'Flow' 태그의 글 목록

SMALL

Example 13 is an inline flow mapping based solution on GigaVUE-HC2. Example 13 has a variety of constructs: an inline network group made up of two protected inline networks, an inline tool group, an inline tool series, an individual inline tool, a rule-based map (VLAN 100) from the inline network group to the inline tool group, a rule-based map (portdst 80) from the inline network group to the inline tool series, a rule-based map (ipsrc 10.123.12.57) from the inline network group to the individual inline tool, and a shared collector from the inline network group to bypass.

Since Example 13 uses protected inline networks on GigaVUE-HC2, they do not need to be configured as described in Example 4: Protected Inline Bypass Using Bypass Combo Modules, so the configuration begins with the inline network group.

On GigaVUE-HC3, unprotected inline bypass can be configured on any module on the node. Protected inline bypass can be configured on the bypass combo module on ports c1..c4.

On GigaVUE-HC1, unprotected inline bypass can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).

Step

Description

Command

Configure an inline network group consisting of two protected inline networks.

(config) # inline-network-group alias inNetGroup
(config inline-network-group alias inNetGroup) # network-list default_inline_net_7_2_1,default_inline_net_7_2_3
(config inline-network-group alias inNetGroup) # exit
(config) #

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 7/2/x2 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 7/2/x15 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 7/2/x3 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 7/2/x4 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

(config) # port 7/2/x7 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable

(config) # port 7/2/x8 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable

(config) # port 7/2/x13 alias iT7
(config) # port iT7 type inline-tool
(config) # port iT7 params admin enable

(config) # port 7/2/x14 alias iT8
(config) # port iT8 type inline-tool
(config) # port iT8 params admin enable

(config) # port 7/2/x15 alias iT9
(config) # port iT9 type inline-tool
(config) # port iT9 params admin enable

(config) # port 7/2/x16 alias iT10
(config) # port iT10 type inline-tool
(config) # port iT10 params admin enable

Configure inline tools as follows:

• inTool1 and inTool2 will be used in the inline tool group, inToolGroup
• inTool3 will be the individual inline tool used in Map3
• inTool4 and inTool5 will be used in the inline tool series, inSer
Also, enable inline tools.

Specify that inline tools are going to be shared by different sources. When shared is enabled (true), the inline tools can receive traffic from multiple sources (the inline networks in the inline network group).

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6
(config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8
(config) # inline-tool alias inTool5 pair tool-a iT9 and tool-b iT10

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable
(config) # inline-tool alias inTool4 enable
(config) # inline-tool alias inTool5 enable

(config) # inline-tool alias inTool1 shared true
(config) # inline-tool alias inTool2 shared true
(config) # inline-tool alias inTool3 shared true
(config) # inline-tool alias inTool4 shared true
(config) # inline-tool alias inTool5 shared true

Enable default heartbeats.

(config) # inline-tool alias inTool1 heart-beat
(config) # inline-tool alias inTool2 heart-beat
(config) # inline-tool alias inTool3 heart-beat
(config) # inline-tool alias inTool4 heart-beat
(config) # inline-tool alias inTool5 heart-beat

Configure an inline tool group and enable it.

(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # exit
(config) #

Configure an inline tool series and enable it.

(config) # inline-serial alias inSer
(config inline-serial alias inSer) # inline-tool-list inTool4,inTool5
(config inline-serial alias inSer) # enable
(config inline-serial alias inSer) # exit
(config) #

Configure rule-based map, from the inline network group to the inline tool group.

(config) # map alias inMap1
(config map alias inMap1) # type inline byRule
(config map alias inMap1) # from inNetGroup
(config map alias inMap1) # to inToolGroup
(config map alias inMap1) # rule add pass vlan 100
(config map alias inMap1) # exit
(config) #

Configure rule-based map, from the inline network group to the inline tool series.

(config) # map alias inMap2
(config map alias inMap2) # type inline byRule
(config map alias inMap2) # from inNetGroup
(config map alias inMap2) # to inSer
(config map alias inMap2) # rule add pass portdst 80
(config map alias inMap2) # exit
(config) #

Configure rule-based map, from the inline network group to the individual inline tool.

(config) # map alias inMap3
(config map alias inMap3) # type inline byRule
(config map alias inMap3) # from inNetGroup
(config map alias inMap3) # to inTool3
(config map alias inMap3) # rule add pass ipsrc 10.123.12.57 255.255.255.248
(config map alias inMap3) # exit
(config) #

Add a shared collector from the inline network group to bypass.

(config) # map-scollector alias scoll
(config map-scollector alias scoll) # from inNetGroup
(config map-scollector alias scoll) # collector bypass
(config map-scollector alias scoll) # exit
(config) #

Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool
(config) # inline-network alias default_inline_net_7_2_1 traffic-path to-inline-tool
(config) # inline-network alias default_inline_net_7_2_3 traffic-path to-inline-tool

Disable physical bypass on the default inline network aliases.

(config) # inline-network alias default_inline_net_7_2_1 physical-bypass disable
(config) # inline-network alias default_inline_net_7_2_3 physical-bypass disable

Display the configuration for this example.

