Date post: | 26-May-2015 |
Category: |
Documents |
Upload: | sandra4211 |
View: | 981 times |
Download: | 3 times |
Page 1 of 20
3Com Open Network™ Solutions Lab Application Notes
Application Notes for AdventNet ManageEngine® Firewall Analyzer version 5.0 – Build 5000 and 3Com® X5 Unified Security Platform TOS software version 3.0.0.2094 Version: 1.2 Date: March 27th, 2008 Authors: Saravanakumar (AdventNet Inc.) and Joe Santos
(3Com Corporation) Abstract: These application notes describe the configuration
procedure required to allow testing of ManageEngine® Firewall Analyzer version 5.0 – Build 5000 with 3Com® X5 Unified Security Platform TOS software version 3.0.0.2094.
Firewall Analyzer is a web based, agent-less, firewall
log analysis and reporting software that monitors, collects, analyzes, archives, and generates reports on enterprise-wide Firewall, VPN, IDS, and Proxy servers.
Page 2 of 20
3Com Open Network™ Solutions Lab Application Notes
Table of Contents
Revision History ....................................................................................................3 References ...........................................................................................................3 Objective...............................................................................................................4 AdventNet Company and Product Details.............................................................4
AdventNet Overview..........................................................................................6 Configuration Technical Details ............................................................................6
How it Works .....................................................................................................6 Hardware Revisions..............................................................................................7 Software Revisions ...............................................................................................8 Installation Overview.............................................................................................9 Network Topology ...............................................................................................10 Configuration Details...........................................................................................12
X5 Configuration steps: ...................................................................................12 AdventNet Configuration Details .....................................................................17
Verification Tests ................................................................................................18 Product Support ..................................................................................................19
3COM product support: ...................................................................................19 AdventNet Product Support:............................................................................19
Conclusion ..........................................................................................................20
Page 3 of 20
3Com Open Network™ Solutions Lab Application Notes
Revision History Revision Date Author Reason for change
1.0 04/20/2007 Saravanakumar Initial Version
1.1 04/24/2008 Joe Santos Initial Reviewed
1.2 04/27/2008 Joe Santos Final Review
References Date Document Name Revision Company
Page 4 of 20
3Com Open Network™ Solutions Lab Application Notes
Objective To outline the configuration procedures required to test ManageEngine® Firewall Analyzer version 5.0 – Build 5000 with 3Com® X5 Unified Security Platform TOS software version 3.0.0.2094.
AdventNet Company and Product Details
• Technical Summary http://www.fwanalyzer.com
• Datasheet http://manageengine.adventnet.com/products/firewall/firewall_analyzer.pdf
• Features, Functions, and Benefits http://www.fwanalyzer.com
Page 5 of 20
3Com Open Network™ Solutions Lab Application Notes
Page 6 of 20
3Com Open Network™ Solutions Lab Application Notes
AdventNet Overview Enabling Management Your Way™ Founded in 1996, AdventNet is a software company with a broad portfolio of elegantly designed, affordable products and web services. AdventNet offerings span a spectrum of vertical areas, including network & systems management (ManageEngine.com), security (SecureCentral.com), collaboration, CRM & office productivity applications (Zoho.com), database search and migration (SQLOne.com), and test automation tools (QEngine.com). AdventNet has a large and rapidly growing global customers base, and has presence in all the major markets. The company is based in Pleasanton, California with offices worldwide. Visit us at www.adventnet.com
Configuration Technical Details ManageEngine Firewall Analyzer is a web based, agent-less, firewall log analysis and reporting software that monitors, collects, analyses, archives, and generates reports on enterprise-wide Firewall's, VPN's, IDS, and Proxy servers (see supported devices). Firewall Analyzer will help network security administrators & MSSP (Managed Security Service Providers) to monitor bandwidth usage, detect intrusions & anomaly behaviors, audit traffic, and monitor employee web usage activities efficiently.
How it Works 3Com devices are be configured to send syslog to the Firewall Analyzer server installed machine. Firewall Analyzer has an in-built syslog server that listens for syslog packets at port 514 and 1514. After receiving the syslog, it normalizes, aggregates and displays reports on various parameters such as traffic, rule, attack and denied requests.
