Table Of Contents
Symbols - Numerics - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z
Index
Symbols
# (number sign) 12-8
* (wildcard) 3-6, 6-4, 12-8
Numerics
1 Gbps and 3 Gbps bandwidth options
configuration differences 1-8
displaying software license key 13-2
displaying software version 13-2
understanding 1-7
upgrading to 3 Gbps 14-16
3 Gbps operation upgrade
configuring proxies 14-18
regenerating SSL certificates 14-18
updating existing port interface configurations 14-18
A
AAA
accounting 4-13
authentication 4-5
authorization 4-10
configuring 4-3
aaa accounting command 4-13
aaa authentication command 4-5
aaa authorization command 4-10
accounting, configuring 4-12
action command 8-19
action flow 12-11
activation
activation-extent command 10-7
activation-interface command 10-5
interface 10-4
method 10-4
sensitivity 10-7
add-service command 8-9
admin privilege level 3-2, 4-6
advertised routes, viewing 5-7, 5-11, 5-15
always-accept 8-21
always-ignore 8-21
analysis protection level 1-5, 8-10
anomaly
detected 12-3
flow 12-8
anomaly detection engine memory usage 13-24, 13-26
anti-spoofing 1-3
anti-spoofing drop statistics 15-7
anti-zombie 1-3
AP
booting to 2-9
clearing configuration 14-19
clearing passwords 14-19, 14-22
upgrading 14-10
upgrading, inline 14-13
application partition
See AP
attack-detection command 10-9
attack report
copying 12-12
detected anomalies 12-3
exporting 12-11, 12-12
exporting automatically 12-12
layout 12-1
malicious packets statistics 12-2
mitigated attacks 12-4
notify 12-8
statistics 12-2
timing 12-1
viewing 12-8, 15-4
attack reports
exporting 14-6
attack statistics 15-5
attack type
client 12-5
malformed packets 12-6
mitigated attack 12-9
user defined 12-6
zombie 12-5, 12-7
authentication, configuring 4-5
authorization
disabling zone command completion 4-12, 6-6
authorization, configuring 4-8, 4-9
auth packet types 8-11
automatic protection mode 10-3
automatic protect mode 1-5, 10-3, 11-1
B
bad packets to proxy drop statistics 15-7
bandwidth options
configuration differences 1-8
displaying software license key 13-2
displaying software version 13-2
understanding 1-7
upgrading to 3 Gbps 14-16
banner
configuring login 4-29
basic
user filter actions 7-14
basic protection level 1-5, 8-10
Berkeley Packet filter 7-8
block dynamic filter actions 7-19
block-unauthenticated policy action 8-19
boot command 2-9
burn flash 14-15
bypass filter
command 7-11
configuring 15-4
definition 1-5, 7-2
deleting 7-13
displaying 7-12
C
capture, packets 13-13
caution, symbol overview 1-xv
CFE 14-11, 14-14, 14-15
clear ap config command 14-19
clear ap password command 14-19, 14-22
clear counters command 3-10, 13-6
clear log command 13-10
CLI
changing prompt 4-24
command shortcuts 3-6
error messages 3-5
getting help 3-5
issuing commands 3-3
TAB completion 3-6
using 3-1
client attack 12-9
client attack mitigated attacks 12-5
command completion 4-12
command line interface
See CLI 3-1
command shortcuts 3-6
comparator 7-3
config privilege level 3-2, 4-6
configuration
file
copying 14-3
exporting 14-3
importing 14-4
viewing 13-3
importing 14-4
saving supervisor engine 2-1
configuration, accessing command mode 4-11
configuration mode 3-2
configure command 2-7, 3-7
constructing policies 9-4
copy command
packet-dump 13-16
copy commands
ftp running-config 14-4
log 13-8, 13-9
reports 12-12
running-config 6-11, 14-3
zone log 13-9
copy-from-this 6-5
copy guard-running-config command 6-10
copy login-banner command 4-29
copy-policies command 9-17
copy wbm-logo command 4-31
counters
clearing 3-10, 13-6
history 13-5
counters, viewing 13-5
cpu utilization 13-24
D
DDoS
attack classification 15-5
nonspoofed attacks 1-3
overview 1-2
spoofed attacks 1-2
