Test Environment set-up for Cymphonix® Network Composer EX

Transcription

Test Environment set-up for Cymphonix® Network Composer EX
January 11, 2011
Author:
SWAT Team
Audience:
Evaluator
Product:
Cymphonix® Network Composer EX Series, XLi™ OS version 9
Test Environment set-up for Cymphonix® Network Composer EX Series, XLi™ OS
version 9
The Cymphonix Network Composer as an in-line appliance will allow organizations to shape, manage,
and filter all Internet content from any device on their network. Through the Cymphonix award winning
interface and live reporting engine, administrators running Windows® Internet Explorer can log into
Network Composer and run reports, investigate traffic patterns, perform an HR or security incident
response, or implement the content controls spelled out in their acceptable use policies.
To fully test the features of the Cymphonix Network Composer, Cymphonix recommends deploying
Network Composer in-line on a test or sandbox network.
This evaluation requires the following items:
Requirements:
Cymphonix Network Composer
One or more Windows® based computer(s) with Internet connectivity using Internet Explorer
version 7 or above.
NOTE: Network Composer will filter and control traffic from any operating system or network device;
however, this evaluation will be focused on Windows systems. For help with other operating systems,
please talk with your sales representative.
Internet connectivity and network IP settings



Static IP addresses to assign to Network Composer and your test computer(s)
Subnet Mask information
Gateway IP address (Destination Gateway for Network Composer)

Note: This is an upstream gateway (router or firewall) for Network composer. When deploying
in a test network or sandbox, this will be the same gateway as your client
DNS server IP addresses
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
Note: Alternatively, if testing in a VLAN, an IP address for Network Composer in a VLAN that has 2 or
more computers is needed.
In a sandbox testing environment with at least two computers directly behind Network Composer, a
switch, and at least 4 patch cables are required.. An additional patch cable will be needed for each
additional computer that is directly behind Network Composer.
Note: No switch is required if you choose to set up a single Windows based computer, running Internet
Explorer, that is directly connected to Network Composer. You will need 2 patch cables with a single
computer configuration.
Initial Installation Process
1. Unpack Network Composer and power it up. Make sure the following contents are in the box:



One Network Composer
One red Cross-Over cable labeled X-Over
One blue Ethernet cable
2. Connect a workstation to the AUX/MGMT port on Network Composer via the Cross-Over cable.
3. Assign the following IP information to your Windows workstation


IP Address -172.31.255.2
Subnet Mask -255.255.255.0.
4. Wait for your computer to update its IP settings (Typically less than 60 seconds)
5. Open Internet Explorer and type in the following address into the URL location bar:

http://172.31.255.1
6. At the logon screen, use


Username: admin
Password: cymphonix
Note: If you do not see the ‘Network Composer Login’ screen check your IP settings and make sure you
can ping the 172.31.255.1 IP address.
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
7. Accept the EULA agreement by checking the box and click ‘agree’.
8. At this point you will see a set up wizard page, CANCEL THE SET UP WIZARD. When presented
with the pop up window accept it as there is no data at this point to lose.
9. You will now be asked to login again
 Use username: admin
 Password: cymphonix
10. You will now see the product registration screen; please skip this, it is not needed for this stage
of the evaluation and can be filled out later when product is purchased.
You will now be looking at the ‘Home Page’
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
11. Configure Network Composer’s IP address information from the setup screen that is located in
the Admin Tab. The Navigation Pane is located in the upper left hand corner of the interface.
There are 3 tabs on the Navigation Pane. The Report Tab, the Manage Tab and the Admin Tab.
Navigate to the setup screen by going to ‘Admin Tab -> Configuration -> Setup’.
a. Configure the ‘Network Composer IP Address’ and ‘Network Composer Netmask’ to a
valid network setting that will enable Network Composer to have access to the Internet.
Note: Like most routers and firewalls, Network Composer’s will not get their IP
information from DHCP. You will need to enter this manually.
b. Configure the Gateway Address. The gateway address will be the same gateway address
that is used on the Windows machines that you will be testing with.
Note: If you are deploying in your production network, the gateway address will be
your external firewall (the device on the WAN side of Composer), not your internal
router .
c. Configure the primary and secondary DNS to match your network settings
d. Input the correct numbers for the available Internet bandwidth. Fill in both the Upload
and the Download sections. These will be important for testing shaping functions later
test cases.
e. Click apply and a warning message will appear that physical interfaces will reset, click
ok.
Note: If you are deploying your evaluation in a production network with Active/Passive
firewalls, this step will cause the firewall to fail over. You will then need to manually fail
the firewalls back over.
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
12. Configure your workstation that will be used in the test environment with IP settings that are on
the same subnet as the Network Composer IP.
For example if you configured Network Composer with:



IP Address: 192.168.255.10
Subnet: 255.255.255.0
Gateway: 192.168.255.1
Configure your computer to work on the same network. As an example if you configured
Network Composer using the above IP settings, complementary settings for your computer
might be:



IP Address: 1982.168.255.15
Subnet: 255.255.255.0
Gateway: 192.168.255.1
Use DHCP if available. After you have reset your computers IP settings, make a note of them so
you will be able to accurately identify your test machines.
13. Cable Network Composer into the Network using the blue patch cable between the network
connection and the WAN port.
14. All client machines will connect to Network Composer via the LAN port. If using a single
machine, plug the crossover cable between the client machine and Network Composer’s LAN
port. If connecting multiple machines via a Layer 2 switch, plug the switch into the LAN port
with a patch cable and the client machines into the switch.
Verify Network Connectivity
From a client machine, can you ping the ‘Network Composer IP Address’. In our example above this
would be 192.168.255.10
If you can ping Network Composer from your test workstation then log-in to the GUI via Internet
Explorer using the ‘Network Composer IP Address’ .