Page 7 of 20
3Com Open Network™ Solutions Lab Application Notes
Hardware Revisions The minimum hardware requirements for installing and working with Firewall Analyzer are given below.
• 1GHz Pentium 4 processor or equivalent • 512 MB of RAM* • 1 GB of disk space* • Monitor that supports 1024x768 resolution
Log Volume RAM Harddisc required per month to store
Archived logs 50/sec or 1.5 GB per day 512 MB 30 GB 100/sec or 3 GB per day 1 GB 90 GB 300/sec or 9 GB per day 2 GB 270 GB 500/sec 15 GB per day 2 GB 450 GB 1000/sec 30 GB per day 3 GB 900 GB 2000/sec 60 GB per day 4 GB 1.8 TB
• Dedicated machine has to be allocated to process more than 200 logs second.
• Number of firewalls is having some effect on the above RAM values. So it is better to have RAM value higher than the suggested value in case of having >10 firewalls.
• Dual core processors are needed to process > 500 logs second. • Quadra processors are needed to process 2000 logs second. • Firewall Analyzer server and Mysql can be installed in separate machines
in case of higher log rate with lower cpu machines. • Above Hard disc is required per month, you need to multiply with the
number of months based on your requirement.
Page 8 of 20
3Com Open Network™ Solutions Lab Application Notes
Software Revisions AdventNet http://manageengine.adventnet.com/products/firewall/download.html 3Com http://www.3com.com/products/en_US/result.jsp?selected=6&sort=effdt&sku=3CRTPX5-25-96&order=desc
Page 9 of 20
3Com Open Network™ Solutions Lab Application Notes
Installation Overview For Windows:
• Download FirewallAnalyzer.exe and double click to install the build. Follow the simple instructions to install the build.
• Select the directory at which it has to be installed, check the service box if you want it to be installed as Windows services.
For Linux:
• Download FirewallAnalyzer.bin and save. • Execute chmod a+x FirewallAnalyzer.bin to give executable
permission. • Execute ./FirewallAnalyzer.bin to start installation UI.
Page 10 of 20
3Com Open Network™ Solutions Lab Application Notes
Network Topology Topology #1
Topology #2
Page 11 of 20
3Com Open Network™ Solutions Lab Application Notes
Topology #3
Topology #4
Page 12 of 20
3Com Open Network™ Solutions Lab Application Notes
Configuration Details The following configuration details represent the configuration under test.
X5 Configuration steps: High Level Configuration Steps
1. Enable remote syslog on the X-Family device, and configure it with the information required to communicate with the AdventNet Server(s).
2. Install the AdventNet Server and start it running. 3. Open a web browser on a PC and login to the AdventNet Server to see
the current status of the Firewall Analyzer server. 4. Wait for a while for the AdventNet server to gather enough data to create
meaningful statistical reports. X5 Remote SysLog Configuration To ensure that all the relevant syslog traffic is sent to the AdventNet Server, the X-family device needs configuration on several pages of the LSM.
1. Open a SHTTP session and browse to the X5 Web interface. 2. Login and navigate to “System> Configuration> Syslog Servers. 3. Configure all four logs to be sent to the AdventNet Server address.
4. Click “Apply”.
Page 13 of 20
3Com Open Network™ Solutions Lab Application Notes
5. Navigate to IPS> Action Sets> NotificationContacts> Remote System Log and complete the forma as shown below.
6. Click “Add to table below”.
7. click “Apply” 8. Navigate to “Firewall> Firewall Rules“and click “Create Firewall Rule”.
Complete the form as shown below.
Page 14 of 20
3Com Open Network™ Solutions Lab Application Notes
Note that later versions of TOS do not have separate checkboxes for Enable local logging and Enable syslog logging – they just have a checkbox for Enable logging which enables both.
Page 15 of 20
3Com Open Network™ Solutions Lab Application Notes
9. Click “Create”. A new rule will be created at the bottom of the table, 10. Click “Create Firewall Rule”. Complete the form as shown below.
