Intel A31032-001 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Intel A31032-001, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Intel A31032-001 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Intel A31032-001. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Intel A31032-001 should contain:
- informations concerning technical data of Intel A31032-001
- name of the manufacturer and a year of construction of the Intel A31032-001 item
- rules of operation, control and maintenance of the Intel A31032-001 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Intel A31032-001 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Intel A31032-001, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Intel service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Intel A31032-001.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Intel A31032-001 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Intel® NetS tructure™ 71 10/71 15 e-Commerce Accelerator V ersion 2.3 User Guide A31032-001[...]

  • Page 2

    Copyright Copyrigh t © 2000 Inte l Corporation. Al l Rights Re served. This User Guide as well as the software described in it is furn ished under li cense an d ma y only b e u sed or c opied in ac cordanc e with t he terms of th e license. T he i nformat ion in thi s manual is fu rnished for informati onal use only, is sub ject to change wit hout[...]

  • Page 3

    T able of Content s Chapter 1: Introduction About this User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 New in This Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Who Should Use this Book . . . . . . . . . . . . . . . . . . . .[...]

  • Page 4

    C O N T E N T S Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide iv Network and Server LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Inline LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Admin Terminal Connection . . . . .[...]

  • Page 5

    Table of Contents v Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Automapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Automapping with user-specified key and certificate . . . . . . . . . . . . . . . . . . 3-22[...]

  • Page 6

    C O N T E N T S Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide vi Command Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 Help Commands . . . . .[...]

  • Page 7

    Table of Contents vii Specifying SNMP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18 Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 Trap Community String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20 Access[...]

  • Page 8

    C O N T E N T S Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide viii Chapter 9: Troubleshooting Appendix A: F ront Panel Buttons and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Front Panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 9

    List of Figures Mounting Bracket Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Wiring Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Front Panel Connectors and LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 10

    F I G U R E S Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide xii Intel’s MIB Tree (top level) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 Front Panel Connectors, Controls, and Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Front Panel Detail: Failure/Bypass [...]

  • Page 11

    Intr oduction Congra tulations on yo ur choice of th e Intel® NetSt ructure™ 7110 / 7115 e-Commerce A ccelerato r. The processing of secure t r ansactio ns throu gh Secure Sock et Layer (SS L) can occupy up to 90% of even the largest servers’ CPU power and can degrade response ti me signifi cant ly. The 71 10/ 711 5 pr ov ide s a completely t [...]

  • Page 12

    C H A P T E R 1 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 1-2 New in This Release New features in the Intel® NetStructure™ 7 110/7115 e-Commerce Accelerator includ e: • Impro ved performance : Threefo ld in crease in SSL connect ions proc e sse d per s eco nd— fro m 200 to 600 (71 15 only) • Mor e certificate [...]

  • Page 13

    C H A P T E R 1 Who Should Use this Book 1-3 • Monitori ng : Users can now c onfigure the 7110/71 15 to send periodic multi-status reports to th e administration console or a remote managemen t session (Telnet an d SSh). Monitor reports include such informa tion as: • Inline/ bypass mode • Failsafe/fai lthrough mode •C P U s t a t u s • S[...]

  • Page 14

    C H A P T E R 1 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 1-4 How to Use this Book The informat ion in this bo ok is organized as f ollows: • Chapter 1: Intr oduction provides an introduction a nd overview of the 7110/7 115, and a summary of n ew features. • Chapter 2: Installati on and Initia l Configu ration cont[...]

  • Page 15

    C H A P T E R 1 How to Use this Book 1-5 • Appendix E: T erms and Conditions contains t he software license and ter ms and conditions of u ser of this produ ct. • Glossary def ines ter ms appearing in this User Gu ide.[...]

  • Page 16

    C H A P T E R 1 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 1-6 Notes[...]

  • Page 17

    Installation and Initial Configuration Intel® NetStruct ure™ 7110/7115 e-Commerce Accel erator installa tio n and in itial confi guration in struct ions are in th is chapt e r. Before Y ou Begin WARNING: Do not remove the co ver. There are no user-servi cable parts inside. Before y ou begin install ation, you need t he following: • IP address [...]

  • Page 18

    C H A P T E R 2 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 2-2 Inst alling the 71 10/71 15 Free- S t anding or in a Rack The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator is physicall y installe d in eith e r of two wa ys: • In a sta ndard 19” rack, can tilevered fro m the pr ovided mounting bracket s ?[...]

  • Page 19

    C H A P T E R 2 Installing the 711 0/7115 Free- Standing or in a Rack 2-3 3. Position the 71 10/71 15 in the d esired space of y our 19” rack an d attach the front flange of each mou nting bracket to th e rack with two screws eac h. (Rack-mounting screws are not pr ovided.) Free-S t and ing Inst allation 1. Attach t he provided self-adh esive rub[...]

  • Page 20

    C H A P T E R 2 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 2-4 S t atus Ch eck Before pr ocee di ng to the PC Initial iza ti on sect ion, t a ke a moment to verify that the 7110/71 15 is correctly c onnected. Network and Server LEDs Verify tha t the Netwo rk and Se rver LE Ds are b oth illum inat ed. If one or both are [...]

  • Page 21

    C H A P T E R 2 Installing the 711 0/7115 Free- Standing or in a Rack 2-5 2. T ype an ap propriate name in the Name field of the Conn ection Descriptio n window (e.g., “Confi guration”), and t hen click the OK button . The Phone Number panel a ppears. 3. In the Conne ct Using… field specify “Direct to COM 1 ” (or t he serial por t th roug[...]

  • Page 22

    C H A P T E R 2 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 2-6 T roubleshooting Server and Network LEDs If either th e Network o r Server LE D fails to illu minate u sing ei th er straight -through or crossov er network cable s, the prob lem may be elsewhere in the network. Ver ify by wiring around the 7110/ 7115. Inlin[...]

  • Page 23

    Theory of Operation Security New in the Intel ® NetStructu r e™ 7110/7115 e-Commerce Accelerator is Remot e Manag ement cap ability. Thi s feature requires that the 7 110/7115’s network interface be assigned an IP address, thus secur ity becomes a matte r for your attent ion. If you int end to manage your 7110/7115 from a r emote location, be [...]

  • Page 24

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-2 Ideally, t he 7110/7115 is located in the same rack as the server, separate d by a short dist ance. . Figure 3 - 1: 7110/7115 in Single Server C onfiguration Mult iple Se rvers Given the SSL processing po wer of the 71 10/7115, multiple se rvers can be suppo[...]

  • Page 25

    C H A P T E R 3 Working with Internet Traffic Management (ITM ) Devices 3-3 W orking with Internet T raffic Managemen t (ITM) Devices The 7110/ 7115 is compatibl e with Internet Traffi c Management (ITM) dev ices. In such en vironments, the 71 10/7115 lies bet ween the router and the ITM device, or betw een the ITM device and t he server. ITM devic[...]

  • Page 26

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-4 Positioning 71 10/71 15 between ITM Device and Server If security considerat ions require limited net work access to clear text, the 7110/ 7115 should be pl aced between the ITM dev ice and the server. NOTE: The config uration in F igure 1-4 preclude s layer[...]

  • Page 27

    C H A P T E R 3 Keys and Ce rtificates 3-5 7110/711 5 on the server side can also be enabl ed to spill to the server. Spilli ng is performed dyna mically on a co nnection-by-conne ction basis. (See spill command, Chapt er 5, “Command Reference.”) If spill is d isabled, the 7110/ 7115 “throttles, ” that is, will not accept incoming request s[...]

  • Page 28

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-6 There are th ree ways to obtain keys and certifica tes: • Obtaining a cert ificate from V eriSign§ or other certificat e auth ority • Using an e x isting k ey/c er tificat e • Creating a n ew key/certificate o n the 7110/7115 Cutting and Pasting with [...]

  • Page 29

    C H A P T E R 3 Keys and Ce rtificates 3-7 Obt aining a Certificate from V eriSig n§ or Other Certificate Auth ority Use the create key command to create you r ke y and t he create si gn command to cr eate a signing r equest to be sent to VeriSign or othe r certifica te authority for authen tication. The certifi cate authority will return it in ap[...]

  • Page 30

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-8 • Locality : This is usu ally the name o f the city where yo ur or ganization’ s head of fice is lo cated. • Organizat ion : This should be the organ ization th at owns the domain name. The org anization name (corporat ion, limited partne r ship, unive[...]

