Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

53-1002412-01

23 January 2012

ServerIron ADX

Graphical User Interface Guide

Supporting Brocade ServerIron ADX release 12.4.00

Summary of content (212 pages)

PAGE 1
53-1002412-01 23 January 2012 ServerIron ADX Graphical User Interface Guide Supporting Brocade ServerIron ADX release 12.4.
PAGE 2
© 2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, MLX, SAN Health, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
PAGE 3
Contents About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Document conventions . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
System view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Traffic view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Section I Chapter 4 Configuring the ADX Configuration Overview In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Navigating the configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Saving the configuration. . . . . . .
PAGE 5
Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Creating a virtual server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Creating a virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Binding the virtual server port . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Enabling or disabling a virtual server . . . . . . . . . . . . . . . . . . . . . 57 Real servers. . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Section II Chapter 9 Monitoring the ADX Monitoring Overview In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 Navigating the monitoring tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 Chapter 10 Viewing System Information In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 System summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
Chapter 13 Viewing Security Statistics In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175 DoS protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175 Displaying SYN attack details . . . . . . . . . . . . . . . . . . . . . . . . . .175 Displaying other DoS attack details . . . . . . . . . . . . . . . . . . . . . 177 SSL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 8
Appendix A Appendix A Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 Unable to open web interface . . . . . . . . . . . . . . . . . . . . . . . . . .199 Web interface does not reflect changes based on the latest image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200 RSL error (#2032 Stream Error) when launching the web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
About This Document In this chapter • Related documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • How to use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
Document conventions • Configuration notes for the topic Document conventions This section describes text formatting conventions and important notice formats used in this document.
PAGE 11
Documentation feedback Notes The following notice statements are used in this manual. NOTE A note provides a tip, guidance, or advice, emphasizes important information, or provides a reference to related information. ATTENTION An Attention statement indicates potential damage to hardware or data. Documentation feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document.
PAGE 12
Requesting technical support xii ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 13
Chapter 1 Introduction to the ADX Web Interface In this chapter • System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Starting the ADX web interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring basic settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Setting up secure web access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 14
1 Starting the ADX web interface Starting the ADX web interface The ADX web interface is included in the system image by default. Before you start the web interface, you must configure the basic settings described in “Configuring basic settings” on page 2. After the initial configuration, you can start accessing the web interface using the default username and password. To start the ADX web interface, perform the following steps. 1.
PAGE 15
Configuring basic settings 1 Connecting to the switch 1. Connect your PC to the ADX console connector using the serial cable. 2. Press Enter to bring up the command line prompt on the PC. Assigning IP address and route in switch code If you are using switch code, enter the following commands. 1. Enable configuration mode. ServerIronADX> ServerIronADX> enable No password has been assigned yet... ServerIronADX# ServerIronADX# config terminal 2. Assign an IP address to the management port.
PAGE 16
1 Setting up secure web access For more information about configuring the management port, refer to the ServerIron ADX Administration Guide. Enabling the web interface To access the web interface, the web management, HTTP, and Simple Object Access Protocol (SOAP) services must be enabled in the device. These services are enabled by default. If these services are not enabled, you can connect to the device using the configured IP address in the CLI.
PAGE 17
Setting up secure web access 1 To import a private key from TFTP server, enter the following command. ServerIronADX(config)# ip ssl private-key-file tftp After you have imported the digital certificate, enter the following command to enable HTTPS access. ServerIronADX(config)# crypto-ssl certificate generate NOTE Imported certificates must be no larger than 4096 bits. NOTE Only the private keys that are unencrypted with the file size of 512 or 1024 bits are supported.
PAGE 18
1 6 Setting up secure web access ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 19
Chapter Navigating the Web Interface 2 In this chapter • Web interface overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 • Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 • Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 20
2 Layout Layout The web interface of the ADX device is illustrated, as shown in Figure 1. 1 2 3 4 5 7 6 8 FIGURE 1 ServerIron ADX home page 3 1 Menu bar 5 Page tab 2 Sidebar 6 Login bar 3 Button bar 7 Main page 4 Task bar 8 Control bar • Login bar—-Includes information regarding your login session along with the links to get additional help. The following options are displayed on the login bar: - Hostname—Host name and the model of the device.
PAGE 21
Navigation 2 • Menu bar—Allows you to navigate to specific subsections within a primary tab. The menu bar is currently displayed when Dashboard, Configure, and Monitor tabs are selected. The following options are available from the menu bar depending on the primary tabs selected. - System—Displays information related to the system status and configurations including system settings, system limits, high availability, and user management.
PAGE 22
2 10 Navigation ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 23
Chapter Navigating the Dashboard 3 In this chapter • Dashboard overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 • System view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 • Traffic view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Dashboard overview The Dashboard is the first tab in the ADX web interface.
PAGE 24
3 System view • Click the maximize or minimize button at the top right of the panel to maximize or minimize the panels. • Click the arrow next to the each individual header column to sort the data in ascending or descending order. System view The System dashboard displays various system information including general summary, throughput, log messages, established connections, and sessions. To view the System dashboard, select the Dashboard tab in the task bar and click System on the menu bar.
PAGE 25
Traffic view 3 Traffic view The Traffic dashboard displays network traffic information including traffic distribution, sessions and connections for service, and service response time. To view the Traffic dashboard, select the Dashboard tab in the task bar and click Traffic on the menu bar. The Traffic dashboard page is displayed, as shown in Figure 3. FIGURE 3 Traffic dashboard The Traffic dashboard contains six panels.
PAGE 26
3 14 Traffic view ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 27
Section Configuring the ADX I This section describes the Configure features, and includes the following chapters: • Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 • System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 • Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 • Traffic Settings . . . . . . . . . . . . . . .
PAGE 28
16 ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 29
Chapter 4 Configuration Overview In this chapter • Navigating the configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 • Saving the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Navigating the configuration tab The Configure tab is the second tab in the ADX web interface. You can use the Configure tab to configure the system, network, traffic, or security settings on an ADX device.
PAGE 30
4 Saving the configuration TABLE 1 Configuration actions Button Description Apply Applies changes to the running configuration. Reset Reverts the configuration to the previous configured values. Common icons The main page displays the common icons on the top right corner for all the configuration tasks. Table 2 describes the icons displayed on the main page. TABLE 2 Configuration icons Icon Description Filter Allows you to filter the data currently displayed in the Summary page.
PAGE 31
Chapter 5 System Settings In this chapter • General settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 • High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 • User management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 32
5 General settings 3. Under System, provide the following information: • Hostname: Enter a host name for the device; for example, ADXHost. When you configure a host name, the name replaces the default system name. The name can contain up to 32 alphanumeric characters. • Serial Number: Displays the serial number of the device. The field is non-editable. 4.
PAGE 33
General settings 5 The System Limits page is displayed, as shown in Figure 5. FIGURE 5 Configuring system limits 3. Provide the following information: • VLANs: Enter the maximum number of Virtual Local Area Networks (VLANs) you want to assign to a group. The range is from 1 through 4095. The default value is 64. • L3 VLANs: Enter the maximum number of Layer 3 VLANs you want to configure on the device. The range is from 0 through 256. The default value is 32.
PAGE 34
5 High Availability NOTE Any change to the system limits requires you to reboot the ADX device for these changes to take effect. It is recommended to save the running configuration to the startup configuration to preserve the changes across reboot. For more details on how to reboot the system, refer to “Restarting the System” on page 191. For more information on setting the system limits, refer the ServerIron ADX Switch and Router Guide and ServerIron ADX Security Guide.
PAGE 35
High Availability 5 HA overview To configure the HA feature on the ADX device, the setup requires two ADX devices, where one device must be active and the other device must be in the standby mode. The active device accepts connections and manages servers, and the standby device monitors the active device. If the active device fails to accept connections, the standby device takes over the active device functions.
PAGE 36
5 High Availability The High Availability page is displayed, as shown in Figure 7. FIGURE 7 High Availability 3. Select Hot Standby. The Hot Standby page is displayed, as shown in Figure 8. FIGURE 8 Configuring hot standby 4. Under the Basic tab, provide the following information: • Sync VLAN: Select a port-specific VLAN from the list. • Sync Port: Select the hot standby port from the list.
PAGE 37
High Availability 5 To configure the advanced parameters for the hot standby configuration: 5. Click the Advance tab. The Advance tab is displayed as shown in Figure 9. FIGURE 9 Hot standby advanced configuration 6. Provide the following information: • Backup Preference: Enter the time interval during which the standby device waits for the configured time before taking the active role. The range is from 5 through 30 minutes. The default value is 5 minutes.
