Filter
Top Products
P-Series Installation and Operation Guide, version 2.3.1.2 15
To begin inspecting and filtering traffic you must:
1. Select firmware and dynamic rules
2. Set capture/forward policies
3. Check for proper operation by generating traffic across the appliance.
Step Task
1 As root, enter the command pn
ic gui from the Unix command line to invoke a graphical user
interface (GUI).
2 Enter the command m fr
om the GUI command line.
3 Select Ma
nage Firmware from the Rule Management GUI, then select “null” firmware and confirm.
The sample firmware and rules files are testing examples only. Force 10 recommends
not employing
the sample firmware for production IDS/IPS use.
4 Select Edit Rules from
the Rule Management GUI.
5 Uncomment the rule aler
t on all icmp any any -> any any (msg:"@icmp";) by removing the #
symbol before the rule.
• Enter the command i to
enter insert mode.
• Navigate to the character using the arrow keys, and delete the character.
6 Enter the command :wq to
exit the vi editor, and confirm your changes.
7 Confirm to reload the Forward/Block settings.
8 Run a packet sniffer such as tcp
dump on the network interface associated with the appliance.
9 Generate some ICMP traffic to be exchanged between endpoints.
• End
points are two network nodes on opposite sides of the appliance such that traffic between
those nodes passes through the appliance.
• For example, enter pi
ng destaddress, where destaddress is the IP address of the endpoint on
the opposite end of the appliance.
10 If you are using tc
pdump, enter the command tcpdump -i pnic0 -n from the Unix command line.
• This prints to standard output all of the packets captured by the DPI.
• If the appliance is operating correctly, you will see the ICMP packets.
Returning to the Default Configuration
Return to the factory default settings using the command pnic resetconf. See the Command Line
Reference, on page 79.
Chapter 2 Getting Started