  • Page 31

    C H A P T E R 3 Keys and Ce rtificates 3-9 Typically , th e CSR will lo o k something lik e this: -----B EGIN CERT IFICA TE REQ UEST ----- MIIBnD CCAQU ACQA wXjEL MAkGA1 UEBh MCQ0E xEDOAB gNVBA gT B09udG FayW8 xEDA OBgNV BAcTB0 1vbn RyYWw xDDAKB gNVBA oT A0tGQz EdMBs GA1U EAxMU d3d3Lm lsb3 ZlY2h pY2tlb i5jb2 0w gZ0wDQ YJKoZ Ihvc NAQEB BQADgY sAMI G[...]

  • Page 32

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-10 5. Create mapping for Server 1. Use t he create map comman d to specify the server IP addr ess, ports, and keyI D. Intel 711 5> create map Server IP ( 0.0. 0.0): 10.1.1 .30 SSL (n etwor k) p ort [ 443]: <Ent er> Cleart ext ( serv er) p ort [8 0]: &[...]

  • Page 33

    C H A P T E R 3 Keys and Ce rtificates 3-11 Ap ache SSL§ For key: 1. Look in $AP ACHESSLROOT/con f /httpd.conf f or location o f *.key fi le. 2. Copy and paste the key file. For certificate: 1. Look in $AP ACHESSLROOT/con f /httpd.conf f or location o f *.cert file. 2. Copy and past e the certificate file.[...]

  • Page 34

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-12 Stronghold§ For key: 1. Look in $STRONGHOLDROOT/conf/htt pd.conf for location of *.key fi le. 2. Copy and paste the key file. For certificate: 1. Look in $STRONGHOLDROOT/conf/htt pd.conf for location of *.cert file. 2. Copy and past e the certificate file.[...]

  • Page 35

    C H A P T E R 3 Keys and Ce rtificates 3-13 2. Use the import cert command with the keyID. As with import key , choose an import proto col for importin g the key . Use the default t o “paste.” When the paste is finished, add a line brea k followed b y three periods to display the command l ine. Intel 711 5> i mpor t cert mywe bserv er keyid [...]

  • Page 36

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-14 Creating a new Key/Ce rtificate on the 71 10/71 15 Use the create key and create cert commands to creat e new keys and certif icates for 7110/7 115 operation. T his procedure ca n be used when there are n o existing keys and certi ficates on the server. The[...]

  • Page 37

    C H A P T E R 3 Keys and Ce rtificates 3-15 4. Save the c onfiguration when the server has been mapp ed. Intel 711 5> config save Saving conf igur ation to fl ash. .. Config urati on s aved to fla sh Intel 711 5> Global Site Certificates Overview Four types o f certificates are involved in t he following discussio n: • Root C ertificat e. T[...]

  • Page 38

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-16 A global si te certificate is val idated by an accomp anying intermediate CA certificate. (Such p airs are called “chained certi ficates.”) Examples of intermediate CA certificates incl ude Microsoft SGC Root§, and VeriSign Class 3§ CA. When a request[...]

  • Page 39

    C H A P T E R 3 Redirection: Clients and Unsupported C iphers 3-17 : OTk3IF Zlcml TaWd uMA0G CSqGSI b3DQ EBAgU AA4GBA LiMmM Mr SPVyzW gNGrN 0Y7u xWLaY RSLsEY 3HTj OLYlo hJGyaw EK0Ra k6 +2fwkb 4YH9V IGZN rjcs3 S4bmfZ v9jH iZ/4P C/ NlVBp4 xZkZ9 G3hg 9FXUb FXIaWJ wfE2 2iQYF m8hDjs wMKNX Rj M1GUOM xlmaS ESQe SltLZ l5lVR5 fN5q u -----E ND CERT IFIC ATE [...]

  • Page 40

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-18 Intel 711 5> list m ap Map Net Ser Ciph er Re- Cli ent ID Key ID Se rver IP P ort Po rt S uites dire ct Au th == === == == ==== === = === == == = ===== ==== = == == 1 def ault Any 4 43 80 a ll(v2 +v3) n n 2 sam ple 1 0.1. 2.5 4 43 80 m ed(v2 +v3) y n Int[...]

  • Page 41

    C H A P T E R 3 Client Authentication 3-19 Next, import the client CA cer tificate for Ma p ID 2. Intel 711 5> import client_c a 2 Import prot ocol : (pa ste, x mode m, uu decode ) [paste ]: <E nter > Type or p aste in dat a, en d with .. . alon e on l ine -----B EGIN CE RTIF ICA TE-- -- - MIIDxz CCAzC gAwI BAgIB ADANBg kqhk iG9w0 BAQQFA D[...]

  • Page 42

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-20 Creating a Client CA Certificate using OpenSSL§ NOTE: To acquire a copy of Ope nSSL§ for your environment, acce ss the OpenSS L§ Web site at www.openssl.org There are soft ware packages avai lable that hand le the detai ls of client certif icate generati[...]

  • Page 43

    C H A P T E R 3 SSL Processing 3-21 SSL Processing The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator handles seve ral SSL protoco ls, for example, HTTP S (which is the defaul t). For securit y purposes, you can b lock access to specified I Ps or ports (se e “Blocking” section) . Traffic that is not mapped or blocked f lows through t[...]

  • Page 44

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-22 of “def ault.” Unde r this ini tial conf iguratio n, automappi ng occurs o n any server with this n etwork port (443) when traffic i s routed through the 7110/ 7115. Automapping with user -s peci fi ed key and certificate When a user-specified ke y and [...]

  • Page 45

    C H A P T E R 3 SSL Processing 3-23 Combining automapping and manual mapping NOTE: If both manual mappings a nd appl icabl e automappi ngs are availa ble, the 71 10/7115 always u ses the manual mapping. Any combinat ion of automapping and man ual mapping entri es, up to a total of 1000, can be used provided the ser ver IP address and network port c[...]

  • Page 46

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-24 Subnet IP , Specific Port To block a subnet IP, and specifi c port combinatio n: 1. T ype a subnet IP address, using 0 as the final octet. (In the exam- ple belo w , all IPs from “10.1.x.x” to “20.1.x.x ” are blocked on port 80.) 2. T ype th e subne[...]

  • Page 47

    C H A P T E R 3 SSL Processing 3-25 Examp le: Intel 711 5> create block Client IP t o bl ock [ 0.0.0. 0]: <en ter> Client IP m ask [0.0. 0.0]: <ent er> Server IP t o bl ock [ 0.0.0. 0]: < enter> Server IP m ask [0.0. 0.0]: <Enter> Server Port to block : 80 Server Port mas k [0x ffff]: <Ent er> 5. Use the show block [...]

  • Page 48

    C H A P T E R 3 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 3-26 Failure Conditions, Fail-safe, and Fail-through During a ny failure conditi on of the 7110/711 5, unprocessed dat a packets can either pass throug h or not, depe nding on whether F ail- safe or Fai l-through mode i s enabled. The F ail-through swit ch is by[...]

  • Page 49

    Scenarios This sectio n contains scenarios il lustrating examples of Int el® NetStruct ure™ 7110/711 5 e-Commerce Accel erator configur ations: • Scenario 1: S ingle server • Scenario 2 : Multiple serv ers • Scenario 3: Multiple 71 10/71 15s, cascaded • Scenario 4: Di fferent ing r ess and egress routers[...]

  • Page 50

    C H A P T E R 4 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 4-2 Synt ax The CLI uses the following syn tax: Symbol Significance Angled brackets (< >) Angled brackets desi gnate where you type variable parameters. Straight brackets ([ ]) Choices of pa ra meter s appe ar between st raig ht brackets , sep ara ted by v[...]

  • Page 51

    C H A P T E R 4 Scenario 1—S ingle Server 4-3 Scenario 1—Single Server This scenari o describes a typical configurat ion of a 7110/71 15 with one server, using either aut omapping or manual con figuration / mapping . This scen ar io desc rib es the fa ste st way to ge t up and runni ng with a 7110/7115 . Figure 4 - 1: Single 7110/ 7115, Single [...]

  • Page 52

    C H A P T E R 4 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 4-4 3. Create a mapping for the server . U se the cr eate map command to specify the server IP addr ess, ports, and keyI D. Intel 711 5> cr eate map Server IP ( 0.0. 0.0): 10.1.1 .30 SSL (n etwor k) p ort [ 443]: <Ent er> Cleart ext ( serv er) p ort [8 [...]

