본문 바로가기

inline29

Gigamon HC Series의 이중화 및 iSSL에 관하여 Gigamon HC Series는 패킷 미러 처리 뿐 아니라 inline에 직접 연결해 다양한 inline-tool에게 최적의 패킷을 전달 하는 역활을 한다. 보통의 Gigamon 이중화는 GRIP이라는 Gigamon에서 제공하는 이중화 프로토콜을 통해 이중화를 구성하며, 회선별 구성이 아닌 아래와 같이 상하단 구성을 주로 한다. 기존 회선 이중화 방식에서 발생되는 문제점들을 Gigamon을 통해 다양한 문제점들의 해결이 가능해진다. - 보안 장비로 인한 네트워크 성능 저하 - 여러 장애 포인트 존재 - 비대칭 라우팅으로 인한 보안 장비 탐지의 어려움 - 보안 장비 확장의 어려움 - 보안장비 Firmware 업그레이드 혹은 교체시 네트워크 단절 위험 - 네트워크 증속 시 보안도 동일 증속을 위한 투자 -.. 2023. 11. 15.
To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately. “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" To set up GRIP successfully, it is advised that you check the inline functions of each HC2 separately. https://gigamoncp.force.com/partnercommunity/s/article/HC2-GRIP-Configuration-example#loaded A. Set up Primary without GRIP a. ensure secondary is wire only (i.e physical bypass = enable) b. take primary out of bypass, configure all ports and forward inline tra.. 2021. 1. 25.
Gigamon Resiliency for Inline Protection (GRIP) “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" You can configure Gigamon Resiliency for inline protection on H Series nodes (GigaVUE-HC1, GigaVUE-HC2, and GigaVUE-HC3). Example 18 is an inline bypass solution for GRIP using TAP-HC1-G10040 modules on GigaVUE-HC1 with copper ports. The same instructions apply to GigaVUE-HC2 and GigaVUE-HC3. Note: On the GigaVUE-HC2, the configuration steps will be the same as .. 2021. 1. 18.
Gigamon Maps to Individual Inline Tool Group Members “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 17 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with four tools. It is similar to Example 16: Asymmetrical Hashing in Inline Tool Group, but has four rule-based inline maps, one to each individual member of the inline tool group. In Example 17, asymmetrical hashing is used, but the hashing could also be symmetrical. The hashing on.. 2021. 1. 18.
Gigamon Asymmetrical Hashing in Inline Tool Group “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 16 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with four tools. The inline tool group uses asymmetrical hashing (unlike Example 5: Inline Tool Group (N+1) Redundancy which uses symmetrical hashing). The hashing is based on the source IP address for side A and the destination IP address for side B. A rule-based map (vlan 200) is c.. 2021. 1. 18.
Gigamon OOB Maps Originating from Inline Network Group “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 15 expands on Example 14 by combining out-of-band (OOB) maps with a map passall originating from an inline network group on GigaVUE-HC2. When the source port of an OOB map is associated with an inline network group, only one port is supported in the port list. In this case, multiple OOB maps are needed because each OOB map only accepts one inline network.. 2021. 1. 18.
Gigamon OOB Maps Originating from Inline Network “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 14 combines out-of-band (OOB) maps with a map passall originating from an inline network on GigaVUE-HC2. In Example 14, the map passall sends all traffic to the inline tool. The OOB rule-based map sends traffic to an OOB tool. When the source port of an OOB map is associated with an inline network, multiple source ports are supported in the port list (th.. 2021. 1. 18.
Gigamon Inline Flow Mapping Based Solution D “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 13 is an inline flow mapping based solution on GigaVUE-HC2. Example 13 has a variety of constructs: an inline network group made up of two protected inline networks, an inline tool group, an inline tool series, an individual inline tool, a rule-based map (VLAN 100) from the inline network group to the inline tool group, a rule-based map (portdst 80) from.. 2021. 1. 17.
