Allot NX Installation and Admin Guide R13 (13.4)

NetXplorer

Installation & Administration Guide P/N D354005 R13

NetXplorer Installation and Administration Guide i

Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of

action, whether in contract, tort (including negligence), strict liability or otherwise.

SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT

ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN

THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.

Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.

Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate.

WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,

REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),

STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright Copyright 1997-2014 Allot Communications. All rights reserved. No part of this document may

be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other

language without a written permission and specific authorization from Allot Communications Ltd.

Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or

copyrights of their respective companies, and are used only for identification or explanation and to

the owners' benefit, without intent to infringe.

Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

NetXplorer Installation and Administration Guide ii

Version History Each document has a version and a build number. You can tell the exact version and build

of this document by checking the top row of the table below.

Document updates are released in electronic form from time to time and the most up to date

version of this document will always be found on Allots online Knowledge Base. To check for more recent versions, login to the support area www.allot.com/support.html and from

the knowledgebase tab, enter the title of this document into the search field.

Doc

Revision

Internal

Build

Product

Version

Published Summary of Changes

13 v13b4 NX13.4 29.01.15 CLI Clarified

13 v13b3 NX13.4 07.12.14 General edits

13 v13b2 NX13.4 13.10.14 V3700 RAID Storage added

13 v13b1 NX13.4 30.09.14 Install instructions updated

NetXplorer Installation and Administration Guide iii

Important Notice ............................................................................................................................ i Copyright ...................................................................................................................................... i Trademarks ................................................................................................................................... i

Version History .............................................................................................................................. ii

CHAPTER 1: GETTING STARTED .......................................................................... 1-1 Overview...................................................................................................................................... 1-1 Terms and Concepts ................................................................................................................... 1-1 NetXplorer Architecture ............................................................................................................ 1-4 Administration Role ................................................................................................................... 1-6

CHAPTER 2: INSTALLATION .................................................................................. 2-1 NetXplorer Server Installation .................................................................................................. 2-1

Allot Appliance Installation ...................................................................................................... 2-1 Alternate Hardware ................................................................................................................. 2-14

NetXplorer Client Installation................................................................................................. 2-31 Java, WebStart and the NetXplorer Client .............................................................................. 2-31 Accessing NetXplorer ............................................................................................................. 2-34 Enabling NetXplorer Servers .................................................................................................. 2-35

NX Accounting Installation ..................................................................................................... 2-36 Linux Server ........................................................................................................................... 2-36 Windows Server ...................................................................................................................... 2-38

NPP Installation ........................................................................................................................ 2-42 Linux Server ........................................................................................................................... 2-42 Windows Server ...................................................................................................................... 2-46

NX High Availability Platform Installation ........................................................................... 2-49 Connecting NX-SRV-HAP ..................................................................................................... 2-50 Configuring NX-SRV-HAP .................................................................................................... 2-56

CHAPTER 3: CONFIGURATION .............................................................................. 3-1 Overview...................................................................................................................................... 3-1 Working with Devices ................................................................................................................ 3-1 Configuring NetXplorer Users ................................................................................................ 3-10

Internal User Configuration .................................................................................................... 3-11 External Authentication Configuration ................................................................................... 3-13 Password Management ........................................................................................................... 3-15

CHAPTER 4: MONITORING COLLECTORS ........................................................ 4-1 Overview...................................................................................................................................... 4-1

Data Collection Process ............................................................................................................ 4-2 Collector Redundancy ............................................................................................................... 4-2 Extended Mode ......................................................................................................................... 4-3 NetXplorer Support................................................................................................................... 4-5

Installing Monitoring Collectors ............................................................................................... 4-6 Collector Groups ..................................................................................................................... 4-15

NetXplorer Installation and Administration Guide iv

Configuring Monitoring Collectors ........................................................................................ 4-16 Troubleshooting the Collector ................................................................................................. 4-19

Command Line Interface ........................................................................................................ 4-19 Processes ................................................................................................................................. 4-19 Logs and Snapshots ................................................................................................................ 4-19 Recreating Databases .............................................................................................................. 4-20 Changing IP Addresses ........................................................................................................... 4-21

CHAPTER 5: NETXPLORER ACCOUNTING ........................................................ 5-1 Overview...................................................................................................................................... 5-1 Configuring NetXplorer Accounting ........................................................................................ 5-1

CHAPTER 6: DATABASE MANAGEMENT ............................................................ 6-1 Backup Terms ........................................................................................................................... 6-1 Using Backups to Achieve NX Redundancy ............................................................................ 6-2

Database Management on Windows ......................................................................................... 6-2 Cold Backup ............................................................................................................................. 6-2 Hot Backup ............................................................................................................................... 6-4 Aligning Protocol Pack Versions ............................................................................................ 6-16

Database Management on Linux ............................................................................................ 6-17 Cold Backup ........................................................................................................................... 6-17 Hot Backup ............................................................................................................................. 6-18 Aligning Protocol Pack Versions ............................................................................................ 6-27

Data Collection and Profiles .................................................................................................... 6-28 Data Collection - Overview .................................................................................................... 6-28 Profiles - Overview ................................................................................................................. 6-29 Profiles Available Options ................................................................................................... 6-30 Profiles - Configuration .......................................................................................................... 6-32

CHAPTER 7: COMMAND LINE INTERFACE (CLI) ............................................ 7-1 Provisioning CLI ........................................................................................................................ 7-2

Topology CLI ........................................................................................................................... 7-3 Catalog CLI .............................................................................................................................. 7-8 Policy CLI ............................................................................................................................... 7-30 Web Updates CLI ................................................................................................................... 7-43 Configuration CLI................................................................................................................... 7-48 Alarms CLI ............................................................................................................................. 7-50 Subsciber CLI ......................................................................................................................... 7-93

Monitoring CLI ........................................................................................................................ 7-94 Export to CLI .......................................................................................................................... 7-95

CHAPTER 8: TROUBLESHOOTING ....................................................................... 8-1 Troubleshooting Basics .............................................................................................................. 8-1

First Steps ................................................................................................................................. 8-1 Processes ................................................................................................................................... 8-1

NetXplorer Installation and Administration Guide v

Log Files ................................................................................................................................... 8-2 Snapshots .................................................................................................................................. 8-5 How to restore CFG (allot_cfg) database from the Snapshot-File ............................................ 8-6

Login Errors ............................................................................................................................... 8-7 Incorrect Java Version .............................................................................................................. 8-7 Lack of Connectivity ................................................................................................................ 8-7 Antivirus Conflict ..................................................................................................................... 8-8

Policy Saving Errors .................................................................................................................. 8-8 Data Display Errors ................................................................................................................. 8-10

Data Transmission .................................................................................................................. 8-11 Data Reception ........................................................................................................................ 8-11 Data Loss ................................................................................................................................ 8-12 Stress ....................................................................................................................................... 8-13

