|
|
These release notes discuss installation and configuration information for NetRanger version 2.1.1. This information supersedes the information in the NetRanger User's Guide (Version 2.1.1).
 | Caution This 2.1.1 release of NetRanger uses an appliance-based Sensor, which requires a different installation process than a software-based Sensor. Failure to read and follow the instructions in this Release Note will cause problems with Sensor installation and configuration. |
These release notes summarize the following topics:
This section either supersedes or supplements the configuration and installation information in Chapter 3 of the 2.1.1 NetRanger User's Guide, and consists of the following sections:
To configure a Sensor, follow these steps:
Step 1 Position the Sensor workstation on a subnet. (For more information on Sensor placement on a network, please refer to Chapter 2 of the 2.1.1 NetRanger User's Guide.)
Step 2 Attach the necessary power cables to the Sensor.
Step 3 Connect the keyboard and monitor to the Sensor.
Step 4 Attach the necessary communication cables according to your network configuration, as illustrated in Figure 1.
Step 5 Power on the Sensor.
To change the Sensor's passwords, follow these steps:
Step 1 Log on as user root.
The default root password is attack.
Step 2 The Sensor should prompt you to enter and reenter a new password for user root.
If the Sensor does not prompt you to change the root password, type passwd root and change the password.
Step 3 Log out and log back on as user netrangr.
The default netrangr password is attack.
Step 4 The Sensor should prompt you to enter and reenter a new password for user netrangr.
If the Sensor does not prompt you to change the netrangr password, type passwd netrangr and change the password.
Step 5 If necessary, write down the new passwords and store them in a secure location.
 | Warning Failure to change the passwords for users root and netrangr may lead to compromise of the Sensor. |
To configure the UNIX configuration files, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
sysconfig-sensor
The following menu appears:
NetRanger Sensor Host Configuration Version 2.0.1 1 - Configure Sensor IP Address 2 - Configure Sensor IP Netmask 3 - Configure Default Route 4 - Configure Sensor Hostname 5 - Configure COM1 Port 6 - Configure Modem 7 - Configure Network Access Control 8 - Exit Selection:
Step 3 To configure the Sensor, select each number and enter the appropriate information. Use Table 1 to help you set the Sensor's parameters.
| Parameter | Menu Option | Definition | Example |
|---|---|---|---|
IP Address | 1 | Use this option to set the Sensor's IP address. | 10.1.9.201 |
IP Netmask | 2 | Use this option to set the Sensor's netmask. | 255.255.255.0 |
Default Route | 3 | Use this option to enter the IP address of the primary router on the LAN with the Sensor. (This is the default router to which the Sensor's command and control interface is attached, not the router being managed by the Sensor.) | 10.1.1.101 |
IP Hostname | 4 | Use this option to set the Sensor's hostname. | sensor-one |
COM1 Port | 5 | Use this option to set the COM1 port to "serial." This allows tty access to the Sensor through the serial port. Selecting "device" allows the user to connect a serial cable to the serial port and "tip" into a network device. | serial |
Modem | 6 | It is unnecessary to configure the modem. No modem is included in the 2.1.1 appliance. |
|
Network Access Control | 7 | Use this option to add or remove IP addresses of hosts and networks that can access the Sensor via telnet, ftp, and tftp. The Director must be able to access the Sensor, so make sure that its address is in the list. | 10.5.3.2 10.6.1. |
Step 4 If sysconfig-sensor has not rebooted the Sensor, type:
sync;sync;reboot
Step 5 Log on as user root.
Step 6 To ensure a network connection to the Director, type:
ping director_ip_address
Where director_ip_address is the IP address of the Director.
To configure the Sensor's configuration files with nrconfig, follow these steps:
Step 1 Log on as user netrangr.
Step 2 Type /usr/nr/bin/nrconfig at the command prompt.
Refer to the "Working with the nrconfig Utility" section of these Release Notes for information on using nrconfig.
Step 3 After running nrconfig, stop any NetRanger daemons that might be running by typing:
nrstop
Step 4 Restart the NetRanger daemons by typing:
nrstart
Step 5 To ensure communication between the Sensor and Director, type:
nrconns
To install and configure the Director, follow these steps:
1. Prepare the Director for Installation
2. Install the Director Software
3. Change the NetRanger Password on the Director
4. Configure the Director with nrconfig
Refer to the "Installing a New Director" section of Chapter 3, "Configuration and Installation", of the 2.1.1 NetRanger User's Guide.