Gigamon Inline Flow Mapping Based Solution C “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 12 is an inline flow mapping based solution on GigaVUE-HC2. Example 12 has a single, unprotected inline network, two individual inline tools, a rule-based map (portdst 22) from the inline network to bypass, a rule-based map (portdst 80) from the inline network to the first inline tool, and a shared collector from the inline network to the second inline t.. 2021. 1. 17.
Gigamon Inline Flow Mapping Based Solution B “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 11 is an inline flow mapping based solution on GigaVUE-HC2. Example 11 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to bypass, and a shared collector from the inline network to the inline tool. Traffic on VLAN 100 will not be inspected by the inline tool, while the remaining traffic w.. 2021. 1. 17.
Gigamon Inline Flow Mapping Based Solution A “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 10 is an inline flow mapping based solution on GigaVUE-HC2. Example 10 has a single, unprotected inline network, a single inline tool, a rule-based map (VLAN 100) from the inline network to the inline tool, and a shared collector from the inline network to bypass. Traffic on VLAN 100 will be inspected by the inline tool while the remaining traffic will n.. 2021. 1. 17.
Gigamon Inline Network Group (Many-to-Many) “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 9 is an inline bypass solution on GigaVUE-HC2 for an inline network group. Example 9 expands upon Example 8 by adding a second inline tool. The inline networks are a mix of unprotected and protected. In addition, user-defined VLAN tags are added in Example 9 to guide traffic from the multiple inline networks in the inline network group. On GigaVUE-HC3, u.. 2021. 1. 17.
Gigamon Inline Network Group (Many-to-One) “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 8 is an inline bypass solution on GigaVUE-HC2 for an inline network group. This is a many-to-one example with two inline networks and one inline tool. The inline networks are mix of protected and unprotected. On GigaVUE-HC3, unprotected inline bypass can be configured on any module on the node. Protected inline bypass can be configured on the bypass comb.. 2021. 1. 17.
Gigamon Inline Tool Series with Local Failover Action “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 7 is an inline bypass solution on GigaVUE-HC2 for an inline tool series. The failover action is specified for one of the inline tools (network-bypass), rather than for the series as a whole. Also the recovery mode is specified as manual. When the individual inline tool fails, traffic is dropped at the inline network ports. When the tool recovers and is r.. 2021. 1. 17.
Gigamon Inline Tool Series “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 6 is an inline bypass solution on GigaVUE-HC2 for an inline tool series. The inline network is unprotected. The order of the tools and inline tool groups in the tool list defines the order of the series. The map directs the traffic to the series, that is, to the first inline tool or inline tool group in the tool list. Example 6 includes two inline tools .. 2021. 1. 17.
Gigamon Inline Tool Group (N+1) Redundancy “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 5 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with N+1 redundancy. In this example, N=2. The inline network is unprotected. Example 5 expands upon Example 3 by adding a spare to the inline tool group. Step Description Command Configure inline network aliases, port type (inline-network), and administratively enable inline network .. 2021. 1. 17.
Gigamon Protected Inline Bypass Using Bypass Combo Modules “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 4 is a protected inline bypass solution using bypass combo modules on GigaVUE-HC2. It also configures heartbeat and negative heartbeat profiles. Protected inline networks are based on the pairs of ports associated with the physical protection switches located on the bypass combo modules. Unlike the unprotected examples, you do not need to configure inlin.. 2021. 1. 17.
Gigamon Unprotected Inline Bypass with an Inline Tool Group “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 3 adds a second inline tool to the unprotected inline bypass solution on GigaVUE-HC2 in Example 1 and creates an inline tool group consisting of two tools. It also configures a custom heartbeat profile. Step Description Command Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. (config) # port .. 2021. 1. 17.
Gigamon Unprotected Inline Bypass with Default Heartbeat “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 2 adds the default heartbeat profile to the unprotected inline bypass solution on GigaVUE-HC2 in Example 1. Step Description Command Configure inline network aliases, port type (inline-network), and administratively enable inline network ports. (config) # port 3/1/x1 alias iN1 (config) # port iN1 type inline-network (config) # port iN1 params admin enabl.. 2021. 1. 17.
