All rights reserved | www.edge-core.com § Learn the fundamental concepts of Big Monitoring Fabric inline § How to work in BMF inline mode? § Create service chain § Create service § Insert Firewall service instance in chain § Insert SPAN service in chain
All rights reserved | www.edge-core.com § Action 1. Right click Big Monitoring Fabric (BMF) Controller icon 2. Select the “Controller GUI” § Default controller username/password is “admin/bsn123”
Networks. All rights reserved | www.edge-core.com § Setting deployment to Big Chain mode § Default deployment is Big Tap mode § Action 1. Navigate to Fabric -> Switches 2. Click 3. Choose Deploy for Big Chain Default deployment, Need to change to Big Chain mode 1 2 3
| www.edge-core.com § Traffic will be block if no chain is defined over the switch ports connecting the hosts § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 1 2 3
reserved | www.edge-core.com § Logical, Layer-1, bidirectional wire that connects WAN (untrusted) device and LAN switch (trusted) § Multiple services may be assign to a chain § Firewalls § IPS § Web Proxy § Without services, the chain letting all traffic through in both directions, without modifying packets Chain IPS: Intrusion Prevention System
Networks. All rights reserved | www.edge-core.com § Service instance § A pair of switch ports that are connected to an inline tool (FW, IPS…etc) § Services § Include one or more service instances § Apply to specific subsets of chains, for enhanced tool performance § Configure with Health Check to alert for tool failure
All rights reserved | www.edge-core.com § Action 4. Naming Firewall_Service 5. For action choose Use Service, and For traffic type All 6. Click submit to finish 4 5
Networks. All rights reserved | www.edge-core.com § By default, the Firewall will drop all ICMP echo requests (type 8) § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network § PING should fail in either direction § Firewall drops ICMP echo requests 1 3
Networks. All rights reserved | www.edge-core.com § Real time response § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 1 2 3
All rights reserved | www.edge-core.com § Action 4. Naming Wireshark, and click Next 5. Click to add rules 6. Select all traffic with Match All Traffic, click Append then Submit to finish 5 4 6
reserved | www.edge-core.com § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 4. Right click the Wireshark icon and choose Real-time Capture 4 3 Wireshark Output Result