zombies 1-3
deactivate command 10-11
deactivating commands 3-4
deactivating protection 10-9
default configuration, returning to 14-19
default-gateway command 3-11
default zone 10-6
description command 6-6
detected
anomalies 12-3
flow 12-11
diff command 9-14, 9-15
disable command 8-6
disabling
automatic export 14-7
distributed denial of service
See DDoS
diversion
command 5-5, 5-6
configuring inline 5-8
configuring out-of-path 5-11
definition 5-1
hijacking 5-4
injection 5-5, 5-16
mechanism 5-3
network configuration 5-2
restoring default values 5-5
troubleshooting 15-2
viewing advertised routes 5-7, 5-11, 5-15
DNS
detected anomalies 12-3
drop statistics 15-6, 15-7
TCP policy templates 8-2
drop
dynamic filter action 7-18
policy action 8-19
statistics 15-6
user filter action 7-14
dropped packets
learning 9-2
drop-statistics command 15-5
dst traffic characteristics 8-11
dynamic filter
1000 and more 7-20
actions 7-18
command 7-21, 7-22
deactivating 7-23
definition 1-5
deleting 7-22, 15-4
displaying 7-19, 15-3
displaying events 13-8
inactivating 15-4
overview 7-2, 7-18
preventing production of 7-23
sorting 7-19
terminating 7-23
zone malicious rate 7-23
dynamic filters 11-1
dynamic privilege level 3-2, 4-6
E
enable
command 4-10, 8-6
password command 4-9
enabling services 4-2
even log
deactivating 13-8
event log
activating 13-7
event monitor command 13-7
export
disabling automatic 14-7
export command 14-6
packet-dump 13-15
reports 12-12
exporting
configuration file 14-3
log file 13-9
reports automatically 12-12
exporting GUARD configuration 6-10
extracting signatures 13-19
F
facility 13-8
file server
configuring 14-2
file-server
command 14-2
configuring 14-2
deleting 14-2
displaying 14-3, 14-7
file server, displaying sync-config 14-7
filter rate
termination threshold 7-24
filters
bypass 1-5, 7-11
dynamic 1-5, 7-2, 7-18
flex-content 1-5, 7-3
user 1-5, 7-13
filter-termination command 7-23
fixed-threshold 8-15
flash-burn command 14-15
flex-content filter
configuring 7-4
default configuration 13-33
definition 1-5, 7-2
displaying 7-9
dropped 15-6
filtering criteria 7-3
renumbering 7-4
fragments
detected anomalies 12-3
policy template 8-2
G
generating signatures 13-19
global mode 3-2
global traffic characteristics 8-12
Guard
configuring multiple 2-10
self protection 13-32
GUARD_DEFAULT 6-2
GUARD_LINK 6-2
GUARD_TCP_NO_ PROXY 6-3
GUARD_VOIP 6-3
GUARD configuration, exporting 6-10
GUARD configuration, importing 6-11
Guard module configuration
resetting 14-23
H
high availability 2-11
host, logging 13-9
host keys
deleting 4-20, 4-21
hostname
changing 4-24
command 4-24
HTTP
detected anomalies 12-3
policy template 8-2
hw-module command 14-10, 14-11, 14-12, 14-13, 14-19, 14-22
hw-module commands 2-8
hybrid 12-9
I
idle session, configuring timeout 4-32
idle session, displaying timeout 4-32
importing
configuration 14-4
importing GUARD configuration 6-11
incoming TCP drop statistics 15-6
injecting
VRF 5-17
injecting, tunnel 5-19
inline upgrade 14-13
in packet types 8-11
installation
verifying 2-2
interactive
operation mode 11-4
policy status 8-21
interactive protection mode 10-4
interactive protect mode 1-5, 10-4, 11-1
interactive-status command 8-20
interface
activating 3-7, 3-8
clearing counters 3-10
command 3-8, 3-9
configuration mode 3-2
configuring IP address 3-8
ip address
modifying, zone 6-8
IP address command
excluding 6-7
ip address command
deleting 6-8
interface 3-8
zone 6-7, 10-3
ip route command 3-11
IP scan
detected anomalies 12-3
policy template 8-2
IP threshold configuration 8-17
K
key
generating for license 14-17
key command
add 4-21
generate 4-23
remove 4-22
L
land attack drop statistics 15-7
layer 3 interface
configuring on VLAN 2-6
