manualshive.com logo in svg

HP P4518A - Traffic Management Server Sa7150, User Manual

The HP P4518A - Traffic Management Server Sa7150 is a powerful and efficient device designed to streamline traffic management processes. With its user-friendly interface, configuring and managing settings is made easy. To explore all the features, functions, and settings of the device, download the comprehensive and free User Manual from our website.

Share
Download
background image

C H A P T E R  3

Client Authentication

45

Verify the import by using the list map command again. Note that the 
Client Auth column now shows client authentication for Map ID 2 
enabled.

HP SA7150> list map
Map                 Net   Ser  Cipher Re-    Client    well
ID KeyID  Server IP Port  Port Suites direct Auth  XML form
== =====  ========= ===== ==== ====== =====  ===== === ====
1 default Any       443  80  all(v2+v3) n    n     n   N/A
2 sample  10.1.2.57 443  80  med(v2+v3) n    y     n   N/A
HP SA7150> 

Clients connecting to “map 2” are required to present a client 
certificate signed by the CA whose certificate was imported above. If 
they do not present a properly signed certificate, their connection 
attempt is refused.

Creating a 
Client CA 
Certificate 
using 
OpenSSL*

Software packages are available that handle the details of client 
certificate generation. However, you can also implement them 
manually. The following example illustrates the appropriate steps 
using OpenSSL*. 

NOTE:  To acquire a 
copy of OpenSSL* for 
your environment, access 
the OpenSSL* Web site at 
www.openssl.org.

1. Generate the key pair for the client CA.

openssl genrsa -out ca_key.pem 1024

2. Create another private key by typing this command.

openssl genrsa -out ca_key.pem 1024

3. Generate the client CA certificate.

openssl req -new -x509 -config hp.cnf -key 

ca_key.pem -days 365 -out ca_cert.pem

NOTE:  In this example, 
ca_cert.pem is your 
trusted CA and signing 
certificate.

4. Use the import client_ca command to import ca_cert.pem for 

each client. 

1. Generate a key pair.

openssl genrsa -out key.pem 1024

2. Generate a certificate signing request.

openssl req -new -config hp.cnf -days 365 -

key key.pem -out csr.pem

3. Sign the client certificate request by typing this command.

openssl X509 -req -Cacreatserial -Cakey 

ca_key.pem -CA ca_cert.pem -in csr.pem -out 

cert.pem

Summary of Contents for P4518A - Traffic Management Server Sa7150

Page 1: ...hp e commerce xml server accelerator sa7150 user guide ...

Page 2: ...NTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material Hewlett Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett Packard Warranty A copy of the specific warra...

Page 3: ...7150 1 Assumptions 2 Benefits 2 Specifications 3 Typographic Conventions 5 Chapter 2 Installation and Initial Configuration Parts Checklist 7 Additional Requirements 8 Physical Installation 9 Rack Installation 9 Free Standing Installation 10 Network Connections 10 ...

Page 4: ...r 20 Operators 20 Attributes 22 Filters 23 Boolean Operators 24 Function Calls 24 Values 26 XML Pattern Creation 27 Mapped Server 28 Default Keyword 29 XML Pattern Matching 29 XML Well formed Check 30 Network Configurations 31 Single Server 31 Multiple Servers 31 Multiple SA7150s and Cascading 32 Scalability and Cascading 32 Spilling and Throttling 32 Availability 32 SSL Operations 33 Keys and Cer...

Page 5: ... Mapping 46 Automapping 47 Automapping with user specified key and certificate 47 Automapping with multiple port combinations 47 Deleting automapping entries 47 Manual mapping 48 Combining automapping and manual mapping 48 Blocking 48 Specific IP Specific Port 48 Subnet Specific Port 49 All IPs Specific Port 50 Delete a Block 51 Failure Conditions Fail safe and Fail through 51 Chapter 4 Scenarios ...

Page 6: ...e Interface 72 User Authentication 72 Command Line Prompt 72 Abbreviation to Uniqueness 72 Input Editing Commands 73 Moving the Insertion Point 73 Command History 73 Cut and Paste 74 Command Summary 75 Command Reference 80 Help Commands 80 Status Command 80 XML Commands 81 Port Mapping Commands 88 Operational Commands 91 Remote Management Commands 93 Alarms and Monitoring Commands 100 Configuratio...

Page 7: ...24 Where to find the MIB File 124 Trap Summary 124 Standard SNMP Traps 124 Traps in the HP Private MIB 124 Enabling SNMP 126 Specifying SNMP Information 126 Community String 127 Trap Community String 128 Access Control 128 Chapter 7 Alarms and Monitoring Overview 131 Alarm Types 133 ESC Encryption Status Change Alarm 133 Alarm Modifiers and Messages 133 RSC Refused SSL Connections 134 Alarm Modifi...

Page 8: ...nded Data 138 Alarm Logging 138 Monitoring 142 Monitoring Reports 142 Console Configuration 142 Report Configuration 142 Monitoring Reports CLI Commands 143 Chapter 8 Software Updates Using HyperTerminal 146 Chapter 9 Troubleshooting Appendix A Front Panel Buttons and Switches 154 Front Panel LEDs 154 Connectors 156 Appendix B Failure Bypass Modes Bypass Button 158 Fail through Switch Security Lev...

Page 9: ...22 Statement 167 VCCI Class A Japan 168 Australia 168 WARNING 168 AVERTISSEMENT 169 WARNUNG 169 AVVERTENZA 170 ADVERTENCIAS 171 Wichtige Sicherheitshinweise 172 Appendix E Software License Agreement Mozilla and expat License Information 178 MOZILLA PUBLIC LICENSE Version 1 1 178 Appendix F Support Services Support for your SA7150 191 U S and Canada 191 Europe 192 Asia 193 Latin America 193 Other C...

Page 10: ...C O N T E N T S HP e Commerce XML Server Accelerator SA7150 User Guide x Notes ...

Page 11: ...ute it according to user defined parameters The SA7150 is positioned in the network in front of business to business B2B XML servers where it detects and parses XML messages or transaction data It sends client data to the most appropriate server based on rules pre configured for each server The most common application is a B2B environment where the client is often another server or application ...

Page 12: ...eature Benefits Patent pending rules engine allows classification of XML transactions for example by Trading partner name Trading partner type Transaction quantity Transaction value Time of day Time zone NOTE The above items are examples You can define any number of classifications according to your business needs Business priorities easily configured If the request is from Vendor A then send to S...

Page 13: ...platforms Supports up to 1000 servers XML Dialects supported Supports most XML dialects and e Business standards such as SOAP Microsoft s Biztalk Ariba s cXML Commerce One s CBL and the emerging ebXML standard via HTTP and HTTPS transport protocols System administration Command line interface SNMP monitoring MIB II and Private MIB Dynamic configuration through password protected serial console Tel...

Page 14: ... Interface connections 10 100 Ethernet TTY Serial console Patent pending XML routing XML patterns Defined by URI and XML expressions in the form URI Expression order asp XML Expression From id acme Security algorithms supported Blowfish CAST CAST5 DES 3DES DSA IDEA MD5 MDC2 RC2 RC4 RSA RMD 160 SHA SHA 1 SSH for secure Command Line Interface up to 168 bit encryption Serial port logon Specification ...

Page 15: ... life or limb Except for those within tables warnings are always found in the left margin NUMBERED LISTS indicate step by step procedures that you must follow in numeric order as shown below 1 This is the first step 2 This is the second step 3 This is the third step etc BULLETED LISTS indicate options or features available to you as shown below The first feature or option The second feature or opt...

Page 16: ...C H A P T E R 1 HP e Commerce XML Server Accelerator SA7150 User Guide 6 Notes ...

Page 17: ...g box HP e Commerce XML Server Accelerator SA7150 HP e Commerce XML Server Accelerator SA7150 Quick Start Guide HP e Commerce XML Server Accelerator SA7150 User Guide this document HP e Commerce XML Server Accelerator SA7150 Release Notes AC power cord Serial cable Rack mounting brackets with Phillips mounting screws ...

Page 18: ...port numbers of servers Keys certificates Only if you anticipate supporting secure transactions See Chapter 3 for information on obtaining keys and certificates NOTE Network cables are not provided with the SA7150 Network cables such as straight through and or crossover cables Procedures in the section Network Connections in this chapter will identify the types of cables you must use If you are in...

Page 19: ...d all four of the included Phillips screws Mounting Bracket Installation 1 Locate the two mounting brackets and the four screws Two screws for each bracket 2 Attach a mounting bracket to each side of the SA7150 using two of the provided screws for each bracket Use the holes near the front of the SA7150 s sides The brackets have both round and oval holes the flange with round holes attaches to the ...

Page 20: ...to the back of the unit There is no power switch Under normal circumstances the SA7150 requires approximately 30 seconds to boot When the boot is complete the unit s Power LED is steadily illuminated If the Power LED is not steadily illuminated see Chapter 9 Troubleshooting to rectify before proceeding to Step 3 3 The Inline LED should be either steadily illuminated or blinking to indicate Inline ...

Page 21: ...onsole to the serial port of any terminal Front Panel Connectors and LEDs 2 Type an appropriate name in the Name field of the Connection Description window e g Configuration and then click the OK button The Phone Number panel appears 3 In the Connect Using field specify COM1 or the serial port through which the PC is connected to the SA7150 if different from COM1 XML Server 1 XML Server 2 Default ...

Page 22: ...nd 5 Click OK to exit ASCII Setup 6 Click OK to exit Connection Properties Fail through Switch The Fail through switch allows you to choose between two options in the event of a failure It is located in the opening between the Network and Server connectors Use a small screwdriver or paper clip to operate the switch The two options are Allow traffic to flow through the SA7150 unprocessed Fail throu...

