nx installation and admin guide r12b3

8/9/2019 NX Installation and Admin Guide R12b3

1/259

NetXplorer

Installation & Administration GuideP/N D354005 R12


2/259


3/259

NetXplorer Installation and Administration Guide i

Important NoticeAllot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and

will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form ofaction, whether in contract, tort (including negligence), strict liability or otherwise.

SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FORINFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, ANDSHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOTASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR INTHIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.

Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.Please note that using the products indicates that you accept the terms of the End User License Agreement and WarrantyCertificate.

WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANYSPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE ORANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CopyrightCopyright 1997-2014 Allot Communications. All rights reserved. No part of this document maybe reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any otherlanguage without a written permission and specific authorization from Allot Communications Ltd.

TrademarksProducts and corporate names appearing in this manual may or may not be registered trademarks orcopyrights of their respective companies, and are used only for identification or explanation and tothe owners' benefit, without intent to infringe.

Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.


4/259

NetXplorer Installation and Administration Guideii

Version History

Each document has a version and a build number. You can tell the exact version and buildof this document by checking the top row of the table below.

Document updates are released in electronic form from time to time and the most up to dateversion of this document will always be found on Allots online Knowledge Base. To checkfor more recent versions, login to the support areawww.allot.com/support.htmland fromthe knowledgebase tab, enter the title of this document into the search field.

DocRevision

InternalBuild

ProductVersion

Published Summary of Changes

12 v12b3 NX13.3.10 13.05.14 M4/CentOS 6.4 information updated,

reduction profiles clarified, formaterrors corrected.

12 v12b2 NX13.3.10 04.02.14 NX-HAP Installation instructionsand connections clarified. Upgradeand Rollback instructions removed.

12 v12b1 NX13.3.10 30.10.13 Server Hardware Specificationsadded
http://www.allot.com/supporthttp://www.allot.com/supporthttp://www.allot.com/support


5/259

NetXplorer Installation and Administration Guide iii

Important Notice ............................................................................................................................ i

Copyright ...................................................................................................................................... i

Trademarks ................................................................................................................................... i

Version History .............................................................................................................................. ii

CHAPTER 1: GETTING STARTED .......................................................................... 1-1Overview...................................................................................................................................... 1-1

Terms and Concepts ................................................................................................................... 1-1

NetXplorer Architecture ............................................................................................................ 1-4

Administration Role ................................................................................................................... 1-6

CHAPTER 2: INSTALLATION .................................................................................. 2-1NetXplorer Server Installation .................................................................................................. 2-1

Allot Appliance Installation ...................................................................................................... 2-1

Alternate Hardware ................................................................................................................. 2-14

NetXplorer Client Installation................................................................................................. 2-31

Java, WebStart and the NetXplorer Client .............................................................................. 2-31

Accessing NetXplorer ............................................................................................................. 2-35

Enabling NetXplorer Servers .................................................................................................. 2-35

NX Accounting Installation ..................................................................................................... 2-37

Linux Server ........................................................................................................................... 2-37

Windows Server ...................................................................................................................... 2-40

NPP Installation ........................................................................................................................ 2-44

Linux Server ........................................................................................................................... 2-44

Windows Server ...................................................................................................................... 2-47

NX High Availability Platform Installation ........................................................................... 2-50

Connecting NX-SRV-HAP ..................................................................................................... 2-51

Configuring NX-SRV-HAP .................................................................................................... 2-55

CHAPTER 3: CONFIGURATION .............................................................................. 3-1Overview...................................................................................................................................... 3-1

Working with Devices ................................................................................................................ 3-1

Configuring NetXplorer Users ................................................................................................ 3-10

Internal User Configuration .................................................................................................... 3-11

External Authentication Configuration ................................................................................... 3-13

Password Management ........................................................................................................... 3-15

CHAPTER 4: MONITORING COLLECTORS ........................................................ 4-1

Overview...................................................................................................................................... 4-1

Data Collection Process ............................................................................................................ 4-2

Collector Redundancy ............................................................................................................... 4-2

Extended Mode ......................................................................................................................... 4-3

NetXplorer Support................................................................................................................... 4-5

Installing Monitoring Collectors ............................................................................................... 4-6

Collector Groups ..................................................................................................................... 4-15


6/259

NetXplorer Installation and Administration Guideiv

Configuring Monitoring Collectors ........................................................................................ 4-16

Troubleshooting the Collector ................................................................................................. 4-19

Command Line Interface ........................................................................................................ 4-19

Processes ................................................................................................................................. 4-19

Logs and Snapshots ................................................................................................................ 4-19

Recreating Databases .............................................................................................................. 4-20

Changing IP Addresses ........................................................................................................... 4-21

CHAPTER 5: NETXPLORER ACCOUNTING ........................................................ 5-1Overview...................................................................................................................................... 5-1

Configuring NetXplorer Accounting ........................................................................................ 5-1

CHAPTER 6: DATABASE MANAGEMENT ............................................................ 6-1Backup Terms ........................................................................................................................... 6-1

Using Backups to Achieve NX Redundancy ............................................................................ 6-2

Database Management on Windows ......................................................................................... 6-2

Cold Backup ............................................................................................................................. 6-2

Hot Backup ............................................................................................................................... 6-4

Aligning Protocol Pack Versions ............................................................................................ 6-16

Database Management on Linux ............................................................................................ 6-17

Cold Backup ........................................................................................................................... 6-17

Hot Backup ............................................................................................................................. 6-18

Aligning Protocol Pack Versions ............................................................................................ 6-27

Data Collection and Profiles .................................................................................................... 6-28

Data Collection - Overview .................................................................................................... 6-28

Profiles - Overview ................................................................................................................. 6-29

ProfilesAvailable Options ................................................................................................... 6-30

Profiles - Configuration .......................................................................................................... 6-31

CHAPTER 7: COMMAND LINE INTERFACE (CLI) ............................................ 7-1Provisioning CLI ........................................................................................................................ 7-2

Topology CLI ........................................................................................................................... 7-3

Catalog CLI .............................................................................................................................. 7-5

Policy CLI ............................................................................................................................... 7-25

Web Updates CLI ................................................................................................................... 7-31

Configuration CLI................................................................................................................... 7-32

Alarms CLI ............................................................................................................................. 7-34

Subsciber CLI ......................................................................................................................... 7-35

Monitoring CLI ........................................................................................................................ 7-36Export to CLI .......................................................................................................................... 7-37

CHAPTER 8: TROUBLESHOOTING ....................................................................... 8-1Troubleshooting Basics .............................................................................................................. 8-1

First Steps ................................................................................................................................. 8-1

Processes ................................................................................................................................... 8-1


7/259

NetXplorer Installation and Administration Guide v

Log Files ................................................................................................................................... 8-3

Snapshots .................................................................................................................................. 8-5

How to restore CFG (allot_cfg) database from the Snapshot-File ............................................ 8-7

Login Errors ............................................................................................................................... 8-7

Incorrect Java Version .............................................................................................................. 8-7

Lack of Connectivity ................................................................................................................ 8-8

