manualshive.com logo in svg

Trustwave SWG 3000, Setup Manual

Share
Download
Trustwave SWG 3000 Setup Manual Download Page 18

Secure Web Gateway 11.5 Setup Guide 

 

 

Copyright © 2013 Trustwave Holdings, Inc.  All rights reserved. 

18 

4.3

 

Limited Shell Monitoring Commands 

  

arp 

 Address Resolution Protocol command — the standard method for finding a host's hardware address 
when only its network layer address is known. Enter the arp command to display the appliance's arp 
table. 

  

check_connectivity 

For Policy Server or All-in-One appliance, checks connectivity to the remote devices. 

 

df 

Disk free command — a standard Unix command used to display the amount of available disk space for 
file systems. 

Enter the df command to display the disk usage. 

 

ifconfig 

This Unix command is used to display TCP/IP network interfaces. Enter the ifconfig command to display 
configuration and statistics. 

 

ip2name 

Looks up the hostname associated with an IP address entered by the administrator. Enter the ip2name 
command followed by the IP address to display the associated hostname. 

 

iptraf 

This command is a Linux network statistics utility. It gathers a variety of parameters such as TCP 
connection packet and byte counts, interface statistics and activity indicators, TCP/ UDP traffic 
breakdowns, and LAN station packet and byte counts. Enter the iptraf command to display the IP traf 
options: 

 

IP traffic monitor 

 

General Interface Statistics 

 

Detailed Interface Statistics 

 

Statistical breakdowns 

 

LAN station monitor 

For example, select IP traffic monitor to display the IP traffic monitor details. 

Summary of Contents for SWG 3000

Page 1: ...Secure Web Gateway Version 11 5 Setup Guide Trustwave com Updated October 9 2007 ...

Page 2: ... the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the author nor Trustwave sh...

Page 3: ... dialog boxes Code Text in Lucinda Console indicates computer code or information at a command line Italics Italics denotes the name of a published work the current document name of another document text emphasis or to introduce a new term Square brackets Square brackets indicate a placeholder for values and expressions Notes Tips and Warnings Note This symbol indicates information that applies to...

Page 4: ... and SWG 5000 models 7 2 1 2 2 For an SWG 7000 appliance 8 2 1 3 Connecting an Appliance Using a Serial Cable 9 2 2 Deploying a Virtual SWG from an OVF File 9 3 Setting Up the Appliance 10 3 1 Preparing Values for the Appliance Setup 10 3 2 Setting Up the Appliance 11 4 Performing Additional Configuration 12 4 1 Limited Shell Commands Summary List 12 4 2 Limited Shell Configuration Commands 14 4 3...

Page 5: ...ave Holdings Inc All rights reserved v 6 Upgrading from Version 10 2 26 7 USB Key Creator 27 7 1 Notes and Warnings 27 7 2 Usage Instructions 27 About This Guide This guide provides the instructions you need to install and set up your Trustwave SWG appliance ...

Page 6: ...he appliance you can configure the system according to your needs For instructions see the Management Console Reference Guide 2 Installing the Appliance This section contains the following Installing a Physical SWG Appliance Deploying a Virtual SWG from an OVF File 2 1 Installing a Physical SWG Appliance Installation consists of connecting to the appliance You can connect in any of the following w...

Page 7: ... 2 Connecting an Appliance Using an Ethernet Cable 2 1 2 1 For SWG 3000 and SWG 5000 models 1 Plug in the power cable and switch the appliance on 2 Connect a PC directly to the appliance s GE0 port or via a switch for 5000 SWG see 5000 SWG Rear Panel using a standard 8 thread Ethernet cable CAT5e cables or better are recommended 3 The default IP of the GE0 interface is 10 0 0 1 and its default net...

Page 8: ... ports on the Gigabit Ethernet switch in I O switch module Bay 1 on the appliance using an ethernet cable 4 Power up the blades as follows In the control panel for the blade a Press the KVM Select button so that the VGA screen attached to the chassis displays output from the blade being powered up b Press the Power button until the blade turns on After the blade finishes booting a login prompt is ...

Page 9: ...oying a Virtual SWG from an OVF File This section explains how to deploy a virtual SWG from an OVF file Virtual SWG appliances are certified to work with VMWare ESXI version 4 1 servers Note Before deploying the virtual appliance ensure that you have access to a VMWare vSphere client and that the OVF files are accessible in your local machine 1 In the vSphere client choose File Deploy OVF Template...

Page 10: ...f these roles in the same appliance or in different appliances All In One Default Defines the appliance as both a Policy Server and a Scanner This value is often used for SWG 3000 or 5000 models SWG Scanner Defines the appliance or blade as a Scanner only SWG Policy Server Defines the appliance or blade as a Policy Server only Standby Policy Server Defines the appliance as a standby Policy Server ...

Page 11: ...e the IP address for the DNS Server if you will not be accepting the current DNS configuration settings Note DNS configuration setting is mandatory 7 Determine the DNS domain names if you will not be accepting the current settings 8 Decide on any password changes if required 3 2 Setting Up the Appliance Perform the setup using the values you prepared 1 Log in to the Limited Shell The default user ...

Page 12: ...ommands Summary List The following monitoring and configuration commands are available Note The A C M column indicates if the command is an Administration A Configuration C or Monitoring M command For more information on configuring the system refer to Limited Shell Configuration Commands For further in depth analysis and diagnostics of the system refer to Limited Shell Monitoring Commands Command...

