Manual Allot NetEnforcer - administration quide R3
Contents
1. Chapter 5 Appendices Argument Name Option Remarks Remove_item Time items that will be removed from the time while Type is catatlog DAILY WEEKLY MON THLY ANUALLY DAY is the day number in week month year Time format hh mm hh mm List All catalogCLI list all catalog name No required arguments Get catalog catalogCLI get catalog name Required arguments o name existing name of the required catalog Delete catalog catalogCLI delete catalog name Required arguments o name existing name of the required catalog Add catalog catalogCLI add catalog name Required arguments o name existing name of the required catalog Arguments o See Options for the specific catalog and global options 5 20 NetXplorer Administration Guide Chapter 5 Appendices Update catalog catalogCLI update catalog name Required arguments o name existing catalog name Arguments o See Options for the specific catalog and global options Examples add vlan name vlan name description vlan description vlan type 3 tag 128 update vlan name vlan name tag 256 delete vlan name vlan name list all vlan add time name time name add item DAILY 10 00 11 00 WEEKLY 2 10 00 11 00 update host add item ip address 1 1 1 1 name hostname update host group name group1 remove host host1 host2 add host host3 add aler2. Parameter Definition Automatically Install New Updates Enables NetXplorer to automatically install and new to NetXplorer Updates onto the Server but not individual NetEnforcers Server Configuring NetXplorer Users NetXplorer implements a role based security model The role defined for each authorized user indicates the scope of operations that can be performed by the user There are three types of NetXplorer roles as follows e Regular Read write privileges in the NetXplorer application not including User Configuration definitions e Monitor Read only access e Administrator Read write privileges in the NetXplorer application which includes read write privileges to define User Configurations This section describes the processes used to register and maintain users It includes how to add a new user change a user s information and how to delete a user To Add a New User 1 Select the Users Configuration Editor from the Tools menu 2 The Users Configuration Editor dialog is displayed listing all currently defined NetXplorer users NetXplorer Administration Guide 2 25 Chapter 2 Configuration Users Contiguration Editor User Name Password Role Email Description Last Modited Agmin strator Jan 9 2005 12 00 Add Reguist antaras com I Jen 21 2007 2 11 Adminestrator Jonnygpeyernatl com san 21 2007 211 Edit Figure 2 17 Users Configuration Editor 3 Click Add The User Editor dialog is
3. SMP 10 460 50 SMP 7 Enabled Subscriber Capacity on SMP 1000000 Total Subscriber Capacity Server Key 1000000 Total Subscriber Capacity Used 0 Subscriber Capacity Available on SMP 1000000 Save Cancel Figure 2 8 SMP Group Properties New dialog Select the SMP from the list in the Device area To activate and enforce the subscriber capacity you are about to define retain the default Enabled subscriber capacity option Define the subscriber capacity in the Subscriber Capacity area for example type in 1000000 Each SMP server supports up to 1 million subscribers and up to 500 updates per second If the amount of NE and SMP Servers need to be increased to handle your Network subscribers purchase and install the appropriate amount of SMP Servers You may save the SMP Group data you have entered by clicking Save or open the Associated NetEnforcer Group tab and define up to 10 NetEnforcers for each named SMP NE Group For more information concerning SMP Groups see the Allot SMP User s Manual NetXplorer Administration Guide 2 9 Chapter 2 Configuration To change the IP of a NetEnforcer 1 Select the NetEnforcer device in the Navigation tree and then select Properties from the Actions menu The Device Properties Update dialog is displayed NetEnforcer Properties Update NetEnforcer Name AC402 119 Password IP Address 10 90 90 119 Monitoring Collector
4. a backup status n Itc sa list To change the hot backup directory I Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n Itc sa change dir nd lt NEW LOCATION PATH gt For example to change the database directory to cfg1 enter the following command db maint a backup status n Itc sa change dir nd D backup cfg1 NetXplorer Administration Guide 4 15 Chapter 4 Database Management To change the number of generations I Access the NetXplorer via Telnet 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db_maint a backup status n Itc sa change gen ng lt VALUE gt Restoring LTC Tables To check the hot backup parameters 1 Access the NetXplorer via Telnet 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n Itc sa list The backup parameters will indicate the generation numbers of the backups To restore the database 1 Stop the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Stop from the drop down menu 4 16 NetXplorer Administration Guide Chapter 4 Datab
5. STC 96 Active Collector STC 96 Save Cancel Figure 2 9 Device Properties Update dialog 2 Enter the User name Password of the NetXplorer administrator 3 Enter the new IP address of the NetEnforcer in the designated field 4 Click Save NOTE If you change the IP of the NetEnforcer you must also change the IP in the device configuration of the NetXplorer To Remove a NetEnforcer from the network 1 Right click Network and select a NetEnforcer and select Delete The following Delete message is displayed 2 10 NetXplorer Administration Guide Chapter 2 Configuration System Message Are you sure you want to delete the selected Device Note 1 Creating Device again at a later point in time will overwrite any existing policy on the device 2 Any Reports or Groups that reference content in deleted Device will no longer be valid 3 Event lists for a deleted Device will no longer be accessible Figure 2 10 System Message 2 Click Yes to delete the NetEnforcer To configure a NetEnforcer via the NetXplorer 1 In the Navigation pane select and right click the NetEnforcer in the Navigation tree and select Configuration from the popup menu OR Select the NetEnforcer in the Navigation tree and then select Configuration from the View menu OR Select the NetEnforcer in the Navigation tree and then click the Configuration icon WW on the toolbar The Configuration window for the selected NetEn
6. s potential size Backing up CFG Tables NOTE The following commands should not cut and pasted into the DOS window but typed in They may not function properly unless entered manually To perform an incremental hot backup manually 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup n cfg t incremental To perform a full hot backup manually 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db_maint a backup n cfg t full NetXplorer Administration Guide 4 5 Chapter 4 Database Management To check the hot backup parameters 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n cfg sa list The backup parameters will indicate what scheduled backups are enabled when they are scheduled and how many generations will be backed up To enable incremental scheduled hot backups 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n cfg t incremental sa enable To schedule an incremental hot backup for a spe
7. Argument Name Option Remarks qos_type 1 ignore 2 each VC 3 both VC 4 each pipe 5 16 NetXplorer Administration Guide Chapter 5 Appendices Argument Name Option Remarks 5 both pipe 6 half duplex pipe 7 each line 8 both line 9 half duplex line 10 PCMM qos_action direction 0 for both direction 1 for internal outbound 2 for external inbound mode is_reserved Minimum reserved Only for pipe bandwidth on use min_bw max_bw min_bw_conn max_bw_conn mode 0 burst 1 CBR constant bit rate delay if mode CBR then max time in microsecond for the package to be in the system box burst for all flows of this VC bw type bandwidth type measure 0 absolute value 1 percent from max priority Action Argument Name Option Remarks location Action source 0 Application server 1 device action type action type 1 script NetXplorer Administration Guide Chapter 5 Appendices Argument Name Option Remarks 2 email 3 sms 4 stored procedure actor Script stored procedure name e mail address Host Argument Name Option Remarks host_type Host type 0 regular entries 1 data source queries 2 NE for the compression entries device_id host device For common host device ID is null add_entry New host entries Syntax TYPE value remo
8. Command Line Interface CLI ccscssscscscsssssssscsccccccsssssesscccccssssesseeccscessesssssccecescecssssenecee 5 6 Provisioning CEE cise io e R N r ERE e A a aksessere 5 6 Monitoring CLs ic ttvvcadave spsiditas bdevctedeniets a aa e a N a s 5 22 Links Formaty ioei aaea een EEE 5 26 Examples noe een eeaeee a a e a ea a e al AEE AAE EA EEEE A EE EIEN 5 26 l DL A EA T Ne 5 28 iv NetXplorer Administration Guide FIGURES Figure 1 1 System Architectures nnion orrn tett a A anon i 1 6 Figure 2 1 NetXplorer Application Server Registration Dialog sornvvnvnvnnvnnnrnrnrnenvnenvnrnvernvene 2 2 Figure 2 2 NetEnforcer Properties New Dialog sonrronnrnvvnnvvnnvnvnvnrnrnrvrnsersvenrssnensnvnsnvnsnvennvene 2 3 Figure 2 3 NetEnforcer Properties Import Dialog oonrronvronvnnnvnrnvnrnrarvrnreresenrnenrnsnvnsnvnsnvennvene 2 4 Figure 2 4 Monitoring Collector Properties New Dialog anvrnnvnnnvvnnvvnnnvnenvnnnrrsnrnsnvnsnvnrnveenvene 2 5 Figure 2 5 Monitoring Collector Properties New Dialog anvrnnvnnnvvnnvvnnnvnnnvnnnrrenrnsnvnsnvnsnvennvene 2 6 Figure 2 6 Collector Group Properties New Dialog nrrnvvnnvvnnnvnnvnrnvnrvrnserrsenrnenensnvnnnensnrernseee 2 7 Figure 2 7 SMP Properties New Dialog cei ceeceeceeseeeseeeeeeeseeeseecsaecsaecsaecsaecsseeeseeeseseaaeenaes 2 8 Figure 2 8 SMP Group Properties New dialog rrronvronvvrnvvnnvvnvnvnrnvnrnrnrvraserasensrenensnvnenves
9. QoS is an action applied to a connection when the conditions of a filter are satisfied The QoS specified can include the following e Prioritized Bandwidth Delivers levels of service based on class levels During peak traffic periods the NetXplorer will slow down lower priority applications resulting in increased bandwidth delivery to higher priority applications e Guaranteed Bandwidth Enables the assignment of fixed minimum and maximum amounts of bandwidth to specific Pipes Virtual Channels and connections By borrowing excess bandwidth when it is available connections are able to burst above guaranteed minimum limits up to the maximum guaranteed rate Guaranteed rates also assure predictable service quality by enabling time critical applications to receive constant levels of service during peak and non peak traffic periods e Reserved Bandwidth on Demand Enables the reservation of the minimum bandwidth from the first packet of a connection until the connection ends This is useful when the bottleneck is not at the link governed by NetEnforcer By limiting other connections non guaranteed NetEnforcer reserves enough bandwidth for the required Pipe or Virtual Channel NetXplorer Administration Guide Chapter 1 Getting Started e TOS Marking Enables the user to set the ToS bytes in the transmitted frame according to the DiffServ standard or free format e Access Control Determines whether a connection is accepted dr
10. ent_normal ent_accuracy ent_history isp_normal isp_accuracy isp_history NetXplorer Server service or STC LTC database should be restarted Example 7ALLOT_HOME bin stc_profile_upd bat isp_accuracy NetXplorer Administration Guide 5 5 Chapter 5 Appendices Command Line Interface CLI The CLI enables you to modify the NetEnforcer database from a command line The CLI supplies a set of commands to add change rename and remove NetEnforcer entities such as Pipes Virtual Channels or other Catalog entries and change the configuration of NetEnforcer You can also use the CLI to set system parameters and device settings Scripts Scripts can contain CLI commands in order to automate the data entry process Provisioning CLI To use the provisioning CLI 1 Unzip the file lt VERSION NUMBER gt RnD WSCli zip on the NetXplorer Software CD to a folder on the computer from which you wish to access the statistics The newly created folder contains 3 batch files topologyCLI bat policyCLI bat and catalogsCLI bat Each of these files needs to be edited Open a bat file using a text editor Look for the Dserver parameter It is set by default to the local host 127 0 0 1 Change the value to the IP Address of the NetXplorer Server you wish to work with The Net Xplorer server must be configured to allow your computer to use its web services On the NetXplorer server machine go to lt allot home gt
