Extreme Defender Application User Guide Version 3.
Copyright © 2020 Extreme Networks, Inc. All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made. The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.
Table of Contents Preface...................................................................................................................................5 Text Conventions.......................................................................................................................................................... 5 Documentation and Training.................................................................................................................................. 7 Providing Feedback....
Table of Contents Modify Policy Generator Roles................................................................................................................... 35 Alarms................................................................................................................................. 39 Active Alarms.............................................................................................................................................................. 39 Alarm Log.....................
Preface This section describes the text conventions used in this document, where you can find additional information, and how you can provide feedback to us. Text Conventions Unless otherwise noted, information in this document applies to all supported environments for the products in question. Exceptions, like command keywords associated with a specific software version, are identified in the text. When a feature, function, or operation pertains to a specific hardware product, the product name is used.
Text Conventions Preface Table 1: Notes and warnings (continued) Icon Notice type Alerts you to... Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury. Table 2: Text Convention Description screen displays This typeface indicates command syntax, or represents information as it appears on the screen. The words enter and type When you see the word enter in this guide, you must type something, and then press the Return or Enter key.
Documentation and Training Preface Documentation and Training Find Extreme Networks product information at the following locations: Current Product Documentation Release Notes Hardware/software compatibility matrices for Campus and Edge products Supported transceivers and cables for Data Center products Other resources, like white papers, data sheets, and case studies Extreme Networks offers product training courses, both online and in person, as well as specialized certifications. For details, visit www.
Subscribe to Service Notifications Preface Before contacting Extreme Networks for technical support, have the following information ready: • Your Extreme Networks service contract number, or serial numbers for all involved Extreme Networks products • • • A description of the failure • • • A description of any actions already taken to resolve the problem A description of your network environment (such as layout, cable type, other relevant environmental information) Network load at the time of trouble
Welcome to Extreme Defender Application Get Started with Extreme Defender Application on page 10 Install Extreme Defender Application on page 11 Generate API Key on page 13 Upload the API Key File on page 14 Run Defender Application on page 15 Configuration Wizard on page 15 Navigate the User Interface on page 17 Extreme Defender Application provides security management plus traffic and application visibility of connected end devices.
Welcome to Extreme Defender Application Get Started with Extreme Defender Application Configuration Wizard on page 15 Navigate the User Interface on page 17 Sites in Extreme Defender Application on page 53 Activation on page 52 Alarms on page 39 Logs on page 43 Policy Generator on page 32 Administration on page 48 Get Started with Extreme Defender Application Extreme Defender Application is installed as a container application on ExtremeCloud Appliance.
Welcome to Extreme Defender Application Install Extreme Defender Application Configuration Wizard on page 15 Sites in Extreme Defender Application on page 53 Activation on page 52 Policy Generator on page 32 Install Extreme Defender Application Note Before you can access Extreme Defender Application you must install ExtremeCloud Appliance and generate an API key for access to Defender. For more information, refer to https://extremenetworks.com/documentation/extremecloud-appliance.
Welcome to Extreme Defender Application Uninstall an Application To upgrade an application: 1. Go to Administration > Applications. 2. To stop the application, select then select OK. 3. To begin the application upgrade, select . 4. Upgrade from a local File or Docker hub Registry. 5. Select Upload and select the Docker file. 6. Select Open and select OK. 7. Select to start the application.
Generate API Key Welcome to Extreme Defender Application For more information about Availability Pair for ExtremeCloud Appliance, refer to ExtremeCloud Appliance User Guide located in the documentation portal: https://extremenetworks.com/ documentation/extremecloud-appliance.
Welcome to Extreme Defender Application Upload the API Key File 4. From the API Keys field, select Generate New API Key. The key is generated. The API Key dialog displays. Figure 2: API Key dialog 5. To download the API key as a .json file, select Download. Download the key immediately. If you select Close, you will not be able to access the key. You can generate additional keys at any time. 6. After you download the key, select Close.
Run Defender Application Welcome to Extreme Defender Application 5. Upload the API key file one of the following ways: • • Click the Choose File box and navigate to the downloaded API key file. Drag and drop the downloaded API key file onto the Choose File box. The API key file displays in the Configuration Files list. You are now ready to access Extreme Defender Application.
Configuration Wizard Welcome to Extreme Defender Application Figure 3: Defender Initial Configuration Take the following steps: 1. Select a Country and Time Zone value from the drop-down lists. Specify the values that correspond to your AP licensing domain. 2. (Optional) You can rename the default Defender site. 3. Check Create auto-provisioning rules for new access points. This option creates adoption rules for your access points so that your access points are automatically discovered by the appliance.
