entries of sub-
policies.
In the context of the DME, a sub-policy is a combination of the
following:
• Source-IP-address range
• Destination-IP-address range
• VLAN-tag range
Concurrent Active BDoS The number of concurrent active BDoS attacks.
Attacks
(This parameter is available
only in 7.x versions.)
Table 379: Policies: Per-Policy Resource Utilization Monitoring Parameters
Policy Name The name of the policy.
Direction The direction of the policy.
Values:
• Inbound
• Outbound
HW Entries The number of DME hardware entries that the policy uses.
Sub-Policies The number of DME sub-policy entries that the policy uses.
Monitoring DefensePro Syslog Information

You can view information relating to the syslog mechanism.
To monitor DefensePro syslog information

> In the Monitoring perspective, select Operational Status > Resource Utilization > Syslog
Monitor.
Table 380: DefensePro Syslog Monitoring Parameters
Syslog Server The name of the syslog server.

Table 380: DefensePro Syslog Monitoring Parameters (cont.)
Status The status of the syslog server.
Values:
• Reachable—The server is reachable.
• Unreachable—The server is unreachable.
• N/R—Specifies not relevant, because traffic towards the
Syslog server is over UDP—as specified (Configuration
perspective, Setup > Syslog Server > Protocol > UDP).
Messages in Backlog The number of messages in the backlog to the syslog server.
Monitoring Cisco Security Group Tags (SGTs)

You can monitor the name and value of the enabled SGT, if one exists.
Note: For more information on SGTs in DefensePro, see Managing SGT Classes, page 1688.
To monitor SGTs
> In the Monitoring perspective, select Operational Status > SGT.
Table 381: SGT Monitoring Parameters
Name The name of the SGT.
Value The value of the SGT.

CHAPTER 18 – MONITORING
DEFENSEPRO STATISTICS
Monitoring DefensePro statistics comprises the following topics:
• Monitoring DefensePro SNMP Statistics, page 487
• Monitoring DefensePro Bandwidth Management Statistics, page 488
• Monitoring DefensePro IP Statistics, page 490
Monitoring DefensePro SNMP Statistics

You can view statistics for the SNMP layer of the device.
To monitor DefensePro SNMP statistics

> In the Monitoring perspective, select Statistics > SNMP Statistics.
Table 382: DefensePro SNMP Statistics
Number of SNMP Received Packets The total number of messages delivered to the SNMP entity
from the transport service.
Number of SNMP Sent Packets The total number of SNMP messages passed from the SNMP
protocol entity to the transport service.
Number of SNMP Successful 'GET' The total number of MIB objects retrieved successfully by
Requests the SNMP protocol entity as the result of receiving valid
SNMP GET-Request and GET-Next PDUs.
Number of SNMP Successful 'SET' The total number of MIB objects modified successfully by the
Requests SNMP protocol entity as the result of receiving valid SNMP
SET-Request PDUs.
Number of SNMP 'GET' Requests The total number of SNMP GET-Request PDUs accepted and
processed by the SNMP protocol entity.
Number of SNMP 'GET-Next' The total number of SNMP GET-Next Request PDUs accepted
Requests and processed by the SNMP protocol entity.
Number of SNMP 'SET' Requests The total number of SNMP SET-Request PDUs accepted and
processed by the SNMP protocol entity.
Number of SNMP Error “Too Big” The total number of SNMP PDUs generated by the SNMP
Received protocol entity for which the value of the error-status field is
‘tooBig.’
Number of SNMP Error “No Such The total number of SNMP PDUs generated by the SNMP
Name” Received protocol entity for which the value of the error-status is
‘noSuchName’.
Number of SNMP Error “Bad Value” The total number of SNMP PDUs generated by the SNMP
Received protocol entity for which the value of the error-status field is
‘badValue’.

Monitoring DefensePro Statistics
Table 382: DefensePro SNMP Statistics (cont.)
Number of SNMP Error “Generic The total number of SNMP PDUs generated by the SNMP
Error” Received protocol entity for which the value of the error-status field is
‘genErr’.
Number of SNMP 'GET' Responses The total number of SNMP Get-Response PDUs generated by
Sent the SNMP protocol entity.
Number of SNMP Traps Sent The total number of SNMP Trap PDUs generated by the
SNMP protocol entity.
Monitoring DefensePro Bandwidth Management Statistics

This feature is available only in DefensePro 6.x versions.
You can monitor the Bandwidth Management (BWM) statistics for a DefensePro device.
Displaying the Last-Second BWM Statistics for a Selected DefensePro

Device
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).
To display the last-second BWM statistics for a selected DefensePro device

1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Second). The Policy Statistics (Last Second) table is displayed.
2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.
Table 383: DefensePro BWM Last-Second Statistics Parameters
Policy Name The name of the displayed policy.
Matched Packets The number of packets matching the policy during the last
second.
Matched Bandwidth The traffic bandwidth, in Kbits, matching the policy during the
last second.
Sent Bandwidth The volume of sent traffic, in Kbits, in any direction, in the last
second.
Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached
during the last second.
Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during
the last second.
New TCP Sessions The number of new TCP sessions the device detected in the last
second.

Table 383: DefensePro BWM Last-Second Statistics Parameters (cont.)
New UDP Sessions The number of new UDP sessions the device detected in the
last second.
Queued Bandwidth The bandwidth, in Kilobits, during the last second.
Full Queue Bandwidth The bandwidth, in Kilobits, discarded during the last second,
due to a full queue.
Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, during the last
second, due to the aging of packets in the queue.
Inbound Packets The number of inbound packets in the last second.
Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last second
that matched the policy.
Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last
second.
Outbound Packets The number of outbound packets in the last second.
Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last second
that matched the policy.
Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last
second.
Displaying the Last-Period BWM Statistics for a Selected DefensePro

Device
To display the last-second BWM statistics for a selected DefensePro device, the Enable Policy
Statistics Monitoring checkbox must be selected (Configuration perspective, BWM > Global
Settings > Enable Policy Statistics Monitoring).
The Policy Statistics Reporting Period parameter determines the period (Configuration perspective,
BWM > Global Settings > Policy Statistics Reporting Period).
To display the last-period BWM statistics for a selected DefensePro device

1. In the Monitoring perspective, select Statistics > BWM Statistics > Policy Statistics (Last
Period). The Policy Statistics (Last Period) table is displayed.
2. To view all the parameters of a policy, double-click the row of the policy. The Edit Statistics Entry
dialog box is displayed with all the BWM statistics.
Table 384: DefensePro BWM Last-Period Statistics Parameters
Policy Name The name of the displayed policy.
Matched Packets The number of packets matching the policy during the last
specified period.
Matched Bandwidth The traffic bandwidth, in Kilobits, matching the policy during
the last specified period.
Sent Bandwidth The volume of sent traffic, in Kilobits, in any direction, in the
last specified period.

Table 384: DefensePro BWM Last-Period Statistics Parameters (cont.)
Guaranteed Bandwidth Reached Specifies whether the guaranteed bandwidth was reached
during the last specified period.
Maximum Bandwidth Reached Specifies whether the maximum bandwidth was reached during
the last specified period.
New TCP Sessions The number of new TCP sessions the device detected in the last
specified period.
New UDP Sessions The number of new UDP sessions the device detected in the
last specified period.
Queued Bandwidth The volume of queued traffic, in Kilobits, during the last
second.
Full Queue Bandwidth The bandwidth, in Kilobits, discarded in the last specified
period, due to a full queue.
Aged Packets Bandwidth The amount of discarded bandwidth, in Kilobits, in the last
specified period, due to the aging of packets in the queue.
Inbound Packets The number of inbound packets in the last specified period.
Inbound Matched Bandwidth The volume of inbound traffic, in Kilobits, in the last specified
period that matched the policy.
Inbound Sent Bandwidth The volume of inbound sent traffic, in Kilobits, in the last
specified period.
Outbound Packets The number of outbound packets in the last specified period.
Outbound Matched Bandwidth The volume of outbound traffic, in Kilobits, in the last specified
period that matched the policy.
Outbound Sent Bandwidth The volume of outbound sent traffic, in Kilobits, in the last
specified period.
Monitoring DefensePro IP Statistics

You can monitor statistics for the IP layer of the device, including the number of packets discarded
and ignored. This enables you to quickly summarize the state of network congestion from a given
interface.
To display IP statistics information for a selected DefensePro device

> In the Monitoring perspective, select Statistics > IP Statistics.
Table 385: IP Statistics Parameters
Number of IP Packets The total number of input datagrams received from interfaces,
Received including those received in error.
Number of IP Header Errors The number of input datagrams discarded due to errors in their IP
headers, including bad checksums, version number mismatch, other
format errors, time-to-live exceeded, errors discovered in
processing their IP options, and so on.

Table 385: IP Statistics Parameters (cont.)
Number of Discarded IP The total number of input datagrams for management that were
Packets discarded.
This counter does not include any datagrams discarded while
awaiting re-assembly.
Number of Valid IP Packets The total number of input datagrams successfully delivered to IP
Received user-protocols (including ICMP).
Number of Transmitted The total number of IP datagrams which local IP user-protocols,
Packets (Inc. Discards) including ICMP supplied to IP in requests for transmission.
This counter does not include any datagrams counted in the
Number of IP Packets Forwarded.
Number of Discarded Packets The number of output IP datagrams for which no problem was
on TX encountered to prevent their transmission to their destination, but
which were discarded, for example, the lack of buffer space.
This counter includes any datagrams counted in the Number of IP
Packets Forwarded if those packets meet this (discretionary) discard
criterion.
Table 386: Router Statistics Parameters
Number of IP Packets The number of input datagrams for which this entity was not their
Forwarded final IP destination, as a result of which an attempt was made to
find a route to forward them to that final destination. In entities that
do not act as IP Gateways, this counter includes only those packets
which were Source - Routed via this entity, and the Source - Route
option processing was successful.
Number of IP Packets The number of locally addressed datagrams received successfully
Discarded Due to ‘Unknown but discarded because of an unknown or unsupported protocol.
Protocol’
Number of IP Packets The number of IP datagrams discarded because no route could be
Discarded Due to ‘No Route’ found to transmit them to their destination.
Note: This counter includes any packets counted in the Number
of IP Packets Forwarded that meet the no-route criterion. This
includes any datagrams which a host cannot route because all of
its default gateways are down.
Number of IP Fragments The number of IP fragments received which needed to be
Received reassembled at this entity.
Number of IP Fragments The number of IP datagrams successfully re-assembled.
Successfully Reassembled
Number of IP Fragments The number of failures detected by the IP re-assembly algorithm,
Failed Reassembly such as timed out, errors, and so on. Note: This is not necessarily a
count of discarded IP fragments since some algorithms (notably the
algorithm in RFC 815) can lose track of the number of fragments by
combining them as they are received.
Number of IP Datagrams The number of IP datagrams that have been successfully re-
Successfully Reassembled assembled at this entity.

Table 386: Router Statistics Parameters (cont.)
Number of IP Datagrams The number of IP datagrams that have been discarded because they
Discarded Due to needed to be fragmented at this entity but could not be, for
Fragmentation Failure example, because their Don’t Fragment flag was set.
Number of IP Datagrams The number of IP datagram fragments that have been generated as
Fragments Generated a result of fragmentation at this entity.
Valid Routing Entries Number of valid routing entries discarded.
Discarded

MANAGING DEFENSEPRO
DIAGNOSTICS
Monitoring and managing DefensePro diagnostics comprises the following topics:
• Configuring the Diagnostic Tool Parameters)
• Configuring Diagnostics Policies
• Managing Capture Files
You can monitor and manage DefensePro diagnostics using in APSolute Vision in DefensePro 6.x
versions 6.12 and later, 7.x versions, and 8.x versions 8.10 and later. The feature described in
Configuring Diagnostics Policies is relevant only to DefensePro 6.x and 7.x versions.
Note: In DefensePro 6.x versions earlier than 6.12, you can monitor and manage DefensePro
diagnostics using DefensePro CLI or WBM.
Configuring the Diagnostic Tool Parameters)

This feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, 7.x
versions, 8.x versions 8.10–8.21, and 8.x versions 8.22 and later on platforms without the DME
(that is, DefensePro 6 and DefensePro VA).
The diagnostic packet-capture tool can capture packets that enter the device, leave the device, or
both. The captured traffic is stored in CAP files. You can download the files with the captured packets
using the Capture Files pane (Monitoring perspective, Diagnostics > Capture Files). You can
analyze the traffic using Wireshark and various other tools.
Caution: Enabling this feature may cause severe performance degradation.
Notes
• For information on managing the files that diagnostic packet-capture tool generates, see
Managing Capture Files.
• To see the actual timestamp of the packets in the files that the diagnostic packet-capture tool
produces, in the packet analyzer (for example, Wireshark), you may need to modify the format
of the time display. The timestamp in the packets in the files that the diagnostic packet-capture
tool produces is always UTC.
• The diagnostic packet-capture tool does not capture packets that pass through the device as the
result of Traffic Exclusion. Traffic Exclusion is when DefensePro passes through all traffic that
matches no network policy configured on the device.
• The diagnostic packet-capture tool does not capture GRE-encapsulated packets.

Monitoring and Managing DefensePro Diagnostics
• In DefensePro 6.x versions, the diagnostic packet-capture tool truncates packets longer than
1619 bytes (regardless of the configuration for jumbo frames).
• In DefensePro 7.x and 8.x versions, the diagnostic packet-capture tool does not handle jumbo
frames. DefensePro 7.x and 8.x versions either forward jumbo-frame traffic through the device
or drop jumbo-frame traffic.
To configure diagnostic packet-capture tool in DefensePro 8.x versions

1. In the Monitoring perspective, select Diagnostics > Diagnostic Tool Parameters.
Table 387: Diagnostic Tool Parameters in DefensePro 8.x Versions
Status Specifies whether the diagnostic packet-capture tool is enabled.
Values: Enabled, Disabled
Default: Disabled
Note: When the device reboots, the status of the diagnostic packet-
capture tool reverts to Disabled.

Table 387: Diagnostic Tool Parameters in DefensePro 8.x Versions (cont.)
Capture Point The location where the device captures the data.
Values for devices running version 8.14 or later configured with the SSL
Decryption and Encryption option Enabled, Using the On-Device
Component:
• On Packet Arrive—The device captures packets when they enter the
device.
• On Packet Send—The device captures packets when they leave the
device.
• On Both Packet Arrive and Packet Send—The device captures packets
when they enter the device and when they leave the device.
• On Packet Arrive, Including To and From On-device Decryption Unit—
The device captures packets when they enter the device, and captures
packets to and from the on-device SSL component.
• On Packet Send, Including To and From On-device Decryption Unit—The
device captures packets when they leave the device, and captures
packets to and from the on-device SSL component.
• On Both Packet Arrive and Packet Send, Including To and From On-
device Decryption Unit—The device captures packets when they enter
the device and when they leave the device, and captures packets to and
from the on-device SSL component.
• To and From On-device Decryption Unit—The device captures packets to
and from the on-device SSL component.
Values for devices running version 8.10–8.13 and running version 8.14 or
later configured without the SSL Decryption and Encryption option
Enabled, Using the On-Device Component:
device.
device.
• On Both Packet Arrive and Packet Send—The device captures packets
when they enter the device and when they leave the device.
Default: On Packet Arrive
Capture Port Group The ports where the device captures the data.
(This parameter is Values:
available only in • On Data Ports
DefensePro version
8.11 and later.) • On Management and Data Ports
• On Management Ports
Default:
• In DefensePro version 8.20 and later, and 8.17.x versions 8.17.7 and
later: On Data Ports
• In DefensePro versions earlier than 8.20, and 8.17.x versions earlier
than 8.17.7: On Management and Data Ports

Table 387: Diagnostic Tool Parameters in DefensePro 8.x Versions (cont.)
Capture Rate The per-packet capture rate per core (also referred to as a DefensePro
(This parameter is engine). For example, if the value is 10, the device captures every tenth
not available in packet from each core.
DefensePro version Values: 1–10,000
8.10.) Default: 1
Note: When the device reboots, the value reverts to 1.
To configure diagnostic packet-capture tool in DefensePro 6.x and 7.x versions

1. In the Monitoring perspective, select Diagnostics > Diagnostic Tool Parameters.
Table 388: Diagnostic Tool Parameters in DefensePro 6.x and 7.x Versions
Status Specifies whether the diagnostic packet-capture tool is enabled.
Default: Disabled
Note: When the device reboots, the status of the diagnostic packet-
capture tool reverts to Disabled.
Output to File The location of the stored captured data.
Values:
• RAM Drive and Flash—The device stores the data in RAM and appends
the data to the file on the CompactFlash drive. Due to limits on
CompactFlash size, DefensePro uses two files. When the first file
becomes full, the device switches to the second, until it is full, and then
it overwrites the first file, and so on.
• RAM Drive—The device stores the data in RAM.
• None—The device does not store the data in RAM or flash, but you can
view the data using a terminal.
Output to Terminal Specifies whether the device sends captured data to a terminal.
Default: Disabled
Capture Point The location where the device captures the data.
Values:
device.
device.
• Both—The device captures packets when they enter the device and
when they leave the device.
Default: On Packet Arrive

Configuring Diagnostics Policies

This feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, and 7.x
versions.
In most cases, there is no need to capture all the traffic passing through the device. Using diagnostic
policies, the device can classify the traffic, and store only the required information.
To configure a diagnostics policy

1. In the Monitoring perspective, select Diagnostics > Diagnostic Policies.

Table 389: Diagnostics Policies Parameters
Name The user-defined name of the policy.
Index The number of the policy in the order in which the diagnostic packet-
capture tool classifies (that is, captures) the packets.
Default: 1
Description The user-defined description of the policy.
VLAN Tag Group The VLAN tag value or predefined class object whose packets the policy
classifies (that is, captures).
Destination The destination IP address or predefined class object whose packets the
policy classifies (that is, captures).
Source The source IP address or predefined class object whose packets the
policy classifies (that is, captures).
Service Type The service type whose packets the policy classifies (that is, captures).
Values:
• None
• Basic Filter
• AND Group
• OR Group
Default: None
Service The service whose packets the policy classifies (that is, captures).
Outbound Port Group The Physical Port class whose outbound packets the policy classifies
(that is, captures).
You cannot set the this parameter when the Trace-Log Status
parameter is enabled in the DefensePro CLI or Web Based Management,
Inbound Port Group The Physical Port class whose inbound packets the policy classifies (that
is, captures).

Table 389: Diagnostics Policies Parameters (cont.)
Destination MAC Group The destination MAC group whose packets the policy classifies (that is,
captures).
Source MAC Group The source MAC group whose packets the policy classifies (that is,
captures).
Maximal Number of The maximal number of packets that the policy captures. Once the
Packets policy captures the specified number of packets, it stops capturing
traffic. In some cases, the policy captures fewer packets than the
configured value. This happens when the device is configured to drop
packets.
Note: For DefensePro 7.x versions, which run on the x420 platform,
the Maximal Number of Packets is counted per software instance.
Maximal Packet Length The maximal length for a packet the policy captures.
Trace-Log Status Specifies whether the Trace-Log feature is enabled in the policy.
Default: Disabled
Note: You cannot set the Outbound Port Group when the value of the
Trace-Log Status parameter is Enabled.
Capture Status Specifies whether the packet-capture feature is enabled in the policy.
Default: Disabled
Managing Capture Files

This feature is available in APSolute Vision only in DefensePro 6.x versions 6.12 and later, 7.x
versions, 8.x versions 8.10–8.21, and 8.x versions 8.22 and later on platforms without the DME
(that is, DefensePro 6 and DefensePro VA).
Managing Capture Files on DefensePro Version-8.x Devices Without the

DME
Use the Capture Files pane to download or delete diagnostic packet-capture files from RAM.
Note: You configure the creation process of the diagnostic packet-capture files in the Diagnostic
Tool Parameters pane. The configuration includes enabling or disabling packet capture, and
specifying the Capture Port Group (On Data Ports, On Management and Data Ports, or On
Management Ports). For more information, see Configuring the Diagnostic Tool Parameters),
page 493.

In DefensePro 8.x version 8.17 and later, the diagnostic packet-capture tool does the following—
according to the value of the of the Capture Port Group parameter:
• When the Status of the diagnostic packet-capture tool is Enabled (Monitoring perspective,
Diagnostics > Diagnostic Tool Parameters > Status), the diagnostic packet-capture tool
writes the following:
— Files from the data (traffic) ports per core (also referred to as a “DefensePro
engine”)
In version 8.22 and later, the files are in the following format:
CapturedOnEngine_<engine ID>.cap.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap file (per core)
to 300 MB.
In version 8.17–8.21, the files are compressed, in the following format:
CapturedOnEngine_<engine ID>.cap.bz2.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap.bz2 file (per
core)—before compression—to 300 MB.
When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the
specific core stops (but the tool will remain enabled to allow other cores to continue
capturing).
To resume packet capture on the specific core, you must delete the file.
Note: When packet capture is disabled and re-enabled, the tool appends data to the
existing files from the data (traffic) ports.
— Files from management ports 1 and 2
In version 8.22 and later, the files are in the following format:
CapturedOnManagement_<1|2>.cap.
DefensePro limits the size of each CapturedOnManagement_<1|2>.cap file (per
management interface) to 300 MB.
In version 8.17–8.21, the files are compressed, in the following format:
CapturedOnEngine_<engine ID>.cap.bz2.
DefensePro limits the size of each CapturedOnEngine_<engine ID>.cap.bz2 file (per
management interface)—before compression—to 300 MB.
When a diagnostic packet-capture file exceeds the maximum size, packet-capture on the
specific interface, the file rolls over, restarting with an empty file.
To resume packet capture on the specific core, you must delete the file.
Note: When packet capture is disabled and re-enabled, the tool starts a new file for the
management ports.
• In version 8.22 and later, when the Status of the diagnostic packet-capture tool changes from
Enabled to Disabled (Monitoring perspective, Diagnostics > Diagnostic Tool Parameters >
Status), the diagnostic packet-capture tool writes the following:
— A merged file of the data (traffic) ports, interleaved from all the
CapturedOnEngine_<engine ID>.cap files (per core)—In the following format:
AllEnginesCombined.cap.
DefensePro limits the size of each AllEnginesCombined.cap to 300 MB.
DefensePro merges the first 300 MB of data—starting from the earliest packet.

— A merged file, interleaved from the CapturedOnManagement_<1|2>.cap files (per

management interface)—In the following format:
AllManagementCombined.cap.
DefensePro limits the size of each AllManagementCombined.cap file to 300 MB.
• In version 8.17–8.21, when the Status of the diagnostic packet-capture tool changes from
Enabled to Disabled (Monitoring perspective, Diagnostics > Diagnostic Tool Parameters >
Status), the diagnostic packet-capture tool writes the following:
— A merged file of the data (traffic) ports, interleaved from all the
CapturedOnEngine_<engine ID>.cap.bz2 files (per core)—Compressed, in the
following format:
AllEnginesCombined.cap.bz2.
DefensePro limits the size of each AllEnginesCombined.cap.bz2 file—before
compression—to 300 MB.
— A merged file, interleaved from the CapturedOnManagement_<1|2>.cap.bz2 files
(per management interface)—Compressed, in the following format:
AllManagementCombined.cap.bz2.
DefensePro limits the size of each AllManagementCombined.cap.bz2 file—before
compression—to 300 MB.
In DefensePro versions 8.11–8.16, the diagnostic packet-capture tool does the following:
• Writes the files per core (also referred to as a DefensePro engine), compressed, in the following
format:
CapturedOnEngine_<engine ID>.cap.bz2
• Limits the size of each file (per core)—before compression—to 300 MB. When a diagnostic
packet-capture file exceeds the maximum size, packet-capture on the specific core stops (but
the tool will remain enabled to allow other cores to continue capturing). To resume packet
capture on the specific core, you must delete the file.
In DefensePro version 8.10, the diagnostic packet-capture tool does the following:
• Writes the files per core (also referred to as a DefensePro engine) in the following format:
CapturedOnEngine_<engine ID>.cap
• Limits the size of each file (per core) to 300 MB. When a diagnostic packet-capture file exceeds
the maximum size, packet-capture on the specific core stops (but the tool will remain enabled to
allow other cores to continue capturing). To resume packet capture on the specific core, you
must delete the file.
To download or delete capture files in DefensePro 8.x versions on platforms without the
DME
1. In the Monitoring perspective, select Diagnostics > Capture Files.
The table comprises the following columns:
— File Name—The name of the file.
— Uncompressed File Size—The size of the file, in bytes, before compression.

2. Select the required row or rows.

3. Click one of the following:
— (Delete Row)—Deletes the selected file.

— Download—Starts the download process of the selected data. Follow the on-screen
instructions.
Note: The download may take a several minutes.
Managing Capture Files in DefensePro 6.x and 7.x Versions

Use the Capture Files pane to download or delete diagnostic packet-capture files from the RAM or
CompactFlash.
In DefensePro 6.x and 7.x versions, the capture tool names the files using the following format:
capture_<Device Name>_<ddMMyyyy>_<hhmmss>_<file number>.cap
If the device is configured to store the output in the CompactFlash, when the data size in RAM
reaches its limit, the device appends the data chunk from RAM to the file on the CompactFlash drive.
For each enabled diagnostic tool, DefensePro uses two temporary files. When one temporary file
reaches the limit (1 MB), DefensePro stores the information in the second temporary file. When the
second temporary file reaches the limit (1 MB), DefensePro overwrites the first file, and so on. When
you download a CompactFlash file, the file contains both temporary files.
To download or delete capture files in DefensePro 6.x and 7.x versions

1. In the Monitoring perspective, select Diagnostics > Capture Files.
The pane contains two tables, Files On RAM Drive and Files On Main Flash.
Each table comprises the following columns:
— File Name—The name of the file.
— File Size—The file size, in bytes.
2. Select the required row.
3. Click one of the following:
— (Delete Row)—Deletes the selected file.

— Download—Starts the download process of the selected data. Follow the on-screen
instructions.


CONTROLLING DEFENSEPRO
NETWORKING
Monitoring and controlling DefensePro networking comprises the following topics:
• Monitoring and Controlling the DefensePro Session Table, page 503
• Monitoring Routing Table Information, page 505
• Monitoring DefensePro ARP Table Information, page 506
• Monitoring MPLS RD Information, page 507
• Monitoring the DefensePro Suspend Table, page 508
• Location-Based Suspended Traffic, page 509
• Monitoring Tunnel Interfaces, page 509
• Monitoring BGP Peers, page 510
Monitoring and Controlling the DefensePro Session Table

Monitoring and controlling DefensePro Session table comprises the following topics:
• Monitoring Session Table Information, page 503
• Configuring DefensePro Session Table Filters, page 505
Monitoring Session Table Information

Each DefensePro device includes a Session table to keep track of sessions bridged and forwarded by
the device. In DefensePro 6.x and 7.x versions, the Session table is enabled by default. In
DefensePro 8.x versions, the Session table is always enabled.
The size of the table makes it difficult to view. To generate reliable and useful reports and prevent
system failures, in DefensePro 6.x and 7.x versions, you can use filters to define the Session table
information to display. The Session Table pane displays information that matches any enabled
Session table filter.
Notes
• The filtered Session table does not automatically refresh. The information loads when you
display the Session Table pane and when you manually refresh the display.
• DefensePro issues alerts for high utilization alerts of the Session table. DefensePro sends alerts
to APSolute Vision when table utilization reaches 90% and 100%.
To view Session table information

> In the Monitoring perspective, select Networking > Session Table > Session Table.

Monitoring and Controlling DefensePro Networking
Table 390: Session-Table Monitoring Parameters
Source IP The source IP address within the defined subnet.
Destination IP The destination IP address within the defined subnet.
Source L4 Port The session source port.
Destination L4 Port The session destination port.
Context Group Tag The Tag value of the Context Group class associated with the entry.
(This parameter is
available only in
DefensePro 8.x
versions.)
Protocol The session protocol.
Physical Interface The physical port on the device at which the request arrives from the
(This parameter is client.
available only in
DefensePro 6.x and 7.x
versions.)
Lifetime (Sec.) The time, in seconds, following the arrival of the last packet, that the
entry remains in the table before it is deleted.
Aging Type The reason for the Lifetime value.
available only in • Default—A lifetime per protocol. The default value is 100 seconds.
versions.) • End—Session end. A FIN/RST arrived, and the session ended. The
value depends on the protocol defaults. The default value is 5
seconds.
• SYN—SYN Flood Protection. The Lifetime was set after DefensePro
received a SYN that may be an attack. The default value is 10
seconds.
• App—An application changed the lifetime for an application-specific
reason. Note that the host table can change this lifetime only to the
Lifetime type End (for example, ACL rules).
• Initial—The initial lifetime of the session, which later (probably after
the arrival of the second packet) will be modified to the Lifetime
type Default. The default value is 5 seconds.
• Unknown—If none of the above options are used.
SYN Flood Status Indicates whether the entry is currently protected against SYN attacks.
available only in • Not Protected—The SYN Flood Protection module is disabled.
versions.) • Protected (No Attack)—No trigger is found for the protected server,
thus there is no attack.
• Protected (Under Attack)—There is an ongoing attack on the
protected server, and DefensePro is mitigating the attack
Policy Name The name of the Network Protection policy.
(This parameter is
available only in
7.42 and later.)

Configuring DefensePro Session Table Filters

The full Session table is very large; therefore, it is recommended to filter the information. Use
Session table filters to define the information you want to display.
To configure Session table filters

1. In the Monitoring perspective, select Networking > Session Table > Session Table Filters.
2. To add or modify a filter, do one of the following:
— To add a filter, click the (Add) button.

— To edit a filter, double-click the entry in the table.
3. Configure filter parameters and click Submit.
Table 391: Session-Table Filter Monitoring Parameters
Filter Name The unique name of the filter.
Physical Interface The physical port on the device at which the request arrives from the
client.
Default: Any
Source IP Address The source IP address within the defined subnet.
Select IPv4 or IPv6, and then, enter the address.
Source IP Mask The source IP address used to define the subnet that you want to
present in the Session table.
Select IPv4 or IPv6, and then, enter the mask.
Destination IP Address The destination IP address within the defined subnet.
Select IPv4 or IPv6, and then, enter the address.
Destination IP Mask The destination IP address used to define the subnet that you want to
present in the Session table.
Select IPv4 or IPv6, and then, enter the mask.
Source L4 Port The session source Layer 4 port.
Destination L4 Port The session destination Layer 4 port.
Monitoring Routing Table Information

The Routing table stores information about destinations and how they can be reached.
By default, all networks directly attached to the DefensePro device are registered in this table. Other
entries can be statically configured or dynamically created through the routing protocol.
Note: The Routing table is not automatically refreshed periodically. The information is loaded when
you select to display the Routing Table pane, and when you manually refresh the display.

To display Routing Table information for a selected device

> In the Monitoring perspective, select Networking > Routing.
Table 392: Routing-Table Monitoring Parameters
Destination Network The destination network to which the route is defined.
Netmask The network mask of the destination subnet.
Next Hop The IP address of the next hop toward the Destination subnet. (The next
hop always resides on the subnet local to the device.)
Via Interface In DefensePro 6.x–8.x versions, this is the local interface or VLAN through
which the next hop of this route is reached. This can be the port name,
trunk name, or VLAN ID.
In Radware DefensePro DDoS Mitigation for Cisco Firepower, the value is
MNG-1 (read-only), which is the value of the management interface.
Type This field is displayed only in the Static Routes table.
The type of routing.
Values:
• Local—The subnet is directly reachable from the device.
• Remote—The subnet is not directly reachable from the device.
Metric The metric value defined or calculated for this route.
Monitoring DefensePro ARP Table Information

You can view the device’s ARP table, which contains both static and dynamic entries. You can change
an entry type from dynamic to static.
Note: The ARP table is not automatically refreshed periodically. The information is loaded when you
select to display the ARP Table pane, and when you manually refresh the display.
To display ARP Table information for a selected DefensePro device

> In the Monitoring perspective, select Networking > ARP.
Table 393: DefensePro ARP-Table Monitoring Parameters
Parameter Heading
Port The interface number where the station resides.
IP Address The station’s IP address.
MAC Address The station’s MAC address.

Table 393: DefensePro ARP-Table Monitoring Parameters (cont.)
Parameter Heading
Type The entry type.
Values:
• Other—Not Dynamic or Static.
• Dynamic—Entry is learned from ARP protocol. If the entry is not active
for a predetermined time, the node is deleted from the table.
• Static—Entry has been configured by the network management station
and is permanent.
To change an entry type from dynamic to static

1. In the Monitoring perspective, select Networking > ARP.
2. Select the entry, and select Change Entry to Static.
Monitoring MPLS RD Information

This feature is supported only in DefensePro 6.x versions and 7.x versions prior to 7.40.
You can monitor MPLS RD information and configure an MPLS RD. Each MPLS RD is assigned two
tags for the link on which the device is installed, an upper tag and a lower tag. On a different link,
the same MPLS RD can be assigned with different tags.
To display MPLS RD information for a selected DefensePro device

1. In the Monitoring perspective, select Networking > MPLS RD.
The MPLS RD table displays current MPLS RD information.
2. To add an MPLS RD, click the (Add) button.

Table 394: MPLS RD Parameters
MPLS RD The MPLS RD name.
Type Describes the MPLS RD format.
Values:
• 2 Bytes : 4 Bytes—AS (16 bit): Number (32 bit)
• 4 Bytes : 2 Bytes—AS (32 bit): Number (16 bit)
• IP Address : 2 Bytes—IP: Number (16 bit)
Upper Tag The upper tag for the link on which the device is installed.
Lower Tag The lower tag for the link on which the device is installed.

Monitoring the DefensePro Suspend Table

When certain security modules—such as Anti-Scanning, Server Cracking, and Connection Limit—
detect an attack, DefensePro can suspend attack traffic. The Suspend table stores the entries that
define the suspended traffic.
To view the real-time Suspend table for a selected DefensePro device

> In the Monitoring perspective, select Networking > Suspend Table.
Table 395: DefensePro Suspend-Table Monitoring Parameters
Source IP The IP address from which traffic was suspended.
Destination IP The IP address to which traffic was suspended.
The value 0.0.0.0 specifies all destinations.
Destination Port The application port to which traffic was suspended.
Protocol The network protocol of the suspended traffic.
Module The security module that activated the traffic suspension.
Values for DefensePro 8.x versions: Anti-Scanning, Connection Limit, Traffic
Filters
Values for DefensePro 6.x and 7.x versions: Signatures, Anti Scanning, Syn
Protection
Note: The Signatures value encompasses the Signature Protection
module and the Connection Limit module.
Classification Type Value for DefensePro 8.x versions: Policy—A Protection policy suspended
the traffic.
Values for DefensePro 6.x and 7.x versions:
• Policy—A Network Protection policy suspended the traffic.
• Server—A Server Protection policy suspended the traffic.
Policy / Server Name The name of the policy that suspended the traffic.
(This column is
displayed only in
DefensePro 6.x and
7.x versions.)
Policy Name The name of the Protection policy that suspended the traffic.
(This column is
displayed only in
DefensePro 8.x
versions.)
Expiration Type The method of determining the expiration.
Value for DefensePro 8.x versions: Dynamic Timeout
Values for DefensePro 6.x and 7.x versions: On Request, Fixed Timeout,
Dynamic Timeout
Expiration Time The number of seconds until the entry is aged from the Suspend table.

Location-Based Suspended Traffic

You can use the Location-Based Suspended Traffic pane to view the list of geolocations that are
temporarily blocked (that is, suspended) using the using the Geolocation Map in APSolute Vision
Analytics.
For more information on APSolute Vision Analytics (AVA), see Using APSolute Vision Analytics,
page 2291 and Using the DefensePro Geolocation Map, page 2333.
Figure 63: Geolocation Map in APSolute Vision Analytics
To view the list of temporarily blocked geolocations

> In the Monitoring perspective, select Networking > Location-Based Suspended Traffic.
Table 396: Location-Based Suspended Traffic Parameters
Policy Name The name of the Protection policy with the temporarily blocked
geolocation.
Geolocation The geolocation code.
Suspended At The time that the geolocation was blocked.
Suspension Expires At The time that the block expires.
Monitoring Tunnel Interfaces

You can monitor tunnel interfaces that are configured in the Tunnel Interfaces pane (Configuration
perspective, Setup > Networking > IP Management > Tunnel Interfaces).
To display tunnel interface information for a selected DefensePro device

> In the Monitoring perspective, select Networking > Tunnel Interfaces.

Table 397: Tunnel Interfaces: Table Parameters
Tunnel IP Address The IP address of the tunnel.
Primary Tunnel Status The status of the primary tunnel.
Secondary Tunnel Status The status of the secondary tunnel.
Table 398: Tunnel Interfaces: Total Tunnel Status Parameter
Total Tunnels Status The number of reachable tunnels of the total configured tunnels,
using a slash (/) as the separator. For example, the value 10/11
signifies that there are 10 reachable tunnels of the 11 total
configured tunnels.
Monitoring BGP Peers

You can monitor statistics regarding the BGP peers configured on the device.
Note: The routing tables managed by a Border Gateway Protocol (BGP) implementation are
adjusted continually to reflect changes in the network, such as links breaking and being restored, or
routers going down and coming back up. In the network as a whole, these changes happen almost
continuously, but for any particular router or link, changes should be relatively infrequent.
To display BGP information for a selected DefensePro device

> In the Monitoring perspective, select Networking > BGP Peers.
Table 399: BGP Information for DefensePro
Peer IP Address The IP address of the remote peer.
Admin Status Indicates whether the peer is enabled.

Table 399: BGP Information for DefensePro (cont.)
Connection State The state of the connection.
Values:
• Idle—The peer is stopped.
• Connect—DefensePro initiated a TCP connection to remote
peer.
• Active—The peer is waiting during a connect retry interval,
after failing to establish TCP connection to a remote peer. In
this state, DefensePro also listens on port 179 for potential
incoming connections from the remote peer.
• OpenSent—A TCP connection is established with the remote
peer. DefensePro sent a BGP OPEN message to the remote peer
and expects to receive an OPEN message from it.
• OpenConfirm—DefensePro received an OPEN message from the
remote peer. DefensePro responds with a KEEPALIVE message
and expects a KEEPALIVE message from the remote peer.
• Established—A BGP connection is established with a remote
peer. DefensePro can now exchange UPDATE messages with it.
Remote AS The remote autonomous system number.
Peer Identifier The IP address that identifies the remote peer for the current BGP
connection.
Local Address The DefensePro IP interface address used as the source IP address
for a BGP connection.
Local Port (Source) The TCP source port number used by DefensePro for a BGP
connection to the remote peer.
Remote Port (Destination) The TCP destination port number used by DefensePro for a BGP
connection to the remote peer.
In Updates The number of BGP UPDATE messages transmitted on the
connection.
Out Updates The number of BGP UPDATE messages transmitted on the
connection.
In Total Messages The total number of messages received from to the remote peer on
the connection.
Out Total Messages The total number of messages transmitted to the remote peer on
the connection.
Last Error The last error code and subcode seen by the peer on the
connection. If no error has occurred, the value for this field is zero
(0). Otherwise, the first byte of this two-byte OCTET STRING
contains the error code, and the second byte contains the subcode.
FSM Established Time How long, in seconds, the peer has been in the established state, or
how long since the peer was last in the established state. It is set to
zero when a new peer is configured or the router is booted.
FSM Established Transitions The total number of times the BGP FSM transitioned into the
established state.
Connect Retry Interval The Connect Retry Interval value specified in the configuration of
the peer.

Table 399: BGP Information for DefensePro (cont.)
Hold Time The time, in seconds, the Hold Timer established with the peer. The
value of this object is calculated by the BGP speaker by using the
smaller of the value by the specified Hold Time and the Hold Time
received in the OPEN message. The value zero (0) indicates that the
Hold Timer has not been established with the peer, or, the specified
Hold Time is zero (0).
Keep Alive Time The interval, in seconds, for the keepalive timer established with
the peer. The value of this object is calculated by the BGP speaker.
The value zero (0) indicates that the keepalive timer has not been
established with the peer, or, the specified Keep-Alive Time is zero
(0).
Hold Time Configured The Hold Time value specified in the configuration of the peer.
Keep Alive Configured The Keep-Alive Time value specified in the configuration of the
peer.
In Update Elapsed Time The elapsed time, in seconds, since the last BGP UPDATE message
was received from the peer.

CONTROLLING DEFENSEFLOW
OPERATION
The Monitoring pane lets you view system information and statistics and the operation of protected
objects in real-time.
These include protected objects for:
• Operation, page 513
• System, page 542
Note: In DefenseFlow version 2.1, the order of the Operation and System tabs are switched.
• Attack Mitigation Operation Dashboard—In addition to managing protected objects with the
Monitoring pane, you can view and manage the details of protected objects using the Attack
Mitigation Operation dashboard. For more information, see Attack Mitigation Operation
Dashboard, page 545.
Operation
The Operation pane lets you manage protected objects and manually activate them using the
Protected Objects pane.
These protected objects include:
• Pending Actions, page 513
• Mitigation Devices, page 520
• Protected Objects, page 522
• Ongoing Protections, page 530
• BGP, page 535
Pending Actions
This feature is only available starting with version 2.2.
The Pending Actions pane lets you manage pending actions to be performed for protected objects in
User Confirmation mode.
Note: If there are any pending actions, the number of pending actions is indicated on the Pending
Actions global management button. To go directly to the Pending Actions monitoring
and management pane, click the Pending Actions button.

Monitoring and Controlling DefenseFlow Operation
To monitor pending actions

1. In the Monitoring perspective, select Operation > Pending Actions.
2. Highlight the pending action or search for the pending action by typing a string in one of the
pending action search fields and clicking the (Search) button:
Table 400: Pending Actions View/Search Parameters
Name The name of the protected object awaiting action confirmation.
(From versions Starting with version 2.7, to view and/or edit a protected object associated with a
2.3 through 2.6, pending action, select the link in the Name column, and the Edit Protected Object
the Name and pane for that protected object displays. For more information on protected
IP Address objects, see the DefenseFlow Installation and User Guide.
parameters
Note: If the protected object is under protection, and you modify an attribute
were together in
that conflicts with the ongoing protection, the change is performed only at the
one column. In
next activation of the protected object.
versions earlier
than 2.7, Name Starting with version 2.8.1, if you want a modification that affects an ongoing
was PO Name) protection to take effect immediately, you can make this modification from
Operation > Ongoing Protections > Edit Protection. For more information,
see To edit ongoing protections, page 534.
IP Address The IP address of the attacked destination as detected by the selected detection
(In versions device.
earlier than 2.3,
IP Address
was Detected
IP Address)
Operation String within the operation name.
(This parameter Starting with version 2.7, to view and/or edit an operation associated with a
is only available pending action, select the link in the Operation column, and the Edit Operation
starting with pane for that operation displays. For more information on operations, see the
version 2.3. In DefenseFlow Installation and User Guide.
versions earlier
than 2.4, it
displays in the
last column)
Starting with version 2.8.1, if you want a modification that affects an ongoing
protection to take effect immediately, you can make this modification from
Attack ID The ID of the detected attack as reported by the detection device.
Pending Action The pending action waiting for confirmation.
Values:
• Start—An attack was detected for the protected object. The user can confirm
activation of the configured actions.
• End—The attack was terminated. The user can confirm deactivation of the
active actions.

Table 400: Pending Actions View/Search Parameters (cont.)
Configured The configured action for the protected object.
Action
(This parameter
is only available
in versions prior
to 2.8.1)
Workflow Workflow associated with the protected object.
(This parameter Starting with version 2.8.1, to view and/or edit a workflow associated with a
is only available pending action, select the link in the Workflow column, and the Edit Workflow
version 2.7) DefenseFlow Installation and User Guide.
Criteria The criteria associated with the pending action.
(This parameter
is only available
starting with
version 2.7)
External Attack Link to the third-party detector management system that handles the external
URI attack associated with the pending action.
(This parameter
is only available
starting with
version 2.7)
External PO URI Link to the third-party detector management system that handles the external
(This parameter protected object associated with the pending action.
is only available
starting with
version 2.7)
To clear the filter and perform a new search, click Clear next to the (Search) button.
To confirm or ignore a pending action

1. In the Monitoring perspective, select Operation > Pending Actions.

The following parameters display:
— IP Address (starting with version 2.7; read-only)—The IP address of the attacked
destination as detected by the selected detection device.
— Configured Action (starting with version 2.7; read-only)—The configured action for the
protected object.
— Workflow (starting with version 2.7; read-only)—Workflow associated with the protected
object
— Action—Action to take on the pending action: Ignore, Confirm Start, Confirm End
— To ignore a pending action and remove it from the pending actions table, select Ignore.

— To confirm start of a pending action, for the Action, select Confirm Start. The Action
parameters display and can be modified:
• Attack Destination (this option is only available in versions earlier than 2.3)— Select
Activate Entire PO to protect the entire protected object or select Activate Specific
IP to protect a specific IP address or set of addresses within the protected object.
• Protected IP Address (in versions earlier than 2.3, Protected IP)—Starting with
version 2.3, select one of the following options:
• —Activate (in versions earlier than 2.4, Divert) Entire Networks—This activates
(in versions earlier than 2.4, diverts) the entire protected object.
• —Activate (in versions earlier than 2.4, Divert) Specific IP Address—This
activates (in versions earlier than 2.4, diverts) only a specified IP address, which
you change to any IP address or subnet as required.
Starting with version 2.3, this option displays the Attack Destination IP Address
parameter is the specific IP address attack target to be protected (this displays only if
you selected Activate Specific IP). This must be within the network classification of
the protected object.
In versions earlier than 2.3, this option (Protected IP) is the specific IP address attack
target to be protected (this displays only if you selected Activate Specific IP). This
must be within the network classification of the protected object.
• Attack Destination IP Address (starting with version 2.3)—The IP address of the
attack destination. This field only displays if the Activate Specific IP Address option is
selected.
• Operation—The operation to use for diversion and mitigation groups preferences.
Starting with version 2.3, select from the list of configured operations. The fields related
to the operation type display. In versions earlier than 2.3, only the Attack Bandwidth
and Ignore mitigation devices capacity units parameters are available.
• If the operation you selected is a Mitigation operation, the mitigation and BGP
parameters (starting in version 2.4) display:
Table 401: Mitigation Parameters
Attack In versions earlier than 2.3, the peak attack level to use as a basis for configuring
Bandwidth the DefensePro device if the information is missing from the detection signals.
Starting with version 2.3, specify the attack bandwidth (bits per second). You can
also specify units (for example, 100M). This is used for verifying that the
mitigation devices can handle the related attack bandwidth. This is also used to
set the DefensePro policy bandwidth if there is not any BDoS bandwidth ready
yet.
Use busy If checked, DefenseFlow uses the selected DefensePro devices regardless of their
mitigation monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity units)
BGP
Operation BGP The BGP community values to be sent to the diversion groups that should receive
Community them per the operation. Multiple communities can be configured separated by a
(In versions space.
earlier than 2.4, In addition, well-known communities can be also defined, including: NO_EXPORT,
BGP NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
Community.)

Table 401: Mitigation Parameters (cont.)
Use Protected Whether to add the protected object’s defined community in the announcement
Object to the blocking group.
Community When you select this parameter, the Protected Object Community parameter
(In versions displays.
earlier than 2.4,
Use
Community,
and displays
above the BGP
Community
parameter.)
Protected The protected object’s BGP community values to be sent to the diversion groups
Object BGP that should receive them per the operation. Multiple communities can be
Community configured separated by a space.
(This parameter In addition, well-known communities can be also defined, including: NO_EXPORT,
is only available NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
starting with
version 2.4)
(This parameter
displays only
when the Use
Protected
Object
Community
parameter is
selected.)
Advanced (This section is only available starting with version 2.8.1)
Minimum IPv4 The minimum IPv4 Advertised Subnet.
Advertised Default: 32
Subnet
(This parameter
is only available
starting with
version 2.8.1)
Minimum IPv6 The minimum IPv6 Advertised Subnet.
Subnet
(This parameter
is only available
starting with
version 2.8.1)
Override IPv4 Override the IPv4 Next Hop IP address.
Next Hop
(This field is
only available
starting with
version 2.10)

Table 401: Mitigation Parameters (cont.)
Next Hop
(This field is
only available
starting with
version 2.10)
Mitigation Route The route name for this mitigation. Select one of the routes that you defined for
Name mitigation devices. For more information on configuring routes, see the
(This field is DefenseFlow Installation and User Guide.
only available
starting with
version 2.10)
• If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic
Blocking) operation, the FlowSpec parameters display (for more information on
defining FlowSpec operations, see the DefenseFlow Installation and User Guide):
Table 402: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters
Destination The destination prefix to block as defined in the Flow rule.
Prefix Values:
• Attacked IP—The actual destination IP addresses are inherited from the
protected object’s networks or IP addresses under attack or manually
activated.
During an attack the destination prefix is populated with the actual
destination IP address of the attack.
• Entire Networks—The actual destination IP addresses are inherited from the
protected object that uses this rule for its various operations or manual
actions.
• Specific prefix—The Prefix to Block field displays, letting you define a set of
IP prefixes for the destination prefix.
Default: Attacked IP
Prefix to Block Defines one or more IPv4 destination prefixes, each IP prefix separated by a
(This field is space.
only available Values: IPv4 address in the format n1.n2.n3.n4/5
starting with Maximum number of networks: 100
version 2.4)
(This field
displays only if
you have
selected
Specific prefix
as the
Destination
Prefix.)
Source Prefix The source prefix to block as defined in the Flow rule.
During an attack the source prefix is populated with the actual source IP address
of the attack.

Table 402: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters (cont.)
Port The port to block as defined in the Flow rule.
Starting with version 3.2, for objects protected by DPaaD, during an attack the
port is populated with the actual source port of the attack.
Destination Port The destination port to block as defined in the Flow rule.
destination port is populated with the actual destination port of the attack.
Protocol The protocol to block as defined in the Flow rule.
During an attack the protocol is populated with the actual protocol of the attack.
Source Port The source port to block as defined in the Flow rule.
ICMP Type The ICMP type to block as defined in the Flow rule.
ICMP Code The ICMP code to block as defined in the Flow rule.
TCP Flag The TCP flag to block as defined in the Flow rule.
Starting with version 3.6, during an attack the TCP flag is populated with the
actual TCP flag of the attack.
Packet Length The packet length to block as defined in the Flow rule.
DSCP The DSCP to block as defined in the Flow rule.
Fragment The fragment to block as defined in the Flow rule.
fragment is populated with the actual fragment of the attack.
Note: DefenseFlow FlowSpec support is in accordance with RFC 5575. Ensure
that your router supports all fragmentation values to avoid the incorrect setup
of your router.
Redirect to VRF The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic.
(This field is Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you
only available have defined a route target. For more information, see the DefenseFlow
starting with Installation and User Guide.
version 2.4)
Redirect to Enables or disables redirection to the operation’s mitigation group. The next hop
Mitigation IP addresses are inherited from the mitigation group of the protected object that
(This field is uses this rule for its various operations or manual actions.
only available
starting with
version 2.4)
Block Enables or disables traffic blocking (drop all matching packets).
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)

Rate Limit The rate limit in MB/s or GB/s.
(This parameter Values:
is only available • Example for MB/s: 103M
starting with
version 2.4. In • Example for GB/s: 1G
version 2.3, this
was an Action
option.)
Set DSCP Defines how to update the DSCP header of the matching packets.
(This parameter Values: 0–63
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Action The FlowSpec action to perform.
(This parameter Available actions:
is only available • Block—Drop all matching packets.
in version 2.3.
Starting with • Rate Limit—Drop all matching packets above this rate (see the Rate
version 2.4, the parameter in this table).
options are now • Set DSCP—Update the DSCP header of the matching packets.
separate
parameters.)
Rate This field displays when you select the Action as Rate Limit. Set the rate limit to
(This parameter block in bytes per second.
is only available
in version 2.3.)
— To confirm ending a protection, for the Action, select Confirm End. Do this if after you
have started an action with Confirm Start by clicking Submit and the exit criteria for the
action has been met (usually after an attack has ended). A confirmation message displays.
Click OK to confirm.
4. Click Submit.
Mitigation Devices
The Mitigation Devices pane lets you monitor the status of mitigation devices.
To monitor mitigation devices

1. In the Monitoring perspective, select Operation > Mitigation Devices.
2. Highlight the mitigation device or search for the mitigation device by typing a string in one of the
mitigation device search fields and clicking the (Search) button:

Table 403: Mitigation Devices View/Search Parameters
Name The name of the mitigation device.
Starting with version 2.7, to view and/or edit a mitigation device, select the link
in the Name column, and the Edit Mitigation Device pane for that mitigation
device displays. For more information on mitigation devices, see the DefenseFlow
Installation and User Guide.
Note: Any modification you make is deployed immediately on the mitigation
device.
Instance For DefensePro version 7.x mitigation devices, the DefensePro internal hardware
(This parameter instance that handles BDoS attacks in the DME when there are more than 32 such
is only available attacks.
starting with Values: 0, 1
version 2.9
through version
3.0)
Operational The operational status of the mitigation device.
Status
CPU Utilization Percent of the CPU utilization of the mitigation device.
BW Utilization Percent of the bandwidth utilization of the mitigation device.
(Gbps) Value: percentage_utilized (bandwidth_utilized/total_bandwidth)
Example
5.0% (3.00/60.00)
In this example, 5.0% of the total bandwidth (60.00 Gbps) is utilized (3.00
Gbps).
Policies Percent of the policies table utilization of the mitigation device.
Utilization
Filter List Percent of the filter list utilization of the mitigation device.
Utilization
(This parameter
is only available
starting with
version 2.8.1)
Managed Whether the mitigation device is managed.
(This parameter Values: true, false
is only available
starting with
version 2.4.1)
Update Time Last monitored update time.
Last Error The last device access error that was issued.
(This parameter
is only available
starting with
Examples
version 2.4.1)
A Authentication error
B Unable to connect to the mitigation device

Table 403: Mitigation Devices View/Search Parameters (cont.)
Geo Feed Status Geolocation Feed status:
(This parameter • Active—The Geolocation Feed on the DefensePro mitigation device is active.
is only available • Inactive—The Geolocation Feed on the DefensePro mitigation device is
starting with inactive.
version 3.7)
Default: Active
Protected Objects
The Protected Objects pane lets you monitor protected objects and manually activate them.
To monitor protected objects

1. In the Monitoring perspective, select Operation > Protected Objects.
2. Highlight the protected object or search for the protected object by typing a string in one of the
protected object search fields and clicking the (Search) button:
Table 404: Protected Object View/Search Parameters
Name The name of the protected object.
Starting with version 2.7, to view and/or edit a protected object, select the link in
the Name column, and the Edit Protected Object pane for that protected object
displays. For more information on protected objects, see the DefenseFlow
Installation and User Guide.
Detection The detection status of the protected object.
Status Values:
• Learning—DefenseFlow learns protected object baselines.
• Normal—No attack is currently detected for the protected object.
• Attacked—The protected object is under attack.
Action Status The action status of the protected object.
Values:
• Active—The configured actions are active. This means that the action
specified for the protected object is now enabled. The action can be enabled
automatically or manually.
• Not Active—The configured actions are currently not active.

Table 404: Protected Object View/Search Parameters (cont.)
Mitigation The list of mitigation devices that are currently performing mitigation for the
Device/ protected object.
Mitigation Group
(This parameter
is only available
in version 2.1)
Action Mode The action mode configured for the protected object.
is only available • Automatic—Configured actions are automatically activated upon detection of
in versions an attack.
earlier than 2.7.
Starting with • Manual—Configured actions can only be activated manually.
version 2.7, it is • User confirmation—The user is prompted to confirm activation of the
now configured configured actions upon attack.
as one of the
Workflow Rules
parameters.)
Pending Action The pending action waiting for confirmation for a protected object that is in User
Confirmation mode.
Values:
• Activate—An attack was detected for the protected object. The user can
confirm activation of the configured actions.
• Deactivate—The attack was terminated. The user can confirm deactivation of
the active actions.
Configured The configured action for the protected object.
Action
(This parameter
is only available
for versions
earlier than 2.3)
Protected A list of currently activated destinations for the protected object.
Destination
(This parameter
is only available
in version 2.2)
Workflow Workflow associated with the protected object.
(This parameter Starting with version 2.7, to view and/or edit a workflow associated with a
is only available protected object, select the link in the Workflow column, and the Edit Workflow
starting with pane for that workflow displays. For more information on workflows, see the
Criteria The configured criteria for the protected object.
(This parameter
is only available
in version 2.7)

To activate a protected object

1. In the Monitoring perspective, select Operation > Protected Objects.
2. Starting with version 2.2, click the (Edit) button.

— To activate the configured action on a protected object (Manual mode), for the Action
select Activate.
Performing this action on a protected object that is not in Manual mode changes the
protected object’s configuration to Manual.
Do one of the following:
• In version 2.9 and later, do the following:
a. Select one of the following:
• Activate Entire Networks, to protect the entire protected object.
• Activate Specific IP, to protect a specific IP address or set of addresses within
the protected object. In the Protected IP(s) text field, specify the specific IP
address attack targets. They must be within the network classification of the
protected object. Maximum number of protected IP addresses:
• Prior to DefenseFlow version 3.6, 64 for all versions of DefensePro mitigation
devices
• Starting with DefenseFlow version 3.6, for DefensePro mitigation devices
versions 6.x and 7.x, 64, and for DefensePro mitigation devices versions 8.x,
1024
b. If you want to configure an individual operation, select Advanced and edit the
Advanced parameters as described in step 4.
• In versions 2.2 through 2.8.1, do the following:
a. Configure the activation parameters:
• Attack Destination— Select Activate Entire Networks (in versions earlier
than 2.3, Activate Entire POs) to protect the entire protected object, or select
Activate Specific IP to protect a specific IP address or set of addresses within
the protected object.
• Protected IP—The specific IP address attack target to be protected (this
displays only if you selected Activate Specific IP). This must be within the
network classification of the protected object.
• Operation—The operation to use for diversion and mitigation groups
preferences. Starting with version 2.3, select from the list of configured
operations. The fields related to the operation type display. In versions earlier
than 2.3, only the Attack Bandwidth and Ignore mitigation devices
capacity units parameters are available.
b. Configure the Mitigation or FlowSpec parameters, as required (see Table 405 -
Advanced (in versions earlier than 2.9, Mitigation) Parameters, page 525 and Table
406 - FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters, page 528,
respectively).
— To deactivate a protected object (in version 2.1, for a protected object that is in Manual
mode), for the Action, select Deactivate.
In version 2.1, performing this action on a protected object that is not in Manual mode
changes the protected object’s configuration to Manual.
Starting with version 2.2, delete all the entries that should be deactivated from the list of
activated destinations.
— In version 2.1, to confirm the pending action for a protected object in User Confirmation
mode that has a Pending Action, click Confirm.