11. n cfg t full sa change_sched ni lt VALUE gt nt lt UNIT OF TIME gt For example to set a period of 20 hours between full backups enter the following command db maint a backup status n cfg t full sa change_sched ni 20 nt hours To change the backup directory 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n cfg sa change_dir nd lt NEW LOCATION PATH gt For example to change the database directory to cfg1 enter the following command db_maint a backup status n cfg sa change dir nd D backup cfg1 4 8 NetXplorer Administration Guide Chapter 4 Database Management To change the number of generations 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db_maint a backup status n cfg sa change gen ng lt VALUE gt Restoring CFG Tables To check the hot backup parameters I Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db_maint a backup status n cfg sa list The backup parameters will indicate the generation numbers of the backups The increment number must be found in the correct folder under the backup folder for example D Al
12. 13 Chapter 4 Database Management Check the allot Itc txt allot_stc txt log files located under Allot Home Directory Logs in order to verify that NetXplorer services are not running The following lines should appear in both allot Itc txt allot_stc txt log files Disable all events End of current events 2 Open a Microsoft DOS window on the NetXplorer Server 3 Open the Allot Bin directory by default D Allot bin 4 Atthe prompt enter the following command db maint a restore n stc s lt D Allot backup stc or LOCATION PATH gt g lt GENERATION NUMBER gt i 0 d lt D Allot data db stc or LOCATION PATH gt 5 Restart the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Start from the drop down menu 4 14 NetXplorer Administration Guide Chapter 4 Database Management Backing up LTC Tables To perform a full hot backup manually 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db_maint a backup n Itc t full To check the hot backup parameters 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint
13. Registration Device and Network Management Monitoring Collectors Management Database Maintenance This document defines the main concepts and describes the various activities related to the installation and configuration of NetEnforcers and the NetXplorer Monitoring Collectors as well as the main tasks associated with Database Maintenance such as backup and restore changing location and installing the NetXplorer on a remote data base NetXplorer Administration Guide 1 7 Chapter 2 Configuration Overview This chapter describes the processes used to configure add and change NetEnforcers and other devices as well as how to register and maintain users The NetXplorer once installed on the network enables the central configuration of managed NetEnforcers and Monitoring Collectors It has an easy GUI interface that provides access to all the devices via a device tree All available configuration parameters can be accessed via the GUI Monitoring Collectors may be added between the NetXplorer Servers and the NetEnforcers in order to support sparse and remote geographic regions In order to manage more than one NetEnforcer device using NetXplorer the NetXplorer Server must be enabled by entering the appropriate key This key may be entered at installation or at any time following For more information concerning the NetXplorer Server contact Allot Customer Support at support Q allot com NOTE Once the NetXplorer is inst
14. Request Scope Limiter Most active default 0 ScopeLimiterType Enterprise 0 ScopeLimiterType NetEnforcer 1 ScopeLimiterType Line 2 ScopeLimiterType Pipe 3 ScopeLimiterType Virtual Channel 4 scopeLimiterArray lt ScopeLimiterList gt Scope Limiter List 50 NE Line Pipe Vc NE Line Pipe Vc isAllOthers Most Active req All Others splitter lt splitterId gt Most Active req Display Separately for each element SplitterType Host 1 Splitter Type Protocol 2 SplitterType Subscriber 7 Splitter Type NetEnforcer 3 SplitterType Line 4 SplitterType Pipe 5 Splitter Type Virtual Channel 6 NetXplorer Administration Guide 5 25 Chapter 5 Appendices resolution lt resolutionId gt Request Resolution default 1 AggregationResType Level 0 1 AggregationResType Level 1 2 AggregationResType Hour 3 AggregationResType Day 4 AggregationResType Month 5 serviceFilerArray lt serviceFilterList gt Service Filter List 50 serviceld serviceld adjustTime Adjust Time Links Format NE Line Pipe Vc NE Line Pipe Vc Template NE Line Pipe Vc InstanceType instance Value 1 NE Line Pipe Vc simple VC 1 2 3 4 simple Line 1 2 0 0 2 NE Line Pipe Vc Template VC Template 1 2 3 4 T Pipe Template 1 2 3 0 T 3 NE Line Pipe Vc InstanceType instance Value VC Instance 1 2 3 4 2 9999 Pipe Instance 1 2 3 0 1 9999 InstanceType Pipe 1 InstanceType
15. a way of classifying traffic and consists of one or more sets of Conditions and a set of actions that apply when all of the Conditions are met A Virtual Channel is defined within a Pipe and cannot stand alone A connection matched to a Pipe is further matched to a Virtual Channel according to whether the characteristics of the connection match all of the Conditions of the Virtual Channel Conditions A Condition is defined at the Line level Pipe level or Virtual Channel level NetXplorer matches connections to conditions first at the Line level then at Pipe level and then again at the Virtual Channel level within a Pipe Templates Templates enable you to create a master Pipe or Virtual Channel that upon saving will create multiple Pipes or Virtual Channels similar to one another Templates work with host group entries and LDAP based hosts entries defined in the Host Catalog For example if a host group entry in the Host Catalog called Gold Customers consists of 1 4 NetXplorer Administration Guide Chapter 1 Getting Started Company X Company Y and Company Z you could define a Pipe template to be expanded for Gold Customers This would result in Pipes being created for Company X Company Y and Company Z when the Policy Editor is saved A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual Channels on source destination differentiation This means that you do not need to define similar Pipes and Virtu
16. displayed User Editor User Name Password Confirm PW Role O Administrator O Regular O Monitor Email Phone Description Last Changed Save Cancel Figure 2 18 User Editor 4 Enter the name of the user in the User Name field 2 26 NetXplorer Administration Guide Chapter 2 Configuration NOTE Enter a password for the user in the Password field and then again in the Confirm PW field The user password must be at least six characters in length and include at least one numerical digit Set the permissions level of the user by selecting the radio button for the required role Administrator Regular or Monitor Optional Enter the user s contact information in the Email and phone fields You can also enter a brief description in the designated field Click OK The new user has been added to the list of users in the Users Configuration Editor dialog To edit user information 1 3 4 In the Users Configuration Editor dialog Figure 3 18 select the user whose information you want to edit Click Edit The User Editor dialog is displayed Edit the user parameters as required Click OK To delete a user 1 In the Users Configuration Editor dialog select the user s to be deleted Click Delete A confirmation message is displayed Click Yes to confirm the deletion NetXplorer Administration Guide 2 27 Chapter 2 Configuration Th
17. dynamic ini that were created during installation process and creates empty database in the same place Prior to running the recreate command the NetXplorer Server should be stopped 1 Open the MSDOS command window cmd exe Run from command line ALLOT_HOME bin recreate default db bat lt STCI LTC gt Parameter STC recreate STC database Parameter LTC recreate LTC database As the result of the command execution the following message will appear in the command window 5 2 NetXplorer Administration Guide Chapter 5 Appendices Recreate database lt STCILTC gt successful or failed 3 In case of success the NetXplorer Server will be restarted 4 Incase of failure the NetXplorer Server needs to be reinstalled Pre allocation of additional disk space for DBspaces STC and LTC databases Pre allocating additional disk space is an important way to ensure better performance This operation prevents fragmentation of database files and time consuming disk space allocations After installation there should be for example the following allocated disk spaces STC database SYSTEM 100MB PRELOAD_DB 100MB SEC STAT DB 2GB MIN_STAT_DB 2GB HRS_STAT_DB 2GB INDX_RULE_DB 100MB LTC database SYSTEM 100MB STAT_DB 2GB HRS_STAT_DB 2GB The criteria used to pre allocated size are the number of devices assigned to STC or LTC and the device type Enterprise or SP Recommended for S
18. full hot backup manually 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup n stc t full To check the hot backup parameters I Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n stc sa list The backup parameters will indicate what scheduled backups are enabled when they are scheduled and how many generations will be backed up To schedule a full hot backup for a specific time 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db maint a backup status n stc t full sa change_sched ns lt TIME gt NetXplorer Administration Guide 4 11 Chapter 4 Database Management To set the amount of time between scheduled full hot backups 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup status n stc t full sa change sched ni lt VALUE gt nt lt UNIT OF TIME gt For example to set a period of 20 hours between full backups enter the following command db maint a backup status n stc t full sa change_sche
19. gt Most Active req Sort Based On default 1 StatisticType TotalBandwidth 1 StatisticType BandwidthIn 2 StatisticType BandwidthOut 3 StatisticType LiveConnections 4 StatisticType DroppedConnections 6 StatisticType NewConnections 5 StatisticType PacketsIn 7 StatisticType PacketsOut 8 StatisticType HostCount 9 StatisticType BurstIn1 20 StatisticType BurstIn2 21 StatisticType BurstIn3 22 StatisticType BurstIn4 23 StatisticType BurstIn5 24 StatisticType BurstOut1 25 StatisticType BurstOut2 26 StatisticType BurstOut3 27 StatisticType BurstOut4 28 StatisticType BurstOut5 29 Most Active req Subject capacity default 5 1 50 Most Active req Stack result by element DistributorType NetEnforcer 1 DistributorType Line 2 DistributorType Pipe 3 DistributorType Virtual Channel 4 DistributorType Host 5 DistributorType Protocol 6 DistributorType Subscriber 7 5 24 NetXplorer Administration Guide Chapter 5 Appendices outputFile lt file gt Output file result hostFilerArray lt hostFilterList gt Host Filter List 50 hostIp or hostName hostIp or hostName subjectArray lt subjectDefinerList gt Regular req Subject Definer List Inluded in Graph 50 NE Line Pipe Vc NE Line Pipe Vc or hostIp or hostName hostIp or hostName or serviceld serviceld or hostIpIn hostIpOut hostIpIn hostIpOut scopeLimiter Type lt ScopeLimiterId gt
20. is important to consult with Allot HQ to verify the exact number of collectors required 3 4 NetXplorer Administration Guide Chapter 3 Monitoring Collectors Installing Monitoring Collectors The following steps must be taken in installing Monitoring Collectors e Set the collector s initial parameters e Physically connect the Collector to the network e Add the Collector to the NetXplorer using the NetXplorer user interface e Associate NetEnforcers to the Collector to the NetEnforcer To set initial parameters of the Monitoring Collector I Connect a monitor and keyboard to the appropriate connectors of the Monitoring Collector 2 When prompted enter admin for the login and allot for the password 3 Enter the following command to set the IP address network mask and default gateway go config ips ip lt IP ADDRESS gt lt NETWORK MASK gt g lt DEFAULT GATEWAY gt 4 Change the password by entering the following command passwd 5 When prompted enter a new password between 5 and 8 characters in length anc press lt enter gt 6 Enter the new password again when prompted to confirm the change NetXplorer Administration Guide 3 5 Chapter 3 Monitoring Collectors To add the new Monitoring Collector to the network 1 2 Open NetXplorer In the Navigation pane right click Servers in the Network pane in the Navigation tree and select New Collector from the popup menu The Monitoring Collec
