manualshive.com logo in svg

APconnections NetEqualizer, User Manual

Get the most out of your APconnections NetEqualizer with the free user manual download available at manualshive.com. This comprehensive manual provides step-by-step instructions for setting up and optimizing your NetEqualizer to ensure smooth and efficient network performance. Download your manual now to unlock the full potential of your device.

Share
Download
background image

User Guide Appendix

 

 

 

 

         

 

APconnections, Inc. // 303.997.1300 // www.netequalizer.com  

Page 92 of 96 

All rights reserved 

Copyright © 2014, 2015 APconnections, Inc. 

 

rev. 20150309 

Appendix 7 - Firewalling the NetEqualizer

 

 
This appendix is for customers that need to install the NetEqualizer outside of their firewall, 

on the public side of their Internet pipe. 
 

Firewall rules are provided to prohibit unauthorized users from accessing the NetEqualizer IP 
and thus SSH access and the NetEqualizer Web GUI screen.  

 

WARNING: 

The firewall rules can lock you out from the unit if you give it the wrong rule or 

do not know what you are doing. Be sure that you have access to the unit's console before 
testing rules if you are unsure. At the console you could login and clear firewall rules 

typically with: 

iptables -F

 or if using ebtables, 

ebtables -F

  at the command prompt and 

clear most rules a user would be testing. 
 

Review Firewall Samples 

The Firewall Samples (listed below) and available via the GUI, should be viewed before 
setting up a Firewall on your NetEqualizer.  

From the Management and Reporting Menu, 

Click on ->

 Manage Firewall Settings 

-> 

[

Sample Firewall Rules

-> 

[

Show Rules

].

 

 
Note: The NetEqualizer has a bridging firewall installed so the FORWARD table is used for 
rules affecting things going "through" the unit. INPUT and OUTPUT tables are used to 

protect the unit itself. 

 

Sample file 

Description 

firewallprotectneteq.txt

 

How to protect the NetEqualizer unit from 

unauthorized access. 

howtodroppacketsfromthisorthat.txt

 

 

How to drop packets by IP or PORT or MAC address 
going through the NetEqualizer. 

redirectfw.txt

 

 

A sample of how to create a capture portal using 
IPtables and the macs.allow file. 

 

To set up the NetEqualizer Firewall: 

From the Management and Reporting Menu, 

Click on ->

 Manage Firewall Settings 

-> 

[

Configure Firewall

-> 

[

Edit Firewall Rules File

]

 -

>

 

[

Edit

]. 

Put in the rules that you need, by copying and pasting from the Firewall Samples and then 
modifying for your environment.  

Click on -> 

[

Post Changes

]

 to save or 

[

Reset

]

 

to cancel. 

 

To view NetEqualizer Firewall Settings: 

From the Management and Reporting Menu, 

Click on ->

 Manage Firewall Settings 

-> 

[

View Firewall Settings

].

 

 
To start or stop the NetEqualizer Firewall: 

After you have configured your Firewall, or made changes to it, you will need to start/restart 
it.  From the Management and Reporting Menu, 

Click on ->

 Manage Firewall Settings 

-> 

[

Start/Stop Firewall

]

.  Then 

Click on -> [

Start/Restart Firewall

]

 to start.   

 
If you decide for any reason to stop your firewall, 

Click on -> 

[

Stop Firewall

]

 to stop.

 

 

 

Summary of Contents for NetEqualizer

Page 1: ...NetEqualizer User Guide Copyright 2014 2015 APconnections All rights reserved No part of this publication including text examples diagrams or illustrations may be reproduced transmitted or translated...

Page 2: ...meter Settings 19 Controlling P2P Traffic 20 Setting Connection Limits 20 Dynamic Hogmin Creating Smart Connection Limits 22 Setting Bandwidth Limits 25 Setting Hard Limits by IP 25 Adding Bursting to...

Page 3: ...r 72 Maintenance Tasks 73 Powering Off the NetEqualizer 73 Backing Up Your Configuration Settings 73 Getting Software Updates for the NetEqualizer 73 Troubleshooting 76 Frequently Asked Questions FAQs...

