14.2.4.1. Procedure – Configuring communication between PNS proxies and CF

  1. First, the connection settings of CF have to be configured in the Bind section on the Global tab of the Content Filtering MC component. Specify either the IP address/port pair on which CF should accept connections, or the Local radiobutton if CF will communicate with PNS through UNIX domain sockets.

    Note

    The same bind settings will have to be used when the Stacking provider is configured in the Policies tab of Application-level Gateway MC component (see Section 6.7.12, Stacking providers for details). These settings are required because PNS and CF do not necessarily run on the same hosts.

    The connection settings of CF

    Figure 14.23. The connection settings of CF

  2. Navigate to the Policies tab of the Application-level Gateway MC component and create a new Stacking Provider. Specify the same connection settings to this stacking provider as set to CF in the previous step.

    Note

    A Stacking provider can contain the connection parameters (that is, IP/port pair) of multiple CF hosts. If more than one hosts are specified, PNS will automatically balance the load sent to these hosts using the round-robin algorithm.

    The connection settings of PNS and CF 1/2

    Figure 14.24. The connection settings of PNS and CF 1/2

    The connection settings of PNS and CF 2/2

    Figure 14.25. The connection settings of PNS and CF 2/2

  3. Navigate to the Proxies tab of the Application-level Gateway MC component, and select the proxy class that will send the data to CF for inspection. This can be an existing or a newly derived proxy class (for example, MyFtpProxy).

    Using the Stacking provider in a proxy

    Figure 14.26. Using the Stacking provider in a proxy

  4. Add the desired stack attribute of the proxy to the Changed config attributes (for example, self.request_stack). For details on the stack attributes of the different proxy classes see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 2 Reference Guide.

  5. Select the stack attribute and click on Edit. Click on New, and add a key identifying the element of the particular protocol that should be sent over to CF for inspection (for example, the * parameter). For details, see the description of the proxy class in Chapter 4, Proxies in Proxedo Network Security Suite 2 Reference Guide.

    Adding a key, identifying an element of a protocol

    Figure 14.27. Adding a key, identifying an element of a protocol

  6. Enable stacking by setting the Type attribute to type_ftp_stk_data of the key using the combobox of the Type column, then click Edit.

  7. Click on Edit, select the PNS_stack attribute in the appearing window, and click again on Edit.

    Stacking a provider

    Figure 14.28. Stacking a provider

  8. Set Stacking type to Stacking provider. Select the stacking provider configured in Step 2 from the Provider combobox, and the rule group to be used from the Stacking information combobox.

    Selecting the stacking provider and the rulegroup

    Figure 14.29. Selecting the stacking provider and the rulegroup