21. lt yyyy_mm_dd_hh_mi gt tar gz will be located in ALLOT_HOME tmp directory Message Example Snapshot zip file D Allot tmp snapshot_2005_10_26_19_09 tar gz is ready How to restore CFG allot_cfg database from the Snapshot File I Install the appropriate NetXplorer version from lt snapshot gt conf install_log txt file 2 From the lt snapshot gt conf dynamic ini file discover the CFG path NetXplorer Administration Guide 5 1 Chapter 5 Appendices 6 After installation reboot the computer and stop the NetXplorer service Restore allot_cfg database using db_maint exe from ALLOT_HOME bin directory using the following command line operation db_maint a restore n cfg t incremental s lt snapshot gt backup_cfg g 1 i lt max incr number 1 22 gt d 7 ALLOT_HOME data db cfg lt max incr number gt max number 1 22 in directory name from lt snapshot gt backup_cfg 1 incremental example 10 Start the NetXplorer service The NetXplorer server is now ready to work with snapshot allot_cfg database Recreate Default Databases This will recreate empty default collectors databases for STC and LTC It is useful for quick collector databases changes Data for the Device table will be loaded from the Application Server CFG database first time the NetXplorer Server service starts This utility removes current database files according to configuration files ALLOT_HOME conf static ini and
22. web are enabled by the key that has been entered it will be indicated after Protocol Updates Enabled 2 2 NetXplorer Administration Guide Chapter 2 Configuration 9 The Maximum number of devices covered by the entered key is indicated 10 Click Save to enter the key and close the dialog box Working with Devices In order for NetXplorer to manage a Device NetEnforcer SMP etc it must be added to the NetXplorer s network and properly configured The IP address of the NetEnforcer is required for this procedure NOTE Initial configuration of the NetEnforcer should be performed on the NetEnforcer via the CLI interface before it is added to the NetXplorer configuration Refer to the hardware manual for the specific NetEnforcer model for details To add a NetEnforcer 1 In the Navigation pane right click Network in the Network of the Navigation tree and select New NetEnforcer from the popup menu OR Select Network in the Network pane of the Navigation tree and then select New NetEnforcer from the Actions menu The NetEnforcer Properties New dialog is displayed Figure 2 2 NetEnforcer Properties New Dialog NetXplorer Administration Guide 2 3 Chapter 2 Configuration 2 Enter the User Name and Password of the NetXplorer administrator and the IP address of the NetEnforcer in the designated fields Assign a Monitoring Collector or Collector Group to the NetEnforcer from the drop down menus Th
23. 0 1 1 Domains Namo I Descnpton Lanois Configuration Network Figure 2 14 Network Configuration SMP Domains tab NOTE This feature is only available with the appropriate key Contact Allot Customer Support at support allot com for more information NetXplorer Administration Guide 2 21 Chapter 2 Configuration Accounting The Accounting tab has parameters for enabling and configuring NetXplorer s centralized accounting management system NetXplorer Accounting collects and consolidates data from multiple NetEnforcer devices to enable users to produce consolidated reports Opsratonai Stats E Enabled Accounting Mose Netxplorer Accounting Mode recommended O Legacy accountng Mode Figure 2 15 Network Configuration Accounting tab NOTE This feature is only available with the appropriate key Contact Allot Customer Support at support allot com for more information The Accounting tab includes the following parameters Parameter Definition Enables Accounting if the correct key has been entered for Enabled Accounting the NetXplorer Server and the Accounting software has been installed NetXplorer Accounting Mode Activates the NetXplorer Accounting Mode 2 22 NetXplorer Administration Guide Parameter Chapter 2 Configuration Definition Legacy Accounting Mode Export Directory Time to Keep Interval Activates the NetEnforcer Legacy Accounting Mode For
24. Appendices Options Argument Name Option Remarks tubeDeviceName Device Name Only active devices tubeType Tube Type line pipe VC tubeName Tube Name tubeOffset Tube Offset location First filter is offset 0 tubeLineName Tube Line Name tubePipeName Tube Pipe Name tubeld Tube ID tube VcName Tube VC Name tubePolicyld Policy ID Currently all options work with active filterId Filter ID filterDirection Direction 0 Bi 1 Int to Ext 2 Ext to Int filterService Service ID filterServiceGroup Service Group ID filterExternalHost External Host ID filterExternalHostGroup External Host Group ID filterInternalHost Internal Host ID filterInternalHostGroup Internal Host Group ID filterTime Time Catalog ID filterTos Filter Tos ID filterVlan Vlan ID actionQos Qos ID NetXplorer Administration Guide 5 9 Chapter 5 Appendices Argument Name Option Remarks actionDos Dos ID actionTos Action Tos ID actionAccess Action Access actionId Action ID alarmed alarm ID alarmActionId alarms action ID alarmAlertId Alarms Alert ID alarmParams Alarm Params Add Tube policy CLI addTube Required Arguments o tubeDeviceName Device Name o tubeType Tube Type line pipe VC o tubeName Tube Name unique in its level o tubeOffset Tube Offset starting at 0 o tubeLineName required for pipe and VC only o tubePipe
25. Collector Properties Update To add a Collector Group Collector Groups are made up of two Collectors providing 1 1 redundancy for each other 1 In the Navigation pane right click Servers in the Network pane of the Navigation tree and select New Collector Group from the popup menu The Collector Group Properties New dialog is displayed 3 8 NetXplorer Administration Guide Chapter 3 Monitoring Collectors Collector Group Properties New Name m Collector Group Associated NetEnforcers Collector 1 None v Collector 2 None v Save Cancel Figure 3 6 Collector Group Properties New Dialog 2 In the Collector Group tab Select the two Collectors already part of the network to be included in the group Collector 2 will act as the backup for Collector 1 3 Those NetEnforcer s associated to the added Collectors will be listed in the Associated NetEnforcers tab 4 Click Save The Collector Group is added to the Navigation tree The Add Collector Group operation can take up to a couple of minutes to complete Configuring Monitoring Collectors To configure the Monitoring collector you will use two dialogs The first is the Configuration dialog and the second is the Properties dialog To configure the Collector s Settings Configuration 1 In the Navigation pane right click the Collector and select Configuration The configuration window for that collector is displayed NetXp
26. Domains page 2 18 e Accounting page 2 22 e Protocol Updates page 2 24 2 14 NetXplorer Administration Guide Servers Chapter 2 Configuration The Servers tab includes the parameters that enable the SMTP server to send reports and handle alarm actions Figure 2 12 Network Configuration Servers The Servers tab includes the following parameters Parameter Definition SMTP Server IP The IP address of the SMTP server that is used for emailing Address alarms and reports Enable SMTP Select this box to require the SMTP Server listed in the Server field above to be authorized Authorization details are Authorization entered in the following fields SMTP User Name The user name defined for the SMTP server SMTP Password The password to be used for the defined SMTP username NetXplorer Administration Guide 2 15 Chapter 2 Configuration Parameter Definition Confirm Password From Email Address for Dispatched Alarms amp Reports The password to be used for the defined SMTP username When assigning a password the password is entered again here for confirmation The Email address that will be shown as the source of any notifications of Alarms or Events 2 16 NetXplorer Administration Guide Chapter 2 Configuration SNMP v3 The SNMP v3 tab includes parameters that enable secure communications between NetXplorer and the NetEnforcers Secure communications can be configured t
27. Name required for VC only Optional Arguments if not specified defaults apply o All filter options except filterId o All action options except actionId o All alarm options except alarmed An example of Add Tube 5 10 NetXplorer Administration Guide Chapter 5 Appendices addTube tubeDeviceName 73 tubeType line tubeOffset 11 tubeName newLine Add Filter policyCLI addFilter Required Arguments o tubeDeviceName o tubeType o tubeLineName o tubePipeName Required for pipe and VC o tubeVcName Required for VC only Optional Arguments o All filter options except filterId Add Alarm policyCLI addAlarm Required Arguments o tubeDeviceName o tubeType o tubeLineName o tubePipeName Required for pipe and VC o tube VcName Required for VC only o alarmActionId o alarmAlertId Optional Arguments o alarmParams NetXplorer Administration Guide 5 11 Chapter 5 Appendices List Tube policyCLI listTube Required Arguments o tubeDeviceName o tubeType o tubeLineName o tubePipeName o tubeVcName List Policy policyCLI listPolicy Required Arguments O deviceld Delete Tube Filter Alarm PolicyCLI deleteTube deleteFilter deleteAlarm Required Arguments O O O tubeDeviceName tubeType tubeLineName tubePipeName tube VcName filterId alarmld An example of Delete Tube Required for pip
28. SEQUENTIAL DAMAGES OF ANY KIND REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT TORT INCLUDING NEGLIGENCE STRICT LIABILITY OR OTHERWISE INCLUDING BUT NOT LIMITED TO LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Copyright Copyright 1997 2008 Allot Communications All rights reserved No part of this document may be reproduced photocopied stored on a retrieval system transmitted or translated into any other language without a written permission and specific authorization from Allot Communications Ltd Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies and are used only for identification or explanation and to the owners benefit without intent to infringe Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd Printing History First Edition February 2007 Second Edition July 2007 Third Edition May 2008 NetXplorer Administration Guide Important NOC cicissssecseissercccecseenessuncessdecssesevcnseessvecsdennesvecessvacesseccenscdsevecssesnssoctsseenssdeensvinccseseeeeds ii Printing FISCOLY ss issecscccassiesccsnsessecsesseacesectsiccssseotessesessednsssensesusdssedees edsesesesdeaeesd oresar Saep Eass treia ii CHAPTER 1 GETTING STARTED iociscceccoviasscdevsccseccceascetebendecseacsyetdevecdsecsvensteecseane
29. TC SYSTEM 1GB PRELOAD DB 100MB 400MB per device SEC STAT DB 1GB 4GB per device MIN STAT DB 2GB 4GB per device HRS STAT DB 2GB 6GB per device INDX RULE DB 100MB 400MB per device Recommended for LTC SYSTEM 1GB HRS STAT DB 1 3GB 9 2GB per device STAT DB 1GB 7GB per device The deployment for Windows NetXplorer Administration Guide 5 3 Chapter 5 Appendices n directory Z7ALLOT_HOME bin db_allocation vbs run_db_allocation bat n directory Z7ALLOT_HOME conf dbspaces_stc txt dbspaces_Itc txt The deployment for Linux In directory ALLOT HOMBE bin post_install_stc sh In directory ALLOT HOME conf dbspaces_stc txt Usage Edit the dbspace size definition file dbspaces_stc Itc txt set required size for pre allocation per each dbspace in megabytes MB or gigabytes GB For Windows Open MSDOS command window cmd exe Run from the command line 7ALLOT_HOME bin run db allocation bat stc Itc The message which appears after the command is finished looks like See dbspace allocation log in 7 ALLOT_HOME tmp install db_allocation_stc Itc log After finishing it is recommended to defragment the disk Use Programs gt Accessories gt System Tools gt Disk Defragmenter program For Linux Run ALLOT_HOME bin post_install_stc sh The messages which appears while the script runs is alter dbspace space name add space_size Reduction P
30. Unreachable Collector Reported Device Reachable Invalid Bucket Time in Collector Collector 1V reported invalid bucket time on device 2V Time difference is 3V seconds Valid Bucket Time in Collector Collector 1V reported that invalid bucket time on device 2V is resolved Invalid Bucket in Collector Collector 1V reported bucket out of sync on device 2V Real Time Bucket Overload in Collector Short term Bucket Overload in Collector Bucket Validated in Collector Collector 1V reported that bucket out of sync condition on device 2V is fixed Invalid Bucket Time in Collector Collector 1V reported invalid bucket time on device 2V Time difference is 3V seconds Valid Bucket Time in Collector Collector 1V reported that invalid bucket time on device 2V is resolved Real Time Short term Bucket Overload in Collector Bucket Overload in Collector Finished Long Term Collector Reported Short Term Collector Unreachable Long Term Collector Reported Short Term Collector Reachable 5 30 NetXplorer Administration Guide Chapter 5 Appendices e Invalid Bucket Time in Collector Long Term Collector 1V reported invalid Short Term bucket time on device 2V Time difference is 3V seconds e Valid Bucket Time in Collector Long Term Collector 1V reported that invalid Short Term bucket time on device 2V is resolved e License expiration warning Server license is about to expire in 1V days e Licens
