1. Manuals
  2. Brands
  3. Avanu Manuals
  4. Firewall
  5. WebMux A425
  6. User manual

Avanu WebMux A425 User Manual

Virtual webmux network traffic manager and network hardware appliances
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
WebMux
Network Traffic Manager

User Manual

Virtual WebMux and Network Hardware Appliances
Version v13.x
(Rev September 2017)
WebMux chassis image represents models A425, A525, A620, A625, A725, A825
www.avanu.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WebMux A425 and is the answer not in the manual?

Questions and answers

Summary of Contents for Avanu WebMux A425

  • Page 1: User Manual

    WebMux ™ Network Traffic Manager User Manual Virtual WebMux and Network Hardware Appliances Version v13.x (Rev September 2017) WebMux chassis image represents models A425, A525, A620, A625, A725, A825 www.avanu.com...

  • Page 2: Table Of Contents

    Table of Contents SECTION I - GENERAL INFORMATION ........................7 About AVANU® ..................................7 WebMux User Manual................................ 7 Audience ........................................7 Notice of Rights ....................................... 7 Notice of Liability ..................................... 7 Trademarks ........................................ 7 Update Information ....................................8 Packing List ....................................8 Contact Information ................................
  • Page 3 Hardware Setup - Collect Information............................. 30 Hardware Setup - Network Environment ..........................30 Initial Setup Though LCD Panel ..........................30 The LCD Setup Screens ................................. 31 Factory Reset: ....................................... 39 Fixing Configuration Mistakes..............................39 Bond All Interfaces Setup ................................39 Setting Up the Management Port ..............................
  • Page 4 Routing Table ..................................69 Reconfigure ................................... 71 Security ....................................72 Security ........................................72 Change Password ....................................73 Change PIN......................................74 AAD (Automatic Attack Detection) ............................75 Flood Control ......................................76 Flood Control Display ..................................76 Flood Control History..................................77 Miscellaneous ..................................77 Show Events ......................................
  • Page 5 Modify Service ....................................108 Save .......................................... 109 Health......................................109 Timeouts ........................................ 109 Frequency ......................................110 Custom ........................................110 HTTP ........................................113 SECTION VII – SSL MANAGEMENT ........................114 SSL Keys ....................................114 Generating a CSR ................................116 Importing Your Existing Private Key and Certificate ..................118 SECTION VIII - HOW TO ADD A LOOPBACK ADAPTER ................119 Installing the Microsoft®...

  • Page 7: Section I - General Information

    AVANews, AVE, BAM, BlogWithUs, DNSMux, Inspired to Innovate, MAP, and WebMux are trademarks of AVANU, Inc. AVANU states that we are using any and all trademarked names in an editorial fashion and to the benefit of the trademark owner with no intention of infringement of the trademark.

  • Page 8: Update Information

    Update Information AVANU will always work to insure that the data contained in any WebMux documents are kept up to date. As such, please visit our website at www.avanu.com/documents to retrieve the latest version of our documents. All products and specifications are subject to change without notice.

  • Page 9: Section Ii - Webmux Main Components

    SECTION II - WEBMUX MAIN COMPONENTS Front View Switches and Indicator Lights Power This switch toggles power on and off. To power off, the switch must be pressed and held for 5 seconds. However, it is recommended that you do not regularly use this power switch to shut down the unit.

  • Page 10: Rear View

     It will take about a minute for the WebMux to completely reboot and begin reporting activity in the LCD display. This will not reset your settings. It is for forcing restarts. To perform a factory reset refer to the Factory Reset part in Section IV for LCD instructions reference.
  • Page 11 RS-232 port is available for serial console connections as well as for modem-dependent services, such as paging—where Internet-based services may be limited for security purposes. To connect to this port using a serial communications terminal, set the communications software for 115200 baud, 8 bit, Parity none, 1 stop bit. MGMT port is a Gigabit Ethernet LAN connection that enables management (GUI and command- line) to be limited to a separate port and network.

  • Page 12: Section Iii - Webmux Topology Overview

    SECTION III - WEBMUX TOPOLOGY OVERVIEW WebMux Topology Modes  Two-Armed Network Address Translation/NAT Mode  Two-Armed Transparent Mode  One- Armed Single Network Mode  One-Armed Direct Server Return/DSR IPv4 and IPv6 work in all the modes. Each mode has its advantages and disadvantages. In NAT mode, the farm IP address is on the router LAN/Internet side that will be used to as the access point for the site.

  • Page 13: Two-Armed Nat Mode

    For example, to configure a farm (or virtual farm) to serve www.avanu.com:  First, Server 1 and Server 2 would each need the website www.avanu.com configured on them and HTTP/HTTPS services started; and  Second, a farm on the WebMux is defined with Server 1 and Server 2 in it. The servers...
  • Page 14 and standby server. In either case, if Server 1 goes down, Webux will redirect all traffic to Server 2.
  • Page 15 Two-Armed NAT Mode (Single WebMux) In this example,  One WebMux unit is used  One WebMux interface (internet) connects to the router LAN. The other interface (server) connects to the server LAN  The WebMux translates the router LAN IP addresses to private Class C addresses. In this example, the netmask is 255.555.255.0.
  • Page 16  Changes to the server: Set their IP addresses to the 192.168.199.xxx subnet and make their default gateway point to 192.168.199.1. If a service on the server (HTTP/S, FTP, etc.) is listening on a specific IP address, please make sure the service is configured to listen on the new IP address.
  • Page 17 Two-Armed NAT Mode (Redundant WebMux Installation) In this example,  Two WebMux units are used. One is the primary and the other is the secondary. They connect together with an Ethernet cable (straight or crossover) or through a hub or switch.
  • Page 18  The default gateway for all the servers is 10.1.1.1  Farm 1 IP address is 205.133.156.200  Servers 1 and 2 serve Farm 1  Farm 2 IP address is 205.133.156.210  Servers 2 and 3 serve Farm 2 ...