Navigate the User Interface Welcome to Extreme Defender Application 2 device groups • • DFNDR_Devices for AP3912i access points. DFNDR_SA201_Devices for SA201 adapters. 1 network service DFNDR_Service 2 adoption rules One rule for each device group. 2 device group configuration Profiles • • DFNDR_SA201 for wired SA201 adapters DFNDR for wireless AP3912i access points. 1 RF Profile DFNDR_ACS 2 policy roles • • DFNDR_DenyAll denies all traffic by default action.
Welcome to Extreme Defender Application Search Facility Defender offers a context-sensitive Online Help system. Select the drop-down admin menu on any page to access the topic-based Help System. Figure 4: Defender Admin Menu Additionally, select on each dialog to display Help content for that dialog. The Online Help file organization corresponds to the workbench structure of Extreme Defender Application.
Overview Add a New Dashboard on page 19 Modify a Dashboard on page 20 Widgets on page 20 Monitor your network activity and performance on the Overview dashboard. The Overview dashboard displays widgets that can help you proactively monitor and troubleshoot your network. The dashboard provides a graphical representation of information related to devices, protected devices, and network traffic.
Overview Modify a Dashboard 6. Select to save the dashboard. Related Topics Modify a Dashboard on page 20 Widgets on page 20 Modify a Dashboard You can customize the default dashboard views to fit your network's analytic requirements. To modify a dashboard: 1. Go to Overview. The Default dashboard is displayed. 2. Select the Widgets tab to view the list of available widgets. 3. Drag and drop a widget on to the dashboard. 4. To delete a widget report, select .
Overview Widgets Related Topics Add a New Dashboard on page 19 Modify a Dashboard on page 20 Extreme Defender Application User Guide for version 3.
Inventory Inventory Device Status on page 23 View Inventory Details on page 23 Group Protected Devices from the Inventory List on page 24 Throughput Tab on page 24 Usage Tab on page 25 The Inventory list allows you to view the inventory of mobile network devices, such as access points and Extreme Defender Adapter hardware (SA201). The Inventory list provides information on the status and the location of the devices.
Inventory Device Status Inventory Inventory Device Status The following describes each device status on the Inventory List. Table 5: Device Status from the Inventory List Status Description In-Service. Device has discovered ExtremeCloud Appliance and is providing service. In-Service Trouble. Device has discovered ExtremeCloud Appliance but it is not a member of a device group. Unknown. Device is added to ExtremeCloud Appliance but the device has never discovered ExtremeCloud Appliance . Critical.
Inventory Available Tabs • Number of Protected Devices associated with the selected device. (Available for the AP3912i only): ◦ Number of Wired Devices ◦ Number of Wireless Devices • Assigned group for the protected device. Available Tabs The following tabs provide additional information: Throughput Select the Throughput tab to display network throughput for the last 3 hours. Usage Select the Usage tab to display the Rx and Tx Bytes transmitted in the last 3 hours. Select to refresh the chart data.
Usage Tab Inventory Network Throughput indicates the amount of data in Kilobits per second or Megabits per second that travels through the communication channel at a given time. This is one indication of network speed. The Throughput chart displays data for the last 3 hours. Select Select to refresh the chart on demand. to download the chart in .png format. Figure 5: AP Inventory Device Throughput (Mbps) Usage Tab Select the Usage tab to display the Rx and Tx Bytes transmitted in the last 3 hours.
Inventory Usage Tab Figure 6: Protected Device Usage 26 Extreme Defender Application User Guide for version 3.
Protected Devices Protected Device Status on page 28 View Protected Device Details on page 29 Group Devices from the Protected Devices List on page 30 Movements Tab on page 31 Policy Generator on page 32 The Protected Devices list allows you to manage attached devices that are protected by the Extreme Defender Application access points and adapter hardware (SA201) . The Protected Devices list provides information on the status and the location of the attached devices.
Protected Device Status Protected Devices To customize the number of records displayed per page, select Items Per Page. Valid values are: • • • • • 5 10 25 100 500 Related Topics Search Facility on page 18 View Protected Device Details on page 29 Group Devices from the Protected Devices List on page 30 Protected Device Status The following describes each device status on the Protected Devices List. Table 6: Protected Device Status Status Description Active.
