ELTEX ESR Series - IPSIDS Configuration Example with Auto-Update Rules

To Next Page

To Previous Page

ESR-Series. User manual

412

https://

rules.emergingthreats.net/

open/suricata/rules/emerging-

worm.rules

These rules describe signs of network worm activity.

13.6.4 IPS/IDS configuration example with auto-update rules

Objective:

Organize LAN protection with auto-update rules from open sources.

192.168.1.0/24 – LAN

Solution:

Create a profile of addresses of LAN which we will protect:

esr(config)# object-group network LAN

esr(config-object-group-network)# ip prefix 192.168.1.0/24

esr(config-object-group-network)# exit

Main Page

Table of Contents2
Introduction12
Abstract12
Target Audience12
Symbols12
Notes and Warnings13
Product Description14
Purpose14
Functions15
Interface Functions15
MAC Table Functions15
Second-Layer Functions of OSI Model16
Third-Layer Functions of OSI Model16
Traffic Tunnelling Functions18
Management and Configuration Functions18
Network Security Functions19
Main Specifications20
Design33
ESR-1700 Design33
ESR-3100 Design35
ESR-1511, ESR-1510 Design38
ESR-1200, ESR-1000 Design42
Design45
Design48
Design49
ESR-12VF, ESR-14VF Design51
ESR-12V Design54
Design56
Light Indication59
Delivery Package66
Installation and Connection69
Support Brackets Mounting69
Device Rack Installation69
ESR-1000, ESR-1200, ESR-1500, ESR-1511, ESR-3100, ESR-1700 Power Module Installation70
Connection to Power Supply71
SFP Transceiver Installation and Removal71
Transceiver Installation71
Transceiver Removal72
Management Interfaces73
Command Line Interface (CLI)73
Types and Naming Procedure of Router Interfaces73
Types and Naming Procedure of Router Tunnels77
Initial Router Configuration78
ESR Router Factory Settings78
Description of Factory Settings78
Router Connection and Configuration79
Connection to the Router79
Applying the Configuration Change80
Basic Router Configuration81
Firmware Update85
Updating Firmware Via System Resources85
Updating Firmware Via Bootloader87
Secondary Bootloader Update (U-Boot)88
Safe Configuration Recommendations91
General Recommendations91
Event Logging System Configuration91
Recommendations92
Warnings92
Configuration Example92
Password Usage Policy Configuration92
Recommendations93
Configuration Example93
AAA Policy Configuration93
Recommendations94
Warnings94
Configuration Example94
Remote Management Configuration95
Recommendations95
Configuration Example95
Configuration of Protection against Network Attacks Mechanisms96
Recommendations96
Configuration Example97
Interface Management98
VLAN Configuration98
Configuration Algorithm99
Configuration Example 1. VLAN Removal from the Interface100
Configuration Example 2. Enabling VLAN Processing in Tagged Mode101
Configuration Example 3. Enabling VLAN Processing in Tagged and Untagged Modes102
LLDP Configuration102
Configuration Algorithm103
Configuration Example104
LLDP MED Configuration105
Configuration Algorithm105
Voice VLAN Configuration Example106
Sub-Interface Termination Configuration107
Configuration Algorithm108
Sub-Interface Configuration Example110
Q-In-Q Termination Configuration110
Configuration Algorithm110
Q-In-Q Configuration Example113
USB Modems Configuration114
USB Modems Configuration Algorithm114
Configuration Example117
PPP through E1 Configuration117
Configuration Algorithm118
Configuration Example120
MLPPP Configuration121
Configuration Algorithm121
Configuration Example123
Bridge Configuration124
Configuration Algorithm124
Example of Bridge Configuration for VLAN and L2Tpv3 Tunnel127
Example of Bridge Configuration for VLAN129
Configuration Example of the Second VLAN Tag Adding/Removing131
Dual-Homing Configuration131
Configuration Algorithm132
Configuration Example132
Mirroring Configuration (SPAN/RSPAN)133
Configuration Algorithm134
Configuration Example134
LACP Configuration135
Configuration Algorithm135
Configuration Example138
AUX Configuration139
Configuration Algorithm139
Configuration Examples141
Adapter Soldering Schemes146
Tunneling Management147
GRE Tunnel Configuration147
Configuration Algorithm147
IP-GRE Tunnel Configuration Example151
DMVPN Configuration153
Configuration Algorithm154
Configuration Example 1155