  • Page 19: Two-Armed Transparent Mode

    Two-Armed Transparent Mode Transparent Mode is a WebMux configuration that allows you to keep the existing IP addresses of your servers. Like Direct Server Return Mode (explained later), the servers and the WebMux will be on the same IP network segment. However, physically, the servers will be connected to the WebMux in the same way they would be for NAT mode: on the server LAN port.
  • Page 20 can communicate with the servers IP directly as if the WebMux was not there, and vice versa. When creating a farm, choose a unique IP for the farm address in the network, and then add the server IP address under that farm. Load balancing occurs when the “Farm IP” is accessed instead of the servers’...

  • Page 21: One-Armed Single Network Mode

    One-Armed Single Network Mode The WebMux supports two kinds of “One-Armed” modes: Single Network Mode and Direct Server Return (DSR) Mode. For Single Network Mode, there are no changes required for the network topology or server IP addresses. Requests from clients go to the farm address on the WebMux, which will in turn go to the servers through load balancing methods.

  • Page 22: One-Armed Direct Server Return/Dsr

    One-Armed Direct Server Return/DSR In Direct Server Return (DSR) Mode, only the server LAN is connected to the network. Internet traffic or local connections can both be directly sent to the WebMux, which forwards the packets to the proper server(s). The server(s) routes the return traffic back to the remote or local clients directly.
  • Page 23 One-Armed Direct Server Return/DSR Mode (Installation without IP Address Change) The above diagram is an example about how to configure the WebMux in DSR Mode without changing the IP addresses of the web servers and other servers that already exist on the network.

  • Page 24: Link Aggregation Group (Port Bonding) In Direct Server Return/Dsr

     For DSR Mode to work properly, the loopback adapter must route the return traffic through the real network interface. In other words, the loopback adapter cannot have the gateway specified. Information on how to add a “How to Add a Loopback loopback adapter on servers can be found in the Adapter”...

  • Page 25: High Availability And Configuration

    software/client is indeed IPv6 capable or is the correct IPv6 version to use before assuming that your network is not working. Also, when adding an IPv6 address to your server’s NIC (network interface card), your server’s OS might not automatically add a default gateway in its routing table for the IPv6 address. Please double check the routing tables and make sure the proper entries are there.

  • Page 26: Nat Mode

    explicitly click the save button on the main console page of the primary unit when changes are made. Changes will not propagate to the secondary unit until this is done. There are a few things to keep in mind when you have two units paired in a high availability configuration.

  • Page 27: Transparent Mode

    probes. Otherwise, a failover will occur and if the secondary unit is unable to get a response from the default gateway as well, both units can potentially become inactive. d) Multiple uplink gateways/next hop farms. The WebMux will not failover to the secondary unit as long as there is one active gateway available.
  • Page 28 e) Multiple uplink gateways/nexthop farm. (See the explanation in NAT mode)

  • Page 29: Section Iv - Configuring The Webmux

    For example, http://www.you.com can be one virtual server farm; https://www.me.com is another farm, and ftp://ftp.avanu.com is the third farm. The first farm works on a set of servers on port 80, the second farm consists of another set of servers on port 443, and the third farm works on a set of servers on port 21.

  • Page 30: Hardware Setup - Collect Information

    The WebMux has four modes: Two-Armed Network Address Translation/NAT Mode, Two-Arm Transparent Mode, One-Armed Single Network Mode, and One-Armed Direct Server Return/DSR Mode. In NAT mode, the WebMux units are connected to both Router LAN and Server LAN. At least one WebMux is needed to define the Router LAN and the Server LAN. We will explain other modes in detail in later chapters.

  • Page 31: The Lcd Setup Screens

     The IP addresses in the following examples are general examples and are not meant for literal use in an actual setup Turn on the WebMux by pushing the power-on button in the front of the WebMux momentarily. You will see the version number on the LCD panel like this: After the unit has fully booted, you will see a scrolling instruction screen.
  • Page 32 Is this a Primary WebMux? If this is the Primary, answer Yes. If this is the Secondary WebMux, answer NO. Please note, you must still do the initial configuration on the secondary unit as well. Primary WebMux Information This question is not asked for the Secondary WebMux. Is this WebMux running solo without a backup WebMux? If the Primary WebMux is running in a standalone configuration (see sample configuration—...
  • Page 33  This is not true in Transparent, Single Network, or Direct Server Return modes. Using the same router LAN IP both units will create duplicate IPs. Enter Router LAN Network IP Address Mask: This is the network mask of the Router LAN network. It is usually 255.255.255.0 for Class C networks.
  • Page 34 This is the optional VLAN ID tag that will be used for the Router LAN (Internet) interface. You may enter values from 1 – 4067. The cursor position will only go from 0 to 9. To enter a value greater than a single digit, press the left arrow button to move the cursor to the next digit.
  • Page 35 This will be the IP address of the WebMux on the network so that you can use a web browser to manage it. Although the “server” and “internet” ports are interchangeable in transparent mode, it is recommended that you stick with a labeling scheme and connect the port labeled “internet”...
  • Page 36 In an installation with a primary and secondary WebMux, one unique IP address is required for each WebMux interface that connects to the Server LAN. Those two unique IP addresses are in addition to the farm IP address that is floating between the primary and secondary WebMux.
  • Page 37 Enter External Gateway: This is the common setup for NAT, Transparent, Single Network and Direct Server Return modes. This is an address on the firewall or router local interface. In NAT mode, the WebMux needs to know this to route the server replies back to the clients. Although in Direct Server Return Mode this is not being used to route return traffic back to the Internet clients, the WebMux uses this IP address to check the connectivity of the external network on this gateway or through this gateway to the ISP side routers.
  • Page 38 This is the HTTPS port number for accessing Management Console in secure mode. The factory default port number is 35, and one could choose to use any unused port below 1024 or port number above 1024 for this. Using a port number above 1024 will require you to set up an “admin farm IP”.