  • Page 53

    C H A P T E R 4 Scenario 2—M ultiple Serv ers 4-5 Scenar io 2—Mult iple Serve rs This scenario sh ows how to configure two or more servers. Figure 4-2 : Single 7110/711 5, Multiple Server Installati on Procedure for Scenario 2 1. Perform th e installation as describ ed in Chapter 2. Access the 7115 command p rompt. 2. Acquire the appropriate ke[...]

  • Page 54

    C H A P T E R 4 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 4-6 4. Create a mapping for S erver 2. As in th e previous step, use the create map command to speci fy the server IP address, ports for the second server , and the keyID. Intel 711 5> cr eate map Server IP: 10.1 .1.31 SSL (n etwor k) p ort [ 443]: <Ent er[...]

  • Page 55

    C H A P T E R 4 Scenario 3—M ultiple 7 110/7115s, C ascaded 4-7 8. Save the c onfiguration when mapping is complet ed for the server(s). Intel 711 5> co nfig save Saving conf igur ation to fl ash. .. Config urati on s aved to fla sh Intel 711 5> Scenar io 3—Mult iple 71 1 0/ 71 15s, Ca scaded This scenari o shows how to cascade 7 110/7115[...]

  • Page 56

    C H A P T E R 4 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 4-8 Figure 4- 3: Multipl e (Cascaded) 711 0/7115s Procedure for Scenario 3 1. Configure t he 7110/7 115 f ar thest f r om the server as describ ed in any of the preceding scenari os. Remain connected to that specific 7110/711 5 for the expor t configur ation pro[...]

  • Page 57

    C H A P T E R 4 Scenario 3—M ultiple 7 110/7115s, C ascaded 4-9 9. Specify a filename for t he received file and cl ick OK . The operation concludes an d the normal prompt reappears. Use C trl-X to kill tran smission Export succ essf ul! Intel 711 5> 10. Connect to the second 71 10/7115, either t hrough the consol e connecti on or another win [...]

  • Page 58

    C H A P T E R 4 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 4-10 Scenario 4—Differen t Ingress and Egress Routers This scenario d escribes the config uration of a 7110 /7115 when the ingress and egress traffic paths are different. This scenario in clu des: • One or more servers • One or more 7110/ 7115s (Multiple c[...]

  • Page 59

    Command Refer ence The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator is fully conf igurable through the Command Line Interface (CLI). The CLI is accessib le throug h the console and aux con sole RS2 32 ports. Online Help The 7110/ 7115 provid es online help with the foll owing options: • T ype help to display a summary of commands. ?[...]

  • Page 60

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-2 Command Lin e Interface The CLI handles all user interactions on the co nsole and auxiliary console RS23 2 ports. One instance per p ort runs at all times. User Authentic ation To gain access to the CLI, the user must first be authentica ted by providin g a [...]

  • Page 61

    C H A P T E R 5 Command Line Interface 5-3 However, “ sh ” as shown b elow, i s not an a bbrevia tion to u niquene ss in that it d o es not dist inguis h b etween show and showsnmp . Intel 711 5> sh The solitary le tter “ e ” in the context of t he next example, (i.e., preceded by “ ssh ”), uniqu ely indicates ssh enable . Intel 711 [...]

  • Page 62

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-4 Input Editing Commands Moving the Insertio n Point Command H istory A history of recentl y executed commands is sto red in a buffer and can be accessed wit h the following commands: Command Desc ription ctrl-b Mov e back one character . ctrl-f Mov e forward [...]

  • Page 63

    C H A P T E R 5 Command Line Interface 5-5 Cut and Paste Command D escription ctrl-d Del ete the character u nderneath the curso r . ctrl-k Delete the text fr om the c u rrent curso r positi on to th e end of the line. ctrl-u Del ete backward from th e cursor to the beginning of t he current line. ctrl-w Del ete the word behi nd the cursor , using [...]

  • Page 64

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-6 Command Summary This sectio n contains a hi gh-level view of the 7 110/7115’s command structure. Det ails appear in the next secti on, Com m an d Referen ce. Comm and Com mand Optio ns bypa ss confi g save default compare reset create block cert <keyID&[...]

  • Page 65

    C H A P T E R 5 Command Summary 5-7 import cert <keyID> client_ ca <mapID> config key <keyID> patch upgrade inline list blocks filters (shows bl ocks and permits) keys logs maps mon itoring permits procs service snmp_communit y trap_commu nity nic pass word reboot Comm and Com mand Optio ns[...]

  • Page 66

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-8 set alarms <all , esc, rsc, utl, ovl, n ls> cache ciphers <mapID> ciphers <mapID> de faul t client_ tmo date defcert egress_mac x: x:x:x:x:x: egress_mac none ether idle to <timeout> ip <ip> <netmask> kstrength max_remote _[...]

  • Page 67

    C H A P T E R 5 Command Summary 5-9 show alarms blocks cache cert <keyID> client_ ca <mapID> client_ tmo config conf ig de fau lt config saved date defcert egress_mac ether filters idle to info ip key <keyID> kstrength logs map max_remote_sessio ns mon ito ri ng monitorin g_interval monito ri ng_ fie lds more ovl_windo w permits r[...]

  • Page 68

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-10 show telnet _port utl_hi ghwater utl_ lowwater utl_wind ow sets nmp snmp <enabl e | disable> snmp_communit y snmp_port snmp_info sys_contact sys_location sys_name trap_authe n <enable | disabl e> trap_commu nity trap_po rt showsnmp snmp snmp_com[...]

  • Page 69

    C H A P T E R 5 Command Reference 5-11 Command Reference Help Comman ds S t atus Co mmand Command D escription help Disp lay the list of a vailable commands. help <c omma nd> Display usage for a single command. help us age Display al l commands and their usage. tty_c har V iew the availabl e list of keyb oard shortcut commands. Command Desc r[...]

  • Page 70

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-12 SSL Command s Command Desc ription create k ey Create a n ew keypair and associa te it with a Key ID. Exampl e : Intel 71 15> cr eate k ey Key st reng th (51 2/10 24) [512]: 1024 New keyI D [001 ]: <E nter > Keypai r wa s crea ted for keyID: 001 . [...]

  • Page 71

    C H A P T E R 5 Command Reference 5-13 export key Export a keypair for a specified Key ID (ASCII, xmodem, or uuencode). Synt ax : Intel 71 15> export ke y <keyID> Export pro tocol: (xm odem , uuen code , asci i) [ascii ]: <Enter> Press any key to sta rt, then a gain when done.. . <Enter > ----- BEGIN RSA PR IVATE KE Y- ---- MII[...]

  • Page 72

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-14 create c ert Create a new certificat e for a specified Key ID. Synt ax : Intel 71 15> cr eate c ert <keyID > where <keyID> is the Key IDfor which y ou wish to create a certif icate. delete cert Delete the certi ficate associated wi th a speci[...]

  • Page 73

    C H A P T E R 5 Command Reference 5-15 show ce r t Display the e xpanded certif icate (includ ing PEM format) associated with a specifie d Key ID. If no Key ID is specified, display s al l c ertificat es. Syntax: Intel 71 15> sh ow cer t <k eyID> where <keyID> is th e Key ID whose associat ed certificate you wish to view . set ciphe [...]

  • Page 74

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-16 set redirect Set an alterna tive address to which a client is dire cted in the event it doesn’ t support the specified Map ID’ s selected cipher sui tes. Synt ax : Intel 71 15> set red irect <m apID> [n one] Enter redi rect U RL [ ]: < URL&g[...]

  • Page 75

    C H A P T E R 5 Command Reference 5-17 import c lien t_ca If you wish to authenticate a client, use t his command to imp ort the truste d CA ’ s certifi cat e. When e nabled , clients wi th out certifica tes or with invali d certificate s are refused connectio n. Synt ax : Intel 71 15> import cl ient_ca <m apID> Impor t protocol : (paste[...]

  • Page 76

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-18 delete sign Delete the signing request for a specified Key ID. Synt ax : Intel 71 15> de lete s ign <keyID > where <keyID> is the Key ID number of the Key whose signi ng request you wish to delete . expo rt sign Export signing reque st (P EM [...]

  • Page 77

    C H A P T E R 5 Command Reference 5-19 set defce rt Set the default certificate creation information. For example, country , state, city , or ganization , organizat ion unit, issuer n ame, and issuer e-mail address. Y ou can change al l, some or none of the fields. Press Enter t o accept a default an d move to the nex t field. Exampl e : Intel 71 1[...]

