반응형
SMALL

DeepFinder H/W, Proxy, Reverse Proxy 웹방화벽의 SSL 처리 방식과 달라 가속기 등의 추가 구매 없이, 성능/속도 저하없이 SSL 트래픽을 필터링합니다.
Cloud 시대에 어플라이언스 타입의 WAF가 해결하기 어려운 부분을 쉽게 구성할 수 있다.
기존 WAF의 운영에서 불편한 인증서 관리가 필요 없고 SSL암복호화 수행을 따로 하지 않기 때문에 리소스의 저하도 발생 하지 않는다.

반응형
LIST
저작자표시

'업무이야기 > Security' 카테고리의 다른 글

How to Deploy and Manage FortiEndpoint | Endpoint Security  (7) 2024.11.08
Juniper SRX(방화벽) 패스워드 초기화  (5) 2024.10.24
FortiGate SIP Debug  (1) 2023.05.02
SRX IPSec Tunnel Sample  (0) 2023.05.02
AhnLab Network Solutions  (0) 2022.11.21
반응형
SMALL
반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Classic Map을 통한 Inline SSL 암복호화 config 샘플  (17) 2024.10.02
Gigamon Precryption  (43) 2024.09.06
Gigamon HC Series에서 pcap 받는 방법  (17) 2024.09.05
Gigamon HC Series CLI를 통한 Firmware upgrade  (1) 2024.09.05
@cloud에서 Gigamon으로 패킷 전송 config  (2) 2024.09.05
반응형
SMALL

##
## Network interface configuration
##
interface eth0
  no dhcp
  ip address 192.168.1.13 /24
  exit
##
## Network interface IPv6 configuration
##
interface eth0
  no ipv6 dhcp client enable
  exit
##
## Routing configuration
##
ip default-gateway 192.168.1.1 eth0
##
## Other IP configuration
##
hostname HC1
ip domain-list inner
ip name-server 168.126.63.1
##
## Other IPv6 configuration
##
no ipv6 enable
##
## Logging configuration
##
logging 192.168.1.245
logging 192.168.1.245 trap warning
##
## Port level configurations
##
port 1/1/g1 type network
port 1/1/g1 params admin enable
port 1/1/g2 type tool
port 1/1/g2 params admin enable
##
## Gigastream hash configurations
##
gigastream advanced-hash slot 1/cc1 default
##
## Gsgroup configurations
##
gsgroup alias GSHS port-list 1/1/e1
##
## IP Interface configurations
##
ip interface alias IN-VPN
  attach 1/1/g1
  ip address 192.168.1.10 /24
  gw 192.168.1.1
  gsgroup add GSHS
  exit
##
## Gs params configurations
##
gsparams gsgroup GSHS
  cpu utilization type total rising 80
  dedup-action drop
  dedup-ip-tclass include
  dedup-ip-tos include
  dedup-tcp-seq include
  dedup-timer 50000
  dedup-vlan ignore
  diameter-packet timeout 2
  diameter-s6a-session limit 10000
  diameter-s6a-session timeout 30
  eng-watchdog-timer 60
  erspan3-timestamp format none
  flow-mask disable
  flow-sampling-rate 5
  flow-sampling-timeout 1
  flow-sampling-type device-ip
  generic-session-timeout 5
  gtp-control-sample enable
  gtp-flow timeout 48
  gtp-persistence disable
  gtp-persistence file-age-timeout 30
  gtp-persistence interval 10
  gtp-persistence restart-age-time 30
  gtp-randomsample disable
  gtp-randomsample interval 12
  ip-frag forward enable
  ip-frag frag-timeout 10
  ip-frag head-session-timeout 30
  lb failover disable
  lb failover-thres lt-bw 80
  lb failover-thres lt-pkt-rate 1000
  lb replicate-gtp-c disable
  lb use-link-spd-wt disable
  node-role disable
  resource buffer-asf disable
  resource cpu overload-threshold 90
  resource hsm-ssl buffer disable
  resource hsm-ssl packet-buffer 1000
  resource inline-ssl standalone enable
  resource metadata disable
  resource packet-buffer overload-threshold 80
  resource xpkt-pmatch num-flows 0
  session logging level none
  sip-media timeout 30
  sip-nat disable
  sip-session timeout 30
  sip-tcp-idle-timeout 20
  ssl-decrypt decrypt-fail-action drop
  ssl-decrypt enable
  ssl-decrypt hsm-pkcs11 dynamic-object enable
  ssl-decrypt hsm-pkcs11 load-sharing enable
  ssl-decrypt hsm-timeout 1000
  ssl-decrypt key-cache-timeout 10800
  ssl-decrypt non-ssl-traffic drop
  ssl-decrypt pending-session-timeout 60
  ssl-decrypt session-timeout 300
  ssl-decrypt tcp-syn-timeout 20
  ssl-decrypt ticket-cache-timeout 10800
  tunnel-health-check action pass
  tunnel-health-check disable
  tunnel-health-check dstport 54321
  tunnel-health-check interval 600
  tunnel-health-check protocol icmp
  tunnel-health-check rcvport 54321
  tunnel-health-check retries 5
  tunnel-health-check roundtriptime 1
  tunnel-health-check srcport 54321
  xpkt-pmatch disable
  exit
##
## Gsop configurations
##
gsop alias gsope1 strip-header vxlan 0 port-list GSHS
##
## Traffic map connection configurations
##
map alias 01.G2-G1_HS_MAP
  type regular byRule
  roles replace admin to owner_roles
  use gsop gsope1
  rule add pass ipver 4
  rule add pass ipver 6
  to 1/1/g2
  from 1/1/g1
  exit
##
## SNMP configuration
##
no snmp-server host 192.168.1.245 disable
snmp-server host 192.168.1.245 traps port 162 version 2c public