Page 13: ...ame iptraf M Interactive IP LAN monitor last M Displays last login name2ip M Resolves hostname to IP netstat M Displays Network statistics ping M Sends ICMP ECHO_REQUES to network hosts poweroff A Powers off the system reboot A Reboots the system reset_config C Sends full configuration to appliance restart_role A Restarts the role save_exclude_logs M Saves Exclude logs save_support_logs M Saves Su...

Page 14: ...st This feature is configured from the Management Console The administrator can define a range of IP addresses to access Management applications on predefined ports such as the Management Console SNMP SSH or User applications on predefined ports such as HTTP FTP ICAP or System ports internal ports Any IP address not defined in the IP range will then be blocked from accessing these applications on ...

Page 15: ... interface Choose an interface for example 1 eth0 The editing options are displayed Choose an editing action for example 1 Change IP address To add a static route choose 4 Add route The new route must be input as IP via prefix IP For example 1 1 1 1 32 via 10 0 3 Gateway Allows system administrators to set the default gateway of the appliance The IP address of the default gateway must be a local I...

Page 16: ... to configure it Select Q to exit config_upgrade After upgrading the Policy Server to a new version running this command will upgrade the scanners config_support Allows you to install support packages config_psweb Allows you to change the Policy Server management port for enhanced security To change the Listening port for the Policy Server add the new Port settings config_exclude Defines bypass ru...

Page 17: ...ose the required interface Choose the required speed or select Auto negotiation to enable the appliance to negotiate its own speed Enter the ethconf command and choose the interface for example enter 1 eth1 The settings for the selected interface are displayed Choose configuration for the adapter and confirm to make the settings permanent Note According to the IEEE 802 3 standard when working with...

Page 18: ...his Unix command is used to display TCP IP network interfaces Enter the ifconfig command to display configuration and statistics ip2name Looks up the hostname associated with an IP address entered by the administrator Enter the ip2name command followed by the IP address to display the associated hostname iptraf This command is a Linux network statistics utility It gathers a variety of parameters s...

Page 19: ...our network configuration and activity It displays the status of network connections on either TCP UDP RAW or UNIX sockets to the system ping Use the ping command to check the network connectivity for example after using netconf poweroff Enables you to remotely shut down the appliance IMPORTANT Physical access to the appliance is needed to bring the system back online for all models except the 700...

Page 20: ...ge Shows the Bridge role configuration show_config Shows the current configuration show_hardware Shows the hardware specs of a given SWG device show_network Shows the current network configuration This includes defined interfaces DNS configuration DNS cache and current hostname show_service Allows system administrators to view the service configuration status The following options are available sh...

Page 21: ...This file can then be downloaded for further analysis Up to 4 files of 100 MB each are kept When the fourth file gets full the first file is deleted i e cyclic progression SFTP such as WinSCP is required in order to download the files top Displays all the running processes and updates the display every few seconds so that you can interactively see what the appliance is doing traceroute Displays th...

Page 22: ... upgrades and clean installations The SWG Installation Utility should be used in the following scenarios Upgrade to any currently available version starting from version 10 1 Clean installation of last version Restoration of previous versions If upgrading from Version 10 2 to Version 11 x or later go to Upgrading from Version 10 2 on page 26 5 1 Usage Instructions Notes The SWG Installation Utilit...

Page 23: ...options are displayed The menu is dynamic and therefore this image is for example purposes only 2 Select the required option Note After the upgrade option is selected the current system is automatically backed up The system verifies which ISO files are available on the USB key for use The menu displayed is based on the ISO files available on the USB and HDD image partition Therefore the list is dy...

Page 24: ...er the upgrade utility has completed upgrading the Policy Server the remote devices if present must also be upgraded The following options are available 5 1 3 Using the USB Key To upgrade the scanning servers follow the procedure described in Upgrading the Policy Server and All in One on page 23 This process requires physical access to all scanning servers and cannot be performed remotely 5 1 4 Us...

Page 25: ...dures describe the upgrade process using an All in One appliance Policy Server and Scanner with an additional remote scanning server 1 Log in to the limited shell of the upgraded Policy Server 2 Run config_upgrade 3 The list of available scanners is displayed Press Y 4 New upgrade group Enter 1 5 The scanner is listed under Group 1 Press N when prompted to change the configuration This will start ...

Page 26: ... are additional groups the system will automatically move to the next upgrade group Groups that have already been upgraded will not change 6 Upgrading from Version 10 2 With the introduction of version 11 upgrading the SWG has been simplified and can now be done from the GUI Administration Updates and Upgrades Management To upgrade the Policy Server to Version 11 When running version 10 2 the OS u...

Page 27: ...nstances of VS Installer in filenames or utility names refer to the SWG Installation Utility 7 1 Notes and Warnings The installation of files onto the bootable USB is not required in a specific sequential order when copying SWG Installation Utility files manually Ensure that the latest SWG Installation Utility is used as it is compatible with previous versions and older hardware The USB Creator wi...

Page 28: ...y 6 Unzip the SWG Installation Utility files to the working directory 7 Insert a USB key and run the USB Key Creator program from its saved location 8 Choose the USB key drive letter and browse to the working directory Make sure that you have selected the correct drive letter 9 Click CREATE for the program to format the USB key and copy the necessary files 10 When complete the USB key is ready to ...

Page 29: ...ique approach with comprehensive solutions that include its TrustKeeper portal and other proprietary security solutions Trustwave has helped hundreds of thousands of organizations ranging from Fortune 500 businesses and large financial institutions to small and medium sized retailers manage compliance and secure their network infrastructures data communications and critical information assets Trus...

Reviews:

No comments

Brands by name

Popular brands

Load more brands