Antivirus Conflict ..................................................................................................................... 8-8

Policy Saving Errors .................................................................................................................. 8-9

Data Display Errors ................................................................................................................. 8-11

Data Transmission .................................................................................................................. 8-11

Data Reception ........................................................................................................................ 8-12

Data Loss ................................................................................................................................ 8-13

Stress ....................................................................................................................................... 8-13

Add Device Errors .................................................................................................................... 8-14

NX-HAP Troubleshooting ....................................................................................................... 8-16

Synchronizing Each Node with an NTP Server ...................................................................... 8-16

Viewing Available Resources ................................................................................................. 8-17

Stopping Pacemaker/Heartbeat Service .................................................................................. 8-18

CHAPTER 9: APPENDICES ....................................................................................... 9-1Appendix AServer Hardware Specifications ....................................................................... 9-1

NX (P/N SNX-SRV-GEN4) ..................................................................................................... 9-1

NX-HAP (P/N SNX-SRV-HAP-GEN4)................................................................................... 9-1

NX-HAP (DC) (P/N SNX-SRV-HAP-GEN4-DC) .................................................................. 9-2

STC (P/N STC-NX-GEN4-DC) ............................................................................................... 9-2

Enhanced STC (P/N STC-NX-ENH-GEN4) ............................................................................ 9-3

ASRA Server (P/N ASRA-SRV-GEN4-DC) ........................................................................... 9-3

Appendix BIBM DS Storage Manager ................................................................................. 9-4Installing Storage Manager Client on NX Servers ................................................................... 9-4

Configuring Storage Manager to Send SNMP Traps from the Storage Device ....................... 9-9

Storage Battery Status ............................................................................................................. 9-10

Appendix B - Configuring NX to Work Behind an HTTP Proxy ........................................ 9-12

Appendix C - Events and Recommended Actions ................................................................. 9-14

Appendix DNX IP Address for UI Script ........................................................................... 9-22

Changing the NetXplorer IP Address ..................................................................................... 9-22

Selecting a NetXplorer IP Address for the GUI ..................................................................... 9-22

Running the Script .................................................................................................................. 9-23

Appendix ECommunication Protocols ............................................................................... 9-24Data Flow from NX Client to NX Server ............................................................................... 9-24

Data Flow from NX Server to NE/SG .................................................................................... 9-25

Data Flow from STC to NX Server and NE/SG ..................................................................... 9-26

Data Flow from SMP to NX Server and NE/SG .................................................................... 9-27

Data Flow to and from the Data Mediator .............................................................................. 9-29

Additional Protocols ............................................................................................................... 9-30

IMM Connection..................................................................................................................... 9-32

Appendix F: Using the IMM ................................................................................................... 9-35


8/259

NetXplorer Installation and Administration Guidevi

Monitors .................................................................................................................................. 9-36

Tasks ....................................................................................................................................... 9-37

IMM Control ........................................................................................................................... 9-37

Appendix G: NX Audit Log ..................................................................................................... 9-39

logrotate.conf Example ........................................................................................................... 9-40

Audit Log Example ................................................................................................................. 9-40


9/259

NetXplorer Installation and Administration Guide vii

FIGURES

Figure 1-1: System Architecture .................................................................................................. 1-5

Figure 2-1: Connecting Keyboard and Screen ............................................................................. 2-1

Figure 2-2: Connecting Management and IMM ........................................................................... 2-2

Figure 2-3: IMM "System Management" Port ............................................................................. 2-3

Figure 2-4: IMM System Status Screen ....................................................................................... 2-4

Figure 2-5: IMM Network Interfaces ........................................................................................... 2-5


Figure 2-7: Connecting Management and IMM ........................................................................... 2-6

Figure 2-8: CentOS UI ................................................................................................................. 2-7

Figure 2-9: Network Configuration dialog, Devices tab .............................................................. 2-7

Figure 2-10: Ethernet Device dialog box ..................................................................................... 2-8

Figure 2-11: Network Configuration dialog box, Hosts tab ......................................................... 2-9

Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog .................................... 2-9

Figure 2-13: Network Configuration dialog box, DNS tab ........................................................ 2-10

Figure 2-14: IMM "System Management" Port ......................................................................... 2-11

Figure 2-15: IMM System Status Screen ................................................................................... 2-12

Figure 2-16: IMM Network Interfaces ....................................................................................... 2-13

Figure 2-17: Open Network Configuration ................................................................................ 2-16

Figure 2-18: Select eth0.............................................................................................................. 2-17

Figure 2-19: Ethernet Device dialog box ................................................................................... 2-17

Figure 2-20: Network Configuration dialog box, Hosts tab ....................................................... 2-18

Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 2-18


Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab ............................. 2-20

Figure 2-24: Local Area Connection Properties ......................................................................... 2-25

Figure 2-25: Security Warning ................................................................................................... 2-27

Figure 2-26: NetXplorer InstallShield Wizard Welcome Window ............................................ 2-27

Figure 2-27: Choose Setup Type ................................................................................................ 2-28


10/259

NetXplorer Installation and Administration Guideviii

Figure 2-28: Choose Destination Location - Custom ................................................................. 2-28

Figure 2-29: Choose NTP configuration option - Custom ......................................................... 2-29

Figure 2-30: Choose Destination Location - Typical ................................................................. 2-29

Figure 2-31: Ready to Install the Program ................................................................................. 2-30

Figure 2-32: Setup Initializing.................................................................................................... 2-30

Figure 2-33: NetXplorer InstallShield Wizard Complete ........................................................... 2-30

Figure 2-34: NetXplorer Java Installation Screen ...................................................................... 2-33

Figure 2-35: NetXplorer Log On Window ................................................................................. 2-34

Figure 2-36: NetXplorer Application Server Registration Dialog ............................................. 2-36


Figure 2-38: Accounting Manager InstallShield Welcome Window ......................................... 2-42

Figure 2-39: Choose Destination Location ................................................................................. 2-42

Figure 2-40: Ready to Install Window ....................................................................................... 2-43

Figure 2-41: NetXplorer InstallShield Wizard Complete ........................................................... 2-43


Figure 2-43: NetPolicy Provisioner InstallShield Welcome Window ........................................ 2-49

Figure 2-44: Choose Destination Location ................................................................................. 2-49

Figure 2-45: NetXplorer IP Address Window ............................................................................ 2-49

Figure 2-46: Ready to Install Window ....................................................................................... 2-50

Figure 2-47: NPP InstallShield Wizard Complete ..................................................................... 2-50

Figure 2-48: Cable Connections for NX High Availability Platform (IBM M4 Hardware) ...... 2-51

Figure 2-49: Cables for NX HAP Connectivity ......................................................................... 2-51

Figure 2-50: Cable Connections for NX High Availability Platform (IBM X3550 M3 Hardware) ............................................................................................................................................ 2-53

Figure 2-51: Cables for NX HAP Connectivity ......................................................................... 2-53

Figure 2-52: Specifying NX-HAP IP for Receipt of SNMP Traps ............................................ 2-60