Add Device Errors .................................................................................................................... 8-14 NX-HAP Troubleshooting ....................................................................................................... 8-16

Synchronizing Each Node with an NTP Server ...................................................................... 8-16 Viewing Available Resources ................................................................................................. 8-16 Stopping Pacemaker/Heartbeat Service .................................................................................. 8-17

CHAPTER 9: APPENDICES ....................................................................................... 9-1 Appendix A Server Hardware Specifications ....................................................................... 9-1

NX (P/N SNX-SRV-GEN4) ..................................................................................................... 9-1 NX-HAP (P/N SNX-SRV-HAP-GEN4)................................................................................... 9-1 NX-HAP (DC) (P/N SNX-SRV-HAP-GEN4-DC) .................................................................. 9-2 STC (P/N STC-NX-GEN4-DC) ............................................................................................... 9-2 Enhanced STC (P/N STC-NX-ENH-GEN4) ............................................................................ 9-3 ASRA Server (P/N ASRA-SRV-GEN4-DC) ........................................................................... 9-3

Appendix B IBM DS Storage Manager ................................................................................. 9-4 Installing Storage Manager Client on NX Servers ................................................................... 9-4 Configuring Storage Manager to Send SNMP Traps from the Storage Device ....................... 9-9 Storage Battery Status ............................................................................................................. 9-10

Appendix B - Configuring NX to Work Behind an HTTP Proxy ........................................ 9-12 Appendix C - Events and Recommended Actions ................................................................. 9-14 Appendix D NX IP Address for UI Script ........................................................................... 9-22

Changing the NetXplorer IP Address ..................................................................................... 9-22 Selecting a NetXplorer IP Address for the GUI ..................................................................... 9-22 Running the Script .................................................................................................................. 9-23

Appendix E Communication Protocols ............................................................................... 9-24 Data Flow from NX Client to NX Server ............................................................................... 9-24 Data Flow from NX Server to NE/SG .................................................................................... 9-28 Data Flow from STC to NX Server and NE/SG ..................................................................... 9-31 Data Flow from SMP to NX Server and NE/SG .................................................................... 9-38 Data Flow to and from the Data Mediator .............................................................................. 9-47 Additional Protocols ............................................................................................................... 9-48 IMM Connection..................................................................................................................... 9-66

Appendix F: Using the IMM ................................................................................................... 9-68

NetXplorer Installation and Administration Guide vi

Monitors .................................................................................................................................. 9-69 Tasks ....................................................................................................................................... 9-70 IMM Control ........................................................................................................................... 9-70

Appendix G: NX Audit Log ..................................................................................................... 9-72 logrotate.conf Example ........................................................................................................... 9-73 Audit Log Example ................................................................................................................. 9-73

NetXplorer Installation and Administration Guide vii

FIGURES

Figure 1-1: System Architecture .................................................................................................. 1-5

Figure 2-1: Connecting Keyboard and Screen ............................................................................. 2-1

Figure 2-2: Connecting Management and IMM ........................................................................... 2-2

Figure 2-3: IMM "System Management" Port ............................................................................. 2-3

Figure 2-4: IMM System Status Screen ....................................................................................... 2-4

Figure 2-5: IMM Network Interfaces ........................................................................................... 2-5


Figure 2-7: Connecting Management and IMM ........................................................................... 2-6

Figure 2-8: CentOS UI ................................................................................................................. 2-7

Figure 2-9: Network Configuration dialog, Devices tab .............................................................. 2-7

Figure 2-10: Ethernet Device dialog box ..................................................................................... 2-8

Figure 2-11: Network Configuration dialog box, Hosts tab ......................................................... 2-9

Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog .................................... 2-9

Figure 2-13: Network Configuration dialog box, DNS tab ........................................................ 2-10

Figure 2-14: IMM "System Management" Port ......................................................................... 2-11

Figure 2-15: IMM System Status Screen ................................................................................... 2-12

Figure 2-16: IMM Network Interfaces ....................................................................................... 2-13

Figure 2-17: Open Network Configuration ................................................................................ 2-16

Figure 2-18: Select eth0.............................................................................................................. 2-17

Figure 2-19: Ethernet Device dialog box ................................................................................... 2-17

Figure 2-20: Network Configuration dialog box, Hosts tab ....................................................... 2-18

Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 2-18


Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab ............................. 2-20

Figure 2-24: Local Area Connection Properties ......................................................................... 2-25

Figure 2-25: Security Warning ................................................................................................... 2-27

Figure 2-26: NetXplorer InstallShield Wizard Welcome Window ............................................ 2-27

Figure 2-27: Choose Setup Type ................................................................................................ 2-28

NetXplorer Installation and Administration Guide viii

Figure 2-28: Choose Destination Location - Custom ................................................................. 2-28

Figure 2-29: Choose NTP configuration option - Custom ......................................................... 2-29

Figure 2-30: Choose Destination Location - Typical ................................................................. 2-29

Figure 2-31: Ready to Install the Program ................................................................................. 2-30

Figure 2-32: Setup Initializing.................................................................................................... 2-30

Figure 2-33: NetXplorer InstallShield Wizard Complete ........................................................... 2-30

Figure 2-34: NetXplorer Java Installation Screen ...................................................................... 2-33

Figure 2-35: NetXplorer Log On Window ................................................................................. 2-33

Figure 2-36: NetXplorer Application Server Registration Dialog ............................................. 2-35


Figure 2-38: Accounting Manager InstallShield Welcome Window ......................................... 2-40

Figure 2-39: Choose Destination Location ................................................................................. 2-41

Figure 2-40: Ready to Install Window ....................................................................................... 2-41

Figure 2-41: NetXplorer InstallShield Wizard Complete ........................................................... 2-42


Figure 2-43: NetPolicy Provisioner InstallShield Welcome Window ........................................ 2-48

Figure 2-44: Choose Destination Location ................................................................................. 2-48

Figure 2-45: NetXplorer IP Address Window ............................................................................ 2-48

Figure 2-46: Ready to Install Window ....................................................................................... 2-49

Figure 2-47: NPP InstallShield Wizard Complete ..................................................................... 2-49

Figure 2-48: Cable Connections for NX High Availability Platform (IBM M4 Hardware) ...... 2-52

Figure 2-49: Cables for NX HAP Connectivity ......................................................................... 2-52

Figure 2-50: Cable Connections for NX High Availability Platform (IBM X3550 M3 Hardware)

............................................................................................................................................ 2-54

Figure 2-51: Cables for NX HAP Connectivity ......................................................................... 2-54

Figure 2-52: Specifying NX-HAP IP for Receipt of SNMP Traps ............................................ 2-61