PAGE 38
5 High Availability Configuring the ADX in symmetric mode In the symmetric mode, both the ADX devices handle SLB traffic, and both the devices are active for the same VIP. This mode is supported only on chassis systems. NOTE Symmetric active-active mode is supported in both switch code and router code.
PAGE 39
High Availability 5 NOTE The active-active port is used to synchronize NAT, syn-proxy, and other non-SLB related sessions. 5. Under Advanced settings, enter the following information: • Symmetric PDU rate The send interval is pre-set to 200 milliseconds.By default, a device in an Symmetric SLB (SSLB) configuration sends discovery packets at an interval of 200 milliseconds. In the Discover Multiplier field, enter the multiplier for the SSLB send and wait interval. The range is from 1 through 60.
PAGE 40
5 High Availability The Summary page displays the list of configured VIP groups, 30 entries at a time. Each entry in the list includes the name of the group, configured interface, and the number of VIPs in that group. 3. Click New at the bottom of the VIP Groups page. The VIP Group - new page tab is displayed, as shown in Figure 12. FIGURE 12 Configuring a VIP group 4. Provide the following information: • VIP Group ID: Enter the identifier for the VIP group that includes multiple VIP addresses.
PAGE 41
User management 5 To modify the configured VIP group entry, in the Summary table, select an entry and click Edit or double-click the entry. Click Delete to delete a VIP group configuration. For more information on the VIP groups, refer to the ServerIron ADX Server Load Balancing Guide. User management User management allows restricting or authorizing system access for the users based on their context.
PAGE 42
5 User management The Users page is displayed, as shown in Figure 14. FIGURE 14 User management summary The Users page displays the list of configured user accounts. Each entry in the list includes the user name, user type, associated role template and context. 3. Click New at the bottom of the Summary page. The User - new page tab is displayed, as shown in Figure 15. FIGURE 15 Creating a user 4.
PAGE 43
User management 5 NOTE The options in the Role Based Settings tab are enabled only when you click Role Based User type. For more information on the configuration of role-based user, refer to “Assigning user role” on page 31. • Change Password: Select the Yes check box to change the password. • Password: Enter the password with a minimum of eight characters. The password is always masked to ensure security. • Confirm Password: Enter the password again for confirmation.
PAGE 44
5 User management • Default Context: Select the context that has to be associated with the user by default. • Role Template: Select the role template that is to be associated with the user. • Under Context/Role Mappings, enter the following information: New Context Name: Select a context name that you want to assign to the user.  Role: Select a role that you want to assign to the user.  Click Add. The context names along with their respective roles are displayed in the table.
PAGE 45
User management 5 To delete a context configuration, select an entry from the Current Contexts table and click Delete. NOTE A context cannot be deleted if it is referenced. For more information on creating the contexts, refer to the ServerIron ADX Administration Guide. Creating role templates For simplicity of the configuration, the super user can create a role template with specific roles assigned for global and context-related configurations.
PAGE 46
5 User management The Role Template - new page tab is displayed, as shown in Figure 19. FIGURE 19 Creating role template 4. Provide the following information: • Role Template Name: Enter the name of the role template. • Default Context: Select the context you want to associate with the user by default. • Global (non-Context) Config: Click None, Viewer, or Manager to assign a role for the global configurations. 5.
PAGE 47
Chapter 6 Network Settings In this chapter • Configuring network interfaces and IP addresses . . . . . . . . . . . . . . . . . . . . • Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring source IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 48
6 Configuring network interfaces and IP addresses The IP interface - 1 page tab is displayed, as shown in Figure 21. FIGURE 21 Editing an interface 4. Provide the following information: • Interface ID: Displays the ID assigned to the interface. • MAC Address: Displays the MAC address of the interface. • Interface name: Enter a unique name for the interface. The interface name is represented by the physical and logical parts.
PAGE 49
Configuring network interfaces and IP addresses 6 Configuring IP addresses for the interface To configure an IP address for the interface, perform the following steps within the Configure tab. 1. Click Network on the menu bar. 2. From the sidebar, select Interface. 3. From the Summary page, select an interface entry from the list. 4. Click IP addresses. The IP Address page tab is displayed, as shown in Figure 22. FIGURE 22 Configuring an IP address 5.
PAGE 50
6 Configuring static routes Enabling or disabling an interface You can enable or disable an interface from the Summary page. To enable or disable a virtual server, perform the following steps within the Configure tab. 1. Click Network on the menu bar. 2. From the sidebar, select Interfaces. The list of all the configured interfaces is displayed in the main page as shown in Figure 23. FIGURE 23 Enabling or disabling an interface 3.
PAGE 51
Configuring static routes 6 The Summary page is displayed, as shown in Figure 24. FIGURE 24 Static routes summary The Summary page displays the list of configured static routes. Each entry in the list includes the destination network, subnet mask, gateway, metric, and distance information. 3. Click New at the bottom of the Summary page. The Static Route - new page tab is displayed, as shown in Figure 25. FIGURE 25 Configuring static route 4.
PAGE 52
6 Configuring source IP addresses • Gateway: For IPv4, click either the IP Address or Interface field to provide the information. For IPv6, enter the information for both IP Address and Interface. IP Address—The IP address of the gateway.  Interface—The interface of the gateway. Metric: Enter the value for comparing two routes for the same destination in the IP route table. The range is from 1 through 16. The default metric is 1.
PAGE 53
Configuring source IP addresses 6 The Summary page is displayed, as shown in Figure 26. FIGURE 26 Source IP summary The Summary page displays the list of configured source IP addresses. Each entry in the list includes IP address, subnet, default gateway, and the source port for the real servers. 3. Click New at the bottom of the Summary page. The Source IPs - new page tab is displayed, as shown in Figure 27. FIGURE 27 Configuring source NAT IP 4.
PAGE 54
6 Configuring source IP addresses • Allocate Source Port per Real Server: Select the check box to if you want to allocate the source port on the real server. 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. To delete the configured source IP address information, select an entry from the Summary table and click Delete. For more information on the source NAT IP, refer to the ServerIron ADX Security Guide.
PAGE 55
Configuring VLANs 6 The Source NAT IPs - new page tab is displayed, as shown in Figure 29. FIGURE 29 Configuring source NAT IP 4. Provide the following information: • IP Address: Enter the source IP address for sending packets to the real server. • Subnet Mask: For IPv4, enter the subnet mask in class-based format. For IPv6, select the Use Prefix check box to enter the prefix length. • Default Gateway: Enter the IP address of the default gateway.
PAGE 56
6 Configuring VLANs The Summary page is displayed, as shown in Figure 30. FIGURE 30 VLAN summary The Summary page displays a list of configured VLANs. Each entry in the list includes VLAN name, router interface, VLAN ports, and the associated spanning tree status. 3. Click New at the bottom of the Summary page. The VLAN - new page tab is displayed, as shown in Figure 31. FIGURE 31 Configuring a VLAN 4. Provide the following information: • VLAN: Select the VLAN from the list.
PAGE 57
Configuring VLANs 6 • Router Interface: Select the Use check box for the routing interface to locally route the IP packets from an IP subnet VLAN to the port-based VLAN on the same router. The range is from 1 through 64. The default value is 24. • Spanning Tree: Select the Enable check box to enable the spanning tree on the VLAN to detect and eliminate logical loops in the network. 5.
PAGE 58
6 46 Configuring VLANs ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 59
Chapter 7 Traffic Settings In this chapter • Global traffic settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Real servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Health checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 60
7 Global traffic settings 3. Provide the following information: • Load Balancing Predictor: Select the algorithm to determine the traffic distribution among the real servers. The algorithm can be one of the following:         Round Robin—Directs the service requests to the next server if a server fail, and treats all servers equally regardless of the number of connections.
PAGE 61
Virtual servers 7 • Enable TCP Syn NAK Threshold: Select the Enable check box to allow the TCP SYN NAK threshold feature for a real server. • TCP Syn NAK Threshold: Enter the SYN NAK threshold that specifies the number of contiguous unacknowledged SYN NAKs accumulated for a real server, before determining that the server is inactive. The range is from 6 through 4,000. The default value is 20.
PAGE 62
7 Virtual servers The Virtual Server page is displayed, as shown in Figure 33. FIGURE 33 Virtual server The Configure Virtual Servers page displays a list of the virtual servers that are configured in the device. Each entry in the list includes virtual server name, IP address of the virtual server, virtual server port, predictor, and the status. 3. Click New at the bottom of the Configure Virtual Server page. The Configure Virtual Server - new page tab is displayed, as shown in Figure 34.