31. Virtual Channel 2 Examples 5 Most Active NEs on Level0 resolution monitorCLI mostActive subject 1 resolution 1 time 22 11 2005 11 20 00 5 Most Active Hosts on Days resolution scope limited to NE 32 amp 37 monitorCLI mostActive subject 5 longTermRequest resolution 4 time 20 11 2005 00 00 00 23 1 1 2005 23 59 59 scopeLimiterType 1 scopeLimiterArray 32 0 0 0 37 0 0 0 5 26 NetXplorer Administration Guide Chapter 5 Appendices 10 Most Active VCs on Level resolution scope limited to NE 32 stack result by Protocol monitorCLlI subjectCapacity 10 mostActive subject 4 resolution 1 time 22 11 2005 11 20 00 22 11 2005 11 25 00 scopeLimiterArray 32 0 0 0 distributor 6 Statistics on NE 37 last SMin on Level0 resolution monitorCLI subject 1 resolution 1 time 22 11 2005 11 20 00 22 11 2005 11 25 00 subjectArray 37 0 0 0 Pipes Distribution on Network last 5Min on Level0 resolution monitorCLI subject 3 resolution 1 time 22 11 2005 11 20 00 22 11 2005 11 25 00 scopeLimiterType 0 scopeLimiterArray 0 0 0 0 Statistics on VC Instance 37 1 1 1 2 42 last 5Min on LevelO resolution monitorCLI subject 4 resolution 1 time 22 11 2005 11 20 00 relativeTimeUnit 2 subjectArray 37 1 1 1 2 42 Use regular monitor request file amp create monitor result file csv format monitorCLI inputFile c monitor_cli monitor42060 req outputFile c monitor_cli monitor42060 csv Use most active monitor
32. a mind for networks 9o OC 8 8 NetXplorer Centralized NetEnforcer Management Software Administration Guide P N 0354005 R3 All t communications NetXplorer Centralized NetEnforcer Management Software Administration Guide P N D354005 R3 All t communications NetXplorer Administration Guide Important Notice Allot Communications Ltd Allot is not a party to the purchase agreement under which NetEnforcer was purchased and will not be liable for any damages of any kind whatsoever caused to the end users using this manual regardless of the form of action whether in contract tort including negligence strict liability or otherwise SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES ALLOT ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT Please read the End User License Agreement and Warranty Certificate provided with this product before using the product Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL EXEMPLARY INDIRECT INCIDENTAL OR CON
33. al Channels when the only difference between them is the IP address in the source or destination NetXplorer Architecture This section introduces the NetXplorer concept and explains its components and architecture NetXplorer uses a highly scalable architecture that enables the monitoring of all NetEnforcer devices from a single user interface In addition NetXplorer can utilize distributed monitoring collectors which increase the scalability of your deployment The collectors gather short term network usage statistics from the NetEnforcers NetXplorer s server based distributed architecture consists of four tiers multiple NetEnforcers and associated distributed collectors a NetXplorer server and GUI clients NetXplorer Administration Guide 1 5 Chapter 1 Getting Started GUI Client GUI Client NetXplorer Server Short term Short term Short term NetXplorer Dat NetXplorer Data NetXplorer Data ollector Collector EI Optional Figure 1 1 System Architecture NetXplorer architecture consists of four layers 1 NetEnforcer layer NetEnforcers are the traffic management devices that inspect and monitor network traffic There can be one or more NetEnforcers on a network They manage network policies and collect network usage data 2 Monitoring Collectors Monitoring collectors increase scalability by supporting large numbers of NetEnforcers or NetEnforcers installed in remote geographic locations Monitori
34. alled you should pre allocate disk space for the monitoring information that will be collected Please see Chapter 4 Database Management To enable NetXplorer Server 1 Select Tools gt NetXplorer Application Server Registration from the NetXplorer Menu bar The Net Xplorer Application Server Registration dialog box appears NetXplorer Administration Guide 2 1 Chapter 2 Configuration 2 NetXplorer Application Server Registration Figure 2 1 NetXplorer Application Server Registration Dialog 2 Enter the Server Registration Key and Serial Number provided by Allot to enable the NetXplorer Server functionality 3 An Expiration Date will be generated automatically after clicking Save 4 If Subscriber Management is enabled by the key that has been entered it will be indicated along with the type and the maximum number of subscribers after SMP Enabled For more information see the SMP User Guide 5 If Policy Provisioning is enabled by the key that has been entered it will be indicated along with the maximum number of accounts after NPP Enabled For more information see the NPP User Guide 6 If Classification of Hosts by Country is enabled by the key that has been entered it will be indicated after Host Catalog Country Classification Enabled 7 If Accounting information is enabled by the key that has been entered it will be indicated after Accounting Enabled 8 If Service Catalog updates via the
35. ase Management Check the allot Itc txt allot_stc txt log files located under Allot Home Directory Logs in order to verify that NetXplorer services are not running The following lines should appear in both allot Itc txt allot_stc txt log files Disable all events End of current events 2 Open a Microsoft DOS window on the NetXplorer Server 3 Open the Allot Bin directory by default D Allot bin 4 Atthe prompt enter the following command db maint a restore n Itc s lt D Allot backup ltc or LOCATION PATH gt g lt GENERATION NUMBER gt d lt D Allot data db ltc or LOCATION PATH gt 5 Restart the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Start from the drop down menu NetXplorer Administration Guide 4 17 Chapter 5 Appendices Troubleshooting Snapshot of all log files This will prepare a zip file that contains log and configuration files from all NetXplorer components Application Server Collector Databases the last backup of the CFG configuration allot_cfg database To Use Open MSDOS command window cmd exe Run from command line ALLOT_HOME bin create_snapshot_logs bat A message will appear in the command window indicating that the snapshot was taken successfully and its location Zip file snapshot_
36. cific time 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 At the prompt enter the following command db maint a backup status n cfg t incremental sa change_sched ns lt TIME gt 4 6 NetXplorer Administration Guide Chapter 4 Database Management To set the amount of time between scheduled incremental hot backups I Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Enter the following command db maint a backup status n cfg t incremental sa change_sched ni lt VALUE gt nt lt UNIT OF TIME gt For example to set a period of 2 hours between incremental backups enter the following command db_maint a backup status n cfg t incremental sa change_sched ni 2 nt hours To schedule a full hot backup for a specific time I Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup status n cfg t full sa change_sched ns lt TIME gt NetXplorer Administration Guide 4 7 Chapter 4 Database Management To set the amount of time between scheduled full hot backups 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status
37. d ni 20 nt hours To change the hot backup directory 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup status n stc sa change dir nd lt NEW LOCATION PATH gt For example to change the database directory to cfg1 enter the following command db maint a backup status n cfg sa change_dir nd D backup cfg1 4 12 NetXplorer Administration Guide Chapter 4 Database Management To change the number of generations 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db_maint a backup status n stc sa change gen ng lt VALUE gt Restoring STC Databases To check the hot backup parameters 1 Open a Microsoft DOS window on the NetXplorer Server 2 Open the Allot Bin directory by default D Allot bin 3 Atthe prompt enter the following command db maint a backup status n stc sa list The backup parameters will indicate the generation numbers of the backups To restore the database 1 Stop the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Stop from the drop down menu NetXplorer Administration Guide 4
38. e and VC Required for VC only Required for pipe and VC Required for VC only For delete Filter only For delete Alarm only 5 12 NetXplorer Administration Guide Chapter 5 Appendices deleteTube tubeType vc tubeDeviceName 73 tubeLineName Fallback tubePipeName Fallback tubeVcName vv1 Update Tube policyCLI updateTube Required Arguments o tubeDeviceName o tubeType o tubeLineName o tubePipeName Required for pipe and VC o tubeVcName Required for VC only o filterId If filter fields were modified o alarmid if alarm fields were modified Optional Arguments o tubeName o All filter options o All alarm options All action options An example of Update Tube updateTube tubeDeviceName 73 tubeType vc tubeLineName newLine tubePipeName newPipe tubeVcName newVc actionTos Best Effort Catalogs The Catalog CLI Syntax is catalogCLI lt action gt lt catalog gt lt option gt lt value gt Catalogs NetXplorer Administration Guide 5 13 Chapter 5 Appendices o tos o dos o qos o vlan o alert o action o time o host o host group o service o service group Actions o help o list all o get o add o delete o update Options Global Argument Name Option Remarks name Catalog name access right Access right 0 read only 1 provisioned user 2 super user 3 super provisioned user 5 14 NetXplorer Administra
39. e is expired Server license of NetXplorer has expired e Server license registered e Clear license expiration warning e Device policy replaced with rescue policy e Policy data is not synchronized on device e Collector Reported Disk Space Problem e Collector Reported Disk Space Problem Fixed e Long Term Collector Reported Disk Space Problem e Long Term Collector Reported Disk Space Problem Fixed e AS does not support device software version e Over subscription has occurred e Device was deleted from system e Collector was deleted from system e Catalog action failed e Configuration Database Incremental Backup failed e Configuration Database Full Backup failed e Short Term Collector Reported Database Full Backup failed e Long Term Collector Reported Database Full Backup failed NetXplorer Administration Guide 5 31 Chapter 5 Appendices 5 32 NetXplorer Administration Guide
40. e user is no longer able to access the NetXplorer WARNING There must be at least one Administrator user in the system 2 28 NetXplorer Administration Guide Chapter 3 Monitoring Collectors Overview Allot s NetXplorer utilizes Distributed Monitoring Collectors The collectors gather short term network usage statistics from the NetEnforcers The clearest reason to use distributed monitoring collectors is to increase the scalability of your deployment Each collector can support several NetEnforcers By deploying distributed collectors you can increase the total number of NetEnforcers supported by a single NetXplorer server This is possible because the NetXplorer can now split the storage of the real time monitoring data between several short term databases A second reason for using distributed monitoring collectors is to overcome connectivity issues in distributed networks In order to support data collection the line speed between the NetEnforcer and the collector must be at least 1OMbps mainly for the high throughput devices such as AC 1000 and 2500 If you are working with a low throughput device for example an AC 400 with 2 or 10 Mbps statistics can be collected over slower connections without the need for distributed collectors Up until now the collectors have always been situated on the NetXplorer server However some cases the networks have topology that does not allow for a 10Mbps line between the NetEnforcer and the s
41. ecified e to delete user only SecurityName and SecurityModel can be specified e Group enter view snmp command to see existing groups e Security Model values are any v1 v2c usm e Auth protocol values are usmNoAuth umHMACMDS usmHMACSHA e Priv protocol values are usmNoPriv usmDES usmIDEA usmAES128 usmAES192 usmAES256 NetXplorer Administration Guide 2 19 Chapter 2 Configuration pass_change lt SecurityName AuthProtocol PrivProtocol gt change snmp agent user pass phrase Auth protocol values are uumHMACMDS usmHMACSHA Priv protocol values are usmDES usmIDEA usmAES 128 usmAES192 usmAES256 trap target lt Prefix gt lt TARGET gt lt Prefix gt lt TARGET gt add delete trap targets TARGET format lt Name SecurityName Security Model MPModel SecurityLevel IP Port gt default port 162 e Prefixes e to add trap target all parameters must be specified except port number e to delete trap target in this case only Name can be specified e MP Model values are v1 v2c v2u v3 NetXplorer Administration Guide 2 20 Chapter 2 Configuration SMP Domains The SMP Domains tab allows the definition of SMP IP Domains and SMP Subscriber Domains for use with the Allot Subscriber Management Platform For further information see the SMP User Guide Servers SNMP v3 SMP Oomains Accounting Protocol Updates SMP IP Domains Domain Name Oescnpaca amp RangesiSubnats ass 199 1
