Copyright © 1996-2020 BalaSys IT Ltd.
This documentation and the product it describes are considered protected by copyright according to the applicable laws.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)
Linux™ is a registered trademark of Linus Torvalds.
Windows™ 10 is registered trademarks of Microsoft Corporation.
All other product names mentioned herein are the trademarks of their respective owners.
DISCLAIMER
is not responsible for any third-party websites mentioned in this document. does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.
June 04, 2020
Table of Contents
- Preface
- 1. Introduction
- 2. Concepts of the PNS Gateway solution
- 3. Managing PNS hosts
- 3.1. MS and MC
- 3.2. MC structure
- 3.3. Configuration and Configuration management
- 3.3.1. Configuration process
- 3.3.2. Configuration buttons
- 3.3.3. Committing related components
- 3.3.4. Recording and commenting configuration changes
- 3.3.5. Multiple access and lock management
- 3.3.6. Status indicator icons
- 3.3.7. Copy/Paste and Multiple select in MC
- 3.3.8. Links and variables
- 3.3.9. Disabling rules and objects
- 3.3.10. Filtering list entries
- 3.4. Viewing PNS logs
- 4. Registering new hosts
- 5. Networking, routing, and name resolution
- 6. Managing network traffic with PNS
- 6.1. Understanding Application-level Gateway policies
- 6.2. Zones
- 6.3. Application-level Gateway instances
- 6.3.1. Understanding Application-level Gateway instances
- 6.3.2. Managing Application-level Gateway instances
- 6.3.3. Creating a new instance
- 6.3.4. Configuring instances
- 6.3.5. Instance parameters — general
- 6.3.6. Instance parameters — logging
- 6.3.7. Instance parameters — rights
- 6.3.8. Instance parameters — miscellaneous
- 6.3.9. Increasing the number of running processes
- 6.4. Application-level Gateway services
- 6.5. Configuring firewall rules
- 6.6. Proxy classes
- 6.7. Policies
- 6.8. Monitoring active connections
- 6.9. Traffic reports
- 7. Logging with syslog-ng
- 8. The Text editor plugin
- 9. Native services
- 10. Local firewall administration
- 11. Key and certificate management in PNS
- 12. Clusters and high availability
- 13. Advanced MS and Agent configuration
- 13.1. Setting configuration parameters
- 13.1.1. Configuring user authentication and privileges
- 13.1.2. Configuring backup
- 13.1.3. Configuring the connection between MS and MC
- 13.1.4. Configuring MS and agent connections
- 13.1.5. Configuring MS database save
- 13.1.6. Setting configuration check
- 13.1.7. Configuring CRL update settings
- 13.1.8. Set logging level
- 13.1.9. Configuring SSL handshake parameters
- 13.2. Setting agent configuration parameters
- 13.3. Managing connections
- 13.4. Handling XML databases
- 14. Virus and content filtering using CF
- 15. Connection authentication and authorization
- 16. Virtual Private Networks
- 17. Integrating PNS to external monitoring systems
- A. Packet Filtering
- B. Keyboard shortcuts in Management Console
- C. Further readings
- C.1. PNS-related material
- C.2. General, Linux-related materials
- C.3. Postfix documentation
- C.4. BIND Documentation
- C.5. NTP references
- C.6. SSH resources
- C.7. TCP/IP Networking
- C.8. Netfilter/IPTables
- C.9. General security-related resources
- C.10. syslog-ng references
- C.11. Python references