  • Page 78

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-20 set kstre ng th Set the default key str ength. Usable valu es are 512 or 1024. The defaul t value is 512 . Synt ax : Intel 71 15> set kstrength <512 | 1024> where <512 > a llows you to specify low key strength a nd <1024> allows you t o[...]

  • Page 79

    C H A P T E R 5 Command Reference 5-21 set ser ve r_ t m o Limits the period of time to establish a connec tion with the server . If the connec tion is not esta blished withi n the specified t ime, the client request is re je c ted . NOTE: Typical causes for server timeout include: serv er powe red off, server not accessible, a pplicat ion is not a[...]

  • Page 80

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-22 Port Mapping Commands These commands a re used to execu te the operations d escribed in Chapter 3’s Mapping and Blocking sectio ns. Command D efinition create bl ock Create a block to preclude access to sp ecified IP addresses or through speci fied ports.[...]

  • Page 81

    C H A P T E R 5 Command Reference 5-23 create permit Create a configurati on allowing a specified user acce ss to specified servers and ports, an d/or denying the speci fied user access to specified servers and ports. Example : Intel 71 15> cr eat e perm it Client IP to p ermit [0.0. 0.0]: 10 .1.2 .1 Client IP mask [0.0 .0.0]: 255.2 55.0.0 Serve[...]

  • Page 82

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-24 create map Cr eate a mapping that associ ates server IP , SSL po rt, clear text port, an d Key ID. Example : Intel 71 15> crea te map Server IP (0.0 .0.0) : 1.1.1.1 SSL (net work) port [443]: 443 Cleart ext (ser ver) port [80 ]: 8080 KeyID to use fo r ma[...]

  • Page 83

    C H A P T E R 5 Command Reference 5-25 Operational C omman ds Command D escription bypa ss WARNING: Do not issue the by pass command from a remote management session (Telnet or SSh). Doing so will result in an immediate disconnect from the 7110/ 7115. Enables by pass mode, in which tr affic flows t hrough 71 10/71 15 without being processed. See Fa[...]

  • Page 84

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-26 set spill Allows y ou to enable o r disable spill mod e. “S pill” is used to of fload processing of a req uest, when the 71 15 has reached a specified qu eue threshold, t o a secondary 71 15 or to the ser ver . Example : Intel 71 15> set spil l enabl[...]

  • Page 85

    C H A P T E R 5 Command Reference 5-27 Remote Manag ement Co mmands Command D escription set i p Assign an IP addre s s and netma sk to the 71 15’ s network interface for T elnet and SSh sessions. CAUTION: The assignment of an IP address intro duces security issues. Please refer to the “Access Control” section of Chap ter 6. NOTE: To disable [...]

  • Page 86

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-28 set te lnet Enables or d isables T elnet sessions. When t his command is set to “enable” and an IP address is assigned to t he 7115 ’ s network interface, yo u can access the device’ s CL I via remote T elnet session. When disabl ed, the device refu[...]

  • Page 87

    C H A P T E R 5 Command Reference 5-29 show telnet _ port Display the po rt on which T elnet sessions are currently accepted. Example: Intel 7115 > show telnet_port Telnet port: 23 set s sh Enable or disab le Secure Shell (SSh) sessio ns. When this command is set to “enable” and an IP address is assigned to t he 71 15’ s network interface,[...]

  • Page 88

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-30 sets nmp snmp Enable or disable the SNMP agent. When enabl ed, you can set configure SNMP information and parameters (see setsnmp snmp_inf o , below) for th e 71 15. Default: di sable. Syntax: Intel 71 15> se tsnmp <enab le|di sabl e> showsnmp snmp[...]

  • Page 89

    C H A P T E R 5 Command Reference 5-31 showsnmp snmp_inf o Display t he currently ef fective SN MP information and parameters. Example: Intel 71 15> sh ows nmp sn mp _info SNMP P ort Numb er : 16 1 SNMP T rap Port Numb er: 16 2 SNMP S yste m Co ntact : su pport SNMP Sys tem Na me : 7115 SNMP Sys tem Lo catio n : Sa n Diego System IP Addr ess : 1[...]

  • Page 90

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-32 sets nmp trap_au then When enabled, t he SNMP manager receives trap s upon failed authenti cation attempts. Example : Intel 7115> setsnmp trap_authen <enable|disable> sets nmp trap_au then Displays current status of trap auth entication trap. Examp[...]

  • Page 91

    C H A P T E R 5 Command Reference 5-33 delete tra p_com mun ity Del ete SNMP trap community strin gs. Example: Intel 71 15> de let e trap _c ommun ity SNMP T rap Comm unity Strin g(s) Dele tion. <2> Cu rren t Av ailab le SNM P Tra p Co mmunity String (s): 1.) I P: 0. 0.0.0 => Stri ng: pu blic 2.) I P: 0. 0.0.0 => Stri ng: pr ivate En[...]

  • Page 92

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-34 Alarms and Monitoring Co mmand s Command Desc ription set alarm s Enable all or a sel ection of the 71 15’ s alarms. Syntax: Intel 71 15> set alar ms <all|e sc|r sc|u tl|ov l|nls> where <all> enables all five of the 71 15’ s alarms. <e[...]

  • Page 93

    C H A P T E R 5 Command Reference 5-35 show rs c _window Display cur rent Refused SSL Connections Alar m interval. Syntax: Intel 71 15> sh ow rs c_wi nd ow Check refu sed SSL c onnect ions [sec s]: 10 set utl _wind ow Set interval (window) at whi ch the device checks for e xceeded utilizat ion thresh olds (CPU load , Connectio ns per Se cond, or[...]

  • Page 94

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-36 set ut l_lowwater Se t the Utili zation Threshol d Alarm low-wate r value . Expresse d as a percentage, t he low-water value represent s the lowest CPU utilizat ion, Connectio ns per Second, or T otal Open Con nections required t o trigger a UTL Alarm. (Ran[...]

  • Page 95

    C H A P T E R 5 Command Reference 5-37 show o vl_wind ow Display the current Over l o ad Alarm window . Example: Intel 71 15> sh ow ov l_wi nd ow Check for over load condit ions [sec ]: 10 Command D escription[...]

  • Page 96

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-38 Configurati on Com mands Command Desc ription show conf ig Display cur rent volati le configuration settings. Example : Intel 71 15> show config # defaul t config fi le created on Tues July 25 06:56: 46 2000 (Configuraton parameters ar e displayed her e.[...]

  • Page 97

    C H A P T E R 5 Command Reference 5-39 show config defa ult Display defau lt configurat ion settings. T hese are values used when factory de fault commands are executed. Example : Intel 71 15> show co nfi g de faul t Defaul t conf igura ti on ====== ==== ==== ===== == conlo g 0xffff ff ef ilog 0x ffffff ff trace 0x ffff f3dd media au to logpor t[...]

  • Page 98

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-40 confi g co mpare Disp lay diff erences between s aved and current configuration. F or optimal flexibili ty in configur ation and test ing, the 71 15 supports both “current” (v olatile) and “saved” (non-vol atile) configurations. The config compare c[...]

  • Page 99

    C H A P T E R 5 Command Reference 5-41 expo rt conf ig WARNING: Do no t edi t an exp or ted c onf ig urat ion f ile. Export al l configurati on, key , sign and cert ificate informati on (ASCII, xmodem, uuencode) . Example : Intel 71 15> expo rt conf ig Expor t prot oc ol : (x modem , uu en code , as ci i) [ascii ]: Press any key to sta rt, the n[...]

  • Page 100

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-42 import up gra de Import a complete software release. (See Ch apt er 6 for details regarding software updates. ) Example : Intel 71 15> impo rt upgrade Impor t prot oc ol : (xm odem , uu de code ) [xmode m]: Start xmodem u pload now Use Ctl- x to cancel u[...]

  • Page 101

    C H A P T E R 5 Command Reference 5-43 facto ry_defaul t Returns to factory config uration set tings. Example : Intel 71 15> fact ory_def ault Reset to defaul t co nfigu ration [n] : y Reset to factor y de fault s Syste m rebo ot in g. ..don e T944 V2 .31 DX C. .. 868242 +361188O /S run ning Gener atin g 512 bit defau lt key Gener atin g de fa u[...]

  • Page 102

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-44 Adminis tration Comm ands Command Desc ription pass word Set the password. Example : Intel 71 15> pa sswor d Old pa sswo rd: < xxxxx> Enter new admi n pas sword (5 ch ars min.) : <yyyyy > Retyp e new pass w ord: <y yyyy> admin Pass word[...]