— In versions 2.2 through 2.8.1, to cancel all active protections and move the protected object
to Manual mode in one operation, for the Action, select Cancel all protection and move
to manual protection.
4. Configure the activation parameters, as required:
— Starting with version 2.9, the activation parameters display only if you have selected
Advanced (see step 3).
— In versions earlier than 2.9, if you selected the Activate Action, activation parameters
display.
Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters
Operation The operation to use for diversion and mitigation groups preferences. Starting
(In versions with version 2.3, select from the list of configured operations. The fields related to
earlier than 2.9, the operation type display. In versions earlier than 2.3, only the Attack
this parameter Bandwidth and Ignore mitigation devices capacity units parameters are
is required and available.
displays with
the Action and
the Attack
Destination
options.)
Attack Source This displays only if you selected a Mitigation operation. This is the specific IP
IP address attack target to be protected. This must be within the network
classification of the protected object.
The operation to use for diversion and mitigation groups preferences. Starting
with version 2.3, select from the list of configured operations. The fields related to
the operation type display. In versions earlier than 2.3, only the Attack
Bandwidth and Ignore mitigation devices capacity units parameters are
available.
Attack In versions earlier than 2.3, the peak attack level to use as a basis for configuring
Bandwidth the DefensePro device if the information is missing from the detection signals.
Starting with version 2.3, specify the attack bandwidth (bits per second) (this
displays only if you selected a Mitigation operation). You can also specify units
(for example, 100M). This is used for verifying that the mitigation devices can
handle the related attack bandwidth. This is also used to set the DefensePro
policy bandwidth if there is not any BDoS bandwidth ready yet.
Use busy This displays only if you selected a Mitigation operation. If selected, DefenseFlow
mitigation uses the selected DefensePro devices regardless of their monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity units)
BGP Communities
Operation BGP The BGP community values to be sent to the diversion groups that should receive
Community them per the operation. Multiple communities can be configured separated by a
(In versions space.
earlier than 2.4, In addition, well-known communities can be also defined, including: NO_EXPORT,
BGP NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
Community.)

Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)
Use Protected Whether to add the protected object’s defined community in the announcement
Object to the blocking group.
Community When you select this parameter, the Protected Object Community parameter
(In versions displays.
earlier than 2.4,
Use
Community,
and displays
above the BGP
Community
parameter.)
Protected The protected object’s BGP community values to be sent to the diversion groups
Object BGP that should receive them per the operation. Multiple communities can be
Community configured separated by a space.
(This parameter In addition, well-known communities can be also defined, including: NO_EXPORT,
is only available NO_ADVERTISE, NO_EXPORT_SUBCONFED, NOPEER
starting with
version 2.4)
(This parameter
displays only
when the Use
Protected
Object
Community
parameter is
selected.)
Advanced (In version 2.9, this section is no longer referred to as Advanced.)
Starting with version 2.7, the following parameters let you advertise BGP announcements following
a predefined operation prefix size. This is useful for an advertisement over the WAN or any other
network where the router restricts the advertisement for certain classes.
For example, if DefenseFlow receives an attack alert for IP address 204.1.1.3/32 and the network
allows only an advertisement of /24 or lower, you can set the DefenseFlow prefix size to 24.
Minimum IPv4 Minimum IPv4 advertised BGP announcement subnet.
Subnet
Minimum IPv6 Minimum IPv6 advertised BGP announcement subnet.
Subnet
Next Hop
(This field is
only available
starting with
version 2.10)
Next Hop
(This field is
only available
starting with
version 2.10)

Table 405: Advanced (in versions earlier than 2.9, Mitigation) Parameters (cont.)
Mitigation Route The route name for this mitigation. Select one of the routes that you defined for
Name mitigation devices. For more information on configuring routes, see the
(This field is DefenseFlow Installation and User Guide.
only available
starting with
version 2.10)
— If the operation you selected is a FlowSpec (in versions earlier than 2.4, Traffic Blocking)
operation, the FlowSpec parameters display (for more information on defining FlowSpec
operations, and starting with version 2.4, for mitigation with BGP FlowSpec rules, see the
DefenseFlow Installation and User Guide):

Table 406: FlowSpec (in versions earlier than 2.4, Traffic Blocking) Parameters
Flow Rules
(Starting in version 2.4, the FlowSpec rules display only if you have selected a BGP FlowSpec
operation to activate the protected object).
Destination The destination prefix to block as defined in the Flow rule.
Prefix Values:
• Attacked IP—The actual destination IP addresses are inherited from the
protected object’s networks or IP addresses under attack or manually
activated.
• Entire Networks—The actual destination IP addresses are inherited from the
protected object that uses this rule for its various operations or manual
actions.
• Specific prefix—The Prefix to Block field displays, letting you define a set of
IP prefixes for the destination prefix.
Default: Attacked IP
Prefix to Block Defines one or more IP destination prefixes, each IP prefix separated by a space.
(This field is Values: IP address
only available Maximum number of networks: 100
starting with
version 2.4)
(This field
displays only if
you have
selected
Specific prefix
as the
Destination
Prefix.)
Source Prefix The source prefix to block as defined in the Flow rule.
Port The port to block as defined in the Flow rule.
Destination Port The destination port to block as defined in the Flow rule.
Protocol The protocol to block as defined in the Flow rule.
Source Port The source port to block as defined in the Flow rule.
ICMP Type The ICMP type to block as defined in the Flow rule.
ICMP Code The ICMP code to block as defined in the Flow rule.
TCP Flag The TCP flag to block as defined in the Flow rule.
Packet Length The packet length to block as defined in the Flow rule.
DSCP The DSCP to block as defined in the Flow rule.
Fragment The fragment to block as defined in the Flow rule.
Redirect to VRF The route tag (VPN in versions earlier than 2.8.1) to which to redirect traffic.
(This parameter Select from a list of route tags (VPNs in versions earlier than 2.8.1) for which you
is only available have defined a route target. For more information, see the DefenseFlow
version 2.4)

Redirect to Enables or disables redirection to the operation’s mitigation group. The next hop
Mitigation IP addresses are inherited from the mitigation group of the protected object that
(This parameter uses this rule for its various operations or manual actions.
is only available
starting with
version 2.4)
Block Enables or disables traffic blocking (drop all matching packets).
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Rate Limit The rate limit in MB/s or GB/s.
is only available • Example for MB/s: 103M
starting with
version 2.4. In • Example for GB/s: 1G
version 2.3, this
was an Action
option.)
Set DSCP Defines how to update the DSCP header of the matching packets.
(This parameter
is only available
starting with
version 2.4. In
version 2.3, this
was an Action
option.)
Action The FlowSpec action to perform.
(This parameter Available actions:
is only available • Block—Drop all matching packets.
in version 2.3.
Starting with • Rate Limit—Drop all matching packets above this rate (see the Rate
version 2.4, the parameter in this table).
options are now • Set DSCP—Update the DSCP header of the matching packets.
separate
parameters.)
Rate This field displays when you select the Action as Rate Limit. Set the rate limit to
(This parameter block in bytes per second.
is only available
in version 2.3.)

Use busy If checked, DefenseFlow uses the selected DefensePro devices regardless of their
mitigation monitored capacity.
devices
(In versions
earlier than 2.3,
Ignore
mitigation
devices
capacity
units.)
5. In version 2.1, a confirmation message displays; click Yes to perform the action. In version 2.2,
click Submit.
Ongoing Protections
The Ongoing Protections pane lets you monitor the status of currently active protections.
To monitor ongoing protections

1. In the Monitoring perspective, select Operation > Ongoing Protections.
2. Select the ongoing protection to edit and by typing a string in one of the ongoing protection
search fields and clicking the (Search) button.
Table 407: Ongoing Protections View/Search Parameters
Note: In version 2.8.1, the placement of many of the parameters was shifted. This table reflects
the order of the parameters in version 2.8.1.
ID The ID of the protected object.
(This parameter
is only available
in version 2.8.1)
Protected The name of the protected object.
Object Starting with version 2.7, to view and/or edit a protected object associated with
(In versions an ongoing protection, select the link in the Name column, and the Edit Protected
earlier than Object pane for that protected object displays. For more information on protected
2.4.1, this objects, see the DefenseFlow Installation and User Guide.
parameter is
named Name.
From version
2.4.1 through
version 2.7, this Starting with version 2.8.1, if you want a modification that affects an ongoing
parameter is protection to take effect immediately, you can make this modification from
named PO Operation > Ongoing Protections > Edit Protection. For more information,
Name.) see To edit ongoing protections, page 534.

Table 407: Ongoing Protections View/Search Parameters (cont.)
IP Address The Destination IP address that was activated.
(This parameter
does not display
in version 2.8.1)
In versions
earlier than 2.7,
PO Name and
IP Address are
in the same
column, In
versions earlier
than 2.3, the IP
Address
parameter
displays after
the Origin
parameter.)
Networks The destination networks that were activated.
(This parameter
is only available
starting with
version 2.8.1.
In version
2.8.1, it was
named
Network.)
Operation The operation used for the protection.
(In versions Starting with version 2.7, to view and/or edit an operation associated with an
earlier than 2.3, ongoing protection, select the link in the Operation column, and the Edit
this is named Operation pane for that operation displays. For more information on operations,
the Strategy see the DefenseFlow Installation and User Guide.
parameter)
Policy Name The policy name for this protection activation.
(This parameter
is only available
starting with
version 2.4.1)

Activated Black Black list associated with the protection activation.
List
(This parameter
is only available
from version 2.7
through 2.8.1.
In version 2.7 it
is named Black
List.)
Activated White White list associated with the protection activation.
List
(This parameter
is only available
from version 2.7
through 2.8.1.
In version 2.7 it
is named White
List.)
Origin Origin of the detection for this protection activation.
Workflow The configured workflow for the protection activation.
(This parameter
is only available
starting with
version 2.7)
Criteria The configured criteria for the protection activation.
(This parameter
is only available
starting with
version 2.7)
Mitigation The list of mitigation devices that are currently performing mitigation for this
Devices, protection, and (starting with version 2.9) the DefensePro 7.x instance.
Instance
(In versions
earlier than 2.6
and starting
with version
2.4.1, this is
named the
Mitigation
Device
parameter. In
versions earlier
than 2.4.1, this
is named the
Mitigation
Device/
Mitigation
Group
parameter)

Mitigation The mitigation status for this protection.
Status A BGP announcement is not sent if the mitigation status is not SUCCESS.
(This parameter Values: RUNNING, SUCCESS, FAILED
is only available
starting with
version 2.4.1)
Signature The protected object’s signature source IP addresses.
Source IP
Addresses
(This parameter
is only available
starting with
version 2.8.1)
Network The network elements for the protection.
Elements In versions 2.3 and 2.4, the diversion and blocking network elements for the
(In versions 2.3 protection. In versions earlier than 2.3, the diversion group for this protection.
and 2.4, this is
named the
Diversion
Blocking/
Network
Elements
parameter. In
versions earlier
than 2.3, this is
named the
Diversion
Group
parameter)
Attack ID Attack ID as received from the detection origin.
Start Time The time that the protection has started.
Configured Type The configured operation type (in versions earlier than 2.3, the action) for the
(This parameter protected object.
does not display
in version 2.8.1)
(In versions
earlier than 2.3,
this is named
the Configured
Action
parameter)
External Attack Link to the third-party detector management system that handles the external
URI attack associated with the ongoing protection.
(This parameter
is only available
starting with
version 2.7)

External PO URI Link to the third-party detector management system that handles the external
(This parameter protected object associated with the ongoing protection.
is only available
starting with
version 2.7)
To edit ongoing protections

This feature is only available starting with version 2.8.1.
2. Select the ongoing protection to edit and click the (Edit) button.
Table 408: Ongoing Protections Edit Parameters
ID (read-only) The ID of the protected object.
Protected (read-only) The name of the protected object.
Object
Operation (read-only) The operation used for the protection.
Networks Tab The networks to be activated in the mitigation group (scrubbing center
(This tab is only DefensePro devices):
available • Protected Networks Policy—The networks that are diverted to the scrubbing
starting with center (mitigation group).
version 2.9) You can resize the text box as required by dragging the icon at the bottom
right-hand corner of the scroll bar.
• Diverted Networks (read-only)—The diversion networks for this ongoing
protection.
• Clean Traffic Injection Networks (read-only)—The injection networks from the
scrubbing center going to the protected object.
Policy Tab The policy text for this protection activation.
You can resize the text box as required by dragging the icon at the bottom right-
hand corner of the scroll bar.
Filters Tab Filter lists associated with this ongoing protection:
• Blacklist—Select a black list to associate with the protection activation.
• Whitelist—Select a white list to associate with the protection activation.

Table 408: Ongoing Protections Edit Parameters (cont.)
Advanced Filters Black list and white list IP addresses associated with this ongoing protection:
Tab • Blacklist Addresses—Add, delete, modify individual IP addresses in the
associated black list.
• Auto-generated Blacklist Addresses—These addresses are automatically
generated upon detection of an attacker’s source address.
• Whitelist Addresses—Add, delete, modify individual IP addresses in the
associated white list.
You can resize the text boxes as required by dragging the icon at the bottom
right-hand corner of the text box scroll bar.
Maximum number of characters: 50,000,000
To terminate an ongoing protection

2. To terminate an ongoing protection, click the (Edit) button.

The following parameters display:
— Operation (starting with version 2.7; read-only)—The operation used by the ongoing
protection.
— Workflow (starting with version 2.7; read-only)—Workflow associated with the ongoing
protection.
3. At the prompt Do you want to terminate the activation?, click Yes to terminate the ongoing
protection, or No not to terminate the ongoing protection.
4. Click Submit.
BGP
The BGP pane lets you monitor the status of BGP peers and announcements.
These include:
• Peers, page 535
• Announcements, page 537
• FlowSpecs, page 538
Peers
The Peers pane lets you monitor the status of BGP peers.
To monitor the status of BGP peers

1. In the Monitoring perspective, select Operation > BGP > Peers.
2. Highlight the BGP peer or search for the BGP peer by typing a string in one of the BGP peer
search fields and clicking the (Search) button:

Table 409: BGP Peers View/Search Parameters
Peer Name The name of the network element.
Starting with version 2.7, to view and/or edit a BGP peer, select the link in the
Peer Name column, and the Edit Network Element pane for that peer displays.
For more information on network elements, see the DefenseFlow Installation and
User Guide.
IP Address The IP address of the BGP peer.
Peering State Peering state of the BGP peer.
Values:
• ACTIVE (in versions earlier than 2.9, Down)—The router did not receive
agreement for peer establishment.
• ESTABLISHED (in versions earlier than 2.9, Up)—Peering is established and
routing begins.
Last The last connectivity time of the BGP peer.
Connectivity
Time
Local Router ID The DefenseFlow BGP peer ID.
(In versions The local peer ID in an HA installation is the IPv4 address of the HA Node control
earlier than 2.6, interface.
this is named
the ID
parameter)
Local IP Address The local IP address of the DefenseFlow device used to communicate with the
(This parameter BGP peer. This is the control interface IP address.
is only available In a High Availability (HA) installation, you can use this to distinguish between the
starting with connections opened by the Active and the Standby HA nodes. As a result, in such
version 2.5 and an installation there are two node entries per single network element. For more
was named information, see the DefenseFlow Installation and User Guide.
Local Node IP) The local IP address in an HA installation is the IPv4 address of the HA Node
control interface.
Local AS The local Autonomous System number.
Peer AS The peer Autonomous System number.
Announcements Number of BGP active announcements.
Withdrawals Number of withdrawals.
BGP FlowSpec The Flow Specification state of the BGP peer.
State
(This parameter
is only available
starting with
version 2.3)

Announcements
The Announcements pane lets you monitor the status of currently active BGP announcements.
Note: In a High Availability (HA) installation, per announcement, there are two entries representing
the two HA nodes.
To monitor the status of BGP announcements

1. In the Monitoring perspective, select Operation > BGP > Announcements.
2. Highlight the BGP announcement or search for the BGP announcement by typing a string in one
of the BGP announcement search fields and clicking the (Search) button:
Table 410: BGP Announcements View/Search Parameters
Protected The name of the protected object for which that the announcement was sent.
Object Starting with version 2.7, to view and/or edit a protected object associated with a
BGP announcement, select the link in the Name column, and the Edit Protected
Object pane for that protected object displays. For more information on protected
objects, see the DefenseFlow Installation and User Guide.
Operation The operation of the protected object for which that the announcement was sent.
(This parameter Starting with version 2.7, to view and/or edit an operation associated with a BGP
is only available announcement, select the link in the Operation column, and the Edit Operation
Local IP Address The local IP address of the protected object for which that the announcement was
(This parameter sent.
is only available
starting with
version 2.6)

Table 410: BGP Announcements View/Search Parameters (cont.)
Peer Name The name of network element to which the announcement was sent.
Starting with version 2.7, to view and/or edit a BGP peer associated with a BGP
announcement, select the link in the Peer Name column, and the Edit Network
Element pane for that network element displays. For more information on
network elements, see the DefenseFlow Installation and User Guide.
Peer IP Address The IP address of the DefenseFlow BGP peer.
Network The destination network of the BGP announcement.
Next Hop The next hop address used for the BGP announcement.
Type The type of announcement.
(This parameter
is only available
in versions
earlier than 2.6)
Communities The BGP communities in the announcement.
(In versions
earlier than 2.3,
this is named
the
Community
parameter)
Status The status of the announcement.
Time The time the announcement was sent.
FlowSpecs
The FlowSpecs pane lets you monitor the status of currently advertised FlowSpec rules.
Starting with version 2.6, you can edit the advertised FlowSpec rules “on-the-fly” in real-time. When
you edit a rule on-the-fly, DefenseFlow withdraws the ongoing rule and advertises the new modified
rule. This on-the-fly modification is one-time and does not affect the regular configuration of the
ongoing rule.
To monitor the status of FlowSpec rules and (starting with version 2.6) edit them
1. In the Monitoring perspective, select Operation > BGP > FlowSpecs.
2. Highlight the FlowSpec announcement or search for the FlowSpec announcement by typing a
string in one of the FlowSpec announcement search fields and clicking the (Search)
button:
3. To edit the FlowSpec rule, click the (Edit) button, and click Submit:

Table 411: FlowSpec View/Search and Edit Parameters
ID (Starting with version 2.6, in the Edit pane, read-only) The ID to block as defined
(This parameter in the FlowSpec rule.
is only available
starting with
version 2.6)
Protected (Starting with version 2.6, in the Edit pane, read-only) The protected object to
Object block as defined in the FlowSpec rule.
(This parameter Starting with version 2.7, to view and/or edit a protected object associated with a
is only available FlowSpec rule, select the link in the Name column, and the Edit Protected Object
starting with pane for that protected object displays. For more information on protected
version 2.6) objects, see the DefenseFlow Installation and User Guide.
Operation (Starting with version 2.6, in the Edit pane, read-only) The operation to block as
(This parameter defined in the FlowSpec rule.
is only available Starting with version 2.7, to view and/or edit an operation associated with a
starting with FlowSpec rule, select the link in the Operation column, and the Edit Operation
version 2.6) pane for that operation displays. For more information on operations, see the
DefenseFlow Installation and User Guide.
Activated Rule The activated rule name to block as defined in the FlowSpec rule.
Name Starting with version 2.7, to view and/or edit a FlowSpec rule, select the link in
(This parameter the Activated Rule Name column, and the Edit GP FlowSpec pane for that rule
is only available displays. For more information on BGP FlowSpec rules, see the DefenseFlow
version 2.6)

Table 411: FlowSpec View/Search and Edit Parameters (cont.)
Peer IP Address The IP address to block as defined in the FlowSpec rule.
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Community (Starting with version 2.6, in the Edit pane, read-only) The community to block as
is only available
starting with
version 2.4)
Destination (Starting with version 2.6, in the Edit pane, read-only) The destination prefix to
block as defined in the FlowSpec rule.
Source The source prefix to block as defined in the FlowSpec rule.
Port The port to block as defined in the FlowSpec rule.
Destination Port The destination port to block as defined in the FlowSpec rule.
Source Port The source port to block as defined in the FlowSpec rule.
Protocol The protocol to block as defined in the FlowSpec rule.
ICMP Type The ICMP type to block as defined in the FlowSpec rule.
ICMP Code The ICMP code to block as defined in the FlowSpec rule.
TCP Flag The TCP flag to block as defined in the FlowSpec rule.
Packet Length The packet length to block as defined in the FlowSpec rule.
DSCP The DSCP to block as defined in the FlowSpec rule.
Fragment The fragment to block as defined in the FlowSpec rule.
Route Tag Name The name of the route tag (VPN prior to version 2.8.1) to which to redirect as
is only available
starting with
version 2.4. In
versions 2.6 and
2.7, it is named
VPN Name.
Before version
2.6, it is named
Redirect VPN.)

Route Tag Route The route tag route (VPN prior to version 2.8.1) to which to redirect as defined in
(This parameter the FlowSpec rule.
is only available
starting with
version 2.6. In
versions 2.6 and
2.7, it is named
VPN Route.))
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Redirect The mitigation redirection status (enabled or disabled) for the FlowSpec rule.
Mitigation
Enabled
(This parameter
is only available
starting with
version 2.4.
Before version
2.6, it is named
Redirect
Mitigation.)
Redirect The device to which to redirect for mitigation as defined in the FlowSpec rule.
Mitigation
NextHop
(This parameter
is only available
starting with
version 2.6)
(Starting with
version 2.6, this
parameter is not
available in the
in the Edit
pane)
Block The blocking status (enabled or disabled) for the FlowSpec rule.
(This parameter
is only available
starting with
version 2.4)
Action The FlowSpec action to perform as defined in the Flow rule.
(This parameter
is only available
in versions
earlier than 2.3)

Rate Limit The rate limit to block as defined in the Flow rule.
(bytes per
second)
(In versions
earlier than 2.9,
it is named
Rate Limit)
Set DSCP The update setting for DSCP header in the FlowSpec rule.
(This parameter
is only available
starting with
version 2.4)
System
The System pane lets you view system information and utilization statistics.
These include:
• General Information, page 542
• System Utilization, page 543
• Background Processes, page 544
• High Availability, page 544
General Information
The General Information pane lets you view DefenseFlow general system information.
To view DefenseFlow general information

> In the Monitoring perspective, select System > General Information.
Table 412: General Information Parameters
Uptime Time since the last reboot of the system in the format hh:mm:ss (hours:
minutes, seconds).
Software Currently installed DefenseFlow software version.
Version
Build Currently installed DefenseFlow software build.

System Utilization
The System Utilization pane lets you view the current DefenseFlow utilization statistics and set alert
levels.
To view DefenseFlow general information and set alert levels

> In the Monitoring perspective, select System > System Utilization.
Table 413: System Utilization Parameters Starting with Version 3.4
CPU Utilization Set the CPU utilization percentage for which an alert is issued.
If the CPU utilization on any of the containers monitored by DefenseFlow reaches
this percentage, an alert is issued.
Memory Alert Set the memory utilization percentage for which an alert is issued.
Level If the memory utilization on any of the containers monitored by DefenseFlow
reaches this percentage, an alert is issued.
Disk Alert Level Set the disk utilization percentage for which an alert is issued.
If the disk utilization on any of the containers monitored by DefenseFlow reaches
this percentage, an alert is issued.
Container System Utilization Statistics
Container Name Name of the container monitored by DefenseFlow.
CPU Utilization Percentage of CPU currently being utilized by the container.
Memory Percentage of memory currently being utilized by the container.
Utilization
Disk Space Percentage of disk space currently being utilized by the container.
Utilization
Update Time Last monitored update time.
Table 414: System Utilization Parameters Earlier than Version 3.4
CPU Utilization Percent of CPU currently being utilized.
Alert Level Set the CPU utilization percentage for which an alert is issued.
Memory Utilization
Memory Memory percentage currently being utilized.
Utilization
Free Amount of free memory in kilobytes.
Total Total memory in kilobytes
Alert Level Set the memory utilization percentage for which an alert is issued.

Background Processes
The Background Process pane lets you view the status of background processes running in
DefenseFlow to determine if an unsynchronized task is completed or still running.
To view the status DefenseFlow background processes

1. In the Monitoring perspective, select System > Background Processes.
2. Highlight the background process or search for the background process by typing a string in one
of the background process search fields and clicking the (Search) button:
Table 415: Background Processes Parameters
Description Description of the background process.
Status Status of the background process.
Update Time Date and time of the status update for the background process.
Error Message Error message related to the status update.
High Availability
The High Availability pane lets you monitor the status of High Availability nodes.
APSolute Vision supports high availability for a DefenseFlow-instance pair that is associated with the
APSolute Vision server, by allowing a seamless automatic failover from the active DefenseFlow
instance to the stand-by instance.
All APSolute Vision DefenseFlow functionality relates to the active instance only.
Upon a DefenseFlow failover, APSolute Vision will maintain all data of the failed DefenseFlow
instance to avoid any data loss or discrepancies due to the failover.
The signaling between the DefenseFlow instances and APSolute Vision is done through the
defenseflow system user, by default.
Notes
• The default password of the defenseflow system user is defenseflow. For more information,
see Role-Based Access Control (RBAC), page 85.
• For communication between a DefenseFlow instance version 2.5 or later and APSolute Vision,
the user and password must match on both sides.
To monitor the status of High Availability nodes

1. In the Monitoring perspective, select System > High Availability.
2. Highlight the High Availability node or search for the High Availability node by typing a string in
one of the High Availability search fields and clicking the (Search) button:

Table 416: High Availability View/Search Parameters
DefenseFlow The IP address of the node.
Node IP Address
Node Role The role of the node.
Values: ACTIVE, STANDBY, STANDALONE
Operational The operational status.
Status Values: up, down
Automatic The automatic failover state.
Failover Values: ENABLED, DISABLED
Attack Mitigation Operation Dashboard

The Attack Mitigation Operation dashboard graphically displays all the ongoing attacks and their
associated protections, and displays a log of all the history attacks.
To view and modify attack mitigation operations from the Attack Mitigation Operation
dashboard
1. To access the Attack Mitigation Operation dashboard, do one of the following:
— Starting with version 3.2, from the Apps Launcher on the APSolute Vision toolbar, select
DefenseFlow Operation.
— In versions earlier than 3.2, from APSolute Vision,
a. In the Monitoring perspective, select Operation > Attack Mitigation Operations.
b. To open the Attack Mitigation Operation dashboard, click Click here to access Attack
Mitigation Operations. A separate browser page opens with the DefenseFlow login
prompt.
— To directly access the DefenseFlow dashboard, go to the following URL: https://
DefenseFlow-IP/login
2. In versions earlier than 3.3, at the DefenseFlow login prompt, log in to the DefenseFlow device
using the DefenseFlow username and password. The Attack Mitigation Operation dashboard
displays all the ongoing attacks and their associated protections, and displays a log of all the
history attacks.

Notes In versions earlier than 3.3

— To return to the main DefenseFlow UI in APSolute Vision, switch to that browser page.
— To log out from the Attack Mitigation Operation dashboard, at the top-right in the title bar,
click the username icon, then click Logout.
— If you do not log out of the Attack Mitigation Operation dashboard and you close the browser
page, you will still be logged into the dashboard. The login session times out after one hour.
3. By default, the attack table is sorted in the following order:
— Unprotected attacks sorted by volume bytes per second (BPS) in descending order
— Protected attacks sorted by volume bytes per second (BPS) in descending order
— Historical attacks sorted by attack end-time in descending order
Historical attack data is saved. You can delete an historical attack record after the attack has
ended by highlighting the attack and clicking .
Note: Up to 3000 historical attacks are saved for three months. Any attacks older than
three months are deleted. Any attacks beyond the 3000 attacks limit are deleted, starting
with the oldest attack.
— You can sort the attack table by any of the columns in the table in ascending or descending
order by clicking on the relevant column header.
— You can search for records in the Search field above the Attack Mitigation Operations table
based on strings in the Attack ID, PO Name, Source Network, Destination Network,
Protocol, Attack Start, and Attack End parameters.
Begin the search by entering characters, one at a time, until you find the records that
include the string you entered. If no records include the string you entered, the table will
display with no records.
— You can start protections for all unprotected attacks by clicking the Protect All button at the
top right corner of the Attack Mitigation Operation dashboard pane.
—

4. Highlight the attack and review and/or set the attack operation parameters as required:
Table 417: Attack Operations Parameters
Overall Attack A colored indicator to the left of the Attack ID that indicates the overall attack
Operation operation status. It is related to the protection Status, as described here and as
Status described later in this table.
Overall Status Indicators:
• Red—Displays under one the following conditions:
— The status icon is (Protection is not activated), where none of the

protections are activated.
— The status icon is (Protection is activated on some of the networks),

where only some of the protections are activated.
— The status icon is (Protection activation has failed), where the

protection was not activated.
• Green—Displays under of the following conditions:
— The status icon is (Protection activated successfully), where all the

protections have been activated automatically but the attack has not yet
ended.
• Orange—Displays under one of the following conditions:
— The status icon is (Protection activated successfully), where all the

protections have been activated manually, but no attack has been
detected.
— This status icon is (In progress), where the protections are either
being activated or deactivated.
— The status icon is (Attack has terminated), where the unprotected

attack has terminated.
• Gray—Displays under one of the following conditions:
— The status icon is (Protection has terminated), where all protections

have been activated automatically and the attack has ended.
Attack ID The unique attack ID for the attack operation. This ID remains with the attack
record for the record’s entire lifetime. This attack ID is internal to DefenseFlow
and not related to any external IDs associated with the attack.
PO Name The protected object associated with the attack.

Table 417: Attack Operations Parameters (cont.)
Source Network The attack operation geolocation represented by the geolocation flag (starting
with version 3.7), and the source network IP addresses and ranges (CIDRs).
Up to three CIDRs are displayed. If there are more than three CIDRs for an
attack, the total number of CIDRs is displayed within parentheses (round
brackets).
To view the list of source CIDRs, click the (Edit) icon to the right of the
displayed CIDRs. From the Networks dialog box, you can:
• View the full list of source CIDRs (and starting with version 3.7, the
geolocation flag).
• Click the Destination tab and
— Change the protection statuses of any of the destination CIDRs.
— Add a new network to protect in the CIDR field and click Add.
After making any changes, click Submit.
Destination The attack operation geolocation represented by the geolocation flag (starting
Network with version 3.7), and the destination network IP addresses and ranges (CIDRs).
Up to three CIDRs are displayed. If there are more than three CIDRs for an
attack, the total number of CIDRs is displayed within parentheses (round
brackets).
To view the list of destination CIDRs, click the (Edit) icon to the right of the
displayed CIDRs. From the Networks dialog box, you can:
• Change the protection statuses of any of the destination CIDRs.
• Add a new network to protect in the CIDR field and click Add.
• Click the Source tab and view the full list of the source CIDRs (and starting
with version 3.7, the geolocation flag).
After making any changes, click Submit.
Volume Number of bytes per seconds (BPS) for the attack operation.
Starting with version 3.7, displays for an historic attack the maximum BPS that
was reported since the start of the attack until termination of the attack.
The BPS volume is graphically represented as a percentage interval on the BPS
volume gauge per the defined volume range.
The following are the default BPS gauge representations and their associated
volume ranges:
• 0%-25%—0m < value < 50m
• 25%-50%—50m < value < 250m
• 50%-75%—250m < value < 500m
• 75%-100%—value < 500m
You can change the volume range for the gauge using the CLI command dfc-
core-configuration.
For example, if you want to change the top limit of the PPS volume range for 75%
of the gauge from 500m to 70m, run the following CLI command:
dfc-core:configuration-set -name
dfc.attack.dashboard.volume.bps.level075 -value 70m

Rate Number of packets per seconds (PPS) for the attack operation.
Starting with version 3.7, displays for an historic attack the maximum BPS that
was reported since the start of the attack until termination of the attack.
The PPS rate is graphically represented as a percentage interval on the PPS rate
gauge per the defined rate range.
The following are the default PPS gauge representations and their associated rate
ranges:
• 0%-25%—0k < value < 100k
• 25%-50%—100k < value < 500k
• 50%-75%—500k < value < 1m
• 75%-100%—1m < value
You can change the rate range for the gauge using the CLI command dfc-core-
configuration.
For example, if you want to change the top limit of the PPS rate range for 50% of
the gauge from 500k to 400k, run the following CLI command:
dfc-core:configuration-set -name
dfc.attack.dashboard.volume.pps.level050 -value 400k
Protocol Protocols used by the attack operation.
Detection The detection control element.
Status An icon indicating of the status of the attack operation. To view the status icon
description, hover over the status icon.
Note: The overall attack operation status is represented by a color indicator to
the left of the Attack ID. Earlier in this table, see the description of this
indicator and its relationship to the attack operation statuses.
Statuses:
• (Protection is not activated)—None of the protections have yet been

activated by the attack operation.
• (Protection has terminated)—All protections have been activated and the

attack has ended.
• (Protection activation has failed) —The protection was not activated.
• (Protection is activated)—All protections have been activated by the

attack operation, but the attack has not yet ended.
• (In progress)—The protection activation or deactivation is in progress.
• (Protection is activated on some of the networks)—Some, but not all, of

the protections have been activated.
• (Attack has terminated)—The unprotected attack has terminated.

Protection Manually start or stop a protection operation for the attack based on the current
status of the protection.
Click one of the following buttons as relevant:
• CONFIRM ALL—Confirm starting or stopping multiple protection operations
for a given attack ID.
• CONFIRM START—Confirm starting a single protection operation for a given
attack ID.
• CONFIRM STOP—Confirm stopping a single protection operation for a given
attack ID.
• START—Start a single protection operation for a given attack ID.
• STOP—Stop a single protection operation for a given attack ID.
• STOP ALL—Stop all protections for multiple operations for a given attack ID.
Notes:
• You can start protections for all unprotected attacks by clicking the Protect
All button at the top right corner of the Attack Mitigation Operation
dashboard pane.
• While a protection operation is in process, you can hover over the Protection
button to view the protection status and to see more details of the operation
by clicking the Details link.
• Starting with version 3.7, you can only manually stop a manually activated
protection on a protected object, even if the attack has terminated.
Attack Start Attack operation start time and end time of the attack or the protection.
Attack End Attack operation end time of the attack or the protection.
5. Starting with version 3.1, you can expand the attack record to see more detailed information
regarding the attack.
Mouse-click the attack record. The set of dashboards with detailed information for that attack
display (see Attack Detailed Information, page 551), and the PACKET CAPTURE button that
opens the Real-time Packet Capture pane (see Real-Time Packet Capture, page 554).

Table 418: Attack Detailed Information
Widget Description
Detection Anomaly detection event information, including:
Events • External ID— The ID of the event in the detection element. It can be an
external NetFlow detection or a DefensePro attack ID.
• Detector—The detector that detected the anomaly.
• Event—Description of the event.
• Started At—Start date and time of the event.
• Rate—Packet rate of the event in pps.
• Volume—Packet volume of the event in bps.
PO Traffic A graph that displays the following attack information:
Realization
• Received and dropped packets if the mitigation has
started and the data is available from the DefensePro devices.
You can filter out received or dropped packets from the display by clicking the
relevant icon before exporting. When you click either of the icons, a cross-out
line displays across them, indicating that those packets are filtered out from
the display. To remove the filters, click the relevant icon and the cross-out line
is removed.
• Incoming traffic for DPaaD and other third-party detectors.
The traffic is displayed as bandwidth over time for all DefensePro devices, or for
individual devices, as selected from the device drop-down.
Actions include:
• Select which device for which to display data: TOTAL (all devices), individual
device name
• Select the traffic bandwidth type: PPS, BPS
By default, the time range in the graph is the last 15 minutes. You can change the
time range by clicking on the time range icon in the upper-right corner of the
page. Do one of the following:
• Select a Quick Range:
— Set the quick range. Values: 15m (last 15 minutes), 30m (last 30
minutes), 1H (last hour), 6H (last six hours), 12H (last 12 hours), 24H
(last 24 hours)
— Click Apply.
• Set the time range based on the calendar date:
— Click the start date and end date fields, and select the calendar date for
each.
— The default start time is 15 minutes before the current time, and the
default end time is the current time. You can amend these times using
the format HH:MM.

Table 418: Attack Detailed Information (cont.)
Widget Description
Audit Log A detailed log of the following event types for the specific attack (including the
configuration changes during the attack):
• Attack start/end
• Operation start/end
• Any ongoing protection configuration change
Each log includes the following information:
• Timestamp
• Event description
• Username for user-generated events
Workflow Workflow information related to the attack:
• Name—Workflow name
• Description—Workflow description
• Detection—Detection related to the workflow
• Provisioning—Provisioning related to the workflow
Ongoing Displays the individual mitigation operations that comprise the entire operation
Mitigation workflow, and their settings:
(This table and • Mitigation ID—ID of the individual mitigation operation
its functionality • Operation—Mitigation operation related to the workflow
have been
expanded • Protected Network—Network protected by the mitigation operation
starting with • Enter Criteria—Workflow enter criteria
version 3.4.
• Exit Criteria—Workflow exit criteria
Prior to version
3.4, it was • Activation Mode (prior to version 3.4, Actual User Action Mode)—The enter
referred to as and exit activation mode. Syntax: Enter_Mode/Exit_Mode
Workflow Values: Automatic, Manual, User Confirmation
Rules and
Examples:
included only
the Enter — Automatic/Automatic
Criteria, Exit — Automatic/Manual
Criteria,
— Automatic/User Confirmation
Operation, and
Actual User — Manual/Manual
Action Mode • Mitigation Start Date—Mitigation operation start date and time
parameters)
You can expand the individual rows to display more detailed settings for the
mitigation operation. You can modify these details for the ongoing protection as
required. After the ongoing protection has ended, the changes you made no
longer are valid.
After making your changes, click Apply to apply them.
For more information on the Ongoing Mitigation details, see Table 419 - Ongoing
Mitigation Detailed Information, page 553.

Table 419: Ongoing Mitigation Detailed Information
Row Description
Operation Details of the operation, including:
• Description—Description of the operation.
• Operation Type—The type of operation. Values: Mitigation, Traffic Blocking,
Custom
• Diversion Protocol—The diversion protocol. Values: BGP, BGP FlowSpec
Mitigation Group Details of the mitigation devices with the mitigation group associated with the
operation, including:
• Name—Mitigation of the mitigation device name.
• Operational Status—The operational status of the mitigation device.
• CPU Utilization—Percent of the CPU utilization of the mitigation device.
• BW Utilization (GBPS)—Percent of the bandwidth utilization of the mitigation
device.
• Policies Utilization—Percent of the policies table utilization of the mitigation
device.
• Filter List Utilization—Percent of filter list utilization of the mitigation device.
• Managed—Whether the mitigation device is managed.
Values: true, false
• Platform Name—Platform name of the mitigation device.
• Update Time—Last monitored update time.
• Last Error—The last device access error that was issued.
• Geo Feed Status—The status of the Geolocation Feed on the DefensePro
mitigation device (active, inactive).
Filter List If you want to associate a black list and/or white list to the operation, select them
from the drop-down lists.
Geo-Location If you want to temporarily override the current geoblocking settings for this
(This row is operation for the duration of the protection, select a geolocation or Geolocation
available only feed group to block or allow, then select the override action:
starting with • Allow—Allow the selected geolocation or Geolocation feed group (default).
version 3.7) • Block—Block the selected geolocation or Geolocation feed group.
DNS Protection If you want to associate a DNS white list to the operation, select one from the
drop-down list, or click the Upload icon to upload a file with a DNS white list
not on the list.
If you want to see the contents of a DNS white list, select one from the drop-
down list and click the Download icon to save it as a .txt file.
Policy Edit the associated policy, if required.

Table 420: Real-Time Packet Capture
Widget Description
Packet Capture Click PACKET CAPTURE to open the REAL-TIME PACKET CAPTURE pane
displaying the set of packets in the attack. Dropped packets are highlighted in
red, passed packets are highlighted in green.
To exit the REAL-TIME PACKET CAPTURE pane, click the <Back icon at the top
right of the pane.
The following fields display for each attack:
• Capture Settings—These fields include the Mitigation Device/Group drop-
down list and the Capture Filter. The filter is a regular expression that filters
which packets are displayed in the Packet Display table. For more details on
the capture filter regular expressions you can define, see Table 421 - Packet
Capture Filter Regular Expression Parameters, page 557.
— Mitigation Device/Group—Select from which DefensePro device or device
group the packets are captured. The default is the device or group that is
referred to specifically by the attack information.
— Capture Filter—Regular expression to display the packet capture
information from the selected DefensePro device or group of DefensePro
devices. The default device is the device or group that is referred to
specifically by the attack information. From the drop-down list, you can
choose one of the last 10 previous inputs for the filter.

Table 420: Real-Time Packet Capture (cont.)
Widget Description
Packet Capture • Display Settings—These fields include the Match Filter and Display Filter.
The filters are regular expressions that filter the packets that are displayed in
the Packet Display table. For more details on the regular expressions you can
define, see Table 422 - Match Filter and Display Filter Regular Expression
— Match Filter—Highlights the packets that match the filter. From the drop-
down list, you can choose one of the last 10 previous inputs for the filter.
— Display Filter—Displays all those packets that match the filter. From the
drop-down list, you can choose one of the last 10 previous inputs for the
filter.
• Legend for the color-codes for packets that match the capture and display
filters:
— —The packet was dropped.

Starting with version 3.3, if you export the packet capture to a Wireshark
PCAP file, you can filter out dropped packets from the export by clicking
this icon before exporting.
When you click the icon, a cross-out line displays across it, indicating that
dropped packets are filtered out of the export. To remove the filter, click
the icon and the cross-out line is removed.
— —The packet passed.

Starting with version 3.3, if you export the packet capture to a Wireshark
PCAP file, you can filter out passed packets from the export by clicking
this icon before exporting.
When you click the icon, a cross-out line displays across it, indicating that
passed packets are filtered out of the export. To remove the filter, click
the icon and the cross-out line is removed.
— —The packet matches the display filters.

Table 420: Real-Time Packet Capture (cont.)
Widget Description
Packet Capture • Display actions—Do one of the following:
(continued)
— Click to begin the packet capture display. The packets display one
at one time based on the filters that you defined.
— Click to stop the packet capture display.
— In versions earlier than 3.3, click to resume a packet capture

display that has been stopped.
— Click to clear the packet capture display.
— Starting with version 3.3, click Export to export the packet

capture to a Wireshark PCAP file:
a. Select the export parameters:
• From—Select the source of the packet capture information to
export: Captured (default) or Displayed
• Type—Select all the types of data in the packet information to
export: Passed (default), Dropped (default)
b. Click Export.
Note: The exported PCAP file includes additional data (mitigation device
and reason), that is not visible in Wireshark. This additional data is used
when importing the PCAP file back to DefenseFlow.
— Starting with version 3.3, click Import to import a Wireshark

PCAP file to DefenseFlow:
a. In the Browse dialog box, select the PCAP file to import.
b. Click Select.
• Packet Display, including:
— Packet Display Table—Includes the following columns:
• Time—Duration of the packet capture
Note: To ensure that the packet capture time is accurate, you must
synchronize the DefenseFlow clock with the mitigation device
(DefensePro) clock. For more information on setting the DefensePro
clock, refer to the DefensePro User Guide.
• Mitigation Device—Name of the mitigation device that is mitigating
the packet
• SRC IP—Source IP address and geolocation of the packet
• SRC Port—Source port of the packet
• DST IP—Destination IP address and geolocation of the packet
• DSP Port—Destination port of the packet
• Protocol—Protocol of the packet
• Length—Packet length
• Reason—Reason for the packet capture
— Decoded Packet—The decoded packet and its protocol layers.
Highlight the individual protocol layers to view their associated code (see
below the line). You can also expand the protocol layer to view its details.
• The following fields display the packet capture status:
— Capture Elapsed Time—The number of seconds since the packet capture
was run.
— Passed Packets—The number of passed packets out of the total number
of packets.

Table 421: Packet Capture Filter Regular Expression Parameters
Parameter Description Examples

You can define regular expressions in the packet capture Capture Filter field using the parameters
described in this table and the ==, AND, OR, and NOT boolean expressions. For more details on
the REAL-TIME PACKET CAPTURE pane, see the description of it in the Table 420 - Real-Time
Packet Capture, page 554.
ip.dst Destination IP address. • ip.dst==224.0.0.2
Values can be with or • ip.dst==[224.0.0.2]
without brackets.
• ip.dst==[1.1.1.1,2.2.2.2,3.3.3.3]
• ip.dst==2001:40b0:7500:205:0:0:9353:8321
ip.proto The packet protocol. • ip.proto==tcp
Values: tcp, udp, icmp, • ip.proto==[udp,tcp]
other
ip.src Source IP address. • ip.src==172.16.01
Values can be with or • ip.src==[224.0.0.2]
without brackets.
• ip.src==[1.1.1.1,2.2.2.2,3.3.3.3]
policy The policy name on the • policy==ProtectedObject_1 AND ip.dst ==
mitigation device. 60.0.0.2/32
A null value indicates • policy==ProtectedObject_1
any policy.
Table 422: Match Filter and Display Filter Regular Expression Parameters

You can define regular expressions in the packet capture Match Filter and Display Filter fields
using the parameters described in this table and the ==, AND, OR, and NOT boolean expressions.
For more details on the REAL-TIME PACKET CAPTURE pane, see the description of it in the Table
420 - Real-Time Packet Capture, page 554.
frame.len Packet length. • frame.len==76
Internet_Proto Internet Protocol (IP) • IPv4
col_Version version layer of the
• NOT IPv4
packet.
• IPv6
• NOT IPv6
ip.dst Destination IP address. • ip.dst==224.0.0.2
Values can be with or • ip.dst==[224.0.0.2]
without brackets.
• ip.dst==172.16.01/24
• ip.dst==10.0.0.0/24
Matches all hosts addresses in the subnet (CIDR)
• NOT ip.dst==224.0.0.2
• ip.dst==[1.1.1.1,2.2.2.2,3.3.3.3]
• ip.dst==2001:40b0:7500:205:0:0:9353:8321
• NOT
ip.dst==2001:40b0:7500:205:0:0:9353:8321

Table 422: Match Filter and Display Filter Regular Expression Parameters (cont.)

ip.src Source IP address. • ip.src==172.16.01
Values can be with or • ip.src==[224.0.0.2]
without brackets.
• ip.src==172.16.01/24
• ip.src==10.0.0.0/24
Matches all hosts addresses in the subnet (CIDR)
• NOT ip.src==172.16.0.1
• ip.src==[1.1.1.1,2.2.2.2,3.3.3.3]
• NOT TCP AND udp.port==161 AND
ip.src==192.168.29.160 AND
frame.len==150
Protocol The packet protocol. • Ethernet
Values: • NOT Ethernet
• Ethernet • UDP
• TCP • NOT UDP
• UDP
• TCP
• ICMP
• NOT TCP
• Other—The
protocols currently • TCP OR UDP
recognized by the • NOT TCP OR UDP
DME. Protocols not
recognized by the
DME are
considered packet
anomalies.
mitigation Mitigation device • mitigation==device_1
name.
• NOT mitigation==device_1
policy The policy name on the • policy==ProtectedObject_1 AND ip.dst ==
mitigation device. 60.0.0.2/32
A null value indicates • policy==ProtectedObject_1
any policy.
reason Reason the packet was • reason==”Dropped due to Behavioral DoS"
dropped.
• reason==”Dropped due to Signature
Protection"
tcp.dstport TCP destination port. • tcp.dstport==23
Up to 10 ports. • tcp.dstport==[23]
A null value indicates • NOT tcp.dstport==23
any policy.
• tcp.dstport==[1111,222]
Values can be with or
without brackets.

Table 422: Match Filter and Display Filter Regular Expression Parameters (cont.)

tcp.port TCP source and • tcp.port==23
destination ports.
• tcp.port==[23]
Up to 10 ports.
• NOT tcp.port==23
A null value indicates
any policy. • tcp.port==[1111,222]
without brackets.
tcp.srcport TCP source port. • tcp.srcport==56760
Up to 10 ports. • tcp.srcport==[56760]
A null value indicates • NOT tcp.srcport==56760
any policy.
without brackets.
udp.dstport UDP destination port. • udp.dstport==646
Up to 10 ports. • udp.dstport==[646]
A null value indicates • NOT udp.dstport==646
any policy.
without brackets.
udp.port UDP source and • udp.port==646
destination ports.
• udp.port==[646]
Up to 10 ports.
• NOT udp.port==646
A null value indicates
any policy. • udp.port==161 or udp.port==60376
Values can be with or • udp.port==161 or udp.port==9999
without brackets. • NOT TCP AND udp.port==161 AND
ip.src==192.168.29.160 AND
frame.len==150
udp.srcport UDP source port. • udp.srcport==646
Up to 10 ports. • udp.srcport==[646]
A null value indicates • udp.srcport==646
any policy.
• NOT udp.srcport==646
without brackets.
To view the attack operation background processes

You can view the all attack background operation details.
1. To view the Operation Background Processes pane, at the far top-right in the title bar, click the
icon.
2. On the menu, click Operation Background Processes. The Operation Background Processes
table includes the following parameters:

Table 423: Operation Background Processes Parameters
PROCESS Description of the operation background process, including the associated PO
DESCRIPTION name where relevant.
DATE STARTED Date and time the process started.
DATE MODIFIED Last date and time the process was modified.
STATUS Current status of the process:
• —Process started
• —Process running
• —Process completed
• —Process failed
3. Perform one of the following actions, as required:

— You can search for processes by typing a search string in the Search field. The table is
filtered according to all processes that include the string. To undo the filter, clear the text in
the Search field.
— If you want to clear all of the records from the table, click Clear All.
— To return to the Attack Mitigation Operation dashboard, click the icon and click Attack
Operations.

CHAPTER 22 – USING THE APSOLUTE
VISION DASHBOARDS
The following topics describe the APSolute Vision dashboards and how to use them:
• Using the Application SLA Dashboard, page 561
• Using the Security Control Center, page 564
• Using the Service Status Dashboard, page 570
• Using the GEL Dashboard, page 576
• Using the ERT Active Attackers Feed (EAAF) Dashboard, page 579
Tip: You can select one of the APSolute Vision dashboards as your landing page. APSolute Vision
administrators can select one of the APSolute Vision dashboards as the landing page for new users.
For more information, see Selecting Your Landing Page, page 78 or Configuring APSolute Vision
Display Parameters, page 163.
Using the Application SLA Dashboard

This feature requires an APM license.
Users whose RBAC role supports Alteon and LinkProof NG can access the Application SLA
Dashboard.
Use the Application SLA Dashboard to do the following:
• View the high-level status of each APM-enabled ADC (Alteon or LinkProof NG) service, which use
the following indicators:
— OK—The status is OK according to the corresponding module.
— Warning—The status is Warning according to the corresponding module is nominal.
— Critical—The status is Critical according to the corresponding module is nominal.
— Not Available—The Application SLA Dashboard cannot display the status because the
feature is not supported on the Alteon platform or the required license is not installed.
— No Data—The Application SLA Dashboard cannot display the status because no traffic
transactions were generated in the collection interval.
— Communication Error—The Application SLA Dashboard cannot display the status

because of a problem with the Alteon or server.
• Hover over an icon in the dashboard to view additional information.
• Click an icon on the dashboard to go to the related APM dashboard, Alteon dashboard, or
Application Delivery View dashboard. For more information on APM, see the Application
Performance Monitor User Guide.

Using the APSolute Vision Dashboards
Figure 64: Application SLA Dashboard
To view the Application SLA Dashboard

> In the APSolute Vision Settings view Dashboards perspective, select Application SLA
Dashboard.
Table 424: Application SLA Dashboard Parameters
Name Display Hover Display (Tooltip) Click Action

Application Name The application None None
name in APM.
User Experience SLA The User Parameters: Opens APM and goes to
Experience (UE) • UE SLA % the related User
SLA status—green Experience Application
(acceptable), • Avg UE Time Dashboard.
orange (warning), • Rendering Time
and red (critical
• Network Time
alert)—during the
last 15 minutes.1
Data Center SLA The Data Center Parameters: DC SLA %, Opens APM and goes to
(DC) Experience Avg DC Time the related Data Center
SLA status—green Application Dashboard.
(acceptable),
orange (warning),
and red (critical
alert)—during the
last 15 minutes.1

Table 424: Application SLA Dashboard Parameters (cont.)
Name Display Hover Display (Tooltip) Click Action

Service Availability The indicator for Parameters: Opens the Service Status
(The Application SLA the availability of • Status View dashboard of the
Dashboard resolves this the application — • Successful/Total
Alteon that manages the
parameter only for green service.
Alteon version 30.0 and (acceptable),
later.) orange (warning),
and red (critical
alert)—during the
last 15 minutes.2
Service Throughput The throughput, in The throughput, in Mbps, Opens the Application
(Mbps) Mbps, for the for the application. Delivery View dashboard
(The Application SLA application. of the Alteon that
Dashboard resolves this manages the service.
parameter only for
Alteon version 30.2 and
later.)
Infrastructure The indicator for Parameters: Opens the System View
the health of the • Device Name dashboard of the Alteon
Alteon hardware that manages the service.
and software • Management IP
resources. • Device Status
• CPU SP (Avg)
• CPU MP
• Cache
• Hard drive
• Session
• Throughput License
• SSL License
Additional parameters for
physical devices:
• Fan Info (curr/max)
• Temperature (Critical
/ High / Normal)
1 – The status is the same as that in APM. The dashboard displays the status only if the ser-
vice has generated transactions and APM data is available.
2 – This is based on one poll per minute for the last 15 minutes—Green (OK): 0 (zero) ser-
vice-down records. Amber (Warning): 1–2 service-down records. Red (Critical): 3 or
more service-down records.

Using the Security Control Center

The Security Control Center enables users with the proper roles (see Role-Based Access Control
(RBAC), page 85) to view and monitor the following:
• Radware security products and modules:
— DefensePro® —DefensePro is a real-time attack-mitigation device that protects
organizations against emerging network and application cyber-attacks. For Security Control
Center information, see DefensePro Information in the Security Control Center, page 565.
— DefenseFlow® —DefenseFlow is a network-wide attack detection and cyber command and
control application designed to protect networks against known and emerging network
attacks that threaten network resources availability. For Security Control Center information,
see DefenseFlow Information in the Security Control Center, page 566.
— AppWall® —AppWall is a Web Application Firewall (WAF) that ensures fast, reliable, and
secure delivery of mission-critical Web applications. For Security Control Center information,
see AppWall Information in the Security Control Center, page 566.
— APSolute Vision Reporter—APSolute Vision Reporter (AVR) provides historical reporting
of security information. For Security Control Center information, see APSolute Vision
Reporter Information in the Security Control Center, page 566.
— APSolute Vision Analytics—APSolute Vision Analytics provides real-time and historical
reports of information from DefensePro version-8.x devices. For Security Control Center
information, see APSolute Vision Analytics Information in the Security Control Center,
page 567.
• Radware subscription security services:
— Emergency Response Team—Radware’s ERT premium service is an extended set of
services that includes 24/7 monitoring and blocking of DDoS attacks, provided by a group of
dedicated security experts. For Security Control Center information, see Emergency
Response Team Information in the Security Control Center, page 567.
— Radware Cloud DDoS Protection—Radware Cloud DDoS Protection is a cloud-based
DDoS scrubbing service that provides volumetric DDoS attack mitigation and Internet pipe
saturation defense measures. For Security Control Center information, see Radware Cloud
DDoS Protection Information in the Security Control Center, page 567.
— Radware Security Signatures (SUS)—Radware’s Security Update Service (SUS) is a
subscription service for security advisories and signature updates, which delivers rapid and
continuous updates. For Security Control Center information, see Radware Signature-
Update-Service (SUS) Information in the Security Control Center, page 567.
— Fraud Security Signatures—The Fraud Signature Protection subscription provides
protection against fraud and phishing attacks using the DefensePro Fraud Protection
module. For Security Control Center information, see Fraud Security Signatures Information
in the Security Control Center, page 568.
— ERT Active Attackers Feed—The ERT Active Attackers Feed is a subscription service that
updates DefensePro devices with IP addresses of known attackers that were recently active.
The feed is generated by Radware’s Threat Research Center. For Security Control Center
information, see ERT Active Attackers Feed Information in the Security Control Center,
page 569.

Each tab displays one of the following global-status indicators, in addition to the label (for example,
DefensePro):
• —OK.
• —Mixed results.
• —Warning or Fail.
• —Not enough data, polling data, or the Security Control Center cannot determine the status.
To open the Security Control Center

— In the APSolute Vision Settings view Dashboards perspective, select Security Control
Center.
— In the APSolute Vision sidebar menu, select Applications ( ) > Security Control
Center.
DefensePro Information in the Security Control Center

The DefensePro node of the Security Control Center can show the following global-status indicators:
• —The APSolute Vision server is managing one or more DefensePro devices with enabled
policies.
• —The APSolute Vision server is managing one or more DefensePro devices, but none have
any enabled policy.
• —The APSolute Vision server is managing no DefensePro devices.
• —The Security Control Center has not yet determined the status.
When the global status is OK or mixed-results, the DefensePro node of the Security Control Center
displays the parameters described in the following table.
Table 425: Security Control Center: DefensePro Parameters
Total managed DefensePro devices The number of DefensePro device that the APSolute Vision
server is managing.
Total Policies The number of DefensePro Protection policies and Server
Protection policies.
Enabled Policies The number of enabled DefensePro Protection policies and
Server Protection policies.
Disabled Policies The number of disabled DefensePro Protection policies and
Server Protection policies.

DefenseFlow Information in the Security Control Center

The DefenseFlow node of the Security Control Center can show the following global-status
indicators:
• —DefenseFlow is available.
• —DefenseFlow is not available.
• —The Security Control Center cannot determine the status.
AppWall Information in the Security Control Center

The AppWall node of the Security Control Center can show the following global-status indicators:
• —The APSolute Vision server is managing one or more AppWall devices, which is reporting
to the associated APSolute Vision Reporter.
• —The APSolute Vision server is managing s or more AppWall devices, but one or more of
the AppWall devices is not reporting to the APSolute Vision Reporter that is associated with this
• —The APSolute Vision server is managing no AppWall devices.
When the global status is OK or mixed-results, the AppWall node of the Security Control Center
displays the parameters described in the following table.
Table 426: Security Control Center: AppWall Parameters
AppWall devices Managed by APSolute The number of AppWall devices that the APSolute Vision
Vision server is managing.
AppWall devices Monitored by APSolute The number of AppWall devices that APSolute Vision
Vision Reporter Reporter is monitoring.
APSolute Vision Reporter Information in the Security Control Center

The APSolute Vision Reporter node of the Security Control Center can show the following global-
status indicators:
• —The APSolute Vision server has a license for AVR, and AVR is available.
• —The APSolute Vision server has no license for AVR, or AVR is unavailable.
• —The Security Control Center cannot determine the AVR status.