Figure 3-1: NetEnforcer PropertiesNew Dialog ....................................................................... 3-2

Figure 3-2: NetEnforcer PropertiesImport Dialog .................................................................... 3-3

Figure 3-3: Monitoring Collector PropertiesNew Dialog ......................................................... 3-4


11/259

NetXplorer Installation and Administration Guide ix

Figure 3-4: Monitoring Collector PropertiesNew Dialog ......................................................... 3-5

Figure 3-5: Collector Group PropertiesNew Dialog ................................................................. 3-5

Figure 3-6: SMP PropertiesNew Dialog ................................................................................... 3-6

Figure 3-7: Device Properties Update dialog ............................................................................... 3-7

Figure 3-8: System Message ........................................................................................................ 3-8

Figure 3-9: NetEnforcer Configuration ........................................................................................ 3-9

Figure 3-10: User Authentication Configuration screen ............................................................ 3-11

Figure 3-11: User Editor ............................................................................................................. 3-12

Figure 3-12: User Authentication Configuration screen ............................................................ 3-14

Figure 3-13: Add External Authentication Entry dialog ............................................................ 3-15

Figure 3-14: Password Management dialog box ........................................................................ 3-16

Figure 4-1: CollectorFront View (M4) .................................................................................... 4-1

Figure 4-2: CollectorRear View (M4) ...................................................................................... 4-1

Figure 4-3: Updating an Extended Collector ................................................................................ 4-4


Figure 4-5: Connecting the CollectorFront View .................................................................... 4-7

Figure 4-6: Open Network Configuration .................................................................................... 4-8

Figure 4-7: Select eth0 ................................................................................................................. 4-9

Figure 4-8: Ethernet Device dialog box ....................................................................................... 4-9

Figure 4-9: Network Configuration dialog box, Hosts tab ......................................................... 4-10

Figure 4-10: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 4-10


Figure 4-12: Monitoring Collectors Properties dialogGeneral tab ......................................... 4-12

Figure 4-13: NetEnforcer Properties dialog ............................................................................... 4-14

Figure 4-14: Monitoring Collector Properties - Update ............................................................. 4-15

Figure 4-15: Collector Group PropertiesNew Dialog ............................................................. 4-15

Figure 4-16: Collector Configuration Window - Identification Tab .......................................... 4-16

Figure 4-17: SNMP Tab ............................................................................................................. 4-17

Figure 4-18: Date/Time Tab ....................................................................................................... 4-17


12/259

NetXplorer Installation and Administration Guidex

Figure 4-19: IP Properties Tab ................................................................................................... 4-18

Figure 4-20: Monitoring Collector PropertiesUpdate Dialog ................................................. 4-18

Figure 5-1: Network Configuration - NetAccounting .................................................................. 5-2

Figure 6-1: Length of time for which data is stored under different profiles ............................. 6-31

Figure 8-1: Database Logs............................................................................................................ 8-3

Figure 8-2: Key Database Logs .................................................................................................... 8-4

Figure 8-3: Application Server Logs ............................................................................................ 8-4

Figure 8-4: NMS.log Example ..................................................................................................... 8-4

Figure 8-5: Install Log .................................................................................................................. 8-5

Figure 8-6: Snapshot File ............................................................................................................. 8-6

Figure 8-7: Restore Policy and Catalogs Dialog ........................................................................ 8-10

Figure 8-8: Events Log ............................................................................................................... 8-11

Figure 8-9: Bucket Manifest ....................................................................................................... 8-12

Figure 8-10: Data Logs ............................................................................................................... 8-13

Figure 9-1: SNMP Traps Sent from Storage Controllers ............................................................. 9-4

Figure 9-2: Storage Manager Installation Wizard ........................................................................ 9-5

Figure 9-3: Select Installation Type ............................................................................................. 9-6

Figure 9-4: Select Addition Method ............................................................................................. 9-6

Figure 9-5: Devices Hierarchy Tree ............................................................................................. 9-7

Figure 9-6: Devices Tab Menu ..................................................................................................... 9-7

Figure 9-7: Configure Alerts ........................................................................................................ 9-9

Figure 9-8: Storage Manager Support Tab ................................................................................. 9-10

Figure 9-9: Battery Expired Message ......................................................................................... 9-11

Figure 9-10: Data Flow from Corporate to Admin Network ...................................................... 9-24

Figure 9-11: Connectivity Requirements from NX GUI to NX Server ...................................... 9-25

Figure 9-12: Data Flow from NX Server to NE/SG ................................................................... 9-25

Figure 9-13: Connectivity Requirements between NX and NE/SG ........................................... 9-26

Figure 9-14: Data Flow Between STC and NX/NE/SG ............................................................. 9-26

Figure 9-15: Communication Requirements between STC and NX/NE/SG.............................. 9-27


13/259

NetXplorer Installation and Administration Guide xi

Figure 9-16: Data Flow Between SMP and NX/NE/SG ............................................................ 9-28

Figure 9-17: Communications Requirements Between SMP and NX/NE/SG ........................... 9-29

Figure 9-18: Communications Requirements Between DM and NX ......................................... 9-30

Figure 9-19: Data Flow Between Additional Network Elements ............................................... 9-31

Figure 9-20: Communication Requirements Between Different Network Elements ................. 9-32

Figure 9-21: Communication Requirements for IMM (User Definable) ................................... 9-33

Figure 9-22: Communication Requirements for IMM (Fixed)................................................... 9-34

Figure 9-23: Connection to the IMM on the rear of the M4 Server ........................................... 9-35

Figure 9-24: Connection to the IMM on the rear of the M3 Server ........................................... 9-35

Figure 9-25: IMM Monitors, System Status Screen ................................................................... 9-36

Figure 9-26: IMM Control, System Status Screen ..................................................................... 9-38


14/259


15/259

NetXplorer Installation and Administration Guide 1-1

Chapter 1:Getting Started

Overview

NetXplorer is a highly scalable Network Business Intelligence system that enablesstrategic decision-making based on comprehensive network application and subscribertraffic analysis.

NetXplorer configures NetEnforcer or Service Gateway devices and a central catalog,which enables global policy provisioning. Many network topologies can benefit frommore than one

NetEnforcer or Service Gateway. In addition, NetXplorer provides acentralized management

system for all NetEnforcers or Service Gateways on thenetwork. It provides easy access to devices and configuration parameters via the device

tree.NetXplorer enables both real time monitoring for network troubleshooting and problemanalysis, as well as long term reporting for capacity planning, tracking usage and trendanalysis. It allows for the proactive management of traffic and system-wide alarms andfor the collection and export of auditing data for billing and quota purposes.

Terms and ConceptsThis section introduces some of the basic terms and concepts used in NetXplorer.

NetXplorer

NetXplorer is a highly scalable Network Business Intelligence system that centrallymanages the NetEnforcer and Service Gateway product line. It enables strategicdecision-making based on comprehensive network application and subscriber trafficanalysis.

The NetXplorer can be purchased from Allot as an Appliance which is comprised of thehardware and server software pre-installed. The available configurations are:

Standalone Server: Allot part number: NX-SRV-GENX.