learning
command 9-6, 9-7
constructing policies 9-4
dropped packets 9-2
policy-construction command 9-5
synchronizing results 9-3
terminating process 9-6, 9-7
threshold-tuning command 9-6
tuning thresholds 9-6
learning accept command 9-5, 9-7
learning params
threshold-selection command 9-10
learning-params
deactivating periodic action 9-7
deactivating periodic-action command 9-5
periodic-action command 9-5, 9-7, 9-9
threshold-multiplier command 8-15
threshold-selection command 9-7
threshold-tuned command 6-8, 9-11
learning-params fixed-threshold command 8-15
licenses
generating key 14-17
ordering XG upgrade license 14-17
LINK templates 9-4
load sharing 2-10
log file
clearing 13-10
exporting 13-8, 13-9
viewing 13-9
logging, viewing configuration 13-9
logging command 13-8
login banner
configuring 4-29
deleting 4-30
importing 4-29
login-banner command 4-29
logo, adding WBM 4-30
logo, deleting WBM 4-31
M
maintenance partition
See MP
malformed packets 12-9
mitigated attacks 12-6
malformed packets drop statistics 15-7
malicious packets statistics
attack report 12-2
malicious rate termination threshold 7-23
management
MDM 3-15
overview 3-13
port 3-7
SSH 3-15
WBM 3-13
max-services command 8-5
MDM
activating 3-15
memory consumption 13-24
memory usage, anomaly detection engine 13-24, 13-26
MIB, supported 4-1
min-threshold command 8-5
mitigated attacks
client attack 12-5
malformed packets 12-6
overview 12-4
spoofed 12-4
user defined 12-6
monitoring
network traffic 13-15, 13-16
MP
booting to 2-9
upgrading 14-12
upgrading, inline 14-13
mtu command 3-8, 3-10
multiple Guards
configuring 2-10
N
netstat command 13-27
network server
configuring 14-2
deleting 14-2
displaying 14-3, 14-7
network server, displaying sync-config 14-7
no learning command 9-6, 9-7
non DNS drop statistics 15-7
nonspoofed attacks 1-3
no proxy policy templates 8-4
note, symbol overview 1-xv
notify 12-8
notify policy action 8-20
ns policy templates 8-4
num_sources packet type 8-11
O
other protocols
detected anomalies 12-3
policy template 8-2
other protocols drop statistics 15-6
out_pkts packet types 8-11
outgoing TCP drop statistics 15-6
P
packet-dump
auto-capture command 13-13
automatic
activating 13-12
deactivating 13-13
displaying settings 13-13
exporting 13-15, 13-16, 14-6
signatures 13-20
packet-dump command 13-13
packets, capturing 13-13
password
changing 4-7
enabling 4-9
encrypted 4-6
recovering 14-19, 14-22
recovering from a lost password condition 14-20
pending 11-1
pending dynamic filters 11-1, 11-2
displaying 11-3, 11-6
periodic action
accepting policies automatically 9-5, 9-7
deactivating 9-5, 9-7
permit
command 3-14, 3-15, 4-3
user filter action 7-13
permit ssh command 4-20
ping command 13-30
pkts packet type 8-11
policy
action 8-12, 8-19, 8-20
activating 8-13
adding services 8-8
backing up current 8-24, 9-18
command 8-12
configuration mode 3-3
constructing 1-4, 9-2, 9-4
copying parameters 9-17
copy-policies 9-17
deleting services 8-9
disabling 8-13
inactivating 8-13
learning-params, fixed-threshold command 8-15
marking as tuned 6-8, 9-11
marking threshold as fixed 8-15
multiplying thresholds 8-16, 15-3
navigating path 8-12
packet types 8-10
proxy threshold 8-18
show statistics 8-22
state 8-13
threshold 8-12, 8-14
threshold-list command 8-17
timeout 8-12, 8-18
traffic characteristics 8-11
tuning thresholds 1-4, 9-2, 9-6
using wildcards 8-12, 8-21, 8-23
viewing 15-3
viewing statistics 9-8
policy set-timeout command 8-19
policy template
command 8-4, 8-6
configuration command level 8-4
configuration mode 3-3
displaying list 8-4
max-services 8-5
min-threshold 8-5
overview 8-2
parameters 8-4
state 8-6
policy-template add-service command 8-9