Page 23: ...pical way to begin 2 Change your password from admin to another of your choice Use the password command HP SA7150 password 3 Use set date to correct the date time if necessary The date and time affect the validity of the certificate HP SA7150 set date 4 Use the help command to list available command or refer to the Command Reference in Chapter 5 of the User Guide HP SA7150 help 5 Configure XML ser...

Page 24: ...C H A P T E R 2 HP e Commerce XML Server Accelerator SA7150 User Guide 14 Notes ...

Page 25: ...ssed later in this chapter The SA7150 employs user created rules to evaluate the content transmitted in XML documents and to distribute this information among the appropriate data center resources XML functionality is enabled or disabled for each user specified map i e a triad consisting of an IP address network port and server port XML functionality is controlled by way of the Command Line Interf...

Page 26: ...ccurs the SA7150 sends data to the appropriate server Basic SA7150 Operating Configuration Multiple SA7150s can be connected in series or cascaded to multiply your site s XML processing and availability capabilities and also its SSL processing capability should you use it Cascaded SA7150s Before you configure the SA7150 for XML operations you should first answer the following Which of the several ...

Page 27: ... is transported via HTTP or HTTPS POST request methods Transport protocols other than HTTP and HTTPS such as FTP and SMTP are not supported Content of incoming documents must be of type text URL encoding is supported Base64 encoding is not supported The complete XML data stream must be encapsulated in the body of the HTTP S POST request Multi part MIME messages are not supported The first characte...

Page 28: ...tions HP SA7150 create map Server IP 0 0 0 0 x x x x Network port 443 Cleartext server port 80 KeyID to use for mapping Cleartext map for XML only n y HP SA7150 XML Data Model XML data consists of three hierarchical components Elements data types Attributes subcategories of a data type or element Text specific data such as names addresses and quantities contained within elements or attributes The ...

Page 29: ...illment to server assignments defined in XML patterns URI expressions in XML Patterns XML configurations use URI expressions to assign particular classes of URLs to particular servers for fulfillment Applicable expressions are listed below File type expressions such as asp Path expressions such as PurchaseOrder Unique file expressions such as purchase cgi Wildcard expression such as Negation expre...

Page 30: ...s Step operators tell the SA7150 where in the XML data tree to look while comparison operators tell the SA7150 what to look for In typical XML expressions elements are separated by step operators single or double slashes or These are used to select elements according to their location node in the XML data tree Step operators are described in the table above Comparison operators are the familiar eq...

Page 31: ...effects of step operators are address Tells the SA7150 to search for the address element anywhere in the XML data tree employee state Tells the SA7150 to search anywhere under the employee element node for the state element employee address Tells the SA7150 to search one level below the employee node for the address element You can specify an element as which selects any element relative to the co...

Page 32: ... can specify an attribute as AttributeName or use to select any attribute relative to the context node Comparison Operator Name Description Equal to Returns true if any values of the nodes specified in the pattern equals given value Not equal to Returns true if at least one value of the nodes specified in the patterns does not equal given value Less than Returns true if at least one value of the n...

Page 33: ...ement of the context node while an attribute refers to the attribute of the context node Comparison expression syntax Element Attribute FunctionCall ComparisonOperator Value FunctionCall expression syntax FunctionName Argument Argument You can combine comparison expressions and the FunctionCall expression with Boolean operators and parentheses to create complex filter expressions Sample Pattern De...

Page 34: ...nction evaluating each of the arguments if needed and calling the function passing the Operator Name Description and Logical AND operator Performs a logical AND operation or Logical OR operator Performs a logical OR operation Boolean Operators Sample Pattern Description restaurant genre and Food_Rating Matches if there is a restaurant element a genre attribute and a Food_Rating child element genre...

Page 35: ...string if they appear in the fromString with the corresponding characters in the toString If a character appears in fromString but not in the corresponding position in toString the character will be dropped from the value string The result string is returned value can be either an element attribute or function call that returns a string value Both fromString and toString have to be a literal value...

Page 36: ...equality comparisons If an element is specified for the left operand only elements without a child element should be used Although the upper level elements are not supported this generally is not a problem since in most cases only the lowest level element contains text values A number can be either a decimal value or an integer Numbers should not be enclosed in quotes Numbers within quotes are tre...

Page 37: ...cter in URI Expression Enter another pattern n y After you enter a valid URI expression the system prompts for an XML expression XML Expression order amount 1000 Enter another pattern n HP SA7150 As with the URI expressions the SA7150 performs a validity check on each XML expression when entered and displays an error message if there is a problem After you enter a valid XML expression the SA7150 p...

Page 38: ...ern list you wish to view included as an argument HP SA7150 show pattern gold Server gold Pattern ID Pattern 1 gold 2 order amount 1000 HP SA7150 Mapped Server For the purpose of discussing SA7150 operations the mapped server is a server for which a map has been configured see Server Mappings on page 17 This is the server to which the SA7150 sends messages for which no XML expression match is foun...

Page 39: ...e messages because the URI expression is an exact match and default in the XML expression doesn t match GM Ford or Chrysler Below is an example of the CLI input to create an XML pattern containing the default keyword NOTE Multiple XML patterns can use the default keyword but they must have different URI expressions HP SA7150 create pattern gold URI Expression orders asp XML Expression default Ente...

Page 40: ...uation or syntax errors In all such cases the XML expression is ignored for normal processing purposes If the xml_well_formed command is set to enable when malformed XML data is found in an incoming request the SA7150 terminates the connection and returns HTTP Error 403 to the client with the message XML data is not well formed If xml_well_formed is set to disable when malformed XML data is found ...

Page 41: ...er Ideally the SA7150 is installed in the network in such a way as to minimize network latency SA7150 in Single Server Configuration Multiple Servers In the more common multiple server configuration the SA7150 sits between the router and the switch XML traffic is intercepted decrypted if SSL encrypted processed and sent to an XML server SA7150 in Multiple Server Configuration Single Server Router ...

Page 42: ...est is passed on to the next SA7150 in line The last SA7150 on the server side can also be enabled to spill to the server Spilling is performed dynamically on a connection by connection basis See spill command Chapter 5 Command Reference If spill is disabled the SA7150 throttles that is does not accept incoming requests when it becomes overloaded Availability When a SA7150 fails or is set to Bypas...

Page 43: ...arty that verifies your identity There are three ways to obtain keys and certificates Obtaining a certificate from VeriSign or other certificate authority Using an existing key certificate Creating a new key certificate on the SA7150 Cutting and Pasting with HyperTerminal Cutting and pasting is an integral part of the next several procedures Below are procedures for cutting and pasting in HyperTer...

Page 44: ...t to be sent to VeriSign or other certificate authority for authentication The certificate authority will return it in approximately one to five days After you have received the certificate use the import cert command to import it into the SA7150 The fields input to create a signing request are called collectively a Distinguished Name DN For optimal security one or more fields must be modified to ...

Page 45: ...ization name corporation limited partnership university or government agency must be registered with some authority at the national state or city level Use the legal name under which your organization is registered Please do not abbreviate your organization s name and do not use any of the following characters Organizational unit This is normally the name of the department or group that will use t...

Page 46: ...AoGBALmJA2FLSGJ9iCF8uwfPW2AKkyyKoe9aHnnwLLw8 WWjhl ww9pLietwX3bp6Do87mwV3jrgQ1OIwarj9iKML T6cSdeZ0OTNn7vvJaNv1iCBWGNypQv3kVMMzzjEtOl2u Gl8VOyeE7jImYj4HlMa R168AmXT82ubDR2ivqQwl7Ag EDoAAwDQYJKoZIhvcNAQEEBQADgYEAn8BTcPg4OwohGI MU2m39FVvh0M86ZBkANQCEHxMzzrnydXnvRMKPSE208x 3Bgh5cGBC47YghGZzdvxYJAT1vbkfCSBVR9GBxef6ytk uJ9YnK84Q8x pS2bEBDnw0D2MwdOSF1sBb1bcFfkmbpj N2N hqrrvA0mcNpAgk8nU END CERTIFICATE RE...

Page 47: ...ash Configuration saved to flash HP SA7150 Using an Existing Key Certificate Exporting a Key Certificate from a Server This method is used when it is important that the existing keys and certificates are used NOTE Currently there is no published method for extracting private keys from Microsoft IIS or Netscape servers Consult your server software documentation for detailed instructions on how to e...

Page 48: ...ertificate file Stronghold For key 1 Look in STRONGHOLDROOT conf httpd conf for location of key file 2 Copy and paste the key file For certificate 1 Look in STRONGHOLDROOT conf httpd conf for location of cert file 2 Copy and paste the certificate file Importing into the SA7150 1 Use the import key command with the keyID and choose an import protocol for importing the key In this case use the defau...

Page 49: ... three periods to display the command line HP SA7150 import cert mywebserver keyid is mywebserver Import protocol paste xmodem paste Type or paste in date end with alone on line BEGIN CERTIFICATE MIIDKDCCAtKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCB nDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ4wDAYD VQQHEwVQb3dheTEaMBgGA1UEChMRQ29tbWVyY2Ug END CERTIFICATE Enter Enter Import successful HP SA7150 3 Create a server...

Page 50: ...this method is very fast but a certificate authority has not signed the certificates The fields input to create a certificate are called a Distinguished Name DN For optimal security one or more fields must be modified to make the DN unique Procedure 1 Create a key HP SA7150 create key Enter the key strength 512 1024 512 New keyID 001 mywebserver Keypair was created for keyID mywebserver 2 Enter th...