Highly Available platform: Allot part number: NX-SRV-HAP-GENX.

For performance and device support information concerning Appliances supplied byAllot, see the Release Notes for your software version.

If nessacery, customers can install the NetXplorer server software on any serverhardware that meets Allots minimum specifications. For hardware specifications seeAlternate Hardware on page2-14.


16/259

Chapter 1: Getting Started

NetXplorer Installation and Administration Guide1-2

NetEnforcer

NetEnforcers are the traffic management devices that inspect and monitor networktraffic.

Service Gateway

The Service Gateway is a platform for enhancing service optimization and servicedeployment. The Service Gateway provides an open, carrier-grade solution forbroadband service providers to manage multiple 10 or 1 Gigabit lines and deploy valueadded services in one integrated platform. Application and subscriber informationwithin the Service gateway is identified for each traffic flow and subsequently the flowis dispatched to an array of additional services and actions using a single DPI process.

Monitoring Collector

The Monitoring Collector (STC) is an Allot appliance that should be added between the

NetXplorer Servers and the NetEnforcers or Service Gateways in order to support largenumbers of NetEnforcers or Service Gateways or those installed in remote geographiclocations. One Monitoring Collector must be deployed for each Service Gateway in thenetwork.

QoS

QoS (Quality of Service) is the ability to define a level of performance in a datacommunications system. In NetXplorer, QoS is an action applied to a connection whenthe conditions of a filter are satisfied.

The QoS specified can include the following:

Prioritized Bandwidth: Delivers levels of service based on classlevels. During peak traffic periods, the NetXplorer will slow downlower priority applications, resulting in increased bandwidth deliveryto higher priority applications.

Guaranteed Bandwidth: Enables the assignment of fixed minimumand maximum amounts of bandwidth to specific Pipes, VirtualChannels and connections. By borrowing excess bandwidth when it isavailable, connections are able to burst above guaranteed minimumlimits, up to the maximum guaranteed rate. Guaranteed rates alsoassure predictable service quality by enabling time-criticalapplications to receive constant levels of service during peak and non-peak traffic periods.

Reserved Bandwidth on Demand: Enables the reservation of theminimum bandwidth from the first packet of a connection until theconnection ends. This is useful when the bottleneck is not at the linkgoverned by the NetEnforcer or Service Gateway. By limiting otherconnections (non-guaranteed), the NetEnforcer or Service Gatewayreserves enough bandwidth for the required Pipe or Virtual Channel.


17/259



TOS Marking: Enables the user to set the ToS bytes in thetransmitted frame according to the DiffServ standard or free format.

Access Control: Determines whether a connection is accepted,

dropped or rejected (Supported on AC-400 and AC-800 only). Forexample, you can specify the following policy: accept 1000 ICMPconnections to Server1 and drop the rest. A NetEnforcer or ServiceGateway policy can also be to drop all P2P connections or accept newconnections with a lower priority

Admission Control: Determines the bandwidth granted to a flowbased on your demand (for example, allocated minimum of 10kbps)and the available bandwidth on the line.

Catalog Editors

Catalog Editors enable you to define values to define your policy. The possible values

for each condition of a filter and for actions are defined in the Catalog entries in theCatalog Editors. A Catalog Editor enables you to give a logical name to acomprehensive set of parameters (a Catalog entry). This logical name then becomes apossible value for a condition or action

Lines

A Line represents a physical or logical media in the system. A line provides a way ofclassifying traffic that enables you to divide the total bandwidth and then manage everyLine as if it was an independent link. A Line consists of one or more sets of conditionsand a set of actions that apply when all of the conditions are met. A line is an address-based or VLAN-based entity, and is not service-based.

A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point ofview. The filter of the FallbackLine cannot be modified or deleted. A connectioncoming into the NetEnforcer or Service Gateway is matched to a Line according towhether the characteristics of the connection match all of the Conditions of the Line.The connection is then further matched to the Conditions of a Pipe under the Line. Theactions defined for the Line influence all the Pipes under the Line. The actions definedfor a Pipe are enforced together with the actions of the Line.

Pipes

A Pipe provides a way of classifying traffic that enables you to divide the totalbandwidth and then manage every Pipe as if it was an independent link. Pipes cannotstand alone and are always contained within a Line. A Pipe consists of one or more sets

of conditions and a set of actions that apply when all of the conditions are met. A Pipecan aggregate several Virtual Channels, acting like a container of Virtual Channels froma QoS point of view.

When you add a new Pipe, it always includes at least one Virtual Channel, the FallbackVirtual Channel. The FallbackVirtual Channel filter cannot be modified or deleted. Aconnection coming into a line is matched to a Pipe according to whether thecharacteristics of the connection match all of the Conditions of the Pipe. The connection


18/259



is then further matched to the Conditions of a Virtual Channel under the Pipe. Theactions defined for the Pipe influence all the Virtual Channels under the Pipe. Theactions defined for a Virtual Channel are enforced together with the actions of the Pipe.

Virtual Channels

A Virtual Channel provides a way of classifying traffic and consists of one or more setsof Conditions and a set of actions that apply when all of the Conditions are met. AVirtual Channel is defined within a Pipe and cannot stand alone. A connection matchedto a Pipe is further matched to a Virtual Channel according to whether thecharacteristics of the connection match all of the Conditions of the Virtual Channel.

Conditions

A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorermatches connections to conditions, first at the Line level then at Pipe level and thenagain at the Virtual Channel level within a Pipe.

Templates

Templates enable you to create a "master" Pipe or Virtual Channel that upon saving willcreate multiple Pipes or Virtual Channels similar to one another. Templates work withhost group entries defined in the Host Catalog. For example, if a host group entry in theHost Catalog called Gold Customers consists of Company X, Company Y andCompany Z, you could define a Pipe template to be expanded for Gold Customers. Thiswould result in Pipes being created for Company X, Company Y and Company Z whenthe Policy Editor is saved.

A Pipe or Virtual Channel template enables the fast creation of Pipes and VirtualChannels on source/destination differentiation. This means that you do not need to

define similar Pipes and Virtual Channels when the only difference between them is theIP address in the source or destination.

NetXplorer Architecture

This section introduces the NetXplorer concept and explains its components andarchitecture.

NetXplorer uses a highly scalable architecture that enables the monitoring of allNetEnforcer or Service Gateway devices from a single user interface. In addition,NetXplorer can utilize distributed monitoring collectors, which increase the scalabilityof your deployment. The collectors gather short-term network usage statistics from the

NetEnforcers or Service Gateways.

NetXplorer's server-based, distributed architecture consists of four tiers: multipleNetEnforcer or Service Gateways and associated distributed collectors, a NetXplorerserver and GUI clients.


19/259



Figure 1-1: System Architecture

NetXplorer architecture consists of four layers:

1. Real-time Service Layer: NetEnforcers or Service Gateways are the trafficmanagement devices that inspect and monitor network traffic. There can be oneor more NetEnforcers or Service Gateways on a network. They manage networkpolicies and collect network usage data.