  • Page 39: Factory Reset

    default at 50. Valid values are from 0 to 100. The setting is activated when you press the check mark button. Going back to this screen will bring the value back to the default of 50. Factory Reset: Pressing the “down” button or the check mark button from the “LCD Brightness” screen will bring you to the factory reset option.
  • Page 40 In the following example, we will be configuring a WebMux in NAT Mode using the “Bond rtr/svr NI” option enabled: RTR LAN IP: 192.168.12.21 RTR LAN mask: 255.255.255.0 SVR LAN IP: 192.168.11.21 SVR LAN mask: 255.255.255.0 RTR LAN vlan id: 100 SVR LAN vlan id: 200 Bond svr/rtr NI? YES SVR LAN gateway IP: 192.168.11.1...

  • Page 41: Setting Up The Management Port

    device connected to port 7, 8, 9, or 10 (and assuming that it already has a 192.168.11.0/24 address), you should now be able to ping the WebMux svr LAN IP address of 192.168.11.21. Setting Up the Management Port The management port on the WebMux is a dedicated interface on its own subnet. If you have a DHCP server on your network, an IP address will automatically be assigned to this interface when you plug it in to the network.

  • Page 42: Initial Setup Through A Web Browser

    Initial Setup Through a Web Browser Web GUI Initialization Interface: You may want to change the basic settings for the WebMux through the web Graphical User Interface (web GUI), for example, when the WebMux located in a hosting center across the country.
  • Page 43 Click the mouse into a field or use the TAB key to move the cursor into a field to see the current values. The user may change it based on new information obtained from ISP or network engineers. Once you press on the submit button, the WebMux will save all the changes to its internal solid state storage and reboot itself with the new value.

  • Page 44: Webmux Reconfigure Screen (An Alternate Way)

    WebMux Reconfigure Screen (an alternate way): You can also access these setting from the regular management console in the “reconfigure” screen of the “network” section of the menu. SECTION V – Management Console for more details on accessing the regular management console.
  • Page 45 The configuration wizards are intended to be for first time setup and one time use. Once you have configured the WebMux via the configuration wizard, additional configuration modifications should be done via the WebMux management GUI. Each wizard will contain its own set of detailed instructions.
  • Page 46 WebMux has rebooted and comes back online, you can log in to the regular WebMux GUI and make modifications to the resulting configurations.

  • Page 47: Command Line Interface (Cli)

    Command Line Interface (CLI) Accessing the CLI The CLI commands are intended for main initialization and simple diagnostics. You can use ssh or telnet to access the CLI commands to help troubleshoot network problems or server problems. There are maximum two diagnostic ports. By default they are 77:87. The first one will be SSH and second one will be Telnet.

  • Page 48: Cli Commands List

    Please enter WebMux's host name without domain [default "webmux"]: . . . and so on. CLI Commands List There are more commands available in CLI: about - displays WebMux model, serial number, and firmware version information. arp - manipulate the system ARP cache arping - ping <address>...
  • Page 49 getallsettings - save all WebMux settings from WebMux to your PC getconfig - save all farm/server settings from WebMux to your PC hwclock - displays current hardware date and time. Allows you to adjust hardware date and time ifconfig - display and configure a network interface(s) ip - TCP/IP interface configuration and routing utility ip - command for configuring network interfaces and network settings.

  • Page 50: Additional Command Line Interface Features

    sysinit - allows you to create a custom startup script. (Useful for making custom iptables rules reboot permanent, etc) See the “Adding Commands to WebMux Startup Sequence” section for details. takeover - utility to temporarily disable secondary WebMux takeover. Useful when doing firmware updates on paired systems.

  • Page 51: Tagged Vlan And Webmux

    $ sysinit —help usage: sysinit [—help] [—quiet] [—write] —help print help —quiet skip prompts and confirmation —write write stdin to superuser’s sysinit script table (without parameter will read existing table) The superuser’s sysinit table may contain any commands that are allowed at the superuser’s command prompt. At system startup, it will be run after networking has been started.