View Protected Device Details Protected Devices Related Topics Group Devices from the Protected Devices List on page 30 View Protected Device Details Specific details about each protected device are available from the Protected Device Details page. To access the details for each protected device: 1. Go to Protected Devices and select a device from the list. 2. You have the option to provide the following information: Name Provide a name for a protected device.
Group Devices from the Protected Devices List Protected Devices Tracks the movement of protected devices, registering the following information: • • • • • • Time of movement Event description Name of source AP Name of destination AP Additional details Network SSID Policy Generator The policy generator captures and analyzes client traffic, building an Allow policy role that correlates with the traffic pattern of the protected device.
Movements Tab Protected Devices 4. From the Select a Group drop-down, select the group name to which the devices will be added. Figure 8: Selecting a Group To remove a device from a group, select None. 5. Select OK. Note To create a new policy group, go to Policy > Groups > Add.
Protected Devices Policy Generator • • Additional details Network SSID To customize the number of records displayed per page, select Items Per Page. Valid values are: • • • • • 5 10 25 100 500 Related Topics Search Facility on page 18 Policy Generator on page 32 Policy Generator Policy Generator captures and analyzes client traffic, creating a "Deny" policy role as the default action. (The Defender IoT solution is based on whitelist filter rules.
Run Policy Generator Protected Devices SA201 adapter or AP3912i for B@AP and Fabric Attach topologies. They are enforced on ExtremeCloud Appliance for B@AC topologies. Note Each protected device type must be associated with a different policy role. However, multiple devices of the same type can share a single policy role.
Protected Devices Run Policy Generator 3. From the Start for this Device field, specify a capture window in Days, Hours, or Minutes. • • • Days. Valid values are 0-14 Hours. Valid values are 0-23 Minutes. Valid values are 0-59 4. Select Next. 5. Select a VLAN ID for the VLAN that the protected device belongs to, and select Start. Figure 10 is an example of a protected device in the device list that is in capture mode for policy generation: Figure 10: Protected Device in Capture Mode 6.
Modify Policy Generator Roles Protected Devices Modify Policy Generator Roles Policy Generator captures and analyzes client traffic, creating a "Deny" policy role as the default action. (The Defender IoT solution is based on whitelist filter rules.) An auto-generated role can be modified by the Administrator and made available to the ExtremeCloud Appliance Rules Engine. Note New rules can be created for auto-generated roles in Extreme Defender Applicationbefore you save the generated role.
Modify Policy Generator Roles Protected Devices L2 Rules Once auto generation completes, you open the generated role for editing. At this point, you can create Layer 2 rules (before you save the generated role). Note Once you have saved the generated role, you cannot modify or create new rules. To configure an OSI Layer 2 rule, which filters on MAC Address: 1. Go to Policy > Roles and select a role. 2. Select the drop-down arrow next to the L2 Rules pane and select New. 3.
Protected Devices Modify Policy Generator Roles Action Determines access control action for the rule. Valid values are: • • • Allow - Packets contained to role's default action's VLAN/topology Deny - Any packet not matching a rule in the policy is dropped. Containment VLAN - A topology to use when a network is created using a role that does not specify a topology. Protocol The user defined protocol or protocol type associated with the defined rule.
Modify Policy Generator Roles Protected Devices To configure an OSI Layer 7 rule that restricts or limits network traffic: 1. Go to Policy > Roles and select a role. 2. Select the drop-down arrow next to the L7 Rules pane and select New. 3. The following rule parameters display: Name Rule name. Action Determines access control action for the rule. Valid values are: • • Allow Deny Application Group Internet applications are organized in groups based on the type or purpose of the application.
NEW! Alarms Active Alarms on page 39 Alarm Log on page 40 Configure Alarm Settings on page 41 Configure alarms for Protected Devices and for access points and SA201 adapters from Extreme Defender Application. Alarms indicate the device status: • • Active Alarm indicates that a device is not operating. Ready Alarm indicates that a device is operating. You can configure the level of severity for each alarm and set up email notification.
Alarms Alarm Log Severity Severity of the configured alarm. Specify this value when configuring the alarm. The severity setting is determined by how important the alert is to you. The severity level is displayed in the Active Alarms, Alarm Logs, and in the email notification. Valid values are: • • • High Medium Low Description • • • Type of device: Protected Device, AP, or adapter Device Name Status of the device Time Date and Time of the event.