Figure 3-1: NetEnforcer Properties New Dialog ....................................................................... 3-2

Figure 3-2: NetEnforcer Properties Import Dialog .................................................................... 3-3

Figure 3-3: Monitoring Collector Properties New Dialog ......................................................... 3-4

NetXplorer Installation and Administration Guide ix

Figure 3-4: Monitoring Collector Properties New Dialog ......................................................... 3-5

Figure 3-5: Collector Group Properties New Dialog ................................................................. 3-5

Figure 3-6: SMP Properties New Dialog ................................................................................... 3-6

Figure 3-7: Device Properties Update dialog ............................................................................... 3-7

Figure 3-8: System Message ........................................................................................................ 3-8

Figure 3-9: NetEnforcer Configuration ........................................................................................ 3-9

Figure 3-10: User Authentication Configuration screen ............................................................ 3-11

Figure 3-11: User Editor ............................................................................................................. 3-12

Figure 3-12: User Authentication Configuration screen ............................................................ 3-14

Figure 3-13: Add External Authentication Entry dialog ............................................................ 3-15

Figure 3-14: Password Management dialog box ........................................................................ 3-16

Figure 4-1: Collector Front View (M4) .................................................................................... 4-1

Figure 4-2: Collector Rear View (M4) ...................................................................................... 4-1

Figure 4-3: Updating an Extended Collector ................................................................................ 4-4


Figure 4-5: Connecting the Collector Front View .................................................................... 4-7

Figure 4-6: Open Network Configuration .................................................................................... 4-8

Figure 4-7: Select eth0 ................................................................................................................. 4-9

Figure 4-8: Ethernet Device dialog box ....................................................................................... 4-9

Figure 4-9: Network Configuration dialog box, Hosts tab ......................................................... 4-10

Figure 4-10: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 4-10


Figure 4-12: Monitoring Collectors Properties dialog General tab ......................................... 4-12

Figure 4-13: NetEnforcer Properties dialog ............................................................................... 4-14

Figure 4-14: Monitoring Collector Properties - Update ............................................................. 4-15

Figure 4-15: Collector Group Properties New Dialog ............................................................. 4-15

Figure 4-16: Collector Configuration Window - Identification Tab .......................................... 4-16

Figure 4-17: SNMP Tab ............................................................................................................. 4-17

Figure 4-18: Date/Time Tab ....................................................................................................... 4-17

NetXplorer Installation and Administration Guide x

Figure 4-19: IP Properties Tab ................................................................................................... 4-18

Figure 4-20: Monitoring Collector Properties Update Dialog ................................................. 4-18

Figure 5-1: Network Configuration - NetAccounting .................................................................. 5-2

Figure 6-1: Length of time for which data is stored under different profiles ............................. 6-31

Figure 8-1: Database Logs............................................................................................................ 8-3

Figure 8-2: Key Database Logs .................................................................................................... 8-3

Figure 8-3: Application Server Logs ............................................................................................ 8-4

Figure 8-4: NMS.log Example ..................................................................................................... 8-4

Figure 8-5: Install Log .................................................................................................................. 8-5

Figure 8-6: Snapshot File ............................................................................................................. 8-5

Figure 8-7: Restore Policy and Catalogs Dialog .......................................................................... 8-9

Figure 8-8: Events Log ............................................................................................................... 8-11

Figure 8-9: Bucket Manifest ....................................................................................................... 8-12

Figure 8-10: Data Logs ............................................................................................................... 8-13

Figure 9-1: SNMP Traps Sent from Storage Controllers ............................................................. 9-4

Figure 9-2: Storage Manager Installation Wizard ........................................................................ 9-5

Figure 9-3: Select Installation Type ............................................................................................. 9-6

Figure 9-4: Select Addition Method ............................................................................................. 9-6

Figure 9-5: Devices Hierarchy Tree ............................................................................................. 9-7

Figure 9-6: Devices Tab Menu ..................................................................................................... 9-7

Figure 9-7: Configure Alerts ........................................................................................................ 9-9

Figure 9-8: Storage Manager Support Tab ................................................................................. 9-10

Figure 9-9: Battery Expired Message ......................................................................................... 9-11

Figure 9-10: Data Flow from Corporate to Admin Network ...................................................... 9-24

Figure 9-11: Connectivity Requirements from NX GUI to NX Server ...................................... 9-28

Figure 9-12: Data Flow from NX Server to NE/SG ................................................................... 9-28

Figure 9-13: Connectivity Requirements between NX and NE/SG ........................................... 9-31

Figure 9-14: Data Flow Between STC and NX/NE/SG ............................................................. 9-31

Figure 9-15: Communication Requirements between STC and NX/NE/SG .............................. 9-38

NetXplorer Installation and Administration Guide xi

Figure 9-16: Data Flow Between SMP and NX/NE/SG ............................................................ 9-38

Figure 9-17: Communications Requirements Between SMP and NX/NE/SG ........................... 9-47

Figure 9-18: Communications Requirements Between DM and NX ......................................... 9-48

Figure 9-19: Data Flow Between Additional Network Elements ............................................... 9-49

Figure 9-20: Communication Requirements Between Different Network Elements ................. 9-66

Figure 9-21: Communication Requirements for IMM (User Definable) ................................... 9-66

Figure 9-22: Communication Requirements for IMM (Fixed)................................................... 9-67

Figure 9-23: Connection to the IMM on the rear of the M4 Server ........................................... 9-68

Figure 9-24: Connection to the IMM on the rear of the M3 Server ........................................... 9-68

Figure 9-25: IMM Monitors, System Status Screen ................................................................... 9-69

Figure 9-26: IMM Control, System Status Screen ..................................................................... 9-71

NetXplorer Installation and Administration Guide 1-1

Chapter 1: Getting Started

Overview NetXplorer is a highly scalable Network Business Intelligence system that enables

strategic decision-making based on comprehensive network application and subscriber

traffic analysis.

NetXplorer configures NetEnforcer or Service Gateway devices and a central catalog,

which enables global policy provisioning. Many network topologies can benefit from

more than one NetEnforcer or Service Gateway. In addition, NetXplorer provides a

centralized management system for all NetEnforcers or Service Gateways on the

network. It provides easy access to devices and configuration parameters via the device

tree.

NetXplorer enables both real time monitoring for network troubleshooting and problem

analysis, as well as long term reporting for capacity planning, tracking usage and trend

analysis. It allows for the proactive management of traffic and system-wide alarms and

for the collection and export of auditing data for billing and quota purposes.

Terms and Concepts This section introduces some of the basic terms and concepts used in NetXplorer.

NetXplorer

NetXplorer is a highly scalable Network Business Intelligence system that centrally

manages the NetEnforcer and Service Gateway product line. It enables strategic

decision-making based on comprehensive network application and subscriber traffic

analysis.