  • Page 52: Multiple Uplink/Vlan Support

    WebMux is connected must also be configured correctly to use these tags. (When additional networks are configured for the WebMux using the superuser’s command line utility nwconfig, you may also arrange for their VLAN tagging at that time). Besides configuring the WebMux to use VLAN tags, the switches to which the WebMux is connected must be configured to use these tags.
  • Page 53 With multiple uplink, you can configure the WebMux to use multiple ISPs and gateways. The WebMux uses source based routing to be sure that packets that came in from one ISP will return through the same ISP. All uplinks are useable simultaneously. Once you have configured farms on both networks, the WebMux will monitor the default gateways of the different uplinks and failover to any available ISPs should one ISP go down.
  • Page 54 -L|—list [PATTERN … ] list existing additional network configurations whose name match the given pattern(s). If no pattern is given, list all additional network configurations. -m|—netmask NETMASK network mask for the network is NETWORK, e.g., 255.255.255.0 -n|—network NETWORK address of the network is NETWORK, e.g., 192.168.14.0 -r|—router-vid VID VLAN ID for the network for the router in transparent mode -s|—server-vid VID...
  • Page 55 Even though the WebMux allows for this kind of configuration, it is generally not recommended. We suggest that all separate networks be on separate VLAN IDs. Also, you cannot create an additional network with a VLAN ID unless the original network is also configured with a VLAN ID.
  • Page 56 It is important to remember that when you are running a setup involving SSL termination that you must point your servers’ default gateway back to the WebMux. In the original network configuration, you had an option to create a “server LAN gateway IP.” The servers used this IP address as their default gateway IP.

  • Page 57: Section V - Management Console (Web Graphical User Interface)

    This pane also contains clickable elements. The “menu” element will hide or show the menu pane (pane 2). Clicking on the “AVANU WebMux” logo will open a new browser window to the www.avanu.com site.
  • Page 58 Pane 4 is the navigation pane. The navigation pane contains back, forward, and reload buttons that behave like the browser’s back, forward, and reload buttons. However, these navigation buttons only affect pane 3 (the console page). Whereas, the browser’s navigation buttons might affect the whole browser screen.

  • Page 59: Logging Into The Webmux Web Gui

    Logging into the WebMux Web GUI Login Page: Start a web browser from your management workstation. Set URL to https://webmuxip:webmuxport/ webmuxip is the IP address of the WebMux on the server LAN. webmuxport is the management port address of the WebMux. The default ports are 24 for an unsecured connection, and 35 for the secured connection.

  • Page 60: Login

    PASSWORD superuser superuser webmux webmux  It is recommended to change the passwords periodically. No new user ID can be added, with exception of using a TACACS+ or LDAP server Login: After entering the correct password, click Login.  For first time setup, please login as superuser and go to the Network Admin screen, within the Network menu section.
  • Page 61 already have some farms and servers configured, you can do the following things from the main status screen: Adjusting Health Check Timeout for Each Service Clicking on the service type (under the service column) for the farm will take you to the “modify service timeout”...

  • Page 62: Ssl

     The main status screen updates every 5 seconds. When the mouse is hovered over it or if you touch that part of the screen on a touch screen, the updating will pause until you move the mouse elsewhere or touch another part of the web GUI. The second item in the “main”...

  • Page 63: Show Graphs

    Show Graphs To monitor the traffic history, memory and CPU usage, the WebMux maintains some of its statistics information in the memory during running. The WebMux is able to keep a maximum of 2 weeks worth of activity history. This history of information is able to persist past reboots. Time Period to Display Adjust the the time span of the history you would like to view by selecting from the drop down menu:...

  • Page 64: Farm Management

    Farm Management SECTION VI for details about this menu section. Health SECTION VI for details about this menu section. Network Network Admin After completing the initial WebMux configuration, you will want to configure these settings next. These settings can always be changed later in the future as needed. Note that some setting will require a reboot of the WebMux to take effect.
  • Page 65 unit’s complete IPv6 address will be fec0::192.168.12.21 (or fec0::c0a8:c15). For additional “IPv6 Considerations” in SECTION III – WEBMUX information reference the section on TOPOLOGY OVERVIEW in this User Manual. DNS Server(s) IPv4 address(es) The WebMux will attempt to resolve names for settings such as the email server for email notifications and front network verification (if an FQDN of an external site is used instead of your external gateway/firewall IP).
  • Page 66 LEVEL SEARCH KEY DESCRIPTION INFO STATS LCD display messages NOTICE LOGIN Successful browser login/logout NOTICE SETUP Significant access and changes to setup and configuration items NOTICE EVENT Same as paper/mail messages WARNING LOGIN Unsuccessful browser login Server Gateway IP Address This setting is the same setting from the “server LAN gateway IP”...
  • Page 67  Since any IP address on the WebMux (including farm IPs) listen on the control port, a non-standard port has been selected for the management port. If you have a farm IP using port 35 as well, the WebMux will not be able to determine if the incoming connection is destined for the management console or for network traffic management.
  • Page 68 Act as IP Router If YES is selected, the WebMux router LAN IP can be used to route IP packets to the private server LAN side. The WebMux will not act as a firewall in this mode. If NO is selected, the WebMux will NOT route incoming IP packets through the WebMux. Only connections to farms will be able to reach services in the server LAN side.

  • Page 69: Routing Table

    the best value for most cases. The larger the persistence timeout value, the less chance the user connection will get sent to a different server. Keep in mind that by keeping a lot of connections in the WebMux memory, the maximum number of available connections for new clients will drop.
  • Page 70 Routes displayed that are “grayed out” cannot be modified. To add a route, make sure “make indicated changes” is selected in the drop down menu, click the “add” checkbox, and fill in the remaining fields. Click the “submit” button. Your new route should appear along with a “delete” checkbox.