To install the Director software, follow these steps:
Step 1 Log on as user root.
Step 2 Insert the CD in the drive.
Step 3 Mount the CD-ROM drive with one of the following commands:
mount -r -v cdrfs /dev/cd0 /mnt
mount /dev/dsk/c0t2d0 /mnt
mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
/dev/co0, /dev/dsk/c0t2d0, and /dev/dsk/c0t6d0s0 are CD-ROM devices and may be different for your machine. /mnt is a directory used as the CD-ROM mount point. It if does not exist, create it. Another directory can also be used as the mount point.
/mnt in the next step to /cdrom/cdrom0.
Step 4 Change directories to the mount point. For example:
cd /mnt
Or, if the CD-ROM is automatically mounted:
cd /cdrom/cdrom0
Step 5 Type:
./install
To change user netrangr's password on the Director, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
passwd netrangr
Step 3 Enter and reenter a new password for user netrangr.
Step 4 If necessary, write down the new passwords and store them in a secure location.
| Warning Failure to change the password for user netrangr may lead to compromise of the Director. |
To configure the Director's configuration files with nrconfig, follow these steps:
Step 1 Log on as user netrangr.
Step 2 Type /usr/nr/bin/nrconfig at the command prompt.
Refer to the "Working with the nrconfig Utility" section of these Release Notes for information on using nrconfig.
Step 3 After running nrconfig, stop any NetRanger daemons that might be running by typing:
nrstop
Step 4 Restart the NetRanger daemons by typing:
nrstart
Step 5 To ensure communication between the Sensor and Director, type:
nrconns
The Sensor contains a more recent update of the signatures file than the Director. You will need to copy this file from the Sensor to the Director in order to alarm on activity triggered by the new signatures.
To copy the Sensor's signatures file to the Director, follow these steps:
Step 1 Log on to the Director as user netrangr.
Step 2 FTP to the Sensor by typing:
ftp sensor_ip_address
Where sensor_ip_address is the Sensor's IP address.
Step 3 Log on to the Sensor as user netrangr.
Step 4 Type pwd to confirm your current directory. You should be in the /usr/nr directory on the Sensor.
Step 5 Change directories to the Sensor's /usr/nr/etc directory by typing:
cd etc
Step 6 Type dir to get a directory listing of /usr/nr/etc. The directory listing should look like Example 1.
-rwx------ 1 netrangr netrangr 654 Oct 1 14:44 auths drwxr-xr-x 2 netrangr netrangr 512 Aug 31 14:04 backups -rw-r----- 1 netrangr netrangr 353 Aug 31 14:07 configd.conf -rwx------ 1 netrangr netrangr 972 Aug 31 14:26 daemons -rwx------ 1 netrangr netrangr 1001 Sep 30 09:22 destinations -rw-r----- 1 netrangr netrangr 445 Aug 31 14:07 eventd.conf -rwx------ 1 netrangr netrangr 99 Oct 1 14:44 hosts drwxr-x--- 2 netrangr netrangr 512 Aug 31 14:04 licenses -rw-r----- 1 netrangr netrangr 508 Aug 31 14:07 loggerd.conf -rwx------ 1 netrangr netrangr 913 Aug 31 14:26 managed.conf drwxr-x--- 3 netrangr netrangr 512 Aug 31 14:00 nsc drwxr-x--- 3 netrangr netrangr 512 Aug 31 14:00 oem -rwx------ 1 netrangr netrangr 470 Aug 31 14:26 organizations -rwx------ 1 netrangr netrangr 26671 Aug 31 14:26 packetd.conf -rwx------ 1 netrangr netrangr 516 Aug 31 14:26 postofficed.conf -rwx------ 1 netrangr netrangr 766 Oct 1 14:44 routes -rw-r----- 1 netrangr netrangr 1761 Aug 31 14:07 sapd.conf -rwx------ 1 netrangr netrangr 1011 Aug 31 14:26 services -rwx------ 1 netrangr netrangr 4165 Aug 31 14:26 signatures drwxr-x--- 3 netrangr netrangr 512 Aug 31 14:00 wgc
Step 7 Set the Director's local directory (the directory you want files transferred to) by typing:
lcd /usr/nr/etc
Step 8 Transfer the signatures file from the Sensor to the Director by typing:
get signatures
Step 9 Terminate the FTP session by typing:
bye
Step 10 Confirm that the signatures file resides on the Director by typing:
ls /usr/nr/etc/sig*
Step 11 Copy the signatures file to the /usr/nr/etc/templates directory by typing:
cp /usr/nr/etc/signatures /usr/nr/etc/templates
After transferring the Sensor's signatures file to the Director, you will need to copy the HTML files associated with the Network Security Database (NSDB) from the Sensor to the Director. After this transfer, the Director will have a complete updated set of NSDB HTML files.
