DefensePro User Guide v6.02

DefensePro User GuideSoftware Version 6.02

Document ID: RDWR-DP-V0602_UG1201January, 2012

DefensePro User Guide

2 Document ID: RDWR-DP-V0602_UG1201


Document ID: RDWR-DP-V0602_UG1201 3

Important NoticesThe following important notices are presented in English, French, and German.

Important NoticesThis guide is delivered subject to the following conditions and restrictions:

Copyright Radware Ltd. 20062011. All rights reserved.

The copyright and all other intellectual property rights and trade secrets included in this guide are owned by Radware Ltd.

The guide is provided to Radware customers for the sole purpose of obtaining information with respect to the installation and use of the Radware products described in this document, and may not be used for any other purpose.

The information contained in this guide is proprietary to Radware and must be kept in strict confidence.

It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without the prior written consent of Radware.

Notice importanteCe guide est sujet aux conditions et restrictions suivantes : Copyright Radware Ltd. 20062011. Tous droits rservs.

Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels contenus dans ce guide sont la proprit de Radware Ltd.

Ce guide d'informations est fourni nos clients dans le cadre de l'installation et de l'usage des produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui pour lequel il a t conu.

Les informations rpertories dans ce document restent la proprit de Radware et doivent tre conserves de manire confidentielle.

Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce manuel sans avoir obtenu le consentement pralable crit de Radware.

Wichtige AnmerkungDieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert: Copyright Radware Ltd. 20062011. Alle Rechte vorbehalten.

Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und Geschftsgeheimnisse sind Eigentum von Radware Ltd.

Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt, Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden.

Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng vertraulich behandelt werden.

Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.



Copyright Notices The following copyright notices are presented in English, French, and German.

Copyright NoticesThis product contains code developed by the OpenSSL Project

This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit. (http://www.openssl.org/).

Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.

This product contains the Rijndael cipher

The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license:

@version 3.0 (December 2000)

Optimized ANSI C code for the Rijndael cipher (now AES)

@author Vincent Rijmen

@author Antoon Bosselaers

@author Paulo Barreto

The OnDemand Switch may use software components licensed under the GNU General Public License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

This code is hereby placed in the public domain.

This product contains code developed by the OpenBSD Project

Copyright (c) 1983, 1990, 1992, 1993, 1995

The Regents of the University of California. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

This product includes software developed by Markus Friedl

This product includes software developed by Theo de Raadt

This product includes software developed by Niels Provos

This product includes software developed by Dug Song

This product includes software developed by Aaron Campbell

This product includes software developed by Damien Miller

This product includes software developed by Kevin Steves

This product includes software developed by Daniel Kouril

This product includes software developed by Wesley Griffin

This product includes software developed by Per Allansson

This product includes software developed by Nils Nordman

This product includes software developed by Simon Wilkinson



Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

ALL THE SOFTWARE MENTIONED ABOVE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Notice traitant du copyrightCe produit renferme des codes dvelopps dans le cadre du projet OpenSSL.

Ce produit inclut un logiciel dvelopp dans le cadre du projet OpenSSL. Pour un usage dans la bote outils OpenSSL (http://www.openssl.org/).

Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits rservs. Ce produit inclut la catgorie de chiffre Rijndael.

L'implmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du domaine public et distribue sous les termes de la licence suivante :

@version 3.0 (Dcembre 2000)

Code ANSI C code pour Rijndael (actuellement AES)



@author Paulo Barreto .

Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande auprs de Radware. Une copie de la licence est rpertorie sur:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

Ce code est galement plac dans le domaine public.

Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL.

Copyright (c) 1983, 1990, 1992, 1993, 1995

Les membres du conseil de l'Universit de Californie. Tous droits rservs.

La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorise pour autant que les conditions suivantes soient remplies :

1. La distribution d'un code source doit inclure la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant.

3. Le nom de l'universit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour approuver ou promouvoir un produit driv de ce programme sans l'obtention pralable d'une autorisation crite.

Ce produit inclut un logiciel dvelopp par Markus Friedl



Ce produit inclut un logiciel dvelopp par Theo de Raadt Ce produit inclut un logiciel dvelopp par Niels Provos

Ce produit inclut un logiciel dvelopp par Dug Song

Ce produit inclut un logiciel dvelopp par Aaron Campbell Ce produit inclut un logiciel dvelopp par Damien Miller

Ce produit inclut un logiciel dvelopp par Kevin Steves

Ce produit inclut un logiciel dvelopp par Daniel Kouril

Ce produit inclut un logiciel dvelopp par Wesley Griffin

Ce produit inclut un logiciel dvelopp par Per Allansson

Ce produit inclut un logiciel dvelopp par Nils Nordman

Ce produit inclut un logiciel dvelopp par Simon Wilkinson.

La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorise pour autant que les conditions suivantes soient remplies :

1. La distribution d'un code source doit inclure la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant.

LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S'Y LIMITER, TOUTE GARANTIE IMPLICITE DE QUALIT MARCHANDE ET D'ADQUATION UN USAGE PARTICULIER EST EXCLUE.

EN AUCUN CAS L'AUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS, INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS S'Y LIMITER, L'ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D'USAGE, DE DONNES OU DE PROFITS OU L'INTERRUPTION DES AFFAIRES), QUELLE QU'EN SOIT LA CAUSE ET LA THORIE DE RESPONSABILIT, QU'IL S'AGISSE D'UN CONTRAT, DE RESPONSABILIT STRICTE OU D'UN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE QUELLE QUE FAON QUE CE SOIT DE L'USAGE DE CE LOGICIEL, MME S'IL A T AVERTI DE LA POSSIBILIT D'UN TEL DOMMAGE.

CopyrightvermerkeDieses Produkt enthlt einen vom OpenSSL-Projekt entwickelten Code

Dieses Produkt enthlt vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL Toolkit. (http://www.openssl.org/).

Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthlt die Rijndael cipher

Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist ffentlich zugnglich und wird unter folgender Lizenz vertrieben:

@version 3.0 (December 2000)

Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES)



@author Paulo Barreto

Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich. Eine Kopie dieser Lizenz kann eingesehen werden unter:

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

Dieser Code wird hiermit allgemein zugnglich gemacht.

Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code



Copyright (c) 1983, 1990, 1992, 1993, 1995

The Regents of the University of California. Alle Rechte vorbehalten.

Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.

3. Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete Produkte zu empfehlen oder zu bewerben.

Dieses Produkt enthlt von Markus Friedl entwickelte Software Dieses Produkt enthlt von Theo de Raadt entwickelte Software Dieses Produkt enthlt von Niels Provos entwickelte Software Dieses Produkt enthlt von Dug Song entwickelte Software

Dieses Produkt enthlt von Aaron Campbell entwickelte Software Dieses Produkt enthlt von Damien Miller entwickelte Software Dieses Produkt enthlt von Kevin Steves entwickelte Software Dieses Produkt enthlt von Daniel Kouril entwickelte Software Dieses Produkt enthlt von Wesley Griffin entwickelte Software Dieses Produkt enthlt von Per Allansson entwickelte Software Dieses Produkt enthlt von Nils Nordman entwickelte Software

Dieses Produkt enthlt von Simon Wilkinson entwickelte Software

Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.

SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND ("AS IS") BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH, DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.

UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE, GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.

Safety InstructionsThe following safety instructions are presented in English, French, and German.

Safety InstructionsCAUTION

A readily accessible disconnect device shall be incorporated in the building installation wiring.



Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that involve opening panels or changing components must be performed by qualified service personnel only.

To reduce the risk of fire and electrical shock, disconnect the device from the power line before removing cover or panels.

The following figure shows the caution label that is attached to Radware platforms with dual power supplies.

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE

The following figure is the warning for Radware platforms with dual power supplies.

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Figure 2 - Dual-Power-Supply-System Safety Warning in Chinese, page 8:

This unit has more than one power supply. Disconnect all power supplies before maintenance to avoid electric shock.

SERVICING

Do not perform any servicing other than that contained in the operating instructions unless you are qualified to do so. There are no serviceable parts inside the unit.

HIGH VOLTAGE

Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided as much as possible and, when inevitable, must be carried out only by a skilled person who is aware of the hazard involved.Capacitors inside the instrument may still be charged even if the instrument has been disconnected from its source of supply.

GROUNDING

Before connecting this device to the power line, the protective earth terminal screws of this device must be connected to the protective earth in the building installation.

LASER

This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard.



FUSES

Make sure that only fuses with the required rated current and of the specified type are used for replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided. Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be made inoperative and be secured against any unintended operation.

LINE VOLTAGE

Before connecting this instrument to the power line, make sure the voltage of the power source matches the requirements of the instrument. Refer to the Specifications for information about the correct power rating for the device.

48V DC-powered platforms have an input tolerance of 36-72V DC.

SPECIFICATION CHANGES

Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11For CE MARK Compliance. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense.

VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS

Figure 3: Statement for Class A VCCI-certified Equipment

Translation of Figure 3 - Statement for Class A VCCI-certified Equipment, page 9:

This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may occur, in which case, the user may be required to take corrective action.

Figure 4: Statement for Class B VCCI-certified Equipment



Translation of Figure 4 - Statement for Class B VCCI-certified Equipment, page 9:

This is a Class B product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this is used near a radio or television receiver in a domestic environment, it may cause radio interference. Install and use the equipment according to the instruction manual.

SPECIAL NOTICE FOR NORTH AMERICAN USERS

For North American power connection, select a power supply cord that is UL Listed and CSA Certified 3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [5 A], with a minimum length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply cord that is internationally harmonized and marked , 3 - conductor, 0,75 mm2 minimum mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated 250 V, 3 A..

RESTRICT AREA ACCESS

The DC powered equipment should only be installed in a Restricted Access Area.

INSTALLATION CODES

This device must be installed according to country national electrical codes. For North America, equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16, 110 -17, and 110 -18 and the Canadian Electrical Code, Section 12.

INTERCONNECTION OF UNITS

Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or DP-2. (Note- when residing in non LPS circuit)

OVERCURRENT PROTECTION

A readily accessible listed branch-circuit over current protective device rated 15 A must be incorporated in the building wiring for each power input.

REPLACEABLE BATTERIES

If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type, then an explosion may occur. This is the case for some Lithium batteries and the following is applicable:

If the battery is placed in an Operator Access Area, there is a marking close to the battery or a statement in both the operating and service instructions.

If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a statement in the service instructions.

This marking or statement includes the following text warning:

CAUTION

RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS.

Caution To Reduce the Risk of Electrical Shock and Fire

1. This equipment is designed to permit connection between the earthed conductor of the DC supply circuit and the earthing conductor equipment. See Installation Instructions.

2. All servicing must be undertaken only by qualified service personnel. There are not user serviceable parts inside the unit.

3. DO NOT plug in, turn on or attempt to operate an obviously damaged unit.

4. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED.

5. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label adjacent to the power inlet, housing the fuse.

6. Do not operate the device in a location where the maximum ambient temperature exceeds 40C/104F.



7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove and/or check the main power fuse. CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60 825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001

AC units for Denmark, Finland, Norway, Sweden (marked on product):

Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket outlet which is connected to a protective earth. Socket outlets which are not connected to earth are not to be used!

Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan

Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt

Unit is intended for connection to IT power systems for Norway only.

Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.

To connect the power connection:

1. Connect the power cable to the main socket, located on the rear panel of the device.

2. Connect the power cable to the grounded AC outlet.

CAUTION

Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one power supply module. To isolate the unit completely, disconnect all power supplies.

Instructions de scuritAVERTISSEMENT

Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment.

En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et d'incendie, chaque procdure impliquant l'ouverture des panneaux ou le remplacement de composants sera excute par du personnel qualifi.

Pour rduire les risques d'incendie et de chocs lectriques, dconnectez le dispositif du bloc d'alimentation avant de retirer le couvercle ou les panneaux.