The NetXplorer can be purchased from Allot as an Appliance which is comprised of the

hardware and server software pre-installed. The available configurations are:

Standalone Server: Allot part number: NX-SRV-GENX.

Highly Available platform: Allot part number: NX-SRV-HAP-GENX.

For performance and device support information concerning Appliances supplied by

Allot, see the Release Notes for your software version.

If nessacery, customers can install the NetXplorer server software on any server

hardware that meets Allots minimum specifications. For hardware specifications see Alternate Hardware on page 2-14.



NetEnforcer

The NetEnforcer is a broadband optimization device which collects traffic statistics

from the network and can implement quality of service per application and per

subscriber. Traffic statistics are collected in order to provide both real-time and long-

term data about the network. As well as collecting detailed information about the traffic

passing through, it, the NetEnforcer can also shape that traffic, applying quality of

service parameters which have been pre-defined by the user.

Service Gateway

The Service Gateway is a platform for enhancing service optimization and service

deployment. The Service Gateway provides an open, carrier-grade solution for

broadband service providers to manage multiple 10 or 1 Gigabit lines and deploy value

added services in one integrated platform. Application and subscriber information

within the Service gateway is identified for each traffic flow and subsequently the flow

is dispatched to an array of additional services and actions using a single DPI process.

Monitoring Collector

The Monitoring Collector (STC) is an Allot appliance that should be added between the

NetXplorer Servers and the NetEnforcers or Service Gateways in order to support large

numbers of NetEnforcers or Service Gateways or those installed in remote geographic

locations. One Monitoring Collector must be deployed for each Service Gateway in the

network.

QoS

QoS (Quality of Service) is the ability to define a level of performance in a data

communications system. In NetXplorer, QoS is an action applied to a connection when

the conditions of a filter are satisfied.

The QoS specified can include the following:

Prioritized Bandwidth: Delivers levels of service based on class levels. During peak traffic periods, the NetXplorer will slow down lower priority applications,

resulting in increased bandwidth delivery to higher priority applications.

Guaranteed Bandwidth: Enables the assignment of fixed minimum and maximum amounts of bandwidth to specific Pipes, Virtual Channels and

connections. By borrowing excess bandwidth when it is available, connections

are able to burst above guaranteed minimum limits, up to the maximum

guaranteed rate. Guaranteed rates also assure predictable service quality by

enabling time-critical applications to receive constant levels of service during

peak and non-peak traffic periods.



Reserved Bandwidth on Demand: Enables the reservation of the minimum bandwidth from the first packet of a connection until the connection ends. This is

useful when the bottleneck is not at the link governed by the NetEnforcer or

Service Gateway. By limiting other connections (non-guaranteed), the

NetEnforcer or Service Gateway reserves enough bandwidth for the required

Pipe or Virtual Channel.

TOS Marking: Enables the user to set the ToS bytes in the transmitted frame according to the DiffServ standard or free format.

Access Control: Determines whether a connection is accepted, dropped or rejected (Supported on AC-400 and AC-800 only). For example, you can specify

the following policy: accept 1000 ICMP connections to Server1 and drop the

rest. A NetEnforcer or Service Gateway policy can also be to drop all P2P

connections or accept new connections with a lower priority

Admission Control: Determines the bandwidth granted to a flow based on your demand (for example, allocated minimum of 10kbps) and the available

bandwidth on the line.

Catalog Editors

Catalog Editors enable you to define values to define your policy. The possible values

for each condition of a filter and for actions are defined in the Catalog entries in the

Catalog Editors. A Catalog Editor enables you to give a logical name to a

comprehensive set of parameters (a Catalog entry). This logical name then becomes a

possible value for a condition or action

Lines

A Line represents a physical or logical media in the system. A line provides a way of

classifying traffic that enables you to divide the total bandwidth and then manage every

Line as if it was an independent link. A Line consists of one or more sets of conditions

and a set of actions that apply when all of the conditions are met. A line is an address-

based or VLAN-based entity, and is not service-based.

A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point of

view. The filter of the Fallback Line cannot be modified or deleted. A connection

coming into the NetEnforcer or Service Gateway is matched to a Line according to

whether the characteristics of the connection match all of the Conditions of the Line.

The connection is then further matched to the Conditions of a Pipe under the Line. The

actions defined for the Line influence all the Pipes under the Line. The actions defined

for a Pipe are enforced together with the actions of the Line.

Pipes

A Pipe provides a way of classifying traffic that enables you to divide the total

bandwidth and then manage every Pipe as if it was an independent link. Pipes cannot

stand alone and are always contained within a Line. A Pipe consists of one or more sets

of conditions and a set of actions that apply when all of the conditions are met. A Pipe



can aggregate several Virtual Channels, acting like a container of Virtual Channels from

a QoS point of view.

When you add a new Pipe, it always includes at least one Virtual Channel, the Fallback

Virtual Channel. The Fallback Virtual Channel filter cannot be modified or deleted. A

connection coming into a line is matched to a Pipe according to whether the

characteristics of the connection match all of the Conditions of the Pipe. The connection

is then further matched to the Conditions of a Virtual Channel under the Pipe. The

actions defined for the Pipe influence all the Virtual Channels under the Pipe. The

actions defined for a Virtual Channel are enforced together with the actions of the Pipe.

Virtual Channels

A Virtual Channel provides a way of classifying traffic and consists of one or more sets

of Conditions and a set of actions that apply when all of the Conditions are met. A

Virtual Channel is defined within a Pipe and cannot stand alone. A connection matched

to a Pipe is further matched to a Virtual Channel according to whether the

characteristics of the connection match all of the Conditions of the Virtual Channel.

Conditions

A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorer

matches connections to conditions, first at the Line level then at Pipe level and then

again at the Virtual Channel level within a Pipe.

Templates

Templates enable you to create a "master" Pipe or Virtual Channel that upon saving will

create multiple Pipes or Virtual Channels similar to one another. Templates work with

host group entries defined in the Host Catalog. For example, if a host group entry in the

Host Catalog called Gold Customers consists of Company X, Company Y and

Company Z, you could define a Pipe template to be expanded for Gold Customers. This

would result in Pipes being created for Company X, Company Y and Company Z when

the Policy Editor is saved.

A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual

Channels on source/destination differentiation. This means that you do not need to

define similar Pipes and Virtual Channels when the only difference between them is the

IP address in the source or destination.

NetXplorer Architecture This section introduces the NetXplorer concept and explains its components and

architecture.

NetXplorer uses a highly scalable architecture that enables the monitoring of all

NetEnforcer or Service Gateway devices from a single user interface. In addition,

NetXplorer can utilize distributed monitoring collectors, which increase the scalability

of your deployment. The collectors gather short-term network usage statistics from the

NetEnforcers or Service Gateways.