To copy the Sensor's HTML files to the Director, follow these steps:
Step 1 Log on to the Director as user netrangr.
Step 2 FTP to the Sensor by typing:
ftp sensor_ip_address
Where sensor_ip_address is the Sensor's IP address.
Step 3 Log on to the Sensor as user netrangr.
Step 4 Type pwd to confirm your current directory. You should be in the /usr/nr directory on the Sensor.
Step 5 Change directories to the Sensor's /usr/wgc/nsdb/html directory by typing:
cd /usr/wgc/nsdb/html
Step 6 Type dir to get a directory listing of /usr/wgc/nsdb/html. The directory should contain files with the following naming conventions:
expsig_*.html note_*.html sig_note_*.html vul_*.html *.gif
Step 7 Set the Director's local directory (the directory you want files transferred to) by typing:
lcd /usr/wgc/nsdb/html
Step 8 To transfer the GIF files, set the mode to binary by typing:
bin
Step 9 Transfer the GIF files from the Sensor to the Director by typing:
mget *.gif
Step 10 To transfer the HTML files, set the mode to ASCII by typing:
ascii
Step 11 Transfer the HTML files from the Sensor to the Director by typing:
mget *.html
Step 12 Terminate the FTP session by typing:
bye
Step 13 Confirm that the HTML and GIF files reside on the Director by typing:
ls /usr/wgc/nsdb/html
If you have a previous version of NetRanger, and are upgrading to NetRanger 2.1.1, follow these steps:
To upgrade a Sensor or Director to 2.1.1, follow these steps:
Step 1 Log on as user root.
Step 2 Insert the CD in the drive.
Step 3 Mount the CD-ROM drive with one of the following commands:
mount -r -v cdrfs /dev/cd0 /mnt
mount /dev/dsk/c0t2d0 /mnt
mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
/dev/co0, /dev/dsk/c0t2d0, and /dev/dsk/c0t6d0s0 are CD-ROM devices and may be different for your machine. /mnt is a directory used as the CD-ROM mount point. It if does not exist, create it. Another directory can also be used as the mount point.
/mnt in the next step to /cdrom/cdrom0.
Step 4 Change directories to the mount point. For example:
cd /mnt
Or, if the CD-ROM is automatically mounted:
cd /cdrom/cdrom0
Step 5 Type:
./install
After upgrading the Sensor or Director to 2.1.1, you must upgrade the configuration files and signatures. You can do this in any of the following ways, in order of preference:
1. You can download the latest NetRanger Sensor patch from CCO to upgrade signatures and configuration files. See the note below for downloading instructions.
2. You can run nrconfig, which deletes the old configuration files and replaces them with new ones. Refer to the "Working with the nrconfig Utility" section of these Release Notes.
3. You can make the changes to the existing configuration files manually.
First, copy the /usr/nr/etc/wgc/templates/signatures file into /usr/nr/etc. This will upgrade the list of signatures by overwriting the old /usr/nr/etc/signatures file.
Second, compare the contents of the /usr/nr/etc/wgc/templates/packetd.conf file with the /usr/nr/etc/packetd.conf file. Any line found only in the /usr/nr/etc/wgc/templates/packetd.conf file must be added to the /usr/nr/etc/packetd.conf file.
The Network Security Database (NSDB) is Cisco's HTML-based compendium of network vulnerability information. NSDB entries provide background information on vulnerabilities and link to other resources where you can gather additional information.