policy-template remove service command 8-9
port scan
detected anomalies 12-3
policy template 8-2
power enable command 2-9
privilege levels 3-2
assigning passwords 4-9
moving between 4-10
protect
activating 3-12
automatic mode 1-5, 10-3, 11-1
command 10-10
deactivating 10-11
deactivating automatically 10-9
entire zone 10-10
interactive mode 1-5, 10-4, 11-1
specific IP 10-11
specific ip address 10-11
specific zone IP 10-10
specific zone ip address 10-10
protect command 10-11
protection
activation sensitivity 10-7
protection-end-timer command 10-9
protection level
analysis 1-5, 8-10
basic 1-5, 8-10
strong 1-5, 8-10
protection levels
overview 8-10
protect learning command 9-6
protect-packet command 10-7
protocol traffic characteristics 8-12
proxy
command 3-13
configuring 3-12
no proxy policy templates 8-4
proxy-threshold command 8-18
public-key
displaying 4-23
R
rate-limit command 6-6, 7-11
Rate Limiter
dropped 15-6
rates
history 13-4
rates, viewing 13-4
reactivate-zones 14-8
rebooting
parameters 14-8
recommendations 11-1
accepting 11-7
activating 11-4, 11-7
change decision 8-20
command 11-7
deactivating 11-3, 11-8
displaying 11-4
dynamic filters 11-1
ignoring 11-7
overview 11-1
receiving notification 11-4
viewing 11-5
viewing pending-filters 11-3, 11-6
redirect/zombie
dynamic filter action 7-19
policy action 8-20
redundancy 2-10, 2-11
reload command 14-7
remove service command 8-9
renumbering flex-content filters 7-4
renumbering user filters 7-14
replied packets 12-2
report
See attack report 12-1
reports
details 12-8
displaying subzones 10-8
exporting 14-6
reqs packet type 8-11
reset command 2-8
routing table
manipulation 3-11
viewing 3-12
RTP/RTCP 6-3
running-config
copy 6-11, 14-3, 14-4
show 13-3
S
self-protection command 13-33
service
adding 8-8
command 3-14, 3-15, 4-2
copy 9-17
deleting 8-9
MDM 3-15
permissions 4-3
snmp-trap 4-24
WBM 3-14
services
enabling 4-2
session, configuring timeout 4-32
session, displaying idle timeout 4-32
session timeout, disabling 4-32
session-timeout command 4-32
set-action 8-20
show commands
counters 13-5
cpu 13-24
diagnostic-info 13-22
drop-statistics 15-5
dynamic-filters 7-19, 15-3
file-servers 14-3, 14-7
flex-content-filter 7-9
host-keys 4-21
learning-params 8-15
log 13-9
log export-ip 13-9
logging 13-9
login-banner 4-29
memory 13-24
module 2-2, 14-10, 14-12
packet-dump 13-13
packet-dump signatures 13-20
policies 8-21, 15-2, 15-3
policies statistics 8-22, 9-8
public-key 4-23
rates 13-4, 15-1
recommendations 11-5
recommendations pending-filters 11-3, 11-6
reports 15-4
reports details 12-8
running-config 13-3
show 13-4
sorting dynamic-filters 7-19
sync-config file-servers 14-7
templates 6-4
zone policies 8-21
show privilege level 3-2, 4-6
show public-key command 4-23
shutdown command 3-8
signature
generating 13-19
SIP
detected anomalies 12-3
drop statistics 15-7
malformed packets 12-7
policy template 8-3
spoofed attacks 12-5
user filter action 7-14
zone template 6-3
snapshot
backing up policies 8-24, 9-18
command 9-13
comparing 9-14
deleting 9-16
displaying 9-16
saving 9-13, 9-14
snapshot command 9-13
snapshots
save periodically 9-9
SNMP
accessing 4-1
configuring trap generator 4-24
traps description 4-25
snmp commands
community 4-28
trap-dest 4-24
software license key
displaying key information 13-2
software version number, displaying 13-2
specific IP threshold 8-17
spoofed attack 12-9
spoofed attacks 1-2, 12-4
src traffic characteristics 8-12
SSH
configuring 3-15
deleting keys 4-22
generating key 4-23
service 3-15
state command 8-13, 15-4
static route
adding 3-11
strong
dynamic filter action 7-18
policy action 8-19
protection level 1-5, 8-10
user filter action 7-14
subzone 10-8
supervisor engine
booting 2-9