Page 51: ...nded server certificate Allows 128 bit encryption for export restricted browsers Intermediate CA certificate A certificate signed that is authenticated by a recognized CA such as VeriSign and used to validate a global site certificate Called an intermediate CA certificate in the following discussion Export versions of Internet Explorer and Netscape Communicator use 40 bit encryption to initiate co...

Page 52: ...ificate first followed by the intermediate CA certificate Follow the intermediate CA certificate by typing three periods on a new line Example HP SA7150 import cert keyID Import protocol paste xmodem paste Type or paste in data end with alone on line NOTE There must be no white space before between or after certificates and the Begin headers and End trailers must all be retained BEGIN CERTIFICATE ...

Page 53: ...t command allows you to specify a redirect Web address for any Map ID The show redirect command displays any redirect addresses currently configured If you are using a clear text map the following three parameters are not applicable Cipher Suite Redirect URL Client Authentication WARNING If the redirect URL causes a client to access the same SA7150 mapping that invoked the redirection an infinite ...

Page 54: ...ent Authentication enabled y or disabled n HP SA7150 list map Map Net Ser Cipher Re Client well ID KeyID Server IP Port Port Suites direct Auth XML form 1 default Any 443 80 all v2 v3 n n n N A 2 sample 10 1 2 57 443 80 med v2 v3 n n n N A HP SA7150 Next import the client CA certificate for Map ID 2 HP SA7150 import client_ca 2 Import protocol paste xmodem paste Type or paste in data end with alon...

Page 55: ...ever you can also implement them manually The following example illustrates the appropriate steps using OpenSSL NOTE To acquire a copy of OpenSSL for your environment access the OpenSSL Web site at www openssl org 1 Generate the key pair for the client CA openssl genrsa out ca_key pem 1024 2 Create another private key by typing this command openssl genrsa out ca_key pem 1024 3 Generate the client ...

Page 56: ... to specified IPs or ports see Blocking section in this chapter Traffic that is not mapped or blocked flows through transparently see Failure Conditions section at the end of this chapter Supported protocols are listed below Ports listed are well known port assignments Any available port may be used HTTPS 443 default IMAPS 993 POP3S 995 SMTPS 465 NNTPS 563 LDAPS 636 Mapping NOTE The SA7150 support...

Page 57: ...ser specified key and certificate are to be automapped the user can replace the initial automapping entry with the create map command By specifying the same unique identifier server IP of 0 0 0 0 and network port of 443 with a user generated keyID the user can overwrite the initial automapping entry The key and certificate may be obtained through any of the methods described previously in this cha...

Page 58: ...mapping and manual mapping entries up to a total of 1000 can be used provided the server IP address and network port combinations are unique Several of the scenarios in Chapter 4 include step by step mapping procedures Blocking NOTE Blocking is always performed before mapping For security purposes the SA7150 allows the blocking of particular IP addresses and ports IP port combinations can be block...

Page 59: ... 255 80 0xffff Subnet Specific Port To block a subnet and port combination 1 Specify a subnet using 0 as the final octet In the example below all IPs from 10 1 x x to 20 1 x x are blocked on port 80 2 Type the subnet mask with 0 indicating the portion of the IP address to be ignored 3 Type the specific port 4 Press Enter to accept the default port mask Example HP SA7150 create block Client IP to b...

Page 60: ...oes as the IP address to be blocked 2 Type all zeroes as the IP wildcard mask to be blocked 3 Type the specific port 4 Press Enter to accept the default port mask Example HP SA7150 create block Client IP to block 0 0 0 0 Client IP mask 0 0 0 0 Server IP to block 0 0 0 0 Server IP mask 0 0 0 0 Server Port to block 80 Server Port mask 0xffff 5 Use the show block command to confirm the block HP SA715...

Page 61: ... 255 20 1 2 1 255 255 255 255 80 0xffff 2 Use the delete block command followed by the block ID to delete the block HP SA7150 delete block 1 Failure Conditions Fail safe and Fail through During a failure condition unprocessed data can either pass through the SA7150 or not depending on whether Fail safe or Fail through mode is enabled The Fail through switch is by default in Fail safe mode meaning ...

Page 62: ...C H A P T E R 3 HP e Commerce XML Server Accelerator SA7150 User Guide 52 Notes ...

Page 63: ...mmerce XML Server Accelerator SA7150 configurations Scenario 1 Basic XML Operation Scenario 2 Single Server Configuration Scenario 3 Multiple Server Configuration SSL Scenario 4 Cascaded SA7150s Scenario 5 Different Ingress and Egress Routers Scenario 6 Configuring a Firewall ...

Page 64: ...orders according to dollar amount of order method of payment and client s zip code Want to send these different dollar amount categories to separate servers for processing The illustration below shows the network diagram for Scenario 1 Though the illustration shows only three servers the principles demonstrated here could be applied to up to 1000 servers Network Diagram for Scenario 1 Note that Se...

Page 65: ...0 create server Name Server3 Server IP 1 1 1 3 Cleartext server port 80 Server MAC Address 00 a0 e9 fc 84 ab HP SA7150 4 Create map for Server 1 HP SA7150 create map Server IP 0 0 0 0 1 1 1 1 Network port 443 Cleartext server port 80 KeyID to use for mapping Cleartext map for XML only n y HP SA7150 5 Create map for Server 2 HP SA7150 create map Server IP 0 0 0 0 1 1 1 2 Network port 443 Cleartext ...

Page 66: ...e HP SA7150 set xml 3 enable 8 Create XML patterns for Server 1 HP SA7150 create pattern server1 URI Expression order asp XML Expression From id Acme Enter another pattern n y URI Expression order asp XML Expression Amount Value 10000 Enter another pattern n y URI Expression order asp XML Expression default Enter another pattern n 9 Create XML patterns for Server 2 HP SA7150 create pattern server2...

Page 67: ...er asp XML Expression Order type debit card Enter another pattern n The table below contains examples of XML patterns programmed in the SA7150 for each of the three servers in Scenario 1 Server URI Expression XML Expression 1 order asp From id Acme order asp Amount Value 10000 order asp default 2 order asp From id Widgets com order asp Amount Value 10000 order asp Order type debit card 3 order asp...

Page 68: ...280 Sends to Server 1 purchase amount is 7 280 Sends to Server 2 Though the value satisfies patterns for both Servers 2 and 3 patterns are applied in order of server map ID Server 2 is the first with a matching pattern purchase amount is 713 Sends to Server 2 order is paid for with a debit card Sends to Server 2 customer s zip code is 92128 Sends to Server 3 customer s zip code is 27513 Sends to S...

Page 69: ... 1 Physically connect the SA7150 to the router and to one server NOTE XML is by default disabled for each map You must specifically enable a map to process XML requests See set xml command in Chapter 5 2 Initiate HTTPS traffic to the server The SA7150 monitors traffic and uses the initial mapping with associated default key and certificate to decrypt HTTPS traffic and pass clear text HTTP traffic ...

Page 70: ...he default mapping In this case delete MapID number 1 The SA7150 automatically sorts MapIDs as they are created and deleted thus MapID number 2 becomes MapID number 1 when the default is deleted HP SA7150 delete map 1 HP SA7150 list maps Map Net Ser Cipher Re Client well ID KeyID Server IP Port Port Suites direct Auth XML form 1 default 1 1 1 30 443 80 all v2 v3 n n n N A HP SA7150 5 Save the conf...

Page 71: ...n the Keys and Certificates section in Chapter 3 3 Create a mapping for Server 1 with the create map command HP SA7150 create map Server IP 0 0 0 0 1 1 1 30 Network port 443 Cleartext server port 80 KeyID to use for mapping default HP SA7150 4 Create a mapping for Server 2 As in the previous step use the create map command to specify the parameters as prompted HP SA7150 create map Server IP 0 0 0 ...

Page 72: ... v2 v3 n n n N A HP SA7150 6 After you have manually created a mapping the default mapping can be deleted In this case delete MapID number 1 MapID number 2 becomes MapID number 1 when the default is deleted HP SA7150 delete map 1 HP SA7150 list map Map Net Ser Cipher Re Client well ID KeyID Server IP Port Port Suites direct Auth XML form 1 default 1 1 1 30 443 80 all v2 v3 n n n N A 2 default 1 1 ...

Page 73: ...of the first SA7150 to the network port of the next SA7150 in line and then again connect from the server port to the network port of the next SA7150 in line or to the server See Chapter 2 Installation and Initial Configuration for more information The first SA7150 should be fully configured any necessary keys certificates or maps must exist The complete configuration is exported from the first th...

Page 74: ...hoose xmodem mode x to export HP SA7150 export config Export protocol xmodem ascii ascii x Beginning export 5 Select Receive from the HyperTerminal Transfer menu 6 Type or use the Browse button to specify the directory where you wish to place the received file 7 Select xmodem as the receiving protocol 8 Click the Receive button 9 Specify a filename for the received file and click OK The operation ...

Page 75: ... to install this configuration Do you want to install this config y y 16 After verification y or refusal n the prompt reappears HP SA7150 17 Save the configuration HP SA7150 config save Saving configuration to flash Configuration saved to flash HP SA7150 18 Repeat steps 11 17 for any additional SA7150s On the last SA7150 in the chain disable spilling with the set spill disable command ...

Page 76: ...ed in any of the previous sce narios NOTE Execute an arp a or equivalent command for your OS on the server to display the MAC address of the default gateway This is the address you should use 2 Determine the MAC address of the egress router you wish to route outbound traffic through 3 At the CLI prompt enter the default egress router HP SA7150 set egress_mac 00 11 22 33 44 55 Egress MAC set to 00 ...

Page 77: ...quired by the particulars of your environment Please consult your server and firewall documentation for additional information Single SA7150 configured with single server and firewall Server Configuration Servers providing both HTTP and HTTPS services typically have two instances of the Web Server process configured One listening on the standard HTTP port of 80 providing unencrypted access to non ...

