SecureLogix ETM System Скачать руководство пользователя

Страница: 1 / 212

DOC-IN-ETM630-2011-1031

Release 6.3.0

ETM

System

Installation Guide

Содержание ETM System

Страница 1: ...DOC IN ETM630 2011 1031 Release 6 3 0 ETM System Installation Guide...

Страница 2: ...ogix Solutions are currently securing and managing over two million enterprise phone lines The company s customers span nearly every industry vertical from regional banks and hospitals to the largest...

Страница 3: ...rotected by one or more of the following patents US 6 249 575 B1 US 6 320 948 B1 US 6 687 353 B1 US 6 718 024 B1 US 6 735 291 B1 US 6 760 420 B2 US 6 760 421 B2 US 6 879 671 B1 US 7 133 511 B2 US 7 23...

Страница 4: ...HELP 1 877 752 4435 support securelogix com http support securelogix com SecureLogix Corporation offers telephone email and web based support For details on warranty information and support contracts...

Страница 5: ...ecuring ETM System IP Data Network Traffic 16 Installation Quick Start 17 Understanding the Installation Process 17 Installation Process 17 Step 1 Software Installation 21 Introduction 21 Minimum Syst...

Страница 6: ...Report Server Host Computer 44 Edit the hosts File for the Report Server 45 Edit the twms properties File for the Report Server 45 Edit the Report Server Configuration File 46 Step 4 On the ETM System...

Страница 7: ...80 Installing Card Software 80 SIP Appliances Only 82 Configuring Telco Spans 83 How These Instructions are Organized 83 Single or Multi Span Configuration 83 Single Span Configuration 83 Multi Span...

Страница 8: ...figuring AAA Server Modems 146 Importing AAA Server Configuration 147 Configuring the Call Recorder 148 Configuring Management Server Settings 148 Authorize Remote Client Connections 148 Associate a R...

Страница 9: ...nce Connector Pinouts 184 10 100 Base T Ethernet Port Pinout 184 Auxiliary and Console Port Pinout 184 CO Port Pinout 185 PBX Port Pinout 185 Appendix B Removing and Replacing Appliance Components 187...

Страница 10: ...Names Reference 201 Directories Created by the Database Creation Script 201 Windows Service Name 202 File Names and File Locations 202 Appendix E Appliance Status LEDs 203 LED Descriptions 203 Telco...

Страница 11: ...r creating and managing Firewall Policies and instructions for viewing results of Policy monitoring and enforcement Voice IPS User Guide Provides an overview of the Voice IPS Intrusion Prevention Syst...

Страница 12: ...ts via the SecureLogix Knowledge Base online at the following web address http support securelogix com The following conventions are used in this guide Functions that require two or more mouse clicks...

Страница 13: ...s to communicate This approach helps minimize unforeseen complications arising from unique characteristics of a site s phone system or TCP IP network Typically ETM Appliances install transparently in...

Страница 14: ...0 supports only IPv4 ETM 1060 Call Recording Cache CRC Appliances can be located anywhere that has TCP IP network connectivity for communication with the Recording Spans ETM Server and Collection Serv...

Страница 15: ...em deployment IP network traffic exists between Management Servers and Appliance components the ETM System Console and the ETM Database Downloading new software to multiple Cards simultaneously can cr...

Страница 16: ...e traffic The ETM System generates a low to moderate level of IP data network traffic that could contain sensitive information The ETM System includes 3DES encryption that secures data transmitted amo...

Страница 17: ...of the following sequence of steps The checklist below is provided for you to check off each step of the installation as it is completed Install the ETM Software ETM Server Report Server Database Mai...

Страница 18: ...ll the Appliance s in the rack p 50 Connect the SMDR cable if applicable p 51 Connect power AC or DC to the Appliances p 52 Using a direct serial connection to each Appliance Card perform initial netw...

Страница 19: ...es Refer to the Call Recorder User Guide for instructions for recording and accessing calls with the Call Recorder Refer to the ETM System Administration and Maintenance Guide for task oriented instru...

Страница 20: ...20 Installation Quick Start...

Страница 21: ...TCP IP you can install all of the ETM applications on the same computer or you can install components on separate computers in any combination Components can also be installed on different supported o...

Страница 22: ...at http support securelogix com or contact Customer Support Install the ETM Software See the minimum system requirements on the SecureLogix Knowledge Base at http support securelogix com or call Secu...

Страница 23: ...eady logged on as the root user use the su command to change to the root account 3 Insert the installation CD into the CD ROM drive 4 Change your working directory to usr local by typing at the prompt...

Страница 24: ...lications press ENTER To install a subset of the packages enter the numbers for the package to install separated by commas For example to install only the ETM Management Server and Report Server packa...

Страница 25: ...ng on one of these operating systems Ensure a user with Administrator privileges installs the ETM System applications and then run the applications as Administrator rather than local user Install the...

Страница 26: ...on includes the ETM Client applications Database Maintenance Tool and ETM System documentation optionally you can select to install the ETM Management Server Report Server and AAA Services application...

Страница 27: ...e purchased AAA Services clear the check box if you have not purchased AAA Services and then click Next Advanced Allows customization of which program features will be installed where they will be ins...

