Download Print this page

IBM 1G User Manual

Ibm security network active bypass
Hide thumbs

Advertisement

Quick Links

IBM Security 1G Network Active Bypass

User Guide

Advertisement

loading

  Related Manuals for IBM 1G

  Summary of Contents for IBM 1G

  • Page 1: User Guide

    IBM Security 1G Network Active Bypass User Guide...
  • Page 2 Copyright statement © Copyright IBM Corporation 2009, 2014. U.S. Government Users Restricted Rights — Use, duplication, or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Publication Date: April 2014...
  • Page 3: Table Of Contents

    Chapter 3. Configuring the Network Active Bypass unit in the management interface ....11 About the management interface . . 11 © Copyright IBM Corp. 2009, 2014...
  • Page 4 1G Network Active Bypass: User Guide...
  • Page 5: Homologation Statement - Regulation Notice

    Homologation statement - regulation notice This product is not intended to be connected directly or indirectly by any means whatsoever to interfaces of public telecommunications networks. © Copyright IBM Corp. 2009, 2014...
  • Page 6 1G Network Active Bypass: User Guide...
  • Page 7: Safety, Environmental, And Electronic Emissions Notices

    It is the responsibility of the customer to ensure that the outlet is correctly wired and grounded to prevent an electrical shock. (D004) DANGER © Copyright IBM Corp. 2009, 2014...
  • Page 8 Electrical voltage and current from power, telephone, and communication cables are hazardous. To avoid a shock hazard: ® v Connect power to this unit only with the IBM provided power cord. Do not use the IBM provided power cord for any other product.
  • Page 9 Exchange only with the IBM approved part. Recycle or discard the battery as instructed by local regulations. In the United States, IBM has a process for the collection of this battery. For information, call 1-800-426-4333. Have the IBM part number for the battery unit available when you call. (C003) CAUTION: For 19”...
  • Page 10 US English source. Before using a US English publication to install, operate, or service this IBM product, you must first become familiar with the related safety information in the booklet. You should also refer to the booklet any time you do not clearly understand any safety information in the US English publications.
  • Page 11 (IT) equipment to responsibly recycle their equipment when it is no longer needed. IBM offers a variety of product return programs and services in several countries to assist equipment owners in recycling their IT products. Information on IBM product recycling offerings can be found on IBM's Internet site at http:// www.ibm.com/ibm/environment/...
  • Page 12 States, go to http://www.ibm.com/ibm/environment/products/ batteryrecycle.shtm or contact your local waste disposal facility. In the United States, IBM has established a return process for reuse, recycling, or proper disposal of used IBM sealed lead acid, nickel cadmium, nickel metal hydride, and other battery packs from IBM equipment.
  • Page 13 Note: Properly shielded and grounded cables and connectors must be used in order to meet FCC emission limits. IBM is not responsible for any radio or television interference caused by using other than recommended cables and connectors, by installation or use of this equipment other than xvi IBM Internet Security Systems as specified in the installation manual, or by any other unauthorized changes or modifications to this equipment.
  • Page 14 This product is in conformity with the protection requirements of EU Council Directive 2004/108/ EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility. IBM cannot accept responsibility for any failure to satisfy the protection requirements resulting from a non-recommended modification of the product, including the fitting of non-IBM option cards.
  • Page 15 This product is a Class A Information Technology Equipment and conforms to the standards set by the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). In a xviii IBM Internet Security Systems domestic environment, this product may cause radio interference in which case the user may be required to take adequate measures.
  • Page 16 1G Network Active Bypass: User Guide...
  • Page 17: About This Publication

    A fundamental knowledge of network policies and IP network configuration is helpful. Latest publications For the latest Network Active Bypass documentation, go to the IBM Knowledge Center at http://www.ibm.com/support/knowledgecenter/SSB2MG/welcome. Related publications See the following documents for more information about the Network IPS appliances supported by the...
  • Page 18: Contacting Ibm Support

    Check IBM Technotes, accessible through the IBM Support Portal. If you are unable to find an answer or a solution in the Support portfolio or in the IBM Technotes, check to be sure your company or organization has an active IBM maintenance contract, and that you are authorized to submit a problem to IBM, before you contact IBM Support.
  • Page 19: Chapter 1. Introducing The Network Active Bypass Unit