Page 78: ...HTTPS connections on port 443 and forward them to the server In the preceding section we configured the server to provide access to sensitive data through port 81 so that should be the clear text port when creating a server assignment or map on the SA7150 Perform the following steps to create the server assignment 1 Perform the installation as described in Chapter 2 and access the command line pro...

Page 79: ...150 Firewall Configuration Absent a firewall outside clients would be able to connect to services on the web server and possibly gain access to sensitive data on port 80 using HTTP to access non sensitive data on port 443 using HTTPS to access sensitive data and on port 81 using HTTP to access that same sensitive data Obviously allowing access to sensitive data over an unencrypted connection on po...

Page 80: ...C H A P T E R 4 HP e Commerce XML Server Accelerator SA7150 User Guide 70 Notes ...

Page 81: ...ely via Telnet and SSH Online Help The SA7150 provides online help with the following options Type help to display a summary of commands Type help command or command for a description of a specific command or if relevant a list of subcommands you can enter from within command Type help usage or usage to display all commands and their usage Type tty_char to display a list of special terminal editin...

Page 82: ...ion information and the serial number CommandLine Prompt The standard command line prompt for the SA7150 is HP SA7150 The prompt can be changed with the set prompt command Abbreviation to Uniqueness It is not always necessary to type the entire command CLI commands can be abbreviated to uniqueness For example del as show below is sufficient to represent the delete command HP SA7150 del Usage delet...

Page 83: ...is stored in a buffer and can be accessed with the following commands Command Description ctrl b Move back one character ctrl f Move forward one character ctrl a Move to the start of the current line ctrl e Move to the end of the line ctrl l Redraw the current line Command Description ctrl p Move up through the history list ctrl n Move down through the history list ctrl r Reverse search history Se...

Page 84: ...th the cursor ctrl k Delete the text from the current cursor position to the end of the line ctrl u Delete backward from the cursor to the beginning of the current line ctrl w Delete the word behind the cursor using white space as a word boundary ctrl y Copy text that has been deleted backspace del Delete the character to the left of the cursor ...

Page 85: ...and Options bypass config default compare reset save create block cert keyID key keyID map pattern serverName permit server sign keyID delete block blockID cert keyID client_ca mapID key keyID logs logID all map mapID patch pattern serverName patternID permit permitID server serverName sign keyID snmp_community trap_community exit N A export key keyID cert keyID sign keyID log logID config ...

Page 86: ...lp help command help usage import cert keyID client_ca mapID config key keyID patch upgrade inline N A insert server ServerID list blocks filters shows blocks and permits keys logs maps permits monitoring procs snmp_community system trap_community nic N A password N A reboot N A Command Command Options ...

Page 87: ...sessions 0 5 monitoring enable disable monitoring_interval seconds monitoring_fields more ovl_window seconds prompt redirect mapID redirect mapID none route x x x x rsc_window seconds serial server_tmo seconds ssh enable disable ssh_port port spill enable disable telnet enable disable telnet_port port utl_highwater percentage utl_lowwater percentage utl_window seconds xml_well_formed mapID enable ...

Page 88: ...fig default config saved date defcert egress_mac ether filters idleto info ip key keyID kstrength logs map max_remote_sessions monitoring monitoring_interval monitoring_fields more patch ovl_window pattern serverName pattern permits rsc_window redirect mapID route serial server server_tmo ssh ssh_port sign keyID spill status arg telnet Command Command Options ...

Page 89: ...snmp_community snmp_port port snmp_info sys_contact sys_location sys_name trap_authen enable disable trap_community trap_port port showsnmp snmp snmp_community snmp_port snmp_info sys_contact sys_location sys_name trap_authen trap_community trap_port status line realtime alarms log tty_char N A Command Command Options ...

Page 90: ...nds and their usage tty_char View the available list of keyboard shortcut commands Command Description status Display device statistics Several modes are available as described below Default realtime Syntax HP SA7150 status line realtime alarms log where line specifies a line oriented display of statistics realtime specifies that statistics be displayed in realtime alarms shows current alarm event...

Page 91: ...ntify a server to fulfill XML requests NOTE Server names are case insensitive Example HP SA7150 create server Server Name Standard Server IP 10 1 1 2 Cleartext server port 80 8080 Server MAC Address 00 a0 c9 fc 84 ab HP SA7150 delete server Delete the specified XML server name from the system NOTE Use the show server command to identify existing servers Syntax HP SA7150 delete server serverName ...

Page 92: ...er with the lower index number This command allows you to alter the order within that hierarchy by assigning an index number to a server NOTE Before using this command execute the show server command to view the current hierarchy of server index numbers Syntax HP SA7150 insert server ServerID Example insert server 2 Name Gold Server IP 10 1 1 6 Cleartext server port 80 8080 Server MAC Address 22 3...

Page 93: ... target of the HTTP POST wildcards can be used XML Expression is the string to which incoming XML data is compared Documents containing strings matching a pattern are sent to the server associated with the matched pattern The SA7150 checks each expression for syntactical correctness as it s entered If it detects an error during this check it presents a message similar to the one below Messages var...

Page 94: ...er Guide 84 delete pattern Delete an XML pattern specified by server and pattern ID NOTE Use the show pattern command to identify existing patterns Syntax HP SA7150 delete pattern serverName patternID Example HP SA7150 delete pattern Standard 1 Command Description ...

Page 95: ...ear in the left column the content of the pattern appears to the right Note that in the Pattern column the URI expression and XML expression components are separated by the ampersand character with a space on either side Example single specified server HP SA7150 show pattern Standard Server Standard Pattern ID Pattern 1 gold 2 order Example all servers HP SA7150 show pattern Server Standard Patter...

Page 96: ...o effect if no XML servers are defined NOTE Enabling xml automatically enables xml_well_formed see below for the specified map while disabling xml automatically disables xml_well_formed assuming it has not previously been manually disabled Syntax HP SA7150 set xml mapID enable Where mapID is the index of the map whose defined XML patterns you wish to enable Example HP SA7150 set xml 1 enable Comma...

Page 97: ...xml_well_formed when xml is enabled and to re enable it without having disabled xml xml_well_formed functions as follows If xml_well_formed is enabled when malformed XML data is found in an incoming request the SA7150 terminates the connection and returns HTTP Error 403 to the client with the message XML data is not well formed If xml_well_formed is disabled when malformed XML data is found in an ...

Page 98: ... are to be blocked you must repeat the create block command for each one Example HP SA7150 create block Client IP to block 0 0 0 0 10 1 2 1 Client IP mask 0 0 0 0 255 255 0 0 Server IP to block 0 0 0 0 20 1 2 1 Server IP mask 0 0 0 0 255 255 0 0 Server Port to block 80 Server Port mask 0xffff HP SA7150 delete block Delete a block specified by index number Use show block see below to correlate exis...

Page 99: ...k 0 0 0 0 255 255 0 0 Server IP to permit 0 0 0 0 20 1 2 1 Server IP mask 0 0 0 0 255 255 0 0 Server Port to permit 443 Server Port mask 0xffff HP SA7150 delete permit Delete a permit specified by index number Use show permit see below to correlate existing permits with their numbers Example HP SA7150 delete permit 1 show permit Display permits currently in force Example HP SA7150 show permit perm...

Page 100: ...create a new Key ID Also a certificate must be associated with the key ID prior to using the mapping See Chapter 3 for details Example 2 clear text map for unencrypted XML processing HP SA7150 create map Server IP 0 0 0 0 1 1 1 1 Network port 443 Cleartext server port 80 KeyID to use for mapping Cleartext map for XML only n y NOTE Do not specify a KeyID when creating a clear text map delete map ma...

Page 101: ...agement session Telnet or SSH Doing so will result in an immediate disconnect from the SA7150 Enables bypass mode in which traffic flows through SA7150 without being processed See Failure Bypass Modes in Appendix B for details See the inline command below for reversing bypass Example HP SA7150 bypass The LED labeled inline on the SA7150 s front panel turns off when bypass is enabled NOTE The SA715...

Page 102: ...ndix B set spill Allows you to enable or disable spill mode Spill is used to offload processing of a request when the SA7150 has reached a specified queue threshold to a secondary SA7150 or to the server NOTE The SA7150 restarts when spill is enabled Depending on the size of the current configuration file it can require from 30 seconds to seven minutes to return to operations Example HP SA7150 set...

Page 103: ...nd for details regarding saving configuration changes Example HP SA7150 reboot Are you sure you want to reboot n y System rebooting done System reboots eventually prompting you for your password Command Description Command Description list procs List all processes associated with the CLI and remote management commands inetd telnetd sshd2 and snmpd Example HP SA7150 list procs PID 40 PROG cli PID 4...

Page 104: ...e Access Control section of Chapter 6 NOTE To disable a currently configured IP use set ip followed by none Example HP SA7150 set ip Enter IP Address none to delete 10 1 2 124 Enter Netmask none to delete 255 255 0 0 set max_remote_sessions Set the maximum allowed number of concurrently running Telnet and SSH sessions Syntax HP SA7150 set max_remote_sessions 0 5 where 0 5 is the maximum number of ...

Page 105: ...0 67 10 1 2 124 Need a netmask to start Telnet service Enter Netmask 255 255 255 0 Optional Default Route to start Telnet service Enter Default Route none to delete none Telnet Services started HP SA7150 show telnet Displays current Telnet status enabled or disabled Example HP SA7150 show telnet Telnet enabled set telnet_port Set the port on which Telnet connections are accepted Default port 23 Sy...