(config) # show inline-network
(config) # show inline-network-group
(config) # show inline-tool
(config) # show inline-serial
(config) # show inline-tool-group
(config) # show map

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon OOB Maps Originating from Inline Network Group (0)	2021.01.18
Gigamon OOB Maps Originating from Inline Network (0)	2021.01.18
Gigamon Inline Flow Mapping Based Solution C (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution B (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution A (0)	2021.01.17

SMALL

Example 12 is an inline flow mapping based solution on GigaVUE-HC2. Example 12 has a single, unprotected inline network, two individual inline tools, a rule-based map (portdst 22) from the inline network to bypass, a rule-based map (portdst 80) from the inline network to the first inline tool, and a shared collector from the inline network to the second inline tool. Traffic that does not match the map rules will be sent to the shared collector, ensuring that all traffic is exchanged between side A and side B of the network.

Step

Description

Command

Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 7/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 7/2/x20 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 7/2/x2 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 7/2/x15 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 7/2/x3 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 7/2/x4 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable

Enable default heartbeats.

(config) # inline-tool alias inTool1 heart-beat
(config) # inline-tool alias inTool2 heart-beat

Configure rule-based map, from inline network to bypass.

(config) # map alias inMap3
(config map alias inMap3) # type inline byRule
(config map alias inMap3) # from inNet
(config map alias inMap3) # to bypass
(config map alias inMap3) # rule add pass portdst 22
(config map alias inMap3) # exit
(config) #

Configure rule-based map, from inline network to first inline tool.

(config) # map alias inMap4
(config map alias inMap4) # type inline byRule
(config map alias inMap4) # from inNet
(config map alias inMap4) # to inTool1
(config map alias inMap4) # rule add pass portdst 80
(config map alias inMap4) # exit
(config) #

Add a shared collector, from inline network to second inline tool.

(config) # map-scollector alias scoll3
(config map-scollector alias scoll3) # from inNet
(config map-scollector alias scoll3) # collector inTool2
(config map-scollector alias scoll3) # exit
(config) #

Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

Display the configuration for this example.

(config) # show inline-tool
(config) # show map

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon OOB Maps Originating from Inline Network (0)	2021.01.18
Gigamon Inline Flow Mapping Based Solution D (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution B (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution A (0)	2021.01.17
Gigamon Inline Network Group (Many-to-Many) (0)	2021.01.17

SMALL

Example 11 is an inline flow mapping based solution on GigaVUE-HC2. Example 11 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to bypass, and a shared collector from the inline network to the inline tool. Traffic on VLAN 100 will not be inspected by the inline tool, while the remaining traffic will be inspected by the inline tool (through the bypass).

Step

Description

Command

Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 7/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 7/2/x20 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 7/2/x2 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 7/2/x15 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

Configure inline tool and enable it.

(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool enable

Enable default heartbeat.

(config) # inline-tool alias inTool heart-beat

Configure rule-based map, from inline network to bypass.

(config) # map alias inMap2
(config map alias inMap2) # type inline byRule
(config map alias inMap2) # from inNet
(config map alias inMap2) # to bypass
(config map alias inMap2) # rule add pass vlan 100
(config map alias inMap2) # exit
(config) #

Add a shared collector, from inline network to inline tool.

(config) # map-scollector alias scoll2
(config map-scollector alias scoll2) # from inNet
(config map-scollector alias scoll2) # collector inTool
(config map-scollector alias scoll2) # exit
(config) #

Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

Display the configuration for this example.

(config) # show map

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Inline Flow Mapping Based Solution D (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution C (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution A (0)	2021.01.17
Gigamon Inline Network Group (Many-to-Many) (0)	2021.01.17
Gigamon Inline Network Group (Many-to-One) (0)	2021.01.17

SMALL

Example 10 is an inline flow mapping based solution on GigaVUE-HC2. Example 10 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to the inline tool, and a shared collector from the inline network to bypass. Traffic on VLAN 100 will be inspected by the inline tool while the remaining traffic will not be inspected (will be bypassed).

Step

Description

Command

Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 7/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 7/2/x20 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 7/2/x2 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 7/2/x15 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

Configure inline tool and enable it.

(config) # inline-tool alias inTool pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool enable

Enable default heartbeat.

(config) # inline-tool alias inTool heart-beat

Configure rule-based map, from inline network to inline tool.

(config) # map alias inMap1
(config map alias inMap1) # type inline byRule
(config map alias inMap1) # from inNet
(config map alias inMap1) # to inTool
(config map alias inMap1) # rule add pass vlan 100
(config map alias inMap1) # exit
(config) #

Add a shared collector for any unmatched data and send it to bypass.

(config) # map-scollector alias scoll
(config map-scollector alias scoll) # from inNet
(config map-scollector alias scoll) # collector bypass
(config map-scollector alias scoll) # exit
(config) #

Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

Display the configuration for this example.

