Getting started, Returning to the default configuration, Chapter 2 – Force10 Networks PSeries 100-00055-01 User Manual
Page 15: Chapter 2 getting started
P-Series Installation and Operation Guide, version 2.3.1.2
15
To begin inspecting and filtering traffic you must:
1. Select firmware and dynamic rules
2. Set capture/forward policies
3. Check for proper operation by generating traffic across the appliance.
Step
Task
1
As root, enter the command
pnic gui from the Unix command line to invoke a graphical user
interface (GUI).
2
Enter the command
m from the GUI command line.
3
Select
Manage Firmware from the Rule Management GUI, then select “null” firmware and confirm.
The sample firmware and rules files are testing examples only. Force 10 recommends not employing
the sample firmware for production IDS/IPS use.
4
Select
Edit Rules from the Rule Management GUI.
5
Uncomment the rule
alert on all icmp any any -> any any (msg:"@icmp";) by removing the #
symbol before the rule.
•
Enter the command
i to enter insert mode.
•
Navigate to the character using the arrow keys, and delete the character.
6
Enter the command
:wq to exit the vi editor, and confirm your changes.
7
Confirm to reload the Forward/Block settings.
8
Run a packet sniffer such as tcpdump on the network interface associated with the appliance.
9
Generate some ICMP traffic to be exchanged between endpoints.
•
Endpoints are two network nodes on opposite sides of the appliance such that traffic between
those nodes passes through the appliance.
•
For example, enter
ping destaddress, where destaddress is the IP address of the endpoint on
the opposite end of the appliance.
10
If you are using tcpdump, enter the command
tcpdump -i pnic0 -n from the Unix command line.
•
This prints to standard output all of the packets captured by the DPI.
•
If the appliance is operating correctly, you will see the ICMP packets.
Returning to the Default Configuration
Return to the factory default settings using the command
pnic resetconf
. See the
.
Chapter 2
Getting Started