42. ecsaecsaecsaeceseceseceeeseeeeseeeeeeeeaes 3 5 Configuring Monitoring Collectors scccsccsssscssssscsssscsssscsssscssscscssssssssscssssssssssssssssssessesss 3 9 Command Line Winter tacesiecccicecsisceiestcsccessececesssedsssestboncsestedncspasscatsevsesonsestdonscestececsestssocns sondones 3 13 Troubleshooting the Collector senene ninina eiii ia ai eia 3 14 CHAPTER 4 DATABASE MANAGEMENT seeossvvesssvsessvvsesssvseseseesnssessnsssssnsessnnseee 4 1 Backing Up and Restoring the Database essoescocssocssessscesscsssesssecssecssecesecesccesocesocesocesocesoseso 4 1 B ckup Termsunusasnseksanedsen ke E a E a EEE Aae es 4 1 Redundancy esent oae EE re SE 4 2 Backup Types aeree a e EE E EAA Eroe A EREE rO REE NO OE TETO EE oea ETna 4 2 CHAPTER 5 APPENDICES ccccciinssccesstsacudecucnssvecdecdenaccgeavecsevansdunecssenudseavebeinscctenatenrnace 5 1 NetXplorer Administration Guide iii Troubleshooting vos isssssseacossescscksessssdevsenssnsetesesceosesdsusesoossceesesdcedescenscnesaceedsscossdeesueccedeseassabesessoesnse 5 1 Snapshot Of all log TOs is sss s208 cote she se nen dons sset tages sets steda bes iecs er E EE eE ee EA Erare eia 5 1 How to restore CFG allot_cfg database from the Snapshot File ronvrrnvnrnvnrvrarvrnrenrvrnnnsnne 5 1 Recreate Default Databases ceneri etereo aie eet dale a ee ites 5 2 Reduction Profile Updates eis psp agere tee totes bebb a EEEE 5 4 STC TC Profle Updater uansett ae een 5 5
43. er Administration Guide Chapter 4 Database Management Cold Backup To perform a Cold backup 1 Stop the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Stop from the drop down menu Check the allot Itc txt allot_stc txt log files located under Allot Home Directory Logs in order to verify that NetXplorer services are not running The following lines should appear in both allot Itc txt allot_stc txt log files Disable all events End of current events 2 Copy Allot Home Directory data db folder to a backup directory 3 Restart the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Start from the drop down menu To restore the Cold backup 1 Stop the NetXplorer Service NetXplorer Administration Guide 4 3 Chapter 4 Database Management Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Stop from the drop down menu Check the allot_Itc txt allot_stc txt log files located under Allot Home Directory Logs in order to verify that NetXpl
44. erver This can happen for example when the network is spread out over remote geographical locations In such cases the use of collectors is necessary The line between the NetEnforcers and their collectors will be at least 10Mbps The line between the collectors and the NetXplorer server can be of lower capacity however a collector is needed for each network zone that cannot guarantee a 10Mbps connection to the server A third reason for deploying distributed monitoring collectors is redundancy If a collector is unavailable data from the NetEnforcers which this collector supports can automatically be collected by a defined backup collector NetXplorer Administration Guide 3 1 Chapter 3 Monitoring Collectors Data Collection Process In a NetXplorer implementation which does not include external collectors the NetXplorer server has its own internal short term collector NOTE This short term collector cannot be deleted even if there are external collectors Traffic statistics are collected in buckets There are 30 second buckets and 5 minute buckets The buckets are imported into the database by the collector per sample period In a NetXplorer implementation which does not include external collectors the buckets are loaded into the short term database located on the NetXplorer every 30 seconds or 5 minutes Long term buckets are created every hour on the NetXplorer and are then loaded into the long term database on the same mach
45. f the Navigation tree and select New SMP from the popup menu OR Select Servers in the Network pane of the Navigation tree and then select New SMP from the Actions menu The SMP Properties New dialog is displayed NetXplorer Administration Guide 2 7 Chapter 2 Configuration NOTE SMO Properths NOW IK Name IP Address Subscriber Mapping Subscriber Mapping Short Term C Figure 2 7 SMP Properties New Dialog Enter the Name and IP address of the SMP Select the SMP Type using the radio buttons Select either Subscriber Mapping Subscriber Mapping Short Term Collector or Subscriber Mapping Short Term Collector Quota Management Click Save The SMP is added to the Navigation tree The Add SMP operation can take up to a couple of minutes to complete For more information concerning SMPs see the Allot SMP User s Manual To add an SMP Group NOTE This feature is only available with the appropriate key Contact Allot Customer Support at support allot com for more information In the Navigation pane right click Servers in the Network pane of the Navigation tree and select New SMP Group from the popup menu The SMP Group Properties New dialog is displayed 2 8 NetXplorer Administration Guide NOTE NOTE Chapter 2 Configuration SMP Group Properties New Name SMP Group1 SMP Group Associated NetEnforcer Groups Device Subscriber Capacity
46. forcer is displayed NetXplorer Administration Guide 2 11 Chapter 2 Configuration Status Bypass Semng Remote Bypass Power Supply Fans Figure 2 11 NetEnforcer Configuration 2 Configure the NetEnforcer parameters as required 3 Click a or select Save from the File menu to save the changes to the NetEnforcer configuration NOTE For detailed descriptions of the parameters in each of the NetEnforcer Configuration tabs refer to NetEnforcer Configuration Parameters in the NetXplorer Operations Manual The NetEnforcer Configuration parameters available in the NetEnforcer Configuration window are grouped on the following tabs General indicates the NetEnforcer s bypass status Identification and Keys includes parameters that provide system information and activation keys e SNMP enter the contact person location system name and description for SNMP purposes e Security includes security and authorization parameters 2 12 NetXplorer Administration Guide Chapter 2 Configuration e NIC includes parameters to configure the system interfaces to either automatically sense the direction and speed of traffic or use default parameters as well as parameters to define ports e Networking includes parameters that enable you to configure network topology e IP Properties enables you to modify the IP and host name configuration of your network interfaces as well as the DNS and connection co
47. ick OK The NetEnforcer is added to the Navigation tree The Import NetEnforcer operation can take up to a couple of minutes to complete To add a Monitoring Collector 1 In the Navigation pane right click Servers in the Network pane of the Navigation tree and select New Collector from the popup menu OR Select Servers in the Network pane of the Navigation tree and then select New Collector from the Actions menu The Monitoring Collector Properties New dialog is displayed IP Address IP Address No Backup O On Failure Transfer to Figure 2 4 Monitoring Collector Properties New Dialog NetXplorer Administration Guide 2 5 Chapter 2 Configuration 2 On the General tab enter the Name and IP address of the Monitoring Collector 3 In the Backup if Monitoring Collector Fails area select one of the two radio buttons No Backup or On Failure Transfer To If On Failure Transfer To is selected select the backup Monitoring Collector from the drop down menu Monitoring Collector Properties Update Name Short Term C Figure 2 5 Monitoring Collector Properties New Dialog 4 Inthe Associated NetEnforcers tab a list of all NetEnforcers transmitting monitoring information to this Collector appears They are assigned by right clicking on a NetEnforcer in the Network pane and selecting Properties 5 Click Save The Monitoring Collector is added to the Navigation tree The Add Monito
48. ine Implementations with external monitoring Collectors also collect samples in 30 second buckets and 5 minute buckets The buckets are imported to the collector at every sample period The data contained in the buckets is stored in the short term database of the collector The samples in the Database are aggregated into one hour buckets which are then loaded into the long term database on the NetXplorer once an hour Therefore a NetXplorer implementation that includes external collectors will have additional traffic sent once an hour namely the long term bucket The short term data however arriving every 30 seconds will have a shorter distance to travel This could be of great importance when NetEnforcers do not have constant connectivity to the server External monitoring collectors can significantly lower the burden on the NetXplorer server The monitoring data is saved on the NetXplorer server and can be displayed in the GUI Collector Redundancy In case a collector is unavailable data from the NetEnforcers that this collector supports can automatically be collected by a defined backup collector There are two types of redundancy models possible 3 2 NetXplorer Administration Guide Chapter 3 Monitoring Collectors One type of redundancy model is the N 1 model In this case several collectors are all backed up by a single collector dedicated to this purpose This solution takes into account that the probability of more than
49. is means that the new NetEnforcer will transmit its monitoring data to that Collector or Group only If it does not matter which Collector is used select lt system defined gt If you do not have any Monitoring Collectors on the Network select No Collector Click OK The NetEnforcer is added to the Navigation tree The Add NetEnforcer operation can take up to a couple of minutes to complete To Import a NetEnforcer 1 A NetEnforcer can be imported into NetXplorer if it already exists on the network but has not previously been part of this NetXplorer network or had NetXplorer enabled When a NetEnforcer is imported its policy tables and catalogs remain intact and are imported into the NetXplorer database Select Import NetEnforcer from the Tools menu The NetEnforcer Properties Import dialog is displayed x Figure 2 3 NetEnforcer Properties Import Dialog 2 4 NetXplorer Administration Guide Chapter 2 Configuration 3 Enter the User Name and Password of the NetXplorer administrator and the IP address of the NetEnforcer in the designated fields 4 Assign a Monitoring Collector or Collector Group to the NetEnforcer from the drop down menus This means that the new NetEnforcer will transmit its monitoring data to that Collector or Group only If it does not matter which Collector is used select lt system defined gt If you do not have any Monitoring Collectors on the Network select No Collector 5 Cl
50. l NetEnforcers on the network It provides easy access to devices and configuration parameters via the device tree By enabling real time monitoring of network troubleshooting and problem analysis NetXplorer provides long term reporting for capacity planning tracking usage and trend analysis it allows for the proactive management of traffic and system wide alarms and it allows for the collection and export of auditing data for billing and quota purposes Terms and Concepts This section introduces some of the basic terms and concepts used in NetXplorer NetXplorer NetXplorer is a highly scalable Network Business Intelligence system that centrally manages the NetEnforcer product line It enables strategic decision making based on comprehensive network application and subscriber traffic analysis The NetXplorer server can be installed on any server running Windows Server 2003 or Windows XP SP2 NetXplorer Administration Guide 1 1 Chapter 1 Getting Started NetEnforcer NetEnforcers are the traffic management devices that inspect and monitor network traffic Monitoring Collector The Monitoring Collector is an Allot appliance that can be added between the NetXplorer Servers and the NetEnforcers in order to support large numbers of NetEnforcers or NetEnforcers installed in remote geographic locations QoS QoS Quality of Service is the ability to define a level of performance in a data communications system In NetXplorer
