Beruflich Dokumente
Kultur Dokumente
System Mangement
Sangfor CTI
tech.support@sangfor.com
May 2017
www.sangfor.com
Content Objective
Link Load Balancing Master the Link Load Balancing applicable evironment and able
to configure according to user requirement
Alarm Option Grasp the Alarm Option available type and configure according to
user requirement.
SNMP Understand the SNMP version supported by IAM and configure
SNMP option to support SNMP management software system.
Web Access Master the Web Access Connection Quality applicable situation
Connection Quality and master the configuration to meet expected result.
Custom Webpage Understand the applicable scenario for the custom webpage and
able to configure base on user requirement
Link Load Balancing
Alarm Options
SANGFOR SNMP
IAM
Web Access Connection Quality
Custom Webpage
Link Load Balancing
Load Balancing - Introduction
Background: With the continuous growth and development of enterprises, an enterprise has more than one
Internet line, and the bandwidth of each line is very limited. How to set up a more reasonable use of line
bandwidth, improve the speed of access to the public network
Solution: IAM offers 3 technologies: Policy Base Routing, Link Load Balancing and VPN as backup.
1.Policy Base Routing: Forward traffics to different ISP according to source/destination IP and Protocol.
2.Link Load Balancing: Forward traffics to different lines base on bandwidth remaining, weighted round
robin, even load assignment and prefer link at top settings.
3.Make VPN Tunnel as Standby Link: Customer has two ISP lines, Line1 is using for VPN Tunnel to
branch, Line2 is lease line to branch. By default, all the traffics to branch by using lease line, when lease line
is faulty, the traffics is forward via VPN tunnel.
Load Balancing - Introduction
1. Deploy device in route mode, configure IP address, DNS and Gateway for each WAN interface
correctly.
2. Configure access control policy in IAM, allow all internal network segments to access Internet
by using all WAN interfaces.
The configuration steps above are skipped, please refer to PPT slides: IAM_Deployment,
IAM_Access_control and IAM_Firewall
Load Balancing - Introduction
3. Configure Link State Detection
(1) Any detection method: Ping and DNS lookup failed, the line is consider down
(2) DNS lookup and Ping support multiple IP address/domain, the line is consider normal if any IP/domain accessible
Load Balancing - Introduction
4. Configure Policy Base Routing
Selection Policy:
Choose Balance load among links.
2. When there is requirement for multiple WAN lines, make sure the WAN lines license under
device license is enough.
3. Link State Detection configuration must be done first because this function will detect and
determine whether ISP line is valid. If the line is faulty, IAM will forward the traffics to another
line.
Alarm Options
Alarm Options - Introduction
IAM alarm option can support multiple function modules, when there is event hit the alarm settings, IAM
will send alarm alert via Email and the notification on the bottom right of WebUI to inform network
administrator. The supported events are shown below:
Alarm Options - Introduction
1. Configure SMTP server
Alarm Options - Introduction
2. Select related Events which will send administrator email alert
SNMP
SNMP - Introduction
Normally, there are many brands of network devices in customer's network environment, this
would cause inconvenience to customer when want to manage and maintenance. Customer hope to
monitor and manage all the devices by using network management server. By default, IAM support
SNMP protocol (support SNMP v1 v2 v3) and come with MIB file, so that by importing the MIB
file to the network management server, the server could monitor and manage IAM.
SNMP - Configuration
SNMP - Configuration
Insert Device IP. community and OID (1.3.6.1) into the SNMP agent to retrieve all the information from the
device, as shown in figure below:
However this method show all OID information but we don't know the meaning of each
result entry, also due to lack of OID information, it is hard to get the information needed.
SNMP - Configuration
Theory: The function will determine the web access connection quality(excellent or poor) of each user via TCP
and DNS packets details when monitoring the web browsing traffics passing through device.
Suggestion will be given if there are problems detected based on analysis or overall web access connection
quality for each user. Then analysis process could be run as user based detection to get high accuracy result for
single user.
Connection Quality - Configuration
Web Access Connection Quality Configuration:
1. Enable Web Access Connection Quality Monitor, configure the options in Connection
Quality Defination.
2. Configure the websites settings, by default IAM will analysis all HTTP traffics (port 80), the
settings can change to analyze only select website.
4. Configure User-Based Detection option to analyze the web access connection quality for single
user.
Connection Quality - Configuration
4. Testing is completed
1. Service port 80 or HTTP traffics deny will cause no conenction quality detection
2. IAM deployed in single arm and bypass mode does not support this function, the module is
hidden by default under these deployments.
3. Active users count is different with online users, web access by user must generate enough
information in specific period(5 min) to get the result.
Custom Webpage
Custom Webpage
Background: IAM has many built in prompt page such as reminder, denial and login portal, many
customers has requirement to modify and customize the webpage accourding to their own policy
and style nowadays. Therefore IAM provide the feasibility for users to customize their own
prompt page.
Prompt Page: These webpages are mainly for access control policy denial and reminder policy to
alert users.
Login Portal: This webapge is using for user authentication redirection to input details.
Custom Webpage
Custom webpage modification:
IAM has a few templates and user can modify, clone and
download base on requirements.
1. What are the policies included in Link Load Balance module of IAM?