PAGE 63
Virtual servers 7 • Admin State: Click the Enable check box to disable the virtual server. By default, admin state is enabled. • Load Balancing Predictor: Select a load balancing algorithm from the list to determine the load distribution among real servers; for example, Weighted Round Robin. • OID Entry ID: Enter the SNMP object ID value that represents the weight of the real server. • Max Value: Enter the maximum value for the dynamic weighting. The range is from 0 through 4,294,967,295.
PAGE 64
7 Virtual servers • UDP Age: Specify the number of minutes the device allows a UDP connection to remain inactive before closing the connection. The range is from 2 through 60 minutes. The default value is 5 minutes. • Sticky Age: Specify the number of minutes a sticky server connection can remain inactive before aging out. The range is from 2 through 60 minutes. The default value is 5 minutes. • Under VIP Route Health Injection, provide the following information:   7.
PAGE 65
Virtual servers 7 The Configure Virtual Server Ports page displayed a list of configured virtual server ports. Each entry in the list includes port name, runtime state, protocol, backup, and heath check status. 4. Click New at the bottom of the Configure Virtual Server Ports page. The Basic tab is displayed, as shown in Figure 37. FIGURE 37 Configuring virtual server ports 5. Under Basic tab, provide the following information: • Virtual Server Name: Enter the name of the virtual server.
PAGE 66
7 Virtual servers • UDP Age: Specify the number of minutes the device allows an UDP connection to remain inactive before closing the connection. The range is from 2 through 60 minutes. The default is 5 minutes. Select the UDP Fast Age and UDP Normal Age check boxes based on the requirement. 6. Click the Stickiness tab to enable a sticky connection on the TCP or UDP virtual server port. The Stickiness tab is displayed, as shown in Figure 38. FIGURE 38 7.
PAGE 67
Virtual servers 7 • Sticky Based on Subnet: Click Enable to send all requests originating from a given subnet to the same real server. Subnet Mask: Enter the subnet mask that is used for the stickiness. No Stickness: Click Enable to disable stickiness on the virtual server port.  • 8. Click Advanced tab to configure the advanced parameters for the virtual server port. The Advanced tab is displayed, as shown in Figure 39. FIGURE 39 Configuring advanced parameters 9.
PAGE 68
7 Virtual servers • Under Other Settings, provide the following information:         Enable Spoofing: Select the check box to mark the input interface of the connection. Later any response traffic for the session will be forwarded using this information regardless of any other route configured.
PAGE 69
Virtual servers 7 The binding page is displayed, as shown in Figure 40. FIGURE 40 Binding virtual server ports 4. Select the VIPs or ports you want to bind from the Available RS-Ports list and click Bind to move them to the Bound RS-Ports list. To unbind the ports, select the ports you want to unbind from the Bound RS-Ports list and click Unbind. To bind or unbind all the ports, click Bind All or Unbind All.
PAGE 70
7 Real servers • Click Enable at the bottom of the Configure Virtual Servers page to enable the virtual server. • Click Disable to disable the virtual server. For more information on enabling or disabling virtual servers, refer to the ServerIron ADX Server Load Balancing Guide. Real servers Real servers are the actual application servers that handles all the client service requests. Creating a basic real server To apply SLB configuration, you must create a basic real server.
PAGE 71
Real servers 7 The Configure Real Sever - new page tab is displayed. By default, Basic configuration tab is displayed, as shown in Figure 43. FIGURE 43 Configuring real server basic parameters 4. Under Basic tab, enter the following information: • Click Create one Real Server for creating a real server. • Real Server Name: Enter the name of the real server. • IP Address: Enter the IP address of the real server. You can configure both IPv4 and IPv6 addresses.
PAGE 72
7 Real servers Setting predictors for real servers To configure predictors for real servers on the device, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3. Click New at the bottom of the Configure Real Servers page. 4. Click the Predictors tab. The Predictors tab is displayed, as shown in Figure 44. FIGURE 44 Configuring predictors parameters 5.
PAGE 73
Real servers 7 The Advanced tab is displayed, as shown in Figure 45. FIGURE 45 Configuring advanced parameters 8. Provide the following information: • Ping Health Check: Select the Enable check box to enable Layer 3 health checks to the real server IP addresses. • Source NAT: Select the Enable check box to allow the device to use a source IP address as the source for packets sent to the real server.
PAGE 74
7 Real servers Creating a real server port To configure a basic real server port on the device, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3. Select the real server from the list in the Configure Real Servers page and click Port. The Configure Real Server Ports page tab is displayed, as shown in Figure 46. FIGURE 46 Real server port summary 4. Click New at the bottom of the Configure Real Server Ports page.
PAGE 75
Real servers 7 The Basic configuration tab is displayed, as shown in Figure 47. FIGURE 47 Configuring real server port 5. Under Basic, provide the following information: • Real Server Name: Displays the name of the real server. • Port: Select an application port from the list to add under the real servers. • Admin State: Select the appropriate check boxes to enable the port, set the port as backup, and clear the sessions when the port is up.
PAGE 76
7 Real servers To modify the configured real server ports, in the summary table, select an entry and click Edit or double-click the entry. You can also delete a configuration by clicking Delete. For more information on configuring real server ports, refer to the ServerIron ADX Server Load Balancing Guide. Configuring health check parameters for a real server port To configure the health check parameters for a real server port on the device, perform the following steps within the Configure tab. 1.
PAGE 77
Real servers 7 • Bringup Intervals: Enter the Layer 4 and Layer 7 bringup intervals to enable the health check policy during initial bringup of the server in seconds. The range is from 1 through 255 seconds. 7. Under Specific settings to HTTP, enter the following information: • URL: Enter the URL name to specify whether the HTTP health check performs a GET or HEAD request while customizing the Layer 7 information sent with the health check.
PAGE 78
7 Real servers 3. Select a real server from the list and click one of the following buttons at the bottom of the Configure Real Servers page: • Click Enable at the bottom of the Configure Real Servers page to enable the real server. • Click Disable to disable the real server. For more information on enabling or disabling real servers, refer to the ServerIron ADX Server Load Balancing Guide. Creating a real server group A real server group can contain one or more real servers.
PAGE 79
Real servers 7 The Configure Real Server - new page tab is displayed, as shown in Figure 51. FIGURE 51 Configuring real server 4. Provide the following information: • Server Group Name: Enter the name of the server group. • Add Real Servers: Select the real servers from the Available Servers list and click Add to move the real servers to the Selected Servers list to add server group. 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values.
PAGE 80
7 Health checks FIGURE 52 Binding real server groups 4. Provide the following information: • Server Group Port: Select the port of the server group to bind with the virtual server port. • Virtual Server: Select the virtual server that you want to bind to the server group. • Virtual Port: Select the virtual server port to which you want to bind the server group port. 5. Click OK to bind the virtual server to the real server groups.
PAGE 81
Health checks 7 The Health Checks page is displayed, as shown in Figure 53. FIGURE 53 Health check summary 3. Under Layer 2 ARP Check, provide the following information: • Periodic ARP Check: Select the Enable check box to send layer 2 ARP request to the real server to verify that the device can reach the server through the network. By default, periodic ARP check is enabled. • Interval: Enter the time of interval for Layer 2 ARP check, in seconds. The range is from 10 through 14,400 seconds.
PAGE 82
7 Health checks 6. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. For more information on configuring health checks, refer to the ServerIron ADX Server Load Balancing Guide. Creating a port profile A port profile is a set of attributes that globally defines an application port. Once defined, the port has the same attributes on all the real and virtual servers that use the port.
PAGE 83
Health checks 7 3. Click New at the bottom of the Port Profiles page. 4. The Port Profile - new page tab is displayed, as shown in Figure 55. FIGURE 55 Creating port profile 5. Under Basic tab, provide the following information: • • • • • Port: Select the well-known port name for the health check from the list. Use Like Protocol: Select the protocol for the health check from the list. Admin State: Select the Enable check box for enable the port profile.
PAGE 84
7 Health checks 6. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. For more information on configuring port profiles, refer to the ServerIron ADX Server Load Balancing Guide. Defining advanced parameters for a port profile To define advanced parameters for a port profile on the device, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Health Checks, and then select Port Profiles.
PAGE 85
Health checks 7 • Retries: Enter the number of retries. The range is from 1 through 5. The default is 2. 6. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. To modify the configured port profiles, in the summary table, select an entry and click Edit or double-click the entry. You can also delete a configuration by clicking Delete. However, you cannot edit or delete port profiles if they are in use.