51. lorer Administration Guide 3 9 Chapter 3 Monitoring Collectors The dialog shows the following tabs General View the collector s serial number software version and model General SNMP DateTime P Propertes Secunty Collector Seral Number 015804608 Sotware Version Version M7 3 0 Bulls 15 Model Type Remoto collector Figure 3 7 Collector Configuration Window General Tab e SNMP Add a contact person location and system name for SNMP purposes Note The Collector as well as the NetEnforcer supports SNMP Simple Network Management Protocol that includes standard MIB II traps General SNMP Date Time IP Properties Security Contact Location N System Name System Description NetXplorer Allot communications Figure 3 8 SNMP Tab e Date Time Configure the time zone according to the geographical location of the collector 3 10 NetXplorer Administration Guide Chapter 3 Monitoring Collectors NOTE The NTP server cannot be changed General EN Deere IP Properties Security Date and Time of NetEnforcer Date 24 1 2007 Time 10 43 51 Timezone UTC F NTP Server Primary Server 10 90 90 53 Figure 3 9 Date Time Tab e IP Properties Inset the IP Address Network Mask Default Gateway Host Name Domain Name Primary Server and the Secondary Server NOTE If you change the Collector s IP address you must make the NetXplorer serve
52. lot backup cfg 5 incremental To restore the database 1 Stop the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Stop from the drop down menu NetXplorer Administration Guide 4 9 Chapter 4 Database Management Check the allot Itc txt allot_stc txt log files located under Allot Home Directory Logs in order to verify that NetXplorer services are not running The following lines should appear in both allot Itc txt allot_stc txt log files Disable all events End of current events 2 Open a Microsoft DOS window on the NetXplorer Server 3 Open the Allot Bin directory by default D Allot bin 4 Atthe prompt enter the following command db maint a restore n cfg s lt D Allot backup cfg or LOCATION PATH gt g lt GENERATION NUMBER gt i lt INCREMENT NUMBER gt d lt D Allot data db cfg or LOCATION PATH gt b lt TEMP LOCATION TO KEEP CURRENT CONFIGURATION gt 5 Restart the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Start from the drop down menu 4 10 NetXplorer Administration Guide Chapter 4 Database Management Backing up STC Databases To perform a
53. more information concerning Legacy Accounting see the appropriate NetEnforcer Hardware Guide for your device s Defines the location of the Export Directory where the processed files containing the collected Accounting information are located The time period in hours that the Accounting Manager holds the processed information 24 hour default Defines the time interval that the SMP accumulates the raw Accounting data before transferring it to the Accounting Manager for processing Every 5 minutes is the default NetXplorer Administration Guide 2 23 Chapter 2 Configuration Protocol Updates The Protocol Updates tab includes parameters that select how often the Protocol Update feature checks to see if a new Protocol Pack is available for the Service Catalog of the NetXplorer and how those updates are handled E Check Allot Web Site for Now Updates Periodic C Automatically install New Updates to Netxplotet Server Figure 2 16 Network Configuration Protocol Updates tab NOTE This feature is only available with the appropriate key Contact Allot Customer Support at support allot com for more information Parameter Definition The number of the Protocol Pack currently installed on the NetXplorer Server Protocol Pack Check Allot Web Site for New Defines how often the Allot Web Site is checked for new Updates Periodic updates 2 24 NetXplorer Administration Guide Chapter 2 Configuration
54. netxplorer jboss 4 0 2 server allot conf Open the file allowedHosts properties with a text editor Add the IP of the machine the CLI is going to be run on in the following format lt IP gt lt IP gt Open cmd and go to the folder to which you extracted the files run the batch files you require and enter CLI commands NetXplorer Administration Guide Chapter 5 Appendices Topology The Topology CLI syntax is topologyCLI lt action gt lt option gt lt value gt lt value gt lt option gt lt value gt lt value gt The following actions are possible 1 addDevice 2 importDevice 3 deleteDevice 4 help Add Device topologyCLI addDevice options o uiName lt value name gt o netAddress lt value ip gt o password lt value password gt Import Device topologyCLI importDevice options o uiName lt value name gt o netAddress lt value ip gt o password lt value password gt Delete Device topologyCLI deleteDevice options o uiName lt value device name gt NetXplorer Administration Guide 5 7 Chapter 5 Appendices Policy The Policy CLI Syntax is policyCLI lt action gt lt option gt lt value gt lt value gt lt option gt lt value gt lt value gt Actions O O help addTube addFilter addAlarm listTube listPolicy deleteTube deleteFilter deleteAlarm updateTube NetXplorer Administration Guide Chapter 5
55. ng collectors are fully managed via the NetXplorer GUL 1 6 NetXplorer Administration Guide Chapter 1 Getting Started Server Layer The NetXplorer server is the actual application which includes the databases and an integrated data collector The NetXplorer server manages and communicates with the different clients that access the system and facilitates NetEnforcer configuration policy provisioning alarms monitoring and reporting The integrated data collector included in the NetXplorer streamlines the required collection of data from the managed NetEnforcer devices The Server layer includes additional servers such as SMP Servers NPP Servers and stand along Accounting Servers User Interface Layer The different clients connected to the NetXplorer Server are the NetXplorer GUI application users Any network computer capable of connecting to the NetXplorer server can support the GUI interface The system offers simple integration with external systems using a wide range of interfaces including SNMP CSV Files for report data export XML and CLI Administration Role NetXplorer uses a role based security model The role defined for each authorized user indicates the scope of operations that can be performed by that user The Administrator role gives Admin users complete read write privileges in the NetXplorer application including read write configuration privileges The main functions of the Administrator role include User
56. ntrol parameters e Date Time includes the date time and NTP server settings for the NetEnforcer Connection Control includes IP and Port Redirection Parameters After modifying configuration parameters you must select Save in order for the changes to take effect The save process prompts a reset of the NetEnforcer Resetting is required to ensure that some saved parameter values are committed and activated on the NetEnforcer Configuring the Network You can configure the parameters of the SMTP server used to send reports and handle alarm actions In addition secure SNMP communications can be configured to include authentication and or encryption To configure the Network 1 In the Navigation pane right click the Network in the Navigation tree and select Configuration from the popup menu OR Select the Network in the Navigation tree and then select Configuration from the View menu OR NetXplorer Administration Guide 2 13 Chapter 2 Configuration Select the Network in the Navigation tree and then click the Configuration icon id on the toolbar 2 Configure the Network parameters in the Network Configuration window as required 3 Click I or select Save from the File menu to save the changes to the NetEnforcer configuration Network Configuration Parameters The parameters available in the Network Configuration window are grouped in the following tabs e Servers below e SNMP v3 page 2 17 e SMP
57. nvesnseee 2 9 Figure 2 9 Device Properties Update dialog rnernrnronrnonvronvrenvvrnvnnnvvnnnnnrnenenrnrvrnsvraseresensssnsssnne 2 10 Figure 2 10 System Message mn je ins dee ae aE E E Deulies EE a 2 11 Figure 2 11 NetEnforcer Configuration s rsnvnnnvnrnvnnnrnrvvarenasnvnenvnnnvnnnvnnenenenenenraseraserasensssnsssnne 2 12 Figure 2 12 Network Configuration Servers srrsnvnsnvnrnvnrnvenenvnrnvnrnvennvenenenenrarnraseraserasenssenn 2 15 Figure 2 13 Network Configuration SNMP V3 rereneronvrrnvrrnvvnnvvnvnvnrnrernraserasersssvsssverserasevssenn 2 17 Figure 2 14 Network Configuration SMP Domains tab eee eeceeeeeeneeeneecnsecnsecnaeeeseeees 2 21 Figure 2 15 Network Configuration Accounting tab ssoranvrrnvnenvnnnrarvrarerarenrnenensnvrsnvnsnvesnnee 2 22 Figure 2 16 Network Configuration Service Catalog Web Updates tab ieee eeeeeeeeees 2 24 Figure 2 17 Users Configuration Editor srrnvonnvvnnnvnnrnnnrnrvrnserasensnenerenvnsnvnsnvesnvennnennesenensvreser 2 26 Figur 2 18 User Editor aininn enan gic et nee A Gk Re Rens 2 26 Figure 3 1 N 1 Collector Redundancy ce ceeeesecssecsseceseceeecsseceseesseeeseesseeeeeeseaeeeaeeeaeeeaaeenaes 3 3 NetXplorer Administration Guide v Figure 3 2 1 1 Collector Redundancy rersnrvvrsvrnvvnrnvenrerrarnennverrarssnsveeveersarnesnrerrarsessvrsvasssnsvesvsenser 3 4 Figure 3 3 Monitoring Collectors Properties dialog General tab rrnrnrnnnrnrvrnrvn
58. o include authentication and or encryption Upon saving any changes made in this SNMP panel all NetEnforcer SNMP agents MUST have the same user name passphrase for authentication if relevant and passphrase for encryption if relevant as indicated in the panel If not SNMP communications failure will result NOTE SNMP must be enabled on the individual NetEnforcers as well as on the network See the NetXplorer Operation Guide for more information Figure 2 13 Network Configuration SNMP v3 The SNMP v3 tab includes the following parameters Parameter Definition SNMP v3 User Name The user name defined for the SNMP Server NetXplorer Administration Guide 2 17 Chapter 2 Configuration Parameter Definition Security Level Passphrase for Authentication Confirm Authentication Passphrase Passphrase for Encryption Confirm Encryption Passphrase Application Server for Receipt of SNMP Traps SNMP Timeout The level of security for communications between the NetXplorer and NetEnforcers Authentication Only No Privacy Implements authentication without requiring encryption No Authentication No Privacy Implements neither authentication nor encryption The passphrase for authentication entered twice for confirmation purposes NOTE These parameters are enabled only if the selected security level includes authentication The passphrase for encryption entered twice for confirmation p
59. one collector failing is very low However it may be difficult to locate the backup collector in close proximity to all of the configured collectors Q g NetXplorer Server Figure 3 1 N 1 Collector Redundancy Where high performance redundancy is of particular importance or where the network topology does not allow for the use of a single collector for backup you will need to use the 1 to 1 redundancy model In this situation each collector has a dedicated backup collector as part of a Collector Group NetXplorer Administration Guide 3 3 Chapter 3 Monitoring Collectors NetXplorer Server g Cin Ki a C llector 1 Collector 2 Collector 3 and Backup and Backup and Backup 6S 6 Oo FE PE FER Figure 3 2 1 1 Collector Redundancy NetXplorer Support Each NetXplorer server can support up to five external short term collectors in addition to its one built in internal collector Each collector can support up to five 5 NetEnforcers of the AC 1000 or AC 2500 series up to ten 10 NetEnforcers of the AC 800 or up to fifteen 15 NetEnforcers of the AC 400 series You can also combine NetEnforcers of different models according to this formula For example one collector can support three AC 1000s and six more AC 400s The NetXplorer s built in short term collector can support additional NetEnforcers according to the same ratios NOTE This is a simple calculation based on a series of conservative assumptions It
60. opped or rejected For example you can specify the following policy accept 1000 ICMP connections to Server and drop the rest A NetEnforcer policy can also be to drop all P2P connections or accept new connections with a lower priority e Admission Control Determines the bandwidth granted to a flow based on your demand for example allocated minimum of 10kbps and the available bandwidth on the line Catalog Editors Catalog Editors enable you to define values to define your policy The possible values for each condition of a filter and for actions are defined in the Catalog entries in the Catalog Editors A Catalog Editor enables you to give a logical name to a comprehensive set of parameters a Catalog entry This logical name then becomes a possible value for a condition or action Lines A Line represents a physical or logical media in the system A line provides a way of classifying traffic that enables you to divide the total bandwidth and then manage every Line as if it was an independent link A Line consists of one or more sets of conditions and a set of actions that apply when all of the conditions are met A line is an address based or VLAN based entity and is not service based A Line can aggregate several Pipes acting like a container of Pipes from a QoS point of view The filter of the Fallback Line cannot be modified or deleted A connection coming into NetEnforcer is matched to a Line according to whether the characteristic
