Scribd Logo
Upload

Welcome to Scribd!

  • 23 APS Lab9

    Uploaded by

    Abdias Vazquez Martinez
    9 views4 pages
    arbor

    Original Title

    23_APS_Lab9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    arbor

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views4 pages

    23 APS Lab9

    Uploaded by

    Abdias Vazquez Martinez
    arbor

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

     

    Lab 9
    Scenario: Pravail NSI as a manager of APS

    Overview

    Description
    In this lab we will integrate Pravail APS with Pravail NSI for central
    management and check features available on central management console.

    Objectives
    After completing this lab, you will be able to do the following:
    • Integrate Pravail APS with Pravail NSI;
    • Use Pravail NSI for monitoring of Pravail APS;
    • Manage protection level and protection mode from central console;
    • Manage blacklist and whitelist from central console;

    Equipment/Tools
    The following equipment is required to complete this lab:
    • web browser
    When accessing training labs, you will be prompted for Training Portal
    Authentication. Use following credentials:
    • Login: student23
    • Password: 75DYptYN55

    Estimated Completion Time


    • The estimated completion time for this lab is 30 minutes.

    Student 23 L9-1
    Central Management Console Lab 9

    Enabling integration with Pravail NSI

    Pravail APS configuration

    1. Navigate to Administration -> General

    2. Configure following settings for Pravail NSI Connection

    • Controller: 10.2.25.228

    • Shared Secret: nsicm

    3. Save configuration and wait for few minutes

    Verification

    1. Log into Pravail NSI Controller at https://nsi-cm8.training.arbor.net/

    Use following credentials:

    Login: student23

    Password: 75DYptYN55

    2. Navigate to Summary page, scroll down to system information section.


    Verify that your Pravail APS device is listed. Wait until Pravail APS
    device gets from “Initial synchronization” to “Good” Status.

    Pravail APS monitoring from Central Management Console

    ATLAS Threat Categories traffic

    1. On Pravail NSI Controller, navigate to Dashboard


    2. Under APS Traffic, take a look at Inbound Blocked Threats and
    Outbound Blocked Threats
    3. Choose any threat, and click on “Learn more” item in context menu to
    get description of given threat
    4. Clock on Blocked Hosts item in context menu of any threat to navigate
    to Blocked Hosts page. Note that Search filters are pre-selected for you
    5. Click Search button to find offending hosts
    6. You can find more historical information about ATLAS threat
    categories traffic in Explore->ATLAS Threat Categories page

    L9-2 Student 23 Pravail APS 5.6


    Lab 9 Central Management Console

    Alerts
    1. To see alerts from your APS device, navigate to Explore->Alerts
    2. Click Filter field and select your APS appliance from the list. See if
    there are any historical alerts reported.

    Protection Groups
    1. To check traffic statistics for protection groups, navigate to Protect-
    >Protection Groups
    2. Click on protection group corresponding to your web server to see
    detailed information about passed, dropped traffic as well as all details
    that are available on view protection group page of Pravail APS
    3. Click Display All in Traffic Views and use Create PDF button from
    the Arbor smart bar to create PDF version of this page.

    Using Pravail NSI for protection management of Pravail APS

    Protection Level and Protection Mode

    1. Click Edit button for your protection group

    2. Change Protection Level to Medium, and Protection Mode to


    Inactive

    3. Log into your Pravail APS device to verify changes. It may take up to a
    minute to propagate changed from NSI to managed APS

    Blacklists and Whitelists

    1. On Pravail NSI Controller navigate to Protect->APS Inbound


    Blacklist

    2. Type North Korea and click Add to add additional country to blacklist

    3. Navigate to Protect->APS Inbound Whitelist

    4. Add IP address 113.225.205.113

    5. Log into to your Pravail APS device and verify that blacklist and
    whitelist were propagated. It may take up to a minute to propagate
    changed from NSI to managed APS

    Student 23 L9-3
    Central Management Console Lab 9

    Server type management

    1. On Pravail NSI Controller navigate to Protect->Server Types

    2. Click on Web Server on APS-LAB23

    3. Change ATLAS Confidence Index to 50 for all protection levels and


    save changes

    4. Log into to your Pravail APS device and verify that changes were
    propagated. It may take up to a minute to propagate changed from NSI
    to managed APS. Note that Web Server type for your protection group
    is now located in Custom Server Types

    Protection Group cloud signaling activation

    1. On Pravail NSI Controller navigate to Protect->Server Types

    2. Click on protection group corresponding to your web server

    3. Click All APSes, make sure that only APS-LAB23

    is selected and click Apply

    4. Note that cloud signaling widget now has Activate button. Click on it.

    5. After a minute, navigate to Peakflow SP at


    https://sp-cloud.training.arbor.net/ and check that Mitigation was
    started

    • Login: student23

    • Password: 75DYptYN55

    6. Deactivate mitigation request from Pravail NSI console

    This completes the lab exercise.

    L9-4 Student 23 Pravail APS 5.6

    You might also like