Before you can view the NSDB from the Director interface, you must set your HTML browser preference.
To set you HTML browser preference, follow these steps:
Step 1 Log on as user netrangr.
Step 2 Type:
vi /usr/nr/etc/nrConfigure.conf
Step 3 Edit the following line:
Browser=browser_location
Where browser_location is the path to your HTML browser.
Step 4 Save the file and exit the editing session by typing:
:wq
To access the NSDB from the Director interface, click an Alarm symbol and choose Show>NSDB from the Security menu.
It is not necessary to click an Alarm to view the NSDB; not clicking an alarm before accessing the NSDB opens the main index page.
To access the NSDB directly from your HTML browser, type the following URL into the browser's Location field:
/usr/wgc/nsdb/html/all_sigs_index.html
The Director and Sensor are configured with a utility called nrconfig. nrconfig consists of a number of menus that allow you to enter data that enable NetRanger Sensors, Directors, and associated network devices to start communicating and securing a network.
In addition to running this utility at installation, you can run this utility at any time to change an existing configuration. This section includes worksheets to help you gather the information (such as IP addresses, passwords, and names of network components) you need before you run nrconfig.
Before you run nrconfig, you must have installed one or more of the following NetRanger components:
Sensors are shipped as an appliance (with packages installed) so you only need to install the packages on Director systems or on Sensors that you are upgrading.
You must also gather the following information about your network:
nrstart and nrstop) in order for configuration changes to take effect.
To run nrconfig, log on as user netrangr and type:
nrconfig
nrconfig initially displays the following prompt:
Are you ready to continue with configuration of your NetRanger? (y/n)>
If you have gathered the required information and are ready to configure the NetRanger software, type y and press Enter to continue.
This opens the Feature Selection Menu, shown below in Example 2, which prompts you to select the features you want this installation to support.
The following daemons will be run to support the ENABLED features
eventd loggerd postofficed smid
FEATURE SELECTION MENU Choose what features you want ENABLED on this host. (Choosing an `ENABLED' feature will disable it.)
1 - Sensor 2 - Director 3 - Logging 4 - Database Reporting 5 - File Management 6 - Event Paging 7 - Postoffice Routing 8 - Configuration Control
Enter - Continue
Feature # >
For a standard Sensor installation, select features 1 and 5; for a standard Director installation, select features 2, 5, 6, and 8. If you have installed the optional database/file management software and will be configuring NetRanger to load information into a database, then select 4.
To continue with NetRanger Configuration, press Enter at the menu prompt. This opens the Main Menu (Example 3).
Choose what Section you want to configure.
1 - Select Features 2 - Host Address Configuration 3 - N/A (Sensor Configuration) 4 - N/A (Database Configuration) 5 - Source Configuration 6 - Destination Configuration 7 - Postoffice Router Configuration 8 - N/A (Sleeve Configuration) 9 - Clear Temporary Configuration Files 10- Generate Temporary Configuration Files 11- Edit/Review Temporary Configuration Files 12- Review Temporary Configuration Files 13- Commit Temporary Configuration Files 14- License Request Information 15- Generate License Certificate Request(s) 16- License Certificate Manual Entry
Enter- Exit
Section # >
nrconfig's Main Menu provides access to a hierarchy of submenus. Example 4 maps out this menu hierarchy. Each nested item in the list indicates a submenu to the parent menu above it. For example, the Sensor Class Selection Menu has three submenus:
Each of these in turn have submenus of their own, and so on. Use the map below to help you navigate the series of submenus for configuration.
1 - Select Features 2 - Host Address Information (Required for all Installations) 3 - Sensor Configuration (Required for Sensor)Stand-Alone Sensor Configuration Menu
Internal Networks Entry Menu
Cisco Type MenuCisco Sensor Configuration Menu Internal Networks Entry Menu
BorderGuard Type MenuLAN Interfaces Entry Menu WAN Interfaces Entry Menu BorderGuard Configuration Menu (Router) OR BorderGuard Configuration Menu (Bridge) Static Routes Entry Menu Security Policy Configuration Menu Internal Networks Entry Menu
4 - Database Configuration (Required for Database) 5 - Source Configuration (Required for Director) 6 - Destination Configuration (Required for Sensor/Optional for the Director) 7 - Postoffice Router Configuration (Required for Postoffice Routing) 8 - Sleeve Configuration (Optional for Sensor) 9 - Clear Temporary Configuration Files 10 - Generate Temporary Configuration Files 11 - Edit/Review Temporary Configuration Files 12 - Review Temporary Configuration Files 13 - Commit Temporary Configuration Files 14 - License Request Information 15 - Generate License Certificate Request(s) 16 - License Certificate Manual Entry Enter - EXIT
Typing 1 at the Main Menu returns you to the Feature Selection Menu.