NetXplorer's server-based, distributed architecture consists of four tiers: multiple

NetEnforcer or Service Gateways and associated distributed collectors, a NetXplorer

server and GUI clients.

Figure 1-1: System Architecture

NetXplorer architecture consists of four layers:

1. Real-time Service Layer: NetEnforcers or Service Gateways are the traffic management devices that inspect and monitor network traffic. There can be one

or more NetEnforcers or Service Gateways on a network. They manage network

policies and collect network usage data.

2. Collection Layer: Monitoring collectors increase scalability by supporting large numbers of NetEnforcers or Service Gateways or those installed in remote

geographic locations. Monitoring collectors are fully managed via the NetXplorer

GUI.

3. Application Layer: The NetXplorer server is the actual application, which includes the databases and an integrated data collector. The NetXplorer server

manages and communicates with the different clients that access the system, and

facilitates NetEnforcer or Service Gateway configuration, policy provisioning,

alarms, monitoring and reporting. The integrated data collector included in the

NetXplorer streamlines the required collection of data from the managed

NetEnforcer or Service Gateway devices. The Server layer includes additional

servers such as SMP Servers, NPP Servers and stand along Accounting Servers.

NOTE The NetXplorer Server should be installed behind a firewall for optimal security.

4. Interface Layer: The different clients connected to the NetXplorer Server are the NetXplorer GUI application users. Any network computer capable of

connecting to the NetXplorer server can support the GUI interface.



The system offers simple integration with external systems using a wide range of

interfaces, including SNMP, CSV Files (for report data export), XML and CLI.

Administration Role NetXplorer uses a role-based security model. The role defined for each authorized user

indicates the scope of operations that can be performed by that user. The Administrator

role gives Admin users complete read/write privileges in the NetXplorer application

including read/write configuration privileges.

The main functions of the Administrator role include:

User Registration

Device and Network Management

Monitoring Collectors Management

Database Maintenance

This document defines the main concepts and describes the various activities related to

the installation and configuration of NetEnforcer or Service Gateways and the

NetXplorer, Monitoring Collectors, as well as the main tasks associated with Database

Maintenance, such as backup and restore, changing location and installing the

NetXplorer on a remote data base.


Chapter 2: Installation

NetXplorer Server Installation

Allot Appliance Installation

NX-SRV is shipped to the customer as an Allot Appliance consisting of the hardware

with server software pre-installed on a CentOS operating system.

After unpacking the hardware, installation consists of 4 steps:

1. Connecting directly to the Server with a keyboard and monitor

2. Changing the IP address of the server

3. Changing the IP address in the NetXplorer application server

4. Configuring the IMM Settings

M4 Server (CentOS v6.x)

Connecting to NX-SRV

Connect a keyboard and monitor to the front panel of the NX-SRV as shown below.

Figure 2-1: Connecting Keyboard and Screen

Connect the management and IMM links to the rear panel of the NX-SRV as follows:



Figure 2-2: Connecting Management and IMM

1. Each NX server is connected to the management network via eth2 and may be connected to an optional second

management network for redundancy purposes via eth3.

2. Each NetXplorer server can be directly managed from the IMM port by connecting this port to an external switch with

an additional ethernet management cable.

NOTE Following installation you must make sure you have the most recent Protocol Pack installed. For information on installing Protocol Packs see the NetXplorer Operation Guide.

Changing the IP Address (CentOS 6.x)

Follow the procedure below to change the IP address from the factory default

(11.11.11.1) to your required address.

To change the address

1. Insert the Allot Disk-On Key.

2. Copy the netwconf.sh script to the root directory of the server, run it using the following command and enter the

appropriate network information when prompted:

/root/netwconf.sh

Output Example [root@localhost ~]# /root/netwconf.sh

Please type the IP ADDRESS [ 11.11.11.11 ]

10.4.3.65

Please type NETMASK [ 255.255.0.0 ]

Please type the GATEWAY [ 11.11.0.1 ]

10.4.0.1

Please type hostname [ localhost ]

Server1

Please type domain name [ ]

mydomain.com

Please type ip address of DNS [ 198.168.254.2 ]

8.8.8.8



Please check the values entered

The host: Server1 10.4.3.65

NETMASK: 255.255.0.0, DOMAIN: mydomain.com

GATEWAY: 10.4.0.1

DNS: 8.8.8.8

Continue with these values (y/n) [y]?

Y

Please type ip address of additional DNS or press Enter to

continue:

8.8.4.4


continue:

194.90.1.5


continue:

Restarting network service...

Done.

3. Reboot the server.

Changing the IP Address (NetXplorer)

In order to change the IP address on the NetXplorer application server, from the default

11.11.11.1, you will need to run the set_nx_ip4ui.sh script. For full instructions, refer

to Appendix D NX IP Address for UI Script below.

Configuring IMM Network Settings

The default details of the IMM are as follows:

Default IP: 192.168.70.125

Default User Name: USERID

Default Password: PASSW0RD (where the 0 is not o but zero)

To configure the network settings of the Integrated Management Module, follow the

steps below:

1. Connect directly from a laptop to the IMM interface on the rear of the NX-SRV. The interface is labeled SYSTEM MGMT as shown below:

Figure 2-3: IMM "System Management" Port



2. Open a web browser. In the address field, type, type the IP address or host name of the IMM to which you want to connect.

NOTE If you are logging in to the IMM for the first time after installation, it uses the default static IP address 192.168.70.125. You can obtain the the static IP address from the server BIOS or from your network administrator.

3. Enter User ID and Password

4. You will be prompted to specify an inactive session timeout value. Choose a value from the dropdown list and click on Continue.

5. You will see the IMM User Interface, with the default System Status in view, as seen in below

Figure 2-4: IMM System Status Screen

6. Select Network Interfaces from the system tree on the left side of the screen.

7. In the Ethernet section, make sure that interface is enabled, and IPv6 DHCP is disabled. In addition, DDNS status should be set to

Disabled and Domain Name Used should be set to manual.

8. In the IPv4 section, make sure that the DHCP field is set to: Disabled Use Static IP configuration. Assign an IP, mask and default gateway as seen above and click Save. You can now access the IMM remotely using these network

settings.



Figure 2-5: IMM Network Interfaces

NOTE The IBM Advanced Settings Utility (ASU) enables you to remotely modify IMM firmware settings from the command line of the operating system. On Allot NetXplorer appliances which are shipped to the customer (NX-SRV and NX-HAP), the ASU software will be pre-installed. However, when you are installing NetXplorer software on your own hardware, you should also install the appropriate ASU software package. The package can be downloaded from the IBM website here:

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU

M3 Server (CentOS v5.x)

Connecting to NX-SRV

Connect a keyboard and monitor to the front panel of the NX-SRV as shown in Figure

2-6 below.