Страница 28: ...rrent Destination Folder dialog box appears Type a new path and then click OK 8 Click Next The System Identification dialog box appears displaying the computer s system ID The System ID is required to...

Страница 29: ...Email support securelogix com 2 Provide your System ID to SecureLogix Customer Support and let them know whether you purchased the Call Recorder To view your System ID Solaris a Open an XTerm or othe...

Страница 30: ...t of the box Card configuration in Initial Card Configuration on page 54 To change the Management Server TCP IP port for Card connections 1 On the Management Server computer open twms properties in a...

Страница 31: ...eLogix Knowledge Base at http support securelogix com Since the procedure for installing and configuring the Oracle DBMS varies according to the operating system on which it is to be installed and the...

Страница 32: ...orting directory listings and city state data files On a remote ETM Server installation install the Oracle Client Tools and then copy tnsnames ora and listener ora from ORACLE_HOME network admin to th...

Страница 33: ...vers using this database schema It is strongly recommended that you have only one ETM Data Instance per schema 5 Create a data instance for the ETM Server Each ETM Server uses a specific data instance...

Страница 34: ...enance Tool is installed click Start Programs SecureLogix ETM System Software Utilities ETM Database Maintenance Tool The database connection information you provide enables the ETM Database Maintenan...

Страница 35: ...the Standalone Databases tree of the ETM Database Maintenance Tool right click the database and then click Connect The Login dialog box appears 2 In the Username box type the username that authorizes...

Страница 36: ...n click Repair Table to correct the problem Indicates a missing expected table Right click the table and then click Create Table to create the table Indicates views and temporary tables created and ma...

Страница 37: ...own arrow and then select your locale from the list of supported locales 7 The Allowed Client IP Address box is used to specify the IP address of the computer from which you will initially log in via...

Страница 38: ...ver by default connects to the database through the database owner account The Management Server really only needs to change data it does not need to drop or create objects A non owner database user a...

Страница 39: ...ing commands as an example Replace RUNUSER with the name of the user GRANT ALTER SESSION TO RUNUSER GRANT CREATE PROCEDURE TO RUNUSER GRANT CREATE SESSION TO RUNUSER GRANT CREATE SNAPSHOT_PERM TO RUNU...

Страница 40: ...atabase preparation is complete If the Management Server is installed on a different computer from the Database Maintenance Tool do one of the following If no previous modifications have been made to...

Страница 41: ...e no port conflict exists Determine the fully qualified host name of the computer on which the Management Server and the Report Server are installed These can be the same or different computers Determ...

Страница 42: ...computer open the hosts file in a text editor The default location for the hosts file is the following Solaris etc Windows 2000 C WinNT system32 drivers etc Windows 2003 C Windows system32 drivers etc...

Страница 43: ...4 Locate the line that reads DispatcherPort 6991 This is the default port that ETM client applications connect to when initiating a data communication socket with the Management Server If this port is...

Страница 44: ...me com where the hostname com is replaced with either the correct fully qualified domain name or the IP address for the host To determine whether the host name will resolve correctly on Windows At a c...

Страница 45: ...e remote Usage Managers to connect to the Report Server you must edit the twms properties file on the Report Server computer whether on the same computer as the Management Server or a different one To...

Страница 46: ...useLocalHostName True For most computers these parameters will resolve the fully qualified domain name However in some cases they will resolve to the IP address of the computer instead typically when...

Страница 47: ...ne mapping the Report Server s IP address to the fully qualified hostname in the same way as described for the Management Server 4 Save the modified file Required modifications vary depending on the f...

Страница 48: ...ts the source port Allow traffic to port 4313 or alternate user defined port to pass from remote Appliances to the Management Server if the system is deployed in a distributed architecture Allow Manag...

Страница 49: ...t rack or on the wall 3 Connect the SMDR cable to the Card that is to be the SMDR provider for the Switch if SMDR is used 4 Connect the power cable and power on the Appliance 5 1050 AAA only Connect t...

Страница 50: ...idle 2 Flip the latches inward until you hear them lock 3 Insert the screws into the latches and hand tighten with a screwdriver to secure the Digital Trunk Interface in the chassis 4 At the front of...

Страница 51: ...e 2 Use the appropriate type of screws not included to attach the brackets to the wall One telco Appliance Card monitoring calls at a given PBX can be connected to the SMDR CDR port on the PBX to tran...

Страница 52: ...onfiguration the Card will begin initiating contact with the Server however it will be unable to establish a connection until you add its IP address to the Server s list of authorized Card IP addresse...

Страница 53: ...e 1 Connect the wire harness to the 48V and RTN terminals at the rear of the Appliance 2 With power disconnected from the power source connect the wire harness to a 36 to 72VDC 7 9A power supply that...

Страница 54: ...nly IPv4 Management Server IP Address DES Key This key must always be in sync between the Card and the Management Server because DES encryption is always used during the initial Card Server handshake...

Страница 55: ...the Performance Manager A password can be any combination of characters It must be a minimum of eight characters in length and must include at least one change of case and one digit 6 At the Select a...

Страница 56: ...ue via the Performance Manager if needed 13 At the Select Card security posture prompt type one of the following HIGH Telnet is disabled and network and security configuration changes are only allowed...