PAGE 86
7 Health checks 3. Click New at the bottom of the Port Policies page. FIGURE 58 Configuring port policies 4. Provide the following information: • Port Policy Name: Enter the name of the port policy. • Health Check Interval: Enter the health check interval in seconds. The range is from 1 through 120 seconds. The default is 5 seconds. For Secure Socket Layer (SSL), the range is from 5 through 120 seconds.
PAGE 87
Health checks TABLE 3 7 Protocols Protocol Function Your Action DNS Specifies the DNS protocol to be checked on the traffic passes through the port. Under Settings for DNS, provide the following information: • Zone: Enter the name of the Domain Name System (DNS) zone that sends a Source-of-Authority (SOA) request for the zone name. • Address Query: Enter a domain name that a device has to be requested from the real server.
PAGE 88
7 Health checks For more information on configuring port policies, refer to the ServerIron ADX Server Load Balancing Guide. Configuring element health checks The ADX device allows the creation of a health check that is customized for a given application server. Such definition is also known as element health check. You can specify the health check frequency, the number of retrials, and the number of other parameters for server health check.
PAGE 89
Health checks 7 The Element Heath Check - new page is displayed, as shown in Figure 60. FIGURE 60 Configuring element health check. 4. Provide the following information: • Health Check Name: Enter the name for the health check. • Health Check Type: Select one of the following health check types: TCP: The ADX device attempts to engage in a normal three-way TCP handshake with the port on the real server.  UDP: The ADX device sends a UDP packet with garbage (meaningless) data to the UDP port.
PAGE 90
7 Health checks • Port: Specifies the port name and the application port number. Select a port name from the list. The port value is displayed in the field next to the list. NOTE For the unknown port, select Custom from the list and enter the port number. • Content Check: Allows the ADX device to perform the content verification health checks for ports that do not use one of the well-known port numbers recognized by the ADX device.
PAGE 91
Health checks 7 The Boolean Health Check - new page is displayed, as shown in Figure 61. FIGURE 61 Configuring boolean health check 4. Provide the following information: • Boolean Health Check Name: Enter the name for the boolean health check policy. • Health Check 1: Select a health check policy from the list. • Condition: Specifies a logical operator in the health check policy. You can enter two element-action expressions along with the logical operator AND, OR, or NOT.
PAGE 92
7 Health checks 1. Click Traffic on the menu bar. 2. From the sidebar, select Health Checks, and then select Match Lists. The Match Lists page is displayed, as shown in Figure 62. FIGURE 62 Match lists summary 3. Click New at the bottom of the Match Lists page. The Match List - new page tab is displayed, as shown in Figure 63. FIGURE 63 Configuring match list 4. Provide the following information: • Name: Enter the name of the match list.
PAGE 93
Content switching 7 • String Ends With: Specifies the string that should match with the string present at the end of response sent by the real server. Select String Ends With, and enter the string in the Ends String field. • Select Simple String Match and enter the following details: Matches: Enter the string.  Logging: Select the Enable check box.
PAGE 94
7 Content switching 1. Create rules—Define a request rule or response rule to identify specific application data within a request or a response. 2. Create policies—Create a request policy or response policy to specify multiple rules and the desired actions to be taken when the traffic matches the rule. 3. Binding policies—Apply the created policy to a virtual server port. To create a content switching policy on the device, perform the following steps within the Configure tab. 1.
PAGE 95
Content switching 7 The Request Rules page is displayed, as shown in Figure 65. FIGURE 65 Request rules summary The Request Rules page displays the list of the configured request rules for incoming traffic. 3. Click New on the bottom of the Request Rules page. The Request Rule - new page tab is displayed, as shown in Figure 66. FIGURE 66 Creating a request rule 4. Provide the following information: • Rule Name: Enter the name of the request rule.
PAGE 96
7 Content switching TABLE 4 84 Rule type settings Rule Type Function Your Action URL Allows the device to make a load-balancing decision based on the contents of the URL string in an incoming packet. Under the Settings for URL Rule, provide the following information: • Operator: Select one of the following operators from the list: - Prefix—To match if the URL string begins with the specified prefix. - Suffix—To match if the URL string begins with the specified suffix.
PAGE 97
Content switching TABLE 4 7 Rule type settings (Continued) Rule Type Function Your Action HTTP Header Allows the device to make a load balancing decision based on the contents of an HTTP header field in an incoming packet. Under Settings for HTTP Header Rule, provide the following information: • Header Type: Click one of the following: - Well Known HTTP Header: Select a well known header using which you want the ADX device to make a load balancing decision.
PAGE 98
7 Content switching TABLE 4 86 Rule type settings (Continued) Rule Type Function Your Action XML TAG Allows the device to make a load balancing decision based on the contents of an XML tag in an incoming packet. Under the Setting for XML Tag Rule, provide the following information: • XML Tag Name: Enter the name of the XML tag. • Operator: Select one of the following operators from the list: - Prefix—To match if the XML tag begins with the specified prefix.
PAGE 99
Content switching TABLE 4 7 Rule type settings (Continued) Rule Type Function Your Action DNS DPI Allows the ADX device to perform a deep packet scan and then classify DNS requests based on the following: query type, query name, RD flag or the DNS security extensions (DNSSEC) OK bit in the EDNS0 header. Under the Settings for DNS DPI Rule, provide the following information: • Query Type: Specifies the DNS query type to match on. • Query Name: specifies the name of the DNS query type to match on.
PAGE 100
7 Content switching The Response Rules page is displayed, as shown in Figure 67. FIGURE 67 Response rules summary 3. Click New at the bottom of Response Rules page. The Response Rule - new page is displayed, as shown in Figure 68. FIGURE 68 Creating a response rule 4. Provide the following information: • Rule Name: Enter the name of the response rule. • Ignore Case: Select the check box if you want to the rule to be case insensitive.
PAGE 101
Content switching TABLE 5 Rule types settings Rule Type Function Your Action Response Status Code Allows the device to inspect the response based on the code found in the response. Under the Settings for Response Status Code Rule, enter the code range in the Status Code Range to inspect a response only if the code is within the specified range. Response Header Allows the device to inspect the response based on the contents of an HTTP header field in the response.
PAGE 102
7 Content switching To modify the configured response rules, in the summary table, select an entry and click Edit or double-click the entry. You can also delete a configuration by clicking Delete. For more information on configuring content switching rules, refer to the ServerIron ADX Server Load Balancing Guide. Creating policies You can associate content switching rules to a policy (request or response) that defines how the device process the traffic.
PAGE 103
Content switching 7 The Request Policy - new page tab is displayed, as shown in Figure 70. FIGURE 70 Creating request policy 4. Provide the following information: • Policy Name: Enter the name of the request policy. • Select a protocol and perform the following actions as described in Table 6.
PAGE 104
7 Content switching TABLE 6 . 92 Protocols settings Protocol Function Your Action HTTP Allows the device to make load balancing decisions about HTTP traffic based on information in a URL, cookie, or SSL session ID. Under Rule-Action List, select the rule name from the Rule Name list and select one of the following option in the Action list: • Forward: Allows the device to forward packets matching a specified rule to a specified real server or server group.
PAGE 105
Content switching TABLE 6 7 Protocols settings (Continued) Protocol Function Your Action DNS Allows the ADX device to provide DNS attack protection to VIP traffic. This protection is provided by performing a deep packet scan and then classifying DNS requests based on the query type, query name, RD flag or the DNSSEC “OK” bit in the EDNS0 header.
PAGE 106
7 Content switching • Select the Log check box to write a message to system log when the specified rule is matched, and specify the log format. • Click Add to create a rule-action list. The rule-actions list is displayed in the table. Select a rule in the table and click Remove to delete the rule and the action from the list. Click the UP or DOWN button to arrange the rule-action list in desired order. 5. Click Apply to save your entries.
PAGE 107
Content switching 7 The Response Policy - new page is displayed, as shown in Figure 72. FIGURE 72 Creating response policy 3. Provide the following information: • Policy Name: Enter the name of the response policy. • Rewrite Type: Click one of the rewrite type and set the parameters based on the rewrite type selected as described in Table 7.
PAGE 108
7 Content switching TABLE 7 rewrite type settings Rewrite Type Function Your Action HTTP Header Allows the feature to be used in an SSL-Offload environment when the real servers send redirect messages to the incoming clients. Provide the following information: • HTTP Response Status Code rules: Select the status code rules from the Available list and click Add to move the rules to the Selected list. The code rule identifies the response packets on which Layer 7 policy should act upon.