11. click “Create”. A new rule will be created at the bottom of the table. Please note that these last two rules must remain the last two rules in the Firewall Rule table. They replace two implicit “hidden” rules that are always present but do not support logging.
12. Click the pencil icon next to the first rule in the Firewall Rule table. This will open the rule for edit, as in the example below.
Page 16 of 20
3Com Open Network™ Solutions Lab Application Notes
13. Click the “Enable syslog logging” checkbox as shown, then click “Save”. 14. Repeat steps 12 and 13 for every Firewall Rule until syslog logging is
enable on all of them.
Page 17 of 20
3Com Open Network™ Solutions Lab Application Notes
AdventNet Configuration Details Nothing needs to be configured. Product has to be started through following steps.
• If you have installed Firewall Analyzer as Service, start that service, Firewall Analyzer client would be opened in the browsers.
• If you have not installed as service, click Start --> Programs ---> ME Firewall Analyzer --> Firewall Analyzer. Or execute <FWAHome>/bin/run.bat to start Firewall Analyzer server.
• In linux execute <FWAHome>/bin/run.sh to start Firewall Analyzer server or if you have installed as a service start firewallanalyzer service.
Automatic Discovery of 3Com device:
• Start sending syslog to Firewall Analyzer machine. • Firewall Analyzer should recognize these packets and should generate
initial reports. • Check the packet count icon in the top right corner of Firewall Analyzer UI
to verify Firewall Analyzer is able to receive packets.
Traffic Reports:
• Go to Settings --> Intranet Settings to set the LAN network range. • Select Traffic Reports in the left side tree and see IPAddress, Sent,
Received values are populated correctly. • Check drilling down of the above reports. • Check Inbound/Outbound reports, Intranet and Internet reports to verity
whether they are showing correct IPAddress and bytes values. Rules Reports:
• Rules reports should be populated correctly with appropriate rule name. VPN Reports:
• VPN users with their attempts should be shown correctly. Security Reports:
• Whenever there are denied/dropped connections, these reports should be populated. Also higher severity Events should also be populated here.
Page 18 of 20
3Com Open Network™ Solutions Lab Application Notes
Attack Reports:
• Attacks identified by 3Com devices should be listed here. Check Top Attackers and drilldown details of those reports.
Live Reports:
• Verify bandwidth utilization values here. Additional Firewalls:
• Make more than one firewall sending data to Firewall Analyzer and see Firewall Analyzer correctly recognize second firewall too.
Verification Tests
• Automatic Discovery of 3Com Logs • Traffic Reports • Rules Report • VPN Reports • Security Reports • Attack Reports • Live Reports • Admin Reports • Multiple Firewall Discovery
Page 19 of 20
3Com Open Network™ Solutions Lab Application Notes
Product Support
3COM product support: Main 3COM Support link: http://www.3com.com/products/en_US/support/index.html 3COM X5 Unified Security Platform Product Link http://www.3com.com/products/en_US/searchbyproduct.jsp?path=download&searchby=prodname&search=x5
Asia Pacific Telephone: +65 6543 6645 Fax: +65 6543 6518 E-mail: [email protected]
Europe, Middle East and Africa Telephone: +44 (0)1442 435529 (Option 4) Fax : +44 (0)1442 435811 E-mail: [email protected]
North America and Latin America Telephone: 866-326-6222 (Option 3) Fax : 408-326-7140 E-mail: [email protected]
AdventNet Product Support: Main AdventNet ManageEngine® Link: http://manageengine.adventnet.com/support.html AdventNet ManageEngine® Firewall Analyzer Support Link: http://manageengine.adventnet.com/products/firewall/support.html Support: US: +1 888 720 9500 Intl: +1 925 924 9500 [email protected]
Page 20 of 20
3Com Open Network™ Solutions Lab Application Notes
Conclusion These Application Notes describe the configuration steps required to configure AdventNet’s ManageEngine® Firewall Analyzer to collect firewall logos from 3com® X5 Unified Security Platform.