Страница 57: ...the Performance Manager However if you need to change the Span type you should provide the Span license now To license additional Spans 1 After the Card reboots log in again and enter Enable mode Type...

Страница 58: ...PRI type MAINT SPAN TYPE 2 PRI 5 At the FS r w prompt type RESTART The Fail Safe terminated message appears and the Card restarts with the new Span settings and returns to the ETM prompt You may have...

Страница 59: ...erver accepts connections from all Cards is 4313 If you changed the Management Server port from the default in the twms properties file you must configure the Card with the new port number To specify...

Страница 60: ...efault to a lesser value including 0 seconds If the Enable mode timeout is not changed from the default you will enter Enable mode on subsequent login sessions To change the Enable mode timeout At the...

Страница 61: ...provide the interface that connects the Appliance to a physical span entering a PBX on a customer s premises Switches represent the PBX from which the Appliances are monitoring calls Each PBX is repr...

Страница 62: ...processing SS7 Groups and or NFAS b Move each Span to the switch with which it is associated c Configure SMDR NFAS and or SS7 via the switch Object d Configure the AAA Service s 7 Configure Managemen...

Страница 63: ...rt the Applications on page 63 If you are running multiple application instances on the same computer see How to Start Multiple Application Instances on page 64 To start the applications Solaris Execu...

Страница 64: ...re launched from the ETM System Console after you log in to the ETM Server Standalone Usage Manager You do not need this open during configuration but will want to verify connectivity Do one of the fo...

Страница 65: ...regardless of whether multiple Report Server and Management Server instances are present The Performance Manager embedded Usage Manager client and Directory Manager are launched from the ETM System C...

Страница 66: ...ter After you log in the first time you can authorize connections from other remote ETM Clients To define an ETM Server object 1 Open the ETM System Console 2 Right click ETM Management Servers and th...

Страница 67: ...e tree 3 Repeat for each of the other Servers this ETM System Console will connect to The password for the default admin user account on the ETM Server was defined when the data instance for the Serve...

Страница 68: ...You can also use a subnet mask or prefix to authorize a range of IP addresses for example 10 1 1 0 255 255 255 0 authorizes all Cards with a 10 1 1 x IP address You configured the Card with network c...

Страница 69: ...formance Manager tree pane The Card name defaults to its MAC address you will assign a more recognizable name in a later procedure 6 To authorize a range of IP addresses click New and then click IP Ra...

Страница 70: ...uthorized Cards 12 Click Close to save the changes and close the Authorized Cards dialog box Continue with the following If the ETM Server Cards and ETM System Console s are communicating continue wit...

Страница 71: ...e txt is present in the ETM System installation directory for both the Management Server and the Report Server if remote If the ETM System components are communicating through a firewall firewall conf...

Страница 72: ...can organize the Cards according to the Appliance chassis in which they are housed Although this step is optional it is recommended for uncluttering and organizing the display Appliances in the tree...

Страница 73: ...hold down CTRL while clicking each Card and then right click the selection and then click Move Card s The Move Card s to Appliance dialog box appears listing all defined Appliances 2 Click the Applia...

Страница 74: ...subtree right click the Card icon and then click Edit Card s To open the Multi Card Configuration dialog box Select multiple Cards as follows To select multiple adjacent Cards In the Platform Configu...

Страница 75: ...annot be modified 2 In the Card Name box type a unique identifier for the Card Note that Cards are listed in the tree in ASCII order If you are using the Multi Card Configuration dialog box the Card t...

Страница 76: ...he Card IP Subnet and Gateway IP Address were assigned to the Card during out of the box configuration at the Console port 8 Click the Remote Clients tab optional The Remote Clients tab is used to aut...

Страница 77: ...n IPv4 address select Mask and type the subnet mask or select Prefix and type a prefix length 16 Click OK 17 Repeat the above steps for all authorized Telnet clients 18 The settings on the ETM Server...

Страница 78: ...age sequence eliminating the possibility of a Card connecting to a rogue Server and thereby potentially impacting telecommunications service b The controls access to the security related Card settings...

Страница 79: ...nd Confirm Enable Password boxes 20 Click OK to save the changes and download them to the Card Continue with one of the following If you need to install new software on the Card s see Card Software In...

Страница 80: ...t render the Card unresponsive Should the Card become completely unresponsive a watchdog timer will normally cause the Card to automatically reboot If it does not and you believe the Card is completel...

Страница 81: ...the Card inoperable The Card automatically reboots after the software is installed Observe the Status Tool and Diagnostic Log during the download If you believe the Card is completely unresponsive be...

Страница 82: ...them and isolate the upgraded node until the issues are resolved To activate newly installed software on the proxy nodes 1 After pushing the software to the Call Processor in the Performance Manager t...

Страница 83: ...figuration dialog box depend upon the type s of the Spans selected For example if you select two T1 PRI Spans the General Preferences Telephony Global Line Settings PRI and T1 Setup tabs are displayed...

Страница 84: ...are user modifiable Name and Comment By default all Spans are named Span n where n is the Span s number on the Card 1 4 You should change the name to something unique or the tree display and monitorin...

Страница 85: ...ETM System Administration and Maintenance Guide To configure Span preferences 1 In the Span Configuration dialog box click the Preferences tab 2 In the Logging area select the Log Appliance Debug Even...