  • Page 71: Reconfigure

    Reconfigure The Reconfigure button will bring you to the initial network settings page. Additional details about “Initial Setup Through a Web Browser” section in SECTION IV – this can be found under the CONFIGURING THE WEBMUX in this User Manual.

  • Page 72: Security

    Security Security Allowed Remote Host IPs The WebMux Web Management Administrative Console only allow logins from these IP addresses to establish a management session. You can allow access from more than one IP address by specifying all the allowed IP addresses separated by a “:” (except use “,” as the separator for IPv6 addresses).

  • Page 73: Change Password

    LDAP server IPv4 URL Access to the WebMux GUI or CLI can be authenticated by an OpenLDAP server. Enter the LDAP location as a URL, such as ldap://192.168.12.1:389. LDAP domain Enter the LDAP domain in this field. Connection Warning Threshold The WebMux monitors the number of connections established.

  • Page 74: Change Pin

    New Password Enter the new password for the selected login level. New Password Again Enter the same password as in the previous box. If this does not match the password entered in the previous field, you will get a notification page stating so and you will need to try again.

  • Page 75: Aad (Automatic Attack Detection)

    AAD (Automatic Attack Detection) The Automatic Attach Detection (AAD) security feature controls how many concurrent open TCP connections from a single source IP address is allowed to connect. TCP Connection Attack Threshold This will set the maximum number of concurrent connections a client can make before the WebMux will consider it an attack.

  • Page 76: Flood Control

    Flood Control The Flood Control security feature limits the maximum allowable packet transfer rate for any single IP address connecting through the WebMux. Packet Rate This will control the packets per second rate that will be allowed. Packet Threshold Some attacks are done in bursts rather than large streams. While the packet rate parameter will control the maximum allowable steady rate of packets, the packet threshold detects the maximum allowable packet bursts.

  • Page 77: Flood Control History

    Flood Control History The Flood Control History screen will show all the past and current blocked and released IP addresses. Miscellaneous Show Events This page will show you the history of WebMux events such as detection of server dead status. Events will be saved past reboots.

  • Page 78: Backup/Restore

    Backup/Restore Backup This feature allows the saved configuration to be saved as a file on the local computer you are using to access the WebMux web interface. Be sure you have saved your farm configurations from the main screen before exporting your configuration to ensure that you are getting your most recent changes.

  • Page 79: Set Clock

    Set Clock Click the “set clock” link in the drop down menu and proceed to the page that controls the clock settings. The time and date of the WebMux can then be set. Please note that the WebMux internally uses GMT time zone, not your local time zone, per W3C/HTTP protocol. If the time zone is not set correctly, the browser access could be denied due to “cookie”...
  • Page 80 3. Set the time manually using the form: Month Enter the number of the month, 1 through 12. Leading zeroes are not necessary. Day of the Month Enter the day of the month, 1 through 31. Year Enter the year. Enter all 4 digits. Hour Enter the hour of the day.

  • Page 81: Banner

    Upgrade To upgrade the WebMux firmware, you will first need to contact WebMux support at techsupport@avanu.com and request for the latest firmware image. Save that image to your local computer and use the Browse button to find that file. After you have selected the file, click...

  • Page 82: Wizards

    Wizards This will take you to the configuration wizards index page: The configuration wizards are intended to be a first time and one time use feature. These wizards will set all the main settings for the WebMux (IP addresses, dispatch method, farm and servers, etc.) all in one shot.

  • Page 83: Tcpdump

    TCPdump The tcpdump page allows you to do a simple packet capture session through the web interface. Tcpdump is a useful utility for network traffic diagnotics. You can use this to check if hosts are passing through the WebMux or to check if the WebMux is sending packets to the proper distination, among other things.
  • Page 84 IP address Specify the IP address of the host you want to capture. Port number Specify the port you want to filter for. Count This will stop the capture when this number of packets have been reached Timeout in seconds This will stop the capture when the timeout period (in seconds) has been reached.

  • Page 85: Login

    Login This will bring you back to the login screen should you wish to quickly switch user accounts. THIS DOES NOT LOG OUT YOUR CURRENT SESSION. When you log in as a different user, the old session will end. However, we normally recommend that you correctly end your current session by using the Logout from the drop down menu.

  • Page 86: Reboot

    Reboot Changes to “TACACS+ server configuration,” “server gateway address,” “server farm network mask,” “WebMux http control port,” “WebMux https control port,” “WebMux SNMP UDP Port,” “WebMux SNMP Community,” “WebMux diagnostic ports,” “least significant bits,” “forwarding policy,” “front network verification,” and “persistence timeout”, many other fields that are marked with an asterisk (*) require a reboot for the new configuration to take effect.

  • Page 87: Help

    Help Online Manual This will open a new windows to take you to the www.avanu.com support pages. About WebMux This will take you to the “about” screen of the WebMux. Here you will see information about your WebMux unit, such as the firmware version, the model number, the serial number, etc.