Gigamon Unprotected Inline Bypass “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 1: Unprotected Inline Bypass On GigaVUE-HC1, an unprotected inline bypass solution can be configured on the base module, with the inline networks and inline tools on ports 1/1/x1..x12 and 1/1/g1..g4, or on the bypass combo module on ports x1..x4. Step Description Command Configure inline network aliases, port type (inline-network), and administratively e.. 2021. 1. 17.
Gigamon Flexible Inline Single Tag Configuration “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 8—Flexible Inline Single Tag Configuration When you configure inline maps with single VLAN tag, the map rules must have the same VLAN tag as configured in the from parameter. The following is an example of a flexible inline single tag configuration. map alias map1_in1_100_11 type flexinline byRule rule add pass ipver 4 vlan 100 from in1 vlan 100 a-to-b i.. 2021. 1. 17.
Gigamon Protected Flexible Inline, Out-of-Band Copy “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 7—Protected Flexible Inline, Out-of-Band Copy Example 7 demonstrates a flexible inline map with OOB copy configuration as follows: • an example of the source as a protected inline network and the destination as a hybrid port • an example of the source as a tool member in the a-to-b list and the destination as a regular tool port • an example of the sourc.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline, Monitoring Mode “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 6—Unprotected Flexible Inline, Monitoring Mode Example 6 adds a traffic path of monitoring for one inline tool to Example 4. It has the same two inline networks, the same five inline tools, and the same maps, but the flexible traffic path on the second inline tool is set to monitoring. The monitoring mode is similar to bypass, but at the tool level. In a.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline, Inline Tool Group “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 5—Unprotected Flexible Inline, Inline Tool Group Example 5 adds an inline tool group to Example 4. It has the same two inline networks and five inline tools, but now the third, fourth, and fifth tools (t1112, t1314, and t1516) are in an inline tool group. The maps have been modified to direct traffic to the inline tool group. For example, the inline tool.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline, Rule-Based Map “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 4—Unprotected Flexible Inline, Rule-Based Map Example 4 adds a rule-based map to Example 2. It has the same two inline networks, the same five inline tools, but adds a rule-based map from the first inline network. In the rule-based map, two of the five tools are specified, sending traffic through those two tools, which are the second (t0910) and the four.. 2021. 1. 17.
Protected Flexible Inline, Two Collector Maps “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 3—Protected Flexible Inline, Two Collector Maps Example 3 is similar to Example 2 but with protected inline networks. Protected inline networks are based on the pairs of ports associated with the physical protection switches located on the bypass combo modules. Unlike the unprotected examples, you do not need to configure inline network ports because the.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline, Two Collector Maps “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 2—Unprotected Flexible Inline, Two Collector Maps Example 2 adds an inline network to Example 1. It has the same five inline tools, and adds a collector map for the second inline network. In the second collector map, two of the five tools are specified, sending traffic through those two tools, the first and the third tools in the sequence. The inline net.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline Netlag, One Collector Map “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 1A—Unprotected Flexible Inline Netlag, One Collector Map Example 1 has one inline netlag, five inline tools, and a collector map that acts as a passall, sending all traffic through all tools. The following two inline networks are configured in one inline netlag: • inline network alias n0102, based on ports x1 and x2 • inilne network alias n0304, based on.. 2021. 1. 17.
Gigamon Unprotected Flexible Inline, One Collector Map “파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있음" Example 1—Unprotected Flexible Inline, One Collector Map Example 1 has one inline network, five inline tools, and a collector map that acts as a passall, sending all traffic through all tools. The inline network alias is n0102, based on ports x1 and x2. For example, the inline tools can be Web Application Firewall (WAF), Intrusion Prevention System (IPS), Advanc.. 2021. 1. 17.
반응형

티스토리툴바