La figure suivante montre l'tiquette d'avertissement appose sur les plateformes Radware dotes de plus d'une source d'alimentation lectrique.

Figure 1 : tiquette d'avertissement de danger de chocs lectriques

Figure 5: tiquette d'avertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES D'ALIMENTATION LECTRIQUE (EN CHINOIS)

La figure suivante reprsente l'tiquette d'avertissement pour les plateformes Radware dotes de deux sources d'alimentation lectrique.



Figure 6: Avertissement de scurit pour les systmes dotes de deux sources d'alimentation lectrique (en chinois)

Traduction de la Figure 6 - Avertissement de scurit pour les systmes dotes de deux sources d'alimentation lectrique (en chinois), page 12:

Cette unit est dote de plus d'une source d'alimentation lectrique. Dconnectez toutes les sources d'alimentation lectrique avant d'entretenir l'appareil ceci pour viter tout choc lectrique.

ENTRETIEN

N'effectuez aucun entretien autre que ceux rpertoris dans le manuel d'instructions, moins d'tre qualifi en la matire. Aucune pice l'intrieur de l'unit ne peut tre remplace ou rpare.

HAUTE TENSION

Tout rglage, opration d'entretien et rparation de l'instrument ouvert sous tension doit tre vit. Si cela s'avre indispensable, confiez cette opration une personne qualifie et consciente des dangers impliqus.

Les condensateurs au sein de l'unit risquent d'tre chargs mme si l'unit a t dconnecte de la source d'alimentation lectrique.

MISE A LA TERRE

Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de cette unit doivent tre relies au systme de mise la terre du btiment.

LASER

Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1 : 1993 + A1 :1997 + A2 :2001.

FUSIBLES

Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en remplacement. L'usage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre vits. Lorsqu'il est pratiquement certain que la protection offerte par les fusibles a t dtriore, l'instrument doit tre dsactiv et scuris contre toute opration involontaire.

TENSION DE LIGNE

Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source d'alimentation correspond aux exigences de l'instrument. Consultez les spcifications propres l'alimentation nominale correcte du dispositif.

Les plateformes alimentes en 48 CC ont une tolrance d'entre comprise entre 36 et 72 V CC. MODIFICATIONS DES SPCIFICATIONS

Les spcifications sont sujettes changement sans notice pralable.

Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022 Classe A, EN 55024, EN 61000-3-2 ; EN 61000-3-3 ; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une protection raisonnable contre les interfrences nuisibles, lorsque l'quipement est utilis dans un environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et, s'il n'est pas install et utilis conformment au manuel d'instructions, peut entraner des interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas l'utilisateur devra corriger le problme ses propres frais.

DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI



Figure 7: Dclaration pour l'quipement de classe A certifi VCCI

Traduction de la Figure 7 - Dclaration pour l'quipement de classe A certifi VCCI, page 13:

Il s'agit d'un produit de classe A, bas sur la norme du Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement domestique, des perturbations radiolectriques sont susceptibles d'apparatre. Si tel est le cas, l'utilisateur sera tenu de prendre des mesures correctives.

Figure 8: Dclaration pour l'quipement de classe B certifi VCCI

Traduction de la Figure 8 - Dclaration pour l'quipement de classe B certifi VCCI, page 13:

Il s'agit d'un produit de classe B, bas sur la norme du Voluntary Control Council for Interference by Information Technology Equipment (VCCI). S'il est utilis proximit d'un poste de radio ou d'une tlvision dans un environnement domestique, il peut entraner des interfrences radio.

Installez et utilisez l'quipement selon le manuel d'instructions.

NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS

Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon d'alimentation homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni d'une prise moule son extrmit, de 125 V, [5 A], d'une longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la connexion europenne, choisissez un cordon d'alimentation mondialement homologu et marqu "", 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La prise l'extrmit du cordon, sera dote d'un sceau moul indiquant: 250 V, 3 A.".

ZONE A ACCS RESTREINT

L'quipement aliment en CC ne pourra tre install que dans une zone accs restreint. CODES D'INSTALLATION

Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du Nord, l'quipement sera install en conformit avec le code lectrique national amricain, articles 110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12. INTERCONNEXION DES UNTES.

Les cbles de connexion l'unit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou DP-2. (Remarque- s'ils ne rsident pas dans un circuit LPS) PROTECTION CONTRE LES SURCHARGES.

Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit tre intgr au cblage du btiment pour chaque puissance consomme.

BATTERIES REMPLAABLES



Si l'quipement est fourni avec une batterie, et qu'elle est remplace par un type de batterie incorrect, elle est susceptible d'exploser. C'est le cas pour certaines batteries au lithium, les lments suivants sont donc applicables :

Si la batterie est place dans une zone d'accs oprateur, une marque est indique sur la batterie ou une remarque est insre, aussi bien dans les instructions d'exploitation que d'entretien.

Si la batterie est place ailleurs dans l'quipement, une marque est indique sur la batterie ou une remarque est insre dans les instructions d'entretien.

Cette marque ou remarque inclut l'avertissement textuel suivant : AVERTISSEMENT

RISQUE D'EXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT. METTRE AU REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS.

Attention - Pour rduire les risques de chocs lectriques et d'incendie

1. Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du circuit lectrique CC et l'quipement de mise la terre. Voir les instructions d'installation.

2. Tout entretien sera entrepris par du personnel qualifi. Aucune pice l'intrieur de l'unit ne peut tre remplace ou rpare.

3. NE branchez pas, n'allumez pas ou n'essayez pas d'utiliser une unit manifestement endommage.

4. Vrifiez que l'orifice de ventilation du chssis dans l'unit n'est PAS OBSTRUE.

5. Remplacez le fusible endommag par un modle similaire de mme puissance, tel qu'indiqu sur l'tiquette de scurit adjacente l'arrive lectrique hbergeant le fusible.

6. Ne faites pas fonctionner l'appareil dans un endroit, o la temprature ambiante dpasse la valeur maximale autorise. 40C/104F.

