Shulou(Shulou.com)06/01 Report--

[if you have any questions in the experiment, please follow the official Wechat account "IT backyard" and leave me a message, and I will take the time to answer your questions.)

1. Configuration requirement

As shown in the following group diagram, ACG1000 needs to be added to the original network to audit the Internet behavior of intranet PC users, so ACG1000 is deployed into the original network by bypass mode. In order to better analyze and manage logs, the logs generated by ACG1000 need to be output to the log analysis server for analysis and management.

two。 Network topology

IP allocation

PC:192.168.1.10

ACG1000:192.168.1.11

Log Analysis Server: 192.168.1.12

Gateway: 192.168.1.254

Detailed configuration of 3.ACG1000

3.1Log in to the web administration interface

The default address of the device management port (ge0) is configured as 192.168.1.1 ax 24. PING,HTTPS operations on this interface are allowed by default. Interconnect the terminal with the device ge0 port, open a browser in the terminal and enter https://192.168.1.1 to log in to the device management interface. The default user name and password is admin.

3.2 configure bypass interfac

Select "system Administration" > "deployment method" > "bypass deployment" check the ge1 interface, and select "OK" in the pop-up dialog box.

3.3.Configuring interface IP

Select "Network configuration" > "Interface" > "physical Interface" to change the ge1 interface IP address to 192.168.1.11 Center-monitor 24, then select the management mode as "submit" and click "submit".

Select Network configuration > routing > static Route > New to create a static route. The destination address and mask are set to 0.0.0.0 (representing all network segments), and the next-hop address is configured with 192.168.1.254 (router downlink interface address). Click submit when the configuration is complete.

3.4.Configuring IPV4 policies

Select "online behavior Management" > "Policy configuration" > "IPV4 Policy" > "New" to create an audit policy.

Create a new application audit policy to audit all applications.

Create a new URL audit policy to audit all websites, and select submit to complete all configurations after configuration.

3.3 configure log output

Check "enable" and configure the server's IP address 192.168.1.12 in "system Management à Log Settings à Log Server" and click "submit". Ensure that the server address can communicate with the ACG1040 device properly.

3.5 Save configuration

Click Save configuration in the upper right corner of the device management interface to save the current configuration.

4. Log analysis and management platform configuration

4.1 install the log analysis and management platform

First of all, you need to download and install the software "H3C SecPath ACG1000 Log Analysis and Management platform" on China's three official website www.h4c.com.cn "Product support and Services\ Software download\ Security". (software version download account: yx800 password: 01230123)

After the download is complete, extract the version file to your computer, and then double-click "setup.exe" to start the installation. Please follow the installation prompts to complete the software installation.

After the installation is successful, launch the browser and enter login information. Launch an IE browser on PC (IE9.0 or above is recommended). For example, the installation server enters http://127.0.0.1 in the address bar or uses the server's IP address http://192.168.1.12 and then clicks the "Enter" key to enter the login page of the SecPath ACG1000 log analysis and management platform shown in the following figure.

Enter the default user name "super" and password "super.123" of the system, enter the verification code, and click the "login" button to enter the ACG1000 Manager and manage the operation.

4.2 add ACG Devic

Select "device Management-> device Management" in the navigation bar of the page of ACG Log Analysis and Management Center, select add "device" to add ACG1000 device, enter the IP address "192.168.1.11" of the device, and click "OK" with the account password of "admin/admin".

If you successfully add an ACG1040 device, you can view the CPU, memory and disk information of the ACG1000. Click "WEB Management" on the management platform to directly enter the management page of the managed ACG1040.

4.3 View Log

After the management platform successfully manages the ACG1000, you can view the ACG1000 audit log below in the management platform.

Reprint is allowed, but you must indicate the link between the publication office and the original text, otherwise its legal liability will be investigated. Thank you for your cooperation!

(original blog: https://blog.51cto.com/11179786)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.