Page 4: ...etEqualizer User Guide to become familiar with all of the advanced features available to you Note The NetEqualizer User Guide is not a step by step instruction manual Select the feature you are intere...

Page 5: ...nerally a constriction point in traffic flow where many users compete for this limited resource By placing your NetEqualizer at this junction you will automatically optimize your Internet speed The Ne...

Page 6: ...he NetEqualizer via the Web GUI IP To access the NetEqualizer via the Web GUI IP plug a laptop PC into your Switch and then set to the 192 168 1 x range x not 143 to access the NetEqualizer Once you c...

Page 7: ...e We recommend that you install your NetEqualizer on a UPS to protect from power surges and outages optional Access Point Configuration in a Wireless Network Put your radios in bridging mode and set y...

Page 8: ...your next steps in setting up the NetEqualizer will be to configure your IP settings set your passwords install your license key and set the date time and time zone for your NetEqualizer All these fu...

Page 9: ...ns statistics about traffic levels running through your NetEqualizer You can look at traffic for the entire network Pool 0 as well as levels for Bandwidth Up and Bandwidth Down and determine whether R...

Page 10: ...can be set to Auto Refresh On Off at available intervals of 5 10 or 30 seconds which should work for most users Note The NetEqualizer Dashboard is available in Software Update 6 0 and above Note If y...

Page 11: ...gs Low bandwidth users do not have to share the pain of a slow congested network with the network hogging applications Equalizing does this by using our proprietary algorithms to implement fairness Fi...

Page 12: ...riencing moderate to heavy use you will see entries containing the word PENALTY followed by two IP addresses in the log PENALTY indicates that NetEqualizer s built in fairness rules have determined th...

Page 13: ...encrypted P2P traffic We believe this mechanism to be superior to managing policy files of known P2P traffic types which will not help with encrypted P2P in any case This is described in more detail i...

Page 14: ...alizing Rules on This means that the equalizing parameters are being applied Equalizing Process Started Now go to the Dashboard The Equalizing Process is running if the Equalizing button is ON GREEN I...

Page 15: ...Smart Connection Limits Setting your Trunk Size Bandwidth Up TRUNK_UP and Bandwidth Down TRUNK_DOWN units are bytes per second Default T1 Set these parameters to the size of your network pipe for out...

Page 16: ...odify the following parameters to adjust equalizing sensitivity Penalty Unit PENALTY_UNIT units are 100ths of seconds Default 2 PENALTY_UNIT is the unit of time that NetEqualizer will start with when...

Page 17: ...pipes you may want to raise HOGMIN to allow more traffic types to pass without being penalized Here are some recommended settings for HOGMIN based on network size Network Size HOGMIN 50Mbps 20 000 50M...

Page 18: ...s 20 000 100Mbps to 1Gbps 30 000 1Gbps 40 000 Note NetEqualizer can handle up 2 million or more connections every minute We point this out as many customers compare our connection ability with that of...

Page 19: ...n after 2 seconds Viewing your Equalizing Parameter Settings Once you have set all your parameters make sure to scroll to the bottom of the window and then Click on Modify to save or Click on Reset to...

Page 20: ...easons for system administrators to limit connections to a server than we can possibly include in this discussion The APconnections design team developed this feature within NetEqualizer to lessen the...

Page 21: ...IS allowed as individual connection limit is BEFORE the subnet limit CONNECTION 10 1 1 45 32 20 0 CONNECTION 10 1 1 0 24 1500 0 You might have an individual connection limit exception like this if yo...

Page 22: ...llent at controlling most P2P traffic Note If you have online gamers on your network you may need to set your Connection Limit as high as sixty 60 to facilitate online game playing Note When you first...

Page 23: ...f you do not have a lot of P2P traffic on your network you may opt to stay with Connection Limits as a quick and easy implementation Smart Connection Limits take a little more thought to implement and...

Page 24: ...the number of connections a given IP is using To set Dynamic Hogmin click on the drop down box and select ON Dynamic Hogmin Connections How many reasonable connections are there per user Note that th...