Typing 2 at the Main Menu opens the Local Host Address Menu. Use this menu to enter the Organization names and IDs, and Host names and IDs for the NetRanger you are configuring.
| Field Name | Description | Your Entry |
|---|---|---|
Organization Name | This is the symbolic name for the Organization ID. The organization name must be identical on all NetRanger systems (Sensors and Directors) within an organization. |
|
Organization ID | This is the organization ID for the NetRanger you are configuring. You must enter a value between 1-65535 in this field. This ID must be identical on all NetRanger systems (Sensors and Directors) within an organization. To obtain a globally unique organization ID, contact the Technical Assistance Center (800-553-2447). |
|
Host Name | A symbolic name for the NetRanger component you are configuring. |
|
Host ID | A unique ID for the NetRanger you are configuring. You must enter a value between 1-65535 in this field. |
|
Typing 3 at the Main Menu opens the Sensor Class Selection Menu. Use this menu to choose the type of network device that will interact with the Sensor.
| Field Name | Description | Your Entry |
|---|---|---|
1 - Stand-Alone | Choose this option (1) if you will not be connecting a network device to the Sensor. |
|
2 - Cisco | Choose this option (2) if you have a Cisco 1600, 2500, 3600, 4500, 7200, or 7500 series router. |
|
3 - StorageTek | Choose this option (3) if you have a Nortel Passport or StorageTek device (DXE, BorderGuard 1000, or BorderGuard 2000). |
|
Typing 1 at the Sensor Class Selection Menu opens the Stand-Alone Sensor Configuration Menu. Use this menu to enter configuration information for a stand-alone Sensor.
| Field Name | Description | Your Entry |
|---|---|---|
Minutes to log on an event | This is the number of minutes to log IP traffic after a serious event occurs. The recommended value is 15 minutes. |
|
Minutes to shun on an event | This is the length of time in minutes that traffic should be blocked when a serious event occurs. The recommended value is 1440, which equals one day. Set this value to "0" for a stand-alone Sensor. |
|
Sensor IP Address | This is the IP address used by the Sensor for command and control. |
|
After you have entered the information in the Stand-Alone Sensor Configuration Menu, use the Internal Networks Entry Menu to establish the IP addresses and Netmasks for the Internal Protected Networks.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Internal Network's IP Address | This is the IP address for the subnet(s) within the network being monitored by NetRanger. |
|
Internal Network's Netmask | This is the netmask(s) for the subnet(s). |
|
Typing 2 at the Sensor Class Selection Menu opens the Cisco Type Menu. Use this menu to enter Cisco router configuration data in the fields.
| Field Name | Description | Your Entry |
|---|---|---|
Cisco's Network Host Name | This is the network host name for the Cisco router used in /etc/hosts on the Sensor or in DNS. |
|
Cisco's PASSWORD | This is the password used to log into the Cisco. | DO NOT WRITE YOUR PASSWORD HERE! |
Cisco's Enable PASSWORD | This is the password required by the Cisco enable mode. | DO NOT WRITE YOUR PASSWORD HERE! |
After you have entered the information in the Cisco Type Menu, use the Cisco Sensor Configuration Menu to enter configuration information for the Cisco.