  • Page 88: Section Vi - Farm Managament And Health

    SECTION VI – FARM MANAGAMENT AND HEALTH Farm Management Add Farm This screen is where you create your farms and select your options for load balancing. Some fields may be displayed or hidden depending on what options you might select. Label This is for your visual reference to be displayed on the main console for the farm entry.
  • Page 89 IP address of www.mydomain.com is 205.188.166.10, then the Farm IP address is also 205.188.166.10. The WebMux will then forward requests to the farm address to the web server address in your DMZ or internal network. Virtual Host Name For web servers that are serving name based virtual hosts, this field will be important for the WebMux to perform a correct health check.
  • Page 90 that farm serves all the virtual farms, the WebMux expects the problem with one server in one URL will affect all the URLs in that farm. Another situation: the server that serves HTTP virtual sites is using a single private IP address already before load balancing.
  • Page 91  Please choose “Generic TCP” and specify port number, if service is not listed below. If multiple ports to be used, please also select “Generic TCP” and specify port number “0.” SERVICE PROTOCOL COMMON PORT # DNS – Domain Name Service FTP –...
  • Page 92  Weighted round robin—persistent  Weighted fastest response  Weighted fastest response—persistent  HTTP to HTTPS redirect (see SECTION IX for more information about this feature) SSL Termination You must first import your private key and certificate in the SSL Key Management screen. SECTION VII –...
  • Page 93 originating connection was HTTPS or HTTP. This may be important if the application on the server requires that kind of information. You can turn on “tag SSL-terminated HTTP requests.” By selecting “Yes,” the decrypted traffic to the servers will have the added MIME header “X-WebMux-SSL-termination: true.”...
  • Page 94 SNAT Enable SNAT for the farm. SNAT means that all requests being load balanced through the farm will have the source IP that comes from the WebMux rather than the original requesting client. HTTP Server Response Comparison String When a string is entered in this field, WebMux HTTP Health Check will search the first 1024 bytes in the HTML content.

  • Page 95: Add Server

    Add Server In the Modify Farm screen click on the “Add Server” button to add a new server to this farm. Or you can select the radio button of the farm from the main screen and click on the “Add Server” button on the left.

  • Page 96: Modify Farm

    This is for scheduling priority weight. Valid integer numbers are between 1 and 100. A server that has a weight of 2 will be directed twice as much traffic as a server with a weight of 1. A special zero weight setting is provided for a graceful shutdown of a server. When the weight is changed to zero, the WebMux will not send new connections, but will maintain all current connections to the server.
  • Page 97 The “Modify Farm” screen looks like this. Some of the fields will be hidden or displayed depending on some of your selections. Farm IP Address and Port Number The farm IP and port that is being modified will be displayed. These fields are set in the “Add Farm”...
  • Page 98  Least connections  Least connections - persistent  Round robin  Round robin—persistent  Weighted least connections  Weighted least connections—persistent  Weighted round robin  Weighted round robin—persistent  Weighted fastest response  Weighted fastest response—persistent SSL Termination You can enable or change the SSL key/certificate pair used for this farm.

  • Page 99: Delete Farm

    When a string is entered in this field, WebMux HTTP Health Check will search the first 1024 bytes in the HTML content. String is a case sensitive match. HTTP Server URI By default, the WebMux health check checks default page of the server. If specifying a URI here, the WebMux will use this URI instead of the default page do health check.
  • Page 100 Destination server IP address and port number: The IP and port of the selected server is displayed. These parameters are set in the “Add Server” screen. Once set, these fields cannot be modified. To correct this setting, delete the server and add a new one. Label: The label can be changed at any time.

  • Page 101: Delete Server

    Standby The server will be put into STANDBY, or backup, mode after it is added. The WebMux will change a STANDBY server to ACTIVE when one or more ACTIVE servers fail. The weights will also have an effect on the number of standby servers that are activated.
  • Page 102 Farm IP and Port This displays the current farm you are modifying. These fields are set in the “Add Farm” screen. Once set, they are not changeable. If they must be changed, delete the farm and then add a new one. IP Address Add an IP address to the current farm configuration.

  • Page 103: Modify Map

    Specify a port number that doesn’t duplicate any existing IP/port combinations. A port number of “all” will enable all port ranges, but excluding any already existing ports associated with the specified IP address. Please see the note at the end of this section regarding the behaviors of the additional IP/port in conjunction with SSL termination.

  • Page 104: Delete Map

    Refer to the previeous “Add MAP” section for details about the fields. Delete MAP™ This link carries out an action that requires you to first select a MAP by clicking on the radio button for the MAP in the Main Status screen. Once you have selected a MAP radio button, you can click on this link to delete it from the farm.
  • Page 105 IP Address: The main WebMux IP address will automatically used if you leave this field blank. This address will be what the WebMux will use as its source IP when checking the health status of the gateway IP address. Label: You can enter a label for reference purposes.
  • Page 106 Click on the “Add Gateway” button to add more gateways IPs to your gateway farm. IP Address: Enter the IP address of your gateway. Label: The label here is used only for reference purposes. Weight: This is for scheduling priority weight. Valid integer numbers are between 1 and 100. Run State: Active - The gateway will be put into service immediately after it is added.
  • Page 107 it goes out of service. When the original gateway comes back in service, it will stay Standby mode until manually setting its run state to Active again through the browser interface. This will give system administrators time to fix the system or reboot the gateway once some software/hardware update is completed.

  • Page 108: Modify Service

    The setting in this page will determine how long or how short the WebMux will wait to be able to verify if the gateway IP is still valid or not. You can disable the checking altogether by setting the timeout value to 0 or you can set the “front network verification” protocol to “none” in the Network Admin section within this User Manual.

  • Page 109: Save

    Save This link will be highlighted when you have made a configuration change that has not been saved. Clicking this link also forces a paired set of WebMux in HA configuration to synchronize your saved settings. A message will also be displayed and highlighted in the Main Status screen to let you know that an “unsaved in-memory configuration”...