Page 25: ...ws and will be discussed in detail below 1 Hard Limits by IP Individual limits by IP or subnet 2 Adding Bursting by IP Burst a Hard Limit by IP 3 Bandwidth Pools Shared limits by IP or subnet 4 VLAN H...

Page 26: ...Prior to the bursting feature the top speed allowed for each user was fixed at the set Hard Limit Now with bursting a user can be allowed a burst of bandwidth for up to 10 seconds at two three four o...

Page 27: ...mit for an IP Address window Select the appropriate Hard Limit from the drop down box and Click on Remove Rule To re add the rule without bursting from the Web GUI Main Menu follow the instructions un...

Page 28: ...bandwidth for all the IP addresses will not be allowed to exceed more than the total bandwidth allocated to the bandwidth pool For example if four IP addresses are set in a pool and the pool bandwidt...

Page 29: ...oad limit The window displays the current Pool s in use so that you do not reuse a Pool Click on Add Pool to create the Pool To add members to a Bandwidth Pool From the Setup and Configuration Menu Cl...

Page 30: ...Pools Scroll down and look at the View Pools window To view all IP addresses assigned to Bandwidth Pools From the Setup and Configuration Menu Click on Manage Traffic Limits Manage Pools Scroll down a...

Page 31: ...and Click on Remove Rule In addition to enforcing the VLAN rate limits the NetEqualizer will perform Equalizing across all users on the VLAN when Default Rules are on This works like Bandwidth Pools...

Page 32: ...re Hard Limits by MAC Address Scroll down to view the Remove a MAC Limit window Select a MAC Limit listed by username from the dropdown box and then Click on Remove MAC Rule You also need to restart M...

Page 33: ...of the server or site hosting the training videos Masked Traffic is invisible to the NetEqualizer Typically this is used to exclude local traffic i e a computer talking to a server on your network cro...

Page 34: ...using Hard Limits to add a hard limit for the IP or subnet so that it does not take an unlimited amount of bandwidth Note Use Priority Traffic sparingly The most common mistake for new installations...

Page 35: ...date 5 8 we expanded our masking feature to enable you to create VLAN Masks using VLAN IDs Our new VLAN Masking feature enables you to designate entire local VLANs that you want masked from Equalizing...

Page 36: ...m You can quickly plug in IP addresses from the GUI and have a monthly quota enforced right away The GUI Interface enables you to Track user data by IP Specify Quotas and Bandwidth Limits Rules by IP...

Page 37: ...low for help Click on Add Rule to save or Click on Reset to clear values If you try to add a Quota Rule while the Quota System is OFF your Quota Rule will NOT be saved and you will see the following e...

Page 38: ...t to 2000000 2meg and Duration was 1440 the IP address would be restricted to 2meg over 1 Day Industry best practice for ISPs is to set Duration 1 week To span 1 Week 10080 7 days 24 hours 60 minutes...

Page 39: ...le if you had a Hard Limit for 10 99 100 01 24 of 5Mbps each IP in the subnet would be limited to this rate of bandwidth consumption If an IP in the subnet exceeded the 1 gigabyte Quota Amount during...

Page 40: ...Quota System From the Management and Reporting Menu Click on Manage User Quotas Configure User Quotas Scroll down to see the Setup Gmail Notices window In the Setup Gmail Notices window type a valid g...

Page 41: ...me right now Wed Oct 17 13 58 55 MDT 2012 Total Bytes Down Data in bytes collected against the IP address Total bytes down 246292 Allowed Quota Amount Allowed 1000000000 1 GB Reset Time When Duration...

Page 42: ...n under Sample Instructions Should you need assistance please call our Support Team at 303 997 1300 x102 or email support apconnections net Note MAC Redirection questions and support are not covered i...

Page 43: ...n enabled MAC redirection looks at the macs allow file when an outgoing connection is made from your network out to the Internet If the user has a browser active and the MAC address is unauthorized it...

Page 44: ...ard in 8 2 shows you some basic metrics on the outside intrusion hit rate into your network It can be used to spot anomalies that would indicate a likely DDoS attack in progress See our detailed blog...