    E-mail notification on system events v TACACS+ authentication v Syslog support v Full RoHS compliance Extensive bypass configuration v Bypass heartbeat custom configurations including: – Heartbeat pattern – Heartbeat frequency v Bypass on link loss © Copyright IBM Corp. 2009, 2014...
  • Page 20 The Network Active Bypass unit uses two redundant power supplies for maximum reliability. If the power fails, two optical switches remove the Network Active Bypass unit from the network and the Network Active Bypass unit functions as two straight cables. 1G Network Active Bypass: User Guide...
  • Page 21: About The Unit

    Note: Segments are arranged right-to-left, in the following order: Segment 4, Segment 3, Segment 2, Segment 1. 1. Network ports: 1G (SR, LR, or Copper) N1 and N2 ports connecting to an Ingress network and Egress network 2. Appliance ports: 1G (SR, LR, or Copper) A1 and A2 ports connecting to an IPS appliance 3.
  • Page 22: Basic Operation

    Network IPS appliance to port A2 (appliance out). Active switching then routes the data through port N2 and out to the private network. Active mode also operates in reverse, routing data from a private network to a public network. 1G Network Active Bypass: User Guide...
  • Page 23 Switching mode Description Bypass Bypass mode channels Ethernet frames from the public network to port N1 (network in). Data is routed through a closed loop from port N1 (network in) to port N2 (network out) and bypasses the Network IPS appliance so that frames go directly from the public network to the private network.
  • Page 24 4: Manual Passive Bypass The bypass unit does not pass any traffic, either to the Network IPS appliance or to the network. This operation mode is useful for testing high availability scenarios. 1G Network Active Bypass: User Guide...
  • Page 25: Chapter 2. Setting Up The Network Active Bypass Unit

    1. Place the Network Active Bypass unit and the Network IPS appliances on a rack. 2. Connect the cable to and configure the Network IPS appliances using the instructions provided in the Network IPS GX Appliance Getting Started Guide available from the IBM Knowledge Center at http://www.ibm.com/support/knowledgecenter/SSB2MG/welcome.
  • Page 26: Placing The Network Active Bypass Unit And The Network Ips Appliances

    2. Add the Network Active Bypass unit and the Network IPS appliances to the rack. 3. Connect the cable to the Network IPS appliances using the instructions provided in the Network IPS GX Appliance Getting Started Guide available from the IBM Knowledge Center at http:// www.ibm.com/support/knowledgecenter/SSB2MG/welcome.
  • Page 27: Setting Up E-Mail Notification

    Setting up e-mail notification About this task Configure e-mail notification to receive a status e-mail when the state of the Network Active Bypass unit changes. You must set up e-mail notification before you configure your segments. Setting up segments Procedure 1.
  • Page 28 1G Network Active Bypass: User Guide...
  • Page 29: Chapter 3. Configuring The Network Active Bypass Unit In The Management Interface

    Reboot the Network Active Bypass unit Users Change the admin password Remote Authentication Settings that allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network © Copyright IBM Corp. 2009, 2014...
  • Page 30: Accessing The Management Interface

    The default values remain in effect until you change them. If you need to change the user name or password, you can use the Users page of the management interface or the command line interface. 1G Network Active Bypass: User Guide...
  • Page 31: Monitoring The Status Of The Network Active Bypass Unit

    Monitoring the status of the Network Active Bypass unit This topic provides information about using the management interface to monitor the status of the Network Active Bypass unit. Checking overall status The Status page is the first page you see when you log in to the management interface. Use the Status page to view information for the Network Active Bypass unit.
  • Page 32: Managing Settings For The Network Active Bypass Unit

    Number of accepted HB to get into active mode (1–10) is generated by the Network IPS appliance. This is the number of heartbeats the Network Active Bypass unit must receive in order for the unit to change from bypass to active. Default: 1 1G Network Active Bypass: User Guide...
  • Page 33 Field Description Operation Mode Specifies the operation mode of the Network Active Bypass unit: v 0: Normal Active Bypass (default mode) - If the Network Active Bypass unit receives heartbeat signals within the Timeout period, the switching mode remains or is changed to Active Switching mode. If the Network Active Bypass unit does not receive heartbeat signals within the Timeout period, it will change to or remain in Bypass Switching mode.
  • Page 34: Configuring Management Port Settings