Configuration Example 2161
L2Tpv3 Tunnel Configuration166
Configuration Algorithm166
L2Tpv3 Tunnel Configuration Example168
Ipsec VPN Configuration171
Route-Based Ipsec VPN Configuration Algorithm171
Route-Based Ipsec VPN Configuration Example177
Policy-Based Ipsec VPN Configuration Algorithm182
Policy-Based Ipsec VPN Configuration Example188
Remote Access Ipsec VPN Configuration Algorithm192
Remote Access Ipsec VPN Configuration Example201
Tunnels Configuration206
Configuration Algorithm206
Configuration Example207
Qos Management209
Basic Qos209
Configuration Algorithm209
Configuration Example212
Advanced Qos213
Configuration Algorithm213
Configuration Example217
Routing Management221
Routing Information Advertising Policy222
Rip222
OSPF Protocol222
IS-IS Protocol223
Ibpg Protocol224
Ebpg Protocol224
Static Routes Configuration225
Configuration Algorithm225
Static Routes Configuration Example226
RIP Configuration228
Configuration Algorithm228
RIP Configuration Example233
OSFP Configuration235
Configuration Algorithm235
OSPF Configuration Example244
OSPF Stub Area Configuration Example245
Virtual Link Configuration Example246
BGP Configuration247
Configuration Algorithm248
Configuration Example259
BFD Configuration262
Configuration Algorithm262
Configuration Example of BFD with BGP266
PBR Routing Policy Configuration267
Configuration Algorithm of Route-Map for BGP267
Configuration Example 1. Route-Map for BGP272
Configuration Example 2. Route-Map for BGP273
Route-Map Based on Access Control Lists (Policy-Based Routing) Configuration Algorithm274
Route-Map Based on Access Control Lists (Policy-Based Routing) Configuration Example275
VRF Lite Configuration276
Configuration Algorithm277
Configuration Example278
Multiwan Configuration280
Configuration Algorithm280
Configuration Example283
IS-IS Configuration285
Configuration Algorithm285
Configuration Example292
MPLS Technology Management295
LDP Configuration295
Configuration Algorithm296
Configuration Example297
Configuring Session Parameters in LDP300
Algorithm for Setting Hello Holdtime and Hello Interval in the Global LDP Configuration302
Algorithm for Setting Hello Holdtime and Hello Interval for Address Family302
Algorithm for Setting Keepalive Holdtime Parameter in the Global LDP Configuration303
Algorithm for Setting Keepalive Holdtime Parameter for the Specific Neighbor303
Configuration Example303
Configuring Session Parameters in Targeted-LDP305
Algorithm for Setting Hello Holdtime, Hello Interval and Keepalive Holdtime for the LDP Process308
Algorithm for Setting Hello Holdtime, Hello Interval and Keepalive Holdtime for the Specific Neighbor309
Configuration Example309
LDP Tag Filtering Configuration310
Configuration Algorithm310
Configuration Example311
L2VPN Martini Mode Configuration312
L2VPN VPWS Configuration Algorithm312
L2VPN VPWS Configuration Example314
L2VPN VPLS Configuration Algorithm317
L2VPN VPLS Configuration Example318
L2VPN Kompella Mode Configuration323
L2VPN VPLS Configuration Algorithm323
L2VPN VPLS Configuration Example325
L3VPN Configuration340
Configuration Algorithm341
Configuration Example343
MPLS Traffic Balancing357
Configuration Example357
Operation with the Bridge Domain Within MPLS358
Assignment of MTU When Operating with MPLS360
Security Management367
AAA Configuration367
Local Authentication Configuration Algorithm368
AAA Configuration Algorithm Via RADIUS371
AAA Configuration Algorithm Via TACACS375
AAA Configuration Algorithm Via LDAP378
Example of Authentication Configuration Using Telnet Via RADIUS Server382
Command Privilege Configuration383
Configuration Algorithm383
Example of Command Privilege Configuration383
Configuration of Logging and Protection against Network Attacks383
Description of Attack Protection Mechanisms386
Configuration Example of Logging and Protection against Network Attacks389
Firewall Configuration390
Configuration Algorithm391
Firewall Configuration Example397
Configuration Example of Application Filtering (DPI)400
Access List (ACL) Configuration402
Configuration Algorithm403
Access List Configuration Example405
IPS/IDS Configuration405
Base Configuration Algorithm406
Configuration Algorithm for IPS/IDS Rules Autoupdate from External Sources407