  • Page 110: Frequency

    Frequency The health check frequency is the interval in which the WebMux sends out health check probes. In some cases, you might find that the WebMux is probing your servers too often. You can modify the frequency period here. Note, however, that increasing the frequency too much will make the WebMux take longer to mark a server dead or alive.
  • Page 111 within 15 seconds or the server is considered dead. The custom defined service also allows for CGI code responses that allow the server to change its own weight and announce such change to a remote syslog daemon.  Sample Custom CGI Code The custom cgi-bin checking program may be written in Java, VB, C, or Perl, for example, or it may be a WB or shell script.
  • Page 112 When the WebMux sends its health check, it will provide information in a query string that can be passed to your custom health check script. For example, the actual request from the WebMux will include the query string: /custom?farm=<IP>:<PORT>&server=<IP>:<PORT>&alive=1&standby=0&fav orite=0&lastresort=0&weight=1 “farm”...

  • Page 113: Http

    Ignore Contents of Custom Check Page This option will disable checking the output of your custom health check script and merely checks if the script file exists on your server. If you have this setting set to yes, you can bypass creating any kind of scripting altogether and just make sure you have a valid file at the location specified in the URI for custom service check field.

  • Page 114: Section Vii - Ssl Management

    SECTION VII – SSL MANAGEMENT SSL Keys This screen is where you can manage your SSL keys and certificates that are used for SSL termination. This is also where you can specify cipher restrictions. The WebMux supports SSL V2, SSL V3, and TLS V1 with RSA key length from 512, 1024, 2048, 4096, and 8192-bit.
  • Page 115 Key length can be from 512 to 8192. RSA key length 1024 is also called 128 bit strong encryption. At the bottom of the screen you will see the option to choose encryption protocols allowed. This will enable you to restrict SSL connections that do not follow the minimum protocol. If there are already active farms using SSL Termination, then changing this setting will require you to reboot the WebMux to activate changes.

  • Page 116: Generating A Csr

    Generating a CSR If you plan to generate new keys, click on the drop down box above the private key window to select the “use newly generated” item with the desired key length, and then click on the “Submit” button. This process is also known as “generating a CSR” or “generating a Certificate Signing Request.”...
  • Page 117 Please refer to our support site for instructions: http://www.avanu.com/webmux_ssl_certificate You can get OpenSSL for Windows® at: http://www.slproweb.com/products/Win32OpenSSL.html Contact the AVANU technical support department at techsupport@avanu.com for further assistance if problems should arise or for help with executing this process. ...

  • Page 118: Importing Your Existing Private Key And Certificate

    Importing Your Existing Private Key and Certificate If you already have an existing key and certificate in PEM format, importing them into the WebMux is as easy as cutting and pasting the text into the proper fields. Select an unused key number from the SSL termination management page, for example: Open your key PEM file in a text editor and copy the text starting with -----BEGIN RSA PRIVATE KEY----- all the way to -----END RSA PRIVATE KEY----- (be sure to include BOTH the header and footer).

  • Page 119: Section Viii - How To Add A Loopback Adapter

    SECTION VIII - HOW TO ADD A LOOPBACK ADAPTER For Direct Server Return Mode, a loopback adapter (Windows) or setting of similar function (*nix OS) is required. Installing the Microsoft® Loopback Adapter (pre-Windows 8/Server 2012) Click Add Hardware -> Add a new device -> No, I want to select the hardware from a list, and select Microsoft®...
  • Page 120 Highlight the root device (the PC name). Under the “Action” menu, select “Add legacy hardware”. On the next screen, select “Install the hardware that I manually select from a list (Advanced): Then, select “Network adapters” and click the Next button:...
  • Page 121 On the next screen, select “Microsoft” on the left pane and “Microsoft KM-TEST Loopback Adapter” on the right pane: Proceed throught the installation process:...

  • Page 122: Configuring The Microsoft® Loopback Adapter (Windows 8/Server 2012 And Newer)

    Click the “Finish” button when complete: Configuring the Microsoft® Loopback Adapter (Windows 8/Server 2012 and newer) Open the “Network and Sharing Center” from the Control Panel. Find the “Change adapter settings” link on the left side of the window.
  • Page 123 In the “Network Connections” window, right click on the Virtual Loopback Adapter (Microsoft KM-TEST Loopback Adapter) and select “Properties”. In the next window, highlight “Internet Protocol Version 4 (TCP/IPv4)” and click on the “Properties” button. In the “Internet Protocol Version 4 (TCP/IPv4) Properties“ screen, enter the FARM IP that the server belongs to and the subnet mask.

  • Page 124: Weakhost Settings For Windows Server 2008 And Newer

    Click on the “Advanced” button, then open the “WINS” tab. Make sure “Enable LMHOSTS lookup” is not selected and “Disable NetBIOS over TCP/IP” is selected. Click the OK buttons to submit the changes. Finally, set the Weakhost Settings to complete the installation. Weakhost Settings for Windows Server 2008 and Newer Beginning with Windows®...

  • Page 125: Linux® 2.4/2.6 Systems

    To verify the status of your interfaces: netsh interface ipv4 show interfaces level=verbose For Linux®, SUSE® Enterprise Linux®, Hewlett Packard® HP/UX®, FreeBSD®, Oracle® Solaris®, and Apple® Servers perform the following for: Linux® 2.4/2.6 Systems: Log in as root, and add this command to the bootup script: iptables -t nat -A PREROUTING -d <farm_ip>...