    Name or address that should be displayed in the From From (Sender's email address) field of an outgoing e-mail message To (List of recipients, comma separated) List of e-mail addresses to whom the notification should be sent 1G Network Active Bypass: User Guide...
  • Page 35: Configuring Snmp Traps

    Field Description Subject Subject to be displayed in the subject line of the outgoing e-mail message Example: “Proventia NAB status report” Configuring SNMP traps About this task The Network Active Bypass unit provides an SNMP trap function that can send messages to a trap server when the segment status or power supply status changes.
  • Page 36: Synchronizing Time And Setting Time Zones

    Use the Users page to change the user name and password required to access the Web management interface. Field Description Password Password required to access the management interface from a Web browser Confirm Password Confirmation for the password required to access the management interface from a Web browser 1G Network Active Bypass: User Guide...
  • Page 37: Backing Up Or Restoring Settings

    Backing up or restoring settings Procedure Use the Backup/Restore page to make a backup file or to return the Network Active Bypass unit to its default settings. Complete the fields as indicated in the following table. Field Description Backup Saves a copy of current settings on the Network Active Bypass unit in a file named config.txt.
  • Page 38: Restarting The Network Active Bypass Unit

    Encrypts the body of the TACACS+ packets for more secure communications Default: No Secret Shared secret value for encryption that is known to both the client and the daemon Default: None Service Services that are requesting authentication Default: All 1G Network Active Bypass: User Guide...
  • Page 39: Chapter 4. Configuring The Network Active Bypass Unit Using The Command Line Interface

    User name and password Use the administrator account to configure parameters and to monitor the status of the Network Active Bypass unit. The default user name and password are listed in the following table. © Copyright IBM Corp. 2009, 2014...
  • Page 40: Syntax For Command Line Parameters

    Example: Typing cli get timeout displays the timeout value in decimal form cli set parameter_name parameter_value Sets a value for the parameter you specify Example: Typing cli set timeout 20 sets the timeout value to 20 1G Network Active Bypass: User Guide...
  • Page 41: Command Line Parameters

    Bypass unit. Do not change a default value unless you are sure of the effect the change will have on your network. Some parameters should not be changed unless you are instructed to do so by a representative from IBM Support. Management port parameters The parameters in the following table control the IP settings for the management port.
  • Page 42 Network Active Bypass unit email_server SMTP server address for the mail server email_subject Text to be displayed in the subject line of notification e-mail messages Sample: "Notice: PNAB segment(s) have switched modes" 1G Network Active Bypass: User Guide...
  • Page 43 Parameter Description email_to List of e-mail addresses to which the notification should be sent SNMP parameters The parameters in the following table control the sending of SNMP traps. Parameter Description snmp Enables or disables the SNMP function v 0: disables SNMP function v 1: enables SNMP function Default: 0 (disabled) snmp_community...
  • Page 44 TACACS+ parameters Use the following parameters to configure TACACS+ from the CLI: Parameter Description tacacs Values: v 0: disabled v 1: enabled tacacs_encryption Values: v 0: disabled v 1: enabled tacacs_protocol TACACS+ protocol Default: all 1G Network Active Bypass: User Guide...
  • Page 45 Parameter Description tacacs_secret TACACS+ secret Default: None tacacs_server IP number of TACACS+ server tacacs_service TACACS+ service Default: all Chapter 4. Configuring the Network Active Bypass unit using the command line interface...
  • Page 46 1G Network Active Bypass: User Guide...
  • Page 47: Notices

    Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead.
  • Page 48: Trademarks

    Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at Copyright and trademark information at www.ibm.com/ legal/copytrade.shtml.
  • Page 49: Index

    2 power supply 3 reboot 20 safety notices vii segment configuration 14 SSH port 21 status 13 support xviii switching modes 4 syntax, command line 22 syslog 19 system status 13 © Copyright IBM Corp. 2009, 2014...
  • Page 50 1G Network Active Bypass: User Guide...
  • Page 52 Printed in USA...