APSolute Vision Analytics Information in the Security Control Center

The APSolute Vision Analytics node of the Security Control Center can show the following global-
status indicators:
• —The APSolute Vision server has a license for the APSolute Vision Analytics, and APSolute
Vision Analytics is available.
• —The APSolute Vision server has no license for APSolute Vision Analytics, or APSolute Vision
Analytics is unavailable.
• —The Security Control Center cannot determine the APSolute Vision Analytics status.
Emergency Response Team Information in the Security Control Center

The Emergency Response Team (ERT) node of the Security Control Center shows whether you have
the Radware ERT Premium service.
Radware Cloud DDoS Protection Information in the Security Control

Center
The Radware Cloud DDoS Protection node of the Security Control Center can show the following
global-status indicators:
• —The Radware Cloud DDoS Protection service is configured in the system.
• —The Radware Cloud DDoS Protection service is not configured in the system.
Tip: Users with a proper role can click the (Settings) icon to specify the Radware Cloud DDoS
Protection URL (see Configuring the Radware Cloud DDoS Protection Setting, page 161).
Radware Signature-Update-Service (SUS) Information in the Security

Control Center
The Radware Security Signatures (SUS) node of the Security Control Center can show the following
global-status indicators:
• —All the DefensePro devices are using the latest signature file.
• —Only some of the DefensePro devices are using the latest signature file version.
• —No DefensePro devices are using the latest signature file (whether or not they have a
subscription).

Tip: Users with a proper role can click the (Scheduler) button to open the Scheduler and
configure an Update Security Signature Files task (see Update Security Signature Files—
Parameters, page 313).
When the global status is OK or mixed-results, the Radware Security Signatures (SUS) node of the
Security Control Center displays the parameters described in the following table.
Table 427: Security Control Center: Radware Security Signatures (SUS) Parameters
Latest Signature Release The identifier or the Signature file.
Total DefensePro Devices The number of DefensePro devices that the APSolute Vision
server is managing.
DefensePro Devices Using Latest The number of DefensePro devices using the latest signature-file
Signature File Release release.
DefensePro Devices Requiring The number of DefensePro devices not using the latest
Signature File Update signature-file release.
DefensePro Devices Without The number of DefensePro devices that do not have a
Signature File Update subscription for Signature File updates.
Subscription
Fraud Security Signatures Information in the Security Control Center

The Fraud Security Signatures node of the Security Control Center can show the following global-
status indicators:
• —All of the DefensePro devices were updated with fraud signatures in the last hour.
• —Only some of the DefensePro devices were updated with fraud signatures in the last hour.
• —No DefensePro devices were updated with fraud signatures in the last hour.
configure an Update Security Signature Files task (see Update Fraud Security Signatures—
Parameters, page 314).
When the global status is OK or mixed-results, the Fraud Security Signatures node of the Security
Control Center displays the parameters described in the following table.
Table 428: Security Control Center: Fraud Security Signatures Parameters
DefensePro Devices Updated in The number of DefensePro devices (managed by the APSolute
Last Hour Vision server) that were updated in the last hour.
DefensePro Devices Not Updated The number of DefensePro devices (managed by the APSolute
in Last Hour Vision server) that were not updated in the last hour.

DefensePro Devices Not Using The number of DefensePro devices (managed by the APSolute
fraud Subscription Vision server) without a Fraud Signature Protection
subscription.
ERT Active Attackers Feed Information in the Security Control Center

The ERT Active Attackers Feed node of the Security Control Center can show the following global-
status indicators:
• —All of the DefensePro devices were updated with the ERT Active Attackers Feed in the last
run of the ERT Active Attackers Feed for DefensePro scheduled task.
• —Only some of the DefensePro devices were updated with the ERT Active Attackers Feed in
the last run of the ERT Active Attackers Feed for DefensePro scheduled task.
• —No DefensePro devices were updated with the ERT Active Attackers Feed in the last run of
the ERT Active Attackers Feed for DefensePro scheduled task.
Note: For information on the ERT Active Attackers Feed for DefensePro scheduled task, see ERT
Active Attackers Feed for DefensePro—Parameters, page 323.
configure an ERT Active Attackers Feed for DefensePro task.
When the global status is OK or mixed-results, the ERT Active Attackers Feed node of the Security
Control Center displays the parameters described in the following table.
Table 429: Security Control Center: ERT Active Attackers Feed Parameters
Last ERT Active Attackers Feed The time that APSolute Vision received the last feed.
Note: The time format is according to the configuration (see
Last Run The time that APSolute Vision last ran an ERT Active Attackers
Feed for DefensePro task.
Note: The time format is according to the configuration (see
DefensePro Devices Updated in The number of DefensePro devices (managed by the APSolute
Last Run Vision server) that were updated in the last run of the ERT
Active Attackers Feed for DefensePro scheduled task.
DefensePro Devices Not Updated The number of DefensePro devices (managed by the APSolute
in Last Run Vision server) that were not updated in the last run of the ERT
Active Attackers Feed for DefensePro scheduled task.

DefensePro Devices Not Using The number of DefensePro devices (managed by the APSolute
ERT Active Attackers Feed Vision server) without an ERT Active Attackers Feed
Subscription subscription.
Using the Service Status Dashboard

This feature is operational only in standalone, VA, and vADC.
This feature is available only with Alteon and LinkProof NG version 30.0 and later.
The Service Status Dashboard enables users with the proper roles to view configuration and status
information about the following ADC objects of up to 10 managed ADC devices:
• Content rules
• Server groups
• Real servers
• WAN links
The Service Status Dashboard includes doughnut charts that show summary information and a tree
view with more detailed information.
For information on the different statuses, see Status Criteria in the Service Status Dashboard,
page 574.
You can manage the set of devices that the Service Status Dashboard shows and filter objects in the
tree view using the filter dialog box. For more information, see Managing Set of Devices that the
Service Status Dashboard Shows and the Objects in the Tree View, page 572.
Figure 65: Filter Dialog Box
You can pause and resume the refresh of Service Status Dashboard display.
Figure 66: Use the Slider to Pause or Refresh the Display of the Service Status Dashboard

Notes
• For information about roles in APSolute Vision, see Role-Based Access Control (RBAC), page 85.
• By default, the information in the Service Status Dashboard refreshes every 15 seconds. You can
modify the rate by modifying the value for the APSolute Vision Polling Interval for Reports
parameter (see Configuring Monitoring Settings, page 135).
• The Service Status Dashboard may not be able to fetch data from the ADC for several reasons,
for example:
— The ADC statistics are not ready.
— The ADC is unavailable.
— There is some exception on the APSolute Vision side or the ADC side.
To view the Service Status Dashboard

> In the APSolute Vision Settings view Dashboards perspective, select Service Status
Dashboard.
Service Status Dashboard Doughnut Charts

The Service Status Dashboard shows the following doughnut charts:
• Virtual services—The total number of virtual services configured on the managed devices and
the percentage in each status (Up, Warning, Down, Admin Down, and Shutdown).
• Server groups—The total number of server groups configured on the managed devices and the
percentage in each status (Up, Warning, Down, and Admin Down).
• Real servers—The total number of real servers configured on the managed devices and the
percentage in each status (Up, Warning, Down, Admin Down, and Mixed). The Mixed status
indicates that the real server is associated with multiple server groups, and the statuses are not
the same.
Tip: Click a segment in a doughnut chart to apply a filter to the corresponding objects in the status
tree.
Tip: Hover over a segment in a doughnut chart to display more exact values.
Service Status Dashboard-Status Tree

The status tree displays detailed status information for up to 10 Alteon and LinkProof NG devices
that the APSolute Vision server manages.
The status of each node in the tree is identified with an icon. For information on the different
statuses, see Status Criteria in the Service Status Dashboard, page 574.
Figure 67: Service Status Legend

Under each device node, all the second-level nodes in the tree—the virtual-service nodes—are
collapsed.
Expanding a device node displays the following:
• Virtual Service ID: <ID>, <Application> (<port> <tcp|udp>), Action: <action>
where:
— <ID> is the specified ID of the virtual service.
— <Application> is the specified Application of the virtual service, for example: basic-
slb, http, or https. For information on the Application parameter, see the APSolute
Vision online help.
— <Port> is the specified port number of the of the virtual service.
— <tcp|udp> is the relevant protocol of the virtual service.
— <action> is either the specified Action (Group, Redirect, or Discard) when the
Application is HTTP or HTTPS (group, redirect, discard) or group for all other
Application values.
• AppShape++ Script (Always Up)—Specifies that a virtual service is always be available,
even if all servers are down, when an AppShape++ script is attached to the service.
The Service Status Dashboard displays this node only under the following conditions:
— In version 30.2.5 and later, version 30.5.3 and later, and version 31.0 and later—
The virtual service is configured with one or more AppShape++ scripts and the Service
Always Up options is Enable. For more information on the Service Always Up parameter,
see the APSolute Vision online help.
— In versions earlier than 30.2.5, earlier than 30.5.3, and earlier than 31.0—The
virtual service is configured with one or more AppShape++ scripts.
• Content Rules—This node is displayed only if the virtual service is configured with one or more
content rules. The Service Status Dashboard displays content rules numerically, each in the
format <Rule ID>, Action: <Action>, Group: <Group name>.
• Group ID: <ID>—The ID of the server group, and includes the following nodes sorted
alphanumerically, each in the format <Real server ID>,<IP address>.
• WAN Link ID: <ID>, <WAN Link Router IP address>—This node is displayed only if the
virtual service is configured with a WAN link.
Note: Backup real servers and backup groups appear in the tree only when they are active.
Managing Set of Devices that the Service Status Dashboard Shows and
the Objects in the Tree View
Use the following procedure to modify the set of managed ADC devices that the Service Status
Dashboard shows. The Service Status Dashboard can show up to 10 managed ADC devices. If there
are more than 10 managed ADC devices, by default, the Service Status Dashboard shows the first
10 devices.

Applying a filter refreshes the tree view (not the doughnut charts) and shows the updated statuses
and objects based on the filter criteria.
To manage the set of devices that the Service Status Dashboard Shows and the objects
in the tree view
1. In the APSolute Vision Settings view Dashboards perspective, select Service Status
Dashboard.
2. Click the filter funnel icon ( ) at the top-left of the Service Status Dashboard.
3. Configure the filter parameters and click APPLY.
Table 430: Filter Parameters of the Service Status Dashboard
Filter Category Description

FREE TEXT Free text that filters the results according to ID or other identifier.
For example:
• You can filter for a real server by entering its IP address.
• You can filter for a group by entering the suffix of its ID.
Default: Empty
STATUS Values:
• Up—Shows the selected object types with the Up status.
• Down—Shows the selected object types with the Down status.
• Admin Down—Shows the selected object types with the Down status.
• Warning—Shows the selected object types with the Warning status.
• Shutdown—Shows the specified object types with the Shutdown status. This
value is available only in version 30.2.3 and later.
• Mixed—Shows the selected object types with the Down status and the
Warning status.
Default: All items are selected.
Note: For more status information, see Status Criteria in the Service Status
Dashboard, page 574.
TYPE Values:
• Virtual Service—Shows the virtual services that match the other criteria.
• Server Group—Shows the server groups that match the other criteria.
• Real Server—Shows the real servers that match the other criteria.
• Content Rule—Shows the content rules that match the other criteria.
• WAN Link—Shows the WAN links that match the other criteria.
Default: All items are selected.

Table 430: Filter Parameters of the Service Status Dashboard (cont.)
Filter Category Description

DEVICES The ADC devices that are configured on the APSolute Vision server.
The selected lines indicate the devices that Service Status Dashboard can shows.
The Service Status Dashboard can show only 10 devices.
Click in a highlighted line to remove the device from the set of devices that the
Service Status Dashboard shows.
Click in a unlighted line to add the device to the set of devices that the Service
Status Dashboard shows.
Default: The first 10 devices are selected.
To cancel the filter application of the status tree, but retain the filter configuration
Dashboard.
3. Configure the filter parameters and click CANCEL.
To cancel the filter application of the status tree and revert the filter configuration to the
default
Dashboard.
3. Configure the filter parameters and click CLEAR.
Status Criteria in the Service Status Dashboard

This section describes the status criteria for the items in the Service Status Dashboard, and contains
the following:
• Device Status Criteria, page 574
• Real Server Status, page 575
• Server Group Status, page 575
• Content Rules per Virtual Service Status, page 575
• Virtual Service Status, page 575
• WAN Link Status, page 575
Device Status Criteria

The status of a device that is shown in the Service Status Dashboard can be one of the following:
• Down—One or more virtual services on the device has the status Down, Admin Down or
Shutdown.
• Up—The device and its services are up.

Real Server Status

The status of a real server that is shown in the Service Status Dashboard can be one of the
following:
• Down—The real server health check failed.
• Warning—The real server is in the No-new-sessions state or the Recovery state.
• Up—The real server health check state is UP.
Server Group Status

The the Service Status Dashboard determines the status of a server group status according to the
status of its real servers.
A group is considered to be in the Warning state in the following conditions:
• At least one real server is in the Warning state.
• Some of the real servers in the group are in Down and some are in the UP state.
Content Rules per Virtual Service Status

The status of a content rule that is shown in the Service Status Dashboard can be one of the
following:
• Admin Down—The content rule is disabled.
• Up—For a redirect or discard action.
• The status of the group—For a group action.
Virtual Service Status

The Service Status Dashboard calculates the status of a virtual service according to the following:
• The content rule status.
• If at least one enabled AppShape++ script is associated to the service.
• The service-action status, as follows:
— For an HTTP or HTTPS service, you can specify Group, Redirect, or Discard actions.
— For a non-HTTP/S services, the action is always (implicitly) Group.
Note: When the specified Action is Group, the service-action status is the Group status.
When the Action is Redirect or Discard, the service-action status is always Up.
WAN Link Status

The status of a WAN link service that is shown in the Service Status Dashboard can be one of the
following:
• Down—The WAN link health check failed.
• Warning—The WAN link is in the No-new-sessions state or the Recovery state.
• Up—The WAN link health-check state is Up.

Using the GEL Dashboard

The GEL Dashboard enables users whose RBAC role supports Alteon and LinkProof NG to activate a
new Global Elastic License (GEL) Entitlement, allocate throughput to Alteon servers using GEL
Entitlements, and to view the Entitlement-utilization state.
The GEL server is a flexible mechanism that enables Radware customers to consume an overall
throughput license, without the need to license every deployed Alteon device separately.
The Alteon GEL deployment-model enables a high level of flexibility for ADC services across data
centers, private clouds, and public clouds, as well as for on-premises Alteon VX and Alteon VA
deployments. The GEL enables dynamic ADC capacity allocation and the ability to move capacity
across environments, without having to invest separately in a dedicated ADC infrastructure for each
and every location where an organization’s applications are deployed (for example, on premises or
in the public cloud). This licensing model increases agility, decreases cost, and helps eliminate
planning risks in the purchase and deployment of ADC services, enabling continuous investment
protection of the ADC infrastructure throughout its life-cycle duration.
Without GEL, prior knowledge is required for the type of Alteon instances to be deployed, the MAC
addresses, and the required throughput for each platform. Future bandwidth consumption of the
applications over the coming years is also advised, and during planning, you must take throughput-
growth into consideration.
With GEL, you purchase a yearly subscription to consume a given throughput over your entire
infrastructure. You purchase the overall required throughput of a given DPS package (Deliver/
Perform/Secure) and consume the purchased throughput on any kind of Alteon devices regardless of
its form factor (VA, VX/vADC).
Using the GEL, you can deploy any number of virtual Alteon platforms (according to your GEL
license), either on standard servers or vADCs on Alteon VX platform. There is no need to manually
purchase licenses per device. Once you deploy an Alteon with its licensing requirements, it
automatically registers itself to the license server (either local license server or cloud license server,
according to the deployment mode) for the required throughput.
The device is automatically granted a license as long as the accumulated throughput consumed by
all the Alteon devices does not exceed the purchased overall throughput. To extend the device
throughput, just enter in the Alteon the new required throughput, and the Alteon approaches the
license server for the additional capacity.
Note: The GEL Dashboard uses the Local License Server (LLS) on the APSolute Vision server. The
LLS service starts automatically with APSolute Vision. Administrators can use system lls
commands in the APSolute Vision CLI to manage the LLS. For more information, see System LLS
Commands, page 701.
To access the GEL Dashboard
> In the APSolute Vision sidebar menu, select Applications ( ) > GEL.
Note the following terms:
• Activate a license means to register a new Entitlement on the local server.
• Allocate a license (for a selected Entitlement) means that the user allocates throughput and
add-ons to selected Alteon devices.

To allocate throughput to Alteon servers

1. Add Entitlements to a license, as follows:
a. In the GEL Dashboard, click Activate License.
b. In the Activate Entitlement dialog box, paste the Activation ID for an Entitlement you
want to add to this license, then click Activate.
c. Repeat step b for each Entitlement you want to add to this license.
Entitlements display as shown:
2. Allocate Entitlements to Alteon servers, as follows:

a. Select the Entitlement to allocate.
The color of the Entitlement changes from gray to blue.
b. Click Allocate.
The Allocate Instance dialog box displays.
c. In the Instance field, select the required Alteon from the drop-down list.
Note: Devices displayed in this list are the devices that do not yet have any license.
d. In the Throughput field, select the required throughput from the drop-down list.
e. Click Allocate.
f. Repeat step b–step e for each Alteon to which you want to allocate Entitlements.
The statistics update in the Entitlement display and the Alteon servers to which the
Entitlements are allocated display in the table, as shown below:

The GEL Dashboard displays the icon for Entitlement notifications.
To view Entitlement notifications

1. In the GEL Dashboard, select an Entitlement.
The color of the Entitlement changes from gray to blue.
2. Place your cursor over the icon to view notifications, as shown below:
To view Entitlement information

> In the GEL Dashboard, select an Entitlement.
The color of the Entitlement changes from gray to blue, and Entitlement statistics display in the
table.
The following information is displayed in the Entitlement card:
Throughput The percentage of the total allowed throughput currently in
use and the amount of allocated throughput for this
Entitlement.
Instances The number of instances that have licenses allocated from this
Entitlement.
Add-Ons The percentage of the total number of add-ons allowed and
the total number of add-ons allocated.
Expires on The expiry date of the license.
Remaining The number of days remaining until the license expires.

The following information is displayed in the Entitlement table:
Instance Name The Alteon server to which licenses from this Entitlement are
allocated.
Server Identification The form factor of the Alteon server to which this Entitlement
is allocated.
IP Address The IP address of the Alteon server which this Entitlement is
allocated.
Allocated Throughput (Mbps) The throughput in use for the Alteon server to which this
Entitlement is allocated.
Allocated Add-Ons The add-on for the Alteon server which this Entitlement is
allocated.
To deallocate a license from an Alteon server

1. In the GEL Dashboard, select an Entitlement.
The color of the Entitlement changes from gray to blue, and Entitlement information is displayed
in the table.
2. In the Entitlement table, select the Alteon server from which to remove the Entitlement.
3. Click Deallocate and confirm.
Using the ERT Active Attackers Feed (EAAF) Dashboard

The ERT Active Attackers Feed Dashboard (EAAF Dashboard) enables users with the proper RBAC
roles to view and monitor statistics on attacks and attackers that DefensePro devices blocked using
the ERT Active Attackers Feed. The information that the EAAF Dashboard can display (that is, the
DefensePro devices and scopes) is according to your RBAC permissions. After you open the EAAF
Dashboard, you can select the time frame that the dashboard-display relates to. You can also filter
the display to show statistics on a selected malicious IP address.
Notes
• The ERT Active Attackers Feed is a subscription service, which updates DefensePro devices with
IP addresses of known attackers that were recently active. The feed is generated by Radware’s
Threat Research Center.
• A scheduled task ERT Active Attackers Feed for DefensePro updates the selected DefensePro
devices with the ERT Active Attackers Feed. For more information, see ERT Active Attackers
Feed for DefensePro—Parameters, page 323.
• The ERT Active Attackers Feed node of the Security Control Center shows information about
DefensePro devices that were updated with the ERT Active Attackers Feed in the last run of the
ERT Active Attackers Feed for DefensePro scheduled task. For more information, see ERT Active
Attackers Feed Information in the Security Control Center, page 569.
• For information about roles in APSolute Vision, see Role-Based Access Control (RBAC), page 85.

To open the EAAF Dashboard
> In the APSolute Vision sidebar menu, select Applications ( ) > EAAF.
Figure 68: EAAF Dashboard
Selecting the Time Range for EAAF Dashboard Information

You can select the time range for the information that dashboard widgets display information.
The default time range is 15m, 15 minutes—that is, from 15 minutes ago until now.
The EAAF Dashboard displays the selected time range to the left of the clock button ( ).
To select the time range for AVA AMS dashboard information
1. Click the clock button ( ) on the dashboard toolbar to open the Devices dialog box.
2. Select one of the following ranges:
— 15m—The last 15 minutes
— 30m—The last 30 minutes
— 1H—The last hour
— 1D—The last days
— 1W—The seven days
— 1M—The last month
— 3M—The last three months
Default: 15m

EAAF Dashboard Components

The EAAF Dashboard contains the following components:
• Last 24H Hits, Last Month Hits, Last Year Hits—The number of hits in the last 24 hours, last
month and last year. The Filter by IP Address text box does not affect these statistics.
• Widgets—The following widgets display statistics on hits/attacks identified by the relevant
DefensePro devices:
— Top Malicious IP Addresses—A list of the 10 IP addresses in the EAAF identified by the
DefensePro devices during the selected time frame with the most malicious activity. You can
click Events, Packets, or Volume to generate and display the list according to the number
of events, the number of packets, or traffic volume.
— Top Attacking Countries—A list of the six countries with the most sources of malicious IP
addresses in the EAAF identified by the DefensePro devices during the selected time frame.
You can click Events, Packets, or Volume to generate and display the list according to the
number of events, the number of packets, or traffic volume.
— Breakdown by Malicious Activity—A list of the six most-prevalent types of malicious
activity in the EAAF identified by the DefensePro devices during the selected time frame. You
can click Events, Packets, or Volume to generate and display the list according to the
number of events, the number of packets, or traffic volume.
— EAAF Hits Timeline—A bar graph with number of hits of the malicious IP addresses in the
EAAF identified by the DefensePro devices during the selected time frame. You can click
Events, Packets, or Volume to generate and display the graph according to the number of
events, the number of packets, or traffic volume.
— Totals in Selected Time Frame—Displays the following statistics for the malicious IP
addresses in the EAAF identified by the DefensePro devices during the selected time frame.
• Distinct IP Addresses
• Events
• Packets
• Volume
• Button to open the Live Threat Map—The Live Threat Map screen displays near real-time
information about cyberattacks as they occur. For more information, see
https://www.radware.com/products/threat-intelligence/.
• Filter by IP Address text box—You can click in the text box and enter an IP address to filter
the display of other widgets. The IP address must be an address in the EAAF that was identified
by the DefensePro devices during the selected time frame. The display of widgets is filtered
according to the specified IP address, but the Top Malicious IP Addresses widget displays the
specified IP address bold. Also, if the specified IP address is not among the top-10 malicious
IP addresses, the Top Malicious IP Addresses widget displays the specified IP address at the
bottom of the list and displays only the top eight IP addresses.

Figure 69: IP Address Specified in the Filter Not Among the Top-10 Malicious IP Addresses

CHAPTER 23 – USING REAL-TIME
SECURITY MONITORING
Use the Security Monitoring perspective to view and analyze real-time security information of
managed devices, which include the following platform types:
• DefensePro
The following main topics describe security monitoring in APSolute Vision:

• Using Real-Time Security Monitoring with AppWall and Alteon, page 584
• Using Real-Time Security Monitoring with DefensePro and DefenseFlow, page 596
Notes
• The contents of the Security Monitoring perspective are customized for the specific monitored
device. The reporting information for DefensePro and DefenseFlow mitigation devices is different
from the reporting information for AppWall and Alteon devices.
• When selecting multiple devices, the Security Monitoring perspective display reports that are
relevant across devices, with the same reporting information. When selecting multiple devices
including DefensePro and other device types (AppWall or Alteon), the Security Monitoring
perspective shows reports only for the DefensePro devices.
• You can use APSolute Vision Analytics to view and analyze real-time and historical security
information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards
for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics
capabilities. Full functionality of APSolute Vision Analytics requires a license. For more
information, see the online help or the APSolute Vision Analytics User Guide.
• You can use APSolute Vision Reporter (AVR) to view and analyze historical security information.
For information on the products and versions that APSolute Vision Reporter supports, see the
APSolute Vision Release Notes. For information about APSolute Vision Reporter and how to use
it, see its online help and the APSolute Vision Reporter User Guide.
• Using the APSolute Vision CLI, you can configure APSolute Vision to export security-event
records from managed DefensePro and/or DefenseFlow devices to a specified syslog server. The
event exporter lets you integrate with a Security Information Event Management (SIEM)
system, which you may be using as your main analytics-and-reporting system. For more
information, see System Exporter Commands (Event Exporter), page 695.

Using Real-Time Security Monitoring
Using Real-Time Security Monitoring with AppWall and

Alteon
When an attack is detected, Alteon creates and reports a security event that includes the
information relevant to the specific attack. The Security Monitoring perspective displays information
relevant to the specific attack along with real-time network traffic and statistical parameters. Use
the Security Monitoring perspective to observe and analyze the attacks that the device detected and
the countermeasures that the device implemented.
This section describes using real-time security monitoring with AppWall and Alteon.
• Monitoring Security Events, page 584
• Monitoring Attack Distribution, page 588
• Monitoring Outbound SSL Inspection, page 589
Monitoring Security Events

Use the Dashboard View in the Security Monitoring perspective to analyze security events in the
network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a site, or all devices in the network.
The dashboard monitoring display automatically refreshes providing ongoing real-time analysis of
the system.
To view the security event list

1. In the Security Monitoring perspective, select Dashboard View > Security Events.
2. Click on a line to expand the security event to show all the parameter values for the selected
event.
3. If you want to set which parameters are shown in the Security Events table (eight parameters
are show as default, as listed it the Security Events Parameters (Default) table below), click the
Columns icon, , and select or clear any parameter to be shown or removed from the Security
Events table. (All the non-default Security Events parameters are listed in the Create Filter:
Basic or Advanced Parameters table below.)
4. If you want to define a filter to display the security events in the table according to selected
parameter values, click the Create Filter icon, , and enter the required parameters
(listed in the Create Filter: Basic or Advanced Parameters table below), and click Submit.
5. Click the Enable Auto-Refresh icon, , to enable auto-refresh of the Security Events table.

Table 431: Security Events Parameters (Default)
Severity The severity of the security event.
Values:
• Critical
• High
• Low
• Info
• Warning
Time The date and time that the security event occurred.
Source IP The source IP address of the security event.
Source Port The source port number of the security event.
Action The action taken regarding the security event.
Values:
• Blocked
• Modified
• Reported
Device IP The device IP address of the security event.
Server Name The server name of the security event.
Transaction ID The transaction ID number of the security event.
Table 432: Security Events: Create Filter: Display Period Parameters
Display Last Select Display Last to filter the Security Event table to only list
the events that occurred during the last specified amount of time.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
• 2 Hours
• 6 Hours
• 12 Hours
• 24 Hours
Default: 10 Minutes
Date and Time Range Select Date and Time Range to filter the Security Event table to
only list the events that occurred during the specified date and
time range.
Note: The default time is 12:00:00 on each date selected. The
time can be changed manually within the field.

Table 433: Security Events: Create Filter: Basic Parameters
Time The time that the security event occurred, in HH:mm:ss format.
Severity The severity of the security event.
Values (Equals or Not Equals):
• Critical
• High
• Low
• Info
• Warning
Web Application The Web application of the security event.
Values: Contains or Not Contains the entered value
External IP The external IP address of the security event.
Action The action taken regarding the security event.
• Blocked
• Modified
• Reported
Violation Type The violation type of the security event.
Values: Equals or Not Equals the violation type from the drop-
down list
Source IP The source IP address of the security event.
Table 434: Security Events: Create Filter: Advanced Parameters
User The user of the security event.
AppWall Version The AppWall version of the security event.
Target Module The target module of the security event.
Host The host of the security event.
Tunnel The tunnel of the security event.
Tunnel Listen Port The tunnel listening port of the security event.

Table 434: Security Events: Create Filter: Advanced Parameters (cont.)
Device Type The device type of the security event.
• Stand-Alone Gateway
• Stand-Alone Monitor
• Cluster Manager
• Cluster Gateway Node
• Cluster Monitor Mode
vHost The virtual host of the security event.
Source Port The source port of the security event.
Destination Port The destination port of the security event.
Protocol The protocol of the security event.
• TCP
• HTTP
• HTTPS
Parameter Name The parameter name of the security event.
Transaction ID The transaction ID number of the security event.
Request The request of the security event.
Role The role of the security event.
Module The module of the security event.
Event Type The event type of the security event.
Directory The directory of the security event.
Tunnel Listen IP The tunnel listening IP address of the security event.
URI The URI of the security event.
Violation Category The violation category of the security event.
Values: Equals or Not Equals the violation category from the
drop-down list

Table 434: Security Events: Create Filter: Advanced Parameters (cont.)
appPath The application path of the security event.
Destination IP The destination IP address of the security event.
Refine CRC The refine CRC of the security event.
Method The method of the security event.
• GET
• POST
Parameter Type The parameter type of the security event.
Rule ID The rule ID of the security event.
Title The title of the security event.
Monitoring Attack Distribution

You can monitor the attacks, listed by various distribution parameters.
• Monitoring Top Attacks by Violation Type, page 588
• Monitoring Top Attacks by Source IP Address, page 589
Monitoring Top Attacks by Violation Type

You can monitor the top attacks, graphically presented by their violation type.
To view the top attacks by violation type

1. In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top
Attacks by Violation Type.
2. In the Display Last option, you can filter the display to only show the events that occurred
during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1
hour.

Monitoring Top Attacks by Source IP Address

You can monitor the top attacks, graphically presented by the source IP address of the attack.
To view the top attacks by source IP address

1. In the Security Monitoring perspective, select Dashboard View > Attack Distribution > Top
Attacks by Source.
2. In the Display Last option, you can filter the display to only show the events that occurred
during the last specified amount of time: 10 minutes (default), 20 minutes, 30 minutes, or 1
hour.
Monitoring Outbound SSL Inspection

You can monitor statistics of SSL Inspection from Alteon version 32.0 and later.
The SSL Inspection node in the Security Monitoring perspective Dashboard View uses the APSolute
Vision Analytics infrastructure.
The SSL Inspection node displays a widget-based dashboard that can show outbound SSL-inspection
data information for bypassed and inspected HTTP/S traffic. Using the APSolute Vision Analytics
infrastructure, you can configure e-mail reports.
The SSL inspection statistics are collected on the front-end and back-end filters participating in the
solution, and sent to APSolute Vision Analytics upon request (at one-minute intervals).
To collect statistics for sending to APSolute Vision Analytics, the filter must first be tagged according
to its purpose, application, direction, and location.
For information about configuring SSL inspection in Alteon, see Viewing the APSolute Vision
Analytics Identifier, page 98 and Table 399 - Filter: Logging and Reporting Parameters in Alteon
Version 32.0 and Later, page 410.
For information about general e-mail settings for APSolute Vision Analytics, see Managing the Email
Reporting Configuration for APSolute Vision Analytics, page 133.
Caution: To view the SSL Inspection statistics in the Security Monitoring perspective, the relevant
services must be enabled on the APSolute Vision server, using the CLI. By default, the services are
disabled. Users with the Administrator or the Vision Administrator role can use the APSolute Vision
CLI. For more information, see System VRM Commands, page 721.
To enable the services for monitoring outbound SSL Inspection

> In the APSolute Vision CLI, run the following command:
system vrm ssl-inspection state enable
To view the SSL Inspection statistics

1. In the Sites and Devices panel, select the Alteon device(s) or logical group of Alteons that you
require, and click .
2. In the Security Monitoring perspective, select Dashboard View > SSL Inspection >
Dashboard.

3. By default the dashboard displays reporting information for the last hour. To change the time
period for which you want to display data, click the clock icon indicated and select a new time
period, or set a specific time range. Then, click Apply.
Time period options:
— Last 15 minutes
— Last 30 minutes
— Last hour
— Last day
— Last week
— Last month
— Last 3 months
The following information is displayed:
Table 435: SSL Inspection Dashboard Parameters
Chart Name Information Displayed

Traffic Displays the bypassed and inspected traffic (in Kbps) for the
selected Alteon(s).
Bandwidth by Application Displays the distribution between the HTTP and HTTPS traffic (in
Mbit units) for the selected Alteon(s).
Concurrent Established Displays the bypassed and inspected concurrent established
Connections connections for the selected Alteon(s).
Connections per Second Displays the bypassed and inspected connections per second for the
selected Alteon(s).
Key Exchange Displays the used key exchange algorithm distribution over the
selected time frame for client-side and server-side connections for
the selected Alteon(s) for HTTPS inspected traffic.
SSL Versions Displays the used SSL version distribution over the selected time
frame for client-side and server-side connections for the selected
Alteon(s) for HTTPS inspected traffic.
SSL Handshakes per Second Displays the number of SSL handshakes per second calculated on
both new and reused connections for client-side and server-side
connections for the selected Alteon(s) for HTTPS inspected traffic.
SSL Handshakes Failures (%) Displays the percentage of SSL handshake failures for client-side
and server-side connections over time for the selected Alteon(s) for
HTTPS inspected traffic.

Table 435: SSL Inspection Dashboard Parameters (cont.)

SSL Handshake Failures - Displays the distribution of the client-side SSL handshake failures
Client Side by reasons over the selected time frame by top-down order of the
selected Alteon(s) for HTTPS inspected traffic.
Possible reasons:
• Bad or Unsupported SSL Version
• No Shared Cipher
• Server Certificate Verification Failure
• Server Certificate Hostname Mismatch
• Untrusted Server Certificate
• Expired Server Certificate
• Client Certificate Verification Failure
• Missing Client Certificate
• OCSP Revoked Certificate
• OCSP Time Deviation
For more information, see Understanding and Fixing SSL Handshake
Rejection Errors, page 593.
SSL Handshake Failures - Displays the distribution of the server-side SSL handshake failures
Server Side by reasons over the selected time frame by top-down order of the
selected Alteon(s) for HTTPS inspected traffic.
Possible reasons:
• SSL Version or Cipher Mismatch
• Server Certificate Verification Failure
• Server Certificate Hostname Mismatch
• Untrusted Server Certificate
• Expired Server Certificate
• Client Certificate Verification Failure
• Missing Client Certificate
• OCSP Revoked Certificate
• OCSP Time Deviation
For more information, see Understanding and Fixing SSL Handshake
Rejection Errors, page 593.

Table 435: SSL Inspection Dashboard Parameters (cont.)

Top Bypassed Categories Displays the bypassed domains/URLs sorted by URL categories.
URL categorization is performed for all traffic that was bypassed by
either URL filtering or content class classification.
Notes:
• This chart requires a URL filtering license, and URL filtering
configuration on at least one of the filters.
• Bypassed actions based on URL filtering are performed only on
the filters that are configured with a URL filtering policy.
• A specific URL category may appear in both the Top Bypassed
Categories and Top Inspected Categories charts. For example:
Office365 URLs can be marked for bypass based on content
class configuration. These connections will be listed in the Top
Bypassed Categories chart under the “Computer and
Technology” category. All other domains/URLs that are not
marked for bypass, but still categorized by Cyren under
“Computer and Technology” will appear in the Top Inspected
Categories chart.
Top Inspected Categories Displays the inspected domains/URLs sorted by URL categories.
URL categorization is performed for all traffic that was inspected.
Notes:
• This chart requires a URL filtering license, and URL filtering
configuration on at least one of the filters.
• A specific URL category may appear in both the Top Bypassed
Categories and Top Inspected Categories charts. For example:
Office365 URLs can be marked for bypass based on content
class configuration. These connections will be listed in the Top
Bypassed Categories chart under the “Computer and
Technology” category. All other domains/URLs that are not
marked for bypass, but still categorized by Cyren under
“Computer and Technology” will appear in the Top Inspected
Categories chart.
Dynamic Certificate Storage Displays dynamic certificate store usage over time. When multiple
devices are selected, the maximum usage is displayed.
Radware recommends that the table capacity does not exceed 80
percent.
CPU Utilization Displays the average SP CPU usage over time for the selected
devices.
Memory Utilization Displays the average SP memory usage over time for the selected
devices.

Understanding and Fixing SSL Handshake Rejection Errors

This section describes the reasons for SSL handshake rejections and how to fix them, when possible.
Table 436: Rejected Handshake Reason Descriptions
# Alteon Error Reason for Error/ Solution Front-

Message Flow end/Back-
end
1 Bad or Client sends SSLv2 • Verify client handshake version. Both
unsupported handshake. • Verify the front-end and back-end
SSL version Client sends enabled versions in Alteon configuration
SSLv3/TLSv1.0/ using:
TLSv1.1/TLSv1.2
/cfg/slb/ssl/sslpol/frver
handshake while it
is disabled in /cfg/slb/ssl/sslpol/backend/ver
Alteon. • Verify server supported versions.
Alteon sends Note: This error message may also occur
SSLv3/TLSv1.0/ when Alteon sends a handshake with a
TLSv1.1/TLSv1.2 cipher not supported by the server, since
handshake while it the server may be obscuring the real
is not supported by reason.
the server.
Server expects
TLSv1.0/TLSv1.1/
TLSv1.2 handshake
while it is disabled
in Alteon.
The client version
in the Client hello
message is lower
than the minimal
version in the client
hello.
2 No shared Client sends Verify that Alteon and client have at least Front-end
ciphers found handshake with one shared supported cipher in front-end connectio
unsupported cipher policy using: n
in Alteon.
• /cfg/slb/ssl/sslpol/cipher
• /info/slb/ssl/ciphpol
3 Server Alteon as client is Reconfigure intermediate/CA certificates in Back-end
Certificate missing CA in the Alteon to match with server cert using: connectio
Verification certificate chain. n
/cfg/slb/ssl/authpol/trustca
Failure
4 Server Alteon receives a Verify SNI sent by client and compare to CN Back-end
Certificate certificate with of server certificate. connectio
Hostname hostname Can ignore by using: n
Mismatch mismatch from the
server. /cfg/slb/ssl/authpol/seract/
mismatch

Table 436: Rejected Handshake Reason Descriptions (cont.)
# Alteon Error Reason for Error/ Solution Front-

Message Flow end/Back-
end
5 Untrusted Alteon receives an • Add signer of server certificate to Back-end
Server untrusted configuration of back-end authorization connectio
Certificate certificate from the policy in Alteon using: n
server.
/cfg/slb/ssl/authpol/trustca
• Can ignore by using:
/cfg/slb/ssl/authpol/seract/
untrust
6 Expired Server Alteon receives an • Renew server certificate. Back-end
Certificate expired certificate • Can ignore by using: connectio
from the server. n
/cfg/slb/ssl/authpol/seract/
expired
7 Client Alteon as server • Either—Update Radware as a CA on the Front-end
Certificate dynamically signs a client, connectio
Verification certificate with a • Or—Configure on Alteon a trustCA n
Failure configured root CA known to the client by using
which does not
exist in the client. /cfg/slb/ssl/authpol/trustca
Alteon requests the • Or—Disable the front-end authorization
client to send a policy in Alteon by using:
certificate signed /cfg/slb/ssl/authpol/
by a CA which is
not supported by
the client.
8 Missing Client The client • Either—Install a certificate on the client, Front-end
Certificate authorization policy • Or—Disable the front-end authorization connectio
is configured on policy in Alteon by using: n
Alteon, but no
certificate is /cfg/slb/ssl/authpol/
returned by the
client.
9 OCSP Revoked OCSP failure due to • Use another server. Back-end
Certificate revoked or • Can ignore by disabling OCSP using connectio
unsupported n
algorithm. /cfg/slb/ssl/authpol/validity/
method none
10 OCSP Time Alteon sends OCSP • Verify that the date and time are Back-end
Deviation a certificate with a updated on Alteon and the server. connectio
future date. • Consider using NTP. n
Alteon sends OCSP
a certificate with an
old date.
Adding Filters
For each chart, you can perform advanced filtering over the displayed data.

Configuring Reports
This section describes how to configure the SSL Inspection monitoring module to send e-mail
reports for selected managed devices. Reports are included in the e-mail as PDF files.
To configure APSolute Vision Analytics e-mail reports

1. In the Security Monitoring perspective, select Dashboard View > SSL Inspection > Report
Settings.
2. Click .
3. Configure the following parameters, then click Save.
Table 437: SSL Inspection Report Settings Parameters
Report Title Specifies a name for the report.
Sender Specifies the name or e-mail address of the sender.
Recipients Specifies the recipients of the e-mail containing the report.
Subject Specifies the subject line of the e-mail containing the report.
Message Body (Optional) Specifies the body of the e-mail containing the report.
Report Period Specifies the period covered by the report.
Options:
• Last 1 Day
• Last 1 Week
• Last 1 Month
• Last 3 Months
• Last 6 Months
• Last 1 Year
Default: Last 3 Months
Send Every Specifies the frequency, in hours, with which APSolute Vision Analytics sends the
e-mail containing the report.

Viewing Reports
You can view or download a list of the reports sent as follows:
To view a list of e-mail reports sent

1. In the Security Monitoring perspective, select Dashboard View > SSL Inspection > Reports.
2. Click the clock icon indicated to set the time period for which you want to display reporting
information.
Options:
— Last 15 minutes
— Last 30 minutes
— Last hour
— Last day
— Last week
— Last month
— Last 3 months
3. From the list of reports, select the report you require.

An image of the report displays on the right of the screen.
You can print the report or download it as a PDF file.
Using Real-Time Security Monitoring with DefensePro and

DefenseFlow
This section describes using real-time security monitoring with DefensePro and DefenseFlow.
When an attack is detected, the DefensePro device or DefenseFlow mitigation device creates and
reports a security event, which includes the information relevant to the specific attack.The Security
Monitoring perspective displays information relevant to the specific attack along with real-time
network traffic and statistical parameters. Use the Security Monitoring perspective to observe and
analyze the attacks that the device detected and the countermeasures that the device implemented.
The following main topics describe security monitoring in APSolute Vision:
• Risk Levels, page 597
• Using the Dashboard Views for Real-Time Security Monitoring, page 598
• Viewing Real-Time Traffic Reports, page 626
• Protection Monitoring, page 637
• HTTP Reports, page 645

Notes
• Your user permissions (your RBAC user definition) determine the DefensePro devices and
policies, or DefenseFlow protected objects, that the Security Monitoring perspective displays to
you. You can view and monitor only the attacks blocked by the DefensePro devices and policies,
or DefenseFlow mitigation devices and protected objects that are available to you.
• APSolute Vision also manages and issues alerts for new security attacks.
• DefensePro calculates traffic baselines, and uses the baselines to identify abnormalities in traffic
levels.
• At the time of writing, APSolute Vision collects the sampled attack data that DefensePro sends to
it at the rate of two samples per two minutes per attack. Please note that the rate is subject to
change without notice.
• When calculating the real-time network traffic and statistical parameters, DefensePro or
DefenseFlow version 2.1 do not include traffic that exceeded the throughput license.
• You can use APSolute Vision Analytics to view and analyze real-time and historical security
information from DefensePro version-8.x devices. APSolute Vision Analytics includes dashboards
for DefensePro security monitoring and analytics, customizable reports, and in-depth forensics
capabilities. Full functionality of APSolute Vision Analytics requires a license. For more
information, see the APSolute Vision online help or the APSolute Vision Analytics User Guide.
• You can use the APSolute Vision REST API to view security events from DefenseFlow mitigation
devices or DefensePro devices. For more information, see the APSolute Vision REST API
documentation.
• You can use the APSolute Vision CLI to export security events from DefenseFlow mitigation
devices or DefensePro devices. For more information, see System Exporter Commands (Event
Exporter), page 695.
Risk Levels
The following table describes the risk levels that DefensePro supports to classify security events.
Note: For some protections, the user can specify the risk level for an event. For these protections,
the descriptions in the following table are recommendations, and specifying the risk level is the
user’s responsibility.
Table 438: Risk Levels
Risk Level Description

Info The risk does not pose a threat to normal service operation.
Low The risk does not pose a threat to normal service operation, but may be part of
a preliminary action for malicious behavior.
Medium The risk may pose a threat to normal service operation, but is not likely to
cause complete service outage, remote code execution, or unauthorized access.
High The risk is very likely to pose a threat to normal service availability, and may
cause complete service outage, remote code execution, or unauthorized access.

Using the Dashboard Views for Real-Time Security Monitoring

This section is relevant to both DefensePro and DefenseFlow.
• Configuring the Display Parameters of a Dashboard View, page 599
• Using the Current Attacks Table, page 601
• Using the Ongoing Attacks Monitor, page 607
• Attack Details, page 608
• Sampled Data Tab, page 625
• Viewing Real-Time Traffic Reports, page 626
• Viewing the Traffic Utilization Report, page 627
Use a Dashboard View in the Security Monitoring perspective to analyze activity and security events
in the network, identify security trends, and analyze risks.
You can view information for individual devices, all devices in a Site, all devices in a Logical Group,
or all devices in the network. The dashboard monitoring display automatically refreshes providing
ongoing real-time analysis of the system.
The Dashboard View node comprises the following tabs, which display the same summary
information:
• Current Attacks Table—which is a table display (see Figure 70 - Current Attacks Table—
DefensePro, page 602).
• Ongoing Attacks Monitor—which includes a graphical, chart display (see Figure 71 - Ongoing
Attacks Monitor, page 607).
The Scope and other display parameters that you configure apply to the Current Attacks Table and
to the Ongoing Attacks Monitor. For more information, see Configuring the Display Parameters of a
Dashboard View, page 599.
When you double-click an attack in the Current Attacks Table or Ongoing Attacks Monitor, APSolute
Vision displays the details in an Attack Details tab. There, you can display the Sampled Data dialog
box for the all attack types that support sampled data.
By default, the display of the Dashboard View refreshes every 15 seconds. Administrators can
configure the refresh rate (APSolute Vision Settings view System perspective, General Settings >
Monitoring > Polling Interval for Reports).

Configuring the Display Parameters of a Dashboard View

The following table describes the display parameters of the Dashboard View in the Security
Monitoring perspective. The Scope and Display Last parameters that you configure in the Current
Attacks Table applies to the Ongoing Attacks Monitor and vice versa.
Table 439: Security Monitor Dashboard View—Display Parameters
Scope The Scope depends on whether you are monitoring using DefensePro or
DefenseFlow. Using DefensePro, this parameter defines the physical
ports and the Protection policies that the dashboard displays. Using
DefenseFlow, this parameter defines the Protected Object, ports, and
policies that the dashboard displays.
Using DefensePro, by default, the Scope is Any Port; Any Policy. That
is, by default, the dashboard displays all the information.
Using DefenseFlow, by default, the Scope is Any Protected Object;
Any Port; Any Policy. That is, by default, the dashboard displays all
the information.
To control the scope of the information that the dashboard displays in
DefensePro, see the procedure To control the scope of the information
that the Dashboard View displays for DefensePro, page 600.
To control the scope of the information that the dashboard displays in
DefenseFlow, see the procedure To control the scope of the information
that the Dashboard View displays for DefenseFlow, page 600.
Display Last How long the dashboard displays attacks after the attack terminates.
That is, the dashboard displays all attacks that are currently ongoing or
that terminated within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
• 2 Hours
• 6 Hours
• 12 Hours
• 24 Hours
Default: 10 Minutes
Top Attacks to Display The number of attacks that the Ongoing Attacks Monitor displays.
(This parameter is Values: 1–50
available only in the Default: 20
Ongoing Attacks
Monitor.)

Table 439: Security Monitor Dashboard View—Display Parameters (cont.)
Sort By Values:
(This parameter is • Top Total Packet Count—The Ongoing Attacks Monitor displays the
available only in the attacks with the highest number of packets.
Ongoing Attacks • Top Volume—The Ongoing Attacks Monitor displays the attacks with
Monitor.) the highest volume.
• Most Recent—The Ongoing Attacks Monitor displays the most recent
attacks.
• Attack Risk—The Ongoing Attacks Monitor displays the attacks
according to attack risk.
Default: Top Packet Count
To control the scope of the information that the Dashboard View displays for DefensePro
1. Click . Two tables open. One table has the Device Name and Port columns, and the
other table has the Device Name and Policy columns.
— To limit the physical ports or Protection policies that the dashboard displays, select the
corresponding checkboxes.
— To display the information for all the currently relevant physical ports or Protection policies,
click in the top-left table cell, and then, select Select All.
— To display all the information in the database, even information that is not associated with a
specific port or specific Protection policy, click in the top-left table cell, and then, select
Select None.
To control the scope of the information that the Dashboard View displays for
DefenseFlow
1. Click . Three tables open. One table has the Protected Object, one table has the Device
Name and Port columns, and the third table has the Device Name and Policy columns.
2. To toggle the sort order of the information in any of the columns, hover over the column heading
until you see an arrow, and then, click the arrow.

Using the Current Attacks Table

The Current Attacks Table displays information on current and recent attacks. The configuration of
the display parameters determine the information that the Current Attacks Table displays (see
Configuring the Display Parameters of a Dashboard View, page 599).
Note: For certain attacks, once DefensePro reports the attack, the Status value Occurred and the
Start Time value remain indefinitely. Such attacks include Packet Anomaly attacks and DNS Flood
attacks with ID 470. For example, suppose a new DefensePro device starts identifying and handling
a Packet Anomaly attack with Radware ID 105 with the start time 20.02.2017 15:19:09. The
attack subsides. One month later, the DefensePro device starts identifying and handling another
Packet Anomaly attack with Radware ID 105. The Start Time value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see Configuring Global Packet
Anomaly Protection, page 1579. For more information on the DNS Flood attack with ID 470, see
DefensePro Attack-Protection ID Numbers, page 819.)
To display the Current Attacks Table

1. In the Security Monitoring perspective, select the DefensePro device, Site, or Logical Group for
which to display data.
2. Select Dashboard View > Current Attacks Table.
You can do the following in the Current Attacks Table:
• Filter the rows—You can filter table rows according to values in the table columns. For more
information on filtering table rows, see Filtering Table Rows, page 81.
• Sort the rows—You can change the row order from ascending to descending or vice versa. To
do this, hover the mouse over the column to display the arrow and change the order.
• View additional information for a specific attack—To do this, select the relevant row, and
click (View Attack Details). For more information, see Attack Details, page 608.
• Go to the policy that handled attack—To do this, click (Go to Policy).
• Export the information in the table to a CSV file—To do this, click (CSV). Then, you can
view the file or specify the location and file name.
• Pause the refresh of the table display—To do this, click (Pause). When the table display
is not paused, it refreshes approximately every 15 seconds.

Figure 70: Current Attacks Table—DefensePro

Scope—Displays the tables to
select the physical ports and
Protection policies that the Function buttons:
Dashboard View displays. ● View Attack Details Arrow for
● Go to Policy sorting
● Export Table to CSV ascending or
The Scope summary. ● Pause descending.
Table 440: Current Attacks Table Parameters
Source Type The source of the signal entry.
available only in • DP—DefensePro
DefenseFlow.)
• DF—DefenseFlow
Start Time The date and time that the attack started.1

Table 440: Current Attacks Table Parameters (cont.)
Attack Category The threat type to which this attack belongs.
Values:
• ACL (not in DefenseFlow)
• Anomalies1 (in DefenseFlow, detection was performed by an external
detector)
• Anti-Scanning (not in DefenseFlow)
• Bandwidth Management (not in DefenseFlow)
• Behavioral DoS (in DefenseFlow, detection was performed by
DefenseFlow BDoS)
• DNS Flood (not in DefenseFlow)1
• DoS (not in DefenseFlow)
• HTTP Flood (not in DefenseFlow)
• Intrusions (not in DefenseFlow)
• Server Cracking (not in DefenseFlow)
• Stateful ACL (not in DefenseFlow)
• SYN Flood (not in DefenseFlow)
• Traffic Filters
Status The last-reported status of the attack.1
Values:
• Started—An attack containing more than one security event has been
detected. (Some attacks contain multiple security events, such as DoS,
Scans, and so on.)
• Occurred (Signature-based attacks)—Each packet matched with
signatures was reported as an attack and dropped.
• Sampled (available only in DefenseFlow)—The last reading for each
protocol and the totals for all protocols, for a single device. This
information is only available when viewing a single device.
• Ongoing—The attack is currently taking place, that is, the time
between Started and Terminated (for attacks that contain multiple
security events, such as DoS, Scans, and so on).
• Terminated—There are no more packets matching the characteristics
of the attack, and the device reports that the attack has ended.
Risk The predefined attack severity level (see Risk Levels, page 597).
Values:
• —High
• —Medium
• —Low
• —Info
Attack Name The name of the detected attack.

Source Address The source IP address of the attack. If there are multiple IP sources for an
attack, this field displays Multiple. The multiple IP addresses are displayed
in the Attack Details window. Multiple may also refer to cases when
DefensePro or DefenseFlow cannot report a specific value.
The Search string can be any legal IPv4 or IPv6 address, and can include a
wildcard (*).
Destination Address The destination IP address of the attack. If there are multiple IP sources
for an attack, this field displays Multiple. The multiple IP addresses are
displayed in the Attack Details window. Multiple may also refer to cases
when DefensePro or DefenseFlow cannot report a specific value.
Policy In DefensePro, the name of the configured Protection policy that was
violated by this attack.
To view or edit the policy for a specific attack, select the attack entry and
click the (Go to Policy) button.
In DefenseFlow, the name of the configured Security Policy that was set to
mitigate this attack. The default policy name is the name of the protected
object. Policies in DefenseFlow cannot be edited.
Radware ID The DefensePro Attack-Protection identifier issued by the device. For more
information, see DefensePro Attack-Protection ID Numbers, page 819. For
more information, see Attack-Protection ID Numbers, page 889.
Direction The direction of the attack, inbound or outbound.
Values: in, out

Action Type The reported action against the attack. The actions are specified in the
(This parameter is protection profile, which may or may not be available or relevant for your
available only in system.
DefensePro.) Values:
• Bypass—DefensePro does not protect against this attack, but rather,
sends its data out of the device, and may report it.
• Challenge—DefensePro challenges the packet.
• Destination Reset—DefensePro sends a TCP-Reset packet to the
destination IP address and port.
• Drop—DefensePro discards the packet.
• Drop & Quarantine—DefensePro discards the traffic and adds the
destination to the Web quarantine.
• Forward—DefensePro continues to process the traffic and eventually
forwards the packet to its destination.
• Proxy
• Quarantine—DefensePro adds the destination to the Web quarantine.
• Source Destination Reset—DefensePro sends a TCP-Reset packet to
both the packet source IP and the packet destination IP address.
• Source Reset—DefensePro sends a TCP-Reset packet to the packet
source IP address.
• Http 200 Ok—DefensePro sends a 200 OK response using a predefined
page and leaves the server-side connection open.
• Http 200 Ok Reset Dest—DefensePro sends a 200 OK response using a
predefined page and sends a TCP-Reset packet to the server side to
close the connection.
• Http 403 Forbidden—DefensePro sends a 403 Forbidden response
using a predefined page and leaves the server-side connection open.
• Http 403 Forbidden Reset Dest—DefensePro sends a 403 Forbidden
response using a predefined page and sends a TCP-Reset packet to the
server side to close the connection.
Total Packet Count The number of identified attack packets from the beginning of the attack.
Volume For most protections, this value is the volume of the attack, in kilobits,
from when the attack started.
In DefensePro, for SYN Flood Protection (SYN cookies), this value is the
number of SYN packets dropped, multiplied by 60 bytes (the SYN packet
size).
Device IP The IP address of the attacked device.
(This parameter is
available only in
DefensePro.)
Protected Object The name of the protected object that was attacked.
(This parameter is
available only in
DefenseFlow.)

Application Protocol2 The transmission protocol used to send the attack.
Values:
• TCP
• UDP
• ICMP
• IP
MPLS RD 2 The Multi-protocol Label Switching Route Distinguisher in the policy that
handled the attack. The value N/A or 0 (zero) in this field indicates that
the MPLS RD is not available.
VLAN Tag / Context2 The VLAN tag value or Context Group in the policy that handled the attack.
The value N/A or 0 (zero) in this field indicates that the VLAN tag or
Context Group is not available.
Note: The VLAN tag or Context Group identifies similar information in
this field. DefensePro 6.x and 7.x versions support VLAN tags.
DefensePro 8.x versions support Context Groups.
Source Port2 The Layer 4 source port of the attack.
Destination Port2 The Layer 4 destination port of the attack. If there are multiple destination
L4 ports, this field displays Multiple. In cases when DefensePro cannot
report a specific value, the field displays 0 (zero).
Physical Port2 The port on the device at which the attack packets arrived. In cases when
DefensePro cannot report a specific value, the field displays 0 (zero) or
Multiple.
Source MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version
3.0 and later.
Destination MSISDN The MSISDN Resolution feature is not supported in APSolute Vision version
3.0 and later.
1 – For certain attacks, once DefensePro reports the attack, the Status value Occurred and
the Start Time value remain indefinitely. Such attacks include Packet Anomaly attacks
and DNS Flood attacks with ID 470. For example, suppose a new DefensePro device
starts identifying and handling a Packet Anomaly attack with Radware ID 105 with the
start time 20.02.2017 15:19:09. The attack subsides. One month later, the Defense-
Pro device starts identifying and handling another Packet Anomaly attack with Radware
ID 105. The Start Time value 20.02.2017 15:19:09 is reported. (For more informa-
tion on Packet Anomaly protection, see Configuring Global Packet Anomaly Protection,
page 1579. For more information on the DNS Flood attack with ID 470, see DefensePro
Attack-Protection ID Numbers, page 819.)
2 – This column is not displayed by default in the Current Attacks tab.
To display the column, click the (Table Settings) button and then select the relevant
checkbox. Click the button again to close the Table Settings list.

Using the Ongoing Attacks Monitor

The Ongoing Attacks Monitor comprises two charts: the Ongoing Attacks Monitor and Drop Intensity
gauges. The information that the charts display is according to the configuration of the display
parameters (see Configuring the Display Parameters of a Dashboard View, page 599).
To display the Ongoing Attacks Monitor

2. Select Dashboard View > Ongoing Attacks Monitor.
The Ongoing Attacks Monitor is a graphical representation of current and recent attacks. Each icon in
the monitor represents a separate attack. The icon type (see the legend) represents the type of
protection that the attack violates. A flashing icon represents an ongoing attack. The horizontal
position of each icon in the chart indicates the attack risk (see Risk Levels, page 597). The vertical
position of the icon in the chart indicates the attack duration; the higher in the chart, the longer the
attack has existed. Attacks that have started recently are lower in the monitor. The icon size
indicates the amount of dropped data for the attack type relative to other attacks of the same type.
Hover the mouse over an icon to display summary information for the attack. Double-click an icon to
display detailed information for the attack. For more information, see Attack Details, page 608.
There are two Drop Intensity gauges: Packets and Bandwidth. The Packets gauge indicates the
proportion of dropped packets relative to the total packets. The Bandwidth gauge indicates the
proportion of dropped bandwidth relative to the total bandwidth (according to the license). The
gauges show the calculated ranges Low (up to 30% dropped), Medium (up to 70% dropped), and
High (more than 70% dropped).
Figure 71: Ongoing Attacks Monitor

Scope—Displays the tables to select the physical ports and Protection policies that the
dashboard displays.
Hover the mouse over an icon to display summary

The Scope summary. information for the attack.