PAGE 109
Content switching 7 Binding request policies After creating a request rule and request policy, you need apply the request policy to the incoming traffic by binding it to virtual ports. To bind the request policy to VIPs, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching, and then select Request Policies. The Request Policies page is displayed. 3. Select a policy from the Request Policy table and then click Bindings.
PAGE 110
7 OpenScript 4. Select the virtual servers to bind with the request policy from the Available VS-Ports list and click Bind to move them to the Bound VS-Ports list. To unbind the VIPs or ports, select the ports you want to unbind from the Bound VS-Ports list and click Unbind. To unbind all the ports, click Unbind All. For more information on binding content switching policies, refer to the ServerIron ADX Server Load Balancing Guide.
PAGE 111
OpenScript 7 The Script Details - new page is displayed, as shown in Figure 76. FIGURE 76 Configuring script details 4. Provide the following information: • Script name: Enter the name of the script stored in the device. • Script code: Enter the executable code of the script. • Click Compile to compile the script code. You are recommended to compile a new script before binding it to a virtual server port, to make sure that the script compiles successfully and obtain an estimate of script performance.
PAGE 112
7 OpenScript The page is displayed as shown in Figure 77. FIGURE 77 Binding scripts 4. Provide the following information: • Script Profile: Select the profile from the list to apply the previously configured script profile to the script being bound. • Select the virtual server ports from the Available VS-Ports list and click Bind to move the port that has to be bound to a script. Click Unbind to unbound the virtual server port or services from the script.
PAGE 113
OpenScript 7 The Script Profiles - new page tab is displayed, as shown in Figure 79. FIGURE 79 Configuring script profile 4. Provide the following information: • Profile name: Enter the name of the script profile that you want to create or update. • Memory Limit (bytes): Enter the memory limit for any script that is bound to the script profile. The range is from 1 through 1073741824 bytes. The default value is 1,048,576 bytes.
PAGE 114
7 102 OpenScript ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 115
Chapter Security Settings 8 In this chapter • SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 • SSL profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 • Access Control Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 116
8 SSL certificates The Setup SSL page is displayed, as shown in Figure 80. FIGURE 80 Setting up SSL 3. Click SSL Keys. The SSL Keys page is displayed, as shown in Figure 81. The summary of configured SSL keys is displayed. FIGURE 81 SSL key summary 4. Click Generate at the bottom of SSL Keys page. The Generate Key page is displayed, as shown in Figure 82. FIGURE 82 Generating SSL key 5. Provide the following information: • Encryption: Displays the encryption type as RSA.
PAGE 117
SSL certificates 8 • Key Length: Click 512, 768, 1024, or 2048 bits to set the length of the SSL key. The default length is 1024. • Save Key As File Name: Enter the filename (without space) that used to store the generated SSL certificate. 6. Click Generate Key File. Click Clear to clear all the entries in the fields. Uploading private keys To upload an existing SSL key to the device, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2.
PAGE 118
8 SSL certificates • Generating self-signed certificates. For more information on self-signed certificates, refer to “Generating self-signed certificates” on page 107. To generate a request for a certificate that will be sent to a CA to be digitally signed, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Certificates. The SSL Certificates page is displayed, as shown in Figure 84. FIGURE 84 SSL certificates 3.
PAGE 119
SSL certificates 8 • Country: Enter the name of your country; for example, US. Only two characters are allowed. 5. Click Generate Request. Click Clear to clear all the entries in the fields. Uploading the existing certificates You can upload the certificate to the device, after you receive an SSL certificate from the CA. To upload the certificate, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Certificates. 3.
PAGE 120
8 SSL profiles 3. Click Generate Certificate at the bottom of SSL Certificates page. The Generate Certificate page is displayed, as shown in Figure 87. FIGURE 87 Generating SSL certificate 4. Provide the following information: • Certificate Name: Enter the name of the file that is used to stored the self-signed generated certificate. • • • • • • • • • Key File: Select the RSA key pair that is used to build and sign the certificate.
PAGE 121
SSL profiles 8 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Profiles. The SSL Profiles page is displayed, as shown in Figure 88. FIGURE 88 SSL profile summary 3. Click New at the bottom of SSL Profiles page. The Configure SSL Profile page tab is displayed, as shown in Figure 89. FIGURE 89 Configuring a profile 4. Under Basic tab, provide the following information: • Profile Name: Enter the name of the SSL profile being defined.
PAGE 122
8 SSL profiles • Select the cipher suites you want in the Available Ciphers list and click Add to add to the Selected Ciphers list, to control the security strength of the SSL handshakes. 5. Click Certificates tab to specify additional options under the SSL profile. The Certificates page is displayed, as shown in Figure 90. FIGURE 90 Certificates configuration 6.
PAGE 123
SSL profiles 8 The Advanced tab is displayed, as shown in Figure 91. FIGURE 91 Configuring advanced parameters 8. Provide the following information: • CLOSE-NOTIFY Alert: Select the Enable check box to configure the device to send an alert before closing an SSL session. • SSL Session Cache: Select the Enable check box to configure the device to share the same SSL session for multiple SSL connections. Cache Timeout: Specify how long the SSL sessions can be held in the cache.
PAGE 124
8 SSL profiles 2. Select a profile you want to edit from the list or click New to create a new profile. 3. Provide the following information: • Profile Name: Enter the name of the TCP profile. • Nagle Algorithm: Select the check box to enable Nagle algorithm that is used to address the problem when an application generates several small bytes of data at a time. • Delayed ACK Algorithm: Select the check box to send few acknowledgement (ACKs) per data segment using a TCP delayed ACK mechanism.
PAGE 125
SSL profiles 8 The SSL Profile Bindings page is displayed, as shown in Figure 93. FIGURE 93 Binding the profile 3. Click Bind SSL Profiles at the bottom of SSL Profile Bindings page. The Add Profile Bindings page is displayed, as shown in Figure 94. FIGURE 94 Adding profile bindings 4. Under Bind VIP Port to a Profile, select one of the SSL mode: • If you select Terminate, enter the following information: Server Profile: Select an SSL profile from the list.
PAGE 126
8 SSL profiles Creating certificate revocation list The certificate revocation lists (CRL) contain the list of SSL certificates that have been revoked by a CA. The CA revokes an SSL certificate for many reasons. These lists are typically maintained on the CA web site and can be downloaded using Hypertext Transfer Protocol (HTTP). To configure an SSL CRL, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL CRL.
PAGE 127
Access Control Lists 8 • CRL File Format: Click one of the following options: PEM—To direct the CRL to be downloaded in the PEM format.  DER—To direct the CRL to be downloaded in the Distinguished Encoding Rules (DER) format. By default, PEM is selected. Refresh Interval: Specifies the number of hours to wait before updating the CRL record.  • 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values.
PAGE 128
8 Access Control Lists The ACL IPv4 Standard - new page is displayed, as shown in Figure 98. FIGURE 98 Configuring ACL 4. Provide the following information: • ACL ID / Name: Select one of the following options: ID#: Enter the number to identify a collection of individual ACL entries. By default, ACL ID is enabled.  Name: Enter the name of the ACL. Action: Click one of the following options:  • Permit—Permits the packets that match the ACL policy.
PAGE 129
Access Control Lists 8 3. Click New IPv4 Extended ACL at the bottom of the ACL Summary page. The ACL IPv4 Extended - new page is displayed, as shown in Figure 99. FIGURE 99 Configuring extended ACL 4. Provide the following information: • ACL ID / Name: Select one of the following options: ID#: Enter the number to identify a collection of individual ACL entries. The range is from 100 through 199. By default, ACL ID is enabled.  Name: Enter the name of the ACL.
PAGE 130
8 Access Control Lists • Source Mask: Enter the subnet mask of the source IP address. • Port Match: Click one of the following options to specify a comparison operator for the TCP or UDP port number. This option is enabled only when you specify TCP or UDP as the IP protocol in Protocol Match.       None: The policy does not apply any comparison operator for the TCP or UDP port number. Greater than: The policy applies to TCP or UDP port numbers greater than the port number or name you enter.
PAGE 131
Access Control Lists 8 Click Reset to revert the configuration to the previous configured values. For more information on the extended ACL, refer to the ServerIron ADX Security Guide. Configuring IPv6-based ACL The device supports IPv6-based ACLs. You can configure an IPv6 ACL on a global basis and then apply to the incoming IPv6 packets on specified interface. To configure an ACL for IPv6 on the device, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2.
PAGE 132
8 Access Control Lists NOTE The Source Host field is enabled if you select the Source Host option. • Source Mask: Enter the subnet mask of the source IP address. • Any: Select the check box to enable the ACL policy to match on all source IP addresses. • Port Match: Click one of the following options to specify a comparison operator for the TCP or UDP port number. This option is enabled only when you specify TCP or UDP as the IP protocol in Protocol Match.