7. Dbranchez le cordon lectrique de la prise murale AVANT d'essayer de retirer et/ou de vrifier le fusible d'alimentation principal.

PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES : IEC 60

825-1:1993 + A1 :1997 + A2 :2001 ET EN 60825-1:1994+A1 :1996+ A2 :2001

Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit) :

Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les dviations du Danemark. Le cordon inclut un conducteur de mise la terre. L'unit sera branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas utilises !

Finlande - (tiquette et inscription dans le manuel) - Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan"

Norvge (tiquette et inscription dans le manuel) - "Apparatet m tilkoples jordet stikkontakt"

L'unit peut tre connecte un systme lectrique IT (en Norvge uniquement).

Sude (tiquette et inscription dans le manuel) - "Apparaten skall anslutas till jordat uttag."

Pour brancher l'alimentation lectrique :

1. Branchez le cble d'alimentation la prise principale, situe sur le panneau arrire de l'unit.

2. Connectez le cble d'alimentation la prise CA mise la terre. AVERTISSEMENT

Risque de choc lectrique et danger nergtique. La dconnexion d'une source d'alimentation lectrique ne dbranche qu'un seul module lectrique. Pour isoler compltement l'unit, dbranchez toutes les sources d'alimentation lectrique.

ATTENTION

Risque de choc et de danger lectriques. Le dbranchement d'une seule alimentation stabilise ne dbranche qu'un module "Alimentation Stabilise". Pour Isoler compltement le module en cause, il faut dbrancher toutes les alimentations stabilises.



Attention: Pour Rduire Les Risques d'lectrocution et d'Incendie

1. Toutes les oprations d'entretien seront effectues UNIQUEMENT par du personnel d'entretien qualifi. Aucun composant ne peut tre entretenu ou remplace par l'utilisateur.

2. NE PAS connecter, mettre sous tension ou essayer d'utiliser une unit visiblement dfectueuse.

3. Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES.

4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme capacit, comme indiqu sur l'tiquette de scurit proche de l'entre de l'alimentation qui contient le fusible.

5. NE PAS UTILISER l'quipement dans des locaux dont la temprature maximale dpasse 40 degrs Centigrades.

6. Assurez vous que le cordon d'alimentation a t dconnect AVANT d'essayer de l'enlever et/ou vrifier le fusible de l'alimentation gnrale.

SicherheitsanweisungenVORSICHT

Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert integrieren.

Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge, in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von qualifiziertem Servicepersonal durchgefhrt werden.

Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der Abdeckung oder der Paneele von der Stromversorgung getrennt werden.

Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit Doppelspeisung angebracht ist.

Figure 9: Warnetikett Stromschlaggefahr

SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG

Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.

Figure 10: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung

bersetzung von Figure 10 - Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung, page 15:



Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab.

WARTUNG

Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile.

HOCHSPANNUNG

Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind.

Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn das Gert von der Stromversorgung abgeschnitten wurde.

ERDUNG

Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden.

LASER

Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard.

SICHERUNGEN

Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden.

LEITUNGSSPANNUNG

Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben bezglich der korrekten elektrischen Werte des Gertes.

Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC. NDERUNGEN DER TECHNISCHEN ANGABEN

nderungen der technischen Spezifikationen bleiben vorbehalten.

Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC 61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung. Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese Interferenzen auf eigene Kosten zu korrigieren.

ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ

Figure 11: Erklrung zu VCCI-zertifizierten Gerten der Klasse A



bersetzung von Figure 11 - Erklrung zu VCCI-zertifizierten Gerten der Klasse A, page 16:

Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt, knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer verpflichtet, korrigierend einzugreifen.

Figure 12: Erklrung zu VCCI-zertifizierte Gerte der Klasse B

bersetzung von Figure 12 - Erklrung zu VCCI-zertifizierte Gerte der Klasse B, page 17:

Dies ist ein Produkt der Klasse B gem den Normen des Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt, knnen elektromagnetische Strungen auftreten.

Montieren und benutzen Sie das Gert laut Anweisungen im Benutzerhandbuch.

BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA

Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [5 A], mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische Anschlsse verwenden Sie ein international harmonisiertes, mit "" markiertes Stromkabel, mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem gegossenen Stecker fr 250 V, 3 A enden.

BEREICH MIT EINGESCHRNKTEM ZUGANG

Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang montiert werden.

INSTALLATIONSCODES

Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 - 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden. VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernet-mssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem nicht-LPS-Stromkreis)

BERSTROMSCHUTZ

Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr jede Stromeingabe in der Gebudeverkabelung integriert sein.

AUSTAUSCHBARE BATTERIEN

Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten von Lithiumsbatterien zu, und das folgende gilt es zu beachten:

Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung.

Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie eine Markierung oder einer Erklrung in der Wartungsanleitung.

Diese Markierung oder Erklrung enthlt den folgenden Warntext: VORSICHT



EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN.

Denmark - "Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!"

Finland - (Markierungsetikett und im Handbuch) - "Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan

Norway - (Markierungsetikett und im Handbuch) - "Apparatet m tilkoples jordet stikkontakt Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen

Sweden - (Markierungsetikett und im Handbuch) - "Apparaten skall anslutas till jordat uttag."

Anschluss des Stromkabels:

1. Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an.

2. Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.

VORSICHT

Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es von der gesamten Stromversorgung getrennt werden.

Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr

1. Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe Montageanleitung.

2. Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile.

3. Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen, einzuschalten oder zu betreiben.

4. Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT SIND.

5. Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem Stromkabelanschluss, am Sicherungsgehuse.

6. Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung 40 C berschreitet.

7. Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die Hauptsicherung entfernen und/oder prfen.