2. Collection Layer: Monitoring collectors increase scalability by supporting largenumbers of NetEnforcers or Service Gateways or those installed in remote

geographic locations. Monitoring collectors are fully managed via the NetXplorerGUI.

3. Application Layer: The NetXplorer server is the actual application, whichincludes the databases and an integrated data collector. The NetXplorer servermanages and communicates with the different clients that access the system, andfacilitates NetEnforcer or Service Gateway configuration, policy provisioning,alarms, monitoring and reporting. The integrated data collector included in theNetXplorer streamlines the required collection of data from the managedNetEnforcer or Service Gateway devices. The Server layer includes additionalservers such as SMP Servers, NPP Servers and stand along Accounting Servers.

NOTE The NetXplorer Server should be installed behind a firewall for optimal security.

4. Interface Layer: The different clients connected to the NetXplorer Server aretheNetXplorer GUI applicationusers. Any network computer capable ofconnecting to the NetXplorer server can support the GUI interface.

The system offers simple integration with external systems using a wide range ofinterfaces, including SNMP, CSV Files (for report data export), XML and CLI.


20/259



Administration RoleNetXplorer uses a role-based security model. The role defined for each authorized userindicates the scope of operations that can be performed by that user. The Administratorrole gives Admin users complete read/write privileges in the NetXplorer applicationincluding read/write configuration privileges.

The main functions of the Administrator role include:

User Registration

Device and Network Management

Monitoring Collectors Management

Database Maintenance

This document defines the main concepts and describes the various activities related tothe installation and configuration of NetEnforcer or Service Gateways and theNetXplorer, Monitoring Collectors, as well as the main tasks associated with DatabaseMaintenance, such as backup and restore, changing location and installing theNetXplorer on a remote data base.


21/259


Chapter 2:Installation

NetXplorer Server Installation

Allot Appliance Installation

NX-SRV is shipped to the customer as an Allot Appliance consisting of the hardwarewith server software pre-installed on a CentOS operating system.

After unpacking the hardware, installation consists of 4 steps:

1. Connecting directly to the Server with a keyboard andmonitor

2. Changing the IP address of the server3. Changing the IP address in the NetXplorer application

server

4. Configuring the IMM Settings

M4 Server (CentOS v6.x)

Connecting to NX-SRV

Connect a keyboard and monitor to the front panel of the NX-SRV as shown inFigure2-6below.

Figure 2-1: Connecting Keyboard and ScreenConnect the management and IMM links to the rear panel of the NX-SRV as follows:


22/259

Chapter 2: Installation


Figure 2-2: Connecting Management and IMM

1. Each NX server is connected to the management networkvia eth2 and may be connected to an optional secondmanagement network for redundancy purposes via eth3.

2. Each NetXplorer server can be directly managed from theIMM port by connecting this port to an external switch withan additional ethernet management cable.

NOTE Following installation you must make sure you have the most recent Protocol Packinstalled. For information on installing Protocol Packs see the NetXplorer OperationGuide.

Changing the IP Address (CentOS 6.x)

Follow the procedure below to change the IP address from the factory default(11.11.11.1) to your required address.

To change the address

1. Insert the Allot Disk-On Key.

2. Copy the netwconf.sh script to the root directory of theserver, run it using the following command and enter theappropriate network information when prompted:

/root/netwconf.sh

Output Example[root@localhost ~]# /root/netwconf.shPlease type the IP ADDRESS [ 11.11.11.11 ]10.4.3.65Please type NETMASK [ 255.255.0.0 ]

Please type the GATEWAY [ 11.11.0.1 ]10.4.0.1Please type hostname [ localhost ]Server1Please type domain name [ ]mydomain.comPlease type ip address of DNS [ 198.168.254.2 ]8.8.8.8


23/259



Please check the values enteredThe host: Server1 10.4.3.65NETMASK: 255.255.0.0, DOMAIN: mydomain.comGATEWAY: 10.4.0.1DNS: 8.8.8.8Continue with these values (y/n) [y]?YPlease type ip address of additional DNS or press Enter tocontinue:8.8.4.4Please type ip address of additional DNS or press Enter tocontinue:194.90.1.5Please type ip address of additional DNS or press Enter tocontinue:

Restarting network service...Done.

3. Reboot the server.

Changing the IP Address (NetXplorer)

In order to change the IP address on the NetXplorer application server, from the default11.11.11.1, you will need to run the set_nx_ip4ui.shscript. For full instructions, refertoAppendix DNX IP Address for UI Scriptbelow.

Configuring IMM Network Settings

The default details of the IMM are as follows:

Default IP: 192.168.70.125

Default User Name: USERID

Default Password: PASSW0RD (where the 0 is not o but zero)

To configure the network settings of the Integrated Management Module, follow thesteps below:

1. Connect directly from a laptop to the IMM interface on the rear of the NX-SRV. The interface is labeled SYSTEM MGMT as shownbelow:

Figure 2-3: IMM "System Management" Port


24/259



2. Open a web browser. In the address field, type, type the IP address or host nameof the IMM to which you want to connect.

NOTE If you are logging in to the IMM for the first time after installation, it uses the default

static IP address 192.168.70.125. You can obtain the the static IP address from theserver BIOS or from your network administrator.

3. Enter User ID and Password

4. You will be prompted to specify an inactive session timeout value. Choose avalue from the dropdown list and click on Continue.

5. You will see the IMM User Interface, with the default System Status in view,as seen in below

Figure 2-4: IMM System Status Screen

6. Select Network Interfaces from the system tree on the left side of the screen.

7. In the Ethernet section, make sure that interface is enabled, andIPv6 DHCP is disabled. In addition, DDNS status should be set toDisabled and Domain Name Used should be set to manual.

8. In the IPv4 section, make sure that the DHCP field is set to: Disabled UseStatic IP configuration. Assign an IP, mask and default gateway as seen aboveand click Save. You can now access the IMM remotely using these networksettings.


25/259


26/259


27/259



After connecting directly to the NX-SRV, you will see the CentOS User interface.

Enter root for the login and bagabufor the password. Follow the procedure below tochange the IP address from the factory default (11.11.11.1) to your required address.

To change the address

3. From the system menu, select Administration > Networkas shown inFigure 2-8below:

Figure 2-8: CentOS UI

The Network Configuration dialog will appear.

Figure 2-9: Network Configuration dialog, Devices tab


28/259



4. Open the Devices tab and double click on the appropriatenetwork card.

The Ethernet Device dialog appears.

Figure 2-10: Ethernet Device dialog box

5. In the General tab set the IP address, Subnet mask andDefault Gateway in the Statically set IP addresses section.

NOTE The Default Gateway MUST be set during the initial configuration.


29/259



6. Click OKto save and return to the Network Configurationdialog.

Figure 2-11: Network Configuration dialog box, Hosts tab

7. Open the Hosts tab and click Add to create a new Host.

The Add/Edit Hosts dialog appears.

Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog


30/259



8. Enter the IP Address, Host name and Alias for the new hostand click OK to return to the Network Configuration dialog.The new host will appear in the Hosts tab. To edit anexisting Host, click the Editbutton.

Figure 2-13: Network Configuration dialog box, DNS tab

9. Open the DNStab and enter the Host name and DNS IP

addresses.

NOTE The Hostname entered in the DNS tab must be the same as was added in the Hoststab.

10.Select Savefrom the File menu to save all changes.

Changing the IP Address (NetXplorer)

In order to change the IP address on the NetXplorer application server, from the default11.11.11.1, you will need to run the set_nx_ip4ui.shscript. For full instructions, refertoAppendix DNX IP Address for UI Scriptbelow.

Configuring IMM Network SettingsThe default details of the IMM are as follows:

Default IP: 192.168.70.125

Default User Name: USERID

Default Password: PASSW0RD (where the 0 is not o but zero)


31/259



To configure the network settings of the Integrated Management Module, follow thesteps below:

9. Connect directly from a laptop to the IMM interface on the rear of the NX-

SRV. The interface is labeled SYSTEM MGMT as shownbelow:

Figure 2-14: IMM "System Management" Port

10.Open a web browser. In the address field, type, type the IP address or host nameof the IMM to which you want to connect.

NOTE If you are logging in to the IMM for the first time after installation, it uses the defaultstatic IP address 192.168.70.125. You can obtain the the static IP address from theserver BIOS or from your network administrator.

11.Enter User ID and Password

12.You will be prompted to specify an inactive session timeout value. Choose avalue from the dropdown list and click on Continue.

13.You will see the IMM User Interface, with the default System Status in view,

as seen in below


32/259



Figure 2-15: IMM System Status Screen

14.Select Network Interfaces from the system tree on the left side of the screen.

15. In the Ethernet section, make sure that interface is enabled, andIPv6 DHCP is disabled. In addition, DDNS status should be set toDisabled and Domain Name Used should be set to manual.

16. In the IPv4 section, make sure that the DHCP field is set to: D isabledUse

Static IP configuration. Assign an IP, mask and default gateway as seen aboveand click Save. You can now access the IMM remotely using these networksettings.


33/259



Figure 2-16: IMM Network Interfaces

NOTE The IBM Advanced Settings Utility (ASU) enables you to remotely modify IMMfirmware settings from the command line of the operating system. On AllotNetXplorer appliances which are shipped to the customer (NX-SRV and NX-HAP),the ASU software will be pre-installed.

However, when you are installing NetXplorer software on your own hardware, youshould also install the appropriate ASU software package. The package can bedownloaded from the IBM website here:

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASUhttp://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU


34/259



Alternate Hardware

Ifnecessary,it is possible to install NetXplorer Server software on hardware that is notprovided by Allot, assuming that the server used meets the requirements defined below.

Linux Installation

Installation Prerequisites

This section describes the minimum hardware and software requirements for installingNetXplorer on a Linux Server that is not provided by Allot.

Server Hardware Requirements

Minimum Specifications

Intel Xeon, 4 core, 2.0 GHz or equivilent

6 GB RAM DDR Dual channel

RAID (0 or 10) Controller with 256MB Battery Backed Write Cache(BBWC)

1.5TB HDD 10k RPM or larger (capacity depends on overall storageneeds)

CentOS Linux 5.8 or 6.464-bit x86 (Recommended)

OR

Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86

Recommended Specifications




1-2TB HDD 15k RPM or larger (capacity depends on overall storageneeds)

CentOS Linux 5.8 or 6.464-bit x86 (Recommended)

OR

Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86

NOTE These recommended specifications are based upon the workload and performancespecified below. If a larger workload or improved performance is required, contact AllotCustomer Support for recommendations.
https://www.google.co.il/search?es_sm=93&q=necessary&spell=1&sa=X&ei=8-txU-2MKqn17Abtm4HwAg&ved=0CCUQvwUoAAhttps://www.google.co.il/search?es_sm=93&q=necessary&spell=1&sa=X&ei=8-txU-2MKqn17Abtm4HwAg&ved=0CCUQvwUoAA


35/259



Software Requirements

Any Real-Time Virus Protection programs or automaticDefragmentation/Backup software must be disabled on the NetXplorer

server or the Allot folder needs to be excluded fromprotection/defragmentation.

No other database applications (for example, SQL database) should beinstalled on the NetXplorer server machine.

No application should be listening to port 80 at the time of theinstallation.

FQDN of the server should be defined (to check run hostname -f).


36/259


37/259



Figure 2-18: Select eth0

6. Open the Devices tab and double click on the appropriatenetwork card.

The Ethernet Device dialog appears.

Figure 2-19: Ethernet Device dialog box


38/259



7. In the General tab set the IP address, Subnet mask andDefault Gateway in the Statically set IP addressessection.

NOTE The Default Gateway MUST be set during the initial configuration.

8. Click OKto save and return to the Network Configurationdialog.

Figure 2-20: Network Configuration dialog box, Hosts tab

9. Open the Hosts tab and click Add to create a new Host.

The Add/Edit Hosts dialog appears.

Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog


39/259



10.Enter the IP Address, Host name and Alias for the new hostand click OK to return to the Network Configuration dialog.The new host will appear in the Hosts tab. To edit anexisting Host, click the Editbutton.

Figure 2-22: Network Configuration dialog box, DNS tab

11.Open the DNStab and enter the Host name and DNS IPaddresses.

NOTE The Hostname entered in the DNS tab must be the same as was added in the Hoststab.


40/259



12.Select Savefrom the File menu to save all changes.

13.From the system menu, select Administration > SecurityLevel and Firewall to display the Security Level

Configuration dialog box. Open the SELinux tab and in theSELinux Setting select Disabled, and then click OK.

14.From the system menu, select Administration > Date &Time and confirm the Time Zone is correct then open theNetwork Time Protocol tab and select an NTP server. Besure to enable synchronization.

Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab


41/259



15. Set the Config ntp service to start when the unit is rebootedby entering the following command:

chkconfig --levels 35 ntpd on

16.Reboot the server.

CentOS 6.4

1. Confirm all the hardware and software requirements.

2. Confirm that there is at least 20GB of free space on the /optdirectory.

3. Install CentOS v6.4 according to instructions provided byCentOS.

4. Insert the Allot Disk-On Key.

5. Copy the netwconf.sh script to the root directory of theserver, run it using the following command and enter theappropriate network information when prompted:

/root/netwconf.sh

Output Example[root@localhost ~]# /root/netwconf.shPlease type the IP ADDRESS [ 11.11.11.11 ]10.4.3.65Please type NETMASK [ 255.255.0.0 ]

Please type the GATEWAY [ 11.11.0.1 ]10.4.0.1Please type hostname [ localhost ]Server1Please type domain name [ ]mydomain.comPlease type ip address of DNS [ 198.168.254.2 ]8.8.8.8

Please check the values enteredThe host: Server1 10.4.3.65NETMASK: 255.255.0.0, DOMAIN: mydomain.comGATEWAY: 10.4.0.1DNS: 8.8.8.8Continue with these values (y/n) [y]?YPlease type ip address of additional DNS or press Enter tocontinue:8.8.4.4Please type ip address of additional DNS or press Enter tocontinue:194.90.1.5Please type ip address of additional DNS or press Enter tocontinue:

Restarting network service...Done.