Page 45: ...C IP The source IP for this connection External IP address Suspect for a DDoS attack DST IP The destination IP for this connection Internal IP address Port Whether the traffic was initiated internally...

Page 46: ...ll DFW is an Add on Module made up of a set of intelligent tools and consulting The DFW is used to block external IP addresses that you suspect of being involved in a DDoS attack If you are reviewing...

Page 47: ...View Current Activity enables you to see what is going on in your network at this moment in order to actively monitor and manage your network usage We offer several reports that provide real time vis...

Page 48: ...d 5 Configuration View how you have defined the key parameters traffic limits priorities and P2P limits on your NetEqualizer Use this to validate your settings 6 Running Processes Check out what proce...

Page 49: ...All rights reserved Copyright 2014 2015 APconnections Inc rev 20150309 Notifications Set up Emails to notify and Select Events upon which to send alerts and notifications 1 Configure Email Set up emai...

Page 50: ...re over your allotted bandwidth do 95th percentile sampling meaning they estimate your usage from sporadic sampling One thing we have not focused on until now is making this wealth of data available t...

Page 51: ...s so that we can focus on the Real Time Traffic RTT graph itself On this graph you can see bandwidth consumed for all traffic flowing through your NetEqualizer Click on a radio button to see this grap...

Page 52: ...ctive Connections To view Active Connections from RTR Menus From the RTR Menus Click on Active Connections To view from the Dashboard From the Dashboard on the Common Tasks bar Click on View Current A...

Page 53: ...nvolved in the connection SRC IP Source IP address involved in the connection Ptcl The protocol ICMP TCP IP UDP For IPv6 traffic mapped to an IPv4 address this will show Port Outbound value 1 or Inbou...

Page 54: ...ck on View Connections The report fields are defined in the Fields of the IPv6 Active Connections Reports table below This Active Connections table shows all IPv6 traffic streams IP pairs currently ac...

Page 55: ...IP Reports 1 Country Lookup 2 DNS Lookup 3 All Rules Lookup and 4 view Traffic History by IP Graph Country Lookup for an IP On Row 1 of the Active Connections Table if I Click on C Country Lookup for...

Page 56: ...as priority or has been masked If you have set a quota for the IP that is displayed as well And most importantly the validity of your configuration for that IP is checked and you are warned if somethi...

Page 57: ...example I have updated the graph to show the last 10 minutes of data Radio buttons on the top right can be used to select whether you display download traffic upload traffic or both on the graph And f...

Page 58: ...your bandwidth Start RTR By default Traffic History reports are OFF You must first turn these on in order to use Traffic History Click on Start Stop RTR and then Click on Start RTR circled at right to...

Page 59: ...ic in MBps You can change the time viewed from 10 minutes up to 1 week and can view the graphs in megabytes MBps or megabits Mbps The graph will use whatever units you have selected in RTR Preferences...

Page 60: ...1 you need to enter ALL IPs or subnets associated with a Pool or VLAN in order to accurately see all data within the tracked Pool or VLAN We hope to change this in the future to enable you to just se...

Page 61: ...r either the General Traffic History Graphs or Traffic by IP Pool VLAN Graphs you can do so Click on Traffic History Clear Reporting Data The menu at the right comes up When you click on Clear General...

Page 62: ...aults to displaying 25 rows You can change this to 10 25 50 or 100 rows circled above at top left If you are looking for item such as an IP address or the word PENALTY you can use the Search field to...

Page 63: ...so NetEqualizer has levied a PENALTY against this connection The penalty causes all data on this connection to slow down by PENALTY_UNIT If this connection continues to use too much bandwidth NetEqua...

Page 64: ...more than equalizing would allow without something being penalized so it penalized all connections over HOGMIN Configuration back View how you have defined the key parameters on your NetEqualizer It...

Page 65: ...process table only shows the neteq process RTR Preferences back This RTR menu is used to set the units that you prefer to see your traffic on the Real Time General History and Traffic by IP Pool VLAN...