  • Page 103

    C H A P T E R 5 Command Reference 5-45 set egres s_mac Allows the configurat ion of a 71 15 when th e ingress and egress traf fic paths are dif ferent. (See Chapter 4, Scenario 4.) set eth er Specify et hernet settings. Example : Intel 71 15> set et he r 1 - auto 2 - 10 baseT, h alf du plex 3 - 10 baseT, f ull du plex 4 - 10 0baseTX, half duplex[...]

  • Page 104

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-46 set more Set the pa ge length of the co nsole display . Defau lt is 300. Syntax : Intel 71 15> set mo r e <n> where <n> is the desired number o f lines. V alid inputs are 0 (to disable), or 23 or greate r . nic Allows yo u to set the netwo rk[...]

  • Page 105

    C H A P T E R 5 Command Reference 5-47 Logg ing Comman ds show seria l Display console serial paramete rs. Example : Intel 71 15> show serial Speed: 9600 Bits: 8 Stop bi ts: 1 Parity : n Intel 71 15> exit Lo g the user out of the CLI. If the current co nfiguratio n has changed, th e user is allo wed to save the curren t configuration as the a[...]

  • Page 106

    C H A P T E R 5 Intel® NetS tructure™ 7110/ 7115 e -Commerce Accel erator User Guide 5-48 delete l og Delete saved log/trace fil es from /flash/log s. Syntax : Intel 71 15> dele te log <logID > | all where <l ogID> is the ID of the spe cific log you wish to delete, and all d eletes a ll logs. list logs List a ll log file s. Comman[...]

  • Page 107

    Remote Management Overview The curre nt software relea se allows you to remo tely manage the 7110/711 5. Remote management is ava ilable via three protocols: • Te l n e t • Secure Shel l (SSh) • SNMP NOTE: Remote management f unctions can be enabl ed and config ured only th rough the loc al serial console. When enabled, remote management allo[...]

  • Page 108

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-2 Limit ation s Note that sev eral CLI capabili ties available at the local console are unavailabl e in remote sessions. These are: • Assignment of an IP address to the 7 110/7115’s ne twork interface • Enable /d isable T e ln et, SSh, or SNMP • Change[...]

  • Page 109

    C H A P T E R 6 Overview 6-3 • show telnet _ port displays current telnet port. SSh-s peci fic: • set ssh enable|disable enables or disables SSh sessions. • show ssh displays c urrent SSh statu s: enabled or di sabled. • set ssh_por t <port> sets the SSh port. (Default: 22.) • show ssh_port di splays current SSh port. SNMP-specific:[...]

  • Page 110

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-4 Remote T elnet Sessions This sectio n contains procedures for acce ssing the 7110/711 5’s C LI via remote Telnet session. Local Serial Conso le Assign an IP address to th e 7110 /71 15’s net work i nterface usi ng the followin g procedure: Intel 711 5>[...]

  • Page 111

    C H A P T E R 6 Remote Telnet Se ssions 6-5 Remote Console, T elnet With remo te Telnet enabl ed on the 7110/7115 , use the fol lowing procedure to access it’s CLI: Unix-p rompt > telnet 10.1 .1.1 Trying 10.1 .1.1 ... Connec ted t o 10 .1.1 .1. Escape char acte r is ’^]’. . . . Serial 0:a0 :a5: 11:4 :2e passwo rd: <p assw ord> NOTE: [...]

  • Page 112

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-6 Disabling T elnet Telnet sessions ar e disabled at the 71 10/7115’s local seri al console. To disable, follow the step s below: Intel 711 5> set tel net disabl e To verify Te ln et disable: Intel 711 5> show t elnet Telnet: disable To ensure that T e[...]

  • Page 113

    C H A P T E R 6 Remote SSh Sessions 6-7 Verify the r oute configurat ion (optional) : Intel 711 5> show r oute Defaul t Rou te : 10. 1.1.1 Delete a rou te configurati on (optional): Intel 711 5> set rout e none NOTE: To ensure that this remote management config uration persists across a device shut down and startup, ru n the config save comma[...]

  • Page 114

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-8 To displ ay the SSh por t: Intel 7115 > show ssh_port SSH Port Number: 22 0 Disabling SSh SSh sessions are d isable d at the 7110 /7 115’s local ser ial consol e. To disable, follow the steps below: Intel 711 5> set ssh disabl e To verify SSh disable[...]

  • Page 115

    C H A P T E R 6S N M P 6-9 S t an dards Complian ce The 7110/ 7115 SNMP agent is bilingual a nd can support both SNMPv1 and S NMPv2c requests. Intel private e nterprise MIB fi les are compliant with SMIv2 as specified i n RFC 1902. SET operat ions are not al lowed for any Intel priva te MIB objects for the 71 10/71 15, althoug h you can chang e MIB[...]

  • Page 116

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-10 All Intel enterprise MIBs and MIB obj ects are defined u nder the mib2ext branch of the Intel tr ee. All sysObjectIds that ide ntify Intel pr oducts are defined under the sysProducts branch o f the Intel tree. Supported M IBs Management Information Base-II [...]

  • Page 117

    C H A P T E R 6S N M P 6-11 Enterprise Private MIB Summary Following is a summary of the 7110 /7115 priv ate MIB: mode inline (1): Devi ce is confi gure d to accele rate SSL traff ic bypass (2): Devi ce i s confi gure d to pass t hrou gh all SS L tra ffic failMo de safe(1 ): Tw o et herne t segm ents fail open, stoppi ng traf fic throug h(2): Two e[...]

  • Page 118

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-12 thresh oldAl arm enable d(1): Thr eshol d alar m is turn ed on disabl ed(2) : Th resho ld ala rm i s tur ned of f overlo adAla rm enable d(1): Ove rload alarm is turne d on disabl ed(2) : ov erloa d alar m is turn ed off linkSt atusA larm enable d(1): Net w[...]

  • Page 119

    C H A P T E R 6S N M P 6-13 cpuUti lNetw ork CPU ut iliza tion perc entage pro cessi ng net work traffi c (0- 100) cpuUti lProx y CPU pr oxy u tili zatio n perc enta ge (0 -100) cpuUti lHiWa ter CPU ut iliza tion high water mar k (2- 100) cpuUti lLoWa ter CPU ut iliza tion low water msrk (1-9 9) cpuUti lStat e When CP U util izat ion ex ceeds t he [...]

  • Page 120

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-14 sslCon nTota l Total numbe r of SSL connec tion s pro cessed sslCon nCntH iWat er Concur rent open SSL connec tion coun t high wat er mark sslCon nCntL oWat er Concur rent open SSL connec tion coun t low water mark sslCon nCntS tate When c oncur rent open S[...]

  • Page 121

    C H A P T E R 6S N M P 6-15 thrott lesPe rSec Maxim um Maximu m num ber of th rottle s pe r sec ond si nce (re)st art thrott lesTo tal Total numbe r of thro ttles sinc e (re )start thrott les Total numbe r of thro ttles in t he la st sslOve rload Inte rval spills PerSe c Number of s pill s per secon d spills PerSe cMax imum Maximu m num ber of sp i[...]

  • Page 122

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-16 T rap Su mmary The following list summarizes the traps generated by the 7110/ 7115. For details about a partic ular trap, please read the descripti on of each MIB above, or read t he documentation within the MIB file. Traps are generat ed by SNMP. St andard[...]

  • Page 123

    C H A P T E R 6S N M P 6-17 sslCon nCntA lert The devic e has ex ceede d th e open SS L connec tion co unt hi gh wa ter th res hold sslCon nCntN orma l The open SS L conn ectio n co unt of th e de vice is bac k to norm al l evels sslCon necti onRe fused Mismat ch SSL c onnec tions we re re fused in the pa st sslRef usedI nter val due to ciph er su [...]

  • Page 124

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-18 Specifying SNMP Information Configurable SNMP parameters can be set collectively usi ng the setsnmp snmp_info c ommand as illustr ated below: Intel 711 5> set sn mp snmp _inf o SNMP p ort [ 161] : 161 SNMP t rap p ort [162] : 162 Contac t Per son []: sup[...]

  • Page 125

    C H A P T E R 6S N M P 6-19 Community String Use CLI commands setsnmp snmp_c ommunity , list snmp_commun ity and delete snmp _community to set, list, and delete S NMP community stri ngs. Intel 711 5> set sn mp snmp _com mu nity IP []: Commun ity S trin g []: Intel 711 5> lis t snm p_co mmun it y SNMP C ommun ity List IP: x .x.x. x => Stri [...]