Страница 86: ...tions check box to prevent any calls from being terminated on this Span The Terminate Policy setting applies to enforcement of terminate Rules in Policies manual termination via the Call Monitor and t...

Страница 87: ...nd call the Rule is skipped and processing continues with the next Rule in the Policy When an ambiguous call is encountered during an outbound call the Policy stops executing and no Tracks except logg...

Страница 88: ...h corresponds with the timeout value of most telephone network switches If your network differs adjust this value accordingly This setting is used for outbound analog and T1 loop start and ground star...

Страница 89: ...traffic Improper settings degrade or prohibit proper signal traffic cause false signal activity or impair Policy execution See At a Glance Reference Table to TDM Span Telco Settings on page 197 for re...

Страница 90: ...source number collected from SMDR is used for Policy processing and is inserted into the database Augment The Span performs Policy processing with the source number in the signaling if it is present...

Страница 91: ...the country code area code and phone number of the dedicated line number main switchboard number or some other recognizable unique number associated with the channel For readability the digits typed i...

Страница 92: ...runk group for an adjoining group of channels click the first Trunk Group cell hold down SHIFT and then click the last cell and then type the trunk group When you click anywhere else on the dialog box...

Страница 93: ...the Outgoing Numbering Format cell and then type the applicable tokens up to 40 characters Outgoing numbering format specifies the format of the MF or DTMF digits that the PBX sends to the telephone n...

Страница 94: ...formation about Dialing Plans see Defining Dialing Plans in the ETM System Technical Reference The table below lists the valid Incoming Numbering Format tokens Note that multiple tokens can be specifi...

Страница 95: ...cells 13 SS7 Bearer Spans only Each channel on an ISUP bearer trunk has an associated Circuit Identification Code CIC ranging from 0 to 16383 and is unique for each LPC RPC pair In the CIC field type...

Страница 96: ...ted 3 Do any of the following as appropriate to the selected Spans In the Global Signal Type box click the down arrow to set the signal type for all selected Spans In the Enabled Status area select Se...

Страница 97: ...ea select the Clear All Extensions box to clear all extensions from the Extension column of the Channel Map tab on all channels on all selected Spans In the Global Request SMDR area click the down arr...

Страница 98: ...ly aggregates These locations include Signaling interface of a call server LAN side of an edge or WAN router DMZ port of a data firewall H 323 configuration provides the Appliance with VoIP interface...

Страница 99: ...3 The Manual Inline check box controls whether the Span automatically goes inline after it is rebooted or restarted Select the check box to cause the Span to come up offline whenever it is rebooted o...

Страница 100: ...r second for signaling The default is 50 signaling messages per second A Diagnostic Log message is generated when traffic exceeds this limit This can be useful for identifying possible threats such as...

Страница 101: ...ts are to be dropped Or you might define Rules to block all traffic on port 80 but allow traffic on other ports To define a packet Rule a Click the New Packet Rule icon The Packet Rule dialog box appe...

Страница 102: ...dialog box appears 5 Click the Interfaces tab The Interfaces tab contains NAT specific configuration settings 6 In the Port Range area type the number of ports to be reserved for media This number mu...

Страница 103: ...erface c In the Media ports box type the starting port for the number of media ports you reserved The ending port field updates automatically 9 Click the Routes tab The Routes tab displays the routes...

Страница 104: ...are labeled Ethernet 0 and Ethernet 1 Ethernet 0 on the Card corresponds to eth1 in the GUI Ethernet 1 corresponds to eth2 in the GUI f In the Metric field type an integer The default is 0 Metric is u...

Страница 105: ...Settings on page 115 More Spans of the same type Importing Span Configuration on page 118 If all Span settings have been supplied continue with Installing Dialing Plans on page 119 The ETM 1090 Appli...

Страница 106: ...he ASCII Management Interface for the VoIP Span SERVER COMM ON 1 Once communication is enabled between the Server and the Span the Span reconnects and reappears in the tree Continue with one of the fo...

Страница 107: ...one of the following to match the setting at your PBX Basic Basic standard frame CRC4 Multiframe with Cyclic Redundancy Check 4 Non CRC4 Multiframe with no cyclic redundancy check 3 In the Line Coding...

Страница 108: ...atically go inline after it is rebooted or restarted 8 Do one of the following If you are configuring E1 PRI Spans continue with PRI Specific Span Settings on page 112 E1 CAS Span configuration is com...

Страница 109: ...raming Format must be set to the carrier s setting to ensure proper signal synchronization SF Super Frame ESF Extended Super Frame 3 In the Line Coding box click the down arrow and select the correct...

Страница 110: ...ng the Loop Up Loop Down codes On T1 CAS Spans place the Span offline before setting pass through mode to On For normal operation use Off or Autodetect Note that when auto detect is used on T1 CAS lin...

Страница 111: ...links continue with SS7 Signaling Link Specific Span Settings on page 115 If you are configuring T1 CAS or SS7 bearer Spans Span configuration is complete Click OK to save the settings and close the d...

Страница 112: ...down arrow and then click the applicable variant type The following protocol variants are supported on E1 EuroISDN DASS2 DPNSS If you select DPNSS select the applicable glare setting in the DPNSS Gla...

