H3c-technologies H3C SecCenter Firewall Manager Manual de usuario

H3C SecCenter Firewall ManagerConfiguration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 6PW

4 Figure 4 Uninstall the Firewall Manager 3. Restart the operating system. 4. Remove all files and subdirectories under the SecCenter installatio

94 Table 94 Fields of the policy’s rule list Filed Description ID ID of the interzone rule. When you create an interzone rule, the system automatical

95 Figure 94 Add interzone rules to the policy Return to Interzone policy management functions. Sorting interzone rules On an interzone policy’s ru

96 Return to Fields of the policy’s rule list. Clearing interzone rules 1. From the navigation tree of the firewall management component, select App

97 Figure 98 Apply an interzone policy to devices Intrusion detection The intrusion detection module provides configuration of blacklist entries an

98 Figure 99 Blacklist Table 95 Blacklist management functions Function Description Blacklist Allows you to view blacklist configuration of the vir

99 Field Description Hold Time Lifetime in minutes of the blacklist entry. Deployment Result Result of the deployment operation. Operation • Click

100 Item Description Virtual Device Group Required Select a virtual device group. A blacklist entry belongs to only one virtual device group. Return

101 The deployment result is shown on the blacklist as shown in Figure 99. To redeploy a blacklist entry that fails the deployment, select the entry,

102 Figure 103 Modify a blacklist entry Return to Blacklist management functions. Packet inspection The packet inspection function enables firewall

103 Function Description Copying a packet inspection profile Allows you to copy a packet inspection profile to generate a new one. Follow these step

5 System management The system management component of the Firewall Manager is mainly used to configure the firewall devices, the software, and the c

104 2. Click Add to enter the page for adding a packet inspection profile, as shown in Figure 105. 3. Configure the settings. 4. Click OK. Figure

105 Figure 106 Deploy a packet inspection profile Return to Packet inspection management functions. CAUTION: You can deploy only one packet inspe

106 Table 100 Firewall management functions Function Description Firewall device list Allows you to view information about the current firewall devi

107 4. Select the check boxes before the devices that you want to add to the firewall management component, and click Add. The firewall device mana

108 pre-defined segments, and modify, copy, delete, export, or deploy the custom configuration segments. You can also import configuration files from

109 Configuration segment list The configuration segment list is on the configuration segment management page, as shown in Figure 110. Table 105 Fie

110 Figure 111 Add a configuration segment Table 106 Configuration items Item Description File Type Required Select the configuration segment type,

111 After the import operation completes successfully, a configuration segment by the name you specified will appear in the configuration segments li

112 Figure 113 Select the devices you want to deploy the configuration segment to 2. Configure parameters—Type the SNMP version and community stri

113 Figure 115 Configure deployment task attributes 4. Confirm your configuration. You can click the icon on the device list to view the config

6 Table 1 Device management functions Function Description Device list Allows you to view details about devices, export configurations, and connect t

114 Managing deployment tasks Configuration guide From the navigation tree of the firewall management component, select Deployment Tasks under Policy

115 Table 108 Fields of the deployment task list Field Description Execution Status Execution status of the task. Task Name Name of the task. Task

116 SSL VPN auditing As Virtual Private Network (VPN) is much cheaper and more flexible to use than leased lines, more and more companies are establi

117 Online users trends The online user trend graph displays the number of online SSL VPN users during a day, week, month, or a customized period of

118 Figure 120 Daily user statistics NOTE: The User Count field shows the count of login times on that day. Device monitoring In addition to the

119 SSL VPN log auditing The SSL VPN log auditing function allows you to audit user access records, operation logs, resource accesses, and authentica

120 Figure 123 Operation log auditing Resource access auditing The resource access auditing allows you to audit operations of SSL VPN users based o

121 Figure 125 Authentication failure auditing

122 Configuration example 1 Network requirements The H3C SecCenter Firewall Manager works with H3C firewall devices. The Firewall Manager collects at

123 Figure 126 Add a device to the system management component 3. Select the Firewall Management component, and then select Device Management unde

7 Figure 6 Add a device Table 4 Configuration items Item Description Host Name/IP Required Type the name or IP address of the device to uniquely i

124 Index A B C D E I M N O P R S T U V A Abnormal traffic log auditing,56 Adding devices to the firewall manager,122 Authentication failure auditi

125 V Viewing device statistics,107 Virtual device group,60

8 Item Description Web Username Required Specify the username for managing the device through web. The username can comprise up to 20 characters. We

9 Item Description Encryption Protocol Optional when you select the authentication protocol HMAC-MD5 or SMAC-SHA. Specify the encryption protocol to

10 Device software management Device software refers to the software that a firewall device runs to provide services. It can be regarded as the opera

11 To deploy main boot file to devices: a. On the device software management page, click Deploy Device Software to enter the software deployment pa

12 Item Description Add Device Click this button to add a device to which you want to deploy a software version. You can add multiple devices. You c

13 Figure 10 Software backup result If the backup operation fails, the system shows the reasons. The software backup files are stored in the softwa

