Rule management, Deploying the p-series – Force10 Networks PSeries 100-00055-01 User Manual

Page 19

Advertising
background image

P-Series Installation and Operation Guide, version 2.3.1.2

19

Firmware is a set of rules that has been transformed—using a compiler—from Snort syntax into a form
suitable for uploading to the FPGA. Two sets of sample rules files have been compiled into firmware and
are available to be uploaded to the FPGA using either of two firmware management methods (see

“Rule

Management” on page 19

).

Table 2

describes each sample rules file.

The firmware based on the sample rules files follow the naming convention described in

“Selecting

Firmware with the GUI” on page 30

.

Rule Management

The P-Series software provides three methods by which you can manage the rules and functionality of the
appliance:

Graphical User Interface: The graphical user interface (GUI) is a menu-based method for managing
the appliance.

Web-based GUI: Manage the appliance and graphically plot performance online.

Command Line Interface: The command line interface (CLI) uses a script called pnic through which
you can manually perform the same management tasks as the GUI by entering commands at the
command prompt.

Force10 recommends using the GUI or web-based GUI if no programmatic interface is required.

Deploying the P-Series

The flexible architecture of the P-Series lends itself to various deployments.

Table 2 Sample Rules Files

Rule Set

Description

evasion.rules The rules in this file help detect attacks which are using strategic TCP segmentation to avoid

detection.

fw.rules

This file contains rules written in Snort syntax for a firewall application (see

“Writing Rules for a

Firewall Deployment” on page 77

).

meta.rules

The rules in this file report on flow information and provide compatibility with Snort.

null.rules

This file contains no rules; the firmware created from these files are empty images that maximize
the dynamic rule capacity (see

“Rules Capacity” on page 55)

.

sample.rules

This file contains rules written in Snort syntax that were derived from publicly available IDS rules.

Note: Force 10 recommends not using the sample firmware for production IDS/IPS use. The sample
firmware requires considerable site-specific customization in order to be effective; they are included only
for you to become more familiar with the functionality of the appliance.

Advertising
Popular Brands
Popular manuals