  • Page 126

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-20 T rap Community String Use CLI commands, setsnmp trap_commun i ty , list trap_com munity and d elete trap_ community t o set, display, and delete tra p commu nity stri n gs. Intel 71 15 > se ts nm p tr ap _c om mu ni ty SNMP T rap Comm unity Stri ng(s) S[...]

  • Page 127

    C H A P T E R 6 Access Control 6-21 Access Con trol The 7110/ 7115 provid es block and permi t commands which allow you to de ny or allow clients to acce ss servers based on IP, IP mask, port a nd port mask. To block a cl ient, specified by IP an d IP mask, from accessing a specified server, u se the cr eate b lock co mmand as illustrated be lo w: [...]

  • Page 128

    C H A P T E R 6 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 6-22 Notes[...]

  • Page 129

    Alarms and Monitoring Overview The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator supports t he configuration of alarms and to be sen t to the conso le upon pre -designated events , and of periodic status-monitor ing reports. Bo th alarms and mo nitor reports are single li nes of text, with alarms being prefaced by th e letter “A,” a[...]

  • Page 130

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-2 • Overload alarms • Network Lin k Status All ala rms are disabled by defau lt and may be enab led in any combin ation. Alarm format: A:yyyy mmddh hmms s: ALARM_ CODE: MODI FIER: EXTEND ED_D ATA:/ *messa ge*/ Where: A: Ide ntifi es t he me ssage as a n al[...]

  • Page 131

    C H A P T E R 7 Alarm Types 7-3 For example: Intel 711 5> set alar ms Select moni tori ng f ields ( all, esc, rsc, utl, o vl, n ls) [all ]: all Intel 711 5> show a larms All alarm s are en abled . Intel 711 5> set alar ms none Intel 711 5> show a larms All alarms are disabled. Alarm T ypes The configu rable alarm types are deta iled in [...]

  • Page 132

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-4 FNTB: indic ates fron t pane l-co ntrol led bypass FNTI: indic ates fron t pane l-co ntrol led inline APPR: indic ates appl icatio n re start RSC: Refused SSL Con nections When enabled, an alarm i s generated when ever SSL connecti ons are refused for cipher[...]

  • Page 133

    C H A P T E R 7 Alarm Types 7-5 To display Ov erload Alarm time window show r sc_wi ndow Examp les: Intel 711 5> set rsc_ window 10 Intel 711 5> sho w rs c_win dow Check refus ed S SL c onnecti ons [secs ]: 10 UTL: Utilization T hreshold Alarm This alarm m onitors t hree utiliz ation th reshold v alues: • CPU • Connectio ns per Second •[...]

  • Page 134

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-6 NMRL: Messa ge: [CPU| Open c onne ction s|CPS] drop b elow low water mark Extended Dat a CPU: I ndica tes that CPU Ut iliz ation trigge red t he a larm. CON: I ndica tes that Total Acti ve C onnect ions trigge red t he a larm. CPS: I ndica tes that Connec ti[...]

  • Page 135

    C H A P T E R 7 Alarm Types 7-7 OVL: Overload Alarm WARNING: This alarm indicates l oss of encryp- tion/ decryption. When enabled, an alarm is issued upon o ccurence of overloads resulting in spill s or t hrottles d uri ng the cu rrent user-c o nfigu re d alarm pe r iod (5 to 65000 se conds, default: 15 seconds). Format: A:yyyy mmddh hmms s:OV L:SP[...]

  • Page 136

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-8 NLS: Network Link S t atus Alarm An alarm is issued whenever the Netwo r k or Server link statu s is changed. Format: A:yyyy mmddh hmms s:NLS :NETL| SVRL :LNKD |10HDX |10 FDX|10 0HDX| 100F DX:/* messag e*/ Where: A: ide ntifi es t he me ssage as a n ala rm. [...]

  • Page 137

    C H A P T E R 7 Alarm Logging 7-9 The histor ical logs consist of a snapshot of the inf ormation retrie vable via the status lin e command foll owed by a dump of the alarm buf fer existi ng at the time of the e xceptional condit ion. These alarms can be viewed on the console using the CLI command, status alarms . Addi tionally, any logs generated a[...]

  • Page 138

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-10 Transa ction s Sp illed : 0 Times Thott led Accep ts: 0 Bypass Mode : dis able L&M bo ard s tatu s: RES PEND INLIN E (0x000 00060 ) Netwo rk NIC: 100bas eTX Hal f Duplex (0x000 00026 0x0000 0003 0x 0000 002 6) Server NIC: No carrie r (0x000 00023 0x0000[...]

  • Page 139

    C H A P T E R 7 Alarm Logging 7-11 ovl_wi ndow 15 rsc_wi ndow 15 utl_wi ndow 15 utl_hi gh 90 utl_lo w 60 idle 3 00 kstren gth 5 12 con_sp eed 9 600 con_bi ts 8 con_st op 1 con_pa rity n defcer t_cna me U S defcer t_sta te C alifo rnia defcer t_cit y San Die go defcer t_org name Inte l Corp orat ion defcer t_org unit Netw ork Eq uipm ent D ivisio n [...]

  • Page 140

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-12 Example , status al arms command: Intel 711 5> status alarms A:07/2 7/200 0 14 :57:0 5:ESC: CONI :/* C onsole inli ne */ A:07/2 7/200 0 14:5 7:0 5:NL S: NETL :10 0HDX :/* Net wo rk port s tatus , 10 0Mb/s , half dup / A:07/2 7/200 0 14 :57:0 1:ESC: CONB [...]

  • Page 141

    C H A P T E R 7 Monitoring 7-13 Monitoring Monitorin g Reports A monitori ng report is one lin e of user-con figurable text displayed at the conso le at a user- configurable interval of between five a nd 65000 seconds. The interval default is 1 5 seconds.Console Configu ration Monito ring reports are disab led by default, and are enabled with t he [...]

  • Page 142

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-14 (t)ota l NetIF ;s Net in te rface ; (s )tatus [NC|10 HDX|1 0FDX |100H DX|100 FDX] SvrIF ;s Svr in te rface ; (s )tatus [NC|10 HDX|1 0FDX |100H DX|100 FDX] BES;c, m,t B ytes Encr ypted per Secon d; (c)urr ent, (m)a x, (t )otal BDS;c, m,t B ytes Decr ypted pe[...]

  • Page 143

    C H A P T E R 7 Monitoring 7-15 Intel 711 5> sho w mo nitor ing_ fi elds All monit orin g fiel ds ar e enab led . Intel 711 5> set mon itoring ena ble Intel 711 5> sho w mo nitor ing The mo nitor ing repo rt is e nabl ed fo r this CLI.[...]

  • Page 144

    C H A P T E R 7 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 7-16 Notes[...]

  • Page 145

    s Softwar e Updates Use the import up grade command to up date/upgrade your Intel® NetStructure™ 7110/7115 e-Commerce Accel erator software. When you upgr ade your 7110/711 5 software, the conf iguration (i ncluding all keys, certificates, and mapp ing) is saved. Howev er, all log files are cleared. The soft ware is in the form of an ima ge file[...]

  • Page 146

    C H A P T E R 8 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 8-2 Using Windo ws§ HyperT erminal§ Command: import up grade Use the 7110/ 7115’s aux co nsole po rt, which d efaults t o 115.2 k bps, for greate r speed. The import procedu re (using xmodem) requires approximat ely 7 minutes at 1 15.2 kbps. 1. Download the [...]

  • Page 147

    C H A P T E R 8 Using Unix§ ‘cu’ and uuenc oded image file 8-3 Command: import p atch Use the 7110/ 7115’s aux co nsole po rt, which d efaults t o 115.2 k bps, for greate r speed. The import procedu re (using xmodem) requires approximat ely 7 minutes at 1 15.2 kbps. 1. Downlo ad the patc h fi le (.patch) t o the local PC. 2. Connect th e ser[...]

  • Page 148

    C H A P T E R 8 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 8-4 4. Use the ‘cu’ program t o connect to the 7110/7115 (Device name may vary d epending on your o perating system) . cu –l /dev/ cuaa 0 –s 115200 5. Log in t o the 7110/7 115. 6. T ype th e import upgrade command. At the prompt, press u or type uud eco[...]

  • Page 149

    C H A P T E R 8 Using Unix§ ‘cu’ and uuenc oded image file 8-5 6. T ype the im port pat ch c ommand. At the prompt, press u or t ype uudecode . Intel 711 5> im port patch Import prot ocol : (x modem, uude code) [xmode m]: u Type or p aste in dat a, en d with .. . alone o n line. 7. T o send the uuenco ded file use the “ ~> ” command.[...]