configuring 2-1
configuring VLANs 2-3
powering off 2-9
resetting 2-8
saving configuration 2-1
shutting down 2-8
verifying configuration 2-9
supervisor module
supported versions 14-8
syn_by_fin packet type 8-11
syns packet type 8-11
syslog
configuring export parameters 13-8
configuring server 13-9
message format 13-8
system log
message format 13-8
T
TACACS+
authentication
key generate command 4-18, 4-20
clearing statistics 4-16
configuring server 4-13
server connection timeout 4-16
server encryption key 4-15
server IP address 4-14
viewing statistics 4-16
tacacs-server commands
clear statistics 4-16
first-hit 4-13
host 4-13, 4-14
key 4-13, 4-15
show statistics 4-16
timeout 4-14, 4-16
TCP
detected anomalies 12-3
drop statistics 15-6, 15-7
no proxy policy templates 8-4
policy templates 8-2
templates
LINK 9-4
viewing policies 6-4
zone 6-2
thresh-mult 8-16, 15-3
threshold
command 8-14
configuring IP threshold 8-17
configuring list 8-17
configuring specific IP 8-17
filter rate termination 7-23
malicious rate termination 7-23
marking as tuned 6-8, 9-11
multiplying 15-3
multiplying before accepting 8-15
selection 9-13
setting as fixed 8-15
tuning 1-4, 9-2
threshold-list command 8-17
threshold selection 9-7
threshold tuning
save results periodically 9-9
timeout command 8-18
timeout session, configuring 4-32
timeout session, disabling 4-32
timesaver, symbol overview 1-xv
tip, symbol overview 1-xv
to-user-filters
dynamic filter action 7-18
policy action 8-19
traceroute command 13-29
traffic
monitoring 13-15, 13-16
trap 13-8
trap-dest 4-24
tuning policy thresholds 9-6
U
UDP
detected anomalies 12-3
drop statistics 15-6
policy templates 8-3
unauthenticated drop statistics 15-6
unauth_pkts packet type 8-11
unauthenticated TCP detected anomalies 12-3
upgrade command 14-19
upgrade license 14-17
upgrading
AP 14-10
inline 14-13
MP 14-12
user
detected anomalies 12-3
user defined mitigated attacks 12-6
user filter
actions 7-13, 7-18
command 7-4, 7-14, 7-15
configuring 7-13
definition 1-5, 7-1
deleting 7-18
displaying 7-17
renumbering 7-14
username
encrypted password 4-6
username command 4-6
users
adding 4-6
adding new 4-6
assigning privilege levels 4-6
deleting 4-8
privilege levels 3-2, 4-9
system users
admin 2-7
riverhead 2-7
username command 4-6
V
version, upgrading 14-19
VLAN
administrative 2-5
assigning 2-4
configuring 3-9
configuring layer 3 interface 2-6
configuring on supervisor engine 2-3
Voice over IP
See VoIP
VoIP
detected anomalies 12-3
drop statistics 15-7
malformed packets 12-7
policy template 8-3
spoofed attacks 12-5
user filter action 7-14
zone template 6-3
VPN Routing and Forwarding, See VRF
VRF, configuring injection 5-17
W
WBM
activating 3-13
WBM logo
adding 4-30
deleting 4-31
X
XG software image for 3 Gbps operation
obtaining software image 14-17
XG software license key 14-17
XG software version, 3 Gbps operation 14-16
XML schema12-12to 12-14, 14-7
Z
zombie 12-9
packet counter 13-5
zombie attack 12-10
zombies 1-3
zone
blocking criteria 15-3
blocking flows 15-2
clearing counters 13-6
command 6-4, 6-5, 11-4
command completion 4-12, 6-6
comparing 9-15
configuration mode 3-3, 6-5
copying 6-5
creating 6-4
creating default 10-6
defining IP address 6-7
definition 6-1
deleting 6-4
deleting IP address 6-8
duplicating 6-5
excluding IP address 6-7
IP address 6-7
LINK templates 9-4
malicious rate 10-9
modifying IP address 6-8
operation mode 6-4
protecting 10-2
reconfiguring 6-5
sub 10-8
synchronize configuration 6-8
synchronizing offline 6-10
templates 6-2
viewing configuration 6-7
viewing policies 8-21
viewing status 13-4
zone-malicious-rate 7-23
zone policy
marking as tuned 6-8, 9-11
zone protection
terminating 10-11
zone synchronization 9-3