Page 106: ...t SSH status enabled or disabled Example HP SA7150 show ssh SSH Disabled set ssh_port Set the port on which SSH connections are accepted Default port 22 Syntax HP SA7150 set ssh_port port where port is the number of the port to which SSH sessions will connect show ssh_port Display port on which SSH sessions are currently accepted Example HP SA7150 show ssh_port SSH Port Number 22 setsnmp snmp Enab...

Page 107: ...ion System name Example HP SA7150 setsnmp snmp_info SNMP Port 161 161 SNMP Trap Port 162 162 Contact Person support System Location Palo Alto System Name SA7150 showsnmp snmp_info Display the currently effective SNMP information and parameters Example HP SA7150 showsnmp snmp_info SNMP Port Number 161 SNMP Trap Port Number 162 SNMP System Contact support SNMP System Name SA7150 SNMP System Location...

Page 108: ... list snmp_community SNMP Community String s information 1 Current SNMP Community String s 1 IP 1 1 1 1 String commstring Rights read delete snmp_community Delete SNMP community strings Example HP SA7150 delete snmp_commmunity SNMP Community String s Deletion 2 Current Available SNMP Community String s 1 IP 0 0 0 0 String public 2 IP 0 0 0 0 String private Enter number 1 to 2 to delete q to quit 1...

Page 109: ...nter a SNMP Trap Community String q to quit public Enter a SNMP Trap Community IP q to quit q list trap_community Display SNMP trap community strings Example HP SA7150 list trap_community SNMP Trap Community String s information 2 Current SNMP Trap Community String s 1 IP 0 0 0 0 String public 2 IP 0 0 0 0 String private delete trap_community Delete SNMP trap community strings Example HP SA7150 de...

Page 110: ... the Refused SSL Connection Alarm utl enables the Utilization Threshold Alarm Example HP SA7150 set alarms all HP SA7150 show alarms Alarms set esc rsc utl ovl nls show alarms Display the list of currently enabled alarms Example HP SA7150 set alarms none HP SA7150 show alarms Alarms set NOTE When no alarms are set i e when none is specified in set alarms the display shows an empty field set rsc_wi...

Page 111: ...during which data is collected and averaged Consequently shorter intervals are likely to result in some extraneous alarms NOTE See also set utl_highwater and set utl_lowwater this section Syntax HP SA7150 set utl_window secs where secs is the number of seconds of the desired interval set utl_highwater Set the Utilization Threshold Alarm high water value Expressed as a percentage the high water val...

Page 112: ...s required to trigger a Utilization Threshold Alarm show utl_window Display the current Utilization Threshold Alarm window Example HP SA7150 show utl_window Utilization Window set secs 10 show utl_highwater Display the Utilization Threshold Alarm s current upper threshold Example HP SA7150 show utl_highwater Utilization High water mark 80 show utl_lowwater Display the Utilization Threshold Alarm s...

Page 113: ...mand Description Command Description show config Display current volatile configuration settings Example HP SA7150 show config default config file created on Tues July 25 06 56 46 2000 Configuration parameters are displayed here show config saved Display saved non volatile configuration settings Example HP SA7150 show config saved Saved configuration Configuration parameters are displayed here ...

Page 114: ..._tmo 30 serverif exp1 netif exp0 map 0 0 0 0 443 80 default kpanic reboot monitoring_interval 15 monitoring_fields 0x71f alarm_mask 0x00000000 ovl_window 15 rsc_window 15 utl_window 15 utl_high 90 utl_low 60 idle 300 kstrength 512 con_speed 9600 con_bits 8 con_stop 1 con_parity n max_remote_sessions 5 trap_authen 1 defcert_cname US defcert_state California defcert_city Palo Alto defcert_orgname He...

Page 115: ...configuration WARNING Executing this command causes the system to reboot Example HP SA7150 config reset Reverting to saved configuration Reset y n n n HP SA7150 config default Clears current and saved configurations and restores factory defaults WARNING Executing this command causes the system to reboot Example HP SA7150 config default Reset to factory default configuration n y Reset to factory de...

Page 116: ...u must Example HP SA7150 export config Export protocol xmodem ascii ascii Press any key to start then again when done default config file created on Fri Jul 28 06 56 46 2000 configuration specifics are displayed HP SA7150 import config Import a configuration file paste xmodem Example HP SA7150 import config Import protocol paste xmodem paste Type or paste in data end with alone on a line Do you wa...

Page 117: ...xx Continue with the upgrade n y NOTE All saved logs will be deleted and the system will reboot upon successful completion of the upgrade import patch Import a partial software upgrade Example HP SA7150 import patch Import protocol xmodem xmodem Start xmodem upload now Use Ctl X to cancel upload Patch Imported list system Displays the device s CPU memory and crypto card information HP SA7150 list ...

Page 118: ...System rebooting done T944 V2 31 DXC 868242 361188O S running Generating 512 bit default key Generating default certificate Saving default key cert to flash Restricted Rights Legend copyright and version information displayed here Serial 0 a0 a5 11 4 9d password Command Description Command Description password Set the password Example HP SA7150 password Old password xxxxx Enter new admin password ...

Page 119: ...set date Year 2000 Month 2 Day 16 Hour 24 hour clock 15 Minute 10 The system must reboot for new time to set Reboot y n HP SA7150 show date Displays current date and time set egress_mac Allows the configuration of a SA7150 when the ingress and egress traffic paths are different See Chapter 4 Scenario 5 set ether Specify ethernet settings Example HP SA7150 set ether 1 auto 2 10baseT half duplex 3 1...

Page 120: ... never times out Syntax HP SA7150 set idleto n where n is a value in minutes 0 to 525600 show idleto Display console timeout Example HP SA7150 show idleto Idle timeout is 5 minutes set more Set the page length of the console display Default is 300 Syntax HP SA7150 set more n where n is the desired number of lines Valid inputs are 0 to disable or 23 or greater nic Allows you to set the network inte...

Page 121: ... This command returns the user to the password prompt after setting the console port Example HP SA7150 set serial Baud rate 9600 115200 9600 Data bits 7 8 8 Stop bits 1 2 1 Parity n e o n Set serial parameters y show serial Display console serial parameters Example HP SA7150 show serial Speed 9600 Bits 8 Stop Bits 1 Parity n exit Log the user out of the CLI If the current configuration has changed...

Page 122: ...e Syntax HP SA7150 export log logID where logID is the ID of the specific log you wish to export Example HP SA7150 export log a Export protocol xmodem Use Ctrl X to kill transmission Beginning export delete log Delete saved log trace files from flash logs Syntax HP SA7150 delete log logID all where logID is the ID of the specific log you wish to delete and all deletes all logs list logs List all l...

Page 123: ...ommand Line Interface CLI from Telnet or SSH sessions running on remotely located machines Up to five remote sessions can be configured including both Telnet and SSH sessions Before you can use the device s remote management function you must enable and configure it at the local serial console Remote management requires that the device s network interface be assigned an IP address Remote SNMP mana...

Page 124: ...onfig save This ensures that the configuration will be restored upon startup Remote Management CLI Commands Remote management is enabled or disabled and configured by using a series of CLI commands available only at the local serial console The exact sequence varies depending on the type and configuration of the remote session you wish to enable Usage is detailed in subsequent sections These comma...

Page 125: ...t Default 161 SNMP trap port Default 162 SNMP agent IP address Contact person System location System name showsnmp snmp_info displays current SNMP information and parameters setsnmp snmp_community sets SNMP community strings list snmp_community displays SNMP community strings delete snmp_community deletes SNMP community strings setsnmp trap_community sets SNMP permission strings list trap_communit...

Page 126: ...ter The Telnet session screen appears 4 At the prompt type display Among the lines of feedback you should see Preferred Term Type is ANSI 5 Type set termtype vt100 Press Enter 6 Again at the prompt type display Your setting should be verified by the display of Preferred Term Type is VT100 7 Type set crlf Press Enter 8 Type quit to exit the Telnet session screen Local Serial Console Assign an IP ad...

Page 127: ...HP SA7150 set route none NOTE To ensure that this remote management configuration persists across a device shutdown and startup run the config save command Remote Telnet management is now enabled and configured on the SA7150 Now you can access the CLI from a remote Telnet session Remote Console Telnet With remote Telnet enabled on the SA7150 use the following procedure to access it s CLI Unix prom...

Page 128: ...ons section near the beginning of this chapter Changing the Telnet Port The Telnet port is set and displayed by using the CLI commands set telnet_port port and show telnet_port These commands are available only at the local serial console and when the remote management is enabled By default the Telnet port number is 23 To set the Telnet port HP SA7150 set telnet_port 230 To display the Telnet port...

Page 129: ...al Console Assign an IP address to the SA7150 s network interface using the following procedure HP SA7150 set ip Enter IP Address none to delete 10 1 2 65 10 1 1 1 Enter Netmask none to delete 255 255 255 0 255 255 255 0 Verify the IP and netmask optional HP SA7150 show ip System IP Address 10 1 1 1 System Netmask 255 255 255 0 Enable remote SSH sessions HP SA7150 set ssh enable Configure the netw...

Page 130: ...ady running and the new one exceeds the number allowed as configured with the set max_remote_sessions command the CLI displays the message Max Remote Session Limit of 5 exceeded Either close a session or increase the maximum number allowed After you enter your password the SSH session displays the SA7150 s CLI From this point you can manage the device as you would from the local serial console min...

Page 131: ...ommand SNMP NOTE SNMP is disabled by default The SA7150 has a fully compliant embedded SNMP agent that supports SNMPv1 and SNMPv2c requests The HP private enterprise MIB provides the following capabilities Monitors the health of the SA7150 s hardware and network links Monitors the flags used to enable and disable alarms and monitors Monitors the SA7150 s load as indicated by CPU utilization connec...