Страница 113: ...tion Valid values are and is not supported for DASS2 protocol variant 5 The DPNSS Glare Setting applies only if you selected DPNSS as the protocol variant If you selected any other protocol variant le...

Страница 114: ...k the down arrow and then select the TON for the number you specified in the Modify Calling Party Number box National International Subscriber or Unknown 7 PRI Span configuration is complete Click OK...

Страница 115: ...Span 1 Port 4314 Span 2 Port 4315 Span 3 Port 4316 Span 4 Port 4317 To change the port number in the Signaling Link Listener Port box type or select the port for these signaling links IMPORTANT Each S...

Страница 116: ...the Signaling Link data channel 7 Fully associated SS7 signaling link configuration is complete Click OK to save the settings and close the dialog box A message appears asking whether you want to dow...

Страница 117: ...lues are 1 24 on T1 and 1 30 on E1 In each of the Time Slot For Link n boxes type or select the time slot associated with the Signaling Link data channel 7 Dedicated SS7 signaling link configuration i...

Страница 118: ...and then click Edit Span s 2 Click Import The Import Span Attributes dialog box appears Only Spans of the same type appear as import choices 3 Click the Span whose attributes you want to apply to the...

Страница 119: ...propriate sections according to your Appliance locale See About Dialing Plans in the ETM System Technical Reference available from the SecureLogix directory on the Start menu Windows systems or the ET...

Страница 120: ...er installation directory appear 5 Click the LNP file that represents the Local Numbering Plan for this Appliance locale and then click OK 6 In the Dial Plan Configuration dialog box be sure that inst...

Страница 121: ...DR configuration fields and enables NFAS and SS7 Group definition 2 Move all Spans that are to use the SMDR data AAA tokens Access Codes Protected Extensions NFAS and or SS7 groups to the Switch 3 Do...

Страница 122: ...o Configuration subtree right click the Span point to Move Spans and then click To Switch To move multiple Spans at once hold down CTRL or SHIFT while selecting the Spans and then right click the sele...

Страница 123: ...l record in the database with additional call information such as access codes when the call ends Or you can use the real time call information for policy processing but replace the data in the databa...

Страница 124: ...the ETM System Technical Reference for detailed instructions for defining a new file Access codes can also be extracted from SMDR and correlated with listings in the ETM Directory Before you can modi...

Страница 125: ...f the PBX SMDR serial port Options are 300 1200 2400 4800 9600 19 2k 38 4k and 57 6k and 115 2k b In the Data Bits box click the down arrow and select value that matches the corresponding settings on...

Страница 126: ...the IP address of the host sending the SMDR Click New and then type the IP address of the SMDR source Optionally repeat to specify a backup source if your network is configured with one c In the Port...

Страница 127: ...what the offset should be Otherwise it is highly likely that excessive drift over time will impair the Server s ability to resolve SMDR requests Raw Access Codes can be extracted from SMDR and then c...

Страница 128: ...the dialog box click the tab 2 Below the box click The dialog box appears 3 In the Remove this digit sequence from the start of the extension box type one or more digits to be matched and then removed...

Страница 129: ...he line 9 Click OK to close the Switch Properties dialog box and apply the settings No changes are saved or applied until you click OK Suppose the telephone company in San Antonio Texas has assigned a...

Страница 130: ...ng If you are configuring T1 PRI Spans that use NFAS Groups proceed to Defining NFAS Groups on page 131 If not see the next bullet If SS7 Signaling will be used on this switch see Defining SS7 Groups...

Страница 131: ...itch and then click Manage NFAS Groups The NFAS Group for Switch dialog box appears If you do not have a switch defined see Creating a Switch on page 121 2 Click New The New NFAS Group dialog box appe...

Страница 132: ...to NFAS Group dialog box appears 6 Click the NFAS Group to which these Spans are to belong and then click OK The Spans move to the selected NFAS Group in the Telco Configuration subtree To view the m...

Страница 133: ...cate IMPORTANT Internal system resources reserve up to 8 ports starting at the assigned base TCP IP port If two or more Spans on the same Card carry a primary or back up D channel for different NFAS G...

Страница 134: ...all messaging associated with the SS7 Bearer Spans Each SS7 Bearer Span can be present in only one SS7 Group however SS7 Signaling Links can be present in multiple Groups because they can be shared by...

Страница 135: ...Group The SS7 Group Properties dialog box appears a The SS7 Group Name box contains the name that you gave the Group when you created it To rename the group type a different name b In the Local Point...

Страница 136: ...inks dialog box appears 1 In the Exclude box double click the Signaling Link s associated with the Bearer Spans in this SS7 Group or click it and then click the right facing arrow The Signaling Link s...

Страница 137: ...In the Telco Configuration subtree the Spans move to the selected SS7 Group Continue with one of the following If you are using AAA services for the Voice Firewall see the procedure below to configure...

Страница 138: ...rver on page 68 Configuring the AAA Service consists of the following tasks described in detail in the procedures below 1 Name the AAA Server and add a comment if desired 2 Select message types for va...

Страница 139: ...file is saved in the ETM System installation directory on the Management Server computer at the following path INSTALL_DIR debug macaddress_Spannumber_uniqueid dbg To enable debug logging for the AAA...

