User ManualTable of ContentsContents3About this Guide7Objectives7Audience7Conventions7Information Symbols8Related Documents8Additional Resources8Installation9System Specifications10Physical Connections10Booting12Configuration12Security Check12Upgrading Software12Getting Started15Returning to the Default Configuration15Introduction17Hardware Architecture Overview17Types of Rules18Sample Rules and Firmware18Rule Management19Deploying the P-Series19Inline Deployment20Fail-safe Deployment20Highly-available Deployment21Passive Deployment21Capturing Matched Traffic22Capturing to a Host CPU23Mirroring to Another Device24Graphical User Interface25GUI Commands26Managing Rules, Policies, and Firmware27Editing Dynamic Rules with the GUI28Managing Capture/Forward Policies with the GUI29Selecting Firmware with the GUI30Runtime Statistics31Reloading Firmware33Web-based Management35Launching the P-Series Node Manager35Web-browser Security Certificates37Managing the P-Series using Node Manager37Monitoring System Performance38Managing Firmware Images39Managing the Network Interface Card39Managing Policies41Network Security Monitoring43Installing the Sguil System44Installing the Sguil Sensor44Installing the Sguil Server44Installing the Sguil Client45Installation Files46Running the Sguil System47Running the Sguil Sensor47Running the Sguil Server48Running the Sguil Client49Command Line Interface51CLI Commands51Editing Dynamic Rules with the CLI51MAC Rewriting51Removing VLAN Tags53Compiling Rules55Creating Rules Files55Rules Capacity55Compiling Rules55Starting and Stopping the pnic-Compiler60Configuration and Generated Files61Firmware Filenames62Compiler Errors62Writing Rules63Snort Rule Syntax63Snort Rule Headers63Snort Rule Options66P-Series Rule Syntax66P-Series Supported Snort Keywords66Writing Stateful Rules68Stateful Matching68Stateful Rule Examples70The meta.rules File71Support for Snort's flow Keyword71Handling Segmentation Evasion71Support for Snort's within Keyword72Anomalous TCP Flags73Firewall75Deploying the P-Series as a Firewall75Enabling the Firewall76Allowing Traffic through the Firewall77Writing Rules for a Firewall Deployment77Command Line Reference79Snort Keywords119Meta and Evasion Rules123Basic Unix Commands125Unix Commands125vi Commands126Glossary127Technical Support129Manual Pages129The iSupport Website129Accessing iSupport Services129Contacting the Technical Assistance Center130Locating P-Series Serial Numbers130Requesting a Hardware Replacement131Size: 2.68 MBPages: 132Language: EnglishOpen manual