PAGE 133
Access Control Lists 8 • Port Match: Click one of the following options to specify a comparison operator for the TCP or UDP port number. This option is enabled only when you specify TCP or UDP as the IP protocol in Protocol Match. None: The policy does not apply any comparison operator for the TCP or UDP port number.  Greater than: The policy applies to TCP or UDP port numbers greater than the port number or name you enter.
PAGE 134
8 122 Access Control Lists ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 135
Section II Monitoring the ADX This section describes the Monitor features, and includes the following chapters: • Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing Network Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing Traffic Statistics . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 136
124 ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 137
Chapter Monitoring Overview 9 In this chapter • Navigating the monitoring tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Navigating the monitoring tab The Monitor tab is the third tab in the ADX web interface. You can use the Monitor tab to monitor the system, network, traffic, or security settings on an ADX device. When you click the Monitor tab, the following menus are displayed in the menu bar.
PAGE 138
9 Navigating the monitoring tab FIGURE 101 IP graphical view There are common icons that are displayed on the top right corner of all the main pages within the Monitor tab. Table 8 describes the icons displayed on the main page. TABLE 8 126 Monitoring icons Icon Description Filter Allows you to filter the data in the Summary page. Click the Filter icon and select the criteria from the Filter Criteria list.
PAGE 139
Chapter Viewing System Information 10 In this chapter • System summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 • System log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 System summary You can monitor the percentage of CPU utilization and memory currently used by the device, and other hardware, software, module-related information in the Summary page.
PAGE 140
10 System summary The Summary page contains four panes. The Overview pane is displayed, as shown in Figure 103. FIGURE 103 Viewing the overview pane Table 9 describes the fields available in the Overview pane. TABLE 9 Overview pane Field Description System Overall Health Displays the overall health of the device calculated based on various factors including temperature, fan status, memory, and CPU utilization on all Barrel Processors (BP) and Management Processor (MP).
PAGE 141
System summary TABLE 9 10 Overview pane (Continued) Field Description Time Clock Displays the current system time. Up Since Displays the time when the system was last booted. HA (Hot Standby) Details HA Status Displays the High Availability status. Peer Status Displays the status of the peer. The Hardware Information pane is displayed, as shown in Figure 104. FIGURE 104 Viewing hardware information Table 10 describes the fields available in the Hardware Information pane.
PAGE 142
10 System summary TABLE 10 Hardware Information pane (Continued) Field Description Status Displays the status of the fan. The fan status can be one of the following: • OK • Stopped • Stopped PWM100 • PWM Outbound • Failed • Bad Power • Not Present • I2C Access Speed RPM Displays the speed of the fan. The fan operate at the following speeds: Low - Indicates the speed is low (50% of the maximum RPM). Medium - Indicates the speed is medium (75% of the maximum RPM).
PAGE 143
System summary TABLE 11 10 Software Information pane (Continued) Field Description Build Type Displays the type of the build loaded in the device. The build type are as follows: Router - Indicates the type of the build is router. Switch - Indicates the type of the build is switch. • • Build Date Displays the date on which the image is built. The Module Information pane is displayed, as shown in Figure 106.
PAGE 144
10 System log entries System log entries The device contains a syslog agent that writes log messages to a local buffer and optionally to a third-party syslog server. The local buffer is cleared during a system reload or reboot. To ensure the messages remain available even after a system reload, configure the device to store the messages in the syslog server. For more information on syslog server, refer to the ServerIron ADX Administration Guide.
PAGE 145
System log entries 10 The logs can be filtered based on severity or message and also the logs can be downloaded in a text file. To save the filtered logs, click Download Logs. Click the Filter icon and select the criteria in the Filter Criteria lis to filter the logs.
PAGE 146
10 134 System log entries ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 147
Chapter 11 Viewing Network Status In this chapter • Interface statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • ARP cache statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • MAC statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 148
11 Interface statistics TABLE 14 Interface fields Field Description Port Displays the name of the port. Status Displays the status of the interface. The interface status can be one of the following: • Up • Down Trunk Displays the trunk group, if the interface is a member of any trunk group. Rx Packets Displays the total number of packets received by the interface. Tx Packets Displays the total number of packets transmitted by the interface.
PAGE 149
Interface statistics 11 A new Interface Details page tab with detailed statistics is displayed, as shown in Figure 109. Alternatively, to view the interface details in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the Interface Details page. FIGURE 109 Displaying the interface details Table 15 describes the fields available in the Interface Details page.
PAGE 150
11 Interface statistics TABLE 15 Interface Details fields (Continued) Field Description Interface Type Displays the type of the selected interface. STP State Displays the Spanning Tree Protocol (STP) state for the selected interface. IPv6 Displays the status of IPv6 for the selected interface. The IPv6 status can be one of the following: • Enabled • Disabled Speed Displays the current speed on the selected interface. Duplex Type Displays the current type of duplex on the selected interface.
PAGE 151
IP statistics TABLE 15 11 Interface Details fields (Continued) Field Description Frame Errors Received Displays the total number of frame errors received on the selected interface. IP Address(es) Displays the IP address of the interface. For more information on interface details, refer to the ServerIron ADX Switch and Router Guide. IP statistics To view the IP statistics, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select IP.
PAGE 152
11 IP statistics TABLE 16 140 IP fields (Continued) Field Description Sent Displays the total number of IP packets originated and sent by the device. Forwarded Displays the total number of IP packets received by the device and forwarded to other devices. Reassembled Displays the total number of fragmented IP packets that the device reassembled. Delivered Displays the total number of IP packets delivered to upper level by the device.
PAGE 153
IP statistics 11 For more information on IP statistics, refer to the ServerIron ADX Switch and Router Guide. ICMP Statistics To view the Internet Control Message Protocol (ICMP) sent and received information, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select IP, and then select ICMP. The ICMP page is displayed, as shown in Figure 111.
PAGE 154
11 IP statistics Table 17 describes the fields available in the ICMP Received/Sent Messages. TABLE 17 ICMP Received/Sent Messages fields Field Description Received/Sent Displays the total number of ICMP messages received/sent by the device. NOTE: The Received field is displayed in the ICMP Received Message tab, while the Sent field is displayed in the ICMP Sent Message tab. 142 Echo Reply Displays the total number of ICMP echo reply messages received/sent by the device.
PAGE 155
IP statistics TABLE 17 11 ICMP Received/Sent Messages fields (Continued) Field Description IGMP Membership Red Displays the total number of IGMP membership red messages received/sent by the device. Packet Too Big Error Displays the total number of ICMPv6 packet too big error messages received/sent by the device. Packet Too Short Error Displays the total number of ICMPv6 packet too short error messages received/sent by the device.
PAGE 156
11 IP statistics TABLE 18 ICMP Sent Error Message fields (Continued) Field Description Address Unreachable Displays the total number of ICMPv6 messages sent by the device with address unreachable. Port Unreachable Displays the total number of ICMPv6 messages sent by the device with port unreachable. Packet Too Big Displays the total number of ICMPv6 packets too big error messages sent by the device.
PAGE 157
IP statistics 11 The TCP page is displayed, as shown in Figure 113. The total and the individual counts of IPv4 and IPv6 packets for the statistic types are displayed. To view the TCP statistics in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the TCP page. FIGURE 113 Displaying the TCP traffic Table 19 describes the fields available in the TCP page.
PAGE 158
11 ARP cache statistics The UDP page is displayed, as shown in Figure 114. The total and the individual counts of IPv4 and IPv6 packets for the statistic types are displayed. To view the UDP statistics in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the UDP page. FIGURE 114 Displaying the UDP traffic Table 20 describes the fields available in the UDP page.
PAGE 159
ARP cache statistics 11 The ARP page is displayed, as shown in Figure 115. FIGURE 115 Displaying the ARP The ARP page displays both the statistics and cache information. The ARP Cache table shows IP to MAC address association. NOTE The ARP page also displays the management port statistics. Table 21 describes the fields available in the ARP page. TABLE 21 ARP fields Field Description Statistics Requests Received Displays the total number of incoming requests.
PAGE 160
11 MAC statistics TABLE 21 ARP fields (Continued) Field Description Type Displays the type of the ARP entry. The type can be one of the following: • Dynamic - Indicates the device is learned from an incoming packet. • Static - Indicates the device loaded the entry from the static ARP table when the device was connected to other device. Age (sec) Displays the number of seconds the entry has remained unused.