Configure Alarm Settings Alarms • Low Description • • • Type of device: Protected Device, AP, or adapter Device Name Status of the device Time Date and Time of the event. To find a specific alarm instance, use the Search field. To manually refresh the page, select . To customize the number of records displayed per page, select Items Per Page.
Configure Alarm Settings Alarms Select Email to receive email notification about the alarm for APs and adapters, and the alarm for Protected Devices. Note Before you can receive email notification, you must configure an Email Notification Server. • • For email notification that a device is not operating, select Email next to Active. For email notification that a device is operating, select Email next to Ready.
NEW! Logs The Logs page provides an audit history of system events for Extreme Defender Application. To view the audit log, go to Logs. To configure the beginning and ending dates for the audit log, select the From and To fields. Selecting From and To displays a calendar, from where you can select the beginning and ending dates for the audit log.
Logs To customize the number of records displayed per page, select Items Per Page. Valid values are: • • • • • 5 10 25 100 500 The Log maintains a maximum of 1000 records. After the maximum number of records is reached, the oldest records are dropped to maintain the 1000 record capacity. 44 Extreme Defender Application User Guide for version 3.
Policy Roles on page 45 Groups on page 46 Extreme Defender Application policy definition consists of roles, rules, and group management. You can use default roles and groups or create new ones. Related Topics Roles on page 45 Groups on page 46 Roles The Policy Roles list displays all roles available in your Extreme Defender Application network. Network policies are a set of rules, defined in a specific order, that determine how connections are authorized or denied.
Groups Policy Groups An access control group is used to organize protected devices by MAC Address. Configure groups to be used with Access Control Rules. Defender provides the default system group PolicyGeneration with your installation to simplify the group set up process. Related Topics Manage Groups on page 46 Policy Group Settings on page 46 Manage Groups From the Policy Groups page you can create a new group and search for an existing group.
Policy Policy Group Settings Related Topics Groups on page 46 Manage Groups on page 46 Roles on page 45 Extreme Defender Application User Guide for version 3.
Administration System on page 48 Activation on page 52 Accounts on page 55 Licensing on page 58 Perform system administration including managing accounts, configuring tagging, activating devices, licensing, and configuring email notification and system preferences. Related Topics System on page 48 Activation on page 52 Manage Tags on page 57 Accounts on page 55 Licensing on page 58 System Perform Extreme Defender Application system configuration from the Administration workbench.
UI Settings Administration Email address that will accept alarm notifications. SMTP Server Address of the SMTP Server that has the email account specified in Delivery Address. Port The Port numbers associated with your service provider for the specified protocol. Example port numbers for a mail submission agent are: • • 465 (for protocol Secure Sockets Layer (SSL)) 587 (for protocol Transport Layer Security (TLS)) User Name User Name for the specified SMTP Server, indicated above.
Setup Wizard for Configuration Reset Administration NEW! Defender Configuration Back Up and Restore To back up the Extreme Defender Application, take the following steps: 1. Go to Administration > System > Back Up/Restore. 2. To download a Defender configuration backup file, select Back Up to Local. The Defender configuration file is downloaded to your local Downloads folder. File name format: defender_appliance_ip_address or host name_date_build_number. 3.
Setup Wizard for Configuration Reset Administration Figure 12: Defender Configuration Wizard 3. Specify the configuration parameters and select Run Setup. The ExtremeCloud Appliance configuration is updated to re-create the set of default configuration elements related to the Defender (DFNDR) operation. The Configuration Wizard automatically creates default configurations on ExtremeCloud Appliance, specifically for managing SA201 adapter or AP3912i.
Administration Activation 2 device group configuration Profiles • • DFNDR_SA201 for wired SA201 adapters DFNDR for wireless AP3912i access points. 1 RF Profile DFNDR_ACS 2 policy roles • • DFNDR_DenyAll denies all traffic by default action. DFNDR_PolicyGeneration — Has a contain to VLAN default action and is associated with a Bridged at AP untagged topology. Each of these components is labeled with the “DFNDR_” prefix, indicating that they are configured for the Extreme Defender Application.
Administration Sites in Extreme Defender Application Sites in Extreme Defender Application The option to create auto-provisioning rules for new access points in the Initial Configuration Wizard automates the process of adding the SA201 adapter or AP3912i to Extreme Defender Application. Upon connecting an SA201 adapter or AP3912i device to the network, the device discovers ExtremeCloud Appliance, and is automatically assigned to its associated device group under the default site name “DFNDR_SITE”.