Attack Details
APSolute Vision displays an Attack Details tab when you double-click an attack in a Security
Monitoring Dashboard View.
APSolute Vision displays attack details for the following attacks:
• ACL (Black List) Details, page 609
• Anti-Scanning Details, page 609
• Bandwidth Management Details, page 612
• BDoS Attack Details, page 612
• DNS Flood Attack Details, page 615
• DoS Attack Details, page 617
• HTTP Flood Attack Details, page 618
• Intrusions Attack Details, page 620
• Packet Anomalies Attack Details, page 621
• Server Cracking Attack Details, page 621
• Stateful ACL Details, page 622
• SYN Flood Attack Details, page 623
• Traffic Filters Attack Details, page 624
For DefenseFlow Attack Details, only the Attack Details tab displays.
Each Attack Details tab includes two or more sub-tabs, which provide details on the attack. All
Attack Details tabs include the sub-tabs Attack Characteristics and the Attack Description. The
Attack Characteristics tab displays information that is also available in the hidden columns of the
Current Attacks Table. The Attack Description tab displays the information from the Attack
Descriptions file. An attack description is displayed only if the Attacks Description file has been
uploaded on the APSolute Vision server.
Notes
• To display hidden columns of the Current Attacks Table, click the (Table Settings) button and
then select the relevant checkbox. Click the button again to close the Table Settings list.
• For information about uploading the Attack Description file, see Managing and Updating the
Attack Descriptions File for DefensePro, page 116.
In addition to viewing the details of the attack, in each Attack Details tab, you can do the following:
• View sampled data from the attack—To do this, click the (View Sampled Data) button.
For more information, see Sampled Data Tab, page 625.
• Go to the policy that handled attack— To do this, click the (Go to Policy) button.
• Export the information in the in the Attack Details tab to a CSV file—To do this, click
the (CSV) button. Then, you can view the file or specify the location and file name.
• In DefensePro 8.x versions 8.13 and later, for DNS recursive attacks, view the list of
relevant whitelisted subdomains—To do this, click the (View Subdomains Whitelist)

button.
• Export the DoS Attack Details, page 617 files related to the selected attack to a ZIP file—
To do this, click the (Export Attack Capture Files) button, and enter a file name in the file
selection dialog box.

Notes
— You can send the CAP file to a packet analyzer.
— Up to 255 bytes of packet information is saved in the CAP file. That is, DefensePro and/or
DefenseFlow export full packets but APSolute Vision trims them to 255 bytes.
— The file is available only as long as it is displayed in the Current Attacks table.
— The file is created only if packet reporting is enabled in the protection configuration for the
profile that was violated.
— DefensePro exports only the last packet in a sequence that matches the filter. Furthermore,
if traffic matches a signature that consists of more than one packet, the reported packet will
not include the whole expression in the filter.
— For DoS attacks of very short duration, there might be no sampling or ongoing traps.
Consequently, for such attacks, there might be no sampled data or capture files. (For more
information, see DoS Attack Details, page 617.)
ACL (Black List) Details
Table 441: ACL Attack Details: Characteristics Parameters
Protocol The protocol that the attack uses or used.
Physical Port1 The physical port that the attack uses or used.
Packet Count The packet count of the attack.

VLAN The VLAN that the attack uses or used.
MPLS RD The MPLS RD that the attack uses or used.
Device IP The device IP address that the attack uses or used.
1 – This parameter is not resolved, and the value Multiple is always displayed.
Table 442: ACL Attack Details: Attack Description
The description of the attack from the Attack Descriptions file, if it is uploaded on the APSolute
Vision server.
Anti-Scanning Details
The set of Anti-Scanning Attack Details parameters and their location differs slightly depending on
the DefensePro version.
Anti-Scanning Attack Details in DefensePro 8.x Versions
Table 443: Anti-Scanning Attack Details: Characteristics Parameters
Source L4 Port The source L4 port that the attack uses or used.
Physical Port The physical port that the attack uses or used.
Total Packet Count The packet count that the attack uses or used.

Table 443: Anti-Scanning Attack Details: Characteristics Parameters (cont.)
VLAN Tag / Context The Context Group that the attack uses or used.
MPLS RD N/A
Device IP Address The device IP address that the attack uses or used.
Avg. Time Between Probes The average time, in seconds, between scan events.
Number of Probes The number of scan events from the time the attack started.
Volume (Kbits) The volume, in Kbits, that the attack uses or used.
Table 444: Anti-Scanning Attack Details: Info Parameters
Action The protection Action taken.
Action Reason Values:
• Configuration—The action is (or was) according to the
value in the Action field in the Anti-Scanning profile.
• Footprint-accuracy-level—There is (or was) insufficient
data for a footprint, because the Include in the
Footprint More than Source IP Address and
Protocol option is enabled in the Anti-Scanning profile.
• Multiple-probed-ports—Port scans are (or were)
monitored only (not blocked), because the Monitor but
Do Not Block Port Scans option is enabled in the Anti-
Scanning profile.
Blocking Duration The blocking duration, in seconds, of the attacker source IP
address.
Estimated Release Time (Local) The estimated release time of attacker in local time.
Table 445: Anti-Scanning Attack Details: Scan Details Parameters
DST IP The destination IP address of the scan.
DST L4 Port The destination port of the scan.
TCP Flag / Protocol Values:
• The TCP flag, for example, “ACK”—Displayed for TCP
scans.
• UDP—Displayed for UDP scans.
• ICMP—Displayed for ICMP scans.
Table 446: Anti-Scanning Attack Details: Footprint
The footprint-blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.

Table 447: Anti-Scanning Attack Details: Attack Description
Vision server.
Anti-Scanning Attack Details in DefensePro 6.x and 7.x Versions
Table 448: Anti-Scanning Attack Details: Characteristics Parameters
Total Packet Count The packet count that the attack uses or used.
VLAN Tag / Context The VLAN Tag class that the attack uses or used.
Device IP Address The device IP address that the attack uses or used.
Table 449: Anti-Scanning Attack Details: Info Parameters
Action The protection Action taken.
Action Reason Describes the difference between the configured action and
the actual action.
address.
Estimated Release Time (Local) The estimated release time of attacker in local time.
Avg. Time Between Probes The average time, in seconds, between scan events.
Table 450: Anti-Scanning Attack Details: Scan Details Parameters
DST IP The destination IP address of the scan.
DST L4 Port The destination port of the scan.
TCP Flag / Protocol Values:
• The TCP flag, for example, “ACK”—Displayed for TCP
scans.
• UDP—Displayed for UDP scans.
• ICMP—Displayed for ICMP scans.

Table 451: Anti-Scanning Attack Details: Footprint
The footprint-blocking rule generated by the Anti-Scanning protection, which provides the
narrowest effective blocking rule against the scanning attack.
Table 452: Anti-Scanning Attack Details: Attack Description
Vision server.
Bandwidth Management Details
Table 453: Bandwidth Management Attack Details: Characteristics Parameters

Table 454: Bandwidth Management Attack Details: Attack Description
Vision server.
BDoS Attack Details
Table 455: BDoS Attack Details: Characteristics Parameters
Note: Some fields can display multiple values, when relevant and available. The values that
these field display depend on the current stage of the attack. If a field is part of the dynamic
signature (that is, a specific value or values appear in all the attack traffic), the field displays the
relevant value or values.

Table 455: BDoS Attack Details: Characteristics Parameters (cont.)
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled the
attack.
Note: The VLAN tag or Context Group identifies similar information
in this field. DefensePro 6.x and 7.x versions support VLAN tags.
TTL The TTL that the attack uses or used.
L4 Checksum The L4 checksum that the attack uses or used.
TCP Sequence Number The TCP sequence number that the attack uses or used.
IP ID Number The IP ID number that the attack uses or used.
Fragmentation Offset The fragmentation offset that the attack uses or used.
Fragmentation Flag The fragmentation flag that the attack uses or used. 0 indicates that
fragmentation is allowed. 1 indicates that fragmentation is not allowed.
Flow Label (IPv6 only) The flow label that the attack uses or used.
ToS The ToS that the attack uses or used.
Packet Size The packet size that the attack uses or used.
ICMP Message Type The ICMP message type that the attack uses or used.
(This is displayed only if
the protocol is ICMP.)
Source IP The source IP address that the attack uses or used.
Destination IP The destination IP address that the attack uses or used.
Source Ports The source ports that the attack uses or used.
Destination Ports The destination port that the attack uses or used.
DNS ID The DNS ID that the attack uses or used.
DNS Query The DNS query that the attack uses or used.
DNS Query Count The DNS query count that the attack uses or used.
Table 456: BDoS Attack Details: Info Parameters
Packet Size Anomaly The statistical region of the attack packets.
Region The formula for the packet-size baseline for a policy is as follows:
{(AnomalyBandwidth/AnomalyPPS)/(NormalBandwidth/
NormalPPS)}
Values:
• Large Packets—The attack packets are approximately 15% larger
than the normal packet-size baseline for the policy.
• Normal Packets—The attack packets are within approximately 15%
either side of the normal packet-size baseline for the policy.
• Small Packets—The attack packets are approximately 15% smaller
than the normal packet-size baseline for the policy.

Table 456: BDoS Attack Details: Info Parameters (cont.)
State The state of the protection process.
Values:
• footprint analysis—BDoS protection has detected an attack and is
currently generating an attack footprint.
• footprint-applied—BDoS protection is blocking the attack based on
the generated footprint. Through a closed-feedback loop operation,
BDoS protection optimizes the footprint rule, achieving the
narrowest effective mitigation rule.
• burst-footprint-blocking (available only in 8.x versions 8.15 and
later)—BDoS protection is blocking the burst attack based on the
footprint generated by the previous states. This state remains until
the burst attack terminates or the specified Maximum Burst-
Attack Period is reached.
• footprint-is-overblocking (available only in 8.x versions 8.17.3 and
later)—BDoS protection started blocking the attack but stopped
three times after identifying an overblocking situation. This state
remains for 10 minutes, after which, BDoS protection generates
and implements a new footprint.
• non-attack—Nothing was blocked because the traffic was not an
attack. That is, no footprint was detected or the blocking strictness
level was not met.
Table 457: BDoS Attack Details: Footprint Parameters
The footprint-blocking rule generated by the Behavioral DoS Protection, which provides the
narrowest effective blocking rule against the flood attack.
Table 458: BDoS Attack Details: Attack-Identification Statistics Table
This table displays attack traffic (Anomaly) and normal traffic information. Red indicates real-time
values identified as suspicious in the 15 seconds prior to when the attack was triggered. Black
indicates the learned normal traffic baselines. Table columns are displayed according to the
protocols: TCP (includes all flags), UDP, or ICMP.
Table 459: BDoS Attack Details: Attack-Identification Statistics Graph
The graph displays a snapshot of the relevant traffic type for the 15-second period during which the
attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue line
represents the normal adapted traffic baseline.

Table 460: BDoS Attack Details: Burst Attack Statistics
This tab displays data only for DefensePro 8.x versions 8.15 and later, and only when the value of
the State parameter in the Info tab (see above) is burst-footprint-blocking.
Note: For information on burst-attacks protection, see the DefensePro documentation.
Burst Occurring Now Values: Yes, No
Current Burst Number The number of bursts since start of the attack.
Average Burst Duration The average duration, in hh:mm:ss format, of the bursts.
Average Time Between Bursts The average time, in hh:mm:ss format, between separate
bursts.
Average Burst Rate The average rate, in Kbps, of the bursts.
Max. Burst Rate The rate, in Kbps, of the biggest burst in this attack.
Table 461: BDoS Attack Details: Attack Description
Vision server.
DNS Flood Attack Details
Note: In DefensePro 8.x versions 8.13 and later, the Attack Details tab includes the (View
Subdomains Whitelist) button. When the attack is a recursive attack, clicking the button opens a
table with the subdomains that match the attack footprint but DefensePro identifies as legitimate.
DefensePro can identify a subdomain as legitimate through automatic learning and by using manual
entries in the Subdomains Whitelist. For more information, see the section “Configuring DNS Flood
Protection Profiles” in the APSolute Vision online help.
Table 462: DNS Flood Attack Details: Characteristics Parameters
attack.

Table 462: DNS Flood Attack Details: Characteristics Parameters (cont.)
TTL The TTL that the attack uses or used.
L4 Checksum The L4 checksum that the attack uses or used.
IP ID Number The IP ID number that the attack uses or used.
Packet Size The packet size that the attack uses or used.
Destination IP The destination IP address that the attack uses or used.
Destination Ports The destination ports that the attack uses or used.
DNS ID The DNS ID that the attack uses or used.
DNS Query The DNS query that the attack uses or used.
DNS Query Count The DNS query count that the attack uses or used.
DNS An Query Count The DNS An query count that the attack uses or used.
Table 463: DNS Flood Attack Details: Info Parameters
State The state of the protection process.
Mitigation Action The mitigation action.
Values:
• Signature Challenge
• Signature Rate Limit
• Collective Challenge
• Collective Rate Limit
Table 464: DNS Flood Attack: Footprint
The footprint-blocking rule that the Behavioral DoS Protection generated. The footprint-blocking
rule provides the narrowest effective blocking rule against the flood attack.
Table 465: DNS Flood Attack Details: Attack-Identification Statistics Table
indicates the learned normal traffic baselines. Table columns are displayed according to the DNS
query types: A, MX, PTR, AAAA, Text, SOA, NAPTR, SRV, Other.

Table 466: DNS Flood Attack Details: Attack-Identification Statistics Graph
The graph displays a snapshot of the relevant traffic type for the 15-second period during which
the attack was triggered. For example, during a UDP flood, just UDP traffic is represented. The blue
line represents the normal adapted traffic baseline.
Table 467: DNS Flood Attack Details: Attack Description
Vision server.
DoS Attack Details
Note: For DoS attacks of very short duration, there might be no sampling or ongoing traps.
Consequently, for such attacks, there might be no sampled data or capture files.
Table 468: DoS Attack Details: Characteristics Parameters
attack.
Table 469: DoS Attack Details: Info Parameters
Action The Action that the protection took for the attack traffic, for example:
Drop.
Attacker IP The IP address of the attacker.
Protected Host The protected host.
Protected Port The protected port.
Attack Duration The duration of the attack.
Current Packet Rate The current packet rate.
Average Packet Rate The average packet rate.

Table 470: DoS Attack Details: Attack Description
Vision server.
HTTP Flood Attack Details
Table 471: HTTP Flood Attack Details: Characteristics Parameters
Packet Count The dropped packet count of the attack.
Table 472: HTTP Flood Attack Details: Info Parameters
Protection State The state of the protection process.
Values:
• Characterization—The protection module is analyzing the
attack footprint.
• Mitigation—The protection module is mitigating the attack
according to the profile configuration.
• Suspicious Activities—The protection module identified the
attack but cannot mitigate it.
Mitigation Flow The configuration of the mitigation flow for the profile.
Values:
• Default—The mitigation flow for the profile is configured to
use all three mitigation actions, which are selected by
default: 1-Challenge Suspects, 2-Challenge All, 3-Block
Suspects.
• Customized—The mitigation flow for the profile is not
configured to use all three mitigation actions.

Table 472: HTTP Flood Attack Details: Info Parameters (cont.)
Action The current action that protection module is using to mitigate the
attack.
Values:
• Challenge Suspected Attackers—The protection module is
challenging HTTP sources that match the real-time signature.
• Challenge All Sources—The protection module is challenging
all HTTP traffic toward the protected server.
• Block Suspected Attackers—The protection module is
blocking all HTTP traffic from the suspect sources (that is,
sources that match the signature).
• No Mitigation—The protection module is in the Suspicious
Activities state and is not mitigating the attack.
Challenge Method The user-specified Challenge Mode: 302 Redirect or JavaScript.
Suspicious Sources The number of sources that the protection module suspects as
being malicious.
Challenged Sources The number of sources that the protection module has identified
as being attackers and is now challenging them.
Blocked Sources The number of sources that the protection module has identified
as being attackers and is now blocking them.
HTTP Authentication Table The percentage of HTTP Authentication Table that is full.
Utilization [%]
Table 473: HTTP Flood Attack Details: Blocked Users Parameters
Source IP address The source IP addresses mitigated as attackers. Up to 40
different IP addresses can be viewed.
Note: When the HTTP flood attack is widely distributed,
meaning more than 1000 source IP addresses, the system
does not use any source IP addresses in the blocking rule. This
mitigation occurs only if the URI Only blocking mode option is
enabled.
Request URI The HTTP request URIs that took part in the HTTP flood attack
and were mitigated.
Bypassed / Blocked Usually, the value that is displayed is Blocked. Only when one of
HTTP request URIs was configured to be bypassed, is the value
Bypassed.

Table 474: HTTP Flood Attack Details: Attack-Identification Statistics Table
indicates the learned normal traffic baselines.
Table columns:
• Statistic Type—Anomaly or Normal
• Get and Post Requests/sec
• Other HTTP Requests/sec
• Outbound Kbps
• GET and POST per source/sec
• GET and POST per connection
Table 475: HTTP Flood Attack Details: Attack-Identification Statistics Graph
The graph displays the HTTP request URI size distribution. The y-axis shows the number of HTTP
requests per second that refers to GET and POST request methods, and the x-axis shows the
Request URI size in bytes. The blue line represents the normal expected HTTP request rates and
the orange line represents the real-time rate values identified when the attack was triggered.
Table 476: HTTP Flood Attack Details: Attack Description
Vision server.
Intrusions Attack Details
Table 477: Intrusions Attack Details: Characteristics Parameters

VLAN1 The VLAN that the attack uses or used.
MPLS RD1 The MPLS RD that the attack uses or used.

Table 478: Intrusions Attack Details: Attack Description
Vision server.

Packet Anomalies Attack Details
Table 479: Packet Anomalies Attack Details: Characteristics Parameters

VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions support Context
Groups.
Attack Description
Vision server.
Table 480: Packet Anomalies Attack Details: Attack Description
Vision server.
Server Cracking Attack Details
Caution: Server Cracking attack details do not include information for DNS brute-force attacks.
Table 481: Server Cracking Attack Details: Characteristics Parameters
Source L4 Port The Source L4 Port that the attack uses or used.
Physical Port The Physical Port that the attack uses or used.
Packet Count The Packet Count that the attack uses or used.
Device IP The Device IP that the attack uses or used.

Table 482: Server Cracking Attack Details: Info Parameters
address.
Estimated Release Time The estimated release time of attacker in local time.
Avg. Time Between Probes The average time between scan events in seconds.
Table 483: Server Cracking Attack Details: Scan Details Parameters
Requests Details When a server-cracking attack is detected, DefensePro sends, to
the management system, sample suspicious “attacker” requests
in order to provide more information on the nature of the attack.
The sample requests are sent for the protocols or attacks.
Values:
• Web Scan—Sample HTTP requests.
• Web Cracking—Username and Password.
• SIP—SIP user (SIP URI).
• FTP—Username (if sent in the same request) and Password.
• POP3—Username (if sent in the same request) and Password.
Table 484: Server Cracking Attack Details: Attack Description
Vision server.
Stateful ACL Details
Table 485: Stateful ACL Attack Details: Characteristics Parameters
Physical Port 1 The physical port that the attack uses or used.
VLAN1 The VLAN that the attack uses or used.
MPLS RD1 The MPLS RD that the attack uses or used.


Table 486: Stateful ACL Attack Details: Attack Description
Vision server.
SYN Flood Attack Details
Table 487: SYN Flood Attack Details: Characteristics Parameters
Physical Port The physical port that the attack uses or used. If the
configuration of the Protection policy includes no value for Port
Group, the field displays Multiple.
VLAN Tag / Context The VLAN tag value or Context Group in the policy that handled
the attack.
Note: The VLAN tag or Context Group identifies similar
information in this field. DefensePro 6.x and 7.x versions
support VLAN tags. DefensePro 8.x versions support Context
Groups.
Table 488: SYN Flood Attack Details: Info Parameters
The information is displayed when the protection action is blocking mode.
Caution: If SYN Flood Protection is configured with report-only mode, the fields Average
Attack Rate, Attack Threshold, and Attack Volume display 0 (zero).
Average Attack Rate The average rate of spoofed SYNs and data connection attempts
per second, calculated every 10 seconds.
Attack Threshold The configured attack trigger threshold, in half connections per
second.
Attack Volume The number of packets from spoofed TCP connections during the
attack life cycle (aggregated). These packets are from the
sessions that were established through the SYN-cookies
mechanism or were passed through the SYN Flood Protection
trusted list.
Attack Duration The duration, in hh:mm:ss format, of the attack on the protected
port.
TCP Challenge The Authentication Method that identified the attack: Transparent
Proxy or Safe-Reset.
HTTP Challenge The HTTP Authentication Method that identified the attack: 302-
Redirect or JavaScript.

Table 489: SYN Flood Attack Details: Authentication Lists Utilization Parameters
TCP Auth. List The current utilization, in percent, of the TCP Authentication
table.
HTTP Auth. List The current utilization, in percent, of the HTTP Authentication
table.
Table 490: SYN Flood Attack Details: Attack Description
Vision server.
Traffic Filters Attack Details

This feature is available only in DefensePro 7.x versions 7.42.11 and later, and 8.x versions 8.15 and
later.
Note: For information on Traffic Filters, see the section “Configuring DNS Flood Protection Profiles”
in the APSolute Vision online help.
Table 491: Traffic Filters Attack Details: Characteristics Parameters
Filter Name The name of the Traffic Filter that matched the traffic.
Filter ID The Radware ID of the Traffic Filter that matched the traffic.
Note: The ID is a hyperlink to the configuration of the Traffic
Filter.
Protocol The protocol of the traffic that the Traffic Filter matched.
Source Network The source network of the traffic that the Traffic Filter matched.
Source Port The source port of the traffic that the Traffic Filter matched.
Destination Network The destination network of the traffic that the Traffic Filter
matched.
Destination Port The destination port of the traffic that the Traffic Filter matched.
Device IP The IP address of the DefensePro device with the Traffic Filter that
matched the traffic.
Table 492: Traffic Filters Attack Details: Info Parameters
Total Attack Packets The total number of packets that match or matched the Traffic
Filter.
Attack Packets Rate (pps) The rate, in packets/second, of packets that match or matched the
Traffic Filter.
Total Attack Data (Kbits) The total volume, in Kbits, of traffic that matches or matched the
Traffic Filter.

Table 492: Traffic Filters Attack Details: Info Parameters (cont.)
Attack Bandwidth (Kbps) The bandwidth, in Kbits/second, of traffic that matches or matched
the Traffic Filter.
Table 493: Traffic Filters Attack Details: Attack Description
Vision server.
Sampled Data Tab

You can display the Sampled Data dialog box for the all attack types that support sampled data.
The Sampled Data tab contains a table with data on sampled attack packets. Each row in the table
displays the data for one sampled attack packet. The title bar includes the category of the data—for
example, Behavioral DoS.
Notes
• This feature is not supported on OnDemand Switch 2 S2 (DefensePro 1016 IPS & Behavioral
Protection - DME).
• APSolute Vision stores sampled attack data, which includes the source and destination
addresses of the sampled packets. This information reflects a sampling of the attack packets; it
does not reflect the full attack data. For example, it is possible that the source IP addresses of
the sampled data do not include all of the source addresses of the attack.
The table in the Sampled Data tab comprises the following columns:
• Time
• Source Address
• Source L4 Port
• Destination Address
• Destination L4 Port
• Protocol
• VLAN / Context
• MPLS RD
• Physical Port
To display the Sampled Data tab

2. Select Dashboard View.
3. Do one of the following to open the Attack Details tab:
— Select Current Attacks Table, and then, double-click the relevant row.
— Select Ongoing Attacks Monitor, and then, double-click the icon.
4. Click the (View Sampled Data) button.

You can export some rows of the table in the Sampled Data dialog box to a CSV file.
To save sampled data to a CSV file

2. Select Dashboard View.
3. Do one of the following to open the Attack Details tab:
— Select Current Attacks Table, and then, double-click the relevant row.
— Select Ongoing Attacks Monitor, and then, double-click the icon.
4. Click the (View Sampled Data) button.

5. Select the row with which you want the data rows in the file to start.
6. Click the (CSV) button.

7. View the file or specify the location and file name.
Viewing Real-Time Traffic Reports

You can view real-time traffic reports over time for the IP traffic passing through the DefensePro
devices. The information includes data on overall IP traffic, protocol mix, and packet discards. You
can display the data in graph or table format.
Notes
• On DefensePro devices that do not support the Device Operation Mode feature, the traffic is
calculated according to the selected port pairs.
• For DefensePro devices that support the Device Operation Mode feature:
— When Device Operation Mode is Transparent, the traffic is calculated according to the
selected port pairs.
— When Device Operation Mode is IP, the traffic is calculated according to the selected
ports.
— When you are viewing multiple DefensePro devices in the Security Monitoring perspective,
the table displays both port pairs and single ports as appropriate.
You can also view graphs of connection rates and concurrent connections based on data from the
Session table.
By default, all traffic is presented in these graphs and tables. In each graph, you can filter the
display by protocol or traffic direction, but not for concurrent connections.
For DefensePro 6.x and 7.x versions, the Connection Statistics are displayed only when the Session
Table Lookup Mode is Full L4 or L4 Excluding VLAN.
You can monitor the following traffic information in the Traffic Monitoring tab:
• Viewing the Traffic Utilization Report, page 627
• Viewing the Connection Rate Report, page 633
• Viewing the Concurrent Connections Report, page 635
• Viewing the Top Queried Domain Names Report, page 635

Viewing the Traffic Utilization Report

The Traffic Utilization Report displays statistics for the following:
• Traffic Statistics—Displays information for the selected port pairs in DefensePro, and
protected object in DefenseFlow, as a graph. The graph contains information for a selected
protocol or the total for all protocols over a period of time.
There is a curve on the graph for each the following:
— Inbound IP traffic in DefensePro, Inbound traffic in DefenseFlow
— Dropped inbound traffic (DefenseFlow only)
— Diverted inbound traffic (DefenseFlow only)
— Outbound IP traffic
— Discarded inbound traffic
— Discarded outbound traffic
— Excluded inbound traffic (DefensePro only)
— Clean inbound traffic (DefenseFlow only)
— Excluded outbound traffic
To hide or show a curve for a particular traffic type, click the corresponding colored square in the
legend.
Excluded inbound traffic and Excluded outbound traffic are related to the Traffic Exclusion
implementation. Traffic Exclusion is when DefensePro passes through all traffic that matches no
Protection policy configured on the device. In DefensePro 7.x versions, Traffic Exclusion is
always enabled, and the graph always displays excluded inbound traffic and excluded outbound
traffic. DefensePro x412 platforms with the DME, running 6.x versions display excluded inbound
traffic and excluded outbound traffic when the Traffic Exclusion checkbox is selected. For other
configurations, versions, or platforms, the graph does not display excluded inbound traffic and
excluded outbound traffic. For more information, see the relevant section in the APSolute Vision
online help.
Caution: When the value of the Scope parameter is Devices/Policies (see Table 494 - Traffic
Utilization Report: Display Parameters for Graph and Table, page 628), during the Update
Policies process, the Statistics Graph momentarily displays Traffic Utilization as 0 (zero).
• Traffic Authentication Statistics (Challenge/Response)—Displays statistics for the

Challenge-Response mechanism when the relevant option is enabled in the protection modules
that support the Challenge-Response mechanism. For more information, see Configuring Global
DNS Flood Protection, page 1535 and Configuring HTTP Flood Protection Profiles for Server
Protection, page 1907.
• Last Sample Statistics—Displays the last reading for each protocol and provides totals for all
protocols, for a single device. (This information is only available when viewing a single device.)
To view or save a CSV file, click (CSV).
Caution: When the Scope is Devices/Policies, the Last Sample Statistics table displays
Outbound statistics only when the Direction of the Protection policy is Two Way.
Tip: To get the current traffic rate in packets or bytes per second (calculated as the average rate in
15 seconds), you can use the following CLI command on the DefensePro device:
dp rtm-stats get [port number]

Caution: When the Scope is Devices/Policies, the Traffic Utilization Report does not include
inbound traffic that the Black List module blocked. This is because the Black List module processes
traffic before the classification of a Protection policy.
Caution: In DefensePro 6.x and 7.x versions, when traffic-utilization rates are above 13M PPS, the
Traffic Utilization Report may show less traffic than DefensePro actually received.
Notes
• For packets received through the 1G, 10G, or 40G ports, packet-size information and counters
do not account for the CRC.
• The Traffic Utilization Report and the statistical traffic information that Protection Monitoring
provides are based on different counters. (For information on the statistical traffic information
that Protection Monitoring provides, see Protection Monitoring, page 637.)
To view the Traffic Utilization Report

2. Select Traffic Monitoring > Traffic Utilization Report.
3. Change display settings for the graph and table, as required.
4. For the Statistics Graph and Last Sample Statistics, set filter options for the displayed traffic
data, as required. The displayed information refreshes automatically.
Table 494: Traffic Utilization Report: Display Parameters for Graph and Table
Scope Using DefensePro, the Scope table displays the physical ports or the
(link, which displays Protection policies that the Traffic Utilization Report displays.
the table) By default, the Scope is Any Port or Any Policy—depending on the
specified value in the Scope drop-down list. That is, by default, the Traffic
Utilization Report displays all the information.
Using DefenseFlow, the Scope table displays the Protected Objects or the
Security policies that the Traffic Utilization Report displays. By default, the
Scope is Any Protected Object.
To control the scope of the information that the report shows for DefensePro,
see the procedure To control the scope of the information that the report
shows for DefensePro, page 629.
Caution: The scope for DefensePro platforms without the DME can be
only according to physical ports, not Protection policies.

Table 494: Traffic Utilization Report: Display Parameters for Graph and Table (cont.)
Display Last How long the graph displays attacks after the attack terminates. That is, the
graph displays all attacks that are currently ongoing or that terminated
within the selected period.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Scope The scope of the graph view.
(drop-down list) Values:
(This parameter is • Devices/Physical Ports—The graph shows traffic according to physical
not available in ports on the specified device.
DefenseFlow and is
not available in • Devices/Policies—The graph shows traffic according to Protection
DefensePro version policies on the specified device.
6.x and 7.x Default: Devices/Physical Ports
platforms without
the DME.)
Units The units for the traffic rate.
Values:
• Kbps—Kilobits per second
• Packet/Sec—Packets per second
To control the scope of the information that the report shows for DefensePro
1. Click . A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columns—according to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
— To limit the physical ports or Protection policies that the report displays, select the
Select None.

Table 495: Traffic Utilization Report: Filter Parameters for the Traffic Statistics Graph
Direction The traffic that the graph shows.
Values:
• Inbound—Show inbound traffic.
• Outbound—Show outbound traffic.
• Both—Show inbound and outbound traffic. Data for inbound and
outbound are displayed as separate lines, not as totals.
Note: The direction of traffic between a pair of ports is defined by the
In Port setting in the port pair configuration.
Protocol The traffic protocol to display.
Values:
• TCP—Show the statistics of the TCP traffic.
• UDP—Show the statistics of the UDP traffic.
• ICMP—Show the statistics of the ICMP traffic.
• IGMP—Show the statistics of the IGMP traffic.
• SCTP—Show the statistics of the SCTP traffic.
• Other—Show the statistics of the traffic that is not TCP, UDP, ICMP,
IGMP, or SCTP.
• All—Show total traffic statistics.
Caution: When the Scope is Devices/Policies, the Other traffic does
not include IPsec traffic.
Table 496: Traffic Utilization Report: Traffic Authentication Statistics (Challenge/Response)

Parameters
Protocol The protocol of the statistics displayed in the row.
Values: HTTP, TCP, DNS
Note: The HTTP row is not relevant for DefensePro 8.x
versions earlier than 8.10.
Current Attacks The number of attacks currently in the device.
Authentication Table Utilization % The percentage of the Authentication Table that is full.
Challenges Rate The rate, in PPS, that the device is sending challenges.

Table 497: Traffic Utilization Report: Last Sample Statistics Parameters
Protocol The traffic protocol.
Values:
• TCP
• UDP
• ICMP
• IGMP
• SCTP
• Other—The statistics of the traffic that is not TCP, UDP, ICMP, IGMP, or
SCTP.
• All—Total traffic statistics.
Caution: When the Scope is Devices/Policies, the Other traffic does
not include IPsec traffic.
Inbound The amount of inbound traffic for the protocol identified in the row.
Outbound The amount of outbound traffic for the protocol identified in the row.
(This parameter is
available only in
DefensePro.)
Discarded Inbound The amount of discarded inbound traffic for the protocol identified in the row.
Discarded Outbound The amount of discarded outbound traffic for the protocol identified in the
(This parameter is row.
available only in
DefensePro.)
Clean The amount of clean traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Dropped The amount of traffic dropped traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Diverted The amount of traffic diverted traffic for the protocol identified in the row.
(This parameter is
available only in
DefenseFlow.)
Discard % The percentage of discarded traffic for the protocol identified in the row.
Excluded Inbound The amount of excluded inbound traffic for the protocol identified in the row.
Excluded Outbound The amount of excluded outbound traffic for the protocol identified in the
(This parameter is row.
available only in
DefensePro.)

MIB Support for Traffic-Monitoring Data

This feature is available on DefensePro 7.x versions and 6.x versions with the DME.
When the device configuration includes a Protection policy, DefensePro exposes MIBs with traffic-monitoring data for the policies. In addition to
APSolute Vision, you can use third-party SNMP readers to access the MIB data. DefensePro issues the data at 15-second intervals.
Table 498: Network-Protection-policy Monitoring OIDs and Corresponding MIBs
OID MIB Comment

1.3.6.1.4.1.89.35.1.65.188.4 rsTrafficUtilizationPerPolicy
1.3.6.1.4.1.89.35.1.65.188.4.1 rsTrafficUtilizationPerPolicyTableUDP Index for the UDP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.2 rsTrafficUtilizationPerPolicyTableTCP Index for the TCP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.3 rsTrafficUtilizationPerPolicyTableICMP Index for the ICMP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.4 rsTrafficUtilizationPerPolicyTableOTHER Index for the statistics table for other
protocols.
1.3.6.1.4.1.89.35.1.65.188.4.5 rsTrafficUtilizationPerPolicyTableSCTP Index for the SCTP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.6 rsTrafficUtilizationPerPolicyTableIGMP Index for the IGMP statistics table.
1.3.6.1.4.1.89.35.1.65.188.4.<X>.1 rsPolicyNamePerPolicy<Y> <X> refers to one of the indexing tables
detailed above. <Y> refers to the protocol
1.3.6.1.4.1.89.35.1.65.188.4.<X>.2 rsNewConnectionsPerPolicy<Y>
according to the <X> value.
1.3.6.1.4.1.89.35.1.65.188.4.<X>.3 rsConcurConnections<Y>1
1.3.6.1.4.1.89.35.1.65.188.4.<X>.4 rsDroppedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.5 rsDroppedBytesPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.6 rsReceivedPacketsPerPolicy<Y>
1.3.6.1.4.1.89.35.1.65.188.4.<X>.7 rsReceivedBytesPerPolicy<Y>
1 – A placeholder (zeros) is displayed here.

Viewing the Connection Rate Report

This feature is functional only in DefensePro 6.x and 7.x versions, and 8.x versions 8.10 and later.
The Connection Rate Report displays a graph showing connection rate statistics of inbound and
outbound traffic.
To view the Connection Rate Report

2. Select Traffic Monitoring > Connections Rate Report.
3. Change display settings for the graph, as required.
Table 499: Connection Rate Report: Display Parameters
Scope The physical ports and the Protection policies that the Connection Rate
(link, which displays Report shows.
the table) By default, the Scope is Any Port or Any Policy (depending on the
specified value in the Scope drop-down list). That is, by default, the
Connection Rate Report displays all the information.
To control the scope of the information that the report shows, see the
procedure To control the scope of the information that the report shows,
page 634.
Caution: The scope for DefensePro platforms without the DME can be
only according to physical ports, not Protection policies.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
Scope The scope of the graph view.
(link, which displays Values:
the table)
• Devices/Physical Ports—The graph shows traffic according to physical
ports on the specified device.
• Devices/Network Policies—The graph shows traffic according to
Protection policies on the specified device. This graph is available only on
DefensePro 20, 60, 110, 200, 220, 400, x420, and x4420 devices, and
x412 devices with the DME.
Default: Devices/Physical Ports
Caution: In 8.x versions, the Connection Rate Report works only when
the Scope is Devices/Network Policies.

Table 499: Connection Rate Report: Display Parameters (cont.)
Direction Values:
• Both—Show both inbound traffic and outbound traffic. Data for inbound
and outbound are displayed as separate lines, not as totals.
• Inbound—Show only inbound traffic.
• Outbound—Show only outbound traffic.
Note: The direction of traffic between a pair of ports is defined by the In
Port setting in the port pair configuration.
When you select All, total traffic statistics are displayed.
Select Port Pair Opens the Select Port Pairs dialog box. Select the port pairs relevant for the
(button) network topology by moving the required port pairs to the Selected Port
(This button is Pairs list. All other port pairs should be in the Available Port Pairs list.
displayed only when Note: You can select port pairs for each direction; however, Radware
the Scope is recommends that you select a port pair in one direction only, and display
Devices/Physical traffic for both directions, if required. If you select port pairs in both
Ports.) directions, and traffic for both directions, the graph will display the same
traffic twice.
Select Policies Opens the Select Policies dialog box. Select the Protection policies relevant
(This button is for the network topology by moving the required policies the Selected
displayed only when Policies list.
the Scope is
Devices/Policies.)
To control the scope of the information that the report shows
1. Click . A table opens. The table has either the Device Name and Port columns or the
Device Name and Policy columns—according to the specified value in the Scope drop-down list:
Devices/Physical Ports or Devices/Policies.
— To limit the physical ports or Protection policies that the report displays, select the
Select None.

Viewing the Concurrent Connections Report

This feature is functional only in DefensePro 6.x and 7.x versions, and 8.x versions 8.10 and later.
The Concurrent Connections Report displays a graph showing the rate of current connections for
selected port pairs. You can display the information for a selected protocol or the total for all
protocols over the last 10, 20, 30, or 60 minutes.
Note: For packets received through the 1G, 10G, or 40G ports, packet-size information and
counters do not account for the CRC.
To view the Concurrent Connections Report

1. In the Security Monitoring perspective, select the device, Site, or Logical Group for which to
display data.
2. Select Traffic Monitoring > Concurrent Connections Report.
Table 500: Concurrent Connections Report: Display Parameters
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes
When you select All, total traffic statistics are displayed.
Viewing the Top Queried Domain Names Report

This feature is available only when viewing a single device running DefensePro 8.x versions 8.13 and
later.
The Top Queried Domain Names Report displays content only when the selected Scope value is a
Protection policy with a DNS profile that is configured with a Query Name Monitoring Sensitivity
value other than None.
Note: For more information, see the section “Configuring DNS Flood Protection Profiles” in the
Every 10 minutes, DefensePro sends APSolute Vision data about sampled DNS packets, and
APSolute Vision recalculates the values and the display of the Top Queried Domain Names Report.

The Top Queried Domain Names Report shows the following:

• The 10 most-queried DNS domain names under the specified Protection policy—The list
is in descending order; that is, the most-queried domain name is at the top of the list.
• A colored bar beneath each domain name—The width of the colored bar represents the
ranking of the domain name. The most-queried domain name is at the top of the list and the
colored bar always fills the box. The sequence of the colors of the bars is static; that is, the
actual colors have no significance. Inside each colored bar, a number displays the approximate
total number of queries from the samples, for the specified period (according to the selected
Display Last option). The displayed value is based on a sampling of up to 1000 DNS queries per
second.
• A line graph for a selected domain—The graph shows the number of queries—and trend—
for the specified period (according to the selected Display Last option). Hovering the mouse on
the line opens a popup that shows the sample time (hh:mm:ss) and a Score with the number of
queries for that domain name, for that sample.
Figure 72: Top Queried Domain Names Report
To view the Top Queried Domain Names Report

1. In the Security Monitoring perspective, select the device for which to display data.
2. Select Traffic Monitoring > Top Queried Domain Names Report.
3. Change display settings, as required.
Table 501: Top Queried Domain Names Report: Display Parameters
Scope The Protection policy whose 10 most-queried DNS domain names the tab
(drop-down list) displays.

Table 501: Top Queried Domain Names Report: Display Parameters (cont.)
Display Last Determines the following:
• The period for the calculation of the 10 most-queried DNS domain
names (the bar graphs and the displayed values)
• The time range of the x-axis in the line graph (for a selected domain)
Values:
• 10 Minutes
• 1 Hour
• 12 Hours
• 24 Hour
Default: 10 Minutes
Protection Monitoring
Protection Monitoring provides the real-time traffic monitoring per network policy, either for the
network as a whole—if BDoS Protection is configured, or for DNS traffic—if DNS Flood Protection is
configured. The statistical traffic information that Protection Monitoring provides can help you better
understand the traffic that flows through the protected network, how the configured protection is
working, and, most importantly, how anomalous traffic is detected.
For information about displaying protection information for a selected device, see the following:
• Displaying Attack Status Information, page 637
• Monitoring the Traffic Under BDoS Protection, page 638
• Monitoring the Traffic Under DNS Flood Protection, page 641
Note: The statistical traffic information that Protection Monitoring provides and Traffic Utilization
Report are based on different counters. (For information on the Traffic Utilization Report, see
Viewing the Traffic Utilization Report, page 627.)
Displaying Attack Status Information

You can display summary status information for attacks for each configured and enabled protection
policy. When there is an attack that violates a Protection policy, the table displays an icon indicating
the status of the attack in the corresponding row for the relevant attack traffic.
To display attack status information

1. In the Security Monitoring perspective, select the DefensePro device to monitor.
2. Select Protection Monitoring > Attack Status Report.
The table comprises the following columns:
— Policy Name
— IPv4-TCP
— IPv4-UDP
— IPv4-ICMP
— IPv4-DNS

— IPv6-TCP
— IPv6-UDP
— IPv6-ICMP
— IPv6-DNS
3. When an attack icon is displayed in the table, click the icon to display the corresponding attack
traffic information.
Monitoring the Traffic Under BDoS Protection

You can monitor the traffic for a Protection policy that includes BDoS protection.
Traffic information is displayed in the following tabs:
• BDoS Traffic Statistics, page 639
• Last Sample Statistics, page 640
Caution: When traffic matches multiple Protection policies with Out-of-State protection, the value
that APSolute Vision displays for the total dropped traffic represents the sum of all dropped traffic for
all relevant Protection policies. This is because when traffic matches multiple Protection policies with
Out-of-State protection, all those Protection policies count the same dropped traffic.
Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and
therefore, points on the curves might diverge from the exact values.
Note: When using DefenseFlow, the BDoS Traffic Monitoring reports are populated with data only if
the DefenseFlow detector type is set to BDoS Detector. For more information on DefenseFlow
detection parameters, see Detection, page 2082.
To display traffic information for a Protection policy that includes BDoS protection
1. In the Security Monitoring perspective, select the device to monitor.
2. Select Protection Monitoring > BDoS Traffic Monitoring Reports.
3. Configure the general parameters for the display of the BDoS Traffic Statistics graph and Last
Sample Statistics table.
Table 502: BDoS Traffic Monitoring Reports: General Parameters
Scope The Protection policy. The list only displays policies that are configured with
a BDoS profile.
Values:
• 10 Minutes
• 20 Minutes
• 30 Minutes
• 1 Hour
Default: 10 Minutes

Table 502: BDoS Traffic Monitoring Reports: General Parameters (cont.)
Direction The direction of the traffic that the Statistics Graph and Last Sample
Statistics table display.
Values: Inbound, Outbound
Units The unit according to which the Statistics Graph and Last Sample Statistics
table display the traffic.
Values:
• Kbps—Kilobits per second
• Packets/Sec—Packets per second
BDoS Traffic Statistics

The graph displays the traffic rates for the selected Protection policy according to the specified
parameters.
Table 503: BDoS Traffic Statistics Parameters
IP Version The IP version of the traffic that the graph displays.
Values: IPv4, IPv6
Protection Type The protection type to monitor.
Values:
• TCP ACK FIN • TCP SYN
• TCP FRAG • SYN ACK
• TCP RST • TCP FRAG
• TCP SYN • TCP RST
• TCP SYN ACK • TCP ACK FIN
• UDP • UDP
• ICMP • UDP FRAG
• IGMP • ICMP
• UDP FRAG • Other IP
• TCP
For DefenseFlow, only the following protection types are available:
• UDP
• ICMP
• TCP
• Other
Scale The scale for the presentation of the information along the Y-axis.
Values: Linear, Logarithmic
Attack Status (Read-only) The status of the attack.

Table 504: Statistics Graph Legend
Line Description
Total Traffic The total traffic that the device sees for the specific protection type
( dark blue) and direction.
Legitimate Traffic The actual forwarded traffic rate, after DefensePro managed to block
( light blue) the attack.
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
Normal Edge The statistically calculated baseline traffic rate.
( dashed green)
Suspected Edge The traffic rate that indicates a change in traffic that might be an
( dashed orange) attack.
Caution: DefensePro reports the Suspected Edge in Kbps only. The
graph displays the Suspected Edge only when the Scope parameter
Units is Kbps (see Table 506 - DNS Traffic Monitoring Reports:
General Parameters, page 641). When the Scope parameter Units
is Packets/Sec, the graph does not display the Suspected Edge.
Attack Edge The traffic rate that indicates an attack.
( dashed red) Caution: DefensePro reports the Attack Edge in Kbps only. The
graph displays the Attack Edge only when the Scope parameter
Units is Kbps (see Table 506 - DNS Traffic Monitoring Reports:
General Parameters, page 641). When the Scope parameter Units
is Packets/Sec, the graph does not display the Attack Edge.
Last Sample Statistics

Use the Last Sample Statistics table to view information about last relevant sample.
Table 505: Last Sample Statistics Parameters
Traffic Type The protection type. Each specific traffic type and direction has a baseline
that the device learns automatically.
Baseline The normal traffic rate expected by the device.
Total Traffic The total traffic rate that the DefensePro device sees for the specific traffic
type and direction.
Baseline Portion % An indication for the rate invariant baseline—that is, the normal percentage
of the specific traffic type to all other traffic in the same direction.
RT Portion % The actual percentage of the specific traffic type relative to all other traffic in
the same direction.
Legitimate Traffic The actual forwarded traffic rate, after the device blocked the attack.
(This parameter is When there is no attack, the RT Rate and Legitimate Rate are equal.
not available in
DefenseFlow.)
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
(This parameter is relative to other types of traffic, after the device blocked the attack.
not available in
DefenseFlow.)

Table 505: Last Sample Statistics Parameters (cont.)
Traffic Peak Peak traffic value, in bps, to use in case of a manual action without attack
(This parameter is volume information available.
available only in
DefenseFlow.)
Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or
greater signifies an attack.
Monitoring the Traffic Under DNS Flood Protection

You can monitor the traffic for a Protection policy that includes DNS Flood Protection.
APSolute Vision displays traffic information in the following tabs:
• DNS Traffic Statistics, page 641
• Last Sample Statistics, page 642
Note: APSolute Vision displays the Protection Monitoring graphs using averaged values, and
therefore, points on the curves might diverge from the exact values.
To display traffic information for a Protection policy that includes DNS Flood Protection
2. Select Protection Monitoring > DNS Traffic Monitoring Reports.
3. Configure the general parameters for the display of the Statistics Graph and Last Sample
Statistics table.
Table 506: DNS Traffic Monitoring Reports: General Parameters
Scope The Protection policy. The list only displays rules configured with a DNS
profile.
Direction (Read-only) The direction of the traffic that the Statistics Graph and Last
Sample Statistics table display.
Value: Inbound
Units (Read-only) The unit according to which the Statistics Graph and Last
Sample Statistics table display the traffic.
Value: QPS—Queries per second
DNS Traffic Statistics

The graph displays the traffic rates for the selected Protection policy according to the specified
parameters.
Table 507: DNS Traffic Statistics Graph Parameters
IP Version The IP version of the traffic that the graph displays.
Values: IPv4, IPv6

Table 507: DNS Traffic Statistics Graph Parameters (cont.)
Protection Type The DNS query type to monitor.
Values:
• Other
• Text
• A
• AAAA
• MX
• NAPTR
• PTR
• SOA
• SRV
Attack Status (Read-only) The status of the attack.
Table 508: Statistics Graph Legend
Line Description
Total Traffic The total traffic that the device sees for the specific protection type
( dark blue) and direction.
Legitimate Traffic The actual forwarded traffic rate, after DefensePro managed to block
( light blue) the attack.
When there is no attack, the Total Traffic and Legitimate Traffic are
equal.
Normal Edge1 The statistically calculated baseline traffic rate.

( dashed green)
Suspected Edge1 The traffic rate that indicates a change in traffic that might be an
attack.
( dashed orange)
Attack Edge1 The traffic rate that indicates an attack.

( dashed red)
1 – This line is not displayed if the protection is configured to use a footprint bypass or man-
ual triggers.
Last Sample Statistics

Use the Last Sample Statistics tab to view information about the last relevant sample of DNS query
statistics.
The DefensePro version determines the contents and display of the Last Sample Statistics tab.
DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and Later
The Last Sample Statistics tab for DefensePro 8.x versions 8.13 and later is divided into panels for
each of the DNS query types.

Note: For more information, see the section “Configuring DNS Flood Protection Profiles” in the
Figure 73: DNS Last Sample Statistics—for DefensePro 8.x Versions 8.13 and Later—Example
Showing the “A” Panel
The query type whose information the panel shows.
The Degree of Attack gauge displays a

color representation for the DefensePro
Degree of Attack value.
General rate statistics.
Rate-invariant statistics showing the

FQDN-randomization level in the DNS
queries.
Rate-invariant statistics showing the query-type distribution.
Table 509: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later
Query Type The DNS query type.
Values:
• A
• AAAA
• MX
• NAPTR
• Other
• PTR
• SOA
• SRV
• Text
Degree of Attack A gauge with a color representation of the DefensePro Degree of Attack
(gauge) (DoA) value for the specific query type. Green represents the Normal status.
Orange represents the Suspect status. Red represents the Attack status.
General rate statistics
Total Traffic The total rate of traffic, in QPS, that the DefensePro device sees for the
specific query type.
Legitimate Traffic The actual forwarded traffic rate, in QPS, for the specific query type, after
the device blocked the attack.
Note: When there is no attack, the Total Traffic and Legitimate Traffic
values are equal.

Table 509: Last Sample Statistics Parameters for DefensePro 8.x Versions 8.13 and Later (cont.)
Baseline The normal rate of traffic, in QPS, expected by the DefensePro device for the
specific query type. Each query type has a baseline that the device learns
automatically.
Rate-invariant statistics—query-type distribution (on the left side of the panel)
Baseline Portion % An indication of the rate-invariant baseline—that is, the normal percentage
of the specific query type out of all other DNS traffic in the same direction.
Current Portion % The actual percentage of the specific traffic type relative to all other DNS
traffic in the same direction.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified query
type relative to other types of queries, after the device blocked the attack.
Rate-invariant statistics—FQDN Randomization Level (on the right side of the panel)
Baseline Portion % An indication of the FQDN Randomization Level baseline—that is, the normal
randomness level, in percent, of FQDNs i the DNS queries of the specific
query type.
Current Portion % The actual percentage, representing the FQDN Randomization Level within
the DNS queries of the specific query type.
Legitimate Portion % The actual FQDN Randomization Level, in the forwarded traffic after the
device blocked the attack.
DNS Last Sample Statistics—for all Versions Other than 8.x Versions 8.13 and Later
The following table describes the parameters of the Last Sample Statistics tab for all DefensePro
versions other than DefensePro 8.x versions 8.13 and later.
Table 510: Last Sample Statistics Parameters for All DefensePro Versions Other than
DefensePro 8.x Versions 8.13 and Later
Traffic Type The query type. Each specific query type and direction has a baseline that
the device learns automatically.
Baseline The normal traffic rate expected by the device.
Total Traffic The total traffic rate that the DefensePro device sees for the specific query
type and direction.
Baseline Portion % An indication for the rate-invariant baseline—that is, the normal percentage
of the specific query type out of all other traffic in the same direction.
RT Portion % The actual percentage of the specific query type relative to all other traffic in
the same direction.
Legitimate Traffic The actual forwarded traffic rate, after the device blocked the attack.
When there is no attack, the RT Rate and Legitimate Rate are equal.
Legitimate Portion % The actual percentage of the forwarded traffic rate of the specified type
relative to other types of queries, after the device blocked the attack.
Degree of Attack A numeric value that evaluates the current level of attack. A value of 8 or
greater signifies an attack.

HTTP Reports
This feature is functional only in DefensePro 6.x and 7.x versions.
This feature is not functional in DefensePro 8.x versions.
HTTP Mitigator protection monitors rate-based and rate-invariant HTTP traffic parameters, learns
them, and generates normal behavior baselines accordingly.
Note: DefensePro examines the number and rate of HTTP requests. Thus, when HTTP pipelining is
used, the detection mechanism remains accurate.
You can monitor real-time and historical (normal baseline) values, and analyze HTTP traffic
anomalies using the following reports:
• Monitoring Continuous Learning Statistics, page 645
• Monitoring Hour-Specific Learning Statistics, page 646
• HTTP Request Size Distribution, page 647
Monitoring Continuous Learning Statistics

You can generate and display normal HTTP traffic baselines based on continuous traffic statistics.
Continuous learning statistics are based on recent traffic, irrespective of time of day, or day of the
week.
The learning response period (that is, the exponential sliding-window period on which statistics
measurements are based) is set based on the HTTP Mitigator learning sensitivity settings
(default: 1 week).
To build a comprehensive picture of the traffic of a protected site, the device monitors various HTTP
attack statistics.
Continuous learning reports display normal HTTP traffic baselines (blue) and real-time HTTP traffic
statistics (orange) over the specified recent time period.
Table 511: Continuous Learning Statistics Reports
Channel Description
GET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Requests Rate per Source The maximum rate of HTTP GET and POST requests per second
per source IP address.
This parameter characterizes the site users’ behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Legitimate users may generate many requests per second, but
automatic devices such as bots or scanners generate many
more.

Table 511: Continuous Learning Statistics Reports (cont.)
Channel Description
Requests per Connection The maximum number of HTTP GET and POST requests per TCP
connection.
This parameter characterizes the site users’ behavior, enabling
you to recognize abnormal activities, such as scanning or bots.
Many requests over a single TCP connection may indicate bot or
scanner activity.
Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP servers
sending the responses.
Note: Normal Requests per Source and Requests per Connection baseline parameters show the
highest number of HTTP requests generated by a single source IP address and TCP connection
respectively. This number fades out, unless a higher value is observed, within about 30 seconds.
To display continuous learning HTTP reports

2. Select HTTP Reports > Continuous Learning Statistics.
3. Select a report:
— GET and POST Request Rate
— Other Requests Rate
— Requests Rate per Source
— Requests Rate per Connection
— Outbound Bandwidth
4. Configure the filter parameters for the graph.
Table 512: HTTP Report Filter Parameters
Server The name of the protected Web server for which to display HTTP traffic
statistics.
Display Last The last number of hours for which the graph displays information.
Values: 1, 2, 3, 6, 12, 24
Default: 1
Monitoring Hour-Specific Learning Statistics


The Hour-Specific Learning Statistics reports display normal traffic baselines for the last week. You
can view the hourly distribution of the site requests and outbound HTTP traffic for each day in the
past week and for each hour in a day.
The normal baseline for each hour in the week is calculated based on historical information for the
specific hour in the day and the specific day of the week over the past 12 weeks. The graph is
updated every hour.
The HTTP Mitigator learns the baseline traffic, and, based on these statistics, reports attacks based
on abnormal traffic.
Table 513: Hour-Specific Learning Statistics Reports
Channel Description
GET & POST Requests Rate The rate of HTTP GET and POST requests sent per second to the
protected server.
Other Requests Rate The rate of HTTP requests that are not POST or GET sent per
second to the protected server. Other HTTP request methods can
be used, but are used less frequently.
Outbound Bandwidth The bandwidth, in megabits per second, of the HTTP pages sent
as responses.
To display hour-specific learning HTTP reports

2. Select HTTP Reports > Hour-Specific Learning Statistics.
3. Select a report:
— GET and POST Request Rate
— Other Requests Rate
— Outbound Bandwidth
4. In the Server list, select the protected Web server for which to display information.
HTTP Request Size Distribution

The HTTP Request Size Distribution graph displays the URI size distribution, which shows how server
resources are used, and helps you to analyze resource distribution. A large deviation from the
normal probability distribution of one or more HTTP request sizes indicates that relative usage of
these server resources has increased. The HTTP Request Size Distribution graph x-axis values are
request sizes in 10-byte increments. The y-axis values are percentages of requests. The probability
reflects the level of usage of each Request size for the protected Web server. In the graph, the blue
bars represent normal probability distribution, and the orange bars represent real-time probability
(short-term probability) as calculated in intervals of a few seconds.
To display the HTTP request size distribution

2. Select HTTP Reports > HTTP Request Size Distribution.

Table 514: HTTP Request Size Distribution Settings
Server The protected server for which to display information.

CHAPTER 24 – APSOLUTE VISION CLI
COMMANDS
Users with the Administrator or the Vision Administrator role can use APSolute Vision CLI commands
to manage the APSolute Vision server.
Caution: Radware recommends strongly that the system administrator follow the recommended
basic security procedures. The basic security procedure use the APSolute Vision CLI and affect
access to the APSolute Vision CLI. For more information, see Recommended Basic Security
Procedures, page 73 and System User Password Commands, page 720.
APSolute Vision CLI includes the following capabilities:

• Consistent, logically structured and intuitive command syntax
• Command completion using the TAB key
• Paging and selection commands.
• Command history
• Short and long help for every menu and command
All configuration changes that are made using CLI commands are sent to the APSolute Vision server
audit log.
This chapter contains the following sections:
• Accessing APSolute Vision CLI, page 649
• Command Syntax Conventions, page 650
• Main CLI Menu, page 651
• General CLI Commands, page 651
• Network Configuration Commands, page 653
• System Commands, page 662
• Migrating APSolute Vision from the OnDemand Switch VL Platform to the OnDemand Switch VL2
Platform, page 722
• Managing the Protection for the Meltdown and Spectre Exploit Vulnerabilities in APSolute Vision,
page 723
Accessing APSolute Vision CLI

Access to the APSolute Vision CLI is available only to users with the Administrator or Vision
Administrator role.
If your user account is defined through an external authentication server:
• To access the CLI, you need to first log in to the APSolute Vision WBM.
• There is a 60-day inactivity timeout. That is, if you have not logged in to APSolute Vision server
for 60 days, you must again log in to the APSolute Vision WBM before you can log in to the
APSolute Vision CLI.
The CLI login username and password is case-sensitive.

