Filter
Top Products
DellPowerConnectW-SeriesArubaOS6.2 | User Guide ExternalServicesInterface | 748
Chapter 40
External Services Interface
The Dell External Services Interface (ESI) provides an open interface that is used to integrate security solutions that
solve interior network problems such as viruses, worms, spyware, and corporate compliance. ESI allows selective
redirection of traffic to external service appliances such as anti-virus gateways, content filters, and intrusion
detection systems. When “interesting” traffic is detected by these external devices, it can be dropped, logged,
modified, or transformed according to the rules of the device. ESI also permits configuration of different server
groups—with each group potentially performing a different action on the traffic.
You can configure ESI to do one or more of the following for each group:
l Redirect specified types of traffic to the server
l Perform health checks on each of the servers in the group
l Perform per-session load balancing between the servers in each group
l Provide an interface for the server to return information about the client that can place the client in special roles
such as “quarantine”
ESI also provides the ESI syslog parser, which is a mechanism for interpreting syslog messages from third-party
appliances such as anti-virus gateways, content filters, and intrusion detection systems. The ESI syslog parser is a
generic syslog parser that accepts syslog messages from external devices, processes them according to user-defined
rules, and then takes configurable actions on system users.
Topics in this chapter include:
l "Sample ESI Topology" on page 748
l "Understanding the ESI Syslog Parser" on page 750
l "Configuring ESI " on page 752
l "Sample Route-mode ESI Topology" on page 760
l "Sample NAT-mode ESI Topology" on page 766
l "Understanding Basic Regular Expression (BRE) Syntax" on page 771
NOTE: The ESI feature requires the Policy Enforcement Firewall Next Generation (PEFNG) license installed on the controller.
Sample ESI Topology
In the example shown in this section, ESI is used to provide an interface to the AntiVirusFirewall (AVF) server
device for providing virus inspection services. An AVF server device is one of many different types of services
supported in the ESI.