2 rules, 3 editor, 5 high availability – NEXCOM IFA 1610 User Manual
Page 44: 2 rules 4.4.3 editor
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 4: The Services Menu
41
4.4.2 Rules
On the Rules tab appears the list of rule sets that are stored on the appliance, along with the number of rules they
contain and the actions that can be done on them:
▪ - toggle the status of the rule set, enabled or disabled.
▪ - The policy applied to packets, either they are allowed to pass or not.
▪ - modify the property of the rule set.
▪ - remove the rule set.
Note:
When editing a ruleset in the Rules tab, the Editor page (see below) will open with that ruleset already selected.
All the actions, except for editing, can be carried out on more than one rulesets at once, by selecting them (tick the
checkbox on the left of their filename) and pressing one of the button underneath the list.
By default, the policy for all the rulesets is set to alert. This behaviour can be changed by clicking on the alert icon to
toggle the policy into block and the icon into a red shield. After clicking on the Apply button, that ruleset will not cause
alerts anymore, but all the traffic that matches its rules will be blocked.
A ruleset can be deleted by clicking on the trash can icon, while a click on the pencil icon redirects to the Editor page in
which to edit each rule independently.
4.4.3 Editor
At the top of the Editor page are shown the rulesets that can be edited. To chose more than one ruleset at once, hold
the
CTRL key and click on the rulesets.
After selecting and clicking on the Edit button, the list of the rules included in the selected ruleset(s) is shown. The list
can be narrowed down by entering some terms in the text box next to the Search label. Like in the Rules page, the policy
of every entry can be changed.
Warning:
Turning on the IPS only implies that snort is running, but it does not yet filter the traffic. For snort to filter
packets, the Allow with IPS Filter policy must be selected for the rules defined in the various Firewall configuration pages.
4.5 High Availability
The appliance can be run in an HA mode, that can easily be setup using at least two appliances, one of which assumes
the role of the active (i.e., master) firewall, while the remaining are standby (i.e., slave) firewalls.
If the master firewall fails, an election among the slaves takes place and one of them will become the new master,
providing for transparent failover. If there is only one slave, though, it will immediately take over the master’s duties
and allows a seamless failover transition to the secondary appliance in the event of a hardware failure on the primary
appliance. This provides unparalleled hardware availability and redundancy for critical network operations and security.
In order to start up the HA service, at least one master and one slave appliances must be configured according to the
following guidelines.
Note:
The HENGE
TM
HA system is supported on both HENGE
TM
hardware and software appliances. Regardless of choosing
hardware or software, the high availability module requires at least two completely identical hardware platforms (e.g. 2
Minis, 2 Macros, 2 x86 systems, etc.).
An important point to focus on when deploying high availability is that a duplication method for each and every
connection to the IFA 3610/IFA 2610/IFA 1610 appliances must be provided. Every connection of the primary unit (e.g.,
WAN, LAN, etc.) must be replicated across the standby unit(s) to ensure that complete replication capabilities exist.
In this scenario, each network on the appliance (WAN, LAN, etc.) is connected to an external managed switch which has
a unique VLAN assigned to each network. This deployment option consumes the least amount of network ports and
provides for enhanced extensibility. Another option is to replace a single managed (VLAN capable) switch with smaller,
separate switches for each network (WAN, LAN, etc.). This setup however may not be cost-effective and could be less
reliable since the failure of any switch could break failover partially or completely.