  • Page 126: Hewlett Packard® Hp/Ux® 11.00 And 11I

    Hewlett Packard® HP/UX® 11.00 and 11i: Please make sure PHNE_26771 and related patches applied first. Login as root, and this command to the bootup script: ifconfig lo0:1 farm_ip_address up FreeBSD®: ifconfig l®o0 inet farm_ip_address netmask 255.255.255.255 alias Oracle® Solaris®: ifconfig lo0:1 FARM_IP_ADDR ifconfig lo0:1 FARM_IP_ADDR FARM_IP_ADDR ifconfig lo0:1 netmask 255.255.255.255 ifconfig lo0:1 up...

  • Page 127: Section Ix - Http To Https Redirect

    SECTION IX – HTTP TO HTTPS REDIRECT In some cases, you may need the WebMux to redirect a client coming in via HTTP to HTTPS without having to create rewrite rules on the real servers. The way this feature works is you first have one farm (the “redirect”...

  • Page 128: Completing The Http To Https Redirect Configuration

    URI Redirect Prefix The prefix will be appended to the front of the original domain name. For example, if you specificy the prefix as “hostname.” and the original URI is http://domainname.com, the rewritten URI will be https://hostname.domainname.com. URI Redirect Suffix The suffix will be append to the end of the URI.

  • Page 129: Section X - Sample Configurations And Worksheets

    SECTION X – SAMPLE CONFIGURATIONS AND WORKSHEETS Initial Configuration Worksheets Configuration Before WebMux Installation EQUIPMENT IP ADDRESS Internet Router (or Firewall) Address Webserver(s) Default Gateway Web Site IP Addresses Configuration After WebMux Installation ENTRY QUESTION PRIMARY SECONDARY Host Name Domain Name NAT, Transparent, Single Network, or Direct Server Return Router LAN Information (NAT ONLY)

  • Page 130: Sample Configuration Worksheets

    Web Site IP Addresses 205.133.156.200 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network, or Direct Server Return Router LAN Information Router LAN WebMux Proxy IP Address 205.133.156.200 Router LAN Network IP Address Mask 255.255.255.0...

  • Page 131: Standalone Webmux Transparent Mode

    205.133.156.1 Web Site IP Addresses 205.133.156.200 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network or Direct Server Return Transparent Bridge Information Bridge IP Address 205.133.156.210 Bridge IP Network Mask 255.255.255.0 WebMux farm IP Address 205.133.156.200...
  • Page 132 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network or Direct Server Return Direct Server Return WebMux Server LAN Information Server LAN WebMux IP Address 10.1.2.254 (any) Server LAN WebMux IP Address Mask 255.255.0.0...

  • Page 133: Redundant Webmux Installation

    Configuration After WebMux Installation ENTRY QUESTION Primary Secondary Host Name webmux1 webmux2 Domain Name avanu.com avanu.com NAT, Transparent, Single Network, or Direct Server Return Router LAN Information Router LAN WebMux Proxy IP Address 205.133.156.200 205.133.156.200 Router LAN Network IP Address Mask 255.255.255.0 255.255.255.0...

  • Page 134: Section Xi - Frequently Asked Questions - Faqs

    SECTION XI – FREQUENTLY ASKED QUESTIONS – FAQs I can’t log in with my browser. It always says you are not logged in. To use your browser to manage the WebMux, it must be set to accept all cookies. Because the cookie is set to expire in 8 hours, you also need to make sure your system clock set correctly using GMT.
  • Page 135 Your servers are trying to resolve the WebMux unit’s IP address to a name so it could log them into log file. This may delay the server’s ability to reply to the WebMux health check probes. To avoid this problem, set the servers not resolve the IP addresses. You can also try adding all the IP address to the /etc/hosts file on your servers.
  • Page 136 Why didn’t the secondary WebMux take over when I powered down Primary WebMux? Possible reasons: 1) The two WebMux units are not running on the same version of firmware, or 2) The secondary WebMux not only monitors the primary WebMux, but a few other things as well.

  • Page 137: Section Xii - Limited Product Warranty And Support

     Restocking fees may apply  Customer or point of purchase must contact AVANU to disclose reason for return prior to thirty-days (30) of receiving product  Upon approval, a RMA number will be issued by AVANU’s Customer Service for the return and must be visible on the outside shipping container ...
  • Page 138 Premium Annual Service Program (First year must be purchased with the WebMux product or within the first 30-days of purchase. AVANU has the right to request a proof of purchase document. Renewals must be before the expiration period coverage to prevent additional recertification cost;...
  • Page 139 The Limited Warranty is a specified, fixed period commencing on the date of purchase from AVANU. The date on the sales receipt is the date of purchase unless AVANU or your point of purchase informs you otherwise in writing.
  • Page 140 The Support provision covers product configuration and basic remote installation support up to the first sixty-days (60) from purchase date (AVANU has the right to request a proof of purchase document). Technical support applies to WebMux performance only and current version firmware updates.
  • Page 141 AVANU approval and an issued RMA number are required for all warranty repair, service, or sales returns. AVANU has the right to refuse any shipment without a RMA number. * AVANU has the right to offer promotional programs at any time where the Limited Product...

This manual is also suitable for:

Webmux a525Webmux a620Webmux a625Webmuxa725Webmux a825

Table of Contents