Page 132: ...string as well as enable the SNMP function HP SA7150 setsnmp snmp_community SNMP Community String s Setting Enter a SNMP Community IP q to quit 1 1 1 2 Enter a SNMP Community String q to quit cstring Enter a SNMP Community IP q to quit q HP SA7150 Standards Compliance The SA7150 s SNMP agent is bilingual and can support both SNMPv1 and SNMPv2c requests HP private enterprise MIB files are compliant...

Page 133: ...he following figure illustrates HP s MIB tree HP s MIB Tree All HP enterprise MIBs and MIB objects are defined under the HP tree All sysObjectIds that identify HP products are defined under the hpServerAppliancesSystem branch of the HP tree ...

Page 134: ...art warmStart authenticationfailure linkUp and linkDown are supported hpserver header my hpserver header my contains all the system object IDs defined for HP products All system object IDs are defined under the hpServerAppliancesSystem branch of the hp tree Trap Summary The following list summarizes the traps generated by the SA7150 For details about a particular trap please read the description o...

Page 135: ...igh water threshold sslCpsNormal The SSL connections per second processed by the device is back to normal levels sslConnCntAlert The device has exceeded the open SSL connection count high water threshold sslConnCntNormal The open connection count of the device is back to normal levels sslConnectionRefusedMismatch SSL connections were refused in the past sslRefusedInterval due to cipher suite negot...

Page 136: ...le HP SA7150 setsnmp snmp disable HP SA7150 showsnmp snmp SNMP disable Specifying SNMP Information Configurable SNMP parameters can be set collectively using the setsnmp snmp_info command as illustrated below HP SA7150 setsnmp snmp_info SNMP Port 161 SNMP Trap Port 162 Contact Person support System Location Palo Alto System Name SA7150 Current values of SNMP parameters are displayed using the show...

Page 137: ... Community String Use CLI commands setsnmp snmp_community list snmp_community and delete snmp_community to set list and delete SNMP community strings HP SA7150 setsnmp snmp_community SNMP Community String s Setting Enter a SNMP Community IP q to quit 1 1 1 1 Enter a SNMP Community String q to quit cstring Enter a SNMP Community IP q to quit q HP SA7150 list snmp_community SNMP Community String s i...

Page 138: ... 2 IP 0 0 0 0 String private HP SA7150 delete trap_community SNMP Trap Community String s Deletion 2 Current Available SNMP Trap Community String s 1 IP 0 0 0 0 String public 2 IP 0 0 0 0 String private Enter number 1 to 2 to delete q to quit 1 2 Enter number 1 to 2 to delete q to quit 1 q Access Control The SA7150 provides block and permit commands which allow you to deny or allow clients to acce...

Page 139: ... specified server use the create permit command as illustrated below HP SA7150 create permit Client IP to permit 0 0 0 0 10 1 2 1 Client IP mask 0 0 0 0 255 255 255 255 Server IP to permit 0 0 0 0 20 1 2 1 Server IP mask 0 0 0 0 255 255 255 255 Server port to permit 443 Server port mask 0xffff ...

Page 140: ...C H A P T E R 6 HP e Commerce XML Server Accelerator SA7150 User Guide 130 Notes ...

Page 141: ... alarms and monitor reports are single lines of text Both can be written either to the local administration console or to remote management sessions Telnet or Secure Shell only On the display alarms are prefaced by the letter A and monitor reports with the letter M Both have timestamps Alarms can be configured to immediately notify the user of the following conditions Encryption Status change ...

Page 142: ...yy hh mm ss The timestamp ALARM_CODE The alarm type ESC RSC UTL OVL NLS MODIFIER The alarm modifier a code identifying the event that triggered the alarm NOTE The Encryption Status Change alarm ESC does not display extended data EXTENDED_DATA Any additional relevant data message Human readable text description of the alarm The CLI commands for alarm configuration are For example HP SA7150 set alar...

Page 143: ... front panel by pressing the BYPASS button Format A mm dd yyyy hh mm ss ESC HDWR CONB CONI FNTB FNTI APPR message Where A identifies the message as an alarm mm dd yyyy hh mm ss is the timestamp ESC identifies the message as an Encryption Status Change Alarm Alarm Modifiers and Messages HDWR indicates crypto card failure CONB indicates console controlled bypass CONI indicates console controlled inl...

Page 144: ...hh mm ss RSC CSMM CCAF XXX message Where A identifies the message as an alarm mm dd yyyy hh mm ss is the timestamp RSC identifies the message as an Refused SSL Connections Alarm Alarm Modifiers and Messages CSMM Cipher suite mismatch CCAF Client certificate authenticate failure Extended Data XXX An integer value indicating the number of refused SSL connections that occurred in the current alarm pe...

Page 145: ...utilization window is a user specified sliding interval during which data is collected and averaged Consequently shorter intervals are likely to result in some extraneous alarms The interval can be set from 5 to 65000 seconds default 15 Format A mm dd yyyy hh mm ss UTL ALRT NMRL CPU CON CPS message Where A identifies the message as an alarm mm dd yyyy hh mm ss is the timestamp UTL identifies the m...

Page 146: ...ange 2 100 default 90 To set Utilization Threshold Alarm low water value set utl_lowwater percentage Range 1 99 default 60 To display current settings show utl_window show utl_highwater show utl_lowwater Examples HP SA7150 set utl_window 10 HP SA7150 show utl_window Utilization Window set secs 10 HP SA7150 set utl_highwater 80 HP SA7150 show utl_highwater Utilization High water mark 80 HP SA7150 s...

Page 147: ...y hh mm ss is the timestamp OVL identifies the message as an Overload Alarm Alarm Modifiers and Messages SPIL indicates overload resulting in a spill Message Spill mode THRT indicates overload resulting in a throttle Message Throttle mode Extended Data XXX An integer value indicating the total number of overload events that occurred during the most recent alarm period OVL Alarm CLI Commands To set...

Page 148: ...Message No carrier 10Mb s 100Mb s half duplex full duplex Extended Data LINKD indicates no carrier 10HDX indicates 10Mb s half duplex 10FDX indicates 10Mb s full duplex 100HDX indicates 100Mb s half duplex 100FDX indicates 100Mb s full duplex Alarm Logging The SA7150 maintains a circular buffer of alarms issued The most recent alarms as well as historical logs generated and saved as a result of ex...

Page 149: ...544 HP SA7150 status 20000727_145544 STATE Boot time Sun Oct 15 17 08 01 2000 Curr time Tue Oct 17 16 32 52 2000 Restarts 1 KTR Mask 0xFFFFF3DD Total Connections 0 SSL Connections 0 XML Connections 0 Malformed XML Connections 0 No matching server Connections 0 Active Connections 0 0 cur max Total Connections Second 0 0 cur max SSL Connections Second 0 0 cur max XML Connections Second 0 0 cur max U...

Page 150: ...ache 3 server_tmo 5 client_tmo 30 serverif exp1 netif exp0 map 0 0 0 0 443 80 default kpanic reboot monitoring_interval 0 monitoring_fields 0x1f alarm_mask 0x0000001f ovl_window 15 rsc_window 15 utl_window 15 utl_high 90 utl_low 60 idle 300 kstrength 512 con_speed 9600 con_bits 8 con_stop 1 con_parity n max_remote_sessions 5 defcert_cname US defcert_state California defcert_city Palo Alto defcert_...

Page 151: ... alarms command HP SA7150 status alarms A 07 27 2000 14 57 05 ESC CONI Console inline A 07 27 2000 14 57 05 NLS NETL 100HDX Network port status 100Mb s half dup A 07 27 2000 14 57 01 ESC CONB Console bypass A 07 27 2000 14 57 01 NLS NETL NC Network port status No carrier A 07 27 2000 14 56 51 NLS SVRL NC Server port status No carrier A 07 27 2000 14 56 46 NLS SVRL 100FDX Server port status 100Mb s...

Page 152: ...port Configuration You can specify the fields to be displayed in each report Reports begin with the letter M for monitor report to distinguish them from alarm reports and the timestamp The other fields available are user selectable via a CLI command see CLI Commands below in this section The standard default fields are mode failmode CPU SSLCS and OVR Monitor reports are disabled by default Monitor...

Page 153: ...d n o matching server Monitoring Reports CLI Commands Below are the CLI commands for console monitoring with defaults and ranges where applicable set monitoring_interval seconds Range 5 65000 Default 15 show monitoring_interval set monitoring_fields fields Range all mode failmode cpu cps ovrld link enc dec totcps xmlcps xml Default mode failmode cpu cps ovrld totcps xmlcps xml show monitoring_fiel...

Page 154: ...oughput enc Encrypted Data throughput failmode Fail safe or Fail through mode link Network and Server Link status mode INLINE or BYPASS mode ovrld Number of spills when spill is enabled or throttles when spill is disabled totcps Total connections per second xml Parsed malformed nomatch XML conns xmlcps XML connections per second HP SA7150 set monitoring enable HP SA7150 set monitoring_fields xml t...

Page 155: ...uration including all keys certificates and mapping is saved However all log files are cleared The software is in the form of an image file IMG Use the import patch command to install a patch to a current software release Patches typically effect fixes to minor software issues Customer Support can provide guidance regarding patches appropriate to your system if any ...

Page 156: ...ommand and press Enter HP SA7150 import upgrade Import protocol xmodem xmodem Start xmodem upload now Use Ctl X to cancel upload 5 In HyperTerminal click Send File from the Transfer menu select the file you can type the filename or click the Browse button to find the file click to select the transfer protocol 1K xmodem and click Send Verifying upgrade image Upgrade image valid Release x x Load xx ...