42/259



6. Reboot the server.

Installing NetXplorer

1. Install rsyslog as follows:

Locate the following package in the Installation/PACKAGES directoryin the NetXplorer installation CD:

rsyslog-3.22.1-3.el5.x86_64.rpm

Run the following command to install the rsyslog package:rpm -ivh rsyslog-3.22.1-3.el5.x86_64.rpm

2. Set the Config ntp service to start when the unit is rebootedby entering the following command:


3. Run rpm -ivh .rpm

Example:rpm -ivh netxplorer-12.3.0-8.i386.rpm

NOTE You may discover the filename by using the following command:cd /find|grep -i netxplorer-

4. Package dependencies are checked, and error messageissued if additional are packages needed. The JDK 7 (Java

development kit) package is included in the installation set.5. To install the packages, run rpmivh .rpm(version numbers may differ).

6. Configure the rsyslog Audit Log by running the followingscript:

/opt/allot/bin/nx_rsyslog_cfg.sh

To enable the rsyslog Audit Log, run the followingcommands:

/opt/allot/bin/nx_auditlog.sh on

service netxplorer restart

To disable the rsyslog Audit Log, run the following commands:

/opt/allot/bin/nx_auditlog.sh off

service netxplorer restart


43/259


44/259



This section describes the minimum hardware and software requirements for installingNetXplorer on a Windows Server.






1.5TB HDD 10k RPM or larger (capacity depends on overall storageneeds)

Windows Server 2008 SP2 Standard and Enterprise editions 64 bit(Recommended)

OR

Windows Server 2003 Standard or Enterprise Editions 64 bit

Recommended Specifications




1-2TB HDD 15k RPM or larger (capacity depends on overall storageneeds)

Windows Server 2008 SP2 Standard and Enterprise editions 64 bit(Recommended)

OR

Windows Server 2003 Standard or Enterprise Editions 64 bit

NOTE These recommended specifications are based upon the workload and performancespecified below. If a larger workload or improved performance is required, contact AllotCustomer Support for recommendations.


45/259


46/259



1. Verify that the minimum required space is available on thehard disk.

2. Verify that there is at least 4 GB of available Virtual

Memory.

NOTE Set the Virtual Memory on your computer by selecting Start/Settings/ControlPanel/System. Open the Advanced tab and click the Performance Settings button.Open the Advanced tab and click the Change button under Virtual Memory to select anew value.

3. Verify that Java JDK 7 is installed, including runtimeenvironment. If it is not installed, install it now, as describedbelow.

Installing Java JDK 7

The Java JDK 7, including the run time environment, must be installed before you can

install NetXplorer.

To install the Java JDK:

1. Browse to and run thejdk-7u2-windows-i586-p.exefile on the installation CD. The SecurityWarning is displayed.

2. Click Run. The License Agreement is displayed.

3. Read the license agreement and select I accept the termsto indicate your agreement, and then click Next. TheCustom Setup dialog is displayed.

4. Click Nextto accept the default installation location,

OR

Click Changeto browse and select an alternate installation location, andthen click Next.

NOTE The necessary program features are selected by default. You do not need tochange these default settings.

The Browser Registration dialog is displayed.

5. Verify that Microsoft Internet Explorer is selected and clickInstall. The Installing Java JDK dialog is displayed. The

progress bar indicates the status of the installation process.

6. When the installation process is done, the Complete windowis displayed.

7. Click Finish.

Installation Instructions


47/259



After you have performed the pre-installation checks and have verified that the JavaJDK is installed, you are ready to install NetXplorer.

To install NetXplorer:

1. Run the setup.exefile on the installation CD or from a net-mounted disk.

NOTE Do not attempt to run the setup file from a net long address, such as\\file_server\.

2. The following dialog is displayed.

Figure 2-25: Security Warning

3. Click Run. The following window is displayed.

Figure 2-26: NetXplorer InstallShield Wizard Welcome Window


48/259



4. Click Nextto continue.

5. The NetXplorer License Agreement is displayed.

6. Click Next to continue7. Read the license agreement and select I accept the term

to indicate your agreement, and then click Next. TheChoose Setup Type dialog is displayed.

Figure 2-27: Choose Setup Type

8. To install all program components in a single location,select Typicaland click Next. Then skip ahead to step 10.

OR

To install each component in a different location, select Customand clickNext.

NOTE Allot strongly recommends using the Custom installation option.

9. If you selected Customin step 5, the following dialogs aredisplayed.

Figure 2-28: Choose Destination Location - Custom


49/259



10.Accept the default destination locations or browse and selectan alternate location for one or more of the components, andthen click Next. The Choose NTP configuration optiondialog is displayed.

NOTE If alternate locations are chosen for one or more components, they must be ina subdirectory on one of the root directories (like C:\Allot or D:\Allot) and noton the root directory itself (C:\ or D:\).

NOTE It is recommended that the system files and the different monitoring files beinstalled on different physical drives in order to improve overall performance.

Figure 2-29: Choose NTP configuration option - Custom

11.Select either the Use local clock or the Use External NTPserverradio button. If you select an external NTP server,enter the servers IP address in the field provided. ClickNext.

NOTE Allot strongly recommends using an external NTP server.

12. If you selected Typicalin step 5 the following dialog isdisplayed.

Figure 2-30: Choose Destination Location - Typical


50/259



13.Accept the default destination location or browse and selectan alternate location, and then click Next.

Figure 2-31: Ready to Install the Program

14.Click Installto begin the installation. The Setup Statusdialog is displayed.

After a few moments the following popup is displayed.

Figure 2-32: Setup Initializing

NOTE The installation may take up to 30 minutes to complete.

15.When the installation is complete the following dialog isdisplayed.

Figure 2-33: NetXplorer InstallShield Wizard Complete

NOTE Following installation you must make sure you have the most recent Protocol Packinstalled. For information on installing Protocol Packs see the NetXplorer OperationGuide.


51/259



NetXplorer Client Installation

Java, WebStart and the NetXplorer ClientNetXplorer works with a technology known as WebStart from Sun Microsystems.WebStart enables you to run the NetXplorer Client software by simply double-clickingan icon on your computers desktop. This mode of operation is more convenient thanhaving to access the NetXplorer Client through an Internet browser.

Hardware Requirements

It is recommended that the NetXplorer Client be installed on a machine with thefollowing minimum specifications:

Pentium 4

512MB RAM

Windows XP/Microsoft Internet Explorer

NOTE: History logs will be kept on the client and can consume up to 150M


NetXplorer Client software should be installed on a machine runningWindows XP Professional (or later) and Microsoft Internet Explorer.

Any Real-Time Virus Protection programs or automaticDefragmentation/Backup software must be disabled on the NetXplorerclient or the Allot folder needs to be excluded from

protection/defragmentation.