APSolute Vision supports up to 15 concurrent CLI users.

APSolute Vision CLI Commands
You can access the APSolute Vision CLI using a serial cable and terminal emulation application, or
from an SSH client.
Terminal settings for the APSolute Vision server are as follows:
• Bits per second: 19200 for the ODS-VL platform, 9600 for the ODS-VL2 platform
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
• APSolute Vision CLI uses Control-? (127) for the Backspace key.
• When connecting from an SSH client, APSolute Vision CLI has a default timeout of five minutes
for idle connections. If an SSH connection is idle for five minutes, APSolute Vision terminates the
session.
• Accessing APSolute Vision using GSSAPI authentication is not supported. Make sure that your
SSH client does not attempt GSSAPI authentication.
Command Syntax Conventions

The following table describes the command syntax conventions used in this chapter.
Syntax Convention Description Example

Bold Bold text designates information that must be net dns get
entered on the command line exactly as
shown. This applies to command names and
non-variable options.
Angle Brackets (<>) The information enclosed in brackets (<>) is <filename>
variable and must be replaced by whatever it
represents. In the example shown, you must
replace <filename> with the name of the
specific file.
Brackets ([ ]) The information enclosed in square brackets [-s <size>]
([ ]) is optional. Anything not enclosed in
brackets must be specified.
Curly brackets Curly brackets ({ }), also called braces, {<host_ip>|default}
containing vertical bar identify a set of mutually exclusive options,
or bars which are separated by a pipe ( | ). You can
({ | }) enter only one of the options in a single use
of the command. Each option within the
braces can be optional or required, and
variable or non-variable.
In the example shown, you can specify a
value for the variable <host_ip>, or use the
non-variable option, default.

Main CLI Menu

The following table describes the main CLI menu commands:
Command Description
exit Logs out of the APSolute Vision CLI session. For more information, see exit,
page 651.
help Displays help for menus and commands. You can also use the ? key. For more
information, see help, page 652.
history Displays a history of previously run commands. For more information, see
history, page 652.
net Commands to display and configure network interface settings and IP routing.
For more information, see Network Configuration Commands, page 653.
ping Pings a host on the network to test its availability. For more information, see
ping, page 652.
reboot Stops all processes and then reboots the APSolute Vision server. For more
information, see reboot, page 652.
shutdown Stops all processes and then shuts down the APSolute Vision server. For more
information, see shutdown, page 653.
system System commands for the APSolute Vision server. For more information, see
System Commands, page 662.
grep Selects lines containing a match for the specified regular expression. For more
information, see grep, page 653.
more Paginates command output. For more information, see more, page 653.
General CLI Commands

This section describes the following APSolute Vision CLI commands:
• exit
• help
• history
• ping
• reboot
• shutdown
• grep
• more
exit
Logs out of the APSolute Vision CLI session.
Syntax
exit

help
Displays help for a command or menu. You can also use the ? key.
Examples
A net? displays help for the net menu.
B net management-ip? displays help for the net management-ip command.
Tip: To display the list of commands for a menu, enter the menu name and press Enter.
history
Displays a history of the previously run commands.
Syntax
history [-<num>]
<num> The number of previous commands to display, starting from Optional

the current command. The default is the last 50 commands.
Tip: To paginate results, use history | more.

To view command history for specific commands or menus, use |grep.
Example
history | grep sys
Displays the history of commands containing the string sys.
ping
Pings a host on the network to test its availability.
Syntax
ping <IP_address> <N>
<IP_address> IP address of the host to ping. Required
<N> Number of packets to send. Required

If N is 0, the device will ping indefinitely. Use Ctrl-C to stop.
reboot
Stops all processes and then reboots the APSolute Vision server.
Syntax
reboot

shutdown
Stops all processes and then shuts down the APSolute Vision server.
Syntax
shutdown
grep
Selects lines containing a match for the specified regular expression. You can use this command only
concatenated to other commands that produce output.
Syntax
| grep <regexp>
<regexp> The regular expression string to match. Required
Tip: Use this command with history and timezone list commands to filter output.
more
Paginates command output. You can use this command only concatenated to other commands that
produce output.
Syntax
| more
Tip: Use this command with history and timezone list commands to paginate output.
Network Configuration Commands

The net menu includes the following command types to display and configure network interface
settings and IP routing:
• Network DNS Commands, page 653
• Net Firewall Commands, page 655
• Network IP Interface Commands, page 656
• Network NAT Commands, page 657
• Network Physical Interface Commands, page 659
• Network Routing Commands, page 660
Network DNS Commands

Use net dns commands to display and configure DNS server settings.
The net dns commands comprise the following:
• net dns get
• net dns set primary

• net dns set secondary

• net dns set tertiary
• net dns delete primary
• net dns delete secondary
• net dns delete tertiary
net dns get

Displays the IP address for each configured DNS server.
Syntax
net dns get
net dns set primary

Adds a primary DNS server to the DNS server table. If a primary DNS server already exists, the new
configuration overwrite the old one.
Syntax
net dns set primary <IP_address>
<IP_address> The IP address of the primary DNS server. Required
net dns set secondary

Adds a secondary DNS server to the DNS server table if there is an existing configuration of a
primary DNS server. If there is no primary DNS server, APSolute Vision defines the secondary server
as the primary. If a secondary DNS server already exists, the new configuration overwrite the old
one.
Syntax
net dns set secondary <IP_address>
<IP_address> The IP address of the secondary DNS server. Required
net dns set tertiary

Adds a tertiary DNS server to the DNS server table if there is an existing configuration of a primary
and secondary DNS server. If there is no primary and secondary DNS server, APSolute Vision defines
the tertiary server as the next-higher-level server (primary or secondary). If a tertiary DNS server
already exists, the new configuration overwrite the old one.
Syntax
net dns set tertiary <IP_address>
<IP_address> The IP address of the tertiary DNS server. Required
net dns delete primary

Deletes the primary DNS server.
Syntax
net dns delete primary

net dns delete secondary

Deletes the secondary DNS server.
Syntax
net dns delete secondary
net dns delete tertiary

Deletes the tertiary DNS server.
Syntax
net dns delete tertiary
Net Firewall Commands

Use net firewall commands to manage L4 ports other than the ports that are opened by the
APSolute Vision installation.
Note: For information on the ports opened by the APSolute Vision installation, see UDP/TCP Ports
and IP Protocols, page 833.
The net firewall commands comprise the following:
• net firewall open-port set
• net firewall open-port list
net firewall open-port set

Opens or closes a specified port in the firewall other than a port opened by the APSolute Vision
installation (see UDP/TCP Ports and IP Protocols, page 833).
Syntax
net firewall open-port set <port_number> {open|close}
<port_number> The L4 TCP port in the firewall. Required
{open|close} The open argument in the command opens the port in the Required
firewall.
The close argument in the command closes a port that was
opened with the net firewall open-port set
<port_number> open command.
net firewall open-port list

Lists the currently open ports in the firewall that were opened using the net firewall open-
port set <port_number> open command.
Syntax
net firewall open-port list

Network IP Interface Commands

Use net ip commands to display and configure APSolute Vision server network-interface settings
and define the following ports on the APSolute Vision server:
• G1, G2, G3, and G4—When running as a virtual appliance (VA)
• G1 and G2—When running on an OnDemand Switch VL (ODS-VL) platform
• G3, G5, and G7—When running on an OnDemand Switch VL2 (ODS-VL2) platform
Note: After changing the configuration of a management port, G1 or G2—or G3 or G5, you must
restart the APSolute Vision server.
The net ip commands comprise the following:
• net ip set
• net ip delete
• net ip get
• net ip management set
net ip set
Configures an IP address for APSolute Vision server network interfaces.
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4.
• APSolute Vision running on an OnDemand Switch VL (ODS-VL) platform supports ports G1 and
G2.
• APSolute Vision running on an OnDemand Switch VL2 (ODS-VL2) platform supports ports G3,
G5, and G7.
Syntax
net ip set <IP_address> <netmask> {G1|G2|G3|G4|G5|G7}
<IP_address> The IP address of the network interface. Required
<netmask> The subnet for the network interface. Required
{G1|G2|G3|G4|G5|G7} Specifies whether the interface is on port G1, G2, G3, G4, Required
G5, or G7.
net ip delete
Deletes an IP address from a port on the APSolute Vision server.
Notes
G2.
G5, and G7.

Syntax
net ip delete {G1|G2|G3|G4|G5|G7}
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server whose IP address Required
will be deleted.
net ip get
Displays the MAC addresses and other information about the configured network interfaces.
Syntax
net ip get
net ip management set

Sets the network interface on which APSolute Vision listens for incoming traps and messages from
managed devices. Managed devices must be able to reach the APSolute Vision management IP
address. When APSolute Vision is running as a virtual appliance (VA) or on an OnDemand Switch VL
(ODS-VL) platform, the management port can be either G1 or G2, but not both simultaneously.
When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, the
management port can be either G3 or G5, but not both simultaneously.
This is the interface that APSolute Vision registers in the event-target table on managed devices.
Notes
• When APSolute Vision is running as a virtual appliance (VA), you can connect to the APSolute
Vision server (with the client, SSH/Telnet, and so on) through ports G1, G2, and G3.
• When APSolute Vision is running on an OnDemand Switch VL (ODS-VL) platform, you can
connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G1
and G2.
• When APSolute Vision is running on an OnDemand Switch VL2 (ODS-VL2) platform, you can
connect to the APSolute Vision server (with the client, SSH/Telnet, and so on) through ports G3,
G5, and G7.
Syntax
net ip management set {G1|G2|G3|G5}
{G1|G2|G3|G5} The port on the APSolute Vision server. Required
Network NAT Commands

To access APM or DPM from an APSolute Vision server that is deployed behind a network address
translation (NAT), use the net nat commands described in this section.
The net nat commands comprise the following:
• net nat get
• net nat set hostname
• net nat set ip
• net nat set none
net nat get

Gets the NAT-host configuration for the server.

Syntax
net nat get
net nat set hostname

Sets a hostname for the APSolute Vision server. Use this option when the APSolute Vision server is
deployed behind a NAT to enable APSolute Vision clients to access the server both from the internal
and external network.
With this option, all clients must be configured to resolve the specified hostname—for example,
using a DNS server or modifying the hosts file. Clients behind the NAT of the APSolute Vision server
local IP address must be configured to resolve the hostname to the external NAT IP address. Clients
inside the local subnet of the APSolute Vision server must be configured to resolve the hostname to
the internal IP address.
Syntax
net nat set hostname <hostname>
<hostname> The hostname used for APSolute Vision server-client Required

communication when NAT is used.
The hostname must conform to RFC 952.
A period (.) is allowed only if the specified nat hostname is
the same as the system hostname. To set the system
hostname (see System Hostname Commands, page 700).
Caution: You must not use radware as the hostname.
net nat set ip

Sets the external NAT IP address of the APSolute Vision server. Use this option when access is
required only from an external IP address.
Caution: The specified IP address must be routable from the client machine.
Syntax
net nat set ip <IP address>
<IP address> The IP address of the APSolute Vision server from an external Required
network.
net nat set none

Removes the server-NAT configuration. The APSolute Vision server will be accessible to clients only
using the internal Management IP address.
Syntax
net nat set none

Network Physical Interface Commands

Use net physical-interface commands to display and configure network physical interface
settings on the APSolute Vision server.
The net physical commands comprise the following:
• net physical-interface get
• net physical-interface set
net physical-interface get

Displays speed and duplex mode for each accessible network physical interface on the APSolute
Vision server. Displays whether a physical interface is down, and whether auto-negotiation mode is
set.
Syntax
net physical-interface get
net physical-interface set

Configures the speed and duplex mode for a network physical interface using manual settings or by
setting auto-negotiation. The speed and duplex arguments take precedence over the auto-
negotiation setting. That is, if you change the speed and/or duplex setting, APSolute Vision sets
auto-negotiation to OFF automatically.
On APSolute Vision VA platforms, this command is not supported. The values, which apply to the
virtual NIC card, are static—with auto-negotiation OFF, the speed 10,000 Mbps (10 Gbps), and full
duplex mode ON.
Syntax
net physical-interface set {G1|G2|G3|G5} autoneg {on|off} speed
{10|100|1000} duplex {half|full}
{G1|G2|G3|G5} The physical interface to configure. Required

Values:
• G1 or G2 —When running on an OnDemand
Switch VL (ODS-VL) platform
• G3 or G5 —When running on an OnDemand
Switch VL2 (ODS-VL2) platform
{on|off} The auto-negotiation mode. Enter autoneg on Optional

to set speed and duplex mode by auto-
negotiation.
{10|100|1000} The speed setting, in Mbps. Optional
{half|full} The duplex-mode setting. Optional
Examples
A net physical-interface set G1 autoneg on
B net physical-interface set G2 speed 1000 autoneg off
C net physical-interface set G1 duplex half speed 10 autoneg off

Network Routing Commands

Use net route commands to display and configure IP routing settings. APSolute Vision saves
configured routes by retrieving them directly from the kernel’s active routing table. Routes are be
deleted when deleting an IP address from a specific device interface.
The net route commands comprise the following:
• net route set host
• net route set net
• net route set default
• net route delete
• net route get
net route set host

Sets a route to a destination host.
Notes
G2.
G5, and G7.
Syntax
net route set host <host_ip> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]
<host_ip> The IP address of the destination host Required

to which the route is defined.
<gateway_ip> The IP address of the next hop toward Required

the destination host.
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant
only for APSolute Vision
VA).
Optional for all ports except
G4.
net route set net

Sets a route to a destination network or subnet.
Syntax
net route set net <net_ip> <netmask> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]
<net_ip> The IP address of the destination Required

network to which the route is defined.
<netmask> The destination subnet. Required

<gateway_ip> The IP address of the next hop toward Required

the destination network.
{G1|G2|G3|G4|G5|G7} The port on the APSolute Vision server. Required for G4 (relevant
only for APSolute Vision
VA).
Optional for all ports
except G4.
net route set default

Sets a default gateway route.
Notes
• APSolute Vision running as a virtual appliance (VA) supports ports G1, G2, G3, and G4. G4 is not
relevant for the net route set default command.
G2.
G5, and G7.
Syntax
net route set default <gateway_ip> [dev {G1|G2|G3|G5|G7}]
<gateway_ip> The IP address of the default gateway (next hop). Required
{G1|G2|G3|G5|G7} The port on the APSolute Vision server. Optional
net route delete

Deletes a route entry from the routing table.
Notes
G2.
G5, and G7.
Syntax
net route delete <net_ip> <netmask> <gateway_ip> [dev {G1|G2|G3|G4|G5|G7}]
<net_ip> To delete a network route, enter the IP address Required

of the corresponding destination network.
<netmask> The destination subnet. Required

<gateway_ip> The IP address of the default gateway (next Required

hop).
{G1|G2|G3|G4|G5|G7} The physical port on the APSolute Vision server. Required for G4
(relevant only for
APSolute Vision VA).
Optional for all ports
except G4.
net route get

Displays routing information for active routes and statically-configured host routes, network routes,
and default routes.
Syntax
net route get
System Commands
The system menu includes the following system commands and command types for the APSolute
Vision server:
• System APM Commands, page 663
• system audit-log export, page 663
• System APSolute Vision Server Commands, page 665
• System Backup Commands, page 665
• system cleanup, page 681
• System Configuration-Synchronization Commands, page 681
• System Database Commands, page 686
• System Date Commands, page 688
• System DF Commands, page 689
• System DPM Commands, page 690
• System Exporter Commands (Event Exporter), page 695
• system hardware status get, page 700
• System Hostname Commands, page 700
• System LLS Commands, page 701
• System NTP Commands, page 705
• system rpm list, page 707
• System SNMP Commands, page 707
• System SSL Commands, page 709
• system statistics, page 712
• System Storage Commands, page 712
• System TCP Capture Commands, page 713
• System Backup Technical-Support Commands, page 677
• System Terminal Commands, page 715
• System Timezone Commands, page 716
• System Upgrade Commands, page 717

• System User Authentication-Mode Commands, page 718

• System User Password Commands, page 720
• system version, page 721
System APM Commands

Use system apm commands to manage aspects of an APSolute Vision server with APM server VA.
Note: For more information on APSolute Vision server with APM server VA, see the APSolute Vision
Installation and Maintenance Guide and the Application Performance Monitoring Troubleshooting and
Technical Guide.
The system apm commands comprise the following:
• system apm clear, page 663
• system apm shell, page 663
system apm clear

Deletes all APM data files, including raw data.
Syntax
system apm clear
system apm shell

Launches the APM shell in an APSolute Vision server with APM server VA.
Note: From the APM shell, the exit command returns the CLI session to the APSolute Vision shell.
Syntax
system apm shell
system audit-log export

Exports the audit-log to the location specified in the command.
Syntax
system audit-log export <protocol>://<user>@<server>:/<path/to/directory>/
<filename> {all|<yyyy-MM-dd>}
<protocol> Values: Required

• ssh
• sftp
• ftp
• scp
<user> The username. Required

Note: If a password is required, you are prompted for it
after the connection is initiated.

<server> The IP address or DNS name of the server. Required

IPv6 addresses must be enclosed within square brackets
([]) when the protocol is SFTP, FTP, or SCP. For example:
system backup config export my_backup sftp://
radware@[200a::172:17:164:10]:/home/
my_backup.
<path/to/directory> The path to the export directory. Required
<filename> The filename of the audit-log in the export directory. Required
{all|<yyyy-MM-dd>} Specify all to export all entries, or specify the start date of Required
records to export. The start date must be in yyyy-MM-dd
format.
System APSolute Vision Reporter (AVR) Commands

Use system avr commands to manage the APSolute Vision Reporter (AVR) service.
By default, the AVR service starts when the other APSolute Vision services start.
If you do not use AVR, you can disable the AVR service and thereby conserve significant amounts of
various system resources.
The system avr commands comprise the following:
• system avr enable, page 664
• system avr status, page 664
• system avr disable, page 664
system avr enable

Enables the APSolute Vision Reporter service.
Note: Enabling the APSolute Vision Reporter service requires restarting APSolute Vision Collector
service.
Syntax
system avr start
system avr status

Shows the status APSolute Vision Reporter service.
Syntax
system avr status
system avr disable

Stops and disables the APSolute Vision Reporter service.
Note: Disabling the APSolute Vision Reporter service requires restarting the APSolute Vision
Collector service.

Syntax
system avr disable
System APSolute Vision Server Commands

Use system vision-server commands to manage the APSolute Vision server.
The system vision-server commands comprise the following:
• system vision-server start, page 665
• system vision-server status, page 665
• system vision-server stop, page 665
system vision-server start

Starts the APSolute Vision server.
Syntax
system vision-server start
system vision-server status

Shows the status of the APSolute Vision server, Server running or Server stopped.
Syntax
system vision-server status
system vision-server stop

Stops the APSolute Vision server.
Syntax
system vision-server stop
System Backup Commands

Use system backup commands to manage APSolute Vision system backups.
The system backup commands comprise the following:
• System Backup Configuration Commands, page 666
• System Backup Full Commands, page 669
• System Backup SecurityReporter Commands, page 673
• System Backup Technical-Support Commands, page 677

System Backup Configuration Commands

Use system backup config commands to manage APSolute Vision system-configuration
backups.
The system backup config commands comprise the following:
• system backup config create, page 666
• system backup config delete, page 666
• system backup config export, page 667
• system backup config import, page 668
• system backup config info, page 668
• system backup config list, page 669
• system backup config restore, page 669
system backup config create

Creates a backup of the system configuration in the storage location.
Note: For information on the storage location, see System Storage Commands, page 712.
Each backup includes the following:
• The APSolute Vision system configuration
• The local users
• The managed devices
• The host IP addresses in the database-viewer list
• The vDirect database file
The backup config create command does not back up the following:
• The password of the radware user of the APSolute Vision server appliance
• The IP address/es of the APSolute Vision server appliance
• The DNS address/es of the APSolute Vision server appliance
• The network routes of the APSolute Vision server appliance
• Attack data
The system stores up to five configuration-backup iterations. After the fifth configuration-backup,
the system deletes the oldest one.
Syntax
<configName> The name of the system-configuration backup, up to 64 Required

characters, with no spaces. Only alphanumeric characters and
underscores (_) are allowed.
[description] The description of the system-configuration backup. Optional
system backup config delete

Deletes the specified system-configuration backup from the storage location.
Syntax

system backup config delete <configName>
<configName> The name of the system-configuration backup. Required
system backup config export

Exports the specified system-configuration backup.
Syntax
system backup config export <configName> <protocol>://<user>@<server>:/<path/
to/directory>/<filename>

• ssh
• sftp
• ftp
• scp
• file—This option exports the backup locally to the
location specified in the command.
Caution: Only root users have access to the local
directory and can delete the file. You can, however, use
the system backup config import command on the
same machine with the file parameter to retrieve the
exported backup.
If you use the file option, Radware recommends that you
place the file in the Maintenance Files folder, which you can
access from the APSolute Vision server Web interface.
For example:
system backup config export MyBackupName
file:///opt/radware/storage/maintenance/
MyBackupTargetName
<user>@ The username. Required


IPv6 addresses must be enclosed within square brackets
([]) when the protocol is SFTP, FTP, or SCP. For example:
system backup config export my_backup sftp://
radware@[200a::172:17:164:10]:/home/
my_backup.

<filename> The filename of the system-configuration backup in the Required

export directory, which may be different from the
configName.
system backup config import

Imports the specified system-configuration backup from the specified location to the storage
location.
Syntax
system backup config import <protocol>://<user>@<server>:/<path/to/
directory><filename>

• ssh
• sftp
• ftp
• scp
• file—Uses the backup file on the local machine, which
was made using the system backup config export
command with the file option.

<path/to/directory> The path to the remote directory. Required
<filename> The name of the system-configuration backup in the remote Required

directory, which may be different from the configName.
When the file is imported, the filename reverts to the
configName, that is, the name that was used when the
system-configuration backup was created.
system backup config info

Displays the following information about the specified system-configuration backup:
• Name—The name of the system-configuration backup.
• Disk Size—The size of the system-configuration backup on the disk.
• Date—The time and date that the system-configuration backup was created.
• Version—The APSolute Vision version and build number.
• Description—The user-defined description of the system-configuration backup.

Syntax
system backup config info <configName>
system backup config list

Lists the system-configuration backups in the storage location in a table with the following columns:
• Name—The name of the system-configuration backup.
• Size(K)—The size of the system-configuration backup on the disk.
• Date—The time and date that the system-configuration backup was created.
• Description—The user-defined description of the system-configuration backup, which is
truncated as necessary to fit the table.
Syntax
system backup config list
system backup config restore

Restores the system using the specified system-configuration backup. The version and build number
of the current system and the version and build number of the system that created the system-
configuration backup must be the same.
Note: The restore process stops APSolute Vision and its associated services, and when it finishes,
restarts them.
Syntax
system backup config restore <configName> [-retainlicenses]
-retainlicenses Retains the currently installed licenses. Otherwise, the Optional

restore process overwrites existing licenses with the licenses
from the backup file.
System Backup Full Commands

The system backup full commands comprise the following:
• system backup full create, page 670
• system backup full delete, page 670
• system backup full export, page 670
• system backup full import, page 671
• system backup full info, page 672
• system backup full list, page 672
• system backup full restore, page 673

system backup full create

Creates a system backup in the storage location. Each system backup includes all the data
necessary to restore the entire system—but not the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM).
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Caution: The system backup does not include AVR or DPM data.
Syntax
system backup full create <backupName> [description]
<backupName> The name of the backup, up to 64 characters with no spaces. Required

Only alphanumeric characters and underscores (_) are
allowed.
[description] The description of the backup. Optional
system backup full delete

Deletes the specified system backup from the storage location.
Syntax
system backup full delete <backupName>
<backupName> The name of the backup. Required
system backup full export

Exports the specified system backup from the storage location to the location specified in the
command.
Syntax
system backup full export <backupName> <protocol>://<user>@<server>:/<path/
to/directory>/<filename>


• ssh
• sftp
• ftp
• scp
directory and can delete the file. You can, however, use
the system backup import command on the same
machine with the file parameter to retrieve the
exported backup.
For example:
system backup full export MyBackupName file:/
//opt/radware/storage/maintenance/
MyBackupTargetName

<filename> The filename of the backup in the export directory, which Required
may be different from the backupName.
system backup full import

Imports the specified system backup from the specified location to the storage location.
The system stores up to five system backups. After the fifth system backup, the system deletes the
oldest one.
Syntax
system full backup import <protocol>://<user>@<server>:/<path/to/


• ssh
• sftp
• ftp
• scp
was made using the system backup full export
command with the file option.

<filename> The name of the backup in the export directory, which may Required
be different from the backupName.
backupName, that is, the name that was used when the
backup was created.
system backup full info

Displays the following information about the specified system backup:
• Name—The name of the backup.
• Disk Size—The size of the backup on the disk.
• Date—The time and date that the backup was created.
• Description—The user-defined description of the backup.
Syntax
system backup full info <backupName>
system backup full list

Lists the system backups in the storage location in a table with the following columns:
• Name—The name of the backup.
• Size(K)—The size of the backup on the disk.
• Date—The time and date that the backup was created.
• Description—The user-defined description of the backup, which is truncated as necessary to fit
the table.

Syntax
system backup full list
system backup full restore

Restores the system using the specified system backup. The version and build number of the current
system and the version and build number of the system that created the backup must be the same.
Caution: The system backup does not include the data of APSolute Vision Reporter (AVR) or the
Device Performance Monitor (DPM). If you use AVR or DPM, you must restore the system before you
restore the AVR and/or DPM data.
Caution: If the password of the reporter user (used for the Vision Reporting Module) changed after
running system backup full create, before you run the system backup full restore
command, you must update the password on the APSolute Vision server
restarts them.
Syntax
system backup full restore <backupName> [-retainlicenses]
-retainlicenses Retains the currently installed licenses. Otherwise, the Optional

restore process overwrites existing licenses with the licenses
from the backup file.
System Backup SecurityReporter Commands

Use system backup securityReporter commands to manage backups of APSolute Vision
Reporter data.
The system backup securityReporter commands comprise the following:
• system backup securityReporter create, page 674
• system backup securityReporter delete, page 674
• system backup securityReporter export, page 674
• system backup securityReporter import, page 675
• system backup securityReporter info, page 676
• system backup securityReporter list, page 676
• system backup securityReporter restore, page 677

system backup securityReporter create

Creates a APSolute Vision Reporter data backup in the storage location.
The system stores up to three reporter-backup iterations backups. After the third reporter-backup,
The backup includes all the APSolute Vision Reporter data.
Syntax
system backup securityReporter create <securityReporterName> <description>
<securityReporterName> The name of the reporter-backup, up to 64 characters, Required

with no spaces. Only alphanumeric characters and
<description> The description of the reporter-backup. Optional
system backup securityReporter delete

Deletes the specified reporter-backup from the storage location.
Syntax
system backup securityReporter delete <securityReporterName>
<securityReporterName> The name of the reporter-backup. Required
system backup securityReporter export

Exports the specified reporter-backup from the storage location to a specified location.
Syntax
system backup securityReporter export <securityReporterName> <protocol>://
<user>@<server>:/<path/to/directory>/<filename>


• ssh
• sftp
• ftp
• scp
directory and can delete the file. You can, however,
use the system backup securityReporter
import command on the same machine with the
file parameter to retrieve the exported backup.
If you use the file option, Radware recommends that
you place the file in the Maintenance Files folder, which
you can access from the APSolute Vision server Web
interface.
For example:
system backup securityReporter export
MyBackupName file:///opt/radware/storage/
maintenance/MyBackupTargetName

Note: If a password is required, you are prompted
for it after the connection is initiated.
<filename> The filename of the reporter-backup in the export Required

directory, which may be different from the
securityReporterName.
system backup securityReporter import

Imports the specified reporter-backup from the specified location to the storage location.
Syntax
system backup securityReporter import <protocol>://<user>@<server>:/<path/to/


• ssh
• sftp
• ftp
• scp
was made using the system backup
securityReporter export command with the file
option.

<filename> The name of the reporter-backup in the export directory, Required

which may be different from the securityReporterName.
securityReporterName, that is, the name that was used
when the reporter-backup was created.
system backup securityReporter info

Displays the following information about the specified reporter-backup:
• Name—The name of the reporter-backup.
• Disk Size—The size of the reporter-backup on the disk.
• Date—The time and date that the reporter-backup was created.
• Description—The user-defined description of the reporter-backup.
Syntax
system backup securityReporter info <securityReporterName>
system backup securityReporter list

Lists the reporter-backups in the storage location in a table with the following columns:
• Name—The name of the reporter-backup.
• Size(K)—The size of the reporter-backup on the disk.
• Date—The time and date that the reporter-backup was created.
• Description—The user-defined description of the reporter-backup, which is truncated as
necessary to fit the table.

Syntax
system backup securityReporter list
system backup securityReporter restore

Restores the APSolute Vision Reporter (AVR) data using the specified reporter-backup. The version
and build number of the current system and the version and build number of the system that
created the reporter-backup must be the same.
Caution: When you are restoring the system backup also, you must restore the system before you
restore AVR data.
Caution: After the restore process is complete, verify that AVR is successfully collecting data for
new attacks and traffic events. To do this, in AVR, select Setup > Admin Messages.
restarts them.
Syntax
system backup securityReporter restore <securityReporterName>
System Backup Technical-Support Commands

If you encounter problems with APSolute Vision, you can create a technical-support package and
send it to Radware Technical Support for assistance.
Use system backup techSupport commands to manage technical-support packages for the
The system backup techSupport commands comprise the following:
• system backup techSupport local, page 677
• system backup techSupport create, page 678
• system backup techSupport export, page 679
• system backup techSupport info, page 680
• system backup techSupport list, page 680
• system backup techSupport delete, page 680
system backup techSupport local

Creates a tech-support package that you can access in the APSolute Vision Web interface (APSolute
Vision Settings mode System perspective, General Settings > Maintenance Files). When the
process finishes, the CLI message includes the hard-coded filepath and name of the package, which
is a .tar file.

Notes
• This command is an alternative to using the two separate commands, system backup
techSupport create and system backup techSupport export.
• You can delete the .tar file using system backup techSupport delete (without the .tar
extension).
APSolute Vision generates each package in a .tar file using the following format:
vision_support_<IPAddress>_<MM-dd-yy-hhmm>.tar
where:
• <IPAddress> is the IP address of the APSolute Vision server.
• <MM-dd-yy-hhmm> is the date and time.
Each tech-support package includes the following:

• The current system time in millis (from Unix epoch)
• The APSolute Vision version and build number
• APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
• Running processes
• The status of each APSolute Vision service
• APSolute Vision system logs
• APSolute Vision Reporter logs
• APSolute Vision debug logs
• Disk usage
• Additional internal-resource information
Syntax
system backup techSupport local
system backup techSupport create

Creates a tech-support package.
The system stores up to three tech-support packages in the storage location. After the third tech-
support package, the system deletes the oldest one.
Each tech-support package includes the following:
• The current system time in millis
• The APSolute Vision version and build number
• APSolute Vision system configuration, which includes the network IP addresses, DNS address,
routes, and so on
• Running processes
• The status of each APSolute Vision service
• APSolute Vision system logs
• APSolute Vision Reporter logs
• APSolute Vision debug logs

• Disk usage
• Additional internal-resource information
Syntax
system backup techSupport create <techSupportName> [<description>]
<techSupportName> The name of the tech-support package, up to 64 characters, Required

<description> The description of the tech-support package. Optional
system backup techSupport export

Exports the specified tech-support package from the storage location to the specified location.
Syntax
system backup techSupport export <techSupportName> <protocol>://
<user>@<server>:/<path/to/directory>/<filename>
<techSupportName> The name of the tech-support package. Required

• ssh
• sftp
• ftp
• scp
directory and can delete the file.
For example:
system backup techSupport export
MyTechSupportName file:///opt/radware/
storage/maintenance/MyBackupTargetName


<filename> The filename of the tech-support package in the export Required

directory, which may be different from the
techSupportName.
system backup techSupport info

Displays the following information about the specified tech-support package:
• Name—The name of the tech-support package.
• Disk Size—The size of the tech-support package on the disk.
• Date—The time and date that the tech-support package was created.
• Description—The user-defined description of the tech-support package.
Syntax
system backup techSupport info <techSupportName>
system backup techSupport list

Lists the tech-support packages in the storage location in a table with the following columns:
• Name—The name of the tech-support package.
• Size(K)—The size of the tech-support package on the disk.
• Date—The time and date that the tech-support package was created.
• Description—The user-defined description of the tech-support package, which is truncated as
necessary to fit the table.
Syntax
system backup techSupport list
system backup techSupport delete

Deletes the specified tech-support package. For a package that system techSupport create
created, system backup techSupport delete deletes the package in the storage location. For
a package that system backup techSupport local created, system backup techSupport
delete deletes the package in the hard-coded local location. Since the file name is not visible
through the system backup techsupport list command, you can obtain the file name from
the maintenance folder (available in the APSolute Vision interface) and omit the .tar extension.
Notes
• For information on the storage location, see System Storage Commands, page 712.
• For information on system backup techSupport local, see system backup techSupport
local, page 677.

Syntax
system backup techSupport delete <techSupportName>
system cleanup
Cleans all the data on the APSolute Vision server, or cleans all the data on the APSolute Vision server
except for the following:
• APSolute Vision server management IP addresses and routes
• Installed licenses
Syntax
system cleanup {full|without-server-ip}
{full | without-server-ip} The command with the full argument restores the Required
APSolute Vision server to the factory defaults. After
you run the command with the full argument, the
initial configuration script launches automatically.
The command with the without-server-ip
argument cleans all the data on the APSolute Vision
server but retains the APSolute Vision server
management IP addresses and routes.
System Configuration-Synchronization Commands

Use system config-sync commands to deploy and manage a configuration-synchronization pair
of APSolute Vision server instances in an active/standby topology, so that all the configuration on
the active instance is automatically synched to the standby instance.
The system config-sync commands are part of the APSolute Vision configuration-
synchronization feature.
When the configuration-synchronization mode of an APSolute Vision server is active, at the
specified interval, that server notifies the standby server (the configured peer) to fetch the
configuration.
The standby server can send email notifications to a list recipients after a specified number of
missed configuration-synchronizations (see system config-sync missed_syncs Commands,
page 685).
There is no automatic failover mechanism. It is the responsibility of the APSolute Vision
administrator to change the mode of the standby server to active, when required—for example
after receiving a email notification relating to missed configuration-synchronizations.
Typically, the config-sync parameters interval, missed-syncs, and mail_recipients are
defined with the same values on both members of the configuration-synchronization pair.

The configuration-synchronization mechanism uses the following two (external) parameters for
sending email notifications after the specified number of missed configuration-synchronizations:
• SMTP Server Address (APSolute Vision Settings view System perspective, General Settings
> Alert Settings > Alert Browser > Email Reporting Configuration Parameters tab > SMTP
Server Address)—For the name or IP address of the SMTP email server.
Caution: If the SMTP Server Address field is empty, the configuration-synchronization

mechanism does not send email notifications.
• SMTP User Name (APSolute Vision Settings view System perspective, General Settings >
Alert Settings > Alert Browser > Email Reporting Configuration Parameters tab > SMTP
User Name)—For the sender address.
Note: If the SMTP User Name field is empty, the configuration-synchronization mechanism
uses a default name. Typically, the default name is Vision.Config.Sync@radware.com.
Note: The configuration-synchronization mechanism ignores the configuration of the Enable

checkbox in the Email Reporting Configuration Parameters tab.
Requirements of the configuration-synchronization feature:
• The APSolute Vision version and build number must be the same for both members of a
configuration-synchronization setup.
• The DefensePro devices that the members of a configuration-synchronization setup manage
must be configured with the same connectivity settings.
• Ports 443 and 5672 on both members of a configuration-synchronization setup must be
accessible and not blocked by your firewall—in both directions.
Limitations of the configuration-synchronization feature:

• The configuration-synchronization is encrypted, but the connection is not.
• The configuration-synchronization feature does not support APM, DPM, or vDirect.
• APSolute Vision Reporter (AVR) limitations:
— Configuration-synchronization for historical reports covers downtime up to one hour for
Traffic Utilization and Baselines data, and up to 24 hours of Attack data. A longer downtime
requires manual backup and restore.
— If the AVR is down, there is a 20-minute window for the AVR to synchronize the database
before APSolute Vision cleans it up and the data is lost.
Caution: It is the responsibility of the APSolute Vision administrator to register the APSolute Vision
servers as a target of the device events (for example, traps, alerts, IRP messages, and packet-
reporting data) on the managed devices. For related information, see APSolute Vision Server
Registered for Device Events—Alteon and LinkProof NG, page 188, APSolute Vision Server
Registered for Device Events—DefensePro, page 188, and APSolute Vision Server Registered for
Device Events—AppWall, page 189.
The system config-sync commands comprise the following:

• system config-sync mode Commands, page 683
• system config-sync peer Commands, page 684
• system config-sync interval Commands, page 684
• system config-sync missed_syncs Commands, page 685

• system config-sync mail_recipients Commands, page 685

• system config-sync status, page 686
• system config-sync manual, page 686
system config-sync mode Commands

Use system config-sync mode commands to manage the configuration-synchronization mode of
The system config-sync mode commands comprise the following:
• system config-sync mode set, page 683
• system config-sync mode get, page 684
system config-sync mode set

Manages the status of the configuration-sync feature on the APSolute Vision server.
Note: The APSolute Vision server instances in the configuration-synchronization setup are not
aware of one another. It is possible—but not recommended—that the mode of both peers of a
configuration-synchronization setup is active.
Syntax
system config-sync mode set {active|disabled|standby}
{active|disabled|standby} Values: Required

• active —Sets the server as the active
instance of a configuration-synchronization
pair.
• disabled —Disables the configuration-
synchronization feature.
• standby —Sets the server as the standby
instance of a configuration-synchronization
pair.
Default: disabled
Notes:
• Setting the mode to standby stops the
configuration service on the APSolute Vision
server.
• An APSolute Vision server in the standby
mode cannot lock or configure devices, or
execute scheduled tasks or scripts.
• An APSolute Vision server in the standby
mode is not accessible through Web or
REST interfaces.
• If the mode was standby, setting the
mode to active or disabled starts the
configuration service on the APSolute Vision
server.

system config-sync mode get

Displays the configuration-synchronization mode of the APSolute Vision server: active, disabled, or
standby.
Syntax
system config-sync mode get
system config-sync peer Commands

Use system config-sync peer commands to manage the peer IP address or hostname.
The system config-sync peer commands comprise the following:
• system config-sync peer set, page 684
• system config-sync peer get, page 684
system config-sync peer set

Sets the IP address or hostname for the peer APSolute Vision server.
Syntax
system config-sync peer set <IP address or hostname>
<IP address or hostname> The IP address or hostname for the peer APSolute Required
Vision server.
Caution: You must not use radware as the
hostname.
system config-sync peer get

Displays the peer IP address or hostname.
Syntax
system config-sync peer get
system config-sync interval Commands

Use system config-sync interval commands to manage the interval at which the APSolute
Vision server with the active role notifies the server with the standby role to fetch the configuration.
The system config-sync interval commands comprise the following:
• system config-sync interval set, page 684
• system config-sync interval get, page 685
system config-sync interval set

Sets the interval, in minutes, at which the APSolute Vision server with the active role notifies the
server with the standby role to fetch the configuration.
Syntax
system config-sync interval set <interval>
<interval> Values: 1–1440 (24 hours) Required

Default: 5

system config-sync interval get

Displays the configuration-synchronization interval, in minutes.
Syntax
system config-sync interval get
system config-sync missed_syncs Commands

Use system config-sync missed-syncs commands to manage the number of configuration-
synchronizations that can be missed before the system starts sending email notifications.
The system config-sync missed-syncs commands comprise the following:
• system config-sync missed-syncs set, page 685
• system config-sync missed-syncs get, page 685
system config-sync missed-syncs set

Sets the number of configuration-synchronizations that can be missed before the system starts
sending email notifications.
Syntax
system config-sync missed-syncs set <number>
<number> Values: Required

• 0—The system sends no email notifications for missed
configuration-synchronizations.
• 1–20
Default: 0
system config-sync missed-syncs get

Displays the number of configuration-synchronizations that can be missed before the system starts
sending email notifications.
Syntax
system config-sync mail_recipients Commands

Use system config-sync mail_recipients commands to manage the comma-separated list
of email recipients who get notified about synchronization-process failures.
If the list is empty, the system sends no email notifications for missed configuration-
synchronizations.
The system config-sync mail_recipients commands comprise the following:
• system config-sync mail_recipients set, page 685
• system config-sync mail_recipients get, page 686
system config-sync mail_recipients set

Configures the comma-separated list of email recipients who get notified about synchronization-
process failures.
Syntax
system config-sync mail_recipients set <comma-separated email addresses>

<comma-separated Example: Required

email addresses> abc@corporation.com,johnd@corporation.com
system config-sync mail_recipients get

Displays the comma-separated list of email recipients who get notified about synchronization-
process failures.
Syntax
system config-sync status

Displays the following configuration-synchronization information:
• Mode—The configuration-synchronization mode of the APSolute Vision server instance: active
or disabled.
• Interval—The configuration-synchronization interval, in minutes, which is configured on the
APSolute Vision server instance.
Note: The configuration-synchronization actions are according to the interval that is

configured on the active server.
• Missed Syncs—The specified number of configuration-synchronizations that can be missed
before the system starts sending email notifications.
• Mail Recipients—The list of email recipients for notifications of missed configuration-
synchronizations, which is configured on the APSolute Vision server instance.
• Peer Address—The IP address or hostname of the peer.
• Last Configuration Sync Date—The date of the last configuration-synchronization action in
the format MM/dd/yyyy hh:mm:ss.
• Last Configuration Sync Timestamp—The time of the last configuration-synchronization
action in millis (from Unix epoch).
Syntax
system config-sync status
system config-sync manual

Manually starts a configuration-synchronization action. Invoking a manual configuration-
synchronization action is possible only on the server with the active role.
Syntax
system config-sync manual
System Database Commands

Use system database commands to manage the APSolute Vision database.
The system database commands comprise the following:
• system database clear, page 687
• system database start, page 687
• system database status, page 687
• system database stop, page 687

system database clear

Clears and initializes the APSolute Vision database.
Syntax
system database clear
system database start

Restarts the APSolute Vision database, making it available for access.
Syntax
system database start
system database status

Shows the database status. For example, the output:
MySQL running (2688) [OK]
shows the database is up and running with process ID 2688.
Syntax
system database status
system database stop

Stops the APSolute Vision database, making it unavailable for access.
Syntax
system database stop
system database maintenance Commands

The system database maintenance commands comprise the following:
• system database maintenance optimize, page 687
• system database maintenance check, page 687
• system database maintenance driver_table delete, page 687
system database maintenance optimize

Optimizes the relevant tables.
Syntax
system database maintenance optimize
system database maintenance check

Checks whether the database needs optimization.
Syntax
system database maintenance check
system database maintenance driver_table delete

Stops the APSolute Vision server, deletes all device drivers from the Device Drivers table, and starts
the server. This command permanently deletes all device drivers that were manually uploaded to the
Device Drivers table (Asset Management perspective > General Settings > Device Drivers).

When APSolute Vision restarts:

• For managed devices of product versions created before the introduction of the
device-driver feature—APSolute Vision reloads the device drivers from the APSolute Vision
file system. (APSolute Vision persistently maintains the device drivers of product versions
created before the introduction of the device-driver feature.)
• For managed devices of product versions created with the device-driver feature—
APSolute Vision retrieves and loads the device driver from each managed device.
Caution: If you require functionality that relies on a manually uploaded device driver (for
example, as is the case with configuration templates), you must upload the relevant device
driver again.
Note: For more information on device drivers, see Managing Device Drivers, page 150.
Syntax
system database maintenance driver_table delete
System Date Commands

Use system date commands to display and set date and time on the APSolute Vision server.
The system date commands comprise the following:
• system date get, page 688
• system date set, page 688
system date get

Displays the APSolute Vision server date and time.
Syntax
system date get
system date set

Sets the date and time on the APSolute Vision server.
Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or
within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).

Notes
• Setting the system date stops the NTP service.
• Setting the system date requires restarting the APSolute Vision server, the APSolute Vision
Reporter, and MySQL.
• The APSolute Vision Reporter client supports only a single timezone, which is the timezone
configured in APSolute Vision server.
Syntax
system date set <date_and_time>
<date_and_time> The date and time in yyyy/MM/dd hh:mm:ss format. Required
Example
system date set 2010/05/23 13:56:00 sets date and time to 23/05/2010 13:56.
System DF Commands
Use df commands to manage the DefenseFlow device associated with the APSolute Vision server.
Note: APSolute Vision allows only one DefenseFlow device to be associated with it.
The system df commands comprise the following:
• system df management-ip get, page 689
• system df management-ip set, page 689
• system df management-ip delete, page 690
• system df shell, page 690
system df management-ip get

Displays the IP address of the DefenseFlow associated with the APSolute Vision server.
Syntax
system df management-ip get
system df management-ip set

Sets the IP address of an external DefenseFlow device to be associated with the APSolute Vision
server.
Caution: APSolute Vision automatically restarts after running this command.

Notes
• If the APSolute Vision server includes an embedded DefenseFlow device, this command is not
required.
• If the APSolute Vision server includes an embedded DefenseFlow device, you can set a different
(external) DefenseFlow device to be associated with the APSolute Vision server.
Syntax
system df management-ip set <IP_address>
IP_address The IP address of the DefenseFlow associated with the Required

system df management-ip delete

Unregisters the specified IP address of the external DefenseFlow device associated with the
Caution: APSolute Vision automatically restarts after running this command.
Syntax
system df management-ip delete <IP_address>
IP_address The IP address of the DefenseFlow associated with the Required

APSolute Vision server to be unregistered.
system df shell
Launches the DefenseFlow shell.
Syntax
system df shell
System DPM Commands

Use dpm commands to manage the Device Performance Monitor (DPM).
The system dpm commands comprise the following:
• system dpm database clear, page 691
• system backup dpm create, page 691
• system dpm backup delete, page 691
• system dpm backup export, page 691
• system dpm backup import, page 692
• system dpm backup list, page 692
• system dpm backup restore, page 692
• system dpm techSupport Commands, page 693
• system dpm debug Commands, page 694

system dpm database clear

Clears the Device Performance Monitor database.
Caution: This command deletes all the data for the Device Performance Monitor.
Syntax
system dpm database clear
system backup dpm create

Creates a Device Performance Monitor backup in the storage location.
The system stores up to three DPM backups. After the third tech-support package, the system
deletes the oldest one.
Syntax
system dpm backup create <dpm_bu_name>
<dpm_bu_name> The name of the DPM backup, up to 15characters, with no Required

spaces. Only alphanumeric characters and underscores (_)
are allowed.
system dpm backup delete

Deletes the specified Device Performance Monitor backup.
Syntax
system dpm backup delete <dpm_bu_name>
<dpm_bu_name> The name of the DPM backup, up to 15 characters, with no Required

are allowed.
system dpm backup export

Exports the specified Device Performance Monitor backup from the storage location to the specified
target.
Syntax
system dpm backup export <dpm_bu_name> <protocol>://<user>@<ip>://<path/to/
directory><RemoteFolder>
<dpm_bu_name> The name of the DPM backup. Required
<protocol> Value: ftp Required


<RemoteFolder> The remote folder for the file in the export directory. Required
system dpm backup import

Imports the specified Device Performance Monitor backup to the storage location.
Syntax
system dpm backup import <protocol>://<user>@<ip>://<path/to/
directory><BackupFilename>

<path/to/directory> The path to the remote directory. Required
<BackupFilename> The filename of the backup in the remote directory. Required
system dpm backup list

Lists the available Device Performance Monitor backups.
Syntax
system dpm backup list
system dpm backup restore

Restores the Device Performance Monitor with the data of the specified backup.
Caution: When you are restoring the system backup also, you must restore the system before you
restore DPM data. Otherwise, the devices in DPM will be marked as deleted.
Note: This action also stops and restarts the Device Performance Monitor process.
Syntax
system dpm backup restore <dpm_bu_name>

<dpm_bu_name> The name of the DPM backup, up to 15 characters, with no Required

are allowed.
system dpm techSupport Commands

APSolute Vision supports commands for to help Radware Technical Support solve problems with the
Device Performance Monitor. Use the commands under the instructions of Radware Technical
Support.
The system dpm techSupport commands comprise the following:
• system dpm techSupport create, page 693
• system dpm techSupport export, page 693
• system dpm techSupport list, page 694
• system dpm techSupport delete, page 694
system dpm techSupport create

Creates a DPM tech-support package in the storage location.
The system stores up to three DPM tech-support packages. After the third tech-support package,
Syntax
system dpm techSupport create <techSupportName> [description]
<techSupportName> The name of the tech-support package, up to 15 characters, Required

[description] The description of the tech-support package. Optional
system dpm techSupport export

Exports the specified Device Performance Monitor tech-support file to the specified target.
Syntax
system dpm techSupport export <dpm_techsupport_name> <protocol>://
<user>@<ip>://<path/to/directory><RemoteFolder>
<dpm_techsupport_name> The name of the tech-support file. Required


<RemoteFolder> The remote folder for the file in the export directory. Required
system dpm techSupport list

Lists the DPM tech-support packages in the storage location.
Syntax
system dpm techSupport list
system dpm techSupport delete

Deletes the specified DPM tech-support package in the storage location.
Syntax
system dpm techSupport delete <techSupportName>
system dpm debug Commands

APSolute Vision supports commands for debugging the Device Performance Monitor. Use the
commands under the instructions of Radware Technical Support.
system dpm debug commands:
• system dpm debug start
• system dpm debug stop
• system dpm debug status
• system dpm debug version
• system dpm debug database
• system dpm debug database count
• system dpm debug database devices
• system dpm debug database connections
• system dpm debug database query
• system dpm debug sample
• system dpm debug sample create
• system dpm debug sample delete
• system dpm debug sample list
• system dpm debug sample export

• system dpm debug install
Caution: The system dpm debug install command performs a fresh installation of the
DPM service, and all existing DPM data is deleted.
System Exporter Commands (Event Exporter)

Use the system exporter commands to configure the APSolute Vision event exporter. The event
exporter can export security-event records from managed DefensePro and/or DefenseFlow devices
to a specified syslog server. The event exporter lets you integrate with a Security Information Event
Management (SIEM) system, which you may be using as your main analytics-and-reporting system.
Notes
• For information about the records from the event exporter, see Appendix E - Using the Event
Exporter, page 805.
• When you use the event exporter within an active/standby topology, only the active instance
exports the security-event information. (For more information, see System Configuration-
Synchronization Commands, page 681.)
• The event exporter can export to the specified syslog server only over UDP.
The system exporter commands comprise the following:
• system exporter configuration get, page 695
• System Exporter Event-Type Commands, page 696
• System Exporter History Commands, page 697
• System Exporter State Commands, page 698
• System Exporter Syslog-Host Commands, page 699
• System Exporter Syslog-Port Commands, page 699
system exporter configuration get

Displays the full configuration of the event exporter.
Syntax
system exporter configuration get

Example output
Exporter disabled
type: syslog
syslogHost:
syslogPort: 514
rabbitHost: rabbit-rabbitPort: 5672-rabbitUserName: radware-rabbitPassword:
radware-rabbitQueueName: event.exporter
DPTrafficUtilization: true
DPSecurityAttack: true
DFSecurityAttack: true
DFTrafficUtilization: true
DFBdosBaseline: true
System Exporter Event-Type Commands

Use system exporter event-type commands to manage the event types that the event
exporter exports.
The system exporter event-type commands comprise the following:
• system exporter event-type disable, page 696
• system exporter event-type enable, page 697
• system exporter event-type get, page 697
system exporter event-type disable

Disables exporting events per event type.
full configuration of the event exporter.
Syntax
system exporter event-type disable <event-type>
<event-type> The type of the event to disable export. Required

Values:
• all —Disables all event-types exporting.
• DFBdosBaseline —Disables DefenseFlow BDoS
Baseline exporting.
• DFSecurityAttack —Disables DefenseFlow Security
Attack exporting.
• DFTrafficUtilization —Disables DefenseFlow
Traffic Utilization exporting.
• DPSecurityAttack —Disables DefensePro Security
Attack exporting.
• DPTrafficUtilization —Disables DefensePro Traffic
Utilization exporting.

system exporter event-type enable

Enables exporting events per event type.
Syntax
system exporter event-type enable <event-type>
<event-type> The type of the event to enable export. Required

Values:
• all —Enables all event-types exporting.
• DFBdosBaseline —Enables DefenseFlow BDoS
Baseline exporting.
• DFSecurityAttack —Enables DefenseFlow Security
Attack exporting.
• DFTrafficUtilization —Enables DefenseFlow
Traffic Utilization exporting.
• DPSecurityAttack —Enables DefensePro Security
Attack exporting.
• DPTrafficUtilization —Enables DefensePro Traffic
Utilization exporting.
system exporter event-type get

Displays the configuration of exporting events per event type.
Syntax
system exporter event-type get <event-type>
<event-type> The type of the event to enable export. Required

Values:
• all —Displays the configuration of all event-types
exporting.
• DFBdosBaseline —Displays the configuration of
DefenseFlow BDoS Baseline exporting.
• DFSecurityAttack —Displays the configuration of
DefenseFlow Security Attack exporting.
• DFTrafficUtilization —Displays the configuration
of DefenseFlow Traffic Utilization exporting.
• DPSecurityAttack —Displays the configuration of
DefensePro Security Attack exporting.
• DPTrafficUtilization —Displays the configuration
of the configuration of DefensePro Traffic Utilization
exporting.
System Exporter History Commands

Use system exporter history commands to export previous records, which are stored on
APSolute Vision.
The system exporter event-type commands comprise the following:
• system exporter history last, page 698
• system exporter history period, page 698

system exporter history last

Exports all the export events of the last 30 days.
Syntax
ssystem exporter history last
system exporter history period

Exports all the event-exporter records, which are stored on APSolute Vision, for any specified period,
which can be up to thirty days long.
Syntax
system exporter history period <from> <to>
<from> The start day and time, in yyyy/MM/dd:HH:mm:ss format. Required
<to> The end day and time, in yyyy/MM/dd:HH:mm:ss format. Required
System Exporter State Commands

Use system exporter state commands to manage the state of the exporter.
The system exporter state commands comprise the following:
• system exporter configuration state disable, page 698
• system exporter configuration state enable, page 698
• system exporter configuration state get, page 699
system exporter configuration state disable

Disables the event exporter.
Syntax
system exporter state disable
system exporter configuration state enable

Enables the event exporter and displays the current configuration, which includes the following
parameters:
• syslogHost—For more information, see System Exporter Syslog-Host Commands, page 699.
• syslogPort—For more information, see System Exporter Syslog-Port Commands, page 699.
• DPTrafficUtilization—true or false; that is, enabled or disabled. For more information, see
System Exporter Event-Type Commands, page 696.
• DPSecurityAttack—true or false; that is, enabled or disabled. For more information, see
• DFSecurityAttack—true or false; that is, enabled or disabled. For more information, see
• DFTrafficUtilization—true or false; that is, enabled or disabled. For more information, see
• DFBdosBaseline—true or false; that is, enabled or disabled. For more information, see System
Exporter Event-Type Commands, page 696.
Note: Some values are for future use.

Syntax
system exporter state get
system exporter configuration state get

Displays the state of the event exporter: enabled, or disabled.
Syntax
system exporter state get
System Exporter Syslog-Host Commands

The system exporter syslog-host commands comprise the following:
• System exporter syslog-host get, page 699
• system exporter syslog-host set, page 699
System exporter syslog-host get

Displays the host name or IP address of the syslog server, which is the target of the event exporter.
Syntax
system exporter syslog-host get
system exporter syslog-host set

Sets the host name or IP address of the syslog server, which is the target of the event exporter.
Syntax
system exporter syslog-host set <host>
<host> The host name or IP address. Required
System Exporter Syslog-Port Commands

The system exporter syslog-port commands comprise the following:
• System exporter syslog-port get, page 699
• system exporter syslog-port set, page 699
System exporter syslog-port get

Displays the port number of the syslog server, which is the target of the event exporter.
Syntax
system system exporter syslog-port get
system exporter syslog-port set

Sets the port number syslog server, which is the target of the event exporter.
Syntax
system system exporter syslog-port set <port>
<port> The port number. Required

Default: 514

system hardware status get

Returns a table showing each of the APSolute Vision physical server fans and its status: OK/Failed
and the device temperature. The temperature is displayed in Celsius and Fahrenheit.
Syntax
system hardware status get
System Hostname Commands

The system hostname commands comprise the following:
• system hostname get, page 700
• system hostname set, page 700
system hostname get

Displays the hostname of the APSolute Vision server.
Syntax
system hostname get
system hostname set

Sets the system hostname. The hostname will be included in the system backup, configuration
backup, and restored following system restore. The hostname reverts to the default
(vision.radware) in system cleanup.
Following a hostname update, the system prompts you whether to allow or deny regenerating the
certificate, which will use the new hostname. It does not matter whether the system is using a
default self-signed certificate or a non-default certificate.
Syntax
system hostname set <hostname>
<hostname> The hostname. The hostname must conform to RFC 952. Optional
If a nat hostname is configured (see net nat set hostname,
page 658), and the nat hostname is the same as the system
hostname before running system hostname set, this
command overwrites the nat hostname.
Caution: You must not use radware as the hostname.
Note: A period (.) is expected to delimit components (for
example, vision.radware.com), however, APSolute Vision
does not enforce fully qualified domain names.
System Java Security Commands

Use system java security commands to control the allowed certificate algorithm that APSolute
Vision uses to communicate with managed devices.
The system java security commands comprise the following:
• system java certificate-algorithm set, page 701
• system java certificate-algorithm get, page 701

system java certificate-algorithm set

Specifies the security level for certificates that APSolute Vision allows to be used to communicate
with managed devices.
Syntax
system java certificate-algorithm set {tolerant|strict}
tolerant Default. APSolute Vision allows the use of certificates Required

signed with an MD5 signature.
strict APSolute Vision prohibits the use of certificates signed Required

with an MD5 signature within X.509 certificates used by
SSL/TLS and code-signing. This option prevents APSolute
Vision from communicating with devices using MD5
signatures.
system java certificate-algorithm get

Displays the security level for certificates that APSolute Vision allows to be used to communicate
with managed devices.
Syntax
system java certificate-algorithm get
System LLS Commands

Use system lls commands to manage the Local License Server (LLS) for the Radware ADC global
elastic license (GEL).
Installation of APSolute Vision includes the LLS.
Only the local radware user can use system lls commands.
If there is sufficient RAM on the APSolute Vision platform, The LLS service starts automatically with
APSolute Vision.
For an APSolute Vision installation without APM, the minimum is 24 GB RAM. For an APSolute Vision
installation with APM, the minimum is 32 GB RAM.
Caution: If there is insufficient RAM on the APSolute Vision server, the LLS service cannot start. If
you are using an installation that does not have the minimum amount of RAM, to use the LLS, you
must first increase the RAM for it manually, in the virtual infrastructure.
Notes
• The APSolute Vision LLS uses the Flexera cloud management system to manage GEL
authorization.
• Use the GEL Dashboard to allocate throughput to Alteon servers using GEL Entitlements, and to
view Entitlement notifications. For more information, see Using the GEL Dashboard, page 576.