Figure 2-6: Connecting Keyboard and Screen

Connect the management and IMM links to the rear panel of the NX-SRV as follows:

Figure 2-7: Connecting Management and IMM

1. Each NX server is connected to the management network via Port 1 and may be connected to an optional second

management network for redundancy purposes via Port 2.

2. Each NetXplorer server can be directly managed from the IMM port by connecting this port to an external switch with

an additional ethernet management cable.


Changing the IP Address (CentOS)



After connecting directly to the NX-SRV, you will see the CentOS User interface.

Enter root for the login and bagabu for the password. Follow the procedure below to

change the IP address from the factory default (11.11.11.1) to your required address.

To change the address

3. From the system menu, select Administration > Network as shown in Figure 2-8 below:

Figure 2-8: CentOS UI

The Network Configuration dialog will appear.

Figure 2-9: Network Configuration dialog, Devices tab



4. Open the Devices tab and double click on the appropriate network card.

The Ethernet Device dialog appears.

Figure 2-10: Ethernet Device dialog box

5. In the General tab set the IP address, Subnet mask and Default Gateway in the Statically set IP addresses section.

NOTE The Default Gateway MUST be set during the initial configuration.



6. Click OK to save and return to the Network Configuration dialog.

Figure 2-11: Network Configuration dialog box, Hosts tab

7. Open the Hosts tab and click Add to create a new Host.

The Add/Edit Hosts dialog appears.

Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog



8. Enter the IP Address, Host name and Alias for the new host and click OK to return to the Network Configuration dialog.

The new host will appear in the Hosts tab. To edit an

existing Host, click the Edit button.

Figure 2-13: Network Configuration dialog box, DNS tab

9. Open the DNS tab and enter the Host name and DNS IP addresses.

NOTE The Hostname entered in the DNS tab must be the same as was added in the Hosts tab.

10. Select Save from the File menu to save all changes.

Changing the IP Address (NetXplorer)

In order to change the IP address on the NetXplorer application server, from the default

11.11.11.1, you will need to run the set_nx_ip4ui.sh script. For full instructions, refer

to Appendix D NX IP Address for UI Script below.

Configuring IMM Network Settings

The default details of the IMM are as follows:

Default IP: 192.168.70.125

Default User Name: USERID

Default Password: PASSW0RD (where the 0 is not o but zero)



To configure the network settings of the Integrated Management Module, follow the

steps below:

9. Connect directly from a laptop to the IMM interface on the rear of the NX-SRV. The interface is labeled SYSTEM MGMT as shown below:

Figure 2-14: IMM "System Management" Port

10. Open a web browser. In the address field, type, type the IP address or host name of the IMM to which you want to connect.

NOTE If you are logging in to the IMM for the first time after installation, it uses the default static IP address 192.168.70.125. You can obtain the the static IP address from the server BIOS or from your network administrator.

11. Enter User ID and Password

12. You will be prompted to specify an inactive session timeout value. Choose a value from the dropdown list and click on Continue.

13. You will see the IMM User Interface, with the default System Status in view, as seen in below



Figure 2-15: IMM System Status Screen

14. Select Network Interfaces from the system tree on the left side of the screen.

15. In the Ethernet section, make sure that interface is enabled, and IPv6 DHCP is disabled. In addition, DDNS status should be set to

Disabled and Domain Name Used should be set to manual.

16. In the IPv4 section, make sure that the DHCP field is set to: Disabled Use Static IP configuration. Assign an IP, mask and default gateway as seen above and click Save. You can now access the IMM remotely using these network

settings.



Figure 2-16: IMM Network Interfaces

NOTE The IBM Advanced Settings Utility (ASU) enables you to remotely modify IMM firmware settings from the command line of the operating system. On Allot NetXplorer appliances which are shipped to the customer (NX-SRV and NX-HAP), the ASU software will be pre-installed. However, when you are installing NetXplorer software on your own hardware, you should also install the appropriate ASU software package. The package can be downloaded from the IBM website here:

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU



Alternate Hardware

If necessary, it is possible to install NetXplorer Server software on hardware that is not

provided by Allot, assuming that the server used meets the requirements defined below.

Linux Installation

Installation Prerequisites

This section describes the minimum hardware and software requirements for installing

NetXplorer on a Linux Server that is not provided by Allot.

Server Hardware Requirements

Minimum Specifications

Intel Xeon, 4 core, 2.0 GHz or equivilent

6 GB RAM DDR Dual channel

RAID (0 or 10) Controller with 256MB Battery Backed Write Cache (BBWC)

600GB HDD 10k RPM or larger (capacity depends on overall storage needs)

CentOS Linux 5.8 or 6.4 64-bit x86 (Recommended)

OR

Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86

Recommended Specifications





CentOS Linux 5.8 or 6.4 64-bit x86 (Recommended)

OR

Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86

NOTE For sizing and performance information, see the relevant NMS Software Release Notes.

Software Requirements

Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer server or

the Allot folder needs to be excluded from protection/defragmentation.



No other database applications (for example, SQL database) should be installed on the NetXplorer server machine.

No application should be listening to port 80 at the time of the installation.

FQDN of the server should be defined (to check run hostname -f).



Installing the Operating System

CentOS 5.8

1. Confirm all the hardware and software requirements.

2. Confirm that there is at least 20GB of free space on the /opt directory.

3. Install CentOS v5.8 according to instructions provided by CentOS.

4. During the install process, select the Customize Now radio button during software selection and add the following

two packages:

net-snmp-utils from the System Tools group

xorg-x11-server-Xvfb from the X Window system group

Figure 2-17: Open Network Configuration

5. Once the OS is installed and rebooted, select Administration > Network from the System menu as shown above.



Figure 2-18: Select eth0

6. Open the Devices tab and double click on the appropriate network card.

The Ethernet Device dialog appears.

Figure 2-19: Ethernet Device dialog box



7. In the General tab set the IP address, Subnet mask and Default Gateway in the Statically set IP addresses section.

NOTE The Default Gateway MUST be set during the initial configuration.

8. Click OK to save and return to the Network Configuration dialog.

Figure 2-20: Network Configuration dialog box, Hosts tab

9. Open the Hosts tab and click Add to create a new Host.

The Add/Edit Hosts dialog appears.

Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog



10. Enter the IP Address, Host name and Alias for the new host and click OK to return to the Network Configuration dialog.

The new host will appear in the Hosts tab. To edit an

existing Host, click the Edit button.

Figure 2-22: Network Configuration dialog box, DNS tab

11. Open the DNS tab and enter the Host name and DNS IP addresses.

NOTE The Hostname entered in the DNS tab must be the same as was added in the Hosts tab.