Страница 140: ...AAA Service Configuration dialog box click the Messages tab 2 In the Message Type column click the down arrow of the message you want to configure and then click the desired option The table on the fo...

Страница 141: ...cording Error Tone None Phone Number Prompt Prompts the user to enter the phone number of the modem to be accessed Voice Recording Prompt Tone None Pin Code Prompt Prompts the user to enter the PIN fo...

Страница 142: ...10 Lockout duration 1 day 1 minute 10 weeks Clear failed authorization records older than 1 hour 10 minutes 4 weeks Maximum authorization attempts per session 3 1 10 Maximum time for data entry 30 se...

Страница 143: ...unt of time the AAA Server stores a record of a failed authorization attempt from 10 minutes to 4 weeks The default is 1 hour 4 In the Maximum authorization attempts per session box type or select fro...

Страница 144: ...ncryption 3 In the DES Key String box change the passphrase for Span AAA Service communication if desired The passphrase in the twms properties file in the ETM System installation directory is used by...

Страница 145: ...ith which this AAA Service is associated The Switch es move s to the Include box b Click OK You are returned to the AAA Service Configuration dialog box The selected Switch es appear s in the Local Sw...

Страница 146: ...dem Diagnostics area displays the results of the modem scan 3 In the Enabled column clear any modems that you want to disable All modems displayed on this tab are enabled by default 4 In the Speaker u...

Страница 147: ...g box Click Import The Import AAA Service Attributes dialog box appears 3 Click the AAA Server whose attributes you want to import and then click OK You are returned to the AAA Service Configuration d...

Страница 148: ...The ETM Server is a background processing engine that controls the ETM Appliances and integrates the ETM System components with your data network As a security feature connections from remote client a...

Страница 149: ...ange of IP addresses click New and then click IP Range The Client Hosts dialog box appears 7 In the IP Address box type the IPv4 or IPv6 base address 8 If you typed an IPv6 address click the down arro...

Страница 150: ...with the path to the Oracle client tools used to import listings and city state data from external files See Specify the Path to the Oracle Client Tools on page 152 Each ETM Server is associated with...

Страница 151: ...key for encrypted communication between the Report Server and the Management Server This key must always be in sync between the ETM Server and Report Server because the initial negotiation is always e...

Страница 152: ...n click Servers ETM Server Data Management The Data Management Tool appears 2 On the Oracle Client Tools tab click Configure The Specify Oracle Client Tools Location dialog box appears Specify the Pat...

Страница 153: ...ersion of the ETM System was released it contained the latest city state data However this information is updated regularly and must be reimported to remain current Updated files are available periodi...

Страница 154: ...Start Update Congratulations If you have completed the sequence of procedures described in the preceding sections the ETM System is installed and configured You are ready to perform telephony service...

Страница 155: ...circuits be wired correctly when connected to the ETM Appliance or calls may not be properly recognized It is particularly important when using Ground Start on the 1012 1024 analog Appliances that tip...

Страница 156: ...ou connect the telco cable to the powered on Appliance For digital Spans on any Appliance type place the Span inline by typing the following series of commands via Console connection Telnet or the ASC...

Страница 157: ...r other necessary actions Depending on the line characteristics and signaling type the threshold values may need to be tweaked to properly follow hook state throughout the call The POTS DEBUG ETM Comm...

Страница 158: ...lace the Spans inline To place the Spans inline Type the following series of commands via a Console connection or the ASCII Management Interface for the Span SPAN INLINE RESTART To open the ASCII Mana...

Страница 159: ...EDs are illuminated no trunks are in alarm Online All LEDs are illuminated green 3 View the CSU s and PBX and verify that both are free of alarm lights and appear to be operating normally 4 Follow a c...

Страница 160: ...nated green indicating communication between the Controller Card and Digital Trunk Interfaces PMC Illuminated green indicating communication between the Controller Card and the DSP Mezzanine Card Stat...

Страница 161: ...elogix com for assistance if necessary For instructions for bypassing the SIP Appliances and the SIP AXP solution see the SecureLogix Knowledge Base IMPORTANT These bypass procedures only affect the t...

Страница 162: ...message reporting a potential configuration error should not be ignored For example the message Possible configuration error on channel x indicates potential Span configuration errors for signaling o...

Страница 163: ...Dialing Plans SECURITY Indicates both authorized and unauthorized access connection and configuration change events START STOP Occurs when a Card or the Server is shut down or initialized TELCO Provi...

Страница 164: ...e of the following In the Telco Configuration subtree right click a switch or one or more Spans and then click Call Monitor In the Platform Configuration subtree right click one or more Appliances Car...

Страница 165: ...Voice Firewall User Guide for instructions for defining and using Voice Firewall Policies and AAA Services Refer to the Voice IPS User Guide for instructions for defining and using Voice IPS Policies...

Страница 166: ...166 Step 4 Telephony Service Cutover...

Страница 167: ...CPU 200 MHz Motorola MPC8241 Bus speed 100 MHz Asynchronous Bus PCI Bus speed width 33 MHz 32 bit DSP 4 x 200 MHz Texas Instruments TMS320VC5510 RAM 64 MB SRAM NVRAM 256 bytes for configuration param...