The system lls commands comprise the following:

• System LLS Install Commands, page 702
• system lls logs install, page 704
• system lls service, page 704
• system lls state, page 704
• system lls certificates replace, page 705
• system lls version, page 705
System LLS Install Commands

Use system lls install commands to manually install and configure the LLS.
The system lls install commands comprise the following:
• system lls install standalone, page 702
• system lls install backup, page 703
• system lls install main, page 703
APSolute Vision supports the following the LLS-install-modes: standalone, backup, and main.
By default, installation of APSolute Vision includes the LLS with the standalone FlexNet Operations
(FNO) mode.
The backup and main LLS-install-modes support LLS high-availability (HA).
Caution: Although LLS HA is not directly related to the APSolute Vision configuration-
synchronization feature, if you deploy LLS in a high-availability configuration, Radware recommends
nonetheless using the configuration-synchronization feature—and configuring the LLS service on the
appropriate instances of a configuration-synchronization pair. For more information on the
configuration-synchronization feature, see System Configuration-Synchronization Commands,
page 681.
When you deploy the LLS in a high-availability configuration, Radware recommends that you do the
following:
1. Deploy the backup LLS service, as described in system lls install backup, page 703.
Radware recommends that you configure the backup LLS service on the standby instance of a
configuration-synchronization pair (see system config-sync mode Commands, page 683).
2. Deploy the main LLS service, as described in system lls install main, page 703.
Radware recommends that you configure the main LLS service on the active instance of the
configuration-synchronization pair (see system config-sync mode Commands, page 683).
3. On the APSolute Vision server with the backup LLS service, stop and start the service, as
described in system lls service, page 704.
system lls install standalone

Manually installs the LLS in standalone mode. By default, installation of APSolute Vision includes the
LLS with the standalone FlexNet Operations (FNO) mode.
Syntax
system lls install standalone [-cloud-sync <FNO|offline>] [-server-alias
<server alias>]

<FNO|offline> Use one of the following commands: Required

• FNO —Installs the LLS service with FlexNet Operations
synchronization.
• offline —Installs the LLS service with offline
synchronization.
<server alias> A user-defined name for the LLS, which can be helpful to Optional
identify the LLS in the cloud portal. If no alias is given,
APSolute Vision uses the automatically generated host ID as
the name of the LLS.
Note: Radware recommends that you use this option to
provide a meaningful name for the LLS that will display in
the Flexera FlexNet Operations Cloud Portal.
system lls install backup

Manually installs the LLS in backup mode, for the backup peer of an LLS HA pair.
Syntax
system lls install backup -peer-host <main LLS IP address> [-cloud-sync
<FNO|offline>] [-server-alias <server alias>]
<main LLS IP address> The IP address of APSolute Vision server with the Required
main LLS service.

• FNO —Installs the LLS service with FlexNet
Operations synchronization.
synchronization.
<server alias> A user-defined name for the LLS, which can be Optional
helpful to identify the LLS in the cloud portal. If no
alias is given, APSolute Vision uses the automatically
generated host ID as the name of the LLS.
Note: Radware recommends that you use this
option to provide a meaningful name for the LLS
that will display in the Flexera FlexNet Operations
Cloud Portal.
system lls install main

Manually installs the LLS in main mode, for the backup peer of an LLS HA pair.
Syntax
system lls install main -peer-host <backup LLS IP address> [-cloud-sync
<FNO|offline>] [-server-alias <server alias>]

<backup LLS IP address> The IP address of APSolute Vision server with the Required
backup LLS service.

• FNO —Installs the LLS service with FlexNet
Operations synchronization.
synchronization.
<server alias> A user-defined name for the LLS, which can be helpful Optional
to identify the LLS in the cloud portal. If no alias is
given, APSolute Vision uses the automatically
generated host ID as the name of the LLS.
Note: Radware recommends that you use this option
to provide a meaningful name for the LLS that will
display in the Flexera FlexNet Operations Cloud
Portal.
system lls logs install

Displays the latest LLS installation logs.
Syntax
system lls logs install
system lls service

Configures the status of the LLS service.
Syntax
system lls service {start|status|stop}
{start|status|stop} Use one of the following commands: Required

• start —Starts the LLS service.
• status —Displays the status of the LLS service.
• stop —Stops the LLS service.
system lls state

Specifies the admin state of the LLS.
Syntax
system lls state {disable|enable|get}
{disable|enable|get} Use one of the following commands: Required

• disable —Disables the LLS.
• enable —Enables the LLS.
• get —Displays the admin state of the LLS.

system lls certificates replace

Replaces the flexnet.certs file (which contains the trusted-certificates set of the LLS) with the
flexnet.certs file in the <APSolute Vision server IP address>/temp directory.
Copying the flexnet.certs file to the <APSolute Vision server IP address>/temp
directory is performed using the vision-files user. Only the vision-files user has SCP access to
copy and delete files from the <APSoluteVisionIPAddress>/temp directory.
Before you replace the file, copy the file to the <APSolute Vision server IP address>/temp
directory.
Caution: Replacing the certificate file requires restarting the LLS.
Syntax
system lls certificates replace
system lls version

Displays the version of the LLS. Typically, this action is for internal, debugging purposes.
Syntax
system lls version
System NTP Commands

Use system ntp commands to manage Network Time Protocol (NTP) settings to synchronize time
and date across the network.
The system ntp commands comprise the following:
• system ntp servers add, page 705
• system ntp servers del, page 706
• system ntp servers get, page 706
• system ntp service, page 706
system ntp servers add

Adds an NTP server to the list of NTP servers.
Syntax
system ntp servers add <server> [minpoll <minpoll>] [maxpoll <maxpoll>]
[prefer]
<server> The URL or IP address of the NTP server. Required
<minpoll> The minimum poll interval for NTP messages, as a power Optional
of 2 in seconds.
Minimum: 4—That is, 16 seconds.
Default: 6—That is, 64 seconds.

<maxpoll> The maximum poll interval for NTP messages, as a power Optional
of 2 in seconds.
Maximum: 17—That is, approximately 36.4 hours.
Default: 10—That is, 1024 seconds, approximately 17
minutes.
prefer Specifies that this host will be chosen for Optional

synchronization, all other things being equal. For more
information, go to
http://www.ntp.org/.
system ntp servers del

Deletes the specified NTP server.
Syntax
system ntp servers del <server>
<server> The URL or IP address of the NTP server. Required
system ntp servers get

Displays the list of the NTP servers with the specified arguments (minpoll, maxpoll, and
prefer).
Syntax
system ntp servers get
system ntp service

Starts and stops the NTP service (ntpd).
Caution: For APSolute Vision VA—The time on the APSolute Vision VA must be the same as—or
within several minutes of—the time on the VMware host. Otherwise, an APSolute Vision reboot may
hang (even when, in the VMware Tools, the synchronize guest time with host checkbox is cleared). If
the reboot hangs, reboot the APSolute Vision VA server, which should solve the problem. For more
information on this issue, refer to the VMware knowledge article Timekeeping best practices for
Linux guests (1006427) at
http://kb.vmware.com/selfservice/microsites/
search.do?language=en_US&cmd=displayKC&externalId=1006427).
Syntax
system ntp service {start|stop|status}

{start|stop|status} Use one of the following commands: Required

• start —Starts the NTP service, which starts to send
query messages to the external NTP servers to
synchronize time and date.
• stop —Stops the NTP service.
• status —Displays the status of the NTP service
(running or stopped) and the following additional
information in table form when the service is running:
— remote—Server name or IP address
— refid—Association ID
— st—Server stratum level
— t—Type:
• u—Unicast or manycast client
• b—Broadcast or multicast client
• l—Local (reference clock)
• s—Symmetric (peer)
• A—Manycast server
• B—Broadcast server
• M—Multicast server
— when—Sec/min/hr since last received packet
— poll—Poll interval (log2(sec))
— reach—Reach shift register (octal)
— delay—Round-trip delay
— offset—Offset of server relative to this host
— jitter—Jitter
system rpm list

Lists the RPM Package Manager (RPM) packages used by the APSolute Vision server.
Syntax
system rpm list
System SNMP Commands

Use system snmp commands to manage the settings of the Simple Network Management Protocol
(SNMP) interface for APSolute Vision monitoring.
By default, the SNMP service in APSolute Vision is not started.
Access to the system snmp service commands is available to users with the Administrator and
the Vision Administrator role.
Access to the system snmp community commands and to the system snmp trap target
commands is available only to users with the Administrator role.
Note: For information on the MIBs that the SNMP interface exposes, see Appendix C - MIBs for
Monitoring APSolute Vision, page 761.

The system snmp commands comprise the following:

• system snmp service start, page 708
• system snmp service status, page 708
• system snmp service stop, page 708
• system snmp community add, page 708
• system snmp community delete, page 708
• system snmp community list, page 709
• system snmp trap target add, page 709
• system snmp trap target delete, page 709
• system snmp trap target list, page 709
system snmp service start

Starts the SNMP interface for APSolute Vision monitoring.
Note: By default, the SNMP service in APSolute Vision is not started.

Syntax
system snmp service start
system snmp service status

Shows the status of the SNMP interface for APSolute Vision monitoring: snmpd (pid <pid>) is
running or snmpd is stopped.
Syntax
system snmp service status
system snmp service stop

Stops the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp service stop
system snmp community add

Adds a community to the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp community add <community>
<community> The community name. Required
system snmp community delete

Deletes a community from the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp community delete <community>

system snmp community list

Lists the communities of the SNMP interface for APSolute Vision monitoring, with the columns:
Security Name, Source, and Community.
Syntax
system snmp community list
system snmp trap target add

Adds a trap target to the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp trap target add <host> <community> [port]
[port] The port number. Optional
system snmp trap target delete

Deletes a trap target from the SNMP interface for APSolute Vision monitoring.
Syntax
system snmp target delete <host> <community>
system snmp trap target list

Lists the trap targets of the of SNMP interface for APSolute Vision monitoring, with the columns
Destination and Community.
Syntax
system snmp target list
System SSL Commands

Use system ssl commands to create, import, and show SSL certificates.
The system ssl commands comprise the following:
• system ssl create, page 709
• system ssl import, page 710
• system ssl show, page 712
system ssl create

Creates a new self-signed certificate, according to SHA-2 (SHA-256), with the information you
provide.
The system stores one SSL certificate.
The system asks you for information that will be incorporated into the certificate request. The
default value is APSolute Vision Server. To leave a field blank, press ENTER.

The system asks you for the following information:

• Common Name—The server hostname or the IP address. Default: APSolute Vision Server.
• Country Name—The two-letter code. Default: NA.
• State or Province Name—Default: NA.
• Locality Name—For example, the city. Default: NA.
• Organization Name—For example, the company name. Default: NA.
• Organizational Unit Name—For example, the company department. Default: NA.
• Email Address—Default: NA.
Caution: Every certificate includes a validity period, which is defined by a start date and an end
date. To prevent certificate-validity conflicts, before creating certificates, make sure that the correct
time is configured on the APSolute Vision server—either manually or using an NTP server.
Note: Replacing the SSL certificate reboots the AVR Web server. You will need to log in again to
AVR.
Syntax
system ssl create
system ssl import

Imports a private key and certificate in PEM or PKCS #12 format.
system ssl import pem

Imports a private key and certificate in PEM format.
Syntax
system ssl import pem <protocol>://<user>@<server>:/<path/to/directory> -key
<key_filename> -cert <certificate_filename>[-pass <key_passphrase>] [-interm
<intermediate_certifcate_filename>]

• sftp
• scp

<path/to/directory> The path to the directory. Required
<key_filename> The name of the key in the remote directory. Required
<certificate_filename> The name of the certificate in the remote directory. Required

<key_passphrase> The passphrase of the key file in the remote directory. Optional
For PEM, the key passphrase is optional. Supply the key
passphrase if the private key is encrypted with a
passphrase.
<intermediate_certifca The name of the intermediate certificate in the remote Optional

te_filename> directory.
Example
sftp://radware@1.1.1.1:/tmp -key key.pem -cert cert.pem -pass 12345
system ssl import pkcs12

Imports a private key and certificate in PKCS #12 format.
Syntax
system ssl import pkcs12 <protocol>://<user>@<server>:/<path/to/directory>/
<PKCS12_filename> -pass <pkcs12_passphrase>
[<intermediate_certifcate_filename>]

• sftp
• scp

<path/to/directory> The path to the directory. Required
<PKCS12_filename> The name of the PKCS #12 file in the remote directory. Required
<pkcs12_passphrase> The name of the passphrase in the remote directory. Required
<intermediate_certifca The name of the intermediate certificate in the remote Optional

te_filename> directory.
Example
sftp://radware@1.1.1.1:/tmp/file.p12 -pass 12345

system ssl show

Displays the following certificate details:
• Subject:
— Common Name
— Country
— State
— Locality
— Organization
— Organization Unit
— Email Address
• Issuer:
— Common Name
— Country
— State
— Locality
— Organization
— Organization Unit
— Email Address
• Serial Number
• Validity:
— Start Date—In MMM DD hh:mm:ss yyyy GMT format
— End Date—In MMM DD hh:mm:ss yyyy GMT format
• Public Key Info:
— Public Key Algorithm—For example, rsaEncryption
— RSA Public Key—For example, (2048 bit)
Syntax
system ssl show
system statistics
Displays system resources statistics, including CPU utilization, uptime, system disk usage, database
disk usage, RAM utilization, and network throughput.
Syntax
system statistics
System Storage Commands

Use system storage commands to manage the storage locations of the following:
• APSolute Vision system backups
• APSolute Vision system-configuration backups
• APSolute Vision Reporter data backups
• Tech-support packages

The system storage commands comprise the following:

• system storage backup local, page 713
• system storage backup remote, page 713
• system storage backup info, page 713
system storage backup local

Sets the storage location to the hard-coded local directory.
Note: Only root users can manually manage files in the hard-coded local directory.
Syntax
system storage backup local
system storage backup remote

Sets the storage location to a remote directory using either NFS or CIFS (Samba).
Syntax
system storage backup remote <protocol>://<server>:/<path/to/store>
<protocol> Values: nfs, cifs Required
<path/to/store> The path to the storage directory. Required
system storage backup info

Lists the storage location.
Syntax
system storage backup info
System TCP Capture Commands

Use system tcpdump commands to dump a TCP capture for debugging.
The system tcpdump commands comprise the following:
• system tcpdump export, page 713
• system tcpdump print, page 714
system tcpdump export

Exports the TCP capture file by SSH. The capture file, dump.cap, is created locally, on the server.
When the TCP capture ends, you are prompted to download the capture file from the APSolute Vision
Web interface. (For the procedure, see Managing APSolute Vision Maintenance Files, page 165.)
The file is overwritten each time you run the tcpdump export command.
After entering the system tcpdump export command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.

Filter-expression examples:
• port 80 —Filter packets with source port 80.
• tcp src port 443 —Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Caution: The dump to the capture file (dump.cap) stops when the first condition is reached:
timeout_sec, max_packets, or size. To ensure that each dump includes as much data as
possible when you configure a timeout_sec condition, Radware recommends that you set
max_packets to the maximum (-c 0). To ensure that each dump includes as much data as
possible when you configure a max_packets condition, Radware recommends that you set
timeout_sec to the maximum (-t 0).
Syntax
system tcpdump export [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
<timeout_sec> The timeout, in seconds. Optional

Enter 0 for no timeout.
Default: 60
<max_packets> The maximum number of packets. Optional

Enter 0 for no maximum.
Default: 10,000
<size> The size to truncate packets to. Optional

Default: 0—Specifies no truncation
system tcpdump print

Dumps a TCP capture directly to the console.
After entering the system tcpdump print command, you are prompted to enter a filter. You can
enter a filter expression to select which packets to include in the dump. Alternatively, you can press
Enter to dump all the packets.
Filter-expression examples:
• port 80 —Filter packets with source port 80.
• tcp src port 443 —Filter TCP packets with source port 443.
Note: For more information on filter expressions, refer to the relevant Linux man pages.
Syntax
system tcpdump print [-t <timeout_sec>] [-c <max_packets>] [-s <size>]
<timeout_sec> The timeout in seconds. Enter 0 for no timeout. Optional

Default: 60

<max_packets> The maximum number of packets. Enter 0 for no maximum. Optional

Default: 10000
<size> The size to truncate packets to. Optional

Default: 0—Specifies no truncation
System Terminal Commands

Use CLI system terminal commands to manage the terminal prompt and banner displayed in the
APSolute Vision console. The settings are global settings common to all users who access the
APSolute Vision CLI shell.
Note: The settings are persistent and are included in the APSolute Vision configuration backup and
restore operations.
The system terminal commands comprise the following:
• System Terminal Prompt Commands, page 715
• System Terminal Banner Commands, page 715
System Terminal Prompt Commands

The system terminal prompt commands comprise the following:
• system terminal prompt set, page 715
• system terminal prompt get, page 715
system terminal prompt set

Specifies the string to be used as the terminal prompt.
Syntax
system terminal prompt set
system terminal prompt get

Retrieves the string currently used as the terminal prompt.
Syntax
system terminal prompt get
System Terminal Banner Commands

By default there is an empty banner—that is, no banner.
At startup, the following is printed to the console:
1. The banner, if defined.
2. The system version information.
3. The MAC addresses of the available ports.
The system terminal banner commands comprise the following:
• system terminal banner update, page 716
• system terminal banner get, page 716

system terminal banner update

Launches a vi shell to edit the string to be used as start-up banner.
Syntax
system terminal banner update
system terminal banner get

Retrieves the string currently used as start-up banner.
Syntax
system terminal banner get
System Timezone Commands

Use system timezone commands to display and set the timezone, with or without daylight saving
time, on the APSolute Vision server.
The system timezone commands comprise the following:
• system timezone get, page 716
• system timezone list, page 716
• system timezone set, page 716
system timezone get

Displays the timezone set on the APSolute Vision server.
Syntax
system timezone get
system timezone list

Lists the timezones that are supported on the APSolute Vision server.
Syntax
system timezone list
Tip: To paginate output, use system timezone list | more. To find a specific timezone, use
|grep. For example, to find the timezone for London, use system timezone list | grep Lon
to display all time-zone names containing Lon.
system timezone set

Sets the timezone on the APSolute Vision server, and implements daylight saving time, if required.
You can use any timezone from the list of supported timezones.
Note: In an APSolute Vision server with APM server VA installation, this command affects the
APSolute Vision server and the APM module. That is, in an APSolute Vision server with APM server
VA installation, changing the timezone in the APM Linux shell, has no effect.
Timezones for named locations, for example, Europe/London, set the GMT value and daylight saving
time parameters for those areas.
To set a timezone without daylight saving time adjustments, use a generic GMT timezone, for
example, Etc/GMT+2.

For timezone names beginning with Etc/GMT, the zones west of GMT have a positive (+) sign, and
the zones east of GMT have a negative (-) sign in the timezone name. For example,
Etc/GMT-2 is 2 hours ahead/east of GMT.
To prevent incorrect timezone configuration, use the country name listed in the timezone list,
not timezones beginning with Etc/GMT.
Tip: To view the list of supported timezones, use system timezone list.
Syntax
system timezone set <timezone_name>
<timezone_name> The name of the timezone, selected from the list of supported Required
timezones. The timezone name is case-sensitive, for example,
system timezone set Europe/London.
System Upgrade Commands

Use System Upgrade commands to upgrade the APSolute Vision software version or the APSolute
Vision online help stored on the APSolute Vision server.
Note: You can also use the APSolute Vision WBM to upgrade the APSolute Vision software version or
the APSolute Vision online help stored on the APSolute Vision server.
system upgrade full

Launches the upgrade process of APSolute Vision software, using an upgrade file in the <APSolute
Vision server IP address>/temp directory.
Copying the file is performed using the vision-files user. Only the vision-files user has SCP access
to copy and delete files from the <APSoluteVisionIPAddress>/temp directory.
Before you initiate the upgrade, you should copy the upgrade file to the <APSolute Vision
server IP address>/temp directory.
The procedure requires a valid upgrade file.
Syntax
system upgrade full <filename> <password>
<filename> The name of the upgrade file, including the extension. Required
<password> The password of the upgrade file. Required only

for major
version
system upgrade help

Starts a script to upgrade the APSolute Vision online help using an upgrade file in the <APSolute
Vision server IP address>/temp directory.
Only a vision-files user has SCP access to copy and delete files from the
<APSoluteVisionIPAddress>/temp directory.
This procedure requires a valid online-help–upgrade package. For more information on the online-
help package, see Managing the Online-Help Package on the Server, page 737.

Syntax
system upgrade help <filename>
<filename> The name of the upgrade file, including the extension. Required
System User Authentication-Mode Commands

The system user authentication-mode commands comprise the following:
• system user authentication-mode set, page 718
• system user authentication-mode get, page 719
system user authentication-mode set

Sets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).
Note: The setting is retained after reboot of the APSolute Vision server, and it is included in the
APSolute Vision configuration backup and restore operations.
Syntax
system user authentication-mode set {Local | RADIUS | TACACS+ | LDAP}

{Local|RADIUS|TACACS+|LDAP} The user-authentication method APSolute Vision Required

client users.
Values:
• Local —The Local Users table stores the
credentials of and authenticates the
APSolute Vision users (see Configuring Local
Users for APSolute Vision, page 99).
• RADIUS —A RADIUS server stores the
APSolute Vision users (see Managing
RADIUS Server Connections, page 137). If
the RADIUS server and, if defined,
secondary RADIUS server is down, user
authentication fails over to the Local Users
table (see Configuring Local Users for
APSolute Vision, page 99).
• TACACS+ —A TACACS+ server stores the
APSolute Vision users (see Managing
TACACS+ Server Connections, page 142). If
the TACACS+ server and, if defined,
secondary TACACS+ server is down, user
• LDAP —An LDAP server stores the
APSolute Vision users (see Configuring LDAP
Server Connections, page 149). If the
primary LDAP server and, if defined,
secondary LDAP server is down, user
Default: Local
system user authentication-mode get

This command is available only to users with the Administrator role.
Gets the user-authentication method for all access to APSolute Vision (CLI, Web interface, or client).
Syntax
system user authentication-mode get

System User Password Commands

Use system user password commands to reset or set passwords.
The system user password commands comprise the following:
• system user password change, page 720
• system user password root, page 720
• system user password vision-files, page 720
• system user password vision-tech, page 721
system user password change

Changes the password of the radware user or an Administrator user of the same account. That is,
this command is available only to the radware user or an Administrator user to change his/her own
password.
Caution: Radware recommends using the radware only for disaster recovery, and keeping the
details of the radware user secret from all except special administrators.
Notes
• The default password is radware.
• This command is not available to Vision Administrator users.
When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.
Syntax
system user password change <user>
<user> The username. Required
system user password root

Changes the root user password for access to the APSolute Vision operating system.
This command is available only to the radware user and the root user.
Note: The default password for username root is radware.

When you use this command, you will be prompted to enter a new password at the New UNIX
Password prompt; then, retype the password for verification.
Syntax
system user password root
system user password vision-files

Runs a script to set a new password for SCP access by vision-files users. The script prompts you
for the new password. For security reasons, the characters of the password are not displayed. The
default password is radware.
The vision-files user has SCP access only to copy and delete files from the
<APSoluteVisionIPAddress>\temp directory.

The vision-files users are authenticated locally by APSolute Vision server, regardless of whether the
system is configured to use a different authentication method. That is, vision-files users cannot be
overridden by the configuration of an authentication server.
This command is available only to the radware user and Administrator users.
Syntax
system user password vision-files
system user password vision-tech

Runs a script to set a new password for Web access by Radware Technical Support. The script
prompts you for the new password. For security reasons, the characters of the password are not
displayed. The default password is radware.
This command is available only to the radware user and Administrator users.
Syntax
system user password vision-tech
system version
Displays the current APSolute Vision version and the versions of its components.
Syntax
system version
System VRM Commands

Use system vrm commands to manage the state of the services for outbound SSL-inspection
monitoring.
The system vrm commands comprise the following:
• system vrm outbound-ssl-inspection state enable, page 721
• system vrm outbound-ssl-inspection state disable, page 721
• system vrm outbound-ssl-inspection state get, page 722
Note: For more information on outbound SSL-inspection monitoring, see Monitoring Outbound SSL
Inspection, page 3162 (in Using Real-Time Security Monitoring, page 583) and the APSolute Vision
system vrm outbound-ssl-inspection state enable

Enables the services for monitoring outbound SSL Inspection.
Syntax
system vrm ssl-inspection state enable
system vrm outbound-ssl-inspection state disable

Disables the services for monitoring outbound SSL Inspection.
Syntax
system vrm ssl-inspection state disable

system vrm outbound-ssl-inspection state get

Gets the state of the services for monitoring outbound SSL Inspection.
Syntax
system vrm ssl-inspection state get
Migrating APSolute Vision from the OnDemand Switch VL

Platform to the OnDemand Switch VL2 Platform
This section describes the procedure required for migrating APSolute Vision on the OnDemand
Switch VL (ODS-VL) platform to the OnDemand Switch VL2 (ODS-VL2) platform.
The procedure requires root access to the ODS-VL2 operating system.
You can migrate to the ODS-VL2 platform with only the system-configuration backup of the ODS-VL
platform or with the full system backup of the ODS-VL platform. For information on what each
backup includes, see System Backup Configuration Commands, page 666 and System Backup Full
Commands, page 669.
To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with only
the system-configuration backup
1. Install APSolute Vision on the ODS-VL2 platform.
Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the
APSolute Vision Installation and Maintenance Guide.
2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on
the ODS-VL2 platform that you installed in the previous step. For more information, see
Managing APSolute Vision Basic Information and Properties, page 112.
3. Create a system-configuration backup of the APSolute Vision on the ODS-VL platform. For more
information, see system backup config create, page 666.
4. Export the system-configuration backup from the storage location on the ODS-VL platform to a
specified location (for example, your computer). For more information, see system backup
config export, page 667.
5. Import the system-configuration backup from the specified location to the storage location on
the ODS-VL2 platform. For more information, see system backup config import, page 668.
6. Restore the system on the ODS-VL2 platform using the specified system-configuration backup.
For more information, see system backup config restore, page 669.
7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following
command:
system_post_restore.sh
8. Run the following command to restart APSolute Vision:
reboot

To migrate APSolute Vision from the ODS-VL platform to the ODS-VL2 platform with the
full system backup
1. Install APSolute Vision on the ODS-VL2 platform.
Note: For information about installing APSolute Vision on the ODS-VL2 platform, see the
APSolute Vision Installation and Maintenance Guide.
2. Upgrade APSolute Vision on the ODS-VL platform to the same version and build number as on
the ODS-VL2 platform that you installed in the previous step. For more information, see
Managing APSolute Vision Basic Information and Properties, page 112.
3. Create a full system backup of the APSolute Vision on the ODS-VL platform. For more
information, see system backup full create, page 670.
4. Export the full system backup from the storage location on the ODS-VL platform to a specified
location (for example, your computer). For more information, see system backup full export,
page 670.
5. Import the full system backup from the specified location to the storage location on the ODS-
VL2 platform. For more information, see system backup full import, page 671.
6. Restore the system on the ODS-VL2 platform using the specified full system backup. For more
information, see system backup full restore, page 673.
7. On the ODS-VL2 platform, from the root/opt/radware/box/bin directory, run the following
command:
system_post_restore.sh
reboot
Managing the Protection for the Meltdown and Spectre

Exploit Vulnerabilities in APSolute Vision
Protection against the Meltdown and Spectre exploit vulnerabilities in APSolute Vision is enabled by
default. If you are sure that your system does not require the protection, you can disable the
protection, and APSolute Vision may benefit from improved performance. You can re-enable the
protection later.
The following procedures require root access to the operating system.
To disable protection against the Meltdown and Spectre exploit vulnerabilities

1. Log in to the APSolute Vision CLI as a root user.
2. Navigate to the /opt/radware/box/bin directory.
3. Run the following command:
./disable_meltdown.sh
4. Log in to the APSolute Vision CLI as the radware user.
reboot

To enable protection against the Meltdown and Spectre exploit vulnerabilities

1. Log in to the APSolute Vision CLI as a root user.
2. Navigate to the /opt/radware/box/bin directory.
3. Run the following command:
./enable_meltdown.sh
4. Log in to the APSolute Vision CLI as the radware user.
reboot

CHAPTER 25 – USING VDIRECT WITH
APSOLUTE VISION
The following topics describe using vDirect with APSolute Vision:
• vDirect-APSolute Vision Integration—Overview, page 725
• Accessing the vDirect Configuration Interface of the APSolute Vision Server, page 725
• Managing Devices in APSolute Vision with vDirect, page 726
Note: If you need to refer to the Radware vDirect documentation, use the documentation that
corresponds to the vDirect version in the APSolute Vision server. To determine the vDirect version, in
the APSolute Vision Settings view System perspective, select General Settings > Basic
Parameters and look in the Software tab.
vDirect-APSolute Vision Integration—Overview

The APSolute Vision installation includes vDirect.
Users with a proper role can use vDirect with APSolute Vision to do the following:
• Add Alteon, DefensePro, and LinkProof NG devices to the APSolute Vision configuration
• Delete Alteon, DefensePro, and LinkProof NG devices from the APSolute Vision configuration
• Modify Alteon, DefensePro, and LinkProof NG devices that APSolute Vision manages
• Use the Toolbox scripts feature
• Use the Toolbox Workflows tab
Caution: An upgrade of APSolute Vision may include changes to vDirect objects included in the
APSolute Vision installation—that is, system scripts. Examples of system scripts are predefined
Toolbox scripts (see Predefined Toolbox Scripts, page 228) and some AppShape templates. If you
modify a system script, Radware recommends downloading the file, renaming it, and uploading it to
APSolute Vision as a new script with your modifications.
Accessing the vDirect Configuration Interface of the

APSolute Vision Server
The role-based access control (RBAC) configurations of both the APSolute Vision server and
APSolute Vision vDirect manage the access to the APSolute Vision vDirect configuration interface.
Users defined only in vDirect cannot log in to APSolute Vision.
APSolute Vision users who are defined with the Administrator or Vision Administrator role can access
vDirect.
vDirect uses the identity-management (IDM) strings of the Administrator and Vision Administrator
roles to map to an Administrator role in vDirect. The IDM string for the APSolute Vision
Administrator role is SYS_ADMIN. The IDM string for the APSolute Vision Vision Administrator role is
VISION_ADMIN.

Using vDirect with APSolute Vision
Other than Administrator and Vision Administrator, no other APSolute Vision roles can access
vDirect. vDirect maps all other APSolute Vision roles to a vDirect role called defaultRole. The
defaultRole role has no permissions in vDirect, including viewing vDirect.
vDirect supports the following special users: admin, root, and vDirect, which are all mapped to the
vDirect Administrator role.
It is possible that the same username is defined both in APSolute Vision RBAC and vDirect access
control.
You can open the vDirect interface from the APSolute Vision sidebar menu ( Applications >
vDirect).
You can access vDirect explicitly through the APSolute Vision RBAC by entering vision: before the
username—for example, vision:john for a user named john.
You can access vDirect explicitly through the vDirect access control by entering pam: before the
username—for example, pam:john for a user named john.
Note: For more information on APSolute Vision RBAC, see Role-Based Access Control (RBAC),
page 85.
Managing Devices in APSolute Vision with vDirect

• APSolute Vision and vDirect Terminology, page 726
• APSolute Vision vDirect Sites, page 727
• APSolute-Vision–vDirect Limitations, page 727
• APSolute-Vision–vDirect Prerequisites and Recommendations, page 727
• Configuring a Container in vDirect, page 728
• Managing DefensePro Instances in APSolute Vision vDirect, page 732
APSolute Vision and vDirect Terminology

The terminology for managing Radware devices differs for APSolute Vision and vDirect as follows:
• In APSolute Vision, you add a device; whereas in vDirect, you register a device.
• A device that you added to APSolute Vision is referred to as a managed device; whereas in
vDirect, the device is referred to as registered.
• APSolute Vision categorizes Alteon devices by form factor (standalone, VX, or vADC) and
platform (platform model, VA, or hosting VX-platform model).
• vDirect calls all Alteon and LinkProof NG devices containers. vDirect calls standalone/VA and
vADC devices dedicated containers. vDirect calls VX devices partitioned containers.
Note: vDirect recognizes LinkProof NG devices as Alteon devices.

APSolute Vision vDirect Sites

When you register an Alteon or DefensePro device, adding the device to the associated APSolute
Vision server, vDirect adds the device under a Site in the APSolute Vision device pane called
vDirect. A vDirect Site in the Sites and Devices tree displays the Alteon standalone, vADC, and VA
devices and DefensePro devices. A vDirect Site in the Physical Containers tab displays ADC-VXs.
Caution: If you change the name of a vDirect Site in the APSolute Vision device pane, vDirect
does not recognize it later. That is, if you change the name of a vDirect Site in the APSolute Vision
device pane, and you register a new Radware device with APSolute Vision, vDirect will create a new
a vDirect Site.
APSolute-Vision–vDirect Limitations
vDirect in APSolute Vision includes the following limitations:
• For Radware devices that are added to APSolute Vision using APSolute Vision WBM, vDirect
displays IP address of each device, not the specified name.
• You cannot register multiple vADCs from multiple VXs in the same operation.
• vDirect recognizes LinkProof NG devices as Alteon devices.
• DefensePro high-availability (HA) clusters defined in APSolute Vision are not supported with
vDirect.
• Alteon HA clusters defined in APSolute Vision are not synchronized with vDirect.
• ADC Services (a type of HA cluster of Alteon devices) defined in vDirect are not supported with
APSolute Vision.
• There are differences in the set of device-access parameters that vDirect and APSolute Vision
expose. For example, APSolute Vision exposes the HTTP and HTTPS parameters, and event-
notification parameters. If a DefensePro device is registered on APSolute Vision using vDirect,
and the device Web (HTTPS) credentials are different from the CLI (SSH) credentials, you must
update the Web credentials of the device in the APSolute Vision Device Properties dialog box
(see the procedure To add a new device or edit device-connection information, page 176).
• If a device managed by APSolute Vision is in Maintenance status, device-synchronization
messages from vDirect do not update APSolute Vision.
• The APSolute Vision Lock operation on a device is not enforced on vDirect. That is, the APSolute
Vision and APSolute Vision vDirect can modify a device configuration in parallel. This may cause
conflicting configurations.
APSolute-Vision–vDirect Prerequisites and Recommendations

This section describes the prerequisites and recommendations for managing Radware devices in
APSolute Vision with vDirect.
Target Alteon and LinkProof NG devices must have SSH enabled and SNMP access enabled on the
management interface (/c/sys/mmgmt/snmp mgmt, /c/sys/access/snmp w, and /c/sys/
access/sshd/on).
Target DefensePro devices must have SSH and SNMP access enabled (manage ssh status set
enable and manage snmp status set enable).



Configuring a Container in vDirect

This section comprises the following:
• Registering an Alteon Dedicated or Alteon VX Partitioned Container, page 728
• Viewing the Resources Related to a Container, page 730
• Viewing the vADCs Related to a Partitioned Container (VX), page 731
• Registering an ADC of a Partitioned Container, page 731
• Modifying a Registered Container, page 732
• Unregistering a Container, page 732
Registering an Alteon Dedicated or Alteon VX Partitioned Container

This section describes how to register an Alteon dedicated or Alteon partitioned container.
When you register an Alteon dedicated container, vDirect / APSolute Vision adds the Alteon in the
vDirect Site of the Sites and Devices tree in the APSolute Vision device pane.
When you register an Alteon partitioned container, vDirect / APSolute Vision adds the Alteon VX in
the vDirect Site of the Physical Containers tree of the in the APSolute Vision device pane.
To configure an Alteon Dedicated or Alteon VX Partitioned container

1. Log in to the vDirect configuration interface of the APSolute Vision server (see Accessing the
vDirect Configuration Interface of the APSolute Vision Server, page 725).
2. From the upper menu options, select Configuration.
3. Select Containers.
4. Click Register.
5. Select Alteon Dedicated or Alteon VX Partitioned.

6. Configure the parameters, and then, do the following:

a. Click Validate to check that your settings are valid.
b. Click Register to complete the registration process.
Table 515: Alteon Dedicated or Alteon VX Partitioned Parameters
Name The container name.
Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.
Tenants Assigns the container to one or more tenants. For more information, see
the vDirect documentation.
Address The IP address where the dedicated ADC container resides. This is the
management IP address as it is defined on the managed device.
CLI User Name The username for CLI and HTTPS access to the device.
Default: admin
CLI Password The password for CLI and HTTPS access to the device.
Default: admin
CLI Use SSH Specifies whether the device uses SSH.
Default: Enabled
CLI Port The port for SSH communication with the device.
Default: 22
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
SNMP Port The SNMP port.
Default: 161
(This parameter is Maximum characters: 18
displayed only when
SNMP Version is
VersionThree.)
(This parameter is Values: MD5, SHA, None
displayed only when Default: SHA
SNMP Version is
VersionThree.)
Authentication The password used for authentication.
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)

Table 515: Alteon Dedicated or Alteon VX Partitioned Parameters
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
Privacy Protocol The SNMPv3 privacy protocol to use.
(This parameter is Values: DES, None
displayed only when Default: DES
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the dedicated ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write The SNMP write community name authorized to access the dedicated
Community ADC.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
Viewing the Resources Related to a Container

vDirect displays a list of the resources that are related to the vDirect object you are configuring. You
access the list of related resources as follows:
To view resources related to a container

4. In the Name column, click the link to the relevant container. The Resources Referencing box
displays the list of resources related to the container.
5. In the Name column, click the link to a resource to view configuration details for that resource.

Viewing the vADCs Related to a Partitioned Container (VX)

You can view a list of all vADCs in a container that vDirect / APSolute Vision manages. Managed
vADCs are called registered ADCs. You can also view a list of all vADCs in a container that are not
managed by vDirect. These are called unregistered ADCs.
To view registered vADCs in a container

4. In the Name column, click the link to the relevant container.
The Registered ADCs box displays the list of vADCs in the container.
To view unregistered ADCs in a container

5. In the Unregistered ADCs box, click Query Unregistered ADCs.
Registering an ADC of a Partitioned Container

When you register an ADC of a partitioned container, vDirect / APSolute Vision adds an Alteon vADC
in the vDirect Site of the Sites and Devices tree in the APSolute Vision device pane.
Registering an ADC of a partitioned container is similar to configuring APSolute Vision to manage a
vADC hosted by an ADC-VX managed by the same APSolute Vision server (see To configure
APSolute Vision to manage one or more vADCs hosted by an ADC-VX managed by the same
APSolute Vision server, page 183).
To register an ADC of a partitioned container

5. In the Unregistered ADCs box, click Query Unregistered ADCs.
6. Select an ADC from the list, and click Register Selected.

Modifying a Registered Container

This section describes how to modify a container already defined in the vDirect system.
To modify a registered container instance

4. In the Name column, click the link to the container you want to modify.
5. Make your changes.
6. Click Validate to check that your settings are valid.
7. Click Save to complete the process.
Unregistering a Container
This section describes how to remove a container from the vDirect system.
To unregister a container
4. Click the box to the left of the name of the container you want to unregister.
5. Click Unregister.
6. Click Unregister again to confirm the removal.
Managing DefensePro Instances in APSolute Vision vDirect

This section comprises the following:
• Registering a DefensePro Instance, page 733
• Modifying a Registered DefensePro Instance, page 735
• Unregistering a DefensePro Instance, page 735



Registering a DefensePro Instance

When you register an DefensePro instance in the vDirect / APSolute Vision system, vDirect /
APSolute Vision adds the DefensePro device in the vDirect Site of the Sites and Devices tree in the
APSolute Vision device pane.
Caution: If you use vDirect to register a DefensePro device, and the device Web (HTTPS)
credentials are different from the CLI (SSH) credentials, you must update the Web credentials of the
device in the APSolute Vision Device Properties dialog box (see the procedure To add a new device
or edit device-connection information, page 176).
To register a DefensePro instance

3. Select DefensePro.
4. Click Register.
5. Configure the parameters, and then, do the following:
a. Click Validate to check that your settings are valid.
b. Click Register to complete the registration process.
Table 516: DefensePro Instance Parameters
Name The name of the DefensePro instance.
Note: There are some reserved words (for example, DefenseFlow) that
APSolute Vision does not allow as names.

Tenants Configures and adds new tenants to the DefensePro instance. For more
information, see the vDirect documentation.
Address The management IP address of the DefensePro instance.
CLI User Name The username for CLI, HTTP, and HTTPS access to the device.
Default: radware
CLI Password The password for CLI, HTTP, and HTTPS access to the device.
Default: radware
CLI Use SSH Specifies whether the device uses SSH.
Default: Enabled
CLI Port The port for SSH or telnet communication with the device.
When SSH is enabled, the default SSH port is 22.
When SSH is disabled, the default Telnet port is 23.
Note: This value should be the same as the value for the SSH port
configured in the device (Configuration perspective System tab >
Management Access > Management Protocols > SSH).
Default: VersionThree
SNMP Port The SNMP port.
(This parameter is Maximum characters: 18
displayed only when
SNMP Version is
VersionThree.)
(This parameter is Values: MD5, SHA, None
displayed only when Default: SHA
SNMP Version is
VersionThree.)
Authentication The password used for authentication.
Password
(This parameter is
displayed only when
SNMP Version is
VersionThree.)
(This parameter is
displayed only when
SNMP Version is
VersionThree.)

Privacy Protocol The SNMPv3 privacy protocol to use.
(This parameter is Values: DES, None
displayed only when Default: DES
SNMP Version is
VersionThree.)
SNMP Read Community The SNMP read community name authorized to access the DefensePro.
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
SNMP Write The SNMP write community name authorized to access the DefensePro.
Community
(This parameter is
displayed only when
SNMP Version is
VersionOne or
VersionTwo.)
Modifying a Registered DefensePro Instance

This section describes how to modify a DefensePro instance already defined in the vDirect system.
To modify a registered DefensePro instance

4. In the Name column, click the link to the DefensePro instance you want to modify.
5. Make your changes.
6. Click Validate to check that your settings are valid.
7. Click Save to complete the process.
Unregistering a DefensePro Instance

This section describes how to remove a DefensePro instance from the vDirect system.
To unregister a DefensePro instance

4. Click the box to the left of the name of the DefensePro instance you want to unregister.

5. Click Unregister.
6. Click Unregister again to confirm the removal.

APPENDIX A – MANAGING THE
ONLINE-HELP PACKAGE ON THE
SERVER
This appendix describes managing the online-help package on the APSolute Vision server.
Managing the online-help package is available only to users with the Administrator or Vision
Administrator role.
Managing the online-help package comprises the following:
• Upgrading the online-help package that resides in the APSolute Vision server.
• Reverting the online help to the original version—that is, the online help that came with the
installation of the APSolute Vision server.
You can upgrade the online-help package that resides in the APSolute Vision server using the
procedure below (To update the APSolute Vision help on the server, page 738) or using the CLI. For
information on the CLI command, see System Upgrade Commands, page 717.
Note: Depending on the configuration of the APSolute Vision server (see Configuring APSolute
Vision Server Advanced Parameters, page 162), APSolute Vision clients access online-help pages
from the server itself or from radware.com. The online help at radware.com is always the latest, but
the files on your APSolute Vision server might be out-of-date if a managed device was upgraded or a
new device driver is used.
The help-upgrade procedure requires a valid online-help–upgrade package.
You can download the software upgrade file from the Radware customer portal.
The name format of the online-help package is as follows:
APSoluteVisionHelp_<VisionVersion>_<BuildNumber>_<yyyyMMdd>.upgrade
To download the software upgrade file from the Radware customer portal
1. Open your browser and go to www.radware.com.
2. At the top right of the window, click My Account, and log in.
3. At the upper right of the window, click Customer.

Managing the Online-Help Package on the Server
4. Hover over Products, navigate to the relevant product type, and click the relevant product—as
shown in the following example.
5. In the Software Releases tab, click (Download Software) for the relevant item.
6. In the Help Software Upgrade row, click .

7. Save the UPGRADE file to the appropriate location.
To update the APSolute Vision help on the server

1. In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2. In the Online Help section, click the Update. The Upgrade APSolute Vision Help Version dialog
box opens.
3. Click Browse and navigate to the online-help–upgrade package, and then, click Open.
4. Click Send. The upgrade utility uploads the package and places the online-help files in the
location in the APSolute Vision server.
To revert the online help to the original version on the APSolute Vision server
1. In the APSolute Vision Settings mode System perspective, select General Settings >
Advanced.
2. In the Online Help section, click Revert to Default Help.

APPENDIX B – APSOLUTE VISION LOG
MESSAGES AND ALERTS
This appendix lists log messages and alerts that APSolute Vision may issue.
Many of the log messages and alerts also include a unique numeric ID. The tables in the following
sections display the ID when available.
When APSolute Vision receives a log message or alert that a managed device issues, APSolute Vision
displays the log message or alert with the ID 20000 or 30000.
Some messages or alerts comprise two versions, depending on whether the detailed auditing is
enabled (Enable Detailed Auditing of APSolute Vision Activity and Enable Detailed Auditing
of Device Configuration Changes). For more information, see Configuring Settings for the Alerts
This appendix comprises the following sections:
• Global Parameters, page 740
• Advanced Parameters, page 740
• Alert Browser Settings, page 741
• Connection Settings, page 742
• Monitoring Settings, page 743
• RADIUS Configuration, page 744
• Security Alert Settings, page 745
• TACACS+ Configuration Settings, page 746
• Warning Threshold Settings, page 746
• SharePath Settings, page 747
• APSolute Vision License Settings, page 747
• Upload Logo Settings, page 748
• Device Operation Alerts, page 748
• Audit Message Type Enum, page 751
• HTTPS Communication Check, page 752
• Anti-Fraud Update on the Device, page 752
• SUS Updates, page 753
• ERT Active Attackers Feed, page 753
• Operation Constant, page 754
• Audit Messages, page 754
• Alert Mail Notifier, page 755
• Scheduled Task Alerts, page 756
• General, page 758
• Alerts from CLI, page 758
• Device Configuration Audit Messages, page 760

APSolute Vision Log Messages and Alerts
Global Parameters
The following table lists the messages that are triggered by actions performed on global parameters.
The value in the Type column identifies whether the message is regular (R), or detailed (D) when
detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane, page 121).
Table 517: Global Parameters
ID Type Message
- R User <username> has changed the default password for other users.
- R User <username> has changed the default Password for the user radware.
- R User <username> has changed the User Statistics Storage
- D User <username> has changed the User Statistics Storage to <value>.
- R User <username> has changed the Number of Password Challenges.
- D User <username> has changed the Number of Password Challenges to <value>.
- R User <username> has changed the Number of Last Passwords Saved.
- D User <username> has changed the Number of Last Passwords Saved to
value <value>.
- R User <username> has changed the Password Validity Period
- R User <username> changed the setting that users must change their password at
first login.
- D User <username> changed the setting that users must change their password at
first login to <value>.
Advanced Parameters
The following table lists the messages that are triggered by actions performed on advanced
parameters. The value in the Type column identifies whether the message is regular (R), or detailed
(D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
Table 518: Advanced Parameters
ID Type Message
- R User <username> has changed the Online Help URL.
- D User <username> has changed the Online Help URL to APSolute Vision Server.
- D User <username> has changed the Online Help URL to Radware.com.
- R User <username> has changed the Results per Page.
- D User <username> has changed the Results per Page to <value>.
- R User <username> has changed the Device Lock Timeout.
- D User <username> has changed the Device Lock Timeout to <value>.
- R User <username> User <username> User <username> has changed the Minimal
Log Level.
- D User <username> has changed the Minimal Log Level to <value>.

Table 518: Advanced Parameters (cont.)
ID Type Message
- R User <username> has changed the Max. Number of Configuration Files per
Device.
- D User <username> has changed the Max. Number of Configuration Files per
Device to <value>.
Alert Browser Settings

The following table lists the messages that are triggered by actions performed on Alert Browser
settings. The value in the Type column identifies whether the message is regular (R), or detailed (D)
when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane, page 121).
Table 519: Alert Browser Settings
ID Type Message
- R User <username> has changed the Syslog Facility.
- D User <username> has changed the Syslog Facility to <value>.
- R User <username> has changed the L4 Destination Port for Syslog Reporting.
- D User <username> has changed the L4 Destination Port for Syslog Reporting to Port
<value>.
- R User <username> changed the Syslog server address.
- D User <username> changed the Syslog server address to <value>.
- R User <username> has changed the Syslog Reporting report (scope).
- D User <username> has changed the Syslog Reporting report (scope) to <value>.
- R User <username> changed the Syslog reporting status.
- D User <username> changed the Syslog reporting status to <value>.
- R User <username> changed the Syslog reporting encryption status.
- D User <username> changed the Syslog reporting encryption status to <value>.
- R User <username> changed the Syslog reporting encryption certificate.
- D User <username> changed the Syslog reporting encryption certificate to <value>.
- R User <username> changed the Syslog reporting authentication status.
- D User <username> changed the Syslog reporting authentication status to <value>.
- R User <username> changed the Syslog reporting authentication type.
- D User <username> changed the Syslog reporting authentication type to <value>.
- R User <username> changed the Syslog reporting encryption authentication
permitted peer was changed.
- D User <username> changed the Syslog reporting encryption authentication
permitted peer was changed to <value>.
- R User <username> changed the Syslog reporting encryption authentication private
key was changed.
- D User <username> changed the Syslog reporting encryption authentication private
key was changed to <value>.

Table 519: Alert Browser Settings (cont.)
ID Type Message
- R User <username> changed the Syslog reporting encryption authentication public
key was changed.
- D User <username> changed the Syslog reporting encryption authentication public
key was changed to value>.
- R User <username> changed the detailed APSolute Vision activity auditing alerts
feature to <value>
- D User <username> changed the detailed APSolute Vision activity auditing alerts
feature.
- R User <username> changed the detailed Device Configuration auditing alerts
feature.
- D User <username> changed the detailed Device Configuration auditing alerts
feature to <value>.
Connection Settings
The following table lists the messages that are triggered by actions performed on connection
Table 520: Connection Settings
ID Type Message
00986 R User <username> has changed the password for authentication with the proxy
server.
00987 R User <username> has changed the user name for authentication with the proxy
server.
00988 R User <username> changed the proxy-server authentication status.
00988 D User <username> changed the proxy-server authentication status to <value>.
00989 R User <username> has changed the port of the proxy server.
00989 D User <username> has changed the port of the proxy server to port <value>.
00990 R User <username> has changed the IP address of the proxy server.
00991 R User <username> changed the proxy-server status.
00991 D User <username> changed the proxy-server status to <value>.
00992 R User <username> has changed the timeout for connecting to a device using
SNMP.
00992 D User <username> has changed the timeout for connecting to a device using SNMP
to <value>.
00993 R User <username> has changed the number of retries for connecting to a device
using SNMP.
00993 D User <username> has changed the number of retries for connecting to a device
using SNMP to <value>.
00994 R User <username> has changed the port for accessing a device using SNMP.
00994 D User <username> has changed the port for accessing a device using SNMP to port
<value>.

Table 520: Connection Settings (cont.)
ID Type Message
00995 R User <username> has changed the value of the 'Session Inactivity Timeout'
parameter.
00995 D User <username> has changed the value of the 'Session Inactivity Timeout'
parameter to <value>.
00996 R User <username> has changed the default HTTPS port toward devices.
00996 D User <username> has changed the default HTTPS port toward devices to port
<value>.
00997 R User <username> has changed the default HTTP port toward devices.
00997 D User <username> has changed the default HTTP port toward devices to port
<value>.
00998 D User <username> has changed the IP address of the proxy server to IP Address
<value>.
00999 D User <username> has changed the user name for authentication with the proxy
server to proxy-username <value>.
Monitoring Settings
The following table lists the messages that are triggered by actions performed on monitoring
Table 521: Monitoring Settings
ID Type Message
01000 R User <username> has changed the Polling Interval for Reports.
01000 D User <username> has changed the Polling Interval for Reports to <value>.
01001 R User <username> has changed the Timeout for Device Status Poll.
01001 D User <username> has changed the Timeout for Device Status Poll to <value>.
01002 R User <username> has changed the polling interval for device status.
01002 D User <username> has changed the polling interval for device status to <value>.
01003 R User <username> has changed the Polling Interval for System Configuration.
01003 D User <username> has changed the Polling Interval for System Configuration to
<value>.
01004 R User <username> has changed the Polling Interval for On-line Monitoring.
01004 D User <username> has changed the Polling Interval for On-line Monitoring to
<value>.
01005 R User <username> changed the status of the MSISDN resolution feature.1
01006 D User <username> changed the status of the MSISDN resolution feature to
<value>.1
01007 R User <username> changed the MSISDN IP address.1
01007 D User <username> changed the MSISDN IP address to <value>.1
01008 R User <username> changed the MSISDN Port address.1

Table 521: Monitoring Settings (cont.)
ID Type Message
01008 D User <username> changed the MSISDN Port address to <value>.1
01009 R User <username> changed the MSISDN user name.1
01009 D User <username> changed the MSISDN user name to <value>.1
01010 R User <username> changed the MSISDN password.1
1 – The MSISDN Resolution feature is not supported in APSolute Vision version 3.0 and later.
RADIUS Configuration
The following table lists the messages that are triggered by actions performed on the RADIUS
configuration. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
Table 522: RADIUS Configuration
ID Type Message
- R User <username> has changed the Timeout for the RADIUS servers.
- D User <username> has changed the Timeout for the RADIUS servers to <value>.
- R User <username> has changed the Retries for the RADIUS servers.
- D User <username> has changed the Retries for the RADIUS servers to <value>.
- R User <username> has changed the Authentication Type for the RADIUS servers.
- D User <username> has changed the Authentication Type for the RADIUS servers
to <value>.
- R User <username> has changed the Attribute ID for the RADIUS servers.
- D User <username> has changed the Attribute ID for the RADIUS servers to
<value>.
- R User <username> has changed the Vendor ID for the RADIUS servers.
- D User <username> has changed the Vendor ID for the RADIUS servers to
<value>.
- R User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers.
- D User <username> has changed the Vendor Role Attribute ID for the RADIUS
servers to <value>.
- R User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers.
- D User <username> has changed the Vendor Policy Attribute ID for the RADIUS
servers to <value>.
- R User <username> has changed the Shared Secret for the Secondary RADIUS
server.
- R User <username> has changed the Shared Secret for the Primary RADIUS
server.
- R User <username> has changed the Port for the Secondary RADIUS server.

Table 522: RADIUS Configuration (cont.)
ID Type Message
- D User <username> has changed the Port for the Secondary RADIUS server to
<value>.
- R User <username> has changed the Port for the Primary RADIUS server.
- D User <username> has changed the Port for the Primary RADIUS server to
<value>.
- R User <username> has changed the IP Address for the Secondary RADIUS server.
- D User <username> has changed the IP Address for the Secondary RADIUS server
to <value>.
- R User <username> has changed the IP Address for the Primary RADIUS server.
- D User <username> has changed the IP Address for the Primary RADIUS server to
<value>.
Security Alert Settings

The following table lists the messages that are triggered by actions performed on the security alert
settings.
Table 523: Security Alert Settings
ID Type Message
01012 R Security alert fields were modified: Rule Name was enabled.
01013 R Security alert fields were modified: Rule Name was disabled.
01014 R Security alert fields were modified: Source IP was enabled.
01015 R Security alert fields were modified: Source IP was disabled.
01016 R Security alert fields were modified: Destination port was enabled.
01017 R Security alert fields were modified: Destination port was disabled.
01018 R Security alert fields were modified: Attack Name was enabled.
01019 R Security alert fields were modified: Attack Name was disabled.
01020 R Security alert fields were modified: Action was enabled.
01021 R Security alert fields were modified: Action was disabled.
01022 R Security alert fields were modified: Destination IP was enabled.
01023 R Security alert fields were modified: Destination IP was disabled.

TACACS+ Configuration Settings

The following table lists the messages that are triggered by actions performed on the TACACS+
configuration settings. The value in the Type column identifies whether the message is regular (R),
or detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
Table 524: TACACS+ Configuration Settings
ID Type Message
- R User <username> changed TACACS+ service name.
- D User <username> changed TACACS+ service name to <value>.
- R User <username> changed TACACS+ timeout.
- D User <username> changed TACACS+ timeout to <value>.
- R User <username> changed TACACS+ retries.
- D User <username> changed TACACS+ retries to <value>.
- R User <username> changed TACACS+ minimal required privilege level.
- D User <username> changed TACACS+ minimal required privilege level to
<value>.
- R The Authentication Type for the TACACS+ servers was changed.
- R User <username> changed TACACS+ secondary server shared secret.
- R User <username> changed TACACS+ primary server shared secret.
- R User <username> changed TACACS+ secondary server port.
- D User <username> changed TACACS+ secondary server port to <value>.
- R User <username> changed TACACS+ primary server port.
- D User <username> changed TACACS+ primary server port to <value>.
- R User <username> changed TACACS+ secondary server IP address.
- D User <username> changed TACACS+ secondary server IP address to <value>.
- R User <username> changed TACACS+ primary server IP address.
- D User <username> changed TACACS+ primary server IP address to <value>.
Warning Threshold Settings

The following table lists the messages that are triggered by actions performed on warning threshold
Table 525: Warning Threshold Settings
ID Type Message
00980 R User <username> has changed the threshold for Warning Falling CPU Utilization.
00980 D User <username> has changed the threshold for Warning Falling CPU Utilization
to <value>.
00982 R User <username> has changed the threshold for Error Falling CPU Utilization.