| Field Name | Description | Your Entry |
|---|---|---|
Minutes to log on an event | This is the number of minutes to log IP traffic after a serious event occurs. The recommended value is 15 minutes. |
|
Minutes to shun on an event | This is the length of time in minutes that traffic should be blocked when a serious event occurs. The recommended value is 1440, which equals one day. |
|
Sensor IP Address | This is the IP address used by the Sensor for command and control. |
|
Cisco's NAT IP Address | This is the network-translated IP address used by the Cisco router connected to the Sensor. (Use only if NAT is being used on your network.) |
|
Cisco's IP Address connected to Sensor | This is the IP address of the Cisco router connected to the Sensor. |
|
Cisco's External IP Address | The Sensor uses the External IP address as a reference to the untrusted networks. |
|
After you have entered the information in the Cisco Sensor Configuration Menu, use the Internal Networks Entry Menu to establish the IP addresses and Netmasks for the Internal Protected Networks.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Internal Network's IP Address | This is the IP address for the subnet(s) within the network being monitored by NetRanger. |
|
Internal Network's Netmask | This is the netmask(s) for the subnet(s). |
|
Typing 3 at the Sensor Class Selection Menu opens the BorderGuard Type Menu. Use this menu to enter BorderGuard configuration data in the fields.
| Field Name | Description | Your Entry |
|---|---|---|
BorderGuard's Network Host Name | This is the network host name for the BorderGuard used in /etc/hosts on the Sensor or in DNS. |
|
BorderGuard's PASSWORD | This is the password used to log into the BorderGuard. | DO NOT WRITE YOUR PASSWORD HERE! |
BorderGuard's Version ID/Mode | This is the BorderGuard's Version ID and Configuration Mode. Enter one of the following: V3, DXE, V4Router, V4Bridge. Note Versions 3 and 4 apply to BorderGuard 1000 and 2000 models. Version 3 software supports Router mode only. The BorderGuard Version 4 NetSentry software supports either Router or Bridge mode. |
|
Based on the BorderGuard's Version ID/Mode, the following configuration menus refer either to Router Mode or Bridge Mode Configuration.
For router mode configuration, you need to establish the IP addresses and netmasks for each of the BorderGuard's network interfaces (the BorderGuard should separate your internal protected networks from outside untrusted networks).
The LAN Interfaces Entry menu is the first example of a configuration menu that allows you to list multiple entries. You can add as many entries to the list as you can see on your screen. Each Entry menu allows you to add, edit, or delete entries in the list.
Use the LAN Interfaces Entry Menu to enter BorderGuard configuration information for a LAN interface.
It is important to list the outside untrusted network interface first!
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Interface's IP Address | This is the IP address used by the BorderGuard on each interface. |
|
Netmask | This is the IP mask used on each interface. |
|
Note The first entry will be configured for the en01 interface, the second for en02, and so on. | ||
Use the WAN Interfaces Entry Menu to enter BorderGuard configuration information for a WAN interface.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Interface's IP Address | This is the IP address used by the BorderGuard for the PPP interface. |
|
Remote PPP IP Address | This is the Destination IP address used by the BorderGuard for the PPP interface. |
|
Use the BorderGuard Configuration Menu (Router) to enter configuration data for a BorderGuard that will be acting as a router.
| Field Name | Description | Your Entry |
|---|---|---|
BorderGuard's Primary IP Address* | This is the IP address that connects the BorderGuard to the network. |
|
BorderGuard's default gateway | This is the IP address that the BorderGuard uses for its default gateway. |
|
Minutes to log on an event | This is the number of minutes to log IP traffic after a serious event occurs. The recommended value is 15 minutes. |
|
Minutes to shun on an event | This is the length of time in minutes that traffic should be blocked when a serious event occurs. The recommended value is 1440, which equals one day. |
|
Sensor IP Address | This is the Sensor's IP address. |
|
BorderGuard's NAT IP Address | This is the network-translated IP address used by the BorderGuard connected to the Sensor. (Use only if NAT is being used on your network.) |
|
BorderGuard's IP Address connected to Sensor | This is the IP address used by the BorderGuard's interface that is connected tot the Sensor. |
|
BorderGuard's External IP Address | The Sensor uses the External IP Address as a reference to the untrusted networks. |
|
Note *If you are using encrypted sleeves over the Internet, this should be a routeable Internet address. | ||
Use the Static Routes Entry Menu to enter the IP addresses, Netmasks, and Gateway IP addresses for the static routes to be implemented by the BorderGuard.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Static Route's Network IP Address | This is the IP address for the static route. |
|
Static Route's Network Netmask | This is the netmask for the subnet. |
|
Static Route's Network Gateway IP Address | This is the IP address that acts as a gateway to the static route. |
|
For bridge mode configuration, use the BorderGuard Configuration Menu (Bridge) to enter configuration data for a BorderGuard that will be acting as a bridge.
