14.2.4.1. Procedure – Configuring communication between PNS proxies and CF - - Proxedo Network Security Suite 2 Administrator Guide

14.2.4.1. Procedure – Configuring communication between PNS proxies and CF

First, the connection settings of CF have to be configured in the Bind section on the Global tab of the Content vectoring MC component. Specify either the IP address/port pair on which CF should accept connections, or the Local radiobutton if CF will communicate with PNS through UNIX domain sockets.

Note
The same bind settings will have to be used when the Stacking provider is configured in the Policies tab of Application-level Gateway MC component (see Section 6.7.9, Stacking providers for details). These settings are required because PNS and CF do not necessarily run on the same hosts.

Figure 14.23. The connection settings of CF

Navigate to the Policies tab of the Application-level Gateway MC component and create a new Stacking Provider. Specify the same connection settings to this stacking provider as set to CF in the previous step.

Note
A Stacking provider can contain the connection parameters (that is, IP/port pair) of multiple CF hosts. If more than one hosts are specified, PNS will automatically balance the load sent to these hosts using the round-robin algorithm.

Figure 14.24. The connection settings of PNS and CF 1/2

Figure 14.25. The connection settings of PNS and CF 2/2

Navigate to the Proxies tab of the Application-level Gateway MC component, and select the proxy class that will send the data to CF for inspection. This can be an existing or a newly derived proxy class (for example, MyFtpProxy).
Figure 14.26. Using the Stacking provider in a proxy
Add the desired stack attribute of the proxy to the Changed config attributes (for example, self.request_stack). For details on the stack attributes of the different proxy classes see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 2 Reference Guide.
Select the stack attribute and click on Edit. Click on New, and add a key identifying the element of the particular protocol that should be sent over to CF for inspection (for example, the * parameter). For details, see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 2 Reference Guide.
Figure 14.27. Adding a key, identifying an element of a protocol
Enable stacking by setting the Type attribute to type_ftp_stk_data of the key using the combobox of the Type column, then click Edit.
Click on Edit, select the PNS_stack attribute in the appearing window, and click again on Edit.
Figure 14.28. Stacking a provider
Set Stacking type to Stacking provider. Select the stacking provider configured in Step 2 from the Provider combobox, and the rule group to be used from the Stacking information combobox.
Figure 14.29. Selecting the stacking provider and the rulegroup

Previous	Up	Next
	Home

Proxedo Network Security Suite 2 Administrator Guide

14.2.4. Configuring PNS proxies to use CF