PAGE 161
MAC statistics TABLE 22 11 MAC fields Field Description MAC Address Displays the MAC address of the port. Port Displays the port on which the MAC address is learned or created on. Type Displays the property of the MAC address. The MAC address property can be one of the following: • Dynamic • Static • Lock Address • Secure Mac Age (sec) Displays the number of seconds the entry has remained unused. This is valid only for dynamic MAC addresses.
PAGE 162
11 150 MAC statistics ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 163
Chapter 12 Viewing Traffic Statistics In this chapter • Global traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Real servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Content switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 164
12 Global traffic Table 23 describes the fields available in the Global Traffic page. TABLE 23 Global Traffic fields Field Description Session Traffic New Session Syncs Sent Displays the new synchronized packets sent for new sessions. New Session Syncs Received Displays the new synchronized packets received for new sessions. Sessions Removed Displays the number of sessions removed from the delete queue. Sessions in Delete Queue Displays the number of sessions in the delete queue.
PAGE 165
Virtual servers TABLE 23 12 Global Traffic fields (Continued) Field Description Reverse FIN Displays the number of client-to-server FIN packets sent using an improved (faster) method. SLB SYN Displays the number of SLB SYN packets sent using an improved (faster) method. TCP Traffic SYNs Received Displays the number of SYN packets received. SYNs Dropped Displays the number of SYN packets dropped. SYN ACKs Received Displays the number of SYN ACK packets received.
PAGE 166
12 Virtual servers 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Server. The Virtual Servers page is displayed, as shown in Figure 118. FIGURE 118 Displaying the virtual servers Table 24 describes the fields available in the Virtual Servers page. TABLE 24 Virtual Server fields Field Description Name Displays the name of the virtual servers. IP Address Displays the IP address of the virtual servers. Status Displays the runtime health of the virtual servers.
PAGE 167
Virtual servers 12 3. Select a configuration from the Virtual Servers page and click Details to view the detailed statistics of that virtual server. Also, you can double click a configuration for which you want to view the detailed statistics. A new Virtual Server Details page tab is displayed, as shown in Figure 119. To view the interface details in the graphical format, click Graph.
PAGE 168
12 Virtual servers TABLE 25 Virtual Server Details fields (Continued) Field Description Symmetric State Displays the state of the virtual server. The status can be one of the following: • Active - Indicates the virtual server is in active mode. • Standby - Indicates the virtual server is in standby mode. Symmetric Priority Displays the sym-priority that is associated with the virtual server. # of Missed Keepalives Displays the number of missed Layer 4 or MAC PDUs.
PAGE 169
Virtual servers 12 A new All Virtual Server Ports page is displayed, as shown in Figure 120 FIGURE 120 Displaying the virtual server ports Table 26 describes the fields available in the Virtual Server Ports page. TABLE 26 Virtual Server Port fields Field Description Name Displays the name of the virtual server port. Status Displays the health of the virtual server ports. The health status can be one of the following: • Up • Down Admin State Displays the admin state of the virtual server ports.
PAGE 170
12 Virtual servers A new Virtual Server Port Details page tab is displayed, as shown in Figure 119. To view the port details in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the Virtual Server Port Details page. FIGURE 121 Displaying the virtual server port details The Virtual Server Port Details page displays a table that lists the real servers that are bound to the virtual server port.
PAGE 171
Real servers TABLE 27 12 Virtual Server Port Details fields (Continued) Field Description DSR Displays the state of the Direct Server Return (DSR) in the virtual server port. The states can be one of the following: • No • Yes Current Connections Displays the current connections open on the virtual server port. Peak Connections Displays the highest number of connections reached by the port over a period of time. Total Connections Displays the total number of connections on this port.
PAGE 172
12 Real servers The Real Servers page is displayed, as shown in Figure 122. FIGURE 122 Displaying the real server The real server page displays the summary of the statistics for the real server. Table 28 describes the fields available in the Real Servers page. TABLE 28 Real Server fields Field Description Name Displays the name of the real servers. IP Address Displays the IP address of the real servers. Status Displays the runtime health of the real servers, based on the Layer 3 health checks.
PAGE 173
Real servers 12 The Real Server Details page is displayed, as shown in Figure 123. To view the real server details in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the Real Server Details page. FIGURE 123 Displaying the real server details Table 29 describes the fields available in the Real Server Details page.
PAGE 174
12 Real servers Real server ports To view the statistics of all the real server ports configured on the device, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3. Select a configuration from the Virtual Servers page and click Port. 4. Select a port configuration from the All Virtual Servers Ports page and click Details. The All Real Server Ports page is displayed, as shown in Figure 124.
PAGE 175
Real servers TABLE 30 12 Real Server Port fields (Continued) Field Description Received Packets Displays the number of packets received by the real server ports. Transmitted Packets Displays the number of packets transmitted by the real server ports. Real server port details To view the detailed statistics of a real server port configured on the device, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3.
PAGE 176
12 Real servers TABLE 31 Real Server Port Details fields (Continued) Field Description Reassign Count Displays the number of times the device has reassigned the connection to another server in the rotation because the server that is in use has not responded to two contiguous TCP SYNs from the client. Status Displays the runtime health of the virtual server port. The status can be one of the following: • Enabled • Disabled Admin State Displays the admin state of the virtual server port.
PAGE 177
Content switching 12 For more information on real server statistics, refer to the ServerIron ADX Server Load Balancing Guide. Content switching You can view the summary of all the Layer 7 content switching rules and policies configured on the device. Content switching policies To display the statistics of all the content switching policies configured on the device, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching.
PAGE 178
12 Content switching TABLE 32 CSW Policy fields Field Description Name Displays the name of the Layer 7 content switching policy. Type Displays the type of the rule assigned for the Layer 7 content switching policy. The types can be one of the following: • HTTP request - Indicates the content switching policy is of Hypertext Transfer Protocol (HTTP) request type for incoming traffic. • HTTP response - Indicates the content switching policy is of HTTP response type for outgoing traffic.
PAGE 179
Content switching 12 The DNS DPI Policy tab is displayed, as shown in Figure 127. FIGURE 127 DNS DPI Policy fields Table 33 describes the fields available in the DNS DPI policy tab. TABLE 33 DNS DPI Policy fields Field Description Name Displays the name of the DNS policy. Bind Count Displays the number of DNS policies bound to the virtual server port. Rules for Policy Rule Name Displays the rule name associated with the CSW policy.
PAGE 180
12 Content switching The Basic Statistics page is displayed, as shown in Figure 128. FIGURE 128 Displaying the basic statistics Table 34 describes the fields available in the Basic Statistics page. TABLE 34 Basic Statistics fields Field Description Session Statistics Session Timeouts Displays the number of session timeouts. Sessions Deleted Displays the number of sessions freed by proxy. Packets Freed By Timeout Displays the number of stored packets freed due to session timeout.
PAGE 181
Content switching TABLE 34 12 Basic Statistics fields (Continued) Field Description Packets Freed Displays the number of packets stored by proxy. Proxy Cleanup Count Displays the number of proxy cleanup count. Max Concurrent Proxies Displays the maximum number of concurrent proxies. Server Statistics Server RST To TCP SYN Displays the number of times the server sent the RST packets to TCP SYN packets. Sent RST To Client Displays the number of times the device sent RST packets to client.
PAGE 182
12 OpenScript TABLE 35 Rewrite Statistics fields (Continued) Field Description Total Memory Freed Displays the total number of freed times of memory slots used for content rewrites. Memory Allocation Failure Displays the number of failures that occurred while allocating memory for content rewrites. Memory Used Now Displays the number of memory slots that are currently used for content rewrites.
PAGE 183
OpenScript 12 The OpenScript page is displayed, as shown in Figure 130. FIGURE 130 Displaying OpenScript traffic Table 36 describes the fields available in the OpenScript page. TABLE 36 OpenScript fields Field Description Name Displays the name of the script. Virtual Server Displays the name of the virtual server. Port Displays the name of the port to which the script is bound. Script Status Displays the status of the script.
PAGE 184
12 Session Information The Details page is displayed, as shown in Figure 131. FIGURE 131 Displaying OpenScript details Table 37 describes the fields available in the Details page. TABLE 37 OpenScript detail fields Field Description Basic Details Script Bytes Displays the total number of bytes for the script. Last Updated Displays the time at which the last update was performed. Current Connections Displays the current connections open on the server.
PAGE 185
Session Information 12 Session summary To display the session summary on the device, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Sessions. The Sessions page is displayed, as shown in Figure 132. FIGURE 132 Displaying the sessions The Sessions page displays the summary of the server and client connections, session distribution on BP, and real servers session. Table 38 describes the fields available in the Sessions page.