Table 525: Warning Threshold Settings (cont.)
ID Type Message
00982 D User <username> has changed the threshold for Error Falling CPU Utilization to
<value>.
00983 R User <username> has changed the threshold for Error Rising CPU Utilization.
00983 D User <username> has changed the threshold for Error Rising CPU Utilization to
<value>.
00981 R User <username> has changed the threshold for Warning Rising CPU Utilization.
00981 D User <username> has changed the threshold for Warning Rising CPU Utilization
to <value>.
00984 R User <username> disabled alarms for server CPU utilization.
00985 R User <username> enabled alarms for server CPU utilization.
SharePath Settings
The following table lists the messages that are triggered by actions performed on SharePath
settings.
Table 526: SharePath Settings
ID Type Message
- R The management IP of a SharePath server instance was updated.
- R The data IP of a SharePath server instance was updated.
- R The backup server IP of a SharePath server instance was updated.
- R The Performance Limit of a SharePath server instance was updated.
00585 R A SharePath server instance was added to the configuration of the APSolute Vision
server.
00586 R A SharePath server instance was removed from the configuration of the APSolute
Vision server.
APSolute Vision License Settings

The following table lists the messages that are triggered by actions performed APSolute Vision
license settings.
Table 527: Upload Logo Settings
ID Type Message
- R A license of type <feature Name> was deleted from APSolute Vision.
00852 R A new license of type <license type> was provided for APSolute Vision.

Upload Logo Settings

The following table lists the message that is triggered by actions performed on APSolute Vision
Reporter logo settings.
Table 528: Upload Logo Settings
ID Type Message
- R A new logo for Vision Reporter uploaded, filename: <file name>.
Security Group Settings

The following table lists the messages that are triggered by actions performed on Security Group
settings.
Table 529: Security Group Settings
ID Type Message
- R A DefensePro Security Group's senders list was updated.
- R A DefensePro Security Group's receivers list was updated.
- R Blocking Rule parameters of a DefensePro Security Group were updated.
- R Security modules of a DefensePro Security Group were updated.
- R A DefensePro Security Group was disabled.
- R A DefensePro Security Group was enabled.
- R A DefensePro Security Group's blocking period was updated.
- R A new DefensePro Security Group was created.
Device Operation Alerts

The following table lists the messages that are device operation alerts.
Table 530: Device Operation Alerts
ID Type Message
- R User <username> backed up a configuration file for device <device name> -
<Device IP>.
- R User <username> restored a configuration file to device <device name> -
<device IP>.
- R User <username> uploaded an attack signatures file to device <device name> -
<device IP>.
- R User <username> updated the attack signatures file to device <device name>.
- R User <username> failed uploading the attack signatures file to device <device
name>.
- R <device name>, <device IP> is locked by other user.
- R User <username> failed to unlock <device name>, <device IP>.

Table 530: Device Operation Alerts (cont.)
ID Type Message
- R <device name>, <device IP> cannot be unlocked by user <username> because it
already locked by user <username>
- R <Operation Name> action finished successfully for device <device name>.
<Operation Output>
- R <Operation Name> action failed for device <device name> due to: <reason>
- R Send Signature File From Website To Device
- R Send File To Device
- R Send Attack Signatures File To Device
- R For more information, see the Messages tab.
- R The device type or version is not compatible with DefensePro Configuration
Template feature.
00699, R Devices <device name> and <device name> have identical SNMP engine IDs. To
00971 prevent connection problems, change the engine ID on one of the devices.
00723 R Failed to retrieve the Device Driver from <device name>. Please enable HTTPS or
HTTP communication on the device.
00908 R <Operation Name> action failed for device <device name>. <Operation Output>
00910, R User <username> failed uploading a quarantine file to device <device name> -
00952 <device IP>.
00912 R User <username> failed downloading a quarantine file from device <device
name> - <device IP>.
00915 R User <username> uploaded a configuration file to device <device name> -
<device IP> successfully.
00915, R User <username> uploaded a configuration file to device <device name> -
00944 <device IP> successfully.
00916, R User <username> failed uploading a configuration file to device <device name> -
00945 <device IP>.
00920 R User <username> upgraded the software for device <device name> - <device
IP> successfully.
00921 R The signature file is up-to-date. No download is required.
00926 R <device name>, <device IP> unlocked due to inactivity.
00927, R <device name>, <device IP> unlocked by user <username>.
00938,
01098
00933 R User <username> rebooted device <device name> - <device IP>.
00934 R User <username> shutdown device <device name> - <device IP>.
00935 R <device name>, <device IP> locked by user <username>.
00936 R <device name>, <device IP> is already locked.
00937 R <device name>, <device IP> forcibly locked by user <username>.
00939 R <device name>, <device IP> is already unlocked.
00941 R User <username> failed to update Anti-Fraud signatures for device <device
name>.
00942, R User <username> uploaded file <file name> to device <device name> - <device
01047 IP> successfully.

ID Type Message
00947 R Failed to retrieve the <file type> file <file name> from device <device name> -
<Device IP>.
00948 R User <username> downloaded a certificate file from device <device name> -
<Device IP> successfully.
00949 R User <username> failed downloading a certificate file from device <device name>
- <device IP>.
00950 R User <username> failed uploading a certificate file to device <device name> -
<device IP>.
00951 R User <username> uploaded a certificate file to device <device name> - <device
IP> successfully.
00954 R User <username> failed uploading a file to device <device name> - <device IP>.
00955 R User <username> uploaded a file to device <device name> - <device IP>
successfully.
00956 R User <username> downloaded a file from device <device name> - <device IP>
successfully.
00957 R User <username> failed downloading a file from device <device name> - <device
IP>.
00958 R User <username> uploaded a certificate revocation list file to device <device
name> - <device IP> successfully.
00959 R User <username> failed uploading a certificate revocation list file to
device <device name> - <device IP>.
00961 R User <username> failed upgrading software for device <device name> - <device
IP>.
00964, R Wrong parameters are passed from client.
00965
00967 R Device <device name>, <device IP> deleted successfully.
00968 R Device <device name>, <device IP> deletion failed.
01048, R User <username> failed uploading file <file name> to device <device name> -
01105 <Device IP>.
01049 R User <username> downloaded <file type> file from device <device name> -
<Device IP> successfully.
01050 R Failed to retrieve the <file type> file from device <device name> - <device IP>.
Check your HTTP/HTTPS configuration and try again.
01051, R User <username> failed downloading file <file name> from device <device
00940 name> - <device IP>.
01052 R Restore Device Driver for device <device name> succeeded.
01053 R Restore Device Driver failed for device <device name>.
01099 R A newer device driver is available for {0} {1}: {2}. You can manage device
drivers in the Settings view.
01100 R Failed to retrieve the Device Driver from <device name>. Please check status of
HTTPS or HTTP communication on the device and specified credentials.
01102 R The software version from the device driver metadata ({0}) does not match the
software version from the driver name ({1}).
01103 R The driver file for device {0} is invalid.

ID Type Message
01106 R Failed <file type> file verification on device <device name> - <device IP>.
01107 R An operation was performed using a proxy server.
01110 R User <username> failed to lock <device name>, <device IP>.
Audit Message Type Enum

The following table lists the enum audit messages.
Table 531: Audit Message Type Enum
ID Type Message
- R Added user <username>.
- R User <username> changed password.
- R Deleted user <username>.
- R Enabled user <username>.
- R Disabled user <username>.
- R User <username> was locked.
- R User <username> was unlocked.
- R User <username> successfully logged in.
- R User <username> failed to log in.
- R Password for user <username> was reset.
- R Changed properties for user <username>.
- R User <username> logged out.
- R Updating Configuration template <template> failed because <reason>.
- R Updated role-scope pair for user <username>.
- R Removed role-scope pair for user <username>.
- R User <username> changed the scheduled task name.
00855 R Changed password expiration date for user <username>.
00866 R Changed name for user <username> to <username>.
00873 R User <username> has credentials error.
00874 R The configuration template <template> was added to the APSolute Vision
server.
00875 R The configuration template <template> was updated to the APSolute Vision
server.
00876 R The configuration template <template> was deleted to sic the APSolute Vision
server.
00877 R Propagated Configuration template <template>.
00878 R Failed to propagate Configuration template <template>.

HTTPS Communication Check

The following table lists the messages that are triggered by actions performed on HTTPS
communication.
Table 532: HTTPS Communication Check
ID Type Message
- R The specified HTTPS user <username> does not exist on the device.
00180 R Secure-Web-server operation on the device is disabled.
00182 R The specified HTTPS password is incorrect, or you have exceeded the maximum
allowed login attempts.
00184 R APSolute Vision has encountered an error communicating with the device over
HTTPS.
Anti-Fraud Update on the Device

The following table lists the messages that are triggered by Anti-Fraud update actions.
Table 533: Anti-Fraud Update
ID Type Message
- R Synchronize Device Configuration (for cluster)
- R Synchronization Task (<task name>) failed: Skipping unmatching device:
<name> (Version: <Version>, Redundancy Status: <Status>, Parent: <name>.
- R Synchronization Task (<task name>) failed: Skipping device: <name> (backup
device was not found).
00062 R Task <task name> failed.
00070 R Anti-Fraud update failed: unable to retrieve Anti-Fraud signatures.
00071 R Anti-Fraud signature update failed for some of devices.
00072 R The Anti-Fraud update task is not applicable to device <device name>.
00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures
update for following devices: <device list>.
00076 R The Update Anti-Fraud Security Signature task failed. No device configured for
the task has Fraud Protection enabled.
00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.
00097 R Anti-Fraud Update is not required for any subscribed device from the task.
00106 R Fraud Protection is disabled for device <device name>.
00482 R Not authorized operation launched by the user: <name> on screen <screen ID>
00815 R Scheduled Task <task name> executed successfully
01088 R Failed to run task logic for task <task name>.
01623 R The Radware site cannot be reached to download the update. Please check DNS
and Proxy settings in APSolute Vision configuration.
01625 R Scheduled Task <task name> is completed.
01628 R The Anti-Fraud Update succeeded for device <device name>.

SUS Updates
The following table lists the messages that are triggered by SUS update actions.
Table 534: SUS Updates
ID Type Message
01482 R User <user name> failed to download the file <file name> for the device <device
IP>. The device does not have a subscription for SUS updates.
01483 R User <user name> failed to download the file <file name> from Radware.com.
01484 R User <user name> failed to send the file <file name> to the device at IP address
<device IP>.
01624 R Device <device name> does not have a valid subscription for Attack Signatures
update.
01657, R User <user name> failed to upload the file <file name> to the device <device
01658 name> (IP address: <device IP>).
ERT Active Attackers Feed

The following table lists the messages that are triggered by the ERT Active Attackers Feed for
DefensePro task. This task updates the entries in the Black List module in the selected DefensePro
devices.
Table 535: ERT Active Attackers Feed Updates
ID Type Message
01902 R The ERT Active Attackers Feed task updated the following DefensePro devices:
<device list>.
01903 R The ERT Active Attackers Feed task failed.
01904 R The following DefensePro devices are not available: <device list>.
01905 R The following DefensePro devices are not subscribed to the ERT Active Attackers
Feed service: <device list>.
01906 R Updating the following DefensePro devices with the ERT Active Attackers Feed
failed: <device list>.
01908 R Skipping device update. The content of the ERT Active Attackers Feed is the same
as the previous run.
01912 R Filtered ERT Active Attackers Feed is empty. Deleting previous feed from devices.
01914 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed
information from Radware.
01915 R ERT Active Attackers Feed task was aborted. A communication problem caused a
failure in loading feed information from Radware.
01916 R ERT Active Attackers Feed task was aborted. There was a failure parsing the feed
from Radware.
01917 R ERT Active Attackers Feed task was aborted. A communication problem caused a
failure in loading the feed from Radware.

Table 535: ERT Active Attackers Feed Updates (cont.)
ID Type Message
01918 R ERT Active Attackers Feed task was aborted. There are no devices with a valid
subscription.
01919 R Update failed with the following error on the device <device>: <error>
01920 R ERT Active Attackers Feed task failed to update the device <device>. No specific
error.
Operation Constant
The following table lists the messages that are triggered by operation constants.
Table 536: Operation Constant
ID Type Message
- R Anti-Fraud Security Signature Update from Radware Site failed.
- R Anti-Fraud Security Signature Update from Radware Site succeeded.
- R Anti-Fraud Security Signature Update was downloaded from Radware Site
- R Anti-Fraud Security Signature Update is not required.
00917 R Backup Vision DB failed.
00918 R Backup Vision DB succeeded.
01041 R Updating the Attack Description file from Radware site succeeded.
01042 R Updating the Attack Description file from Radware site failed.
01043 R Updating the Attack Description file from Remote Server succeeded.
01044 R Update the Attack Description file from Remote Server failed.
01045 R Updating the Attack Description file from client succeeded.
01046 R Updating the Attack Description file from client failed.
Audit Messages
The following table lists the audit messages.
Table 537: Audit Messages
ID Type Message
- R User <username> added account <account> ,with Scope <scope>, Role <role>
and Network Policy <policy>
- R User <username> changed password expiration Date for user <user name>, to
expiration Date <date>
00857 R User <username> changed his/her password.
00858 R User <username> deleted account <account>
00859 R User <username> enabled account <account>
00860 R User <username> disabled the account <account>

Table 537: Audit Messages (cont.)
ID Type Message
00861 R Account <account> was locked
00862 R User <username> has unlocked account <account>
00863 R Account <account> successfully logged in
00864 R Account <account> failed to log in
00865 R User <username> reset password for account <account>
00866 R User <username> changed name for user <name>, to <name>
00868 R User <username> update the Full Name of account <account>, to Full Name:
<value>
00870 R User <username> update the Contact Information of account <account>, to
Contact Information: <value>.
00872 R Account <account> logged out.
00874 R The configuration template <template> was added to the APSolute Vision server
00875 R The configuration template <template> was updated to the APSolute Vision
server
00876 R The configuration template <template> was deleted to the APSolute Vision server
00877 R Propagated Configuration template <template>
00878 R Failed to propagate Configuration template <value>
- R Updating Configuration template <value> failed because <reason>
00880 R User <username> added or modified the Role-scope pair for account <account> ,
to Role-scope pair <pair>
00882 R User <username> removed the Role-scope pair <pair> of account <account>
00883 R User <username> changed his/her password on the APSolute Vision server
machine.
00884 R User <username> deleted device backup file <file name>
Alert Mail Notifier

The following table lists the messages that are triggered by actions performed on alert mail settings.
Table 538: Alert Mail Notifier
ID Type Message
- D User <username> has changed the Subject Header in the Email Reporting
Configuration to <value>.
01026 R Email reporting settings were changed.
01028 R User <username> has changed the Email Sending Interval.
01028 D User <username> has changed the Email Sending Interval to <value>.
01029 R User <user name> has changed the From Header in the Email Reporting
Configuration.

Table 538: Alert Mail Notifier (cont.)
ID Type Message
01029 D User <user name> has changed the From Header in the Email Reporting
Configuration to <value>.
01030 R User <username> has changed the Number of Alerts per Email.
01030 D User <username> has changed the Number of Alerts per Email to <value>.
01031 R User <username> has changed the Recipient Email Address.
01032 R User <username> has changed the SMTP Server Address.
01032 D User <username> has changed the SMTP Server Address to IP Address
<value>.
01033 R User <username> has changed the SMTP User Name.
01034 R User <username> has changed the Subject Header in the Email Reporting
Configuration.
01024 D User <username> has changed the Recipient Email Address to email-address
<value>.
01025 D User <username> has changed the SMTP User Name to smtp-username
<value>.
Scheduled Task Alerts

The following table lists the messages that are triggered by actions performed on scheduled tasks.
Table 539: Scheduled Task Alerts
ID Type Message
- R User <username> changed the scheduled task backup file name.
- D User <username> changed the scheduled task backup file name to <value>.
- R User <username> changed the scheduled task destination IP address.
- D User <username> changed the scheduled task destination IP address to <value>.
- R User <username> has changed the password for authentication with the backup
device during a scheduled task.
- D User <username> has changed the password for authentication with the backup
- R User <username> changed the scheduled task backup directory.
- D User <username> changed the scheduled task backup directory to <value>.
- R User <username> changed the protocol to communicate with the backup device
during a scheduled task.
- D User <username> changed the protocol to communicate with the backup device
during a scheduled task to protocol <value>.
- R User <username> has changed the user name for authentication with the backup
- D User <username> has changed the user name for authentication with the backup
device during a scheduled task to username <value>.

Table 539: Scheduled Task Alerts (cont.)
ID Type Message
- R User <username> added Devices to a scheduled task's list of devices.
- D User <username> changed scheduled task name to <value>.
- R User <username> updated the date (day) of a scheduled task.
- D User <username> updated the date (day) of a scheduled task to <value>.
- R User <username> updated the date (month) of a scheduled task.
- D User <username> updated the date (month) of a scheduled task to <value>.
- R User <username> updated the date (year) of a scheduled task.
- D User <username> updated the date (year) of a scheduled task to <value>.
- R User <username> updated the time (hour) of a scheduled task.
- D User <username> updated the time (hour) of a scheduled task to <value>.
- R User <username> updated the time (minutes) of a scheduled task.
- D User <username> updated the time (minutes) of a scheduled task to <value>.
- R User <username> updated the time (seconds) of a scheduled task.
- D User <username> updated the time (seconds) of a scheduled task to <value>.
- R User <username> updated the frequency of a scheduled task.
- D User <username> updated the frequency of a scheduled task to <value>.
- R User <username> updated the quantity of minutes between two executions of a
scheduled task.
- D User <username> updated the quantity of minutes between two executions of a
scheduled task to <value>.
- R User <username> set run always to a scheduled task.
- R User <username> updated the start date of the scheduled period of a scheduled
task.
- D User <username> updated the start date of the scheduled period of a scheduled
task to <value>.
- R User <username> updated the end date of the scheduled period of a scheduled
task.
- D User <username> updated the end date of the scheduled period of a scheduled
task to <value>.
- R User <username> removed Devices from a scheduled task's list of devices.
- R User <username> changed scheduled task name.
00072 R The Anti-Fraud update task is not applicable to device <device name>.
00075 R Anti-Fraud update failed due to no valid subscription for Anti-Fraud signatures
update for following devices: <device list>.
00093 R Anti-Fraud update failed: unable to process Anti-Fraud signatures.
00097 R Anti-Fraud Update is not required for any subscribed device from the task.
00106 R Fraud Protection is disabled for device <device name>.
00972 R User <username> changed scheduled task to enabled.
00973 R User <username> changed scheduled task to disabled.
00976 R User <username> changed scheduled task file type.
00976 D User <username> changed scheduled task file type to <value>.

Table 539: Scheduled Task Alerts (cont.)
ID Type Message
00977 R User <username> created a scheduled task.
00978 R User <username> removed a scheduled task.
01624 R Device <device name> does not have a valid subscription for Attack Signatures
update.
01625 R Scheduled Task <task name> is completed.
01628 R The Anti-Fraud Update succeeded for device <device name>.
General
The following table lists the message that is triggered when the APSolute Vision server is up.
Table 540: General
ID Type Message
00810 R The APSolute Vision server is now up.
Alerts from CLI

The following table lists the messages that are triggered by actions performed in the APSolute Vision
CLI.
Table 541: Alerts from CLI
ID Type Message
60000 R User <username> has created a system backup.
60001 R User <username> has failed to create a system backup with error message:
<error message>.
60004 R User <username> has restored a system backup.
60005 R User <username> has failed to restore a system backup with error message:
<error message>.
60006 R User <username> exported a system backup successfully.
60007 R User <username> failed to export a system backup with error message: <error
message>.
60008 R User <username> has created a new system configuration backup.
60009 R User <username> failed to create a new system configuration backup with error
message: <error message>.
60012 R User <username> successfully restored a system configuration Backup.
60013 R User <username> failed to restore a system configuration backup with error

Table 541: Alerts from CLI (cont.)
ID Type Message
60014 R User <username> successfully exported a system configuration backup.
60015 R User <username> failed to export a system configuration backup with error
60016 R User <username> has created a new Vision Reporter backup.
60017 R User <username> failed to create a new Vision Reporter backup with error
60020 R User <username> successfully restore a Vision Reporter Backup.
60021 R User <username> failed to restore a Vision Reporter backup with error message:
<error message>.
60022 R User <username> successfully exported a Vision Reporter Backup.
60023 R User <username> failed to export a Vision Reporter backup with error message:
<error message>.
60024 R User <username> created a tech-support file.
60025 R User <username> failed to create a tech-support file with error message: <error
message>.
60028 R User <username> successfully restore a tech-support file.
60029 R User <username> failed to restore a tech-support file with error message:
<error message>.
60030 R User <username> successfully exported a tech-support file.
60031 R User <username> failed to export a tech-support file with error message: <error
message>.
60032 R User <username> changed the date and time on the APSolute Vision server to
Date and Time <value>.
60033 R User <username> changed the timezone of the APSolute Vision server to
Timezone <value>.
60034 R User <username> started the Vision server.
60035 R User <username> failed to started the Vision server.
60036 R User <username> stopped the Vision server.
60037 R User <username> failed to stop the Vision server.
60038 R User <username> changed the IP address for the <value> port of the APSolute
Vision server to IP Address <value>.
60039 R User <username> changed the tech-support password of the APSolute Vision
server.
60040 R User <username> changed the web-access password of the APSolute Vision
server.
60041 R The <username> user password of the APSolute Vision system was changed.
60042 R User <username> changed the root user password of the APSolute Vision
system.
60043 R User <username> changed the vision-files user password of the APSolute Vision
system.
60044 R User <username> started the database server.
60045 R User <username> stopped the database server.
60046 R User <username> failed to stop the database server.

Table 541: Alerts from CLI (cont.)
ID Type Message
60047 R User <username> added CLI-Access for external user: <name>.
60048 R User <username> deleted CLI-Access for external user: <name>.
Device Configuration Audit Messages

The following table lists the messages that are triggered by actions performed on device
configurations. The value in the Type column identifies whether the message is regular (R), or
detailed (D) when detailed auditing is enabled (see Configuring Settings for the Alerts Table Pane,
page 121).
Table 542: Device Configuration Audit Messages
ID Type Message
- R User <username> set value to scalar '<name>'
- D User <username> set value to scalar '<name>': <value>.
- R User <username> added a row to table '<name>':
- D User <username> added a row to table '<name>', indexes:
- R User <username> deleted row from table '<name>':
- D User <username> deleted row from table '<name>', indexes:
- R User <username> edited a row of table '<name>':
- D User <username> edited a row of table '<name>', indexes:
- R User <username> Propagated template '<template>' in table '<name>':
- D User <username> Propagated template '<template>' in table '<name>',
Hardware Alerts
The following table lists the messages that APSolute Vision issues related to hardware issues.
Table 543: Hardware Alerts
ID Type Message
- R APM server disk space and usage exceeding the <number> percent threshold -
usage is <number> percent
00889 R Fan number <number> is not working.
00890 R Temperature above critical threshold: temperature sensor number <number> is
reporting <temperature C>°C / <temperature F>°F.
00891 R Falling: CPU utilization is normal.
00892 R Rising: CPU utilization is high for core <<number>>
01901 R The APSolute Vision disk utilization of "<filesystemPath>" is now <percent>%.
01951 R Falling: Memory utilization is normal.
01952 R Rising: Memory utilization is high.

APPENDIX C – MIBS FOR MONITORING
APSOLUTE VISION
This appendix contains the following sections, which describe the MIBs that APSolute Vision exposes
for monitoring APSolute Vision:
• RFC1213 MIB Objects for Monitoring APSolute Vision, page 762
• Host Resources MIB Objects for Monitoring APSolute Vision, page 764
• UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision, page 764
• NET-SNMP-EXTEND-MIB MIB Objects for Monitoring of APSolute Vision CPU Utilization, page 765
• Trap Objects for Monitoring APSolute Vision, page 766
• Trap Objects for APSolute Vision Alerts, page 767
Note: For information on managing the settings of the SNMP interface, see System SNMP
Commands, page 707.

MIBs for Monitoring APSolute Vision
RFC1213 MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the RFC1213 MIB for monitoring APSolute Vision.
Table 544: RFC1213 MIB Objects for Monitoring APSolute Vision
Object OID Data Type Description

system
sysDescr 1.3.6.1.2.1.1.1 DisplayString A textual description of the entity. This value should include the full name
(SIZE (0..255)) and version identification of the system’s hardware type, software
operating-system, and networking software. It is mandatory that this only
contain printable ASCII characters.
sysUptime 1.3.6.1.2.1.1.3 TimeTicks The time (in hundredths of a second) since the network management
portion of the system was last re-initialized.
sysContact 1.3.6.1.2.1.1.4 DisplayString The textual identification of the contact person for this managed node,
(SIZE (0..255)) together with information on how to contact this person.
sysName 1.3.6.1.2.1.1.5 DisplayString An administratively assigned name for this managed node. By convention,
(SIZE (0..255)) this is the node's fully-qualified domain name.
Interface
ifTable 1.3.6.1.2.1.2.2 A list of interface entries. The number of entries is given by the value of
ifNumber.
ifIndex 1.3.6.1.2.1.2.2.1.1 INTEGER32 A unique value, greater than zero, for each interface.
ifDescr 1.3.6.1.2.1.2.2.1.2 DisplayString A textual string containing information about the interface.
(SIZE (0..255))
ifPhysAddress 1.3.6.1.2.1.2.2.1.6 OCTETSTR The interface’s address at its protocol sub-layer. For example, for an 802.x
interface, this object normally contains a MAC address.

Table 544: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)

ifOperStatus 1.3.6.1.2.1.2.2.1.8 INTEGER The current operational state of the interface.
Values:
• 1—Up
• 2—Down
• 3—Testing
• 4—Unknown
• 5—Dormant
• 6—Not present
• 7—Lower layer down
Ip
ipAddrTable 1.3.6.1.2.1.4.20 The table of addressing information relevant to this entity’s IP addresses.
ipAdEntAddr 1.3.6.1.2.1.4.20.1.1 IpAddress The IP address to which this entry’s addressing information pertains.
ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2 INTEGER The index value which uniquely identifies the interface to which this entry
is applicable. The interface identified by a particular value of this index is
the same interface as identified by the same value of ifIndex.
ipAdEntNetMask 1.3.6.1.2.1.4.20.1.3 IpAddress The subnet mask associated with the IPv4 address of this entry. The value
of the mask is an IPv4 address with all the network bits set to 1 and all the
hosts bits set to 0.
ipRouteTable 1.3.6.1.2.1.4.21 This entity’s IP Routing table.
ipRouteDest 1.3.6.1.2.1.4.21.1.1 IpAddress The destination IP address of this route. An entry with a value of 0.0.0.0 is
considered a default route. Multiple routes to a single destination can
appear in the table, but access to such multiple entries is dependent on the
table-access mechanisms defined by the network management protocol in
use.
ipRouteIfIndex 1.3.6.1.2.1.4.21.1.2 INTEGER The index value which uniquely identifies the local interface through which
the next hop of this route should be reached. The interface identified by a
particular value of this index is the same interface as identified by the
same value of ifIndex.

Table 544: RFC1213 MIB Objects for Monitoring APSolute Vision (cont.)

ipRouteNextHop 1.3.6.1.2.1.4.21.1.7 IpAddress The IP address of the next hop of this route. (In the case of a route bound
to an interface which is realized via a broadcast media, the value of this
field is the agent’s IP address on that interface.)
ipRouteMask 1.3.6.1.2.1.4.21.1.11 IpAddress Indicate the mask to be logical-ANDed with the destination address before
being compared to the value in the ipRouteDest field.
Host Resources MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the Host Resources MIB for monitoring APSolute Vision.
Table 545: Host Resources MIB Objects for Monitoring APSolute Vision

hrSystem
hrSystemDate 1.3.6.1.2.1.25.1.2 DateAndTime The host’s notion of the local date and time of day.
hrSystemUptime 1.3.6.1.2.1.25.1.1 TimeTicks The amount of time since this host was last initialized. Note that this is
different from sysUpTime in the SNMPv2-MIB [RFC 1907] because
sysUpTime is the uptime of the network management portion of the
system.
UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision

The following table describes the supported objects from the UCD-SNMP-MIB MIB for monitoring APSolute Vision.
Table 546: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision

Memory
memTotalSwap 1.3.6.1.4.1.2021.4.3 INTEGER32 The total amount of swap space configured for this host.

Table 546: UCD-SNMP-MIB MIB Objects for Monitoring APSolute Vision (cont.)

memAvailSwap 1.3.6.1.4.1.2021.4.4 INTEGER32 The amount of swap space currently unused or available.
memTotalReal 1.3.6.1.4.1.2021.4.5 INTEGER32 The total amount of real/physical memory installed on this host.
memAvailReal 1.3.6.1.4.1.2021.4.6 INTEGER32 The amount of real/physical memory currently unused or available.
memTotalFree 1.3.6.1.4.1.2021.4.11 INTEGER32 The total amount of memory free or available for use on this host. This
value typically covers both real memory and swap space or virtual
memory.
NET-SNMP-EXTEND-MIB MIB Objects for Monitoring of APSolute Vision CPU

Utilization
The following table describes the supported objects from the NET-SNMP-EXTEND-MIB for monitoring APSolute Vision (Linux) CPU utilization.
Note: These objects use the Linux sar command, which provide the contents of selected cumulative activity counters in the operating system.
Table 547: MIB Objects for Monitoring APSolute Vision CPU Utilization

cpuUtilizationUser .1.3.6.1.4.1.8072.1.3.2.4.1.2.1 DisplayString The percentage of CPU utilization that occurred while executing at
8.99.112. the user level (application).
117.85.116.105.108.105.122.9
7.116.105.111.110.85.115.101
.114.1
cpuUtilizationSystem .1.3.6.1.4.1.8072.1.3.2.4.1.2.2 DisplayString Percentage of CPU utilization that occurred while executing at the
0.99.112.117.85.116.105.108. system level (kernel).
105.122.97.116.105.111.110.8
3.121.115.116.101.109.1

Table 547: MIB Objects for Monitoring APSolute Vision CPU Utilization (cont.)

cpuUtilizationTotal .1.3.6.1.4.1.8072.1.3.2.4.1.2.1 DisplayString The total percentage of CPU utilization.
9.99.112.117.85.116.105.108.
105.122.97.116.105.111.110.8
4.111.116.97.108.1
Trap Objects for Monitoring APSolute Vision

The following table describes the supported trap objects for monitoring APSolute Vision.
Table 548: Trap Objects for Monitoring APSolute Vision
Object OID Type Description

coldStart 1.3.6.1.6.3.1.1.5.1 Trap A coldStart trap signifies that the SNMP entity, supporting a notification
originator application, is reinitializing itself and that its configuration may
have been altered.
This trap, in SNMPv2-MIB, is generated at the following times:
• At APSolute Vision machine startup (which starts the SNMP service).
• At APSolute Vision application startup (for example, after running the CLI
command system vision-server start). This occurs after the
shutdown trap.
nsNotifyShutdown 1.3.6.1.4.1.8072.4.0.2 Trap An indication that the agent is in the process of being shut down.
This trap, in NET-SNMP-AGENT-MIB, is generated at the following times:
• At APSolute Vision machine shutdown (which stops the SNMP service).
• At APSolute Vision startup (for example, after running the CLI command
system vision-server start). This occurs before the startup trap.

Trap Objects for APSolute Vision Alerts

The following table describes the supported trap objects for SNMP alerts from APSolute Vision. For information on configuring APSolute Vision to
send SNMP alerts, see Managing the SNMP Reporting Configuration, page 128 and Managing Alert Profiles, page 130.
Table 549: Trap Objects for Monitoring APSolute Vision

SNMPv1 TRAPs
alertTrap 1.3.6.1.4.1.89.35.10.1.0.200 The attributes in the alerts from APSolute Vision.
alerts
alertId 1.3.6.1.4.1.89.35.10.1.1 INTEGER The alert identifier. There is no value for events that are not SNMP
traps.
alertMessage 1.3.6.1.4.1.89.35.10.1.2 DisplayString The description of the event.
alertUser 1.3.6.1.4.1.89.35.10.1.3 DisplayString The user who triggered the event.
If no user is associated with the action, the user
APSolute_Vision is displayed.
alertSeverity 1.3.6.1.4.1.89.35.10.1.4 DisplayString The severity of the alert.
alertModule 1.3.6.1.4.1.89.35.10.1.5 DisplayString The source module of the event.
Values:
• Vision Configuration
• Vision General
• Vision Control
• Device General
• Device Security
• Security Reporting.
alertCategory 1.3.6.1.4.1.89.35.10.1.6 DisplayString The attack category of the event.
alertTimeString 1.3.6.1.4.1.89.35.10.1.7 DisplayString The time that event was triggered. The time format is according
to the configuration on the APSolute Vision server.
alertTimeMillis 1.3.6.1.4.1.89.35.10.1.8 Counter64 The time that event was issued, in milliseconds since Epoch.

Table 549: Trap Objects for Monitoring APSolute Vision (cont.)

alertSourceDeviceName 1.3.6.1.4.1.89.35.10.1.9 DisplayString The values differ according to the alert type. For SNMP traps, the
value is the name of the device that generated them. For
APSolute Vision auditing events, which have device context
(configuration, monitoring), the value is the name of the device to
which the event relates. When the alert is generated by the
APSolute Vision server, no device name is displayed.
alertSourceDeviceIp 1.3.6.1.4.1.89.35.10.1.10 DisplayString The IP address of the device to which the message relates. No
value is provided for alerts generated by APSolute Vision.

APPENDIX D – APPSHAPE-
GENERATED CONFIGURATIONS
This appendix contains the configurations that the various AppShape templates generate. The
sections include values that the templates explicitly configure—as the result of the hard-coded
AppShape pattern or as the result of a value that you specify in the AppShape Instance tab.
This appendix contains the following sections:
• Common Web Application—AppShape-generated Configuration, page 769
• Citrix XenDesktop—AppShape-generated Configuration, page 771
• DefenseSSL—AppShape-generated Configuration, page 773
• Microsoft Exchange 2010—AppShape-generated Configuration, page 774
• Microsoft Exchange 2013—AppShape-generated Configuration, page 777
• Microsoft Link External—AppShape-generated Configuration, page 779
• Oracle E-Business—AppShape-generated Configuration, page 791
• Oracle SOA Suite 11g—AppShape-generated Configuration, page 792
• Oracle WebLogic 12c—AppShape-generated Configuration, page 794
• Microsoft Link Internal—AppShape-generated Configuration, page 782
• SharePoint 2010—AppShape-generated Configuration, page 795
• SharePoint 2013—AppShape-generated Configuration, page 797
• VMware View 5.1—AppShape-generated Configuration, page 799
• Zimbra—AppShape-generated Configuration, page 800
Common Web Application—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Common Web Application AppShape
generates.
Note: For more information on the Common Web Application AppShape type, see Configuring a
Common Web Application AppShape Instance, page 268.
/c/slb/accel/compress/comppol <generated index number>

name "WebApplication.<generated index number>"
minsize 1024
ena
/c/slb/ssl/sslpol <generated index number>
ena
/c/slb/accel/caching/cachepol <generated index number>

AppShape-Generated Configurations
ena
/c/slb/real <user-specified virtual-server name>_<generated suffix>
ena
ipver v4
rip <user-specified IP address>
name "CommonWebApp.<user-specified IP address>"
ena
ipver v4
name "CommonWebApp.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix>
add <user-specified virtual-server name>_<generated suffix>
name "WebApplication.servers"
/c/slb/virt <user-specified virtual-server name>
ena
ipver v4
vip <user-specified IP address>
vname "WebApp.<user-specified virtual-server name>"
/c/slb/virt <user-specified virtual-server name>/service 80 http
group <user-specified virtual-server name>_grp
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 80 http/http
comppol <generated index number>
cachepol <generated index number>
connmgt ena 10
/c/slb/virt <user-specified virtual-server name>/service 443 https
rport 0
dbind forceproxy
report real
/c/slb/virt <user-specified virtual-server name>/service 443 https/http


connmgt ena 10 [disabled by default]
/c/slb/virt <user-specified virtual-server name>/service 443 https/ssl
srvrcert cert <user-specified certificate>
sslpol <generated index number>
Citrix XenDesktop—AppShape-generated Configuration

The following is the Alteon CLI configuration that the Citrix XenDesktop AppShape generates.
Note: For more information on the Citrix XenDesktop AppShape type, see Configuring a Citrix
XenDesktop AppShape Instance, page 270.
/c/slb/accel/compress/comppol <user-specified instance name>Citrix

minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate ID>
/c/slb/ssl/certs/import key "<user-specified certificate ID>" text
<RSA PRIVATE KEY>
/c/slb/ssl/certs/key <user-specified certificate name>
/c/slb/ssl/certs/import key "<user-specified certificate name>" text
<RSA PRIVATE KEY>
/c/slb/ssl/certs/request <user-specified certificate ID>
/c/slb/ssl/certs/import request "<user-specified certificate ID>" text
<CERTIFICATE REQUEST>
/c/slb/ssl/certs/request <user-specified certificate name>
/c/slb/ssl/certs/import request "<user-specified certificate name>" text
<CERTIFICATE REQUEST>
/c/slb/ssl/certs/cert <user-specified certificate ID>
/c/slb/ssl/certs/import cert "<user-specified certificate ID>" text
<CERTIFICATE>
/c/slb/ssl/certs/cert <user-specified certificate name>
/c/slb/ssl/certs/import cert "<user-specified certificate name>" text
<CERTIFICATE>
/c/slb/ssl/sslpol <user-specified instance name>Citrix
name "SSL.Citrix"
ena
/c/slb/group <user-specified instance name>_grpDDC
ipver v4

metric roundrobin
name "Citrix_DDC.group"
/c/slb/virt <user-specified instance name>DDC
ena
ipver v4
vname "Citrix.<user-specified instance name>DDC"
/c/slb/virt <user-specified instance name>DDC/service <user-specified port and
service>p
group <user-specified instance name>_grpDDC
rport <user-specified port>
pbind clientip norport
dbind forceproxy
tmout 20
ptmout 20
/c/slb/virt <user-specified instance name>StoreFront
ena
ipver v4
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified IP
address and service>
group <generated index number>
dbind forceproxy
tmout 20
ptmout 20
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified
port and service>
comppol <user-specified instance name>Citrix
xforward ena
/c/slb/virt <user-specified instance name>StoreFront/service <user-specified
port and service>/ssl
srvrcert cert MyCertID
sslpol <user-specified instance name>Citrix

DefenseSSL—AppShape-generated Configuration
The following is the Alteon CLI configuration that the DefenseSSL AppShape generates.
Note: For more information on the DefenseSSL AppShape type, see Configuring a DefenseSSL
AppShape Instance, page 272.
c/slb/ssl/certs/key <user-specified certificate>

/c/slb/ssl/certs/request <user-specified certificate>
/c/slb/ssl/certs/srvrcert <user-specified certificate>
name "DefSSL. <generated index number>"
ena
/c/slb/real <user-specified instance name>_<generated index number>
ena
ipver v4
maxcon 0 physical
name "defenseSsl. <user-specified IP address>"
addport <user-specified port>
ena
ipver v4
maxcon 0 physical
name "defenseSsl. <user-specified IP address>"
/c/slb/group <user-specified instance name>_grp
ipver v4
health link
add <user-specified instance name>_<generated index number>
name "DefenseSSL.srv"
/c/slb/virt <user-specified instance name>
ena
ipver v4
vname "secureservice.<user-specified instance name>"
/c/slb/virt <user-specified instance name>/service 80 http
group <user-specified instance name>_grp


/c/slb/virt <user-specified instance name>/service 443 https
dbind ena
/c/slb/virt <user-specified instance name>/service 443 https/ssl
sslpol 1
/c/l3/arp/static
add <user-specified IP address> <user-specified MAC address> <user-
specified VLAN> <user-specified port>
Microsoft Exchange 2010—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Exchange 2010 AppShape generates.
Note: For more information on the Microsoft Exchange AppShape type, see Configuring a Microsoft
Exchange 2010 AppShape Instance, page 275.

name "MicrosoftExchange.<generated index number>"
ena
name "SSL.Exchange.2010"
ena
name "Exchange.<generated index number>"
ena
/c/slb/real <user-specified virtual-server name>_<generated index number>
ena
ipver v4
name "Exchange. <user-specified IP address>"
ena
ipver v4


ena
ipver v4
ena
ipver v4
/c/slb/group <user-specified virtual-server name>_grpCAS
ipver v4
health http
add <user-specified virtual-server name>_<generated index number>
name "Exchange_CAS.group"
/c/slb/group <user-specified virtual-server name>_grpSMTP
ipver v4
health smtp
name "Exchange_SMTP.group"
/c/slb/pip/type vlan [Specified by user because connection management was
enabled]
/c/slb/pip/type port [Specified by user because connection management was
enabled]
/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by
user because connection management was enabled]
ena
ipver v4
group <user-specified virtual-server name>_grpCAS
rport 80
dbind ena
tmout 60


connmgt ena 20
/c/slb/virt <user-specified virtual-server name>/service 25 smtp
group <user-specified virtual-server name>_grpSMTP
rport 25
tmout 60
/c/slb/virt <user-specified virtual-server name>/service 135 basic-slb
rport 135
tmout 60
rport 59532
rport 59531
rport 80
dbind ena
tmout 60
srvrcert <user-specified certificate>
rport 143
dbind ena
tmout 60


rport 110
dbind ena
tmout 60
Microsoft Exchange 2013—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Exchange 2013 AppShape generates.
Exchange 2013 AppShape Instance, page 279.

name "WebApplication. <generated index number>"
minsize 1
ena
/c/slb/ssl/certs/key <user-specified certificate>
/c/slb/ssl/certs/cert <user-specified certificate>
name "Exchange_2013. <generated index number>"
cipher "all"
convert disabled
ena
/c/slb/ssl/sslpol <generated index number>/backend
ssl enabled
ena
ipver v4
name "Exchange2013.<user-specified IP address>"


ena
ipver v4
name "Exchange2013.<user-specified IP address>"
ena
ipver v4
name "Exchange2013. <user-specified IP address>"
/c/slb/group <user-specified instance name>_grpCAS
ipver v4
metric roundrobin
health https
name "CAS.443.Group"
/c/slb/group <user-specified instance name>_grpIMAP
ipver v4
metric roundrobin
health imap
name "IMAP"
/c/slb/group <user-specified instance name>_grpPOP3
ipver v4
metric roundrobin
health pop3
name "POP3"
ena
ipver v4
vname "CAS.HTTPS"
group <user-specified instance name>_grpCAS
rport 443

dbind forceproxy
/c/slb/virt <user-specified instance name>/service 443 https/http
comppol 1
sslpol 1
/c/slb/virt <user-specified instance name>/service 110 pop3
group <user-specified instance name>_grpPOP3
rport 110
/c/slb/virt <user-specified instance name>/service 143 imap
group <user-specified instance name>_grpIMAP
rport 143
/c/slb/virt <user-specified instance name>/service 993 basic-slb
group <user-specified instance name>_grpIMAP
rport 993
/c/slb/virt <user-specified instance name>/service 995 basic-slb
group <user-specified instance name>_grpPOP3
rport 995
/c/slb/virt <user-specified instance name>/service 25 smtp
group <user-specified instance name>_grpCAS
rport 25
Microsoft Link External—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Link External AppShape generates.
Lync External AppShape Instance, page 283.
/c/slb/real <user-specified instance name>_AV_<generated index number>

ena
ipver v4


/c/slb/real <user-specified instance name>_CWA_<generated index number>
ena
ipver v4
/c/slb/real <user-specified instance name>_SIP_<generated index number>
ena
ipver v4
/c/slb/group <user-specified instance name>_AV
ipver v4
add <user-specified instance name>_AV_<generated index number>
name "Lync.edge.av.443"
/c/slb/group <user-specified instance name>_CWA
ipver v4
add <user-specified instance name>_CWA_<generated index number>
name "CWA.Service.group"
/c/slb/group <user-specified instance name>_IM
ipver v4
name "Lync.edge.im.443"
/c/slb/group <user-specified instance name>_MEETING
ipver v4
name "Lync.edge.meeting.HTTPS.443"
/c/slb/group <user-specified instance name>_SIP
ipver v4
add <user-specified instance name>_SIP_<generated index number>
name "Lync.edge.HTTPS.SIP.443"
/c/slb/virt <user-specified instance name>_AV
ena
ipver v4
/c/slb/virt <user-specified instance name>_AV/service 443 https
group <user-specified instance name>_AV
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_CWA

ena
ipver v4
/c/slb/virt <user-specified instance name>_CWA/service 443 https
group <user-specified instance name>_CWA
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_MEETING
ena
ipver v4
/c/slb/virt <user-specified instance name>_MEETING/service 443 https
group <user-specified instance name>_MEETING
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_PROXY
ena
ipver v4
vname "lm.Proxy_<user-specified instance name>_PROXY"
/c/slb/virt <user-specified instance name>_PROXY/service 443 https
group <user-specified instance name>_IM
rport 4443
tmout 30
/c/slb/virt <user-specified instance name>_SIP
ena
ipver v4
/c/slb/virt <user-specified instance name>_SIP/service 443 https
group <user-specified instance name>_SIP
rport 443
tmout 30
/c/slb/virt <user-specified instance name>_STUN
ena
ipver v4


/c/slb/virt <user-specified instance name>_STUN/service 3478 basic-slb
group <user-specified instance name>_AV
rport 3478
protocol udp
tmout 30
Microsoft Link Internal—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Microsoft Link Internal AppShape generates.
Lync Internal AppShape Instance, page 286.
/c/slb/accel/compress/comppol 1
name "cwa"
minsize 1
ena
name "Lync.SSL.policy"
ena
/c/slb/real <user-specified instance name>_CWA_<generated index number>
ena
ipver v4
/c/slb/group <user-specified instance name>_CWA
ipver v4
content "<user-specified port>"
add <user-specified instance name>_CWA_<generated index number>
name "Lync.CWA.Group"
/c/slb/group <user-specified instance name>_Directors_1
ipver v4
content "5061"

name "Lync.Directors"
/c/slb/group <user-specified instance name>_Directors_2
ipver v4
name "Lync.Director.5060"
/c/slb/group <user-specified instance name>_EDGE_1
ipver v4
name "EDGE.Replication.4443"
ipver v4
name "EDGE.INT.443"
ipver v4
name "EDGE.INT.5061"
ipver v4
ipver v4
name "GE.INT.UDP.STUN.3478"
ipver v4
/c/slb/group <user-specified instance name>_Fronted_1 TBD 3.40, Nir is fixing
all to “Frontend_x”.
ipver v4
content "5060"
name "Lync.frontend.SIP.5060"
/c/slb/group <user-specified instance name>_Fronted_2
ipver v4
content "444"
name "Lync.frontend.HTTPS.conf.444"
ipver v4
content "443"
name "Lync.frontend.HTTPS.443"
ipver v4
content "5061"
name "Lync.frontend.MTLS.5061"

ipver v4
content "135"
name "Lync.frontend.DCOM.135"
ipver v4
name "Proxy.to.FE.4443"
ipver v4
name "FE.IM.REQ.8057"
ipver v4
name "fe.web.service.8080"
ipver v4
name "FE.CALL.ADM.448"
ipver v4
name "FE.App.Share.5065"
ipver v4
name "FE.monitoring.5069"
ipver v4
name "FE.RES.GROUP.5071"
ipver v4
name "FE.SIP.REQ.5072"
ipver v4
name "FE.CONF.ANOUN.5073"
ipver v4
name "FE.SIP.REQ.CALL.PRK.5075"
ipver v4
name "FE.AUDIO.TEST.5076"
ipver v4
name "FE.AV.AGE.TURN.TRAFF.5080"

/c/slb/virt <user-specified instance name>_CWA

ena
ipver v4
/c/slb/virt <user-specified instance name>_CWA/service 443 https
group <user-specified instance name>_CWA
dbind ena
/c/slb/virt <user-specified instance name>_CWA/service 443 https/http
comppol 1
httpmod 1
/c/slb/virt <user-specified instance name>_CWA/service 443 https/ssl
srvrcert cert cer
sslpol 1
/c/slb/virt <user-specified instance name>_Directors
ena
ipver v4
/c/slb/virt <user-specified instance name>_Directors/service 5061 basic-slb
group <user-specified instance name>_Directors_1
rport 5061
tmout 20
/c/slb/virt <user-specified instance name>_Directors/service 5060 sip
group <user-specified instance name>_Directors_2
rport 5060
tmout 20
/c/slb/virt <user-specified instance name>_EDGE_1
ena
ipver v4
/c/slb/virt <user-specified instance name>_EDGE_1/service 3478 basic-slb
group <user-specified instance name>_EDGE_5
rport 3478
protocol udp
tmout 30

ena
ipver v4
/c/slb/virt <user-specified instance name>_EDGE_2/service 443 https
rport 443
tmout 30
ena
ipver v4
rport 5062
tmout 30
ena
ipver v4
rport 8057
tmout 30
ena
ipver v4
rport 5061
tmout 30
ena
ipver v4


rport 4443
/c/slb/virt <user-specified instance name>_Fronted_1
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_1/service 135 basic-slb
group <user-specified instance name>_Fronted_5
rport 135
tmout 30
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_2/service 443 https
rport 443
tmout 30
direct dis
ena
ipver v4
rport 444
tmout 30
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_4/service 5060 sip
rport 5060


tmout 30
ena
ipver v4
rport 5061
tmout 30
ena
ipver v4
rport 5065
tmout 30
ena
ipver v4
rport 4443
ena
ipver v4
rport 5069
ena
ipver v4


rport 8057
tmout 30
ena
ipver v4
rport 448
tmout 30
ena
ipver v4
rport 5071
ena
ipver v4
rport 5072
ena
ipver v4
rport 5073

tmout 30
ena
ipver v4
rport 5075
ena
ipver v4
rport 5076
ena
ipver v4
rport 5080
ena
ipver v4
/c/slb/virt <user-specified instance name>_Fronted_17/service 8080 http
rport 8080
/c/slb/layer7/httpmod <generated index number>
ena
name "htto.to.https.lync.cwa"
/c/slb/layer7/httpmod <generated index number>/rule <generated index number>
text
name "htto.to.https.cwa"
directn resp

body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
<user-specified domain>"
Oracle E-Business—AppShape-generated Configuration

The following is the Alteon CLI configuration that the Oracle E-Business AppShape generates.
Note: For more information on the Oracle E-Business AppShape type, see Configuring an Oracle E-
Business AppShape Instance, page 290.

name "oracle.<generated index number>"
minsize 1024
ena
name "Oracle.SSL.offloading.<generated index number>"
ena
name "oracle.cache.<generated index number>"
ena
ena
ipver v4
name "Oracle.app<user-specified IP address>"
ipver v4
name "oracle.app"
ena
ipver v4
vname "Oracle.e-buiss.<user-specified instance name>"

action redirect
rport 0
redirect "https://$HOST/$PATH/"
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 80 http/http
rport 8000
dbind forceproxy
ptmout 720
srvrcert cert <user-specified certificate ID>
Oracle SOA Suite 11g—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Oracle SOA Suite 11g AppShape generates.
Note: For more information on the Oracle SOA Suite 11g AppShape type, see Configuring an Oracle
SOA Suite 11g AppShape Instance, page 292.

name "oracle.comp_<generated index number>"
ena
name "webtierssl_<generated index number>"
ena
ena

ipver v4
health http
slowstr 180
name "webtier"
/c/slb/virt <user-specified instance name>_<generated index number>
ena
ipver v4
/c/slb/virt <user-specified instance name>_<generated index number>/service 80
http
rport 7777
dbind ena
http/http
cachepol 1
https
rport 7777
pbind clientip
dbind ena
https/http
https/ssl
ena
ipver v4
http
rport 7777
dbind forceproxy
http/http


ena
ipver v4
http
group MyOracleSOASuite11gIn_grp
rport 7777
dbind forceproxy
http/http
Oracle WebLogic 12c—AppShape-generated

Configuration
The following is the Alteon CLI configuration that the Oracle WebLogic 12c AppShape generates.
Note: For more information on the Oracle WebLogic 12c AppShape type, see Configuring an Oracle
WebLogic 12c AppShape Instance, page 294.

name "compression.<generated index number>"
minsize 1024
ena
/c/slb/ssl/sslpol<generated index number>
name "SSL.<generated index number>"
ena
ena
ipver v4
name "Weblogic.<user-specified IP address>"

ipver v4
metric roundrobin
name "weblogic.group"
ena
ipver v4
vname "Weblogic.<user-specified instance name>"
action redirect
rport 0
redirect "https://$HOST/$PATH/"
dbind ena
rport 7001
dbind forceproxy
SharePoint 2010—AppShape-generated Configuration

The following is the Alteon CLI configuration that the SharePoint 2010 AppShape generates.
Note: For more information on the SharePoint 2010 AppShape type, see Configuring a SharePoint
2010 AppShape Instance, page 296.
User specified enable disable.

name "SharePoint.<index number>"
ena
User specified enable disable
/c/slb/ssl/sslpol <index number>
name "SharePoint. < generated index number>"

ena
/c/slb/ssl/sslpol < generated index number>/passinfo
frontend enabled
User specified enable disable
name "SharePoint. <generated index number>"
minsize 1024
ena
ena
ipver v4
name "SharePoint. <user-specified IP address>"
ena
ipver v4
name "SharePoint.<user-specified IP address>"
/c/slb/group <user-specified virtual-server name>_grp
ipver v4
metric <user-specified metric>
health <user-specified type>
add <user-specified virtual-server name>_<generated suffix first>
add <user-specified virtual-server name>_<generated suffix next>
name "SharePoint.group"
/c/slb/pip/type vlan [Specified by user because connection management was
enabled]
/c/slb/pip/type port [Specified by user because connection management was
enabled]
/c/slb/pip/add <user-specified IP address> <user-specified port> [Specified by
user because connection management was enabled.]
ena
ipver v4
vname "SharePoint.<user-specified virtual-server name>"
group .<user-specified virtual-server name>_grp
rport 80

dbind forceproxy
report real
rport 80
dbind forceproxy
report real
connmgt ena 10
httpmod <generated index number>
/c/slb/virt <user-specified virtual-server name>/service 443 https/<generated
index number>
ena
name "http.to.https.sharepoint"
/c/slb/layer7/httpmod <generated index number>/rule 1 text
ena
directn resp
body include
action replace "FROMTEXT=http://<user-specified domain>" "TOTEXT=https://
SharePoint 2013—AppShape-generated Configuration

The following is the Alteon CLI configuration that the SharePoint 2013 AppShape generates.
Note: For more information on the SharePoint 2013 AppShape type, see Configuring a SharePoint
2013 AppShape Instance, page 298.

name "comp<generated index number>"

minsize 1
ena
/c/slb/ssl/sslpol 1
name "SharePoint_2013. <generated index number>"
ena
ena
ipver v4
name "SP2013.<user-specified IP address>"
ipver v4
metric roundrobin
name "sp.group"
ena
ipver v4
vname "SP.<user-specified instance name>"
dbind ena
httpmod <generated index number>
/c/slb/real <user-specified instance name>_<generated index number>/layer7
addlb <generated index number>
/c/slb/virt <user-specified instance name>/service 443 https/pbind cookie
insert
/c/slb/virt <user-specified instance name>/service 443 https/http/rcount
<generated index number>


ena
/c/slb/layer7/httpmod 1/rule <generated index number> text
ena
name "http.to.https.sharepoint2013"
directn resp
body include
action replace "FROMTEXT=http:// <user-specified domain>" "TOTEXT=https://
VMware View 5.1—AppShape-generated Configuration

The following is the Alteon CLI configuration that the VMware View 5.1 AppShape generates.
Note: For more information on the VMware View 5.1 AppShape type, see Configuring an VMware
View 5.1 AppShape Instance, page 300.

name "comp.<generated index number>"
minsize 1024
ena
name "View.<generated index number>"
convert disabled
ena
/c/slb/ssl/sslpol <generated index number>/backend
ssl enabled
ena
ipver v4
name "View.Connector.<user-specified IP address>"
ipver v4
metric phash 255.255.255.255


name "View.connectors"
ena
ipver v4
vname "View.<user-specified instance name>"
rport 443
dbind forceproxy
Zimbra—AppShape-generated Configuration
The following is the Alteon CLI configuration that the Zimbra AppShape generates.
Note: For more information on the Zimbra AppShape type, see Configuring a Zimbra AppShape
Instance, page 302.

name "Zimbra.<generated index number>"
minsize 1024
ena
/c/slb/ssl/certs/request <user-specified certificate >
/c/slb/ssl/certs/cert <user-specified certificate >
/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>
name "Zimbra.<user-specified instance name>_ssl<generated index number>"
ena
/c/slb/ssl/sslpol <user-specified instance name>_ssl<generated index number>
cipher "all"

convert disabled
ena
ena
ipver v4
name "Zimbra.<user-specified IP address>"
/c/slb/group <user-specified instance name>_grp<generated index number>
ipver v4
metric phash 255.255.255.255
name "zimbra.HTTP.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.pop3.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.ldap.servers"
/c/slb/group MyZimbraInstance_grp<generated index number>
ipver v4
metric phash 255.255.255.255
name "zimbra.imap.servers"
ipver v4
metric phash 255.255.255.255
name "zimbra.smtp.servers"
ena
ipver v4
vname "zimbra.servers.MyZimbraInstance"

group <user-specified instance name>_grp<generated index number>

rport 80
dbind forceproxy
xforward ena
sslpol <user-specified instance name>_ssl<generated index number>
/c/slb/virt <user-specified instance name>/service 993 ssl
name "Secure.IMAP"
rport 143
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 993 ssl/ssl
name "Secure.POP3"
rport 110
dbind forceproxy
name "Secure.SMTP"
rport 25
dbind forceproxy
/c/slb/virt <user-specified instance name>/service 389 ldap
rport 389
/c/slb/virt <user-specified instance name>/service 25 smtp
rport 25


/c/slb/virt <user-specified instance name>/service 110 pop3
rport 110
/c/slb/virt <user-specified instance name>/service 143 imap
rport 143


APPENDIX E – USING THE EVENT
EXPORTER
This appendix contains the following sections, which describe the output of the event exporter:
• Event-Record Structure and Content, page 805
• DFBdosBaseline (DefenseFlow BDoS Baseline) Records, page 805
• DFSecurityAttack (DefenseFlow Security Attack) Records, page 807
• DFTrafficUtilization (DefenseFlow Traffic Utilization) Records, page 811
• DPSecurityAttack (DefensePro Security Attack) Records, page 812
• DPTrafficUtilization (DefensePro Traffic Utilization) Records, page 817
Note: For information on managing the event exporter, see System Exporter Commands (Event
Exporter), page 695.
Event-Record Structure and Content

The records from the event exporter are structured to provide all available information on occurring
security events.
Each field is separated by a single space character.
Fields that may contain spaces are enclosed between double quotation marks.
Security events can last from seconds to hours, and even days. Many of the DefensePro protection
modules can identify continuous ongoing events, and generate a series of records for the events. In
such cases, DefensePro uses the same unique ID for all the events.
DFBdosBaseline (DefenseFlow BDoS Baseline) Records

The following table describes the fields of the DFBdosBaseline (DefenseFlow BDoS Baseline) records
from the event exporter.
Table 550: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields
Field Description Example or Static Values

DFBDosRealTimeEdgeE The entity type of the DFBDosRealTimeEdgeEntity
ntity record. There is no
value attached to this
field.
tcp Specifies whether the false
protected object
includes TCP in the
BDoS Protection
Settings.
normal The legitimate traffic. 0.8

Using the Event Exporter
Table 550: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields (cont.)

normalEdge The statistically 792.0064
calculated baseline
traffic rate.
policyName The name of the PO_John
configured Security
Policy that was set to
mitigate the attack. The
default policy name is
the name of the
protected object.
Policies in DefenseFlow
cannot be edited.
enrichmentContainer This field is for internal {}
use.
protection The traffic type of the icmp
attack.
units The unit of bps
measurement for the
traffic rate.
totalTraffic The total traffic that the 4800.2705
device sees for the
specific protection type
and direction.
timeStamp The time, in 13-digit 1504185750104
Unix format, that the
DefenseFlow device
record was generated.
suspectedAttack The traffic rate that 3200.0017
indicates a change in
traffic that might be an
attack.
legitimateTraffic The actual forwarded 885.60565
traffic rate, after the
mitigation device
managed to block the
attack.
When there is no
attack, the totalTraffic
and legitimateTraffic are
equal.
ipVersion The IP version of the IPv6
traffic on which the
record reports.
doa Degree of Attack. A 5
numeric value that
evaluates the current
level of attack. A value
of 8 or greater signifies
an attack.
partial The legitimate traffic. 0.13

Table 550: DFBdosBaseline (DefenseFlow BDoS Baseline) Fields (cont.)

protectedObjectName The name of the PO_John
protected object that
was attacked.
direction The direction of the Values: In, Out
attack, inbound or
outbound.
suspectedEdge The traffic rate that 1600.0065
indicates a change in
traffic that might be an
attack.
full The actual overall 0.19
traffic.
DFSecurityAttack (DefenseFlow Security Attack) Records

The following table describes the fields of the DFSecurityAttack (DefenseFlow Security Attack)
records from the event exporter.
Table 551: DFSecurityAttack (DefenseFlow Security Attack) Fields

DFAttackEntity The entity type of the DFAttackEntity
record. There is no value
attached to this field.
sourcePort The source L4 port that 29100
the attack uses or used.
vlanTag The VLAN tag value or 172
Context Group in the
policy that handled the
attack.
The VLAN tag or Context
Group identifies similar
information in this field.
versions support VLAN
tags. DefensePro 8.x
versions support Context
Groups.
packetCount The packet count of the 2000
attack.
destMsisdn The MSISDN Resolution Unknown
feature is not supported
currently.
protocol The protocol that the NonIP
attack uses or used.
destPort The destination port that 443

Table 551: DFSecurityAttack (DefenseFlow Security Attack) Fields (cont.)

threatGroup This field is for internal DDoSGroup
use.
destAddress The destination IP address 10.0.0.2
that the attack uses or
used.
ruleName The name of the user- PO_John_1
defined protected object.
startTime The time, in 13-digit Unix 1504186486428
notation, that the attack
started.
radwareId The Radware DefensePro -1
Attack-Protection
Note: The value -1 signifies N⁄A.
identifier issued by the
device. For more
information, see
DefensePro Attack-
Protection ID Numbers,
page 819.
direction The direction of the In
attack, inbound or
outbound.
Values: In, Out
mplsRd The Multi-protocol Label 211
Switching Route
Distinguisher in the policy
that handled the attack.
attackIpsId The unique identifier of 2455492_10.0.0.2/
the attack, issued from 32_null_null_EXTERNAL_DETECTOR
the mitigation device.
sourceAddress The source IP address of 192.168.172.1
the attack. If there are
multiple IP sources for an
attack, this field displays
Multiple. The multiple IP
addresses are displayed in
the Attack Details window.
Multiple may also refer to
cases when DefensePro
cannot report a specific
value.
srcMsisdn The MSISDN Resolution Unknown
currently.
enrichmentContainer This field is for internal {}
use.
physicalPort The port on the device to 0
which the attack packets
arrived.


actionType The reported action Values:
against the attack. • Bypass—DefensePro does not protect
The actions are specified against this attack, but rather, sends its
in the protection profile, data out of the device, and may report it.
which may or may not be • Challenge—DefensePro challenges the
available or relevant for packet.
your system.
• Destination Reset—DefensePro sends a
TCP-Reset packet to the destination IP
address and port.
• Drop & Quarantine—DefensePro discards
the traffic and adds the destination to the
Web quarantine.
• Forward—DefensePro continues to process
the traffic and eventually forwards the
packet to its destination.
• Proxy
• Quarantine—DefensePro adds the
• Source Destination Reset—DefensePro
sends a TCP-Reset packet to both the
packet source IP and the packet destination
IP address.
• Source Reset—DefensePro sends a TCP-
Reset packet to the packet source IP
address.
• Http 200 Ok—DefensePro sends a 200 OK
response using a predefined page and
leaves the server-side connection open.
• Http 200 Ok Reset Dest—DefensePro sends
a 200 OK response using a predefined page
and sends a TCP-Reset packet to the server
side to close the connection.
• Http 403 Forbidden—DefensePro sends a
403 Forbidden response using a predefined
page and leaves the server-side connection
open.
packetBandwidth The attack bandwidth in 256
kbit⁄s.
name The attack name. Unknown


risk The risk level that Values:
DefensePro classifies the • Info—The risk does not pose a threat to
security event. normal service operation.
• Low—The risk does not pose a threat to
normal service operation, but may be part
of a preliminary action for malicious
behavior.
• Medium—The risk may pose a threat to
normal service operation, but is not likely to
cause complete service outage, remote
code execution, or unauthorized
access.High—The risk is very likely to pose
a threat to normal service availability, and
may cause complete service outage, remote
code execution, or unauthorized access.
endTime The time, in 13-digit Unix 1504185481240
ended.
category The threat type to which Values:
this attack belongs.
• Anomalies1 (in DefenseFlow, detection was
performed by an external detector)
• BehavioralDoS (in DefenseFlow, detection
was performed by DefenseFlow BDoS)
status The attack status. Terminated
protectedObjectNam The name of the protected PO_John
e object.
1 – Once DefensePro reports a Packet Anomaly attack of a certain radwareId, the status
value Occurred and the startTime value remain indefinitely. For example, suppose a
new DefensePro device starts identifying and handling a Packet Anomaly attack with
radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One
month later, the DefensePro device starts identifying and handling another Packet Anom-
aly attack with radwareId 105. The startTime value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see the APSolute Vision
online help or the DefensePro User Guide.)