Страница 168: ...ture 4 to 158 F 20 C to 70 C Number of Lines 12 24 REN 0 1B Reporting ETM Management Server Diagnostic Messages Line Supervision Types Loop Start Ground Start Loop Reverse Battery for DID only Address...

Страница 169: ...1012 1024 Appliances are provided below Note The Ethernet Console and Auxiliary port connectors are identical to those on the 2100 3200 The VoIP port connectors Ethernet 0 and Ethernet 1 are identical...

Страница 170: ...annel 11 to Network 12 Orange Black Ring Channel 12 to Network 37 Black Orange Tip Channel 12 to Network 13 Green Black Ring Channel 13 to Network 38 Black Green Tip Channel 13 to Network 14 Brown Bla...

Страница 171: ...Orange Black Ring Channel 12 to CPE 37 Black Orange Tip Channel 12 to CPE 13 Green Black Ring Channel 13 to CPE 38 Black Green Tip Channel 13 to CPE 14 Brown Black Ring Channel 14 to CPE 39 Black Brow...

Страница 172: ...eters Ethernet Data Network Interface RJ 45 10 Mbps or 100Mbps Serial Port 9 pin D connection Parallel Port 25 pin D connection Modem Ports 2 or 4 RJ11 ports PS 2 Port keyboard connection PS 2 Port mo...

Страница 173: ...tors on the ETM 1050 Appliance used for ETM System operation is described below Only elements used for ETM System operation are labeled in the above illustration A power LED not shown appears on the f...

Страница 174: ...Set Ready 2 RxD Receive Data 7 RTS Request to Send 3 TxD Transmit Data 8 CTS Clear to Send 4 DTR Data Terminal Ready 9 RI Ring Indicator 5 GND Signal Ground Four standard RJ 11 modem ports are provid...

Страница 175: ...eed 100 MHz Asynchronous Bus PCI Bus speed width 33 MHz 32 bit DSP 4 x 200 MHz Texas Instruments TMS320VC5510 RAM 64 MB with ECC SRAM NVRAM 256 bytes for configuration parameters Ethernet Data Network...

Страница 176: ...to 40 C Storage Temperature 4 to 158 F 20 C to 70 C EMI EMC FCC Part 15 ICES 003 EN55022 EN55024 CISPR 22 Safety CB Scheme EN IEC60950 UL cUL 60950 Marks and Approvals FCC Part 15 Industry Canada CE M...

Страница 177: ...terface RJ 45 10 Mbps or 100Mbps Console and SMDR CDR Interfaces 2 RJ 45 RS 232C DCE Asynchronous up to 115 kbps Expansion Slots 2 standard size PMC daughter board with front panel I O access Telephon...

Страница 178: ...rame Red RAI Yellow AIS Blue Reporting Panel LEDs Network CO Red and Yellow CPE PBX Red and Yellow ETM Management Server Diagnostic Messages Line Supervision Types Loop Start Ground Start Wink Start I...

Страница 179: ...0 Appliance are identical to those in the ETM 2100 3200 Appliances The VoIP port pinouts are identical to the Ethernet port The Network and CPE ports are identical to the CO and PBX ports on the 2100...

Страница 180: ...he back of the Appliance The following are the technical specifications for the ETM 2100 and 3200 Controller Cards CPU 250 MHz Motorola 8240 or 266 MHz 8245 declocked to 250 MHz Bus speed 100 MHz Asyn...

Страница 181: ...typical 3 board sets 344 0 BTU hr typical 4 board sets 450 4 BTU hr typical Fuse DC 8A 250V Connection DC screw lug terminals Power Supply Dual redundant hot swappable Dimensions 2100 1 75 H x 17 5 W...

Страница 182: ...p Start Ground Start Wink Start Immediate Start ISDN PRI R1 Address Signaling Types DTMF MF and Pulse Dialing Signaling Protocols DID DNIS ANI Caller ID ISDN Variants N A PRI NI 2 4ESS 5ESS DMS100 Eur...

Страница 183: ...t show the status of the system The illustration below shows the access panel of the Controller Card The Digital Trunk Interface connects to the telephone lines via 8 RJ48 telco connectors 2 per Span...

Страница 184: ...N C Not Used 2 Tx Transmit 6 Rx Receive 3 Rx Receive 7 N C Not Used 4 N C Not Used 8 N C Not Used A standard RJ 45 jack is provided on each 1012 1024 and 1090 Appliance and 3200 and 2100 Controller C...

Страница 185: ...ansmit 2 T1 Tip 1 Receive 6 N C Not Used 3 N C Not Used 7 N C Not Used 4 R Ring Transmit 8 N C Not Used Each Digital Trunk Interface at the back of the Appliance has 4 pair of RJ 48 connectors 1 pair...

Страница 186: ...186 Appendix A Appliance Technical Specifications Connectors and Pinouts...

Страница 187: ...rst removing the Controller Card to which it is connected Removing a Digital Trunk Interface without first removing the Controller Card can damage both Cards and or the chassis Review the following pr...

Страница 188: ...moved and replaced without disrupting the operation of other components in the Appliance The Controller Card and Digital Trunk Interface work together as a unit and require a specific ordered procedur...