12. Select Save from the File menu to save all changes.

13. From the system menu, select Administration > Security Level and Firewall to display the Security Level

Configuration dialog box. Open the SELinux tab and in the

SELinux Setting select Disabled, and then click OK.

14. From the system menu, select Administration > Date & Time and confirm the Time Zone is correct then open the

Network Time Protocol tab and select an NTP server. Be

sure to enable synchronization.

Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab



15. Set the Config ntp service to start when the unit is rebooted by entering the following command:

chkconfig --levels 35 ntpd on


CentOS 6.4

1. Confirm all the hardware and software requirements.

2. Confirm that there is at least 20GB of free space on the /opt directory.

3. Install CentOS v6.4 according to instructions provided by CentOS.

4. Insert the Allot Disk-On Key.

5. Copy the netwconf.sh script to the root directory of the server, run it using the following command and enter the

appropriate network information when prompted:

/root/netwconf.sh

Output Example [root@localhost ~]# /root/netwconf.sh

Please type the IP ADDRESS [ 11.11.11.11 ]

10.4.3.65

Please type NETMASK [ 255.255.0.0 ]

Please type the GATEWAY [ 11.11.0.1 ]

10.4.0.1

Please type hostname [ localhost ]

Server1

Please type domain name [ ]

mydomain.com

Please type ip address of DNS [ 198.168.254.2 ]

8.8.8.8

Please check the values entered

The host: Server1 10.4.3.65

NETMASK: 255.255.0.0, DOMAIN: mydomain.com

GATEWAY: 10.4.0.1

DNS: 8.8.8.8

Continue with these values (y/n) [y]?

Y


continue:

8.8.4.4


continue:

194.90.1.5


continue:

Restarting network service...

Done.




Installing NetXplorer

1. Install rsyslog as follows:

Locate the following package in the Installation/PACKAGES directory in the NetXplorer installation CD:

rsyslog-3.22.1-3.el5.x86_64.rpm

Run the following command to install the rsyslog package: rpm -ivh rsyslog-3.22.1-3.el5.x86_64.rpm

2. Set the Config ntp service to start when the unit is rebooted by entering the following command:


3. Download Allot_nx_.tgz and Allot_nx.sh from the Allot ftp site.

4. Copy Allot_nx_.tgz and Allot_nx.sh to the local directory on the server.

5. Run the following command: chmod +x Allot_nx.sh

6. Run the following command: ./Allot_nx.sh -i

7. Configure the rsyslog Audit Log by running the following script:

/opt/allot/bin/nx_rsyslog_cfg.sh To enable the rsyslog Audit Log, run the following

commands:

/opt/allot/bin/nx_auditlog.sh on

service netxplorer restart

To disable the rsyslog Audit Log, run the following commands:

/opt/allot/bin/nx_auditlog.sh off

service netxplorer restart

8. Configure the NTP service to start on system start by entering the following command:




9. Manually edit the /etc/hosts files as follows: 127.0.0.1 localhost.localdomain localhost

10.50.18.1 NX1-lin.allot.local NX1-lin

10. Verify that the maximum number of files that can be open is set to 8192. This is done from the /etc/security/limits.conf

file. Run vi /etc/security/limits.conf . The descriptor limits

must be set according to following pattern:

soft nofile 8192

hard nofile 8192

11. For the changes in 6 and 7 above to take effect, the server must be rebooted. Reboot the machine. Confirm that NTP

and NetXplorer services are running.

12. To start/stop/check the status of the services use commands such as:

service ntpd start

service netxplorer stop

service netxplorer status


Uninstalling NetXplorer

1. Run the following command: ./Allot_nx.sh -r

Windows Installation

Installation Prerequisites

This section describes the minimum hardware and software requirements for installing

NetXplorer on a Windows Server.

Server Hardware Requirements

Minimum Specifications







Windows Server 2008 SP2 Standard and Enterprise editions 64 bit (Recommended)

OR

Windows Server 2003 Standard or Enterprise Editions 64 bit

Recommended Specifications





Windows Server 2008 SP2 Standard and Enterprise editions 64 bit (Recommended)

OR

Windows Server 2003 Standard or Enterprise Editions 64 bit

NOTE For sizing and performance information, see the relevant NMS Software Release Notes.




Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer server or


Java JDK 7 should be installed on the Server machine. For details on how to install the Java JDK see Installing Java JDK 7 on page 2-26.

No other database applications (for example, SQL database) should be installed on the NetXplorer server machine.


On Windows Server 2008, IPv6 should be disabled by going to Control Panel > Network and Sharing Center > Manage Network Connections > Local Area

Connection Properties. Uncheck the Internet Protocol Version 6 checkbox to

disable the service.

Figure 2-24: Local Area Connection Properties

Pre-Installation Checklist

Before you begin the installation process, it is important that you perform the following

steps.

1. Verify that the minimum required space is available on the hard disk.

2. Verify that there is at least 4 GB of available Virtual Memory.

NOTE Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.



3. Verify that Java JDK 7 is installed, including runtime environment. If it is not installed, install it now, as described

below.

Installing Java JDK 7

The Java JDK 7, including the run time environment, must be installed before you can

install NetXplorer.

To install the Java JDK:

1. Browse to and run the jdk-7u2-windows-i586-p.exe file on the installation CD. The Security

Warning is displayed.

2. Click Run. The License Agreement is displayed.

3. Read the license agreement and select I accept the terms to indicate your agreement, and then click Next. The Custom Setup dialog is displayed.

4. Click Next to accept the default installation location,

OR

Click Change to browse and select an alternate installation location, and

then click Next.

NOTE The necessary program features are selected by default. You do not need to change these default settings.

The Browser Registration dialog is displayed.

5. Verify that Microsoft Internet Explorer is selected and click Install. The Installing Java JDK dialog is displayed. The

progress bar indicates the status of the installation process.

6. When the installation process is done, the Complete window is displayed.

7. Click Finish.

Installation Instructions

After you have performed the pre-installation checks and have verified that the Java

JDK is installed, you are ready to install NetXplorer.



To install NetXplorer:

1. Run the setup.exe file on the installation CD or from a net-mounted disk.

NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.

2. The following dialog is displayed.

Figure 2-25: Security Warning

3. Click Run. The following window is displayed.

Figure 2-26: NetXplorer InstallShield Wizard Welcome Window



4. Click Next to continue.

5. The NetXplorer License Agreement is displayed.

6. Click Next to continue

7. Read the license agreement and select I accept the term to indicate your agreement, and then click Next. The

Choose Setup Type dialog is displayed.

Figure 2-27: Choose Setup Type

8. To install all program components in a single location, select Typical and click Next. Then skip ahead to step 10.

OR

To install each component in a different location, select Custom and click

Next.

NOTE Allot strongly recommends using the Custom installation option.

