14.2.4.1. Procedure – Configuring communication between PNS proxies and CF

1. 

   Figure 14.24. The connection settings of CF

   First, the connection settings of CF have to be configured in the Bind section on the Global tab of the Content vectoring MC component. Specify either the IP address/port pair on which CF should accept connections, or the Local radiobutton if CF will communicate with PNS through UNIX domain sockets.

   Note
   The same bind settings will have to be used when the Stacking provider is configured in the Policies tab of the Application-level Gateway MC component (see Section 6.7.7, Stacking providers for details). These settings are required because PNS and CF do not necessarily run on the same hosts.

2. 

   

   Figure 14.25. The connection settings of PNS and CF

   Navigate to the Policies tab of the Application-level Gateway MC component and create a new Stacking Provider. Specify the same connection settings to this stacking provider as set to CF in the previous step.

   Note
   A Stacking provider can contain the connection parameters (that is, IP/port pair) of multiple CF hosts. If more than one hosts are specified, PNS will automatically balance the load sent to these hosts using the round-robin algorithm.

3. 

   Figure 14.26. Using the Stacking provider from a proxy

   Navigate to the Proxies tab of the Application-level Gateway MC component, and select the proxy class that will send the data to CF for inspection. This can be an existing or a newly derived proxy class (for example, MyFtpProxy).

4. Add the desired stack attribute of the proxy to the Changed config attributes (for example, self.request_stack). For details on the stack attributes of the different proxy classes see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 1.0 Reference Guide.

5. 

   Figure 14.27. Using the Stacking provider from a proxy

   Select the stack attribute and click on Edit. Click on New, and add a key identifying the element of the particular protocol that should be sent over to CF for inspection (for example, *). For details, see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 1.0 Reference Guide.

6. Enable stacking by setting the Type attribute to type_ftp_stk_data of the key using the combobox of the Type column, then click Edit.

7. 

   Figure 14.28. Stacking a provider

   Click on Edit, select the zorp_stack attribute in the appearing window, and click again on Edit.

8. 

   Figure 14.29. Selecting the stacking provider and the rulegroup

   Set Stacking type to Stacking provider. Select the stacking provider configured in Step 2 from the Provider combobox, and the rule group to be used from the Stacking information combobox.