Page 157: ...he SA7150 4 Type the import patch command and press Enter HP SA7150 import patch Import protocol xmodem xmodem Start xmodem upload now Use Ctl X to cancel upload 5 In HyperTerminal click Send File from the Transfer menu select the file you can type the filename or click the Browse button to find the file click to select the transfer protocol 1K xmodem and click Send Verifying patch image Patch suc...

Page 158: ...C H A P T E R 8 HP e Commerce XML Server Accelerator SA7150 User Guide 148 Notes ...

Page 159: ... the SA7150 out of Bypass mode by either pressing the Bypass switch on the unit s front panel or using the CLI s inline command Depending on what type of equipment the SA7150 is connected to either straight through or crossover Cat 5 network cables are required for both Network and Server ports Switch out the different cable types at each port until both Network and Server LEDs are illuminated ...

Page 160: ...ver can remain idle i e no data crosses the connection in either direction following a client request Increase the interval with the following command HP SA7150 set client_tmo n where n is the interval in seconds The default is 30 seconds The recommended value is 1 5 times the longest server response time 4 SSL traffic does not pass through SA7150 Improper mappings Improper cabling See Mapping in ...

Page 161: ...owser does not recognize the signer of this certificate after loading global server ID The intermediate certificate is not installed or is installed improperly See Global Site Certificates in Chapter 3 for correct procedures Item Symptom Probable Cause Remedy ...

Page 162: ...ort 10baseT Half Duplex Then use the nic command to force common media attributes e g HP SA7150 nic 1 auto 2 10baseT half duplex 3 10baseT full duplex 4 100baseTX half duplex 5 100baseTX full duplex Select media type 1 2 In the example above 2 is the correct choice because the setting must reflect the least common denominator of both media speed and duplex attribute i e the server port is determin...

Page 163: ...is no power switch or button Power is applied to the device by connecting the power cable Front Panel Connectors Controls and Indicators Bypass Reset Network Link RJ45 Server Link RJ45 Inline green Network Link green Server Link green LEDs Fail through switch Console CLI Aux Console Diagnostics Power green Error red Overload amber Activity green LEDs ...

Page 164: ...entarily to issue a soft reset to the SA7150 Press for 5 seconds to reset the SA7150 and restore the factory defaults Bypass button Press to physically force bypass mode bypass SA7150 processing Fail through Fail safe switch Default Fail safe up position the network connection is broken during a SA7150 failure Fail through down position the network connection is maintained during a SA7150 failure ...

Page 165: ...ght when greater amounts of processing are occurring OFF No SSL processing is being performed Network Link ON Operational network connection OFF No operational network connection Inline See Appendix B Failure Bypass Modes BLINKING GREEN Fail safe mode which is the default In the event of a SA7150 failure traffic will not pass through STEADY GREEN Fail through mode which allows traffic to pass even...

Page 166: ...tor Type Purpose Network RJ45 100baseTX 10baseT connection to network clients wired as a host port Server RJ45 100baseTX 10baseT connection to server or servers wired as a hub port Console DB9 RS 232 DTE console port 9600 8 None 1 None Aux Console DB9 RS 232 DTE console port 115200 8 None 1 None includes kernel diagnostics at boot Power Power input ...

Page 167: ...bypass button or from the command line interface using the bypass command There is also a security feature Fail through switch In the default Fail safe position this switch prevents traffic from passing through unprocessed in the event of a failure or if bypass mode is manually activated The following discussion about the bypass button and Fail through switch assumes that normal conditions for SA7...

Page 168: ...whether traffic continues to flow unprocessed between the client and the server discussed below Fail through Switch Security Level This switch allows the user to control what happens in the event of a failure It is located in a recess between the network link and server link connectors Use a small screwdriver or paper clip to operate the switch The two options are to either let traffic flow throug...

Page 169: ...sing is taking place which means either no traffic is passing through Fail safe or the traffic that is passing through is unprocessed Fail through The following conditions and Inline LED behavior are possible with the Fail through switch and bypass button Device Mode Bypass Button Fail through Switch Mode Traffic Status Inline LED Failed N A Fail safe Up position No traffic either direction off Fa...

Page 170: ...A P P E N D I X B HP e Commerce XML Server Accelerator SA7150 User Guide 160 Notes ...

Page 171: ... the set cipher command to specify the cipher The command prompts you for the cipher strength and SSL version level Options for these values are Cipher Strength All all supported ciphers including export ciphers High all ciphers with 168 bit encryption Triple DES Medium all ciphers with 128 bit and higher encryption including High Low all ciphers with 64 bit and higher encryption including Medium ...

Page 172: ... export version of the software supports only the ciphers marked E in the Profile column Name Protocol Key Exchange Authentication Encryption key size Message Authentication Profile Hi Medium Low Export DES CBC3 SHA SSLv3 RSA RSA 3DES 168 SHA1 H IDEA CBC SHA SSLv3 RSA RSA IDEA 128 SHA1 M RC4 SHA SSLv3 RSA RSA RC4 128 SHA1 M RC4 MD5 SSLv3 RSA RSA RC4 128 MD5 M DES CBC SHA SSLv3 RSA RSA DES 56 SHA1 ...

Page 173: ... SHA SSLv3 RSA 512 RSA DES 40 SHA1 E EXP RC2 CBC MD5 SSLv3 RSA 512 RSA RC2 40 MD5 E EXP RC4 MD5 SSLv3 RSA 512 RSA RC4 40 MD5 E EXP RC2 CBC MD5 SSLv2 RSA 512 RSA RC2 40 MD5 E EXP RC4 MD5 SSLv2 RSA 512 RSA RC4 40 MD5 E Name Protocol Key Exchange Authentication Encryption key size Message Authentication Profile Hi Medium Low Export ...

Page 174: ...A P P E N D I X C HP e Commerce XML Server Accelerator SA7150 User Guide 164 Notes ...

Page 175: ...Regulatory Information Taiwan Class A EMI Statement ...

Page 176: ...ment is operated in a commercial environment This product generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or televis...

Page 177: ...sse A prescrites dans la norme sur le matériel brouilleur Appareils Numériques NMB 003 édictée par le Ministre Canadien des Communications This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications CE Compliance Stat...

Page 178: ...ne particles other than normal room dust Well ventilated and away from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are susceptible to electrical storms we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem...

Page 179: ... et des sources de ibrations Isolé de forts champs magnétiques géenérés par des appareils électriques Dans les régions sujettes aux orages magnétiques il est recomandé de brancher votre système à un supresseur de surtension et de débrancher toutes les lignes de télécommunications de votre modem durant un orage Muni d une prise murale correctement mise à la terre Ne pas utiliser ni modifier le câbl...

Page 180: ... sein noch eine Verbindung mit einer Telekommunikationseinrichtung einem Netzwerk oder einer Modem Leitung haben wenn die Gehäuseabdeckung entfernt wird Nehmen Sie das System nicht ohne die Abdeckung in Betrieb AVVERTENZA Il sistema è progettato per funzionare in un ambiente di lavoro tipico Scegliere una postazione che sia Pulita e libera da particelle in sospensione a parte la normale polvere pr...

Page 181: ...ibración Aislado de campos electromagnéticos fuertes producidos por dispositivos eléctricos En regiones con frecuentes tormentas eléctricas se recomienda conectar su sistema a un eliminador de sobrevoltage y desconectar el módem de las líneas de telecomunicación durante las tormentas Previsto de una toma de tierra correctamente instalada No intente modificar ni usar el cable de alimentación de cor...

Page 182: ...söffnungen dienen zur Luftzirkulation die das Gerät vor Überhitzung schützt Sorgen Sie dafür daß diese Öffnungen nicht abgedeckt werden 8 Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte 9 Die Netzanschlußsteckdose muß aus Gründen der elektrischen Sicherheit einen Schutzleiterkontakt haben 10 Verlegen Sie die Netzanschlußleitung so daß niemand darüber fallen kann Es sollete auch nicht...

Page 183: ...ist gefallen und oder das Gehäuse ist beschädigt Wenn das Gerät deutliche Anzeichen eines Defektes aufweist 16 Bei Reparaturen dürfen nur Orginalersatzteile bzw den Orginalteilen entsprechende Teile verwendet werden Der Einsatz von ungeeigneten Ersatzteilen kann eine weitere Beschädigung hervorrufen 17 Wenden Sie sich mit allen Fragen die Service und Repartur betreffen an Ihren Servicepartner Somi...

Page 184: ...A P P E N D I X D HP e Commerce XML Server Accelerator SA7150 User Guide 174 Notes ...

Page 185: ...NDLED WITH ANOTHER PRODUCT YOU MAY RETURN THE ENTIRE UNUSED PRODUCT FOR A FULL REFUND HP SOFTWARE LICENSE TERMS License Grant HP grants you a license to Use one copy of the Software Use means storing loading installing executing or displaying the Software You may not modify the Software or disable any licensing or control features of the Software If the Software is licensed for concurrent use you ...

Page 186: ...opies or adaptations You may not copy the Software onto any public or distributed network No Disassembly or Decryption You may not disassemble or decompile the Software without HP s prior written consent Where you have other rights under statute you will provide HP with reasonably detailed information regarding any intended disassembly or decompilation You may not decrypt the Software unless neces...

Page 187: ... 1988 DFARS 252 211 7015 May 1991 or DFARS 252 227 7014 Jun 1995 as a commercial item as defined in FAR 2 101 a or as Restricted computer software as defined in FAR 52 227 19 Jun 1987 or any equivalent agency regulation or contract clause whichever is applicable You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP ...