9. If you selected Custom in step 5, the following dialogs are displayed.

Figure 2-28: Choose Destination Location - Custom



10. Accept the default destination locations or browse and select an alternate location for one or more of the components, and

then click Next. The Choose NTP configuration option

dialog is displayed.

NOTE If alternate locations are chosen for one or more components, they must be in a subdirectory on one of the root directories (like C:\Allot or D:\Allot) and not on the root directory itself (C:\ or D:\).

NOTE It is recommended that the system files and the different monitoring files be installed on different physical drives in order to improve overall performance.

Figure 2-29: Choose NTP configuration option - Custom

11. Select either the Use local clock or the Use External NTP server radio button. If you select an external NTP server,

enter the servers IP address in the field provided. Click Next.

NOTE Allot strongly recommends using an external NTP server.

12. If you selected Typical in step 5 the following dialog is displayed.

Figure 2-30: Choose Destination Location - Typical



13. Accept the default destination location or browse and select an alternate location, and then click Next.

Figure 2-31: Ready to Install the Program

14. Click Install to begin the installation. The Setup Status dialog is displayed.

After a few moments the following popup is displayed.

Figure 2-32: Setup Initializing

NOTE The installation may take up to 30 minutes to complete.

15. When the installation is complete the following dialog is displayed.

Figure 2-33: NetXplorer InstallShield Wizard Complete




NetXplorer Client Installation

Java, WebStart and the NetXplorer Client

NetXplorer works with a technology known as WebStart from Sun Microsystems.

WebStart enables you to run the NetXplorer Client software by simply double-clicking

an icon on your computers desktop. This mode of operation is more convenient than having to access the NetXplorer Client through an Internet browser.

Hardware Requirements

It is recommended that the NetXplorer Client be installed on a machine with the

following minimum specifications:

Pentium 4

512MB RAM

Windows XP/Microsoft Internet Explorer

NOTE: History logs will be kept on the client and can consume up to 150M


NetXplorer Client software should be installed on a machine running Windows XP Professional (or later) and Microsoft Internet Explorer.

Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer client or


Java JRE 7.0 should be installed on the client machine. For details on how to install the Java JRE see Installing Java 7.0 JRE below.

NOTE If the machine on which you are installing NX Client is running a 64 bit OS (x64), the Java installation must also be 64 bit. If the machine is running a 32 bit OS (x86), then the Java version must be 32 bit.


Firewall Settings

In some networks, workstations running the NetXplorer Client can be separated from

the NetXplorer server by a firewall for security reasons. In order to allow the client to

communicate with the NetXplorer server the following ports should be opened in the

Firewall:

TCP/80 HTTP

TCP/3873 Catalog Interaction with the Server

TCP/443 SSL



TCP/1098 The RMI service bind address

TCP/1099 JNP server bind address

TCP/4446 RMI Object ports

TCP/4457 Alarms

TCP/50010 Alarms

Likewise, a firewall could be situated between the NetXplorer and the In-Line Platform.

To enable the communication between the NetXplorer and the In-line platform the

following ports in the Firewall should be opened:

TCP/80 HTTP

TCP/443 SSL

UDP/161 SNMP

UDP/162 SNMP Trap

UDP/123 NTP

TCP/123 NTP

Installing Java 7.0 JRE

The Java 7.0 JRE must be installed on your computer as a prerequisite to working with

the NetXplorer User Interface.

To install Java 7.0 JRE:

1. Open your Internet browser, and access http:// The following window is displayed.



Figure 2-34: NetXplorer Java Installation Screen

2. Click the Install Java JRE First link if you do not have Java 7.0 JRE installed on your computer.

Clicking the link will allow you to choose an appropriate

version of the JRE.

3. Click on the appropriate link and follow the on-screen instructions to install the Java 6.0 JRE on your computer.

Initializing WebStart

1. With the Java 7.0 JRE installed, access http://



Under tasks/java, look for the args option, and set it as shown below, inserting the fqdn

hostname in the relevant place.

-Djava .rmi.server.hostname= -Dremoting.bind_by_host=true

If the NetXplorer Server is running on a Linux machine then you must also change the

hostname to netxplorer instead of the fqnd (netxplorer.example.com) in the following

file on the server: /etc/sysconfig/network

The file should appear as follows: cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=yes HOSTNAME=netxplorer

Once the file has been changed, restart the Network service and the NetXplorer server

service.

Accessing NetXplorer

Once you have completed the initial setup, as described above, you can access the

NetXplorer via your Web browser. The first time that you connect to NetXplorer, you

may be prompted to install Java plug-in 6.0. Refer to Installing Java 7.0 JRE below, for

further information.

To connect to NetXplorer:

1. In Internet Explorer, browse to http: and select Launch NetXplorer in the NetXplorer Control

Panel.

OR

Double click the shortcut icon on the desktop or in the systems Start menu.

2. The Java Application Starting window is displayed.

3. The NetXplorer Log On dialog is displayed.

4. In the User Name field, enter admin and in the Password field, enter allot or the password that was established at set

up. This is the default user name and password. They may

be different if you changed them during the initial

configuration.

5. Click Log On. The NetXplorer GUI is displayed.

NOTE It may take a few moments for the NetXplorer GUI to load.



Enabling NetXplorer Servers

In order to manage more than one NetEnforcer or Service Gateway as well as certain

features using NetXplorer, NetXplorer Server must be enabled by entering the

appropriate key. This key may be entered at installation or at any time following. For

more information concerning the NetXplorer Server contact Allot Customer Support at

[email protected].

To enable NetXplorer Server:

1. Select Tools > NetXplorer Application Server Registration from the NetXplorer Menu bar.

The NetXplorer Application Server Registration dialog box

appears.

Figure 2-36: NetXplorer Application Server Registration Dialog

2. Enter the Activation Key and Serial Number provided by Allot to enable the NetXplorer Server functionality.

NOTE: The serial number is the box number of the product you used to generate the key.

For managing a single unit, it will be the box number of the NE/SG.

For managing multiple units, it will be the box number of the SNX (starts with 44X)



3. A Key Version, Marketing Version and Expiration Date will be generated automatically after clicking Save.

4. The number of devices supported by the key is indicated.

5. If Policy Provisioning is enabled by the key that has been entered, it will be indicated (along with the maximum

number of accounts) after NPP. For more information, see

the NPP User Guide.

6. If Classification of Hosts by Country is enabled by the key that has been entered, it will be indicated after Country

Classification Subscription.

7. If Accounting information is enabled by the key that has been entered, it will be indicated after Net Accounting.

8. If Service Catalog updates via the web are enabled by the key that has been entered, it will be indicated after APU.

Date post:	04-Sep-2015
Category:	Documents
Upload:	nictjir
View:	289 times
Download:	46 times

Allot NX Installation and Admin Guide R13 (13.4)

Documents