Copyright © 2009-2012, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmi

14 Figure 11 Device configuration management page Table 9 Device configuration management functions Function Description Backing up configuration f

15 Figure 12 Backup configuration files Return to Device configuration management functions. 3. Restoring a configuration file a. From the naviga

16 Figure 13 Restore configuration files Return to Device configuration management functions. 4. Device configuration information management On th

17 Tab Description Draft Allows you to manage drafts for a device. 5. Label A label is used to indicate the backup running and/or startup configu

18 Figure 15 Compare two configuration files CAUTION: The label Currently indicates the configuration file is currently used by the device and the

19 Table 13 Fields of the running configuration list Field Description Version Uniquely identifies the running configuration file. The version number

20 Table 14 Fields of the draft list Field Description Name Name of the draft. Description Remarks on the draft. Creation Time Time when the draft

21 Figure 19 Device group management page Table 15 Device group management functions Function Description Device group list Allows you to view deta

22 Figure 20 Add a device group Table 17 Configuration items Item Description Device Group Name Required Type a name for the device group. The devi

23 Table 18 Event management functions Function Description Device event list Allows you to view details about device events. Device interface eve

Preface The H3C SecCenter Firewall Manager Configuration Guide describes the functions and configurations for the Firewall Manager system, including t

24 Figure 22 Device interface event list Table 21 describes the event query options. You can use any combination of the options to query for the ev

25 Figure 23 Access template management page Table 23 Template management functions Function Description Template list Allows you to view details a

26 Figure 24 Add a template Table 25 Configuration items Item Description Template Name Required Type a name for the template, a string of 1 to 20

27 Item Description SNMP Version Required Select an SNMP version, which can be SNMPv1, SNMPv2, or SNMPv3. Authentication Username Required for SNMPv

28 Figure 25 Device software database page Table 26 Device software database functions Function Description Importing device software Allows you t

29 4. Click Apply. Figure 26 Device software import page Managing deployment tasks This function allows you to view all deployment task informatio

30 Field Description Task Type Type of the deployment task Creation Time Time when the deployment task is created Creator Creator of the deploymen

31 Figure 28 Operator management page Table 32 Operator management functions Function Description Operator list Allows you to view details about o

32 Figure 29 Add an operator Table 34 Configuration items Item Description Login Name Type a name for the operator, a string of up to 40 character

33 Figure 30 Operation log management page Table 35 Operation log query options Option Description Operator Specify the operator whose logs you ar

Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Obtaining documentatio

34 Figure 31 Change your login password Table 37 Configuration items Item Description Old Password Required Type the current password. The passwor

35 Figure 32 System parameter setting Configuring management ports This module allows you to specify the SecCenter background ports for receiving v

36 Item Description NetStream V9 Logs Port Required Type the port for receiving NetStream V9 logs. The port number must be in the range from 1 to 65

37 Item Description Password Optional Type the password for identity authentication on the mail server. Sender’s Mail Address Required Type the mail

38 Field Description Operation Click the icon of a filter to modify the settings of the filter. Return to Filter management functions. Adding a f

39 Item Description Destination IP Optional Specify the destination IP addresses that you want the system to collect statistics on.Source Port Optio

40 Table 44 Fields of the LDAP server list Field Description Server Name Name of the LDAP server. Server IP Address IP address of the LDAP server.

41 Item Description Admin DN Required Type the administrator DN for the LDAP server. Admin Password Required Type the administrator password for the

42 2. Set the disk space alarm threshold so that the system issues an alarm whenever the free disk space is less than the threshold. Table 46 descri

43 Figure 41 Free disk space monitoring page Managing subsystems The subsystem management allows you to manage and monitor multiple Firewall Manage

i Contents Overview ··································································································································

44 Figure 42 Subsystem information Table 47 Fields of the subsystem list Field Description Server IP IP address of the server for the subsystem. P

45 Item Description User Name Required Type the username for logging in to the subsystem. The username can comprise up to 40 characters. Password Req

46 Firewall management The Firewall Manager enables centralized management of firewall devices in the network, centralized event collection and analy

47 Figure 44 Snapshot of events Table 49 Event snapshot query options Option Description Device Select a device, a device group, or All devices fro

48 Recent events list The firewall management component presents firewall attack events not only through graphs but also on a table list. The recent

49 Device monitoring In addition to the attack event information of the entire network, the firewall management component also allows you to view the

50 Figure 47 Attack event overview Table 53 Query options on the attack event overview page Option Description Device Select a device, a device gro

51 Figure 48 Top 10 attack events contrast graph You can click the link to export all the analysis reports that the event overview function provi

52 Figure 49 Attack event details Table 54 Event details query options Option Description Device Select a device, a device group, or All devices fr

53 Table 55 Fields of the attack event details list Field Description Time Time when the attack event occurred Src IP Attack source IP address Dest

ii Virtual device group ······························································································································

54 Table 57 Fields of the report export task list Field Description Report Task Name of the report export task. Creation Time Time when the task wa