61. orer services are not running The following lines should appear in both allot_Itc txt allot_stc txt log files Disable all events End of current events 2 Restore the database by copying the backup to the following folder Allot Home Directory data db If you get a Confirm Folder Replace pop up window then press Yes to All 3 Restart the NetXplorer Service e Click Start on the Windows Task Bar and select Settings gt Control Panel Double click Administrative Tools and open Services Right click NetXplorer in the list of Services and select Start from the drop down menu Hot Backup Database Types 4 4 NetXplorer Administration Guide Chapter 4 Database Management e Configuration Tables CFG Full backup and periodical incremental backups manually or scheduled Full backup is performed once a day while the incremental backup is performed every hour All values are configurable by the user and can be changed according to requirements e Short Term Collector Database STC Full backups only manually or scheduled STC full backup only backs up a set of files that hold the values kept in key tables such as param but the actual traffic data is NOT saved The restore process therefore recreates a new database from scratch performs a delete and then loads the key tables mentioned e Long Term Collector table LTC Full backups only This is a manual process only This is due to the database
62. ort Term Coll Current Collector Short Term Collector Cancel Figure 3 4 NetEnforcer Properties dialog 2 Assign a Monitoring Collector to the NetEnforcer from the drop down menu This means that the NetEnforcer will transmit its monitoring data to that Collector only If it does not matter which Collector is used select lt system defined gt 3 If there is currently a collector associated with this NetEnforcer its unique name is displayed Select a new monitoring collector from the drop down menu 4 Click Save To verify that the new collector has been associated with the NetEnforcer select the collector in the Navigator pane and click Properties You should see the NetEnforcer in the Associated NetEnforcer tab NetXplorer Administration Guide 3 7 Chapter 3 Monitoring Collectors NOTE You cannot change the association from this dialog but only from the NetEnforcer properties dialog To view the NetEnforcers associated with a Monitoring Collector 1 Right click the selected collector and choose properties The Associated NetEnforcers tab is not disabled and you can view a list of all NetEnforcers transmitting monitoring information to this Collector Monitoring Collector Properties Update Name Short Term Collector FE General PEZE NetEnforcers NetEnforcer Collector Role EG AC804 56 Configured EJ AC402 43 Backup EY AC402 45 Backup Save Cancel Figure 3 5 Monitoring
63. our0 endHour0 startHourl endHour 1 startHourn endHourn allSubjectsInScope Regular req All Subjects in scope inputFile lt file gt Input request file 5 22 NetXplorer Administration Guide Chapter 5 Appendices help Provides usage and help information longTermRequest Long Term Reporting mostActive Most Active Request relative TimeUnit lt relativeTimeld gt Relative Time default 1 RelativeTimeUnit Seconds 7 RelativeTimeUnit Minutes 6 RelativeTimeUnit Hours 1 RelativeTimeUnit Days 2 RelativeTimeUnit Weeks 3 RelativeTimeUnit Months 4 RelativeTimeUnit Years 5 typicalType lt TypicalTypeld gt Request Typical Type TypicalType Day 1 TypicalType Week 2 subject lt subjectId gt Request Subject default 0 Subject Type Enterprise 0 SubjectType NetEnforcer 1 SubjectType Line 2 SubjectType Pipe 3 SubjectType Virtual Channel 4 SubjectType Host 5 SubjectType Internal Host 6 SubjectType External Host 7 SubjectType Protocol 8 SubjectType Conversation 9 SubjectType Subscriber 10 time lt fromDate Time toDate Time gt Request Date amp Time dd MM yyyy HH mm ss NetXplorer Administration Guide 5 23 Chapter 5 Appendices relativeTimeCount lt relativeTimeCount gt Relative Time count default 0 1 50 allAsOne Regular req All as one sortingCriteria lt statisticId gt subjectCapacity lt capacity gt distributor lt distributorId
64. r aware of this change by changing the IP in the Collector s Properties dialog RT General SNMP Date Time IP Proprties Security IP Address 10 90 90 97 Network Mask 255 0 0 0 Default Gateway 10 0 0 1 Host Name host J Domain Name example com Primary Server No DNS Server Secondary Server No DNS Sever Figure 3 10 IP Properties Tab NetXplorer Administration Guide 3 11 Chapter 3 Monitoring Collectors e Security Check the appropriate boxes to apply general security attributes Select the radio button to limit access to specific hosts NOTE If you select Unrestricted Access Allowed any host can access the system General SNMP Date Time JR Eropariesj e ity General Attributes Enable Telnet 7 Enable Ping Reply Enable Enhanced TCP Security v Enable SSH Console or Telnet Connection Timeout secs Leave Blank for Unlimited Timeout Hosts Allowed to Access NetEnforcer Unrestricted Access Allowed O Limit Access as Indicated NetXplorer Server Included Add gt Allowed Hosts Update gt Figure 3 11 Securities Tab To configure the Collector s Settings Properties 1 In the Navigation pane right click the Collector and select Properties 2 The Monitoring Collectors Properties dialog is displayed 3 12 NetXplorer Administration Guide Chapter 3 Monitoring Collectors Monitoring Collector P
65. request file amp create monitor result file csv format monitorCLI inputFile c monitor_cli monitor42061 req outputFile c monitor_cli monitor42061 csv NetXplorer Administration Guide 5 27 Chapter 5 Appendices Events NetXplorer includes a pre defined list of events that are recorded in the Events Log and can be used to monitor the occurrence of system events in the Network You can view the events for specific devices in the Events Log or you can configure specific events to generate alarms that are displayed in the Alarms Log All event types available in the NetXplorer are listed in the EVENT_DEF_CORE table in the CFG database Currently NetXplorer does not support any automatic action on Alarms Event Send E mail action is available only for TCA alarms e Rising TCA Threshold Crossing Alarm e Falling TCA Threshold Crossing Alarm e Device configuration change in 1R new value is 2V e Line Policy Change e Pipe Policy Change e Virtual Channel Policy Change e Catalog Entry Change e Suspected DoS Attack Started e Suspected DoS Attack Stopped e External Data Source Down e External Data Source Up e Software Problem Software problem in 1V message details 2V e NetEnforcer Access Violation Access violation has occurred on the NetEnforcer 1V e Link Down Link 1V is down admin status is 2V and operational state is 3V e Link Up Link 1V is up admin status is 2V and operational
66. ring Collector operation can take up to a couple of minutes to complete NOTE For more information concerning Monitoring Collectors see the NetXplorer Administration Guide To add a Collector Group Collector Groups are made up of two Collectors providing 1 1 redundancy 1 In the Navigation pane right click Servers in the Network pane of the Navigation tree and select New Collector Group from the popup menu 2 6 NetXplorer Administration Guide Chapter 2 Configuration The Collector Group Properties New dialog is displayed Collector Group Properties New Name Collector Group Associated NetEnforcers Collector 1 None v Collector 2 None v Figure 2 6 Collector Group Properties New Dialog 2 In the Collector Group tab Select the two Collectors already part of the network to be included in the group Collector 2 will act as the backup for Collector 1 3 Those NetEnforcer s associated to the added Collectors will be listed in the Associated NetEnforcers tab 4 Click Save The Collector Group is added to the Navigation tree The Add Collector Group operation can take up to a couple of minutes to complete To add an SMP NOTE This feature is only available with the appropriate license key enabling Subscriber Management Contact Allot Customer Support at support allot com for more information concerning your license 1 In the Navigation pane right click Servers in the Network pane o
67. rofile Update This will change the reduction cfg file for the LTreducer application The installation copies enterprise normal profile file into directory 7 ALLOT_HOME conf enabling the mentioned profile to become active The file name is reduction cfg NetXplorer Administration Guide Chapter 5 Appendices All the reduction profile files are located in 7 ALLOT_HOME conf Reduction directory This utility will copy active reduction profile file in 7ALLOT_HOME conf from 7ALLOT_HOME conf Reduction directory Possible reduction profile types are ent_normal ent_accuracy ent_history isp_normal isp_accuracy isp_history ent enterprise isp internet service provider 1 Open MSDOS command window cmd exe Run from the command line ALLOT_HOME bin reduction profile upd bat lt profile type gt 2 Profile types ent_normal ent_accuracy ent_history isp_normal isp_accuracy isp_history Example 7ALLOT_HOME bin reduction_profile_upd bat isp_accuracy STC LTC Profile Update This will change data aging parameters in the STC or LTC database PARAM table for second minute hour day and month statistic data and delay between aggregation and truncate tables for ISP model 1 Open MSDOS command window cmd exe Run from the command line ALLOT_HOME bin stc_profile_upd bat lt profile type gt OR ALLOT_HOME bin Itc_profile_upd bat lt profile type gt Profile types
68. roperties Update Name Short Term Collector gt see General EST NetEnforcers NetEnforcer Collector Role EG AC804 56 Configured EG AC402 43 Backup EG AC402 45 Backup Save Cancel Figure 3 12 Monitoring Collector Properties Update Dialog The dialog shows two tabs General Set the name IP and backup setting of the Collector e Associated NetEnforcers View the NetEnforcers currently associated with this collector NOTE The Collector Role shows the collectors as configured It will show a collector as backup only if the configured collector is unavailable and the backup collector is operating instead Command Line Interface To connect to the collector using an SSH connection 1 Login as user admin with the password allot 2 Enter go config with no additional parameters to view all the available configuration commands 3 Enter go config plus parameter to view the available commands for that parameter NetXplorer Administration Guide 3 13 Chapter 3 Monitoring Collectors For example enter go config ips to view the available CLI options for ips Troubleshooting the Collector To check that all of the collector s processes are running enter the command keeperMer l The processes that should be running include e dbserv9 e AllSnmpAgent The following processes must be running to insure proper data collection Converter exe Loader exe e Poller exe Another useful trouble
69. rrvnrnenrnrnrnnnnne 3 6 Figure 3 4 NetEnforcer Properties dialog orneronrronrrnvvnnvvnnnnnnnrnenenenrareraserasensssvensvsnsnvesnvesnvensnene 3 7 Figure 3 5 Monitoring Collector Properties Update nrnnnnnnvnnnnvnnnvnnnrnenerenrnenrnsnvnsnvnsnvrsnvennnene 3 8 Figure 3 6 Collector Group Properties New Dialog cece eeseessecseceseceseceseceeeeseeeaeeeaeeenaes 3 9 Figure 3 7 Collector Configuration Window General Tab esnnnnnnrnonvnonvnonvnnnvvnnnnnnrnenenrvreren 3 10 Figur 3 8 SNMP Tab e cst ian eaiiece itt carinii lesan nese abt lan 3 10 Fisure 3 9 Date Time Tabeio oi era erea er eE AEE er bri SEa REE EDD cass anateessuepemisaeitarenee 3 11 Figure 3 10 IP Properties Tabirini seisseen seia osar a ee En Nae EEES EE als 3 11 Figur 3 11 Securities Pabiv cs sscsscssevsa sega cielo A A Lo ets A A A 3 12 Figure 3 12 Monitoring Collector Properties Update Dialog arronrronvnonvnrnvnrnvrnnvvnvnvneneneneee 3 13 vi NetXplorer Administration Guide Chapter 1 Getting Started Overview NetXplorer is a highly scalable Network Business Intelligence system that enables strategic decision making based on comprehensive network application and subscriber traffic analysis NetXplorer configures NetEnforcer devices and a central catalog which enables global policy provisioning Many network topologies can benefit from more than one NetEnforcer In addition NetXplorer provides a centralized management system for al