| Field Name | Description | Your Entry |
|---|---|---|
BorderGuard's IP Address* | This is the IP address that connects the BorderGuard to the network. |
|
BorderGuard's default gateway | This is the IP address that the BorderGuard uses for its default gateway. |
|
Minutes to log on an event | This is the number of minutes to log IP traffic after a serious event occurs. The recommended value is 15 minutes. |
|
Minutes to shun on an event | This is the length of time in minutes that traffic should be blocked when a serious event occurs. The recommended value is 1440, which equals one day. |
|
Sensor IP Address | This is the Sensor's IP address. |
|
BorderGuard's NAT IP Address | This is the network-translated IP address used by the BorderGuard connected to the Sensor. (Use only if NAT is being used on your network.) |
|
Note *If you are using encrypted sleeves over the Internet, this should be a routeable Internet address. | ||
Use the Security Policy Configuration Menu to establish which incoming services to allow on your interface. You also use this menu to specify the servers to which this traffic will be allowed to pass.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Interface's IP Address* | This is the IP address of the server that is allowed to service requests coming in through the BorderGuard's External IP address. |
|
Port | This is the port on the server for the allowed service. |
|
*The Interface's IP Address field supports the definition of multiple IP addresses using any combination of the following formats:
Examples: 10.1.6.1, 10.1.6.20, 10.1.6.31, and 10.1.6.35 define 10.1.6.10, 10.1.6.20, and the IP addresses from 10.1.6.31 through 10.1.6.35. | ||
Use the Internal Networks Entry Menu to establish the IP addresses and Netmasks for the Internal Protected Networks.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Internal Network's IP Address | This is the IP address for the subnet(s) within the network being monitored by NetRanger. |
|
Internal Network's Netmask | This is the netmask(s) for the subnet(s). |
|
Typing 4 at the Main Menu opens the Database Configuration Menu. Use this menu to enter the Database User ID, the Database Password, and the person to be notified for NetRanger events.
| Field Name | Description | Your Entry |
|---|---|---|
Database USER ID | This is the user ID used to log into the database. |
|
Database PASSWORD | This is the password used to log into the database. | DO NOT WRITE YOUR PASSWORD HERE! |
Notify Person* | This is the person the NetRanger system notifies. Notification is based on criteria you will configure in the sapd.conf file during installation and configuration of NetRanger's sapd component. Please refer to Chapter 5 in this User's Guide for additional information. |
|
Note *This entry must be a valid e-mail or pager address. | ||
Typing 5 at the Main Menu opens the Source Entry Menu. Use this menu to enter the Organization and Host names, Organization and Host IDs, and IP routing addresses for the sources of NetRanger events. Enter this information for each Sensor that will be sending events to the Director.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Source NetRanger Org Name | This is the source's organization name. |
|
Source NetRanger Org ID | This is the source's organization ID. This ID must be identical on all NetRanger systems (Sensors and Directors) within an organization. You must enter a value between 1-65535 in this field. |
|
Source NetRanger Host Name | This is the source's NetRanger host name. |
|
Source NetRanger Host ID | This is the source's host ID. You must enter a value between 1-65535 in this field. This is NOT the IP address. |
|
IP Address of next NetRanger Postoffice in path to Src | This is the IP address of the NetRanger postoffice that can route NetRanger packets from the source. (If the network does not require an intermediary postoffice, this should be the IP address of the source.) |
|
Typing 6 at the Main Menu opens the Destination Entry Menu. Use this menu to enter the Organization and Host names, Organization and Host IDs, IP routing addresses, Destination Services, and Event Logging Levels for the destinations of NetRanger events.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Destination NetRanger Org Name | This is the destination's organization name. |
|
Destination NetRanger Org ID | This is the destination's organization ID. This ID must be identical on all NetRanger systems (Sensors and Directors) within an organization. You must enter a value between 1-65535 in this field. |
|
Destination NetRanger Host Name | This is the destination's host name. |
|
Destination NetRanger Host ID | This is the destination's host ID. You must enter a value between 1-65535 in this field. |
|
IP Addr of next NetRanger Postoffice in path to Dest | This is the IP address of the NetRanger postoffice that can route NetRanger packets to the destination. (If the network does not require an intermediary postoffice, this should be the IP address of the destination.) |
|
Service to send events to | This is the name of the service NetRanger events will be sent to. You must enter loggerd, smid, or eventd in this field. |
|
Lowest Level Alarm/Event to send | This is the lowest level of NetRanger alarm/event to send to the service (loggerd, smid, or eventd) you chose in the previous field. You must enter a value between 1-255 in this field. (The recommended level for alarms sent to smid is 2 and 1 for alarms sent to loggerd.) |
|
Typing 7 at the Main Menu opens the Router Entry Menu. Use this menu to enter the Organization and Host names, Organization and Host IDs, and IP Routing Addresses for remote NetRanger nodes that are not being used as a source or destination.