- C.12. Public key infrastructure (PKI)
- C.13. Virtual Private Networks (VPN)
- D. Proxedo Network Security Suite End-User License Agreement
- D.1. 1. SUBJECT OF THE LICENSE CONTRACT
- D.2. 2. DEFINITIONS
- D.3. 3. LICENSE GRANTS AND RESTRICTIONS
- D.4. 4. SUBSIDIARIES
- D.5. 5. INTELLECTUAL PROPERTY RIGHTS
- D.6. 6. TRADE MARKS
- D.7. 7. NEGLIGENT INFRINGEMENT
- D.8. 8. INTELLECTUAL PROPERTY INDEMNIFICATION
- D.9. 9. LICENSE FEE
- D.10. 10. WARRANTIES
- D.11. 11. DISCLAIMER OF WARRANTIES
- D.12. 12. LIMITATION OF LIABILITY
- D.13. 13.DURATION AND TERMINATION
- D.14. 14. AMENDMENTS
- D.15. 15. WAIVER
- D.16. 16. SEVERABILITY
- D.17. 17. NOTICES
- D.18. 18. MISCELLANEOUS
- E. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License
List of Examples
- 3.1. Referring to components with variables
- 5.1. Referencing static and dynamic interfaces in firewall rules
- 6.1. Using the Internet zone
- 6.2. Subnetting
- 6.3. Finding IP networks
- 6.4. Customized logging for HTTP accounting
- 6.5. Overriding the target port SQLNetProxy
- 6.6. Overriding the target port SQLNetProxy
- 6.7. RFC-compliant proxying in Application-level Gateway
- 6.8. Virus filtering and stacked proxies
- 6.9. Defining a Detector policy
- 6.10. DNSMatcher for two domain names
- 6.11. Defining a RegexpMatcher
- 6.12. Blacklisting e-mail recipients
- 6.13. SmtpProxy class using a matcher for controlling relayed zones
- 6.14. Address translation examples using
- 6.15. Defining a Resolver policy
- 6.16. Using HashResolver to direct traffic to specific servers
- 7.1. Selecting log messages from Postfix using filter
- 7.2. Setting up a router
- 9.1. Forward-only DNS server
- 9.2. Split-DNS implementation
- 9.3. Special requirements on mail handling
- 10.1. Specifying the target IP address of a TCP destination
- 15.1. BasicAccessList
- A.1. Chaining
- A.2. Protection against spoof
List of Procedures
- 2.1.6.1. Content vectoring with CF
- 3.1.1. Defining a new host and starting MC
- 3.2.1.3.1. Adding new configuration components to host
- 3.2.3.1. Configuring general MC preferences
- 3.2.3.2. Configuring PNS Class Editor preferences
- 3.2.3.3. Configuring PNS Rules preferences
- 3.2.3.4. Configuring MS hosts
- 3.2.3.6.1. Defining variables
- 3.2.3.6.2. Editing variables
- 3.2.3.6.3. Deleting variables
- 3.3.1.1. Configuring PNS - the general process
- 3.3.4. Recording and commenting configuration changes
- 4.1. Bootstrap a new host
- 4.2.1. Reconnecting MS to a host
- 5.1.1.1. Configuring a new interface
- 5.1.2.1. Creating a VLAN interface
- 5.1.2.2. Creating an alias interface
- 5.1.3. Configuring bond interfaces
- 5.1.4. Configuring bridge interfaces
- 5.1.5.1. Configuring spoof protection
- 5.1.6.1.1. Creating interface activation scripts
- 5.1.6.2.1. Creating interface groups
- 5.1.6.3.1. Configuring interface parameters
- 5.3.1. Configure name resolution
- 6.2.2. Creating new zones
- 6.2.3.1. Organizing zones into a hierarchy
- 6.3.3. Creating a new instance
- 6.3.4. Configuring instances
- 6.3.9. Increasing the number of running processes
- 6.4.1. Creating a new service
- 6.4.2. Creating a new PFService
- 6.4.3. Creating a new DenyService
- 6.4.4. Creating a new DetectorService
- 6.4.5.1. Setting routers and chainers for a service
- 6.5.3. Finding firewall rules
- 6.5.4. Creating firewall rules