Page 66: ...e Active Connections Table always has data Neither of these are impacted when you Clear Reporting Data To populate reporting data for the Traffic History Graphs you need to start RTR This is also docu...

Page 67: ...antaneous Bandwidth Usage back Note As of software update 7 1 we recommend viewing Instantaneous Bandwidth Usage through the Dynamic Real Time Reporting tool on the Dashboard Curious about how much ba...

Page 68: ...r IP VLAN or POOL also type in the ID to report on This is not needed for the IPv6 report For IPv6 traffic this generates a summary report containing the total bandwidth consumed by IPv6 traffic on yo...

Page 69: ...rts To set up an email address to send alerts to From the Management and Reporting menu Click on Manage Alerts Configure Email Fill out the eight 8 fields which are used to populate each email notific...

Page 70: ...yourdomain com From Name Name FROM for all emails Blank Configure Alerts back Once you have set up your email server you can select events to be notified on and the notification period which is the a...

Page 71: ...ll times you can put two NetEqualizers in your network in active passive mode NetEqualizer is designed to fail closed meaning that network traffic will not pass through the unit if it goes down You ca...

Page 72: ...his example Second on each of the NetEqualizers from the Maintenance and Reference Menu Click on Maintenance Edit Autostart File Edit Type in the following two lines at the bottom of the file sbin brc...

Page 73: ...n Click on Save Configuration Save the NetEq cfg file to a backup location Getting Software Updates for the NetEqualizer We release Software Updates typically two 2 times per year All customers that h...

Page 74: ...ur CFs Please be aware that when you replace the CF you replace every file and setting as this is no different than putting a new hard drive into a system and removing the old one In order to not lose...

Page 75: ...r re flashed CF card you will need to re enter your Final Key restore your NetEq cfg file copy back in your Autostart File and copy back in any shell script files The instructions that you receive fro...

Page 76: ...traffic back If you have set up pools and your cables are reversed you will see no traffic flowing though your pools The remedy will be to swap your LAN and WAN cables Review the diagram below to ide...

Page 77: ...d email to support apconnections net errors like can t read disk sector or out of memory or Duplicate IP Ideally you should not reboot the NetEqualizer as that will clear out the NetEqualizer Log File...

Page 78: ...d The following window comes up You can either enter a Command in the text box or scroll down to see Common Commands see List of Common Commands Table below and run any of them by clicking on the asso...

Page 79: ...y tell which NetEqualizer you are administering From the Maintenance and Reference menu Click on Maintenance Edit Any Text File To open the config file type in etc arbdefault conf Go to the NAME param...

Page 80: ...ly 46098 was achieved 45 of expected bandwidth If this test was run during peak hours either your pipe is not saturated or you would contact your bandwidth provider to find out why you are not able to...

Page 81: ...n the link to go to the PENALTY_UNIT section of this document where we offer detailed recommendations on tuning PENALTY_UNIT How to Monitor Bandwidth Hogs back Below is a step by step process to creat...

Page 82: ...n x sbin brctl getbrain my 0 grep v Wavg foreach line x chomp line specials split line if specials 5 hogmin print specials 1 specials 2 specials 3 specials 4 specials 5 specials 6 specials 7 specials...

Page 83: ...qualizer from penalizing short bursts of activity Maximum Penalty MAX_PENALTY Hundredths of seconds 140 Rarely changed from Default value Should be greater than PENALTY UNIT and less than 200 Penalty...

Page 84: ...lick on Maintenance Run a Command to run the following commands To see if your ports are dropping packets or having collisions run sbin ifconfig To see what your ports details are run the following co...

Page 85: ...oot using the default password unless you changed it previously From vi or nano You can also use nano or vi to edit the art autostart file Start your editor by typing in the following nano w art autos...

Page 86: ...done the how is not addressed to any level of detail to which we can engineer our solution We believe that the law and specifications on how to deliver to a law enforcement agency are somewhat ambigu...

Page 87: ...etcat can be piped to a file using the and like any other command Step 2 Setting up the NetEqualizer to Capture Packets To set up packet capturing on the NetEqualizer From the Management and Reporting...