(config) # show inline-network
(config) # show inline-tool
(config) # show map

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Inline Flow Mapping Based Solution C (0)	2021.01.17
Gigamon Inline Flow Mapping Based Solution B (0)	2021.01.17
Gigamon Inline Network Group (Many-to-Many) (0)	2021.01.17
Gigamon Inline Network Group (Many-to-One) (0)	2021.01.17
Gigamon Inline Tool Series with Local Failover Action (0)	2021.01.17

SMALL

https://www.gigamon.com/products/optimize-traffic/subscriber-intelligence/flowvue-subscriber-awareness.html

Subscriber-Aware Flow Management | FlowVUE | GigaSMART | Gigamon

GigaSMART® FlowVUE® provides subscriber IP-based flow sampling, which provides a representative view of traffic for diagnostic coverage.

www.gigamon.com

Carriers: make big data manageable

The FlowVUE® feature is a licensable addition to the GigaSMART® engine that provides subscriber IP-based flow sampling, which enables existing security and monitoring tools to connect to the latest high-speed pipes by providing a representative view of traffic for diagnostic coverage. Unlike traditional diagnostic methods, the FlowVUE feature intelligently reduces the amount of traffic, while keeping the integrity of the data flows intact, but at a lower speed feed within a smaller pipe.

The FlowVUE feature allows for active sampling of a subscriber’s device (known as a user endpoint IP or UE IP) across GPRS Tunneling Protocol user-data plane (GTP-u) tunnels. The integrity of the subscriber flows is preserved by forwarding all the flows associated with the sampled UE IP to the appropriate monitoring and analytic tools.

The numerous benefits of FlowVUE

Enhances accuracy of Quality of Experience (QoE) monitoring.
Cost-effectively reduces the amount of data, while enabling Big Data throughput processing.
Further reduces traffic volumes to the tool infrastructure when combined with the advanced filtering capabilities of GigaSMART Adaptive Packet Filtering.
Enables operators to detect and replace inactive devices through user-configurable timeouts.

Take advantage of our new bundled GigaSMART apps to be subscriber-aware!

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

5G Correlation (0)	2020.06.04
SIP/RTP Correlation (0)	2020.06.04
GTP Correlation (0)	2020.06.04
Application Metadata Intelligence (0)	2020.06.04
Application Filtering Intelligence (0)	2020.06.04

SMALL

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/advanced-flow-slicing.html

Advanced Flow Slicing | GigaSMART | Gigamon

Reduce traffic sent to tools with intelligent slicing.

www.gigamon.com

Forward the First Set of Packets, then Slice or Drop the Rest

Inspecting long data flows hogs bandwidth and causes unnecessary processing burden on tools. (A flow is HTTP session or any general TCP/UDP session.)

GigaSMART® Advanced Flow Slicing application eliminates these issues by slicing payloads and packets from long data flow. This allows network operation teams and service providers to forward the first set of packets in the flow, then slice or drop the rest — saving your bandwidth and increasing tool effectiveness.

Benefits of Advanced Flow Slicing:

Reduces traffic sent to tools by more than 60%
Avoids costly tool upgrades to inspect unnecessary traffic
Improves overall tool efficiency and effectiveness
Retains complete visibility into each flow’s establishment

Advanced Flow Slicing is now part of our Gigamon NetVUE for Network Operations bundle.

How It Works

GigaSMART Advanced Flow Slicing reduces traffic sent to tools using a two-step intelligent slicing method:

You decide the first number of packets in a flow to analyze
Then either drop or slice subsequent packets in that flow

LIST

저작자표시

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Masking (0)	2020.06.04
Packet Slicing (0)	2020.06.04
Data De-duplication (0)	2020.06.04
SSL/TLS Decryption (0)	2020.06.04
NetFlow Generation (0)	2020.06.04

SMALL

FortiSandbox Flow

Static Scan:

- Rule matched : Suspicious(High/Medium/Low) -> End

- Rule did not match : Clean -> Goto AV Scan

AV Scan:

- Signature matched : Malicious -> End

- Signature did not match : Clean -> Goto Cloud Query

Cloud Query:

- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End

- Hash matched with Clean : Clean -> End

- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)

VM Scan:

- Suspicous behavior was detected : Suspicious(High/Medium/Low) -> End

- Suspicous behavior was not detected : Clean -> End

- Other : Unknown -> End

LIST

저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortinet Open Ports Diagram (0)	2018.05.08
FortiSandbox diagram (0)	2018.05.08
FortiSandbox Clustering Setting (0)	2017.08.08
FortiSandbox Custom VM (0)	2017.08.08
Fortinet euc-kr 한글 지원 설정 (0)	2015.12.28

쫑콩아빠의 지금 이 순간...

Flow

Gigamon Inline Flow Mapping Based Solution D

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Inline Flow Mapping Based Solution C

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Inline Flow Mapping Based Solution B

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Gigamon Inline Flow Mapping Based Solution A

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

FlowVUE Flow Sampling

Carriers: make big data manageable

The numerous benefits of FlowVUE

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

Advanced Flow Slicing

Forward the First Set of Packets, then Slice or Drop the Rest

How It Works

'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글

FortiSandbox Flow

'업무이야기 > Security' 카테고리의 다른 글

+ Recent posts

티스토리툴바