Recommended Open Rule Update Source407
IPS/IDS Configuration Example with Auto-Update Rules412
Basic User Rules Configuration Algorithm414
Basic User Rules Configuration Example422
Extended User Rules Configuration Algorithm424
Extended User Rules Configuration Example425
Eltex Distribution Manager Interaction Configuration426
Basic Configuration Algorithm426
Configuration Example429
Content Filtering Service Configuration432
Basic Configuration Algorithm432
Content Filtering Rules Configuration Example437
Antispam" Service Configuration440
Basic Configuration Algorithm440
Configuration Example443
Redundancy Management445
VRRP Configuration445
Configuration Algorithm445
Configuration Example 1448
Configuration Example 2449
VRRP Tracking Configuration451
Configuration Algorithm451
Configuration Example455
Remote Access Configuration457
Configuring Server for Remote Access to Corporate Network Via PPTP Protocol457
Configuration Algorithm457
Configuration Example460
Configuring Server for Remote Access to Corporate Network Via L2TP Protocol462
Configuration Algorithm462
Configuration Example466
Configuring Server for Remote Access to Corporate Network Via Openvpn Protocol468
Configuration Algorithm468
Configuration Example472
Configuring Remote Access Client Via Pppoe474
Configuration Algorithm474
Configuration Example476
Configuring Remote Access Client Via PPTP478
Configuration Algorithm478
Configuration Example480
Configuring Remote Access Client Via L2TP481
Configuration Algorithm482
Configuration Example484
Service Management486
DHCP Server Configuration486
Configuration Algorithm486
Configuration Example490
Destination NAT Configuration492
Configuration Algorithm493
Destination NAT Configuration Example495
Source NAT Configuration497
Configuration Algorithm497
Configuration Example 1500
Configuration Example 2503
Static NAT Configuration504
Configuration Algorithm504
Static NAT Configuration Example504
HTTP/HTTPS Traffic Proxying506
Configuration Algorithm506
HTTP Proxy Configuration Example509
Configuration Algorithm510
Configuration Example512
Monitoring515
Netflow Configuration515
Configuration Algorithm515
Configuration Example516
Sflow Configuration517
Configuration Algorithm517
Configuration Example518
SNMP Configuration520
Configuration Algorithm520
Configuration Example524
Zabbix-Agent/Proxy Configuration526
Configuration Algorithm526
Zabbix-Agent Configuration Example528
Zabbix-Server Configuration Example529
Syslog Configuration532
Configuration Algorithm533
Configuration Example535
Integrity Check536
Configuration Process536
Configuration Example537
Router Configuration File Archiving537
Configuration Process537
Configuration Example538
BRAS (Broadband Remote Access Server) Management540
Configuration Algorithm540
Example of Configuration with Softwlc544
Example of Configuration Without Softwlc552
Voip Management559
SIP Profile Configuration Algorithm559
FXS/FXO Ports Configuration Algorithm560
Dial Plan Configuration Algorithm562
PBX Server Configuration Algorithm562
Registration Trunk Creation Algorithm564
Voip Configuration Example565
Dial Plan Configuration Example568
FXO Port Configuration570
Frequently Asked Questions572
Receiving of Routes, Which Are Configured in VRF Via BGP Or/And OSPF, Failed. the572
Rib572
Ssh/Telnet Sessions, Which Go through ESR Router, Are Closing572
Firewall was Disabled on Interface (Ip Firewall Disable). However Access for Active572
Sessions from the Port was Not Closed, According to Security Zone-Pair Rules, after Including this Interface to Security Zone, Removing from 'Ip Firewall Disable' Configuration and Applying Changes572
LACP Does Not Launch on XG Ports of ESR-1000/1200/1500/1700572
How to Clear ESR Configuration Completely and Reset It to Factory Default573
How to Attach Sub-Interface to Created VLAN573
Do the ESR-Series Routers Have Features for Traffic Analysis573
How to Configure Ip-Prefix-List 0.0.0.0./0573
Problem of Asynchronous Traffic Transmission Is Occurred573
How to Save the Local Copy of the Router Configuration574
ESR Technical Support575

ELTEX ESR Series - IPSIDS Configuration Example with Auto-Update Rules

Table of Contents

Related product manuals