Document ConventionsThe following describes the conventions and symbols that this guide uses:

Item Description Description (French) Beschreibung (German)

Example

An example scenario Un scnario d'exemple Ein Beispielszenarium

Caution:

Possible damage to equipment, software, or data

Endommagement possible de l'quipement, des donnes ou du logiciel

Mgliche Schden an Gert, Software oder Daten

Note:

Additional information Informations complmentaires

Zustzliche Informationen

To

A statement and instructions

Rfrences et instructions

Eine Erklrung und Anweisungen

Tip:

A suggestion or workaround

Une suggestion ou solution

Ein Vorschlag oder eine Umgehung

Warning:

Possible physical harm to the operator

Blessure possible de l'oprateur

Verletzungsgefahr des Bedieners


Table of ContentsImportant Notices .......................................................................................................... 3Copyright Notices .......................................................................................................... 4Safety Instructions ......................................................................................................... 7Document Conventions ............................................................................................... 19

Chapter 1 Introduction......................................................................................... 29Introducing DefensePro ............................................................................................... 29DefensePro System Components ............................................................................... 29Radware Security Update Service on the Web ........................................................... 30Typical Deployment ..................................................................................................... 31Network Connectivity ................................................................................................... 32Management InterfacesAPSolute Vision and Others .............................................. 32DefensePro Features .................................................................................................. 33

Security Protections ............................................................................................................. 33Bandwidth Management ...................................................................................................... 34Real-time Security Reporting for DefensePro ...................................................................... 34Historical Security ReportingAPSolute Vision Reporter .................................................. 34

Related Documentation ............................................................................................... 34DefensePro Release Notes and Maintenance Release Notes ............................................ 35Radware Installation and Maintenance Guide ..................................................................... 35APSolute Vision Documentation .......................................................................................... 35APSolute Vision Reporter Documentation ........................................................................... 36Web Based Management Help ............................................................................................ 36

Chapter 2 Getting Started.................................................................................... 37DefensePro Physical Ports .......................................................................................... 37DefensePro Platforms and Models .............................................................................. 37Logging into APSolute Vision ...................................................................................... 38Changing Password for Local Users ........................................................................... 38APSolute Vision User Interface Overview ................................................................... 39

Configuration Perspective .................................................................................................... 39Monitoring Perspective ........................................................................................................ 41Security Monitoring Perspective .......................................................................................... 43Asset Management Perspective .......................................................................................... 44APSolute Vision Sites .......................................................................................................... 44

APSolute Vision Sites and DefensePro Devices ......................................................... 44

DefensePro User Guide Table of Contents


Configuring Inspection Ports ...................................................................................... 44Configuring Port Pairs ......................................................................................................... 45Managing the Status of Physical Ports ................................................................................ 46Internal Bypass for RJ-45 Ports .......................................................................................... 46

Updating the Attack Description File .......................................................................... 47

Chapter 3 Basic Device Configuration............................................................... 49Locking and Unlocking a Device ................................................................................ 49DefensePro Device Setup .......................................................................................... 50

Configuring DefensePro Global Parameters ....................................................................... 50Configuring Date and Time Synchronization ....................................................................... 51Configuring Daylight Saving ................................................................................................ 52Configuring Access Protocols ............................................................................................. 52Configuring SNMP Supported Versions .............................................................................. 54Upgrading a License for a DefensePro Device ................................................................... 54Configuring E-mail Settings ................................................................................................. 55Configuring RADIUS Authentication for Device Management ............................................ 56Configuring Syslog Settings ................................................................................................ 58Managing Certificates ......................................................................................................... 60Configuring High Availability ................................................................................................ 64Configuring BOOTP ............................................................................................................ 71

Advanced Parameters ................................................................................................ 71Configuring Advanced Settings ........................................................................................... 72Configuring Configuration Auditing ...................................................................................... 73Configuring Dynamic Protocols ........................................................................................... 73Configuring Tuning Parameters .......................................................................................... 75Configuring Security Reporting Settings ............................................................................. 84Configuring Out-of-Path Settings for DefensePro ............................................................... 87Configuring Session Table Settings .................................................................................... 88Configuring Suspend Settings ............................................................................................. 90Configuring the Device Event Scheduler ............................................................................. 91Configuring Tunneling Inspection ........................................................................................ 92

Configuring SNMP ...................................................................................................... 93Configuring SNMP Users .................................................................................................... 93Configuring SNMP Community Settings ............................................................................. 94Configuring the SNMP Group Table .................................................................................... 95Configuring SNMP Access Settings .................................................................................... 96Configuring SNMP Notify Settings ...................................................................................... 97Configuring SNMP View Settings ........................................................................................ 98Configuring the SNMP Target Parameters Table ................................................................ 98Configuring SNMP Target Addresses ................................................................................. 99

Configuring Device Users ......................................................................................... 100Configuring Access Permissions on Physical Ports ................................................. 101Configuring Port Pinging ........................................................................................... 102

DefensePro User GuideTable of Contents


Chapter 4 Device Network Configuration ........................................................ 103Configuring Device IP Interfaces .............................................................................. 103Managing IP Routing ................................................................................................ 104

Configuring IP Routing ...................................................................................................... 104Configuring ICMP ............................................................................................................. 105Configuring the ARP Table ............................................................................................... 106

Configuring Ports ...................................................................................................... 107Configuring Link Aggregation ........................................................................................... 108Configuring Port Mirroring ................................................................................................. 110

Configuring the Basic Network ParametersIP Version Mode and IP Fragmentation ... 112

IPv4 and IPv6 Support ...................................................................................................... 112IP Fragmentation .............................................................................................................. 112Configuring the Basic Networking Parameters ................................................................. 113

Configuring Port Pairs .............................................................................................. 114

Chapter 5 Security Configuration..................................................................... 117Security Protections .................................................................................................. 117Selecting a Device for Security Configuration .......................................................... 118Configuring Global Security Settings ........................................................................ 118

Configuring Global Signature Protection .......................................................................... 119Configuring DoS Shield Protection ................................................................................... 119Configuring Global Behavioral DoS Protection ................................................................. 121Configuring Global Anti-Scanning Protection Settings ..................................................... 127Configuring Global SYN Flood Protection ........................................................................ 128Configuring Global Out of State Protection ....................................................................... 129Configuring Global HTTP Flood Protection ...................................................................... 131Configuring Global SIP Cracking Protection ..................................................................... 132Configuring Global Fraud Protection ................................................................................ 133Managing Global Packet Anomaly Protection .................................................................. 134Configuring Global DNS Flood Protection ........................................................................ 138