Java JRE 7.0 should be installed on the client machine. For details onhow to install the Java JRE seeInstalling Java 7.0 JREbelow.

NOTE If the machine on which you are installing NX Client is running a 64 bit OS (x64), theJava installation must also be 64 bit. If the machine is running a 32 bit OS (x86), thenthe Java version must be 32 bit.


Firewall Settings

In some networks, workstations running the NetXplorer Client can be separated fromthe NetXplorer server by a firewall for security reasons. In order to allow the client tocommunicate with the NetXplorer server the following ports should be opened in theFirewall:

TCP/80 HTTP

TCP/3873 Catalog Interaction with the Server


52/259



TCP/443 SSL

TCP/1098 The RMI service bind address

TCP/1099 JNP server bind address

TCP/4446 RMI Object ports

TCP/4457 Alarms

TCP/50010 Alarms

Likewise, a firewall could be situated between the NetXplorer and the In-Line Platform.To enable the communication between the NetXplorer and the In-line platform thefollowing ports in the Firewall should be opened:

TCP/80 HTTP

TCP/443 SSL

UDP/161 SNMP

UDP/162 SNMP Trap

UDP/123 NTP

TCP/123 NTP

Installing Java 7.0 JRE

The Java 7.0 JRE must be installed on your computer as a prerequisite to working withthe NetXplorer User Interface.


53/259


54/259



2. The NetXplorer Log On window is displayed.

Figure 2-35: NetXplorer Log On Window

A shortcut icon to the NetXplorer installation is placed on your desktop and in yoursystems Startmenu.

Working Behind NAT

In certain deployments, the Network Address Translation (NAT) is in operationbetween the NetXplorer Client and the NetXplorer Server. In order to enable GUIaccess in such a case, the NetXplorer administrator must edit the swKeeper.inifile onthe NetXplorer server, replacing the server hostname with the fqdn hostname.

The swKeeper.ini file can be found in /opt/allot/conf/swKeeper.ini

Under tasks/java, look for the argsoption, and set it as shown below, inserting the fqdn

hostname in the relevant place.

-Djava .rmi.server.hostname=-Dremoting.bind_by_host=true

If the NetXplorer Server is running on a Linux machine then you must also change thehostname to netxplorerinstead of the fqnd (netxplorer.example.com) in the followingfile on the server:

/etc/sysconfig/network

The file should appear as follows:cat /etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=yesHOSTNAME=netxplorer

Once the file has been changed, restart the Network service and the NetXplorer serverservice.


55/259



Accessing NetXplorer

Once you have completed the initial setup, as describedabove,you can access theNetXplorer via your Web browser. The first time that you connect to NetXplorer, youmay be prompted to install Java plug-in 6.0. Refer toInstalling Java 7.0 JREbelow, forfurther information.

To connect to NetXplorer:

1. In Internet Explorer, browse to http:and select Launch NetXplorerin the NetXplorer ControlPanel.

OR

Double click the shortcut icon on the desktop or in the systems Startmenu.

2. The Java Application Starting window is displayed.

3. The NetXplorer Log On dialog is displayed.

4. In the User Namefield, enter adminand in the Passwordfield, enter allotor the password that was established at setup. This is the default user name and password. They maybe different if you changed them during the initialconfiguration.

5. Click Log On. The NetXplorer GUI is displayed.

NOTE It may take a few moments for the NetXplorer GUI to load.

Enabling NetXplorer Servers

In order to manage more than one NetEnforcer or Service Gateway as well as certainfeatures using NetXplorer, NetXplorer Server must be enabled by entering theappropriate key. This key may be entered at installation or at any time following. Formore information concerning the NetXplorer Server contact Allot Customer Support [email protected].
mailto:[email protected]:[email protected]:[email protected]


56/259



To enable NetXplorer Server:

1. Select Tools > NetXplorer Application ServerRegistrationfrom the NetXplorer Menu bar.

The NetXplorer Application Server Registration dialog boxappears.

Figure 2-36: NetXplorer Application Server Registration Dialog

2. Enter the Activation Key and Serial Number provided byAllot to enable the NetXplorer Server functionality.

NOTE: The serial number is the box number of the product you used to generate the key.

For managing a single unit, it will be the box number of the NE/SG.

For managing multiple units, it will be the box number of the SNX (starts with44X)


57/259



3. A Key Version, Marketing Version and Expiration Date willbe generated automatically after clicking Save.

4. The number of devices supported by the key is indicated.

5. If Policy Provisioning is enabled by the key that has beenentered, it will be indicated (along with the maximumnumber of accounts) after NPP. For more information, seethe NPP User Guide.

6. If Classification of Hosts by Country is enabled by the keythat has been entered, it will be indicated after CountryClassification Subscription.

7. If Accounting information is enabled by the key that hasbeen entered, it will be indicated after Net Accounting.

8. If Service Catalog updates via the web are enabled by thekey that has been entered, it will be indicated after APU.

9. If Subscriber Management is enabled by the key that hasbeen entered, it will be indicated by at least one of thefollowing attributes being enabled: Tiered Services, Tiered

Services Gx, Quota Management or Volume Reporting.In addition, the number of supported subscribers will beindicated if relevant. For more information, see the SMPUser Guide.

10.Click Saveto enter the key and close the dialog box.

NX Accounting InstallationNOTE These steps are only required if NetXplorer Accounting is to be installed on a different

Server than the NetXplorer. If is installed along with NetXplorer on the same server itwill be installed automatically along with the NetXplorer software.

Linux Server

Installation Prerequisites

This section describes the minimum hardware and software requirements for installingNetXplorer on a Linux Server.






58/259




1.5TB HDD 10k RPM or larger (capacity depends on overall storage

needs)

CentOS Linux 5.8 or 6.4 - 64-bit x86 (Recommended)

OR

Red Hat Enterprise Linux 5.8 or 6.4- 64-bit x86


Any Real-Time Virus Protection programs or automaticDefragmentation/Backup software must be disabled on the NetXplorerserver or the Allot folder needs to be excluded from

protection/defragmentation. No other database applications (for example, SQL database) should be

installed on the NetXplorer server machine.


FQDN of the server should be defined (to check run hostname -f).

Check that NTP service is installed. The Config ntp service should beconfigured to start when the unit is rebooted by entering the followingcommand:


NTP service should be configured to update the time from an externalNTP server and deliver the time service to Allot devices.

If the operating system has not yet been installed, and you are installing it from asoftware CD (e.g: for RedHat), configure the server so that the CD is the first bootdevice, insert the Installation CD #1 and reboot the host.

When installing both CentOS and RedHat operating systems, you should followthe on-screen instructions using the default installation options on all steps exceptfor the steps listed below:

Hostname: give fully qualified host name (e.g., NXlinx.allot.local);

Firewall: disabled (during configuration after reboot),

SELinux: disabled (during configuration after reboot),

Time: configure correct time according to time zone chosen

NTP server: may be configured during configuration after the IPaddress is configured (select the checkbox about synchronize beforestarting)

nx installation and admin guide r12b3

Documents