Administration Manual Onboarding The information provided from the QR Code populates Defender and provisions the APs and adapters. Related Topics Activation on page 52 Manual Onboarding To manually provision an access point or adapter: 1. Go to Administration > Activation and select Manual Onboarding. 2. Configure the following parameters: Serial Number The serial number of the AP or adapter. Model Select from the list of supported device models.
Accounts Administration .csv file format Provide the .csv file in the following format. When using a spreadsheet, the following are the column headings of the spreadsheet. serialNumber,hardwaretype,apName,description,site 1701Y-1248300023,AP3912i-FCC,TestAp,"description1",DFNDR_Area51 1701Y-1248300024,AP3912i-FCC,TestAp1,"description2",DFNDR_Area61 Note Column values are separated by commas. To use commas within the description, use quotes around the full description.
Administration Manage Accounts Read-only access to the Extreme Defender Application. It is possible to restrict read-only access to devices that are assigned to a user category. ExtremeCloud Appliance users have access to Extreme Defender Application. Related Topics Manage Accounts on page 56 Manage Accounts A user with Full access to Extreme Defender Application can create, modify, and delete user accounts. Create a User Account 1. Go to Administration > Accounts > Add. 2.
Manage Tags Administration Delete a User Account 1. Go to Administration > Accounts and select a user account from the list. 2. Select Delete. Related Topics Accounts on page 55 Account Tagging on page 57 Manage Tags Use tags to control which devices a user can manage in Extreme Defender Application. Administrators define a list of tags on the Administration workbench, then use those tags when creating user accounts and configuring devices on the Inventory list.
Administration Licensing ◦ 3912 Status ◦ SA201 Status You can assign up to three tags per user account. Extreme Defender Application supports no more than 200 tags per application instance. The following rules apply to user account tagging and user access: • When a user account is tagged, the user can manage APs and adapters with no tags, or manage devices with the same tags that are specified on the user account. • • • Users with no assigned tags can manage all APs and adapters.
Administration Licensing Figure 13: Defender Application Licensing Page Figure 13 shows that the maximum number of devices this Extreme Defender Application can protect is 1000. This instance has a total of 10 licenses. Devices can be MRI / CT scanner, Infusion pumps, HVAC, printer or any other IoT device. Note ExtremeCloud Appliance governs the total number of managed devices and the capacity of managed devices. Log into ExtremeCloud Appliance, then go to Administration > License.
Glossary Chalet Chalet is a web-based user interface for setting up and viewing information about a switch, removing the need to enter common commands individually in the CLI. CLI Command Line Interface. The CLI provides an environment to issue commands to monitor and manage switches and wireless appliances.
Glossary ExtremeAnalytics™, formerly Purview™, is a network powered application analytics and optimization solution that captures and analyzes context-based application traffic to deliver meaningful intelligence about applications, users, locations, and devices. ExtremeAnalytics provides data to show how applications are being used.
Glossary network. Learn more about ExtremeControl at https://www.extremenetworks.com/product/ extremecontrol/. ExtremeSwitching ExtremeSwitching is the family of products comprising different switch types: Modular (X8 and 8000 series [formerly BlackDiamond] and S and K series switches); Stackable (X-series and A, B, C, and 7100 series switches); Standalone (SSA, X430, and D, 200, 800, and ISW series); and Mobile Backhaul (E4G). Learn more about ExtremeSwitching at http://www.extremenetworks.
Index A E accounts create 56 edit 56 activation for devices 52 active alarms 39 adapter provisioning 52 administration 48 alarm log 40 alarm settings 41 alarms active alarms 39 alarm log 40 configure alarms 41 AP provisioning 52 API key generating 13 using with Defender 14 applications uninstalling 12 upgrading 11 Availability Pair 12 email notification 48 F feedback 7 filter user content 57 G getting started 10 grouping devices 24, 30 groups 46 I installing Defender 11 Inventory throughput 24 usage 2
Index P policy definition 45 policy generator modifying roles 35 running 33 policy group settings 46 policy groups 46 Protected Device details 29 throughput 24 usage 25 protected devices 27 Protected Devices, status 28 provisioning APs and adapters 52 Q QR code scanning 53 R restore configuration 49, 50 roles policy generator 32, 33 rules, allowing DNS, DHCP, and well-known port traffic 38 rules, configuring OSI Layer 3 and 4 rules 36 rules, OSI Layer 2 rules 36 rules, OSI Layer 7 rules 37 S Setup Wizar