DFTrafficUtilization (DefenseFlow Traffic Utilization)

Records
The following table describes the fields of the DFTrafficUtilization (DefenseFlow Traffic Utilization)
Table 552: DFTrafficUtilization (DefenseFlow Traffic Utilization) Fields

DFTrafficUtilizationRa The entity type of the DFTrafficUtilizationRawEntity
wEntity record. There is no value
discarded The discarded traffic for the 0.0
specified protocol.
monitoringProtocol The traffic protocol. Values:
• tcp
• udp
• icmp
• igmp
• sctp
• other—The statistics of the traffic that is
not TCP, UDP, ICMP, IGMP, or SCTP
• all—Total traffic statistics
policyName The name of the configured PO_John_1
Security Policy.
inbound The rate of inbound traffic 933.0
for the protocol identified in
the record.
dropped The rate of traffic dropped 0.0
the record.
enrichmentContainer This field is for internal use. {}
cleanAmount This field is for future use. 27990.0
clean This field is for future use. 933.0
discardedAmount This field is for future use. 0.0
physicalPort The physical port of the -1
mitigation device.
timeStamp The time, in 13-digit Unix 1504186700069
notation, that the
DefenseFlow device sent the
record.
diverted The rate of diverted traffic 0.0
the record.
droppedAmount This field is for future use. 0.0

Table 552: DFTrafficUtilization (DefenseFlow Traffic Utilization) Fields (cont.)

unit The unit of measurement for Values:
the traffic rate. • Kbps—Kilobits per second
• pps—Packets per second
divertedAmount This field is for future use. 0.0
id N⁄A null
inboundAmount This field is for future use. 27990.0
protectedObjectNam The name of the protected PO_John
e object.
DPSecurityAttack (DefensePro Security Attack) Records

The following table describes the fields of the DPSecurityAttack (DefensePro Security Attack) records
from the event exporter.
Table 553: DPSecurityAttack (DefensePro Security Attack) Fields

Entity Type The entity type of the Values:
record. There is no value • AclAttackEntity
• AntiScanEntity
• BwmAttackEntity
• BDosAttackEntity
• DnsAttackEntity
• DosShieldAttackEntity
• IntrusionsAttackEntity
• AnomaliesAttackEntity
• StatefulACLAttackEntity
• SynFloodAttackEntity
deviceIp The device IP address that 172.16.22.47
sourcePort The source L4 port that Multiple
vlanTag The VLAN tag value or Multiple
Context Group in the
policy that handled the
attack.
The VLAN tag or Context
Group identifies similar
information in this field.
versions support VLAN
tags. DefensePro 8.x
versions support Context
Groups.

Table 553: DPSecurityAttack (DefensePro Security Attack) Fields (cont.)

packetCount The packet count of the 37859
attack.
destMsisdn The MSISDN Resolution N⁄A
currently.
protocol The protocol that the IP
destPort The destination port that Multiple
destAddress The destination IP address Multiple
that the attack uses or
used.
ruleName The name of the Black List
Protection policy
associated with the record.
radwareId The unique attack 8
identifier issued by the
device.
startTime The time, in millis, that 1504181689804
the attack started.
direction The direction of the attack, In
inbound or outbound.
Values: In, Out
mplsRd The Multi-protocol Label Multiple
Switching Route
Distinguisher in the policy
that handled the attack.
attackIpsId The unique ID of the 3383-1402580209
attack from DefensePro.
sourceAddress The source IP address of Multiple
the attack. If there are
multiple IP sources for an
attack, this field displays
Multiple. The multiple IP
addresses are displayed in
the Attack Details window.
Multiple may also refer to
cases when DefensePro
cannot report a specific
value.
srcMsisdn The MSISDN Resolution N⁄A
currently.
physicalPort The port on the device to Multiple
which the attack packets
arrived.


actionType The reported action Values:
against the attack. The • Bypass—DefensePro does not protect
actions are specified in the against this attack, but rather, sends its
protection profile, which data out of the device, and may report it.
may or may not be
available or relevant for • Challenge—DefensePro challenges the
your system. packet.
• Destination Reset—DefensePro sends a
TCP-Reset packet to the destination IP
address and port.
• Drop & Quarantine—DefensePro discards
the traffic and adds the destination to the
Web quarantine.
• Forward—DefensePro continues to
process the traffic and eventually
forwards the packet to its destination.
• Proxy
• Quarantine—DefensePro adds the
• Source Destination Reset—DefensePro
sends a TCP-Reset packet to both the
packet source IP and the packet
destination IP address.
• Source Reset—DefensePro sends a TCP-
Reset packet to the packet source IP
address.
• Http 200 Ok—DefensePro sends a 200 OK
leaves the server-side connection open.
• Http 200 Ok Reset Dest—DefensePro
sends a 200 OK response using a
predefined page and sends a TCP-Reset
packet to the server side to close the
connection.
• Http 403 Forbidden—DefensePro sends a
403 Forbidden response using a
predefined page and leaves the server-
side connection open.
• Http 403 Forbidden Reset Dest—
DefensePro sends a 403 Forbidden
sends a TCP-Reset packet to the server
side to close the connection.
packetBandwidth The attack bandwidth in 0
kbit⁄s.
name The attack name. BL


risk The risk level that Values:
DefensePro classifies the • Info—The risk does not pose a threat to
security event. normal service operation.
• Low—The risk does not pose a threat to
normal service operation, but may be part
of a preliminary action for malicious
behavior.
• Medium—The risk may pose a threat to
normal service operation, but is not likely
to cause complete service outage, remote
code execution, or unauthorized
access.High—The risk is very likely to
pose a threat to normal service
availability, and may cause complete
service outage, remote code execution, or
unauthorized access.
endTime The time, in 13-digit Unix 1504181694709
ended.
category The threat type to which Values:
this attack belongs. • ACL
• Anomalies1
• Anti-Scanning
• Bandwidth Management
• BehavioralDoS
• DNS Flood
• DoS
• HTTP Flood
• Intrusions
• Server Cracking
• Stateful ACL
• SYN Flood


status The last-reported status of Values:
the attack. • Started—An attack containing more than
one security event has been detected.
(Some attacks contain multiple security
events, such as DoS, Scans, and so on.)
• Occurred—Only for signature-based
attacks. Each packet matched with
signatures was reported as an attack and
dropped.
• Ongoing—The attack is currently taking
place, that is, the time between Started
and Terminated (for attacks that contain
multiple security events, such as DoS,
Scans, and so on).
• Terminated—There are no more packets
matching the characteristics of the attack,
and the device reports that the attack has
ended.
• sampled—Along with messages that have
the status value Ongoing, some
DefensePro protection modules can send
additional records with the status value
Sampled. These records provide Layer 4
parameters of specific packets that were
classified as part of the security event.
Each of these records includes the same
unique ID that is used for other messages
(Started/Ongoing/Terminated). The
packetBandwidth value in these records
may contain the value for bandwidth or
packet size. DefensePro normalizes the
measured bandwidth or packet size. The
normalization function always rounds
down the value. For example, in such
records, DefensePro reports values of 1–
127 as 0, values of 128–255 as 1, and so
on.
1 – Once DefensePro reports a Packet Anomaly attack of a certain Radware ID, the status
value Occurred and the startTime value remain indefinitely. For example, suppose a
new DefensePro device starts identifying and handling a Packet Anomaly attack with
radwareId 105 with the start time 20.02.2017 15:19:09. The attack subsides. One
month later, the DefensePro device starts identifying and handling another Packet Anom-
aly attack with radwareId 105. The Start Time value 20.02.2017 15:19:09 is
reported. (For more information on Packet Anomaly protection, see the APSolute Vision
online help or the DefensePro User Guide.)

DPTrafficUtilization (DefensePro Traffic Utilization)

Records
The following table describes the fields of the DPTrafficUtilization (DefensePro Traffic Utilization)
Table 554: DPTrafficUtilization (DefensePro Traffic Utilization) Fields

DPTrafficUtilizationRawEntity The entity type of DPTrafficUtilizationRawEntity
the record. There is
no value attached to
this field.
discardsAmount This field is for future 0
use.
deviceIp The device IP 172.16.22.47
address that the
monitoringProtocol The traffic protocol. Values:
• tcp
• udp
• icmp
• igmp
• sctp
• other—The statistics of the traffic that is
not TCP, UDP, ICMP, IGMP, or SCTP
• all—Total traffic statistics
policyName The name of the 5-Y0LK7XK0_BDHJ5939_Green_Cloud
Protection policy
associated with the
record.
trafficValueAmount This field is for future 0
use.
excludedAmount This field is for future null
use.
enrichmentContainer This field is for {}
internal use.
physicalPort The physical port of -1
the DefensePro
device.
excluded The rate of excluded null
traffic, which is
related to the Traffic
Exclusion
implementation.1
timeStamp The time, in 13-digit 1504181395664
Unix notation, of the
APSolute
Visionserver.

Table 554: DPTrafficUtilization (DefensePro Traffic Utilization) Fields (cont.)

unit The unit of measure Values: pps, kbps
for the traffic rate.
minuteOfDay This field is for future 729
use.
discards The rate of dropped 0
traffic.
trafficValue The rate of inbound 0
traffic.
id This field is for future null
use.
direction The traffic direction Values: Inbound, Outbound
to which the record
Note: The direction of traffic between a
relates.
pair of ports is defined by the In Port
setting in the port pair configuration.
1 – Traffic Exclusion is when DefensePro passes through all traffic that matches no Protec-
tion policy configured on the device. In DefensePro 7.x and 8.x versions, Traffic Exclu-
sion is always enabled. DefensePro x412 platforms with the DME, running 6.x versions
generate records with an excluded value when the Traffic Exclusion checkbox is
selected. For more information on Traffic Exclusion, see the relevant section in the APSo-
lute Vision online help.

APPENDIX F – DEFENSEPRO ATTACK-
PROTECTION ID NUMBERS
This appendix describes the DefensePro Attack-Protection IDs.
Note: Some DefensePro versions do not support all the attack-protections listed in the following
table. For the list of Attack-Protection IDs for a specific DefensePro version, please refer to the
relevant DefensePro User Guide.

DefensePro Attack-Protection ID Numbers
Table 555: DefensePro Attack-Protection IDs
ID Number or Attack-Protection Name Category Default Default Report Description

Range (for Reporting) Risk Action Action
8 Black List Access Black-list access violation.
9 White List N/A White-list encounters are not reported
as security events.
70 Network flood IPv4 UDP Behavioral-DoS Network flood IPv4 UDP.
71 Network flood IPv4 ICMP Behavioral-DoS Network flood IPv4 ICMP.
72 Network flood IPv4 IGMP Behavioral-DoS Network flood IPv4 IGMP.
73 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with SYN flag.
SYN
74 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with RST flag.
RST
75 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with ACK flag.
ACK
76 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with PSH flag.
PSH
77 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with FIN flag.
FIN
78 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with SYN and
SYN-ACK ACK flags
79 Network flood IPv4 TCP- Behavioral-DoS Network flood IPv4 TCP with FRAG
FRAG flag.
80 Network flood IPv6 UDP Behavioral-DoS Network flood IPv6 UDP.
81 Network flood IPv6 ICMP Behavioral-DoS Network flood IPv6 ICMP.
82 Network flood IPv6 IGMP Behavioral-DoS Network flood IPv6 IGMP.
83 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with SYN flag.
SYN
84 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with RST flag.
RST

Table 555: DefensePro Attack-Protection IDs (cont.)

85 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with ACK flag.
ACK
86 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with PSH flag.
PSH
87 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with FIN flag.
FIN
88 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with SYN and
SYN-ACK ACK flags.
89 Network flood IPv6 TCP- Behavioral-DoS Network flood IPv6 TCP with FRAG
FRAG flag.
90 Network flood IPv4 UDP- Behavioral-DoS Network flood IPv4 UDP with FRAG
FRAG flag.
100 Unrecognized L2 Format Anomalies Low No-report Process Unrecognized L2 format.
103 Incorrect IPv4 checksum Anomalies Low Block Bypass Incorrect IPv4 checksum.
104 Invalid IPv4 Header or Total Anomalies Low Block Bypass Invalid IPv4 header or total length.
Length
105 TTL Less Than or Equal to 1 Anomalies Low Report Process TTL less than or equal to 1.
107 Inconsistent IPv6 Headers Anomalies Low Block Bypass Inconsistent IPv6 headers.
108 IPv6 Hop Limit Reached Anomalies Low Report Process IPv6 hop limit reached.
110 Unsupported L4 Protocol Anomalies Low No-report Process Unsupported L4 protocol.
112 Invalid TCP Header Length Anomalies (This anomaly protection is available
only in DefensePro 5.11 and 5.12.)
Invalid TCP header length.
113 Invalid TCP Flags Anomalies Low Block Bypass Invalid TCP flags.
116 Invalid UDP Header Length Anomalies Invalid UDP header length.
119 Source or Dest Address Anomalies Low Block Bypass Source or destination IP address same
same as Local Host as local host.


120 Source Address same as Anomalies Low Block Bypass Source IP address same as destination
Dest Address (Land Attack) IP address (Land Attack).
The common vulnerability enumerator
(CVE) for this signature is CVE-1999-
0016.
125 L4 Source or Dest Port Zero Anomalies Low Block Bypass Layer 4 source or destination port are
zero.
126 Incorrect GRE Version Anomalies Low Report Bypass Matches packets whose GRE version is
not 0 or 1.
128 Invalid GRE Header Anomalies Low Report Bypass Matches packets where one or more
flags are not RFC compliant or there
are partial or sliced packets.
131 Invalid L4 Header Length Anomalies Low Block Bypass Invalid L4 header length
132 Broadcast Destination MAC Anomalies Low No Report Process The L2 destination MAC is all F values
Address — that is, 0xFFFFFFFFFFFF.
150 HTTP Page Flood Attack HttpFlood HTTP page flood attack.
240 TCP Out-of-State Anomalies TCP Out-of-State floods.
350 SCAN_TCP_SCAN Anti Scan TCP scanning attempt.
351 SCAN_UDP_SCAN Anti Scan UDP scanning attempt.
352 SCAN_ICMP_SCAN Anti Scan ICMP scanning attempt.
400 Brute Force Web A Brute Force Web attack is an
attempt to break into a restricted area
on a site that is protected by native
HTTP authentication.


401 Web Scan A Web-vulnerability scan is an
information-gathering attack that is
usually launched as a prequel to an
intrusion attack on the scanned Web
server. The attacker is trying to gather
the information on the Web server by
sending different types of HTTP
requests and analyzing the server
responses. Automatic tools are often
used in this case.
402 Brute Force SMTP A Brute Force SMTP attack is an
attempt to break into restricted
accounts on the SMTP mail server that
is protected by username and
password authentication.
403 Brute Force FTP A Brute Force FTP attack is an attempt
to break into a restricted account on
the FTP server that is protected by
username and password
authentication.
404 Brute Force POP3 A Brute Force POP3 attack is an
accounts on the POP3 mail server that
is protected by username and
password authentication.
405 Brute Force SIP (UDP) A Brute Force SIP (UDP) attack is an
accounts on the SIP server, over UDP,
which is protected by username and
password authentication. This type of
attack can also cause a Register flood
on the SIP server.


406 Brute Force SIP (TCP) A Brute Force SIP (TCP) attack is an
accounts on the SIP server, over TCP,
password authentication. This type of
attack can also cause a Register flood
on the SIP server.
407 Brute Force MySQL A Brute Force MySQL attack is an
Database accounts on the MySQL
database server that is protected by
authentication.
408 Brute Force MSSQL A Brute Force MSSQL attack is an
attempt to break into a restricted
database accounts on the MSSQL
database server that is protected by
authentication.
409 SIP Scan (UDP) SIP scan attacks intend to identify the
SIP server in order to find
vulnerabilities or to harvest the server
for existing subscriber phone numbers
(also known as SIP users or SIP URI).
The phone numbers can be used later
to launch a SPIT (SPAM over IP
Telephony) attack.


410 SIP Scan (TCP) SIP scan attacks intend to identify the
Telephony) attack.
414 SIP Scan DST (TCP) SIP scan attacks intend to identify the
Telephony) attack.
416 Brute Force SIP DST (TCP) A Brute Force SIP DST (TCP) attack is
an attempt to break into restricted
accounts on the SIP server, over TCP,
password authentication. The specific
attack was detected from error
responses that were found on sessions
that originated from the server. This
type of attack can also cause a
Register flood on the SIP server.
417 Brute Force SMB A Brute Force SMB attack is an
accounts on the SMB (file share)
server that is protected by username
and password authentication.


418 Brute Force SIP DST (UDP) A Brute Force SIP DST (UDP) attack is
an attempt to break into restricted
accounts on the SIP server, over UDP,
password authentication. The specific
attack was detected from error
responses that were found on sessions
that originated from the server. This
type of attack can also cause a
Register flood on the SIP server.
419 SIP Scan DST (UDP) SIP scan attacks intend to identify the
Telephony) attack.
450 DNS flood IPv4 DNS-A DNS-Protection DNS A query flood over IPv4.
451 DNS flood IPv4 DNS-MX DNS-Protection DNS MX query flood over IPv4.
452 DNS flood IPv4 DNS-PTR DNS-Protection DNS PTR query flood over IPv4.
453 DNS flood IPv4 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv4.
454 DNS flood IPv4 DNS-Text DNS-Protection DNS Text query flood over IPv4.
455 DNS flood IPv4 DNS-SOA DNS-Protection DNS SOA query flood over IPv4.
456 DNS flood IPv4 DNS-NAPTR DNS-Protection DNS NAPTR query flood over IPv4.
457 DNS flood IPv4 DNS-SRV DNS-Protection DNS SRV query flood over IPv4.
458 DNS flood IPv4 DNS-Other DNS-Protection DNS Other queries flood over IPv4.
459 DNS flood IPv4 DNS-ALL DNS-Protection DNS query flood over IPv4.
460 DNS flood IPv6 DNS-A DNS-Protection DNS A query flood over IPv6.
461 DNS flood IPv6 DNS-MX DNS-Protection DNS MX query flood over IPv6.


462 DNS flood IPv6 DNS-PTR DNS-Protection DNS PTR query flood over IPv6.
463 DNS flood IPv6 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv6.
464 DNS flood IPv6 DNS-Text DNS-Protection DNS Text query flood over IPv6.
465 DNS flood IPv6 DNS-SOA DNS-Protection DNS SOA query flood over IPv6.
466 DNS flood IPv6 DNS-NAPTR DNS-Protection DNS NAPTR query flood over IPv6.
467 DNS flood IPv6 DNS-SRV DNS-Protection DNS SRV query flood over IPv6.
468 DNS flood IPv6 DNS-Other DNS-Protection DNS Other queries flood over IPv6.
469 DNS flood IPv6 DNS-ALL DNS-Protection DNS query flood over IPv6.
470 DNS RFC-compliance DNS-Protection Low Drop DNS RFC-compliance violation for DNS
violation queries.
700 BWM N/A Bandwidth-management operations
are not reported as security events.
700 HTTPS Flood protection Https HTTPS Flood Protection defends
against HTTPS-flood attacks that send
malicious HTTPS requests to protected
HTTPS servers.
720 SYN Flood protection High According Start, ongoing, and termination of
to policy attacks per protection policy.
Action
721 SYN Flood enabled High According Ongoing message when the SYN rate
protection to policy relative to the first ACK/Data packet
Action rate is above 1000 packets per
second.
724 SYN Protect delete frag Info According Used when a fragmented packet
to policy arrives during the authentication
Action process. The packet will be discarded.


725 SYN Protect delete reset Info According Used when a RESET packet that does
to policy not match an existing session arrives
Action during the authentication process. The
packet will be discarded.
727 SYN Protect full table Medium According Used when the SYN Flood Protection
to policy table is full and the module cannot
Action handle more concurrent
authentication processes. New verified
ACK (or data) packets will be
discarded as long as the table is full.
729 SYN Protect out of context Info According Used when a packet that does not
to policy match an existing session arrives
Action during the authentication process. The
packet will be deleted and a RESET
will be sent to the source.
730 SYN Protect unverified Info Drop Used when a ACK packet arrives with
cookie a SYN cookie that does not match the
one sent by the DefensePro device.
This error is generated only when the
policy is configured with Block and
Report.
731 SYN Protect Info Drop Used when a new session is aged
incompleteness during the authentication process
before the first data packet has
arrived.
732 SYN Protect delete wrong Info Drop Used when an unexpected packet or
tcp one with illegal TCP flags arrives
during the authentication process. The
packet will be discarded.
740 TCP session dropped Stateful-ACL High Drop Reports on traffic that matched an
ACL policy.


741 TCP session allowed Stateful-ACL Info Forward Reports on traffic that matched an
ACL policy.
742 UDP session dropped Stateful-ACL High Drop Reports on traffic that matched an
ACL policy.
743 UDP session allowed Stateful-ACL Info Forward policy on traffic that matched an ACL
rule.
744 ICMP session dropped Stateful-ACL High Drop Reports on traffic that matched an
ACL policy.
745 ICMP session allowed Stateful-ACL Info Forward Reports on traffic that matched an
ACL policy.
746 IP session dropped Stateful-ACL High Drop Reports on IP traffic that matched an
ACL policy that is not supported
explicitly in the ACL (that is, traffic
that is not, for example, TCP, UDP,
ICMP, IGMP, SCTP, or supported
tunneling protocols).
747 IP session allowed Stateful-ACL Info Forward Reports on IP traffic that matched an
ACL policy that is not supported
explicitly in the ACL (that is, traffic
that is not, for example, TCP, UDP,
ICMP, IGMP, SCTP, or supported
tunneling protocols).
748 TCP Mid Flow packet Stateful-ACL Medium Drop Reports on traffic that matched an
ACL policy.
749 TCP Invalid reset Stateful-ACL Medium Drop Reports on traffic that matched an
ACL policy.
750 TCP handshake violation Stateful-ACL Medium Drop Reports on traffic that matched an
ACL policy.
751 ICMP Smurf packet Stateful-ACL Medium Drop Reports on traffic that matched an
ACL policy.


752 ICMP packet anomaly Stateful-ACL Medium Drop Reports on traffic that matched an
ACL policy.
753 GRE session dropped Stateful-ACL High Drop Reports on traffic that matched an
ACL policy.
754 GRE session allowed Stateful-ACL Info Forward Reports on traffic that matched an
ACL policy.
755 SCTP session dropped Stateful-ACL High Drop Reports on traffic that matched an
ACL policy.
756 SCTP session allowed Stateful-ACL Info Forward Reports on traffic that matched an
ACL policy.
800 GEO Protection GeoFeed Geolocation protection blocks all traffic
from selected geolocations.
Customers can configure specific
permanently blocked locations or use
the Geolocation Map to temporarily
block traffic from selected
geolocations
1282 EAAF Protection ErtFeed ERT Active Attackers Feed (EAAF)
profiles use the EAAF subscription
service to identify and block source IP
addresses involved in major attacks in
real-time to provide preemptive
protection from known attackers.
1,000–100,000 DoS Shield signatures or DoS Range for signatures, from the
intrusion-protection Security Operations Center (SOC)
signatures signature file. Odd ID numbers are
DoS shield signatures. Even ID
numbers are Intrusion signatures.
200,000 HTTP SynFlood Medium According Predefined HTTP-SYN-flood attack
to policy protection.
Action


200,001 HTTPS SynFlood Medium According Predefined HTTPS-SYN-flood attack
Action
200,002 RTSP SynFlood Medium According Predefined RTSP-SYN-flood attack
Action
200,003 FTP_CTRL SynFlood Medium According Predefined FTP_CTRL-SYN-flood attack
Action
200,004 POP3 SynFlood Medium According Predefined POP3-SYN-flood attack
Action
200,005 IMAP SynFlood Medium According Predefined IMAP-SYN-flood attack
Action
200,006 SMTP SynFlood Medium According Predefined SMTP-SYN-flood attack
Action
200,007 TELNET SynFlood Medium According Predefined TELNET-SYN-flood attack
Action
200,008 RPC SynFlood Medium According Predefined RPC-SYN-flood attack
Action
300,000–449,999 User-defined custom DoS Range for user-defined protections.
signatures The device generates the ID number
sequentially when the user creates the
signature.
450,000–475,000 User-defined Connection DoS Range for user-defined Connection
Limit protections Limit protections. The device
generates the ID number sequentially
when the user creates the protection.


500,000–599,999 User-defined SYN-flood SYNFlood Low According Range for user-defined SYN-flood
protections to policy protections device generates the ID
Action number sequentially when the user
creates the protection.
600,000–675,000 User-defined Connection DoS Range for user-defined Connection
PPS protections / User- PPS / Connection PPS Limit
defined Connection PPS protections device generates the ID
Limit protections number sequentially when the user
creates the protection.
700,000–1,000,000 User-defined Traffic Filters Traffic Filters High Drop Range for user-defined Traffic Filters.
The device generates the ID number
sequentially when the user creates the
Traffic Filter.

APPENDIX G – APSOLUTE VISION
SPECIFICATIONS AND
REQUIREMENTS
This section contains various specifications and requirements for APSolute Vision, which comprise
the following:
• UDP/TCP Ports and IP Protocols, page 833
• APSolute Vision Web Based Management Interface Requirements, page 836
• Application Performance Monitoring Requirements, page 836
• Device Performance Monitoring Requirements, page 837
• APSolute Vision Reporter Requirements, page 837
Notes
• For additional specifications and the most up-to-date information, see the APSolute Vision
Release Notes.
• APSolute Vision server can run as a physical or virtual appliance called APSolute Vision server.
For hardware and virtual-appliance (VA) specifications, see the APSolute Vision Installation and
Maintenance Guide.
• APSolute Vision supports a Web-based management interface, which is called Web Based
Management (WBM).
• APSolute Vision supports multiple device types and versions. For the most up-to-date lists of
supported devices and versions, see the APSolute Vision Release Notes for the required version.
UDP/TCP Ports and IP Protocols

Radware management interfaces communicate with various UDP/TCP ports using various
protocols—including HTTPS, HTTP, Telnet, and SSH. If you intend to use these interfaces, ensure
they are accessible and not blocked by your firewall.
The following table lists the ports for APSolute Vision server-client communication.
Table 556: Ports for APSolute Vision Server-WBM Communication and Operating System
Port Protocol Type Usage Opened on APSolute Vision

Server Firewall by Default
22 SSH, SFTP, TCP • Terminal client to server. Yes
SCP • Server CLI management, file
transfer.
• Server to northbound.
• Push backups, reports, and so
on.
• Used for communication with
vDirect.
25 SMTP TCP Server to external e-mail server. No

APSolute Vision Specifications and Requirements
Table 556: Ports for APSolute Vision Server-WBM Communication and Operating System

80 HTTP TCP APSolute Vision server to APM Yes
server (over the APM
Management interface), for
Application Performance
Monitoring (APM). Port 80 is the
default port for this functionality,
but you can configure another
port. For more information, see
the Application Performance
Monitoring Troubleshooting and
Technical Guide.1
443 HTTPS TCP • APSolute Vision WBM to Yes
server.
• Used for communication
between APSolute Vision
server instances in
configuration-synchronization
setups.
514 Syslog UDP Server to external syslog server. No
2189 Proprietary TCP UDP Used for communication with Yes
vDirect.
5602 HTTPS TCP Used for communication with the N/A. This port is opened on
Vision Reporting Module (VRM) the VRM server.
server.
5672 TCP TCP Used for communication between Yes
APSolute Vision server instances
in configuration-synchronization
setups.
9216 HTTPS TCP APSolute Vision Reporter client to Yes
APSolute Vision Reporter server.
9443 TCP TCP WBM Web browser to APSolute Yes
Vision server, for Device
Performance Monitoring (DPM).
1 – Alteon also uses port 80 to communicate with the APM server (over the APM Data inter-
face).
The following table lists the ports for communication between APSolute Vision server and Radware
devices.
Table 557: Communication Ports for APSolute Vision Server with Radware Devices and
Radware Services

7 TCP TCP Used by vDirect to determine if a Yes
device (for example, DefensePro)
is reachable.

Table 557: Communication Ports for APSolute Vision Server with Radware Devices and
Radware Services (cont.)

221 SSH TCP APSolute Vision server to Alteon, Yes
DefensePro, and LinkProof NG
devices, to run CLI commands on
the device.
801 HTTP TCP APSolute Vision server to Yes

Radware services.
Such services include SUS
updates and ERT Active DDoS
Feed updates.
161 SNMP UDP APSolute Vision server to devices, No
for SNMP management.
162 SNMP UDP Devices to APSolute Vision server, Yes
for traps.
4431 HTTPS TCP APSolute Vision server to devices Yes

and Radware services, and
devices and services to APSolute
Vision server for REST calls and
file transfer.
Such services include SUS
updates and ERT Active DDoS
Feed updates.
2088 IRP UDP Devices to APSolute Vision server, Yes
for statistics.
2214 Syslog TCP UDP AppWall devices—and AppWall for Yes
Alteon—to APSolute Vision server
for AVR reporting only.
2215 Syslog TCP UDP AppWall devices—and AppWall for Yes
Alteon—to APSolute Vision server
for AVR reporting and APSolute
Vision real-time Security
Monitoring.
3030 TCP TCP APSolute Vision server to Alteon No
device, for Device Performance
Monitoring (DPM).
Note: APSolute Vision pulls the
data from Alteon.
7070 TCP TCP Used for Local License Server Yes if there is sufficient
(LLS) communication to ADC memory. For more
devices. information, see System LLS
Commands, page 701.
8200 SSL TCP APSolute Vision server to AppWall No
8270 devices (AppWall servers only).
8300
1 – This is the default port. The value is configurable.

The following IP protocols are opened on the APSolute Vision server firewall by default:
• ICMP—Internet Control Message Protocol. All types (an ICMP term) are opened except
Timestamp (type 13) and Timestamp Reply (type 14).
• ESP—Encapsulating Security Payload part of the IPsec (Internet Protocol Security).
• AH—Authentication Header part of the IPsec (Internet Protocol Security).
APSolute Vision Web Based Management Interface

Requirements
Before you use the APSolute Vision client, ensure your computer meets the hardware and software
requirements.
• APSolute Vision WBM Supported Operating Systems, page 836
• APSolute Vision WBM Supported Browsers, page 836
APSolute Vision WBM Supported Operating Systems

• Windows 10 10.0.10240
APSolute Vision WBM Supported Browsers

You can access APSolute Vision Web-based management (and APSolute Vision Reporter, Device
Performance Monitor, and the APM server Web interface) using the following browsers:
• Mozilla Firefox
• Chrome
Application Performance Monitoring Requirements

The APSolute Vision WBM can connect to the APSolute Vision Application Performance Monitor
(APM). The APM is a process that runs on the APSolute Vision server with APM server VA offering.
APSolute Vision WBM includes an option to open the APM Web interface.
For the APM server requirements, see the relevant chapter in the APSolute Vision Installation and
Maintenance Guide.

Device Performance Monitoring Requirements

APSolute Vision WBM can connect to the APSolute Vision Device Performance Monitor (DPM) for
Alteon devices. APSolute Vision WBM includes a button that opens the DPM in a separate browser
tab.
APSolute Vision Reporter Requirements

• Windows 10 10.0.10240


RADWARE LTD. END USER LICENSE
AGREEMENT
By accepting this End User License Agreement (this “License Agreement”) you agree to be contacted
by Radware Ltd.'s (“Radware”) sales personnel.
If you would like to receive license rights different from the rights granted below or if you wish to
acquire warranty or support services beyond the scope provided herein (if any), please contact
Radware's sales team.
THIS LICENSE AGREEMENT GOVERNS YOUR USE OF ANY SOFTWARE DEVELOPED AND/OR
DISTRIBUTED BY RADWARE AND ANY UPGRADES, MODIFIED VERSIONS, UPDATES, ADDITIONS,
AND COPIES OF THE SOFTWARE FURNISHED TO YOU DURING THE TERM OF THE LICENSE
GRANTED HEREIN (THE “SOFTWARE”). THIS LICENSE AGREEMENT APPLIES REGARDLESS OF
WHETHER THE SOFTWARE IS DELIVERED TO YOU AS AN EMBEDDED COMPONENT OF A RADWARE
PRODUCT (“PRODUCT”), OR WHETHER IT IS DELIVERED AS A STANDALONE SOFTWARE PRODUCT.
FOR THE AVOIDANCE OF DOUBT IT IS HEREBY CLARIFIED THAT THIS LICENSE AGREEMENT
APPLIES TO PLUG-INS, CONNECTORS, EXTENSIONS AND SIMILAR SOFTWARE COMPONENTS
DEVELOPED BY RADWARE THAT CONNECT OR INTEGRATE A RADWARE PRODUCT WITH THE
PRODUCT OF A THIRD PARTY (COLLECTIVELY, “CONNECTORS”) FOR PROVISIONING,
DECOMMISSIONING, MANAGING, CONFIGURING OR MONITORING RADWARE PRODUCTS. THE
APPLICABILITY OF THIS LICENSE AGREEMENT TO CONNECTORS IS REGARDLESS OF WHETHER
SUCH CONNECTORS ARE DISTRIBUTED TO YOU BY RADWARE OR BY A THIRD PARTY PRODUCT
VENDOR. IN CASE A CONNECTOR IS DISTRIBUTED TO YOU BY A THIRD PARTY PRODUCT VENDOR
PURSUANT TO THE TERMS OF AN AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT
VENDOR, THEN, AS BETWEEN RADWARE AND YOURSELF, TO THE EXTENT THERE IS ANY
DISCREPANCY OR INCONSISTENCY BETWEEN THE TERMS OF THIS LICENSE AGREEMENT AND THE
TERMS OF THE AGREEMENT BETWEEN YOU AND THE THIRD PARTY PRODUCT VENDOR, THE TERMS
OF THIS LICENSE AGREEMENT WILL GOVERN AND PREVAIL. PLEASE READ THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE
CONTAINING RADWARE'S PRODUCT, OR BEFORE DOWNLOADING, INSTALLING, COPYING OR
OTHERWISE USING RADWARE'S STANDALONE SOFTWARE (AS APPLICABLE). THE SOFTWARE IS
LICENSED (NOT SOLD). BY OPENING THE PACKAGE CONTAINING RADWARE'S PRODUCT, OR BY
DOWNLOADING, INSTALLING, COPYING OR USING THE SOFTWARE (AS APPLICABLE), YOU
CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS LICENSE AGREEMENT AND YOU AGREE
TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT. FURTHERMORE, YOU HEREBY WAIVE
ANY CLAIM OR RIGHT THAT YOU MAY HAVE TO ASSERT THAT YOUR ACCEPTANCE AS STATED
HEREINABOVE IS NOT THE EQUIVALENT OF, OR DEEMED AS, A VALID SIGNATURE TO THIS LICENSE
AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THE TERMS OF THIS LICENSE
AGREEMENT, YOU SHOULD PROMPTLY RETURN THE UNOPENED PRODUCT PACKAGE OR YOU
SHOULD NOT DOWNLOAD, INSTALL, COPY OR OTHERWISE USE THE SOFTWARE (AS APPLICABLE).
THIS LICENSE AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SOFTWARE
BETWEEN YOU AND RADWARE, AND SUPERSEDES ANY AND ALL PRIOR PROPOSALS,
REPRESENTATIONS, OR UNDERSTANDINGS BETWEEN THE PARTIES. “YOU” MEANS THE NATURAL
PERSON OR THE ENTITY THAT IS AGREEING TO BE BOUND BY THIS LICENSE AGREEMENT, THEIR
EMPLOYEES AND THIRD PARTY CONTRACTORS. YOU SHALL BE LIABLE FOR ANY FAILURE BY SUCH
EMPLOYEES AND THIRD PARTY CONTRACTORS TO COMPLY WITH THE TERMS OF THIS LICENSE
AGREEMENT.
1. License Grant. Subject to the terms of this Agreement, Radware hereby grants to you, and you
accept, a limited, nonexclusive, nontransferable license to install and use the Software in
machine-readable, object code form only and solely for your internal business purposes
(“Commercial License”). If the Software is distributed to you with a software development kit
(the “SDK”), then, solely with regard to the SDK, the Commercial License above also includes a
limited, nonexclusive, nontransferable license to install and use the SDK solely on computers
within your organization, and solely for your internal development of an integration or
interoperation of the Software and/or other Radware Products with software or hardware
products owned, licensed and/or controlled by you (the “SDK Purpose”). To the extent an SDK is

Radware Ltd. End User License Agreement
distributed to you together with code samples in source code format (the “Code Samples”) that
are meant to illustrate and teach you how to configure, monitor and/or control the Software
and/or any other Radware Products, the Commercial License above further includes a limited,
nonexclusive, nontransferable license to copy and modify the Code Samples and create
derivative works based thereon solely for the SDK Purpose and solely on computers within your
organization. The SDK shall be considered part of the term “Software” for all purposes of this
License Agreement. You agree that you will not sell, assign, license, sublicense, transfer, pledge,
lease, rent or share your rights under this License Agreement nor will you distribute copies of
the Software or any parts thereof. Rights not specifically granted herein, are specifically
prohibited.
2. Evaluation Use. Notwithstanding anything to the contrary in this License Agreement, if the
Software is provided to you for evaluation purposes, as indicated in your purchase order or sales
receipt, on the website from which you download the Software, as inferred from any time-
limited evaluation license keys that you are provided with to activate the Software, or otherwise,
then You may use the Software only for internal evaluation purposes (“Evaluation Use”) for a
maximum of 30 days or such other duration as may specified by Radware in writing at its sole
discretion (the “Evaluation Period”). The evaluation copy of the Software contains a feature that
will automatically disable it after expiration of the Evaluation Period. You agree not to disable,
destroy, or remove this feature of the Software, and any attempt to do so will be a material
breach of this License Agreement. During or at the end of the evaluation period, you may
contact Radware sales team to purchase a Commercial License to continue using the Software
pursuant to the terms of this License Agreement. If you elect not to purchase a Commercial
License, you agree to stop using the Software and to delete the evaluation copy received
hereunder from all computers under your possession or control at the end of the Evaluation
Period. In any event, your continued use of the Software beyond the Evaluation Period (if
possible) shall be deemed your acceptance of a Commercial License to the Software pursuant to
the terms of this License Agreement, and you agree to pay Radware any amounts due for any
applicable license fees at Radware's then-current list prices.
3. Lab/Development License. Notwithstanding anything to the contrary in this License
Agreement, if the Software is provided to you for use in your lab or for development
purposes, as indicated in your purchase order, sales receipt, the part number description for the
Software, the Web page from which you download the Software, or otherwise, then You may use
the Software only in your lab and only in connection with Radware Products that you purchased
or will purchase (in case of a lab license) or for internal testing and development purposes (in
case of a development license) but not for any production use purposes.
4. Subscription Software. If you licensed the Software on a subscription basis, your rights to use
the Software are limited to the subscription period. You have the option to extend your
subscription. If you extend your subscription, you may continue using the Software until the end
of your extended subscription period. If you do not extend your subscription, after the expiration
of your subscription, you are legally obligated to discontinue your use of the Software and
completely remove the Software from your system.
5. Feedback. Any feedback concerning the Software including, without limitation, identifying
potential errors and improvements, recommended changes or suggestions (“Feedback”),
provided by you to Radware will be owned exclusively by Radware and considered Radware's
confidential information. By providing Feedback to Radware, you hereby assign to Radware all of
your right, title and interest in any such Feedback, including all intellectual property rights
therein. With regard to any rights in such Feedback that cannot, under applicable law, be
assigned to Radware, you hereby irrevocably waives such rights in favor of Radware and grants
Radware under such rights in the Feedback, a worldwide, perpetual royalty-free, irrevocable,
sub-licensable and non-exclusive license, to use, reproduce, disclose, sublicense, modify, make,
have made, distribute, sell, offer for sale, display, perform, create derivative works of and
otherwise exploit the Feedback without restriction. The provisions of this Section 5 will survive
the termination or expiration of this Agreement.
6. Limitations on Use. You agree that you will not: (a) copy, modify, translate, adapt or create
any derivative works based on the Software; or (b) sublicense or transfer the Software, or
include the Software or any portion thereof in any product; or (b) reverse assemble,
disassemble, decompile, reverse engineer or otherwise attempt to derive source code (or the

underlying ideas, algorithms, structure or organization) from the Software, in whole or in part,
except and only to the extent: (i) applicable law expressly permits any such action despite this
limitation, in which case you agree to provide Radware at least ninety (90) days advance written
notice of your belief that such action is warranted and permitted and to provide Radware with an
opportunity to evaluate if the law's requirements necessitate such action, or (ii) required to
debug changes to any third party LGPL-libraries linked to by the Software; or (c) create,
develop, license, install, use, or deploy any software or services to circumvent, enable, modify
or provide access, permissions or rights which violate the technical restrictions of the Software;
(d) in the event the Software is provided as an embedded or bundled component of another
Radware Product, you shall not use the Software other than as part of the combined Product and
for the purposes for which the combined Product is intended; (e) remove any copyright notices,
identification or any other proprietary notices from the Software (including any notices of Third
Party Software (as defined below); or (f) copy the Software onto any public or distributed
network or use the Software to operate in or as a time-sharing, outsourcing, service bureau,
application service provider, or managed service provider environment. Notwithstanding the
foregoing, if you provide hosting or cloud computing services to your customers, you are entitled
to use and include the Software in your IT infrastructure on which you provide your services. It
is hereby clarified that the prohibitions on modifying, or creating derivative works based on, any
Software provided by Radware, apply whether the Software is provided in a machine or in a
human readable form. Human readable Software to which this prohibition applies includes
(without limitation) “Radware AppShape++ Script Files” that contain “Special License Terms”. It
is acknowledged that examples provided in a human readable form may be modified by a user.
7. Intellectual Property Rights. You acknowledge and agree that this License Agreement does
not convey to you any interest in the Software except for the limited right to use the Software,
and that all right, title, and interest in and to the Software, including any and all associated
intellectual property rights, are and shall remain with Radware or its third party licensors. You
further acknowledge and agree that the Software is a proprietary product of Radware and/or its
licensors and is protected under applicable copyright law.
8. No Warranty. The Software, and any and all accompanying software, files, libraries, data and
materials, are distributed and provided “AS IS” by Radware or by its third party licensors (as
applicable) and with no warranty of any kind, whether express or implied, including, without
limitation, any non-infringement warranty or warranty of merchantability or fitness for a
particular purpose. Neither Radware nor any of its affiliates or licensors warrants, guarantees, or
makes any representation regarding the title in the Software, the use of, or the results of the
use of the Software. Neither Radware nor any of its affiliates or licensors warrants that the
operation of the Software will be uninterrupted or error-free, or that the use of any passwords,
license keys and/or encryption features will be effective in preventing the unintentional
disclosure of information contained in any file. You acknowledge that good data processing
procedure dictates that any program, including the Software, must be thoroughly tested with
non-critical data before there is any reliance on it, and you hereby assume the entire risk of all
use of the copies of the Software covered by this License. Radware does not make any
representation or warranty, nor does Radware assume any responsibility or liability or provide
any license or technical maintenance and support for any operating systems, databases,
migration tools or any other software component provided by a third party supplier and with
which the Software is meant to interoperate.
This disclaimer of warranty constitutes an essential and material part of this License.
In the event that, notwithstanding the disclaimer of warranty above, Radware is held liable
under any warranty provision, Radware shall be released from all such obligations in the event
that the Software shall have been subject to misuse, neglect, accident or improper installation,
or if repairs or modifications were made by persons other than by Radware's authorized service
personnel.
9. Limitation of Liability. Except to the extent expressly prohibited by applicable statutes, in no
event shall Radware, or its principals, shareholders, officers, employees, affiliates, licensors,
contractors, subsidiaries, or parent organizations (together, the “Radware Parties”), be liable for
any direct, indirect, incidental, consequential, special, or punitive damages whatsoever relating
to the use of, or the inability to use, the Software, or to your relationship with, Radware or any
of the Radware Parties (including, without limitation, loss or disclosure of data or information,

and/or loss of profit, revenue, business opportunity or business advantage, and/or business
interruption), whether based upon a claim or action of contract, warranty, negligence, strict
liability, contribution, indemnity, or any other legal theory or cause of action, even if advised of
the possibility of such damages. If any Radware Party is found to be liable to You or to any third-
party under any applicable law despite the explicit disclaimers and limitations under these
terms, then any liability of such Radware Party, will be limited exclusively to refund of any
license or registration or subscription fees paid by you to Radware.
10. Third Party Software. The Software includes software portions developed and owned by third
parties (the “Third Party Software”). Third Party Software shall be deemed part of the Software
for all intents and purposes of this License Agreement; provided, however, that in the event that
a Third Party Software is a software for which the source code is made available under an open
source software license agreement, then, to the extent there is any discrepancy or inconsistency
between the terms of this License Agreement and the terms of any such open source license
agreement (including, for example, license rights in the open source license agreement that are
broader than the license rights set forth in Section 1 above and/or no limitation in the open
source license agreement on the actions set forth in Section 6 above), the terms of any such
open source license agreement will govern and prevail. The terms of open source license
agreements and copyright notices under which Third Party Software is being licensed to
Radware or a link thereto, are included with the Software documentation or in the header or
readme files of the Software. Third Party licensors and suppliers retain all right, title and interest
in and to the Third Party Software and all copies thereof, including all copyright and other
intellectual property associated therewith. In addition to the use limitations applicable to Third
Party Software pursuant to Section 6 above, you agree and undertake not to use the Third Party
Software as a general SQL server, as a stand-alone application or with applications other than
the Software under this License Agreement.
11. Term and Termination. This License Agreement is effective upon the first to occur of your
opening the package of the Product, purchasing, downloading, installing, copying or using the
Software or any portion thereof, and shall continue until terminated. However, sections 5-15
shall survive any termination of this License Agreement. The Licenses granted under this License
Agreement are not transferable and will terminate upon: (i) termination of this License
Agreement, or (ii) transfer of the Software, or (iii) in the event the Software is provided as an
embedded or bundled component of another Radware Product, when the Software is unbundled
from such Product or otherwise used other than as part of such Product. If the Software is
licensed on subscription basis, this Agreement will automatically terminate upon the termination
of your subscription period if it is not extended.
12. Export. The Software or any part thereof may be subject to export or import controls under
applicable export/import control laws and regulations including such laws and regulations of the
United States and/or Israel. You agree to comply with such laws and regulations, and, agree not
to knowingly export, re-export, import or re-import, or transfer products without first obtaining
all required Government authorizations or licenses therefor. Furthermore, You hereby covenant
and agree to ensure that your use of the Software is in compliance with all other foreign,
federal, state, and local laws and regulations, including without limitation all laws and
regulations relating to privacy rights, and data protection. You shall have in place a privacy
policy and obtain all of the permissions, authorizations and consents required by applicable law
for use of cookies and processing of users' data (including without limitation pursuant to
Directives 95/46/EC, 2002/58/EC and 2009/136/EC of the EU if applicable) for the purpose of
provision of any services.
13. US Government. To the extent you are the U.S. government or any agency or instrumentality
thereof, you acknowledge and agree that the Software is a “commercial computer software” and
“commercial computer software documentation” pursuant to applicable regulations and your use
of the Software is subject to the terms of this License Agreement.
14. Federal Acquisition Regulation (FAR)/Data Rights Notice. Radware's commercial
computer software is created solely at private expense and is subject to Radware's commercial
license rights.

15. Governing Law. This License Agreement shall be construed and governed in accordance with
the laws of the State of Israel.
16. Miscellaneous. If a judicial determination is made that any of the provisions contained in this
License Agreement is unreasonable, illegal or otherwise unenforceable, such provision or
provisions shall be rendered void or invalid only to the extent that such judicial determination
finds such provisions to be unreasonable, illegal or otherwise unenforceable, and the remainder
of this License Agreement shall remain operative and in full force and effect. In any event a
party breaches or threatens to commit a breach of this License Agreement, the other party will,
in addition to any other remedies available to, be entitled to injunction relief. This License
Agreement constitutes the entire agreement between the parties hereto and supersedes all prior
agreements between the parties hereto with respect to the subject matter hereof. The failure of
any party hereto to require the performance of any provisions of this License Agreement shall in
no manner affect the right to enforce the same. No waiver by any party hereto of any provisions
or of any breach of any provisions of this License Agreement shall be deemed or construed
either as a further or continuing waiver of any such provisions or breach waiver or as a waiver of
any other provision or breach of any other provision of this License Agreement.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE YOU MUST REMOVE THE
SOFTWARE FROM ANY DEVICE OWNED BY YOU AND IMMEDIATELY CEASE USING THE
SOFTWARE.
COPYRIGHT © 2020, Radware Ltd. All Rights Reserved.

APSVision 4-60 UG PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

APSVision 4-60 UG PDF

Transféré par

Droits d'auteur :

Formats disponibles

APSolute Vision User

Software Version 4.60

2 Document ID: RDWR-APSV-V04600_UG2006

Document ID: RDWR-APSV-V04600_UG2006 3

4 Document ID: RDWR-APSV-V04600_UG2006

Document ID: RDWR-APSV-V04600_UG2006 5

This product contains code developed by the OpenBSD Project

Notice traitant du copyright

6 Document ID: RDWR-APSV-V04600_UG2006

Document ID: RDWR-APSV-V04600_UG2006 7

8 Document ID: RDWR-APSV-V04600_UG2006

SÄMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND (“AS IS”)

Document ID: RDWR-APSV-V04600_UG2006 9

Limitations on Warranty and Liability

Limitations on Warranty and Liability

10 Document ID: RDWR-APSV-V04600_UG2006

Limitations de la Garantie et Responsabilité

Haftungs- und Gewährleistungsausschluss

Document ID: RDWR-APSV-V04600_UG2006 11

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Dual-Power-Supply-System Safety Warning in Chinese:

12 Document ID: RDWR-APSV-V04600_UG2006

This marking or statement includes the following text warning:

Document ID: RDWR-APSV-V04600_UG2006 13

To connect the power connection:

Figure 3: Étiquette d’avertissement de danger de chocs électriques

14 Document ID: RDWR-APSV-V04600_UG2006

AVERTISSEMENT DE SÉCURITÉ POUR LES SYSTÈMES DOTÉS DE DEUX SOURCES D’ALIMENTATION

Document ID: RDWR-APSV-V04600_UG2006 15

Cette marque ou remarque inclut l’avertissement textuel suivant:

16 Document ID: RDWR-APSV-V04600_UG2006

Pour brancher à l’alimentation électrique:

Document ID: RDWR-APSV-V04600_UG2006 17

Figure 5: Warnetikett Stromschlaggefahr

SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FÜR SYSTEME MIT DOPPELSPEISUNG

Figure 6: Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung

Übersetzung von Sicherheitshinweis in chinesischer Sprache für Systeme mit Doppelspeisung:

18 Document ID: RDWR-APSV-V04600_UG2006

Diese Markierung oder Erklärung enthält den folgenden Warntext:

Document ID: RDWR-APSV-V04600_UG2006 19

EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT

Anschluss des Stromkabels:

20 Document ID: RDWR-APSV-V04600_UG2006

Figure 7: Statement for Class A VCCI-certified Equipment

Translation of Statement for Class A VCCI-certified Equipment:

Figure 8: KCC—Korea Communications Commission Certificate of Broadcasting and

Figure 9: Statement For Class A KCC-certified Equipment in Korean

Translation of Statement For Class A KCC-certified Equipment in Korean:

Figure 10: Statement for Class A BSMI-certified Equipment

Document ID: RDWR-APSV-V04600_UG2006 21

Translation of Statement for Class A BSMI-certified Equipment:

Déclarations sur les Interférences Électromagnétiques

Figure 11: Déclaration pour l’équipement de classe A certifié VCCI

Traduction de la Déclaration pour l’équipement de classe A certifié VCCI:

Translation de la Déclaration pour l’équipement de classe A certifié KCC en langue coréenne:

22 Document ID: RDWR-APSV-V04600_UG2006

Cet équipement est un matériel (classe A) en adéquation aux ondes électromagnétiques et le

Figure 14: Déclaration pour l’équipement de classe A certifié BSMI

Translation de la Déclaration pour l’équipement de classe A certifié BSMI:

Erklärungen zu Elektromagnetischer Interferenz

Figure 15: Erklärung zu VCCI-zertifizierten Geräten der Klasse A