Page 188: ...st include a copy of the MPL as shown below MOZILLA PUBLIC LICENSE Version 1 1 1 Definitions 1 0 1 Commercial Use means distribution or otherwise making the Covered Code available to a third party 1 1 Contributor means each entity that creates or contributes to the creation of Modifications 1 2 Contributor Version means the combination of the Original Code prior Modifications used by a Contributor...

Page 189: ...Original Code and which at the time of its release under this License is not already Covered Code governed by this License 1 10 1 Patent Claims means any patent claim s now owned or hereafter acquired including without limitation method process and apparatus claims in any patent Licensable by grantor 1 11 Source Code means the preferred form of the Covered Code for making modifications to it inclu...

Page 190: ...Original Code to make have made use practice sell and offer for sale and or otherwise dispose of the Original Code or portions thereof c the licenses granted in this Section 2 1 a and b are effective on the date Initial Developer first distributes Original Code under the terms of this License d Notwithstanding Section 2 1 b above no patent license is granted 1 for code that You delete from the Ori...

Page 191: ...fringements caused by i third party modifications of Contributor Version or ii the combination of Modifications made by that Contributor with other software except as part of the Contributor Version or other devices or 4 under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor 3 Distribution Obligations 3 1 Application of License The Modifications whic...

Page 192: ... derived directly or indirectly from Original Code provided by the Initial Developer and including the name of the Initial Developer in a the Source Code and b in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code 3 4 Intellectual Property Matters a Third Party Claims If Contributor has knowledge that a license under a thi...

Page 193: ...d be likely to look for such a notice If You created one or more Modification s You may add your name as a Contributor to the notice described in Exhibit A You must also duplicate this License in any documentation for the Source Code where You describe recipients rights or ownership rights relating to Covered Code You may choose to offer and to charge a fee for warranty support indemnity or liabil...

Page 194: ...a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone not by the Initial Developer or any Contributor You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer 3 7 Larger Works You may create a Larger ...

Page 195: ...sion of the License published by Netscape No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License 6 3 Derivative Works If You create or use a modified version of this License which you may only do in order to apply it to code which is not already Covered Code governed by this License You must a rename Your license so that the phrases Mozil...

Page 196: ...s of becoming aware of the breach All sublicenses to the Covered Code which are properly granted shall survive any termination of this License Provisions which by their nature must remain in effect beyond the termination of this License shall survive 8 2 If You initiate litigation by asserting a patent infringement claim excluding declaratory judgment actions against Initial Developer or a Contrib...

Page 197: ...used sold distributed or had made Modifications made by that Participant 8 3 If You assert a patent infringement claim against Participant alleging that such Participant s Contributor Version directly or indirectly infringes any patent where such claim is resolved such as by license or settlement prior to the initiation of patent infringement litigation then the reasonable value of the licenses gr...

Page 198: ...AVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU 10 U S GOVERN...

Page 199: ...International Sale of Goods is expressly excluded Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License 12 RESPONSIBILITY FOR CLAIMS As between Initial Developer and the Contributors each party is responsible for claims and damages arising directly or indirectly out of its utilization of rights under this License...

Page 200: ...ed under the terms of the _____ license the ___ License in which case the provisions of ______ License are applicable instead of those above If you wish to allow use of your version of this file only under the terms of the ____ License and not to allow others to use your version of this file under the MPL indicate your decision by deleting the provisions above and replace them with the notice and ...

Page 201: ...Support Services Support for your SA7150 U S and Canada For hardware service and telephone support contact An HP authorized reseller or HP Customer Support Center at 1 800 633 3600 ...

Page 202: ...blic 420 2 613 07 310 Denmark 3929 4099 English non UK 44 20 7512 5202 Finland 02 03 47 288 France 01 43 62 3434 Germany 0180 525 8143 Greece 30 0 16196411 Hungary 36 1 382 1111 Ireland 01 662 5525 Israel 972 9 952 4848 Italy 02 2 641 0350 Netherlands 020 6068751 Norway 22 11 6299 Poland 48 22 8659800 Portugal 21 317 6333 Russia 7095 797 3520 South Africa RSA 086 000 1030 Outside RSA 27 11 258 930...

Page 203: ... People s Republic of China 86 8008105959 Philippines 63 2 811 0643 Singapore 65 2725300 Taiwan 866 080 010055 886 2 7170055 Thailand 66 2 6613891 Vietnam Hanoi 84 4 9430101 Ho Chi Minh City 84 8 8324155 Latin America For hardware service and telephone support contact an HP authorized reseller or one of these support centers Country and Number Argentina 541 4778 8380 Brazil Sao Paulo 11 3747 7799 ...

Page 204: ...I X F HP e Commerce XML Server Accelerator SA7150 User Guide 194 Other Countries For hardware service contact your local authorized reseller or HP sales office For telephone support contact your authorized reseller ...

Page 205: ...rns see Boolean operators allow you to make XML expressions more discriminating hence more powerful Bypass User action causing traffic to bypass SA7150 processing done either through the CLI bypass command or Bypass button on the front panel of the SA7150 Cascading A configuration of two or more SA7150s serially connected together to accommodate larger e Commerce traffic processing CPS loads Certi...

Page 206: ...ters into addresses Element An object in an XML document e g name address or amount Elements often contain attributes see Flash Permanent non volatile storage for configuration changes Fulfillment Server A server that stores content used to satisfy user requests HTTP Hypertext Transfer Protocol the protocol used between a Web browser and a server to request a document and transfer its contents HTT...

Page 207: ... that is distributed widely and is not kept secure Used for encryption or for verifying signatures Service A service is an IP application paired with a port number For example HTTP 80 This describes a service consisting of a server s HTTP application listening on port 80 Another example of a service FTP 21 Signing Request Required for a request for certificate authentication by a Certificate Autho...

Page 208: ... to enable an error message is sent to the requesting client If set to disable the document goes to the mapped server see XML Extended Markup Language A self describing text based data format designed to facilitate the efficient storage and transmission of text date across a variety of media and platforms XML Expression Component of XML patterns see A specification of an XML element attribute or t...

Page 209: ...specified key and certificate 47 B Blocking 48 All IPs specific port 50 Delete block 51 Specific IP specific port 48 Subnet specific port 49 Bypass mode 157 C Cascading 32 63 Certificate Authority 34 Certificates 33 Ciphers 162 CLI Commands Administration 108 Alarms and monitoring 100 Commands for manipulating the his tory 73 Help 80 Logging 112 Operational 91 Port mapping 88 Remote management 93 ...

Page 210: ...n Free standing 10 Rack mounting 9 Wiring connections 10 K Keys 33 L Logging alarms 138 Logging Commands 112 M Manual mapping 47 48 Mapping 46 MIB tree 123 Multiple SA7150s 63 N Network connections 10 Network link status alarm 138 O Operational Commands 91 Order of expressions 20 Overload alarm 137 P PassThrough switch 157 Port Mapping Commands 88 R Redirection for unsupported ciphers 43 Refused S...

Page 211: ...26 Standard traps 124 Trap community string 128 Trap summary 124 software license agreement 175 Specifications 3 Spill enable 64 Spilling 32 SSL Processing 46 Status Commands 80 Support 191 Asia 193 Europe 192 Latin America 193 Other Countries 194 US and Canada 191 T Telnet 116 Enabling disabling 118 Windows 2000 terminal type 116 Throttling 32 Trap summary 124 U Utilization threshold alarm 135 X ...

Page 212: ...I N D E X HP e Commerce XML Server Accelerator SA7150 User Guide 202 Notes ...

Reviews:

No comments

Related manuals for P4518A - Traffic Management Server Sa7150

IBM eserver pSeries 690 Installation Manual preview
eserver pSeries 690
Brand: IBM Pages: 142
IBM eServer 370 xSeries User Reference Manual preview
eServer 370 xSeries
Brand: IBM Pages: 218
IBM BladeCenter PS703 Service Manual preview
BladeCenter PS703
Brand: IBM Pages: 298
IBM BladeCenter T Type 8720 Hardware Maintenance Manual preview
BladeCenter T Type 8720
Brand: IBM Pages: 180
hager TJA670 domovea Basic Manual preview
TJA670 domovea Basic
Brand: hager Pages: 36
3Com 3CRWPS10075-US - OfficeConnect Wireless 54Mbps 11g Print... User Manual preview
3CRWPS10075-US - OfficeConnect Wireless 54Mbps 11g Print...
Brand: 3Com Pages: 94
B&B Electronics VESR4x4 Quick Start Manual preview
VESR4x4
Brand: B&B Electronics Pages: 2
Abit SI-2PS User Manual preview
SI-2PS
Brand: Abit Pages: 56
Seyeon FW3150 User Manual preview
FW3150
Brand: Seyeon Pages: 10
Seagate 8-BAY RACKMOUNT NAS Quick Start Manual preview
8-BAY RACKMOUNT NAS
Brand: Seagate Pages: 20
Seagate BlackArmor NAS 420 User Manual preview
BlackArmor NAS 420
Brand: Seagate Pages: 64
Chip PC JackPC EFI6800 Specifications preview
JackPC EFI6800
Brand: Chip PC Pages: 4
Chip PC JackPC EFI-6700 Specifications preview
JackPC EFI-6700
Brand: Chip PC Pages: 4
Check Point S-10 Getting Started Manual preview
S-10
Brand: Check Point Pages: 41
IBM 787264U Brochure & Specs preview
787264U
Brand: IBM Pages: 2
IBM 4367BDU Brochure & Specs preview
4367BDU
Brand: IBM Pages: 2
Square One SQ201-N User Manual preview
SQ201-N
Brand: Square One Pages: 63
Sphere3D GW2000 Quick Start Manual preview
GW2000
Brand: Sphere3D Pages: 2

Brands by name

Popular brands

Load more brands