70. s of the connection match all of the Conditions of the Line The connection is then further matched to the Conditions of a Pipe under the Line The actions defined for the Line influence all the Pipes under the Line The actions defined for a Pipe are enforced together with the actions of the Line NetXplorer Administration Guide 1 3 Chapter 1 Getting Started Pipes A Pipe provides a way of classifying traffic that enables you to divide the total bandwidth and then manage every Pipe as if it was an independent link Pipes cannot stand alone and are always contained within a Line A Pipe consists of one or more sets of conditions and a set of actions that apply when all of the conditions are met A Pipe can aggregate several Virtual Channels acting like a container of Virtual Channels from a QoS point of view When you add a new Pipe it always includes at least one Virtual Channel the Fallback Virtual Channel The Fallback Virtual Channel filter cannot be modified or deleted A connection coming into a line is matched to a Pipe according to whether the characteristics of the connection match all of the Conditions of the Pipe The connection is then further matched to the Conditions of a Virtual Channel under the Pipe The actions defined for the Pipe influence all the Virtual Channels under the Pipe The actions defined for a Virtual Channel are enforced together with the actions of the Pipe Virtual Channels A Virtual Channel provides
71. shooting tool is the log files which are located in the directory opt allot log To take a snapshot of a Collector run the following script on the Collector host opt allot bin create_snapshot_logs sh Snapshots can be found in the tmp folder located at host opt allot tmp 3 14 NetXplorer Administration Guide Chapter 4 Database Management The NetXplorer is a centralized management system which enables the ongoing collection and consolidation of data from multiple NetEnforcer devices that enable users to produce consolidated reports The key to a centralized system is the ability to consolidate information from all the managed groups that are being monitored Because NetXplorer allows for the ongoing collection and consolidation of data from multiple NetEnforcer devices users are able to produce consolidated reports based the information collected In order to manage the collected data there are three databases e CFG Tables Configuration parameters e STC Database Short term database e LTC Tables Long term database Backing Up and Restoring the Database Backup Terms e Full Backup A backup process that copies all of the data to a location from which we can create an entire database e Incremental Backup A process that preserves only the changes made since the latest backup either full or incremental the latest of them e Database Restore A process to create a database using the backup copy T
72. ss 1 1 BL eh A CA EE SE EEE EA 1 1 Terms and Concepts sisccvrisvecsdecesssscaiseccscensscentassocsscstectesnasssdesscuseceonesesssecenbessscasestnssesvedsseacseessonee 1 1 NetXplorer A rchit Cture scsccsassssscsscissccsoscssvesessssesesveassnsesusssssecseceascssvevessoasdenscsbecdessacdvosesbbnsevees 1 5 Administration Role viccisccsiscisedisncssceiscesstessnvesacedstoeed sencesdacseasdeosenesesecssoeesboessessestbecssescvecsseeceeoes 1 7 CHAPTER 2 CONFIGURATION 4 scccecsicosscasasssvecsicxpociscxoncecnncseeutapsnesesnsevecueapeaceosneenre 2 1 Overview cvseccsecisecsescctecotscticesescssoasvedascenosessoenascossopascoossnnsde seen esesteevesdesevbas EE A 2 1 Working with Devices 3 dscisssvsscassiesiscosvsssnceseossdvonsesecsenss6s casnsvsecescbesbeosnsessssededcensesssesaccbosbonneesaees 2 3 Configuring the Net work snicisscccssecsssescsssccsssenccsontdscsessteustsvnsseseossscenes soncesnncsecensseacessacssecesseecerss 2 13 Network Configuration Parameters ronvnonvnnnvvnnvvnnnrnnnrnnnrnrvrarerssevenenensnvnsnvnsnvennnensnenenensvreee 2 14 Configuring NetXplorer Users ticcccicossiecssssonsccsdecssonssotessostecsstecsesecvesoonsevadsesecessuers sonnteseseodeatdssee 2 25 CHAPTER 3 MONITORING COLLECTORS eesesseessvvesssvsesnsvsesssvnesnsssesnsssennssssnnnee 3 1 COVE VICW AEA EE EE E EE E AS AE E ETEA 3 1 NetXplorer Support su see ads et Riera E e EER EE oe tends 3 4 Installing Monitoring Collectors eee eee eeseceseceseceseceseceseeeseeese
73. state is 3V 5 28 NetXplorer Administration Guide Chapter 5 Appendices e Cold Start e Warm Start e Authentication Failure Authentication failure Login attempt to the NetEnforcer failed e NetEnforcer IP Address Change A NetEnforcer IP address property change has occurred for IP 2V e Connection routing has changed e Device Status Down e Device Status Up e Collector Down e Collector Up e Device Unreachable e Device Reachable e User Forced Clear Alarm e Device Hardware Change New serial number detected for 1V e User Force Cleared All Alarms e User Logged In User 1V has logged in to the system e User Logged Out User 1V has logged out of the system e High Catalog Counter Detected High Catalog counter detected on lt NE gt Invalid synchronization state e Catalog Rejected by NetEnforcer e Automatic Alarm Purge Automatic Alarm purge performed by the system Removed on device 1V e Policy and Catalogs Export e NetEnforcer Configuration Import e Server Management Ownership Taken from Device Server management ownership on device 2V was taken from the following NetXplorer Server 1V NetXplorer Administration Guide 5 29 Chapter 5 Appendices Server Management Ownership of Device Taken Server management ownership of Device 2V was taken by another NetXplorer Server 1V Missing Events Were not Found on Device Trap Table During Synchronization Collector Reported Device
74. t name new alert alert type 1 relation 1 is alarm 0 mode 0 normal 70 register 90 threshold 80 unregister 50 sevirity 2 oid 1 3 6 1 4 1 2603 5 5 5 0 add service service type PRIMARY name service1 type 1 application Citrix ICA add port TCP PORT BASED 1000 1000 UDP DEFAULT 1100 1111 add service service type CONTENT name lilach by CLI description added by CLI parent 100BAO add item Direction Upload NetXplorer Administration Guide 5 21 Chapter 5 Appendices Monitoring CLI To enable the monitoring CLI 1 Unzip the file VERSION NUMBER gt RnD monitorCLI zip on the NetXplorer Software CD to a folder on the computer from which you wish to access the statistics 2 In the newly created folder open monitor CLI bat with a text editor and change the value of the parameter SERVER_URL to the IP address or domain name of the NetXplorer server 3 Open a DOS window run MonitoringCLI bat and enter a command requesting monitoring CLI command The command is sent to the NetXplorer server Any monitoring data returned by the NetXplorer server is stored in a csv file The Monitoring CLI Syntax is monitorCLI lt option gt lt value gt lt option gt lt value gt lt value gt dayDefinitionArray lt DayDefinitionList gt Day Definition List in UTC used by Typical 50 Day 1 sun 2 mon 7 sat 0 all startHour0 endHour0 startHour1 endHourl startHourn endHourn Day startH
75. tion Guide Chapter 5 Appendices Argument Name Option Remarks admin Desirable source status 0 unknown 1 enabled 2 disabled 3 deleted description Catalog description Dos Argument Name Option Remarks max connections Connections limitation max CER Connection establishment rate limitation violation action Violation action 2 drop 3 reject Vian Argument Name Option Remarks vlan_type Vlan type 0 Do not ignore 1 Ignore Vlan id 2 Ignore priority bits 3 Ignore Vlan id and priority bits vlan tag Vlan value Tos Argument Name Option Remarks tos_type 0 Ignore Tos bytes 1 Differentiated services 2 Free format tos_byte Tos value Alert NetXplorer Administration Guide 5 15 Chapter 5 Appendices Argument Name Option Remarks alert_type Event Name From EVENT_DEF_CORE table oid OID of the corresponding From ALERT_COUNTER MIB counter table is_alarm Alert is an alarm 0 not an alarm 1 is an alarm mode Alert mode 0 regular 1 applies to every template instance severity 0 unknown 1 cleared 2 indeterminate 3 critical 4 major 5 minor 6 warning relation 0 equal 1 greater 2 less 3 not equal threshold Bad value normal Normal value register time in the sample to start the event start barrier unregister time in the sample to stop the event stop_barrier Qos
76. tor Properties New dialog is displayed Monitoring Collector Properties New Name General IP Address IP Address Backup if Monitoring Collector Fails No Backup O On Failure Transferto Shorter Collector Save Cancel Figure 3 3 Monitoring Collectors Properties dialog General tab On the General tab enter the IP address of the Monitoring Collector Enter a name for the Monitoring Collector In the Backup if Monitoring Collector Fails area select one of the two radio buttons No Backup or On Failure Transfer To If you select On Failure Transfer To select the backup Monitoring Collector from the drop down menu Click Save The Monitoring Collector is added to the Navigation tree The New Collector operation can take up to a couple of minutes to complete NetXplorer Administration Guide Chapter 3 Monitoring Collectors NOTE There are no NetEnforcers associated with this collector yet therefore the Associated NetEnforcers tab is disabled 8 Repeat this process to add additional Collectors to the network To assign NetEnforcers to the new Monitoring Collector 1 In the Navigation pane right click a NetEnforcer in the Navigation tree and select Properties from the popup menu The NetEnforcer Properties Update dialog is displayed NetEnforcer Properties Update X Name AC2500y Password a IP Address 10 50 7 410 Monitoring Collector Sh
77. urposes NOTE These parameters are enabled only if the selected security level includes encryption Privacy The Application Server where SNMP traps are to be sent The current server can be selected or IP address of another server can be entered The SNMP timeout may be entered in milliseconds WARNING Upon saving any changes made in the SNMP panel all NetEnforcer SNMP agents MUST have the same user name passphrase for authentication if relevant and passphrase for encryption if relevant as indicated in the panel If not SNMP communications failure will result For information on how to set the SNMP on the NetEnforcer contact Allot Customer Support at support allot com 2 18 NetXplorer Administration Guide Chapter 2 Configuration To configure a NetEnforcer s SNMP via the CLI Log onto the NetEnforcer via Telnet and enter the following CLI command go config snmp lt OPTION gt lt VALUE gt Options snmpLogin lt SecurityName SecurityLevel AuthProtocol PrivProtocol gt set security info e Security level values are noAuthNoPriv authNoPriv authPriv e Auth protocol values are uumHMACMDS usmHMACSHA e Priv protocol values are usmDES usmIDEA usmAES128 usmAES192 usmAES256 users lt Prefix gt lt USER gt lt Prefix gt lt USER gt add delete agent users USER format lt SecurityName SecurityModel Group AuthProtocol PrivProtocol gt e Prefixes e to add user all parameters be sp
78. ve_entry Entries to remove TYPE values are Name ip_address subnet range Mac_address all_address Host Group Argument Name Option Remarks add_host Host list that will be added to the host group remove_host Host list that will be removed from the host group Syntax hostname 5 18 NetXplorer Administration Guide Service Chapter 5 Appendices Argument Name Option Remarks service_type Service type 0 secondary service content definition 1 primary service ports remove_port characteristics application An existing application Null for all name add_port Protocol port_type from port to port Protocols TCP UDP IP NON_IP Port types SIGNATURE DEFAULT PORT BASED add content item parent Parent service For service content only remove content item For service content use Syntax content key content value Service Group Argument Name Option Remarks add service service list that will be added to the service group Remove service service list that will be removed from the service group Syntax service name Time Argument Name add_item Option Time items that will be added time catalog Remarks Syntax service TYPE DAY TIME NetXplorer Administration Guide 5 19
79. ypically the restore process consists of copying the latest full backup to the restore directory and then applying the incremental backups that were performed after that last full backup NetXplorer Administration Guide 4 1 Chapter 4 Database Management Backup generation Backups are kept cyclically as generations Each generation is a full set of backup files capable of restoring the database to the point in time in which its last iteration was created Each generation typically consists of one full backup and several incremental backups e Incremental Backup serial number Within a certain generation incremental backups are performed one after another each one being part of a certain serial number Redundancy The following scenario is one suggestion for using backups to achieve NetXplorer redundancy I Install two NetXplorer servers one used exclusively as backup 2 Schedule regular backups for the CFG and STC databases 3 Perform a manual backup of the LTC database once per day week months depending on the requirements 4 In the event that the main NetXplorer server fails assign the same IP to the backup NetXplorer server 5 Restore the CFG STC and LTC database backups to the new NetXplorer Backup Types There are two kinds NetXplorer server e Cold backup Performed with the NetXplorer server offline Hot backup Performed without interrupting NetXplorer operation 4 2 NetXplor
Download Pdf Manuals
Related Search