Username: admin
Password: cymphonix
Note: Make sure you’re not using the AUX port IP address that was used in step 5.
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
Can Composer Ping the Gateway Address? This is done by navigating to
‘Admin Tab -> Diagnostic Tools -> Ping’. In our example the gateway address is 192.168.255.1
Can Composer ping an outside address such as 4.2.2.2? (Not required, but good to test) this is
done by navigating to ’Admin Tab -> Diagnostic tools -> Ping’.
Can Composer Ping the IP address of at least one of the client machines? This is done by navigating
to ‘Admin Tab-> Diagnostic tools -> Ping’. In our example that would be 192.168.255.15
Can Composer Perform a DNS lookup to updates.cymphonix.com? This is done by navigating to
‘Admin Tab -> Diagnostic Tools -> Test DNS Settings’.
Verify that you can pass traffic through Network Composer and that nodes are
discovered.
1.
From the client machines or machine attached to Network Composer, spend 5 to 20 minutes
browsing various sites on the Internet. Visit multimedia sites like ESPN.com, cnn.com, and play
a few videos from youtube.com as well. The objective is to generate traffic in order to verify
Network Composer is inline and is passing traffic. The traffic will also allow you to see your first
reports.
2.
Verify that your Test Nodes have been discovered by Network Composer
a. Login to the Network Composer interface
b. In the upper left hand corner on the Navigation list, navigate to ‘Report Tab -> Users ->
Network Node Overview’. Verify your test machines IP addresses are displayed
3.
Another way to verify your test nodes have been discovered is to find them in the Network
Node Manager. To do this, Navigate to ‘Manage Tab -> Directory Users and Nodes -> Network
Nodes
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
How to create a complete policy
Create a Group
Create a ‘Internet Usage Rule
Use Policy Manager
The upcoming test cases will make extensive use of groups and policies. This section is designed to give
you a quick basic introduction in to how these are created. This will consist of (1) creating a group for
your test nodes, which allows a unique set of rules to be applied to these nodes. This will be followed by
(2) creating a content filtering rule set and (3) creating a bandwidth shaping rule and then (4) applying
these rules to the group via the policy manager.
To Create a group
The first step in creating a policy is to create a group. This allows you to report and apply unique policies
to a set of nodes.
1. Navigate to ‘Manage Tab -> Policies and Rules -> Groups’
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
2. On the group manager screen click the ‘create’ button
3. You will be presented with 2 group type options Network Composer Group
 Directory Agent Group
4. Select the ‘Network Composer Group’ radio button and click ‘ok’
Note: We will discuss Directory Agent Groups and username based reporting in a later test case.
You will now be in the Add/Edit group detail screen
5. In the ‘Name’ field, type Test Group 1
6. You can leave the description and concurrent HTTP connection limit screen at default settings
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
7. Populate Test Group 1 with the test nodes
a. In the Add/Edit Members screen make sure that ‘Network Node’ is selected in the
‘Member type’ selection box (it is by default)
b. Test nodes should be visible in the left hand selection pane
c. Check all desired nodes(the IP addresses of your test machines) and ‘add’ them to the
right selected pane
d. Click save
Your test nodes will now be members of the group named ‘Test Group 1’.
To Create an Internet Usage Rule
The second step in creating a policy is to build a content filtering rule by creating an Internet Usage Rule.
1. Navigate to ‘Manage Tab -> Policies and Rules -> Internet Usage Rules’.
2. Click ‘Create’
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
You will now be looking at the Add/Edit Internet Usage Rules
3. In the rule set name type- Test Group1
4. Leave ‘Rule Set Description’ blank
5. In the ‘Traffic Flow Rule Set’ selection box make sure ‘Web Filter Only’ is selected. It is selected
by default.
Note: Do not add any ‘Blocked Categories’ or any other types of blocks at this time. Content
filtering (blocking) will be discussed in a later test case.
6. On the ‘Advanced Filtering’ tab. Uncheck all the spyware settings
7. Select the ‘Anti-Virus’ tab on the left side and uncheck ‘Enable Anti-Virus Blocking’
8. Select the ‘Filter Avoidance’ tab on the left side and uncheck all the Filter Avoidance Settings
9. Click the ‘Save’ button
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
To Create a Shaping Rule
The third step in creating a policy is to create a ‘Shaping Rule’. This is what allows you to manage
bandwidth in a variety of different ways.
1. Navigate to ‘Manage Tab -> Policies and Rules -> Shaping Rules’.
2. Click on the create button
You will now be looking at the ‘Add/Edit Shaping Rule Detail’ screen
3. In the Name field type Test Group 1
4. Click the save button
To Apply policies to Group using Policy Manager
Associate the Internet Usage Rule set and the Shaping Rule set you just created to the Test Group1
group through the Policy manager.
1. Navigate to ‘Manage -> Policies and Rules -> Policy Manager’.
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com
2. Select the ‘Test Group 1’ group name
You will now be looking at the Add/Edit Policy screen
3. In the ‘Internet Usage Rule set’ selection menu, select ‘Test Group 1’
4. In the ‘Shaping Rule set’ selection menu, select ‘Test Group 1’
5. Click ‘Save’
You have finished the set-up of your test environment. This includes verifying connectivity through the
Network Composer and verifying that profiles for your test node(s) have been created. You have also
created a complete policy that consists of a test group with an associated test Internet usage Rule and
Test shaping rule.
8871 Sandy Parkway | Salt Lake City, UT 84070 | 866.511.1155 | www.cymphonix.com