Chapter 18. Troubleshooting IDM and IDS/IPS Management Console (IDS/IPS MC)
To take advantage of the full functionality intrusion detection system (IDS/IPS) sensors, you need two pieces of software: a management utility for configuring the sensor, and a reporting utility for viewing alarms generated by the sensor. The IDS/IPS sensors come loaded with an Intrusion Detection Manager (IDM) for configuration. For alarm viewing, the Intrusion Detection Event Viewer (IEV) can be downloaded free of charge (IEV is discussed in detail in Chapter 22, "Troubleshooting IEV and Security Monitors"). In summary, IDM is the management piece, and IEV is the reporting tool for small deployment (typically 1-2 sensors). As with IDM, you can configure only one sensor; however, this does not scale very well for large deployments. Hence, IDS/IPS Management Console (IDS/IPS MC), which is a component of VPN and Security Management Solution (VMS), is used to manage multiple sensors, and Security Monitor is used as a reporting tool for multiple sensors (IEV can be used for up to 5 sensors). This chapter delves into the details of both the management utility and comprehensive troubleshooting steps for IDM and the IDS/IPS MC on Windows platform.
Overview of Firewall MC
Unlike the command line interface or the PIX device manager (PDM), the Firewall MC is a policy-based tool targeted for managing multiple firewalls in a large enterprise environment.
Firewall MC Processes
There are several processes that perform different tasks on Firewall MC. If one of these processes is not running, the function that it is responsible for will not work. If there are problems in running the application, it is always a good practice to check that all these processes are running. The processes and their main functions are the following:
- Apache This is the web server process. Be sure that the web server is running properly.
- ASANYs_SqlCoreDB This a SQL database. For the Firewall MC to function properly, be sure this is running properly.
- Tomcat Be sure that the Java servlets that make up the Firewall MC and Auto Update Server (AUS) user interface are running properly.
If any of these processes are not running, the tasks they control will not run. To check the status of the processes and start them, go to Server Configuration > Administration > Process Management. From there you can view the status of the processes, stop the processes, or start stopped processes.
As mentioned before, Firewall MC is used to manage single or multiple firewalls on a variety of firewall platforms. It is important to understand and be aware of the versions of firewall supported by different Firewall MC Versions. Refer to the following link (Release notes) for a list of firewall versions that are supported by Firewall MC Version 1.3.3:
Communication Architecture
Firewall MC uses HTTPS (HTTP/SSL) protocol to communicate with Firewall to perform different tasks. Following is the list of functions Firewall MC performs with the help of the HTTPS protocol:
- Importing Configuration of Firewall Firewall MC communicates with the firewalls using the HTTPS protocol to import the configuration. Firewall needs to be enabled with a web server, and an SSL certificate must be generated for secure http communication.
- Deployment Configuration of the Firewall Firewall MC deploys configuration to the Firewall using the HTTPS protocol.
- Communication with Auto-update Server When configuration is pushed to the Auto-update server from the Firewall MC, it uses the HTTPS protocol. When the firewall pulls the image or the configuration files, it also uses the HTTPS protocol.
So, as you can see, all communications that take place among firewalls, Firewall MC, and the Auto-update server use the HTTPS (http/SSL) protocol.
If You Enjoyed This Post Please Take a Second To Share It.
You Might Also Like
Stay Connected With Free Updates
 |
 |
 |
|
Subscribe via Email
|
