Professional Documents
Culture Documents
Scenario: Bots On The LAN: Description
Scenario: Bots On The LAN: Description
Lab 1
Scenario: Bots on the LAN
Overview
Description
This lab introduces you to the Pravail NSI installation, initial
configuration and upgrade processes. You will learn about essential steps
performed. This lab is divided into the following parts:
• Installation of Pravail NSI Controller
• Initial CLI configuration using wizard
• Upgrade process
• Alert monitoring
Setup
Internet
pcc0
LAN
L1-1
Student 17
Pravail NSI Installation, Initial configuration and Upgrade
Lab 1
In this lab Pravail NSI controller will be getting mirrored traffic to pcc0
interface. Interfaces are connected in the following way:
• pcc0 is receiving copies of packets on the internet connection
• mgt0 is connected to out-of-band management network. It is also
used for Pravail NSI controller to access the internet
Objectives
After completing this lab, you will be able to do the following:
• Perform installation and initial configuration of Pravail NSI controller;
• Perform upgrade of Pravail NSI;
Equipment/Tools
The following equipment is required to complete this lab:
• web browser (Chrome or Firefox)
When accessing training labs, you will be prompted for Training Portal
Authentication. Use following credentials:
• Login: student17
• Password: 44AYJCgf82
Installation process
In this section we will perform initial installation steps. These steps are
typically performed on new Pravail NSI appliance after power on.
1. Wait while Pravail NSI installation process prepares hard drive and
copies necessary software packages. This process may take up to half
an hour.
2. Set system hostname to NSI-LAB17
3. Set IP address of mgt0 interface to 10.2.25.147
4. Set Network mask of interface mgt0 to 255.255.255.128
5. Skip media setting for interface mgt0 (press Enter)
6. Skip IP configuration for interface flow0 (press Enter)
7. Set default gateway to 10.2.25.254
8. Skip BGP, FTP and HTTP ACL configuration (press Enter)
9. Permit HTTPS access from any network – type 0.0.0.0/0 as the first entry
and confirm that there are no more entries by pressing enter for [done]
10. Permit ICMP Ping access from any network – type 0.0.0.0/0 as the first
entry and confirm that there are no more entries by pressing enter for [done]
11. Skip SNMP, Telnet, TFTP and VRRP ACL configuration (press Enter)
12. Permit SSH access from any network – type 0.0.0.0/0 as the first entry and
confirm that there are no more entries by pressing enter for [done]
13. Check that current date/time matches actual clock in UTC time zone.
Format of the string is MMDDhhmm[[CC]YY][.ss]
Student 17 L1-3
Pravail NSI Installation, Initial configuration and Upgrade
Lab 1
3. Configure 8.8.8.8 as your dns server using services dns server add
8.8.8.8 command
4. Set license key using following command (license key is typically
provided by ATAC)
/ system license set Pravail-NSI "nsi-model: PRA-NSI-5110 expires: 1451679614"
4RDSW-S1SHY-NTEAG-PTKA9-T19KB-8YEK2-E2DEH-BBZCN-SKX7Y
5. Initialize Pravail NSI databases
services nsi database initialize
6. Configure interface pcc0 as a promiscuous interface
services nsi interface add pcc0 promisc
7. Bring interface pcc0 up
ip interfaces ifconfig pcc0 up
8. Configure Pravail NSI shared secret to student17
services nsi secret set student17
9. Change system time zone to local
system timezone set
10. Start Pravail NSI service
services nsi start
Initial start of Pravail NSI service may take few minutes.
11. Save configuration
config write
Alert monitoring
1. After few minutes of Pravail NSI operation check ongoing security-
related alerts. Navigate to Explore->Alerts and select Active alerts of
Security type.
2. Use dropdown menu of any AIF related alert to study Rule Details
3. Click View Alerts for any client listed
4. Click View Flows to see original flow records that generated given
alert
Student 17 L1-5
Pravail NSI Installation, Initial configuration and Upgrade
Lab 1