Page 88: ...an be accessed from cache or accessed from the Internet and equalized as needed NCO caches all port 80 traffic file sizes from 2MB to 40MB including YouTube videos Any type of static content that is f...

Page 89: ...et_Max_Table_Size Parameter The tuning parameter set_max_table_size is used to increase the number of subnet range definitions possible from the default of 32 up to a maximum of 128 To set this parame...

Page 90: ...is ON GREEN ntop is off if the button is OFF RED If the ntop process is ON GREEN Click on View Historical Reports Start Stop ntop and stop ntop Set Time Zone You should also set your time zone for th...

Page 91: ...Your request is complete 6 Click on Maintenance Run a Command Type in crontab root crontab Blank screen will come up when command is processed Click on Back Arrow to return to Run a Command and then...

Page 92: ...e The NetEqualizer has a bridging firewall installed so the FORWARD table is used for rules affecting things going through the unit INPUT and OUTPUT tables are used to protect the unit itself Sample f...

Page 93: ...initial activation and set up charge for NetEqualizer Directory Integration NDI Once set up NDI software itself is covered under NSS to get future releases you will need to be current on your NSS Che...

Page 94: ...cal cgi or php function that you wrote in 1 above that takes an argument of an IP address and then returns one parameter username Return value should be either a clean username or unknown if the IP ad...

Page 95: ...g will now status bandwidth usage by username instead of IP 1 Make sure that the NDI API usernames2 is running from 2 above 2 Your back end Domain Controller server must be set up from 1 above 3 You m...

Page 96: ...s reserved Copyright 2014 2015 APconnections Inc rev 20150309 quotes like Patricia O Hodge so that it see the username as one argument Note As a reminder Quota Usage data is not persistent on a restar...

Reviews:

No comments

Related manuals for NetEqualizer

3Com 486 Getting Started Manual preview
486
Brand: 3Com Pages: 20
D-Linke DHP-346AV Quick Installation Manual preview
DHP-346AV
Brand: D-Linke Pages: 32
Cabletron Systems Netlink FRX4000 Installation And Setup Manual preview
Netlink FRX4000
Brand: Cabletron Systems Pages: 8
Cabletron Systems 9C300-1 Upgrade Instructions preview
9C300-1
Brand: Cabletron Systems Pages: 4
Cabletron Systems MMAC-Plus 9F106-02 Reference Manual preview
MMAC-Plus 9F106-02
Brand: Cabletron Systems Pages: 7
National Instruments NI 9426 Getting Started Manual preview
NI 9426
Brand: National Instruments Pages: 17
National Instruments NI PCIe-8255R Quick Start Manual preview
NI PCIe-8255R
Brand: National Instruments Pages: 16
National Instruments NI 9403 Operating Instructions Manual preview
NI 9403
Brand: National Instruments Pages: 23
National Instruments USB-6501 Quick Start preview
USB-6501
Brand: National Instruments Pages: 5
National Instruments PXIe-8106 User Manual preview
PXIe-8106
Brand: National Instruments Pages: 76
National Instruments NI 9229 Operating Instructions Manual preview
NI 9229
Brand: National Instruments Pages: 34
Paradyne COMSPHERE 3610 User Manual preview
COMSPHERE 3610
Brand: Paradyne Pages: 112
Cambium Networks PMP 450 Series User Manual preview
PMP 450 Series
Brand: Cambium Networks Pages: 215
Vonets MINI300 Quick Setting Manual preview
MINI300
Brand: Vonets Pages: 8
Grasslin TOWERCHRON DP72 Programming Manual preview
TOWERCHRON DP72
Brand: Grasslin Pages: 2
SMART MOD IIC Installation And Service Manual preview
MOD IIC
Brand: SMART Pages: 15
insys icom EBW-E Quick Installation Manual preview
EBW-E
Brand: insys icom Pages: 4
Renesas R0E001000ACB00 User Manual preview
R0E001000ACB00
Brand: Renesas Pages: 4

Brands by name

Popular brands

Load more brands