  • Page 150

    C H A P T E R 8 Int e l® NetStructure™ 7110/711 5 e-Commerce Accelerator Use r Guide 8-6 Notes[...]

  • Page 151

    T r oubleshooting Item Symptom Probable Cause Remedy 1 Server and/ or Network LEDs not illum inate d. • Unit is in Bypass mode. • Improper cabl ing. • If the Inlin e LED is n ot illum i nated (solid or blinking) tak e the 71 10/ 71 15 out of Bypass mode by eith er pressing th e Bypass switch on the unit’ s front panel or using t he CLI’ s[...]

  • Page 152

    C H A P T E R 9 Int e l® NetStructure™ 7110/7115 e-Commer ce Accelerator Use r Guide 9-2 2 Non-SSL dat a does not pass throu gh 71 10/71 15. Improper cabli ng. • Refer to Item 1 in this table . • If both Network and Ser ver LEDs are illum inat ed, confi gure th e 71 10 / 71 15 to Fail-thr ou gh mode (see Appendix B) and place the unit in Byp[...]

  • Page 153

    C H A P T E R 9 Troubleshooting 9-3 6 Error message indic a te s that th e browser does not recogn ize the signer of t his certificate after loading g lobal server ID. The in termed iat e certificate i s not instal le d or is instal led improperl y . See Global Site Certifi cates in Chapter 3 for correct proced ures. Item Symptom Probable Cause Rem[...]

  • Page 154

    C H A P T E R 9 Int e l® NetStructure™ 7110/7115 e-Commer ce Accelerator Use r Guide 9-4 7 Error message: Server/Netw ork media mismatch Server and network p orts have auto negotia ted t o diff eren t medi a settings. Use the status command to de termine the med ia setting s : Intel 71 15> st atus . . Networ k por t 10 0baseTX Full Duple x Se[...]

  • Page 155

    Fr ont Panel The following diagram shows the LEDs, buttons, switches and con- nection s for the Intel® NetStructure™ 7110 /7115 e-Commerce Ac- celerato r. Not e that there is no power sw itc h or butt on. Power i s applied to the dev ice by connecti ng the power c able. Figure A- 1: Front Panel C onnectors, Cont rols, and Indicators Bypass Reset[...]

  • Page 156

    A P P E N D I X A Intel® NetStructure™ 7110/7115 e-Commer ce Accelerator Use r Guide A-2 Buttons and Switches There are two buttons and one switch on the fr ont panel of the 7 110/ 7115. Front Panel LEDs The LED display pr ov ide s high-level 711 0/ 7115 infor mat io n. The re are seven L EDs on the 7110/7115 ’s front panel, i n two groups of [...]

  • Page 157

    A P P E N D I X A Front Panel LEDs A-3 Overl oad ON – 71 10/71 15 is saturated with SSL requests. LED ran ges from dim flickering to bright steady , indicating lo w to high spillov e r . Refer to the spill command for ways to offload requests to an other 71 10/ 7115. OFF – Nor mal operation. Activity ON – SSL p rocessing is being performed. R[...]

  • Page 158

    A P P E N D I X A Intel® NetStructure™ 7110/7115 e-Commer ce Accelerator Use r Guide A-4 Connectors The foll owing table describ es the 7110/711 5’s connectors. Designator T ype Purpose Network RJ45 100baseTX/10 baseT connection t o network (client s), wired as a host port. Serve r RJ 45 100baseTX/10baseT con nection to server (or servers), wi[...]

  • Page 159

    Failur e/Bypass Modes WARNING: Enabling bypass mode will instantl y and without warn ing t er min at e al l acti ve remote management sessions. The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator is designed with the ability to automatically bypass e-Commerce traffic in the event o f a failure. If necessary, the user can force a bypass wi[...]

  • Page 160

    A P P E N D I X B Intel® NetStructure™ 7110/7115 e-Commer ce Accelerator User Guide B-2 Figure B-1: Front Pa nel Detail: Failure /Bypass Mode Controls and Indicators Byp ass Button Forcing a b ypass of the 7110/ 7115 may be necessary when certain actions mu st be performed offline (e.g., conf iguration changes, entering certificates, or problem [...]

  • Page 161

    A P P E N D I X B Fail-through Switch (Security Level) B-3 or to be bl ocked. When the switch is in Fail -through mode ( down positi on), t r aff ic is all owed t o p ass t hrough unp rocessed in the event of a f ailure of th e 7110/7115 or i f the Bypass tog gle is ON. During normal p rocessing, the Inli ne (green) LED on th e front panel indicate[...]

  • Page 162

    A P P E N D I X B Intel® NetStructure™ 7110/7115 e-Commer ce Accelerator User Guide B-4 Notes[...]

  • Page 163

    Supported Ciphers The Intel® NetS tructure™ 7110/7115 e-Commerce Accelerator supports onl y RSA key exchange and authentication. Diffi e-H ellman (including A nonymous and Ephemeral) key exchan ge/authenticati on and DSS aut hentication are n ot supported. Use the set cipher command to specify t he cipher. The command prompts you for the ci pher[...]

  • Page 164

    A P P E N D I X C Intel® NetS tructure™ 7 110/711 5 e-Comm erce Accel erator Us er Guide C-2 SSL V ersion Level • SSLv2 - all SSL version 2.0 ciphers • SSLv3 - all SSL version 3.0 ciphers • SSLv2 and SS Lv3 - all SSL version 2.0 a nd 3.0 ciphers The defaul t cipher value is all sup ported ciphers (both SSL v2 and SSL v3). The foll owing ta[...]

  • Page 165

    A P P E N D I X C SSL Vers ion Level C-3 RC2- CBC- MD5 SSLv2 R SA RSA RC2(1 28) MD5 M RC4-MD5 SS Lv2 RSA RSA RC4(128 MD5 M RC4-64- MD5 SSLv2 R SA RSA RC4 (64) MD5 L DES- CBC- MD5 SSLv2 RSA RS A DES(56) MD5 L EXP- DES- CBC-SHA SSLv3 RSA (512) RSA D ES(40) SHA1 E EXP- RC2- CBC- MD5 SSLv3 RS A(512) RSA RC2(40) MD5 E EXP- RC4-MD 5 SSLv3 RSA(5 12) RSA R[...]

  • Page 166

    A P P E N D I X C Intel® NetS tructure™ 7 110/711 5 e-Comm erce Accel erator Us er Guide C-4 Notes[...]

  • Page 167

    Regulatory Information T a iwan Clas s A EMI St a tement[...]

  • Page 168

    A P P E N D I X D Intel ® NetStructure™ 7110/71 15 e-Commerce Accele rator User Guide D-2 VCCI S t atement Class A ITE This is a Class A product ba sed on the standard of the Voluntary Control Council for Interference by Informati on Technology Equipment (VCCI). If thi s equipment is used in a domestic environment , radio disturbance may ar ise.[...]

  • Page 169

    A P P E N D I X D Canada Compliance Statement (Industry Canada) D-3 If these suggestion s don’ t help, con sult your d ealer or an experienced radio/T V repair techni cian for more sugge stions. NOTE: This de v ice comp lie s wi th Part 15 of the F C C Rules. Operatio n is subjec t to the foll ow ing t w o condition s: (1) Thi s device may n ot c[...]

  • Page 170

    A P P E N D I X D Intel ® NetStructure™ 7110/71 15 e-Commerce Accele rator User Guide D-4 CISPR 22 S t atement WARNING: This is a Class A product. I n a domestic environ ment this product ma y cause radio in terference in which case t he user may be required to t ake adequate measures. VCCI Class A (J ap an ) Australia W AR NING The system is de[...]

  • Page 171

    A P P E N D I X D CISPR 22 Statement D-5 • Isolated from strong electromagnetic fields prod uced by electrical devices. • In regions that are susc eptible to ele ctrical storms, we recommend y ou plug your syste m into a sur ge suppressor and disconnect telecommunication lines to your mod em during an electrical storm. • Provided wi th a prop[...]

  • Page 172

    A P P E N D I X D Intel ® NetStructure™ 7110/71 15 e-Commerce Accele rator User Guide D-6 W AR NUNG Das System wurde für den Betr ieb in einer normalen Bür oumgebung entwickelt. De r entwicke lt . Der Standort sol lte: • sauber und st aubfrei sein (Hausstaub ausgenommen); • gut gel üftet und kein en Heizquellen ausgesetzt sein (einschli e[...]