| Field Name | Description | Your Entry |
|---|---|---|
Remote NetRanger Org Name | This is the organization name of the remote NetRanger node. |
|
Remote NetRanger Org ID | This is the remote NetRanger node's organization ID. This ID must be identical on all NetRanger systems (Sensors and Directors) within an organization. You must enter a value between 1-65535 in this field. |
|
Remote NetRanger Host Name | This is the remote NetRanger node's host name. |
|
Remote NetRanger Host ID | This is the remote NetRanger node's host ID. You must enter a value between 1-65535 in this field. |
|
IP Addr of next Postoffice in path to Remote NetRanger | This is the IP address of the NetRanger postoffice that can route NetRanger packets to the remote node. (If the network does not require an intermediary postoffice, this should be the IP address of the remote node.) |
|
Typing 8 at the Main Menu opens the Sleeved Networks Entry Menu. Use this menu to enter the Remote Organization ID, Remote IP routing addresses, and Remote Network Netmasks for Sleeved Networks.
| Field Name | Description | Your Entry(ies) |
|---|---|---|
Sleeve's Remote Organization ID | This is the organization ID for the remote end of the sleeve. |
|
Sleeve's Remote Network IP Address | This is the IP address for the remote end of the sleeve. |
|
Sleeve's Remote Network Netmask | This is the subnet netmask for the remote end of the sleeve. |
|
Typing 9 at the Main Menu prompts you to ensure that you want to clear the temporary configuration files for the NetRanger software.
Are you sure you want to CLEAR the Temporary Configuration Files? (y/n)>
Type y to clear and reinitialize the temporary NetRanger configuration files in /usr/nr/etc/wgc and the temporary BorderGuard configuration files in /usr/nr/etc/nsc to their default values. This will not discard any configuration information you entered in the current nrconfig session.
Typing 10 at the Main Menu prompts you to insure that you want to generate the temporary configuration files for the NetRanger software.
Are you sure you want to GENERATE the Temporary Configuration Files? (y/n)>
Type y to write the temporary NetRanger configuration files containing all the modifications made in the current nrconfig session to /usr/nr/etc/wgc and the temporary BorderGuard configuration files to /usr/nr/etc/nsc.
Typing 11 at the Main Menu starts a vi editing session on the temporary NetRanger configuration files in /usr/nr/etc/wgc and the temporary BorderGuard configuration files to /usr/nr/etc/nsc.
Typing 12 at the Main Menu starts a more command on the temporary NetRanger configuration files in /usr/nr/etc/wgc and the temporary BorderGuard configuration files in /usr/nr/etc/nsc.
Typing 13 at the Main Menu prompts you to ensure that you want to commit the temporary configuration files for the NetRanger software to the NetRanger Configuration File Directory.
Are you sure you want to COMMIT the Temporary Configuration Files to the NetRanger Configuration File Directory `/usr/nr/etc' and to the BorderGuard Configuration File Directory `/tmp'? (y/n)>
Type y to write the configuration temporary NetRanger configuration files to the /usr/nr/etc and /tmp directories.
Pressing Enter at the Main Menu prompts you to ensure that you are ready to exit nrconfig:
Are you sure you want to EXIT? (y/n)>
Type y to exit nrconfig.
NetRanger network configuration is complete.
nrstop and nrstart commands before the committed NetRanger configuration files will take effect.
Use these release notes in conjunction with the following document:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO services a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwiths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Posted: Thu Jul 27 12:07:31 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.