Managing the Network Protection Policy .................................................................. 144Configuring the Network Protection Policy ....................................................................... 145Configuring Signature Protection for Network Protection ................................................. 149Configuring BDoS Profiles for Network Protection ........................................................... 168Configuring Anti-Scanning Protection for Network Protection .......................................... 170Configuring Connection Limit Profiles for Network Protection .......................................... 173Configuring SYN Profiles for Network Protection ............................................................. 177Radware-Recommended Verification Type Values .......................................................... 179Configuring Connection PPS Limit Profiles for Network Protection .................................. 182Configuring DNS Protection Profiles for Network Protection ............................................ 184



Managing the Server Protection Policy .................................................................... 187Configuring the Server Protection Policy ........................................................................... 188Configuring Server Cracking Profiles for Server Protection .............................................. 189Viewing Radware-defined Server Cracking Protections .................................................... 191Configuring HTTP Flood Profiles for Server Protection ..................................................... 192

Configuring White Lists ............................................................................................. 195Configuring White Lists in Defense Pro ............................................................................. 195

Configuring Black Lists ............................................................................................. 198Managing the ACL Policy ......................................................................................... 202

Configuring Global ACL Policy Settings ............................................................................ 202Configuring ACL Policy Rules ........................................................................................... 205Viewing Active ACL Policy Rules ...................................................................................... 208

Chapter 6 Bandwidth Management .................................................................. 209Bandwidth Management Overview ........................................................................... 209

Application Classification ................................................................................................... 209Classification Mode ........................................................................................................... 210

Managing Bandwidth Management Global Settings ................................................. 210Bandwidth Management Policies ............................................................................. 212

Bandwidth Management Policy Mechanism ...................................................................... 212Bandwidth Management Classification Criteria ................................................................. 213Bandwidth Management Rules ......................................................................................... 214Managing Bandwidth Management Policies ..................................................................... 215

Port Bandwidth ......................................................................................................... 220

Chapter 7 Managing Classes............................................................................ 221Configuring Network Classes ................................................................................... 221Configuring Application Classes ............................................................................... 223Configuring Physical Port Classes ........................................................................... 224Configuring VLAN Tag Classes ................................................................................ 224Configuring MAC Address Classes .......................................................................... 225Viewing Active Class Configurations ........................................................................ 226

Viewing the Active Network Class Configuration .............................................................. 226Viewing the Active Application Class Configuration .......................................................... 226Viewing the Active Physical Port Class Configuration ....................................................... 226Viewing the Active VLAN Tag Class Configuration ........................................................... 227Viewing the Active MAC Address Class Configuration ..................................................... 227

Configuring MPLS RD Groups ................................................................................. 227



Chapter 8 Managing Services for Traffic Filtering .......................................... 229Basic Filters .............................................................................................................. 229AND Group Filters .................................................................................................... 235OR Group Filters ...................................................................................................... 236Viewing Active Services ........................................................................................... 237

Chapter 9 Managing Device Operations and Maintenance............................ 239Rebooting a DefensePro Device .............................................................................. 239Shutting Down a DefensePro Device ....................................................................... 240Enabling and Disabling APSolute Vision Monitoring ................................................ 240Viewing and Setting Device Date and Time ............................................................. 241Upgrading Device Software ...................................................................................... 241Downloading a Devices Log File to the APSolute Vision Client .............................. 242Updating a Radware Signature File or RSA Signature File ...................................... 243Downloading a Technical Support File to the APSolute Vision Client ...................... 244Managing DefensePro Device Configurations .......................................................... 244

Configuration File Content ................................................................................................ 244Downloading a Devices Configuration File ...................................................................... 245Restoring a Devices Configuration .................................................................................. 245

Updating Policy Configurations on a DefensePro Device ........................................ 246Checking Device Memory Availability ....................................................................... 247Resetting the Baseline for DefensePro .................................................................... 247Enabling and Disabling Interfaces ............................................................................ 248Scheduling APSolute Vision and Device Tasks ....................................................... 248

Overview of Scheduling .................................................................................................... 248Configuring Tasks in the Scheduler .................................................................................. 249Task Parameters .............................................................................................................. 250

Chapter 10 Monitoring DefensePro Devices and Interfaces .......................... 257Monitoring DefensePro Devices ............................................................................... 257

Monitoring General DefensePro Device Information ........................................................ 257Monitoring DefensePro High Availability ........................................................................... 259Monitoring the DefensePro Suspend Table ...................................................................... 260Monitoring DefensePro CPU Utilization ............................................................................ 260Monitoring and Clearing DefensePro Authentication Tables ............................................ 261Monitoring DefensePro SNMP Statistics .......................................................................... 262Monitoring DME Utilization According to Configured Policies .......................................... 263Monitoring DefensePro Syslog Information ...................................................................... 264Monitoring Session Table Information .............................................................................. 264Monitoring DefensePro IP Statistics ................................................................................. 266Monitoring DefensePro Bandwidth Management Statistics .............................................. 267Monitoring Routing Table Information ............................................................................... 270



Monitoring DefensePro ARP Table Information ................................................................ 271Monitoring MPLS RD Information ...................................................................................... 271

Monitoring Device Interfaces .................................................................................... 272

Chapter 11 Real-Time Security Reporting ....................................................... 275Viewing the Security Dashboard .............................................................................. 275Viewing Current Attack Information .......................................................................... 277

Attack Details .................................................................................................................... 280Sampled Data Dialog Box ................................................................................................. 290

Viewing Real-Time Traffic Statistics ......................................................................... 290Viewing Traffic Utilization Statistics ................................................................................... 290Viewing Connection Rate Statistics ................................................................................... 292Viewing Concurrent Connections Statistics ....................................................................... 292

Monitoring Attack SourcesGeographical Map ...................................................... 293Protection Monitoring ................................................................................................ 293