PAGE 186
12 Session Information 1. Click Traffic on the menu bar. 2. From the sidebar, select Sessions, and then select Sessions Lookup. The Sessions Lookup page is displayed, as shown in Figure 133 FIGURE 133 Session Lookup The Session Lookup page displays the search criteria with specific fields. Enter your search criteria based on your requirement and click Search. Table 39 describes the fields available in the Sessions Lookup page.
PAGE 187
Chapter Viewing Security Statistics 13 In this chapter • DoS protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 • SSL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 DoS protection To view the Denial of Service (DoS) attack details, perform the following steps within the Monitor tab. 1. Click Security on the menu bar. 2. From the sidebar, select DoS Protection.
PAGE 188
13 DoS protection The SYN Attacks Details page is displayed, as shown in Figure 135. FIGURE 135 Monitoring the SYN attack details Table 40 describes the fields available in the SYN Attacks Details page. TABLE 40 SYN Attack Details fields Field Description Current Connection Rate (per sec) Displays the rate of all TCP traffic per second, including TCP SYN DoS attacks. Peak Connection Rate (per sec) Displays the peak rate of TCP traffic encountered per second.
PAGE 189
DoS protection TABLE 40 13 SYN Attack Details fields (Continued) Field Description Dynamic SYN Proxy Statistics Status Displays the configuration status of dynamic SYN proxy feature. If the status is enabled the filed will display the current SYN attack rate and the SYN attack threshold. For more information on SYN attack details, refer to the ServerIron ADX Security Guide. Displaying other DoS attack details To view other DoS attack details, perform the following steps within the Monitor tab. 1.
PAGE 190
13 SSL statistics TABLE 41 Other attack details fields (Continued) Field Attack Type Description Displays the type of the attack. The types can be one of the following: XMas Tree SYN Fragments SYN And FIN Set Deny All Fragments FIN With No ACK ICMP Fragments Ping Of Death Large ICMP Land Attack IP Unknown Protocol NO TCP Flags • • • • • • • • • • • Attack Drop Count Displays the total number of attack packets dropped based on each individual attack packet types.
PAGE 191
SSL statistics 13 Table 42 describes the fields available in the SSL page. TABLE 42 SSL fields Field Description Statistics SSL Current Connections Displays the number of SSL connections currently alive. SSL Attempted Renegotiations Displays the number of SSL renegotiations attempted. SSL Handshakes Completed Displays the number of SSL handshakes completed. SSL Handshake Messages Displays the total number of SSL handshake messages in data transfer.
PAGE 192
13 SSL statistics SSL alerts To display the SSL alerts statistics, perform the following steps within the Monitor tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Alerts. The SSL Alerts page is displayed, as shown in Figure 138. FIGURE 138 Displaying the SSL alerts The SSL Alerts page displays the decoded status counter of the fatal and warning alerts received and transmitted by the device in tabular format.
PAGE 193
SSL statistics TABLE 43 13 SSL Alerts fields (Continued) Field Description Decompression Failure Displays the number of alerts received and transmitted by the device for decompression failure. Handshake Failure Displays the number of alerts received and transmitted by the device for handshake failure. Illegal Parameter Displays the number of alerts received and transmitted by the device for illegal parameters.
PAGE 194
13 SSL statistics SSL profiles To display the SSL profile statistics, perform the following steps within the Monitor tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Profiles. The SSL Profiles page is displayed, as shown in Figure 139. FIGURE 139 Displaying the SSL profiles Table 44 describes the fields available in the SSL Profiles page. TABLE 44 SSL profile fields Field Description Profile name Displays the name of the SSL profile.
PAGE 195
SSL statistics 13 The SSL Client Details page is displayed, as shown in Figure 140. FIGURE 140 Displaying the SSL client details Table 45 describes the fields available in the SSL Client Details page. TABLE 45 SSL client detail fields Field Description Connection Statistics SSL Connection Attempts Displays the number of attempts tried for SSL connect. SSL Connections Failed Displays the number of attempts failed during SSL connect.
PAGE 196
13 SSL statistics TABLE 45 SSL client detail fields (Continued) Field Description Certificate Verification Signature Failed Displays the number of times the certificate verification signature failed. Certificates Expired Displays the number of expired certificates. Certificates Revoked Displays the number of revoked certificates. Certificates Not Yet Valid Displays the number of times the certificate was not yet valid.
PAGE 197
Section III Maintenance This section describes the Maintain features, and includes the following chapter: • Maintenance Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Managing Software Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • License Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Restarting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 198
186 ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 199
Chapter Maintenance Overview 14 In this chapter • Navigating the maintenance tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Navigating the maintenance tab The Maintain tab is the fourth tab in the ADX web interface. You can use the menus that are available in the Maintain tab to perform the following actions: • Software Upload—Allows you to upload the software on the device from the Trivial File Transfer Protocol (TFTP) Server and reboot from that image.
PAGE 200
14 188 Navigating the maintenance tab ServerIron ADX Graphical User Interface Guide 53-1002412-01
PAGE 201
Chapter Managing Software Images 15 In this chapter • Uploading the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Uploading the software You can upload a software image on the device from a Trivial File Transfer Protocol (TFTP) server. While uploading the image, make sure that there are no power failures. To upload the software image from the TFTP server, perform the following steps within the Maintain tab. 1. Click Software Upload on the menu bar.
PAGE 202
15 Uploading the software The system continuously polls for the upload complete status. After upload is complete, the page gets auto refreshed to show the latest information. The system polls for 4 minutes maximum to server to respond and in case of no response from the server, the system prompts you to try again. 4. Click Upload and Reboot to reboot the device after uploading the software image to the device. The system follows the standard upload process.
PAGE 203
Chapter Restarting the System 16 In this chapter • System restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 System restart To reboot the device, perform the following steps within the Maintain tab. 1. Click Reboot from the menu bar. The Reboot page is displayed, as shown in Figure 142. FIGURE 142 Rebooting the device 2. Select Primary or Secondary for image flash. By default, the system is configured to boot from the primary memory. 3.
PAGE 204
16 System restart The application checks for the image version. if the version is lower than 12.4, the application displays a warning message that the image does not support current web application and you will lose connectivity to this application after reboot. The application also checks for the build type. If the build type is different from the current image running on the device, the application displays a warning message that you will have to re-login to the application after reboot.
PAGE 205
Chapter License Management 17 In this chapter • License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 License At the time of purchase, an ADX device is configured with a base license pre-installed. You can upgrade the device to increase system capacity by purchasing and applying a new software license.
PAGE 206
17 License TABLE 47 License fields Field Description Package Name Displays the name of the license package. License ID Displays the ID of the License. This number is embedded in the Brocade device. License Type License Period Status Displays the type of the license, which can be one of the following: Normal - Indicates that the license is permanent. Trial – Indicates that the license is temporary.
PAGE 207
Chapter Retrieving System Information for Technical Support 18 In this chapter • Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Technical support The ADX device allows you to view and save the device information that can help the Brocade Technical support team to troubleshoot your system. To view the device information, perform the following steps within the Monitor tab. 1. Click Technical Support on the menu bar.
PAGE 208
18 196 Technical support ServerIron ADX Graphical User Interface Guide 53-1002382-01
PAGE 209
Chapter Accessing the CLI 19 In this chapter • CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 CLI Access The ADX web interface enables you to run CLI commands to configure the features that are not supported in the web interface. You can use the CLI access feature available in web interface to run the CLI commands in a batch to request and change the configuration information on ADX device.
PAGE 210
19 CLI Access • Click Send to run the commands on the ADX device and view the response from the ADX device under Results. • Click Clear to clear the command entries. NOTE The CLI commands will be validated only on the ADX device and not on the client. NOTE You can run show, configuration, and copy or paste commands from the web interface. However, you cannot run the boot and reset commands.
PAGE 211
Appendix A Appendix A Troubleshooting You can troubleshoot the problems that occur in ADX device web interface. Unable to open web interface Problem The ADX device web interface does not open. Solution Verify the following items to resolve this problem: • Make sure that the following services are enabled on the device: - Hypertext Transfer Protocol (HTTP) - Simple Object Access Protocol (SOAP) - Secure HTTP (HTTPS) The HTTP and SOAP services are enabled by default.
PAGE 212
A Troubleshooting Web interface does not reflect changes based on the latest image Problem The ADX web interface does not reflect the changes after upgrading a new image. Solution Clear the cache on the web browser and try again. The procedure to clear the browser cache vary based on Web browsers. Therefore, refer to the respective help documentation to clear the cache.