Страница 189: ...should face up 3 Flip the latches inward and install the screws to secure the Digital Trunk Interface 4 After installing the Controller Card as described below see Connecting the Telco Cable s on page...

Страница 190: ...its slot b At the front of the Appliance insert the Controller Card into the slot that corresponds to the Digital Trunk Interface The components on the Card should face up c Flip the latches inward an...

Страница 191: ...load a software package to a Card it is imperative that you do not reboot or power cycle the Card until the upgrade is complete or the firmware may become corrupted rendering the Card inoperable The C...

Страница 192: ...you type the command to place it inline it goes inline when you restart it e Repeat for each Span 11 Move the Card to the correct Appliance and the Span s to the correct switch and Span Group s If th...

Страница 193: ...rn the old Card to SecureLogix In the ETM 3200 Appliance if one of the power supplies fails the second power supply can temporarily handle the load while you replace the failed unit You can also quick...

Страница 194: ...ring from Card software errors or changing the Span type can be performed in Fail Safe mode Fail Safe mode may be required for example if the power goes off in the middle of downloading a file to the...

Страница 195: ...ort to the appropriate serial port on your terminal 2 Start the terminal emulation application such as HyperTerminal on your terminal Configure your terminal using the following serial port settings 1...

Страница 196: ...ription of each menu option The Fail Safe menu offers six options Type the number of the option at the prompt 1 Enter Fail Safe ETM Shell Displays the FS r w prompt at which you can execute a limited...

Страница 197: ...ring Caller ID Channel Map T1 CAS Analog Indicates whether Caller ID is available on the channel for determining source number on inbound calls This check box must be selected or Caller ID will not be...

Страница 198: ...ans this field determines whether incoming calls use Direct Inward Dialing DID or normal address digit dialing On T1 CAS Spans this field indicates which DTMF or MF strings are present and the order i...

Страница 199: ...specify a timeout value Outgoing Numbering Format Channel Map Analog T1 CAS SS7 For outgoing calls specifies the format for dial pulse MF or DTMF digits sent by the PBX to the telephone network durin...

Страница 200: ...oming digit tone type associated with each channel during ANI DNIS or DID transmission Affects Policy enforcement and logging Trunk Group Channel Map All except AAA and SS7 signaling links Optional se...

Страница 201: ...will be used This directory is referred to as ETM_DB_DIRECTORY in this document ETM_DB_DIRECTORY adhoc ETM_DB_DIRECTORY arch ETM_DB_DIRECTORY bdump ETM_DB_DIRECTORY cdump ETM_DB_DIRECTORY create wher...

Страница 202: ...s you to conform to a specific naming convention it is not necessary to change the default file names of the data files Redo log files The scripts create three redo log files redo01 log redo02 log red...

Страница 203: ...attention to conditions related to the Dialing Plan Voice Firewall Policy Management Server interface T1 or PRI status Fail Safe Mode and Card temperature When LEDs indicate error conditions you can i...

Страница 204: ...ng Plan File access error Allocation error Bad range or entry in file Range start greater than range end Unknown file name Algorithm ID out of range no match string or no substitution string DID Polic...

Страница 205: ...ff if the DSP Mezzanine Card is not present Green indicates that the DSP Mezzanine Card is operational Red indicates that the DSP Mezzanine Card has an error Alarm Rear Off during normal operation Red...

Страница 206: ...of range no match string or no substitution string DID Management Server interface Initially set to indicate Card Server socket is not established Loss of Server socket connection Cabinet Card tempera...

Страница 207: ...ering 144 security 142 user lockout 143 Appliance 13 14 15 16 30 49 50 51 52 53 54 57 61 68 72 73 74 76 79 1012 156 Auxiliary SMDR CDR port 184 connectors and pinouts 169 Console serial port 184 CPE c...

Страница 208: ...pecifications 180 3200 14 158 159 Auxiliary SMDR CDR port 184 CO port 185 connectors and pinouts 184 Console serial port 184 Ethernet connector 184 technical specifications 180 bypassing 161 creating...

Страница 209: ...ling 31 instance 36 default 38 Oracle Client Tools 32 ORACLE_BASE 201 ORACLE_HOME 201 ORACLE_SID 201 OracleService 202 remote servers 32 scripts 201 tables 36 Database Repository 33 DES Key 54 71 78 7...

Страница 210: ...ftware 21 22 Solaris 23 Windows 25 license 57 Management Server 21 148 communication through a firewall 42 43 47 connecting through a firewall 41 license 29 location 14 see ETM Server 67 starting 63 T...

Страница 211: ...country code 88 DTMF detection 86 E1 107 extension map 91 format precedence 95 format tokens 93 95 heartbeat interval 86 importing configuration 118 incoming numbering format 94 inline 158 licensing...

Страница 212: ...Access Code Set 127 associating an Access Code Set 124 configuring 124 offset 127 SMDR 124 SMDR extension conversion 128 SMDR Provider 125 Spans 122 T1 109 TCP IP 21 telco cables 156 telephony service...

Результаты поиска

Содержание ETM System

Отзывы:

Похожие инструкции для ETM System

Бренды по названию

Популярные бренды

SecureLogix ETM System, Руководство по установке

Результаты поиска

Содержание ETM System

Отзывы:

Похожие инструкции для ETM System

Бренды по названию

Популярные бренды