Displaying Attack Status Information ................................................................................. 294Monitoring Network Rule Traffic ........................................................................................ 294Monitoring DNS Flood Attack Traffic ................................................................................. 296

HTTP Reports ........................................................................................................... 298Monitoring Continuous Learning Statistics ........................................................................ 299Monitoring Hour-Specific Learning Statistics ..................................................................... 300HTTP Request Size Distribution ........................................................................................ 300

Chapter 12 Administering DefensePro ............................................................ 303Command Line Interface .......................................................................................... 303

CLI Session Time-Out ....................................................................................................... 304CLI Capabilities ................................................................................................................. 304CLI Traps .......................................................................................................................... 305Send Traps To All CLI Users ............................................................................................. 305

Web Based Management ......................................................................................... 305Web Services ........................................................................................................... 306

API Structure ..................................................................................................................... 306APSolute API Software Development Kit (SDK) ............................................................... 307

Appendix A Behavioral DoS Advanced Settings............................................ 309

Appendix B Configuring SSL-Based Protection with AppXcel ..................... 313Configuring SSL Inspection Layer 4 Ports for DefensePro ...................................... 314



Appendix C Troubleshooting............................................................................ 315Diagnostic Tools ....................................................................................................... 315

Traffic Capture Tool .......................................................................................................... 315Trace-Log ......................................................................................................................... 316Diagnostic Tools Files Management ................................................................................. 319Diagnostics Policies .......................................................................................................... 320

Technical Support File .............................................................................................. 322

Appendix D Predefined Basic Filters ............................................................... 325

Appendix E Glossary......................................................................................... 335


Chapter 1 IntroductionThis guide describes DefensePro 6.02 and how to use it.

Unless specifically stated otherwise, the procedures described in this guide are performed using APSolute Vision.

This chapter introduces Radwares DefensePro and provides a general explanation of its main features and modules.

This chapter contains the following sections:

Introducing DefensePro, page 29

DefensePro System Components, page 29

Radware Security Update Service on the Web, page 30

Typical Deployment, page 31

Network Connectivity, page 32

Management InterfacesAPSolute Vision and Others, page 32

DefensePro Features, page 33

Related Documentation, page 34

Introducing DefenseProRadwares award-wining DefensePro is a real-time Intrusion Prevention System (IPS) and DoS-protection device, which maintains business continuity by protecting the application infrastructure against existing and emerging network-based threats that cannot be detected by traditional IPSs such as: network- and application-resource misuse, malware spreading, authentication defeat and information theft.

DefensePro features full protection from traditional vulnerability-based attacks through proactive signature updates, preventing the already known attacks, including worms, trojans, bots, SSL-based attacks, and VoIP attacks.

Unlike market alternatives that rely on static signatures, DefensePro provides unique behavioral-based, automatically generated, real-time signatures, preventing non-vulnerabilitybased attacks and zero-minute attacks such as: network and application floods, HTTP page floods, malware propagation, Web application hacking, brute force attacks aiming to defeat authentication schemes, and moreall without blocking legitimate users traffic and with no need for human intervention.

With multiple-segment protection in a single unit, a pay-as-you-grow license-upgrade approach, and ease of management through hands-off security features such as no-configuration and self-tuning, DefensePro is the industrys leading IPS for best functionality, maximum affordability, and ease of management.

DefensePro System ComponentsRadware DefensePro is an in-line Intrusion Prevention and Denial-of-Service protection system that detects and prevents network threats in real-time. DefensePro inspects incoming and outgoing traffic for potential attacks, clearing the network from unwanted malicious traffic. DefensePro also manages bandwidth and establishes traffic shaping rules.

DefensePro User Guide Introduction


The DefensePro system contains the following components:

DefensePro deviceThe term device refers to the physical platform and the DefensePro product.

Management interfaceAPSolute Vision and others.

Radware Security Update Service on the Web.

Figure 13: DefensePro System Components

Radware Security Update Service on the WebRadwares Security Update Service delivers immediate and ongoing signature updates, protecting against the latest network and application security threats including worms, trojans, bots, and application vulnerabilities, to safeguard your applications, network and users.

The Security Update Service consists of the following key service elements:

24/7 Security Operations Center (SOC) ScanningContinuous threat monitoring, detection, risk assessment and filter creation for threat mitigation.

Emergency FiltersRapid response filter releases for high impact security events through Emergency Filters.

Weekly UpdatesScheduled periodic updates to the signature files, with automatic distribution through Radware APSolute Vision, or on-demand download fromhttp://www.radware.com/content/support/securityzone/serviceinfo/default.asp.

Custom FiltersCustom filters for environment-specific threats and newly reported attacks reported to the SOC.

For up-to-date security information, refer to the Radware Security Zone, available from the Radware Web site:http://www.radware.com/content/support/securityzone/serviceinfo/default.asp.

DefensePro User GuideIntroduction


Typical DeploymentThe following illustration shows an in-line installation of DefensePro IPS in an enterprise. In this deployment, DefensePro is located at the gateway, protecting hosts, servers and network resources against incoming network attacks. DefensePro also protects DMZ servers against attacks targeting Web, e-mail, VoIP and other services. This Radware deployment is at the enterprise gateway, in front of the DMZ servers, where DefensePro provides perimeter protection for the enterprise servers, users, routers and firewalls.

Figure 14: Typical DefensePro Deployment



Network ConnectivityThe following figure shows the typical network topology of DefensePro.

Figure 15: Typical Network Connectivity

Management InterfacesAPSolute Vision and OthersAPSolute Vision is the main management interface for DefensePro.

Additional management interfaces for DefensePro devices include:

Web-Based Management (WBM)

Command-Line Interface (CLI)

You can perform most tasks using any of the management systems. However, for the most part, this guide describes management tasks by means of APSolute Vision.

APSolute Vision is a graphical application that enables you to configure, modify, monitor, and generate reports centrally for single or multiple DefensePro deployments.