- 6.5.5. Tagging firewall rules
- 6.5.7. Connection rate limiting
- 6.6.1.1. Derive a new proxy class
- 6.6.1.2. Customizing proxy attributes
- 6.6.2. Renaming and editing proxy classes
- 6.6.3.1. Stack proxies
- 6.7.1. Creating and managing policies
- 6.7.5.1.1. Configuring NAT
- 6.9.1. Configuring PNS reporting
- 7.2.1. Configure syslog-ng
- 7.2.2.1.1. Set global options
- 7.2.2.2.1. Create sources
- 7.2.2.2.2. Create drivers
- 7.2.2.4.1. Set filters
- 7.2.2.5.1. Configure routers
- 7.2.3. Configuring TLS-encrypted logging
- 8.1.1. Configure services with the Text editor plugin
- 8.1.2. Use the additional features of Text editor plugin
- 9.1.2.1. Configuring BIND with MC
- 9.1.3. Setting up split-DNS configuration
- 9.2.1. Configuring NTP with MC
- 9.3.1.1. Configuring Postfix with MC
- 9.4.1. Enabling access to local services
- 10.8. Updating and upgrading your PNS hosts
- 10.10.1.1. Edit the Policy.py file
- 11.1.1.4.1. Procedure of encrypted communication and authentication
- 11.2.3.1. Creating a certificate
- 11.3.7.2. Creating a new CA
- 11.3.7.4. Signing CA certificates with external CAs
- 11.3.8.2. Creating certificates
- 11.3.8.3. Revoking a certificate
- 11.3.8.4. Deleting certificates
- 11.3.8.5. Exporting certificates
- 11.3.8.6. Importing certificates
- 11.3.8.7. Signing your certificates with external CAs
- 11.3.8.8. Monitoring licenses and certificates
- 12.4.1. Creating a new cluster (bootstrapping a cluster)
- 12.4.2. Adding new properties to clusters
- 12.4.3. Adding a new node to a PNS cluster
- 12.4.4. Converting a host to a cluster
- 12.5.3.1. Configure Heartbeat
- 12.5.3.2. Configure additional Heartbeat parameters
- 12.5.4. Configuring Heartbeat resources
- 12.5.5. Configuring a Service IP address
- 13.1.1.1. Add new users
- 13.1.1.2. Deleting users
- 13.1.1.3. Changing passwords
- 13.1.1.4.1. Editing user privileges
- 13.1.1.5.1. Modifying authentication settings
- 13.1.2.1. Configuring automatic MS database backups
- 13.1.2.2. Restoring a MS database backup
- 13.1.3.1. Configuring the bind address and port for MS-MC connections
- 1. Using linking for the IP address
- 13.1.4. Configuring MS and agent connections
- 13.1.5. Configuring MS database save
- 13.1.8. Set logging level
- 13.1.9. Configuring SSL handshake parameters
- 13.2.3. Configuring logging for agents
- 13.2.4. Configuring SSL handshake parameters for agents
- 13.3.3. Administering connections
- 13.3.4. Configuring recovery connections
- 14.2.1.1. Creating a new module instance
- 14.2.2.1. Creating a new scanpath
- 14.2.3.1. Creating and configuring routers
- 14.2.4.1. Configuring communication between PNS proxies and CF
- 15.1.2.1. Outband authentication using the Authentication Agent
- 15.3.1.1.1. Creating a new instance
- 15.3.2.1. Configuring communication between PNS and AS
- 15.3.2.2. Configuring PNS Authentication policies
- 15.3.3.1. Configuring authorization policies
- 16.2.1. Using VPN connections
- 16.3.1. Configuring IPSec connections
- 16.3.3. Forwarding IPSec traffic on the packet level
- 16.4.1. Configuring SSL connections
- 16.4.2.1. Configuring the VPN management daemon
- 17.1. Monitoring PNS with Munin
- 17.2. Installing a Munin server on a MS host
- 17.3. Monitoring PNS with Nagios
- A.4.4.1. Using Rule Search
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