55 Field Description Creation Time Time when the report export file was created Return to Report export task management functions. Adding a report

56 Return to Report export task management functions. Event auditing The event auditing function allows you to audit abnormal traffic logs, blacklist

57 Figure 54 Abnormal traffic log auditing Blacklist log auditing Configuration guide From the navigation tree of the firewall management component

58 Figure 56 Operation log auditing Other log auditing Configuration guide From the navigation tree of the firewall management component, select Ot

59 Figure 58 NAT log auditing MPLS log auditing Configuration guide From the navigation tree of the firewall management component, select MPLS Logs

60 you to assign devices and virtual devices to different management roles for flexibility. The firewall devices then automatically identify and filt

61 Table 62 Fields of the virtual device group list Field Description Name Name of the virtual device group. Description Description of the virtual

62 Figure 62 Authorize system administrators Return to Virtual device group management functions. Assigning virtual devices to a group 1. From the

63 Managing virtual devices Configuration guide From the navigation tree of the firewall management component, select Virtual Devices under Security

1 Overview Introduction to H3C SecCenter Firewall Manager H3C SecCenter Firewall Manager is a powerful system for comprehensive analysis and centrali

64 Field Description User Name Username used to log in to the virtual device. User Password Password used to log in to the virtual device. Deployme

65 Item Description Deploy to devices immediately Optional Select the check box and select the devices to deploy the virtual device to the selected d

66 Figure 67 Modify web management user name and password Return to Virtual device management functions. Deploying a virtual device 1. From the na

67 Figure 68 Deploy a virtual device Return to Virtual device management functions. Security zones Configuration guide From the navigation tree of

68 Function Description Adding a security zone Allows you to add a security zone. Clearing security zones Allows you to clear manageable security z

69 Figure 70 Add a security zone Table 68 Configuration items Item Description Security Zone ID Required Type an ID for the virtual device. The ID

70 Figure 71 Clear security zones Return to Security zone management functions. Modifying a security zone 1. From the navigation tree of the firew

71 The deployment result is shown on the security zone list as shown in Figure 69. To redeploy a security zone that fails the deployment, click the

72 Table 69 Time range management functions Function Description Time range list Allows you to view the detailed information of all time ranges. Add

73 Table 71 Configuration items Item Description Name Required Type a name for the time range. The name can't be null and can't contain any

2 Installation and uninstallation Installing the firewall manager The software and hardware requirements of the Firewall Manager are as follows: • H

74 Table 72 Service management functions Function Description Predefined services Allows you to view the detailed information of all predefined serv

75 Field Description Operation Click the icon to modify the service. To add a user-define service: 1. Click Add on the user-defined service manage

76 Item Description Protocol Required Configure the protocol information for the user-define service. Select TCP, UDP, ICMP or Others. • If you selec

77 Figure 80 Add a service group Table 77 Configuration items Item Description Name Required Type a name for the service group. Valid characters fo

78 IP addresses Configuration guide From the navigation tree of the firewall management component, select IP Addresses under Security Policy Manageme

79 Figure 82 Add a host address Table 80 Configuration items Item Description Name Required Type a name for the host address. Valid characters for

80 2. Click the Address Ranges tab to enter the address range management page, as shown in Figure 83. Table 81 describes the fields of the address ra

81 Figure 84 Add an address range Table 82 Configuration items Item Description Name Required Type a name for the address range. Valid characters f

82 Return to IP address management functions. Subnet addresses To view subnet addresses: 1. From the navigation tree of the firewall management compo

83 Figure 86 Add an subnet address Table 84 Configuration items Item Description Name Required Type a name for the subnet address. Valid characters

3 2. Type your information as required and click Apply. The acknowledgment page appears, as shown in Figure 2. Click Download to download the host i

84 Item Description Excluded Addresses Required Specify the IP addresses to be excluded from the subnet. • Input an IP address and click Add next to

85 Figure 88 Add an IP address group Table 86 Configuration items Item Description Name Required Type a name for the IP address group. Valid charac

86 Interzone rules Configuration guide From the navigation tree of the firewall management component, select Interzone Rules under Security Policy Ma

87 Function Description Deleting interzone rules Allows you to delete interzone rules. Follow these steps: 1. Select the check boxes before the inte

88 Filed Description Dest IP Destination IP address of the interzone rule. Service All services of the interzone rule. Time Range Time range durin

89 Figure 90 Add an interzone rule Table 90 Configuration items Item Description Virtual Device Required Select a virtual device for which you want

90 Item Description Description Optional Type some descriptive information for the interzone rule. Valid characters for the description: letters, dig

91 Item Description Enable logging Optional Select this option to enable the syslog function for the interzone rule. By default, this option is not s

92 Function Description Deleting interzone policies Allows you to delete interzone policies. Follow these steps: 1. Select the check boxes before th

93 Figure 92 Add an interzone policy Table 93 Configuration items Item Description Name Required Type a name for the interzone policy. The name can