You can connect a DefensePro device to management interfaces through network physical interfaces or through serial ports. DefensePro supports the following port types:

Using the network connection: SNMP, HTTP, HTTPS, Telnet, SSH

Using the serial port connection: RS-232 up to 115 Kbit/s (default is 19,200 Kbit/s)



The following table lists the DefensePro physical interfaces and supporting management interfaces:

Note: For more information, see Administering DefensePro, page 303.

DefensePro FeaturesThis section provides a brief description of the main DefensePro features and includes the following topics:

Security Protections, page 33

Bandwidth Management, page 34

Real-time Security Reporting for DefensePro, page 34

Historical Security ReportingAPSolute Vision Reporter, page 34

Security ProtectionsDefensePros multi-layer security approach combines a set of features detecting and mitigating a wide range of network attacks.

DefensePro supports the following types of security protections:

Network-wide protectionsProtects against the following:

Behavioral DoSProtects against zero-day flood attacks, including SYN Floods, TCP Floods, UDP floods, ICMP and IGMP floods.

Scanning and worm protectionZero-day protection against self-propagating worms, horizontal and vertical TCP and UDP scanning, and ping sweeps.

SYN protectionProtects against any type of SYN flood attack using advanced SYN cookies. A SYN flood attack is usually aimed at specific servers with the intention of consuming the servers resources. However, you configure SYN Protection as a Network Protection to allow easier protection of multiple network elements.

Server protectionsProtects against the following:

Connection limitProtects against session-based attacks, such as half open SYN attacks, request attacks and connection attacks.

Server-cracking protectionZero-day protection against application-vulnerability scanning, brute-force and dictionary attacks.

HTTP mitigatorMitigates zero-day HTTP page flood attacks.

DefensePro Interfaces

Protocol APSolute Vision Web Based Management Command Line InterfaceSNMPv1, SNMPv3 9HTTP 9Secure Web 9Telnet 9SSH 9RS-232 9



Signature-based protectionsProtects against known application vulnerabilities, and common malware, such as worms, trojans, spyware, and DoS.

Access Control ListProvides stateful access control.

Bandwidth Management Using DefensePros Bandwidth Management module, you can define policies to restrict or maintain the bandwidth that can be sent or received by each application, user, or segment.

You can configure Bandwidth Management policies to guarantee bandwidth for each critical application or limit non-critical traffic such as P2P. You can also set rules to block or allow specific traffic types.

Real-time Security Reporting for DefenseProAPSolute Vision provides real-time attack views and security service alarms for DefensePro devices.

When DefensePro detects an attack, the attack is reported as a security event. DefensePros security monitoring enables you to analyze real-time and historical attacks. When DefensePro detects an attack, it automatically generates counter-measures that you can observe and analyze using various monitoring tools.

DefensePro provides you with monitoring tools that show real-time network traffic and application-behavior parameters. Security monitoring also provides statistical parameters that represent normal behavior baselines, which are generated using advanced statistical algorithms.

Historical Security ReportingAPSolute Vision ReporterAPSolute Vision supports the APSolute Vision Reporter for DefensePro.

APSolute Vision Reporter is a historical security reporting engine, which provides the following:

Customizable dashboards, reports, and notifications

Advanced incident handling for security operating centers (SOCs) and network operating centers (NOCs)

Standard security reports

In-depth forensics capabilities

Ticket workflow management

Related DocumentationSee the following documents for information related to DefensePro:

DefensePro Release Notes and Maintenance Release Notes

Radware Installation and Maintenance Guide

APSolute Vision Documentation

APSolute Vision Reporter Documentation

Web Based Management Help



DefensePro Release Notes and Maintenance Release Notes See the DefensePro Release Notes and DefensePro Maintenance Release Notes for information about the relevant DefensePro version.

Radware Installation and Maintenance GuideSee the Radware Installation and Maintenance Guide for the following:

Pre-installation procedures, which include:

Mounting the platform

Verifying accessibility of management ports

Connecting and installing DefensePro, which includes:

Information on DefensePro physical platforms

Connecting the Management port cable

Connecting the inspection ports cables

Installing APSolute Vision

Initializing DefensePro using APSolute Vision, which comprises the following:

Connecting DefensePro using APSolute Vision

Adding a DefensePro device

The Radware Installation and Maintenance Guide includes additional useful information on the following:

Maintenance and software upgrade

Troubleshooting

Hardware upgrades

Specifications

APSolute Vision DocumentationAPSolute Vision documentation includes the following:

APSolute Vision Administrator GuideSee this for information about:

APSolute Vision features

User managementfor example, adding users and defining their permissions.

Adding and removing DefensePro devices.

Configuring siteswhich is a physical or logical representation of a group of managed devices.

Administration and maintenance tasks on managed devices; such as, scheduling tasks, making backups, and so on.

APSolute Vision CLI

APSolute Vision User GuideSee this for information about:

APSolute Vision features

APSolute Vision interface navigation

Monitoring APSolute Visionfor example, version, server, database, device-configuration files, controlling APSolute Vision operations, backing up the APSolute Vision database

Managing auditing and alerts

Scheduling all APSolute Vision and device tasks

APSolute Vision online helpSee this for information about monitoring managed devices



APSolute Vision Reporter DocumentationSee the APSolute Vision Reporter online help and APSolute Vision Reporter User Guide for information about APSolute Vision Reporter and how to use it.

Web Based Management HelpDefensePro Web Based Management supports Help for each page.


Chapter 2 Getting StartedThis chapter describes what to do before you configure DefensePro with security policies.

The Radware Installation and Maintenance Guide covers the information and procedures related to the physical specifications and basic setup of APSolute Vision server and DefensePro platforms. Read the relevant information and follow the instructions in the Radware Installation and Maintenance Guide before you perform the other tasks covered in this chapter.

This chapter contains the following sections:

DefensePro Physical Ports, page 37

DefensePro Platforms and Models, page 37

APSolute Vision User Interface Overview, page 39

APSolute Vision Sites and DefensePro Devices, page 44

Configuring Inspection Ports, page 44

DefensePro User Guide v6.02

Documents

Transcript of DefensePro User Guide v6.02