  • Page 173

    A P P E N D I X D CISPR 22 Statement D-7 • In aree sogg ette a temporal i, è consigli abile collegare il sistema ad un limi tatore di corrente . In caso di tem porali, sc o llegare le linee di co municazione dal mode m. • Dotata di un a presa a muro correttamente i nstallata. Non modifica re o utilizzare il cavo di aliment azione in c. a. forn[...]

  • Page 174

    A P P E N D I X D Intel ® NetStructure™ 7110/71 15 e-Commerce Accele rator User Guide D-8 Wi chtige Si cherheit shinwe ise 1. Bitte lesen S ie sich diese Hinweise sor gfältig durch. 2. Heben Sie d iese Anleitung für den spätern Gebrau ch auf. 3. V or jed em Reinigen ist das Gerät vom Stromne tz zu trennen. V ervenden Sie keine F lüssig- ode[...]

  • Page 175

    A P P E N D I X D Wichtige Sicher heitshinweise D-9 15. W enn folgende S ituationen auft reten ist das Gerä t vom St romnetz zu trennen u nd von einerqualifi zierten Servicest elle zu überprüf en: a. Netzkabel oder Netzstecker sint beschädi gt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetz t . d. W enn[...]

  • Page 176

    A P P E N D I X D Intel ® NetStructure™ 7110/71 15 e-Commerce Accele rator User Guide D-10 Notes[...]

  • Page 177

    T erms and Conditions and Softwar e License Intel Corporation END USER TERMS AND CONDITIONS OF SALE A ND SOFTW ARE LICENSE IF THE PRODUCT IS PURC HAS ED DIRECTL Y FROM INTEL AND UNLESS SUCH P ARTIES HA VE ENTER ED INTO A BILA TERALL Y EXECUTE D AGR EEMENT , WH ICH E XPRESSL Y T AKES PRECE - DENCE, THE TERMS AND CONDITIONS ST A TED HEREIN WILL APPL [...]

  • Page 178

    A P P E N D I X E Intel® NetStructure™ 711 0/7115 e-Commerce Accelerator Use r Guide E-2 Intel’ s performance hereunder is expres sly conditioned on End User ’s assent to this Agreement. 2. Orders: End User may purchase Pro duct by submitting a valid purchase order (“Order”) to Intel at the corporate address stated herein. Orders are sub[...]

  • Page 179

    A P P E N D I X E E-3 at the lesser of eighteen percent (18%) per year or the maximum am ount permitted by law . Intel may refuse shipment to End Us er if End User is delinquent in making payments to Intel. 10. T axes and Duties: End User is responsible f o r all taxes imposed in connec- tion with sale to End User of Products or services which Inte[...]

  • Page 180

    A P P E N D I X E Intel® NetStructure™ 711 0/7115 e-Commerce Accelerator Use r Guide E-4 (2). The license acc ompanying the Product shall apply to Les- sor; and (3). Notwithst anding anything to the contrary in the li cense accompanying the Product, Lessor may transfer such title and license rights to End User under a leasing arrange- ment. 12. [...]

  • Page 181

    A P P E N D I X E E-5 This warranty does not cover replacement of products damaged by abuse, accident, misuse, neglect, al teration, repair, disaster, improper installation or improper testing. If the product is found to be otherwise defective, I ntel, at its option, will replace or repair the prod uct at no charge ex cept as set forth below, provi[...]

  • Page 182

    A P P E N D I X E Intel® NetStructure™ 711 0/7115 e-Commerce Accelerator Use r Guide E-6 the process of being inst alled. THE ABOVE WARRANTY IS IN LIEU OF ANY OTHER W A RRANTY , WHETHER EXPRESS , IMPLIED OR ST A TUTORY , INCLUDING , BUT NOT LIMI TED TO, AN Y WARRA NTY OF SA TISFACTORY QU ALIT Y , FITNESS FOR A P ARTICULAR PURPOSE, OR NONINFRINGE[...]

  • Page 183

    A P P E N D I X E E-7 17. Export Law Regul ations: 17. 1. Applicable Laws . End User acknowledges that all Product s, spares, documentation or other materials (collectively “Product”) are subject to applicable import a nd export regulations of the United S tates and of the cou ntries in which End User trans acts business, specifically including[...]

  • Page 184

    A P P E N D I X E Intel® NetStructure™ 711 0/7115 e-Commerce Accelerator Use r Guide E-8 19. Copyright s; T rade Secret s: End U ser acknow ledges and agrees that th e structure, sequence and organization of t he software (including but not limited to any images, phot ographs, animations, video, audio, music, and text) are the valuable trade sec[...]

  • Page 185

    Glossary This section def ines terms and acron yms used throughou t the Intel® NetStructure™ 7 110/7115 e-Commerce Accelera tor User Guide . Bypass User action c ausing traffic to bypass 7110/7 115 processing, done either th ro ugh the CL I byp ass command or Bypass button on th e front pa nel of the 7110/71 15. Cascadin g A config uration of tw[...]

  • Page 186

    G L O S S A R Y Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Glossary -2 Fulfi llment Se rver A server tha t stores content used to satisfy user reque sts. HTTP Hypertext T ransfer Protocol: the protocol u sed between a Web browser and a server to request a document and transfer its con tents. HTTPS HTTP excha nged over an[...]

  • Page 187

    G L O S S A R Y Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Glossary -3 Service A service is an IP application paired with a port number. F or example: “HTTP:80.” This describ es a service consisting of a server's HTTP application listening on port 80. Another e xample of a service: “FTP:2 1.” Signing Req ues[...]

  • Page 188

    G L O S S A R Y Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Glossary -4 Notes[...]

  • Page 189

    Support Services Intel of fers a range of su pport services for your new product. You can learn about the options availab le for your are a by visiting the I ntel® support Web si te at http: //www.intel. com/network/ service and choosing your geography. W orldwide Access to T echnical Support Intel has technical support c enters worldwide. Technic[...]

  • Page 190

    S U P P O R T Intel® NetStructure™ 7 110/7115 e-Commer ce Accelera tor User Guide Support-2 Indonesia 2 Dial 001-801-10, await dial tone , dial 800-838-71 36 Korea 1 Dial 0-91 1, await dial to ne, dial 800-838- 7136 Malay sia 4 Dial 800-0 011 , await dial ton e, dial 800-838-71 36 New Zealand Dial 000-9 1 1, await dial tone, dial 800-83 8-7136 S[...]

  • Page 191

    S U P P O R T Intel® NetStructure™ 711 0/7115 e-Commerce Acceler ato r User Support-3 Switz erland 1 Dial 0-800-55001 1, await dial t one, dial 800-83 8-7136 United Kingdo m (Mercury) 3 Dial 0500-89-001 1, await di al tone, dial 8 00-838-7136 United Kingdo m (BT) 3 Dial 0800 -89-001 1, await dial tone, dial 8 00-838-7136 RSA (South Af rica) Dial[...]

  • Page 192

    S U P P O R T Intel® NetStructure™ 7 110/7115 e-Commer ce Accelera tor User Guide Support-4 Notes[...]

  • Page 193

    Index A Access Control 6-21 Administration Commands 5-44 Alarms Encryption status change 7-3 Logging 7-8 Network link status 7-8 Overload 7-7 Refused SSL connections 7-4 Utilization threshold 7-5 Automapping 3-21 Automapping with multi ple port combi- nations 3-22 Automapping with use r-specified key and certificate 3-22 B Blocking 3-23 All IPs, sp[...]

  • Page 194

    I N D E X Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Index- 2 Deleting a block 3-25 E Egress routers 4-10 Encryption status change alarm 7-3 F Failure/Bypass modes B-1 Front panel LEDs A-2 G Getting Help 5-1 Global site certificates 3-15 H Help 5-1 I Import certificate 3-9, 3-13 import key 4-5 Ingress routers 4-10 Input [...]

  • Page 195

    I N D E X Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Index- 3 Telnet, local console 6-4 Telnet, remote console 6-5 Remote SSh sessions 6-6 S Scenar ios Cascading Multiple 7110/7115s 4-7 Using the 7110/7115 with Ingress and Egress Routers 4-10 Using the 7110/7115 with Mu ltiple Server s 4- 5 Using the 7110/7115 with One S[...]

  • Page 196

    I N D E X Intel® NetStructure™ 711 0/7115 e-C ommerce Accele rator User Guide Index- 4 Notes[...]