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon HC Series에서 pcap 받는 방법  (17) 2024.09.05
Gigamon HC Series CLI를 통한 Firmware upgrade  (1) 2024.09.05
Gigamon FM Canvas 사용 시 주의할 점  (1) 2024.08.01
Gigamon FM Canvas Export & Import에 관하여  (0) 2024.08.01
Gigamon Config Backup 및 수정을 통한 Config Restore 방법  (0) 2024.01.18
반응형
SMALL

 

 

 

 

 

반응형
LIST

'업무이야기 > 가상화' 카테고리의 다른 글

NHN Cloud 가입하세요. 가입 축하 크레딧 20만원 지급됩니다.  (0) 2024.01.19
openstack qcow2 change root password  (0) 2023.07.06
DevStack 설치 (Gigamon Packet 수집 솔루션 구축을 위한)  (0) 2023.03.23
Docker 기본 명령어  (0) 2021.01.18
Citrix Xen Server에서 리눅스 싱글모드 부팅 - root 패스워드 초기화  (0) 2012.11.08
반응형
SMALL

NHN Cloud 교육 참석을 통해 Cloud에 대한 많은 견문이 넓혀진 것 같습니다.

교육을 참석 하신분들은 다 아시는 내용이지만 미참석자를 위해 정보 전달 드립니다.

NHN Cloud에 가입 하신 후 결제 수단을 등록 하시면 20만원의 크레딧이 지급됩니다.

아래 링크 클릭하여 회원 가입을 하시고

https://www.nhncloud.com/kr

아래와 같이 결제 수단 페이지에서 "[가입 축하 크레딧 신청]"을 클릭하시면 됩니다.

반응형
LIST
저작자표시

'업무이야기 > 가상화' 카테고리의 다른 글

KT Cloud Summit 2024  (1) 2024.05.02
openstack qcow2 change root password  (0) 2023.07.06
DevStack 설치 (Gigamon Packet 수집 솔루션 구축을 위한)  (0) 2023.03.23
Docker 기본 명령어  (0) 2021.01.18
Citrix Xen Server에서 리눅스 싱글모드 부팅 - root 패스워드 초기화  (0) 2012.11.08
반응형
SMALL

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/tunneling-erspan-termination.html

 

Remote Traffic Tunneling | ERSPAN Termination | GigaSMART | Gigamon

GigaSMART® Tunneling helps alleviate blindness of business-critical traffic at remote sites, virtualized data centers or hosted in a public cloud.

www.gigamon.com

Extend monitoring to remote sites and the cloud

The Tunneling feature is a licensable addition to the GigaSMART® engine that helps alleviate blindness of business-critical traffic at remote sites, virtualized data centers, or hosted in a public cloud. Tunneling is used in conjunction with Flow Mapping® technology to select traffic at remote sites that should be subject to additional inspection. That traffic subset can then be forwarded via IP/UDP or L2GRE encapsulation to centralized monitoring and security resources. Tunneling also works with GigaVUE-VM for VMware, GigaVUE-VM for OpenStack, and Visibility Platform for AWS to select and tunnel traffic from within virtual environments to the Gigamon® Visibility Platform via L2GRE tunnels. With Tunneling, physical networks can utilize cloud-based tools and load balance across multiple instances.

Benefits of the Tunneling feature

  • Provides security teams with access to suspicious traffic anywhere within the organization, local or remote, physical or virtual.
  • Eliminates the cost of deploying and managing tools at branch offices and remote sites.
  • Preserves the processing power of hypervisors to handle workload, instead of management and monitoring.
  • Immediately extends monitoring and security to new acquisitions or temporary installations until other arrangements can be made.
  • Enables load balancing across multiple IP-addressable virtual and cloud-based tools.
  • Allows operators to take advantage of existing Cisco NEXUS features by forwarding traffic via ERSPAN tunnels to the Gigamon Visibility Platform.

 

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Application Visualization  (0) 2020.06.04
Adaptive Packet Filtering  (0) 2020.06.04
Load Balancing  (0) 2020.06.04
Masking  (0) 2020.06.04
Packet Slicing  (0) 2020.06.04
반응형
SMALL

 

반응형
LIST
저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

What are the Gigamon Visibility Components in AWS  (0) 2020.06.04
Filtering and Masking Healthcare Data with Gigamon Application Intelligence  (0) 2020.06.04
GigaSMART® Packet De-duplication  (0) 2020.06.04
GigaVUE® Inline Bypass  (0) 2020.06.04
GigaSMART® SSL Decryption  (0) 2020.06.04

+ Recent posts

티스토리툴바